Reuters recently published new reporting on the story of one of the worst U.S. intelligence failures in decades. From approximately 2010 to 2013, dozens of CIA informants in China, Iran, and elsewhere were rounded up and executed, jailed, or flipped to double agents. In Iran and China, almost the entirety of the CIA’s network in two of its top-priority countries are reported to have been exposed.
Some in the U.S. government seemed to try to pin much of the blame on a betrayal by CIA officer Jerry Lee, who was later prosecuted and pleaded guilty to spying on behalf of the Chinese government. But Lee’s alleged espionage could not account for all the sources blown.
In a series of articles published by the New York Times, Foreign Policy, and Yahoo! News, another explanation emerged: an astonishing laxity of source protection at the CIA itself. The reporting outlined several lapses in basic tradecraft (which included sending new recruits to meet at locations known to be under close foreign surveillance), but most catastrophic was the (not so) secret communications system the CIA used with these sources. Even if there had not been a mole, it seems hard to believe that the slapdash system could have long evaded the sophisticated counter-intelligence capabilities of the Chinese and Iranian governments.
Essentially, the CIA had set up a system to embed a messaging function hidden in the search box of hundreds of cheaply produced fake websites. The word “hidden” should be used loosely here — the new Reuters reporting found more than three hundred of the sites and showed that a cursory look at their publicly available HTML source code revealed labels such as “message,” “compose,” and “password.” And because the agency purchased the domain names in bulk, the websites were assigned sequential IP addresses — making it almost trivially easy to identify the whole network once a few were discovered.
In other words, simply entering the correct operators into a Google search might have led to dozens of informants rounded up and executed. This level of sloppiness is deeply shocking and inexcusable for a spy service with the resources and expertise available to the CIA. But there are additional layers of hypocrisy and bitter irony that have been less discussed.
This episode coincided with the Department of Justice ramping up its war on whistleblowers. The government used “sources and methods” as a cudgel in these unprecedented Espionage Act prosecutions: they claimed to assign the gravest weight to the protection of sources — so much so that no concern of public interest, no matter how great, could ever be weighed against the secrecy. But those sources were treated as utterly disposable: the agency couldn’t even be bothered to obscure the HTML on its communications system.
In a pattern common to the intelligence community’s most catastrophic self-owns, no one seems to have yet been held accountable. Well, except one person. As you may have guessed, there was a whistleblower. In 2008, a CIA contractor named John Reidy started sounding the alarm through internal channels that these grave flaws in the system were a ticking time bomb. Reidy was fired in retaliation, and his complaint to the Inspector General went uninvestigated until well after dozens of informants had already been jailed or killed. As Reidy tried to fight the retaliation, the government even prohibited him from telling his own attorney anything about the nature of his disclosures.
At the same time when the CIA’s carelessness was burning its own assets, it became fashionable for the critics of whistleblowers who went public to condemn them for not sticking to “internal channels.” Those channels didn’t do much for John Reidy, or for the scores of intelligence sources he tried to save.
The cruel irony would surely not be lost on former CIA officer John Kiriakou, who became a whistleblower when he discussed the CIA’s torture program in a media interview at a time when the CIA was still denying it. Kiriakou was sentenced to 30 months in prison after pleading guilty to inadvertently confirming the name of one CIA officer to a journalist — even though the journalist never published the name.
Again, it’s worth stating clearly: it was not the leaks of conscientious whistleblowers that caused the sky to fall, but the intelligence community’s own chronic mismanagement, virtually guaranteed by the very secrecy it always claims to need to protect those sources.
