The Pentagon's Counterspies
Counterintelligence Field Activity (CIFA)
Describe Organization and Operations of Controversial Agency
Security Archive Electronic Briefing Book No. 230
Edited by Jeffrey Richelson
- September 17, 2007
more information contact:
Jeffrey Richelson - 202/994-7000
DC, September 17, 2007 - Today the National
Security Archive publishes a collection of documents concerning
the organization and operations of the Pentagon's Counterintelligence
Field Activity (CIFA) and the TALON/CORNERSTONE database it
has maintained. As the Defense Department announced on August
21, today that database will be terminated while work on new
procedures for reporting of threats to the Defense Department
and its facilities continues. In the interim, threat reports
will be transmitted to the FBI.
The declassified documents published today include the key
Department of Defense directive on the collection of information
about Americans, as well as documents on the organization and
missions of CIFA, an evaluation of charges of mismanagement
by CIFA executives, and examples of data collected about protest
activities as part of the Threat And Local Observation Notice
Central to the collection are the documents that show the internal
and public response by the Defense Department to questions raised
about the propriety of the data base - specifically, its collection
and retention of data on political protests. Also, included
is a DoD Inspector General report on the operation of the TALON
system, identifying a number of problems in operation of the
Counterintelligence Field Activity (CIFA)
By Jeffrey Richelson
The Counterintelligence Field Activity (CIFA), also known
for a time as the Joint Counterintelligence Assessment Group
(JCAG), was established by Department of Defense Directive 5105.67
(Document 2) in February 2002. A Defense
Department background paper (Document 7)
traces CIFA's origins to Presidential Decision Directive (PDD)-
75, "U.S. Counterintelligence Effectiveness - Counterintelligence
for the 21st Century," signed by President William Clinton
on January 5, 2001. PDD-75 called for a predictive and proactive
counterintelligence (CI) system with integrated oversight of
counterintelligence issues across national security agencies.
CIFA's functions, according to the February 2002 directive
were to include:
- evaluating DoD counterintelligence activities to determine
the extent to which counterintelligence policies and resources
adequately protect the Defense Department against the threats
of "espionage, terrorism, sabotage, assassination, and
other covert or clandestine activities, including those of
foreign intelligence services,"
- providing counterintelligence threat assessments, advisories,
and risk assessments to the heads of DoD components,
- providing "tailored analytical and data-mining support"
to DoD counterintelligence field elements and activities,
- conducting "Domestic Threat Analyses and Risk Assessments,"
- identifying and tracking "technologies requiring protection."
In 2005 CIFA's authority was expanded when it received mission
tasking authority (MTA) over the counterintelligence organizations
of the military departments, such as the Air Force Office of
Special Investigations and the counterintelligence components
of Defense Department agencies. An even more extensive expansion
of CIFA's authority had been proposed earlier that year by The
Commission on the Intelligence Capabilities of the United States
Regarding Weapons of Mass Destruction, also known as the Robb-Silberman
Commission. The Commission suggested that CIFA "should
have operational and investigative authority to coordinate and
conduct counterintelligence activities throughout the Defense
Department." (Note 3)
After consultations with the National Security Council staff
members responsible for implementing the Commission's recommendations,
the Defense Department expanded CIFA's authority, but not to
the extent suggested by the Commission. The tasking authority
assigned to CIFA does not allow it to conduct counterintelligence
agencies throughout the Defense Department but allows
it to task any military department or DoD agency counterintelligence
component to "execute a specific CI mission or conduct
a CI function within that organization's charter." (Note
CIFA has about 400 full-time employees and provides work for
800-900 contractor personnel. (Note 5) Its
organizational structure (Document 3a) includes
nine directorates, whose missions are explained in the CIFA
Fact Sheet (Document 3b).
Among the reports produced by CIFA are Significant Activity
Summaries, Special Reports, Briefings, and Threat Advisories.
According to one report, one briefing paper prepared by CIFA
concerns whether Islam has been radicalized by terrorists or
is inherently radical and supportive of terrorism. The briefing
noted that "political Islam wages an ideological battle
against the non-Islamic world at the tactical, operational and
strategic level. The West's response is focused at the tactical
and operational level, leaving the strategic level - Islam -
unaddressed." (Note 6)
A special report produced by CIFA's West Coast detachment is
the July 29, 2005, Production and Use of Fraudulent Military
Identification Cards (Document 6).
It summarized several incidents, including the observation of
three individuals in a restaurant in Yukon, Oklahoma, using
a laptop computer to produce what appeared to be military ID
cards. Also noted was the seizure of equipment used to produce
counterfeit military ID cards following a traffic stop near
an Air National Guard Base in Michigan. (Note 7)
The information contained in the report concerning the incidents
in Oklahoma and Michigan were drawn from reports that had been
produced as part of CIFA's Threat and Local Observation Notice
(TALON) reporting system - a system first established by the
Air Force prior to the creation of CIFA. (Note
8) A Defense Department information paper (Document
14) on the system stated that:
The ability to acquire and analyze suspicious
activity reports for indications of possible terrorist pre-attack
activities is an absolutely critical component of the intelligence
support to [the] force protection mission. Terrorists have
the advantage of choosing the time and venue for their attacks,
but normally have to conduct extensive pre-attack preparations
to maximize their chances of success. The pre-attack phase
of a terrorist operation, however, is the period of greatest
vulnerability to the terrorist group, since it must surface
to collect intelligence and conduct physical surveillance
and other activities of the target... Therefore, an effective
system for detecting terrorist pre-attack activities is a
high priority task for the intelligence community, law enforcement,
security elements, and local community authorities. (Note
In May 2003, the Deputy Secretary of Defense decreed (Document
4) that TALON would be the formal mechanism for assembling
and sharing "non-validated" domestic information among
intelligence, counterintelligence, law enforcement, security,
and force protection organizations. Events reported (by DoD
personnel, "concerned citizens," or local law enforcement)
under the TALON system were to include "non-specific"
threats to the Defense Department; suspected surveillance of
DoD facilities and personnel; elicitation (attempts to obtain
security-related or military-specific information by anyone
without the appropriate security clearance and need-to-know);
tests of security; unusual repetitive activity; bomb threats;
as well as any other suspicious activity. He also directed that,
"to the maximum extent possible," TALON reports should
be classified at the lowest possible level to ensure maximum
distribution." (Note 10)
As of 2005, the database of TALON and other counterintelligence
reports was designated CORNERSTONE, while the intelligence and
law enforcement system for sharing TALON and other related reports
is known as the Joint Protection Enterprise Network (JPEN).
In late 2005, it was reported that an effort, designated Project
Voyager, was underway to improve the CORNERSTONE database to
support coordination with local, state and federal law enforcement.
The database consists of a chronological listing by report date
that also provides an incident date, incident summary, locations
of the city/installation and state of the incident, type of
incident (e.g. threat or anti-DoD vandalism), the disposition
of the case (open or unresolved), credibility, whether the report
was further researched, and the reason a report was discounted.
The database is also undoubtedly used in data mining activities.
Since March 2004, CIFA has awarded at least $33 million to a
variety of major corporations to develop techniques for combing
through classified and unclassified documents, commercial information,
and Internet traffic to detect terrorists and spies. (Note
One CIFA-supported database project, conducted by Northrop
Grumman and designated "Person Search," is intended
to "provide comprehensive information about people of interest."
It is intended to include the ability to search government and
commercial databases. The objective of a second project, "The
Insider Threat Initiative," is, according to the Computer
Sciences Corporation contract, to "develop systems able
to detect mitigate and investigate insider threats," as
well as to "identify and document normal and abnormal activities
and 'behaviors'." Another contract provided a small firm
with funding to develop techniques "to track and monitor
activities of suspect individuals." (Note
The Air Force produced 1,200 such reports in the 14 month period
concluding at the end of September 2003. In the program's first
year CIFA received more than 5,000 TALON reports. By mid-January
2006, the database contained about 13,000 items. (Note
The database of TALON reports has contained some very different
types of reports. The 400-page database of 1,519 "suspicious"
incidents that were observed between July 2004 and May 2005
contained about two dozen that appeared to concern real threats.
In August 2004 there was an aborted terrorist attack against
Florida governor Jeb Bush and the USS Momsen at Panama
City, Florida, during a decommissioning ceremony. Two reports
from November 2004 concerned possible surveillance of the National
Security Agency by nationals from the People's Republic of China
and three North Korean illegals found on the Luke Air Force
Base Bombing Range in Arizona. Reports from May 2005 concerned
a South Florida Al-Qaeda associate who was in possession of
a pilot's license and had worked as a baggage handler at a Florida
airport, and the identification of a U.S. person as an alleged
financial conduit for suspected Al-Qaeda members. (Note
A very different type of TALON report from August 2004 concerned
the arrest, in Atlanta, Georgia, of a Navy enlisted man for
driving under the influence; a subsequent search of his vehicle
revealed "a picture of Usama bin Laden displayed as a screensaver
on [his] cellular telephone. But it was a third type of TALON
report, concerning the anti-war movement, that would prove to
be controversial. One of these was a report submitted by the
902nd Military Intelligence Group, the Army Intelligence and
Security Command's domestic counterintelligence unit. The report,
which was listed in the database as pertaining to a "threat,"
concerned a small gathering of activists at a Quaker Meeting
House in Lake Worth, Florida, to plan a protest of military
recruiting at local high schools. (Note 16)
Another example of an event that attracted the attention of
the 902nd was a March 2005 peace march through the streets of
Akron, Ohio, that involved about 200 people and included stops
outside a Marine Corps recruiting center and FBI office to listen
to speeches against the Iraq war. Based on a tip from the Pentagon
the marchers were followed by police cars. In addition, analysts
with 902nd downloaded information from activist web sites, intercepted
e-mails, and cross-referenced the data they acquired with information
in police databases. In that or other instances photographs
and records of protesters and their vehicles have been reviewed
to determine if different activities were being organized by
the same individuals. The analyst's conclusion was that "Even
though these demonstrations are advertised as 'peaceful,' they
are assessed to present apotential force protection threat."
There were approximately four dozen reports concerning anti-war
meetings or protests, including reports that remained in the
database long after it was concluded that the targets were unrelated
to any threat. Among the meetings that attracted the attention
of military counterintelligence authorities were a large anti-war
protest in Los Angeles in March 2005, a planned protest against
military recruiters in Boston in December 2004, a planned demonstration
outside the gates of the Fort Collins, Colorado, military base,
and a planned protest at McDonald's National Salute to America's
Heroes - a military air and sea show in Ft. Lauderdale, Florida.
It was concluded that the Ft. Lauderdale protest was not a credible
threat and a column in the database noted that it was a "US
group exercising constitutional rights." (Note
Press revelations - particularly in the Washington Post,
the Post's Early Warning Web log, and on NBC - that
CIFA's TALON database included reports on such activities revived
memories of Army surveillance of anti-war activities during
the 1970s, and the concern, by some, that the Pentagon had crossed
the line from legitimate force protection activities to unjustified
snooping on legitimate political activities. The Defense Department's
response to the disclosures included a statement offering reassurance
that the department "views with the greatest concern any
potential violation of strict DoD policy governing authorized
counter-intelligence efforts and support to law enforcement."
More concretely, it claimed that a "dot of information
that was not validated as threatening is required to be removed
from the TALON system in less than ninety days." (Note
The statement also revealed, in addition to a review of the
TALON system that had been initiated in October by CIFA, that
the Under Secretary of Defense for Intelligence had directed
that four actions be taken after an initial assessment of TALON
reporting procedures: (1) a "thorough review of the TALON
reporting system to ensure it complies fully with DoD and U.S.
laws"; (2) a review to determine whether TALON policies
and procedures "are being properly applied with respect
to any reporting and retention of information about any U.S.
persons; (3) a review of the TALON data base to identify any
other information improperly in the data base; and (4) refresher
training for all DoD counterintelligence and intelligence personnel
"concerning laws, policies, and procedures governing collection,
reporting and storing information related to warning of potential
threats to DoD personnel, facilities, or national security interests."
The statement was followed by a January 13, 2006, memo from
the Deputy Secretary of Defense (Document 9)
concerning the "Retention and Use of Information for the
TALON System." In addition to specifying refresher training
it gave the Director of CIFA until January 17, 2006, to advise
the Under Secretary of Defense for Intelligence that all reports
in the TALON database had been reviewed to identify any reports
that did not belong. It also noted that the Under Secretary
had established a working group to "review and recommend
changes to policy and procedures employed in the TALON program
to ensure compliance with DoD policy." (Note
Two weeks later, Deputy Under Secretary of Defense (Counterintelligence
and Security) Robert W. Rogalski provided an update (Document
10) on the review of the TALON system to the ranking member
of the Senate Committee on Armed Services. In his letter, Rogalski
stated that TALON reporting had led to "a number of investigations,"
including terrorism investigations as well as identifying patterns
that allowed the Defense Department to change security procedures
in order to deter potential terrorist activities. Rogalski also
the TALON reporting system was intended to document suspicious
incidents possibly linked to foreign terrorist threats to
DoD resources, some came to view the system as a means to
report information about demonstrations and anti-base activity
that would be of interest to field commanders from a force
protection perspective. A very small percentage of these reports
were submitted to the TALON/CORNERSTONE database.
CIFA has removed the TALON reports on demonstrations
and anti-base activity from the database. The process to remove
other reports that are no longer analytically significant
is ongoing. All TALON reports are now reviewed at CIFA upon
receipt to ensure compliance with the TALON reporting criteria.
He also promised that the Defense Department would soon issue
detailed guidance that would clarify the purpose of the database,
the rules governing the collection and retention of information,
and specify more detailed procedures to be followed. In addition,
Rogalski reported, the database would be reviewed again to ensure
compliance. (Note 23)
Eventually, 2% of the 13,000 reports in the database were determined
to be improperly retained. In a memo issued at the end of March
2006, Deputy Secretary of Defense Gordon England (Document
12) informed its recipients that the review of the TALON
Reporting System had been completed and confirmed that the system
"should be used only to report information regarding possible
international terrorist activity." (Note
In April 2007, the new Under Secretary of Defense for Intelligence,
Lt. Gen. James Clapper, reviewed the results of the TALON program,
reporting that he "did not believe they merit continuing
the program as currently constituted," according to a statement
released by a Pentagon spokesman. However, a final decision
on the program has not been made (or announced) by Secretary
of Defense Robert Gates. (Note 25)
In June 2007, the Department of Defense Inspector General released
the results of his review of the TALON reporting program (Document
16). Its findings included the observation that CIFA and
the Northern Command "legally gathered and maintained U.S.
person information on individuals or organizations involved
in domestic protests and demonstrations against DOD" -
information gathered for law enforcement and force protection
purposes as permitted by Defense Department directive (5200.27)
on the "Acquisition of Information Concerning Persons and
Organizations Not Affiliated with the Department of Defense."
However, CIFA did not comply with the 90-day retention review
policy specified by that directive and the CORNERSTONE database
did not have the capability to identify TALON reports with U.S.
person information, to identify reports requiring a 90-day retention
review, or allow analysts to edit or delete the TALON reports.
In August the Defense Department announced that it would shut
down the CORNERSTONE database on September 17, with information
subsequently collected on potential terror or security threats
to Defense Department facilities or personnel being sent to
an FBI data base known as GUARDIAN. A department spokesman said
the database was being terminated because "the analytical
value had declined," not due to public criticism, and that
the Pentagon was hoping to establish a new system - not necessarily
a database - to "streamline" threat reporting, according
to a statement released by the Department's public affairs office.
The following documents are in PDF format.
You will need to download and install the free Adobe
Acrobat Reader to view.
1: Under Secretary of Defense for Policy, Department of
Defense Directive 5240.1-R, Procedures Governing the Activities
of the DOD Intelligence Components That Affect United States
Persons, December 1982
This directive serves as the basic guidance for all DoD intelligence
components, including CIFA, with respect to the collection,
retention, and dissemination of information about U.S. persons.
In addition to chapters dealing with those three topics, the
directive also includes chapters on electronic surveillance,
concealed monitoring, physical searches, searches and examination
of mail, and physical surveillance.
Document 2: DoD Directive
5105.67, Department of Defense Counterintelligence Field
Activity, February 19, 2002, Unclassified
This directives serves as the charter for CIFA. It specifies
the mission of CIFA, DOD policy with regard to counterintelligence,
its original organizational structure, the responsibilities
of and functions of the senior Defense Department official responsible
for intelligence (at the time the Assistant Secretary of Defense
for C3I, the Director of CIFA, and other officials, the authorities
of the CIFA director.
3a: Counterintelligence Field Activity (CIFA) - Organization
Document 3b: Counterintelligence
Field Activity Fact Sheet. Unclassified
Freedom of Information Act Request
Document 3a shows the nine directorates that make up the organizational
structure of CIFA. Document 3b provides a description of the
functions of each of the directorates.
Paul Wolfowitz, Deputy Secretary of Defense, Memorandum, Subject:
Collection, Reporting, and Analysis of Terrorist Threats to
DoD Within the United States, May 2, 2003. For Official
This memo from the deputy secretary of defense informs its
recipients of a new DoD-wide reporting mechanism - the Threat
and Local Observation Notice (TALON) - that contains raw information
reported by members of the military as well as concerned citizens
with regard to suspicious incidents. The memo also instructs
a variety of DoD organizations to identify, collect, and report
specific types of information consistent with the TALON framework.
In addition, it specifies dissemination of such reports to appropriate
military commanders and others responsible for installation
security. One attachment provides background on the TALON system
and an example of a TALON report.
5: Department of Defense Inspector General, Counterintelligence
Field Activity Data Call Submission and Internal Control Processes
for Base Realignment and Closure 2005, May 13, 2005. For
Official Use Only
Freedom of Information Act Request
This report evaluates CIFA's provision of data with regard
to base realignment and closure for 2005. The DoD IG conclude
that CIFA's responses to the 17 questions posed "were generally
not fully supported."
DoD CIFA-W, Production and Use of Fraudulent Military Identification
Cards, July 29, 2005. For Official Use Only
This report was prepared by the Western division of the CIFA.
It reports on the production and attempted distribution of fraudulent
military identification cards - summarizing three incidents
that took place between March and July 2005. It also contains
a section on "historical perspective" and another
on "common access card (CAC) technology."
Robert W. Rogalski, Acting Deputy Under Secretary of Defense
(Counterintelligence & Security), Subject: Background
Paper, Department of Defense Counterintelligence Field Activity,
December 1, 2005, Unclassified, w/att: Memorandum, Subject:
Mission Tasking Authority, October 24, 2005
Freedom of Information Act Request
This background paper was prepared in response to press inquiries
concerning the domestic intelligence surveillance activities
of CIFA. It dates the establishment of CIFA, traces its origins,
and specifies its functions. It notes that the military departments,
rather than CIFA, are responsible for the "full spectrum"
of counterintelligence functions. In addition, it reports that
subsequent to the recommendation of a presidential panel and
consultation with the NSC, CIFA was assigned Mission Tasking
Authority - a responsibility that is explained at length in
the attached memorandum.
8: Stephen A. Cambone, Under Secretary of Defense (Intelligence)
to John Warner, Chairman, Senate Committee on Armed Services,
December 19, 2005. Unclassified
Cambone wrote this letter to Warner in response to an NBC Nightly
News story "alleging that Department of Defense (DoD) entities
are collecting information on American peace activists and monitoring
protests against the Iraq war" - specifically highlighting
entries in the TALON reporting system. In his letter Cambone
seeks "to provide you some context not otherwise reported
in the segment" - including the removal of "dots"
of information in less than 90 if not validated.
9: Gordon England, Deputy Secretary of Defense, Subject:
Retention and Use of Information for the TALON System,
January 13, 2006. Unclassified
This memo, addressed to key officials in the military services
and Defense Department agencies, followed the heavy reporting
on CIFA and TALON system that appeared in mid-December in both
major newspapers and on television. The memo both directed refresher
training for all DoD intelligence and counterintelligence personnel
on the policies associated with the TALON system, as well as
directing the director of CIFA to advise the Under Secretary
of Defense for Intelligence that all reports within the TALON
database had been scrutinized to identify any reports that should
not be in the database.
Robert W. Rogalski, Acting Deputy Under Secretary of Defense
(Counterintelligence and Security) to John Warner, Chairman,
Senate Committee on Armed Services, January 27, 2006. Unclassified
This letter is a follow-up to Stephen Cambone's December 19,
2005 letter to Warner, intended to update Warner - based on
the "nearly completed" review of the TALON system.
In it, Cambone compares the TALON reporting system to a "neighborhood
watch program" and notes the connection between TALON reporting
and follow-up investigations, how the associated data-base came
to include information about anti-base activity, and the removal
of reports on demonstration and anti-base activity, and plans
to issue new guidance.
11: Stephen A. Cambone, Under Secretary of Defense for Intelligence,
Memorandum for Director, Counterintelligence Field Activity,
Subject: The TALON/CORNERSTONE Database, February 2, 2006. Unclassified
This memorandum from the Department of Defense's senior intelligence
official to the head of CIFA, following a review of TALON reporting,
directed that all TALON reporting would conform to the provisions
of the Department of Defense Directive governing the activities
of department intelligence organizations that affect U.S. persons.
He also directed that CIFA begin an immediate review to ensure
that all reports in the TALON/CORNERSTONE database were in accordance
with the DoD directive.
12: Gordon England, Deputy Secretary of Defense, Memorandum,
Threats to the Department of Defense, March 30, 2006,
Unclassified w/enclosures: TALON Reporting System Procedures,
Department of Defense memo of May 2, 2003 (Document 3)
This memorandum, addressed to senior officials in the Defense
Department, Defense agencies and field activities, and military
departments, is another that followed the review of the TALON
Reporting System in the wake of press disclosures and questions
about surveillance of anti-war and anti-base demonstrations.
England directs the memos recipients to comply with the procedures
listed in Enclosure 1 (TALON Reporting System Procedures) and
ensure that the information in their TALON reports meet the
criteria for reporting described in that enclosure.
DoD Inspector General, Allegations of Mismanagement and
Waste Within the Counterintelligence Field Activity, September
29, 2006. For Official Use Only/Law Enforcement Sensitive
Freedom of Information Act Request
In addition to being the target of criticism for its domestic
surveillance activities, CIFA was also the subject of allegations
charging mismanagement, waste of taxpayers' dollars, and inadequate
oversight at CIFA. One individual made were nine allegations.
The DoD Inspector General's review concluded that four of the
allegations were not substantiated, three were substantiated,
and two warranted a referral to the Defense Criminal Investigative
Service. Appendix contains a summary of the allegations, the
DoD IG's findings and analysis. The specifics of the two allegations
referred to the Defense Criminal Investigative Service are redacted
from the released report.
14: Department of Defense, Information Paper: DoD TALON,
This undated paper on the TALON Reporting System, was written
subsequent to Paul Wolfowitz's May 2, 2003 memorandum, but apparently
before the controversy resulting from the December 2005 media
reporting concerning TALON. It discusses the rationale and origins
of the TALON System, noting some terrorist attacks where pre-attack
surveillance (by the terrorists) either went undetected or unreported
and "was only recognized in hindsight" and that after
9/11 a group of intelligence and security professionals met
to develop a capability to gather and analyze information reports
of suspicious activity that might indicate preparations for
a terrorist attack.
15: Department of Defense, Review of the TALON Reporting
System, n.d. Unclassified
While undated, this Department of Defense document was clearly
produced in 2006 and reports on the results of the review of
the TALON Reporting System that followed media disclosures and
questions. The memo consists of four sections: "Key Points,"
"Areas of Confusion," "Status of the Cornerstone
Database," and "Analysis of TALON Reports."
16: Department of Defense Inspector General, Report No.
07-INTEL-09, The Threat and Local Observation Notice (TALON)
Report Program, June 27, 2007. Unclassified
This inspector general report examines the legality and distribution
of TALON reports. It also discusses the extent to which TALON
reports contain U.S. person information and management actions
and the impact of the Deputy Secretary of Defense's March 30,
2006 (Document 12) memo on the number of TALON reports produced.
17a: TALON Report 902-09-11-04-110, November 9,
Document 17b: TALON
Report 902-24-02-05-136, February 24, 2005. Unclassified.
Document 17c: TALON
Report 902-01-03-05-148, March 1, 2005. Unclassified.
Document 17d: TALON
Report 902-01-03-05-152, March 1, 2005. Unclassified.
Document 17e: TALON
Report 902-07-03-05-167, March 7, 2005. Unclassified.
Document 17f: TALON
Report 902-06-04-05-304, April 6, 2005. Unclassified.
Document 17g: TALON
Report 902-08-04-05-320, April 8, 2005. Unclassified.
Document 17h: TALON
Report TECH-12-04-05-008, April 12, 2005. Unclassified.
Document 17i: TALON
Report 902-22-04-05-368, April 22, 2005. Unclassified.
These released TALON reports focus on planned protests against
the Iraq war and/or the military in general. They specify the
incident type, source, subject, and details. The subjects of
the reports include protests in the vicinity of the Sacramento
Military Entrance Processing Station, a variety of military
recruiting stations, and the Fort Lauderdale Air and Sea Show.
Groups whose protests are noted in the reports include Veterans
for Peace, the Broward Anti-War Coalition, and the American
Friends Service Committee.
Office of the Secretary of Defense (Public Affairs), DoD
to Implement Interim Threat Reporting Procedures, August
21, 2007. Unclassified
This brief announcement disclosed that CIFA would close the
TALON/CORNERSTONE database on September 17, plans to develop
a new reporting system, and information concerning force protection
threats would be sent to the FBI until a new system was developed.
1. Robert W. Rogalski, Acting Deputy Under
Secretary of Defense (Counterintelligence and Security), Memorandum
for Public Release, Subject: Background Paper, Department
of Defense Counterintelligence Field Activity, December
1, 2005; Walter Pincus, "Pentagon Expanding Its Domestic
Surveillance Activity," www.washingtopost.com, November
27, 2005; National Counterintelligence Executive, "The
Presidential Decision Directive on Counterintelligence,"
January 6, 2001, http://www.ncix.gov.
That CIFA was also known as the Joint Counterintelligence Assessment
Group is from Senator Richard Shelby, September 11 and the
Imperative of Reform in the U.S. Intelligence Community,
December 10, 2002, p. 38.
2. Department of Defense Directive 5105.67,
Department of Defense Counterintelligence Field Activity
(DoD CIFA), February 19, 2002.
3. Stephen A. Cambone, Memorandum, Subject:
Mission Tasking Authority, October 24, 2005; The Commission
on the Intelligence Capabilities of the United States Regarding
Weapons of Mass Destruction, Report to the President of
the United States (Washington, D.C.: U.S. Government Printing
Office, 2005), p. 574.
4. Cambone, Memorandum, Subject: Mission
5. Walter Pincus, "Counterintelligence
Officials Resign," www.washingtonpost.com, August 10, 2006.
6. Paul Sperry, "The Pentagon Breaks the
Islam Taboo," www.frontpagemag.com, December 14, 2005.
7. Department of Defense, Information Paper:
DoD TALON; William Martin, CIFA West, Special Report,
Production and Use of Fraudulent Military Identification
Cards, July 29, 2005.
8. Department of Defense, Information Paper:
DoD TALON, n.d.
10. Ibid.; Gordon England, Memorandum, Subject:
Threats to the Department of Defense (DoD), March 30, 2006;
William Arkin, "Early Warning - Code Name of the Week:
Cornerstone," www.washingtonpost.com, November 29, 2005;
Attachment to Paul Wolfowitz, Memorandum, Subject: Collection,
Reporting, and Analysis of Terrorist Threats to DoD Within the
United States, May 2, 2003.
11. William M. Arkin, "Early Warning
- The Pentagon Breaks the Law," www.washingtonpost.com
December 22, 2005; Arkin, "Early Warning - Code Name of
the Week: Cornerstone."
12. Lisa Myers, Douglas Pasternak, and Rich
Gardella, "Is the Pentagon spying on Americans?,"
www.msnbc.com, December 14, 2005.
14. Pincus, "Defense Facilities Pass
Along Reports of Suspicious Activity"; Myers, Pasternak,
and Gardella, "Is the Pentagon spying on Americans?";
Peter Spiegel, "Pentagon Threat Database Kept Reports It
Shouldn't Have," Los Angeles Times, April 6, 2006,
p. A31; Carol A. Haave, Deputy Under Secretary of Defense for
Counter Intelligence and Security, "Intelligence Community
Standards, Sharing and Collaboration: A Policy View," Statement
for the Record before Subcommittee on Terrorism and Homeland
Security, House Permanent Select Committee on Intelligence,
May 13, 2004, p. 6.
15. William M. Arkin, "Early Warning
- Pentagon Domestic Spying," www.washingtonpost.com, December
16. Ibid.; Myers, Pasternak, and Gardella,
"Is the Pentagon spying on Americans?"
17. Robert Block and Jay Solomon, "Pentagon
Steps Up Intelligence Efforts Inside U.S. Borders," Wall
Street Journal, April 27, 2006, pp. A1, A14.
18. Myers, Pasternak, and Gardella, "Is
the Pentagon spying on Americans?"; Walter Pincus, "Pentagon
Will Review Database on U.S. Citizens," www.washingtonpost.com,
December 15, 2005; David S. Cloud, "Pentagon Is Said to
Mishandle A Counterterrorism Database," New York Times,
December 16, 2005, p. A36. In late 2006, TALON reports released
to the ACLU included ones on planned American Friends Service
Committee protests against recruiting centers in Springfield,
Illinois and possible civil disobedience planned for three New
York area recruiting centers. Also see Erich Lichtblau and Mark
Mazzeti, "Military Data Reveal Tips on Antiwar Activities,"
New York Times, November 21, 2006, p. A17; TALON Report
902-24-02-05-136, Subject: Civil Disobedience Planned at Three
New York City Recruiting Stations for 19 March 05, February
24, 2005; TALON Report 902-07-03-05-167, Subject: Protests Against
Recruiting Centers in Springfield, IL Area on 18 March 05, March
19. "Pentagon Statement on Domestic Intelligence
Surveillance," www.fas.org, accessed December 15, 2005;
Gerry J. Gilmore, "DoD Orders Review of Anti-Threat Intel-Gathering
System," December 15, 2005, www.defenselink.mil.
20. "Pentagon Statement on Domestic Intelligence
21. Gordon England, Memorandum, Subject:
Retention and Use of Information for the TALON System,"
January 13, 2006.
22. Robert W. Rogalski, Deputy Under Secretary
of Defense (Counterintelligence and Security) to Senator Carl
Levin, January 27, 2006.
24. Spiegel, "Pentagon Threat Database
Kept Reports It Shouldn't Have"; Gordon England, Memorandum,
Subject: Threats to the Department of Defense (DoD),
March 30, 2006.
25. Mark Mazzetti, "Pentagon Intelligence
Chief Proposes Ending a Database," New York Times,
April 25, 2007, p. A16; Walter Pincus, "Pentagon to End
Talon Data-Gathering Program," www.washingtonpost.com,
April 25, 2007.
26. Inspector General, Department of Defense,
Report No. 07-INTEL-09, The Threat and Local Observation
Notice (TALON) Report Program, June 27, 2007, pp. 1-2.
27. Office of the Secretary of Defense (Public
Affairs), "DoD to Implement Interim Threat Reporting Procedures,"
August 21, 2007; Sara Wood, Armed Forces Press Service, "Defense
Department to Close Talon System," www.defenselink.mil,
August 21, 2007; Associated Press, "Pentagon to Shut controversial
database," www.msnbc.com, August 21, 2007.