Intelligence

A number of African leaders have turned to Chinese investment as a viable alternative to Western development aid. The recent allegations of Chinese cyberespionage of the African Union's headquarters might prompt them to reconsider. 

The CLOUD Act is supposed to help foreign law enforcement investigate crime. It could also help foreign countries spy on each other. 

The Nigerian Civil war, which lasted from July 1966 to January 1970, remains the most significant event in the country’s post-independence history in ways reminiscent of the American Civil War. In the aftermath of a coup, a counter-coup, and a pogrom against the predominately Christian Igbos living in the mostly Muslim north, Igbos in their south-eastern homeland organized an independent state, Biafra, and attempted to secede from the Nigerian Federation. The civil war left an estimated 1.5 million dead, mostly from disease and starvation. Commonly called the Biafra War in the West, it was the first in a dreary series of large and highly publicized post-independence conflicts, which include those in Angola, Central African Republic, Congo, Mozambique, Rwanda, Somalia, and Sudan. A widely published photograph of a starving Igbo child became the face in the West of these African conflicts. In the United States, especially on college campuses and in progressive circles, there was strong support for the Biafran cause. Activists in the Vietnam anti-war movement, the civil rights movement, and the feminist movement tended to support Biafra. Pro-Biafra sentiment was strengthened by Biafra’s highly effective international propaganda and by the presence of large numbers of Igbo students on American college campuses, sent there by various Nigerian governments using newly-acquired oil wealth. Hence, Biafra was an American domestic issue, as well as a foreign policy challenge for the Johnson and Nixon administrations. In addressing those challenges, presidents Johnson and Nixon turned to the intelligence community (IC), as all administrations do when shaping foreign policy. More than fifty years after the end of the Nigerian civil war, Judd Devermont has analyzed the IC’s biases that contributed to distortions in policy making in a recently published paper. Devermont is currently the national intelligence officer for Africa at the U.S. National Intelligence Council. Hence, he is writing as an insider. His lessons-learned study has a primary focus on intelligence, but it also provides important insights into the broader process (or lack thereof) of policy making. Devermont give good marks to the IC’s reporting on the coming of the civil war. However, once the war started, Devermont shows that IC “cognitive biases and faulty assumptions tilted its judgments in favor of Biafra and amplified its fear of mass atrocities committed by Nigerian forces.” Those biases included wishful thinking about the Biafran military, an undervaluing of the Nigerian military, and an over-estimation of the abilities of Odumegwu Ojukwu, the charming, Oxford-educated Biafran leader. The IC also underestimated Yakubu Gowon, the Nigerian chief of state who, among other things, was a Christian, which contradicted the popular Muslims vs. Christians narrative. Contrary to IC views, he successfully instituted a policy of “no winners, no losers” once the civil war was over in order to reintegrate Biafra. (Arguably, national reconciliation in Nigeria took place faster than in the post-civil war United States.)  Devermont concludes with lessons for the IC community that are equally applicable to the broader policy community. He warns that the IC’s conclusions cannot be “swayed by public sentiment;” cautions that the past is not always a prologue (the 1966 northern pogrom did not make inevitable a post 1970 pogrom); and implores analysts to always consider alternative outcomes to the conventional wisdom.   

Laura K. Donohue argues that section 702 of the U.S. Foreign Intelligence Surveillance Amendments Act is an important tool in the intelligence community’s arsenal, but that it should be amended to bring it within constitutional bounds.

The Federal Bureau of Investigation has been reoriented toward counterterrorism in recent years, but continues to face charges of overreach.

Lost amidst the news about former FBI Director Jim Comey’s high-profile testimony last week was the kick-off of the debate on reauthorization of an intelligence program under which the government scans the content of international communications that flow to and from the United States via the internet for foreign intelligence purposes. The program, known as the section 702 program for the provision in the Foreign Surveillance Intelligence Act that created it, is due to expire at the end of the year and the directors of the FBI, National Security Agency (NSA) and National Intelligence were on Capitol Hill to defend it. Trump administration officials have called for a permanent “clean” reauthorization which Thomas Bossert, the president’s homeland security and counterterrorism adviser, outlined in a recent New York Times op-ed. Senator Tom Cotton and over a dozen other Republican Senators including Intelligence Committee Chairman Richard Burr had introduced such a “clean” reauthorization bill earlier in last week. However, civil liberties groups have long voiced concerns about the program and seek reforms in any reauthorization legislation. Last week, Facebook, Amazon, Microsoft, Google, and other tech companies sent a letter to House Judiciary Chair Robert Goodlatte seeking their own proposed reforms.  Section 702 authorizes the government to collect from U.S. companies the communications data of non-U.S. persons (non-citizens or lawful permanent residents) abroad. During last week’s hearing, Director of National Intelligence Dan Coats argued that Section 702 has produced "significant intelligence that is vital to protect the nation" and cited the prevention of a New York subway bombing, as well as the government’s ability to have tracked down and ultimately kill the self-declared Islamic State’s second-in-command Hajji Iman. The program’s intelligence value was substantiated by the independent Privacy and Civil Liberties Oversight Board (PCLOB), which found that   Monitoring terrorist networks under Section 702 has enabled the government to learn how they operate, and to understand their priorities, strategies, and tactics, […] and has led the government to identify previously unknown individuals who are involved in international terrorism, and it has played a key role in discovering and disrupting specific terrorist plots aimed at the United States and other countries. The program focuses on targeting non-U.S. persons reasonably believed to be located abroad and the intelligence community has ceased its practice of collecting communications that only mention foreign targets (rather than with targets). Despite these developments, there are still two outstanding sets of concern: (1) searches of the incidentally collected communications of U.S. persons and (2) the collection via the compelled cooperation of U.S. companies and analysis of bundles of data that may include communications with non-U.S. persons who are not targets. Although the program prohibits “targeting” U.S. persons in collection of data, it allows the search of that data using U.S. person identifiers in investigations. The NSA and CIA only search using a “statement of facts showing that a query is reasonably likely to return foreign intelligence information” but that restriction does not apply to the FBI. The section 702 database is vast, including not only the communications with non-U.S. persons abroad who are surveillance targets but also data caught up in batches with communications on the internet backbone with surveillance targets. The Foreign Intelligence Surveillance Court that oversees the program deemed these searches to be constitutional but many scholars believe it was wrong to do so. Despite validating the program’s significant intelligence value, the PCLOB concluded that the lack of information about the collection of Americans’ communications under section 702 “hampers attempts to gauge whether the program appropriately balances national security interest with the privacy of U.S. persons” and recommended that the government provide to Congress data related to this collection. Last week, despite requests from numerous lawmakers and privacy organizations and his own commitment to work to produce the information, DNI Coats refused to provide data on the number of Americans’ communications collected under 702. Of particular concern to U.S. tech companies is the collection of communications of overseas foreigners who are not targeted for surveillance. The U.S. tech sector has been criticized by foreign governments, and U.S. internet products and services have come under suspicion from users since the Edward Snowden disclosures revealed the extent of section 702 collection. The European Court of Justice referenced section 702 when it struck down the EU-U.S. Safe Harbor, the agreement that had treated U.S. company handling of EU persons’ data as compliant with EU data protection laws. The replacement Privacy Shield has already been challenged in European courts, although the European Commission is defending the deal. Having communications traffic move away from the United States not only diminishes revenue for U.S. firms, but also undermines the ability of intelligence agencies to collect and analyze communications. Reform proposals are beginning to surface. After last week’s hearing, Judiciary Committee Ranking Member Dianne Feinstein endorsed authorization (though with a sunset) and proposed codifying the NSA’s decision to end collection of communications that merely mention a target and a requirement for an outside counsel each time the government seeks the Foreign Intelligence Surveillance Court’s approval of continuation of 702 collection. The importance of the program for intelligence purposes—and the political drama swirling around—shouldn’t prevent a well-reasoned consideration of how best to preserve the program’s important intelligence-gathering capabilities, while respecting U.S. persons’ constitutional rights and avoiding disincentives to international use of U.S. technology infrastructure.

Emails from reporters started coming in last night. Could I comment on the leaked National Security Agency (NSA) report on Russian interference in the election?  The short answer was no. The reason was simple: I couldn’t read it. Normally, I might have tried to wing an answer, providing some context for what the reporter told me was in it. But in this case, the report was classified and I did not want to give the impression, even if false, that I had downloaded the document. In truth, I would have known more about the NSA leak if I did not hold a security clearance and could view the document online like everyone else.  As one of the 5.5 million Americans who hold a security clearance, viewing that document would violate my obligation to protect classified information.  While I might have the right level clearance to view the document, the computer I would use to access it is not authorized to handle classified information. Viewing it would constitute a “spill” of classified material, necessitating that I report it to my security officer, and hand over my computer. Containment from there would involve an investigation and an official report. I’d likely lose my clearance and probably my computer. But even if I could go into a facility that is cleared to access classified information, I still wouldn’t be able to read the report. Accessing classified information not only requires the appropriate clearance but a legitimate “need to know”. And in the eyes of the U.S. government, being able to intelligently comment on a piece of leaked intelligence doesn’t cut it.  Right now, security officers throughout the federal government are sending out reminders to federal employees not to access the report. They are reminding them that a leaked document is not automatically declassified and that accessing it could jeopardize their clearances (and their jobs).  Meanwhile, those with a hand in cybersecurity or Russia policy who had not seen the report are desperately trying to get their hands on it through official channels. And while I will follow all these rules, it should be pretty clear to the outside world how dumb this is.  These rules came about in the age before the internet. In an earlier time, it might have been reasonable to talk about “containing” a leak – limiting the dissemination of the materials and placing pressure on reporters to withhold the story or at least certain facts.  Thirty years ago, it would have been impractical for the New York Times to publish the document in full. Now, it’s siting on a publicly accessible website. Continuing to treat a document as “top secret” when it is no longer a secret is just silly.  What’s dumb is putting the 5.5 million people who should arguably be better informed than everyone else on matters of national security in a position where they actually know less. After the Manning, Snowden, and series of smaller leaks over the last two years, intelligence analysts in China and Russia likely have a far better understanding of our national security process and intelligence collection capabilities than all but a small handful of very senior officials in the U.S. government.  While I believe that Reality Leigh Winner committed a crime in leaking this document, I also believe that the NSA should move quickly to declassify it. Declassification and release should become the default practice following a public leak of classified materials.  It will save agencies the money and time it takes to re-image computers when the document is downloaded unthinkingly as federal employees sip coffee and click through the links in their inboxes.  But more importantly, it will mean that federal employees will no longer be operating at an information disadvantage about what is going on in their own government relative to the adversaries they are working to counter.   

Excerpt from chapter 1 of my new book, False Dawn.

The dismissal of FBI Director James Comey raises concerns about the government’s ability to investigate Russian meddling in U.S. elections, and the broader national security role of the agency.

Intelligence agencies love working in the shadows. However, in a post-Snowden world, they will have to get used to working in the spotlight.

This post was co-written with Alex Grigsby, assistant director of the Digital and Cyberspace Policy program. This morning, the U.S. Department of Justice (DOJ) announced the indictment of four people allegedly responsible for the breach of over 500 million Yahoo accounts the company announced last year. What makes this interesting is that two of the indictees are Russian intelligence officials working for the FSB--the successor to the KGB. It looks like the Federal Bureau of Investigation (FBI) nabbed a pretty classic espionage operation. According to the indictment, two FSB officers--Dmitry Dokuchaev and Igor Sushchin--and Alexsey Belan--one of the FBI’s most wanted criminals and named in the sanctions President Obama issued against Russia in response to the DNC hack--obtained access to Yahoo’s user database. They then used that access to access the accounts of possible Russian intelligence targets, such as diplomats, investigative reporters, and representatives of U.S. companies. Dokuchaev and Sushchin also used the data to help Karim Baratov access approximately 80 accounts hosted by Google and an unnamed Russian provider. Baratov, a 22-year-old dual Kazakh-Canadian citizen living outside of Toronto, was paid for his services and liked nice cars. The indictment also alleges that Dokuchaev and Sushchin helped Belan mine the Yahoo data for his personal criminal purposes, who searched compromised accounts for credit card details and gift cards either to use for himself or to sell in cybercrime forums. There are a couple of significant differences between this incident and the other instances in which the U.S. government laid hacking charges on state-sponsored actors. In the 2014 indictment of the five People’s Liberation Army (PLA) officers, it was clear that China was not going to turn them over. In that case, the charges were probably more political--forcing China to reckon with seriousness with which the United States took the pilfering of its companies’ intellectual property. The 2016 charges against the Iranians affiliated with the Revolutionary Guards were probably less political, but nevertheless were partly meant to discourage Iranians from hacking U.S. targets lest it hinder their ability to travel and as a deterrent to future hacking, a sign that the United States could attribute attacks to individuals. In this recent case, at least one of the indictees--Karim Baratov--is likely to see the inside of a U.S. court. Canadian authorities arrested him yesterday and he is likely to be extradited. There are a number of instances in the indictment that suggest U.S. authorities obtained evidence of the links between Baratov and the FSB by monitoring their communications. During a criminal trial, that would possibly require U.S. prosecutors to disclose how they monitored the conversations and under what authorities. In a recent case against alleged child pornographers, the DOJ chose to drop its charges instead of revealing how investigators exploited a vulnerability in the TOR network to identify the suspects. That could also happen here if Baratov contests the accusations. The DOJ could put pressure on Baratov to plead guilty to lesser charges to avoid that outcome. It is worth noting that in a previous hacking case, Su Bin, a Chinese national living in Canada, pled guilty to stealing information from U.S. defense contractors for the PLA’s consumption, making it unnecessary for the federal government to prove its case. Another oddity with the case is the fact that Dmitry Dokuchaev was arrested earlier this year in Russia and accused with treason, along with the former head of the FSB’s information security center, Sergei Mikhailov and a former Kaspersky employee. It is unclear what Dokuchaev might have done that was treasonous in the eyes of the Russian legal system. One theory is that he was a CIA mole, which begs the question why would the U.S. file charges against one of its assets?Another could be that he hacked the wrong people while making a bit of money on the side, and got swept up for that. The ripple effects will be felt on two fronts. First, these indictments obviously worsen and complicate the relationship with Russia in cyberspace. Some saw the Shadow Brokers leaks of NSA hacking tools in August 2016 as retribution for the attribution of the DNC hacks to Cozy Bear and Fancy Bear and as a warning shot across the bow, a reminder that Russia is a very capable actor in cyberspace. We will have to wait how the Kremlin decides to respond this time, but it is likely to be a mix of official and asymmetric actions. Second, in announcing the indictments, the DOJ trumpeted the cooperation with Yahoo and other tech companies, and Yahoo did the same. For DOJ and FBI, this is a welcome change of messaging to Silicon Valley. The headline is not that law enforcement wants to weaken encryption and build backdoors in products, but that working closely with the government can result in taking down state-backed hackers that threaten the private sector. That message might resonate for a little, but long term tensions are bound to return.