It simply boils down to how interested we are in the truth.

It's Not Academic
We can sort through the mountain of pre-war electronic Iraqi data--if we want to.
by Michael Tanji 02/08/2006

IT WAS REFRESHING to read that House Intelligence Committee Chairman Peter Hoekstra still holds out hope that the conventional wisdom about Saddam's WMD programs is wrong. Given the tremendous reservoir of data on such programs that is still largely untapped we should only consider closing the book on such an important issue is when we have exhausted all possible options.

The two biggest concerns about sifting through this mountain of data center around complexity and time. Namely: How is it possible to make sense out of what is essentially an unruly and only loosely cataloged mass of data? And, how long would such a project take? Academia provides at least a start to answering these questions.

Dr. Simson Garfinkel, post-doctoral fellow at Harvard, has recognized many of the shortcomings with the traditional method of computer forensics. Garfinkel purchases random hard drives that he knows nothing about and, using a process called "cross drive analysis," evaluates the data found on each drive. He then works his way backwards to identify what was being done with the drive, and attempts to identify who previously owed it.

Drs. Roussev and Richard at the Department of Computer Science at the University of New Orleans have been conducting research designed to overcome the computing performance wall that traditional single-computer approaches take. By distributing computing tasks among many processors in a cluster supercomputer the two have demonstrated that common forensics tasks that could take hours instead can be done in minutes or seconds.

While these ideas come from academia, they are not "academic" solutions to a notional problem. These methodologies work today, on real problems our intelligence services are currently facing. The reliance on the law-enforcement approach to digital media exploitation; the implementation of user-friendly forensics applications for use by non-experts, the insistence on following well-accepted approaches designed to withstand judicial scrutiny; and the focus on a single item or small collection of items easily attributed to a single user, are the primary reasons why we've not been able to uncover the full extent of what might be sitting right in front of us.

This is not to say that the traditional computer forensics approach has no place in the quest for truth and justice. The beauty of digital media is that exact duplicates of original materials can be made for use by anyone with a need to see and exploit the data. It is true that the data captured in the course of Iraqi Freedom belongs to the Iraqis. Like any good forensics effort we are using copies of originals. But there is nothing to stop the Iraqis from using the tremendous cache of data taken after the fall of Saddam's regime--and using the law enforcement approach--to supplement the already ample evidence being used against him in trial.

At the risk of beating a dead horse, let me remind you of what kind of data can be found on captured media:

* The laptop belonging to Zacharias Moussaoui contained information about his connections to the "Hamburg cell" that was responsible for the 9/11 attacks.

* Computers used by University of Idaho graduate student Sami Omar al-Hussayen were used to create and mange a network of websites that the government charged provided material support to terrorists.

* Newsweek reported that the laptop of an al Qaeda sleeper agent in the United States--Ali Salleh al-Marri--contained data on poisonous chemicals, cyber attacks, and information on potential targets such as dams, reservoirs, and railroads.

Without a more thorough examination of all data available to us--audio tapes, digital media, and interviews with people with new information--we cannot honestly say that we've exhausted all options available in addressing what was or was not going on in Iraq prior to the war. It simply boils down to how interested we are in the truth.

Michael Tanji is a former senior intelligence officer and an associate of the Terrorism Research Center. He opines on intelligence and security issues at blog.groupintel.com.