Series: Dragnets Tracking Censorship and Surveillance

Update Dec. 28, 2013: In a new decision in support of the NSA's phone metadata surveillance program, U.S. district court Judge William Pauley cites an intelligence failure involving the agency in the lead-up to the 9/11 attacks. But the judge's cited source, the 9/11 Commission Report, doesn't actually include the account he gives in the ruling. What’s more, experts say the NSA could have avoided the pre-9/11 failure even without the metadata surveillance program.

We previously explored the key incident in question, involving calls made by hijacker Khalid al-Mihdhar from California to Yemen, in a story we did over the summer, which you can read below.

In his decision, Pauley writes: "The NSA intercepted those calls using overseas signals intelligence capabilities that could not capture al-Mihdhar's telephone number identifier. Without that identifier, NSA analysts concluded mistakenly that al-Mihdhar was overseas and not in the United States."

As his source, the judge writes in a footnote, "See generally, The 9/11 Commission Report." In fact, the 9/11 Commission report does not detail the NSA's intercepts of calls between al-Mihdhar and Yemen. As the executive director of the commission told us over the summer, "We could not, because the information was so highly classified publicly detail the nature of or limits on NSA monitoring of telephone or email communications.”

To this day, some details related to the incident and the NSA's eavesdropping have never been aired publicly. And some experts told us that even before 9/11 -- and before the creation of the metadata surveillance program -- the NSA did have the ability to track the origins of the phone calls, but simply failed to do so.

* * *

This story was originally published on June 20, 2013 and updated on June 21, 2013.

In defending the NSA’s sweeping collection of Americans’ phone call records, Obama administration officials have repeatedly pointed out how it could have helped thwart the 9/11 attacks: If only the surveillance program been in place before Sept. 11, 2001, U.S. authorities would have been able to identify one of the future hijackers who was living in San Diego.

Last weekend, former Vice President Dick Cheney invoked the same argument.

It is impossible to know for certain whether screening phone records would have stopped the attacks -- the program didn’t exist at the time. It’s also not clear whether the program would have given the NSA abilities it didn’t already possess with respect to the case. Details of the current program and as well as NSA’s role in intelligence gathering around the 9/11 plots remain secret.

But one thing we do know: Those making the argument have ignored a key aspect of historical record.

U.S. intelligence agencies knew the identity of the hijacker in question, Saudi national Khalid al Mihdhar, long before 9/11 and had the ability find him, but they failed to do so.

“There were plenty of opportunities without having to rely on this metadata system for the FBI and intelligence agencies to have located Mihdhar,” says former Senator Bob Graham, the Florida Democrat who extensively investigated 9/11 as chairman of the Senate’s intelligence committee.

These missed opportunities are described in detail in the joint congressional report produced by Graham and his colleagues as well as in the 9/11 Commission report.

Mihdhar is at the center of the well-known story of the failure of information sharing between the CIA and FBI and other agencies.

Indeed, the Obama administration’s invocation of the Mihdhar case echoes a nearly identical argument made by the Bush administration eight years ago when it defended the NSA’s warrantless wiretapping program.

Mihdhar and the other hijacker with whom he lived in California, Nawaf al Hazmi, were “experienced mujahideen” who had traveled to fight in Bosnia in the mid-1990s and spent time in Afghanistan.

Mihdhar was on the intelligence community’s radar at least as early as 1999. That’s when the NSA had picked up communications from a “terrorist facility” in the Mideast suggesting that members of an “operational cadre” were planning to travel to Kuala Lumpur in January 2000, according to the commission report. The NSA picked up the first names of the members, including a “Khalid.” The CIA identified him as Khalid al Mihdhar.

The U.S. got photos of those attending the January 2000 meeting in Malaysia, including of Mihdhar, and the CIA also learned that his passport had a visa for travel to the U.S. But that fact was not shared with FBI headquarters until much later, in August 2001, which proved too late.

“Critical parts of the information concerning al-Mihdhar and al-Hazmi lay dormant

within the Intelligence Community for as long as eighteen months,” the congressional 9/11 report concludes, “at the very time when plans for the September 11 attacks were proceeding.

The CIA missed repeated opportunities to act based on information in its possession that these two Bin Ladin associated terrorists were traveling to the United States, and to add their names to watchlists.”

Using their true names, Mihdhar and Hazmi for a time beginning in May 2000 even lived with an active FBI informant in San Diego.

The U.S. lost track of Mihdhar's trail in Asia in early 2000, but there were more chances.

“On four occasions in 2001, the CIA, the FBI, or both had apparent opportunities to refocus on the significance of Hazmi and Mihdhar and reinvigorate the search for them,” the 9/11 Commission report says. The report concludes that if more resources had been applied and a different approach taken, Mihdhar could have been found and stopped.

So, apart from all the missed opportunities, would a theoretical metadata program capturing phone records of all Americans made a difference before 9/11?

Key details about Mihdhar’s activities and the NSA before 9/11 remain classified so it’s difficult answer conclusively.

Let’s turn to the comments of FBI Director Robert Mueller before the House Judiciary Committee last week.

Mueller noted that intelligence agencies lost track of Mihdhar following the January 2000 Kuala Lumpur meeting but at the same time had identified an “Al Qaida safe house in Yemen.”

He continued: “They understood that that Al Qaida safe house had a telephone number but they could not know who was calling into that particular safe house. We came to find out afterwards that the person who had called into that safe house was al Mihdhar, who was in the United States in San Diego. If we had had this [metadata] program in place at the time we would have been able to identify that particular telephone number in San Diego.”

In turn, the number would have led to Mihdhar and potentially disrupted the plot, Mueller argued.

(Media accounts indicate that the “safe house” was actually the home of Mihdhar’s father-in-law, himself a longtime al Qaida figure, and that the NSA had been intercepting calls to the home for several years.)

The congressional 9/11 report sheds some further light on this episode, though in highly redacted form.

The NSA had in early 2000 analyzed communications between a person named “Khaled” and “a suspected terrorist facility in the Middle East,” according to this account. But, crucially, the intelligence community “did not determine the location from which they had been made.”

In other words, the report suggests, the NSA actually picked up the content of the communications between Mihdhar and the “Yemen safe house” but was not able to figure out who was calling or even the phone number he was calling from.

“[Y]ou should not assume that the NSA was then able to determine, from the contents of communications, the originating phone number or IP address of an incoming communication to that place in Yemen,” said Philip Zelikow, who was executive director of the 9/11 Commission, in an email to ProPublica. “It would depend on the technical details of how the signals were being monitored.”

It wasn’t until after 9/11 that the FBI figured out that “Khaled” was hijacker Khalid al-Mihdhar, calling from San Diego.

The 9/11 Commission report itself does not appear to describe the communication between Mihdhar and Yemen.

When the Commission report was released in 2004, according to Zelikow, “we could not, because the information was so highly classified publicly detail the nature of or limits on NSA monitoring of telephone or email communications.” Information on the topic remains classified, he added.

Zelikow called Mueller’s recent assertion about the metadata program “accurate and fair.”

“It is definitely possible that, with the kind of databases that Mueller is discussing, used properly, the US government would have been alerted during 2000 to the presence in the U.S. -- and possibly the location -- of these individuals -- and possibly others he did not mention who arrived later,” Zelikow said.

Theories about the metadata program aside, it’s not clear why the NSA couldn’t or didn’t track the originating number of calls to Yemen it was already listening to.

Intelligence historian Matthew Aid, who wrote the 2009 NSA history Secret Sentry, says that the agency would have had both the technical ability and legal authority to determine the San Diego number that Mihdhar was calling from.

“Back in 2001 NSA was routinely tracking the identity of both sides of a telephone call,” he told ProPublica.

The NSA did not respond to a request for comment. The FBI stood by Mueller’s argument but declined to further explain how the metadata program would have come into play before 9/11.

There's another wrinkle in the Mihdhar case: In the years after 9/11, media reports also suggested that there were multiple calls that went in the other direction: from the house in Yemen to Mihdhar in San Diego. But the NSA apparently also failed to track where those calls were going.

In 2005, the Los Angeles Times quoted unnamed officials saying the NSA had well-established legal authority before 9/11 to track calls made from the Yemen number to the U.S. In that more targeted scenario, a metadata program vacumming the phone records of all Americans would appear to be unnecessary.

That story followed President Bush’s defense of the NSA warrantless wiretapping program, which had just been revealed by the New York Times.

“We didn't know they were here, until it was too late,” Bush said in a December 2005 live radio address from the White House.

It’s not clear how the wiretapping program would have come into play in the Mihdhar case. The program at issue in 2005 involved getting the actual content of communications, which the NSA had already been doing in the Mihdhar case.

"Justice could have asked the FISA Court for a warrant to all phone companies to show all calls from the U.S. which went to the Yemen number. As far as I know, they did not do so. They could have," Clarke wrote in an email. "My understanding is that they did not need the current All Calls Data Base FISA warrant to get the information they needed. Since they had one end of the calls (the Yemen number), all they had to do was ask for any call connecting to it."