Second, the basic tendency within any intelligence organization (or any organization, for that matter) is to trust its own people, who have been vetted and cleared. They work with one another every day. Familiarity can lead to lowering one’s guard or being unwilling to believe that one’s own people may have gone bad. This appears to have been a problem in uncovering the espionage of Ames; the CIA was slow to look inward for the cause of severe losses of assets in Moscow. It was originally thought that Hanssen escaped detection for more than twenty years because of his familiarity with U.S. counterintelligence policy and techniques. However, a 2003 report by the inspector general of the Justice Department (the FBI is part of that department) found that internal laxity and poor oversight allowed Hanssen, who was portrayed as erratic and bumbling, to avoid detection. Most telling, the FBI first concentrated on a CIA officer when hunting for the spy who turned out to be one of their own—Hanssen. It is easier to believe that the problem lies in another agency.
But the alternative behavior—unwarranted suspicion—can be just as debilitating as having a spy in one’s midst. James Angleton, who was in charge of the CIA’s counterintelligence from 1954 to 1974, became convinced that a Soviet
mole
—a deeply hidden spy—had penetrated the CIA. Some believed that Angleton was reacting to the fact that a close British associate, Kim Philby, had turned out to be a Soviet agent. Angleton was unable to find the mole, and some believe that he tied the CIA in knots by placing virtually anyone under suspicion. Some suggested that Angleton himself was the mole and that he created a furor to divert attention. Angleton remains a controversial figure, but his activities give some indication of the intellectual issues that can be involved in spying and counterintelligence.
For many years counterintelligence was a major source of friction between the CIA and the FBI. Some of the friction was a legacy of long-time FBI director J. Edgar Hoover’s resentment toward the CIA and that agency’s reciprocation of Hoover’s feelings. The friction also stemmed from differing views of the problem. A discovered spy is a problem as well as a
counterespionage
opportunity that the CIA may wish to exploit. Counterespionage can be thought of as a subset of the larger counterintelligence issue. CI seeks to thwart or exploit any and all attempts to undercut or penetrate intelligence activities. Counterespionage works against the HUMINT aspects (both offensive and defensive) of the Cl problem. For the FBI, spying is a prelude to prosecution. As late as the Ames case of the early 1990s, the CIA and FBI were not coordinating their counterintelligence efforts, which probably prolonged Ames’s activities. As a result of his arrest and the subsequent investigation, the CIA and FBI created a jointly staffed counterintelligence office to correct the mistakes of the past.
Like so much else in intelligence, suspicions of espionage may not always be proven. The case of Wen Ho Lee, a scientist at Los Alamos National Laboratory, is instructive but complex. In brief. Lee’s case came up hard on the heels of a congressional report put out by the Cox Committee (U.S. House Select Committee on U.S. National Security and Military/ Commercial Concerns with the People’s Republic of China, 1999), which was headed by Rep. Christopher Cox, R-Calif., and investigated a series of allegations about Chinese spying that largely targeted high-end technology, including U.S. nuclear weapons designs. Given the issues involved, the Department of Energy (DOE) and the national laboratories were likely places to look. (A series of nasty arguments also played out in public between current and former DOE intelligence and counterintelligence officers, as well as between some of them and the FBI, over the issue of responsibility.) Lee, who was born in Taiwan, had been under investigation since 1994, but the investigation was fitful and inconclusive. He had downloaded some 400,000 pages of classified nuclear data unrelated to his work at Los Alamos. In 2000, Lee was arrested, charged with fifty-nine counts, and held in jail for more than nine months, mostly in solitary confinement. However, the government was unable to discover evidence of espionage, that is, passing the material to a foreign power. A Justice Department report castigated the FBI’s handling of the investigation, concluding that if Lee was a spy, the FBI let him get away, and if he was not a spy, the bureau failed to consider other lines of investigation. Lee was eventually released and agreed to plead guilty to one felony count of illegally downloading sensitive nuclear data. The case remains, at best, inconclusive. This calls to mind Scottish law, which gives a jury the option to return a verdict of “not proven,” instead of either guilty or not guilty.
In intermediate cases, officers come under suspicion for reasons other than espionage but still pose risks. A good example is Edward Howard, a CIA Directorate of Operations (DO) officer who was slated to be posted to Moscow in the 1980s. Howard was revealed to have ongoing drug and criminal problems that made the posting impossible. He was suspected of being a counterintelligence problem, but handling the situation was difficult. If sending him to Moscow was not an option, he would have to be reassigned or fired. If he were reassigned, he would still be in a position to see classified material even though he remained a security risk because of his personal behavior. Moreover, he would most likely feel aggrieved because of the cancellation of his overseas posting, making him an ever bigger risk. Alternatively, to fire him was risky, as he had thorough knowledge of DO tradecraft plus information about operations in Moscow. Once fired, it would be difficult, if not impossible, to keep watch on him. Ultimately, Howard was fired, but he was kept under FBI surveillance. He eluded surveillance (using techniques he learned as a DO officer) and fled to Moscow, claiming that he had not been a spy but had been driven away by the CIA. David Wise, a veteran intelligence author and sometimes critic of U.S. intelligence, interviewed Howard in Moscow and came away convinced that Howard’s disloyalty predated his flight.
Some who deal with counterintelligence make a distinction between
big CI
and
little CI.
If a spy is revealed in one’s organization it is important to determine the reasons why he or she went after specific information. Was this tied to some specific need or tasking or was it simply opportunistic? If one is able to answer this question it will reveal the nature of the penetration and the goals of the nation running the spy. All of this comes under “big CI.” Beyond this, there are still the specific issues surrounding the penetration: how it happened, how long it has been going on, who on the other side has been responsible for tasking and for running the penetration, what information may have been compromised, issues of tradecraft. All of these are “little Cl” issues. It is like the distinction made in military operations between strategy and tactics.
Once a spy has been identified and arrested, the intelligence community conducts a
damage assessment,
to determine what intelligence has been compromised. Having the cooperation of the captured spy would be useful. In the United States, this cooperation often becomes a major negotiating point between government prosecutors and the spy’s attorney: cooperation in exchange for a specific sentence or for consideration for the spy’s family. (The wives of Ames and Pollard also received short prison terms for their complicity in their husband’s espionage, serving five years and three years, respectively. Hanssen’s wife knew at least about his first period of espionage. However, she was allowed to keep the survivor portion of Hanssen’s federal pension.) As with everything else in counterintelligence, however, issues always linger. The most obvious is the degree to which the spy is being honest and forthcoming. Those conducting the damage assessment must avoid the temptation to use the fact of a discovered spy to explain intelligence losses that are unrelated to that person’s espionage. The focus must stay firmly on the intelligence to which the spy had access. More than one spy may have been operating at the same time, with access to the same intelligence. This appears to have been the case with Ames and Hanssen, whose espionage was contemporaneous and who had access to some of the same intelligence. Thus, the Hanssen damage assessment likely required a reexamination of the Ames damage assessment, perhaps without any definitive conclusions. The Soviets or, later, the Russians could have used one set of information to confirm the other, thus having Ames and Hanssen ironically confirming each other’s bona fides as useful spies.
Double agents raise a host of concerns about loyalty. Have they been turned, or are they playing a role while remaining loyal to their own service? Investigations of U.S. citizens suspected of spying bring up legal issues because of constitutional safeguards on civil liberties. Domestic phones can be tapped, but only after intelligence agents have obtained a warrant from a special federal court (the Foreign Intelligence Surveillance Act Court), which was set up by the Foreign Intelligence Surveillance Act of 1978 (FISA, pronounced “fy-za”). Agents also use other intrusive techniques, such as listening devices in the suspect’s home or office; searches of home or office when the suspect is absent, including making copies of computer files; and going through garbage.
Prosecuting intelligence officers for spying was a major concern for the intelligence agencies, which feared that accused spies would threaten to reveal classified information in open court as a means of avoiding prosecution. This is known as
“graymail”
(as opposed to blackmail). To preclude this possibility, Congress in 1980 passed the Classified Intelligence Procedures Act (also known as the Graymail Law), which allows judges to review classified material in secret, so that the prosecution can proceed without fear of publicly disclosing sensitive intelligence.
In 1999, as part of government-wide response to revelations about Chinese espionage, the FBI proposed splitting its National Security division into two separate units, one to deal with counterespionage and the other with terrorism. In 2003, the FBI created an Intelligence Division, concentrating primarily on terrorism. The 2004 intelligence legislation formally recognized the new office as the Intelligence Directorate. The FBI also proposed broadening the National Security Threat List, on which it assesses counterespionage threats, to include corporations and international criminal organizations as well as foreign governments.
In June 2005, President George W. Bush ordered a restructuring of both the justice Department and the FBI. The position of assistant attorney general for national security has been created, overseeing counterterrorism, counterespionage, and intelligence policy. The FBI now has a National Security Branch, which oversees the new Directorate of Intelligence and the Counterterrorism and Counterintelligence Divisions, and the Weapons of Mass Destruction Division. The National Security Branch is headed by an executive assistant director, who comes under the DNI for coordination of activities and budget. Interestingly, the branch deputy is a senior CIA officer.
In addition to the FBI, which has the primary CI responsibility in the United States, and the CIA, the Defense Investigative Service and the counterintelligence units of virtually all intelligence agencies or offices share some CI responsibility. The diffusion of the CI effort reflects the organization of the community and also highlights why coordination on CI cases has been problematic. To remedy this, Congress, in 2002, passed the Counterintelligence Enhancement Act, which called for the creation of the National Counterintelligence Executive (NCIX). The NCIX is the head of U.S. counterintelligence and is responsible for developing counterintelligence plans and policies. This includes an annual strategic CI plan, a national CI strategy, and the oversight and coordination of CI damage assessments. The NCIX directs the Office of the National Counterintelligence Executive, which had been under the office of the DCI. The intelligence law of 2004 puts the NCIX under the new DNI. NCIX has no control, however, over the agencies or offices that conduct counterintelligence. Therefore, there is something of a disconnect between the office creating a fairly broad and general strategy and those offices responsible for actually conducting counterintelligence.
LEAKS
Leaks are a constant security concern. They may not be seen as being as dangerous as an espionage penetration but they can have obvious counterintelligence concerns, because leaks often entail the unauthorized release of classified information. It is a generally held view that the leak problem is much worse now that it has ever been, but this perception was prevalent through much of the latter twentieth century. (President Franklin Roosevelt, decrying leaks during his tenure, wondered why the British had so many fewer leaks, even though Britain had freedom of speech and tea parties.)
Once a leak occurs, the agency whose information has been compromised can ask the Justice Department to open a criminal probe. However, there are two immediate impediments. The first is that in most cases, too many people have had access to the information to be able to pin down the source of the leak. The second is the legal basis for prosecuting a leak. There is no single statute covering leaking. The Intelligence Identities Protection Act (1982) makes it a crime for someone who has access to classified information to reveal the identity of a covert agent. It is also a crime to engage in a “pattern of activities” intended to reveal the identity of a covert agent or agents. This law was passed in reaction to the 1975 assassination of Richard Welch, the CIA chief of station in Athens. The “pattern of activities” clause was aimed at individuals such as former CIA officer Philip Agee, who made a practice of revealing the identity of CIA case officers overseas after he quit the CIA. This act was also initially at issue in the 2003 revelation that Valerie Plame was a CIA officer, which was part of the larger Iraq weapons of mass destruction (WMD) controversy. However, Lewis Libby, then chief of staff to Vice President Cheney, who became the focus of the leak investigation, was convicted in 2007 of obstruction of justice, perjury, and making false statements to federal investigators, and not of the leak itself.