As 2016 draws to a close, ISIS as an organization that governs territory with the appeal of a caliphate is in a death spiral. Its adversaries have slowly but surely squeezed and demolished its economic underpinnings even as its own simultaneously quixotic and brutal governance attempts in Syria and Iraq have unraveled, as did al-Qaeda in Iraq’s before it. The cumulative coalition air campaign, capture of the iconic town of Dabiq, and now the fall of Mosul have vitiated the core ISIS tenet of “remaining and expanding,” crushing its image of surging victory. ISIS can no longer effectively recruit to the caliphate, or pay even the few wild-eyed latecomers who may show up.
But even when the caliphate is over, the problem it represents will not be. It will still retain a capability to launch attacks around the world from other sites. The world’s security services failed to effectively monitor, record, or, when allowed, interdict the travel of their citizens to Iraq and Syria. We should not be caught similarly unaware when they come home—as some are already doing. Now is the time to establish a network of measures to record, monitor, and, when there is a legal basis, interdict foreign terrorist fighters on their return. The foundation of these measures is accurate, actionable intelligence shared internationally and put into the hands of frontline security “first responders.”
We are already well aware that foreign fighters returning from Syria and Iraq constitute a domestic security threat, as FBI Director James Comey noted on September 27: “There will be a terrorist diaspora sometime in the next two to five years like we’ve never seen before.” The size of this diaspora is difficult to assess. Many who went have died and some will stay at least for a while, or go to other Muslim-majority countries. Some who return will have never had combat experience or any military training. Some will return deeply disillusioned, and others will return to family and social networks that will constrain any impetus to violence—at least for a time. But we do not know these numbers, meaning that the number of genuinely dangerous returnees is also unknown to us.
For example, EU Security Commissioner Sir Julian King recently estimated that there are some 2,500 European foreign terrorist fighters in the combat zone, but he was at a loss to guess how many dangerous returnees there might be, except to note that the answer is not zero. The number of the total foreign terrorist fighters who travelled to Iraq and Syria range from 30,000 to 40,000, most of them from the Middle East and North Africa. Of course we do care what they do once they return to Tunisia, Egypt, Jordan, Saudi Arabia, and elsewhere—and we care even more if these individuals eventually make their way into Europe and North America. There, they could not only carry out attacks but also inspire and recruit others, forming new terror cells.
Of the fighters who have returned already, some are known to their governments, but many have returned home undetected. The challenge of tracking returnees is about to grow sharply with the last urban havens of Mosul and Raqqa disappearing: Thousands of surviving foreign terrorist fighters will be on the move, crossing borders, searching for their next refuge, their next conflict, or returning home. The threat they pose today constitutes a clear, present, and imminent danger. What should we do?
Three main obstacles must be overcome if the U.S. government and allied governments are to effectively use intelligence to protect our citizens against the returnee threat. The first challenge is to fuse the intelligence information we do have to produce a single useful file, or target package, on each foreign terrorist fighter. The second challenge is to greatly improve file sharing among global partners. The third challenge is to get these packages into the hands of those who need them most—frontline security professionals at borders and transport hubs. None of these obstacles are insurmountable; nor do they require large or new amounts of money. What we need is political will and leadership to overcome outdated thinking and inappropriate prohibitions limiting sharing and implementation.
The intelligence services of the world have not been entirely idle as foreign fighters have flocked to ISIS in the Levant. Depending on their capabilities and the perceived threat to their nations, most services have been collecting intelligence to identify fighters and their networks. Despite challenges associated with the increasing use of encrypted communications, most national intelligence services have some capability to intercept foreign terrorist fighters’ email and phone conversations. Social media posts by fighters proud of their efforts, anxious to recruit others and demonstrate their fidelity to the cause, are invaluable sources regarding terrorist locations, actions, and networks. Interrogations and debriefings of returned foreign fighters sometimes yield valuable information. It is not uncommon for families to contact the authorities with information in order to get help to get their relatives home safely. Photographs, fingerprints, and in some cases DNA information on identified foreign terrorist fighters reside in government databases if the individuals applied for a driver’s license, received social benefit payments, or were ever arrested or convicted of a crime. In many European countries the majority of foreign terrorist fighters have a criminal background.
Unfortunately, this wealth of information is rarely integrated, connected, or coordinated—even within Europe, for example. Phone and email intercepts are located with the organization that does signals collection (SIGINT) and are classified at a high level, limiting access by others for fear of compromising collection techniques. Debriefings of returning foreign fighters are handled by the ministries or organizations that deal with human intelligence (HUMINT), and are highly classified to protect the human sources—again limiting access by other agencies. Social media collection is classified at a lower level than signals or human intelligence and thus is frequently done by yet another different department or agency, with yet another information database. Justice ministries or their equivalent, not intelligence services, hold information on individuals who have been in the domestic criminal justice system. Photographs and fingerprints of those who applied for licenses or benefits are held at a local governmental level, or by a state’s domestic social welfare ministry, which does not normally share this information with intelligence services due to domestic privacy concerns. It is a rare occasion when a single package of data concords all of the information on an active suspect, even in those very rare instances when electronic communications systems and databases are compatible and interoperable even within the same government, let along among them.
The seriousness of the returnee threat is a compelling reason to break down organizational and international barriers to focus efforts on better fusing and then sharing intelligence. There isn’t a shortage of information; the problem is that this information isn’t being combined into a useful product. We need to make the intelligence “actionable”—precise enough to be used to take concrete steps to protect citizens. And we need to make it available in a usable format for those who need it most: “first responders” who will encounter returning fighters as they move across borders, pass through transport hubs, or are stopped for routine traffic offenses.
To do this, the packages must be rendered unclassified so they can be put in the hands of a border guard, customs official, or traffic patrolman who doesn’t have a security clearance or routine access to classified information. If analysts are not authorized and directed explicitly by leadership to create packages available to uncleared government officials, analysts will do what they normally do: create products available and accessible primarily to other intelligence professionals.
Intelligence information is classified primarily to protect sources and methods of obtaining that information. There is always a trade-off between protecting sources and how those sources are used in the field. Intelligence information stored in a database or vault with limited access is very safe and very protected, but also of very limited utility.
Obviously, the various classifications of intelligence sources by different agencies (and sometimes within the same agency) complicate any effort to make a product that can be widely shared. Generally, when different classifications of intelligence are fused into a single product, the entire package assumes the highest, most restrictive classification level. This is unacceptable given the threat that foreign terrorist fighters pose. If leadership insists, analysts can make packages that strip out the specifics of sources and methods while still maintaining the vital, precise identification data first responders need. Border guards don’t care which intelligence tool or method was used; they just want access to the intelligence that enables them to do their jobs. They care how reliable it is, because that bears on whether they should they detain and arrest the person in front of them or not. But reliability is not directly related to the level of classification; highly classified intelligence can turn out not to be all that reliable, as was shown in the Iraq WMD fiasco.
Once allied governments overcome their internal challenges, the second step is for these packages to be shared among as many responsible governments as possible—not merely within specific alliances or bilaterally between states that enjoy routinized intelligence-sharing relationships. Of course there is some risk that certain governments might leak information by direction (or more likely accidentally) to those we don’t want to have it. But the truth is that we don’t know which routes fighters will take on their way out of Iraq and Syria, and savvy terrorists anxious to avoid detection and capture at home are liable to devise complex, circuitous travel routes. Wide sharing is therefore worth the modest risk.
INTERPOL is uniquely positioned to serve as the global clearinghouse to push these packages to and from its 190 member nations around the world. INTERPOL coordinates informational exchanges routinely, but it is dependent on member nations to voluntarily provide data on their citizens. According to INTERPOL, it has only about 8,000 records on foreign terrorist fighters out of an estimated 30,000 to 40,000 estimated to exist, and while some sixty governments contributed those records, 80 percent of them have come from only ten countries. That is not nearly adequate.
Sharing these fused packages on foreign terrorist fighters among governments globally via INTERPOL is a vital step, but it’s not enough. Once these packages are received by the relevant agencies of government, they must be relayed expeditiously with actionable details to frontline security professionals. The outdated 20th-century methodology of matching names on identity documents to watch lists is ineffective. Lists of transliterated names or aliases aren’t reliably useful. We can do better: Retina and iris scans, DNA, fingerprints, signature matches, and facial recognition software are the 21st-century identification tools of the trade. We must develop and field the capability for an official in the field to quickly match the biometric physical attributes of the individual standing in front of him with those in his package. Given the demands of their jobs, agents in the field have to make decisions to detain within a few minutes, if not seconds; they don’t have a half hour per case to sit down and study pages of hard-copy or electronic lists.
There are, of course, impediments to this approach. As noted, the first hurdle is to render this data unclassified. The second hurdle is to field simple, rugged, low-bandwidth systems that can access a centralized national database from a handheld device in the field. With today’s technology this goal is achievable. If average citizens can access networks from a handheld device to securely book flights and purchase airline tickets, then it is hardly unreasonable to insist that government officials have the means to access a foreign terrorist fighter database in real time via similar devices. Would it be costly to do so? Or, better put: Would it be more expensive than a massacre at a shopping mall, an international airport, or a train station?
Putting accurate, precise intelligence that identifies returning foreign fighters into the hands of frontline security officers is vitally important, arguably now more than ever. The hardware and networking issues are formidable, but not insurmountable. These and other hurdles can be surmounted with leadership and will—but that precisely has been the problem before and since 9/11: not hardware or money, but social and political software.
Political leaders and their appointees are usually men and women who are academics or commentators with little experience in running large organizations, or individuals used to giving orders and being obeyed. Only a few have had experience with managing complex organizations, supervising implementation of plans and policies, and focusing on the details needed to do that. Hence they are inexperienced with two truths: First, organizations are extremely conservative and bureaucratic and can be counted upon to resist change; and, second, in any event it is extremely difficult to get existing organizations to qualitatively adjust their standard operating procedures in order to do new things.
We can see these realities at work even when leaders recognize that new policies and protocols are required to get to required new outcomes: Reorganization of the intelligence and homeland security functions in the United States after 9/11 encountered enough resistance from the affected agencies to significantly blunt the capability of new arrangements to produce better results. Or take a somewhat more pedestrian example not from the intelligence world: Many years ago Congress ordered the Department of Defense to make the various legacy accountancy procedures used by different offices interoperable in order to create an overall, net assessment of money flows. Defense Department leadership on its own failed to make this happen, so it hired contractors to do the job. Nearly twenty years later, the job remains unfinished.
Leaders must overcome outdated mindsets that discourage or punish intelligence sharing, but to do this it is not enough to give orders or mark up a new budget. Change of this magnitude calls for expedited authority and processes to break through bureaucratic inertia and inaction. For that reason and others, an interagency arrangement needs to be set up, a process or arrangement that is directive, not built on consensus or lowest-common-denominator outcomes. Given the urgency and high priority of the issue, the Executive Office of the President is probably the only place where such an effort can be effectively sited. This should have been done already; as things stand, it should be one of the very first pieces of business of the transition team and then the new Administration starting in January 2017.
Our processes must be simple, straightforward, and applicable to as many international partners as possible. It won’t do us much good if the U.S. government manages to get over the bar but most of our allies and regional partners do not. America is already a leader in sharing and providing intelligence with our likeminded counter-terrorism partners. An effort on identification of returning terrorists would expand this effort. A diplomatic element to convince others to combine our efforts should play a role too.
An interagency effort, beyond the intelligence community, must of course include the Justice Department, as some of the impediments to effective new protocols are legal. Leaders must drive the effort to permit the sharing of personal information on a limited number of their citizens with other governments. There are legitimate privacy issues and human rights concerns about collecting and sharing intelligence on individuals who have not been charged or convicted of a crime. Innocent individuals may be detained by mistake. There is always friction in counterterrorism operations between individual privacy and human rights concerns, on the one side, and the security and safety of millions of citizens, on the other. During this particular window of vulnerability, leaders must acknowledge these concerns but drive the effort to fuse intelligence and share it with partners anyway. One way to address valid privacy concerns could be to designate a temporary “state of heightened security measures,” with a specified temporary period of application explicitly indicated, during which international information sharing would supersede privacy concerns. Congress would need to approve; this sort of thing ought not be done by Executive Order alone, if possible.
There are risks in such an approach, but these need be weighed against the risks of the status quo. When the next terrorist attack conducted by a returned terrorist fighter or someone influenced by one occurs, the U.S. government and other governments must face their citizens and be able to say with honesty and conviction that “we did all we possibly could” to protect them. At this point, that would be a lie.