The Issues Thomas Drake and Others Whistleblew On Remain Urgent

/in , /by

I’ve been looking at one of the Siobhan Gorman articles that accused whistleblower Thomas Drake served as a source for. I’ll have more later, but I wanted to point out one main thrust of the story: the NSA had no way of measuring efficacy and controlling costs.

At the NSA, and throughout the government, the Sept. 11 attacks created a crisis atmosphere. Congress responded by pouring money into anti-terrorism efforts, while intelligence agencies scrambled to put new programs in place – often without the planning and oversight needed to succeed, intelligence professionals said.

At an agency-wide meeting at the NSA not long after the Sept. 11 attacks, Michael V. Hayden, then the NSA director, announced a $1 billion budget increase.

But the top-secret agency, based at Fort Meade between Baltimore and Washington, has no mechanism to systematically assess whether it is spending its money effectively and getting what it has paid for, NSA veterans said. One former employee likened it to a neighborhood with no police to enforce the traffic laws.

While this is not necessarily the core of what–per Jane Mayer–the government is prosecuting Drake for, it’s important for this reason. The NSA has been claiming–falsely–to have fixed its clusterfuck accounting system.

In June 2009, the Director of NSA wrote to the Chairman and Vice Chairman, claiming that the NSA was now ―fully compliant with the laws, regulations, and manuals referenced in the U.S. Army Finance Command report and the Federal Financial Managers Integrity Act. The NSA Director‘s letter also stated that the NSA had been able to reconcile its fiscal year 2008 financial records. In July 2009, the Chairman and Vice Chairman wrote to the Secretary of Defense concerning the NSA Director‘s letter. They stated that in light of the NSA‘s past difficulties in producing auditable financial statements, the Committee believed the progress claimed by the NSA should be independently confirmed by the DoD Inspector General. Specifically, the letter requested that the DoD IG conduct a form and content review of the NSA‘s fiscal year 2009 financial statements to determine whether they were supported by reliable and accounting data and supporting information.

The Committee received the results of the DoD IG‘s review in November 2009, which was very critical of NSA‘s claims. Overall, the IG found that the NSA‘s financial statements were not adequately supported by reliable accounting data and supporting information. An even more disturbing finding was that the NSA‘s ―remediation plans do not fully address audit impediments. Specific findings included an inability to reconcile critical general ledger balances, failure to perform required accounting processes, and inconsistencies between the information contained in the notes to the financial statements and the information provided to the IG. The IG‘s findings raised serious questions about the assertions made by the NSA Director in his June 2009 letter and the support he is receiving from the administrative staff involved. [my emphasis]

This is just one reason why the government’s prosecution of Thomas Drake is so outrageous. While his charges pertain to the way in which contracts get picked (rather than to the accounting clusterfuck itself), the prosecution of him–effectively, if Mayer is right, because he refused to falsely claim close allies sourced the illegal wiretap story–serves primarily to intimidate whistleblowers.

It took intelligence oversight committees seven years to prove that NSA wasn’t fixing problems first exposed eight years ago. Yet people were trying–in 2006–to expose the ongoing problems.

And yet the most transparent President seems to be doing everything he can to make sure no one makes similar efforts in the future.

Thomas Drake: The Unclassified Documents the Government Wants to Claim Were Classified

/in /by

Jane Mayer, who did such crucial work showing how the Bush Administration chose torture in preference to a more effective, legal interrogation approach, now does similar work explaining that a similar choice of an illegal and ineffective approach over a legal one lies behind the Thomas Drake leak.

As she describes–relying largely on interviews with Thomas Drake, former Congressional staffer Diane Roark, and others with ties to the issue–that Drake and others were targeted because they championed a program called ThinThread over the expensive and ineffective SAIC version, Trailblazer. Both were data mining programs, but ThinThread automatically encrypted US person data. Trailerblazer did not, probably deliberately so. Between championing the wrong (but probably more effective) program, and submitting an Inspector General’s complaint about Trailblazer in 2002, Drake, Roark, and the others were targeted as potential leakers of the warrantless wiretap program.

Ultimately, in an effort to pressure Drake to testify falsely against they others and using evidence collected ostensibly in search of leads on the warrantless wiretap case, they cobbled together a charge based on five documents of disputed classification.

For four months, Drake continued coöperating. He admitted that he had given Gorman information that he had cut and pasted from secret documents, but stressed that he had not included anything classified. He acknowledged sending Gorman hundreds of e-mails. Then, in April, 2008, the F.B.I. told him that someone important wanted to meet with him, at a secure building in Calverton, Maryland. Drake agreed to the appointment. Soon after he showed up, he says, Steven Tyrrell, the prosecutor, walked in and told him, “You’re screwed, Mr. Drake. We have enough evidence to put you away for most of the rest of your natural life.”

Prosecutors informed Drake that they had found classified documents in the boxes in his basement—the indictment cites three—and discovered two more in his e-mail archive. They also accused him of shredding other documents, and of deleting e-mails in the months before he was raided, in an attempt to obstruct justice. Further, they said that he had lied when he told federal agents that he hadn’t given Gorman classified information.

“They had made me into an enemy of the state just by saying I was,” Drake says. The boxes in his basement contained copies of some of the less sensitive material that he had procured for the Inspector General’s Trailblazer investigation. The Inspector General’s Web site directs complainants to keep copies. Drake says that if the boxes did, in fact, contain classified documents he didn’t realize it. (The indictment emphasizes that he “willfully” retained documents.) The two documents that the government says it extracted from his e-mail archive were even less sensitive, Drake says. Both pertained to a successor to Trailblazer, code-named Turbulence. One document listed a schedule of meetings about Turbulence. It was marked “unclassified/for official use only” and posted on the N.S.A.’s internal Web site. The government has since argued that the schedule should have been classified, and that Drake should have known this. The other document, which touted the success of Turbulence, was officially declassified in July, 2010, three months after Drake was indicted.

In other words, after targeting Drake in the warrantless wiretap leak but not having any evidence to make a case, they charged him with espionage for having followed protocol on submitting an Inspector General complaint and keeping one email marked unclassified and another that has since been declassified. For that they want to send him to prison for 35 years.

As I laid out the other day, the government is claiming it can treat the parts of these five documents that even its expert has determined to be unclassified as they would treat classified information in CIPA.

In other words, it seems the defense planned to (and did not object to the evidence in the binder based on that plan) to cross-examine [the government’s expert] on the substance of her decisions about what was and was not classified in the documents Drake is alleged to have illegally retained and copied. It goes to the heart of the case against Drake. But the government wants to hinder the defense efforts by making sure that even things Murray decided were unclassified can’t be revealed in raw form to the jury.

And of course, as Drake points out in his interview with Mayer, the bigger thing the government is trying to hide is the cheaper, more effective program that preserved privacy rights they ignored in favor of the illegal wiretap program.

There’s lots more in the story–including Michael Hayden explaining to Roark that the government chose not to protect Americans’ privacy in the warrantless program because they “had the power” not to.

She asked Hayden why the N.S.A. had chosen not to include privacy protections for Americans. She says that he “kept not answering. Finally, he mumbled, and looked down, and said, ‘We didn’t need them. We had the power.’ He didn’t even look me in the eye. I was flabbergasted.” She asked him directly if the government was getting warrants for domestic surveillance, and he admitted that it was not.

Go read the whole thing.

Government Claims Classified Information Procedures Act Also Applies to Unclassified Information

/in , /by

The government’s making outrageous secrecy claims again, this time in the Thomas Drake NSA leak case.

As Steven Aftergood first reported, the government is trying to protect unclassified information using the CIPA process, basically making substitutions for information that its own expert says is not classified. They’re doing this by citing the National Security Agency Act, which protects National Security Agency information in civil cases; for precedent, they’re citing a bunch of civil cases, primarily FOIA. In other words, they’re trying to use civil standards to gain an advantage in a criminal case, using a tool the name of which–Classified Information Procedures Act–makes clear that it applies only to classified information.

Just as interesting as yet another example of the government abusing legal process to try to expand government secrecy is what appears to be their goal.

The defense explains that the government dumped this claim on the defense after the preliminary CIPA discussion happened, basically just informing the defense it would provide substitutions for unclassified information by actually proposing substitutions.

Of the government’s proposed substitutions, roughly a quarter of it substituted unclassified information.

Among the objections noted by the defense was the fact that the government had proposed a significant number of substitutions or redactions for unclassified information, a measure that CIPA does not permit or contemplate. This included information in the government’s own exhibit binder that its classification expert has deemed unclassified. The defense estimated that approximately 25% of the proposed substitutions were for unclassified information.

And it appears that the government is trying to obscure unclassified information in five documents that–the indictment alleges–Drake improperly retained.

The proposals included substitutions/redactions for unclassified information in the five allegedly classified documents charged in the willful retention counts.

The indictment describes those five documents this way:

  • A classified email entited “What a Success”
  • A two-page classified document deemed “the Regular Meetings” document
  • A four-page document “bearing the features of an email” titled “Volume is our Friend”
  • A three-page titled “Trial and Testing”
  • A five-page email titled “the Collections Sites”

Now, the fact that the government is trying to substitute information for unclassified information from these five documents is crucial to the way the other charges piggyback on the charges relating to each of these documents. In addition to four false statement charges and one obstruction charge that hinge on Drake’s claims about whether the information he took was classified, one of the false statement charges pertains to Drake’s claim that he only cut and paste unclassified information into a Word document.

As the defense notes (complaining that they had to reveal their defense strategy during the CIPA substitution hearings), they intend to cross-examine the government’s expert about whether this stuff is really classified.

During the four-day substitution  hearing, the defense continually noted its objection to the substitution of unclassified information considered “protected material” by the government. When asked by the Court to respond to the proposed substitutions, the defense was required to reveal its strategy, particularly as it relates to the cross-examination of the government’s expert, Ms. Murray. This, too, significantly prejudiced Mr. Drake and gave the government undeserved insight into defense strategy, which will not be reciprocated.

As it happens, when the defense first got the government’s binder full of evidence, it had Murray’s notes explaining the basis for her decisions on what was and was not classified.

On April 25, 2011, the government provided the defense with a binder of classified exhibits that it intends to introduce at trial. The exhibits in the binder contained both classified and unclassified information. Significantly, the government’s exhibits also contained numerous handwritten annotations by its classification expert, Ms. Catherine Murray, that reflect Ms. Murray’s opinion about which portions of the documents she deems classified and which portions of the documents she deems unclassified.

In other words, it seems the defense planned to (and did not object to the evidence in the binder based on that plan) to cross-examine Murray on the substance of her decisions about what was and was not classified in the documents Drake is alleged to have illegally retained and copied. It goes to the heart of the case against Drake. But the government wants to hinder the defense efforts by making sure that even things Murray decided were unclassified can’t be revealed in raw form to the jury.

It almost makes you wonder whether they hadn’t checked with their own experts before charging Drake, and belatedly discovered that much of it–according to their own expert–is not classified, and are now trying to endow that unclassified information with additional gravity by hiding it behind CIPA substitutions.

9/11 Commission Redux

/in , , /by

Spencer had a superb idea:

I don’t pretend that anything will produce an end to this new debate over torture. The fact that we’re debating torture diminishes our standing as a civilization. But moving beyond it: perhaps, after the actionable intelligence is drained from the bin Laden documents, it would be useful to reconvene the 9/11 Commission and have them review the ten-year hunt for bin Laden. It’s not helpful for something that looked like a failure on May 1 to be retconned into an inevitable, inexorable success. The tale of the bin Laden hunt — and the lessons to learn from it — is the logical final chapter of the  2004 report. And the gravitas of the 9/11 Commission, delivered through a public report, would create the closest thing possible to a narrative that can stand proudly before history.

And it would work not just for torture (though, given that the 9/11 Commission had doubts about the KSM interrogations they were reading in real time in 2003, I suspect we know what they’d conclude).

In addition to assessing whether torture, skilled interrogation by al Qaeda experts, or something else worked, the Commission could also review whether dragnet illegal wiretapping or targeted, legal wiretapping worked better; whether human missions or drones did; whether ground wars or smaller responses worked better (particularly when the ground war had nothing to do with terrorism). The Commission could develop a sense of where our counterterrorist investments paid off, and what served primarily to enrich contractors. Whether it makes sense to feel up cancer survivors at TSA gates, or whether the human screening already in place works better.

And, because we’re about due, the Commission can repeat all the non-nonsense recommendations it made 7 years ago (like scans of shipping containers) that the government refuses to put in place.

I’ve said we need a pause to figure out what has worked and what hasn’t. A 9/11 Commission 2.0 would work well for this.

The Congressman from NSA Wants Contractor Contributions to Remain Secret

/in , /by

To be fair, Steny Hoyer can’t lay sole claim to be the Congressman representing the National Security Agency–the NSA actually gets three Congressmen: Steny, John Sarbanes, and Dutch Ruppersberger.

But I think it fair to note that Steny has, at key times, been the beneficiary of big political contributions from corporations with NSA sensitivities–like AT&T and Mantech. Just as notably, he’s gotten even bigger money from the banksters (particularly JP Morgan Chase, which has its own chunk of federal business) and other finance companies that ruined our economy.

In other words, Steny’s opposition to contractor transparency might be considered self-interest.

Minority Whip Steny Hoyer (D-Md.) said government contracts should be awarded based solely on the reputation of the company and the substance of its bid. The issue of political contributions, he said, has no place in the process.

“The issue of contracting ought to be on the merits of the contractor’s application and bid and capabilities,” Hoyer told reporters at the Capitol. “There are some serious questions as to what implications there are if somehow we consider political contributions in the context of awarding contracts.”

Now, perhaps it’s the reporting, but consider the logic of this funny claim: “There are some serious questions as to what implications there are if somehow we consider political contributions in the context of awarding contracts.” Who is the “we” here? Contracting officers? If they were to consider donations to affirmatively award contracts, they’d be committing Hatch Act violations and risk losing their job. But seeing big donations from, say, Mitchell Wade to a powerful Congressman like Duke Cunningham might raise concerns from contracting officers about undue influence (though admittedly, Cunningham’s staffers made it pretty clear to contracting officers what they wanted).

Is the “we” Congressmen themselves? Is Steny really suggesting that Congressmen are not aware of who their donors are, are not intimately familiar with how much they’re raking in from contractors?

Which leaves the possibility that by “we” Steny means “us,” citizens, journalists, and good government advocates. Is Steny suggesting that “we” shouldn’t consider the (ahem) possibility that members of Congress push contracts for their campaign donors? That we shouldn’t consider the implications of such possibilities?

Then again, the guy who steered warrantless wiretapping immunity through Congress might simply want to avoid making it easier for us to understand not just how contracts tie to political donations, but legislation itself.

Illegal Wiretap Leak Probe Dropped

/in , /by

According to Josh Gerstein, DOJ decided not to charge anyone in the illegal wiretap leak probe.

The Justice Department has dropped its long-running criminal investigation of a lawyer who publicly admitted leaking information about President George W. Bush’s top-secret warrantless wiretapping program to The New York Times – disclosures that Bush vehemently denounced as a breach of national security.

[snip]

The Justice Department would not discuss the current status of the probe, which began in late 2005 after the Times story was published with a formal leak complaint from the National Security Agency. However, [Thomas] Tamm’s attorney, Paul Kemp, told POLITICO he and his client were informed “seven or eight months ago” that the investigation into Tamm was over.

The information was relayed during a meeting with the prosecutor handling the case, William Welch, Kemp said. The Justice Department recently issued Tamm a letter confirming that the probe had concluded, the defense attorney said.

Prosecutors also appear to have lost interest in a former National Security Agency official who also publicly acknowledged being a source for the Times on the warrantless wiretapping story, Russell Tice. An attorney for Tice, Joshua Dratel, said it has been several years since prosecutors contacted him about the investigation.

Gerstein discusses the possibility that the investigation was dropped because it was found to be illegal.

“What leaps out to me is the fact that the program was arguably illegal, so while that does not provide a legal defense or immunity to the leaker, from a practical jury-appeal standpoint, which a seasoned prosecutor should consider, how appealing is the case going to be if they’re prosecuting government attorneys for disclosing the program but … the people who were doing the wiretapping don’t get prosecuted?” asked [Peter] Zeidenberg, who was a prosecutor on the leak-related case against Bush White House aide Lewis Libby. “How would you like to be the prosecutor to get up there and make that argument?”

Note, Vaughn Walker’s decision against the government in the al-Haramain case was just over a year ago, so it may be that his decision provided a big disincentive to the government to pursue the case.

Of course, that raises the possibility that the same might be true for Bradley Manning. Granted, his case will not be judged by a jury of civilians; he will have a military jury. Still, as more and more documents he allegedly leak reveal our government’s knowing cover-up that it was detaining innocent people and abetting Iraqi torture, it may make it a lot less palatable to argue against Manning.

CIFA 2.0 Back in the Outsourcing Business

/in , , /by

Remember the Counterintelligence Field Activity (CIFA)? Here’s how I described it back in 2007.

CIFA is, along with the National Security Letters Congress is now cracking down on, probably the biggest abuse of civil rights and privacy BushCo has hatched up. It was designed to gather intelligence on threats to defense installments in the United States–to try to collect information (in the TALON database) on threatening people scoping out domestic bases. But it ended up focusing on peace activists and the lefty blogosphere’s own Jesus’ General70 percent of CIFA’s employees are contractors, a figure that makes it a prime candidate for politicized contracting scandal.

Among the contractors spying on Americans was MZM, one of the companies that bribed Duke Cunningham. Prosecutors in that case started investigating MZM’s CIFA contracts in May 2006. Three months after that, the top two managers at CIFA, who had directed CIFA keep sending MZM contracts, resigned suddenly. When DOD’s Inspector General tried to investigate CIFA in 2007, it discovered (it claimed) that the entire CIFA database had been destroyed in June 2006, just as prosecutors were closing in on those contracts.

Later, in 2008, just as CIFA was claiming it couldn’t publicly reveal its unclassified contracts, we learned that Stephen Cambone (who had led one of the inquiries into CIFA), had won a contract from it, sort of a payoff for not finding anything, I guess.

Later that year, DOD “disestablished” CIFA.

Or rather, they renamed it, calling it the Defense Counterintelligence and Human Intelligence Center. Then, last year, we learned that database DOD claimed had been destroyed in 2006 really hadn’t been, and CIFA 2.0 was getting back in the business of keeping a database of information on big threats to the US like Quakers and bloggers.

The Defense Intelligence Agency wants to open a new repository for information about individuals and groups in what appears to be a successor to a controversial counterintelligence program that was disbanded in 2008.

The new Foreign Intelligence and Counterintelligence Operation Records section will be housed in DIA’s Defense Counterintelligence and Human Intelligence Center, or DCHC, formed after the demise of the Counterintelligence Field Activity, or CIFA, according to an announcement that appeared Tuesday in the Federal Register.

The “activity” was disbanded, but evidently not its records database, which seems to be headed to the new unit. One of the criticisms of CIFA was that it vacuumed up raw intelligence on legal protest groups and individuals from local police and military spies.

When the DCHC was launched in 2008, the Pentagon said “it shall NOT be designated as a law enforcement activity and shall not perform any law enforcement functions previously assigned to DoD CIFA.”

Why the new depository would want such records while its parent agency no longer has a law enforcement function could not be learned. Not could it be learned whether the repository will include intelligence reports on protest groups gathered by its predecessor, CIFA.

The only thing left, at that point, was to figure out what defense contractor was getting rich spying on American citizens.

The answer? Lockheed Martin.

Lockheed Martin has openings for talented and motivated professionals in the counterintelligence (CI) field to be part of an evolving and highly specialized team that will provide direct support to the Defense Intelligence Agency’s (DIA) Defense Counterintelligence and Human Intelligence Center (DCHC).

The team Lockheed Martin is assembling a team which will function in CI areas such as: force protection; support to Joint Terrorism Task Force (JTTF); CI in Cyberspace; research, development and acquisitions; critical infrastructure protection; CI support to Offensive CI Operations; analysis & production (A&P); collections; campaigns; policy; assessments; TSCM; security; information assurance, and Enterprise governance support (administrative).

Not only is the entire concept wrong, using contractors to spy on Quakers and bloggers. Not only is it especially troublesome that Lockheed–a company with close ties to NSA–is doing this work (which would make it easy for reports from physical surveillance to migrate into the signals surveillance NSA does). But note what else is now included in CIFA 2.0: “CI in Cyberspace.” That is, Lockheed with its close ties to NSA is now in charge of spying on those claimed to present an online counterintelligence threat to the United States. And maybe doing things like hacking a media site to try to exercise illegal prior restraint.

One Good Reason the WaPo Should NOT Get Kudos for Its “Top Secret” Series

/in , , , /by

The WaPo has an article out that’s causing quite a stir. It bemoans the fact that the CIA has lost much of its top managers since 9/11.

More than 90 of the agency’s upper-level managers have left for the private sector in the past 10 years, according to data compiled by The Washington Post. In addition to three directors, the CIA has lost four of its deputy directors for operations, three directors of its counterterrorism center and all five of the division chiefs who were in place the day of the Sept. 11 attacks and responsible for monitoring terrorism and instability across the world.

Let’s name some of the people they’re talking about, shall we?

  • George “Slam Dunk” Tenet
  • Porter Goss
  • Michael Hayden
  • John McLaughlin
  • Stephen Kappes
  • Jose Rodriguez
  • Cofer Black
  • Robert Grenier

Several of these people were instrumental in trumping up propaganda to justify a war of choice. Several others implemented a system of rendition and torture. One of them helped the Vice President set up an illegal domestic wiretap program. The least compromised, legally (Grenier), probably was less than forthcoming under oath in the CIA Leak Case.

Really?!?! We’re bemoaning the fact that this parade of criminally and morally compromised people are no longer in a position of top leadership (though a number of them are still on the federal gravy train as contractors)?

There’s also little consideration of why and where Black went when they left: the urge to have mercenaries as a way to evade legal limits drove some of this exodus as much as money.

Two (digital) pages later, the WaPo finally gets around to the real problem with the exodus of more junior level officers: the loss of functional expertise.

In 2009, after a double-agent blew himself up at a CIA base in Afghanistan, killing seven of the agency’s officers, many former officials suggested that the tragedy might have been prevented had the CIA retained more senior personnel at the outpost.

Some officials questioned why the agency had given one of the top assignments there to an officer who had never served in a war zone. Other former officials raised concerns about how intelligence assets were being handled in the field.

“The tradecraft that was developed over many years is passe,” a recently retired senior intelligence official said at the time. “Now it’s a military tempo, where you don’t have time for validating and vetting sources. . . . All that seems to have gone by the board. It shows there are not a lot of people with a great deal of experience in this field.”

In other words, the problem with contracting is far more complex than the WaPo, in a fairly long article, was able to explain. And in the process, the WaPo never explained a lot of the nuances behind what it sold as its top line story: the departure of the top managers.

I’m not saying the WaPo hasn’t done a lot of work on this story overall. But telling a story–particularly one as complex and important as this one–is more than collecting data points.

DOD Considers Illegal Data Mining Part of Capital Crime

/in , /by

I’ve written two posts on the software that Bradley Manning is alleged to have loaded onto SIPRNet (here, here). Wired has now gotten a little more detail about what the software was: DOD says it was some kind of data mining software, though they won’t say of what kind. Wired goes on to suggest that presence of the software may make it easier for DOD to prove intent with Manning (though I rather suspect the idea is to prove collaboration with WikiLeaks personnel; furthermore, Wired’s tie of the data mining software to Manning’s alleged illegal access of the State cables has one problem–that he probably couldn’t access such things after he got demoted).

But the entire time I read the following passages, I couldn’t help but think of the illegal data mining DOD’s component, NSA, conducted on American citizens in 2004 even after Congress had specifically defunded such activities.

Accused WikiLeaks source Pfc. Bradley Manning installed and used unauthorized “data-mining software” on his SIPRnet workstation during the time he allegedly siphoned hundreds of thousands of documents off that classified network, the Army said Friday in response to inquiries from Threat Level.

Manning’s use of unauthorized software was the basis of two allegations filed against him this year in his pending court martial, but the charge sheet listing those allegations was silent on the nature of that software.

On Friday, an Army spokeswoman clarified the charges. “The allegations … refer to data-mining software,” spokeswoman Shaunteh Kelly wrote in an e-mail. “Identifying at this point the specific software program used may potentially compromise the ongoing criminal investigation.”

[snip]

If Manning installed data-mining software on his SIPRnet workstation, that could potentially strengthen the government’s case against the alleged leaker.

After all, Wired at least suggests data mining is proof of guilt. Yet the agency that may be crafting such arguments not only violated privacy laws for years, but continued to data mine Americans for months after Congress had specifically prohibited funding from being used for such things. And DOD now wants to prosecute the person it alleges engaged in such illegal data mining with a capital crime.

Maybe the whole thing would be more credible if our government hadn’t become such a criminal itself?

Putting “Really Mushy” Functions in a Department that Refuses to Be Audited

/in /by

Noah Shachtman points to NextGov’s unsuccessful attempt to define how much DOD plans to spend on cybersecurity next year. DOD or its components have offered three different versions:

  • DOD’s mid-February report it would spend $2.3 billion
  • Air Force’s mid-February report it, by itself, would spend $4.6 billion
  • DOD’s March 23 revised report it would spend $3.2 billion

Part of the problem, as Shachtman explains in the NextGov piece, is that the definition of what counts as cybersecurity is not yet well defined.

“All of this stuff is still really mushy,” Shachtman said. Further obscuring visibility into the budget is the fact that some cybersecurity funding is classified at Defense components such as the NSA. Meanwhile, Cyber Command presents a new spending variable, he noted.

“Exactly where the NSA ends and the Cyber Command ends is a very open question,” Shachtman said. “How the Cyber Command is supposed to interact with the services is still being worked out.” He predicted it will take years to untangle the process of budgeting for federal computer security.

While you’re trying to get your head around how the Air Force has a bigger budget than the whole DOD for cybersecurity, remember a couple of things.

First, both the Air Force and DOD generally have stated policies of not telling Congress about Special Access Programs (in the case of Air Force) or clandestine cyberops. So to the extent that this mushy budget is mixed in with cyberops (as distinct from cybersecurity), there’s a decent chance Congress isn’t seeing all of it.

But even if Congress decided to look, to the extent that NSA (or CyberCommand, which General Keith Alexander also commands) has a hand in it, Congress is almost guaranteed to be unable to track it closely. That’s because NSA books can’t be audited and apparently NSA doesn’t intend to fix those problems.

Now all of would be pretty funny except that, insofar as the government can’t distinguish between legitimate cybersecurity (you know, preventing hackers and leakers from using thumb drives to upload malware and download entire databases) and cyberwar financially, there’s a decent chance they can’t do so organizationally either.

Or to put it in more tangible terms, HB Gary’s past governmental work has been about cybersecurity–assessing malware and finding intrusions. But they’ve been proposing collecting information about citizens’ First Amendment activity to use to target those citizens. And the Air Force–that entity with a cybersecurity budget bigger than all of DOD’s cybersecurity budget–is the service that was engaging cybersecurity firms to develop persona management software.

But aside from that, why should we be worried that such dangerous entities are organizationally such a clusterfuck?