Skip to content

Today’s Headlines and Commentary

By and
Thursday, October 30, 2014 at 1:57 PM

As Israeli paper Yediot Achronot noted in a headline yesterday, “Jerusalem continues to burn.” The instability wracking the disputed, holy city reached new heights yesterday with the attempted assassination by a Palestinian of a prominent right-wing Jewish activist, US-born Yehuda Glick. The suspected assailant, 32-year-old Moataz Hejazi, was later killed by Israeli police officers during a shootout at his home. With the stated objective of preventing more internecine violence between Jews and Muslims in the area, the Israeli government announced it was closing the Temple Mount to all visitors, the first time that has happened in more than a decade.

A spokesman for Palestinian Authority President Mahmoud Abbas quoted the leader as saying the closure of the site amounted to a “declaration of war” by the Israeli government against the Palestinian people. Israeli officials, for their part, blamed the latest wave of violence on Abbas, with Israeli Prime Minister Binyamin Netanyahu saying at an emergency cabinet meeting that Abbas had incited extremist elements in Palestinian society:

I said only days ago that we are facing a wave of incitement by radical Islamic elements and by Palestinian Authority head Abu Mazen, who said that the ascent of Jews to the Temple Mount needs to be prevented by every means.

Aropos, the US-Israel relationship has also reached new lows in recent days. The discord deepened after a report published by Jeffrey Goldberg at the Atlantic quoted a senior administration official as calling Netanyahu a vulgar term beginning with “chicken.” Another official also called him a “coward” on Iran’s nuclear program. The New York Times has more.

Reaction was swift across the Israeli political landscape, with left-wing ministers, such as Labor head Isaac Herzog, saying that this comment was just the latest manifestation of Netanyahu’s ineptitude in managing the Israel-US relationship. In contrast, other centrist and rightist ministers supported the Prime Minister. Prominent Economy Minister Naftali Bennett said the slight was an insult not just to Netanyahu, but also to millions of Israelis. The Washington Post has more on the take in Tel Aviv.

Read more »

How the Supreme Court Should Resolve Zivotofsky

Thursday, October 30, 2014 at 8:09 AM

Zivotofsky is an important case because it appears to require the Supreme Court to address the scope of the President’s exclusive foreign relations power vis a vis Congress.  This is a very hard question, rarely addressed by the Court, about which the relevant sources (text, original meaning, historical practice) are, in my view, unclear.  And yet there is a way to avoid that hard question in the case – to avoid the question under Article II, at least – and still rule for the Executive branch.

The issue is the constitutionality of a federal law that requires the Secretary of State to record “Israel” as the place of birth for a citizen born in Jerusalem who requests the designation.  The court below, and the Solicitor General, maintain that this statute intrudes into an exclusive domain of Executive power, and is thus unconstitutional.  But there is a prior constitutional question of great significance that the Solicitor General hints at dimly near the end of his brief (pp. 46-48): Where does Congress get the power under Article I to require the designation “Israel” on a passport?  The Petitioner says in passing that the legislation “falls squarely within Congress’ power to regulate the issuance of passports.”  To which one might ask: What power to regulate the issuance of passports?  Article I, Section 8 says nothing on that topic.  Congress has, to be sure, long authorized the Secretary to issue passports.  It has also enacted laws related to passports in the following contexts (according to Petitioner):

8 U.S.C. § 1365b (biometric entry and exit data system), 8 U.S.C. § 1504 (cancellation of U.S. passports and consular reports of birth), 8 U.S.C. § 1732 (machine-readable, tamper-resistant entry and exit documents), 18 U.S.C. § 1542 (false statement in application and use of passport), 18 U.S.C. § 1543 (forgery or false use of passport), 18 U.S.C. § 1544 (misuse of passport), 22 U.S.C. § 212a (restriction of passports for sex tourism), 22 U.S.C. § 2705 (documentation of citizenship), 22 U.S.C. § 2714 (denial of passports to certain convicted drug traffickers), 22 U.S.C. § 2721 (impermissible basis for denial of passports), and 42 U.S.C. § 652(k) (denial of passports for nonpayment of child support).

All of these laws regulate the travel of U.S. passport holders, and can thus plausibly be seen to fall within Congress’s foreign commerce clause power, which plausibly includes the power to regulate the movement of persons across borders.  But even accepting these flights into the penumbras of the foreign commerce clause, how does the requirement to designate “Israel” (as opposed to Jerusalem) regulate the movement of persons across borders?  I don’t think it does.  The statute has nothing at all to do with the regulation of foreign commerce.  It is, rather, as its title makes plain, about “United States Policy With Respect to Jerusalem as the Capital of Israel” (my emphasis).   Many federal laws properly grounded in Article I – concerning war, foreign commerce, the definition of offenses against the law of nations, and many other topics – can of course affect U.S. foreign policy.  But Congress can enact laws related to foreign policy consistent with the Constitution only if the laws have a proper basis in Article I.  The foreign commerce clause cannot be that basis.

I don’t think the other possible bases for the legislation under Article I fare any better.  The requirement to designate “Israel” on the passport has nothing to do with the power to “establish a uniform rule of naturalization.”  Nor can it be grounded, I think, in the necessary and proper clause.  The reasons why would require more space and time than I now have, but suffice it to say that the statute does not purport to “carry[] into execution” any of Congress’s or the President’s powers.

The beauty of ruling against petitioner on the basis of a lack of congressional power for the statute is that it allows the Court to avoid the super-hard problem of defining the contours of exclusive presidential power based on the vague and uncertain textual materials in Article II.  In other words, the Court can resolve the case, and mark off a narrow presidential power to determine what country should be designated on a passport, without reaching or discussing Article II (at least not discussing it very much), by focusing instead on the more precise terms of Article I.  And for you legal realists out there, this way of resolving the case satisfies two larger imperatives, somewhat in tension, that will certainly be in the back of the minds of many Justices: (1) not wanting to cross swords with the Executive on an important Middle East policy at a very fraught time of Middle East relations; and (2) not wanting to grant the president a large or vague exclusive presidential power related to recognition.  The Court can achieve both of these aims by ruling that Congress lacked power to enact this bald foreign policy legislation under Article I.

(Note: Prior Lawfare analyses of Zivotofsky include Jodie’s preview of the arguments in the merits briefs; Julian Davis Mortenson’s comment on the potential Vesting Clause question in the case; my quick reaction to and Samantha Goldstein’s summary of the 2013 D.C. Circuit opinion on remand; Alan Rozenshtein’s summary of the 2012 Supreme Court opinion holding that Zivotofsky had a justiciable claim;, holding that § 214(d) unconstitutionally infringes upon the President’s recognition power.)

Steptoe Cyberlaw Podcast, Episode #40: An Interview with Bob Litt

Wednesday, October 29, 2014 at 4:23 PM

Our guest this week is Bob Litt, the General Counsel of the Office of the Director of National Intelligence.  Bob has had a distinguished career in government, from his clerkship with Justice Stewart, his time as a prosecutor in the Southern District of New York and at Main Justice, and more than five years in the ODNI job.

This week in NSA:  The latest fad in news coverage of the agency is a hunt for possible conflicts of interest in its leadership.  And it’s having an effect.  Two high-ranking NSA seniors, the CTO and the head of signals intelligence have recently left positions that drew scrutiny for getting too close to private industry.  I ask Bob whether we should be pleased or worried about the trend toward individual converts to Islam carrying out random attacks with whatever weapon comes to hand.  Prudently, he refuses to be drawn into my comparison of Islamists to the Manson Family.  We debate whether the USA Freedom Act has a chance of passage in the lame duck Congress – and whether it should, focusing among other things on how the act’s FISA civil liberties advocates would function and what ethical rules would govern their day jobs.

And we explore another ODNI project – implementing the President’s directive on protecting the privacy of foreign nationals while gathering intelligence.  Are the nation’s spies really required to wait until a foreign target’s speech goes beyond what the first amendment protects before they collect and analyze the remarks?  Will the requirement for advance justification for collection projects institutionalize risk aversion at NSA?  And can government officials look forward to intelligence reports that read like this: “[SYRIAN NATIONAL 1] asked [IRAQI NATIONAL 1] to kill [US PERSON 1]”?

Our news roundup begins with the sudden press interest in possible conflicts of interest in NSA’s leadership.  The Supreme Court takes another privacy case – one with no obvious federal connection.  Lots of city ordinances require hotels to keep guest registries – and to let the police inspect those registries on demand.  But the 9th circuit recently held en bancthat these laws touch the privacy interests of the hotel owner, not just the guests, and that the laws are unconstitutional if they offer no opportunity for prior judicial review of the police demand.  Just what we need:  another opportunity for the Roberts Court to pad a narrow ruling with a lot of ill-considered dicta about Smith v. Maryland.

Harking back to last week’s interview with Tom Finan about insurance coverage for cyber incidents, we discover that where there’s insurance coverage there are also insurance coverage disputes. The head of Steptoe’s insurance coverage practice explains the P.F. Chang dispute with Travelers Insurance and hints that it’s in the first wave of what could be thirty years of litigation. Not that there’s anything wrong with that.

FBI Director Comey isn’t alone in complaining about Silicon Valley’s reluctance to help law enforcement.  Leslie Caldwell, the new head of the Justice Department’s criminal division, has joined the chorus.

According to the Stored Communications Act, companies like Google may not provide the contents of emails in response to subpoenas.  So what do civil litigants do when they need access to Gmail accounts in, say, divorce cases?  The usual solution is for the court with jurisdiction over the civil suit to order the litigants to “consent” to the disclosure of their email messages.  But is court-ordered consent really consent?  According to a California appeals court, it is. Michael explains.

Whoa!  The FCC really is taking cybersecurity seriously.  It’s proposing $10 million in fines for two carriers who stored hundreds of thousands of “Obamaphone” beneficiaries’ personal data on a server accessible by anyone on the internet.

Confusion over when you need a warrant to get third party information continues to roil the courts.  The Florida Supreme Court raises the bar for cell-site location data.  And the NJ AG plots a counter-attack on a billing record warrant requirement in the Garden State.  Michael suggests a new feature to keep all the litigation straight:  This Week in Smith v. Maryland.

Lawyers with banks for clients have a new reason to upgrade their cybersecurity.  As the banks struggle with increasingly sophisticated intrusions, they’re sharing the pain,demanding that their contractors and suppliers adopt stronger cybersecurity.  Law firms are expressly included, since they’ve been targeted frequently for what inevitably will be called “bank shot” intrusions.

We remind everyone that the Steptoe Cyberlaw Podcast welcomes feedback, either by email ([email protected]) or voicemail ( +1 202 862 5785).

Toward a Different Kind of Transparency

Wednesday, October 29, 2014 at 3:15 PM

Over the last year and a half, the intelligence community has released a significant amount of previously classified material in an effort to be more transparent regarding matters pertaining to foreign intelligence surveillance activities, generally, and the use of the Foreign Intelligence Surveillance Act (FISA) in particular. “Significant” is an understatement; the releases represent a fundamental and possibly irreversible presumption in favor of declassification in the perceived public interest. These releases are part of the overall transparency initiative that is one result of the Snowden disclosures. Given the circumstances, the intelligence community and its lawyers likely assessed that the disclosures were, and will continue to be, necessary in order to rebuild and maintain confidence in the nation’s foreign intelligence surveillance activities.

As more distance develops between the initial Snowden disclosures and the present, though, I wonder whether the public really cares. And I wonder also whether, despite the great interest in these disclosures from certain communities, there isn’t a different path towards transparency that would be more meaningful in the long run from the general public’s perspective.

By way of example: in late June 2014, the intelligence community publicly reported numbers of orders, targets and requests for information under various provisions of FISA and using national security letters. The release provided insight into the intelligence community’s use of legal authorities that have been subject to debate over the previous year, and contained statistics that had not previously been declassified and released to the public. The report revealed, among other things, new public information regarding orders under FISA for content, as well as pen register/trap and trace surveillance and requests for business records. Still unsatisfied, earlier this month Twitter filed suit against the government challenging its assertion of classified information regarding information Twitter wants to include in its own transparency report. Without weighing in on the merits of Twitter’s claims or the government’s position, it seems reasonable to conclude that no matter where the government draws the lines on transparency reporting, some companies will view those lines as arbitrary—an infringement on their abilities to do business, at best, and a suppression of their legal rights, at worst.

So what would be enough? Perhaps, from a policy perspective, it has less to do with statistics and more to do with substance.

In his speech at Brookings last month, Former NCTC Director Matt Olsen took a strong step in this direction by laying out what the intelligence community knows about the terrorism threat that the Islamic State of Iraq and the Levant (ISIL) poses, and providing context for the current situation in Iraq and Syria. Director Olsen cited the 9/11 Commission status report issued in July, which encouraged national security leaders to talk more publicly about the terrorism threat. The report received little attention. The 9/11 Commissioners have been consistent over the past decade since their original 2004 report in warning about public fatigue, as well as a lack of urgency on the government’s part, in continuing efforts to counter the global Islamist terrorism threat. In describing why the President needs to better explain the need for Intelligence Community activities such as surveillance, the July 2014 status report, Today’s Rising Terrorist Threat and the Danger to the United States: Reflections on the Tenth Anniversary of the 9/11 Commission Report, states: “Senior leaders must now make this case to the public. The President must lead the government in an ongoing effort to explain to the American people-in specific terms, not generalities-why these programs are critical to the nation’s security. If the American people hear what we have heard in recent months, about the urgent threat and the ways in which data collection is used to counter it, we believe that they will be supportive.” (Status Report at p.27)

Although the DNI issues a lengthy statement each year on worldwide threats, the document and accompanying congressional hearing rarely make much news. There must be a better way to communicate to the public the value that the 48-plus billion dollar intelligence industry provides to policymakers, and to the nation’s security.

To summarize, what we have seen in the past year and half are perhaps four developing paths towards greater transparency: The first is executive branch declassification as a result of and in response to unauthorized disclosures. (Read: the government’s arm was twisted.) The second is public release, either by the government or by the private sector, as a result of litigation initiated by communications companies. (Read: the government’s arm was twisted.) The third is future declassification as a result of legislation that would direct the executive branch to release more information publicly. (Read: one branch of government will twist another branch’s arm.) The fourth is more nuanced, but could be the most meaningful kind of transparency, and one that can be led by government efforts, not imposed by crisis or outside demands: substantive transparency about what the intelligence community actually knows about national security threats, how the United States interprets this information, and how that interpretation is connected to policy choices. This is probably the hardest to achieve in terms of balancing the need to protect national security information, but may be the most worthwhile area to spend time on. Guiding principles in pursuing this path should be that the information conveyed to the public should be timely (that is, relevant to current world events); accurate (that is, vetted, not crisis driven and requiring retraction or revision a few days later); and meaningful (that is, it usefully contributes to the domestic and international public debate). It is worth thinking more about, at least.

Today’s Headlines and Commentary

Wednesday, October 29, 2014 at 1:59 PM

Yesterday, the Department of Defense announced the first death associated with current U.S. operations in Iraq and Syria. According to Air Force Times, Cpl. Jordan L. “Spears [died]… in the Persian Gulf on Oct. 1 when he jumped from an MV-22B Osprey that nearly crashed shortly after taking off from the flight deck of [an]… amphibious assault ship.” Originally, his death was classified as a non-global war on terror casualty, but has since been reclassified as supporting Operation Inherent Resolve.

On Tuesday, the U.S. conducted four air strikes on Islamic State targets in Syria. Allies participated in an additional nine attacks in Iraq. Reuters details the specific targets hit.

Meanwhile, al-Qaeda is looking to get back together with the Islamic State. According to the Associated Press, al-Qaeda has issued a number of reconciliation appeals, though the Islamic State has yet to respond publicly. “A reunification… would allow al-Qaida to capitalize on the younger group’s ruthless advance across the region [and]…let IS benefit from al-Qaida’s broad, international network.”

The Washington Post analyzes the role of foreign fighters from Tunisia in Islamic State operations.

Meanwhile, Foreign Policy examines the militant group’s recruitment of children.

The Wall Street Journal considers the detente that the U.S. and Iran appear to have reached over the past year as their interests have converged on issues, such as the Islamic State.

Meanwhile, the New York Times reports that crippling sanctions and low global oil prices are taking a serious toll on the Iranian economy.

In the Atlantic, Jeffrey Goldberg examines U.S.-Israeli relations, which have reached an apparent nadir under the Obama and Netanyahu administrations.

As of yesterday, at least 2,207 U.S. military personnel have died in Afghanistan since 2001, reports the AP. informs us that yesterday, the Joint Chiefs of Staff recommended to Defense Secretary Chuck Hagel that military officials “returning from deployments in West Africa to combat the Ebola virus be quarantined for 21 days.”

Read more »

The Supreme Court Should Stay Far Away from the Vesting Clause in Zivitofsky

Wednesday, October 29, 2014 at 11:19 AM

The strange little case of Zivotofsky v. Kerry casts power politics as petty paperwork. But it might be one of the most significant non-terrorism foreign affairs cases in a generation. In the broadest sense, the case is about whether the President can disregard a foreign affairs statute. Framed most narrowly, it’s about whether Menachem Zivotofsky’s passport should read “Israel” or “Jerusalem.” It’s this uncertainty about the eventual decision’s likely breadth that motivates the following comments.

The legal background has been well canvassed by Curt Bradley, Jack Goldsmith, and Robert Reinstein. I won’t rehash it here. This post, instead, makes just one point. Regardless of how the Supreme Court decides Zivotofsky, it should not invoke the Vesting Clause to support its decision.

That clause—the first sentence of Article II of the U.S. Constitution—has the bland ring of a human resources circular: “The executive power shall be vested in a President of the United States of America.” There are a number of competing interpretations of the sentence’s key phrase, “executive power.” But the dominant originalist view appears to be that “executive power” references a well-understood suite of powers that a Founding-era head of state would typically have possessed.

Adherents of this definition understand the phrase “executive power” as a term of art that referred to a specific bundle of substantive powers held by the British King. In the same way that bestowing diplomatic, agency, or trustee powers conveys a specific package of powers and privileges that are useful to a person charged with those functions, it is said that vesting “executive power”—standing alone—conveys a similar bundle of usefully associated authorities. From that starting point, the most dogmatic versions of the theory derive a default rule that the constitutional President possesses the same powers and privileges as the eighteenth-century British King, except where other provisions of the Constitution either limit those powers or assign them to other actors.

Based on my ongoing research, I think the prevailing originalist view is wrong. Not just complicated or debatable, but in fact demonstrably mistaken. Read more »

Folk International Law and the Application of LOAC in Counterterrorism Operations

Wednesday, October 29, 2014 at 8:54 AM

Naz Modirzadeh’s fascinating series of Lawfare posts (herehere, and here) discussing her article, Folk International Law, provides an excellent primer on the potential consequences and confusion that result from amalgamating distinct legal doctrines, regardless of whether such creative tinkering is couched under the rubric of “policy.”

In particular, I think the debate between Modirzadeh and Professor Marty Lederman actually underscores one of her central insights, which is that those who constantly and fervently profess their fealty to international law can actually pose the greatest challenge to the international legal system. It is one thing to criticize leaders (and their lawyers) who appear dismissive of international treaty obligations, quite another to take on a cadre of international lawyers whose intellectual heft and insistence that they are doing more than LOAC requires add an imposing veneer of gravitas to their every pronouncement.

However, I wanted to focus briefly on one aspect of the debate that I think neither side gets exactly right: namely, the principle that the U.S. armed forces comply with LOAC in counterterrorism operations (and for that matter, in all operations). From the perspective of administration lawyers, the Presidential Policy Guidance (PPG) is better than LOAC because it goes “above and beyond” the law’s mandates. According to administration critics, the discussion is rigged from the outset, because the entire notion of a “global NIAC” is a legal fiction and LOAC is not even triggered outside “areas of active hostilities.” While the PPG may indeed exceed LOAC in certain respects, it no doubt falls short of IHRL in others. In the critics’ view, IHRL non-compliance is being made to masquerade as LOAC uber-compliance.

In my opinion, DoD’s adherence to LOAC stands separate and apart from this debate, and should be allowed to remain so. Indeed, DoD’s position that it complies with LOAC principles across the conflict spectrum has been remarkably consistent and predates by decades the post-9/11 geopolitical debates over whether the U.S. is engaged in a GWOT, a transnational NIAC, or something else. Long before these acronyms became part of the political vernacular, the U.S. armed forces were using another term (since discontinued) that nicely encapsulated the emerging trend—“military operations other than war” (MOOTW)—and training to conduct such operations in accordance with LOAC. Read more »

Book Review: Lone Wolf Terrorism: Understanding the Growing Threat by Jeffrey D. Simon

Published by Prometheus Books (2013)
Reviewed by Ashley Green
Wednesday, October 29, 2014 at 1:00 AM

Former Central Intelligence Agency Director Leon Panetta observed in his recent memoir that so-called “lone wolf terrorists”–terrorists who work without group assistance−are a growing threat to the internal security of the United States. It’s an observation that has been echoed by many officials and former officials. Some would respond that the threat of lone wolf terrorism is still very remote in the United States and, in any case, there’s little reason to think it merits a legal or policy response other than to pursue investigations, prosecutions, and trials through the federal courts and the existing substantive framework of criminal law.

As policy, this might be correct; the threat might be adequately addressed without special legal measures and in any case, even when such attacks are politically or religiously motivated, or both, they might well be no easier to predict or address than notoriously difficult to predict non-political, non-religious school or workplace shootings. Whether or not this is so, however, in the wake of the Boston Marathon bombings of April 2013, or the shooting last week in the Canadian parliament building, attention to lone wolf terrorism as a category is increasing.

The increased expert and scholarly attention is a welcome shift regarding a topic that has long been a kind of awkward stepchild to the focus on the leading transnational terrorist groups of concern to the United States particularly—Al Qaeda and the branches of its network as well as new, mostly jihadist groups. Jeffrey D. Simon’s Lone Wolf Terrorism: Understanding the Growing Threat (which appeared in February 2013) is one of the relatively few studies of this type of threat. (Continued)

Readings: Henry Farrell on Critics of Snowden and Greenwald

Tuesday, October 28, 2014 at 8:11 PM

Some time back, Ben noted two stern critiques of Edward Snowden and Glenn Greenwald—one by Sean Wilentz and another by George Packer. The latter reviewed Greenwald’s book, No Place to Hide; ditto Michael Kinsley, in an article Jack mentioned (and disagreed with) here on Lawfare.  

In a piece in the National Interest, Henry Farrell takes on arguments put forth by Wilentz, Packer and Kinsley. His essay opens:

IT IS strange that the Obama administration has so avidly continued many of the national-security policies that the George W. Bush administration endorsed. The White House has sidelined the key recommendations of its own advisers about how to curtail the overreach of the National Security Agency (NSA). It has failed to prosecute those responsible for torture, on the principle that bygones should be bygones, extending a courtesy to high officials that it has notably declined to provide to leakers like Chelsea Manning. The result is a remarkable degree of continuity between the two administrations.

Yet this does not disconcert much of the liberal media elite. Many writers who used to focus on bashing Bush for his transgressions now direct their energies against those who are sounding alarms about the pervasiveness of the national-security state. Others, despite their liberal affectations, have perhaps always been enthusiasts for a strong security state. Over the last fifteen months, the columns and op-ed pages of the New York Times and theWashington Post have bulged with the compressed flatulence of commentators intent on dismissing warnings about encroachments on civil liberties. Indeed, in recent months soi-disant liberal intellectuals such as Sean Wilentz, George Packer and Michael Kinsley have employed the Edward Snowden affair to mount a fresh series of attacks. They claim that Snowden, Glenn Greenwald and those associated with them neither respect democracy nor understand political responsibility.

These claims rest on willful misreading, quote clipping and the systematic evasion of crucial questions. Yet their problems go deeper than sloppy practice and shoddy logic. For one thing, Wilentz, Packer and Kinsley are all veterans of the Clinton-era battles between liberals and the Left. Wilentz in particular poses as a latter-day Arthur Schlesinger, shuttling backwards and forwards between his academic duties and his political fealties. As for Packer, he has championed a muscular liberalism, pugnacious in the fight against moral purists at home and political Islam abroad. And Kinsley, a veteran of the wars over neoliberalism, has always been a contrarian with a talent for repackaging the common wisdom of the establishment as something edgy and counterintuitive.

Each has manacled himself to an intellectual identity forged in decades-old combat with the Left. Each, as a result, is apparently incapable of understanding the actual challenge that Greenwald and Snowden pose to American politics.


Axiom — A Chinese APT

Tuesday, October 28, 2014 at 4:39 PM

And just to prove that we are equal-opportunity victims, I also saw, today, this report from Novetta on “Operation SMN” – a report on a Chinese APT dubbed Axiom.  Here’s a bit of the Executive Summary:

Axiom is responsible for directing highly sophisticated cyber espionage operations against numerous Fortune 500 companies, journalists, environmental groups, pro-democracy groups, software companies, academic institutions, and government agencies worldwide for at least the last six years. In our coordinated effort, we performed the first ever-private sponsored interdiction against a sophisticated state sponsored advanced threat group. Our efforts detected and cleaned 43,000 separate installations of Axiom tools, including 180 of their top tier implants.


Novetta has moderate to high confidence that the organization-tasking Axiom is a part of Chinese Intelligence Apparatus. This belief has been partially confirmed by a recent FBI flash released to Infragard stating the actors are affiliated with the Chinese government.

America is lucky, I think, to have such friends ….

Russian APT28

Tuesday, October 28, 2014 at 11:58 AM

We tend to focus our attention on Chinese APT cyber threats for good reason — they tend to be more overt and focus on American business interests.  But we should not lose sight of the fact that Russian cyber skills are just as good (perhaps even better) than Chinese ones. And now, FireEye has reminded of of this fact with their new report on a Russian operation they dub APT28.  From the Executive Summary:

The activity that we profile in this paper appears to be the work of a skilled team of developers and operators collecting intelligence on defense and geopolitical issues – intelligence that would only be useful to a government. We believe that this is an advanced persistent threat (APT) group engaged in espionage against political and military targets including the country of Georgia, Eastern European governments and militaries, and European security organizations since at least 2007. They compile malware samples with Russian language settings during working hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.
While we don’t have pictures of a building, personas to reveal, or a government agency to name, what we do have is evidence of long-standing, focused operations that indicate a government sponsor – specifically, a government based in Moscow.

Today’s Headlines and Commentary

Tuesday, October 28, 2014 at 9:43 AM

A new set of monitoring guidelines for people arriving to the United States from West Africa has been put in place by the federal government. The New York Times reports on new measures that are supposed to prevent Ebola from entering into the United States.  Meanwhile, the Wall Street Journal further explains the new Center for Disease Control guidelines, highlighting that they do not require mandatory quarantines for travelers exposed to the disease.

That last part has been controversial.  Shortly after the guidelines were announced, the governors of both New York and New Jersey lambasted the move, saying it didn’t do enough to help people of those states. The Times tells us that Governors Andrew Cuomo and Chris Christie are particularly unnerved by the rejection of mandatory quarantines. Elsewhere, and regarding the Ebloa situation in Liberia, the Times’ Sherri Fink asks: “What level of care is possible for a disease with no cure being treated in wooden huts in the middle of a forest?”

On to Syria matters.  Al-Qaeda affiliates have attacked the government-controlled Syrian city of Idlib. The BBC reports that militants of the Nusra Front killed dozens of government soldiers before finally retreating. As of this writing, the city, located in the North-West of the country, near the Turkish border, is still under the government’s control.

CNN reports that ISIS has released a video, in which one of the organization’s hostages, John Cantile, a British citizen, declares that ISIS has control over the Syrian city of Kobani.  The Times has more on Cantile, and on the movement of Iraqi Peshmerga fighters‘ towards Kobani so as to assist fellow Kurds in battling ISIS.

The Daily Beast profiles Abu Omar al-Shishani, one of the leaders of ISIS. There’s a wrinkle; the article suggests that one of the world’s most wanted terrorists might in fact be a “figurehead for his older brother, the mastermind behind the Chechen operatives running ISIS offensives in Syria and Iraq.”

The Times explains that there are worries in Lebanon that the continued violence in bordering Syria is spilling over the boarder. And apropos, it seems Hezbollah is under increasing strain, and these days faces attacks by both Al Nusra and ISIS.

Also in the Times: report on violence in Kabul, Afghanistan’s capital city: “Four Taliban insurgents dressed in police uniforms stormed government offices in the northern provincial capital of Kunduz on Monday, killing eight people and wounding 10 others amid a sustained offensive that has put residents and the security forces under siege.”

In response to yesterday’s news that American-led coalition troops have handed over responsibility for protecting Helmund province in Afghanistan, Al Jazeera hosted a panel discussion with internationally security scholars, tackling the question, “Can the War on Terror ever be won?

On that very question, Americans are skeptical. The BBC reports that fewer than half of American respondents to a recent poll indicated that the intervention in Afghanistan, specifically, was worthwhile.

According to the Times, there’s been an international uproar over the execution of an Iranian woman, who was convicted of murder after killing a man she said tried to rape her. The Iranian government executed 26-year-old Reyhaneh Jabbari on Saturday. Leading up to Saturday and since, international human rights organizations, as well as the United Nations, have strongly criticized the Iranian government.

One critic of the execution is Ahmed Shaheed, the United Nations special investigator on Iran. Shaheed spoke with the AP yesterday, on his reaction to Jabbari’s execution, as well as his recent banning from the country.

Boko Haram has captured “dozens” more Nigerian schoolgirls, according to the AP. The move casts doubt on the effectiveness of the cease-fire that had been brokered between the Nigerian government and the radical Islamist group.

The BBC reveals a controversial U.S. Intelligence practice from the Cold War era: U.S. intelligence agencies used 1,000 Nazis as Cold War spies, and then proceeded to cover it up. The Washington Post also covers the chilling story:

It involved deal-making and moral absolution in which almost anything — even war crimes — could be ignored to check the rising threat of the Soviet Union. Along with other programs, such as Operation Paperclip, which enlisted the help of Nazi scientists, the use of ex-Nazis as spies illustrates a postwar government’s willingness to neglect the demands of justice to satisfy the needs of security.

New revelations about a really old bulk metadata program: from the Times, we learn that the U.S. Postal Service “approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations.”

Edward Snowden sat down with the Nation for a lengthy interview in which he summed up most of his views on American intelligence practices, and defended his actions that were meant to expose wrongdoing on the part of the US government. In his interview, while he explained that he though the revelation of intelligence practices was “important,” more important was the revelation that “the director of national intelligence [James Clapper] gave a false statement to Congress under oath, which is a felony.”

Two South Korean intelligence officers were convicted of “fabricating Chinese government documents to build a spy case against a refugee from North Korea.”  The Times has more on the embarrassment to South Korea’s intelligence service.

Lastly, a former Chinese general has confessed to taking “enormous bribes in return for giving promotions and favors,” per the Times.  

Email the Roundup Team noteworthy law and security-related articles to include, and follow us onTwitter and Facebook for additional commentary on these issues. Sign up to receive Lawfare in your inbox. Visit our Events Calendar to learn about upcoming national security events, and check out relevant job openings on our Job Board.



A Follow Up on the Postal Service Metadata Program

Tuesday, October 28, 2014 at 9:40 AM

This morning, I posted some thoughts on a story in the New York Times about so-called “mail covers” by the Postal Service and their relationship to the NSA’s bulk metadata program. It turns out that I rather understated the matter.

The reason is that mail covers are actually only one of the Postal Service’s programs that collect snail mail metadata. The other one—according to a different New York Times story from last year—is apparently a very close analogue to the NSA’s metadata program. As the Times describes it, under the so-called “Mail Isolation Control and Tracking program,” the Postal Service’s “computers photograph the exterior of every piece of paper mail that is processed in the United States—about 160 billion pieces last year. It is not known how long the government saves the images” (emphasis added):

The Mail Isolation Control and Tracking program was created after the anthrax attacks in late 2001 that killed five people, including two postal workers. Highly secret, it seeped into public view last month when the F.B.I. cited it in its investigation of ricin-laced letters sent to President Obama and Mayor Michael R. Bloomberg. It enables the Postal Service to retrace the path of mail at the request of law enforcement. No one disputes that it is sweeping.

“In the past, mail covers were used when you had a reason to suspect someone of a crime,” said Mark D. Rasch, who started a computer crimes unit in the fraud section of the criminal division of the Justice Department and worked on several fraud cases using mail covers. “Now it seems to be, ‘Let’s record everyone’s mail so in the future we might go back and see who you were communicating with.’ Essentially you’ve added mail covers on millions of Americans.”

This story kind of proves that my instinct in the previous post was right. The Postal Service is doing something very similar to what the NSA is doing. The activity was reported publicly around the same time. It has significantly less political, legal, internal controls; it has less transparency these days. Yet unlike the NSA program, which generated feverish attention, Postal Service monitoring of snail mail metadata did not. I suspect it won’t this time either.

Will Anyone Care About the Postal Service’s Metadata Program

Tuesday, October 28, 2014 at 8:38 AM

I’m very interested to watch how the political system responds to this New York Times story about the U.S. Postal’s Service very old, sort-of-bulk metadata program. The Times reports:

In a rare public accounting of its mass surveillance program, the United States Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations.

The story goes on to clarify that this is not 50,000 requests to open people’s mail. These are what are called “mail covers”—which is basically an ongoing accounting of what is on the outside of the envelopes going to someone’s mailbox. It is, in other words, a metadata program. As the Times describes it:

At the request of state or federal law enforcement agencies or the Postal Inspection Service, postal workers record names, return addresses and any other information from the outside of letters and packages before they are delivered to a person’s home.

Law enforcement officials say this deceptively old-fashioned method of collecting data provides a wealth of information about the businesses and associates of their targets, and can lead to bank and property records and even accomplices. (Opening the mail requires a warrant.)

It’s a metadata program that has a few big differences from the NSA’s highly controversial bulk telephony metadata program—and these differences that don’t all cut the same direction.

First off, the program is old, very old. Mail covers have been going on since the 19th Century. This has no legal significance but it may be optically significant.

Second, mail covers are done on the basis of individual suspicion; while the numbers are big, the Postal Service is not seeking to acquire all metadata on everyone, the way NSA is. It only collects when (as the regulation specifies): Read more »

Bits and Bytes

Monday, October 27, 2014 at 5:02 PM

Two cyber related items today:

The FCC is now in the cybersecurity business.  It’s $10M fine is the first of its kind to be levied against a telecom that, allegedly, stored personal information with inadequate firewalls, encryption and password protection.  We now face the exciting prospect of regulatory competition — the FCC will regulate cybersecurity and so will the FTC.  Throw in DHS for good measure and we can readily foresee a race to determine who can be toughest.  Watch out world.

Meanwhile, the annual ABA Review of National Security Law is just around the corner (early bird registration is still open).  For those interested in cybersecurity there is a particularly good panel Friday November 7 from 330-5 PM entitled “Cybersecurity — Will We Ever Be Secure?”  The rest of the conference is pretty good too ….

Feds Identify Suspected “Second Leaker”

Monday, October 27, 2014 at 3:51 PM

That’s the headline from Michael Iskikoff at Yahoo! News reporting that the FBI has identified the suspected so-called “second leaker.”

The story begins:

The FBI has identified an employee of a federal contracting firm suspected of being the so-called second leaker who turned over sensitive documents about the U.S. government’s terrorist watch list to a journalist closely associated with ex-NSA contractor Edward Snowden, according to law enforcement and intelligence sources who have been briefed on the case.

The FBI recently executed a search of the suspect’s home, and federal prosecutors in Northern Virginia have opened up a criminal investigation into the matter, the sources said.

But the case has also generated concerns among some within the U.S. intelligence community that top Justice Department officials — stung by criticism that they have been overzealous in pursuing leak cases — may now be more reluctant to bring criminal charges involving unauthorized disclosures to the news media, the sources said. One source, who asked not to be identified because of the sensitivity of the matter, said there was concern “there is no longer an appetite at Justice for these cases.”

Marc Raimondi, a spokesman for the Justice Department, declined to comment on the investigation into the watch-list leak, citing department rules involving pending cases.

As for the department’s overall commitment to pursue leak cases, he added: “We’re certainly going to follow the evidence wherever it leads us and take appropriate action.”

Today’s Headlines and Commentary

By and
Monday, October 27, 2014 at 1:46 PM

While the US midterm elections are still a week away, democratic contests elsewhere in the world are ongoing or have just concluded. In Brazil, the BBC reports that incumbent president Dilma Rousseff narrowly won re-election today in what was a fraught contest between her and a centrist challenger, Aecio Neves. President Rousseff, who won with 51.6% of the vote to Neves’ 48.4%, promised that she would be a “‘much better president’” than she has been so far. Over the past year, her regime has confronted mass protests and sagging approval ratings due to allegations of corruption and poor services. Still, she, as well as her Workers’ Party, remains “popular with poor Brazilians thanks to her government’s welfare programs.” Reuters has more on her legacy up until now and the economic challenges Brazil faces moving forward.

In Ukraine, pro-Western parties appear to have won handily in Sunday’s parliamentary elections. Both President Petro Poroshenko’s bloc and the party of Prime Minister Arseniy Yatseniuk each appear to have won approximately 21% of the vote. The two are reportedly holding coalition talks today. The BBC reports that the full party-list results are expected later tonight, and will cover “only 225 of the 450 seats.” President Poroshenko was ebullient as the results began to come in, saying at a news conference that “‘more than three-quarters of voters who took part in the polls gave strong and irreversible backing to Ukraine’s path to Europe.’” Still, the country remains divided; there was no voting in the eastern areas of the country currently dominated by pro-Russian separatist forces. As a result, the parliamentary seats for Donetsk, Luhansk and Crimean regions remain vacant.

Finally, in Tunisia, the secular Nidaa Tounes party defeated the Islamist party Ennahda, its main rival, and won the largest number of seats in that country’s parliamentary contest. According to the New York Times, the latest results show that Nidaa Tounes has 38% of the vote, translating to 83 seats, compared to Ennahda’s 31% of the vote and 68 seats. Officials say provisional turnout reached 62%, demonstrating “Tunisians’ support for democracy.” The Guardian reports that Ennahda has conceded.

In the flashpoint city of Kobani, the Syrian Observatory for Human Rights said that Kurdish fighters repulsed an ISIS attempt to seize a key border post in the city. Over the past 40 days, the militant Islamists from ISIS have been “pressing their assault” on the town despite US airstrikes and fierce Kurdish resistance. The Guardian quotes the monitoring group as stating over 815 people have been killed in the month-odd fighting, “more than half of them ISIS fighters.”

Read more »

“Warm and Fuzzy with the North Koreans”

Monday, October 27, 2014 at 8:29 AM

The other day, I posted this video of the North Korean Ambassador to the United Nations giving a talk at the Council on Foreign Relations:

The question of whether or not a think tank like CFR should host the worst people in the world—among whom the leaders of the North Korean state surely rank—is tricky one. As much as it galls me for CFR to give over its very respectable stage to a spokesman for the world’s long-running mass murder operation, there’s a lot to be said for a foreign policy organization’s willingness to hear out, ventilate, and challenge the views of our foreign policy adversaries.

There is no excuse, however, for the tone and substance of this event, which was hosted by former U.S. ambassador to South Korea Donald P. Gregg.

Even before Gregg introduced his guest, he set exactly the wrong tone by creepily describing himself as “warm and fuzzy” with the North Koreans:

just to make things a little different, I have something I’m going to pass around. I definitely want it back, because it’s one my precious possessions. It’s a copy of a leaflet dropped by North Korea when I was ambassador in 1991. I checked this out with Ambassador Jang; it’s OK with him. And this was on a golf course out in Seoul. And for those of you who don’t read, Korean, you’ll see me sitting regally in a chair with Roh Tae Woo bending over me, and we’re discussing how to assassinate Kim Young-sam, who was the upcoming president of South Korea.

So that was how I was perceived by the North Koreans. I pass this around, because I think that some people feel, well, this guy, Gregg, is sort of warm and fuzzy with the North Koreans. And that is not—that is not—we may be now, but we certainly weren’t there. So, anyway, please enjoy it. Thank you.

Gregg then introduces Ambassador Jang Il Hun: “Ambassador Jang and I have become good friends in the time he has been here.” We may be warm and fuzzy now? Good friends? Let’s just say this is not the note on which I would have started an event with a representative of a government with more than 100,000 people in labor camps.

And then (drum roll, please) the first tough question to our good friend, with whom we are now “warm and fuzzy”: “how would you respond to Mr. Kirby’s statement that, under Kim Jong-un, there has been an improvement in the human rights situation in North Korea?”

The reference here is to Michael Kirby, the Australian head of a U.N. commission for human right in North Korea. His report, for the record, is not really about “improvement” in North Korean human rights. Here’s Kirby’s central finding (p. 6):

The commission finds that systematic, widespread and gross human rights violations have been and are being committed by the Democratic People’s Republic of Korea. In many instances, the violations found entailed crimes against humanity based on State policies. The main perpetrators are officials of the State Security Department, the Ministry of People’s Security, the Korean People’s Army, the Office of the Public Prosecutor, the judiciary and the Workers’ Party of Korea, who are acting under the effective control of the central organs of the Workers’ Party of Korea, the National Defence Commission and the Supreme Leader of the Democratic People’s Republic of Korea.

It gets worse. Gregg goes on to read approvingly from a DPRK report on human rights in the country and then ask: “have the countries of China, Russia, Japan or South Korea ever raised with you the issue of human rights problems in your country?” Answer: Japan and South Korea do but Russia and China don’t. Gregg then goes on to ask: “Three Americans are held in your country. And are any of them connected with human rights issues?” Answer: “No. Definitely not.”

It goes on and on and on. There are, to be sure, some excellent questions from the floor, particularly from the New York Times‘s David Sanger, who pushed the ambassador on the execution of Kim Jong-Un’s uncle, and from a representative of Human Rights Watch.

But one scours the transcript in vain for any sign of skepticism, much less moral outrage, from the organization or the moderator. One gets, instead, simpering solicitude. At the transcript’s end, Gregg congratulates his guest:

GREGG: Thank you very much for coming. I think what you have seen today is a panoply of reactions. There are things I knew, in some cases, there was nothing you could say that would satisfy some of the questions. But it’s the start of a process. And I think that the fact that the process has begun by your coming is very constructive.

So thank you very much. And thank you for the audience. And the class is dismissed.


GREGG: Well done.

My word to CFR: Not well done.

UPDATE: Here are the tweets sent from the account @CFR_org on the event:

Susan Rice Did Not Consult DOD When She Urged Repeal of 2002 AUMF That DOD (Correctly) Thought Was “Still Needed”

Monday, October 27, 2014 at 8:18 AM

Michael Hirsh has a piece at Politico on the disorganized, uncoordinated crafting and implementation of the administration’s strategy to defeat the Islamic State.  Of particular interest to Lawfare readers is the news that National Security Advisor Susan Rice failed to consult with DOD when she wrote a letter to Congress last summer asking for the repeal of the 2002 AUMF.  DOD was surprised by the letter, Hirsh says, because (according to a senior defense official) DOD tought at the time that the 2002 authorities “were still needed.”  Here is the relevant passage:

The office of Defense Secretary Chuck Hagel was taken by surprise as well last July, when national security adviser Susan Rice sent a letter to House Speaker John Boehner requesting a withdrawal of the Authorization for the Use of Military Force (AUMF) passed in 2002 to enable U.S. military action in Iraq. This letter came after Mosul, a key northern Iraqi city, had already fallen to ISIL and the scale of the threat was becoming clear. The letter was never acted on, and in fact the AUMF that Rice wanted withdrawn is now part of the very authority the administration says it is operating under, along with the 2001 AUMF against al Qaeda. The Pentagon was not given a heads-up about that letter either, according to multiple sources. “We didn’t know it was going over there, and there were significant concerns about it,” said the senior defense official. “We had these authorities to go into Iraq under the 2002 AUMF, which is what she wanted repealed. We believed the authorities were still needed.”

Of course we now know that DOD was right, since the administration is now relying on the 2002 AUMF in its uses of force against the Islamic State.

Hirsh closes his piece by noting the 2002 AUMF episode, combined with the White House’s failure to consult DOD on the timing and details of draft legislation on arming the Syrian rebels, constitute “new evidence of a criticism that has dogged this administration for most of its six [sic] and a half years: that Barack Obama’s White House is so insular and tightly controlled it often avoids “outside” consultation—including with its own cabinet secretaries and agencies.”  Hirsh concludes, harshly:

That’s especially true when the issue is one of this president’s least favorite things: opening up new hostilities in foreign lands. To his critics—and I spoke with several for this article inside Obama’s administration as well as recent veterans of it—it’s all a reflection of the slapdash way a president so vested in “ending wars” has embraced his new one.

A Bit More On the Debate About the Extraterritorial Scope of the Torture Convention’s Provisions on Cruelty

Monday, October 27, 2014 at 7:45 AM

In his piece on Nobel Peace Prize Laureates pressuring the President to disclose information about torture, Charlie Savage explains why some officials in the administration oppose the broad extraterritorial expansion of Article 16 of the CAT:

The officials opposed to accepting the cruelty provision as applying abroad insist they do not want to resume abusive interrogations, which are barred by the 2005 statute anyway, but worry that accepting the treaty provision as applying abroad could have unintended consequences on other operations, such as by suggesting that other treaties with similar jurisdictional language also apply everywhere.

I unpacked this reasoning, and other possible reasons for the opposition, in this post.