Posts

Your Obligatory Fran Fragos Townsend Leak

Remember how the detail that UndieBomb 2.0 involved a Saudi infiltrator got out? John Brennan had a private teleconference with Richard Clarke and Fran Fragos Townsend and implied as much, which led to Clarke reporting it (and not long after, ABC confirming it with foreign sources).

At about 5:45 p.m. EDT on Monday, May 7, just before the evening newscasts, John Brennan, President Barack Obama’s top White House adviser on counter-terrorism, held a small, private teleconference to brief former counter-terrorism advisers who have become frequent commentators on TV news shows.

According to five people familiar with the call, Brennan stressed that the plot was never a threat to the U.S. public or air safety because Washington had “inside control” over it.

Brennan’s comment appears unintentionally to have helped lead to disclosure of the secret at the heart of a joint U.S.-British-Saudi undercover counter-terrorism operation.

A few minutes after Brennan’s teleconference, on ABC’s World News Tonight, Richard Clarke, former chief of counter-terrorism in the Clinton White House and a participant on the Brennan call, said the underwear bomb plot “never came close because they had insider information, insider control.”

Now, National Security Council Spokesperson Tommy Vietor, who aggressively but rather unconvincingly tried to claim that the Administration had never intended to publicly announce UndieBomb 2.0, is claiming that the Administration is obligated to hold such teleconferences because the Administration is obligated to be “transparent” about potential threats.

The Yemen plot had many intelligence and national security officials flummoxed and angered by its public airing.  Despite that, a senior administration official then briefed network counterterrorism analysts, including CNN’s Frances Townsend, about parts of the operation.

But such briefings are an “obligation” for the administration once a story like the Yemen plot is publicized, insisted National Security Council spokesman Tommy Vietor.

“The reason that we brief former counterterrorism officials is because they are extremely conscientious about working with us about what can and cannot be said or disclosed,” Vietor told Security Clearance.  “They understand that there is an obligation for the U.S. to be transparent with American people about potential threats but will work with us to protect operational equities because they’ve walked in our shoes.”

This is the Administration that appears to have just fired a guy for revealing that the bankster threat is growing while the terrorist threat is diminishing, claiming they had to hold a teleconference with TV commentators just before prime time to make sure Americans regarded a Saudi-managed plot as a real threat.

Vietor’s in trouble. Presumably on his advice, the White House was prepping a big roll out of UndieBomb 2.0 the day after this call with Townsend and Clarke. Clearly, by going ahead with the teleconference, he was trying to get maximum spin value out of the plot, after the AP had broken it. Indeed, the detail that led Clarke to learn the “plot” was really a sting–that we (or our buddies the Saudis) were in control the whole time–is precisely the same spin that Brennan’s sanctioned leaks have pushed in the Kill List and StuxNet stories.

But for a variety of reasons, it has become politically costly to admit the White House had planned to spin this. And so, Tommy Vietor keeps trying to tell new stories, hoping one will hold together.

Read more

At What Point Do Our Cyberwar Toys become WMD?

The other day, Ellen Nakashima reported on new cyberwar acquisition guidelines that will allow DOD, under certain circumstances, to deploy targeted exploits without the regular testing or oversight process.

The rapid process will take advantage of existing or nearly completed hardware and software developed by industry and government laboratories. This approach could take several months in some cases, or a few days in others.

[snip]

Under the rapid plan, weapons can be financed through the use of operational funds, in “days to months,” and some steps that ordinarily would be required would be eliminated. These include some planning documents and test activities, according to the report.

The weapons may be designed for a single use or for some other limited deployment, and they would be used in offensive cyber operations or to protect individual computer systems against specific threats, said the report.

As she describes it, this rapid development will (is supposed to?) only be used in fairly targeted cases.

But what are the chances the speed and limited oversight lead to mistakes? What are the chances that our rush to roll out exploits leads us to set off some unintended consequences?

Consider Richard Clarke’s explanation for how StuxNet escaped the narrow confines of the Natanz centrifuge facility it targeted.

“It got loose because there was a mistake,” [Clarke] says. “It’s clear to me that lawyers went over it and gave it what’s called, in the IT business, a TTL.”

“What’s that?”

“If you saw Blade Runner [in which artificial intelligence androids were given a limited life span—a “time to die”], it’s a ‘Time to Live.’” Do the job, commit suicide and disappear. No more damage, collateral or otherwise.

“So there was a TTL built into Stuxnet,” he says [to avoid violating international law against collateral damage, say to the Iranian electrical grid]. And somehow it didn’t work.”

“Why wouldn’t it have worked?”

“TTL operates off of a date on your computer. Well, if you are in China or Iran or someplace where you’re running bootleg software that you haven’t paid for, your date on your computer might be 1998 or something because otherwise the bootleg 30-day trial TTL software would expire.

“So that’s one theory,” Clarke continues. “But in any event, you’re right, it got out. And it ran around the world and infected lots of things but didn’t do any damage, because every time it woke up in a computer it asked itself those four questions. Unless you were running uranium nuclear centrifuges, it wasn’t going to hurt you.”

“So it’s not a threat anymore?”

“But you now have it, and if you’re a computer whiz you can take it apart and you can say, ‘Oh, let’s change this over here, let’s change that over there.’ Now I’ve got a really sophisticated weapon. [first brackets mine, all others original]

Here’s a cyberweapon presumably developed under the existing “deliberate” process, with full testing and oversight. If Clarke’s description of the problem is correct, it’s not so much a testing problem as an inadequate understanding of the environment–a failure to account for all those computers on which, because their clocks were not set properly, the TTL orders malfunctioned. And while StuxNet itself may not have done collateral damage, who knows what hackers who have gotten the code did with it?

So while StuxNet, with the benefit of time and testing, didn’t do excessive damage when DOD’s plans proved to be inadequate, who’s to say that an exploit deployed with far less time–purchased for use–won’t do more damage?

Also, note how much more quickly DOD appears to be moving to make sure it has lots of cyberweapons to deploy than it has moved to make sure it has the most rudimentary defenses against exploitation. Probably, when our cyberwar toys turn into a WMD, they’ll hurt people in the Middle East or China. But given our rush into offensive cyberwar before we’ve protected ourselves, who knows?

Richard Clarke Also Suggests Hacking Has Made F-35 Ineffective

A number of people have pointed to this interview for Richard Clarke’s suggestion that the US, not Israel, bears most of the responsibility for the StuxNet attack.

But I’m just as interested in his assessment that hacking threatens to undercut our ability to deploy our fanciest war toys.

“I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong,” he tells me. “Every major company in the United States has already been penetrated by China.

“What?”

“The British government actually said [something similar] about their own country. ”

Clarke claims, for instance, that the manufacturer of the F-35, our next-generation fighter bomber, has been penetrated and F-35 details stolen. And don’t get him started on our supply chain of chips, routers and hardware we import from Chinese and other foreign suppliers and what may be implanted in them—“logic bombs,” trapdoors and “Trojan horses,” all ready to be activated on command so we won’t know what hit us. Or what’s already hitting us.

“My greatest fear,” Clarke says, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China….After a while you can’t compete.”

But Clarke’s concerns reach beyond the cost of lost intellectual property. He foresees the loss of military power. Say there was another confrontation, such as the one in 1996 when President Clinton rushed two carrier battle fleets to the Taiwan Strait to warn China against an invasion of Taiwan. Clarke, who says there have been war games on precisely such a revived confrontation, now believes that we might be forced to give up playing such a role for fear that our carrier group defenses could be blinded and paralyzed by Chinese cyberintervention. [my emphasis]

The other day, I suggested that our inability to protect our defense and defense contractor networks means we’re wasting billions on hacking-related rework.

That’s not the only way our vulnerability to hacking will rot our national security supremacy. As Clarke notes, it will make all the defenses we build into our weapons systems less effective. All of which won’t stop us from dumping the national treasure into already-compromised toys. It’ll just make those toys more expensive.

NYPD Makes Work But Not Knowledge

When I read the Judy Miller/Richard Clarke op-ed defending Ray Kelly (this is Judy’s second go-around defending Kelly, btw), I realized something about the NYPD CIA-on-the-Hudson program. They write,

Yet NYPD efforts to engage with and selectively surveil at-risk populations are not only legal but essential. In 2002, Mr. Kelly decided that a “broad base of knowledge” about who lives in the New York area was crucial to preventing terrorism. “It was precisely our failure to understand the context in 1993″—after the first World Trade Center bombing—”that left us vulnerable in 2001,” he said. So police tried to determine “how individuals seeking to do harm might communicate or conceal themselves. Where might they go to find resources or evade the law?” Such “geographically-based knowledge” saved “precious time in stopping fast-moving plots,” he said last weekend. [my emphasis]

Ray Kelly and his defenders claim that the process of mapping out all the Muslim communities in the NYC area produces “knowledge.”

But after reading the two latest sets of documents released by the AP: mapping the Syrian and Egyptian communities, it became clear that this is less about knowledge and more about make work. The Egyptian packet, in particular, reads more like the kind of crappy composition papers you see from college freshmen learning how to write and think critically–complete with significant portions just cut and pasted from online sites (in this case, the NYC and CIA sites). How much “knowledge” did an officer gain by copying the NYPD’s own website to include this information in a report on Egyptians in the 68th precinct? (Note, the NYPD appears to have taken this tour guide information down in 2006 after this particular report was completed.)

The 68th Precinct provides police service to the Brooklyn neighborhoods of Bay Ridge, Dyker Heights and Fort Hamilton. These middle-class neighborhoods are culturally and ethnically diverse. Over recent years there has been a significant influx of people of Middle-Eastern and Asian descent into the area. One and two family homes dominate the landscape; however, there are also many four and six story apartment houses throughout the precinct. Residents and visitors enjoy the recreational amenities afforded by the area’s seven major parks, two theaters, golf course and spectacular waterfront along “The Narrows” between Brooklyn and Staten Island. Independent merchants, as well as some chain stores, provide for ample retail shopping and other services along Third, Fifth, Eleventh and Thirteenth Avenues as well Fort Hamilton Parkway and 86th Street. Over one hundred restaurants, bars and nightclubs provide for a vibrant nightlife. Fort Hamilton is the only active duty military installation in New York City.

Does repeating the NYPD’s own assessment that The Narrows is a spectacular waterfront really help find terrorists?

Then there’s the sheer repetition of it, which becomes apparent if you compare the Moroccan mapping report to the Egyptian and Syrian one. Between them the reports many of the same sites, including at least the following.

  • Nassem meat market
  • Egyptian coffee shop
  • Eastern Nights Cafe
  • Bay Ridge International Cafe
  • Egyptian Cafe
  • Ramalla Coffee Shop
  • Tutankhamun

Of what value is it for the NYPD has paid officers to go twice in the same year to the same businesses to do these completely new profiles?

Egyptian Cafe, Moroccan Version, undated (other reports in same packet dated December 19, 2006 and April 13, 2007)

Read more

Dick Cheney Made No Mention of Millenium Plot in His Book

I’m still slogging through Dick Cheney’s awful book–I will write some more comprehensive things when I finish.

But I found this passage particularly curious given recent claims by Ali Soufan and Richard Clarke that we might have been able to prevent 9/11:

They had struck us before, blowing a crater five stories deep in the World Trade Center in New York in 1993. Al Qaeda had attacked our embassies in Kenya and Tanzania in 1998, killing hundreds, including twelve Americans. Osama bin Laden, al Qaeda’s leader, had personally chosen the operatives who bombed the U.S.S. Cole in a Yemeni harbor in 2000. Seventeen crew members had died. During the nineties, the United States had treated terrorist attacks primarily as law enforcement matters, indicting terrorists when we could, trying them, and sending some of them to prison. But that approach hadn’t stopped the attacks. Al Qaeda had just delivered the most devastating blow to our homeland in its history.

We needed a new way forward, one based on the recognition that we were at war.

In this abbreviated passage, Cheney makes his case that we had to combat al Qaeda with a wartime approach, something different that had been used up to that point.

There’s a lot else he misses in the lead up to 9/11. He makes no mention of Richard Clarke and his efforts to do something about al Qaeda. That’s not surprising given Cheney’s churlish approach to mentions of others in this book.

Cheney also lays no blame for the Cole bombing–not on the Navy and not on Clinton. This, in spite of the fact that he attacked similar military errors contributing to the 1983 Marine barracks attack in Beirut and the Blackhawk attack in Somalia, and in spite of his almost gleeful joy at blaming Carter and Clinton for the failed Desert One rescue and Somalia, respectively.

But the failure to mention that law enforcement had discovered and prevented a plot is really telling. Because, of course, alert law enforcement had “stopped the attacks” on one occasion, but it’s that occasion he completely ignores in his recitation of past al Qaeda attacks.

So there it is–the bulk of the justification for Cheney’s One Percent Doctrine, omitting all mention that sound counter-terrorism policy might have prevented the USS Cole or at least the casualties, that our counter-terrorism efforts had successfully interdicted a plot, and that Richard Clarke (and George Tenet) had been issuing shrill warnings in the days leading up to 9/11.

Sure, he needs to omit those details to make his logic work. He needs to present war as the only option.

But it also makes you wonder whether he knows, too, that we could, and should, have prevented 9/11.

Condi Claims US Was at War When She Ignored August 6, 2001 PDB

Condi Rice is, of all Bush’s top aides, the best at managing her reputation. Which is why her interview with Fareed Zakaria yesterday is so interesting.

Sure, there are some examples of Condi’s signature lies, such as when she claims the dedicated group to hunt Osama bin Laden–which was shut down between 2005 and 2009, after which Obama reinstituted it–proves the Bush Administration’s focus on capturing OBL.

ZAKARIA: President Obama did say that he felt that the capture or killing of Bin Laden was not a top priority when he took office and he moved it to a top priority. What’s your reaction?

RICE: Oh, it was a top priority. We wanted to get Osama Bin Laden every single day. And there was a unit at the – the agency that worked on nothing else.

More interesting, though, is Condi’s confusion about how many Presidents have hunted OBL. At the beginning of her interview, she suggests that the hunt for OBL has spanned just two presidencies.

ZAKARIA: When you first heard the news about Bin Laden’s assassination, what – what did you think?

RICE: Well, I was incredibly gratified and, frankly, relieved. It been a long hunt for him. I was proud that over two presidencies we were persistent enough and patient enough to put together the picture that ultimately led to him. You don’t just stumble upon Osama Bin Laden. It takes a lot of work to get there.

But then there’s this remarkable exchange.

ZAKARIA: And you’re hearing some Republicans, people like Rush Limbaugh, say Obama really doesn’t deserve much credit for this. You know, the – the operation was a routine operation.

You’ve been in the White House. Do you think that the president at key moments had to make difficult calls whether to use a drone, whether to use a special operations?

RICE: I’ve been in the White House, and I’ve seen a president make difficult decisions. And there were difficult decisions in this. What – what President Obama has done, indeed, it was a – it was a brave decision.

Now, it is absolutely the case that the United States of America has been fighting this war for at least 10 years, and really a bit longer. And so this is a victory across presidencies. It’s a – it’s a victory for having learned more how to fight the counterterrorism fight. [my emphasis]

Now, I presume the reference to a war that pre-dates 9/11 and even May 2011 is Condi’s claim that when she was demoting Richard Clarke in the early days of 2001 and when Bush was saying “I’m tired of swatting at flies … I’m tired of playing defense. I want to play offense. I want to take the fight to the terrorists” in March 2001, that was part of an already-engaged war with al Qaeda. Her reference to the hunt for OBL across two, not three, presidencies would seem to discount Clinton’s efforts to capture or kill him.

But that would presumably also mean Condi and Bush were at war when they dismissed the urgency of the August 6, 2001 PDB, titled “Bin Laden determined to strike in US” and discussing preparations for plane hijackings.

Or maybe the reference to a longer war refers to the efforts Clinton made to neutralize OBL after OBL declared war on the US in 1996. If so, it’d sure be nice if Condi said that explicitly, given how many times the Bush Administration claimed Clinton did nothing to hunt down OBL.

Which raises the next question. I agree we’ve spent much of the last 10 years learning how to fight terrorism. Aside from obvious stupid, easily avoidable mistakes like the Iraq War and torture, there’s nothing wrong with admitting that we had to learn to do this right (though we often ignored the lessons that the UK and Israel, as well as other European countries, learned in their earlier counterterrorist fights).

But is Condi admitting that Obama has learned things that the Bush Administration didn’t know?

Richard Clarke: The Chamber Broke the Law

I’m really deep in the weeds on the Jack Goldsmith memo right now (I should have a weedy post up later).

But in case you’re bored w/bmaz’s rant about the assault on Miranda rights, I thought I’d point to this TP post describing Richard Clarke suggesting that the Chamber of Commerce (funded by foreign sources, he notes) may have broken the law in targeting Chamber opponents.

Clarke denounced the scandal in no uncertain terms. Noting accurately that the Chamber “took foreign money in the last election,” a story also uncovered by ThinkProgress, Clarke said the Chamber had conspired to commit a “felony”:

FANG: Hi. You talked a lot about classifying and recognizing cyber security threats, but you mostly focused on foreign threats. I’m curious about a story that broke last month, that the US Chamber of Commerce, the world’s largest trade association, based here in DC, had contracted or attempted to contract military defense firms like HB Gary Federal, Palantir, and Berico, to develop proposals to use the same type of cyber warfare tactics normally reserved for Jihadi websites against left-wing activists, trade — labor unions, and left of center think tanks here in America. What do you think about that type of threat from a lobbyist or a corporation targeting political enemies, or perceived enemies here in the US?

CLARKE: I think it’s a violation of 10USC. I think it’s a felony, and I think they should go to jail. You call them a large trade association, I call them a large political action group that took foreign money in the last election. But be that as it may, if you in the United States, if any American citizen anywhere in the world, because this is an extraterritorial law, so don’t think you can go to Bermuda and do it, if any American citizen anywhere in the world engages in unauthorized penetration, or identity theft, accessing a number through identity theft purposes, that’s a felony and if the Chamber of Commerce wants to try that, that’s fine with me because the FBI will be on their doorstep in a matter of hours.

Now if only we had Feds anymore that would consider busting big business…

Stuxnet: A Way to Nuke Iran without Using a Bomb?

Last week, Russian Ambassador to NATO, Dmitry Rogozin, told the organization that the computer worm Israel and the US devised to ruin Iran’s nuclear program could have led to a catastrophe with the Bushehr nuclear plant like Chernobyl.

Russia said on Wednesday that NATO should investigate last year’s computer virus attack on a Russian-built nuclear reactor in Iran, saying the incident could have triggered a nuclear disaster on the scale of Chernobyl.

[snip]

“This virus, which is very toxic, very dangerous, could have very serious implications,” he said, describing the virus’s impact as being like explosive mines.

“These ‘mines’ could lead to a new Chernobyl,” he said, referring to the 1986 nuclear accident at a plant in Ukraine, then part of the Soviet Union. “NATO should get to investigating the matter… This is not a private topic.”

At first, it seemed like the risk for such a disaster had passed. But the AP has gotten a foreign intelligence report stating that the risk of such a catastrophe remains.

… such conclusions were premature and based on the “casual assessment” of Russian and Iran scientists at Bushehr.

With control systems disabled by the virus, the reactor would have the force of a “small nuclear bomb,” it says.

Which would be rather “neat,” don’t you think? If the US and Israel were to collaborate to pioneer cyberwarfare to effective set off an explosion equivalent to that of a nuclear bomb, all without having to drop the bomb themselves? (The Bushehr reactor is apparently just 12 KM outside of the city of Bushehr, Iran’s chief seaport.)

Richard Clarke provides an explanation (assuming this was not an intentional potential side effect of the US-Israeli plot) for why Stuxnet may still be a risk, in Iran and elsewhere.

Second, the cyber agent Stuxnet was captured and successfully interrogated. That was not supposed to happen. The attack program had built in to it all sorts of collateral damage controls, including instructions to kill itself after a date certain in 2009. Those controls, most unusual in the world of hackers but common in certain countries covert action programs, failed apparently because the weapon’s designers took the collateral damage controls less seriously than they did the ingenious attack. Read more

Jane Mayer to Marc Thiessen: Your Guys’ Ignorance Got Us Attacked

Jane Mayer has a great general purpose slapdown of torture apologist Marc Thiessen love letter to torture. She hits on most of the weaknesses of Thiessen’s arguments: his false claims about what prevented the 2006 liquid explosive plane plot, apologists’ very selective examination of what counts as an attack on American, the silence about Ibn Sheik al-Libi’s (and others’) false confessions, demonstrably false claims that no one at Gitmo was ever tortured.

But there’s a point she makes that really ought to be the focus of push back against all torture apologists: the Bush Administration ignored repeated warnings about the imminent al Qaeda attack in 2001, and any ignorance about al Qaeda–which Thiessen claims was general–belongs to Bush’s top leaders, not the intelligence community.

Thiessen, citing [Michael] McConnell, claims that before the C.I.A. began interrogating detainees the U.S. knew “virtually nothing” about Al Qaeda. But McConnell was not in the government in the years immediately before 9/11. He retired as the director of the National Security Agency in 1996, and did not rejoin the government until 2007. Evidently, he missed a few developments during his time in the private sector, such as the C.I.A.’s founding, in 1996, of its bin Laden unit—the only unit devoted to a single figure. There was also bin Laden’s declaration of war on America, in 1996, and his 1998 indictment in New York, after Al Qaeda’s bombing of two U.S. embassies in East Africa. The subsequent federal trial of the bombing suspects, in New York, produced thousands of pages of documents exposing the internal workings of Al Qaeda. A state’s witness at the trial, a former Al Qaeda member named Jamal al-Fadl, supplied the F.B.I. with invaluable information about the group, including its attempts to obtain nuclear weapons. (Fadl did so without any coercion other than the hope of a future plea bargain. Indeed, the F.B.I., without using violence, has persuaded dozens of other suspected terrorists to coöperate, including, most recently, the Christmas Day bomber.)

In order to make the case that America was blind to the threat of Al Qaeda in the days before 9/11, Thiessen skips over the scandalous amount of intelligence that reached the Bush White House before the attacks. In February, 2001, the C.I.A.’s director, George Tenet, called Al Qaeda “the most immediate and serious threat” to the country. Richard Clarke, then the country’s counterterrorism chief, tried without success to get Condoleezza Rice, Bush’s national-security adviser, to hold a Cabinet-level meeting on Al Qaeda. Thomas Pickard, then the F.B.I.’s acting director, has testified that Attorney General John Ashcroft told him that he wanted to hear no more about Al Qaeda. On August 6, 2001, Bush did nothing in response to a briefing entitled “Bin Laden Determined to Strike in the U.S.” As Tenet later put it, “The system was blinking red.”

(I would add that refusal of Thiessen’s precious CIA to share information about Nawaf al-Hazmi and Khalid al-Mihdhar also prevented us from acting on the biggest lead that could have prevented the attack.)

This point is not repeated enough, perhaps out of some sense of comity toward a guy, Cheney, who has spent the last year (really, his entire life) breaking every rule of comity in DC.

Out of ignorance of al Qaeda, arrogance that only loyal insiders should participate in setting security priorities, and plain old bad judgment about the potential threat of terrorists, the Bush Administration failed to act on clear warnings that we would be hit on 9/11. Those are, not surprisingly, precisely the same characteristics drove us to ignore our experts on interrogation and instead follow the word of a bunch of hucksters who wanted to get rich off of torturing other human beings.

Every time someone like Thiessen attempts to push his propaganda, we really ought to be asking why we should trust the propagandist of the guys who are still trying to overcompensate for having failed in the first place.

Richard Clarke Reminds Cheney and Condi of Their Incompetence

When I saw Condi saying, "unless you were there, in a position of responsibility, you cannot possibly imagine the dilemmas we faced in trying to protect Americans," to Stanford students, my instinct was to remind everyone that she was forced to admit, "I believe the title was ‘Bin Laden determined to attack inside the United States.’"

Richard Clarke, after listening to Cheney and Condi make similar statements for a month, has a similar instinct (and of course, he’s in a position to make the argument more strongly than I). Today, he’s got an op-ed reminding readers of how Cheney and Condi refused to take terrorism seriously until it was too late. And once they did, they overreacted.

He describes the panic with which Cheney responded on 9/11.

I remember that morning, too. Shortly after the second World Trade Center tower was hit, I burst in on Rice (then the president’s national security adviser) and Cheney in the vice president’s office and remember glimpsing horror on his face.

And then he catalogs how the excessiveness of Cheney’s and Condi’s response led to more failures (click through for his discussion of the Iraq debacle).

On detention, the Bush team leaped to the assumption that U.S. courts and prisons would not work. Before the terrorist attacks, the U.S. counterterrorism program of the 1990s had arrested al-Qaeda terrorists and others around the world and had a 100 percent conviction rate in the U.S. justice system. Yet the American system was abandoned, again as part of a pattern of immediately adopting the most extreme response available. Camps were established around the world, notably in Guantanamo Bay, where prisoners were held without being charged or tried. They became symbols of American overreach, held up as proof that al-Qaeda’s anti-American propaganda was right.

Similarly, with regard to interrogation, administration officials conducted no meaningful professional analysis of which techniques worked and which did not. The FBI, which had successfully questioned al-Qaeda terrorists, was effectively excluded from interrogations. Instead, there was the immediate and unwarranted assumption that extreme measures — such as waterboarding one detainee 183 times — would be the most effective.

Finally, on wiretapping, rather than beef up the procedures available under the Foreign Intelligence Surveillance Act (FISA), the administration again moved to the extreme, listening in on communications here at home without legal process. Read more