On the CIA Inspector General's Findings

By Benjamin Wittes
Friday, August 1, 2014, 7:12 AM

I have largely refrained, until now, from wading into the dispute between the Senate Intelligence Committee and the CIA over the mutual hacking allegations, on the theory that the facts were all contested and I couldn't make heads or tails of what had really happened. That changed yesterday with the release of a summary of the CIA inspector general's findings in the matter. There's no getting around it: it's a very upsetting read. The document is brief---one page---and reads in its entirety as follows:

31 July 2014


Prepared at the request of the Congressional Intelligence Committees

On 30 January 2014, the CIA Office of Inspector General (OIG) opened an investigation into allegations that Agency personnel improperly accessed Senate Select Committee on Intelligence (SSCI) staff files and records on the CIA-operated and maintained Rendition, Detention, and Interrogation network (RDINet). Potential violations included Title 18 U.S.C.§ 2511 (Wiretap Act) and 18 U.S.C.§ 1030 (Computer Fraud and AbuseAct). On 30 January 2014, the matter was referred to the Department of Justice (DOJ) and, after review, on 8 July 2014, Justice declined to open a criminal investigation.

RDINet was installed at an Agency facility in June 2009, to support a SSCI review of the Agency’s rendition, detention, and interrogation activities. RDINet was created to allow Agency staff to review documents for production to the SSCI, and to provide appropriate documents to the SSCI staff. Separate electronic shared drives were created on RDINet for use by several entities, including the SSCI Majority and Minority staffs and Agency personnel supporting the review and redaction of documents provided to the SSCI review teams. Following review of relevant documents by the RDI team, responsive documents were then made available to SSCI staff members on their respective shared drives. On 18 July 2014, the OIG completed its administrative investigation and issued a classified report to the Director of the Central Intelligence Agency (D/CIA). The OIG investigation determined essentially as follows:

Agency Access to Files on the SSCI RDINet

Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.

Agency Crimes Report on Alleged Misconduct by SSCI Staff

The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.

Office of Security Review of SSCI Staff Activity

Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on theRDINet system.

Lack of Candor

The three IT staff members demonstrated a lack of candor about their activities during interviews by the OIG. The OIG investigation was limited in scope to review the conduct of Agency officials, and did not examine the conduct of SSCI staff members.

Wow, guys. Improper access to oversight committee computers? Filing a crimes report lacking factual support---apparently misleading the lawyer who filed it in the process? Improperly accessing committee staff email? And then talking to investigators about the whole business in a fashion less than truthful? It's an ugly picture, utterly unlike the recent NSA scandals in apparently involving all sorts of violations of the rules. And it will have repercussions, as it no doubt should.