Senator Feinstein on the CIA Accountability Review Board
To the long-running story of the CIA-SSCI dispute--and to its most recent chapter, regarding the conclusions of a CIA Accountability Review Board---we can add today's statement by Senator Dianne Feinstein.
It reads as follows:
Washington—Senate Intelligence Committee Vice Chairman Dianne Feinstein (D-Calif.) today
Published by The Lawfare Institute
in Cooperation With
To the long-running story of the CIA-SSCI dispute--and to its most recent chapter, regarding the conclusions of a CIA Accountability Review Board---we can add today's statement by Senator Dianne Feinstein.
It reads as follows:
Washington—Senate Intelligence Committee Vice Chairman Dianne Feinstein (D-Calif.) today released a list of 15 factual errors and omissions in the December 14 CIA Accountability Board report on CIA’s unauthorized access to committee computers. “The report released by the CIA Accountability Board, which recommended no accountability for wrongdoing by CIA personnel, contains many mistakes and omissions,” Feinstein said. “The bottom line is that the CIA accessed a Senate Intelligence Committee computer network without authorization, in clear violation of a signed agreement between the committee and former Director Leon Panetta. That access, and the subsequent review of committee staff emails, breaches the constitutional separation of powers between Congress and the executive branch. This is a serious matter and has been acknowledged by the CIA inspector general and the CIA Accountability Board. Regardless of the extent of the violation or intent of those involved, someone should be held accountable. Today I am releasing a list of 15 ways the CIA Accountability Board’s report is inaccurate or incomplete in the hope that errors in the report and the public record can be corrected.” Key errors and omissions in the CIA Accountability Board report 1. The CIA Accountability Board claims there was no “common understanding" between the Committee and the CIA regarding the CIA’s access to the SSCI computer network or how to address potential security concerns. This is false. FACT: The CIA and the Committee exchanged formal, signed letters in 2009 establishing limits on the CIA’s access to the SSCI computer network and how to address potential security concerns. The January 2014 CIA search was the third unauthorized intrusion we know of into the Committee’s network despite a clear understanding that CIA intrusions werenot to occur per our signed written agreements.2. The CIA Accountability Board states that “May 2010 transactions in which the Agency unilaterally removed” documents from the SSCI network shows that the CIA had the authority to violate the SSCI network. This is an absurd argument. FACT: The CIA removed documents from the SSCI’s database in February and May 2010. It was not a one-time violation, as the CIA Accountability Board claims. Details of these incidents are described in the CIA IG report and have been publicly available since the March 2014 floor speech by Senator Feinstein. After these 2010 incidents, the White House Counsel (Bob Bauer) and the CIA made a commitment to Chairman Feinstein that there would be no further unauthorized access to the SSCI network or removal of CIA documents from the Committee system. Moreover, the Accountability Board cites internal CIA emails (see pp. 17-18) demonstrating that the CIA understood that a search of SSCI computers was in fact prohibited. 3. The CIA Accountability Board claims the CIA’s “transgression” in reconstructing and reading SSCI staffers’ emails “was limited—five e-mails total, none more than fifteen words—and innocuous.”This is false; the CIA search of Committee emails was not limited. FACT: The IG concluded, and the CIA Accountability Board does not dispute, that the CIA conducted a keyword search of all SSCI staff emails, which is not a limited review of emails.
- A June 2, 2009, letter from Chairman Feinstein and Vice Chairman Bond to CIA Director Panetta stated that the committee would be provided a “stand-alone computer system” that “will besegregated from CIA networks to allow access only to Committee staff and Members” and that “the only CIA employees or contractors with access to this computer system will be CIA information technology personnel who will not be permitted to copy or otherwise share information from the system with other personnel, except as otherwise authorized by the Committee.”
- CIA Director Leon Panetta's June 4, 2009, letter in response to Chairman Feinstein and Vice Chairman Bond agreed that “CIA access to the walled-off network share-drive will be limited to CIA information technology staff, except as otherwise authorized by the Committee or its staff.” The letter added that “any remaining security or logistical concerns or other issues can be resolved through our respective staffs.”
- These agreements at the start of our Study were intended to clearly limit CIA access to the SSCI computer network.
- In addition, the common practice from 2009 to 2014 was that CIA personnel would only gain access to the SSCI network at the request of, and when permission was granted from, SSCI staff. The sole exception to this—the CIA’s removal of documents from SSCI’s access in February and May 2010—raised strong objections from the Committee, followed by apologies and remediation from the CIA and the White House (including a meeting in May 2010 with Bob Bauer, former White House Counsel who served on this CIA Accountability Board).
- The fact that the CIA searched and then reviewed internal SSCI emails represents a major violation of separation of powers. The nature and length of the emails is irrelevant.
4. The CIA Accountability Board claims that none of the CIA individuals “under review provided inaccurate information leading to the filing of a crimes report against SSCI staff with the DOJ,” butthe Board failed to find out what inaccurate information was provided to DOJ by other CIA personnel. FACT: The CIA IG found the CIA criminal referral against SSCI staff was based on inaccurate information provided to Acting General Counsel Bob Eatinger by personnel in CIA’s Office of Security. The actions of these individuals were ignored by the CIA Accountability Board, which is shocking and unacceptable.
- The CIA Accountability Board also ignored that, even before the email search, the CIA breached the SSCI’s computer network two or more times in January 2014 in an attempt to locate the Panetta Review and determine whether it was printed. The motivation for these three separate searches is irrelevant; each one was a violation of the agreement between the CIA and the SSCI, as the CIA Inspector General has found.
- The CIA Accountability Board does NOT dispute the finding by the CIA IG that the crimes report to DOJ making allegations against SSCI staff was based on false information. The Accountability Board merely states that the inaccurate information was not provided by the five CIA employees the Accountability Board reviewed for accountability.
5. The CIA Accountability Board asserts that “the violation of SSCI work product that occurred resulted from communications failures, was not ordered by the individuals under review, and happened in spite of their proactive efforts.” However, the Board failed to find out which other CIA personnel did order the review of SSCI internal documents and communications. FACT: The CIA Accountability Board acknowledges that the CIA reviewed SSCI work product in violation of agreements, but the Accountability Board does NOT make any finding of who didorder “the violation of SSCI work product,” and instead limited itself to a review of the actions of five individuals. Keeping the scope of the Accountability Board so narrow is unacceptable. 6. The CIA Accountability Board claims that the date range for “responsive” CIA documents for the Committee was “11 September 2001 to 22 January 2009” and notes that the Panetta Review documents post-date 2009. There was no established date range for the Committee’s investigation. FACT: The Committee never limited its inquiry by date and did not agree to any date restrictions. In fact, the Committee Study—including the now-public executive summary—relies on CIA-provided documents dated prior to September 11, 2001, as well as documents dated after January 2009. For example, a major part of the Study focuses on the May 2011 Osama bin Laden operation. The Panetta Review documents were dated 2010. 7. The CIA Accountability Board refers to incidents that it claims were security violations by SSCI staff. It describes actions—including the possession of a camera at a CIA facility—that took place from December 2009 to December 2010 and attributes them to an “SSCI staffer” who was removed from the Committee. This is false. FACT: The individual in question was an employee of the Office of the Director of National Intelligence (ODNI) who was detailed by the ODNI to the SSCI for the document review. Senator Bayh personally committed to correct this error in the CIA Accountability Board report before it was made public, but failed to do so. 8. The CIA Accountability Board claims that, in one instance, an SSCI staff member somehow attempted to bypass CIA restrictions on printing. There were NO restrictions on what SSCI staff were allowed to print. FACT: There were never any restrictions to prevent SSCI staff from printing CIA documents. Any restriction on printing imposed would have violated the Committee's agreement with the CIA. If any CIA limitations on printing were put in place in error, those restrictions were removed when brought to the attention of CIA personnel. Any attempt to discredit a Senate staffer for printing a document to read it for oversight purposes is ridiculous. 9. The CIA Accountability Board cites a specific CIA attorney as stating that “a draft SSCI report contained language remarkably similar to portions of the ‘Panetta Review.’” This is factually incorrect. FACT: The Committee Study was in no way based on or used language from the “Panetta Review.” Director Brennan made the same inaccurate claim in his meeting with Chairman Feinstein and Vice Chairman Chambliss on January 15, 2014. When SSCI staff asked the CIA to provide information on what language was similar between the two documents, the CIA was unable to do so. In fact, the only similarities are that the CIA’s Panetta Review reached similar conclusions on the CIA Detention and Interrogation Program as the Committee. 10. The CIA Accountability Board refers to the Committee’s access to the Panetta Review as a “probable security breach” and frames a CIA attorney’s actions as “reasonable” and intended to “verify that a security breach in fact existed.” There was no reason to suspect a security breach by the Committee. FACT: The CIA knew of more likely explanations for how the SSCI obtained the Panetta Review other than a “security breach.” In fact, the CIA Accountability Board twice notes how CIA officers highlighted internally that Committee investigators could have received the Panetta Review documents through the legitimate use of the Google search tool the CIA provided, but had misconfigured.
- In violation of a June 2013 CIA recommendation that its Accountability Boards should expand their scope, this CIA Board did not do so to uncover those at the CIA responsible for the inaccurate report to DOJ, nor did the Accountability Board review the systemic problems that again resulted in the CIA providing inaccurate information to DOJ.
- The June 4, 2009, letter from Director Panetta prohibited any unilateral search of SSCI computers and stated, “any remaining security or logistical concerns or other issues can be resolved through our respective staffs.” Yet the CIA failed to resolve, or even communicate about, this issue with the Committee staff or Members.
- Further, the CIA Accountability Board ignored the history and good faith between the Committee and the CIA under Directors Panetta and Petraeus. During their tenures as Directors, the CIA staff and Committee staff regularly communicated about sensitive, unrelated documents placed on the SSCI computer system. For example, the Committee staff alerted the CIA to sensitive documents on the system that the CIA likely did not intend to provide and that wereunrelated to the Detention and Interrogation Program. At no time did these past alerts from Committee staff of sensitive documents result in a “security concern,” rather, they were handled appropriately between SSCI and CIA personnel. Moreover, unlike the documents referenced above, the Panetta Review documents were directly related to the program under review by the Committee and were no more classified than other Study documents provided to the Committee.
11. The CIA Accountability Board found that there was a “misunderstanding” between Director Brennan and the CIA attorney on who ordered the searches of the SSCI computers and that Director Brennan did not understand what forensic techniques were necessary to answer his questions about how the documents were provided to the SSCI. At the same time, the Board found that the CIA attorney did not understand the CIA Director’s expectations that no intrusive methods should be employed to find out how the documents were provided to the SSCI and whether they were printed. FACT: The CIA Accountability Board acknowledges that senior staff reporting to Director Brennan had a full understanding of the first search of the SSCI’s computers in January 2014 and agreed to the second search of the Committee’s computers. Unfortunately, the Accountability Board did not expand its scope to review the actions of these individuals. 12. The CIA Accountability Board repeats the CIA claim that the Committee was “not entitled to access” the Panetta Review. There is no basis for this CIA claim. FACT: The Panetta Review documents were made available to the Committee, whether intentionally or not, and as Senator Feinstein stated in her March 2014 Floor statement, the Senate Legal Counsel has advised that Congress does not recognize such claims of “deliberative privilege” when it comes to documents provided to Congress for its oversight duties. The CIA Accountability Board does not acknowledge that many so-called “privileged” documents were provided to the Committee, as part of the Study, with similar information and markings as the Panetta Review. 13. The CIA Accountability Board asserts that the “combined team” of the counterintelligence contractor employee and the CIA Office of Security’s Cyber Blue Team “concluded that someone directly navigated the file path containing the unauthorized documents and copied them to another SSCI accessible location.” There is no basis provided for this CIA claim. FACT: The CIA Accountability Review Board presents no support for this claim. The CIA IG reviewed this allegation and concluded it was inaccurate. 14. The CIA Accountability Board quotes a senior CIA attorney stating that “throughout the SSCI review, SSCI staff knew the practical necessity of carrying out the document production required the non-IT professional CIA staff routinely access CIA-generated documents on the CIA system for the purpose of administering the document production.” Suggesting that unauthorized CIA searches were possible because authorized document administration was necessary is ridiculous. FACT: Access to the SSCI computers for the purposes of providing documents was an authorized purpose. The fact that the CIA had access to the SSCI computer network for purposes expressly authorized by the Committee does not support the CIA Accountability Board’s assertion that searches of the SSCI network were therefore “commonplace.” 15. The CIA Accountability Board suggests that the Committee should have been aware of CIA monitoring of the SSCI network and the CIA’s ability to access the network. The Accountability Board highlights the following documents: (1) a February 2011 CIA “DRG-RDI/SSCIRG Handbook for File Reviews,” (2) an August 2013 CIA “RDINet System Security Plan,” (3) a June 2011 CIA “Statement of Work,” and (4) an unsigned Memorandum of Understanding together “capture how the Agency managed the operation of RDINet.” The documents cited are internal CIA documents and the Committee did not agree to them nor is there any indication that the SSCI was ever provided or made aware of them. FACT: The CIA Accountability Board ignores the history in the establishment of the Committee’s “stand-alone” network and the CIA’s agreement that the Committee computers would not be accessed without Committee permission. While the Accountability Board states that there may have been a sign-on screen warning users of potential audit capabilities, Chairman Feinstein and Vice Chairman Bond entered into a signed agreement with CIA Director Panetta on how the CIA could access SSCI computers. The Committee and the CIA spent months negotiating these agreements that resulted in the acknowledgement that the CIA would not be able to electronically monitor the SSCI computers. No warning inserted into a computer system by CIA personnel, and indeed no SSCI staff, could alter the agreement made between the Committee and the CIA. To argue otherwise is ridiculous.
- Finally, the CIA Accountability Board did not address the fact that the CIA attorney who conducted the search of SSCI computers “before informing his superiors” was the same CIA attorney who presented the CIA’s June 2013 Response to the Committee Study. Because the June 2013 CIA response was in direct factual conflict with the Panetta Review documents, the CIA attorney had at minimum a potential conflict of interest for searching the SSCI computer network. Unfortunately, this was not examined by the Accountability Board.
Wells C. Bennett was Managing Editor of Lawfare and a Fellow in National Security Law at the Brookings Institution. Before coming to Brookings, he was an Associate at Arnold & Porter LLP.