Last Saturday, January 31, CIA Inspector General David Buckley resigned after a little more than four years in office. His departure came at the end of the same month his office published a scathing report that found the agency committed serious wrongdoings in connection to its rendition, detention, and torture program. It was also the same month that his report was swept aside by a parallel investigation conducted by a CIA “Accountability Board” that was hand-picked by agency leadership. Unsurprisingly, the Accountability Board recommended holding no one accountable for any failings.
The CIA Accountability Board report on the agency’s search of Senate Select Committee on Intelligence (SSCI) staffers’ computers continues a disturbing pattern: First, the CIA commits serious misconduct. Then, the CIA’s internal, independent watchdogs in the Office of the Inspector General (OIG) investigate and document the misconduct. Next, CIA management overrides the inspector general’s findings, excuses the misconduct, and either imposes inadequate sanctions or decides not to discipline anyone at all.
This pattern is documented in the executive summary of the Senate torture report. The intelligence committee found that misconduct like killing or injuring prisoners, using unauthorized interrogation techniques, detaining people unlawfully, or providing inaccurate information about the program “did not result in appropriate, effective, or in many cases, any corrective actions.”
In fact, the Senate study describes incidents where CIA leadership intervened to ensure that no one would be held accountable for homicide and wrongful imprisonment. The first was for the death of Gul Rahman at the CIA’s “COBALT” detention site in November 2002. Rahman died of hypothermia after an official identified in the report as CIA OFFICER 1 ordered that he be shackled to the wall of his cell so he had to rest on the bare concrete floor, naked from the waist down. Yet four months after Rahman died, the CIA Station in Afghanistan recommended that CIA OFFICER 1 “receive a ‘cash award’ of $2,500 for his ‘consistently superior work.’”
When a CIA Accountability Board recommended in 2005 that CIA OFFICER 1 be suspended for ten days without pay due to Rahman’s death, the CIA’s Executive Director overrode that minimal punishment, and no one was disciplined at all for the homicide. This is just one of several examples of the agency failing to hold employees accountable, or imposing minimal consequences for egregious errors.
While the CIA’s official response to the Senate torture report acknowledges “significant shortcomings in CIA’s handling of accountability” for failures and abuses that occurred during the rendition and black site program, it still does not recommend any corrective action. The response instead states that the agency “do[es] not believe it would be practical or productive to revisit any [rendition, detention and interrogation program]-related case so long after the events unfolded,” thinking it sufficient to say:
Looking forward, the Agency should ensure that leaders who run accountability exercises do not limit their sights to the perpetrators of the specific failure or misconduct, but look more broadly at management responsibility and more consistently at any systemic issues … [N]o board should cite a broader issue as a mitigating factor in its accountability decision on an individual without addressing that issue head on.
The CIA Accountability Board’s December report on the agency’s search of Senate computers is the first test of whether these reforms have any meaning or effect. And the answer is: they do not. As before, the CIA has overridden the Inspector General’s findings, decided to hold no one accountable, and failed to address the crucial underlying issues.
The OIG released its report about the agency’s search of Senate staffers’ computers on the same day that the CIA released the Accountability Board report. The OIG report was completed in July 2014, but was withheld for months from both the public and from most of the Senate staffers whose network drives the CIA had searched. The result? The OIG’s findings have been overshadowed by the Accountability Board’s much less independent and credible report.
Over and over, the OIG report corroborates and expands on the allegations in Sen. Dianne Feinstein’s (D-Calif.) March 2014 floor speech on the CIA’s search of SSCI computers and attempts to refer Senate staff for prosecution. Meanwhile, the Accountability Board rejects the OIG’s conclusions in favor of the self-justifications offered by the CIA employees responsible for the search of Senate computers and unfounded criminal referral against Senate staff.
A. The CIA Lawyer’s Memo
One of the central figures in the dispute between the CIA and its Senate oversight committee is the unnamed lawyer in the agency’s Office of the General Counsel who initiated the search of Senate computers. A five-page memo by this attorney rationalizing his actions is included as an appendix to the OIG report. This memo reflects a disturbing tendency to treat oversight as a crime, which the OIG rightly rejected but the Accountability Board Report concludes was “reasonable.”
The lawyer states that by January 9, 2014, he became suspicious that Senate staffers had seen “classified, draft, pre-decisional, privileged documents” that the CIA never wanted them to see. These are the documents known as the “Panetta Review.” According to multiple accounts, unlike the CIA’s official response to the Senate torture report — which, according to Senator Feinstein, the lawyer delivered to the committee — the Panetta Review concedes that the agency deceived policymakers about torture for years.
In response, the CIA lawyer assigned IT staff to search Senate staffers’ side of RDINet, the computer network that staffers used to review documents for the torture study. The attorney presents himself as having not only the legal right, but also the duty, to take these actions because of the CIA’s statutory obligation to protect “sources and methods.” He claims that the letters exchanged between then-CIA Director Panetta and Senators on the Intelligence Committee about RDINet in 2009 did nothing to limit the CIA’s authority to investigate a “possible security breach” and the CIA “could not have lawfully done so.”
The attorney also presents himself as having the active support of CIA Director John Brennan in his investigation of Senate staff. His memo states that on January 10, 2014, Brennan “directed [him] to pursue all available options to determine how the documents came to be on the SSCI side of the system.” The next day, Brennan called him at home, and “emphasized that [the lawyer] was to use whatever means necessary to answer the question.”
The memo also states that Brennan eventually ordered a “pause” in the investigation to notify the intelligence committee leadership of the investigation. This was contrary to the lawyer’s advice that “the conduct in question could be criminal,” and that informing the Senate “would result in the potential targets of the investigation — SSCI staff — being informed of the investigation, and would permit them to ‘get their story straight’ prior to being interviewed by Agency security officers or law enforcement.” But the attorney also claims that Brennan subsequently assured him that he “supported all [of the lawyer’s] actions in this matter.”
B. The OIG Report
The OIG report decisively rejected the CIA lawyer’s rationale for searching Senate computers, and instead finds that he and four other CIA employees acted “improperly” when they accessed Senate staffers’ drives.
The OIG report bases this conclusion in part on “a series of written letters” between Panetta, Feinstein, then-Vice Chairman Kit Bond (R-Mo.) and their staffs, that demonstrate “a common understanding reached between the CIA and the SSCI.” Those documents state repeatedly that the Senate side of the RDINet network would be “walled off,” accessible only to the committee and to CIA IT technicians for routine maintenance and monitoring. Both CIA and Senate documents reflect an agreement that any additional CIA access had to be specifically “authorized by the Committee or its staff.”
The OIG report concludes that the CIA’s searches of the Senate network violated this agreement. The report’s description of the searches is heavily redacted, but makes clear how far CIA employees strayed from routine network administration or monitoring. For example, following instructions from CIA lawyers, IT personnel “set up a user profile on RDINet that was configured with the same privileges as a SSCI Majority staff user.” They used this dummy account to “run Google queries with the same permissions as a SSCI staffer to see what they were able to view in their search results,” and to open some of the documents.
There were also additional searches of Senate drives, with involvement by the CIA’s Counterintelligence Center as well as IT personnel. These searches were clearly conducted without the intelligence committee’s knowledge or consent.
Regarding the CIA lawyer’s claim that Brennan told him to “use whatever means necessary” to find out how Senate staff had accessed the Panetta review, Brennan did not deny that the phone call occurred, but said there was “a difference in emphasis” between what he told the CIA lawyer and what the lawyer wrote in his memo. According to the OIG report, “Brennan stated that he would never used those words and had not stated that … Brennan stated that he wanted to know how the documents got to the SSCI side but did not direct anyone to review SSCI systems.” On January 14, 2014, Brennan reportedly ordered CIA personnel to “stand down” from further investigations of Senate staff until he could brief the intelligence committee’s leadership. Despite this order, on January 16 and 17, the CIA’s Office of Security’s Cyber Blue Team conducted another search of Senate staff drives. OIG found that this review included a “keyword search of all and a review of some of the emails of SSCI Majority staff members” on the RDINet system.
On February 7, 2014, the CIA’s Acting General Counsel Robert Eatinger (whose name is redacted from the OIG report) filed a crimes report against Senate staff with the Department of Justice. The OIG report found that the crimes report “was unfounded,” in part because Eatinger “had been provided inaccurate information on which the letter was based.” In particular, the OIG wrote:
[T]he crimes report stated that SSCI staffers might have exploited a software vulnerability on RDINet to obtain access to the [Panetta Review documents], in violation of the Computer Fraud and Abuse Act … The report was solely based on inaccurate information provided by the two [Office of the General Counsel] attorneys [to the Office of Security].
The OIG report found that there was indeed “a vulnerability” with the Google search tool that the CIA provided to the committee, which was “not configured to enforce access rights or search permissions within RDINet and its holdings” from 2009 to April 2013. But contrary to the CIA lawyer’s memorandum and the crimes report to DOJ, OIG found no evidence that Senate staff had deliberately “exploited” this flaw until CIA personnel “confronted them” with inappropriately accessed documents. Rather, it was SSCI staff who brought the vulnerability to the CIA’s attention. On November 1, 2012, a SSCI staff member alerted CIA staff that the search tool “was indexing the Majority staff work product on a shared drive,” and asked them to make it stop. The CIA did not act on this request for months. Then in 2013, a SSCI staff member requested “a number of detainee videos not provided to the SSCI by the CIA,” based on a spreadsheet that a CIA employee recognized as being from the Panetta Review. After this incident, in April 2013, CIA IT staff finally discovered and repaired the flaw with the Google search tool.
These actions are not consistent with Senate staffers knowingly “exploiting a vulnerability” in a CIA firewall. They are consistent with the CIA providing a Google search tool that did not work the way it was supposed to work. As Senator Feinstein said on the Senate floor in March 2014,
[C]ommittee staff did not “hack” into CIA computers to obtain these documents as has been suggested in the press. The documents were identified using the search tool provided by the CIA to search the documents provided to the committee.
That is not a crime or anything close to a crime. But the Accountability Board, handpicked by Brennan, has concluded that it was “reasonable” for CIA attorneys to treat it as one.
C. The Accountability Board Report
The Accountability Board rejects one after another of the OIG report’s conclusions, and recommends against pursuing any form of discipline or accountability for any CIA employee.
Contrary to the OIG report, the board found that the 2009 letters between Feinstein and Panetta did not create any binding agreement about the CIA’s access to Senate drives on RDINet. As evidence of this, the board cites occasions when Senate staffers asked for CIA personnel’s assistance to locate documents on the Senate side of the network, and incidents where CIA documents disappeared from the Senate drives without notice. But the former is consistent with the CIA’s agreement to access the Senate side of the network only with SSCI’s authorization, and Feinstein has made clear that she viewed the latter as a violation of SSCI’s agreement with CIA.
The Accountability Board’s assertion that there was no binding agreement between the committee and the agency contradicts not only Feinstein and the OIG, but the CIA’s position in ongoing litigation. When the CIA is trying to argue against Freedom of Information Act lawsuits for access to the full torture report, it portrays the letters between Feinstein and Panetta in 2009 as stating binding “condition[s] on which SSCI insisted.” When it is trying to justify searches of Senate staffers’ computer drives, the CIA portrays those same letters as barely relevant, let alone binding.
Because the accountability board found that there was no written agreement governing CIA access to the Senate drives on RDINet, it evaluated the searches under a “reasonable person” standard. It found that all searches conducted before Brennan ordered the searches stopped were “reasonable” attempts to balance the need “to ensure that a CIA system containing substantial sensitive material was secure,” and the need “to safeguard the prerogatives of the Senate.” Only the Cyber Blue Team review of Senate emails is conceded to be “inappropriate,” though the board said it was “benign in intent.”
The conclusion that the search was reasonable rests partly on National Security Act of 1947 requirement “to protect sources and methods from unauthorized disclosure.” But the board never mentions the National Security Act’s statement that:
Nothing in this Act shall be construed as authority to withhold information from the congressional intelligence committees on the grounds that providing the information to the congressional intelligence committees would constitute the unauthorized disclosure of classified information or information relating to intelligence sources and methods.
The board also entirely fails to mention the Speech or Debate Clause of the United States Constitution, which states that “for any Speech or Debate in either House, [Senators and Representatives] shall not be questioned in any other Place.” The Supreme Court stated in Gravel v. United States that the clause “was designed to assure a co-equal branch of the government wide freedom of speech, debate, and deliberation without intimidation or threats from the Executive Branch,” and held that it applied to staff as well as members. Other Supreme Court precedent makes clear that committee oversight activities are protected, as well as speeches in the Senate chamber.
Incredibly, the Accountability Board report repeatedly cites the need to preserve the CIA’s relationship with the Senate as a justification for searching Senate computers without informing the committee. The board writes that the initial search was “reasonable given the embarrassment to the Agency and harm to the Agency-SSCI relationship that would have resulted from a false allegation.” Further searches were “reasonable” because “this was no normal potential security problem; it involved the United States Senate,” which made it more important to “have explored all alternatives and possible solutions before the problem was confirmed and the D/CIA would have raised it with Senate leaders.”
But the CIA lawyer’s memo makes it very clear that the purpose of not informing the Senate was not to verify evidence and explore alternatives — which could have been accomplished through dialogue with the committee. The purpose was to gather evidence for a potential criminal prosecution of Senate staff, before Senators could protest or staff could “get their stories straight.” The agency went on to file an inaccurate crimes report against Senate staff with the Department of Justice — a fact that the Accountability Board does not dispute, but barely acknowledges. It is hard to think of anything that could be more damaging to the oversight relationship that the CIA and the White House claim to value so highly. But the Accountability Board fails to identify who was responsible for the inaccurate report to DOJ, fails to recommend that anyone be disciplined for it, and fails to recommend any safeguards against a repetition of the incident.
D. Analysis: Does the CIA Answer to Anyone?
For all the flaws in the CIA lawyer’s memo, one thing is clear. He and other CIA employees did indeed have Brennan’s full support for the actions they took against Senate staffers. Brennan personally selected every member of the Accountability Board — three of whom are current CIA officers — and the CIA has unreservedly accepted its conclusions.
The details of the OIG and Accountability Board reports are important, but the larger context is equally significant.
Senate staffers spent six years investigating a state-sanctioned program of torture by the CIA. They uncovered evidence of horrible brutality in violation of federal law, and years of deception to the Congress, the public, and the Department of Justice. Meanwhile, no CIA officers have faced criminal charges for torturing prisoners, and none are likely to, for reasons the DOJ refuses to publicly disclose. Many officers involved in the program’s worst abuses have been repeatedly promoted instead of facing discipline. In contrast, the DOJ prosecuted a former CIA officer for leaking information about the torture program to the press.
I know some of the staffers who wrote the torture report, including the probable subject of the crimes report to the DOJ. They do not leak and have never been credibly been accused of leaking. They do not confirm or deny information that is officially classified, no matter how obvious it is or how many years it has been in the public domain. They scrupulously continue to follow the classification restrictions that the CIA and the committee placed on them, no matter how absurd those restrictions are or how severe the crimes they conceal.
Nevertheless, the CIA searched their computer drives and their emails, and referred them to the DOJ for prosecution. Why? Because, in the course of an official Senate investigation into the torture program, they used a CIA-installed Google search tool to find CIA documents about the torture program. They read the documents, despite the fact that they contained a questionable stamp of “privilege,” and preserved them when they thought they were in danger of destruction. The staffers’ actions were not crimes or a security breach justifying a search of Senate computers. Their actions were oversight of an agency in sore need of it.
If I were an intelligence community whistleblower, or a foreign victim of a human rights abuse by the intelligence community, the staffers who wrote the SSCI report would be my first phone call in the U.S. government. If they are not safe from surveillance or retaliation by the intelligence community for conducting oversight — despite the protection of powerful politicians and the Speech or Debate Clause — we are all in trouble.
Congress wrote the National Security Act of 1947 and provides the intelligence community’s budget; it does not have to allow the CIA to twist the Act to justify spying on its oversight committee. It could amend the National Security Act and similar statutes to place meaningful limits on the definition of “intelligence sources and methods;” right now, there are none. Congress could place statutory limits on the use of dubious claims of “deliberative process” and other executive privileges to withhold essential documents like the Panetta Review and Office of Legal Counsel memos from Congress. The intelligence committees could amend their own rules to lessen the restrictions on sharing basic information about the legislative and oversight process with the public, and to increase staff access to the information they need to conduct oversight. They could push the CIA to appoint a new Inspector General as soon as possible, and use the annual intelligence authorization bill to improve the CIA Inspector General’s authority to conduct investigations and notify Congress of their results. (Senator Feinstein suggested the Executive Branch improve Congress’s and the Inspector General’s access to information in early January, but the administration has largely disregarded these recommendations).
These changes are unlikely to succeed in the short run, with the new chair of the Senate Intelligence committee actively hostile to oversight. But a member of Congress proposing them would be a start.