Tag Archives: DNI

New Terrorism Guidelines Represent Further Triumph of Lawyering and an Independent IC

“U.S. eases restrictions on keeping citizens’ data,” The Washington Post broke last night.

“U.S. Relaxes Limits on Use of Data in Terror Analysis,” now says The New York Times.

“U.S. Agencies Allowed to Keep Residents’ Data for Five Years,” says Bloomberg.

“Government Now Allowed to Store Info on Innocent Americans,” says Antiwar.com.

Let the game of telephone begin: liberties stolen; privacy over.

Yesterday, the Director of National Intelligence and Attorney General released what they call “updated guidelines designed to allow NCTC to obtain and more effectively analyze certain data in the government’s possession to better address terrorism-related threats.”

The “Guidelines for Access, Retention, Use, and Dissemination by the National Counter-terrorism Center (NCTC) of Information in Datasets Containing Non-Terrorism Information,” the DNI and Justice Department say in their press release, allow the NCTC to “better protect the nation and its allies from terrorist attacks” while “at the same time protecting privacy and civil liberties.”

The updated Guidelines, the government says, “do not provide any new authorities for the U.S. Government to collect information.”

I received a copy of the new guidelines from the DNI press office at 7:53 PM last night, but I note that the 32 page document is not readily available (as of 9 AM the day after the release) on either the DNI or Attorney General’s websites.

I don’t think there’s a conspiracy here, but I do think if you read the actual document and aren’t familiar with existing guidelines and the ifs, ands, and buts of government regulations, you could easily come away concerned.

And thus constitutes the divide, the divide between Washington and the rest of the nation, between the national security imperative and the colloquial understanding of liberty as practiced by the rest of the country.  The usual suspects of the civil liberties industry (and I don’t mean to disparage them) and the anti-government set (from gun-toters to olive-branchers) will decry; talking heads promoting public slumber will counsel calm; the media will muddle.

Meanwhile the government’s lawyers will satisfy themselves and reassure – as they did in their tortured legal justification sanctioning the summary assassination of an American citizen – that it’s all in accordance with applicable laws.  If you’ve got nothing to hide, what’s the problem?, the agents of idiocy will bellow.

The NCTC, the actual document says, “shall not access, acquire, retain, use, or disseminate United States person information solely for the purpose of monitoring activities protected by the First Amendment or monitoring the lawful exercise of other rights secured by the Constitution or other laws of the United States.”

Any information received must be reviewed to ensure that it is terrorist-related, the guideline says, that is, “based on the knowledge and experience of counterterrorism analysts as well as the facts and practical considerations of everyday life.”

It’s all pretty straightforward, except that these rules only apply to the National Counter-terrorism Center.  And they leave open possibilities – indeed the likelihood – that the national security establishment will over-reach, that an overzealous someone will bend and stretch the rules and their intent, heck, that this has already been done, is already being done, which is why new Guidelines were required.

The NCTC, the Guidelines say, receives its information from federal, state, local governments and “other sources,” “other entities,” “data providers,” none of whom are named.  Any abuses, in other words, will take place elsewhere.

As long as Washington is lost in its terror war, as long as the intelligence community remains beyond accountability, as long as lawyers justify anything as legal, what is already happening in America will continue to happen.  It isn’t a government conspiracy; it’s an American erosion occurring because we haven’t figure out yet either how to deal with the abundance of information the government feels justified to collect and analyze and we haven’t figured out how to deal with the basic criminal threat that terrorism represents.

Advertisements

Three Stooges of the Apocalypse?

Here’s something that passes for “news” that I submit even though it is repeated almost daily we could have read it any day in the last decade: Cyber networks are insecure, the Russians – Chinese, French, Israelis, Iranians – are coming, and, here’s the punch line, we have to spend more!

First of all, let me say that I’m not questioning the “threat.”  When DNI James Clapper says, as he did in his January 31 testimony before the Senate Intelligence Committee that China and Russia and even an increasingly aggressive Iran are improving their cyber capabilities and increasingly penetrating U.S. networks, I believe the intelligence.

“Iran’s intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity,” Clappers said.

But point one, and Clapper said it, this is spying.   And as spying, we should remind ourselves that the United States has the most extensive – and I would say most capable – cyber intelligence capability in the world; and the U.S. is itself “increasingly aggressive” in its efforts to penetrate, manipulate, and even figure out how to electronically disable foreign networks.

Hence the creation of the U.S. Cyber Command lodged at the NSA in 2009.  Hence a provision of the fiscal 2012 national defense authorization act authorizes the military to conduct offensive cyberspace operations subject to the same provisions of the law of armed conflict.  That would be the principles of military necessity, proportionality, and discrimination.

So not only do we live in a glass house, but if we want to continue to call it war, that is, an act of aggression justifying military response, war is what we’ll get.

If it is intelligence operations, on the other hand, and is thus a tacitly recognized international activity with its own conventions, then we should stop acting both surprised and indignant.

Which brings us to the mega-business of cyber security, whether it is the home purveyors of personal computer firewalls and malware detection and removal; or the multi-billion dollar federal efforts (a veritable hidden Platinum Valley for the contractors) to achieve what appears to be the impossible: securing American networks.

Anyone hear the anthem of the war on drugs or airport security playing in the background?  It is a never-ending, never enough gift that keeps on giving.  Failure to produce the result will be rewarded: It always is.

There are a number of inter-locking reasons why the cyber threat has been very very good to defense industry and the threat mongers:

– Everything is moving to public networks whether on land or in the cloud, from the mundane of billing to drone killings and even nuclear weapons command and control.  Networked data grows at rates that can’t even be quantified.  Net vulnerabilities – here I mean the number remaining after a deduction taking into consideration growth — may or may not be increasing.  No one seems to know and no one seems to have an incentive to counsel calm.

– There is a double dis-incentive to actually locking down cyber communications: intelligence and commerce.  On the intelligence side, secure networks impede spying, destroyed networks eliminate sources of information.  Hence the tensions that do exist in the classified world, for instance, between the existences of thousands of radical Islamic websites which the intelligence agencies monitor but logic might tell you should just be destroyed.  It is a perpetual conundrum.  Which leaves commerce, not just the business of supporting the pro-longed war against terrorism, but also the riches available in the private sector’s protection; the cyber threat is a Godsend.

At what point does all of this morph into an act of war?  At what point will we wake up some morning to the news that some digital Gary Francis Powers has been shot down inside Russia?

If my answer is “soon,” then I’m just falling for the same B.S. and have to remind myself that this same question was being asked a decade or longer ago.  And just like the WMD “threat,” I need to remind myself that there is a subtle devil’s alliance between those who truly believe that the threat is out there and hostile and demands (military) response and those who equally build up the threat in their efforts to agitate for non-military solutions but just end up inadvertently affirming the existence and importance of the threat, thus creating an environment that seems to affirm military action.

So there might be some cyber incident soon, but given that there are all sorts of incidents – penetrations, spies getting caught, screw-ups — all the time, I guess I’ll say, well that’s what happens when you play with fire; big deal.

What I can’t say is that this will all sort itself out.  There are subtle short-term developments afoot and long term implications that demand greater brain power and less throwing of money.  For those who don’t follow this too closely, we’ve seen just in the past two weeks bold announcements by the Secretary of Defense that cyber threats are his main worry and that security won’t be short-changed in budget reductions; arguments over whether all of this should be a Pentagon or Department of Homeland Security responsibility; the FBI calling for more control; a scuffle over whether the government should take control of protection of private networks such as the electrical grid.  Meanwhile, NASA’s network isn’t secure, its IG says; DARPA will provide increased funding for offensive cyber warfare research.

“In the not too distant future we anticipate that the cyber threat will pose the number one threat to our country,” FBI director Robert Mueller told delegates at the RSA 2012 conference in San Francisco last week.  “We need to take lessons learned from terrorism and apply them to cybercrime.”

Some wag observed long ago that the information security schnorers reminded them of the three stooges 1936 “Ants in the Pantry” episode.  There, employees of the Lightning Exterminating Co., they were directed to drum up business.  They did nicely, releasing ants and mice and snakes at a fancy party and then arriving to save the day.  They were so entertaining and effective, they ended up being invited to the Fox Hunt!

So beware the warnings of those who profit from the threat.  More important though, wording is really essential to get right, and my hats off to Clapper for calling it spying, but then he’s the Director of National Intelligence and that’s his portfolio.  So I couldn’t help notice that Leon Panetta minces no words in calling it attacks:  “We are literally getting hundreds or thousands of attacks every day that try to exploit information in various [U.S.] agencies or departments,” he told an audience at the McConnell Center at the University of Louisville.

Does it make a difference which it is?  Hell yes, and the promiscuous wordings and flabby rhetoric of top government officials aren’t helping.  When the DNI yells spying, the Secretary of Defense yells attack, the FBI head yells crime, and the Department of Homeland Security yells help, the debate is more than just whether Certs is a breath mint or a candy mint.  This is the true sign of an ongoing and unresolved government food fight.

Meanwhile, while the heads of intelligence and defense are braying loudly about cyber security, the Federal Chief Information Officer Steven VanRoekel, while speaking at a February 24 conference, announced that security was one of the Obama Administration’s top five priorities!  Top five?  What the hell could the other four be?