In today’s Washington Post, an anonymous intelligence official talked about the intelligence community’s role in the attempted Christmas bombing:

Anyone who believes that a relatively small organization like NCTC [National Counterterrorism Center] is going to connect every electron in each of those 30 databases is either disingenuous or naive, and certainly knows very little about how intelligence analysis actually works.

Bingo! We as a public have to reorient our expectations about the intelligence community’s ability to ensure 100 percent security on a 24/7/365 basis. That’s not a knock on intelligence pros. As a former intel analyst, I’ve seen time and time again just how unrealistic the expectations are.

While individual quotes that dumb down the intelligence community’s capabilities are illustrative, they fail to drive home how difficult intel work really is. I think it’s more useful to examine what it’s actually like to “connect the dots” in the case of a potential terrorist operative. From my own experience, here’s how it works:

I’d receive a lead from the CIA Station in Rabat, Morocco, about a potential bad guy. For the purposes of this explanation, let’s say he’s a Moroccan named Abdul Aziz Mohammed Abu Sayaf, but I don’t know anything else about him, such as his date or place of birth. (I chose that name not because I want to stereotype all “terrorists” as Arab or because he’s an actual bad guy, but because – as I explain in detail below – it will help illustrate a point about transliteration’s role in analysis of suspected terrorists specifically from Muslim countries.)

My goal is to find out everything we know about this individual and determine whether he’s a legitimate threat. This is no small point — in order to raise the alarm, I need definitive intelligence corroboration that the individual in question has a reported history that solidifies him as a potential danger. In other words, we don’t just arrest people because of a single report from a source of unknown quality. For the record, 99 percent of the time, walk-in sources to U.S. Embassies are of poor-to-unknown quality. That includes friends and family members who walk into the embassy and claim their relatives are potential dangers. Why? Family relations are tangled webs, and who really knows if your uncle just might want you arrested in revenge for that unsettled family land dispute.

Therefore, I’ll take his name and plug it into NCTC’s terrorism search, a database that stores more information about terrorism suspects than you could ever imagine. Most of the information is contained in reports from the CIA, NSA, DoD, State Department, and foreign intelligence services that have shared with us. The reports range in length from just a paragraph or two about a specific individual, to tens upon tens of pages long of names, aliases, and birth dates of “suspected” individuals about whom these suspicions are undefined (thank the Italians for this).

“Abdul Aziz Mohammed Abu Sayaf” goes in the old database, and presto-changeo, 27 reports come back. I tear through them for information that matches what I know about my guy. Say I can throw out 22 of the reports because they’re all about an “Abul Aziz Mohammed Abu Sayaf” who lives in Indonesia and was arrested in 2004 and is now in jail.

That leaves five reports. Four are about an Egyptian. Out. And the last one is about some guy of the same name in an unknown country who doesn’t appear to have really done anything wrong. I’m interested in the last one, but need much information on him before taking action.

Here’s where it gets fun. Since there may be more information out there, I start looking for variations of Abul Aziz Mohammed Abu Sayaf’s name, as names like Aziz, Mohammed, and Sayaf can be spelled several different ways when transliterated into English from Arabic. But rather than guess at which combination of the spellings works in our guy’s case, I would enter into the database, “Abdul Aziz* M*h*m*d Abu Say*af*,” which accounts for the different vowels and multiple consonants that may be used in variant spellings.

The result? 2,453 new reports to comb through!

I would logically cut that number down by entering what little other information I know about this guy. Next search: “Abdul Aziz* M*h*m*d Abu Say*af* AND Morocco.” Down to 372. Next search: “Abdul Aziz* M*h*m*d Abu Say*af* AND Morocco adj! 20,” which means all of the above words must appear within 20 words of one another. Down to 87.

I diligently read or skim through all the 87 reports looking for any nugget of information that could corroborate the suspicions about our man. Perhaps I find an additional report or two about an individual who might be the person in question, but I can only say that with 50 percent confidence.

The end result is that I write another report saying only what I can definitively conclude:

Abdul Aziz Mohammed Abu Sayaf is suspected of wanting to enter the United States to conduct a terrorist attack. Sources of unknown quality indicate Abu Sayaf is interested in traveling this month, though it remains unknown whether Abdul Aziz Mohammed Abu Sayaf is a credible threat to the United States.

I file my report, and the receiving officer – given limited resources to follow leads – deems my report interesting, but not urgent.

Two days later, an individual named Abdull-Aziz Muhammad Abou Sayyaff buys a ticket on a flight to Newark and tries to detonate an explosive belt on board. With hindsight, it’s easy to point out the flaws in my analytic process: Should the name spelling be uniform? Why did you limit your search so much? This is national security – you mean to tell me you can’t be bothered to read 327 reports? Shouldn’t we chase down every lead?  And etc… sigh.

These are easy and obvious criticisms. And certainly, some improvements can and will continue to be made. However, given the vast amount of American and internationally derived information, the pressing need to run down several searches like this on any work day, and the permanent resource constraints, these are also criticisms by those who don’t understand the tremendous complexity of intelligence work and the diminishing marginal returns of hiring thousands more additional analysts.

In short, finding bad guys is often like looking for grains of sugar on a beach. Unfortunately, we have to accept that we might not find them all.

I’ve been pretty tardy about posting stuff to AOM of late, and for that, I apologize.  As I alluded to earlier, we’re starting to transition to The Progressive Fix here at the PPI, and I’m imagining - but not certain - that AOM will  be gobbled up by that site.  Sigh.

But for now, the hits keep coming.  I had a two-fer on Friday, with the RCP piece as well as this article in Foreign Policy.  Here’s a tease. Enjoy:

As deliberations about the Obama administration’s strategic direction in Afghanistan unfold, the White House is weighing whether al Qaeda, in fact, needs an Afghan safe haven — an expanse of land under the protection of the Taliban — to reconstitute its capability to attack the United States. Many noted scholars doubt it. In a recent Washington Post op-ed, Council on Foreign Relations President Richard Haass bluntly stated, “Al Qaeda does not require Afghan real estate to constitute a regional or global threat.”

He’s wrong. Although the group has been significantly weakened since late 2001, the only chance al Qaeda has of rebuilding its capability to conduct a large-scale terrorist operation against the United States is under the Taliban’s umbrella of protection.

Who knew that George Will was such a defeatist.  His column today in the Washington Post advocates for a steady drawdown, saying we should use only counter-terrorism measures in the future.

Here’s the key question he - like so many on the left and right of this debate - is missing:  What do we do after the next terrorist attack on American soil?  Do we go back?

The fact of the matter is that a counter-terrorism approach to Afghanistan and Pakistan is only as good as our intelligence.  And our intelligence services - though highly professional and much better than on September 10, 2001 - will never, ever be able to track absolutely everything.

So, are we willing to run the risk of a next attack, or are we willing to stick it out and help create a secure environment that will never permit plotting to go on?

I was afraid something like this was coming.

CIA chief Leon Panetta has reportedly threatened to quit over the DoJ’s apparently impending torture inquiry of Bush-era practices (though the White House denies such threats took place).

Here’s the central tension in this drama - even though Panetta’s political views might support the inquiry, his first duty at Langley is to protect his troops.  And he’s apparently doing that in spades.

The intelligence community has become a punching bag for every politician who needs something to blame when there’s a national security issue.  Screw up on 9/11?  It’s the CIA’s fault.  Think Iran has a nuke but there’s no evidence to support it?  Blame Langely.  Get caught reversing yourself about who-told-who-what-when about a secret CIA program?  You know the drill.

This is a decided problem of a clandestine service stuck in a transparent democracy - some of the IC’s work must stay secret by design, and therefore it can’t fight back when attacked.

Now, in this case, there may have actually been some criminal wrong-doing.  However, if there was , it very probably wasn’t committed by anyone still working for the Agency.

But if you’re a CIA employee, you’re probably sick and tired of being blamed or investigated by another branch of government when you were relying on an interpretation of the law that was handed to you by someone you trusted.  Morale has to be fairly low, which is a death knell in the IC.  Trust me, I’ve been there.

At this point, the CIA needs stability.  The revolving door of leadership inspires little confidence (there have been four Directors since 2004) among the rank-and-file.  Consequently, the CIA should try to retain Panetta - his steady hand is highly valuable.  The best way to do that is to negotiate a deal whereby only Bush-era political appointees (or equivalent level folks under direction from the White House) are subject to the inquiry.  That may be the case anyway, and if so it should be publicized to raise morale.

Former Libyan intelligence agent Abdelbaset Ali Mohamed al Megrahi is the only person ever successfully prosecuted for the PanAm 103 Lockerbie bombing.  In Scottish prison since 2001, al Magrahi has contracted cancer; doctors estimate he has about three months to live.

He appealed to Scottish authorities for release on humanitarian grounds, hoping to die in Libya surrounded by his family.  Under normal circumstances, the appeal should be rejected without a second thought:  a man convicted in a court of law for the senseless murder of 270 people should never be released, no matter how sick he is.  In that vein, top officials in the United States and Britain have strenuously protested al Megrahi’s release to the Scots.

Yet today, the release went through.  Why?

Consider the charges of Scottish National Party MP Christine Grahame, who claims that

It’s been well know to the UK government that the person and country behind this has nothing to do with Libya or al-Megrahi, but is connected at the start to the US shooting down of an Iranian airbus by a US battle cruiser just months before.

[click here and scroll to the August 19 BBC Global News podcast where Grahame makes her charges]

Whoa. She sounds absolutely bonkers, right?

Well, perhaps not.  What if there were doubts about al-Magrahi’s guilt?

Et voila: Al-Megrahi has instructed his lawyers to produce several US Defense Intelligence Agency (DIA) cables that implicate Iran.  The DIA memos suggest Iran was behind the attack, which the memos conclude was conducted in response to “the shooting down of an Iranian commercial airliner by the USS Vincennes, an American warship, five months earlier.”  (To read up on the fate of Iran Air flight 655, click here.  290 Iranians died in the 1988 incident.)

Another DIA document says the bombing was authorized and financed by Ali-Akbar Mohtashemi-Pur, Iran’s former Interior Minister, and that the operation was contracted from Tehran to Ahmad Jibril, leader of the Popular Front for the Liberation of Palestine-General Command, for $1million.

Still sound a bit nutty?  It would to me, too, if I hadn’t read the DIA’s documents.

In the interest of full disclosure, I can’t verify that I’ve read exactly the same memos to which al Megrahi’s lawyers are referring.  However, in approximately mid-2003, I took part in a DIA counter-terrorism training course.  As the course’s final exercise, class participants were broken into teams to analyze a simulated “developing terrorist plot.”  Guess which one they chose?  Bingo - Lockerbie.  And guess who the plot is tied back to?  No bonus points if you say Ahmad Jibril, the PLFP-GC commander, because you should have figured that out by now.

So why hasn’t Jibril been charged?  Apparently, they tried:

Dick Marquise, chief of the FBI “Scotbom Task Force” from 1988-1992, said investigators could find nothing later to link [Jibril] with Lockerbie.

“We never found any evidence,” he told the BBC. “There’s a lot of information, there’s a lot of intelligence that people have said there were meetings, there were discussions.

“But not one shred of evidence that a prosecutor could take into court to convict either an official in Iran or Ahmed Jibril for blowing up Pan Am flight 103.“  [Emphasis mine]

In essense, this cuts to the heart of the matter–the difference between law enforcement (FBI) and intelligence (DIA) work.  Just because the raw intelligence points to one individual doesn’t mean that it is, or should be, admissible in court.  The sources and methods used to collect intelligence are protected; without a special declassification request (apparently pending), the US government had no reason to provide it to the prosecuting authorities.

Nor does this intelligence mean that Jibril is 100 percent guilty and al Megrahi 100 percent innocent:  al Megrahi could have quite possibly had a hand in the bombing as a contracted operative.  But I believe it has created enough doubt about al-Megrahi’s case to release him on humanitarian grounds as he nears the end of his life.

Furthermore, the United States and Britain are well within their rights to protest Megrahi’s release.  As far as these authorities know, Megrahi’s legal conviction stands firm unless and until his case is overturned by a full legal review with declassified intelligence.

Finally, should Iran be legally implicated, the issue could turn into a political hot potato.  President Obama has obviously signalled a willingness to open communication with Tehran, and even more blood on the mullahs’ hands could provide ample political fodder for the president’s opponents.  However, that shouldn’t be a dealbreaker:  Iran and the United States have much to negotiate, and this issue should be folded in with the multitude of topics to be discussed.  And if the White House is cagey, it could use the case as an American bargaining chip.

The following is a post from Milton Wilkins.

In an interview Friday morning with NPR, Andrew Bacevich made a claim that many commentators have been suggesting for some time: that our strategy and objectives in Afghanistan are fundamentally misguided. While Bacevich has made valid points, his increasingly-popular alternative to the current doctrine similarly provides no guarantee of success.

Our current strategy - “population-centric” counterinsurgency, or COIN - entails flooding population centers with troops as a means of convincing locals that they can be protected from brutal insurgents if they cooperate with coalition forces, while providing NATO with intelligence and refusing the Taliban refuge. Beyond this, COIN entails directly hiring local proxies and gaining the people’s respect and trust through nation-building efforts.

Afghanistan presents enormous problems for this model. The country is 1.5 times larger than Iraq, its populace massive and extremely dispersed, with few “population centers” to be found, not to mention a largely non-existent infrastructure. There is growing consensus that the current 100,000 troop force is far too small for this mission. Finally, accountable, centralized government remains elusive while its own forces remain underprepared, depriving the doctrine of a prerequisite for ultimate success. That is assuming, of course, that we even know what progress would look like.

Bacevich’s alternative to the COIN doctrine, and one that has generally become increasingly popular, is a “pure counterterrorism” approach. Its supporters would have us abandon our fight against most of the Taliban, pull most of our forces out of the country, escalate the use of drones, and focus on the “real enemy:” Al Qaeda, now rooted in Pakistan. Insofar as Afghan tribal militants are concerned, the goal is to pay for their cooperation and punish those harboring Al Qaeda through air campaigns. To Bacevich, Afghanistan’s fate is irrelevant as long as we continue to disrupt Al Qaeda’s infrastructure with tribalism and targeted killing.

The central flaw of this approach – which we have actually been using for most of the last seven years – concerns intelligence. The goal of population-centrism is gaining intelligence, and without men on the ground vetting and protecting an army of informants, it will prove incredibly difficult to ascertain who is actually cooperating with us against Al Qaeda. Without this method of providing reliable HUMINT, disloyal proxies could trick us into striking local rivals or communities with no hostile presence; similar patterns have emerged in Iraq and plagued our efforts in Vietnam.

Such misfires would incur blowback by creating more terrorists while making Afghans doubt our ability to effectively locate the militants, critically undermining the value of our threat to only punish harborers and thereby discouraging tribes from cooperating with us in the first place. Even our more accurate drone strikes have alienated Afghans with the collateral damage they’ve caused, and relying on them more with worse intelligence could quickly see the costs outweigh the benefits.

The point is taken that our current doctrine is costly, complicated and troubled, as members of Gen. McChrystal’s review team have openly admitted; however, Bacevich and the “counterterrorists” offer us lower costs with no surefire benefit.

Milton Wilkins is a former PPI intern. The views expressed here are his own.

Quick - does “orange” mean to put your head between your legs?  When we hit “red” are you then supposed to kiss your ass goodbye?  AHAHA, I can’t remember!  Are we all going to die?!?!?

Well, maybe not, because the ol’ alert scale may be going away.

The terror alert system was - on one level I suppose - well-intentioned.  Believe it or not, the different alert levels were designed with a purpose greater than to keep the bejeezus scared out of us.  On its best days, a change of color/alert level was supposed to instantaneously communicate to federal, state, local, and tribal law enforcement, security, and emergency management agencies that the Department of Homeland Security was seeing certain threat information.  And based on that color/alert level, the individual agencies were obliged to ready and deploy certain resources to prevent the attack or begin post-incident response.  The levels had  incredibly important implications to agencies, especially to smaller (mostly state) ones - if we were stuck at orange for an extended period, it was a huge budget drain: employees were on overtime, emergency vehicles had to be readied, etc., etc..  The colors had expensive implications.

But all it ever really did was terrify people.  Ironic, huh?

The skeptics among us though the levels weren’t correlated to anything at all, and rather just used as a political device to keep us scared of al Qaeda and trusting in the Bush administration.  Based on my time in the intelligence community, I assure you that that the levels weren’t arbitrarily manipulated as the poster to the right - though funny - would suggest.  At least, not explicitly - I never could really tell what constituted a “red” threat.  And would DHS go to red, only to have nothing happen?  Furthermore, you’ll notice that the alert system was never, ever, ever set to “green” for “Relax kids, all’s cool today… Go have a Pepsi.”  Even when there hadn’t been any reliable threat reporting in months.

So whatever the benefits were supposed to be, the system was continually dogged by these insinuations, and its negatives outweighed the positives.  If it goes away, one important question remains - how will the government communicate the threat environment now?  I guess they’ll have to send an email…