Cybersecurity
The Real Threat from Kaspersky Security Software
Herb Lin Thu, Oct 12, 2017, 7:30 AM
Latest in NSA
Podcasts
The Lawfare Podcast: Bobby Chesney and Michael Sulmeyer on NSA and Cyber Command
Matthew Kahn Sat, Aug 19, 2017, 1:30 PM
Friday morning, the White House announced it will elevate Cyber Command to a full unified combatant command. Within 60 days, the Secretary of Defense will recommend whether Cyber Command should also be split from the National Security Agency.
Cyber Command
Separating NSA and CYBERCOM? Be Careful When Reading the GAO Report
Robert Chesney Mon, Aug 7, 2017, 1:01 PM
The Government Accountability Office last week published a report that, among other things, weighs in on the pros and cons of the NSA/CYBERCOM “dual-hat” system (pursuant to which the director of the NSA/CSS and commander of CYBERCOM are the same person). The report deserves attention but also some criticism and context. Here’s a bit of all three.
1. What is the “dual-hat” issue?
CYBERCOM
Should NSA and CYBERCOM Split? The Legal and Policy Hurdles as They Developed Over the Past Year
Robert Chesney Mon, Jul 24, 2017, 2:36 PM
In light of Michael Sulmeyer’s excellent recent piece on splitting NSA and CYBERCOM, which ran at War on the Rocks last week, I want to pull together some of the key legal and policy developments of the past year in a single narrative. My aim is to put them in context with each other in a way that will provide useful background for those new to this issue, while also putting a spotlight on the deconfliction-of-equities issue that the split proposal raises.
Intelligence Oversight
New York Times Publishes Declassified Report on Post-Snowden Reforms
Matthew Kahn Fri, Jun 16, 2017, 9:02 PM
The New York Times has published a declassified version of a 2016 report from the Defense Department Inspector General that assesses the reforms implemented to improve security of the NSA's most sensitive systems after the Snowden disclosures.
Secrecy & Leaks
Recent NSA Leak Arrest: A Few Observations and a Lesson
Nicholas Weaver Wed, Jun 7, 2017, 11:25 AM
Reality Leigh Winner, a recently separated Air Force linguist and a new hire by Pluribus International Corporation as a support contractor with a Top Secret clearance, allegedly searched for and printed out a Top Secret government report, folded it up, and dropped it in the mail to an online news outlet. Yesterday, the U.S. Attorney’s office revealed her arrest in an unsealed indictment.
WannaCry
WannaCry's Warning: Unpatched Operating Systems and Third-Party Harm
Robert Chesney Mon, May 15, 2017, 5:45 PM
The most important policy question raised by the WannaCry ransomware fiasco is not the most obvious one.
Podcasts
The National Security Law Podcast Episode 15: Skirmishes in the Surveillance Wars
Robert Chesney, Steve Vladeck Thu, May 4, 2017, 10:48 AM
In this surveillance-heavy episode [Please use that link; we're still having trouble with the embed code], Professors Chesney and Vladeck dig into a raft of news about foreign-intelligence collection authorities. They open with an overview of how Section 702 collection authority works, and then unpack the recent news that NSA is dropping the “about” collection component of Upstream collection under 702.
Bulk Metadata Collection
What Is the "Right" Number of Call Detail Records for 42 Targets under FISA's Business Records Authority?
Robert Chesney Wed, May 3, 2017, 5:45 PM
ODNI's transparency report contains loads of interesting information (see, e.g., Adam's post here on FBI queries of the fruits of 702 collection).
Section 702
Can NSA Drop "About" Collection Without Gutting "To/From" Collection?
Robert Chesney Fri, Apr 28, 2017, 4:29 PM
The mystery as to why there was no Section 702 application or certification reported for 2016 has now been solved (I'm assuming readers know today's big 702 news, flagged by Quinta here, and as explored in detail by Charlie Savage in this article): NSA has been struggling to resolve a problem with "about" collection under the Upstream heading, including in particular a problem with analysts quering the fruits of that c