Beverley Lumpkin: Halls of Justice

W A S H I N G T O N, April 5, 2002 -- The much-awaited report from William Webster's Commission for the Review of FBI Security Programs was delivered Thursday, and — mirabile dictu — there are actually a few interesting points that have not been previously leaked.

The bureau's attitude was basically summed up in the wry remark of one top official: "We have the same problem with this one as we had with Fine's report: It's accurate!"

The reference, of course, was to Inspector General Glenn Fine's report from two weeks ago on the FBI's multiple failures that led to the belated discovery of OKBOMB documents, which delayed Timothy McVeigh's execution. Now it was the turn of Webster, a former judge, former FBI director, and former CIA director, to explain how the bureau's deplorable lack of security permitted "possibly the worst intelligence disaster in U.S. history."

The most fundamental reason for the FBI's security failures, Webster found, is that "[a] law-enforcement culture grounded in shared information is radically different from an intelligence culture grounded in secrecy."

The law enforcement culture focuses on solving cases and values the free flow and sharing of information. "In a criminal investigation, rules restricting information are perceived as cumbersome, inefficient, and a bar to success," he said.

But when criminal information is compromised, only a single prosecution is at risk. "In sharp contrast, when an intelligence program is compromised, as [former agent Robert Philip] Hanssen's case demonstrates, our country's ability to defend itself against hostile forces can be put at risk."

One top FBI official agrees that the toughest job facing FBI Director Robert Mueller in the security realm is changing this culture. He said, "We're such a mission-oriented agency that we require a continual, constant, educational barrage" to remind us of the importance of these seemingly mindless and annoying security procedures.

Webster wisely notes that the way of the world is such that "[u]nfortunately, security reform usually occurs in an agency only after it has been severely compromised." After apparent losses of nuclear designs, the Energy Department cleaned up its act. After Aldrich Ames's espionage, the CIA got religion. The State Department was chastened after several security compromises. But Webster notes rather sadly that the intelligence community as a whole, and individual agencies, have never learned from each other's bad experiences.

The most startling new information is that as recently as last fall, even with supposedly new security systems in place in the wake of Hanssen, restrictions that had been placed on the Bureau's Automated Case Support System were deliberately removed in order to facilitate the free flow of information about the Sept. 11 attacks.

Webster sums up the situation: "In the wake of the terrorist attacks in Sept. 2001, FBI senior management significantly altered bureau policy on ACS case file restrictions. This decision may have extraordinary importance for national security and the bureau's ability to construct cases that can be prosecuted. The manner in which the decision was made also confirms that, within the FBI, operational imperatives often trump security needs, which played no apparent role in the decisional calculus."

The message that was sent out removing the restrictions explained that they had hampered PENTTBOM. "Apparently, agents assigned to pursue leads in PENTTBOM had been frustrated by restrictions limiting access to potentially relevant case files, and FBI senior management had determined that the agents' frustration was well grounded."

I spoke with an FBI agent who vividly remembers receiving "the order to drop the block." He said, "We all remember thinking, 'Whoa! That's interesting.'" He added, "We all knew it was a big step in the wrong direction."

He acknowledged the frustration investigators had been experiencing in dealing with the cumbersome system, but, he concluded, "the gate's open and we just have to hope that the cattle don't know it."

Webster unhappily concludes, "The security consequences of this policy are difficult to assess." But he notes that information collected pursuant to the special national security warrants approved by the Foreign Intelligence Surveillance Act court has traditionally been restricted. But now the general population has access to FISA material.

That's problematic first of all because — as my longtime gentle readers well know — FISA information is in general not meant to be used in criminal cases. "And a point more central to our mandate is again true: highly classified information has been made available to a range of bureau personnel far broader than those who need to know it."

Two days after the restrictions were removed, the FBI's general counsel sent out another communication, ordering that FISA information must carry a warning about its source and the fact it cannot be used in criminal cases without special approval. But, as one of the commission staff pointed out to me, that warning is only pro-active; "you don't know in how many newly unrestricted files the FISA material is contained."

Further, the possibility remains that the material has "bled" into many other files. There is no way to go back and identify that information. Or, as the report puts it, "returning these cases to their previous security status has been likened to putting toothpaste back into a tube."

And again the report pounds the message home: "Even if senior FBI officials responsible for this policy change considered all its implications before making it, they failed to solicit the input of key security personnel ... Although the change may be defensible, the manner in which it was made sends a clear signal that the FBI's security organization is irrelevant during an operational crisis."

A senior FBI official defended the removal of the restrictions by reminding me of the context; the order was sent out Oct. 10, when the concern about another attack was paramount. It was considered vital to make sure that they did not overlook any information that might indicate another attack, and to make sure all information was being appropriately exploited.

In any case, he believes that any possible problem with the unmasking of the FISA stuff is more hypothetical than real. He averred that most material obtained through a FISA warrant is either counterintelligence and thus unlikely to be of use to anyone working counterterrorism; or, it's counterterrorism and would have stayed within the counterterrorism division. He said, there's clearly some risk, but the decision was taken at an extraordinary time.

Good Stuff Revealed

There's a lot of other good stuff in the report, too. It's either new details about Hanssen, or about the FBI's deplorable information systems, which would make a horse & buggy look advanced, or a particularly well-made point. Here's a sampling:

Hanssen was extremely successful in exploiting the ACS. Investigators have been able to identify thousands of files that he accessed but remain uncertain how many he actually exploited by providing to the Russians. But he "compromised over 50 FBI human sources and potential recruits and many technical sources."

Hanssen used only ordinary ACS rights to information; he didn't hack into any files. But of the files he accessed, officials have determined, 500 should have been more restricted than they were.

Hanssen used ACS to find out if the bureau suspected him. He searched his name spelled several different ways, and his home address, along with other words and names of Russian and Soviet cases, and phrases like "dead drop."

Hanssen apparently had a Clinton bug. On more than 20 occasions, he ran searches containing the names "Hillary Rodham Clinton," "Hillary," "Chelsea," or "Clinton." In a masterful understatement, Webster notes: "Had the FBI been aware of these searches, it seems likely that auditors would have found this activity peculiar and it would have received close scrutiny."

Some agents didn't trust ACS. Webster writes that "it is common knowledge" that agents in the New York City field office have long refused to upload certain national security information onto ACS. He explains that their skepticism is well-taken; they tried it out in 1995 as a pilot system. They gave an MIT intern ordinary access and challenged him to find any vulnerabilities. In just one afternoon the kid found a number of restricted files.

The bureau is now putting much of its hopes and dreams for information systems into an upgrade program known as Trilogy. Webster quotes IBM executive Bob Dies, brought in to renovate the horse & buggy, referring to the current systems as "an old car broken down in a ditch." However, "[t]he purpose of Trilogy is to get the old car out of the ditch, not to provide the FBI with state-of-the-art information systems." That focus, Webster complains, again confirms that the priority is on operational needs — to the detriment of security.

Hanssen's 1996 reinvestigation "highlights a number of deficiencies." The reinvestigations are conducted by Special Investigators, who are mostly retired FBI agents. The SI was told that Hanssen was in the doghouse with an assistant director "about an issue related to a foreign intelligence service." A co-worker described him as a "maverick" with his "own ideas on things" who did not always "toe the line" with management. A supervisor called him an "unusual" character. Nevertheless none of these comments caused the SI to engage in any follow-up. Most surprisingly, "Foreign travel and contacts were not addressed, although a reference commented that Hanssen was a friend of a Soviet defector."

In conducting background investigations, the SI's use a procedure known as CARLABFAD — wait for it — which stands for assessing Character, Associates, Responsibility, Loyalty, Ability, Bias and prejudice, Financial responsibility, Alcohol use, and Drug use.

As has been reported previously, Hanssen engaged in espionage during three discrete periods over the course of 22 years. We knew he had at the end of the first period in 1981 confessed his activity to his wife and priest; but Webster reveals he had also disclosed his secret to an attorney — no further information provided.

As has been widely reported, Mueller has already begun implementing a number of the recommendations made in the Webster report. These include creating a Security Division, headed by Assistant Director Ken Senser, stolen from the CIA, who is well-versed in security in a way nobody at the bureau has been; and the consolidation of the FBI's many fragmented security functions under Senser's new division.

More controversial is the beefing up of the polygraph program. The bureau traditionally was leery of the lie-box; J. Edgar Hoover was skeptical and that attitude has long permeated the culture.

But as Webster notes, the value of the polygraph as a screening tool if not a decisive factor has been demonstrated at other agencies, particularly in the wake of their own espionage crises. Increased financial disclosure is also under consideration and seems a foregone conclusion.

Most difficult of all may be changing that darn culture. Mueller has spoken strongly about the need to inculcate a respect for security concerns — yet the lifting of the ACS restrictions occurred on his watch.

Webster himself seems cautiously optimistic — although he recommends a variety of reviews and reports of the bureau's progress in the coming months and years; perhaps his own version of "trust, yet verify."

Still, he found that "the vast majority of FBI employees with whom we spoke have been shaken by Hanssen's treason; they are acutely aware of the damage he has done to the country and to the reputation of the institution they love; and they seem to understand the necessity of reforming inadequate practices."

Beverley Lumpkin has covered the Justice Department for 16 years for ABCNEWS. Halls of Justice appears every Saturday.