Tag Archives: domestic intelligence

Anatomy of a (sub)standard Intelligence Product

Last time I wrote about how we still don’t do a good job of classifying terrorist actions.  As an example of that I used this alleged intelligence product and what I’d like to do today is run through why I think it’s not up to snuff.

First things first. What’s with that color? I am all about encouraging analysts to experiment with their products to make them more relevant and make sure they ‘stick’ with their audience more but I’m not sure about this color choice.  It’s very non-traditional. (Update:  I’ve just looked at a downloaded copy and it’s a much cleaner and more traditional light blue. I would just delete this but here’s a good example of one of the pitfalls of critiquing something on the web…nertz to me!)

So non-traditional in fact that it reminded me of a scene in Yes, Prime Minister.  You can see the whole episode at the end of this post but here’s the money quote:

All I can say is, if that’s what you’re going to say, I suggest a very modern suit, hi-tech furniture, high-energy yellow wallpaper, abstract paintings. In fact, everything to disguise the absence of anything new in the actual speech.

You can download the presentation here:

Terrorism Powerpoint Presentation

Ok, so this is a joint FBI/Pennsylvania State Police product.  It’s unclear who the audience is but it is worthwhile to note that there are no classification markings on the document. By default that would make this ‘unclassified’ but I find that hard to believe.  This could be another (along with the weird color) be an indicator that this is a fraudulent document.  But, it could also be that this was an internal document or a draft and in those cases we could just be seeing a bit of sloppy work.

We open with a definition of ‘Domestic Terrorism’.  I’d like to see a citation for that but perhaps that’s given in the talk that (I hope) would go along with the slide.  It appears to be from the U.S. criminal code and given the probable audience (law enforcement officials) here let’s not deduct anything.

Then they use a definition of Eco-Terrorism from the Anti-Defamation League.  I’m less enamored with this slide.  Is there no official definition of this term?  If not, why not?  Does this mean that the ADL is official government policy? I’m usually a big proponent of reaching out to outside experts but if you’re going to flip back and forth between official and unofficial terms, definitions, assertions and opinions you should make it clear which is which and I’m not sure a parenthetical note here makes the grade.  Again, this might be something discussed in the talk but I’m going to make a deduction here.  Also, they fact that they changed the font to underscore a point but picked a color that actually makes it blend into the background isn’t particularly good.

I’ll also recommend you note the quote they highlight.  ‘Eco-terrorists’ are defined as the ‘most active’.  What I believe the authors are trying to do with that quote is use ‘most active’ as a synonym for ‘most dangerous’.  That’s not particularly clear, however.  They time frame they use is long (two decades…that’s an entire generation) and it’s not clear when that damage occurred.  What if $99 million dollars of that damage and 90% of all incidents occurred prior to 1996? What if they occurred after 2012?  I suspect you’d get two very different responses to just how threatening and active ‘Eco-Terrorists’ are.

Now…this is interesting.

The title of slides 2-4 go:

  • Domestic terrorism defined
  • Eco-terrorism
  • Environmental Extremists

This is the narrative path they want you to go down. Graphically, it looks something like this:


That is known as the old switcheroo.  What it should look like is this.

slide2To explain that you probably want a slide order of:

  • Environmental Extremists
  • Domestic terrorism defined
  • Eco-terrorism

This may seem like a small thing but it really sets the stage for what may be a whole host of problems down the road.  If one of your foundational propositions is that all extremists are terrorists that’s a problem and will lead you down a road towards illegal and unconstitutional activities.

How do I know this isn’t just sloppy work and they meant slide two and not slide one?  Bullet two:

  • Nonhierarchical and autonomous with lone offenders and small cells posing the greatest threat of criminal activity. Ecoterror cells are extremely difficult to identify and infiltrate;

In the slide about ‘extremists’ they go right to talking about ‘Ecoterror cells’.  No distinction between the two is made.  That’s simply wrong.

It’s also interesting to note that they quote the ELF ‘credo’.  If you’re going to quote stuff to support your case you should also explain the stuff that undermines it.  Most eco-animal rights extremists renounce violence against people.  In fact, it’s usually a central tenet of their belief structure.  To ignore that in favor of cherry picking the stuff that makes them sound more dangerous is disingenuous.

On slide 5, note the criminal activity identified:

  • Criminal activity has ranged from graffiti and trespassing, to vandalism, sabotage and arson;

I won’t belabor this point because it’s settled now but in what bizarro world is graffiti, trespassing and vandalism rise to the level of a terrorism investigation?  Only if those things are combined with the threat of violence should it be.  Otherwise we’re talking about criminal activity that is easily handled by local law enforcement and handled quite well under the criminal justice system.

And on slide 6, in the last bullet we finally get to this:

  • Historically, activities have not intended to harm individuals.

That’s clearly a throwaway line.  After six slides about how dangerous they are and their targeting priorities we get a brief statement about how they did things…historically.  You know…like back in ye olden days.

Slide 8 gets a bit weird.  There’s no reason why this event should be here.  You see a statement that looks like it could have come from any activist organization.  It talks about online activism to achieve legal (and pretty mainstream) ends.

Slide 9…again.  The security camera hunting campaign is interesting.  While Earth First did carry it so did other groups.  It might be worthwhile to see  if there were any reports of security cameras being attacked.  It might be worthwhile to see if other campaigns like this have been announced and how successful they were.  But, if you’re cherry picking your facts you probably don’t want to ask (and definitely don’t want to answer) those questions.

The information from START is good….but it doesn’t really say what the author(s) want it to say.  Here’s the paper that they quoted.  This slide is designed to say “Danger! Danger!” But let’s look at what the data shows…

  • 239 attacks from 1995-2010 (15 years or roughly 16 attacks per year worldwide)
  • 66% occurred in the West (roughly 11 per year)
  • 42% of those attacks that took place in the West “resulted in substantial or very substantial property damage and
    financial losses” (that’s a total of 66 attacks or 4 attacks per year in all Western nations)

I find I can’t really say much more about this because the slide does such a poor job of mangling the original research that we just need to bury this and move on.

(Protip:  If you’re going to quote someone else’s work it’s a good idea to quote it correctly and understand it.  Just sayin’)

Then we get a number of slides about civil disobedience actions.  Without the discussion notes we can only speculate about how these were described which I won’t do here.  At no point, however, is it made clear why this is anything more than a local law enforcement issue.  Ok, a bunch of people are protesting and trespassing.  Get the paddy wagon, boys, and lock ‘em up or move them along.

Slides 16-22 finally give us something of a threat.  Various incendiary and explosive devices along with a report of a shooting.  It is important to note that the presentation doesn’t link any one of these events to environmental extremists.  There are a whole lot of reasons why people might do these things without being affiliated with the environmental movement.  Disgruntled workers come to mind.  The way this information is presented, however, you are practically forced to come to the conclusion that the crazy environmental types are behind these.  They may but that’s not clear from the information provided.

It’s frustrating that I probably just spent more time reviewing this product that the author(s) spent constructing it but there you go.  Don’t let this happen to you.

Watch Yes Prime Minister 1.2 -The Ministerial Broadcast in Comedy | View More Free Videos Online at Veoh.com

Homeland Security hodge podge

Things remain unclear about the attack in Boston but some things of note can already be discerned.  Here’s my list so far…

Network news is terrible at covering unfolding events.  I don’t think it was always so, but maybe it was and I just didn’t it or my information needs were different.  In any case the 24 hour news channels were uniformly useless.  The normally quite good John Dickerson gives a pretty weak defense of the institution (While mistakes may have been made it’s really the fault of the viewers…or twitter…of Blitzer’s beard!)

The news channels weren’t about providing information and context.  They were about spreading rumor, speculation and regurgitating the few facts they did have.  This led to the second problem of the news organizations (not new but exacerbated by this story) which is that even though these channels have 24 hours to fill with programming they suffer from myopia.  Nothing important was going on elsewhere in the world during the entire week?  Really?  I find that hard to believe.

Social media was even worse.  Twitter was a disaster and Reddit users were on their way to forming virtual lynch mobs.  It would seem, not the greatest set of days for the idea of crowd-sourced intelligence.

But not so fast.  I suspect some of that was the messy nature of self organization.  There was very little attempt to give people ways to connect to the story in helpful (or, at least not harmful) ways.  That is what government can do although the agencies upon whom this responsibility would normally fall (law enforcement or homeland security) don’t really seem interested in communicating more than they absolutely have to with the public.

Aside from the occasional photo op, the customary speech laden with rhetoric about “our partners in the private sector, blah, blah, blah,” and of course the obligatory platitudes that we see in news releases and congressional testimony, the level of engagement with people outside the red brick walls of the DHS complex is anemic, if not nearly extinct.

Lesson Learned:  Shut off the news on the second repeat of ‘what we know’.  Tune back in at the end of the day.  Avoid social media (as it’s currently configured) unless you have some specific information needs you think you can fill through those sources.  Anything else is the virtual equivalent of rubber necking and will do nothing except waste your time and risk getting you caught up in the same useless feeding frenzy everyone else is in.

We’ve already heard calls for new changes to account for this incident.  We should charge this American citizen as an ‘enemy combatant’ and deny him his constitutionally protected rights.  This attack ‘proves’ that Putin is a guy we want on our side, after all.  And all those Muzlims!  Muzlims everywhere!

One incident is one datapoint.  That’s all.  Any assertions that this is part of some sort of trend is engaging in baseless speculation.  We have no idea if this event means nothing or is a harbinger of something significant.  I suspect the former but we have to wait and see.

Lesson Learned:  STFU until you know what you’re talking about (and even now, we don’t know much).  If you don’t know what you’re talking about but want to speculate anyway, make sure you don’t make your speculation have to bare more weight than it can carry.

YouTube Preview Image

We’ve been very fortunate in that the U.S. suffers from very little terrorism.  Less in the past ten years than in the 1970s 1 but I suspect people, like me, that grew up in the 1970s didn’t feel like we were living in a terrorist wonderland.  9/11 may, indeed, have changed everything but perhaps not for the better.

So, while perhaps not popular I recommend Rose Brooks’ occasionally condescending yet still good ‘Keep Calm and Shut the Bleep Up‘ as we gird ourselves for countless stories that go something like:  ‘You know…I was thinking about running in a marathon before I died.  That could’ve been it.  I was that close…’  We get it.  If you didn’t have a head cold you totally would have been in Boston and wow…coulda been you.  Just because the odds of you getting killed in a terrorist attack are increased from 1 in 3 million to 1 in 1 million, don’t expect me to come down with a case of the vapors.

Lesson Learned:  Chill out.  You, your family, your friends and everyone else you care about are MUCH more likely to die in many more ways than terrorist attacks.  If you’re going to freak out…pay some attention to those risks.



  1. By quite a bit, I might add.   There were almost TEN TIMES the number of terrorist attacks in the 1970s compared to the decade starting on September 11, 2001.

A few thoughts in the wake of Boston…

I’m writing this just a few hours after the news about the bombing in Boston.  You won’t see any speculation here about who’s responsible, thoughts on the immediate response or similar things.  Rather, I want to talk a bit about what the larger implications might mean in terms of threat and what how an intelligence shop might best respond in a situation like this.

Ok…first things first.  A couple of rules to keep things in perspective.

  1. We should now know that with events like this, information that comes our way in the first hours is going to be confused, full of inaccuracies and speculation.  Anyone who speaks with authority in the first few hours is likely to be a liar.
  2. The 24 news channels are terrible at covering events like this.  Since there is so little information to report they have to fill their air time with anything they can.  This means your signal to noise ratio will be off the charts.  Once you get the broad outlines of the event and (possibly) see any footage of the event your best bet is to switch off the TV.

Since we’ve not got a few decades of data about terrorism from all around the world, there are some findings that might help us think about what might (might) come next.

First, a good place to look is the fine folks at the National Consortium for the Study of Terrorism and Responses to Terrorism (START).  I’d recommend reading this piece about the (un)predictability of terrorism and its ‘burstiness’.  I’d particularly like to mention this latter point.

As the people at START put it:

But in addition, terrorism has a bursty quality. When it is effective in a particular time and place, we get a lot of it rapidly.

Now, I think the key word here is the word ‘effective’.  While, on some level, attacks like Oklahoma City, Mardrid, and 9/11 were successful but I’m not sure they would be considered ‘effective’.  After all, in all of those cases the terrorist group (or individual) was captured or killed during or very shortly after the attack.   There was, in short, no one left to follow up on the success and so no follow up occurred.

But, take something like London or (I’m sure) the terrorist activity we see in much of the Middle East and you’ll see a different definition of ‘effective’.  Since a ‘successful’ attack isn’t a requirement for a terrorist to be successful (because, remember, the point of terrorism is to elicit a particular response…not generally to do direct damage) you can ‘fail’ but still be effective.  I’d suggest that much of the Palestinian terrorism over the past few decades falls into this category.

So…if we don’t neutralize (in some way) the perpetrators in some reasonable amount of time, we might reasonably expect additional attacks by the same group or individual.

Conversely, this also means that if we might not need to be too worried about ‘copy cats’ or others being inspired to action.  After all, al-Qaida has been trying to inspire people to take up the cause for years with little success.  White supremacists have been trying for decades with little to show for it.

It also means that the data suggests that the threat is going to be localized in time and space.  Might the perpetrators jet off to Idaho and launch attacks in Boise?  Sure, I guess, but I’m not sure I’d consider it particularly likely.

Also from START is this piece which states that we might see an increase in hate crimes over the coming weeks as a result of this attack.  Based on their data, the people at START have concluded that:

…in the weeks following a terrorist attack, the number of anti-minority hate crimes increased if the attacks were made against symbols of core American values (such as the Pentagon) or perpetrated by groups with a religious motivation.

Does the Boston marathon qualify?  I’d guess definitely in the immediate area.  I’m not sure how much resonance the event has on people further afield.  But, depending on who is identified as suspects, this could be an issue.

Readers of this blog know I often talk about small intelligence shops.  Events like the attack in Boston, because they are so rare, are going to attract the attention of just about every intelligence unit in the country.  Almost every one of them will be expected to publish some sort of ‘product’ about the event.  So, what should a small shop (I’m not talking the big three letter agencies of the federal government but rather the numerous state, local and joint agencies and centers around the country) do in situations like this?

Everything I’m going to write here is for those shops that don’t ‘own’ the territory where the attack took place.  If this attack took place in your area of operations than that’s another story for another time.

First…take a breath.  Look at observation #1 at the top of this post.  You’re highly unlikely to get much of value during the first 24 hours after an event so don’t expect to do more than summarize basic facts.

BUT…everyone is going to want to be seen to be doing something.  This is, after all, the big show.  So, even if there’s nothing to say, there will be incredible pressure to say something anyway.  In some cases this is from a very real desire to ‘help’.  In other cases this is a very real desire to justify ones existence.  It reminds me of a quote from Sir Humphrey:

“Politicians must be allowed to panic. They need activity. It is their substitute for achievement.”

Only politicians aren’t the only ones susceptible to this.  If you don’t have a plan in place you’ll get sucked into the thankless (and useless) task of feeding regurgitated news to various overlords like a mother bird does with her chicks.

Instead of trying to compete with CNN, the New York Times or news agencies (which you’ll never succeed at doing) take advantage of this time to figure out what you need to know for your area of operations.  So, let’s say I was in charge of a shop in…North Carolina (or Montana…whatever) when this attack happened.  What’s going to be important to me initially?  Probably:

  1. Who committed the attack
    1. The specific individual(s)
    2. Any affiliated group
    3. Any linkage to my area of operations
  2. Why did they commit the attack
    1. What was their motivation
    2. Why did they pick that specific target(s)
  3. How did they commit the attack
    1. How did they acquire the explosive device
    2. How did they carry out the attack (emplacement, detonation, escape)

Now, as those questions get answered you’ll have follow ups and more specific ones but even a list like that disseminated to your staff will help them separate the wheat from the chaff during the early hours and days of the story.  Yes, eyewitness accounts may be compelling but if they don’t address those questions your people are really just wasting their time.

Second, if you do not have a compelling reason to call the agency(ies) responsible for handling the emergency do NOT do so before their first press conference at the earliest.  Look, they’ve got a lot on their hands and the last thing they need to do is answer a bunch of questions from a yahoo like you because the leader of your agency 900 miles away wants the latest poop.  Remember, there are now literally hundreds of intelligence shops in the U.S. now…many of them are going to be calling the scene in order to be the first on their block to put out a product with an exclusive tidbit 1 to show how ‘high speed’ they are.  The last thing you would need in that situation is an extra few dozen calls from people essentially saying ‘So…what’s up?’  Let them do their job and you’ll get your information when you need it.

Third, remember that one incident is NOT a trend.  Don’t start reorganizing your whole shop based on one event.  If you’re assessments of the threat were on solid ground before an attack like this, they should remain so.  One event should not nullify your analysis.  BUT…this is a good time (well, earlier was a better time but you slacked off, didn’t you? So we need to do this now) to identify the triggers that would cause you to reevaluate your analysis.

For example…I’ve been saying that al-Qaida is a has-been organization for some time now.  Assuming they were behind this attack (for a moment) would not change my opinion.  But I should be able to explain at what point I would say my analysis was crap.  That’ll keep me straight both when my ego is on the line as well as when tensions are riding high and people start making claims that this or that event ‘changes everything!’

Forth…If you have nothing to say about an event…say nothing.  The intelligence community is suffocating on a philosophy of ‘Send it to everyone…just in case they need it.’  This means it’s not uncommon to receive the same message three, four, five times or more.  It’s not uncommon to receive products that have no relevance to your area of interest.  Adding to the noise does nothing but guarantee that when you really do have something to say, it’ll be ignored.


  1. That’ll probably be released to the press before the product is even disseminated making the whole thing moot.

How might we measure the usefulness of fusion centers?

It’s been a few months since the U.S. Senate (or at least one of their subcommittees) released a scathing report about the 72 fusion centers that have popped up around the country since 9/11.  While the initial firestorm appears to have subsided I’m sure it remains a touchy subject and be rest assured as soon as fusion centers have something to bolster their case you’ll be seeing a whole lot of crowing about how much value they have.

It does raise an interesting, and still unanswered, question of how we should evaluate the value of fusion centers.  Certainly there should be something besides anecdotal reports either in favor or against.  Right?  One would think so, but given we’re more than a decade into this experiment, the fact that we haven’t really gotten far in beyond simple quantitative figures (we’ve answered 1,000 phone calls! We sent out 5 bazillion emails!) should have you consider that nobody is really interested in finding answers.

Let’s face it, identifying metrics for the effectiveness of something as squishy and ambiguous like ‘homeland security’ (similar to ‘counterinsurgency’) is going to be really hard, fraught with errors and, even if you get it right today, subject to change as the operating environment changes.

But, allow me to provide one possible piece of the puzzle.  One of the problems of determining effectiveness of something as big as a fusion center or as simple as even the smallest intelligence bulletin is if people actually value the darned thing.  You can try to send out surveys but a) response rates are abysmal and b) if you think grade inflation is bad in our universities check out evaluation forms in government work.  Everyone has learned that by giving straight ‘excellents’ you usually aren’t asked to answer any open ended follow up questions.  Therefore, the quickest way to be done with an evaluation form is to say everything is great and forget about it.

Even if you can swing in person interviews (very time and personnel intensive) you’re likely to hear only praise if not conducted properly (and very few in the community know how to conduct such interviews even if they were interested in doing so).

And yet, across lunch tables, while sharing a brew or via electronic communication device I receive a steady stream of dissatisfaction among erstwhile ‘consumers’ of intelligence.  Why don’t they speak up when given the chance?  Most often it’s because of concerns about reprisals.  Either institutional (‘Oh, you said something unflattering about our agency.  Yeah, we’ll get to your request.  Look for it around half past never.’) or personal (‘Oh, Ms. T applied to work at your agency.  Yeah, she’s not really a ‘team player’. I’ve got a brother in law though who’d be perfect…’).  And with no payoff there’s only downside in speaking up.

So, if you can’t always rely on what people and organizations say in this environment, you can look to what they do.  Most organizations jealously guard their resources and don’t spend them unless they think they can make a net profit on the deal.  Fusion centers, as the name implies, are designed to bring elements from many different agencies together so that each representative can contribute their expertise.

I suppose you could, therefore, look to see who puts there money where their mouths are when it comes to providing resources to these fusion centers.  Specifically:

  • What agencies have ever provided personnel or other resources to the center?
  • Has that level of commitment increased, decreased or remained the same over periods of time?

Of course, this would by no means be a complete picture but it would give you an idea of who feels such a center provides value.  We all know that joint centers also provide agencies the opportunity to dump under-performers and sometimes contributions reflect more of a ‘I’ll scratch your back if you scratch mine’ sort of arraignment but I think it could provide some important hints as to the value of the center.  Some agencies you could automatically exclude from this (for example the agency that owns the building or is mandated by law to participate and the Department of Homeland Security which has a organizational commitment to provide liaisons to these facilities but how many other partners are out there.  And how long do they stay?


Are bureaucratic functionaries any good at intelligence?

No.  Ok, thanks for coming and we’ll see you next time….

Well, perhaps a slightly longer answer is appropriate.

We are now 12 years past the September 11 attacks.  In those 12 years we have spent billions of dollars in the pursuit of ‘homeland security’ (a phrase which I have only grown to dislike all the more with the passage of time).  Regardless of whether or not you think the changes which have been wrought have been good or bad for us, no one can deny that our lives today are very different than they were 13 years ago.  The concepts of privacy, travel, state/citizen interactions and much more are fundamentally different then they were when, for example, I was a child.

All these changes, well, at least those that were *ahem* ‘planned’, were designed to protect America from the existential threat of terrorism.  Right?  Some of them were designed reduce the threat but many were designed to increase bureaucratic power and influence (see here) and others were designed to appear to reduce the threat (see here).  I’ll deal here with the latter case today.

We had, according to a variety of very serious and very smart people at the time, a wily opponent that was always evolving, learning, recruiting, exploiting new technology and cultural shifts as they happen…able to strike anywhere and disappear back into the shadows.  A more dangerous threat than any we’ve faced in generations….perhaps ever.

And who did we (and do we) put in charge of organizations designed to do battle with these fiends?  Career civil servants.  Now, that’s not necessarily a deal breaker…I’ve been in government employ for years at a time and I’ve certainly seen people in all levels of government that are exceedingly competent, intelligent, imaginative and driven in their fields.  But let’s face it….those aren’t exactly the qualities that leap to mind when thinking of government bureaucrats.

After spending most of the past 12 years in and around homeland security circles I’ve been continually astounded by the lack of imagination, curiosity and awareness of the world around many of the people in positions of authority.  So much so, in fact, that I’ve been forced to consider the possibility that much of homeland security is designed for appearances sake.  Or, to quote someone who I was speaking with recently:

It’s an operational solution to a political problem.

If terrorism was really an existential problem in the United States would we create and defend a system which has been described (accurately if you want my humble opinion) as being comprised of ‘pools of ineptitude‘?

YouTube Preview Image

Intelligence work, at its core, is an exercise in creativity.  It’s thinking about problems (or evaluating potential problems) in situations where you will never get complete information.  The deck, however, is stacked against us.  There are a host of evolutionary and cultural biases that make creativity and critical thinking difficult under the best of circumstances.  Leaving the responsibility for that sort of work in institutions that exemplify satisficing and conformity is like going to a gun fight with a rubber knife.

And that’s why, more than a decade after 9/11, our Intelligence Community which has grown to enormously bloated proportions and scoops up vast quantities of data, remains unable to prevent strategic surprise or address new threats very well.

Or, as Josh Kerbel puts in this very well done article (which I’ll expand upon in a later post):

…the intelligence community remains fixated on reacting to discrete actors rather than helping the federal government proactively shape the broader global environment.

In that vein, I’d recommend this article in Slate which summarizes research about how much we actually don’t like creativity despite what we’ve learned to say in job descriptions, pep talks, and such.

Staw says most people are risk-averse. He refers to them as satisfiers. “As much as we celebrate independence in Western cultures, there is an awful lot of pressure to conform,” he says. Satisfiers avoid stirring things up, even if it means forsaking the truth or rejecting a good idea.

So, what is to be done? How can intelligence analysis be done effectively in an environment where the conditions suppress its key components?  An important first step to addressing this, like any problem, is getting some widespread acceptance that it exists. That’s a herculean task in itself.

As much as I’d like to deeply erode the hierarchies that operate in most intelligence shops (as they tend to avoid providing the direction and prioritization decisions that should be their primary goal) that’s just not going to happen.  Much of the responsibility for improving things is going to have to rely on those fairly low on the food chain in ways that would probably be regarded as subversive by the existing powers.  The horse doesn’t just need to be led to water…it needs to be made to drink, either through force or trickery.

That Senate Fusion Center Report (Part 3)

Part 2

The report concludes with an evaluation of fusion center ‘success stories’. On their website , the DHS advertises a number of ‘success stories’ that supposedly highlight the importance of these centers in the counter-terrorism mission. It identifies 23 such cases. Keep in mind that fusion centers have been around since 2001ish, there are currently more than 70 of them (no one could get a straight answer as to exactly how many of these centers there are) and the federal government has poured in between $300 million to $1.5 billion dollars into them (again, no one seemed to thought that keeping track of expenditures was particularly important).

Of those 23 cases, more than half (14 in total) clearly had no nexus to terrorism. These included things like (and I’m not kidding):

  • Fusion Center Contributes to Decrease in Auto Theft (Let me guess…by having all employees lock their car doors?)
  • Fusion Center Enables a Teenage Runaway to Return Home Safely (What did they do, buy her bus fare for her?)
  • Fusion Center Supports Federal Partners through the Use of Facial Recognition Queries (translation: made a database query)

The bottom line is that these ‘successes’ are all things that could be done even if fusion centers never existed.

Ten years….72 facilities…hundreds of millions of dollars and what do they have to show for it? They helped a runaway get back home.

But wait, I can hear you say, what about the 9 ‘terrorism-related’ cases? Stopping one 9/11 would make this whole endeavor worth it, right?

Glad you asked.

Of the nine events I labeled ‘terrorism-related’ (and I was trying to be generous here), none were involved with disrupting plots but rather with supporting investigations that had already begun. And that brings me to a point I’ve been hammering away at for awhile. In none of these cases was there any real analysis going on. Rather (based upon the descriptions by DHS and the subcommittee’s deeper look into four of the ‘best’ cases) fusion centers were used to do database checks, information sharing and perhaps some tasks considered ‘entry-level’ analysis (link charting, PowerPoint summaries of case information, etc.).

So, let’s stop trying to teach a dog to wear cloths and walk on its hind legs. To paraphrase Mr. Johnson, even if we can get them to do it, it won’t be done particularly well. Pull the analysis function out of fusion centers and leave them to do the information sharing and case support functions. They’ve demonstrated they can do those reasonably well, it’s what they’re comfortable with and we can stop wasting resources doing the other stuff.

Then…concentrate analytical resources into regional centers. You have a much better chance of achieving a critical mass of analytical talent to actually get some substantial work done. If you remove the component of those centers that have actual arrest powers you can get off the hamster wheel of arrests and seizures as a metric for success.

But beyond these *ahem* successes, the subcommittee also found evidence of fusion center work that hindered investigations and at least one instance where fusion center work could have led to serious international problems. You may remember I wrote about this incident here but what I didn’t know at the time is that while the DHS was publicly distancing itself from the fusion center’s assessment, it was also referencing the same, incorrect, report in its own products. AND, it never issued a correction.

That Senate Fusion Center report (part 2)

Part 1

Now let’s talk about something that has concerned people about domestic intelligence generally and fusion centers specifically for a long time now.

Violations of civil liberties.

I’ve said before (and I maintain today) that a) I do believe there are violations of civil liberties and civil rights going on all the time in criminal and homeland security shops around the country and b) this is mostly do to incompetence rather than any real plan to deprive people of their rights.

And here’s where you can look at things as half full or half empty.  While the committee’s report identified numerous reports that was inappropriate it did note that ‘[t]o the credit of officials participating in the review process, these reports were for the most part cancelled before publication.’

That’s good but fusion centers produce a whole host of information which doesn’t go through the DHS vetting process.  While, theoretically, every center is supposed to have a privacy officer and all products are supposed to be vetted for privacy/civil liberties/civil rights issues, unlike at DHS that position need not necessarily (or even usually) be a position devoted to those issues.  It can be an ‘extra duty’.  And when something is piled on as such, we all now how much attention and effort usually follows.

Beyond that, remember that there are pressures to produce numbers at these centers.  Quantity of reports = productivity = effectiveness = justifications for promotions and resources.

So, what to do if you don’t have much actual intelligence to report on but you have a lot of constitutionally protected activities going on (ideally conducted by people whose ideological orientation or socio-economic-racial background kinda makes you feel icky?

Well, you could always put out ‘officer safety’ bulletins or ‘situational awareness’ reports.  The reasoning can be ‘Oh, we’re not reporting on the protest or specific event, but there may be ‘public safety’ concerns…traffic might get snarled…people might pass out from heat exhaustion…you know.’

And here’s where you can see the jack-booted thugs behind the curtain or not.

You could say that these sorts of things are a ‘wink and nod’ way to pass along intelligence on constitutionally protected activity.  After all, a ‘situational awareness’ product coming from a ‘crime center’ or a ‘counter-terrorism’ shop will probably mean something different than if the very same product came from the traffic enforcement division, for example. I’m not sure I’ve seen any evidence of the level of self-awareness required to understand the concept of contextual information but it is there in any case.

And the ‘public safety’ argument only really holds water if there’s some evidence that such bulletins go out for similar, non-controversial, events.  Worried about traffic snarls?  Why aren’t you putting out a product when the American Legion holds fund raiser and parade? Oh, that’s right…your dad was in the Legion.  ‘Nuff said.

In those, you can make the most outrageous claims and just tack on a statement at the end that says ‘We recognize the rights of people to conduct first amendment activity and provide this for information only.’

So, what drives this sort of thing?  You can think it’s a grand conspiracy theory but I honestly believe it’s the result of people in over their heads making decisions on issues they aren’t qualified to make.  In the interest of careerism and institutional goals, they wing it, don’t think too much about the consequences and hope if the proverbial shit hits the fan it’ll be after they’ve been promoted out of there (or, retired and picked up a cushy security job with some corporation).

And that is what should drive you nuts.  The flaws identified by the Senate are the results of countless decisions made to let unqualified people feel like they are part of the big game.  As Tom Ridge (the genius who brought us color coded terrorism threats) said:

“We thought if we just threw the name out there, built a bunch of them, we’d feel a lot better.”

Yep…a sound basis for establishing a domestic intelligence program.

That Senate Fusion Center report (part 1)

Remember it?  Oh, how soon we forget.  Well, here’s what I’m talking about if you need a refresher.  I have, finally, gone through the whole report (download your own copy here) and wanted to talk about a some of the important issues it raises.

Now, before I go on, there is one important thing to mention.  This report confines itself to the role that fusion centers play in national couter-terrorism efforts and specifically how they plug into the Department of Homeland Security.  Now, those looking to rebut the report have pointed that out as a fatal flaw with the report.

Personally, I think those people should really just keep quite.  The last thing they want is someone actually looking to see if all those other claims about how effective and valuable fusion centers are actually true.

And in that regard, I’d suggest that many of the observations and shortfalls the committee identified can apply much more broadly than the committee intended.  While the fusion center contribution to national counter-terrorism efforts may look like ‘pools of ineptitude’, at least when talking about intelligence and analysis, it’s probably the aspect of what these centers do that’s most set up for success.

So, we’ll begin in talking about the value of ‘intelligence’ that gets produced and disseminated from fusion centers. The subcommittee’s report reported that many of the reports that made their way to DHS were ‘useless’.  It should be kept in mind that fusion centers produce a whole bunch of reports and only the *ahem* ‘best’ are deemed worthy of being sent to DHS.

Which means, while DHS may think they’re getting spammed with intelligence crap, there’s a whole wave of it flowing from fusion centers that doesn’t make the cut.  The art of regurgitating information, sometimes from open sources and other times from other agencies may not have been perfected in fusion centers but it is certainly getting a great deal of practice.

In part, this is due to another observation made in the report:  Using quantity of production as a metric to determine value.

In a couple of cases there was a lot going on, [Keith Jones, former head of the DHS Reporting Branch said while testifying about reporting coming from fusion centers].  In a couple of others they were looking for stuff [to report] so they could wave their flag.

Fusion centers (like any agency that equates activity for achievement) focus on things that are easy to count.  So, that encourages two sort of bad behavior:

  1. producing intelligence products that aren’t relevant
  2. producing products that are identical (or nearly identical) to reports from other agencies

This leads to everyone’s inbox getting clogged with products and makes it difficult to sift through what deserves attention and what should be sent right to the recycle bin.

(As an aside, another way to boost numbers without doing any work is to forward someone else’s product with a cover note.  That allows an agency to throw its logo on things and get credit with no real investment.  What it means to customers is that they can very well get the same product many, many times.  Hardly efficient.)

Why do these centers produce so much crap?  In part it has to do with training.  Despite the endless pronouncements about how important intelligence is, analysts, investigators, and supervisors have few, if any, training requirements for working in intelligence shops.  There are federal recommendations for 40 hours of training for analysts but even if you could get everyone to adhere to that, 40 hours does not an analyst make.

It just seems strange that in the army I had to go through 14 weeks of training in order to be an entry level analyst.  That allowed me to sit in the same room with intelligence people and learn.  I certainly wasn’t considered capable of independent activity.

We wouldn’t feel comfortable is our police or firefighters were given 40 hours of training and sent out into the world.  And yet, intelligence personnel in many of these fusion centers, expected to contribute to the national counter-terrorism strategy are essentially thrown to the wolves and expected to figure things out.

That problem is compounded by a marked lack of leadership in most of these centers.  When it comes to counter-terrorism (and, to be honest, most aspects of intelligence) most the most critical shortfall is the lack of any real direction and prioritization.  Instead, we perpetuate the myth of ‘all crimes, all hazards’.  Given that many fusion centers contain fewer than a dozen people, the notion that you could have a shop which is tracking ‘all crimes, all hazards’ is patently ridiculous.

He who defends everything defends nothing.1

But…picking priorities entails risk.  After all, pick the wrong thing and you might get held accountable for it.  Pretend to cover everything and you’re all set to lobby your elected representative for more money to ‘fulfill the mandate’.

More tomorrow…

  1. Frederick the Great said that…

We interrupt this blog…Fusion Centers are ‘pools of ineptitude’ edition (told ya!)

Interesting news posted last night that the Senate Homeland Security and Governmental Affairs permanent subcommittee on investigations published a report about fusion centers.  I don’t have a copy of the report yet but the summaries of its findings shouldn’t come as a surprise to anyone who has read this blog.

But after nine years — and regular praise from officials at the Department of Homeland Security — the 77 fusion centers have become pools of ineptitude, waste and civil liberties intrusions, according to a scathing 141-page report…

Begin the scrambling

A spokesman for Napolitano immediately blasted the report as “out of date, inaccurate and misleading.” Another Homeland Security official, who spoke with NBC News on condition of anonymity, said the department has made improvements to the fusion centers and that the skills of officials working in them are “evolving and maturing.”

Not having read the report I can only say that based on many, many discussions with personnel who work in fusion centers as well as personal observations around the country those comments seem neither ‘out of date, inaccurate [or] misleading.’  They actually sound spot on.

And as for ‘evolving and maturing’.  That spokesman can go fuck himself (or herself).  It’s almost 2013.  How long are we supposed to wait for this money pits to ‘mature’ to a level that crayons and paste aren’t the tools of choice?  How long are we going to continue the charade of intelligence products that wouldn’t receive a passing grade in a moderately difficult high school class (based either on use of the language or ability to put thoughts together in a coherent manner)?

Update:  As of 11pm I got my hands on a copy of the report.  I probably won’t be able to go through it in depth for awhile but stay tuned.  You can get a copy of the report from Public Intelligence here.


H/T Geeks are Sexy

YouTube Preview Image

You can tell it’s fake 1  because Congress isn’t tripping over itself to throw money at the project.


  1. Well, the Kickstarter part, anyway.  For more on TrapWire you can check here.