According to details that have emerged in recent days, one of the perpetrators of last Wednesday’s terrorist attack in Paris had trained in Yemen with al-Qaeda’s affiliated there and has been known for years to American intelligence agencies. Last month, we read that, prior to the 2008 Mumbai terrorist attacks, there were “piles of spy data” available to Indian, British, and American intelligence agencies about the terrorist organization Lashkar-e-Taiba’s plans. We always seem to have intelligence about terrorist attacks before they happen.
These attacks are a prime examples of the second pillar of counterterrorism analysis, which I first wrote about in October. It states that, “all the intelligence you need is already in cable traffic.” This “pillar” and its implications are critical for everyone in the fields of intelligence and intelligence policy to understand.
Put less colloquially, this pillar of CT analysis states that all the intelligence necessary to disrupt the next major terrorist attack or to understand al-Qaeda’s machinations is already available to intelligence and law enforcement communities. We generate so much data in the course of our daily lives and the Intelligence Community (IC) has access to enough of that data for individuals who may be involved in terrorism, that it is virtually a given that evidence of the next major attack has been collected.
The “You” here refers to those counterterrorism analysts seeking to defeat the efforts of al-Qaeda or other terrorist groups. The pillar was originally intended as words of encouragement for those analysts. If all the information necessary to disrupt a terror plot has already been collected, that means any talented analyst may find that information and make a difference in the war against these organizations.
This has proven true time and time again, as evidenced by the number of successful attacks that could have been thwarted if analysts had identified the available intelligence beforehand. Here is a sample of a few high-profile incidents, in addition to this latest tragedy in Paris and the Mumbai attack, that seem to fit the pattern:
- The 9/11 attacks: Multiple elements of the intelligence and law enforcement communities had a wealth of information that could have allowed them to disrupt the attack if they had not faced other cultural and legal hurdles to doing so.
- The 2009 Fort Hood shooting: The FBI had email exchanges between Major Nidal Hasan, the Fort Hood shooter, and al-Qaeda in the Arabian Peninsula (AQAP) propagandist Anwar al-Awlaki, according to multiple investigations into the incident.
- The 2009 Christmas day attack: The intelligence community (IC) had signals intelligence from AQAP and warnings from the suicide bomber’s father, among other intelligence, that suggested an attack was imminent, according to the subsequent Senate report on the incident.
- The 2013 Boston Marathon bombing: The FBI received information in 2011 from the Russian Federal Security Service (FSB) alleging that the two brothers later responsible for the bombing were adherents of radical Islam, according to a report from the Inspectors General of several U.S. intelligence agencies.
The list above is not exhaustive. There are likely a myriad of other classified examples that would fit the pattern. The 2010 Times Square car bombing attempt is the only incidents that I am aware of that does NOT fit this pattern. At least to the public’s knowledge, the intelligence community did not have information about that plot beforehand. The attack was foiled when a street vendor spotted the car and alerted New York police. The perpetrator, Faisal Shahzad, had trained in a camp in Pakistan and was supported by the Pakistani Taliban. The fact that this plot failed, and as a result did not spawn congressional investigations, may explain why the public doesn’t know more about what intelligence was available before the attempted attack.
There are two important implications of the second pillar. First, we do not suffer from a lack of intelligence about terrorist plans and intentions. Rather, current collection is largely sufficient for the task at hand, and we should be skeptical of any proposals or arguments that suggest otherwise. This is why I am skeptical of arguments such as those recently made by FBI Director Comey regarding the “going dark” problem.
Comey suggested that Apple and Google’s recent decisions to encrypt data on mobile devices would significantly hinder the FBI’s investigative efforts. According to Comey, “Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority.” This simply is not true when it comes to preventing terrorism. The cases above demonstrate that those charged with protecting our people have the information they need to prevent terrorist attacks. Whether they do actually prevent those attacks depends upon factors outside of the traffic.
Second, this pillar puts the intelligence community in a very difficult bind. After every successful terrorist attack, intelligence will be found in hindsight that could have allowed analysts to disrupt the attack. This means that every successful attack can and will be characterized as an intelligence failure or a failure to “connect the dots.”
Sometimes this charge will be unfair. Simply because intelligence reporting is identified in hindsight does not mean that it is always legitimate to expect analysts to have found and acted upon that information with foresight. Intelligence necessary to disrupt a plot might be buried beneath mounds of other intelligence reporting. This was actually the case with the Christmas Day attack; it would have been exceedingly difficult for any analysts, no matter how dedicated or smart, to correctly link the various bits of information that were available before that attack. This is basically what the Senate investigation into that attack concluded.
The “failure to connect the dots” charge is an easy one to make politically, regardless of its merits. No matter how well tuned and effective our current counterterrorism apparatus is, terrorist attacks will almost certainly occur. While we might demand perfection from our intelligence and law enforcement communities, we can’t reasonably expect perfection. And when those attacks occur, the second pillar tells us that intelligence will be found that could have been used to prevent the attack. This creates a lose-lose proposition for the intelligence community.
It is a trope within the IC that the public only ever hears about failures and never successes. When all the intel an analyst needs is already in cable traffic, every analyst has an opportunity to be part of those successes and responsible for those failures.
Photo by Matthias Rosenkranz, available at https://www.flickr.com/photos/rosenkranz/2789694956/