Interview Philip Mudd

"We have a slow spread of threat -- not strategic threat like we saw on 9/11, more tactical threat, but harder to stop because it's metastasized," argues Philip Mudd, who served in the intelligence community for more than 20 years, including as deputy director of the CIA's Counterterrorist Center (2003-05) and as deputy director of the FBI's National Security Branch (2005-10). If an attack succeeds, Mudd warns, our biggest mistake would be overreacting "in a way that allows this global revolutionary movement to believe that they scored." He is now a senior research fellow at the New America Foundation.This is the edited transcript of an interview conducted on Dec. 1, 2010.

• HIGHLIGHTS
• In an age where global threats are local problems, we need to be able to share and analyze information
• One idea -- focus the FBI on people and plots, and the DHS on infrastructure threats
• The biggest danger is not the threat from Al Qaeda -- it's how we react if an attack succeeds
• "Limiting information access" is not going to happen in the age of Google

What's the difference between a law enforcement officer and an intelligence officer?

Intelligence is the pursuit of knowledge. What do I understand, for example, about the Pakistani nuclear program? A law enforcement officer is someone who looks at a federal violation and says, "How do I use information I collect to make it provable in a court of law?" It's not equivalent to night and day, but it's close.

In between, I would say, is the national security responsibility of a federal officer for a place like the FBI -- not entirely an intelligence officer, because they have law enforcement responsibilities; not entirely a law enforcement officer because they have intelligence responsibilities. ...

Apply that to terrorism in the domestic setting. Is it easily applicable?

I think it is easily applicable, because on the one hand, if you're strictly running a law enforcement investigation, you may say, "Well, Mary Sue has acquired weapons and has acquired them for a purpose that's against the law, and I can prove that with an assistant U.S. attorney in a court."

The evolution of our understanding of national security or domestic intelligence is, Mary Sue might be a case, but she may also be a national security threat. Where'd she get her money? Where'd she get her weapons? Who radicalized her? Who did she radicalize? Did she ever travel? What was that support network overseas?

And the most significant question: Let me not move so quickly on a law enforcement investigation so that I miss the opportunity to paint a picture of the web around her and destroy the entire web, instead of just prosecuting an individual.

So if you apply that to kind of the lowest end of the spectrum, someone who's done something that, according to the DHS [Department of Homeland Security], is suspicious activity, somebody who's taken a photo of a bridge or walked in front of a building too many times -- is that enough to get this ball rolling?

... I don't think the cases we're talking about -- for example, somebody walking in front of a bridge repeatedly -- in a country of civil liberties is sufficient to investigate an individual. You might ask questions next time they're around, stop them: "What are you doing here? Why are you here?" I think that's a fair question.

But in terms of rolling a full investigation, I'd say that's not sufficient. You need some information that suggests the person is contemplating violating the law, I think.

Well, you're probably familiar with the SARS [Suspicious Activity Reporting] Initiative.

Yes.

... They can packet information about you if you're doing something suspicious, add a lot of personal background information and put it in a database that lots of people have access to, even though you really haven't done anything wrong. Is that butting up against our notion of civil liberties and privacy?

I think we have a long ways to go on the SARS Initiative. ... We're going to have a lot of questions, as you say, about how to apply this in a civil liberties environment.

You could look at it, though, from a different perspective, and that is, I don't care about the individual in this case, or individuals who might have looked at a bridge in San Francisco or a bridge in New York. But what if we have a report from a human source in Pakistan that says the next target is going to be bridges on the East and West coasts? You might say, OK, let me figure out if we've seen interesting activity on both coasts over the last 24 to 36 months. And maybe there's a piece of a puzzle here that we ought to relook at again. ...

So that requires a fairly sophisticated analysis -- first of all, flow from foreign to domestic.

That's right.

When you look at the analysis that DHS gives to the states, it's very vague. Under threats to transportation, they just list everything in the world. Is that helpful to local people who really don't have the background?

I suspect local people -- and I've talked to them myself -- would say we have a long ways to go. But that's a different question than saying in the age of globalization, when a threat in Los Angeles might look like a threat in New York or a threat in Minneapolis, how do we gather information to look at national patterns?

After all, this isn't just about terrorism. It's about the spread of violent crime from Mexico, the spread of cartels from Central America. It's about child porn from Eastern Europe. So should we start an initiative that, I would agree, is in its infancy to start looking for patterns of behavior across the United States? I would say the answer is yes. Is it executed well right now? I think most people would say no.

So what are the main problems now?

I think the problem you're going to look at is sophistication of analysis. That is, how do we get precise enough in terms of information we acquire across the United States, but also information that's pushed down from the national level so someone just doesn't get a piece of paper that says, "There might be a threat to a bridge"? I suspect that if you're at a local level, you'd say: "There's a lot of bridges in my neighborhood. What am I supposed to do?"

Now, I would wager, though, and I guess I come at this as an optimist, in five or 10 or 15 years, if we practice this, we'll be at a level where there's trust between state and local and federal, where there's efficiencies in terms of how fusion centers operate. ... Here's the kind of tattoos we're seeing emerging in a Colombian drug gang, for example. Here's the activities of this drug gang. Here's how we would characterize how they might develop in your city. Go look for them. ...

So who should be doing the more sophisticated analysis? Implied in part of that question is, isn't that the FBI's job? ...

Yes, I think that's right. I think in difficult situations, sometimes simplicity helps. I think at its simplest, the FBI follows people who are involved in plotting -- drug cartels, organized crime, white-collar crime, terrorist cells, counterintelligence for major threats overseas. It tries to look at people and say, what are people up to? Are they committing a federal violation? Is there a conspiracy?

I'm going to make it too simple, but I think DHS looks at infrastructure, everything from airplanes coming in and how do we protect them? How do we protect borders? How do we protect things like chemical facilities, nuclear facilities? How do we protect bridges? And how do we communicate with people and corporations to say, "Hey, if you own major hotels in Las Vegas, here's some things you need to think about"? ...

I'm not sure DHS would describe their mission like that. Yes, they have infrastructure, but they're also trying to do the analysis that the FBI does as well.

I think there's still some of that going on, and I think there's a ways to go in terms of clarifying what we would call, inside government, "lanes in the road." I think it takes a lot of leadership over the course of time to do that, and I think if you have aggressive people involved in doing their business, you're always going to have overlap, because they're going to say, "I can do this; I can do it well; and maybe I have a customer who's asking me for this," instead of saying, "Well, a customer asked me; maybe I should pass that request on to FBI or Homeland Security."

But I think people on the inside, my friends, would say the lanes aren't clarified yet. They're clarifying, and it's going to take some breaking of eggs to get it closer to where it should be.

... Is there duplication of effort there? In order to be more effective and efficient, they should just stop doing and move to critical infrastructure?

I think there is, but I think we need to be cautious here. Let me give you an example. On the Mumbai attacks in 2008, in western India, when you had 160-plus individuals die, one of the first investigative questions you're going to have is, are there people in the United States who were involved in that? Are there leads, technical information that might have been acquired in the investigation, for example, that suggests that the conspirators talked to the United States?

That's a people problem, and I'd say that is clearly in the realm of the Federal Bureau of Investigation. That's an investigation of an individual or a conspiracy.

Meanwhile, I'd say there's a clear infrastructure challenge here. And that is, how does the federal government take its analytic capabilities and tell Las Vegas, "Here's what happened in terms of breaching the perimeter; here's what happened inside; here's how these folks took over"? So that clearly, to my mind, is not a bureau responsibility; that's a DHS responsibility.

If you make those lines too clear, though, I'd be afraid that if somebody has the question, "How does an individual exploit a hotel reservation system to figure out what rooms they want to move into?," you might say, well, OK, that's an investigation of maybe an individual in Las Vegas. That's also kind of an infrastructure question: How do you work inside a hotel's systems?

So I think there's a lot of clarification to do, but I also believe that if you try to make the lines too fine, you're going to have things fall through the cracks.

Can we get back to the civil liberties questions again? ... What about the idea, in general, that you're going to have local law enforcement giving information to the fusion centers, who give to the JTTF's [Joint Terrorism Task Force's] Suspicious Activities Reporting. You're going to have citizens doing the same thing.

That's right.

It's all going to get handed to the FBI to really look at.

And to fusion centers at the state level, I think. I think a couple questions come up. The first is the difference between acquiring information about a facility, which I think obviously is perfectly legitimate -- "We had one individual who passed by six times today"; I don't think anyone would say it's inappropriate to collect that -- versus collecting information on that person: "Someone passed by six times today, and we got his license plate number." That's where the question's going to come in.

What's the question?

The question being, that person's done nothing that violates a federal law; why are you collecting information on him? And in a country of civil liberties, people are going to start to ask the question, what are you going to do with that? Are you going to go look at him? And in a country of 50 states with so many fusion centers, there will be mistakes.

I think the answer would be, OK, look, we're at the nascent stages of building this capability. Why don't we take a breath, look at how this capability is being executed, along with civil liberties partners? You need to codify this kind of activity, I would argue. I've seen this for 25 years. With this kind of activity, you cannot offer vague guidelines about how to execute the SARS responsibility.

So again, look at it. Assume there will be mistakes. Red-team it repeatedly, and assume over time that you're going to cut it again and again and again to refine the guidance that fusion centers get. I guarantee, though, there will be mistakes at the outset, because it really is a broad responsibility. ...

You mentioned guidelines. What about training? Is that important?

I think training is significant. But you have to remember, in this country -- and I'm not sure most people in this country recognize this -- we have something like 17,000 to 18,000 police departments. I think it's unreasonable, unrealistic to expect that you can train all these police departments to acquire information for a Suspicious Activity Report that they may never see again. After all, their responsibilities are everything from domestic violence to drug trafficking to rape and teen runaways. Their primary responsibility is not entering a database to say, "I saw somebody looking at a bridge today with a camera, and it looked suspicious."

So I think the key training pieces here are ensuring that people at fusion centers, at things like Joint Terrorism Task Forces, understand exactly what their responsibilities are, that we return to those responsibilities repeatedly in home guidelines, and that we red-team the process to say what can go wrong, what has gone wrong, and what will go wrong. ...

One FBI former official said looking at SARS information is not the way we caught terrorists in the past. It's wiretaps; it's source building; it's pattern analysis.

That's right.

Some are suggesting this is piling hay on the haystack, where there's a needle, the whole SARS process. Is there a worry that you can get diverted and spend too much time on this when it might not be useful?

I'm not certain I'd worry about diversion. I think the real question I saw in government over the course of nine years of a growing counterterrorism architecture is expectations management. One would expect that the bureau and others can manage a high-end counterterrorism investigation, and that they can also manage with overseas organizations -- foreign security services, the CIA, the U.S. military -- trying to understand how people might infiltrate this country. …

So talk about the threat. There is a big volume out there right now about homegrown terrorists. There's different interpretations of that. But right now, it's an overwhelming message that the government wants us all to hear. Now, isn't that trying to stop the next 25-year-old in a basement?

It is. I think we understand this threat episodically. A kid in New York, a kid in Denver, a kid in Oregon. We've seen it in Los Angeles, in Chicago and Miami and Atlanta. We've seen it in New Jersey.

The simplest way to understand this is to understand that Al Qaeda, believe it or not, is not a terrorist organization. Al Qaeda is a revolutionary organization that conducted attacks on Sept. 11 because it wanted to inspire other people to think and act as Al Qaeda does. It wanted to inspire a global movement, and acts of terrorism are inspirational acts for a revolutionary movement. They're not simply acts of terrorism that stand alone.

So what's happened since 9/11? We have not seen a single time a wholly owned terrorist operation run by Al Qaeda, as 9/11 was run, as the Cole attack in Yemen was run against a U.S. ship, as the embassy bombing in 1998 were run in East Africa. What you've seen is revolutionaries in places like Al Qaeda of the Arabian Peninsula in Yemen say, "I've got it; I got the ideological message, and I will act based on the guidance of these revolutionary leaders."

And what you've seen in this country is not groups, not affiliated groups, but individuals, these kids saying: "I've got it, too. I don't like what I've seen in places like Iraq and Afghanistan. I particularly don't like what I've seen in places like Gaza Strip, in Abu Ghraib, and I will participate in the revolution."

So we have a slow spread of threat -- not strategic threat like what we saw on 9/11, more tactical threat, but harder to stop because it's metastasized.

So are we on the right path to trying to stop it? Again, it's almost like we are trying to do everything and throw everything at everything.

I think we're on the right path, with an asterisk. First, there are two things happening in parallel. The first is the continuation of an Al Qaeda threat, which is potentially strategic. The leadership of this organization, if they're not eliminated, will return. They're not going to go home again, ever. So we have to maintain pressure and consistency of effort to destroy the core architecture.

The second parallel activity is the people who have picked up the baton, who have never met an Al Qaeda member and never will in cities across America who say, "I want to build a pipe bomb; I want to build a truck bomb." I think in that case, what we need to accept is, first of all, there's going to be a lot of them; and second of all, we're going to miss one.

When we miss one -- and this is the critical point -- the question is not whether one got through. I mean, it's been remarkable success for a decade. The question is, let's not overreact in a way that allows this global revolutionary movement to believe that they scored. The key way to react is to say: "Another murderer killed another child. He's not a terrorist; he's not a revolutionary; he's not going to Gitmo. He's a murderer." ...

What's your advice then? It seems like the whole system's getting spun up now again because of Oregon, because of Northern Virginia. And there's going to be more money; there's going to be new institutions; there's going to be more task forces. You can feel it happening.

Yes.

Are we playing into the hands again?

I think what we are seeing -- and many of us inside the business were questioning this a year or two ago -- we are seeing the phenomenon not of Al Qaeda but of Al Qaedism in the United States. Post-9/11, you would have worried about Al Qaeda. Iyman Faris, who was going to try to take down a bridge in New York; José Padilla, the kid who showed up in Chicago -- these were Al Qaeda contacts.

Ten years later, you're looking at Al Qaedism, people who have never met an Al Qaeda member but believe in the ideology. The ideology's very persistent. It plays on those images of Abu Ghraib. It plays on images of dead children in places like the Gaza Strip or the West Bank. It plays on images of women being patted down in Afghanistan, very offensive to Muslims. And I think we've got years to go, a decade or more, before this ideology dies out.

So we've got to stay persistent. I'm not suggesting we don't stay persistent against the threat.

My biggest concern, though, increasingly, is not the threat. It's what happens when one of these kids succeeds. Do we continue to create a sense in our society -- and we're going down this road -- that there are Americans and that there are other Americans? This is extremely dangerous, because our ability to absorb these kids feeds into our capability to prevent terrorism. The more we go down a road to saying, "When there's an attack, let's go firebomb a mosque," the more we feed a sense that after someone takes an oath to America he's still not a real American, this will kill us. ...

Why is that so dangerous? Why will that come back to haunt us or kill [us], as you just said?

... The difference between what we're seeing now and what I saw in 2002 or 2003, with core Al Qaeda members, the leadership of Al Qaeda, core Al Qaeda members are smart, they're committed, and they're ideologically motivated after years, in some cases decades, of being indoctrinated among their friends. They believe.

The kids now -- and this is a really critical distinction if you talk about the phenomenon of terrorism to psychologists -- they think they're ideologically motivated; they're not. They're emotionally motivated. People talk to them about the ideology in superficial ways. Then they show them images of Abu Ghraib, and a kid says, "I'm really angry; I want to do something."

Things that feed this emotional anger -- "I wasn't given a job, I think, because someone said I'm a Pakistani American; I'm not an American," or, "They just firebombed my mosque," or, "I got on a plane, and I was the only person who was secondaried, and I know it's because I have a funny name," when you have kids who are emotionally motivated, these factors contribute to a kid saying: "I'm not really a member of this society. ... I'm angry, and I want to do something about it."

So what's the solution to that?

I think the solution, again, is a public dialogue that says, look, we've gone through waves of immigration in this country, and people have been ostracized for centuries. Puritans left -- let's not go deep in this, but they left because they were ostracized. And then you go into the 19th century; Irish and Italians were looked down upon as dirty immigrants.

Now we have a further wave of folks in a country that is made up of immigrants, that is occasionally looked down on, or potentially looked down on, and there's an avenue for them to express themselves that's not new, but nonetheless it's cresting. And that is terrorism.

So I think we have to look at our history and say, we have a history of absorbing people like this. And the more we can absorb them, the more we can talk about this as part of American fabric, American values, the less potential you'll have for a kid saying, "I don't belong here, and I'm going to do something about it." …

I thought that [fusion centers] originally were supposed to be just terrorism, but there's not enough business for that.

That's correct, yes. I think a lot of people are saying this is all threats. And if you're servicing a state government -- if I were running a fusion center, I'd say, OK, I'm in a customer business. The customer needs to understand the spread of drug cartels, and it's the same kind of analytic methodology you would use for terrorism. Why don't we ensure that we serve the customer by using the resources we have to work on all kinds of sophisticated problems that no single jurisdiction can handle?

So it's a good thing that they --

I think so. But again, we have to be careful about policies and procedures. And we have to ask ourselves the more [important] question, where's the value added? ...

Which we're not quite doing yet.

I think we're not doing that yet. I wouldn't throw the baby out with the bathwater. ...

Can I have you step back, as we'd say, get up the highest altitude here, and look at what the United States has put in place, not just domestically but toward the foreign threat, since 9/11? How big is it? The whole system that has been created, the military system, the intelligence world, the domestic intelligence. On Sept. 12, could you have imagined that it would be this big?

Probably not. I think I'd break down the system in sort of three steps; they're concentric circles. The first is you chase the adversary where they are. That's the U.S. military; that's the CIA and others in places like Afghanistan and Pakistan and Indonesia and the Philippines and the Arabian Peninsula, Horn of Africa. And the sister piece of that is cooperation with sister services around the world. And there is behind-the-scenes cooperation. I think if people saw it, they would say it's quite remarkable. There's not an international coalition of security services, but one-on-one we talk.

The second ring is to say if you miss them overseas, you've got to stop them at the border. That's hardening cockpit doors; that's biometric passports; that's changes in systems that look at names of passengers.

The third is, if you miss them overseas and you miss them at the border, how do you find them in Los Angeles or Little Rock? That's Joint Terrorism Task Forces; that's investigating every time you get a lead that somebody might be involved in building a pipe bomb. I think, by and large, you get efficiency when you have a known target; that is, a known terror cell in Pakistan, a known terror cell in Little Rock, Ark.

I think the real question over time is, how much energy do you spend on unknowns? ... That's a really inefficient way to use resources. I'm not saying it's wrong; I'm saying it's very inefficient to sort through. We've got 330 million people or something in this country, in a land of civil liberties, and people can do what they want and speak. Hate speech isn't enough to look at somebody. ...

The broader question is, what risk are we willing to take to have somebody stand up on a podium after a shopping mall is attacked to say: "Look, we can't stop every one of these. We'll go prosecute this kid. Everybody should go out and shop tomorrow. This is not a threat to our national security"? ...

One of the other things I've noticed is police departments are crazed about new technology -- automatic license readers, standout biometrics, all-source intelligence linking or data fusion. A lot of it was perfected on the battlefield, and now it's coming here. You talk about civil liberties. At some point, you can buy a lot of commercial data and put it into your database, combine it with crime data. You're going to have a web of information about you, an individual who hasn't been charged with anything, just because it's there.

That's right. And I have that as a private citizen. I can find out a lot about you on Google. The question is not whether that data is out there. Look, we're in an electronics age. That data is going to be out there. The question is, first, how do you have very clear and precise policies for how you exploit that data? And second, what do people anticipate their federal security service should do? ...

I think limiting information access is a task that's not going to happen. In the age of information explosion, forget about it. The question's going to be, how do we manage the amount of information we have? People say, "You're keeping records on X, Y and Z." I'll say: "Hey, get on Google; get on Google Maps; get on Google Earth. Get into commercial software that looks at how to investigate somebody's telephone number." You've got to be kidding me.

It's interesting. When we're running investigations, the difference between investigations at the agency and the bureau, in the agency your pursuit is knowledge. And you can develop an architecture, for example, for looking at information on human source information or phone information or e-mail information. But your pursuit is to answer a question. In the bureau, your fundamental question is, what's the right thing to do? And under that rubric, how do I go ahead and conduct an investigation?

I argue with folks who talk about domestic intelligence. Intelligence is a pursuit of knowledge. There's domestic security in this country; how do we make the country more secure? But there is no unadulterated pursuit of knowledge that a classic intelligence organization would conduct.

But do you see that developing?

No. I have a hard time imagining. I mean, it's in the DNA of people who are involved in investigations. And you also have Department of Justice oversight. You have, in essence, media oversight. You have congressional oversight. There's going to be mistakes. We saw them in the '70s; we saw them in the '80s; we've seen them in the '90s; we've seen them in the war on terror.

But they're not systematic. There is a fundamental approach in the national security architecture in this country that says people have rights not to be investigated if they ain't done nothing wrong. And I just can't, having been on the inside for so many years, I can't see that changing. That's just woven into the architecture of America. ...

You can't FOIA [Freedom of Information Act] SARS. You can't say to the system, "Am I in there?"

I think the more fascinating question is -- and I want to sort of copyright this phrase -- is the globalization of identity. By that I mean, you're talking about that mass of data, ... the amount of data, year by year, that a human being gives off in the course of daily life, from buying your groceries to getting on the Internet to buying your gas. You think about every act you make during the day with a cell phone, with a SIM card, at the gas station, at the grocery store, at the bar, at the bookstore, when you travel, when you use your passport.

The ability to build a picture around a human being, I think that's a more fascinating story than how government might or might not abuse information in a SARS database over time.

But that's part of the question, because if the SARS database can include that profile now, without a precursor to an investigation, they can just put it in there because it's available.

That's true. I'm talking more about, OK, foreign security service says: "This guy, Jimmy X, in Minnesota has been in touch with one of our guys, and the guy that we're looking at in our country is a certified bad guy. He's been to Pakistan for training," etc.

Over time, the digital exhaust that that individual in Minnesota is giving off is going to allow us so quickly to draw a three-dimensional picture and develop an understanding -- is there a conspiracy or not? In the past, you would have had to put shoe leather on the ground to say, "Does he have contacts, conspirators?"

Now, within 24, 48 hours, already -- and we're in the infancy of this information revolution -- I can draw a picture around you based on financial data, phone data, etc., that very quickly shows me who's your circle, where did you travel, where did you spend, what did you acquire at the beauty shop. Did you acquire materials that were used in other bombs in places like London or attempts in places like New York City? Why did you acquire that if you were in contact with somebody who got training in Pakistan?

It's amazing. And we're just at step one of our ability to draw a picture around a subject.

So in order not to abuse that and go way in the wrong direction, what do we need?

I think you have to have oversight, things like the Department of Justice, the Director of National Intelligence, Congress, to look at how you conduct an investigation. ...

If we can certify through a process that someone is in contact with a bomb maker, I confess, I'd say, "Let's go look at this guy." Now, you may not go all the way and say, "I'm going to look at his e-mail traffic." You may say, "OK, I want to put people on the street and watch his travel patterns," etc. I'm not that worried about that. I'm sure that they will make mistakes.

The question over time is going to be, what's appropriate in terms of drawing a needle out of a haystack: looking at Facebook stuff, looking at entry and exit on passports, looking at SARS data? I think that's the big question of the future, and that's an oversight question.

But the boring part is that's a policies and procedures question. The people looking at that, the precision of the guidance they receive has to be quite high. You cannot give somebody a whole football field of maneuver when you're looking for an unknown in a haystack.

You talked about having clear procedures, but you also have 50 states that have at least 50 different ways to look at this.

That's right. I think you're going to have some questions -- and I'm talking over the course of years and decades, potentially here -- about how we conduct investigations. ...

One issue is local authority in this country, which is going to be tough to break. The other issue is globalization of threat means that you're going to be seeing increasingly local jurisdictions dealing with national problems, whether it's child pornography or organized crime.

So I think there's going to have to be some coordination on how we look at these problems. For example, when you're seeing a cartel start to move across the United States, you don't want every single jurisdiction saying, "I'm going to build my own analytic understanding of how this cartel works." That's where things like fusion centers and the FBI and DHS come in.

The other issue I think that's going to be significant is, in the age of technology explosion, figuring out how to absorb fingerprint technology or passport technology or recognition of license plate technology. Having each jurisdiction figuring out how to absorb that technology, to me, seems incredibly inefficient.

So what kind of architecture do you want to put in place to say, with jurisdictions that feel a freedom and a right to operate on their own, to say, look, with increasingly globalized threats and with higher-end technology, how can we develop maybe a more efficient law enforcement system in this country that gets away from where we were decades ago, when you can conduct a local investigation against a local problem and you also didn't have the levels of technology you have today?

I don't know what the answer is, but I know it's a question that's going to come up. ...