Skip to content

Email Privacy, Overseas Jurisdiction, and the 114th Congress

Friday, March 6, 2015 at 9:00 AM

Everything old is new again.  Two years ago, I wrote about a bipartisan effort (in which I was and still am participating) to update the Electronic Communications Privacy Act.  That effort, sadly, went nowhere.

I am, however, happy to report that progress is being made to revive that effort in the 114th Congress.  This year two separate but related bills are being considered in the House and Senate that bear on these issues.

One, the Leahy-Lee bill (Yoder-Polis in the House) addresses email privacy. The current structure of ECPA, which was adopted in 1986, stems from a time when nobody could imagine that anyone would ever store lots of data (like emails) for long periods of time — the expense was too great. So ECPA adopted an odd rule that communications stored for longer than 180 days would be accessible by law enforcement through a subpoena rather than by a warrant.  This had the result of making long-term stored email less well protected than, say, diaries or letters or your telephone communications.  Who knew that Gmail was in the future? Recognizing this technological oddity, the Leahy-Lee bill would update ECPA to require a warrant for access to the content of stored communications. After the Senators announced their plans to reintroduce the bill, they have done so and it how has 16 co-sponsors.  The companion House bill was introduced with 228 co-sponsors (i.e. more than 1/2 the House of Representatives) and now has 248 co-sponsors.

Meanwhile, Senator Hatch (along with Senators Coons, Heinrich and Heller) has introduced the LEADS Act (the Law Enforcement Access to Data Stored Abroad Act) (which also has a House companion).  Besides making the same warrant for email fix that applies to long-term stored content, the LEADS Act would also require the the US government to secure a warrant to access content stored by service providers in overseas data centers.  Currently, they can be accessed through a subpoena-like process.  The status and virtues of the existing law are highly contested, and the LEADS Act attempts to resolve that dispute.

Will either bill succeed this time around?  Only time will tell.  I am comforted that there is bipartisan support for the general idea of reform.  To be sure, some questions may need further addressing, not the least of which is the SEC’s benighted effort to secure a carve-out for itself — a result that would have the perverse effect of driving civil investigations as a subterfuge for criminal ones.

Chris Jenks on the Petraeus Plea

Friday, March 6, 2015 at 8:28 AM

The estimable Chris Jenks writes in from Australia with the following thoughts on my piece yesterday on the David Petraeus plea:

Appreciated your comments on Petraeus. One additional factor which resonates with me and I think most military folks is that Petraeus was a general court martial convening authority for a decade or more. He decided what cases were referred to a court-martial. He decided on the terms of plea deals. He decided what post trial clemency should or should not be given.  He has sent people to jail and ended careers for far less than what he did.

Also absent from the discussion was how apparently the Army was not interested in recalling him to active duty and taking action against him for misconduct that occurred while on active duty. Instead, he will continue to receive 4 star general retired pay, literally the most [money] anyone in the US military could potentially receive.

Personally, I would have liked to have seen the Army recall him to active duty, charge him, and then allow [him] to retire as, say, a 2 or 3 star and without a clearance.

For Your Listening Enjoyment

Thursday, March 5, 2015 at 8:17 PM

Two new podcasts for your listening pleasure.

Here’s this week’s episode of Rational Security, on which Shane Harris, Tamara Cofman Wittes, and I discuss Susan Rice’s speech to AIPAC, recent developments in Guantanamo litigation, and the Hillary Clinton email flap. As an added bonus, Shane brings in the business card of an actual Russian spy. (You can subscribe to Rational Security through our RSS feed, on iTunes, or on Stitcher.)

And here’s the latest episode of The Chess Clock Debates, which features a discussion of Israeli Prime Minister Bibi Netanyahu’s speech before the U.S. Congress. Whose fault is the faltering relationship between the United States and its closest Middle Eastern ally? Natan Sachs of the Brookings Institution argues that Bibi is to blame. David Hazony of the Israel Project puts the blame on Barack Obama. (You can subscribe to the Chess Clock Debates though our RSS feed, on iTunes, or on Stitcher.)

Thoughts on the Petraeus Plea

Thursday, March 5, 2015 at 4:00 PM

Over at The Intercept, Peter Maass complains that the plea deal for David Petraeus is “yet another example of a senior official treated leniently for the sorts of violations that lower-level officials are punished severely for.”

At Bloomberg View, by contrast, columnist Eli Lake argues that, while wrong, Petraeus’s sins are just not that big a deal. This sort of leak, he says, is “part of the fabric of the national security state. Leaks are how the mid-level sends messages to the top level. Leaks are how senior bureaucrats and junior senators press favored policies and carry out grudges. Giving sympathetic authors access to state secrets is also how powerful generals and cabinet secretaries burnish their images.”

Over at Foreign Policy, meanwhile, Rosa Brooks warns against shadenfreude: “Schadenfreude should be resisted. It’s unbecoming. Remember how your mother used to warn you not to make faces, because your face might stick that way? The same applies here. But in the case of Petraeus, there’s yet another reason to avoid schadenfreude: It tempts us to draw the wrong lessons.” What’s the right lesson? “Our legal framework for classifying information and dealing with its disclosure is all messed up.”

Count me with Maass on this one. As much as it pains me to say it, I don’t think the Petraeus deal is defensible based on the conduct described in the stipulation of facts. The allegations to which Petraeus has agreed in this document are pretty egregious. And while the analogies Maass draws to other cases are faulty ones, he is not wrong that it sends a terrible message when the people at the top walk away with misdemeanor, no-jail-time plea deals for giving highly classified material to their girlfriends and lying about it to the FBI while mid-level leakers do real time.  Read more »

Yesterday in U.S. v. Tsarnaev: Prosecution Witnesses

By and
Thursday, March 5, 2015 at 3:00 PM

With opening statements made, prosecutors in the capital case against Dzhokhar Tsarnaev commenced their presentation of evidence.  An overview of the day’s testimony—which spanned some of the morning and all of the afternoon—follows below.

Morning Session

Taking the witness stand first was Thomas Grilk, Executive Director of the Boston Athletic Association, which organizes the Boston Marathon each year. Prosecutor William Weinreb started his examination slowly, gradually teasing out the mechanics and magnitude of the Boston Marathon. Among other things, Grilk described the history of the marathon, its close connection to Patriots Day, the demographic makeup of the roughly 27,000 runners that participate each year, and the route the marathoners took as they made their way to finish line at Boylston Street in Boston. The first exhibits to be submitted were images of the Boylston Street finish line and the surrounding area on Marathon Monday in 2013, before the bombs went off. Next were aerial diagrams of the several blocks leading up to the finish line; Grilk identified certain stores and major structures along this path.

And then came Exhibit 5, a soundless video clip showing runners crossing the finish line as the two pressure cooker bombs went off. When asked what happened after the blast, Grilk wavered for the first time in his testimony, seemingly struggling to find the words.

The defense made quick work of cross-examination, asking only a few pointed questions getting at just how well Grilk was able to vouch for the accuracy of the aerial diagrams’ depictions of the blocks leading up to the finish line.

Up second was Shane O’Hara, the store manager of Marathon Sports, located near the finish line where Tamerlan placed the first pressure cooker bomb. Weinreb got straight to the point, showing the jurors videos and images of O’Hara reacting to the blast. O’Hara described at first trying to usher people into the store and then going out to respond to cries for help. Grabbing clothes off the hangers, O’Hara rushed outside to use them for tourniquets on the injured, to staunch the flow of blood. He described as haunting the decisions he had to make about who to help, who was the most hurt. It was like a scene straight out of Saving Private Ryan, O’Hara remarked, and the streets smelled like burning hair. The defense opted not to cross-examine O’Hara. Read more »

Bits and Bytes

Thursday, March 5, 2015 at 2:00 PM

FTC v. Wyndham.  The Third Circuit heard oral argument the other day in this long-running case that will test whether or not the FTC can use its “unfair” business practices authority to sanction companies that allegedly take inadequate cybersecurity measures.  If the FTC loses, I predict the FCC will fill the void …. Stay tuned.

European perspective on the American ICANN/IANA decision.  “Officials attempting to reach a deal over the reform of Internet governance have told EurActiv that delays and the “weaponisation” of the issue in the current US political climate are threatening to ignite an international dispute.”

Silicon Valley culture and the Military.  “In the fight to defend cyberspace from its enemies, the US military is rushing to hire as many skilled hackers as it can. But no one is really sure how to get the two cultures to coexist.  Although the feds have implied they’re willing to loosen up some of their policies so that weed-smoking, basement-dwelling hacker stereotypes can work for government agencies, there are still some significant hurdles preventing the two industries from working together in earnest.”

Yesterday in U.S. v. Tsarnaev: Opening Statements

Thursday, March 5, 2015 at 11:00 AM

After weeks of protracted and highly contested jury selection, opening statements in the capital case against Dzhokhar Tsarnaev got underway yesterday, more than one month later than originally planned. I attended this part of the Boston bomber’s trial—which I summarize below.

The defendant appeared at ease when he entered the courtroom, even cracking a smile or two with one of his attorneys, Miriam Conrad. Judge O’Toole began by ruling on some last minute motions, including the prosecution’s motion to exclude mitigating evidence. Although granting the motion, Judge O’Toole acknowledged that admitting some evidence relating to Tamerlan Tsarnaev, Dzhokhar’s now dead older brother, would be unavoidable, especially given the nature of the multiple conspiracy charges against Tsarnaev.

The Prosecution’s Opening

Opening statements then began. Lead prosecutor William Weinreb took the podium, painting a vivid scene of the 2013 Boston Marathon. What started out festive and celebratory, he described, quickly turned grisly and gory. As shrapnel flew from pressure cooker bombs Tamerlan and Dzhokhar Tsarnaev detonated near the finish line—tearing through bodies and shredding flesh—three lives were claimed, hundreds injured, and countless more indelibly impacted. Those killed by the bombing: Eight-year-old Martin Richard, who was watching the marathon with his family at the railing behind which Dzhokhar Tsarnaev dropped off one of the pressure cooker bombs, as well as graduate student Lingzi Lu and restaurant manager Krystle Campbell.

Weinreb then described how a mere twenty minutes after the bombs went off, as the marathon participants and spectators scrambled to help those injured, security cameras at a Whole Foods in Cambridge captured Dzhokhar Tsarnaev purchasing some milk—and even returning to exchange his purchase for a different kind of milk. His seemingly calm demeanor immediately following the bombings, Weinreb stressed, was indicative of and consistent with Tsarnaev’s motives for the attacks, as he himself described them from inside the boat in which he hid after the Watertown shootout. Reading from the writings found inside the boat, Weinreb portrayed Tsarnaev as asking Allah to make him a martyr for avenging the crimes the United States government committed against Muslim civilians. Read more »

Today’s Headlines and Commentary

Thursday, March 5, 2015 at 8:33 AM

Tensions between the United Kingdom and Germany may be on the rise as a result of Germany’s ongoing parliamentary inquiry into foreign spying. The Telegraph explains that the parliamentary official charged with heading the investigation, Mr. Patrick Sensburg, believes that his phone has been hacked by British intelligence services.

In other spying news, new Snowden documents reveal that New Zealand has been listening in on Indonesia its Pacific Island neighbors. Reuters tells us that the small island country has shared information about countries like Fiji and the Solomon Islands with its allies, including the United States.

News continues to swirl around Hillary Clinton’s use of a personal email account and server during her tenure as Secretary of State. The New York Times traces the evolution of Ms. Clinton’s private email capabilities, the possible justifications for them. Mashable points out that most cyber experts do not agree as to how secure Ms. Clinton’s private server is. And, according to the AP, it seems the Benghazi door is being reopened in light of the new email scandal.

Secretary of Defense Ash Carter may already be running into problems within his own agency. The Daily Beast reports that Secretary Carter is none-too-pleased about military officials telling the press that the U.S. and Iraqi led coalition in Syria would be ready to reclaim major ISIS strongholds as early as this April. According to Secretary Carter, those reports may have been too optimistic.

As our readers will be aware, former CIA Director David Petraeus has pled guilty to leaking classified information on to his biographer and mistress, Paula Broadwell. There are some who think that Petraeus is getting off relatively easy, like the Los Angeles Times Editorial Board; it argues that a “double-standard” has been created for Petraeus and that the former intelligence chief should be facing jail time.

A man is in custody after firing shots at the NSA headquarters in Fort Meade, Maryland on Tuesday. The shooter did not do any damage, and it’s still unclear if he knew what he was shooting at. The Verge has the details.

Democrats in Congress have taken a step back on intervening with Iran’s nuclear program until after the March 24 negotiation deadlines between Iran and the United States. President Obama’s administration feared that any Congressional activity to review a deal with Iran would stall or even halt the ongoing negotiations, so the effective “freeze,” put in place by nine Democratic senators and one Independent, will give the negotiation parties a bit more time to come to an agreement. The Times has the story.

The Military Times reports that there will be 41,000 jobs opening to women in special operations units of the Army, National Guard and Army Reserve. The positions had previously been open to “men only” but that restriction has now been lifted.

The U.S. Ambassador to South Korea was attacked in Seoeul yesterday. CNN reports that Ambassador Mark Lippert is in stable condition after being slashed with a knife. The Korean present, Park Geun-hye was quick to condemn the act of violence, calling it not an attack on one man, but against the “South Korea – U.S. alliance.”

ICYMI: Yesterday, on Lawfare

Yishai and Jennifer released the newest installment of our Middle East Ticker.

Paul offered his opinion on the Hillary email situation, arguing that it might not be such a big deal after all, but admitted that we can’t be sure just yet.

Paul also highlighted the Supreme Court’s oral argument in Patel v. Los Angeles to rebuff the argument that the EU cares more about privacy that the US.

Jack gave us a quick and dirty review of Bruce Schneier’s new book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. Buy it here!

Bobby introduced our newest series, the Intelligence Studies Essay. Professor Stephen Slick of The University Texas-Austin penned the first installment, on “Lessons that NCTC Holds for CTIIC.”

And, the 56th episode of the Steptoe Cyerlaw Podcast is out, featuring an interview with Siobhan Gorman, formerly of the Wall Street Journal and now at the Brunswick Group.

Email the Roundup Team noteworthy law and security-related articles to include, and follow us onTwitter and Facebook for additional commentary on these issues. Sign up to receive Lawfare in your inbox. Visit our Events Calendar to learn about upcoming national security events, and check out relevant job openings on our Job Board.


Bits and Bytes

Thursday, March 5, 2015 at 8:00 AM

If you weaken crypto … you weaken crypto.  “Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including, and”  The vulnerability (deliberate use of 512-bit encyrption) is the result of our Crytpo Wars back in the 1990s. Deliberately degraded encryption is now coming back embedded in web code like some zombie.

Hybrid war in Ukraine.  “He [Putin] announced the Russian military would engage in a ‘new kind of war’ fought with ‘nonmilitary methods to achieve political and strategic goals.’  These methods, Gerasimov explained, would involve fomenting popular protests, using covert military measures and deploying special operations forces, often under the guise of peacekeeping or crisis management. Such tactics, Gerasimov insisted, had been used by the United States for decades. Now Russia would fight back in the same way.”

Hacking the Activists.  “In November 2005, during the dead of night, five black cars pulled up in front of the home of Moosa Abd-Ali Ali. The doors opened, and a group of men stepped out. They could’ve been officers, or maybe they were just hired muscle — such distinctions aren’t always clear in Bahrain. But Moosa knew they were sent by the government, and they had come for him.”

Privacy Concerns Threaten Overseas Tech.  “Since the Edward Snowden revelations of 2013, foreign governments have raised concern about the safety of their citizens’ data stored by American Internet companies.  They believe U.S. law enforcement authorities have access to any cloud-based data — and it’s putting the $174 billion industry at risk.”

3D Printing — Apocalypse Soon? “None of us want to have to report on the dark side of something like 3D printing, a technology bursting with innovation and offering resources for doing so much good in the world, exemplifying mind-boggling advancements. This is the technology that helps lives in so many ways; we don’t want to think of it as the technology that can help take them as well.”

The Middle East Ticker

By and
Wednesday, March 4, 2015 at 5:44 PM

Qatar is reportedly pushing Jabhat al-Nusra, Al-Qaeda’s official arm in Syria, to break away from Al Qaeda and form an independent entity that would also include some smaller jihadi groups such as Jaish al-Muhajirin wal-Ansar and others. The action would remove the legal obstacles preventing Qatar from supporting the group, which has been sanctioned by the UN Security Council and is designated as a terrorist group by the United States. Securing Qatari patronage would provide the struggling Nusra with badly-needed financial support that could help strengthen its ability to confront both the Islamic State and the Assad regime’s military forces. For Qatar, the relationship would offer it increased influence in the Syrian civil war. The loss of Nusra would likely be yet another blow to Al Qaeda, which has labored to remain relevant in the wake of the Islamic State’s stunning rise.

The New York Times is reporting that the Syrian opposition has begun publishing some 4,000 photos of individuals who have died in prisons under Bashar al-Assad so that family members can identify the victims and potentially serve as complainants in war crimes trials that could be filed in Europe and the United States. The pictures, which were smuggled out of Syria by the former Syrian police photographer and famous defector who goes by the pseudonym “Caesar,” are being published on two opposition websites: a Facebook page maintained by Caesar’s supporters and a site that focuses on the plight of political prisoners and missing Syrians.  As reported by the Times, “Russia’s veto power in the United Nations Security Council has posed an obstacle for referring war crimes allegations against Mr. Assad to the International Criminal Court. In providing the photos to the United States, Caesar and his supporters hoped that the Obama administration would help the legal efforts to hold the Assad government accountable.”

Egypt’s Administrative Court issued a ruling delaying indefinitely the parliamentary election process, the first phase of which was scheduled to begin on March 22, after another court ruled that a provision in the election law related to voting districts was unconstitutional. Egypt has been without a parliament since June 2012.

Saudi Arabia and South Korea have signed a memorandum on nuclear cooperation, cementing a partnership on technical cooperation, research and development, and the exchange of personnel in the field of nuclear energy. In 2010, the late King Abdullah established the King Abdullah City for Atomic and Renewable Energy with the goal of developing alternative and renewable energy resources for the country, which is the world’s largest exporter of petroleum and is entirely reliant on oil and gas for its electricity production.

In Lebanon, a draft law creating a mechanism for civil marriage has been submitted to parliament, sparking controversy. The issue of civil marriage is contentious in the country, as almost all marriages are carried out by religious bodies. Serge Torsarkissian, the lawmaker who proposed the bill, said that he hoped the draft law would facilitate more interfaith marriages and improve relations between sects in Lebanon, a country long riven by intense sectarian conflict.

Riyadh has announced a strict new policy to deal with the growing number of foreigners who live and work inside the country: foreigners who break the rules and laws of Saudi Arabia will now promptly be deported to their home countries. This includes “those who come from countries where there are conflicts, including Syria,” according to Sulaiman Yahya, the general director of passports, although he stated that Syrian nationals will not be deported directly to Syria but will instead have the option to choose where they want to go. According to Gulf News, Saudi Arabia is home to around nine million foreigners, mostly unskilled laborers and domestic helpers from Asian countries.

Cairo’s Morality Police have arrested seven men believed to be transsexuals on charges of “debauchery”—a common charge applied to men suspected of being homosexual—claiming that they had formed “a network for practicing debauchery” on social media and explaining that the government had monitored the men and set up fake Web pages to entrap them. The arrest is seen by many as yet another example of the increased persecution of Egypt’s LGBT community by the Egyptian government in recent years. According to the Independent, human rights activists called 2014 “the worst year in a decade for Egypt’s gay community, with at least 150 men arrested or put on trial.”

Abu Dhabi Global Market (ADGM), the international finance free-trade zone in Abu Dhabi, announced that it will adopt stringent new legislation to prevent money laundering and combat terrorism in line with international standards. The ADGM was established to connect the economies of the Middle East, Africa, and Asia with international financial markets and to create a financial hub “that, in time, will rank alongside the world’s leading centres.

Palestinians to formally file ICC complaint against Israel: Although the ICC prosecutor has already opened a preliminary investigation into “the situation in Palestine,” the Palestinian Authority has now decided to officially request an investigation. The complaint, which will be filed on April 1 (the earliest opportunity for the Palestinians who only recently joined the ICC), specifically targets the 2014 Gaza War and Israel’s controversial settlement policies in the West Bank. The Palestinian attempts to pursue statehood status outside of negotiations and to prosecute Israel at the ICC are viewed by the US and Israel as violations of prior commitments. Reportedly, Palestinian President Mahmoud Abbas has already rebuffed Israeli offers to release frozen funding in exchange for dropping the complaints.

Federal jury finds PLO liable for decade-old terror attacks: after a lengthy road to trial, a federal jury in New York found the Palestinian Authority and the Palestinian Liberation Organization responsible for a series of terror attacks that killed and maimed American citizens in Israel from 2002 through 2004. The politically-fraught civil judgment in Sokolow vs PLO awards the victims an initial $218.5 million (a sum that may still be tripled) under provisions of an anti-terrorism law. The Palestinians have appealed, and it will likely be very difficult for the victims to collect the damages. However, the judicial finding of fact will likely have significant impact on future litigation. (See Yishai’s separate post for a larger discussion.)

Jerusalem court opens door to Jewish prayer on Temple Mount: A Jerusalem magistrate court judge has slapped the Israeli government with a hefty financial penalty for prohibiting Jewish activist Yehuda Glick from visiting the Temple Mount. Glick, who advocates for the right of Jews to pray on the Muslim-controlled religious site, was nearly shot dead four months ago by East Jerusalem resident Mutaz Hijazi and has become a symbol for a renewed push against an Israeli police policy that prevent Jews from praying while visiting the extremely volatile holy site. The court decision is deeply dismissive of the of the police’s arguments in favor of the ban, and could put pressure on the Israeli government to either formalize the current arrangement, or change it. Any change in the status quo, however, is likely to ignite Arab outrage—both in Jerusalem and worldwide.

Kerry condemns UN Human Rights Council “obsession with Israel”: Ahead of the dueling speeches by National Security Adviser Susan Rice and Israeli Prime Minister Benjamin Netanyahu on the Iran negotiations this week, Secretary of State John Kerry appeared in Geneva before the UN Human Rights Council. He warned that the group’s “obsession” with Israel undermined the credibility of the organization as a whole. Israel has long complained about the UNHRC’s highly critical and constant focus on Israeli actions, especially in comparison with the world’s major human rights abusers. As the debate over the Iran deal intensifies, the administration is pointing to Kerry’s speech, and frequent American opposition to UN condemnation of Israel, as proof that it is fully committed to Israel’s security and legitimacy.

Today’s Headlines and Commentary

Wednesday, March 4, 2015 at 3:27 PM

Israeli Prime Minister Benjamin Netanyahu addressed Congress yesterday. In his speech, he roundly condemned the nuclear deal being negotiated between Iran and the P5+1. The Washington Post describes the speech as a “bankshot,” directed at people with little authority over the negotiations in the hopes that they will increase pressure on the Obama administration. It appears to have had such an impact already; Politico reports that Republicans have begun efforts to fast-track legislation that would make the talks harder for the administration, though Democrats who previously supported the legislation are turning against it due to this machination.

President Obama responded to the speech from the Oval Office and discounted it as offering no new ideas. But, the New York Times adds, the President must now overcome not just Republican opposition to the deal, but also a strong rebuke by the Israeli prime minister. The congressional response to the speech was largely divided along partisan lines. According to the Post, House Minority Leader Nancy Pelosi (D-CA) called the speech an “insult to the intelligence of the United States.” Senator Bob Corker (R-TN) said the speech “crystallized a lot of thinking” for those debating what role Congress should play in the talks.

In Israel,  the press and many political analysts have agreed that Prime Minister Netanyahu gave a strong speech. Critics, however, echoed President Obama’s remarks suggesting that the speech offered nothing new; political opponents said it did more harm than good, the Post reports. For its part, Iran predictably denounced the speech and claimed that it humiliated President Obama while driving a wedge between Israel and the United States. CNN has more.

Fireworks in Washington notwithstanding, negotiations over Iran’s nuclear program continued yesterday, the Post reports. Reuters adds that, according to a State Department official, the two sides made progress but still face significant obstacles before a deal can be reached. The Associated Press notes that a senior U.S. official tried to lower expectations for the framework that is supposed to be reached by the end of March. The official said the sides would try to come to a broad “understanding that’s going to have to be filled out with lots of detail.”

Iraqi troops have entered Tikrit, a city that has been controlled by ISIS since last June. Bloomberg reports that Iraqi forces took control of several sites within the city and seized two oilfields. However, experts cautioned that the Iraqi military faces a long battle to expel ISIS militants, the Post notes. ISIS may turn the fight for Tikrit into a long-term urban war of attrition — militants are already using suicide bombers and roadside explosives — which the Iraqi military and associated militias are ill-prepared to handle.

Read more »

Hillary’s Email

Wednesday, March 4, 2015 at 3:24 PM

By now, most readers will be familiar with the news reports that Hillary Clinton used a personal email account ([email protected]) for her official work while Secretary of State.  Most of the news has been about whether or not this action violated federal record-keeping requirements but few (Shane Harris being a notable exception) are asking the distinct question of whether using a private email server is a secure way of communicating even in an unclassified context.  Herewith a few quick thoughts:

  • There is no reason to think that the Clinton email system was purposefully or accidentally insecure.  Indeed, to the contrary, given the Clintons’ privacy concerns they would be expected to have taken substantial security measures.
  • Nor is there any reason to think that their system is less secure than that of the Department of State.  Less than 6 months ago, reports suggested that State’s own unclassified system had been breached.  The comparative security or insecurity of Clinton’s private system has yet to be demonstrated.  [Though one suspects that State spends far more on security that the Clintons do personally.]
  • Which leaves us with a number of questions about the Clintons’ system:
    • What security measures were used?  Was mail encrypted?  Did it use two-factor authentication?  What intrusion detection and prevention systems were in place?
    • How widely known was the existence of this email server system?  Would it have come to the attention of foreign intelligence agencies, thus becoming a target?
    • Who managed the IT and security for the system?  Who else had access to it?  Did the administrator have access to the content of emails?
    • Did the system retain sufficient records and logs such that one could now do a forensic analysis of whether any attempts had ever been made to penetrate it (and/or determine if such attempts had been successful)?
    • Reports suggest that beginning in 2012, the server was backed up to Google servers.  Most of the same questions will apply to the data stored in this back up facility as well.

Does any of this matter?  We can’t know at this point.  It depends as much on the content of the communications as it does on the security measures taken.  It also depends on whether the risk in question is a merely theoretical one on if it is one that someone attempted to actually exploit.  I suspect this is mostly a tempest-in-a-teapot, but as a test bed for thinking about cybersecurity concerns it makes for a fun bit of speculation.

American Privacy and EU Privacy

Wednesday, March 4, 2015 at 2:33 PM

Of course the US cares about privacy, just as much, if not more, than they do in the EU.  And the data are clear that in the EU, national security and law enforcement surveillance are often subject to less formal judicial control than in America.

Many have been making this case for quite some time (including my colleagues Tim Edgar and Carrie Cordero, to whose posts I’ve linked above).  One of my favorite examples of this disparity between the perception of Europe as “privacy-protective” and the reality of how law enforcement operations in Europe has always been the special case of hotel guest registration.  Several years ago, the DHS Privacy Office did a report on guest registration privacy practice that was revealing:

As of the date of this report, it remains unclear whether EU Member State law enforcement, intelligence, and security agencies actually meet the standards for the protection of personal data that European interlocutors have argued various EU laws require. The level of EU transparency in this area does not seem to meet standards imposed by US law as evidenced by the difficulty my office faced in obtaining data from official sources. In addition, numerous questions remain regarding the effectiveness in the oversight of law enforcement and security agency collection and use of hotel guest registration data in the EU.

So why hearken back to this issue — because of yesterday’s oral argument in the Supreme Court.  The case is Patel v. Los Angles and the question is whether American law enforcement can check hotel records using administrative action without the benefit of a warrant or judicial authorization … and the reports suggest that the answer is “yes.”  So, perhaps, the US isn’t worse than the EU in privacy protection — but perhaps it is no better either.

Bruce Schneier’s Important New Book

Wednesday, March 4, 2015 at 2:18 PM

Bruce has just published Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, a book that will interest many Lawfare readers.  Data and Goliath is deeply informed and accessibly written analysis of mass surveillance by firms and the government.  Part One is a terrific tutorial on big data and data mining, in the public and private sectors (and the two sectors in conjunction).  Part Two explains the many reasons Bruce thinks we should worry about big data and data mining.  And Part Three calls for very extensive limitations and regulation of public and private data collection and use.  Bruce is more worried about surveillance than I am, and his prescriptions in some respects seem self-defeating to me.  But among the book’s many virtues is that Bruce fully understands and fairly engages contrary arguments.  I have a review of the book coming out soon, and I recommend it highly.

The Intelligence Studies Essay #1: Steve Slick on Lessons that NCTC Holds for CTIIC

Wednesday, March 4, 2015 at 10:30 AM

CTIIC: Learning from the Choices and Challenges that Shaped the National Counterterrorism Center

Prof. Stephen Slick

Steven Slick is the Director of the Intelligence Studies Project at the University of Texas-Austin and a former CIA Clandestine Service officer who served as the NSC’s Senior Director for Intelligence Programs and Reform from 2005-2009. He can be reached at [email protected] The essay’s text was approved by CIA’s Publication Review Board.

A Cyber Threat Intelligence Integration Center (CTIIC) established by the Director of National Intelligence in response to a presidential directive can play a valuable role integrating and assessing cyber threat data available to the government in support of policymaking and operational responses. The CTIIC director, preferably an intelligence professional, should be appointed by the DNI and report exclusively through him to the White House where CTIIC’s assessments and expertise would inform, but not supplant, interagency policy deliberations. The president’s order should direct relevant cabinet officers to support CTIIC by sharing relevant information, detailing expert staff, and helping the center overcome foreseeable technological challenges.

CTIIC’s assessments will be structurally flawed until its analysts can routinely access threat information now available only in the private sector. The DNI should integrate the functions of the National Intelligence Officer for Cyber into CTIIC to enhance its long-range analysis and designate the CTIIC director as the IC’s Mission Manager to ensure the adequacy of collection and other resources devoted to cyber targets.

The choices made while designing and standing up CTIIC should be informed by the many hard lessons learned during the National Counterterrorism Center’s (NCTC) short, but eventful, history. Read more »

Introducing “The Intelligence Studies Essay”

Wednesday, March 4, 2015 at 10:00 AM

We are excited to announce the launch of a new feature here at Lawfare: “The Intelligence Studies Essay,” an occasional series curated by the Intelligence Studies Project at the University of Texas. The Intelligence Studies Project is a research-and-teaching initiative at UT directed by Professor Stephen Slick, and jointly sponsored by UT’s Strauss Center (directed by me) and Clements Center (directed by Will Inboden)).

The Intelligence Studies Essay is, of course, modeled on the wonderful Foreign Policy Essay series that Dan Byman has curated so successfully here at Lawfare. Like the Foreign Policy Essay, the Intelligence Studies Essay will vary widely in terms of its subjects, style, and authors. Unlike the Foreign Policy Essay, however, we do not plan to run regularly, but instead only as the occasion arises.

Interested authors are welcome to contact us at [email protected], [email protected], and [email protected] (it is best to contact the three of us jointly).

Steptoe Cyberlaw Podcast, Episode #56: An Interview with Siobhan Gorman

Wednesday, March 4, 2015 at 8:30 AM

Our guest for Episode 56 of the Cyberlaw Podcast 56Podcast is Siobhan Gorman, who broke many of the top cybersecurity stories for the Wall Street Journal until she left late last year to join the Brunswick Group, which does crisis communications for private companies.  Siobhan comments on the flood of attribution stories in recent days, including the US government’s almost casual attribution of the Sands Las Vegas cyberattack to Iran and the leaked attribution of the Saudi Aramco and US bank attacks to the same nation.  She also compares private sector cyber crisis planning to the US government’s coordination (or lack thereof) in responding to the Sony attack.

In other news, Stephanie Roy and I take a deep and slightly off-center dive into the FCC’s net neutrality ruling.  I predict that within five years the FCC will have used its new Title II authority to impose cybersecurity requirements on US ISPs.  (And in ten years, I suspect, there will be a debate in the FCC over whether to throttle or disfavor communications services that don’t cooperate with the FBI’s effort to deny perfectly encrypted security to criminals.)  Stephanie demurs.

Michael Vatis and I chew over China’s “overdetermined” (h/t Mickey Kauspolicy of ousting American tech products in favor of Chinese competitors, the prospects of class action plaintiffs in the Komodia/Superfish/Lenovo flap, and NY financial regulator Benjamin Lawsky’s war on the password.

We finally get listener feedback to read on the air, as Michael Samway congratulates Nuala O’Connor for her masterly handling of, well, me.  Those who think they can do a better job of humiliating me will have their work cut out for them, but they’re welcome to try, sending emails to [email protected] and voice mails to +1 202 862 5785.

The First Circuit’s Mandamus Ruling in U.S. v. Tsarnaev

Tuesday, March 3, 2015 at 4:45 PM

A couple of weeks ago I recapped the Tsarnaev mandamus oral argument. And on Friday, the First Circuit panel that heard the arguments—composed of Chief Judge Sandra Lynch, and Judges Juan Torruella and Jeffrey Howard—released a lengthy, 2-1 split opinion denying Tsarnaev’s second bid for a writ of mandamus seeking an order requiring the prosecution to be transferred to another district. A summary of the 2-1 ruling, including Judge Toruella’s blistering dissent, follows below.

The Majority

The majority begins by noting that the bid for a writ of mandamus is denied because the “petitioner has not met the well-established standards for such relief.” It then proceeds to point out that “any high-profile case will receive significant media attention” and that this will result in jurors who possess knowledge about the case. But, as the majority explains, knowledge does not equate to “disqualifying prejudice,” and because of this distinction, the mere fact that most Bostonians have heard about Tsarnaev is not prejudicial.

Other high profile cases have taken place in the community where the underlying events occurred. For instance, the majority cites to the trial of Zacharias Moussaoui in the Eastern District of Virginia, which is but “minutes by car from the Pentagon.” Indeed, as the majority reasons, given the extensive media coverage in Tsarnaev’s case, there is no jurisdiction in the country that would not have been saturated with news stories. To buttress this point, the majority notes that in the defense’s preferred venue of Washington D.C., 96.5% of survey respondents have heard of the bombings. (It’s perhaps interesting to observe how the majority uses this survey result—which only shows that most people in D.C. know who Tsarnaev is—as a way to discredit D.C. as a potentially more ideal venue while at the same time arguing that knowledge does not equal prejudice). Read more »

Live: Herb Lin Testifies Before House Energy and Commerce Committee

Tuesday, March 3, 2015 at 1:45 PM

Today at 2:00 pm, Lawfare’s Herb Lin, along with Richard Bejtlich and Gregory Shannon, will provide testimony before the House Energy and Commerce Committee on “Understanding the Cyber Threat and Implications for the 21st Century Economy.”

Herb’s remarks as prepared are available here.

Today’s Headlines and Commentary

Tuesday, March 3, 2015 at 12:54 PM

Today, Israeli Prime Minister Benjamin Netanyahu delivered a speech before a joint session of Congress on a potential U.S. nuclear treaty with Iran. During the address, he declared, “This is a bad deal – a very bad deal. We’re better off without it.” NPR shares further analysis of Netanyahu’s speech.

Partisan drama has surrounded the event, organized by Speaker of the House John Boehner (R-OH), because Netanyahu accepted the Speaker’s invitation without coordinating with the Obama administration. Yesterday, Netanyahu attempted to tamp down concerns about his address before Congress during a speech at the American Israel Public Affairs Committee (AIPAC). He noted that he intended no “disrespect” to President Obama, but felt he had a “moral obligation” to inform Congress of the perils of a bad nuclear deal. The Washington Post has more on his statements from yesterday.

In advance of Netanyahu’s speech, Reuters interviewed President Obama. He discussed nuclear negotiations with Iran and the potential terms of a P5+1 agreement. He also reaffirmed the “depth of the U.S.-Israeli relationship” and noted that Prime Minister Netanyahu’s speech is not “permanently destructive,” but merely “a distraction from what should be our focus.” Find the transcript of the interview here.

Given the drama surrounding the speech, tickets for the event are extremely popular in Washington. Indeed, according to Senator Chuck Schumer (D-NY), “the tickets are hotter than fresh latkes.” The New York Times shares more.

The Atlantic’s Jeffrey Goldberg answers questions about the speech, the U.S.-Israeli relationship, and a potential nuclear deal with Iran.

In an op-ed in the Post, Dennis Ross, a former special assistant to President Obama, explains the divide between the positions of the U.S. and Israel on Iran. He goes on to articulate ways in which the Obama administration may address Israeli concerns related to monitoring Iranian compliance with any nuclear treaty.

Today, the Iraqi military and Shia militias continue their fight to retake the city of Tikrit. Previous efforts to recapture Saddam Hussein’s hometown have failed, and Iraqi troops “made little headway” today. According to the Associated Press, the battle will likely hinge on the Iraqi forces’ ability to counter bombs detonated by Islamic State militants.

Iran has played in an important role in this most recent attempt at retaking Tikrit. The Wall Street Journal informs us that the Islamic Republic has provided Iraqi forces with “drones, heavy weaponry, and ground forces.” Meanwhile, according to the Daily Beast, the Tikrit offensive has caught the United States “by surprise,” a move that may be in retaliation for the Pentagon’s comments on the planned Mosul offensive that some Iraqi leaders found premature. Indeed, American airstrikes are not part of the operation against Tikrit and it has been weeks since coalition planes bombed ISIS positions in the city.

Some fear the decision to move forward without American support could be a sign of coming sectarian violence as Shiite militias lead the charge in a city symbolic for Sunni resistance. Speaking on the prospect for sectarian conflict in the city, one U.S. defense official said, “If this becomes a sectarian battle…the coalition will come apart.”

During a keynote speech yesterday at the Atlantic Council, Special Presidential Envoy for the Global Coalition to Counter ISIL Gen. John Allen noted that although the Islamic State has ceded territory and proven to be a poor governor, Iraq itself “is not yet ready to hold ground in key areas like Mosul.” After retaking strategic cities, the Iraqi forces must work immediately to rebuild “infrastructure” and “civil government.” Defense One writes, “In other words, the liberation of the city of 1.5 million would expose a humanitarian crisis that the fragile Iraqi government may not yet be ready to manage.”

The U.S. military is reviewing its stockpile of bombs and munitions. After months of airstrikes in Iraq and Syria, American forces seek to “ensure that the weapon supply in the U.S. and overseas is adequate to meet current and future strikes against Islamic State militants.” Defense One reports the story.

According to a report released by the United Nations, this past month’s fighting in eastern Ukraine has killed over 800 people and wounded some 3,400 more. The U.N. also noted that weapons and fighters continue to flow into Donetsk and Luhansk from Russia. The Times reports the story.

U.S. Army Chief of Staff General Ray Odierno has expressed some concerns that recent defense spending cuts in the U.K. could hamstring Britain’s ability to adhere to its commitments “as a vital military ally.” His statements are not the first on the subject. According to the Telegraph, “the [British] Army has been cut by a fifth, the RAF now has just seven combat squadrons, compared with the 30-odd it had in the first Gulf War, and the Navy barely has enough warships to fulfill its international duties.”

During 2014, the Afghan Army lost over 20,000 soldiers as a result of deaths, desertions, and discharges. This sharp decline from 190,000 to 169,000 forces has called into question the country’s ability to defend itself, following the withdrawal of American troops. The Times shares more.

The Times also profiles Afghan women’s shelters, which serve as a defense against honor killings and “are one of the most successful — and provocative — legacies of the Western presence in Afghanistan.”

Yesterday, Yemeni President Abed Rabbo Mansour Hadi proposed the Saudi Arabian capital of Riyadh as a potential venue for peace talks with the Shia Houthi rebels, who have overrun much of northern Yemen and the state’s capital of Sana’a. The AP reports the story.

Yesterday, China released a list of 14 military generals suspected of corruption. The Times shares more.

The Daily Beast profiles a covert CIA operative who is suing the agency and seeking $25 million in damages for what he calls a “smear campaign to tarnish his stellar CIA career, run him out of the agency, and keep him from marrying the woman he loves.”

ICYMI: Yesterday, on Lawfare

Ben informed us that the Foreign Intelligence Surveillance Court (FISC) has approved the extension of the Section 215 bulk telephony metadata program.

Jennifer Daskal and Ben noted the broad intellectual consensus surrounding the parameters of a draft Islamic State AUMF.

Wells highlighted Lawfare’s almost-live coverage of yesterday’s motions hearing in United States v. Al-Nashiri.

Cody shared footage from a talk given by Director of National Intelligence (DNI) James Clapper at the Council of Foreign Relations yesterday.

Amy Zegart compared the DNI’s recently released 2015 Annual Threat Assessment with the one from 2014.

Cody posted video of Special Presidential Envoy for the Global Coalition to Counter ISIL Gen. John Allen’s keynote address at the Atlantic Council.

Email the Roundup Team noteworthy law and security-related articles to include, and follow us on Twitter and Facebook for additional commentary on these issues. Sign up to receive Lawfare in your inbox. Visit our Events Calendar to learn about upcoming national security events, and check out relevant job openings on our Job Board.