Until earlier this month, Marshall L. Miller was the Principal Associate Deputy Attorney General of the United States. In this role, he was a member of the Department of Justice senior leadership team and the principal counselor to the Deputy Attorney General. As PADAG, Miller worked to oversee all DOJ personnel and components, which include, among others, the 94 U.S. Attorneys’ Offices, the National Security Division, the Criminal Division, and the Department’s litigating components and law enforcement bureaus, including the Federal Bureau of Investigation.
Miller previously served as the Principal Deputy Assistant Attorney General in the Criminal Division, where he supervised over 600 federal prosecutors and many of DOJ’s most significant prosecutions. In that position, he oversaw, among other programs, the FCPA program, the Kleptocracy Initiative, the Office of International Affairs, and the Computer Crimes & Intellectual Property Section. Miller joined DOJ’s Criminal Division from the U.S. Attorney’s Office for the Eastern District of New York, where he served for 12 years, ultimately as Chief of the Office’s Criminal Division.
Outside of government service, Miller was a partner at Kaplan Hecker & Fink LLP and served as Chair of the White Collar Crime Committee of the New York City Bar Association. He earned his J.D. and B.A. from Yale University.
CTC: You were in New York on the day of 9/11, and just days later you were hard at work on the DOJ 9/11 investigation team. Talk us through that.
Miller: At the time the planes hit the World Trade Center, I was at work in Brooklyn, at the U.S. Attorney’s Office, and I got a call right away about the incidents—both from family and from law enforcement agents I worked with. Some prosecutors who were already at work gathered in our office, which at the time was in a tall building in Brooklyn Heights. And you could see from our building just across the river to the World Trade Center. It was close enough, sad to say, that we could actually see people jumping from the buildings, and it was something that seared into my memory.
It was a crazy day, of course, for everyone. It was hard to get in touch with anyone. It was hard to get home to the East Village where I was living at the time. And shortly thereafter, I was assigned to the response investigation. That was quite an atmosphere. Because the attack at the World Trade Center was so close to the FBI’s offices, and New York City’s emergency response center had been in the World Trade Center complex at the time, there was a need for space, and so the FBI converted a garage in Chelsea that they owned into an emergency command center from which the investigation took place. All the cars were moved out, and tables, computers, fax machines, monitors, and everything else you need to run an investigation were moved in on temporary tables into this garage space. We were running from the command center to court, getting subpoenas, writing search warrant affidavits, pen register applications, interviewing witnesses. We were running down particular leads on subjects of the investigations.
Meanwhile, I was also preparing for my wedding in New York City on September 22nd. All those wedding plans were scrambled. So, in between meetings and calls on al-Qa`ida and going to court, I was trying to help my wife find new venues and vendors for our wedding. And then in the midst of it, my wife’s grandmother died. You couldn’t get a flight. There were no flights as all planes were grounded. So we jumped in a car, drove straight to Chicago, went to her service, went to my in-laws and sat shiva for a couple hours, then got right back in the car and drove back to New York to get back to the investigation. It was a rather wild time. I basically worked up until like the last moment. Then I picked up the judge who was marrying us, who was a federal District Court judge in Brooklyn, and we drove up to the wedding in Central Park. The FDR [Drive] was completely shut down. And the U.S. Marshals really wanted to escort us—I think they thought we were up to some super-secret business, like we were going to go arraign some al-Qa`ida operative or something—on this empty highway that is the FDR. But the judge waved them off. I think we were the only car on the entire FDR driving up to Central Park. That was also something that any New Yorker would never forget—that eerie quiet ride on a highway that is one of the busiest probably in the world. Anyway, the wedding went forward. It was chaotic but exuberant. I think people were looking for something to celebrate, and that was essentially my introduction to terrorism prosecutions—running down 9/11 investigative leads during that crazy 11-day period.
CTC: In the years that followed 9/11, you prosecuted some of the highest-profile terrorism cases in the Eastern District of New York. Can you take us through some of the key cases and key takeaways for prosecuting terrorism cases?
Miller: Of course, terrorism had long been a matter of grave concern in New York and a significant threat in New York as well as in the United States, but the threat was dramatically heightened by the 9/11 attack. And we worked at the U.S. Attorney’s Office around the clock for many years with the Joint Terrorism Task Force led by the FBI to investigate and prosecute folks who were seeking to bring terror and destruction to New York and to the United States. They were challenging times from a prosecutor’s perspective. As you know so well, there had been a wall erected years before between intelligence activities and law enforcement work, and swiftly after 9/11, that wall was dismantled. And so, we needed to employ new processes to share information between the intelligence community and law enforcement—both directions—in ways that protected intelligence community sources and methods, but ensured that in our prosecutions we complied with due process and the constitutional protections that are hallmarks of our federal criminal justice system.
The other thing that was going on is we were moving from a traditional method of law enforcement and prosecution—which was to solve and then prosecute crimes, most of which had been completed or attempted—towards a new paradigm that was focused on preventing catastrophic attacks before they occurred. I’ll highlight some of the cases that I worked on that capture many of those issues.
The first one I worked on that went to trial was a case against an individual named Shahawar Matin Siraj. He had a co-conspirator named James Elshafay.1 They conspired to plant explosives in a subway station, the 34th Street subway station at Herald Square in Manhattan. That’s basically right next to Madison Square Garden. And they did so in the days leading up to the 2004 Republican National Convention. Siraj had been radicalized in part online and in part as a result of reports of atrocities at Abu Ghraib [prison in Iraq]. And he expressed deep hatred for America and began conspiring with Elshafay regarding various targets, primarily bridges or subways, to detonate an explosive device. Probably his scariest idea was to attack a subway on the Manhattan Bridge and blow it up as it crossed the bridge, with the goal of both attacking the subway and the riders thereon, but also taking down the bridge if possible. There was a tip from an undercover officer that led to the introduction of an informant, who then audiotaped many hours of conversation leading up to the arrest just days before the Republican National Convention and right after Siraj and his co-conspirator had essentially cased the 34th Street subway station looking for a location to plant an explosive device. They had honed in, likely because of the nearby Convention at Madison Square Garden, on that subway station as the ultimate target.
There was a lengthy pretrial process after the arrests. Then a conviction after trial for Siraj. Elshafay, the co-conspirator, had flipped and become a government witness, pled guilty, and testified against Siraj—as did the informant and, ultimately, the undercover officer as well.
I think the case shows a few things: one, the importance of stopping an attack before it happens; two, the importance of using undercover officers and informants to identify upcoming activities before they occur and then secure the hard evidence that you need to bring a prosecution, like the recordings that I mentioned.
There were folks at the time who thought it was unlikely that law enforcement would be able to flip people who had become sufficiently radicalized that they wanted to engage in suicide-type attacks. That those folks were so committed to their cause that they would never become a cooperating witness for the government. And I think Elshafay was an early example of our quickly being able to turn somebody who’d been radicalized to the point of wanting to commit an attack like that, to being willing to both provide intelligence about how the activity came about and then also testify against their former co-conspirator, which was important in some of the cases I’ll talk about that came later.
The next big one was a case against a group led by an individual named Russell Defreitas.2 He was a former JFK Airport employee, and he and a number of like-minded Islamist radicals decided they wanted to plant explosives at JFK Airport using the insider knowledge that Defreitas had from his time working there. And they ultimately honed in on the idea of attacking the fuel depots at JFK Airport with explosives. The defendants had wanted to execute an attack that would be comparable to—if not surpass—9/11. Knowing that they had certain levels of expertise, like inside information about the airport, but not others, like how to put together and obtain the necessary parts for explosives that would create that kind of fire-bomb type attack that would detonate the fuel depots, they went searching for folks with that expertise around the Caribbean and South America, the country of Guyana, which was where Defreitas was from. They looked to find experts, and their first source was going to be al-Qa`ida. Then they looked to the Trinidadian terrorist group Jamaat al Muslimeen, and ultimately, they honed in on trying to present the plot/plan to the IRGC.
They were arrested before the attack took place. Again, an informant was able to infiltrate, after a tip that came in got the FBI focused on Defreitas. An informant successfully infiltrated the plot and again recorded many hours of conspiratorial planning. He did so both in the United States and overseas in Guyana and in Trinidad. Ultimately, five folks were convicted—three after trial. We flipped, again, one of the defendants who was involved in the plotting and were able to bring him to the United States to testify and to plead guilty. Three others were extradited from Trinidad, and one, Defreitas, was arrested in the United States. At the trials, two of the defendants testified but all were convicted. All three of the folks who went to trial, who were really in many ways the leaders of the plot, including Defreitas, were sentenced to life in prison.
One thing that I think was particularly interesting about this one was the great cooperation among the intelligence community and law enforcement agencies, as well as our foreign partners. And because we were able to infiltrate the plot with the informant, he was actually able to travel with the co-conspirators as they went around the Caribbean identifying terrorist groups and individuals who might be interested in plotting against the United States. So, it was almost like a guided tour of radical Islam in the Caribbean and the northern region of South America, which advanced the intelligence community’s interests while we secured the evidence to bring a federal criminal prosecution.
The last one I’ll talk about was the Zazi case. At this point, I was in a leadership role, so those first two cases were really my cases. This one I oversaw but was not the lead prosecutor on: The case of Najibullah Zazi, Adis Medunjanin, and Zarein Ahmedzay.3 These were Queens residents who attempted to travel to Afghanistan back in 2008 to join al-Qa`ida. But ultimately they were trained in weapons and weapons use and other terrorist tools of the trade by al-Qa`ida leaders in Pakistan. Their plan initially was to go over and fight jihad overseas, but they were redirected by al-Qa`ida, because they were U.S.-based and U.S. citizens, to come back to the United States, return to New York City, and plan suicide bombings there. They ultimately settled on a New York City subway target in September 2009.
Importantly, we got started on this one based on FISA Section 702 collection. There was collection going on against an e-mail address that was being used by an al-Qa`ida courier in Pakistan, and the IC was able to intercept a coded communication sent to that address by an individual in the United States. So everything I just described before we didn’t know at the time. The first thing we learned was about this e-mail. And despite the code, it was quite clear that the U.S.-based individual was urgently seeking advice regarding how to make explosive devices. So that kicked EDNY [Eastern District of New York] prosecutors and FBI JTTF agents and officers into high gear, as you might imagine, and we were able to quickly identify the U.S.-based individual as Najibullah Zazi. But there was no evidence yet. We knew who he was, but we had to do an urgent round-the-clock investigation to develop the evidence to be able to take him into custody and thwart the plot. And so that’s what happened. Agents, prosecutors in New York and around the country—Zazi at the time was out in Colorado—were working feverishly to develop that evidence and were able to do so such that we were able to make the arrests in advance of their imminent plans to detonate explosives on subway lines leading into Manhattan.
Without that initial intelligence community interception and some very, very good and fast law enforcement work, I think the view of everyone involved in the case was the subway bombing plot would likely have succeeded. They had the materials they needed. They knew how to convert them into explosive devices. And they were in the process of putting those explosives together. They’d obtained the backpacks they were going to wear. They were on the cusp of taking action, and indeed, when the arrests took place, Adis Medunjanin, rather than pulling his car over as he was being pulled over by law enforcement, attempted to use his car to commit a jihad attack on the expressway where he was arrested, shouting al-Qa`ida slogans and driving it into oncoming traffic. At the time, Lisa Monaco, my boss who is now the Deputy Attorney General, was the assistant attorney general for national security, called it one of the most serious terrorist plots against the homeland since 9/11.4
A few takeaways from this one: One thing that was particularly interesting here is we were able to secure critical intelligence as well as some cooperation from a couple of the arrestees. So that was another unexpected element: the use of federal prosecution as one of the tools in the toolbox of the joint intelligence community and law enforcement effort to prevent, deter, and disrupt terrorist activity—the ability of federal law enforcement to arrest people, take them away from the influences that were radicalizing them, isolate them, and subject them to charges that could carry life imprisonment. Actually, these were the same tools that we’ve used historically in mob cases and in violent gang cases and they’re actually effective also in terrorism cases. And then we were able to generate intelligence that itself was actionable by the intelligence community overseas, so it wasn’t just the intelligence community feeding law enforcement information they’ve developed overseas for action in the homeland. It was law enforcement being able to develop intelligence that we could feed back to the intelligence community and DoD and others for their use abroad, creating a very effective circle of effort.
The other thing that jumps to my mind about this case was the critical work done by the intelligence community working with law enforcement both to identify that communication, to immediately get it for action to law enforcement, and then law enforcement being able to work with federal and state and local partners all pulling together in emergency style to very, very quickly be able to secure the evidence we needed to arrest the defendants and thwart the plot. It showed the strength of the criminal justice system not just to bring terrorists to justice but also as one of the tools in the overall counterterrorism toolbox for disruption, deterrence, and gathering additional intelligence to prevent attacks.
CTC: Fast forward to your current role in the Department of Justice, and you oversee essentially the day-to-day running of the entire department. What have been the biggest counterterrorism challenges and the biggest counterterrorism successes during the time you’ve been in your most recent position?
Miller: It’s a very different environment now. All of the work that we were doing back in the 2000s and early 2010s that I was just describing in New York—and was also happening in other parts of the country—that all became part of muscle memory. What seemed to be brand new at that time where we were constructing new protocols and paradigms became the established methods of doing business. Meanwhile, the counterterrorism landscape has grown more complex and shifted. The threat environment has been described by everybody from the Director of National Intelligence to the head of the FBI as supercharged right now, particularly after October 7th and then exacerbated by powerful emerging technologies, like artificial intelligence. The threats are more varied than we’ve ever seen before—from both state and non-state actors, and foreign terrorist organizations operating overseas. That’s not entirely new. But the explosion of homegrown extremism that is both FTO-inspired but also homegrown and at times domestic in nature, creates just a very diverse set of threat actors.
In terms of successes, we’ve continued to grow and modernize our counterterrorism strategy. And it’s becoming just a lot more mature. And I’m particularly thinking of our implementation of a true whole-of-government approach, where the Department is part of an interagency team that leverages information from the intelligence community, coordinates effectively and efficiently, with not just all the federal law enforcement agencies, but state and local partners, as well as foreign partners, and uses all of our tools—arrest and prosecution obviously are important from DOJ’s perspective, but also some of our search and seizure capabilities, our remote search and seizure capabilities. Then we add those tools to the overall government toolbox, including intelligence and defense capabilities, sanctions, all of the different tools that are available to us to disrupt and prevent potential terrorist attacks before they happen.
And we’ve been able to use these tools most recently on CT cases of all types: from the case we brought after the October 7th, 2023, attack by Hamas on Israel against senior leadership of the group, charging them with terrorism crimes and murder conspiracy based on their orchestration of that attack.5 Then take the January 6th attack on the Capitol, where we’ve now successfully prosecuted and convicted over 1,000 individuals that were involved in different ways in that attack. And you can see just the breadth from one to the other, one completely extraterritorial and one at the heart of our nation’s capital, with completely different inspirations for that activity. You can see the breadth of what we’re dealing with.
CTC: What is your assessment of the terrorism threats today in the United States across the ideological spectrum, which you touched on a little bit, but if you could delve into what those threats are and maybe which concern you the most?
Miller: As I’ve already noted there are just more threats than we’ve ever seen before. And that’s even more true after October 7th. We’ve seen groups trying to radicalize through capitalizing on October 7th and its aftermath. We’ve seen individuals self-radicalized and inspired by what they’re seeing online and in other media about October 7th and its aftermath. Hamas, Hezbollah, the Houthis, and other groups in the region have been engaging in all forms of attacks overseas, targeting U.S. interests as well as Israeli and other interests. I’m speaking initially about the Houthis and their attacks on shipping, but we’ve also seen activities from other groups aimed at U.S. forces overseas and interests overseas. Of course, we’re all seeing the reporting on Syria, which could go in lots of different directions, but certainly has the potential and likelihood of adding to regional instability. And it’s a cauldron essentially of different ideologies and threats.
We’ve seen state actors—now I’m thinking more about targeting the homeland—we’ve seen state actors that are supporting and working through cutouts to target the United States. We’ve seen lone actor extremists; there’s quite easy access to high-powered weaponry—not only explosives and the devices that can be created, but also things like Glock switches and other machine gun conversion devices, as well as guns, that can be manufactured with a 3D printer without a whole lot of expertise. So, there’s a lot of access to very dangerous weaponry, and we’ve been very focused as a Department on trying to combat machine gun conversion devices and those kinds of weapons.6 Emerging technologies, of course, make all types of criminal and terrorist actors potentially more effective.
The threats are not only coming from abroad or from inspiration from abroad. We also have domestic terrorism and homegrown violent extremists. And the current ideological divide in our country also creates an environment that is amenable to radicalization. So, there’s a lot of different terrorism threats that we’re addressing on any day of the week, and it’s important that we continue as a government to deploy the strategies that have been working. It’s so important to address those threats and keep up with those threats because you can’t rest on your laurels in this business. You have to be attuned to what the current threats are. You have to be building on what I think is a successful paradigm and model—through the Joint Terrorism Task Forces, through our work with the intelligence community, the military, state, and local and foreign partners, and all of that coordination—to really significantly upgrade our domestic terrorism capabilities.
CTC: To go big picture here, obviously as we end 2024, counterterrorism is just one of many national security priorities rather than the dominant priority as it was not so long ago. What’s your view of the current balance of resources in the United States going into counterterrorism versus other national security challenges? And how can the United States devote sufficient attention to both?
Miller: I mentioned the dynamic threat landscape, and I think the FBI director captured it well back in June of this year when he talked about how hard it would be to think of a time when so many different threats to the public safety and national security were elevated all at once.7 And as you said, that dynamic threat landscape does include other national security threats—many other national security threats—besides counterterrorism.
We see nation-states taking on just a much more diverse set of dangerous activities than they did in the past. In the past, going back some years, it was largely espionage. Then it grew into cybercrime and cyber efforts to gather intelligence and infiltrate. Now, we also see foreign malign influence efforts; lethal plotting against U.S. interests overseas and here in the United States; transnational repression by foreign nation-states against folks around the world, but in the United States as well; election interference efforts, and the stealing of disruptive technologies and critical data—just to name a few of the different threat vectors we see in today’s world.
So, all of that does need its own set of resources dedicated to them, to those activities, and attention from DOJ and other agency leadership. At the same time, it’s critically important to national security that we maintain our attention to counterterrorism. And that means continued resourcing, that means the foot has to stay on the gas and not drift over towards the brakes when it comes to counterterrorism. We have to be prepared, and I think we are. We have to maintain a whole-of-government effort. We have to use all the tools at our disposal. And I do think that we’ve been able to do that; we’ve been able to thwart attacks before they happen, bring charges against and incapacitate would-be terrorists through the criminal justice system, as well as using our many other tools, working with our interagency colleagues.
CTC: You mentioned how the events of October 2023 with the Hamas attack on Israel changed the terrorism landscape in a number of different ways. With that, there has been a surge in interest and concern about the Iran threat network. Based on information available to the Department of Justice, what is your assessment of the current threat to the United States—both here in the homeland and overseas—posed by Hamas and Hezbollah?
Miller: It’s a great question, and I think it’s shifting by the day. Of course, the October 2023 Hamas attack and the long-term relationship between Iran and both Hamas and Hezbollah have presented an ongoing set of risks for many years. That set of risks has only increased in the wake of the October 2023 attack. The bubbling cauldron of threats caused in many ways by Iran and its proxies is almost at the boiling-over stage. We’ve taken a number of actions to address that. As I mentioned, in the wake of the atrocities of October 7th, we’ve charged Hamas senior leadership with a series of crimes associated with that attack and, going back over many years, other attacks and conspiracies targeting Americans and the United States. We have other active, ongoing investigations regarding Hamas. We see, of course, the Houthis firing at Western ships in the Red Sea, including U.S. ships; Iran engaging in a whole array of activities that target America and Americans; we’ve seen and charged a series of cases that allege lethal plotting by IRGC individuals and their proxies to target Iranian dissidents and current and former United States officials. And I think our series of prosecutions and indictments in this regard lay out just how active that threat stream is. We’ve seen foreign malign influence efforts, cyber activities including the IRGC’s hacking of the president-elect’s campaign, and we indicted a number of subjects there in connection with that case.8 I think the Attorney General captured it quite well when he said that there are few actors in the world that pose as grave a threat to our national security as does Iran.
I mentioned it’s changing daily: To be sure, the developments in Syria and the region both create additional instability. They also show that Iran and Hezbollah have been somewhat weakened by the activity since October 7th in the region. Hezbollah, which serves in many ways as Iran’s most significant proxy, has been particularly decimated. And I think Iran’s limited capacity to project more conventional military might has been exposed. But all of that doesn’t make it less dangerous for the United States; it just shifts the different kinds of activities that we are likely to see Iran and its proxies and cutouts engage in. So, it requires us to continue to work closely with our law enforcement partners and the intelligence community to address the threats. We need to ensure that we’re looking at Iran and the threats it poses not just as a counterterrorism matter, but also in terms of their transnational repression, their lethal plotting, their cyber activity.
We’ve engaged in a whole bunch of innovative efforts working with interagency partners in that area, ranging from our Task Force KleptoCapture work,9 originally targeted at Russia, but also in terms of innovative uses of our forfeiture capabilities towards Iran. Our Disruptive Technology Strike Force, which goes after those who would send dangerous technologies to dangerous nation-state actors like Iran,10 our Foreign Influence Task Force, our Election Threats Task Force—all of these are ways that we can protect American interests, protect American democracy. And they are important additions to our overall national security apparatus. I shouldn’t leave out our cyber and crypto enforcement initiatives because those are critical also to taking away the capabilities of Iran and our other nation-state adversaries.
CTC: From a prosecutorial point of view, how are prosecutions of terrorism cases with state actor connections—Iran, for example—different from jihadi inspired cases, that we’ve seen more predominantly over the years?
Miller: I would say they’re more similar than different, is where I would start. We use a lot of the same techniques and tools to bring those prosecutions. We use a lot of the same statutes. We use the same JTTF-led approach, the same whole-of-government, all-tools paradigm. The involvement of state actors can have implications for certain uses of those techniques, so there’s often added need for CIPA [Classified Information Procedures Act] litigation to protect classified information. Of course, the intelligence community has lots of holdings that relate to state actors, as you would expect, and it’s important—as it is in every one of these cases—to protect their sources, their methods, and their critically important classified information. But that can be at an elevated level in the state-actor prosecution situation. Often in these cases, there are also diplomatic and international relations issues that aren’t necessarily present in non-state actor cases that require close coordination with interagency partners so that we can pursue the prosecutorial strategies that will be most effective, but do so in a manner that’s sensitive to, and doesn’t unnecessarily invade, those diplomatic and international equities. That requires particularly close coordination with interagency partners. I’d also say that some of these state actor cases present blended threat issues, where there are state actors who are using non-state actors to engage in the activities. The blending of the threat often means that these cases involve both state actors and what we would normally think of as non-state actors working in conjunction with each other.
CTC: In June, we saw the arrest and indictment of eight Tajiks on suspicion of terrorism and ties to the Islamic State. The New York Times reported that “heightened concerns about a potential attack in at least one location triggered the arrest of all eight men … on immigration charges.”11 What can you discuss about this episode and the potential threat that they posed? What’s the status of these cases, and what do these cases reveal about the current state of the Islamist terror threat to the United States?
Miller: I’m happy to talk about that case and also a couple of others that I think capture the current state of the threat in terms of cases that have been brought publicly. Starting with the Tajiks who were arrested back in the summer, as has been publicly revealed, there were eight Tajik nationals who illegally crossed over the southern border, the majority of them clustering in and around Philadelphia. After they came into the country, we were able as a government to identify derogatory information, including potential links to ISIS, associated with those eight Tajiks, and so we engaged in what we always do, which is identifying the most effective tool to disrupt and deter potential attacks. We did see some indications of potential nascent plotting. So, the easiest and swiftest and most effective tool at our disposal there was to leverage immigration authorities that the Department of Homeland Security has in its toolbox. All eight Tajiks were arrested through impressive coordination across the country.
And I think again what this example again shows is the need to be nimble and flexible and use the available tools that are out there. The cases are being pursued in immigration court proceedings where we have recently updated our procedures for the use of classified information in such proceedings. Up until recently, the approach was to use classified information in immigration proceedings—quite differently from federal criminal prosecutorial proceedings—only as a last resort. And in assessing and trying to ensure that all tools are as effective as possible, we determined that leaving that to a last resort was a matter of policy, not of law, and that it wasn’t good policy. And so, we’ve now worked with our DHS colleagues and the immigration court system to ensure that we have updated and fit-for-use procedures to enable the use of classified information in immigration proceedings.
Going back to the cases themselves, DOJ prosecutors, working with DHS immigration attorneys, have ensured that the best evidence, whether classified or unclassified, was effectively presented in immigration court to ensure the detention and removal of those Tajiks. And the current status is that all of their claims to stay in the country have been denied. All of them have been detained. All of them now have been ordered removed from the United States, and five of the eight already have been removed. So, I think what it shows is the attention that we’re paying as a government to the ongoing threat landscape, and our ability to be swift and nimble to take threat actors off the board via whatever the most effective technique is. And I think it is one illustration of today’s threat environment.
But it’s a varied environment, as I mentioned. I’ll describe a few cases where we’re taking federal prosecutorial approaches, as opposed to immigration enforcement actions. So, I’m thinking now about the [Nasir Ahmad] Tawhedi case in Oklahoma City where we charged a citizen of Afghanistan who was residing in Oklahoma with conspiring to conduct an Election Day terrorist attack in the United States. [We] charged that one back in October.12
Then there is the [Alexander Scott] Mercurio case: This is an 18-year-old individual in Idaho who was radicalized and attempted to provide material support and resources to ISIS by committing an attack on its behalf in Coeur d’Alene, Idaho, back in April.13
And there’s also the [Muhammad Shahzeb] Khan case:14 This is a Pakistani national who resided in Canada, who was arrested by our Canadian colleagues as he tried to cross the border to attack a Jewish community center in New York. So, three examples of very different individuals who were radicalized in different ways, but looking to engage in ISIS-inspired attacks in the homeland here in the United States, and who are all now in custody either in the United States or in Canada with criminal charges pending.
CTC: A new administration is about to take office, and given your lengthy career Department of Justice, what would be your advice to those who will run the CT mission at DOJ?
Miller: I think the number-one piece of advice would be that prevention and disruption always have to remain the top priority. And in order to achieve prevention and disruption, we need to double down on what has been working and continually modernize and calibrate to meet the varied threats. There is a system, a protocol, a paradigm that works; it involves coordination and information sharing and intelligence gathering from all sources—both in the intelligence community, of course, but also law enforcement and the Department of Defense.
We need to use all tools to deter, disrupt, and take down, and our tools have to develop with technology, just as the threat develops with technology. We need to keep skating to where the puck is going and not where it’s been, and you need every member of the interagency team to succeed.
As for a second piece of advice, it’s to check preconceived notions or ideologies at the door of the SCIF. I think where I’ve seen things go wrong, sometimes it’s because folks have a worldview that one tool might be better than another, that one technique might be better than another, and they then try to force the proverbial square peg into the round hole. That’s not what this threat matrix requires. What it requires is understanding deeply all of the different tools that are available and bringing them all to bear and using the one that is most effective to meet the particular problem.
For the Tajik case we just discussed what made sense to disrupt and deter the threat was bringing our immigration tools to bear. In the ISIS-inspired cases that I mentioned, it was bringing federal criminal prosecution tools to bear. In the Khan matter, of course, also our international partnerships, which were so effective with the Canadians taking the initial law enforcement action at our request. But you could go back to the older cases, too, that I mentioned that I personally prosecuted and supervised back in New York in the 2000s and 2010s. Again, the key thing is figuring out what is the most effective tool for the particular threat activity and using it in conjunction with all of our intelligence community, state and local and foreign partners, as well as law enforcement at the federal level, all the agencies. CTC
Citations
[1] Editor’s Note: See “Shahawar Matin Siraj Sentenced to Thirty Years of Imprisonment for Conspiring to Place Explosives at the 34th Street Subway Station,” U.S. Attorney’s Office, Eastern District of New York, January 8, 2007.
[2] Editor’s Note: “Russell Defreitas Sentenced to Life in Prison for Conspiring to Commit Terrorist Attack at JFK Airport,” U.S. Attorney’s Office, Eastern District of New York, February 17, 2011.
[3] Editor’s Note: See “Al Qaeda Operative Convicted by Jury in One of the Most Serious Terrorist Plots Against America since 9/11,” U.S. Department of Justice, May 1, 2012.
[4] Editor’s Note: See Ibid.
[5] Editor’s Note: See “Justice Department Announces Terrorism Charges Against Senior Leaders of Hamas,” U.S. Department of Justice, September 3, 2024.
[6] Editor’s Note: “Deputy Attorney General Lisa Monaco Delivers Remarks on Combating the Production of Unlawful Machinegun Conversion Devices,” U.S. Department of Justice, September 6, 2024.
[7] Editor’s Note: See “Director Wray’s Opening Statement to the Senate Appropriations Committee Subcommittee on Commerce, Justice, Science, and Related Agencies,” Federal Bureau of Investigation, June 4, 2024.
[8] Editor’s Note: See “Three IRGC Cyber Actors Indicted for ‘Hack-and-Leak’ Operation Designed to Influence the 2024 U.S. Presidential Election,” U.S. Department of Justice, September 27, 2024.
[9] Editor’s Note: See “Attorney General Merrick B. Garland Announces Launch of Task Force KleptoCapture,” U.S. Department of Justice, March 2, 2022.
[10] Editor’s Note: “Justice and Commerce Departments Announce Creation of Disruptive Technology Strike Force,” U.S. Department of Justice, February 16, 2023.
[11] See Adam Goldman, Eric Schmitt, and Hamed Aleaziz, “The Southern Border, Terrorism Fears and the Arrests of 8 Tajik Men,” New York Times, June 25, 2024.
[12] Editor’s Note: See “Afghan National Arrested for Plotting an Election Day Terrorist Attack in the Name of ISIS,” U.S. Department of Justice, October 8, 2024.
[13] Editor’s Note: See “Idaho Man Arrested for Attempting to Provide Material Support to ISIS,” U.S. Department of Justice, April 8, 2024.
[14] Editor’s Note: See “Pakistani National Charged for Plotting Terrorist Attack in New York City in Support of ISIS,” U.S. Department of Justice, September 6, 2024.
