Who Oversees the Overseers?

Democratic Senate staffers, not the CIA, were out of control in the “spying-on-Congress” scandal.

Many in Congress and the news media were surprised by a recent CIA Accountability Board report that cleared CIA personnel of wrongdoing in last year’s spying-on-Congress scandal, a finding that contradicted a July 2014 report by the CIA Inspector General. However, a close reading of both reports — which were released in unclassified form last month — indicates that the fault in this affair lies almost entirely with the Senate Intelligence Committee, whose staff appeared to have engaged in serious misconduct, including trying to smuggle a camera into a secure CIA facility, hacking into a CIA computer system, and stealing and misusing classified documents subject to attorney-client privilege.

The CIA found itself in hot water last March after Dianne Feinstein (D., Calif.), then-chairman of the Senate Intelligence Committee, alleged that the agency had illegally monitored and removed information from computers being used by committee staff members investigating the CIA’s enhanced-interrogation program, a program its critics claim included torture. This $50 million, six-year investigation had produced a controversial 6,000-page classified report in December 2012. A declassified version of the report’s 499-page executive summary, along with additional views by Democratic and Republican members, was released in December 2014. Copies of these documents can be found here.

In response to Feinstein’s charges, CIA officials claimed they had done nothing wrong and were trying to address possible misconduct by Senate staff members. As I explained in an NRO article last August, the computers in question were not Senate computers; they were CIA computers in a facility that the CIA made available to the committee staff for the enhanced-interrogation investigation.

The dispute was triggered by the use in the investigation of restricted CIA documents that the committee staff was not supposed to have, and the staff’s removal of the documents from the CIA facility in violation of an agreement between the committee and the agency.

Not only did Democratic committee staffers bring these documents to the committee’s offices without telling CIA officials, they also failed to provide copies to their Republican counterparts, a violation of the committee’s rule that any classified materials provided to the committee by the executive branch must be shared with both sides.

The documents in question, known as the Panetta Review, constitute a draft account of the enhanced-interrogation program that reportedly differs from the agency’s official account. After CIA officials realized the Democratic staff had these documents, the agency audited the staff computers and made a referral to the Justice Department. I wrote in my August NRO article that this was a mistake by CIA director John Brennan that unnecessarily infuriated Feinstein, who had been one of the agency’s strongest Democratic supporters. Brennan should have worked out this matter with Feinstein and should not have made criminal referrals against Senate staff members.

Feinstein’s denunciation of the CIA over the computer monitoring led to an uproar in Congress, including claims by Democratic members and some Republicans that the CIA was out of control — that it had violated the Fourth Amendment by conducting an illegal search and seizure, and had violated the separation of powers. Feinstein also asserted that the CIA was trying to interfere with the enhanced-interrogation investigation and intimidate the investigators.

Feinstein jumped on the findings of the classified report from the CIA Inspector General issued last July, which concluded that CIA personnel improperly accessed agency computers being used by the Senate staff, that they accessed e-mails written by committee staff members on the agency computer system, and that the referral of Senate staffers to the Justice Department was inappropriate. Brennan apologized to Feinstein in response to the IG report. A declassified version of this report was released last month.

Although Feinstein maintained that the IG report supported her charges about agency misconduct, it left many questions unanswered. For example, the report looked at the conduct of CIA personnel only and said “the activities of SSCI [Senate Select Committee on Intelligence] staff members were deliberately excluded from the investigation.” The IG report mentioned uncertainty about the ground rules on access to the CIA computers and allegations by CIA officials that the Intelligence Committee’s Democratic staff exploited a software vulnerability to bring CIA documents that they were not cleared to view across a computer-system firewall.

A second, more in-depth investigation by the CIA Accountability Board was begun in response to the IG report. This five-member board was headed by former Democratic Senator Evan Bayh. A declassified version of that report was also issued last month.

Although the AB rejected many of the IG’s findings and cleared the CIA employees in question of wrongdoing, I believe both reports suggest six major conclusions as to what really happened in the so-called spying-on-Congress scandal.

1. The CIA assumed responsibility for the security of the computers used in the investigation only after the Intelligence Committee refused to do so.

The AB found that the committee and the CIA had sparred over the ground rules on access to the CIA computers and were forced to rely on oral, ad hoc agreements because they could not reach a formal agreement. The committee demanded a stand-alone system that only committee and CIA IT personnel could access. The agency refused to agree to this. The committee also said it would own any documents provided to the investigation by the CIA, a demand the agency rejected.

Both the IG and the AB said the CIA was in charge of security for the computers. Both reports noted that the Senate staffers were reminded of this every time they logged on to these computers, because logging on required them to click an “OK” button acknowledging a banner warning that read:

This is a U.S. Government computer system and shall be used for authorized purposes only. All information on this system is the property of the U.S. Government and may not be accessed without prior authorization. Your use of this system may be monitored and you have no expectation of privacy. Violation of system security regulations and guidance may result in discipline by the Agency, and violators may be criminally prosecuted.

A memo by the agency’s general counsel released with the IG report revealed that the Intelligence Committee failed to take any steps to secure the computers, while also objecting to the CIA’s doing so. An exasperated general counsel wrote:

SSCI has never attempted any sort of security protocols or monitoring over the system. To my knowledge, no SSCI security officer has ever accessed the system or requested permission to do so. If SSCI is right in claiming that CIA lacks the authority to maintain security of the system and its compliance with Agency regulations and applicable law, then we have created a system in which no one has that responsibility. Even the Director lacks the authority to establish a system for maintaining extremely sensitive, classified documents and exempt it from all security monitoring and compliance.

2. The Senate Intelligence Committee knew about the CIA’s computer monitoring.

The AB found that the Intelligence Committee and its staff knew the agency had full access to the computers in question and was monitoring them. In fact, the AB report said committee staff members on several occasions asked the CIA’s IT staff to scan the committee’s side of the computer system to find documents they had lost track of.

The AB also cited an incident in 2010 in which the CIA removed 926 documents accidentally placed in a committee-staff database because they had not been screened for executive privilege. According to the board, this incident reflected an agency and White House view, known to the Intelligence Committee, that the Senate side of the CIA computer system “was non-inviolable.”

The CIA eventually returned most of these documents after the White House reviewed them for executive privilege, but it withheld several subject to the privilege. Feinstein objected at the time to the removal of the documents, and the White House acknowledged her concerns, said the documents should not have been removed without notice, and said no such removals would occur in the future. However, neither the CIA nor the White House agreed that the CIA could not monitor the computers for security or privilege reasons.

This incident is important because it demonstrates that despite Feinstein’s accusations that the CIA violated the Fourth Amendment and various laws, she and the committee staff had been aware of CIA monitoring of the computers and tolerated this since at least 2010. If Feinstein actually believed this arrangement was illegal, she should have ordered her staff years earlier to cease using these computers until formal access rules could be negotiated.

3. CIA computer monitoring uncovered misconduct by Intelligence Committee staff members.

According to the Accountability Board report, agency computer monitoring discovered in 2010 that a Senate staff member had brought a camera into a secure room in the CIA facility being used for the enhanced-interrogation investigation. There is blacked-out text in the report that appears to indicate that computer monitoring had detected another security violation by this individual in 2009. According to the report, this person was removed from the SSCI team after these incidents were reported to the CIA Counterintelligence Center’s Counterespionage Group.

The AB also reported that computer monitoring detected in 2010 that a committee staff member tried to bypass a computer-system restriction in order to print a sensitive document after the CIA refused to provide a printed copy. The CIA responded to this incident by reminding the staff to respect the security of sensitive documents.

4. An Intelligence Committee staff member hacked the CIA computer system.

The CIA’s strong reaction to the acquisition of the Panetta Review documents by the Senate staff was due to evidence indicating that in 2010 a committee staff member had exploited a software vulnerability “numerous times” to move 166 classified documents from the CIA side of a firewall to the Intelligence Committee’s side. This staff member later shared these documents with four other staffers.

On January 9, 2014, the CIA Office of Security began an investigation of the alleged hacking. Brennan issued a stand-down order to the investigators on January 14. (As I discuss below, some Office of Security officers did not get this order for several days and continued the investigation.) On January 15, Brennan briefed Feinstein on the alleged hack by the committee staff member and the agency’s investigation of this matter. Brennan invited the committee to conduct a joint forensic investigation of the hack, but it declined to participate.

5. Misuse and theft of classified, attorney-client-privilege documents.

As bad as the above alleged misconduct by the Senate staffers appears, I believe the theft and use of classified documents subject to attorney-client privilege is a far more serious matter.

Both the IG and the AB reports said the Panetta Review documents were privileged. According to the IG report and a December 2014 CIA response to a Freedom of Information Act request, each of these documents was stamped “Deliberative Process Privileged Document” at the top and had this language on the first page:

This document also contains material protected by the attorney-client and attorney work-product privileges. Furthermore, this document constitutes deliberative work product, protected by the deliberative-process privilege, and is not a final, conclusive, complete, or comprehensive analysis of DRG-RDI [CIA Director’s Review Group for Rendition, Detention, and Interrogation] or CIA.

I spoke about this with an experienced Washington attorney who told me that when, during a lawsuit or investigation, a lawyer comes across a document that belongs to the other side and is marked “Deliberative Process Privileged Document” or “protected by the attorney-client and attorney work-product privileges,” he or she cannot use the document and is ethically bound to immediately return it to the other side.

In this case, the Intelligence Committee’s Democratic staff members did not inform the CIA when they acquired these documents in 2010, removed them from a CIA facility in violation of the committee’s agreement with the agency — an action that Republican members of the committee claim amounts to theft — and used the documents as part of their investigation.

By contrast, the committee’s Republican members, who did not learn about the Panetta Review documents until January 2014, said in their “additional views” appendix to the enhanced-interrogation report that at no time had a Republican member of the committee or staff member handled these documents or reviewed their contents because of the CIA’s repeated assertions of privilege.

The Democratic staff member who headed the enhanced-interrogation investigation in 2010 was Alissa Starzak, an attorney. She was named last summer to be the next general counsel of the U.S. Army but did not receive a confirmation vote before the end of the last Congress. Some Republican senators have called for Starzak’s nomination to be defeated or pulled because of her involvement in the use and theft of the Panetta Review documents.

I believe this is a scandal that goes beyond Starzak, because the Intelligence Committee’s Democratic members are experienced legislators who obviously understand what attorney-client privilege and deliberative work process mean. What did these Democratic senators know about CIA documents used in the enhanced-interrogation investigation that were covered by attorney-client privilege, and when did they know it?

6. The CIA made mistakes but did not try to interfere with the investigation.

Two of the most damning accusations made against the CIA in this affair are that CIA officers read the e-mails of Senate Intelligence Committee staffers and that the CIA tried to interfere with the committee’s investigation.

Both the reports found that CIA Security’s access to the committee staff’s classified e-mails occurred because it took several days for some CIA Security personnel to be told about the stand-down order by Brennan. The Accountability Board faulted the CIA over this but said it occurred through a communications mix-up and was limited to five e-mails that were not related to the substance of the committee’s investigation.

Neither the IG nor the AB concluded that CIA officials were trying to interfere with the committee’s investigation. The board report noted that CIA management tried to limit its investigation to how the committee staffers accessed the Panetta Review documents and tried to avoid conducting a “fishing expedition” in the committee’s files.

Although the IG faulted CIA personnel for improperly accessing the Democratic staff’s shared drive on the computer network, the AB disagreed, noting that this was an extraordinary situation with no easy answers, because of the CIA’s interest in ensuring the security of a computer system containing a substantial amount of sensitive material, while also trying to safeguard the prerogatives of the Senate.

Conclusion

The lack of clear ground rules on security and access to the CIA computers virtually ensured blowback for the agency. But the controversy was not caused by these uncertainties. It resulted from blatant disregard of established security regulations and ethical practices by the Senate Intelligence Committee’s Democratic staff members. The controversy was made worse when, instead of holding the committee staff accountable, Senator Feinstein leveled false charges against the CIA.

Feinstein’s assertion that the CIA spied on Congress in violation of the Fourth Amendment was especially damaging to the public’s confidence in the CIA and the U.S. intelligence community at large in the aftermath of the Snowden leaks. I believe this irresponsible charge — which Feinstein knew was false — is a stain on her career as a public servant.

The enhanced-interrogation report hurt congressional oversight of intelligence because the report was partisan, was poorly written, and failed to include interviews. However, I believe the bogus CIA-spying-on-Congress scandal will cause more serious and long-lasting damage because of what this affair says about the ethics, trustworthiness, and honesty of the congressional overseers of intelligence.

If the intelligence committees will not police themselves and hold their members and staffs to high ethical standards, intelligence oversight will suffer because intelligence agencies and personnel will scale back their cooperation. Such a situation could damage U.S. national security by distracting intelligence agencies from their mission and further demoralizing intelligence officers.

The lesson from this story is clear. Congress needs to find a way to oversee its intelligence overseers.

Fred Fleitz

Please Share: