It has been several weeks since the New York Times reported that "overwhelming circumstantial evidence" led the CIA to believe that Russian President Vladimir Putin "deployed computer hackers" to help Donald Trump win the election. But the evidence released so far has been far from overwhelming.
The long anticipated Joint Analysis Report issued by the Department of Homeland Security and the FBI on Dec. 29 met widespread criticism in the technical community. Worse still, some of the advice it offered led to a very alarmist false alarm about supposed Russian hacking into a Vermont electric power station.
Advertised in advance as providing proof of Russian hacking, the report fell embarrassingly short of that goal. The thin gruel that it did contain was watered down further by the following unusual warning atop page 1: "DISCLAIMER: This report is provided 'as is' for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within."
Also, curiously absent was any clear input from the CIA, NSA or Director of National Intelligence James Clapper. Reportedly, Mr. Clapper will get a chance tomorrow to brief an understandably skeptical Donald Trump, who has called the briefing delay "very strange," even suggesting that top intelligence officials "need more time to build a case."
Mr. Trump's skepticism is warranted not only by technical realities, but also by human ones, including the dramatis personae involved. Mr. Clapper has admitted giving Congress on March 12, 2013, false testimony regarding the extent of NSA collection of data on Americans. Four months later, after the Edward Snowden revelations, Mr. Clapper apologized to the Senate for testimony he admitted was "clearly erroneous." That he is a survivor was already apparent by the way he landed on his feet after the intelligence debacle on Iraq.
Mr. Clapper was a key player in facilitating the fraudulent intelligence. Defense Secretary Donald Rumsfeld put Mr. Clapper in charge of the analysis of satellite imagery, the best source for pinpointing the location of weapons of mass destruction — if any.
When Pentagon favorites like Iraqi émigré Ahmed Chalabi plied U.S. intelligence with spurious "evidence" on WMD in Iraq, Mr. Clapper was in position to suppress the findings of any imagery analyst who might have the temerity to report, for example, that the Iraqi "chemical weapons facility" for which Mr. Chalabi provided the geographic coordinates was nothing of the kind. Mr. Clapper preferred to go by the Rumsfeldian dictum: "The absence of evidence is not evidence of absence." (It will be interesting to see if he tries that out on the president-elect Friday.)
A year after the war began, Mr. Chalabi told the media, "We are heroes in error. As far as we're concerned we've been entirely successful." By that time it was clear there were no WMD in Iraq. When Mr. Clapper was asked to explain, he opined, without adducing any evidence, that they probably were moved into Syria.
With respect to the alleged interference by Russia and WikiLeaks in the U.S. election, it is a major mystery why U.S. intelligence feels it must rely on "circumstantial evidence," when it has NSA's vacuum cleaner sucking up hard evidence galore. What we know of NSA's capabilities shows that the email disclosures were from leaking, not hacking.
Here's the difference:
Hack: When someone in a remote location electronically penetrates operating systems, firewalls or other cyber-protection systems and then extracts data. Our own considerable experience, plus the rich detail revealed by Edward Snowden, persuades us that, with NSA's formidable trace capability, it can identify both sender and recipient of any and all data crossing the network.
Leak: When someone physically takes data out of an organization — on a thumb drive, for example — and gives it to someone else, as Edward Snowden and Chelsea Manning did. Leaking is the only way such data can be copied and removed with no electronic trace.
Because NSA can trace exactly where and how any "hacked" emails from the Democratic National Committee or other servers were routed through the network, it is puzzling why NSA cannot produce hard evidence implicating the Russian government and WikiLeaks. Unless we are dealing with a leak from an insider, not a hack, as other reporting suggests. From a technical perspective alone, we are convinced that this is what happened.
Lastly, the CIA is almost totally dependent on NSA for ground truth in this electronic arena. Given Mr. Clapper's checkered record for accuracy in describing NSA activities, it is to be hoped that the director of NSA will join him for the briefing with Mr. Trump.
William Binney (firstname.lastname@example.org) worked for NSA for 36 years, retiring in 2001 as the technical director of world military and geopolitical analysis and reporting; he created many of the collection systems still used by NSA. Ray McGovern (email@example.com) was a CIA analyst for 27 years; he briefed the president's daily brief one-on-one to President Reagan's most senior national security officials from 1981-85.