Skip to content

Today’s Headlines and Commentary

Thursday, May 21, 2015 at 12:41 PM

ISIS militants have seized control of the Syrian city of Palmyra, as well as the world renowned archaeological site located on the outskirts of the city. The Associated Press writes that Syrian government forces reportedly crumbled during the ISIS assault, fleeing the area and leaving the militants in control of another key city just days after ISIS militants in Iraq captured Ramadi. The capture of Palmyra — which gives ISIS control of more than half of all Syrian territory — represents a strategic victory for the group: located along key roads and supply routes, Al Jazeera notes that it opens a path for ISIS forces to advance on other government-held regions of Syria.

Elsewhere in Syria, U.S.-led coalition airstrikes have reportedly killed 14 militants from the al Nusra Front, al Qaeda’s Syrian branch. The Long War Journal writes that, according to the terrorist group, the strike targeted the group’s headquarters in Idlib province, though local activists reported that the airstrikes hit Nusrah Front positions near Aleppo.

Across the border in Iraq, security forces recently driven out of Ramadi held off a third push by ISIS militants east of the city. Reuters reports that the militants are trying to solidify their recent gains by advancing on a military base east of Ramadi where Iraqi troops and Shiite militias are gathered. The Habbaniya base, which sits between Ramadi and ISIS-held Fallujah, is one of the last government-held areas in the largely Sunni Anbar province.

The Wall Street Journal notes that the fall of Ramadi has focused attention on Anbar province and away from Mosul, the northern Iraqi city that the Obama administration had hoped would soon be retaken from ISIS. One U.S. official noted that “Everybody is focused like a laser on Anbar right now.” That focus appears to be manifesting in plans to accelerate train and equip programs for Sunni tribesmen and, the Times reports, to expedite shipment of 1,000 antitank rockets to the Iraqi military. The weapons will reportedly help security forces counter ISIS’s devastatingly effective use of massive suicide car bombs.

Read more »

ICANN CEO To End Tenure

Thursday, May 21, 2015 at 11:54 AM

Fadi Chehade, the CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), has announced his intention to step down, effective March 2016.  The United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted by ICANN under contract to the Department of Commerce.  Current plans are for Commerce to end the contract in September 2015, and let ICANN manage the IANA function on its own, though the most recent timeline I’ve seen suggests that the transition won’t occur until later in 2015 or early 2016. It is essential that the transition occur in a way that fosters enhanced accountability and transparency at ICANN.   Though I’m happy to take Chehade at his word, it is at least a little puzzling that the CEO would step down at a time of such internal transitional tumult.  At a minimum, it will make the transition harder to accomplish in a timely and non-disruptive manner.

The Privacy Paradox: The Privacy Benefits of Privacy Threats

By and
Thursday, May 21, 2015 at 11:03 AM

Here’s something a little outside the normal Lawfare fare but which Lawfare readers might find interesting: A new paper we have written about all the privacy benefits we receive from technologies we typically think of as privacy eroding. Entitled “The Privacy Paradox: The Privacy Benefits of Privacy Threats,” and published by Brookings, the paper sets forth the basic idea that the American (and European) privacy debates keep score very badly. When confronted with technologies that give us new privacy with one hand and erode privacy with the other, we tend to pocket the gains without thinking about them while worrying endlessly about the erosions. In this paper, we try to imagine a more rigorous balance sheet—one that includes the privacy benefits of things like searching for sensitive information on Google, reading on your Kindle, online shopping, and getting your porn online. It’s not about NSA, but we hope it is a disruptive look at the larger subject of how our society conceives of privacy as a value.

The 1971 Woody Allen film Bananas contains a scene of cringing comedic embarrassment: Allen is at a newspaper store, trying to buy pornography, and doing so in person makes him acutely conscious of being watched and judged. He flips through some magazines, hoping to disguise his purchase amid others. He then stops and nervously scans the store. A older, stern-countenanced woman stands close by. Turning back to the magazines, he narrates aloud as he gathers his selections.

“I’ll get a copy of Time magazine.” He pauses, shoots a quick glance at the older woman. “I’ll take the Commentary and Saturday Review. And uh, let’s see, Newsweek…”

In between the respectable magazines, he sandwiches his porn selections.



Satisfied that he has buried the disreputable within the higher-minded, he walks up to the counter. He’ll take them all, he says, anxious to pay for his selections and leave.

But Allen’s plan falls apart when the cashier rings up his purchases and hollers loudly to a colleague: “Hey Ralph! How much is a copy of Orgasm?” His mortification grows when Ralph doesn’t catch the title the first time, prompting the cashier to shout the question even louder.

Orgasm! This man wants to buy a copy! How much is it?”

This scene may lack the same comic pointedness for younger readers—for whom adolescence did not involve the minor humiliations associated with purchasing pornography in person—as it will for folks, particularly men, above a certain age. But nearly every male, and more than a few women, who went through puberty in the pre-Internet age will smile in memory of some variation of Allen’s humiliation. If you didn’t go to the magazine store yourself to purchase girly magazines yourself, you asked an older brother, cousin, or friend. Or maybe you went to a friend’s house or borrowed something from some kid at school. Pornography then, like alcohol today, was something teenagers wanted to get their hands on but could only obtain by facing another person and effectively confessing vice.

While you could consume it in private, but you couldn’t obtain it in private.

The Bananas portrayal of the embarrassing need to face a person to obtain porn seems quaintly anachronistic these days. The pornography consumer no longer has to face the judgmental old lady while nervously cramming Orgasm between Time and Newsweek at the corner store. Today, adolescents and adults alike simply click open their favored porn website. They can tab it somewhere between Gmail, Facebook, and SparkNotes on their browsers for easy switching purposes. Or if they fear detection, Google Chrome conveniently provides a helpful “Incognito Mode” that does not store browsing history. Teenagers have access to all of this material without ever setting foot outside their bedrooms.

They have something one might call “privacy.”

And so do we all. We have it not just—or even principally—with respect to erotic material, but with respect to all sorts of other content as well: medical information, politically sensitive publications and purchases, and secret communications. And we have it because of a series of technologies that are the subject of endless anxiety among commentators, scholars, journalists, and activists concerned about—ironically enough—protecting privacy in the digital age.

Something is not right here.

In this paper, we want to advance a simple thesis that will be far more controversial than it should be: the American and international debates over privacy keep score very badly and in a fashion gravely biased towards overstating the negative privacy impacts of new technologies relative to their privacy benefits.

Many new technologies whose privacy impacts we fear as a society actually bring great privacy boons to users, as well as significant costs. Society tends to pocket these benefits without much thought, while carefully tallying the costs. The result is a ledger in which we worry obsessively about the possibility that users’ internet searches can be tracked, without considering the privacy benefits that accrue to users because of the underlying ability in the first instance to acquire sensitive material without facing another human, without asking permission, and without being judged by the people around us.

Read more »

The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange

Thursday, May 21, 2015 at 10:34 AM

Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically:

The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.

Here’s the academic paper.

One of the problems with patching the vulnerability is that it breaks things:

On the plus side, the vulnerability has largely been patched thanks to consultation with tech companies like Google, and updates are available now or coming soon for Chrome, Firefox and other browsers. The bad news is that the fix rendered many sites unreachable, including the main website at the University of Michigan, which is home to many of the researchers that found the security hole.

This is a common problem with version downgrade attacks; patching them makes you incompatible with anyone who hasn’t patched. And it’s the vulnerability the media is focusing on.

Much more interesting is the other vulnerability that the researchers found:

Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve — the most efficient algorithm for breaking a Diffie-Hellman connection — is dependent only on this prime. After this first step, an attacker can quickly break individual connections.

The researchers believe the NSA has been using this attack:

We carried out this computation against the most common 512-bit prime used for TLS and demonstrate that the Logjam attack can be used to downgrade connections to 80% of TLS servers supporting DHE_EXPORT. We further estimate that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.

Remember James Bamford’s 2012 comment about the NSA’s cryptanalytic capabilities: Read more »

An Interview with FBI Director Jim Comey

Thursday, May 21, 2015 at 6:41 AM

I haven’t watched this yet, but it took place yesterday at Georgetown Law’s Cybersecurity Law Institute. Ben Powell, former general counsel to the DNI, interviews Jim Comey:


Cyberwar, Surveillance and Security MOOC

Thursday, May 21, 2015 at 5:59 AM

The University of Adelaide has a free new MOOC called Cyberwar, Surveillance and Security that is taught by Melissa de Zwart, Dale Stephens, and Rebecca LaForgia.   The web page and registration can be found here. And here is a teaser introduction to the MOOC, which contains brief statements from some of the experts who participate, including Mike Schmitt, Renn Gade, Jonathan Zittrain, Ben Wizner, Bruce Schneier, and yours truly.  It looks like a great introduction to the topic.

PCLOB’s Rachel Brand on Section 215

Wednesday, May 20, 2015 at 7:00 PM

The Privacy and Civil Liberties Oversight Board’s Rachel Brand penned an opinion piece in today’s Christian Science Monitor.  It opens:

The heated debate in Congress about whether to reauthorize Section 215 of the Patriot Act has focused mainly on the National Security Agency’s bulk collection of telephone records ever since details of that program were leaked to the press.

As a member of the Privacy and Civil Liberties Oversight Board, an independent federal oversight agency, I extensively reviewed that program, including still-classified information about how it works. I believe it is critical that whatever Congress decides, this debate should be based on solid facts rather than rhetoric. Many important facts and considerations have, unfortunately, not received sufficient attention.

First, the question before Congress is not whether to reauthorize or prohibit the bulk telephone records program that has garnered so much attention. It is whether to reauthorize Section 215 itself. This authority was enacted after 9/11 to remedy the problem that officers conducting foreign intelligence investigations of international terrorism and espionage did not have a basic investigative tool available even in ordinary criminal investigations. The telephone records program conducted by the NSA is only one application of that authority. If Congress allows Section 215 to expire, it will not just eliminate that program; it will do away entirely with an essential investigative tool.




NSA Spying Will Begin Winding Down This Week: Justice Department Memo

Wednesday, May 20, 2015 at 6:11 PM

Dustin Volz of the National Journal has obtained a memo from the Department of Justice circulated among congressional offices today that says the NSA will need to begin taking steps to wind down the bulk telephone metadata collection program authorized under Section 215 of the Patriot Act by Friday, May 22nd.

The memo makes clear that the NSA collection program cannot stop at the flip of a switch, and while the NSA will “attempt to ensure that any shutdown of the program occurs as close in time as possible to the expiration of the authority,” it must also “ensure that it does not engage in any unauthorized collection or use of the metadata.” To do so, the NSA will begin rolling back the program by May 22nd.

You can read the full memo here.


Today’s Headlines and Commentary

Wednesday, May 20, 2015 at 2:57 PM

This morning, the Office of the Director of National Intelligence (ODNI) released a new trove of documents recovered during the May 2011 raid of Osama bin Laden’s compound in Abbottabad, Pakistan. The release contains two sections: 1) a list of non-classified, English-language material found in and around the compound; and 2) a selection of now-declassified documents. The declassified documents consist of 103 new items, including letters, speeches, and updates from al Qaeda leaders and affiliates.

“Bin Laden’s Bookshelf,” as the ODNI terms it, features 39 English language books including America’s Strategic Blunders by Williard Matthias, Confessions of an Economic Hitman by John Perkins, Hegemony or Survival: America’s Quest for Global Dominance by Noam Chomsky, and The Rise and Fall of the Great Powers by Paul Kennedy. The declassified list of documents also contains media articles from prominent American outlets, think tank studies, software and technical manuals, and 75 publicly available U.S. government documents.

The fallout from the collapse of Iraqi security forces defending Ramadi continues to shape headlines, with both the New York Times and the Wall Street Journal carrying feature stories on the failed strategy to train and equip local Sunnis. In the Times, Tim Arango writes that as thousands of Shiite militiamen pour into Anbar Province in an attempt to retake the city, the U.S.-backed Iraqi government initiative to foster local Sunni fighters seems “incidental.”

Carol Lee and Dion Nissenbaum write in the Journal that the Obama administration is set to accelerate the train and equip program. However, it remains unclear exactly what that will mean in practice. It is even less certain those forces can be effective against the next wave of attacks by the Islamic State. Even so, National Security Council spokesman Alistair Baskey told the AFP that “there is no formal strategy review” ongoing.

Some American officials “characterized the fall of Ramadi as an anomaly,” citing the fact that dust storms held off American airstrikes as ISIS forces stormed the city. But, the fall also reveals that recent tactical shifts by ISIS are proving remarkable deadly and effective. The use of “Vehicle Borne Improvised Explosive Devices” in highly coordinated attacks has had a major psychological impact on Iraqi forces, who lack the armor-piercing weapons necessary to counter the explosive-laden cars and trucks. In the Daily Beast, Nancy Youssef reports that according to some U.S. military officials, Ramadi fell in large part because the Iraqi security forces “didn’t want to fight” ISIS, choosing instead to flee.

Yet, Iraqi forces did fight off an overnight attack near the city of Ramadi by ISIS militants. That bit of positive news comes from Reuters this hour.

The failure of Iraqi security forces and local Sunnis means that Iranian-backed Shiite militias will likely be the driving force behind the attempt to retake Ramadi. That turnaround has sparked concerns of sectarian bloodshed. DefenseOne shares the troubling news that, in addition to concerns over sectarian conflict, the militias are also complicating the U.S. role in the war by spreading rumors that the United States is providing arms to ISIS. Already, anti-ISIS forces have fired on a U.S. helicopter in one instance.

More news from the special forces raid over the weekend that left Abu Sayyaf dead: ISIS sources have declared that the raid also killed two other important figures, Abu Taym and Abu Mariam. Taym was believed to oversee oil operations in the area, while Mariam worked on the group’s communications. Convinced that the raid was successful due to an insider mole, the sources also told Reuters that the group plans to tighten recruitment procedures.

ISIS fighters are also closing in on the ancient Syrian city of Palmyra, one of the world’s most significant ancient sites. The group has already destroyed countless precious historical sites and artifacts throughout Syria and Iraq, condemning them as idolatry. And while many of the items have been broken off and sold on the black market to finance their activities, many are worried that the city may simply be destroyed. From a tactical standpoint, however, the advance on Palmyra may be just as significant: as the Times observes, just five days after the fall of Ramadi, the operation proves ISIS remains capable of carrying out “complex operations simultaneously on multiple fronts.”

Elsewhere in Syria, al Nusra Front fighters announced that they had captured the Assad regime’s largest remaining military base, Mastouma, in the province of Idlib. The capture of the base leaves only a few positions in the province in the Assad government’s control.

Saudi airstrikes continue in Yemen today, and Reuters reports that the latest bombing campaign killed at least 15 Houthi rebels. However, in what seems a positive step toward defusing the crisis, U.N. Secretary General Ban Ki-moon announced today that peace talks between the parties will resume in Geneva on May 28th. Iran also agreed to allow international inspections of an aid ship, under escort of two Iranian naval vessels, currently headed towards Yemen. The ship had prompted worries of a larger tussle in the gulf between Iran and Saudi forces who are currently enforcing inspections on all vessels entering Yemeni ports.

A suicide bomb detonated outside of the Justice Ministry in Kabul yesterday afternoon, killing at least five people and wounding dozens more. The Washington Post shares that the Afghan Taliban have claimed responsibility for the attack, calling on its fighters to continue targeting prosecutors and judges.

Jeremy Scahill’s latest piece in the Intercept might be the greatest deterrent for foreign fighters joining terrorist groups we’ve seen yet. In it, he details how al Shabaab’s Somali leadership, in a paranoid hunt to root out spies and to reassert their own local authority, has turned against its foreign fighters, executing several of them while locking many of the rest in underground prisons where they are subjected to long periods of torture.

The USA Freedom Act will get a vote in the Senate this week after all. Yesterday, Senate Majority Leader Mitch McConnell (R-KY) told reporters that he would allow a vote on the legislation; however, the Hill notes that McConnell and other Republican Senators expect that the bill will fail to get the 60 votes necessary to foreclose a filibuster, forcing its proponents to accept a two-month extension of the current Section 215 authorities. Last year, a similar bill came two votes shy of overcoming a GOP-led filibuster. Ben weighed in on the latest Congressional spat this morning, arguing that it would be “totally irresponsible to let a month go by without sending a bill to the President’s desk.”

Yesterday, the Department of Justice announced the indictment of six Chinese nationals on charges of economic espionage and theft of trade secrets “for their roles in a long-running effort to obtain U.S. trade secrets for the benefit of universities and companies controlled by the PRC government.” One suspect, a Chinese professor named Zhang Hao, was arrested on May 16th as he entered the country from the People’s Republic of China. The New York Times notes that the move is “clearly meant to signal to China that the United States would now aim to capture and try those accused of perpetrating what the former head of the National Security Agency, Keith B. Alexander, often called ‘the greatest transfer of wealth in history.’” David Sanger and Nicole Perlroth of the New York Times cover the story; you can find the indictment here.

Senate Armed Service Committee Chair John McCain is once again on the war path, but this time it’s against the Pentagon itself. A provision inserted into the annual National Defense Authorization Act would strip away the authority for acquiring new weapons from Pentagon leaders and instead grant that power to the military branches. The new program, if instituted, would look to streamline the acquisition process, with a goal of fielding new weapons systems in just two to five years, reports Politico. One committee aide told the magazine that “the committee is trying to move this to a more dynamic, commercial-based approach that is competitive.”

According to a new Government Accountability Office report reviewed by the Washington Post, the Army’s drone pilots are under-trained because they are constantly being assigned to other duties, such as “lawn care, janitorial services, and guard duty.” The report also found other constraints, such as a lack of equipment and the failure by commanding officers to offer the kind of training required.

Canadian police have arrested 10 “youths” suspected of wanting to go to Iraq and Syria to join the Islamic State, reports the Associated Press. No charges have been brought forth yet, but the passports of all ten have been confiscated.

Finally, the Telegraph shares news that Italian police have arrested a Moroccan man suspected of participating in the attack on the Bardo National Museum in Tunis, Tunisia that killed 21 tourists in March.

ICYMI: Yesterday, on Lawfare

Stewart Baker shared the latest episode of the Steptoe Cyberlaw Podcast, which features an interview with Dan Geer.

Harley Geiger of the Center for Democracy and Technology (CDT) outlines just how much would a sunset of Section 215 change the surveillance debate.

Finally, Herb Lin offered his comments on Secretary of State John Kerry’s speech yesterday in Korea calling for “an open and secure internet.”

Email the Roundup Team noteworthy law and security-related articles to include, and follow us on Twitter and Facebook for additional commentary on these issues. Sign up to receive Lawfare in your inbox. Visit our Events Calendar to learn about upcoming national security events, and check out relevant job openings on our Job Board.

ODNI Releases Trove of Documents Discovered in Osama bin Laden Raid

Wednesday, May 20, 2015 at 1:02 PM

The Office of the Director of National Intelligence today released a new set of documents recovered during the raid of Osama bin Laden’s compound in Abbottabad, Pakistan in May 2011.

The release contains two sections: 1) a list of non-classified, English-language material found in and around the compound; and 2) a selection of now-declassified documents. The declassified documents consist of 103 new items, including letters, speeches, and updates from al Qaeda leaders and affiliates.

“Bin Laden’s Bookshelf” includes 39 English language books including America’s Strategic Blunders by Williard Matthias, Confessions of an Economic Hitman by John Perkins, Hegemony or Survival: America’s Quest for Global Dominance by Noam Chomskyand The Rise and Fall of the Great Powers by Paul Kennedy. The declassified list of documents also includes media articles from prominent American outlets, think tank studies, software and technical manuals, and 75 publicly available U.S. government documents.


Down to the Wire on the Patriot Act

Wednesday, May 20, 2015 at 11:03 AM

Julian Hattem has a good piece in the Hill on the current state of play in the Senate with respect to expiration of the Patriot Act provisions in less than two weeks:

Sen. Mitch McConnell on Tuesday said he would allow a vote on legislation overhauling the nation’s surveillance programs, which could give him more leverage in the fight over the National Security Agency’s future.

The move means the Senate will vote this week on the USA Freedom Act—but it does not guarantee its passage.

While the bill was overwhelmingly approved in a 338-88 House vote last week and is backed by the White House and Speaker John Boehner (R-Ohio), McConnell (R-Ky.) and Senate Intelligence Committee Chairman Richard Burr (R-N.C.) both oppose it.

So do a number of other hawkish Senate Republicans who argue it would endanger national security by preventing the government from holding metadata collected from phone calls.

McConnell and GOP leaders expect this week’s vote to fail, which could give momentum to the Senate leader’s favored approach: a short-term extension of the Patriot Act provisions that authorize the NSA’s data collection.

. . .

Congress is set to begin a weeklong Memorial Day recess at the end of the week. That means lawmakers would have to pass some kind of NSA legislation by Friday.

Senate backers of the USA Freedom Act have acknowledged they don’t currently have the 60 votes necessary to overcome a filibuster.

“I can’t count to 60 right now,” co-author Sen. Mike Lee (R-Utah) said on C-SPAN’s “Newsmakers” over the weekend.

Last year, a similar version of the USA Freedom Act came two votes shy of overcoming a GOP-led filibuster shortly before Democrats lost control of the Senate. Opposition is likely to be stronger now, with Senate Republicans holding 54 seats.

. . .

Assuming McConnell’s plan does work to perfection, it’s still unclear what the endgame might be.

Burr and Sen. Dianne Feinstein (Calif.), the ranking Democrat on the Senate Intelligence Committee, have said they are working on “backups” in case the USA Freedom Act doesn’t get the votes.

Feinstein’s plan would require phone companies to hold onto the records for a certain period of time, which would satisfy some lawmakers’ concerns but cause privacy advocates to rebel.

Burr’s, meanwhile, is expected to extend the period of time allotted for the switch to a new system. The USA Freedom Act gives the NSA six months to end its bulk phone records program and switch to the new method, but some critics have worried that is not long enough to prove it will work.

Even if it came to that, it’s almost a sure bet that the House wouldn’t act on those plans until after it returned from next week’s recess, meaning the Patriot Act provisions would expire, at least for a short while.

I have my anxieties about the USA Freedom Act, but let’s be clear here: Congress would be totally irresponsible to let the month go by without sending a bill to the President’s desk. I do not begrudge the Senate holdouts their reservations, but brinksmanship has no place in this debate.

Sen. McConnell’s idea of a clean extension was plausible until the Second Circuit ruled, but now it makes little sense. It would merely punt from the legislature to the Supreme Court—the next step in the appellate ladder—the decision as to whether the 215 program is or is not authorized by statute. It would not resolve legal questions. It would merely extend the agony.

McConnell’s idea of a short-term extension is more reasonable. It might, under the right circumstances, give a window in which to resolve differences if the votes to move the USA Freedom Act through the Senate really are not there. On the other hand, if the point is merely a stopgap measure to be followed by another one—and another one after that—then it’s worthless. It’s bad enough to run the budget that way. Under no circumstances should Congress be running national security legislation on the basis of continuing resolutions.

Sen. Burr’s and Sen. Feinstein’s ideas are potentially constructive; I’m particularly attracted to Sen. Feinstein’s idea about some form of data retention requirement for the telephone companies. The lack of this is the biggest weakness in the current version of the bill. But it’s a bit late in the game for major substantive changes to the law. At this point, what Congress needs to do is make a decision: Does it want a compromise bill along the lines of the USA Freedom Act, or does it want the 215 program to disappear in a puff of smoke? I’m skeptical that we can really reopen the package at this stage.

For what it’s worth, my message to the holdout Republicans is this: Let the bill proceed, vote against it, and register your concerns in floor speeches explaining your votes. There are good reasons to be concerned about the USA Freedom Act, which is an imperfect bill from whatever perspective you approach the subject. But letting the current authorities lapse should be unthinkable.

DOJ Announces Indictment of 6 Chinese Nationals for Economic Espionage

Wednesday, May 20, 2015 at 11:02 AM

Yesterday, the Department of Justice announced the indictment of six Chinese nationals on charges of economic espionage and theft of trade secrets “for their roles in a long-running effort to obtain U.S. trade secrets for the benefit of universities and companies controlled by the PRC government.”

One suspect, a Chinese professor named Zhang Hao, was arrested on May 16th as he entered the country from the People’s Republic of China. The New York Times notes that the move is “clearly meant to signal to China that the United States would now aim to capture and try those accused of perpetrating what the former head of the National Security Agency, Keith B. Alexander, often called ‘the greatest transfer of wealth in history.'”

David Sanger and Nicole Perlroth of the New York Times cover the story; you can find the indictment here.

Steptoe Cyberlaw Podcast, Episode #67: An Interview with Dan Geer

Tuesday, May 19, 2015 at 4:30 PM

Our guest for Episode 67 is Dan Geer, a legendary computer security commentator and current CISO for In-Q-Tel. We review Dan’s recommendations for improving computer security, including mandatory reporting of intrusions, liability for proprietary software, striking back at hackers – at least in some ways – and getting the government to purchase and fix vulnerabilities. We agree on the inherent foolishness of the Internet voting movement, but I disagree with Dan on the right to be forgotten, and I predict that net neutrality will lead to the opposite of what he wants – both more regulation of operators and more limits on what the operators are allowed to carry.

As with Bruce Schneier, I accuse Dan of a kindPodcast 67 - 2 of digital Romanticism for advocating improbable personal defenses like using Tor for no reason, having multiple online identities, swapping affinity cards, and paying your therapist under an assumed name. But Dan makes me eat my words.

More from Dan can be found here, here, and here.

In the news roundup, we introduce Alan Cohn, yet another recent alumnus of the DHS Policy office now at Steptoe. We also revive This Week in NSA, pooling our collective inability to predict what the week will hold for the 215 metadata program. We muse about border laptop searches, questioning both DOJ’s choice of battleground and the ability of judges to withstand a PR campaign by the privacy lobby. We cover a FOIA case to find out if the FTC actually has security standards – a case filed by Phil Reitinger and Steptoe. The roundup ends with the plane-hacking case, the FBI’s Stingray guidance, and the first anniversary of the EU’s misbegotten Right to Be Forgotten.

The Cyberlaw Podcast is now open to feedback.  Send your questions, suggestions for interview candidates, or topics to [email protected].  If you’d like to leave a message by phone, contact us at +1 202 862 5785.

Download the sixty-seventh episode (mp3).

Subscribe to the Cyberlaw Podcast here. We are also now on iTunes and Pocket Casts!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

A Sunset of Section 215 Is Increasingly Likely – And May Prompt Overhaul

Tuesday, May 19, 2015 at 3:12 PM

Senator Richard Burr, Chairman of the Senate Select Committee on Intelligence, recently made comments to press suggesting that he believed the sunset for Section 215 of the PATRIOT Act will occur sometime during June 1, 2015, and that this was no big deal. Senator Burr told MSNBC:

Everybody needs to realize that this act expires on June 1st, the House is back in session on June 1st, so it’s not like they’re going to jam us on Thursday, leave town and make us believe that we can’t send them something else. We can.

But a strongly worded joint statement from House Judiciary Chairman Goodlatte and Ranking Member Conyers indicated that even a short sunset would indeed be a big deal: “If the Senate chooses to allow these authorities to expire, they should do so knowing that sunset may be permanent.”

If the Senate passes a short-term extension of Sec. 215 or anything other than the USA FREEDOM Act – which cleared the House in a landslide – the House will have to approve the new package. Yet the sunset of Sec. 215 will actually occur before the House of Representatives is scheduled to vote again. A sunset, even a very short one, may dramatically change the debate on surveillance reform. No longer would members of Congress be voting on the extension or reform of a current law, they would then be forced to vote to re-instate a defunct law that codifies an unpopular and unnecessary surveillance practice.

Sunset is likely if Senate doesn’t pass USA FREEDOM

The law (50 USC 1861 note) states that the Sec. 215 sunset occurs June 1st – so once the clock rolls over from 11:59:59PM on May 31st, Sec. 215 expires and is no longer law. The House is scheduled to return from recess and vote no earlier than 6:30PM on June1st. By the time the House can vote on whatever the Senate passes, Sec. 215 will have sunset 18.5 hours prior and will have been removed from existing law.

Maybe the House votes to re-instate Sec. 215 on the evening of June 1st, or the next day, or even the following week. Operationally, that scenario probably won’t make a major difference to the intelligence community. As has been noted elsewhere, the government can likely continue to use the pre-sunset Sec. 215 for investigations opened before June 1st, though not for new investigations.

However, Senators may be too dismissive of the political effect of sunset. If Sec. 215 sunsets before the House votes, the House faces a very different choice than merely extending the sunset dates of an existing law. Instead, for the first time since the PATRIOT Act, the House would be voting to change the law, and to put Sec. 215 on the books. It would be akin to a new vote to enact PATRIOT Act authorities – something two-thirds of the House Members have never done. This vote should give many Members reason to pause.

A post-sunset vote would significantly expand surveillance

After 11:59PM on May 31st, Sec. 215 reverts to its pre-PATRIOT state, which is the authority granted under the Foreign Intelligence Surveillance Act of 1978 (as amended). A vote after June 1 would mean Congress is actually expanding the existing law to Sec. 215’s post-PATRIOT state. This would be a significant expansion. Prior to the PATRIOT Act, the government could obtain records from a narrow class of entities (like travel-related companies), and only if they pertain to foreign powers or agents of foreign powers – who were usually not Americans. Post-sunset, Congress would be re-creating the authority for the government to obtain, with minimal requirements for judicial authorization, “any tangible thing” about any person, including Americans, regardless of their connection to a crime or terrorism. Here’s what the difference would look like: Read more »

Today’s Headlines and Commentary

Tuesday, May 19, 2015 at 1:55 PM

Following an American special forces raid on the compound of Islamic State operative Abu Sayyaf, U.S. interrogators, who are part of the High Value Detainee Interrogation Group, have flown to Iraq in order to question Umm Sayyaf, the wife of Abu Sayyaf, who was taken during the operation. Umm Sayyaf was allegedly involved in the workings of the Islamic State and could possibly have played a role in “the enslavement of women in Iraq and Syria.” U.S. interrogators plan to talk to Umm Sayyaf about U.S. hostages held by the militant group. However, according to the Washington Post, officials have yet to determine whether Umm Sayyaf will remain in Iraq or will be brought back to the U.S.

Shia troops are deploying to Ramadi, the capital of Iraq’s Anbar province, which fell to the Islamic State over the weekend. However, the Anbar province represents “Iraq’s Sunni heartland,” and sending Shia forces there could inflame sectarian tensions, reports the Wall Street Journal. Indeed, “the decision to send mostly Shiite irregulars into Sunni-dominated Anbar signals the failings of Iraq’s government and its security forces in fending off Islamic State gains.” The forces are meant to protect Baghdad from the militant group’s forward march and ultimately help retake the provincial capital.

The Associated Press informs us that Iraqi security forces and allied Sunni tribesmen helped stop an Islamic State attack on an Anbar town, just west of Baghdad.

Meanwhile, the Wall Street Journal reports that the Islamic State has established a significant presence in Libya. According to one quoted U.S. military official, “Libya is part of their terror map now.”

The militant group took credit today for a suicide bombing in the Libyan town of Qubbah. One person was killed and seven others were injured when a “car packed with explosives hit a checkpoint” in the eastern part of the town, according to Reuters.

The New York Times details the Islamic State’s financial situation, finding that oil is not the group’s main source of income. Instead, the militant group takes in about a million dollars a day through extortion and taxation. Furthermore, the Islamic State “invests in people, not infrastructure,” while managing to minimize costs “by looting military equipment, appropriating land and infrastructure, and paying relatively low salaries.” Ultimately, the Times concludes that the militant group’s is strong financially.

Reuters reports that after a humanitarian ceasefire in Yemen came to an end Sunday night, Arab coalition jets today resumed bombing targets in the capital, Sana’a. According to the Post, over 1,600 people have died in the conflict so far.

Following a personal intervention by U.S. Secretary of State John Kerry, rebels in eastern Ukraine have freed two American aid workers, who had been held hostage there. According to Bloomberg View, Secretary Kerry appealed to his Russian counterpart Foreign Minister Sergei Lavrov, “asking him to use Moscow’s influence over the Donetsk separatists to secure the release of the two Americans.”

Defense One explains why the Trans-Pacific Partnership (TPP) will actually not improve security in the South China Sea.

A group of technology corporations, including Apple, Google, and Facebook, have sent a letter to President Obama, arguing for the importance of privacy rights and digital security. The main point of the letter is articulated here:

“We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad.”

The Post shares more.

Defense One describes the role drone warfare will play in the upcoming presidential election and offers questions that should be asked of the 2016 candidates.

Defense One also informs us that the Air Force has decreased the number of unmanned combat air patrols it operates from sixty-five to sixty. The reduction comes so that the Air Force can focus on “get[ting] the community and the enterprise healthy for that long-term sustainment that we want to be able to do,” says Col. James McCluff of the 432nd Wing and the 432nd Air Expeditionary Wing.

The Hill reports that the Senate Armed Services Committee’s version of the 2016 defense authorization bill could reach the floor by June. The Post’s Walter Pincus explains why President Obama should make good on his veto threat of the 2016 National Defense Authorization Act.

The Post shares some reflections from retired Gen. Stanley McChrystal on his retirement after a controversial profile of him was published in Rolling Stone.

A federal grand jury has charged six Chinese nationals with economic espionage. The Post reports details.

ICYMI: Yesterday, on Lawfare

Yishai Schwartz updated us on the annual defense authorization bill and its language regarding the military detention facility at Guantanamo Bay.

Ben commented on some statements made in Iowa by potential presidential candidate Senator Lindsey Graham (R-SC) in relation to drone strikes.

Email the Roundup Team noteworthy law and security-related articles to include, and follow us on Twitter and Facebook for additional commentary on these issues. Sign up to receive Lawfare in your inbox. Visit our Events Calendar to learn about upcoming national security events, and check out relevant job openings on our Job Board.

Secretary Of State John Kerry On “An Open and Secure Internet”

Tuesday, May 19, 2015 at 1:38 PM

Secretary of State Kerry just gave a speech in Korea (May 18, 2015) entitled “An Open and Secure Internet: We Must Have Both.”

In this speech, he reiterates the U.S. position that “the basic rules of international law apply in cyberspace. Acts of aggression are not permissible. And countries that are hurt by an attack have a right to respond in ways that are appropriate, proportional, and that minimize harm to innocent parties.”

He goes on to say that the United States also supports a set of additional principles that, “if observed, can contribute substantially to conflict prevention and stability in time of peace. We view these as universal concepts that should be appealing to all responsible states, and they are already gaining traction.” He says:

First, no country should conduct or knowingly support online activity that intentionally damages or impedes the use of another country’s critical infrastructure. Second, no country should seek either to prevent emergency teams from responding to a cybersecurity incident, or allow its own teams to cause harm. Third, no country should conduct or support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information for commercial gain. Fourth, every country should mitigate malicious cyber activity emanating from its soil, and they should do so in a transparent, accountable and cooperative way. And fifth, every country should do what it can to help states that are victimized by a cyberattack.

For this blog post, I’m interested in the first principle: no country should intentionally damage another country’s critical infrastructure through online means.

Several things are striking about Kerry’s articulation of the principle.

1 – It is not limited to activities undertaken in peacetime. That would seem to rule out of cyberattacks on critical infrastructure even during war. Since U.S. military doctrine asserts the right under the Geneva conventions to target war-supporting infrastructure, I have to wonder – has Kerry’s statement narrowed the range of cyberattack options available to the U.S. military during war?

2 – It does not say anything about non-cyber activities that damage another nation’s critical infrastructure. Perhaps that’s not surprising in a speech on cyberspace, but the lack of comment on this point stands out to me.

3 – Is his statement of these principles meant to bind the United States? Is he asserting that we are (or will be in the future) abiding by these principles? His speech is silent on this point.

As for the example that everyone will use to illustrate American hypocrisy – Stuxnet – I reject that claim categorically. There is no sense that the Iranian nuclear enrichment program counts as “critical infrastructure” in the usual meaning of the term as “vital to the functioning of the nation.” (Never mind that under U.S. law, even Sony was considered “critical infrastructure” – another bastardization of the plain English meaning of the term.)

Lindsey Graham’s Iowa Drone Strike Out

Monday, May 18, 2015 at 6:22 PM

It’s a crowded field for Republican presidential candidates, but Lindsey Graham knows how to differentiate himself from the pack: he loves drone strikes more than his competitors.

Speaking the other night at the Iowa Republican Lincoln Dinner, as the Washington Post reports,

Graham made clear he is positioning himself as the most hawkish candidate in the field.

“If I’m president of the United States and you’re thinking about joining al-Qaeda or ISIL [the Islamic State], I’m not gonna call a judge,” Graham said, a reference to Sen. Rand Paul’s earlier remark about how the NSA should call a judge to obtain a warrant before tapping into people’s phone records. “I’m gonna call a drone and we will kill you.”

As Justice Black might say, I like my drone strikes as much as the next man, but I am constrained to admit that Graham’s formulation of presidential authority to use drones is indefensible. Graham fashions himself a serious guy on matters of foreign and defense policy, but this subject warrants more care from a would-be commander in chief than he gave it here.

Here are his remarks in context. To be fair, the comments quoted below follow a string of jokes and may have been worded light-heartedly to fit in with the mood of his comments. Still, to my mind, Graham seems deadly serious here:

I’m thinking about running for President. You get a house, a car, and a plane. It’s a pretty good gig. If I’m president of the United States and you’re thinking about joining al-Qaeda or ISIL—anybody thinking about that?—I am not going to call a judge. I am going to call a drone. And we will kill you.

We’re at war. And I’m tired of treating the war as a crime. You may be tired of fighting the terrorists, but they’re not tired of fighting you. I’ve been to Afghanistan 23 times. I’m going back Memorial Day week for my last tour of duty. I’ve learned a lot. I’ve seen the enemy up close, and I’ve seen people who would live in peace with us if they could. And I’ve got one simple goal: To make sure this war never comes over here again, and that means some of us have to go over there to fight.

Just to be clear:

  • We don’t use drone strikes domestically—not even against Iowa political rallies (however sorely we might be tempted).
  • We don’t use drone strikes against people are merely thinking of joining the enemy. We use drone strikes against people who are meaningfully part of enemy forces.
  • We do call judges before executing warrants domestically, and law enforcement authorities are the only coercive powers the federal government invokes against terrorist suspects within the United States.
  • Terrorism can be both war and crime and, depending on the circumstances, can invoke the law enforcement powers of the president, the commander in chief powers of the president, or both at the same time.

I’ve always liked Lindsey Graham, and I like the fact that—unlike so may politicians—he says what’s on his mind, completely unfiltered by what’s politic for him to say. That said, this kind of talk is not healthy. It communicates wrongly what the rules are, and what authorities the president really has. Graham is a smart guy, but folksy homespun wisdom doesn’t always make for good law.

Today’s Headlines and Commentary

Monday, May 18, 2015 at 1:42 PM

This weekend, American special forces executed a raid against an Islamic State compound in eastern Syria, killing Abu Sayyaf and between 12 and 40 other militants, reports the New York Times. Sayyaf, a mid-level leader in the organization was known as ISIS’s “emir of oil and gas.” During the raid, U.S. forces also captured Sayyaf’s wife, Umm Sayyaf, and freed an 18-year-old Yazidi women who had been held as a slave. According to the Pentagon, the two-dozen Delta Force commandos returned unharmed.

The Times notes that the success of the nighttime raid deep inside Syria “illustrates not only the effectiveness of the Delta Force, but of improving American intelligence on shadowy Islamic State leaders.” According to Secretary of Defense Ashton Carter, the raid dealt a “significant blow” to the organization, as Sayyaf directed the “illicit oil, gas, and financial operations” that raised funds for the group’s march of terror.

However, it seems Abu Sayyaf, who some suggested could easily be replaced, may not have been the most important objective. Instead, officials pointed to the building and the trove of intelligence located inside it. The Times quotes one an anonymous defense official as saying, “the objective was the building,” while the Wall Street Journal reports that the commandos “came away with a treasure trove of materials” that could help explain a great deal about the operations of the terrorist organization, where it gets its financing, and who should be targeted in the future. The documents included laptops, phones, documents, hard drives, DVDs, CDs, and SIM cards.

At the time of writing, it remains unclear what will be done with Umm Sayyaf, who, according to Secretary Carter, is suspected of playing an important role in the group’s activities and “may have been complicit in what appears to have been enslavement.” A senior American official said that the United States would question her, but as she is an Iraqi citizen, it is likely officials there will request custody of her. The Daily Beast reports that she is currently being interrogated by the FBI’s High-Value Detainee Interrogation Team. Over the weekend, Lawfare’s John Bellinger explored some of the domestic and international law questions raised by the raid and Umm Sayyaf’s interrogation and detention.

The Daily Beast also reports that a jittery ISIS imposed a widespread curfew following the raid. According to anti-ISIS Syrian political activists, the raid sparked panic and confusion among ISIS fighters, with one activist tweeting “horror and fear prevails among fighters hours after the storm operation carried out by the international coalition forces.” A senior administration official said that reaction was another goal of the raid, to signal to ISIS fighters that “we will find you, and kill you.”

Even so, as the V-22 Ospreys swooped into Deir Ez Zor in Syria with Delta commandos, ISIS fighters were sweeping up the last of the Iraqi security forces in Ramadi, the important capital of Anbar Province. The success of ISIS fighters in Ramadi gives the group its most significant victory so far this year. According to the New York Times, the last Iraqi forces fled the capital on Sunday, leaving the city completely in the control of the Islamic State. And, as they advanced, ISIS fighters displayed their infamous brutality, seizing the military headquarters along with a large store of weapons, while executing as many as 500 people loyal to the government. The Long War Journal shares unconfirmed reports and photos that suggest Iraqi security forces are in complete disarray and fleeing from Habbaniyah and other areas.

Read more »

The NDAA, and the Latest in Passing the Buck on GTMO-Closure

Monday, May 18, 2015 at 10:02 AM

On Thursday, the Senate Armed Services Committee passed its markup of the annual defense authorization bill by a vote of 22-4. Shortly after the vote, committee chairman Senator John McCain told reporters that “very importantly, this legislation contains a bipartisan compromise on the issue of the detention facility at Guantanamo Bay.” Some news outlets apparently read more into this than they should have. Defense One even ran the rather bold headline “McCain Brokers Compromise That Would Let Obama Close Gitmo.”

Alas, McCain had brokered nothing of the sort. Although the language of the NDAA Guantanamo “compromise” has not yet been published, it’s clear that there’s not much new here. This isn’t a bipartisan breakthrough on Guantanamo closure, but another round in a long game of hot potato. As McCain told the press after the markup, “this legislation would require the president to present a comprehensive plan to the Congress on how they intend to close Guantanamo and all the associated aspects, which would then have to be approved by both houses of congress.” This is an elaborate way of telling the president (again) “tag, you’re it.”

The NDAA language on Guantanamo will apparently offer little even in the way of a general direction. According to a statement released by the Senate Armed Services committee, the legislation “requires a plan from the Secretary of Defense that details a case-by-case determination on the disposition of each detainee at Guantanamo Bay.” Such a plan would need to include “a discussion of the legal challenges of bringing detainees to the United States,” “language limiting the rights and claims that could be asserted by detainees if transferred to the United States,” and “address how the Department will ensure continued detention and intelligence collection from future combatants captured under the laws of war.” In other words, any substantive recommendations are left for the president to put forward. (The “legal challenges” requirement also seems at least somewhat redundant—Congress having already asked, and the Administration having already explained, the key legal issues associated with transferring Guantanamo detainees stateside.)

On Thursday, McCain emphasized that he has supported the closure of Guantanamo for years, telling the press how early on in the Obama administration, the White House legal counsel had visited him and Lindsey Graham to rally support for the base’s closure. According to McCain, he and Graham asked “what’s your plan?” at the time–and have been asking ever since. The “compromise that would let Obama close Gitmo” is really no such thing; it’s just a fancy reformulation of McCain’s same question.


The Week That Will Be

Monday, May 18, 2015 at 12:00 AM

Event Announcements (More details on the Events Calendar)

Tuesday, May 19th at 9 am: The Brookings Institution will host a conference entitled Renewing the Section 123 Nuclear Agreement with China: Implications for U.S.-China Relations.  For a full list of speakers and topics, visit the Brookings web announcement.

Tuesday, May 19th at 10 am: The Senate Committee on Foreign Relations will hold a hearing on The Rising Tide of Extremism in the Middle East. Matthew Levitt and Farah Pandith will testify. More details on the committee’s website.

Wednesday, May 20th at 10 am: The House Foreign Affairs Committee’s Subcommittee on the Middle East and North Africa will hold a hearing examining Egypt Two Years After Morsi. Eric Trager, Samuel Tadros, and Nancy Okail will provide testimony. See more on the committee’s website.

Wednesday, May 20th at 12 pm: At the Atlantic Council, Matt Toaldo and Abdul Rahman al Ageli will participate in a conversation moderated by Karim Mezran on the Crisis in Libya: European and Libyan Views. RSVP.

Thursday, May 21st at 9 am: The House Committee on Homeland Security’s Subcommittee on Counterterrorism and Intelligence will hold a hearing on Admitting Syrian Refugees: The Intelligence Void and the Emerging Homeland Security Threat. Visit the committee’s website for more information.

Thursday, May 21st at 10 am: The Center for Strategic and International Studies will hold an event entitled The Convergence of Marine Science and Geopolitics in the South China Sea. The panel will include James Borton, John McManus, and Kathleen Walsh. Register here.

Thursday, May 21st at 2 pm: At Brookings, Michael O’Hanlon will moderate a conversation with Vanda Felbab-Brown on Counterterrorism and State-building in Somalia: Progress or More of the Same? RSVP.


Employment Announcements (More details on the Job Board)

Analyst in Cybersecurity Policy

ORGANIZATION:                         Library of Congress

SALARY RANGE: $107,325 – 139,523
DEADLINE: June 19, 2015


Job Summary:

The Congressional Research Service (CRS) Government and Finance (G&F) Division is seeking an Analyst in Cybersecurity Policy to conduct analyses that inform congressional deliberations on civilian federal and private-sector cybersecurity policy and legislation. The analyst will apply broad knowledge of policy and technical approaches to examine the efforts of federal entities, the private sector, and public/private partnerships regarding cybersecurity; address the policy impacts of information technology security; and analyze the threats and impacts of cyberattacks, vulnerabilities of information technology, and defense and countermeasures in a legislative policy context.

The analyst will provide objective, expert policy analysis and consultation to congressional committees, Members, and staff, including preparing objective, authoritative, non-partisan, and innovative analytical studies on policy issues of national or international significance; providing personal assistance as a national expert on public policy issues throughout the legislative process, including analyzing and evaluating legislative proposals; and planning and leading multi-disciplinary team research projects and seminars.

CRS works exclusively for the United States Congress, providing policy and legal analysis to committees and Members of both the House and Senate, regardless of party affiliation. As a legislative branch agency within the Library of Congress, CRS has been a valued and respected resource on Capitol Hill for more than a century.

CRS is well known for analysis that is authoritative, confidential, objective, and nonpartisan. Its highest priority is to ensure that Congress has immediate access to the nation’s best thinking on public policy issues of interest to its Members and Committees.


Applicants must also have had progressively responsible experience and training sufficient in scope and quality to furnish them with an acceptable level of the following knowledge, skills, and abilities to perform the duties of the position without more than normal supervision.

How to Apply: 

Apply through the USA Jobs portal here.


Senior Associate General Counsel 

ORGANIZATION:                         Office of the Director of National Intelligence

SALARY RANGE: $126,245 – $158,700
DEADLINE: June 2, 2015


Job Summary:

Provide expert legal advice to the Assistant Director for National Intelligence/Acquisition, Technology & Facilities (ADNI/AT&F), IARPA, and other senior ODNI leaders.

Provide expert legal counsel to support the development, review, and interpretation of IC-wide policies, procedures, guidelines, rules, and standards governing IC Major System Acquisitions, to include Requirements, Performance Management Plans, and Independent Cost Estimates.

Senior attorney for the OGC team that provides advice and counsel on complex legal issues including procurement law, major system acquisitions, intellectual property, fiscal law, and procurement integrity, and provides innovative and highly effective guidance on possible courses of action; and, expertly prepares complex, high profile, and persuasive legal documents on complex legal issues for a variety of internal and external recipients.

Position has the potential for supervisory responsibilities depending on the qualifications of the selected candidate.


Superior multi-disciplinary legal skills and experience dealing with complex legal issues, as well as an expert ability to interpret laws, regulations, judicial decisions, Executive Orders, and statutes involving complex concepts and issues.

Expert-level knowledge of one or more of the general or specialized areas of OGC’s law practice, such as: intelligence oversight, privacy and civil liberties, federal employee ethics, National Security Law, Equal Employment Opportunity law, operations law, acquisition and appropriations, administrative law, and litigation.

Superior research abilities, including the ability to quickly integrate and synthesize the facts and law to make legally sound decisions, and recommendations pertaining to the most complex situations, or in the context of ambiguous or ill-defined situations.

How to Apply: 

Applications should be sent to either [email protected] (classified email system) or [email protected] (unclassified email system). Applicants submitting via JWICS are requested to submit their materials to both [email protected](Candace R. McPherson) and [email protected] (Greta A. Hoyle) in lieu of the group address above. All attachments should be in Microsoft Word or Adobe PDF format.

Applications submitted through the classified email system should NOT contain classified information above the TS//SI/TK//NOFORN level.

To verify receipt of your application package ONLY, you may call (703) 275-3881.


Phone: (703)275-3811
Email: [email protected]

Agency Information:
1234 Business St
Washington, DC 20505