Cybersecurity

The State of the Union on Counterterrorism: Does The Rhetoric Match the Policies?

By Carrie Cordero
Wednesday, January 21, 2015, 4:28 PM

On counterterrorism, the President's speech was a study in mismatches---as was apparent last night in at least two respects.

First: The address began with an odd intermix of statements related, on one hand, to the economy, and on the other hand, to post-9/11 military engagement and the subsequent end of the wars in Afghanistan and Iraq. The President then stated, “The shadow of crisis has passed.”

If only.

In the past month it has become absolutely obvious that, despite success in dismantling so-called “core” al Qaeda and the killing of Bin Laden, the global Islamist threat has undergone a resurgence in the past few years. Leadership vacuums in Iraq, Syria, and Yemen, for example, have allowed next generation al Qaeda outfits such as the Islamic State in Iraq and the Levant (ISIL) and al Qaeda in the Arabian Peninsula (AQAP) to thrive. And the smallest sampling of recent press reports reveals that a new generation of terrorist networks across Europe have emerged; ISIL is, literally, crucifying people; and journalists continue to be targeted and murdered. That, and over 250 girls in Nigeria were kidnapped by Islamist terrorist organization Boko Haram nine months ago, and no one has apparently tried hard enough to find and rescue them.

His characterization of the terrorism threat to one side, what to make of the President’s plans for countering that threat?  Here a second if somewhat different disconnect was in evidence.  On one hand, last night's speech contained the requisite tough talk---a commitment to “hunt[ing] down” and “tak[ing] out” terrorists, as well as dismantling their networks. President Obama likewise mentioned the coalition effort to "stop the advance" of ISIL. But this bold-sounding stuff didn't really link up to the ideas noted in the address, which mostly struck me as more oriented to process than substance.

The President called on Congress formally to authorize the ISIL campaign, for example---despite having quietly concluded, earlier on, that he has the necessary authority already---but he didn't say much about long-term strategy, or operational tactics. The surveillance discussion was along similar lines. Unlike his clear call for Congress to take up cybersecurity legislation, the President notably did not highlight legislative proposals for surveillance reform. He did not, for example, call on Congress to pass the sweeping surveillance reform act that would end the telephone counterterrorism metadata program and add an institutional advocate to litigate national security surveillance before it can be implemented by national security agencies, among other things. Instead the President argued in general terms that America's commitment to civil liberties must be upheld, so as to ensure optimal cooperation from foreign nations and industry; in this regard he noted the executive branch plans to issue a new report next month, on its progress in implementing surveillance reforms throughout the intelligence community.

Such reforms sprung from last year's Presidential Policy Directive (PPD)-28, regarding signals intelligence activities. The directive reinforced some existing principles and practice involving surveillance, but also made significant adjustments too. For example, PPD-28 imposed restrictions on the use of bulk collection, limiting this to certain categories of information. PPD-28 also called for the Intelligence Community to adopt enhanced privacy protections for all persons---regardless of location or nationality.  (This direction in the PPD was intended to calm the outcry particularly from the European Union civil liberties community over NSA surveillance activities. But Europe in January 2015 may be in a very different place than Europe in January 2014. What will Europeans care about more now: whether the U.S. Government limits collection or analysis of information for counterterrorism purposes in the name of protecting their privacy, or whether the U.S. Government passes their governments information fast enough to prevent an attack, or to identify the men and women who comprise a previously unknown terrorist network? )

Putting PPD-28 into action has mostly been a technical project, one only distantly related to our broader objectives in taking on groups like ISIL or Al-Qaeda. Next month's report presumably will build on July's interim Intelligence Community report, on its implementation of process changes called for by PPD-28. The interim report provided overall guidelines for individual agencies to follow, including a preference for targeted collection, where practical; continued limits on the use of bulk collection according to the substantive criteria outlined in PPD-28 itself; and additional guidelines on the development of retention and dissemination policies. Consistent with the DNI’s high-level management function, the interim report only provides general guidelines and defines outer limits; it leaves, to a great extent, the details of implementing procedures to the individual agencies conducting their respective missions. And given how complex these types of procedures can be to develop and implement consistent with agencies various' missions, the interim report suggests that a great deal of time, energy and manpower probably has been devoted over the past year to carrying PPD-28 into effect.

The President began the national security related portion of his address by stating that his approach to these issues is not to make “rash decisions” and to focus on the “broader strategy.” Hopefully the latter, on the counterterrorism front for the next two years, will include a pivot away from process, and towards operations and results.