What Is the Disposition Matrix?

In October 2012, reporting revealed that the Obama administration had spent two years secretly building what officials called the “disposition matrix” — a next-generation database designed to institutionalize and expand the government’s extrajudicial assassination program. Unlike earlier kill lists maintained by individual agencies, this centralized system cataloged terrorism suspects alongside a detailed accounting of every resource marshaled to track them, from sealed indictments to covert operations abroad.

According to the reporting, the database was engineered to go well beyond the reach of existing drone strike lists. It mapped out long-term plans for the “disposition” of suspects who operated in areas where unmanned aerial vehicles could not easily reach. Senior officials acknowledged that they expected the program to continue expanding for at least another decade, with some stating that no clear end was in sight given the ongoing spread of al-Qaeda affiliates.

The NCTC: Architect of the Kill List Database

The disposition matrix was developed by the National Counterterrorism Center (NCTC), led at the time by director Michael Leiter. The NCTC was tasked with merging and augmenting the separate but overlapping kill lists maintained by various intelligence and military agencies into one unified targeting framework.

On the surface, assigning this responsibility to the NCTC might seem logical — after all, counterterrorism is in the name. But a closer look at what the NCTC actually does raises far more troubling questions about the scope and implications of its involvement.

Massive Domestic Data Collection Powers

Civil liberties organizations had already raised alarms about the NCTC’s sprawling data collection operations. The center maintained access to enormous volumes of information about ordinary people in the United States — data points numbering in the trillions. This included records from law enforcement investigations, health records, employment histories, travel logs, and student files. Virtually any data held by a federal agency was accessible to the NCTC, often with little input from the agency that originally collected it.

Beyond government records, the NCTC could also incorporate commercial data purchased from large data aggregation firms that track consumer behavior, online activity, and financial transactions. The result was a surveillance apparatus of extraordinary breadth, one that touched the lives of millions of Americans who had no connection to terrorism whatsoever.

Policy Changes That Expanded Retention and Sharing

Prior to 2012, NCTC guidelines required that data about U.S. persons unrelated to terrorism be purged within 180 days of collection — and such data was not supposed to be gathered in the first place. However, the Obama administration approved significant changes to these rules. Non-terrorism-related data on American citizens could now be stored for up to five years, and in some cases indefinitely if officials determined it was warranted.

The revised guidelines also authorized expansive new search capabilities. As long as the NCTC stated that a query was aimed at identifying terrorism-related information, analysts could run searches involving non-terrorism data points and conduct pattern-based analysis — commonly known as data mining. This meant that any interaction a citizen had with a government agency could effectively place them in a lineup as a potential terrorism suspect.

The National Academy of Sciences had concluded as early as 2008 that data mining for terrorism identification was scientifically unfeasible and carried significant risks to privacy and civil liberties. Despite this finding, the practice was expanded rather than curtailed.

Virtually Unlimited Information Sharing

Perhaps the most alarming aspect of the revised NCTC guidelines was the breadth of information sharing they permitted. Once data was collected — whether or not it had any connection to terrorism — it could be disseminated to federal, state, local, tribal, foreign, or international entities. It could even be shared with private individuals or non-governmental organizations.

The justifications for sharing were broad enough to encompass disclosures related to national security, public safety, drug investigations, evidence of criminal activity, or the vetting of sources and informants. In practice, this meant that information the NCTC gathered about a person could potentially be passed to an employer, a landlord, or local police — all with minimal oversight or accountability.

Connecting Surveillance to Targeted Killing

When these two programs are examined together, the implications become deeply concerning. The same agency responsible for collecting vast quantities of personal data on millions of Americans — storing it for years and mining it with discredited analytical techniques — was also the agency charged with building and maintaining the government’s institutionalized assassination framework.

The Obama administration had publicly asserted that its authority to carry out extrajudicial killings extended to U.S. citizens as well as foreign nationals, without the requirement of due process. The convergence of mass domestic surveillance capabilities with a formalized targeted killing program raised fundamental questions about the boundaries of government power and the protections afforded to citizens.

How these two operations interacted — whether data collected on Americans fed into targeting decisions, and what safeguards existed to prevent abuse — remained largely unanswered. Government transparency on the matter was minimal, and civil liberties advocates expressed little confidence that forthright disclosures would be forthcoming.