The Spy Who Billed Me

Longstanding rumors about the imminent demise of the Pentagon's Counterintelligence Field Activity's (CIFA) seems to be finally proving themselves to be true.  The New York Times reports today that the Department of Defense Deputy Director for Intelligence, Gen. James Clapper, has recommended dismantling CIFA.  CIFA was involved in controversial domestic spying programs. 

CIFA's had a key role in the Duke Cunningham scandal and the prominent role intelligence contractors play at CIFA. 

The NYT neglected to mention that CIFA is the government's most heavily outsourced intelligence agency. Over 30 corporations provide 90% of CIFA's staff--that's a blue green ratio of 1:9.    CIFA's prime contractors are the usual suspects such as SAIC. 

The DoD Inspector General has found inconsistencies between CIFA's procurement practices and procurement regulations that have resulted in overpayment for office space.  CIFA was involved in further "inconsistencies" between procurement law and its multimillion dollar contracts with MZM, a benefactor of former Congressman Duke Cunningham.

The center piece of CIFA's domestic intelligence programs was the TALON database which logged unconfirmed reports of "suspicious" incidents within the US.  These suspicious incidents have included various protests by peace groups, including Quakers.  The Pentagon announced in August 2007 that it was shuttering the TALON program, effective the following month.  Without the TALON data to sift through, it's unclear what CIFA contractors have been doing in the interim.

One possibility is noted by the NYT is mentioned in documents obtained by the ACLU:

Newly declassified documents released on Tuesday shed more light on another activity coordinated by the Pentagon’s counterintelligence office, issuing letters to banks and credit agencies to obtain financial records in terrorism and espionage investigations.

Despite its rather verbose mission statement, CIFA's purpose has been nebulous since its creation by former Secretary of Defense Donald Rumsfeld. 

Many consider CIFA to be the largest boondoggle in the Intelligence Community.   

Is there any way one can figure out some of the CIA's most highly guarded secrets from a corporate website? 

Absolutely.   

I’ve done it.   (And you can count on it that America’s friends and enemies alike have, too.) 

Recently while researching a piece for The Spy Who Billed Me, I took a break and reviewed my internet logs to see who was curious about my recent writings on the black sites.  Among hundreds of hits on the page (and thousands in the logs), one in particular jumped out.  It was a single page view that lasted for some fifty seconds and it came from an unmasked site, a common signature.  I backtracked it and was shocked at what I found.   

Typically members of the Intelligence Community have their IPs masked when they visit the blog, living no fingerprints, but not this one.  The hit was from a company I had never heard of before, but with less than a minute on their site, I knew I had discovered one of the Intelligence Community's most secretive contractors, one of the A teams.  The big surprise was that this corporate website leaked secrets like Zubaydah after his first thrifty-five second waterboarding.

I'm sure many are skeptical that a contractor would reveal clandestine ops on their sites, but keep in mind their sites are also marketing themselves to the corporate world and sometimes they say a little too much, believing that they have coded their information enough to protect it.   

So let's see what can be deduced from an open source, available to all of America's friends and enemies on the world wide web. We’ll dissect the company's website and see just how well intelligence outsourcing is working from an operational security perspective. 

(Note:  Not that every intel agency worth it's salt hasn't already scooped up this info, but out of respect for Intelligence Community sensibilities, I'll call the Dulles toll road corridor contractor "Heckle and Jeckle Gizmos" and I won't quote directly from the site.) 

Now the first question when reviewing Heckle and Jeckle's site, or any contractor's for that matter, is to ask: who do these guys work for?  This can help quickly zero in on what they're up to.   

Heckle and Jeckle boast that most of their employees have TS/SCI clearances, many based on a particularly thorough procedure, the highest level of security clearances. There are but a handful of government agencies that require this for contractor access and really only two major intelligence agencies that do so. One of them is located in Langley, Virginia a couple of miles from the eastern entrance to the Dulles Toll Road and it has well-known, overt satellite offices stretching out west thereon at various exits. The other is located in Ft. Meade, Maryland.   

For those who live as far out of the Beltway as I do, these clearances suggest that Heckle and Jeckle are doing business with the CIA and NSA.

The specific governmental entities Heckle and Jeckle provide outsourced services for can be quickly narrowed down though the geography of their corporate offices which are located near Dulles airport in northern Virginia; in Cumberland County, North Carolina; Virginia Beach, Virginia and Tampa, Florida and if we dig a little we discover they have staff co-located at an Annapolis Junction Maryland facility.  To the uninitiated, that means they contract with the CIA, work extensively with Army and Navy tier-one Special Forces Teams as well as Special Operations Command (SOCOM) with a little NSA thrown in.   

When it comes to who is working for whom in the Intel Community, geography doesn't lie:  Location, location, location. 

For purposes of our analysis, the next question then becomes , what is Heckle and Jeckle's specialty?  According to their site, it's specialized communications, including nonattributable communication systems and communications devices that function in hostile environments.  In fact, their employees have experience working in hostile and denied areas and have immediate availability to deploy as part of a team or alone to ply their trade abroad or in the US.  (Private domestic spying, anyone?) 

Go-bags packed, ready to deploy with teams raises the obvious follow up question: which teams?   

Anyone know any teams in Virginia Beach or Fayettenam? 

And where would they be tagging along with these Special Forces teams?  Maybe to the Special Forces Club in London, but Heckle and Jeckle’s employees' background suggests foreign hostile or denied areas.   

Now what could they possibly do in hostile, denied or politically sensitive areas?   

Again, the contractor’s website gives us the answer:   Heckle and Jeckle's comm equipment has offensive and defensive capabilities.   

Offensive communications--can you say clandestine ELINT and SIGINT collection?   

In laymen's terms, setting up in a house that happens to be in the path of a highly directional signal or on top of just the right cable, but in this case the metaphorical houses are probably in such friendly spots as Iran or wherever the yellow brick road of GWOT contracting leads. 

To pull the conclusions of our open-source intelligence (OSINT) together, Heckle and Jeckle teams stand ready, custom-designed high-tech gadgets in hand, for clandestine missions in enemy territory to covertly and remotely intercept foreign communications or penetrate information systems.  This can be done independently or in conjunction with SEAL or Delta or other secret squirrel teams on behalf of SOCOM and the CIA.   

In other words, they set up black sites albeit a different type than has been in the news lately.  To put it into context, such black sites such as covert listening posts in hostile territories and even in friendlier ones where discovery could create international tensions count among the Intelligence Community's blackest secrets.  And now, thanks to the About page on Heckle and Jeckle's website, we know that the CIA is outsourcing this to Heckle and Jeckle, whose identity would make it somewhat easier to uncover the black collection sites.   

Now that's serious OPSEC. 

(We can only hope that they outsource the cover aliases they use when establishing and serving these sites.)

Digging inside the website, particularly into its previous versions which can be found in the internet archive, we can create an even more revealing picture of what Heckle and Jeckle are up to.   

From job descriptions for various types of engineers they're seeking, we learn that their main facility is near the Dulles Toll Road in northern Virginia.  Since contractors tend to locate their main facilities near their contracting agencies, this suggests that the bulk of their work is for the Directorate of Science and Technology (DS&T) at the CIA, the relevant offices of which are conveniently located nearby. No surprise.  DS&T provides the equipment that the National Clandestine Services uses to do its job.

In 2005 the firm began posting job openings (although it's questionable how many linguists and engineers know enough about H&J to to go directly to their site looking for a job.)  These are rich with details indicating various clandestine programs, OSINT just waiting to be scooped up.

Here we learn that Heckle and Jeckle are seeking subject matter experts (SME) in Arabic to work with its customer's teams in Annapolis Junction, MD.  This can only be the National Security Agency.  The NSA is primarily made up of contractors and providing them with SMEs is nothing special.  Let's move on.   

Heckle and Jeckle also brag about a micro-electromechanical facility which becomes particularly interesting in conjunction with their job openings announcements.  Reviewing the skill sets they're looking for, it quickly becomes apparent that they design and program their own computer chips, so they're clearly creating proprietary cutting-edge gadgets.  It's notable how frequently they're searching for engineers with experience in one of the most miserable operating systems for mobile devices:  Windows mobile.  They're also regularly seeking programmers versed in another mobile device language:  Symbian.  Now this information taken in conjunction with their specialty and their prior claims of micro-electromechanical facilities suggests they're designing and creating a lot of mobile, hand held covert communications devices.   

And here I'd venture a pure guess that these are probably designed to look like standard run-of-the-mill Treos and other smart phones, blending their “intelligent phones” into the mobile world.  The largest consumer of such gizmos is, of course, the CIA's DS&T, adding to suspicions that Heckle and Jeckle is a major DS&T contractor.  The primary use of such covert communications gear is for communications with nonofficial cover officers (NOCs) and agents.  So the information on Heckle and Jeckle's site suggests that they are likely designing and creating the latest must-have accessories for NOCs and agents, a far cry from the clunky COVCOM gear of yesteryear.   (And from the Agency's point of view, knowledge of this would be a serious security breech.  Keep in mind the CIA does not even allow contractors to acknowledge their affiliation with the Agency, let alone divulge the programs they are working on, particularly such sensitivities ones.)

Not only have CIA programs been compromised, so have SOCOMs.  Judging from the job postings for positions in Florida, Heckle and Jeckle are doing data mining and analytical work for SOCOM.  Among other things that can be deduced, they search for relational patterns of terrorist activity and affiliations, looking at a wide array of seemingly innocuous relationships using open source and clandestinely gathered data, particularly focusing upon financial transactional data.  I'm betting they have a very sophisticated quantitative model that they're constantly tweaking that underlies this process. 

Again, Heckle and Jeckle job postings give us hints to other SOCOM programs.  It appears that Heckle and Jeckle are involved in tracking SOCOM assets worldwide.  Moving beyond Heckle and Jeckle's own website to other open sources, it's possible to learn some of the specs of related handhelds including whose low-earth orbiting satellites they use.  Digging a little deeper, it's also possible to discover the code name of Heckle and Jeckle's RF geolocation program...

US national security is compromised by the Intelligence Community's heavy dependence upon corporations, corporations whose websites sometimes spill out some of the darkest government secrets to those who know how to read them.  Last week's revelations by D/CIA Hayden that CIA contractors have been involved in enhanced interrogation techniques at detention facilities (i.e. waterboarding at black sites) should make it clear even to the casual observer that private corporations are integrally involved in the Intelligence Community's most sensitive and secretive clandestine and covert programs.  Nothing is off-limits.  Corporate involvement in clandestine programs raises operational security concerns that only exist because these companies market their services to the private sector, capitalizing upon their exotic experience with the US government.   

In other words, we're taking risks with our national security, risks we don't have to take.  Perhaps some of the risk can be mitigated through restrictions upon contractor marketing and better contractor policing.  As a big fan of the private sector and of government outsourcing, I don’t like to think that the problem is inherent to outsourcing, but at the moment, it’s hard to imagine it otherwise.  A Congressional ban on using government contracting experiences for marketing purposes may be one partial solution.   

The Director of National Intelligence McConnell has been a strong proponent of increased use of open-source intelligence, OSINT.  It's overdue that the Intelligence Community takes OSINT for seriously counterintelligence (CI) purposes (and it comes as no surprise that CI uses of OSINT was a notable omission in the ODNI's Open Source Conference last summer.)  This needs to be immediately addressed--our national security depends upon it.  Eliot, are you listening?

I'm sure some in the Intelligence Community will be appalled that I have publicly posted this analysis, particularly since it involves a key clandestine player, but keep in mind, what I’ve done is an exercise in OSINT, an exercise the Intelligence Community should have done long ago.   Whereas the contents of this article might come as a surprise to intelligence professionals in Ouagadougou and Ulaanbaatar, they won't be in Moscow, Beijing or even Tehran.   

And they shouldn't be in McLean.

"Heckle and Jeckle" are the ones who posted the raw intel on their own website and they're the ones who left their corporate electronic footprints on my blog.  It's particularly ironic, since they're specialists in covert communications.  It's equally ironic that I've protected their identity when they’ve hardly bothered to hide our national secrets.   It is not my intent to hurt the company.

It's my sincere hope that as a result of this post, the Intelligence Community pays a little more attention to the operational security compromises of the divided intelligence contractor mission of serving the public interest while marketing those same services to the corporate world.  As I wrote in the Washington Post last summer, corporations have succeeded where few foreign governments have:  they've penetrated the CIA.  Now it's up to the Agency and the Intelligence Community to ensure that programs are not further compromised as a result of this wide-scale industrial penetration. 

***

(And if anyone needs assistance closing up the gaps from someone who discerns faint patterns within reams of seemingly unrelated data, I rent out for parties.) 

The National Counterterrorism Center (NCTC) has once again issued the National Counterterrorism Day Planner.  (The calendar is a whopping 24.5 MB, so only click on this link if you have the most robust of broadband connections--or a lot of time on your hands.  The basic content can be found here.)

The calendar itself is an interesting barometer of what the NCTC perceives as the greatest threats to the US in terms of groups, individual terrorists and types of threats.  It's no surprise that Bin Laden once again is the "Terror-mate" of the year, capturing the #1 position.  As expected, al-Zawahiri captured the #2 slot. 

The big upset was #3:  Abu Ayyub al-Masri, a relative new comer who does not even make the FBI's Most Wanted Terrorists list.  His high ranking is indication of how counterterrorism resources have lost their focus, thanks to Iraq.  Although Al-Masri only has $1 million on his head, this master of the Iraqi  vehicle-borne improvised explosive device (VBIED), edged out #4 al-Badawi who carries a $5 million bounty for his role in the USS Cole bombing as well as #5 al-Liby who also has a $5 million reward for his role in the East Africa US embassy bombings.

#6 Atiyah Abd al-Rahman is the other big upset, part of the $1 million club who beat other others in the elite $5 million set.   How did he do it?  One of the Administration's favorite four-letter words:  Iran.  According to the calendar, al-Rahman, "is the al-Qa'ida emissary in Iran...He recruits and facilitates talks with other Islamic groups to operate under al-Qa'ida."  The calendar also warns us that he "should be considered armed and dangerous."  You think?

Rounding out the top 10 are two members of the $5 million level and another newcomer who beat out several other $5 million scumbags.

#7 el-Maati (possible terrorist threats against the US, $5 million dollar man)

#8 al-Bahri (al-Qa'ida trainer, $5 million)

#9 Adam Gadahn (the American who has been in multiple al Qa'ida videos as a recruiter, $1 million.) 

#10 al-Quso (USS Cole attack planner and $5 million tango.)

Interestingly, Mullah Omar the former Taliban leader who carries a $10 million price on his turban, dropped to the #19 slot in October.

And not that politics would ever play into something like this, it is notable that two of the three non-Islamic terrorist groups that are profiled both are thorns in the Turkish government's side:  the PKK and the obscure Revolutionary People's Liberation Party/Front.  It almost seems as if someone is trying to make nice with the Turks--or at least convince them we share similar counterterrorist concerns.

The technical pages provide counterterrorism hints that, well, if our CT professionals need them, we are seriously f**ked.  The sage advice includes how to spot a "terrorist document:"

1. Physically altered passports 

2.Passports with serial numbers that are watch-listed as lost or stolen 

3.Handwritten documents that are easily forged or altered 

4. Multiple passports used by the same person with variations in the spelling/structure of the name and of date of birth 

5.Ambiguous or contradictory information submitted to consular or border control officials.

6.Absence of supporting documents to corroborate passport information

7. Passports with glued-in photographs

What about pages glued together because they did such a kindergarten glue job?  Then there's that telltale sign of UBL's name crossed out and "John Smith" scrawled over it.

My favorite nugget of wisdom came from a section "Radicalization: Myths and Reality:"

MYTH: There are visible “signs” of radicalization. 

REALITY: Changes in appearance during different stages of radicalization often are the same changes seen in individuals who are not being radicalized...

Beards?  Wrinkles?  Male pattern baldness?

Given that the NCTC is primarily staffed by contractors, it's a safe assumption that this important CT tool was created with heavy contractor involvement.  What I want to know is which contractors were involved in the production of this calendar and how many billable hours did they rack up? 

Day One. Partridge in a pear tree: During the night-shift at the NSA, Booz Allen contractors suddenly have their online Christmas shopping interrupted when Booz Allen proprietary counterterrorist data-mining algorithms note an unusual spike in internet chatter of “persons of interest” using the term “partridge in a pear tree.”  Their NSA Contracting Officer’s Technical Rep is alerted.

Day Two. Two turtle doves. At the NSA, SAIC contractors discover a correlation between “partridge in a pear tree” and “two turtle doves.”  The NSA notifies the CIA. CIA analysts who are new to the job due to high Agency turnover do not recognize the turtle-dove/partridge-in-a-pear-tree pattern, but speculate that the combination of phrases indicates that a terrorist plan may have gone operational.  The White House is briefed.

Day Three. Three French Hens. Sources on the ground in Paris are unable to corroborate indications of French involvement.  Officers in the National Clandestine Service suspect the French hens are a false-flag and secretly hope that the Russians are back in the game.  Due to strong political pressure from the White House, CIA analysts concede that the Iranian involvement cannot be ruled out.

CIA interrogators at a black site in Burkina Faso send a cable to Headquarters requesting permission to gut slap an al Qaeda detainee who may hold valuable information. 

Day Four. Four Calling Birds. At the behest of the Administration, AT&T, MCI, Sprint and Verizon all hand over their calling data to third-party data warehousing companies that do not face the same legal restrictions as the telcos, creating a rendition program of sorts for data. The data warehousers frantically sift through calls.

CIA interrogators at the African black site are frustrated when Headquarters requests more details about potential information that could be acquired from the detainee if he is slapped. They curse the lawyers and compose a response.  A senior contractor overseeing facilities management at the site quips that they should suggest the detainee may volunteer information about five golden rings, but he never thinks the kids running the interrogation would not get the joke.  The 26 year-old  case officer in charge of the interrogation cables Headquarters that the detainee likely holds information about five golden rings.

Day Five. Five Golden Rings. New NSA intercepts discover “persons of interest” discussing “Five Golden Rings.”  With this new development, CIA analysts suspect terrorists are plotting to use five dirty bombs to radiate large areas of US metropolitan areas.

The Deputy Director of National Clandestine Service is excited that one of the black site detainee may know about the golden rings. Over the objections of his Assistant General Counsel, the Deputy Director approves the slap.

Day Six. Six Geese-A-Laying. A blogger who monitors al Qaeda internet sites and chat rooms contacts the Office of the Director of National Intelligence to alert them to a suspicious discussion among al Qaeda sympathizers about "six geese-a-laying."  The ODNI passes the intel along to the CIA and NSA and as word of the sites spread among Intelligence Community members, the sites are slammed with new visitors from overt beltway bandit IPs in northern Virginia and Anne Arundel county in Maryland.  Suspicious al Qaeda webmasters shut them down.

Meanwhile at the black site, a CIA interrogator trained in enhanced techniques, slaps the al Qaeda detainee. A CACI green badger interpreter with no formal training in interpretation misinterprets the terrorist’s mumblings as "seven swamis."   

The interrogators cable Headquarters with the raw intel and request permission not only to attention shake the detainee, but to apply sleep deprivation techniques, justifying the request with their suspicious they might receive additional information about possible Indian involvement, which may actually turn out to be Iranian since both words start with “I”, end with “n”, and have between six and seven letters.

Day Seven. Seven Swans-A-Swimming. NSA contractors Raytheon, Booz Allen and SAIC have all picked up chatter about seven swans a-swimming.  SAIC analysts at the National Counterterrorism Center rack up billable hours trying to reconcile this with CIA intel concerning the seven swamis.  Raytheon analysts at Defense Intelligence insist that the seven swans-a-swimming indicates that seaplanes are bringing the dirty bombs into the country.  With strong pressure from corporate and the DoD which has been pushing for funding for a satellite-based seaplane early warning system proposed by Raytheon, Raytheon green badgers at the ODNI push hard for the seaplane analysis and win out.  It is included in the President’s Daily Brief.

At the Pentagon, with the support of DIA’s General Clapper, the Air Force claims it should be the lead. The Navy argues that since the swans are swimming and not flying, clearly this requirement falls under their command’s area of responsibility. The Marines stand at the ready, prepared to toast and roast, then eat the swans, whether in the air, land or sea.

All the while, CIA case officers at the black site stare at the detainee, waiting on a response to their cable. Junior officers are afraid if they don’t put the detainee to bed soon, they may be accused of torture and face possible legal actions. Just to be on the safe side, they offer a can of Red Bull to the detainee. The Office of Medical Services on-site physician takes the detainee's blood pressure.

Day Eight. Eight Maids-A-Milking. The Department of Homeland Security alerts TSA agents to be on the watch for breastfeeding mothers who may have terrorist involvement. It issues alerts to local authorities.

With an attack on the Homeland seemingly imminent, a Fusion Center in Sacramento is used to circumvent various federal privacy laws. In a piecemeal version of Total Information Awareness, federal, local and state databases are fused with private marketing databases. Contractors search through billions of records from phone and credit card and internet search companies to find breastfeeding behavioral patterns suggestive of terrorist involvement. They come up with an additional 226,351 persons of interest in the Golden State. The FBI and local authorities work overtime to investigate all leads. None turn up anything actionable, but the 226,351 persons of interest are added to the TSA’s No-Fly list anyway just as a precaution. As a result to the extra additions to the 600,000 strong list, holiday air travel is snarled.

At the black site, a cable is received approving administration of sleep deprivation. The 26 year-old case officer in charge of the interrogation is relived that his decision to push the envelope with the Red Bull has not endangered his career.  He’s secretly proud he’s carrying on the tradition of the Agency’s bad boys and starts calling himself “Captain Bull,” after the legendary, bat-wielding Beirut interrogator “Captain Crunch.”

Day Nine. Nine Ladies Dancing. Fearing more sexual harassment training seminars, analysts throughout the Intelligence Community dismiss intercepts concerning nine ladies dancing and omit all references to them from their reports.

Day Ten. Ten Lords-a-Leaping. The same day that the phrase “ten lords-a-leaping” is correlated with the previous NSA intercepts, ten members of the British House of Lords are killed in Baghdad by a suicide bomber. They were on their way to observe the British pullout in Basra under the protection of a Blackwater PSD team. Blackwater claims that it was not allowed to fire upon a rapidly approaching white Toyota containing the explosives because the vehicle did not fit the suicide bomber profile as outlined by the State Department’s acting head of Diplomatic Security.  At a well-attended press conference the Iraqi Minister of Interior charges that Blackwater was negligent and should have known to fire upon the occupants of the suicide vehicle. He holds up a twisted, charred bumper that he claims was from the VBIED.  Plastered to it is the damning yellow bumper sticker: How’s My Driving? Call 1-800-Al-QAEDA.  International headlines claim Blackwater is responsible for the British Lord’s deaths because its operators should’ve correctly identified the VBIED.  Congressman Waxman vows to hold Blackwater accountable for its unforgivable lack of aggression.

Meanwhile at the black site, sleep deprivation is proving to be ineffective and a cable is sent to Headquarters requesting permission to waterboard the detainee.

Day Eleven. Eleven Pipers Piping. Outsourced analysts at the CIA and Department of Energy are convinced that the latest NSA intercept, “eleven pipers piping” is a thinly veiled reference to aluminum tubes.  Aluminum tubes could really only be used in a centrifuge enrichment program to develop atomic weapons, they explain.  Under pressure from the Vice President’s office, it’s determined that the earlier information from the CIA’s detainee program about seven swamis was misinterpreted.  It’s now thought the seven swamis were an indirect reference to seven Pakistani nuclear scientists working with Iranians on nuclear weapons.

The black site interrogators receive permission to waterboard the detainee. Before the procedure begins, the lead interrogator collapses from the stress that he will end up in front of Congressional committees and in court for his actions. The detainee is horrified at the sight of his interrogator crying in a fetal position.  He's is convinced something so horrific is about to happen to him, he breaks before they can position the Saran wrap over his mouth to protect him from drowning.  The detainee explains that al Qaeda is now working with Iran to help them with their nuclear weapons development program.  He confirms every suspicion of his interrogators. The black site cables Langley with confirmation that the seven swamis swimming was actually seven Pakistani nuclear scientists assisting Iranian WMD development.

Day Twelve. Twelve Drummers Drumming. On the twelfth day of Christmas, the world wakes up to New York Times headlines, "U.S. Says Ahmadinejad Intensifies Quest for A-Bomb Parts.”  On the same day, twelve top administration officials appear on Sunday morning talk shows. 

On Meet the Press Cheney claims that Iran is "trying, through its illicit procurement network, to acquire the equipment he needs to be able to enrich uranium -- specifically, aluminum tubes."  Condi Rice appears on CNN's Late Edition With Wolf Blitzer and warns "we don't want the smoking yule log to be a mushroom cloud." Then she recites the evidence in the reverse order in which it was gathered: "Twelve drummers drumming, eleven pipers piping, ten lords a leaping, nine ladies dancing, eight maids a milking, seven swans a swimming, six geese a laying, five golden rings, four calling birds, three French hens, two turtle doves, and a partridge in a pear tree.” 

Blitzer pauses for a commercial break.

Meanwhile at the black site, the CIA contractors and interrogators are watching CNN via satellite and realize what they’ve just done. The contractors fire off a cable to their corporate headquarters, explaining what’s happened and their indirect role in the folly. 

But corporate is ecstatic. 

The employees at the black site and everyone even remotely associated with their chain of command in the firm all receive special Christmas bonuses (a reimbursable expense on their contract).  Their company stock in their 401(k)s quadruple due to increased business thanks to the war with Iran.

-----------

Happy Holidays, everyone!  RJH

Note:  I've surprised to see how quickly this is spreading across the internet.  I'm happy for people to post it elsewhere, but please give a link back and/or credit it something like: "by R J Hillhouse who writes the national security blog, The Spy Who Billed Me.  Her most recent book is Outsourced."  Thanks!

Just as Congress is attempting to get a clearer picture of the extent of outsourcing in the Intelligence Community, the Department of Defense is doing its part to keep this information from the light of public scrutiny.

The Undersecretary of Defense has granted waivers to the Defense Intelligence Agency (DIA), Counterintelligence Field Activity (CIFA) and the National Geospacial Agency (NGA) to withhold unclassified contracting data from a government website designed to give greater transparency to government spending.  The Undersecretary wrote,  "I appreciate your concerns that reporting these actions to the publicly accessible website could provide unacceptable risk of insight to your individual missions and budgets."  The database only includes unclassified actions on contracts.

As someone who actually mines these databases and other databases for useful information on intel contracting, I'm very familiar with the insights that can be gained to their "individual missions and budgets."  There are no insights into their missions here.

The data is coded in such general ways, one can only discern they are for intel services when they are coded as such.  There are no detailed descriptions, only vague, general categories.  And keep in mind this only captures unclassified contracts. 

DIA and NGA did contribute information to the database in prior fiscal years, although CIFA did not.  This, of course, raises the question of why is this suddenly a concern since it was not one in FY 05 and FY 06?   The only thing I know that has changed is perhaps the political environment.  Congress is finally waking up.  The New York Times is still asleep, but the Washington Post does clue in to intel outsourcing issues from time to time.  And, of course, there's The Spy Who Billed Me.

Since data is available from the last two fiscal years, I thought I'd poke around and see exactly what they would like to hide. 

I've pointed. 

I've clicked. 

I've searched. 

But no secrets. 

No missions were reverse engineered.  No secret budgets uncovered. 

So what makes them so uncomfortable?

For example, according to the database in FY 06 the DIA's largest contract was with BearingPoint for "Professional, admin, and management support services."  Check out the entry and see if you can figure out how Osama could possibly use that one against us.  That's about all that can be gleaned, save for the fact that the $49 million contract was non-bid, follow-on contract--a sole source contract.  Perhaps this is what the agencies meant by "unacceptable risk of insight to your individual...budget."  It could lead the public to question why a contract for $49 million of "Professional, admin, and management support services" did not need to go through a competitive procurement process.

Federal Acquisitions Regulations (FAR) Part 6.302 do allow for such sole source contracting, but under tightly prescribed circumstances.  In theory, sole source follow on contracts are supposed to be let only when there truly is only one source for the service, i.e., like to Boeing for providing spare parts for Boeing-manufactured aircraft.  It’s hard to see how you could sole source a follow on contract for "Professional, admin, and management support services” unless there were specific individuals or groups of individuals with unique skills or knowledge employed by certain contractors.  An example of this in the intelligence business might be several case officers handling active, sensitive cases where you can’t afford to lose the services of the case officer due to contract action.  It is highly unlikely that this is the case with BearingPoint and the DIA.

The next largest unclassified DIA contract in FY 06 was for $19 million with BAE Systems.  It's also tagged as a non-competed because  follow-on contract.    The pattern continues with subsequently smaller multi-million dollar contracts.

It seems that fair and open completions for multi-million dollar intelligence contracts are rare in the DIA.

The data becomes much more interesting when examined in aggregate.  Here we learn that only 22% of the $537 million of unclassified DIA contracts were subject to "full and open competition." 30.6% of their unclassified contracts had only one bidder (as in other companies knew it would be a waste of time to respond since there was a clear choice for a provider.)

In FY 06, the top 10 DIA contractors were more or less the usual suspects:

Unclassified contracting at the DIA grew 19% FY05 to FY06.

The situation at the NGA is similar, although their $6 billion of contracting dwarfs the DIA.

CIFA, whose workforce is over 70% contractors, did not provide data.  Wonder why?

NSA veterans of the 1970s will recall the “embarrassing personal question”  (EPQs)—an NSA polygraph technique in which questions that were assumed to be thoroughly disgusting to the subject (such as “have you had sex with an animal since your last polygraph”) were posed unexpectedly in order to elicit an involuntary non-baseline response.  EPQs were always something extreme in order to get a strong physical reaction from the guy strapped to the box.  The CIA never went this low-brow and the NSA eventually stopped doing it.  However, it seems time to start bringing up a version of this back into play in the Intel Community.  It's time to start asking ECQs:  Embarrassing Contractor Questions.  Clearly, it's the ECQs that the DoD is hiding from.

Again, I challenge anyone to show me how this data could help the enemy.  It can't.  Unless, of course, in this case the enemy is the American taxpayer.

Congress is finally beginning to take the issue of outsourcing in the Intelligence Community seriously.   The joint Senate-House Conference Report on the Intelligence Authorization Act for FY 08 addresses several contractor issues, but it's only a start, a start that includes a comprehensive report on Intelligence Community contractors. (The conference report was adopted by the House on 12/13 and is expected to soon be approved by the Senate.)

By limiting the number of positions within the Intelligence Community while adding funds for services, Congress set the stage for the wide scale outsourcing we see today, with some 70% of the de facto workforce of the CIA's National Clandestine Service made up of contractors.  After years of contributing to the increasing reliance upon contractors, Congress is now providing a framework for the conversion of contractors into federal government employees--more or less.

The Director of National Intelligence has been granted the authority to increase the number of positions (FTEs) on elements in the Intelligence Community by up to 10% should there be a determination that activities performed by a contractor should be done by a US government employee.  (This determination has to be approved by the DNI.) The larger issue of how to lure well compensated individual contractors away from private employers is predictably not addressed although they do seem to be aware that contractors pay much better.  (The average cost of a civilian federal employee is $126,500 in contrast with the $250,000 average cost of a core contractor--double or nothin'.  Average wages of a contractor vs. an employee are unknown, except anecdotally.)

The Office of the Director of National Intelligence itself is limited to a 5% increase in government positions under the conversion program.  The ODNI has been highly criticized for its large staff and this is almost assuredly meant as a shot across the bow.  However, it's a poorly aimed one, giving that the ODNI, led by the former Chairman of the Intelligence Industry's trade group, is the Intelligence Community's biggest proponent of contracting.  The ODNI is unlikely to push against a 5% ceiling, let alone a higher one.

More significantly, Congress is requiring the DNI to produce a detailed report by March 31, 2008 on the Intelligence Community's reliance upon contractors.  This is similar to the human capital inventory that the DNI suddenly classified last April in order to hide the damning numbers.  I strongly suspect that the Congressional query probes deeper than the censored study did, as Congress is requiring the DNI to address a wide scope of issues, including:

• different standards for government employees and contractors;
• contractors providing similar services to government workers;
• analysis of costs of contractors vs. employees;
• an assessment of the appropriateness of outsourced activities;
• an estimate of the number of contracts and contractors;
• comparison of compensation for contractors and government employees,
• attrition analysis of government employees;
• descriptions of positions to be converted back to the employee model;
• an evaluation of accountability mechanisms;
• an evaluation of procedures for "conducting oversight of contractors to ensure
  identification and prosecution of criminal violations, financial waste, fraud, or other abuses committed by contractors
  or contract personnel;" and
• an "identification of best practices of accountability mechanisms within service contracts."

In order to truly understand the extent of contracting in the Intelligence Community, Congress missed the obvious:  disclosure of which company is contracted to produce the study, including a list of firms of all green badgers who work on the project.

In wake of the highly politicized Blackwater shooting as the House scurried to shove through legislation extending US criminal law to contractors in Iraq and other combat zones,  it seems that someone realized last minute that the legislation threatened CIA activities in Iraq.  (See "The Achilles' Heel of US War Efforts in Iraq.") 

The New York Times slipped this pregnant comment into its larger story about the legislation:

Before the bill was passed, Democrats agreed to add language specifying that it was not intended to hamper intelligence efforts.

This is probably as close as we'll ever get to an admission that CIA contractors are involved in activities in Iraq that would be in violation of US criminal law. 

Now it's the CIA's job to do whatever is necessary to accomplish its mission as long as it doesn't violate US laws.  This can involve activities outside US territory that may be criminal under US law and may be criminal under local foreign laws.  As distasteful as that might be to many, it really has to be this way for an espionage organization to function and such covert work really can preempt larger, more distasteful consequences. 

The interesting twist now is because of its heavy reliance on contractors, corporations and corporate employees are involved in those criminal activities--or so the House is implying.

So what types of activities are contractors involved in in Iraq and Afghanistan that could be considered criminal if brought under US criminal law?  Paramilitary operations-- covert actions that involve contract soldiers in offensive combat--are the first things that comes to mind.  Then, of course, there would be issues of illegal detainment of civilians as well as the problems with the use of "special interrogation methods" by individuals directly contracted to the Agency (as in non-industrial green badgers.)

It does raise the question:   Has intelligence outsourcing gone too far when we start to outsource activities that would be criminal under US law?   

Did anyone in Congress ask what the hell corporations are doing on the US Government's behalf if intelligence contractors need to be exempt from US criminal laws in war zones?  The House apparently didn't stop to question this, but the Senate still has a chance.

Perhaps unknowingly, the Iraqi Ministry of Interior has found the Achilles’ heel of the American war effort in Iraq as it has sought to ban Blackwater USA, sentiments now echoed by Iraqi Prime Minister al-Maliki.  The implications of the September 16th Blackwater shooting reach far beyond the fate of a single contractor:  Taken to an extreme, they could be used to shut down the US war machine, including intelligence gathering and covert operations.  Because the US has become so dependent upon contractors for its national security, allowing a foreign government voice in which firms may operate on its behalf could bring vital security functions to a standstill.

In Iraq, Blackwater is contracted with the State Department to provide Protective Security Details and Tactical Support Teams, the latter quick reaction forces of highly trained and heavily armed operators who respond to emergencies.  The company also provides similar services to the CIA.  Blackwater has been one of the most visible of the new breed of security and intelligence contractors who perform services that were formerly the exclusive domain of government.   In fact, many of these functions have been so heavily outsourced that the government no longer possesses the knowledge or capability to provide them without its contractors.

As readers of The Spy Who Billed Me already know, over the past decade, there has been a quiet revolution in how America fights both her covert and not-so-covert wars:  war has been outsourced.  Whereas the Pentagon has contracted out peripheral services, such as base and convoy security, US intelligence services have handed over critical functions to the private sector.  Over half of the workforce of the CIA’s National Clandestine Service (NCS) is made up of industrial contractors, or “green badgers” as they are known in Agency parlance, and intelligence professionals tell me this figure has now most likely surpassed 70%.   

The role of CIA employees has been largely reduced to contract managers and support administrators, supervising and supporting corporate program managers, who in turn oversee staff from other firms.  Virtually entire branches of the NCS have been privatized.  Government employees sign off on services, but their ability to provide adequate command and control of the companies doing the CIA’s business is highly questionable--in at least one case, the ratio of government employees to contracted staff exceeds 1:25.  More significantly, contracting officers are trained as bureaucrats—paper pushers—who are not qualified to do the jobs they supervise and who rarely understand the work they are charged with overseeing.  And that corporate espionage work is critical:  running watch centers, fielding case officers, handling agents and conducting covert operations.

In response to my recent essay in the Washington Post, the Associate Director of National Intelligence Ronald Sanders admitted that the Intelligence Community could not accomplish its missions without contractors.   The same is true of the CIA’s Baghdad station:  it could not function without contractors.  Around half of the Agency’s workforce in Iraq is employed by or contracted through private corporations which are integral to the covert side of the war.  As I've written about in fiction in OUTSOURCED, privatization has indeed reached deeply into the Agency’s paramilitary arm, the Special Activities Division (SAD), particularly its Ground Branch.   

CIA paramilitary operations in Iraq and elsewhere are dependent upon private business whose employees do the heavy lifting.  Allowing a foreign government to ban specific contractors could hamstring CIA efforts in Iraq and elsewhere, leaving it dependent upon its own blue badger staff, an army of young administrators with sharp pencils and little operational experience.

Because of the contracting structure, the Intelligence Community is particularly vulnerable to disruption if key prime contractors were banned.  For example, the Office of the Director of National Intelligence utilizes a system through which it has pre-selected prime contractors for its management, professional, engineering and technical service needs:  Booz Allen Hamilton, Lockheed Martin, Northrop Grumman, SAIC and Scitor.  Each of these primes has a group of unique subcontractors ranging in number from five to over two dozen.  For example, SAIC offers such subcontractors as BearingPoint, SI International and The Analytic Group.   A variation of this system is used throughout the Intelligence Community, although the National Clandestine Service has allowed a somewhat greater degree of flexibility.  In any case, barring a prime contractor from a country would stop not only their services to the government, but also those of its subcontractors.

When the Iraqi government recently halted Blackwater operations, the movement of most CIA staff was restricted to the International Zone, impairing their missions.  Selective prohibition of other contractors could have more damaging consequences.   

As US diplomats in Iraq and US politicians in Congress begin to sort out the politics of the Blackwater shooting, it is imperative that they recognize the potential consequences of allowing such a precedent that a host government may approve or reject a specific contractor that is providing services under US government auspices.  And sometime after the dust of the shooting has settled, we might begin asking questions about how dependent we want to be on corporations for essential national security functions and how we want to ensure that the US government actually fulfills its responsibility to provide accountability and oversight in these key areas.  Blackwater USA and outsourced security services are at the periphery of national security outsourcing.  What we really need to be concerned about are core national security functions, where large corporations dominate and the government is losing control.

The 9/11 anniversary seems like a good time to thank the intelligence professionals--blue and green--who've helped prevent another 9/11.   (And you guys are the largest readership of this blog, FYI.)  I know that your successes usually go unrecognized and the media is quick to point fingers at your failures and presumed failures, but seeing the German bomb plot unfold last week was a good reminder that it's the dedication of so many professionals who are able to make the intelligence system work--despite its many flaws. 

An Exceptional Performance Award should go to whomever convinced al-Qaeda that 1500 lbs of peroxide were a swell idea for a bomb.  Same goes for whoever got bin Laden talking about global warming, among other diversions, and not the old nonstop rantings about attacking America. 

(I'm the last person to believe my own conspiracy theories, but those two events from last week are sure making it appear that OUTSOURCED's plot might cut even close to the bone than I realized.)

***

And congratulations to longtime reader Alice Marshall of Presto Vivace, who is a publicist specializing on technology firms and national security contractors.  In an informal survey of editors in the government trade press, she was cited for excellence and one editor called her the best he had worked with. 

In a letter to the editor of the Washington Post last Friday, the Director of the Defense Intelligence Agency (DIA), Lt. Gen. Michael Maples responded to the WaPo story that the DIA was outsourcing a record $1 billion.

Gen. Maples writes:

The proposal is a consolidation of more than 30 existing contracts into a single contract vehicle that can be more effectively managed. Hence, this posting is not a "record" in outsourcing intelligence activities; rather, it is a better way of aggregating existing requirements.

Now it's a clever defense that the contract is not record-setting since these services are already outsourced--we're not doing anything eye-popping--we did that a long time ago; it's just that no one was looking.  Given the Beltway love of word parsing, it is also worth noting that no where does the general claim that that $ 1 billion of current contracts are being canceled or replaced.  We have no idea as to the size of the 30 existing contracts that will be folded into the new contract vehicle.

One real question it raised for me was in the statement, "DIA contractors currently represent about 35 percent of our workforce."  It's a tough one to reconcile with an unclassified presentation at a conference in May by the Office of the General Counsel of the DIA included this enlightening slide:

Now can anyone help me understand this?  If it's true that contractors make up only 35% of the workforce of the DIA, why are they 51% of the personnel in DIA office space?  Is the DIA that generous with its office space?  Or are we perhaps looking at yet another case of numbers parsing to minimize the real issue?

Call me naive, but I'm guessing the DIA *loves* to share its office space with green badgers, wanting them to feel comfortable in big, roomy offices where they can exercise their "fiduciary duty to their employer only," while applying their "profit motive" to do the DIA's work to "diverse and different standards".... 

Now I'm guessing the same thing is going on at Headquarters where those blue badger government employees with their "taxpayer funded salaries" are probably doing everything they can to provide comfortable, generous office space to their green badger workforce.  Perhaps yet another way for the blue badgers to fulfil their "fiduciary obligation to serve the public good" through their "universal and strict conduct standards" might be requiring all blue badgers to use public transportation so that the green badgers don't have to deal with the hassle of the current parking crunch at Langley.  We can't forget, green badgers are part of the public those blue badgers serve.  At the very least, the blue badgers could move to the back of the parking shuttle and let the green badgers sit in the front.  After all, as the General Counsel of the DIA points out, "contractor can reassign employees from one contract to another at whim," so it makes sense to give green badgers unobstructed access to the nearest exists...

Perhaps DIA leadership should have consulted its own General Counsel before contracting out $1 billion of intel services with the goals of adding "greater flexibility to realign government resources, improve oversight and be more responsive, with potential savings in cost and manpower."  This slide suggests that the Office of the General Counsel might not be in agreement.

It could very well be that outsourcing some DIA intel services could be a good thing, but before doing so, many issues need to be resolved.  Given the difference between government employees and contract employees as viewed by the Office of the General Counsel of the DIA itself, the real question the press, Congress and the public should  be posing to Generals Maples and Clapper and others at the Pentagon is: 

• Why do they intend to increase their number of contract employees when they recognize such inherent problems with the employment model? 
• Can the DIA afford $1 billion of staff who are paid a "private business salary" when it's own government staff receive "taxpayer funded salaries"? 
• Can the DIA really afford $1 billion of staff who do not have a fiduciary duty to the DIA, but to another entity? 
• Can the DIA afford $1 billion of staff who have "diverse and different standards?"  Can the DIA afford $1 billion of staff who contractors can "reassign from one contract to another at a whim"? 
• And can the DIA afford the coming green badger morale crisis when those current contract employees who occupy 51% of DIA office space get squeezed to wedge in the new $1 billion of green badger staff?  Could it be they're counting on their blue badgers to feel the squeeze, do their "fiduciary obligation to serve the public good" and suck it in even more.

Happy Labor Day.