Posts

Will Michael Vickers Now Be Subjected to Forced Nudity?

/4 Comments/in /by

If you’ve been following the Bradley Manning case at all, you know the government treats alleged leakers by inventing reasons to take away their clothes away.

So I wonder whether they’ll now subject Undersecretary of Intelligence Michael Vickers–who, DOD’s Inspector General has determined, provided the identity of a Special Operations planner to the makers of Zero Dark Thirty.

Pentagon investigators concluded that a senior Defense Department official who’s been mentioned as a possible candidate to be the next CIA director leaked restricted information to the makers of an acclaimed film about the hunt for Osama bin Laden, and referred the case to the Justice Department, according to knowledgeable U.S. officials.

[snip]

The case involved a determination by investigators of the Pentagon’s inspector general’s office that Vickers provided the makers of the film “Zero Dark Thirty” with the restricted name of a U.S. Special Operations Command officer who helped plan the May 2, 2011, raid on bin Laden’s hideout in Pakistan, one official said.

Though perhaps the best comparison is not between Vickers and Manning, but between Vickers and Kiriakou. Both, after all, gave the name of someone who might not be all that protected to a third party so they could conduct further investigation. With both, the name did not become public via this leak.

And John Kiriakou’s headed to prison.

There’s little chance Vickers will experience a similar fate as Kiriakou though. As McClatchy notes, the Administration has already declassified a report showing Vickers providing this name. DOJ has been sitting on the referral since September. And McClatchy’s sources are discussing how this will affect Vickers’ chances of becoming CIA Director, not whether anything worse will happen.

Even Peter King, who demanded the investigation in the first place, does not want an indictment, but appears to prefer instead to politicize the fact that he hasn’t been told about Vickers’ role.

King told McClatchy that the delay in notifying him “raises the question” of whether officials were trying to put it off for political reasons, but he wanted to see the full report before drawing any conclusions.

I’m not looking for anyone to be indicted,” he said. “But the IG does not make referrals to the Justice Department as a matter of routine. To me the fact that any information at all would be given to Hollywood producers by this administration is disgraceful.”

“If it’s wrong enough or questionable enough for the IG to refer it to the Justice Department, that means it shouldn’t have been done.” [my emphasis]

Yes, I imagine Peter King wouldn’t want to encourage top people being indicted for leaking classified information…

Which demonstrates, once again, what our classification system really is. It is not a law, to be applied neutrally to all. On the contrary, it is applied selectively, used primarily as a threat tied to higher wages tied to a clearances, but on occasion, as the premise to punish those who deviate from NatSec orthodoxy.

Update: This post originally stated Kiriakou was already in prison. He’s not. As Thomas Drake corrected me, he’s scheduled to be sentenced next month.

Spooks in Wolf’s Clothing

/15 Comments/in , , /by

We’ve known for some time that the military was rolling out its new-and-improved HUMINT function, the Defense Clandestine Service. But this article–laying out the ambitious goals of the program–is all the more interesting given several events that transpired since the NCS announcement: specifically, the Benghazi attack and the Petraeus resignation.

Part of the logic behind the move, the article explains, is that CIA is already overstretched; this will allow CIA to task DIA resources with the collection driven by military, rather than policy, needs.

The project was triggered by a classified study by the director of national intelligence last year that concluded that key Pentagon intelligence priorities were falling into gaps created by the DIA’s heavy focus on battlefield issues and CIA’s extensive workload.

Over and over, the article suggests the CIA is so busy in part because of its involvement in the drone program.

Through its drone program, the CIA now accounts for a majority of lethal U.S. operations outside the Afghan war zone.

[snip]

The CIA is increasingly overstretched. Obama administration officials have said they expect the agency’s drone campaign against al-Qaeda to continue for at least a decade more, even as the agency faces pressure to stay abreast of issues including turmoil across the Middle East. Meanwhile, the CIA hasn’t met ambitious goals set by former president George W. Bush to expand its own clandestine service.

If the drone program has sucked up CIA’s time, the agency doesn’t appear to be complaining about it. On the contrary, the recently-departed David Petraeus demanded more drones, not more resources for HUMINT.

The suggestion, then, is that CIA is too busy to collect HUMINT because it is so busy being a paramilitary organization. 

But look at the topics DIA is said to be focusing on.

Among the Pentagon’s top intelligence priorities, officials said, are Islamist militant groups in Africa, weapons transfers by North Korea and Iran, and military modernization underway in China.

[snip]

The CIA doesn’t want to be looking for surface-to-air missiles in Libya” when it’s also under pressure to assess the opposition in Syria, said a former high-ranking U.S. military intelligence officer who worked closely with both spy services. Even in cases where their assignments overlap, the DIA is likely to be more focused than the CIA on military aspects — what U.S. commanders in Africa might ask about al-Qaeda in Mali, for example, rather than the broader questions raised by the White House. [my emphasis]

With the argument thus laid out, Greg Miller might well have said, “DIA needs the DCS to avoid another Benghazi.” Read more

DOD’s New Anti-Leak Plan: Turn Michael Vickers into a Blogger

/8 Comments/in , /by

DOD just rolled out its new plan to combat national security leaks. (h/t Jason Leopold) At its core is a “top-down” approach: to have the Under Secretary for Defense of Intelligence, Mike Vickers, to review all major reporting to look for leaks.

To ensure greater accountability and tracking of unauthorized disclosures, Secretary Panetta is directing a new “top down” approach as well.  The Undersecretary of Defense for Intelligence, in consultation with the Assistant Secretary for Public Affairs, will monitor all major, national level media reporting for unauthorized disclosures of defense department classified information.

One one level this seems like a good idea. I mean, I’m a blogger, and I usually have a better idea of who’s leaking than the people overseeing Executive Branch agencies. But hey, I don’t want to shortchange journalists; Walter Pincus performs a nice bit of leak debunkery with this piece, for example.

But there does seem to be one problem with the plan to have Mike Vickers watch for any security breaches. Doesn’t he have a day job? Isn’t he supposed to be watching the Taliban and China and cyberattacks? Have we gotten so paranoid that one of our top intelligence people is going to spend his time watching journalists than watching our military enemies?

On another issue, though, DOD is to be congratulated. Today’s release also revealed that, within the last few months, it has put in place the no-brainer security fixes that it promised in response to the WikiLeaks breach.

Lockdown of removable storage device use on the Defense Secure Network (SIPRNET).  The department has deployed a host-based security system (HBSS) tool to virtually monitor every defense department computer.  HBSS prevents the downloading of information onto removable storage like DVDs, CDs, and memory sticks, with very limited exceptions.  The tool also sends an alarm any time someone tries to write classified information to such removable storage.  For authorized exceptions, the tool audits any downloads of information.

Improved monitoring of DoD networks.  The department issued a cyber identity credential (Public Key Infrastructure certificate) to every person operating on the department unclassified network.  That process is underway for the classified network as well. Department personnel are working with other federal departments and agencies to help them issue the same cyber identity credential to all employees who need to access any of the government’s secret networks.

Improving the auditing of information accesses so as to spot anomalous behavior.  Department information officers are assessing the use of HBSS and other tools to collect and centralize data about information accesses to more quickly improve detection of malicious insiders.

Though of course, DOD promised to impose some controls on removable media in 2008, when someone introduced malware into DOD’s networks via a thumb drive. So after 4 years, DOD should be congratulated for finally closing the Lady Gaga security hole.

Congress to DOD: You Must Start Briefing Us on (Some) Cyberwar Now

/in /by

Robert Chesney notes that the HASC Mark on the Defense Authorization bill includes a section on cyberwar. Here’s the entire section:

This section would affirm that the Secretary of Defense has the authority to conduct military activities in cyberspace. The committee recognizes that because of the evolving nature of cyber warfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace.

In particular, this section would clarify that the Secretary of Defense has the authority to conduct clandestine cyberspace activities in support of military operations pursuant to the Authorization for the Use of Military Force (Public Law 107-40; 50 U.S.C. 1541 note) outside of the United States or to defend against a cyber attack on an asset of the Department of Defense.

The committee notes that al Qaeda, the Taliban, and associated forces are increasingly using the internet to exercise command and control as well as to spread technical information enabling attacks on U.S. and coalition forces in areas of ongoing hostilities.

While these terrorist actions often lead to increased danger for U.S. and coalition forces in areas of ongoing hostilities, terrorists often rely on the global reach of the internet to communicate and plan from distributed sanctuaries throughout the world. As a result, military activities may not be confined to a physical battlefield, and the use of military cyber activities has become a critical part of the effort to protect U.S. and coalition forces and combat terrorism globally.

In certain instances, the most effective way to neutralize threats and protect U.S. and coalition forces is to undertake military cyber activities in a clandestine manner. While this section is not meant to identify all or in any way limit other possible military activities in cyberspace, the Secretary of Defense’s authority includes the authority to conduct clandestine military activities in cyberspace in support of military operations pursuant to an armed conflict for which Congress has authorized the use of all necessary and appropriate force or to defend against a cyber attack on a Department of Defense asset.

Because of the sensitivities associated with such military activities and the need for more rigorous oversight, this section would require quarterly briefings to the congressional defense committees on covered military activities in cyberspace.

While Chesney focuses on the use of “clandestine” in this passage (which I’ll return to), I think one of the key phrases is simply the requirement that DOD brief the Armed Services Committees quarterly on what it’s doing in cyberspace. As the AP reported in January, the SASC complained during the confirmation hearings of Michael Vickers that they weren’t getting briefed on clandestine cyberwar activities. Vickers claimed in response that the law only required that DOD brief Congress on human clandestine activities.

The Senate Armed Services Committee voiced concerns that cyber activities were not included in the quarterly report on clandestine activities. But Vickers, in his answer, suggested that such emerging high-tech operations are not specifically listed in the law — a further indication that cyber oversight is still a murky work in progress for the Obama administration.

Vickers told the committee that the requirement specifically calls for clandestine human intelligence activity. But if confirmed, he said, he would review the reporting requirements and support expanding the information included in the report.

So this section appears to close Vickers’ loophole, now requiring that DOD brief Congress on its activities in its quarterly clandestine activities reports.

In addition to legally demanding briefings, the section appears to affirmatively approve–as clandestine activities–cyberattacks against an AUMF-authorized target (so, al Qaeda and people like Anwar al-Awlaki we claim to be included in AUMF), and cyberdefense against an attack on an asset of DOD.

By the way, anyone want to speculate whether a Specialist allegedly downloading several databases onto a Lady Gaga CD constitutes a cyberattack on a DOD asset? Because if this permission includes WikiLeaks, then this section might be retroactively authorize attacks–say, DNS attacks on US-based servers–on WikiLeaks (note that DOD can attack outside the US, but such geographical limits are not placed on defensive actions).

In any case, as Chesney emphasizes, this section specifically authorizes attacks on AUMF-authorized targets and defense against attacks on DOD targets. Chesney notes that by calling these activities “clandestine,” it makes them a Traditional Military Activity.

That is to say, the language in § 962 refers to DOD authority to engage in cyber operations which are mean to go undiscovered but not meant to be denied.  That alone would presumably keep them from being categorized as a “covert action” subject to presidential finding and SSCI/HPSCI notification requirements.  Yet one can imagine that this does not quite suffice to solve the boundary dispute, insofar as it might not be clear on the front end that one would be willing to acknowledge sponsorship of an operation publicly if it becomes known…and indeed it might well be that the activity is very much meant to be both concealed and denied, making it hard at first blush to show that the activity is not a Title 50 covert action after all.  But in at least some instances there is a separate reason it should not be deemed a covert action: i.e., when the action is best understood as a high-tech equivalent to a traditional military activity (the “TMA” category being an explicit exception to the T50 covert action definition).  And that appears to be the case with the two categories explicitly described above, or at least arguably so.

The explanatory statement accompanying § 962 supports this reading.  It opens by stating that

[t]he committee recognizes that because of the evolving nature of cyber warfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace.

So, to summarize, this section appears to affirmatively authorize two types of activities, defining them as clandestine operations, and mandating that Congress get quarterly briefings on them.

But note this clause: “this section is not meant to identify all or in any way limit other possible military activities in cyberspace.”

So, it appears, there may be these two types of explicitly authorized clandestine operations, and then the stuff John Rizzo warned about.

I did want to mention–cause I find this interesting–cyberwarfare, on the issue of cyberwarfare. Again, increasing discussion there clearly is an active arena, will continue to be active. For us lawyers, certainly for the lawyers in the intelligence community, I’ve always found fascinating and personally I think it’s a key to understanding many of the legal and political complexities of so-called cyberlaw and cyberwarfare is the division between Title 10, Title 10 operations and Title 50 operations. Title 10 operations of course being undertaken by the Pentagon pursuant to its war-making authority, Title 50 operations being covert action operations conducted by CIA.

Why is that important and fascinating? Because, as many of you know being practitioners, how these cyber-operations are described will dictate how they are reviewed and approved in the executive branch, and how they will be reported to Congress, and how Congress will oversee these activities. When I say, “these activities,” I’m talking about offensive operations–computer network attacks.

This issue, this discussion, has been going on inside the executive branch for many years, actually. I mean I remember serious discussions during the Clinton Administration. So, again, this is not a post-9/11 phenomenon. Now, I’m speaking her from a CIA perspective, but I’ve always been envious of my colleagues at the Department of Defense because under the rubrik of Title 10, this rubrik of “preparing the battlefield.” They have always been able to operate with a–to my mind [?] a much greater degree of discretion and autonomy than we lawyers at CIA have been, have had to operate under, because of the various restrictions and requirements of Title 50 operations. Covert actions require Presidential Findings, fairly explicit reports to the Intelligence Oversight Committees. We have a very, our Intelligence Committees are … rigorous, rigorous and thorough in their review. I’ve never gotten the impression that the Pentagon, the military, DOD is subject to the same degree of scrutiny for their information warfare operations as CIA. I’m actually very envious of the flexibility they’ve had, but it’s critical–I mean I guess I could say interesting but critical how–I mean if there were operations that CIA was doing, they would be called covert actions, there’s no getting around that. To the extent I’ve ever understood what DOD does in this arena, they certainly sound like covert actions to me but given that I’ve had more than my hands full over the years trying to keep track of what CIA’s doing at any given time, I’ve never ventured deeply into that area. But I think it’s fascinating. [my emphasis]

Now, maybe this section just politely puts the kibosh on all of this Title 50 masquerading as Title 10 stuff, stuff done under the auspices of DOD to avoid the oversight requirements that Title 10 intelligence operations would require. Maybe this section limits DOD’s activities to its two authorized clandestine activities.

But I doubt it. With the language about not limiting DOD to these two functions, you can pretty much assume there’s some Special Access Programs (like the kind the Air Force refuses to talk to Congress about) not safe to be mentioned in public documents like laws.

Look on the bright side, though: Congress is at least requiring that DOD brief Congress on some of the secret stuff they’re doing in cyberspace.

Update: Specialist corrected per Ralph.

Hiding our Cyberwar from Congress

/in /by

The AP noticed something troubling in Michael Vickers’ response to the Senate Armed Services Committee questions on his nomination to be Undersecretary of Defense for Intelligence: the government did not include descriptions of its cyberwar activities in the quarterly report on clandestine activities.

The Senate Armed Services Committee voiced concerns that cyber activities were not included in the quarterly report on clandestine activities. But Vickers, in his answer, suggested that such emerging high-tech operations are not specifically listed in the law — a further indication that cyber oversight is still a murky work in progress for the Obama administration.

Vickers told the committee that the requirement specifically calls for clandestine human intelligence activity. But if confirmed, he said, he would review the reporting requirements and support expanding the information included in the report.

Now, Vickers apparently portrays this as a matter of legal hair-splitting: since the law doesn’t explicitly require information on cyberwar activities, DOD didn’t give it.

But the story reminded me of something Steven Aftergood reported last month: the Air Force has explicitly prohibited anyone cleared into Air Force Special Access Programs from sharing any information on those programs with Congress.

The Air Force issued updated guidance (pdf) last week concerning its highly classified special access programs, including new language prohibiting unauthorized communications with Congress.

[snip]

“It is strictly forbidden for any employee of the Air Force or any appropriately accessed organization or company to brief or provide SAP material to any Congressional Member or staff without DoD SAPCO [Special Access Program Central Office] approval.  Additionally, the Director, SAF/AAZ will be kept informed of any interaction with Congress.”  See Air Force Policy Directive 16-7, “Special Access Programs,” December 29, 2010.

Mind you, nothing says the SAPs the Air Force wants to hide from Congress pertain to cyberwar; after all, they might just be hiding our latest and greatest drone programs. Likewise, there’s no reason to believe that the cyberwar activities DOD didn’t describe to Congress are Air Force activities.

But there seems to be some interesting carving out of programs to hide from Congress.

Update: One more point on this: Every time Keith Alexander, in his function as the head of CyberCommand, talks about the legal authority for CyberCommand, he focuses on Title 10. That reminded me of John Rizzo’s warning about the minimal oversight of Title 10 cyber-operations activities last year:

I did want to mention–cause I find this interesting–cyberwarfare, on the issue of cyberwarfare. Again, increasing discussion there clearly is an active arena, will continue to be active. For us lawyers, certainly for the lawyers in the intelligence community, I’ve always found fascinating and personally I think it’s a key to understanding many of the legal and political complexities of so-called cyberlaw and cyberwarfare is the division between Title 10, Title 10 operations and Title 50 operations. Title 10 operations of course being undertaken by the Pentagon pursuant to its war-making authority, Title 50 operations being covert action operations conducted by CIA.

Why is that important and fascinating? Because, as many of you know being practitioners, how these cyber-operations are described will dictate how they are reviewed and approved in the executive branch, and how they will be reported to Congress, and how Congress will oversee these activities. When I say, “these activities,” I’m talking about offensive operations–computer network attacks.

This issue, this discussion, has been going on inside the executive branch for many years, actually. I mean I remember serious discussions during the Clinton Administration. So, again, this is not a post-9/11 phenomenon. Now, I’m speaking her from a CIA perspective, but I’ve always been envious of my colleagues at the Department of Defense because under the rubrik of Title 10, this rubrik of “preparing the battlefield.” They have always been able to operate with a–to my mind [?] a much greater degree of discretion and autonomy than we lawyers at CIA have been, have had to operate under, because of the various restrictions and requirements of Title 50 operations. Covert actions require Presidential Findings, fairly explicit reports to the Intelligence Oversight Committees. We have a very, our Intelligence Committees are … rigorous, rigorous and thorough in their review. I’ve never gotten the impression that the Pentagon, the military, DOD is subject to the same degree of scrutiny for their information warfare operations as CIA. I’m actually very envious of the flexibility they’ve had, but it’s critical–I mean I guess I could say interesting but critical how–I mean if there were operations that CIA was doing, they would be called covert actions, there’s no getting around that. To the extent I’ve ever understood what DOD does in this arena, they certainly sound like covert actions to me but given that I’ve had more than my hands full over the years trying to keep track of what CIA’s doing at any given time, I’ve never ventured deeply into that area. But I think it’s fascinating. [my emphasis]

So John Rizzo–John Rizzo!!!–warned about how DOD’s offensive cyber-operations were eluding oversight last year. And surprise, surprise? DOD specifically left such operations out of its report on clandestine activities?