Most FBI investigations are conducted by the Bureau’s criminal, counterterrorism, or counterintelligence divisions. Whether they are investigating organized crime, international terrorism, or Russian involvement in the 2016 U.S. presidential campaign, all of these divisions use a technique of investigation called the enterprise theory.
Enterprise theory allows investigators to structure their understanding of crimes that once seemed too vast to understand. Enterprise theory is to investigation as grammar is to language. Without grammar, language would be a sprawling mush of verbiage. Without the enterprise theory, FBI investigators would find it practically impossible to wrap their minds around criminal activities of sprawling scope—criminal activities for which many people share responsibility.
In recent decades, enterprise theory was notably advanced by agents such as Bruce Mouw and Philip Scala, who brought down John Gotti and the Gambinos in the early 1990s. Enterprise theory was an answer to a problem that had been more than a century in the making: the problem of organized criminal activity in the United States. As far back as Reconstruction, racist groups built on hierarchical structures, such as the Ku Klux Klan, conspired to commit criminal violence against African American communities in the rural South. During the same period and with a similar discipline, Tammany Hall in New York City built a system of public corruption involving government officials. Among the immigrant throngs that passed through Ellis Island were mobsters, and La Cosa Nostra learned to do business in Queens as it had done in Palermo. All these criminal subcultures thrived. They showed that criminals working together were much more effective than criminals working alone.
Compared with these adversaries, local police and prosecutors investigating individual criminal acts in isolation were outgunned and outmatched. Organized criminal groups—with multiple members organized in hierarchies, supported by transportation and communications infrastructure—had no trouble staying one step ahead of the law. While these criminal enterprises grew and evolved over a century, American law enforcement—including the FBI, from its inception in 1908—questioned the very existence of organized crime.
That changed on November 14, 1957, when Joseph Barbara hosted a meeting at his country home in Apalachin, New York. High-ranking members from more than fifty organized-crime groups around the U.S. converged on Apalachin, about a three-hour drive northwest of Manhattan, not far from the Pennsylvania border. When townsfolk saw a bunch of luxury cars driving around with out-of-state license plates, they called the police. The police conducted surveillance on Barbara’s fifty-acre estate. The gangsters quickly got wise to the cops and scattered on foot into the woods around the house. The result: lots of muddy wingtips, and irrefutable evidence of a national organized-crime syndicate.
“The Apalachin Meeting” is celebrated in FBI mythology as the event that dragged this institution out of its long period of denial of organized crime. J. Edgar Hoover, who had spent years trying to keep FBI agents out of organized-crime investigations, could no longer keep his eyes closed. During the decade that followed, politicians such as Senator John McClellan and Attorney General Robert F. Kennedy attacked the problem in very public ways. Hearings of what was then the Senate’s Permanent Subcommittee on Investigations drew citizens’ attention to the effects of racketeering—a series of events that culminated, in 1970, with the passage of the Organized Crime Control Act, which included the Racketeer Influenced and Corrupt Organizations provision.
RICO created important new prosecutorial options. For the first time, the leaders of an organization could be held responsible for the crimes they had ordered others to commit. Each member of a group who participated in a pattern of racketeering activity could bear the full weight of responsibility for all the acts conducted by the organization. A conviction under RICO could carry stiff civil and criminal penalties, including up to twenty years in prison.
Now the FBI had a challenge: to develop a new model of investigation that would enable agents to take full advantage of the authority offered by the RICO statute. Criminal investigations are typically structured around proving the elements of a single criminal offense. RICO opened the door to prosecuting an entire organization. The enterprise theory was the structure by which agents learned to investigate whole organizations. Enterprise theory taught agents to identify new elements of a crime, to satisfy the new requirements of the statute, and to gather new forms of evidence. Through the lens of enterprise theory, agents could begin to see an organization as a whole, to understand the role and significance of each member, and to develop an understanding of the breadth of the group’s activity.
Like national-security investigations, enterprise investigations involve extensive intelligence collection. To prove the existence of a RICO enterprise, criminal investigators conduct surveillance, talk to witnesses, and target the group with human sources—the same techniques national-security investigators use to track a foreign adversary. While collecting this intelligence, enterprise investigators look for pieces of intelligence that can be used as evidence not only to prove the enterprise exists, but also to prove that members of the enterprise committed particular crimes.
The first major requirement of the RICO statute is to prove the existence of the enterprise that is the subject of investigation. The statute defines an enterprise as “any individual, partnership, corporation, association, or other legal entity, and any union or group of individuals associated in fact although not a legal entity.” If the subject of an investigation is a legal entity, proving its existence is easy. Many criminal enterprises, however, are not legal entities with a known public presence. Organized-crime families, narcotics-trafficking cartels, and terrorist groups usually don’t have articles of incorporation or signs above their offices. They don’t have departments of human resources or offer 401(k) plans. To satisfy RICO, the enterprise theory directs agents to collect association evidence: proof that people are associated with each other in a way that could qualify them as a criminal enterprise. Before the enterprise theory, if agents executed a search warrant at Mobster Sal’s house, they were likely looking for evidence that Sal himself had committed a crime—things like stolen property or narcotics. The enterprise theory made it just as important for agents to find pictures of Mobster Sal hanging out with Mobster Vinny. Those pictures proved the two were “associates.” Their association, or a larger one of which they are a part, may qualify as an enterprise under RICO. Association evidence takes many forms—bank records showing money transfers between individuals, joint names on legal documents such as contracts and leases, communication between subjects. Generally, any physical remnants of historic, legal, social, or other associations could help the investigators prove the existence of an enterprise.
In the case of a well-known organization, like the Genovese crime family, the FBI has extensive historical intelligence that makes a convincing case that the family functions as a criminal enterprise. This intelligence consists of years of interviews of witnesses and victims; informant and cooperator information; electronic intercepts of communications; evidence seized in prior Genovese cases; and records of previous convictions. In the case of new or previously unknown organizations, enterprise proof can be harder to find. This was a challenge for my squad in 1998, when we worked to prove the existence of the Gufield-Kutsenko Brigade as an organized criminal enterprise. While preparing to use the RICO statute against a Russian-organized-crime crew, we lacked historical intelligence or boilerplate language for the indictment to rely on. We used witness testimony to identify the members of the group at meetings where crimes took place. We used cooperator testimony about roles and responsibilities of the members of the group. We used audio recordings of Gufield, the enterprise leader, directing others to commit crimes. All this evidence painted a clear picture of a structured, hierarchical, criminal enterprise.
The second major RICO requirement is to prove that each member of the enterprise participated in a “pattern of racketeering activity.” Investigators must prove that each subject participated in two or more of the crimes that are specifically defined in the statute. These include numerous federal crimes such as bribery, counterfeiting, and fraud, as well as offenses that are typically prosecuted by the states, such as robbery, drug trafficking, and murder. Following the enterprise theory, agents examine the full scope of criminal activity associated with the entire enterprise from the inception of the investigation. By collecting this intelligence all along, agents develop a rich picture of criminal activity and later sort out which member participated in which crime.
Establishing that rich picture can be done historically or proactively. In a historical RICO case, agents look for intelligence about past activity. Witness testimony can offer powerful evidence of past criminal behavior. Victims, informants, former criminals who cooperate to avoid incarceration, or even police officers and detectives who responded to crime scenes can serve as witnesses. With that intelligence in hand, agents look for artifacts that help to prove the crime was committed by members of the enterprise. Bank records, police reports, telephone records, documents, emails, or recorded communications are all effective proof of past crimes. Historical enterprise cases are some of the hardest to make, and their agents are some of the most capable investigators in the FBI. Each piece of evidence is like a piece of a puzzle that, when complete, forms a picture from the past. The case against Baldassare “Baldo” Amato, a soldier in the Bonanno family, is one example of a historical RICO case. In 2006, to convict Amato of racketeering and two murders, FBI agents used cooperator testimony, documents, police records, and forensic evidence. At sentencing, U.S. District Court judge Nicholas G. Garaufis called Amato a “Mafia assassin” who “used murder as a business tactic.” Amato was sentenced to life in prison.
Proactive enterprise cases are focused on collecting evidence of an enterprise while criminals are still committing crimes. This means collecting intelligence and evidence in real time, from within the enterprise itself. One way to do this is through electronic surveillance. Electronic surveillance, or “technical collection,” enables the investigators to collect the content of communications between members of the group. This requires specific authorization from a federal court and can involve some of the most sensitive investigative tools available. The result is usually worth the effort. Recorded communications reveal the activities of an enterprise, the leadership structure that makes the gang work, and even the personalities of its members. My squad mates and I once overheard a Russian crew talking insistently about making sure “the boots were in the car.” We couldn’t understand why they were so focused on footwear. It was only after a slow-minded soldier told the boss that he had made sure there was one boot for each person that we realized they were not talking about boots—they were talking about guns. Unfortunately, criminal organizations, terrorist groups, and foreign spies now routinely utilize encrypted communication platforms that put the content of their conversations beyond the reach of law-enforcement and intelligence-agency surveillance.
Proactive cases can also be built on intelligence and evidence collected by someone who is a member of the group or has unique access to the enterprise—someone like Felix, the furniture-store owner. People with this kind of access are typically confidential informants (CIs), cooperating witnesses (CWs), or undercover employees (UCs). In the FBI, a confidential informant is someone who regularly provides information to the FBI but whose role as a source can never be revealed. Exposing the informant’s relationship with the FBI could place the source and his or her family in great danger. Protecting the identity of a confidential informant is one of an agent’s most sacred responsibilities. Some confidential informants provide information about the activity of an enterprise and its members for many years. One drawback of relying on a confidential informant is that the sensitivity of maintaining confidentiality means the source’s information cannot be used as evidence in court. It is purely intelligence.
A cooperating witness is someone who maintains informant-like access to an enterprise, but who also understands that he or she may one day be exposed as a government cooperator. Cooperating witnesses offer all the insights and intelligence of informants, but they are also available to take the stand and testify at trial. They are highly valuable for this dual role, and their testimony is often essential to convicting the leadership of a criminal enterprise. In some ways, this strength is also a weakness. Providing testimony usually signals the end of their career. Once they are publicly revealed as government cooperators, or “burned,” it becomes far too dangerous to have them continue to associate with their former criminal associates. Agents often have to relocate cooperating witnesses and their families to ensure they are not harmed.
The most sensitive and dangerous of all these efforts to penetrate a criminal enterprise comes when investigators attempt to insert one of their own into the group. Undercover employees can provide extraordinary insights into the working of an enterprise, and they can also steer conversations in order to obtain recorded statements on particular events. They are even able to alter the activities of a group to prevent acts of violence. During a trial, undercover employees provide powerful testimony. They offer both the access of an enterprise member and the credibility of a law-enforcement officer. Undercover employees are uniquely skilled and highly trained and require intense effort to support as they essentially live inside the criminal world. Their assignments are dangerous, incredibly stressful, and often crucial to the enterprise investigation.
Near the end of May 2018, the president falsely accused the FBI of having put a “spy” in his campaign and called for an investigation. The president’s allies began demanding that the so-called spy’s identity be unmasked. The FBI had, of course, not put anyone inside the campaign. A confidential informant with preexisting tangential ties to people associated with Trump’s political operation had provided information relating to specific national-security risks, in this case involving possible Russian influence in the conduct of a presidential campaign. Reading the news of President Trump’s demand to know details about the confidential informant, I wanted the leadership at Justice and the FBI to say, We will not provide any information. We are going to protect the people who work with us, period. In the end, the deputy attorney general, Rod Rosenstein, sought to defuse the situation by referring the matter to the inspector general and giving confidential briefings to key members of Congress. To prepare for such an important briefing, it would be customary both to review the raw intelligence of 302s from interviews with the confidential informant and to work with an analyst who processed that raw intelligence into a more finished briefing product. When the information was properly prepared and presented, after various people had taken the time to understand it, even some FBI critics on Capitol Hill realized—and publicly stated—that there was no issue here.
Not giving up your people: This is important. It is crucially important not only to the FBI but to the country’s safety and security. The ability to identify and develop relationships with human sources is oxygen to the FBI. The Bureau cannot live without that. It is the first step toward the activation of any of our other, more sophisticated investigative authorities. You do not get to search warrants, you don’t get to subpoenas, you don’t get to listen in on a subject’s communications through a FISA or Title III court order, without people telling you what they know. And if you can’t credibly tell them that you will protect and conceal their identity if they are willing to go out on a limb, if they are willing to risk their own and their families’ lives and welfare—if they can’t trust that you will protect them—then they will not cooperate with you.
Discretion allows the FBI to generate human sources. Human sources build the credibility of this institution. No other U.S. agency has a pool of human sources bigger than that of the FBI. That is the true strength of this organization: the ability of its agents to go out into any part of this country, sit down with people, and get information from them in a lawful, constitutionally protected way. A person who is willing to have an ongoing relationship of this kind with an agent is called an informant, or a source. Without those people, we’re sunk—as a law-enforcement agency and as a law-abiding society.
So—hypothetically—if the FBI finds out that someone who is definitely associated with a domestic political campaign has made a comment to a high-ranking government official from another country about possibly colluding with a foreign adversary in the course of that campaign, the FBI is obligated to look into that. The foreign counterintelligence implications of this information are obvious. The Bureau would be guilty of dereliction of duty if it did not open an investigation and look into the matter.
And the Bureau’s goal would be not only to find out who is responsible for working with the enemy, but also to protect the campaign from the foreign influence that might be seeping into what they are trying to do. No campaign in the U.S. would want that. And it could be illegal—the Federal Election Campaign Act strictly regulates the participation by foreign nationals in U.S. elections and specifically prohibits the provision of money or anything of value. The FBI would open an investigation to protect the people who are involved in that political activity from malicious foreign influence. We assume the campaign is operating under good faith. We assume innocence until proof of guilt. That is why, in this hypothetical situation, a case would be opened.
What would happen once that case was opened? Would agents go busting out and interviewing people willy-nilly? Would they publicly line up everybody in that campaign and ask, Did you talk to anyone from this foreign country? No, they wouldn’t want to do that. If they did, they would communicate to all the world the FBI’s investigative interest in this subject matter—which would have an indelibly deleterious effect on both the investigation and the campaign. The question of when to move from one stage of an investigation to another—when to move from collecting evidence to briefing any of the subjects involved—is a delicate one, involving consideration of many factors. Absent imminent threats to life and limb or the destruction of evidence, once a case is opened, agents conduct the investigation quietly and covertly.
What would agents do first? It could be a good idea to start out by talking with people who have a history with other people in the campaign. So agents might go to those people and say, What do you know about this person? And have you heard anything about that? And if, in talking to those people, agents came across someone who had exposure to and knowledge about this person or that issue, or was in a position to find out, agents might say to the person, See if they know anything about this or that, and let us know what they say.
That is the answer to a president who is worried about a nonexistent spy in his campaign and who demands that an informant be identified.