GovExec.com
DAILY BRIEFING December 7, 2005
Army project illustrates promise, shortcomings of data mining
By Shane Harris, National Journal
In the spring of 2000, a year and a half before the 9/11 attacks, Erik Kleinsmith made a decision that history may judge as a colossal mistake.
Then a 35-year-old Army major assigned to a little-known intelligence organization at Fort Belvoir in Virginia, Kleinsmith had compiled an enormous cache of information -- most of it electronically stored -- about the Al Qaeda terrorist network. It described the group's presence in countries around the world, including the United States.
It was of great interest to military planners eager to strike the terrorists' weak spots. And it may have contained the names of some of the 9/11 hijackers, including the ringleader, Mohamed Atta.
The intelligence data totaled 2.5 terabytes, equal to about 12 percent of all printed pages held by the Library of Congress. Neither the FBI nor the CIA had ever seen the information. And that spring, Kleinsmith destroyed every bit of it.
Why did he do that? And how did a midlevel officer in a minor intelligence outfit obtain that information in the first place? Those questions lie behind the latest phase of a simmering controversy in Washington: whether something could have been done to prevent the terror attacks of September 11.
Kleinsmith worked for an Army project code-named "Able Danger." This past summer, a number of former project members -- none of whom had worked for Kleinsmith -- came forward to say that Able Danger had identified Atta and linked him to a convicted terrorist who is still serving time in federal prison for his role in the 1993 bombing of the World Trade Center.
The Able Danger members recalled charts showing names and pictures of suspects, and their links to each other. Rep. Curt Weldon, an outspoken Pennsylvania Republican and longtime supporter of intelligence reform, has demanded to know why the charts were never shared with an agency positioned to halt the attacks.
He also points out that the 9/11 commission failed to include any mention of Able Danger in its final report, which is regarded as an authoritative history of the attacks. The Pentagon searched more than 80,000 documents and found no chart with the name "Mohamed Atta." Weldon has accused the government of a cover-up and called for a criminal investigation.
But Able Danger, for all its intrigue, is just one piece of the unusual intelligence practices that Kleinsmith was engaged in, years before 9/11. In the late 1990s, Kleinsmith was the chief of intelligence for the Army's Land Information Warfare Activity, a support unit assigned to the Intelligence and Security Command. LIWA had broad authority to assist the Army and all military commands in conducting "information operations," a broad discipline that includes information warfare, public deception in combat, and intelligence analysis.
The Army's hub in this effort was the aptly named Information Dominance Center, based at Fort Belvoir. Since the late 1990s, the IDC has been home to some of the most innovative, unconventional, and controversial minds in the intelligence business. In its futuristic-style building -- its interior spaces designed by a Hollywood set artist to mimic the bridge of the starship Enterprise, complete with a large captain's chair in the center of the main room -- the IDC covered a range of topics.
Analysts tracked computer hackers who were targeting military networks, watched for potential avenues of Chinese government espionage, and charted the working relationships among foreign terrorists. To do this, the IDC relied heavily on a novel technique called "data mining."
On a recent afternoon at a coffee shop in Springfield, Va., not far from the IDC, Kleinsmith explained how data mining works. Putting pen to paper, Kleinsmith sketched clumps of circles, then surrounded some with concentric, wavy perimeters, until he'd drawn a crude version of a topographical map.
In data mining, he explained, a powerful search engine is used to "harvest" tens of thousands of Web pages that contain key words of interest -- "Al Qaeda" and "bin Laden," for instance. Another tool, called a data visualization program, then creates a three-dimensional map showing which words appear most often and how they relate.
The features and contours of the map tell an analyst about the underlying information's significance, Kleinsmith said. High peaks represent words that appear frequently. Peaks close together signal words that share some context. The analysts can click on a peak and pull up the information that helped create it. With data mining, analysts don't just read information, they "see" it. Kleinsmith called this kind of data mining "intelligence on steroids," and it was the IDC's hallmark.
Data mining works best with large sets of information, so it's particularly useful for Internet searches. At the IDC, Kleinsmith and three colleagues mapped Al Qaeda for Able Danger by mining open sources and fusing their results with classified government intelligence. But in addition to the mass of information they returned on suspected terrorists, they collected thousands of names of U.S. citizens.
People's names and personal information litter the Internet. Data harvesting, by its very nature, is indiscriminate and sweeping. Unavoidably, along with "Osama Bin Laden," an often-mentioned name like "Bill Clinton" will be harvested. That says a lot about the power, and the limits, of data mining, and why Kleinsmith destroyed what he had; the military is not supposed to be gathering information on U.S. citizens.
A First Test
From its earliest days, the IDC was a haven for renegades who wanted to use technology to step outside traditional intelligence-gathering, which relies heavily on classified sources and labor-intensive analysis. The center had high-level champions, including Lt. Gen. Keith Alexander, who from 2000 to 2003 directed the Intelligence and Security Command, the IDC's parent. Alexander now heads the National Security Agency, which operates the most-sophisticated electronic eavesdropping devices in the world.
Alexander also worked closely with James Heath, who headed the IDC in the late 1990s and whom former employees recall as a mix of driven genius and mad scientist. According to one such former employee of the center, Heath saw the IDC as "an experimentation table" on which to try out all kinds of new tools, depending on what the Army wanted at the time. Analysts and technicians worked together, "speaking the same language" and building useful data-mining tools. This dynamic didn't exist in other intelligence agencies, the former employee noted.
The IDC earned a reputation for innovation, but it also stepped over the bounds of traditional military intelligence. One of its first outside fans was Curt Weldon. Rep. Weldon had been advocating a "national collaborative center" to fuse law enforcement and intelligence units, and their information, from across the government.
In 1997, as the U.S. intervened in the Balkan War, senior Russian officials wanted Weldon (who had had good and long-standing contacts with the Russians) to meet in Belgrade with Yugoslavia's then-president, Slobodan Milosevic, to negotiate a peace settlement.
As Weldon stated on the House floor in 2002, the Russians offered to arrange a meeting between Weldon and Dragomir Karic, a rich Serb closely tied to Milosevic. Perhaps, the Russians said, Karic could act as a go-between with the Serbian president. But according to Weldon, State Department officials said they'd never heard of Karic, and thought the meeting was a ploy to manipulate the congressman.
Weldon met with Karic on neutral territory, in Vienna. But before leaving the States, he asked then-CIA Director George Tenet for background on the Serb. Tenet "called me back the next day and gave me two or three sentences ... and said they thought he was tied in with the corruption in Russia, but did not know much else about him," Weldon said.
Unsatisfied, Weldon contacted his "friends at the Information Dominance Center," which he considered a model for his own intelligence collaboration venture. The IDC "came back to me with eight pages about this man," who the analysts said "was very close to Milosevic personally." Former IDC employees confirmed that they provided Weldon with detailed information on Karic.
The talks with Karic bore no fruit. But when Weldon returned to Washington, he said, the FBI and CIA asked to debrief him on what he knew about Karic. Weldon delivered a thorough dossier.
"I told them that there were four Karic brothers; that they were the owners of the largest banking system in the former Yugoslavia; that they employed some 60,000 people; that their bank had tried to finance the sale of an SA-10 [missile system] from Russia to Milosevic; that their bank had been involved in a $4 billion German bond scam; that one of the brothers had financed Milosevic's election; that the house Milosevic lived in was really their house; that, in fact, the Karic brothers' wives were best of friends with Milosevic's wife; and that they were the closest people to this leader."
Surprised to hear such details on a man they barely knew of, the agents presumed Weldon got the information from the Russians. When he told them that the facts came from the Army's Information Dominance Center, Weldon recalls, the agents replied, "What ... is the Information Dominance Center?"
The event convinced Weldon that the CIA and the FBI didn't "get it," and that the IDC was the wave of the future. He became its biggest proponent in Congress, and sang its praises to the highest levels of the Defense Department.
After Weldon submitted the Karic dossier, word of the IDC's work spread outside the Army realm, Kleinsmith said. He had put just two analysts on the Weldon project, and they had taken only a day to generate the Karic profile. It "shocked me that we were outdoing these other organizations," namely the CIA, Kleinsmith said.
The China Problem
Intrigued with the Karic work, senior Pentagon officials decided to see if the tiny band of analysts could prove their mettle on a bigger problem. Officials were concerned about the possible leakage of U.S. military technology abroad, through unauthorized exports or through espionage. In the spring of 1999, the Pentagon "initiated a onetime project, to use data-correlation tools to decide if we could use those methods as a superior approach for counterintelligence," said John Hamre, the deputy Defense secretary at the time. "It was an experiment."
The people involved said the experiment looked specifically at technology transfers to China, whose military posed the gravest post-Cold War threat to the United States. Kleinsmith says the particular technology the IDC researched was arbitrary. "I think we flipped a coin" to decide. The point was to show the Pentagon that data mining could identify front companies, potential leaks of technology, and other vulnerabilities. "What we found was absolutely enormous," Kleinsmith said.
Former IDC employees and others familiar with the work say the China research exposed a variety of avenues through which military technology designs could end up in Chinese government hands. The IDC created a diagram showing how organizations and people in the United States were connected to the Chinese. Hamre had visited the center, and according to Weldon, reported back, "It is amazing what they are doing there."
The experiment "went well," the former IDC employee said. "Unfortunately, it went too well." During construction of those link diagrams, the names of a number of U.S. citizens popped up, including some very prominent figures. Condoleezza Rice, then the provost at Stanford University, appeared in one of the harvests, the by-product of a presumably innocuous connection between other subjects and the university, which hosts notable Chinese scholars.
William Cohen, then the secretary of Defense, also appeared. As one former senior Defense official explained, the IDC's results "raised eyebrows," and leaders in the Pentagon grew nervous about the political implications of turning up such high-profile names, or those of any American citizens who were not the subject of a legally authorized intelligence investigation. Rumors still abound about other notable figures caught up in the IDC's harvest. "I heard they turned up Hillary Clinton," the official said. The experiment was not continued.
"We determined that there were significant methodological problems," Hamre said of the IDC's techniques. Data-correlation analyses on raw information "produce impossibly large numbers of potential correlations. The numbers are too large to be operationally helpful."
But it appears not everyone in the military establishment agreed. Over the next several months, Kleinsmith estimated he gave more than 200 briefings on the IDC to members of Congress, generals, and senior government officials. "I could tell in three to four minutes if someone 'got it,' " Kleinsmith said. Hamre got it, he noted. And so, it seems, did officials with the Army's Special Operations Command, who, despite the unease over the China experiment, came to the IDC asking for information about a then-shadowy organization called Al Qaeda.
Able Danger
In the fall of 1999, top officials in the Special Operations Command were looking for a way to take the nascent fight on terrorism to its source. Al Qaeda had recently destroyed the U.S. embassies in Kenya and Tanzania. Special Operations' top officers, including the commander, Gen. Peter Schoomaker, "wanted the mission of 'putting boots on the ground' to get at [Osama] bin Laden and Al Qaeda," according to the 9/11 commission report.