home | about | documents | news | postings | FOIA | research | internships | search | donate | mailing list

The US Intelligence Community
By Jeffrey T. Richelson

Related postings

U.S. Reconnaissance Satellites: Domestic Targets
Documents Describe Use of Satellites in Support of Civil Agencies

Secrecy and U.S. Satellite Reconnaissance, 1958-1976
Even at Height of Cold War, U.S. Officials Regularly Argued Internally for More Transparency

The Vela Incident: Nuclear Test or Meteorite?
Documents Show Significant Disagreement with Presidential Panel Concerning Cause of September 22, 1979 Vela "Double-Flash" Detection

Eyes on the Bomb
U-2, CORONA, and KH-7 Imagery of Foreign Nuclear Installations

The Spy Satellite So Stealthy that the Senate Couldn't Kill It
Secret Program First Described in Book by Archive Senior Fellow

Eyes on Saddam
U.S. overhead imagery of Iraq

The U-2, OXCART, and the SR-71
U.S. aerial espionage in the Cold War and beyond

Science, Technology and the CIA
From satellites to psychics

Reconnaissance Flights and Sino-American Relations
Policy Developments and a Hainan Island Incident, 1969-1970

The NRO Declassified
The creation and evolution of America's secretive spy satellite agency

U.S. Satellite Imagery, 1960-1999



The Pentagon's Counterspies

The Counterintelligence Field Activity (CIFA)

Documents Describe Organization and Operations of Controversial Agency and Database

National Security Archive Electronic Briefing Book No. 230
Edited by Jeffrey Richelson

Posted - September 17, 2007

For more information contact:
Jeffrey Richelson - 202/994-7000


Washington, DC, September 17, 2007 - Today the National Security Archive publishes a collection of documents concerning the organization and operations of the Pentagon's Counterintelligence Field Activity (CIFA) and the TALON/CORNERSTONE database it has maintained. As the Defense Department announced on August 21, today that database will be terminated while work on new procedures for reporting of threats to the Defense Department and its facilities continues. In the interim, threat reports will be transmitted to the FBI.

The declassified documents published today include the key Department of Defense directive on the collection of information about Americans, as well as documents on the organization and missions of CIFA, an evaluation of charges of mismanagement by CIFA executives, and examples of data collected about protest activities as part of the Threat And Local Observation Notice (TALON) system.

Central to the collection are the documents that show the internal and public response by the Defense Department to questions raised about the propriety of the data base - specifically, its collection and retention of data on political protests. Also, included is a DoD Inspector General report on the operation of the TALON system, identifying a number of problems in operation of the system.

Electronic Briefing Book
The Pentagon's Counterspies
The Counterintelligence Field Activity (CIFA)
By Jeffrey Richelson

The Counterintelligence Field Activity (CIFA), also known for a time as the Joint Counterintelligence Assessment Group (JCAG), was established by Department of Defense Directive 5105.67 (Document 2) in February 2002. A Defense Department background paper (Document 7) traces CIFA's origins to Presidential Decision Directive (PDD)- 75, "U.S. Counterintelligence Effectiveness - Counterintelligence for the 21st Century," signed by President William Clinton on January 5, 2001. PDD-75 called for a predictive and proactive counterintelligence (CI) system with integrated oversight of counterintelligence issues across national security agencies. (Note 1)

CIFA's functions, according to the February 2002 directive were to include:

  • evaluating DoD counterintelligence activities to determine the extent to which counterintelligence policies and resources adequately protect the Defense Department against the threats of "espionage, terrorism, sabotage, assassination, and other covert or clandestine activities, including those of foreign intelligence services,"
  • providing counterintelligence threat assessments, advisories, and risk assessments to the heads of DoD components,
  • providing "tailored analytical and data-mining support" to DoD counterintelligence field elements and activities,
  • conducting "Domestic Threat Analyses and Risk Assessments," and
  • identifying and tracking "technologies requiring protection." (Note 2)

In 2005 CIFA's authority was expanded when it received mission tasking authority (MTA) over the counterintelligence organizations of the military departments, such as the Air Force Office of Special Investigations and the counterintelligence components of Defense Department agencies. An even more extensive expansion of CIFA's authority had been proposed earlier that year by The Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, also known as the Robb-Silberman Commission. The Commission suggested that CIFA "should have operational and investigative authority to coordinate and conduct counterintelligence activities throughout the Defense Department." (Note 3)

After consultations with the National Security Council staff members responsible for implementing the Commission's recommendations, the Defense Department expanded CIFA's authority, but not to the extent suggested by the Commission. The tasking authority assigned to CIFA does not allow it to conduct counterintelligence agencies throughout the Defense Department but allows it to task any military department or DoD agency counterintelligence component to "execute a specific CI mission or conduct a CI function within that organization's charter." (Note 4)

CIFA has about 400 full-time employees and provides work for 800-900 contractor personnel. (Note 5) Its organizational structure (Document 3a) includes nine directorates, whose missions are explained in the CIFA Fact Sheet (Document 3b).

Among the reports produced by CIFA are Significant Activity Summaries, Special Reports, Briefings, and Threat Advisories. According to one report, one briefing paper prepared by CIFA concerns whether Islam has been radicalized by terrorists or is inherently radical and supportive of terrorism. The briefing noted that "political Islam wages an ideological battle against the non-Islamic world at the tactical, operational and strategic level. The West's response is focused at the tactical and operational level, leaving the strategic level - Islam - unaddressed." (Note 6)

A special report produced by CIFA's West Coast detachment is the July 29, 2005, Production and Use of Fraudulent Military Identification Cards (Document 6). It summarized several incidents, including the observation of three individuals in a restaurant in Yukon, Oklahoma, using a laptop computer to produce what appeared to be military ID cards. Also noted was the seizure of equipment used to produce counterfeit military ID cards following a traffic stop near an Air National Guard Base in Michigan. (Note 7)

The information contained in the report concerning the incidents in Oklahoma and Michigan were drawn from reports that had been produced as part of CIFA's Threat and Local Observation Notice (TALON) reporting system - a system first established by the Air Force prior to the creation of CIFA. (Note 8) A Defense Department information paper (Document 14) on the system stated that:

The ability to acquire and analyze suspicious activity reports for indications of possible terrorist pre-attack activities is an absolutely critical component of the intelligence support to [the] force protection mission. Terrorists have the advantage of choosing the time and venue for their attacks, but normally have to conduct extensive pre-attack preparations to maximize their chances of success. The pre-attack phase of a terrorist operation, however, is the period of greatest vulnerability to the terrorist group, since it must surface to collect intelligence and conduct physical surveillance and other activities of the target... Therefore, an effective system for detecting terrorist pre-attack activities is a high priority task for the intelligence community, law enforcement, security elements, and local community authorities. (Note 9)

In May 2003, the Deputy Secretary of Defense decreed (Document 4) that TALON would be the formal mechanism for assembling and sharing "non-validated" domestic information among intelligence, counterintelligence, law enforcement, security, and force protection organizations. Events reported (by DoD personnel, "concerned citizens," or local law enforcement) under the TALON system were to include "non-specific" threats to the Defense Department; suspected surveillance of DoD facilities and personnel; elicitation (attempts to obtain security-related or military-specific information by anyone without the appropriate security clearance and need-to-know); tests of security; unusual repetitive activity; bomb threats; as well as any other suspicious activity. He also directed that, "to the maximum extent possible," TALON reports should be classified at the lowest possible level to ensure maximum distribution." (Note 10)

As of 2005, the database of TALON and other counterintelligence reports was designated CORNERSTONE, while the intelligence and law enforcement system for sharing TALON and other related reports is known as the Joint Protection Enterprise Network (JPEN). In late 2005, it was reported that an effort, designated Project Voyager, was underway to improve the CORNERSTONE database to support coordination with local, state and federal law enforcement. (Note 11)

The database consists of a chronological listing by report date that also provides an incident date, incident summary, locations of the city/installation and state of the incident, type of incident (e.g. threat or anti-DoD vandalism), the disposition of the case (open or unresolved), credibility, whether the report was further researched, and the reason a report was discounted. The database is also undoubtedly used in data mining activities. Since March 2004, CIFA has awarded at least $33 million to a variety of major corporations to develop techniques for combing through classified and unclassified documents, commercial information, and Internet traffic to detect terrorists and spies. (Note 12)

One CIFA-supported database project, conducted by Northrop Grumman and designated "Person Search," is intended to "provide comprehensive information about people of interest." It is intended to include the ability to search government and commercial databases. The objective of a second project, "The Insider Threat Initiative," is, according to the Computer Sciences Corporation contract, to "develop systems able to detect mitigate and investigate insider threats," as well as to "identify and document normal and abnormal activities and 'behaviors'." Another contract provided a small firm with funding to develop techniques "to track and monitor activities of suspect individuals." (Note 13)

The Air Force produced 1,200 such reports in the 14 month period concluding at the end of September 2003. In the program's first year CIFA received more than 5,000 TALON reports. By mid-January 2006, the database contained about 13,000 items. (Note 14)

The database of TALON reports has contained some very different types of reports. The 400-page database of 1,519 "suspicious" incidents that were observed between July 2004 and May 2005 contained about two dozen that appeared to concern real threats. In August 2004 there was an aborted terrorist attack against Florida governor Jeb Bush and the USS Momsen at Panama City, Florida, during a decommissioning ceremony. Two reports from November 2004 concerned possible surveillance of the National Security Agency by nationals from the People's Republic of China and three North Korean illegals found on the Luke Air Force Base Bombing Range in Arizona. Reports from May 2005 concerned a South Florida Al-Qaeda associate who was in possession of a pilot's license and had worked as a baggage handler at a Florida airport, and the identification of a U.S. person as an alleged financial conduit for suspected Al-Qaeda members. (Note 15)

A very different type of TALON report from August 2004 concerned the arrest, in Atlanta, Georgia, of a Navy enlisted man for driving under the influence; a subsequent search of his vehicle revealed "a picture of Usama bin Laden displayed as a screensaver on [his] cellular telephone. But it was a third type of TALON report, concerning the anti-war movement, that would prove to be controversial. One of these was a report submitted by the 902nd Military Intelligence Group, the Army Intelligence and Security Command's domestic counterintelligence unit. The report, which was listed in the database as pertaining to a "threat," concerned a small gathering of activists at a Quaker Meeting House in Lake Worth, Florida, to plan a protest of military recruiting at local high schools. (Note 16)

Another example of an event that attracted the attention of the 902nd was a March 2005 peace march through the streets of Akron, Ohio, that involved about 200 people and included stops outside a Marine Corps recruiting center and FBI office to listen to speeches against the Iraq war. Based on a tip from the Pentagon the marchers were followed by police cars. In addition, analysts with 902nd downloaded information from activist web sites, intercepted e-mails, and cross-referenced the data they acquired with information in police databases. In that or other instances photographs and records of protesters and their vehicles have been reviewed to determine if different activities were being organized by the same individuals. The analyst's conclusion was that "Even though these demonstrations are advertised as 'peaceful,' they are assessed to present apotential force protection threat." (Note 17)

There were approximately four dozen reports concerning anti-war meetings or protests, including reports that remained in the database long after it was concluded that the targets were unrelated to any threat. Among the meetings that attracted the attention of military counterintelligence authorities were a large anti-war protest in Los Angeles in March 2005, a planned protest against military recruiters in Boston in December 2004, a planned demonstration outside the gates of the Fort Collins, Colorado, military base, and a planned protest at McDonald's National Salute to America's Heroes - a military air and sea show in Ft. Lauderdale, Florida. It was concluded that the Ft. Lauderdale protest was not a credible threat and a column in the database noted that it was a "US group exercising constitutional rights." (Note 18)

Press revelations - particularly in the Washington Post, the Post's Early Warning Web log, and on NBC - that CIFA's TALON database included reports on such activities revived memories of Army surveillance of anti-war activities during the 1970s, and the concern, by some, that the Pentagon had crossed the line from legitimate force protection activities to unjustified snooping on legitimate political activities. The Defense Department's response to the disclosures included a statement offering reassurance that the department "views with the greatest concern any potential violation of strict DoD policy governing authorized counter-intelligence efforts and support to law enforcement." More concretely, it claimed that a "dot of information that was not validated as threatening is required to be removed from the TALON system in less than ninety days." (Note 19)

The statement also revealed, in addition to a review of the TALON system that had been initiated in October by CIFA, that the Under Secretary of Defense for Intelligence had directed that four actions be taken after an initial assessment of TALON reporting procedures: (1) a "thorough review of the TALON reporting system to ensure it complies fully with DoD and U.S. laws"; (2) a review to determine whether TALON policies and procedures "are being properly applied with respect to any reporting and retention of information about any U.S. persons; (3) a review of the TALON data base to identify any other information improperly in the data base; and (4) refresher training for all DoD counterintelligence and intelligence personnel "concerning laws, policies, and procedures governing collection, reporting and storing information related to warning of potential threats to DoD personnel, facilities, or national security interests." (Note 20)

The statement was followed by a January 13, 2006, memo from the Deputy Secretary of Defense (Document 9) concerning the "Retention and Use of Information for the TALON System." In addition to specifying refresher training it gave the Director of CIFA until January 17, 2006, to advise the Under Secretary of Defense for Intelligence that all reports in the TALON database had been reviewed to identify any reports that did not belong. It also noted that the Under Secretary had established a working group to "review and recommend changes to policy and procedures employed in the TALON program to ensure compliance with DoD policy." (Note 21)

Two weeks later, Deputy Under Secretary of Defense (Counterintelligence and Security) Robert W. Rogalski provided an update (Document 10) on the review of the TALON system to the ranking member of the Senate Committee on Armed Services. In his letter, Rogalski stated that TALON reporting had led to "a number of investigations," including terrorism investigations as well as identifying patterns that allowed the Defense Department to change security procedures in order to deter potential terrorist activities. Rogalski also wrote that:

Although the TALON reporting system was intended to document suspicious incidents possibly linked to foreign terrorist threats to DoD resources, some came to view the system as a means to report information about demonstrations and anti-base activity that would be of interest to field commanders from a force protection perspective. A very small percentage of these reports were submitted to the TALON/CORNERSTONE database.

CIFA has removed the TALON reports on demonstrations and anti-base activity from the database. The process to remove other reports that are no longer analytically significant is ongoing. All TALON reports are now reviewed at CIFA upon receipt to ensure compliance with the TALON reporting criteria. (Note 22)

He also promised that the Defense Department would soon issue detailed guidance that would clarify the purpose of the database, the rules governing the collection and retention of information, and specify more detailed procedures to be followed. In addition, Rogalski reported, the database would be reviewed again to ensure compliance. (Note 23)

Eventually, 2% of the 13,000 reports in the database were determined to be improperly retained. In a memo issued at the end of March 2006, Deputy Secretary of Defense Gordon England (Document 12) informed its recipients that the review of the TALON Reporting System had been completed and confirmed that the system "should be used only to report information regarding possible international terrorist activity." (Note 24)

In April 2007, the new Under Secretary of Defense for Intelligence, Lt. Gen. James Clapper, reviewed the results of the TALON program, reporting that he "did not believe they merit continuing the program as currently constituted," according to a statement released by a Pentagon spokesman. However, a final decision on the program has not been made (or announced) by Secretary of Defense Robert Gates. (Note 25)

In June 2007, the Department of Defense Inspector General released the results of his review of the TALON reporting program (Document 16). Its findings included the observation that CIFA and the Northern Command "legally gathered and maintained U.S. person information on individuals or organizations involved in domestic protests and demonstrations against DOD" - information gathered for law enforcement and force protection purposes as permitted by Defense Department directive (5200.27) on the "Acquisition of Information Concerning Persons and Organizations Not Affiliated with the Department of Defense." However, CIFA did not comply with the 90-day retention review policy specified by that directive and the CORNERSTONE database did not have the capability to identify TALON reports with U.S. person information, to identify reports requiring a 90-day retention review, or allow analysts to edit or delete the TALON reports. (Note 26)

In August the Defense Department announced that it would shut down the CORNERSTONE database on September 17, with information subsequently collected on potential terror or security threats to Defense Department facilities or personnel being sent to an FBI data base known as GUARDIAN. A department spokesman said the database was being terminated because "the analytical value had declined," not due to public criticism, and that the Pentagon was hoping to establish a new system - not necessarily a database - to "streamline" threat reporting, according to a statement released by the Department's public affairs office. (Note 27)

Read the Documents
Note: The following documents are in PDF format.
You will need to download and install the free Adobe Acrobat Reader to view.

Document 1: Under Secretary of Defense for Policy, Department of Defense Directive 5240.1-R, Procedures Governing the Activities of the DOD Intelligence Components That Affect United States Persons, December 1982
Source: www.dhs.mil/whs/directives

This directive serves as the basic guidance for all DoD intelligence components, including CIFA, with respect to the collection, retention, and dissemination of information about U.S. persons. In addition to chapters dealing with those three topics, the directive also includes chapters on electronic surveillance, concealed monitoring, physical searches, searches and examination of mail, and physical surveillance.

Document 2: DoD Directive 5105.67, Department of Defense Counterintelligence Field Activity, February 19, 2002, Unclassified
Source: www.dhs.mil/whs/directives

This directives serves as the charter for CIFA. It specifies the mission of CIFA, DOD policy with regard to counterintelligence, its original organizational structure, the responsibilities of and functions of the senior Defense Department official responsible for intelligence (at the time the Assistant Secretary of Defense for C3I, the Director of CIFA, and other officials, the authorities of the CIFA director.

Document 3a: Counterintelligence Field Activity (CIFA) - Organization Chart. Unclassified
Document 3b: Counterintelligence Field Activity Fact Sheet. Unclassified
Source: Freedom of Information Act Request

Document 3a shows the nine directorates that make up the organizational structure of CIFA. Document 3b provides a description of the functions of each of the directorates.

Document 4: Paul Wolfowitz, Deputy Secretary of Defense, Memorandum, Subject: Collection, Reporting, and Analysis of Terrorist Threats to DoD Within the United States, May 2, 2003. For Official Use Only
Source: www.washingtonpost.com/earlywarning

This memo from the deputy secretary of defense informs its recipients of a new DoD-wide reporting mechanism - the Threat and Local Observation Notice (TALON) - that contains raw information reported by members of the military as well as concerned citizens with regard to suspicious incidents. The memo also instructs a variety of DoD organizations to identify, collect, and report specific types of information consistent with the TALON framework. In addition, it specifies dissemination of such reports to appropriate military commanders and others responsible for installation security. One attachment provides background on the TALON system and an example of a TALON report.

Document 5: Department of Defense Inspector General, Counterintelligence Field Activity Data Call Submission and Internal Control Processes for Base Realignment and Closure 2005, May 13, 2005. For Official Use Only
Source: Freedom of Information Act Request

This report evaluates CIFA's provision of data with regard to base realignment and closure for 2005. The DoD IG conclude that CIFA's responses to the 17 questions posed "were generally not fully supported."

Document 6
: DoD CIFA-W, Production and Use of Fraudulent Military Identification Cards, July 29, 2005. For Official Use Only
Source: www.washingtonpost.com/earlywarning

This report was prepared by the Western division of the CIFA. It reports on the production and attempted distribution of fraudulent military identification cards - summarizing three incidents that took place between March and July 2005. It also contains a section on "historical perspective" and another on "common access card (CAC) technology."

Document 7: Robert W. Rogalski, Acting Deputy Under Secretary of Defense (Counterintelligence & Security), Subject: Background Paper, Department of Defense Counterintelligence Field Activity, December 1, 2005, Unclassified, w/att: Memorandum, Subject: Mission Tasking Authority, October 24, 2005
Source: Freedom of Information Act Request

This background paper was prepared in response to press inquiries concerning the domestic intelligence surveillance activities of CIFA. It dates the establishment of CIFA, traces its origins, and specifies its functions. It notes that the military departments, rather than CIFA, are responsible for the "full spectrum" of counterintelligence functions. In addition, it reports that subsequent to the recommendation of a presidential panel and consultation with the NSC, CIFA was assigned Mission Tasking Authority - a responsibility that is explained at length in the attached memorandum.

Document 8: Stephen A. Cambone, Under Secretary of Defense (Intelligence) to John Warner, Chairman, Senate Committee on Armed Services, December 19, 2005. Unclassified
Source: www.defenselink.mil/pubs/foi/talon_policy.pdf

Cambone wrote this letter to Warner in response to an NBC Nightly News story "alleging that Department of Defense (DoD) entities are collecting information on American peace activists and monitoring protests against the Iraq war" - specifically highlighting entries in the TALON reporting system. In his letter Cambone seeks "to provide you some context not otherwise reported in the segment" - including the removal of "dots" of information in less than 90 if not validated.

Document 9: Gordon England, Deputy Secretary of Defense, Subject: Retention and Use of Information for the TALON System, January 13, 2006. Unclassified
Source: www.washingtonpost.com/earlywarning

This memo, addressed to key officials in the military services and Defense Department agencies, followed the heavy reporting on CIFA and TALON system that appeared in mid-December in both major newspapers and on television. The memo both directed refresher training for all DoD intelligence and counterintelligence personnel on the policies associated with the TALON system, as well as directing the director of CIFA to advise the Under Secretary of Defense for Intelligence that all reports within the TALON database had been scrutinized to identify any reports that should not be in the database.

Document 10: Robert W. Rogalski, Acting Deputy Under Secretary of Defense (Counterintelligence and Security) to John Warner, Chairman, Senate Committee on Armed Services, January 27, 2006. Unclassified
Source: www.defenselink.mil/pubs/foi/talon_policy.pdf

This letter is a follow-up to Stephen Cambone's December 19, 2005 letter to Warner, intended to update Warner - based on the "nearly completed" review of the TALON system. In it, Cambone compares the TALON reporting system to a "neighborhood watch program" and notes the connection between TALON reporting and follow-up investigations, how the associated data-base came to include information about anti-base activity, and the removal of reports on demonstration and anti-base activity, and plans to issue new guidance.

Document 11: Stephen A. Cambone, Under Secretary of Defense for Intelligence, Memorandum for Director, Counterintelligence Field Activity, Subject: The TALON/CORNERSTONE Database, February 2, 2006. Unclassified
Source: www.defenselink.mil/pubs/foi/talon_policy.pdf

This memorandum from the Department of Defense's senior intelligence official to the head of CIFA, following a review of TALON reporting, directed that all TALON reporting would conform to the provisions of the Department of Defense Directive governing the activities of department intelligence organizations that affect U.S. persons. He also directed that CIFA begin an immediate review to ensure that all reports in the TALON/CORNERSTONE database were in accordance with the DoD directive.

Document 12: Gordon England, Deputy Secretary of Defense, Memorandum, Threats to the Department of Defense, March 30, 2006, Unclassified w/enclosures: TALON Reporting System Procedures, Department of Defense memo of May 2, 2003 (Document 3)
Source: www.defenselink.mil/pubs/foi/talon_policy.pdf

This memorandum, addressed to senior officials in the Defense Department, Defense agencies and field activities, and military departments, is another that followed the review of the TALON Reporting System in the wake of press disclosures and questions about surveillance of anti-war and anti-base demonstrations. England directs the memos recipients to comply with the procedures listed in Enclosure 1 (TALON Reporting System Procedures) and ensure that the information in their TALON reports meet the criteria for reporting described in that enclosure.

Document 13: DoD Inspector General, Allegations of Mismanagement and Waste Within the Counterintelligence Field Activity, September 29, 2006. For Official Use Only/Law Enforcement Sensitive
Source: Freedom of Information Act Request

In addition to being the target of criticism for its domestic surveillance activities, CIFA was also the subject of allegations charging mismanagement, waste of taxpayers' dollars, and inadequate oversight at CIFA. One individual made were nine allegations. The DoD Inspector General's review concluded that four of the allegations were not substantiated, three were substantiated, and two warranted a referral to the Defense Criminal Investigative Service. Appendix contains a summary of the allegations, the DoD IG's findings and analysis. The specifics of the two allegations referred to the Defense Criminal Investigative Service are redacted from the released report.

Document 14: Department of Defense, Information Paper: DoD TALON, n.d. Unclassified
Source: www.pbs.org/now/politics/TALON.pdf

This undated paper on the TALON Reporting System, was written subsequent to Paul Wolfowitz's May 2, 2003 memorandum, but apparently before the controversy resulting from the December 2005 media reporting concerning TALON. It discusses the rationale and origins of the TALON System, noting some terrorist attacks where pre-attack surveillance (by the terrorists) either went undetected or unreported and "was only recognized in hindsight" and that after 9/11 a group of intelligence and security professionals met to develop a capability to gather and analyze information reports of suspicious activity that might indicate preparations for a terrorist attack.

Document 15: Department of Defense, Review of the TALON Reporting System, n.d. Unclassified
Source: www.aclu.org

While undated, this Department of Defense document was clearly produced in 2006 and reports on the results of the review of the TALON Reporting System that followed media disclosures and questions. The memo consists of four sections: "Key Points," "Areas of Confusion," "Status of the Cornerstone Database," and "Analysis of TALON Reports."

Document 16: Department of Defense Inspector General, Report No. 07-INTEL-09, The Threat and Local Observation Notice (TALON) Report Program, June 27, 2007. Unclassified
Source: www.dodig.mil

This inspector general report examines the legality and distribution of TALON reports. It also discusses the extent to which TALON reports contain U.S. person information and management actions and the impact of the Deputy Secretary of Defense's March 30, 2006 (Document 12) memo on the number of TALON reports produced.

Document 17a: TALON Report 902-09-11-04-110, November 9, 2004. Unclassified.
Document 17b: TALON Report 902-24-02-05-136, February 24, 2005. Unclassified.
Document 17c: TALON Report 902-01-03-05-148, March 1, 2005. Unclassified.
Document 17d: TALON Report 902-01-03-05-152, March 1, 2005. Unclassified.
Document 17e: TALON Report 902-07-03-05-167, March 7, 2005. Unclassified.
Document 17f: TALON Report 902-06-04-05-304, April 6, 2005. Unclassified.
Document 17g: TALON Report 902-08-04-05-320, April 8, 2005. Unclassified.
Document 17h: TALON Report TECH-12-04-05-008, April 12, 2005. Unclassified.
Document 17i: TALON Report 902-22-04-05-368, April 22, 2005. Unclassified.
Source: www.aclu.org

These released TALON reports focus on planned protests against the Iraq war and/or the military in general. They specify the incident type, source, subject, and details. The subjects of the reports include protests in the vicinity of the Sacramento Military Entrance Processing Station, a variety of military recruiting stations, and the Fort Lauderdale Air and Sea Show. Groups whose protests are noted in the reports include Veterans for Peace, the Broward Anti-War Coalition, and the American Friends Service Committee.

Document 18: Office of the Secretary of Defense (Public Affairs), DoD to Implement Interim Threat Reporting Procedures, August 21, 2007. Unclassified
Source: www.defenselink.mil

This brief announcement disclosed that CIFA would close the TALON/CORNERSTONE database on September 17, plans to develop a new reporting system, and information concerning force protection threats would be sent to the FBI until a new system was developed.


1. Robert W. Rogalski, Acting Deputy Under Secretary of Defense (Counterintelligence and Security), Memorandum for Public Release, Subject: Background Paper, Department of Defense Counterintelligence Field Activity, December 1, 2005; Walter Pincus, "Pentagon Expanding Its Domestic Surveillance Activity," www.washingtopost.com, November 27, 2005; National Counterintelligence Executive, "The Presidential Decision Directive on Counterintelligence," January 6, 2001, http://www.ncix.gov. That CIFA was also known as the Joint Counterintelligence Assessment Group is from Senator Richard Shelby, September 11 and the Imperative of Reform in the U.S. Intelligence Community, December 10, 2002, p. 38.

2. Department of Defense Directive 5105.67, Department of Defense Counterintelligence Field Activity (DoD CIFA), February 19, 2002.

3. Stephen A. Cambone, Memorandum, Subject: Mission Tasking Authority, October 24, 2005; The Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, Report to the President of the United States (Washington, D.C.: U.S. Government Printing Office, 2005), p. 574.

4. Cambone, Memorandum, Subject: Mission Tasking Authority.

5. Walter Pincus, "Counterintelligence Officials Resign," www.washingtonpost.com, August 10, 2006.

6. Paul Sperry, "The Pentagon Breaks the Islam Taboo," www.frontpagemag.com, December 14, 2005.

7. Department of Defense, Information Paper: DoD TALON; William Martin, CIFA West, Special Report, Production and Use of Fraudulent Military Identification Cards, July 29, 2005.

8. Department of Defense, Information Paper: DoD TALON, n.d.

9. Ibid.

10. Ibid.; Gordon England, Memorandum, Subject: Threats to the Department of Defense (DoD), March 30, 2006; William Arkin, "Early Warning - Code Name of the Week: Cornerstone," www.washingtonpost.com, November 29, 2005; Attachment to Paul Wolfowitz, Memorandum, Subject: Collection, Reporting, and Analysis of Terrorist Threats to DoD Within the United States, May 2, 2003.

11. William M. Arkin, "Early Warning - The Pentagon Breaks the Law," www.washingtonpost.com December 22, 2005; Arkin, "Early Warning - Code Name of the Week: Cornerstone."

12. Lisa Myers, Douglas Pasternak, and Rich Gardella, "Is the Pentagon spying on Americans?," www.msnbc.com, December 14, 2005.

13. Ibid.

14. Pincus, "Defense Facilities Pass Along Reports of Suspicious Activity"; Myers, Pasternak, and Gardella, "Is the Pentagon spying on Americans?"; Peter Spiegel, "Pentagon Threat Database Kept Reports It Shouldn't Have," Los Angeles Times, April 6, 2006, p. A31; Carol A. Haave, Deputy Under Secretary of Defense for Counter Intelligence and Security, "Intelligence Community Standards, Sharing and Collaboration: A Policy View," Statement for the Record before Subcommittee on Terrorism and Homeland Security, House Permanent Select Committee on Intelligence, May 13, 2004, p. 6.

15. William M. Arkin, "Early Warning - Pentagon Domestic Spying," www.washingtonpost.com, December 14, 2005.

16. Ibid.; Myers, Pasternak, and Gardella, "Is the Pentagon spying on Americans?"

17. Robert Block and Jay Solomon, "Pentagon Steps Up Intelligence Efforts Inside U.S. Borders," Wall Street Journal, April 27, 2006, pp. A1, A14.

18. Myers, Pasternak, and Gardella, "Is the Pentagon spying on Americans?"; Walter Pincus, "Pentagon Will Review Database on U.S. Citizens," www.washingtonpost.com, December 15, 2005; David S. Cloud, "Pentagon Is Said to Mishandle A Counterterrorism Database," New York Times, December 16, 2005, p. A36. In late 2006, TALON reports released to the ACLU included ones on planned American Friends Service Committee protests against recruiting centers in Springfield, Illinois and possible civil disobedience planned for three New York area recruiting centers. Also see Erich Lichtblau and Mark Mazzeti, "Military Data Reveal Tips on Antiwar Activities," New York Times, November 21, 2006, p. A17; TALON Report 902-24-02-05-136, Subject: Civil Disobedience Planned at Three New York City Recruiting Stations for 19 March 05, February 24, 2005; TALON Report 902-07-03-05-167, Subject: Protests Against Recruiting Centers in Springfield, IL Area on 18 March 05, March 7, 2005.

19. "Pentagon Statement on Domestic Intelligence Surveillance," www.fas.org, accessed December 15, 2005; Gerry J. Gilmore, "DoD Orders Review of Anti-Threat Intel-Gathering System," December 15, 2005, www.defenselink.mil.

20. "Pentagon Statement on Domestic Intelligence Surveillance."

21. Gordon England, Memorandum, Subject: Retention and Use of Information for the TALON System," January 13, 2006.

22. Robert W. Rogalski, Deputy Under Secretary of Defense (Counterintelligence and Security) to Senator Carl Levin, January 27, 2006.

23. Ibid.

24. Spiegel, "Pentagon Threat Database Kept Reports It Shouldn't Have"; Gordon England, Memorandum, Subject: Threats to the Department of Defense (DoD), March 30, 2006.

25. Mark Mazzetti, "Pentagon Intelligence Chief Proposes Ending a Database," New York Times, April 25, 2007, p. A16; Walter Pincus, "Pentagon to End Talon Data-Gathering Program," www.washingtonpost.com, April 25, 2007.

26. Inspector General, Department of Defense, Report No. 07-INTEL-09, The Threat and Local Observation Notice (TALON) Report Program, June 27, 2007, pp. 1-2.

27. Office of the Secretary of Defense (Public Affairs), "DoD to Implement Interim Threat Reporting Procedures," August 21, 2007; Sara Wood, Armed Forces Press Service, "Defense Department to Close Talon System," www.defenselink.mil, August 21, 2007; Associated Press, "Pentagon to Shut controversial database," www.msnbc.com, August 21, 2007.

home | about | documents | news | postings | FOIA | research | internships | search | donate | mailing list

Contents of this Web site Copyright 1995-2017 National Security Archive. All rights reserved.
Terms and conditions for use of materials found on this Web site.