Too Buggy To Hack

The lobby of the CIA Headquarters Building in McLean, Virginia, August 14, 2008. REUTERS/Larry Downing

In the vast river of documents and charts flowing from Edward Snowden, only a few of the CIA's have bubbled to the surface, even though the fugitive whistle-blower worked for the spy agency nearly as long as he did for the NSA and its contractors.

The simplest explanation could be that Snowden had far less access to sensitive secrets as a lowly CIA Internet technician than he did when rooting around the NSA's computers for three years. But anyone who has worked at the CIA could supply another explanation: We can't easily find some of our deepest secrets, either - and we like it that way.

The reason lies in the computers holding the names of the CIA's foreign spies, contacts and potential assets.

As every spy trainee learns, running "traces," the agency's word for a background check on a potential recruit, is one of the first steps in a process that ends with seducing a foreign official, soldier, nuclear scientist, or terrorist banker into spying for the United States. It's as fundamental and necessary as waiting for a green light at an intersection.

An initial search might find nothing more than what Google can turn up: a name, address, job history, and immediate relatives. If the target comes from the Middle East or a tribal society like Pakistan, the file might have something about the individual's religion, clan or political affiliations. It should also say whether the person has worked for a U.S. intelligence agency, and how that turned out. If the target is on a "burn list" - fired for reasons ranging from corruption to fabricating information to selling secrets - that should glow red in the traces.

Or the search might turn up nothing. Too often, a handful of CIA veterans tell Newsweek, operatives find that a name that should be in the file - say, of a ranking foreign official - isn't. Or that important information is missing or incomplete; either outcome can introduce havoc, and even a fatal error, into a recruitment pitch.

Compounding the problem, especially since 9/11, is that Arabic and other non-Roman alphabetic names can be transliterated in myriad ways.

Add to that built-in security hurdles, and you've got a system that is unreliable and hard to use. "There are too many different databases," a longtime CIA officer says. "There is no one centralized trace system. You gotta have three different accesses, because of our special handling issues, and even then you don't know what's in there. It's like that terrorist database. It's a nightmare."

That the CIA "has the best trace system in the entire intelligence community," he adds, "should tell you everything you need to know."

CIA veterans - and FBI agents who have had temporary assignments with the CIA - marvel at the operations directorate's reports system, called Hercules, which allows a headquarters desk officer to punch up overnight cables from a CIA station in, say, Islamabad, with the click of a mouse. Compared to the FBI's clunky and long-troubled computerized case management systems, it's a dream.

But the CIA's traces system is a labyrinth with many trapdoors. Former CIA operations officer Ilana Greenstein recalls that her training session in 2002 on how to use it stretched over three days. In Baghdad three years later, she learned firsthand its limitations. As a favor to a Defense Intelligence Agency (DIA) operative, she asked for a trace on a potential Iraqi agent who swore he was working with a CIA-backed group.

The answer came back negative. Just as the DIA was about to reject the Iraqi as a liar, Greenstein asked for the trace to be run again with different name spellings. Bingo: He was telling the truth. (Greenstein, who won six exceptional performance awards before quitting the agency in 2008, says she was reprimanded for letting her DIA colleague into the CIA's classified facility.)

Another former senior CIA operative calls the system "inherently inaccurate." As chief of a CIA station abroad, he once searched for information in the files on a foreign ministry official he was interested in recruiting. "I checked out our local database and didn't see anything," he says. "So I wrote a cable requesting a headquarters database check. It came back negative. The next day, I went into the office and there was an email in there from my predecessor, saying, 'Hey I know this guy. He's already been encrypted' - given a code name - 'and here's his crypt.' So I punched in the crypt, and there was a whole bunch of stuff I pulled up. That's because there was a slight misspelling of the last name. So it doesn't take much to miss something."

Minor glitches can turn into major gaffes when the White House is on the line. It's not uncommon for top administration officials to ask the CIA for information on a foreigner who makes contact claiming to have inside information on Iran's nuclear program, a Syrian official who wants to defect, and so on.

"I have seen this several times: Every time you get a request from the White House or the State Department about somebody - 'This guy has shown up, what do you know about him?' - I have seen the entire seventh floor pucker up and cross their fingers because we have been burned so many times," says a CIA officer.

"Or the Pakistani interior minister says, 'We've just arrested this guy, and he's your spy,' and we're asked about it. And we say we don't have anything on him. But sure as s**t, two weeks later, there it is in the database and no one ever saw it: It was in a restricted-handling database, and no one ever looked. And this has happened on numerous occasions, in all those different scenarios [in which] they come back to us and we don't have anything."

The difficulty is compounded when rival intelligence agencies don't let the CIA, nominally the leader of overseas spying missions, know what they're up to. In Beirut a few years ago, Lebanese security queried the CIA about a man detained for suspicious activity. "Not ours," the agency responded after a files check. Turned out he was the FBI's counterterrorism spy. The Lebanese were not pleased and left they guy in jail.

Despite such confusion, there's little call to reform the system, agency veterans say. In its screwball way, it works - like an old lawn mower that needs several cranks to get going - while making it harder for people like Snowden to steal the family jewels.

"The mind-set is (and I can understand the mind-set), 'You know what? We've got sensitive stuff, and we don't want [anyone like Snowden] just showing up and being able to access it,'" says the longtime CIA officer, a view echoed by a half-dozen other agency veterans.

"The [feeling] is, we'll suck it up for source protection, because if you have a very efficient system, it means every source is in there for the taking - and there are sources in there you really, really don't want people to know about."

It doesn't make much sense, he concedes. It's one thing to make something hard to find, it's another thing to lose it. But most CIA operatives are willing to live with the system's lapses if - however inadvertently - they help prevent intruders like Snowden from stealing secrets.

"It's not that the traces are all screwed up," he insists, belatedly backpedaling on the numerous anecdotes suggesting just that. "You hear about the bad things, but in general, 90 percent of the time, you get what you need."

The CIA declined to comment for this story.

Jeff Stein is a Newsweek contributing editor in Washington.