Promoted from the diaries by Steven D.
A couple of days ago, I wrote a piece on American intelligence agencies, a brief run-down of all the different organizations and what role they played.
In the course of doing the research for that story, I came across a unit I’d never heard of before, the DIA’s Counterintelligence Field Activity (CFA), and their program the Joint Protection Enterprise Network (JPEN).
When I went to the internet to do find more information about JPEN, I was surprised to see that Google had a total of only 293 hits, one of which was from my own blog. You know darn well that when Google doesn’t return several thousand hits that you’re dealing with something relatively unknown. Yet my investigation has discovered that JPEN is tied into the recent NSA wiretapping scandal.
In short, JPEN is a simple computer program that runs across an internet-like interface (via ordinary browsers) that is very simple to use. It was brought online by the Pentagon shortly after 9/11/01 in a very rapid manner because it used commercial software that was only slightly modified.
You can read the full description of what JPEN does here. When you strip out the military jargon, JPEN is essentially a database of gossip used by Department of Defense employees, especially those who staff the entrances to military bases and facilities.
For example, if a “suspicious car” approaches the entrance to Fort Belvoir (outside of D.C.), a military police (MP) officer can log the license plates. Then if the same car approaches Andrews Air Force Base (also near DC), the MP’s there can log onto JPEN and see that the same car was involved in a suspicious event.
The theory behind JPEN is that just about any DOD employee can log onto JPEN, using its simple and easy-to-use internet interface, and cross-check or add information about suspicious events. The military term used is “nonvalidated domestic threat information”, which in more common language means “anything and everything that someone thinks is suspicious”.
General Richard B. Myers, the Chairman of the Joint Chiefs of Staff, gave a speech on May 11, 2004 which discussed JPEN:
How many of the folks in this room know anything about JPEN? If you don’t know about JPEN, then you’ve got to go take a look at it. The Joint Protection Enterprise Network, it can be focused on anything, but right now, we’re focused on security at military installations. We figured out some years ago that we didn’t really have a good way to share information between our militaries on force protection issues. For example, if a suspicious-looking vehicle is denied entry to Fort Belvoir, that event will be logged by the United States Army at Fort Belvoir. What do you think the probability of that information getting to Fort Myer, or Andrews or Bolling is? It’s not easy to get there – it might be in an email or letter somewhere or a report. So, we had some really smart people come up with a solution, JPEN. If you haven’t seen it you really ought to go see it. It’s really quite interesting.
It was relatively cheap; it was also off-the-shelf software that was modified. It was born Joint from the beginning. It took 90 days to get from the idea to a prototype and another 60 days to get 30 bases and headquarters equipped. NORTHCOM is operates it. I think we need to continue that type of information sharing outside the military; it’s got to go beyond just military installations. It’s sharing information that is already out there, the kind of information you’d like to know if you’re an installation commander somewhere.
The bolding was added by me. General Myers knew that JPEN was considered a valuable tool because so many people could add information to the JPEN database and so many people could access it. And he wasn’t kidding about his dreams for expanding its usefulness beyond security for military installations.
Just a day later, General Myers addressed the U.S. Senate Committee on Appropriations:
In an effort to improve the security of US military installations and personnel around the world, the Joint Staff has created the Antiterrorism Enterprise Portal, an evolving web-based portal that aggregates the resources and programs required to support the DOD Antiterrorism Program. This portal is fast becoming DOD’s one-stop location for antiterrorism/force protection information. A program that complements this portal capability is the Joint Protection Enterprise Network (JPEN). Operated by NORTHCOM, this network provides the means to share unclassified force protection information rapidly between military installations in the Continental United States, increasing their situational awareness and security significantly. Although currently operating only on military installations, JPEN has the potential to be expanded to share terrorist information with Federal, State and local agencies as well.
The WOT requires collecting relevant data and turning it into knowledge that will enable us to detect and preempt the plans of an elusive, skilled enemy dispersed across the globe. Although many obstacles remain, we are making significant progress in the area of information sharing. The Joint Intelligence Task Force for Combating Terrorism (JITF-CT) at DIA is a prime example of effective intelligence cooperation in the WOT. In the area of counterterrorism, we are making significant progress toward transparency and full information sharing. JITF-CT has experts from 12 intelligence and law enforcement organizations, and JITF-CT personnel are embedded in 15 other organizations, including some forward deployed personnel.
Got it? JPEN started out as a kind of internet for MP’s to cross-reference information about suspicious activity between people who guard military bases. However the military loved its flexibility, scalability and usefulness so much it became something they wanted other groups to use.
General Myers spoke accurately when he said it has the “potential” to share “terrorist information” with other federal agencies as well as local law enforcement. Notice how “unverified reports” suddenly have transformed into “terrorist information”?
JPEN is officially under the command of NORTHCOM, the division “responsible for all U.S. military operations in the United States, Mexico, Canada and the northern Caribbean”. In other words, it is in charge of the domestic affairs of the military and has nothing to do with Iraq, Afghanistan or any other overseas mission.
From NORTHCOM‘s own website:
“JPEN represents a significant ability to quickly share vital antiterrorism information in direct support to those on the front lines of force protection throughout this country,” said Maj. Gen. Dale Meyerrose, USNORTHCOM director of architectures and integration. “This system directly supports the USNORTHCOM mission of deterring, preventing and defeating terrorism against our Department of Defense assets.”
Noting homeland defense relies on actionable intelligence sharing at all government levels, Meyerrose said the information sharing culture must change from “the need to know to the need to share.”
Information shared in JPEN includes reports of suspected surveillance of military facilities; elicitation attempts and suspicious questioning; tests of security; unusual repetitive activities; bomb threats; and other suspicious activity. Additionally, JPEN can report incidents such as chemical, biological, radiological, nuclear alarms or alerts; fire and bomb explosions; vehicle turn-rounds; and force protection conditions.
“Information sharing provides military force protection personnel immediate access to the current threat environment and how it might affect their installation which allows them to respond more rapidly to changing threat conditions,” Meyerrose said.
The general noted USNORTHCOM plans to expand JPEN DoD-wide within its area of responsibility over the next two years.
“JPEN will become one of the tools in our standard antiterrorism and force protection toolkit used by all services and the 16 DoD field activities within the NORTHCOM area of responsibility.”
In other words, the DOD wants to roll out JPEN throughout all of its facilities in the United States so it can share unverified reports about just about anything, including “suspicious activity”.
So far that seems like a fairly good thing to do. After all, its the military’s job to guard its own bases and facilities. The problem of course is that colossal databases (of unverified reports) are just too juicy not too share.
And friends, that’s just what they did. From a January 1, 2006 article by Walter Pincus in the Washington Post:
Information captured by the National Security Agency’s secret eavesdropping on communications between the United States and overseas has been passed on to other government agencies, which cross-check the information with tips and information collected in other databases, current and former administration officials said.
The NSA has turned such information over to the Defense Intelligence Agency (DIA) and to other government entities, said three current and former senior administration officials, although it could not be determined which agencies received what types of information. Information from intercepts — which typically includes records of telephone or e-mail communications — would be made available by request to agencies that are allowed to have it, including the FBI, DIA, CIA and Department of Homeland Security, one former official said.
At least one of those organizations, the DIA, has used NSA information as the basis for carrying out surveillance of people in the country suspected of posing a threat, according to two sources. A DIA spokesman said the agency does not conduct such domestic surveillance but would not comment further. Spokesmen for the FBI, the CIA and the director of national intelligence, John D. Negroponte, declined to comment on the use of NSA data.
DIA personnel stationed inside the United States went further on occasion, conducting physical surveillance of people or vehicles identified as a result of NSA intercepts, said two sources familiar with the operations, although the DIA said it does not conduct such activities.
The military personnel — some of whose findings were reported to the Northern Command in Colorado — were employed as part of the Pentagon’s growing post-Sept. 11, 2001, domestic intelligence activity based on the need to protect Defense Department facilities and personnel from terrorist attacks, the sources said.
Northcom was set up in October 2002 to conduct operations to deter, prevent and defeat terrorist threats in the United States and its territories. The command runs two fusion centers that receive and analyze intelligence gathered by other government agencies.
Those Northcom centers conduct data mining, where information received from the NSA, the CIA, the FBI, state and local police, and the Pentagon’s Talon system are cross-checked to see if patterns develop that could indicate terrorist activities.
Talon is a system that civilian and military personnel use to report suspicious activities around military installations. Information from these reports is fed into a database known as the Joint Protection Enterprise Network, which is managed, as is the Talon system, by the Counterintelligence Field Activity, the newest Defense Department intelligence agency to focus primarily on counterterrorism. The database is shared with intelligence and law enforcement agencies and was found last month to have contained information about peace activists and others protesting the Iraq war that appeared to have no bearing on terrorism.
Connecting the dots, the NSA did surveillance on Americans, including peace activists, and this information was then plugged into JPEN and other databases, which led to the DIA conducting physical surveillance on these people. That “data mining” that Northcom does is JPEN, run by the Pentagon’s CFA agency, effectively meaning the military is running a massive counterintelligence operation on American soil.
Pincus also adds these key paragraphs:
Military officials acknowledged that such information should have been purged after 90 days and that the Talon system was being reviewed.
Gen. Michael V. Hayden, deputy director for national intelligence and former head of NSA, told reporters last month that the interception of communications to the United States allegedly connected to terrorists was, in almost every case, of short duration. He also said that when the NSA creates intelligence reports based on information it collects, it minimizes the number of Americans whose identities are disclosed, doing so only when necessary.
“The same minimalizationist standards apply across the board, including for this program,” he said of the domestic eavesdropping effort. “To make this very clear — U.S. identities are minimized in all of NSA’s activities, unless, of course, the U.S. identity is essential to understand the inherent intelligence value of the intelligence report.” Hayden did not address the question of how long government agencies would archive or handle information from the NSA.
So not only is illegal NSA wiretapping information being collected, it’s being distributed via the JPEN network to other federal agencies and local law enforcement and it’s being archived longer than the legally permitted 90 days. Which means that Mr. Innocent Quaker Peace Activist’s name is now floating around a military counterterrorism database, which Joe Trooper can pull up whenever he makes a traffic stop.
Props go to William Arkin, who was on the case a few days before:
The Department of Defense now says that analysts may not have followed the law and its own guidelines that require the purging of information collected on U.S. persons after 90 days. The law states that if no connection is made between named persons and foreign governments or transnational terrorist organizations or illegal activity, U.S. persons have a right to their privacy and information about them must be deleted.
Thanks to RL, I now know that the database of “suspicious incidents” in the United States first revealed by NBC Nightly News last Tuesday and subject of my blog last week is the Joint Protection Enterprise Network (JPEN) database, an intelligence and law enforcement sharing system managed by the Defense Department’s Counterintelligence Field Activity (CIFA).
What is clear about JPEN is that the military is not inadvertently keeping information on U.S. persons. It is violating the law. And what is more, it even wants to do it more.
Follow-up reporting on the Pentagon spying story — both by this newspaper and by the New York Times — mistakenly refers to the suspicious incidents database that I obtained for the time period July 2004-May 2005 as the TALON database, for the Threat and Local Observation Notice reporting system.
TALON, according to the Pentagon, is merely a non-threatening compilation of “unfiltered information.”
The data on incidents is used “to estimate possible threats,” DOD says. “It is in effect, the place where DOD initially stores “dots,” which if validated, might later be connected before an attack occurs,” the department says in a written statement prepared for reporters.
“Under existing procedures, a “dot” of information that is not validated as threatening must be removed from the TALON system.”
But JPEN is more than just a compilation of TALON’s. It is a near real-time sharing system of raw non-validated force protection information among Department of Defense organizations and installations. Feeding into JPEN are intelligence, law enforcement, counterintelligence, and security reports, TALONs as well as other reports.
So now the larger picture is emerging. JPEN is the military’s “mother of all databases” of domestic terrorism information and it is now archiving those reports beyond the legally permissible 90 days. And remember folks, this database is chock full of unverified information.
The fact that George Bush has been using the NSA as his own private spy network, bypassing even the need to consult a secret court or judge, is certainly bad. But it’s even worse to know that this information is being funnelled into the military, who now has an entire agency focusing on domestic spying and surveillance, based on an enormous data mining project.
I’ll leave you with a quote from the 9/11 Commission Hearing (1/26/04):
MR. BEN-VENISTE: Does NORTHCOM have an intelligence capability? Does it have its own intelligence unit?
MR. VERGA: It has its own intelligence analysis capability, as do all our Combatant Commands. The J-2 in military jargon is the intelligence officer for the command, and they take intelligence product and analyze it based on the particular command’s mission. We collect intelligence only in accordance with the applicable laws, which restrict the collection of intelligence inside the United States, principally to counterintelligence in conjunction with the FBI.
MR. BEN-VENISTE: So if I understand you correctly, the Department of Defense interprets its mission on NORTHCOM with respect to force protection or any other traditional intelligence component of a command, such as NORTHCOM if it were outside the United States, to restrict the military from the collection function.
MR. VERGA: Yeah. From the gathering and collecting of intelligence inside the United States, that’s correct.
MR. BEN-VENISTE: And it is, however, a customer of collected intelligence. Is that correct?
MR. VERGA: That’s correct as well.
MR. BEN-VENISTE: In looking at your detailed statement, at page 8 you list a pretty good shopping list that goes on to page 9 of examples of technology transfer specific to the areas of border and transportation security, where the Department of Defense is making a contribution. Do you anywhere indicate the data-mining project that was initiated at DARPA or was then brought through this Total Information Awareness which became Terrorist Information Awareness under Admiral Poindexter?
MR. VERGA: I did not indicate that in my written statement, nor have we passed that technology on to any other agencies as of this time. There are two very similar programs, that one which is the opportunity to use — I don’t like the term data-mining, but data correlation I think is probably a more appropriate term — data correlation techniques to do exactly what the Commissioner talked about doing manually post-9/11 but doing it in an automated basis. We also have a joint protection enterprise network which is a DOD network which we use for force protection purposes, which is the ability to exchange relevant information among the military commands associated with force protection inside the United States.
MR. BEN-VENISTE: Was there some — that program that had been initiated in DARPA, is that continuing?
MR. VERGA: The research on that is continuing as of now.
MR. BEN-VENISTE: Okay. And if Northern Command is a customer for collected intelligence, does that include intelligence about U.S. citizens?
MR. VERGA: Only to the extent that it’s permitted by law for NORTHCOM to have information about U.S. persons. We conduct all of our intelligence activities inside the United States or outside the United States in accordance with the applicable law, and there are —
MR. BEN-VENISTE: I understand.
MR. VERGA: There are restrictions on the types of information that the Department of Defense can collect or hold on U.S. persons. If it’s relative to the protection of U.S. installations or property, equipment, a criminal investigation or a counterintelligence investigation, then military intelligence activities could keep and hold that information, otherwise they’re not permitted to.
Mr. Verga is Peter F. Verga, the Principal Deputy Assistant Secretary of Defense for Homeland Defense, whose boss is Paul McHale. Verga also served as a liaison between the DOD and the Department of Homeland Security.
You might remember that Senator Feingold, Corzine, Wyden and Nelson on January 16, 2003 introduced a bill to freeze all data-mining by the DoD and DHS as part of their “Total Information Awareness” program. So now the military has used JPEN to circumvent the stigma of TIA (which was heavily criticized) and now feeds both gossip and NSA intercept data into its system.
I guess it’s just too great a temptation for the government not to attempt to track and monitor its citizens, with the excuse that we’re in a “War on Terror”. You might remember my article a few days ago about how the Department of Justice went fishing for a judge to give them the authorization to track you via your cell phone without a warrant.
Clearly these reports are just the tip of the iceberg, the grand daddy dream to know what all citizens are doing, all the time. The only way we’re ever going to escape this authoritarian behavior is to raise awareness about this issues.
I knew when I saw that JPEN only brought 293 hits in Google that it was time to write this article. The military’s spying on Americans is something that needs to be more widely known!
Crossposted from Flogging the Simian
Peace
