“This is only a small part of this story.” In late March 2023, InformNapalm reported that the Ukrainian Cyber Resistance – a hacktivist organization with links to the Ukrainian government – had successfully breached and monitored the email account of Russian Air Force Colonel, Atroshchenko Sergey (Serhii) Valeriyovych. In addition to collating information from the colonel’s emails, the hacktivists posed as a Russian officer from the 960^th Assault Aviation Regiment (headed by Atroshchenko) and initiated a conversation with Atroshchenko’s wife. For brevity, call this example Email Wives.

Via a series of emails, the hacktivists convinced the colonel’s wife to organise a “surprise” “Patriotic Photoshoot.” The photoshoot featured headshots of twelve wives wearing their Russian officer husbands’ dress uniforms – ranks and medals in clear view. It also included pictures of Russian jets painted with the symbol ‘Z’, a signal of support for the war in Ukraine. Using open-source intelligence – including photographs from the regiment’s New Year’s party – Ukrainian hacktivists were able to ascertain the identity of the Russian pilots.

Crucially, the colonel targeted was not just any Russian officer. Atroshchenko is an alleged war criminal, accused of ordering the indiscriminate targeting of a children’s hospital, art school, and “civilian-packed theatre in the city of Mariupol” in the first month of the unjust invasion. As part of the attack, approximately 600 people died – including minors. Such war crimes triggered calls for prosecution at the International Criminal Court.

According to the English comments responding to the covert cyber-enabled influence operation retweeted by Ariana Gic (with 38,600 Twitter followers), the hacking operation was widely celebrated. Fred Hoffman – a self-professed “Lifelong HUMINTer” and Professor of Intelligence Studies (with over 20,000 Twitter followers) – replied: “This is outstanding. I will go to sleep with a smile on my face now.” Other Twitter users commented: “Well Played.”, “This is awesome.”, “My God that is brilliant!!”, and “Ukrainian Ingenuity [sic] knows no bounds”. InformNapalm decided “not publish the entire dump for the time being”. The hacktivists instead chose to keep secret from Russia the extent of the leak and, therefore, exactly how much Ukraine now knows about the 960^th regiment.

At face value, the operation was a successful, and mildly amusing, 21^st century example of tricking the enemy. Of course, deception in war is as old as war itself (mentioned by Sun Tzu as far back as the 5^th century BCE). And ruses are, of course, legal in war (though perfidy – feigning to be a protected person in war, such as a member of the Red Cross or hors de combat, is not – and espionage is murkier still). During World War II (WWII), the Allies waged Operation Fortitude: a sophisticated deception campaign that employed fake tanks and airplanes, fabricated radio chatter, and decoys that convinced the Nazis that the D-Day landing would not take place at Normandy, but at Pas-de-Calais. In the on-going Ukraine-Russian conflict, Ukraine deceived Russia into depleting its cruise missile stocks by using wooden decoys mimicking U.S. rocket systems. Russian soldiers in Ukraine were also tricked into sharing their location after Ukrainian hackers created “honey pot” profiles of women on social media. But all these operations clearly targeted morally liable combatants in war: the decision-making political elites in the Third Reich (and the Nazi combatants fighting the war of aggression) and Russian soldiers discharging Vladimir Putin’s unjust invasion.

But Email Wives forewarns a development in war-time deception in two ways. First, the avenue through which such manipulation and covert influence was operationalized was not via traditional human intelligence (HUMINT) operations, but cyberspace. Unlike the (often) steep costs, risks, and harms tantamount with HUMINT operations, cyber intelligence (CYBINT) operations are relatively quick and easy. As such, it is reasonable to expect an increased rate of cyber deceit in war, with covert cyber influence operations able to target more individuals more efficiently and at a lower entry-point (relative to HUMINT). Second, the intended target for manipulation was not the regime or the military personnel, but the wives of the Russian pilots. These two features of such cyber deception – as per Email Wives – point to ethical questions, and policy implications, for the conduct of 21^st century (cyber) wars.

The Russian language post from InformNapalm reads: “Hacking of the Russian war criminal, commander of military unit 75387, 960th assault aviation regiment of the Russian Federation, Colonel Serhii Atroshchenko. The aviation regiment of which is stationed at the airfield on the outskirts of the city of Primorsko-Akhtarsk. An exclusive publication based on the results of our joint work was published on the website of our friends from the international intelligence community InformNapalm. Intelligence volunteers investigated the dumps and conducted reconnaissance using OSINT techniques” (Source: Telegram).

Benefits of Cyber Deception

Email Wives constitutes a move beyond strictly CYBINT operations – that is, breaching secure networks and gathering evidence or data via cyberspace. The hackers did conduct traditional CYBINT operations by closely monitoring the colonel’s email activity: the Ukrainian Cyber Resistance obtained the colonel’s home location, date of birth, phone number, government documents, troop movements, data on Russian military equipment, and even his COVID-19 vaccination status. Email Wives also did not involve manipulating the code within the network infrastructure itself being manipulated such that the system malfunctions – what Cécile Fabre regards as cyber sabotage (as per Stuxnet). Rather, the Ukrainian Cyber Resistance manipulated the human beings receiving the fabricated emails, encouraging them to act in ways they would not otherwise. In short, the Russian airmen’s wives were doxed: they unwittingly provided highly sensitive data about their husbands as a result of the fabricated emails.

To be sure, covert influence operations have long been employed by warring parties. Yet there are ostensible benefits for this kind of cyber deceit over that of traditional HUMINT operations. First, this kind of operation is relatively harmless. It did not place the partners of Russian pilots in imminent physical danger. (This is assuming that there has been no severe punitive action launched by the Kremlin upon suspecting that the wives knew the ‘Patriotic Photoshoot’ would subvert the war effort.) The cyber manipulation operation did not physically endanger the military wives (or their families), as HUMINT operations might.

Second, the cyber operation was comparatively quick. There was no significant time investment: a series of email correspondences emanating from “secure” Russian emails sufficed. Perhaps a longer-term communication with the Russian colonel’s wife may have been fruitful in yielding on-going intelligence via manipulation or blackmail. However, the kind of expediency of the cyber operation in war is surely a benefit – at least in terms of gaining the identity of those pilots involved in the bombing of Mariupol.

Third, and similarly Email Wives was relatively low stakes. HUMINT operations often play a notoriously long-game. The operative in the field must 1) seemingly serendipitously meet the wife, or come to know the wife through unsuspecting means, and 2) build trust over weeks and months, if not years, to be successful. Duping someone through cyberspace is comparatively less damaging than building a relationship with an individual and then (perhaps devastatingly) betray that confidence.

Fourth, again compared to HUMINT, the cyber operation was presumably inexpensive. It was certainly unlikely to cost close to HUMINT operations that involve training the operative, planting the operative, setting the operative up with a plausible backstory, covert communication technology, an escape route, and so on.

Fifth, and finally, Email Wives was a safe operation for the Ukrainian Cyber Resistance operatives themselves. Conducting the mission at a safe, unknown distance, behind screens and keyboards, the Cyber Resistance fighters of the war-effort are afforded a large degree of anonymity and physical protection (again, relative to HUMINT).

Given these purported benefits, such cyber manipulation operations seem ideal compared to lengthy, expensive, and risky HUMINT missions in war. In light of such undertakings being further away from the battlefield (with hackers operating in safe spaces) and being less costly, time-intensive, and harmful, it is reasonable to expect an uptick in such operations.

Nonetheless, there are important questions pertinent to ethics of war that arise from covert cyber-enabled manipulation operations like Email Wives. Notably: Are the spouses of Russian Air Force members legitimate targets for cyber deception?

Cyber Targeting of Military Spouses in War

Of course, being married to military personnel does not render partners legitimate military targets, and so the wives would not constitute combatants liable to intentional physical attacks. But could it be ethically permissible (or even required) to target such civilians through cyber deception? In other words: are wives of military members afforded protection from traditional, kinetic military operations (including cyber operations that result in kinetic effects), but not covert cyber-enabled influence operations? Do such relationships with Russian military members implicate wives in the conduct of war enough to warrant this kind of (minimal) cyber interference? There is little doubt of Atroshchenko’s moral liability to kinetic attacks and cyber attacks. He is a high-ranking combatant, waging an illegal and unjust invasion, and has been accused of perpetrating war crimes. But his wife? And the wives of the other Russian pilots? While a parallel may be made with traditional wire-tapping private phone calls, this operation moves beyond merely information gathering and into the space of actively manipulating family members in war as per covert influence operations.

Literature on the ethics of covert influence has highlighted the moral wrongs of manipulation. For instance, Charles R. Beitz writes that the “distinctive evil of manipulation derives from the fact that by attempting to hide the exercise of power… [it] enlist[s] a person’s capacity for self-determination in the service of goals which are not, or not necessarily, the person’s own.” Essentially, covert influence and manipulation undermines the individual’s autonomy and agency – something which is typically considered a priori morally abhorrent. Despite this, covert action and what the Russians call ‘active measures’ (aktivnyye meropriyatiya) has also been a long-standing feature in competition and conflict, including (or perhaps especially) against average citizens.

Partners might be ethically subjected to the chicanery and manipulation featured in Email Wives because they (unlike their children, for instance) know full-well that their spouses are military members and are ostensibly consenting to supporting such a career by remaining with their partner. Further still, the Russian women are married to military personnel who are fighting on the ‘unjust’ side in war (which, according to Just War revisionists, has important implications regarding the moral status of combatants). Yet, the partners’ knowledge of the particular operation against Mariupol is more difficult to confirm, due to security requirements that would likely prohibit their partners from discussing individual missions. It is not clear the military wives and girlfriends were aware their partners were following orders that amounted to war crimes.

More disconcertingly is that InformNapalm – the “International Volunteer Community” – released intimate photos of Atroshchenko’s wife in lingerie. Lilia Aleksandrovna Atroshchenko would send “photo surprises” to her husband. Under the subheading “Acquaintance with Atroshchenko’s wife,” InformNapalm included “more or less decent photos” with Lilia Atroshchenko posed on a couch in very little clothing. The hackers implied they had even more personal (read: explicit) photos of Lilia they could disclose.

Obtaining such intelligence is one thing; disseminating such photos – a violation of Lilia Atroshchenko’s privacy (not her husband’s) – is another. Are wives (and partners) in war ethically liable to having such images of themselves posted online without consent? Was posting of some photos of Lilia (and the note that these were the more “decent” photos the hackers had obtained) intended to serve as blackmail or ‘sextortion’ to coerce Atroshchenko to (potentially) pass along additional sensitive information to bulwark against more photos being uploaded? Might this be morally acceptable? Or is this a somewhat warped form of ‘revenge porn’ of military members’ spouses that might be morally permitted in conflict? There may be a parallel here with the physical printing and showcasing of intimate photos à la HUMINT. However, the posting of Lilia’s photos online allows for greater reach via the initial website and it is easier to download the photo and repost across different websites. What we post may not be “digitally permanent” (once it’s online, it is there forever), but it is more difficult to windback.

Further, the cyber operation itself placed the wives in little danger (relative to HUMINT operations). However, they would have likely experienced extreme humiliation upon realizing they had been played. For Atroshchenko’s wife, the non-consensual uploading of pictures intended for her husband’s eyes only would also conceivably prompt feelings of ignominy. Further, as mentioned earlier, the wives may also face intense interrogation by the Russian Security Service (the FSB), potentially being accused of intentionally disclosing sensitive information pertaining to their husbands. Hopefully, none of the wives succumb to the bizarre “accidents,” “illness,” and “murder-suicides” that have befallen businessmen in Russia since the February 2022 invasion. Moreover – now that InformNapalm has publicly disclosed the colonel’s home address, and his wife’s phone number, email, passport number, and telephone numbers – others in the Russian community may seek retribution. Indeed, one Twitter user commenting on the operation alluded to this: “Thoughts and prayers, every time she [Lilia] walks past a window”. (Lilia Atroshchenko also had her email account hacked, and it is unclear what the hacktivists found there).

Should the disclosure of such intelligence actually facilitate the (lethal) targeting of their husbands, the women would likely be susceptible to “moral injury.” Moral injury is the extreme amount of guilt and shame arising from perpetrating an act (or failing to prevent an act) that the individual perceives to be morally impermissible – for instance, providing information that had a hand in facilitating the demise of their loved ones.

To be clear, an argument could, and perhaps should, be made that this level of harm experienced by civilians married to war criminals is proportionate to the ends being achieved. The harm felt by military spouses – otherwise hitherto protected from military operations – is proportional to the ends being sought. Even if spouses are not morally liable to be intentionally targeted, the operation may still satisfy what Jeff McMahan refers to as wide proportionality: that is, the moral goods resulting from harming non-liable persons (in this case, the Russian wives) overrides that person’s moral right not to be harmed. This is opposed to McMahan’s concept of narrow proportionality, which refers to the harm morally liable persons, such as Russian pilots in war, may permissibly experience. Cyber manipulation of this kind may simply be a low-stakes case of collateral damage and/or doctrine of double effect within just war theory deliberations.

Email Wives prompts a further question requiring philosophical deliberation: If we are permissibly extending the purview of targeting, who else might be a legitimate person for such cyber manipulation operations in war? During the Vietnam war, the United States dropped billions of leaflets; some intentionally appealed to children, requesting information on Vietcong weapons in exchange for monetary prizes. Arguments against targeting military members’ under-age children might be made because – as minors – they lack autonomy and agency relative to wives. But what of military member’s adult children, or their (elderly, and perhaps less cyber savvy) parents?

Though somewhat humorous, Email Wives epitomises the blurring of the lines between those who may be ethically susceptible for subterfuge in the Russia-Ukraine conflict and how (notably, via cyberspace), thereby blurring the “front line” with the “home front.” Of course, for Ukrainians, the front line is the home front. And their experiences are far worse than that of the Russian Air Force members’ wives. Should the targeting and manipulation of spouses of war be deemed ethically permissible – even required – then the United States (and Ukraine) needs to prepare military spouses and families that they, too, may be targeted via cyberspace.

Preparing Military Families for Cyber Deception Campaigns

To reiterate, Email Wives is hardly the first – or the last – time states at war will attempt to deceive their adversaries. As the world’s second oldest professions, spies have long sought to infiltrate and influence family members of military personnel in war. Indeed, allied propaganda posters during World War II, such as “Loose Lips Sink Ships” aimed to discourage the broader civilian population, including family members, from refraining from discussing potentially sensitive topics in public.

But cyber manipulation campaigns like Email Wives represent a simpler, cheaper, quicker, and potentially safer means of tricking the enemy compared to traditional HUMINT operations. As such, cyber manipulation will likely be used more frequently to target civilians in war. With the advent of ChatGTP, some are warning that online scams are going to become even more efficacious and widespread, especially as AI systems become “more human than human” and mimic human behaviours in a bid to gain trust.

The question remains: Are military family members legitimate targets for cyber manipulation operations in contemporary conflicts?

If the answer is yes, then states committed to upholding the liberal democratic order must be prepared to accept that their own military members’ spouses, siblings, parents, or children similarly may be deceived and humiliated online.

Greater attention must be afforded to adequately preparing military relatives for targeted cyber deception campaigns. Spouses are already primed not to post sensitive information pertaining to their partners on social media. But what is required is a mandatory threat assessment training regarding offensive, covert cyber operations for (what militaries call) “dependents” to bulwark against operations like Email Wives. After all, should such campaigns be considered ethically acceptable or even celebrated in war, then we must be wary of what this means for service member families back home.

Of course, the cyber front of the conflict has its clear benefits: collating information, influencing adversaries, and – ideally – “identify[ing] and bring[ing] Russian war criminals to justice.” Such cyber manipulations operations are expected to increase as the war rages on into its second brutal year. But if these operations are widely regarded as morally permissible, or even desirable, then military families everywhere are fair game. The United States and its allies should prepare them for what comes next.

Image: Flag of Ukraine on a computer binary codes falling from the top and fading away (via GettyImages). 

The post “Honey, I’m Hacked”: Ethical Questions Raised by Ukrainian Cyber Deception of Russian Military Wives appeared first on Just Security.

I&A’s activities have been the subject of regular outrage seemingly every few months as the office finds itself in the headlines with a new scandal. Most recently, Politico revealed that I&A was collecting intelligence from people in jails and prisons without notifying their lawyers and with few if any protections of their rights. When the Supreme Court overturned the constitutional right to abortion, I&A was caught monitoring the social media “reactions” and “reflections” of people simply talking politics online. And during the civil rights outcry following George Floyd’s murder, I&A surveilled journalists and aided a summer-long campaign to undermine and discredit demonstrators, resulting in the removal of a senior official and multiple investigations.

Last week, Wainstein described this years-long series of misdeeds as a “rough patch.” My Brennan Center for Justice colleague Faiza Patel and I recently authored a report that cataloged these and other wrongdoings, explained how I&A’s overly permissive environment is designed to foster chronic abuse, and called for fundamental change. It appears that I&A too has been trying to find a path forward. The initial results of the review are in and I&A will make two changes it claims will strengthen integrity and accountability.

The first change I&A announced last week is to separate social media collectors from intelligence analysts to ensure the collectors have the independence and supervision needed to comply with law and policy. Presently, both analysts and collectors operate under I&A’s broad Intelligence Enterprise Operations division, but as separate entities. Under the previous administration, I&A placed social media collectors with some other information sharing functionaries. That office will be, apparently, broken back apart.

Similarly I&A’s human collection and liaison functions had operated separately, were combined and renamed in 2015, renamed again, and then apparently again renamed the Field Intelligence Directorate, according to a recent DHS post. Those operations—which take place in unaccountable “fusion centers” with state and local police—appear to combine “collection and analytic functions,” undermining Wainstein’s justification for isolating social media collectors.

Regardless, relocating social media collectors from one part of I&A to another does not address the concerns raised by their work. That is because social media remains ambiguous, laden with in-jokes and subtext, largely anonymous, and generally difficult to parse. Finding useful intelligence in that environment has often proved difficult and, as the Brennan Center shows in our report, I&A is not always up to the task to discern value from garbage. Wainstein touts “constant supervision” of social media collection as a new benefit. But lack of supervision didn’t cause I&A’s overreach during the 2020 racial justice demonstrations. Rather, as DHS’s general counsel made clear, the problem was that I&A and DHS leadership were able to direct social media collection and reporting to serve their political agendas.

This reorganization does not remedy the overbroad mandate and weak safeguards that allowed the unit to be used as a tool for the Trump administration’s preferred narrative about the dangerousness of racial justice protests. To comply with the legal requirements codified in its guidelines, I&A’s officers must ensure their activities further an enumerated mission. But these missions are so expansive—including intelligence to counter terrorism, threats to infrastructure, narcotics trafficking, foreign spying, and more—that they can provide the basis for illegitimate activities, as occurred during 2020. Catch-all missions, such as providing intelligence support to DHS leadership, are also susceptible to abuse.

Constraints are few and far between. The guidelines give only a passing treatment to the First Amendment and suggest I&A can monitor core political speech so long as it asserts a mission-driven purpose. This flimsy standard makes it all too easy for I&A officers to concoct a pretext to surveil online political speech, as we saw both with the Trump administration’s targeting of racial justice protestors and the Biden administration’s monitoring of people discussing abortion on the presumption they posed a threat to national security.

The second announced change involves consolidating internal oversight functions into one office. Currently I&A’s Privacy and Intelligence Oversight Branch, which is responsible for investigating violations of I&A’s guidelines, sits three layers below I&A’s lead; under the new plan, they will report to a new officer who reports directly to Wainstein. Wainstein claims this move will elevate oversight to the “top levels,” but in reality the only intelligence oversight office in DHS remains subordinate to the officer it is tasked to oversee. That’s a fundamentally broken arrangement that easily enables I&A leadership to again disregard oversight when it is most needed.

So let’s be clear: I&A’s new realignment simply is “just swapping out org charts.” It fails to address any of the agency’s fundamental problems. The Brennan Center proposes real fixes in our recent report.

The Secretary of Homeland Security needs to permanently end I&A’s harmful, easily abused practices of disseminating unverified social media information about Americans and collecting intelligence in jails. Oversight of I&A’s intelligence functions should be strengthened and made independent of the office it oversees, not simply moved up on I&A’s organizational chart. Congress should codify these changes and narrow I&A’s enormous discretion.

I&A has signaled additional tweaks are coming, noting a “priorities reassessment.” With a history of targeting racial justice demonstrations and a present practice of monitoring political “narratives” online, I&A’s priorities are certainly out of whack. There are real changes to protect both the safety and rights of Americans that the Secretary and Congress can—and should—make today. Don’t be fooled when DHS instead engages in sleight of hand and calls it progress.

Image: DHS Flag painted on a wall (via Getty Images).

The post DHS Intelligence Rearranges the Deck Chairs—Again appeared first on Just Security.

A profile of the alleged leaker, Jack Teixeira, in The New York Times paints a picture of a young man who dreamed of joining the military yet “caused harm to the country he had devoted himself to serving.” One of Teixeira’s former high school classmates expressed shock, stating that he “could never have foreseen him doing that.” However, a member of the online chatroom where Teixeira posted the classified information explained that Teixeira “had become disillusioned about the U.S. military” and thought that the U.S. government was too powerful.

Teixeira joins the ranks of Chelsea Manning, Edward Snowden, and Reality Winner as young Americans who leaked classified information after they lost faith in their own government. Unless the government takes urgent steps to understand and address this growing problem, the crisis in U.S. counterintelligence is only going to get worse.

Losing Faith in the System

Teixeira evidently wanted to correct the government’s narrative regarding the war in Ukraine. Opposition to U.S. foreign policy has always been a reason for leaks. The rapid U.S. withdrawal from Afghanistan left many in public service demoralized. The equally rapid transition to the war in Ukraine, including the government’s insistence that the American people must be willing to pay the price for “as long as it takes” will tax the public’s patience as more Americans lean towards isolationism.

Even if people love their country, they may hate their government, particularly when politics gets involved. Politicizing national security can lead public servants to think that their own government is the enemy. Moreover, Teixeira quickly became a political football. Rep. Marjorie Taylor Greene claimed Teixeira was targeted by the Biden administration based on his identity and beliefs. A polarized political environment means there will always be members of at least one political party who will exploit leakers for political gain, thereby emboldening others.

The problem of leaks will continue to grow if those in public service feel like the government serves its own interests rather than those of the people. In this case, Teixeira believed that the military “was run by the elite politicians.” Teixeira is among the majority of Americans exhibiting disillusionment with the U.S. government. Most Americans increasingly distrust their own government and think that it is not transparent with the public. Following in the same vein as Manning, Snowden, and Winner, Teixeira leaked classified information “to educate people,” although it is important to note that in Teixeira’s case, he shared the documents in a private chatroom. Other members in the chatroom publicly exposed the secrets Teixeira leaked, which were then spread further online—including by disgruntled former U.S. Navy veteran, Sarah Bils.

Leaking classified information is now a broadly accepted response to disagreements with and distrust in the U.S. government. Potential leakers can therefore count on widespread public support from people who consider them whistleblowers rather than traitors. In short, the political, social, and cultural context of the United States today makes leaks from individuals like Manning, Snowden, Winner, and now Teixeira more likely.

Looking for Leakers in All the Wrong Places

The current U.S. counterintelligence system has few answers for leakers like Teixeira. Background investigations for security clearances focus on key characteristics, for example, financial difficulties or foreign contacts. They only make a tepid effort to determine the applicant’s loyalty to the United States. Even polygraph tests are no fail-safe: the notorious CIA traitor Aldrich Ames passed two.

The motivation behind the current background investigation system is to recognize and weed out individuals who might be vulnerable to recruitment by foreign intelligence services, which has historically been the source of major counterintelligence failures. But Teixeira, Manning, Snowden, and Winner were not working for anyone else. Instead, they individually and willfully decided to release classified information.

The system also falls short with younger applicants like Teixeira because there is less material on which to evaluate their fitness to hold a clearance. Periodic reinvestigation or continuous vetting tracks overt transgressions. How do you identify and, more importantly, rehabilitate individuals who become jaded over time? This is the key question and challenge now facing the U.S. government’s efforts to protect classified information from leaks.

Shoring up Security by Restoring Faith in Public Service

Leaks produce paranoia and suspicion. In response, the government may encourage its employees to surveil each other for an insider threat, creating a toxic work environment. Indeed, the U.S. government should reconsider how it conceives of and applies the term “insider threat” to characterize those who might leak classified information.

First, the term is speculative. The government should avoid signaling that its own people are potential threats, especially before they have done anything wrong, because it undermines both their morale and public trust.

Second, the term is overly broad, suggesting that anyone working in the government with a grievance may pose a threat. But many grievances are routine and widespread – concerning working conditions, disagreements with policies or politics, or a lack of recognition and feeling of purposelessness. If everyone who harbored frustrations with the government was a leaker, there would be no classified information left to protect.

Third, reporting requirements for insider threats can make people feel like they cannot voice well-grounded, well-intentioned, or principled frustrations with their government or job, which could drive them to hide their dissatisfaction, engage in more secretive behaviors, and ultimately conclude that the only path for addressing grievances is through leaking.

Government bureaucracy can grind down those who, perhaps overly optimistically, thought they would generate positive change only to feel stymied by the system. Sensing that one’s efforts are unappreciated or in vain can lead an individual to seek recognition elsewhere. This appears to have been the case in the most recent leaks – according to some members of the chatroom, Teixeira shared the secret documents in an effort to impress the group.

Bureaucracy does not have to be static; it merely reflects the sum of the choices of individuals, organizations, and leaders. Bureaucracy can and must change to meet the current moment.

Young people may be particularly at risk of leaking because they tend to be idealistic and may feel powerless to address grievances through formal channels. As the demographics of civil servants changes, especially in terms of age, the U.S. government will have to reconsider its approach to its bureaucratic system and standard operating procedures to accommodate generational shifts.

The government’s current insider threat training exacerbates the problem. Rote, mandatory, online training or in-person briefings are a source of frustration rather than motivation. Generic scenarios and warnings will not prepare people for the undoubtedly complex questions and thoughts they wrestle with before deciding to leak classified information. The government should devote more resources to offering a foundational education in areas like civics, ethics, and U.S. national security policy to those who hold security clearances.

By way of a personal example, I was talking to a friend who is a senior non-commissioned officer in a military special operations component about the U.S. government’s consistent failure to truly convey to service members how their actions—and sacrifices—have a straightforward and meaningful impact on high-level national security policy and strategy. He responded that until he reached a senior position that required him to attend a professional military education institution, no one had made that connection for him despite years of service and multiple deployments. The government must ensure that individuals in positions of public trust, especially those with security clearances, understand both the relevancy of their work and the magnitude of the stakes involved in order to give them a sense of purpose and import a feeling of personal responsibility for the common defense.

It is worth emphasizing that leakers like Teixeira are outliers. The overwhelming majority of public servants with security clearances are faithful stewards of the information they are charged with protecting. However, as the latest leaks reveal, even one leaker can have catastrophic consequences. But perhaps the real catastrophe is that the U.S. government has let individuals like Teixeira lose faith in the system they sought to serve in the first place.

Editor’s Note: The views expressed in this article are the author’s own and do not represent the views of the U.S. government, Department of Defense, or Joint Special Operations University.

IMAGE: This photo illustration created on April 13, 2023, shows the Discord logo and the suspect, national guardsman Jack Teixeira, reflected in an image of the Pentagon in Washington, DC.(Photo by STEFANI REYNOLDS/AFP via Getty Images)

The post Not for Self, But for Country? A Crisis for U.S. Counterintelligence appeared first on Just Security.

In a previous post, I described the political landscape for this year’s Section 702 reauthorization debate and noted the view of most observers that Section 702 is unlikely to be reauthorized this year without significant reforms. I outlined four key areas of reform and discussed the first of these: closing the backdoor search loophole. In today’s post, I discuss the second area of needed reform: closing gaps in the law that permit the collection and use of Americans’ communications and other Fourth Amendment-protected information without statutory authorization or judicial oversight. [1] 

There are two primary gaps that Congress must address. First, changes in communications technology since FISA’s 1978 enactment have dramatically altered the reach of the law. In 2008, Congress addressed one of the unintended outcomes of these changes: The government was required to obtain FISA Court orders to collect purely foreign communications, simply because they were routed through or stored in the United States. However, Congress failed to fully address the flip side of the issue: massive amounts of Americans’ communications and other sensitive information are routed and stored overseas, rendering them vulnerable to collection outside any statutory framework. To complete the modernization of FISA that began with Section 702, Congress must close this critical gap in coverage. 

Second, after 9/11, the government sought to evade FISA’s substantive and procedural constraints by relying on claims of inherent executive authority. Congress responded by reaffirming that FISA was the exclusive means by which the government could conduct “electronic surveillance.” Because of the highly technical definition of that term, however, the exclusivity provision fails to reach many types of collection covered by FISA. There is ample reason for concern that the government is exploiting these gaps to collect some of the most sensitive data Americans generate without adhering to FISA’s requirements — including by purchasing it from data brokers. Congress should fill the holes in FISA’s exclusivity provision and bar the government from buying its way around FISA and other legal restrictions on governmental access to Americans’ data.  

FISA’s Outdated Geographical Distinctions

As a general matter, FISA applies when the government collects foreign intelligence inside the United States or from U.S.-based companies. (A significant exception to this rule is discussed in the next section of this post.) When the government collects foreign intelligence abroad, it generally relies on claims of inherent presidential authority, as regulated by Executive Order (EO) 12333 and related executive branch policies. The distinction has critical consequences; as explained further below, there are exceedingly few legislative protections for Americans’ privacy when the government conducts surveillance under EO 12333, and such surveillance is not subject to review or approval by any court.

As I explained in comments to the Privacy and Civil Liberties Oversight Board (PCLOB) last November, a geographic limitation on FISA’s reach might have made some sense in 1978, when surveillance inside the United States generally meant surveillance of Americans and surveillance abroad generally meant surveillance of foreigners. To be sure, FISA did not restrict the government’s ability to collect communications between foreigners and Americans when the surveillance took place overseas or was accomplished by satellite. Nonetheless, the volume of international communications in 1978 was exponentially smaller than it is today. Communications were generally ephemeral and had to be captured in transit; they did not rest in electronic storage for years or decades. And there were significant technological limitations on storing, processing, and analyzing data. These factors greatly limited overseas collection of Americans’ international communications. 

As for purely domestic communications, they were transmitted almost entirely through wires inside the United States (and therefore covered by FISA). Today, communications are routinely routed and stored all over the world, in places far removed from the points of origin and receipt. Indeed, the fact that purely foreign communications could be handled by internet service providers inside the United States — which, under FISA as originally enacted, would have triggered the requirement to obtain a probable-cause order — is one of the main reasons the government sought to “modernize” FISA in 2008 through the enactment of Section 702. 

The government showed markedly less interest in the other half of this problem: the fact that purely domestic communications and other personal data are routinely routed and stored abroad. In some cases, this could remove them from FISA’s protections and expose them to EO 12333 surveillance. Congress did extend FISA to cover the intentional targeting of Americans who are themselves located overseas, and EO 12333 policies generally prohibit targeting Americans or intentionally collecting domestic communications. These limits, however, are subject to various caveats and exceptions. Moreover, they have little practical effect when the government engages in bulk collection — a dragnet approach in which the government does not identify particular targets. Bulk collection is prohibited under FISA, but permitted under EO 12333.

In February 2022, through the efforts of Senators Ron Wyden and Martin Heinrich, Americans learned that the CIA has for years been conducting bulk collection programs under EO 12333 that pull in Americans’ data. One set of activities includes the bulk acquisition of information about financial transactions involving Americans and others. Another program collects an unspecified type of data, but the CIA’s sparse public statements on the program suggest that it impacts “Americans who are in contact with foreign nationals,” which implies that it involves communications records. A document that was partially declassified by the CIA shows that intelligence analysts query the data acquired under this program for information about U.S. persons, and that they do so without recording the justification for the queries — making it virtually impossible to conduct even internal oversight. 

Even when EO 12333 surveillance is targeted at identified foreigners (rather than conducted in bulk), it will acquire the communications of Americans in contact with those targets, just as Section 702 surveillance does. As a result of the explosion in international communication mentioned above, the volume of such “incidental” collection is likely immense. The collection of communications between foreign targets and Americans squarely implicates the Fourth Amendment, as the FISA Court has recognized in the Section 702 context. Congress clearly shares this understanding, having included minimization and FISA Court oversight as critical elements of Section 702. Even though these measures have failed to protect Americans’ privacy (as I explained in Part I of this series), they still far exceed the protections established by EO 12333 and its implementing policies. 

Consider, for instance, the role of the courts. Under Section 702, the FISA Court reviews the government’s targeting, minimization, and querying procedures on an annual basis to determine whether they comport — both on paper and in practice — with the statute and the Constitution. The FISA Court also reviews any significant instances of non-compliance, which the government is required to report, and may order appropriate remedies. There is no such oversight — indeed, no judicial oversight whatsoever — for surveillance that takes place under EO 12333. Similarly, the government is required by statute to notify criminal defendants if it relies on evidence obtained or derived from FISA surveillance (including Section 702), but there is no such statutory requirement if the government uses evidence obtained or derived from EO 12333 surveillance. In short, as a practical matter, no court can step in if the government operates EO 12333 surveillance in ways that violate the order, statutory law, or the Constitution.

There are also fewer limits on backdoor searches of EO 12333-acquired data, particularly those performed by the CIA and FBI. The CIA’s EO 12333 procedures permit U.S. person queries for any information “related to a duly authorized activity of the CIA.” That’s a much broader standard than the one contained in the CIA’s Section 702 querying procedures, under which queries “must be reasonably likely to retrieve foreign intelligence information, as defined by FISA.” The gulf is even wider for the FBI. The bureau’s Section 702 querying procedures state that U.S. person queries “must be reasonably likely to retrieve foreign intelligence information, as defined by FISA, or evidence of a crime” — and in one small subset of cases, FBI agents must obtain a court order before viewing the results of U.S. person queries (although to date, they have entirely failed to comply with this mandate). By stark contrast, there are no specific restrictions on FBI queries of data obtained under EO 12333. The only limitation is a general admonition, set forth in the Attorney General’s Guidelines for Domestic FBI Operations, that “[a]ll activities under these Guidelines must have a valid purpose consistent with these Guidelines, and must be carried out in conformity with the Constitution and all applicable statutes, executive orders, Department of Justice regulations and policies, and Attorney General guidelines.”  

As I wrote in my comments to the PCLOB:

There is no justification for giving lesser protection to Americans’ constitutional rights based solely on where the data was obtained. If anything, the privacy implications of EO 12333 surveillance for Americans are likely even greater than those of Section 702. The government has acknowledged that the majority of its foreign intelligence surveillance activities take place under EO 12333. Accordingly, it reasonable to expect that there is more “incidental” collection of Americans’ information under EO 12333 than under Section 702, even when such surveillance is targeted. And, of course, bulk collection has the potential to sweep in Americans’ data in amounts that far exceed what normally occurs during targeted surveillance. 

In short, the lack of legislative limits and judicial oversight for EO 12333 surveillance is a constitutionally untenable anachronism, rooted in modes and methods of communication that no longer exist. To close this gap and complete the modernization of FISA, Congress should enact rules for any EO 12333 activities that result in the collection of Americans’ information. 

Such activities should be treated similarly to collection under Section 702. In other words: 

• Congress should prohibit the targeting of Americans under EO 12333. 
• Congress should require the government to minimize the retention, sharing, and use of Americans’ information that is “incidentally” acquired under EO 12333. One of the few statutory limits on EO 12333 surveillance is a requirement to delete any unencrypted U.S. person information after 5 years if it does not constitute foreign intelligence or evidence of a crime; however, there is a broad “national security” exception that greatly weakens the force of this provision.
• Just as Congress should close the backdoor search loophole under Section 702, it should do the same for EO 12333, requiring the government to obtain a warrant or FISA Title I order before conducting U.S. person queries of the data. 
• Congress should subject EO 12333 programs that result in the collection of Americans’ data to FISA Court oversight, including annual court approval of minimization and querying procedures.  
• Congress should require the government to inform criminal defendants when using evidence obtained or derived from EO 12333 surveillance. 
• Because bulk collection poses unique risks to Americans’ privacy (not to mention the privacy of countless foreign nationals who pose no threat whatsoever to the United States), Congress should prohibit the practice, or at least tightly limit its availability — e.g., to geographic areas of active or impending hostilities.

In implementing these changes, Congress need not call into question the president’s constitutional authority to conduct surveillance of foreigners abroad. But where such surveillance extends beyond foreigners themselves and sweeps in the Fourth Amendment-protected information of Americans, there can be no question regarding the necessity and appropriateness of legislative and judicial involvement. As the Supreme Court has made clear, the Constitution “most assuredly envisions a role for all three branches when [Americans’] individual liberties are at stake.”  

FISA’s Flawed “Exclusivity” Provision and the Data Broker Loophole

FISA provides the government with a range of authorities that can be used in foreign intelligence investigations, including the authority to acquire communications content; to conduct physical searches; to install a pen register or trap-and-trace device to obtain communications metadata; and to collect business records from third parties. All these authorities come with substantive restrictions and procedures that the government must follow, including obtaining approval by the FISA Court.

After 9/11, however, the government found a way to free itself from these constraints. Executive branch lawyers asserted that “the President has inherent constitutional authority to conduct warrantless searches and surveillance within the United States for foreign intelligence purposes” — a prospect that the Supreme Court has never endorsed. This claim meant that the government could simply choose which authority to use: FISA, with its attendant restrictions and procedures; or the president’s inherent authority, which comes with no such limitations. Unsurprisingly, the government chose Option 2, launching a program code-named “Stellar Wind” to collect communications between suspected foreign terrorists and Americans without obtaining a FISA Title I order, as the law then required.  

After the program was made public, Congress passed the FISA Amendments Act of 2008, which included Section 702. Through this law, Congress gave its blessing to some aspects of Stellar Wind. However, Congress also sought to prevent the government from evading the restrictions and procedures of FISA in the future. It did so by clarifying and bolstering FISA’s “exclusivity” provision, which provides that FISA, along with various criminal law provisions authorizing electronic surveillance, “shall be the exclusive means by which electronic surveillance and the interception of domestic wire, oral, or electronic communications may be conducted.”  

This “exclusivity” provision is vital to the effectiveness of FISA. Its scope, however, is limited. FISA’s highly technical definition of “electronic surveillance” excludes many types of collection authorized by the statute. For instance, it applies only to the collection of communications (including content and some types of metadata), not other types of sensitive information about Americans. In addition, its application to third parties’ production of stored records is at best unclear. The government can thus claim that certain provisions of FISA — including Section 702 itself, to the extent it authorizes collection activities that do not qualify as “electronic surveillance,” as well as the provisions governing physical searches and the collection of some third-party records — are not the exclusive means by which such activities may be conducted, and that the government may ignore the restrictions and procedures contained in such provisions. 

There’s every reason to believe that’s happening now. In 2020, Congress was debating whether to reauthorize Section 215, the so-called “business records” provision of FISA that the NSA relied on to collect Americans’ phone records in bulk. Senator Richard Burr — who then chaired the Senate Select Committee on Intelligence — warned that if Section 215 expired, “the president under 12333 authority can do all of this without Congress’s permission, with no guardrails.” The authority indeed expired (although pending investigations were grandfathered), and the conspicuous absence of any serious government efforts to reinstate it strongly suggests that the government is obtaining the same information through other means. 

That’s alarming, because the information that the government may obtain under Section 215 and other provisions of FISA not fully covered by the exclusivity provision can be extremely sensitive. Take the phone records that were the subject of the NSA’s bulk collection program. After Edward Snowden’s disclosure of the program, experts explained how communications “metadata” — a term many Americans had never encountered — could be crunched to reveal people’s associations, activities, and even beliefs. Geolocation information can similarly reveal the most intimate aspects of people’s private lives. Indeed, for that very reason, the Supreme Court in Carpenter v. United States (2018) held that police need a warrant to obtain a weeks’ worth of geolocation information from a cell phone company.

If the government wanted to obtain such information without adhering to FISA, one workaround would be to purchase it from data brokers. This appears to be an increasingly common practice among federal agencies. In one particularly worrisome example, Vice News reported that “[m]ultiple branches of the U.S. military have bought access to a powerful internet monitoring tool that claims to cover over 90 percent of the world’s internet traffic, and which in some cases provides access to people’s email data, browsing history, and other information such as their sensitive internet cookies.” Additionally, multiple agencies have reportedly purchased access to Fourth Amendment-protected cell phone location information, including the Federal Bureau of Investigation (as recently confirmed by FBI Director Chris Wray), the Drug Enforcement Administration, the Internal Revenue Service, multiple components of the Department of Homeland Security, the Secret Service, and the Department of Defense. 

The government’s purchase of Americans’ cell phone location information would seem to violate Carpenter’s holding that the government needs a warrant to obtain such information. Agency lawyers, however, have interpreted Carpenter to apply only when the government compels companies to disclose location information. When the government merely incentivizes such disclosure — by writing a check — the warrant requirement conveniently disappears. At that point, the argument goes, the government may obtain this Fourth Amendment-protected information in unlimited quantities without any individualized suspicion of wrongdoing, let alone probable cause and a warrant. This is legal sophistry, but it could take years for the courts to resolve the issue. In the meantime, the government has effectively sidelined the Fourth Amendment when it comes to data purchases.

Another apparent barrier to these purchases — the Electronic Communications Privacy Act (ECPA) — has also proven inadequate. ECPA prohibits phone and Internet companies from disclosing customer records to government agencies unless the government produces a warrant, court order, or subpoena. But it includes broad exemptions for foreign intelligence surveillance. Moreover, the law is woefully outdated. It does not cover app developers or digital data brokers, for the simple reason that they did not exist in 1986, when the law was passed. As I testified before the House Judiciary Committee last July:

This gap creates an easy end-run around the law’s protections. Companies that are prohibited from selling their data to the government can sell it to a data broker — a disturbingly common practice — and the data broker can resell the same information to the government, at a handsome profit. The information is effectively laundered through a middleman. 

These combined gaps — in FISA, in the government’s reading of Fourth Amendment case law, and in ECPA — leave the government free to collect some of the most sensitive information Americans generate, and to do so inside or outside the United States, without statutory authorization or judicial oversight. That is presumably how the CIA came to operate a bulk collection program that pulls in Americans’ data, to be retrieved through backdoor searches and used for unknown purposes.

For foreign intelligence investigations, there’s a simple way to fix the problem: amend FISA’s exclusivity rule to encompass all of FISA’s provisions. Specifically, Congress could provide that the provisions of FISA, insofar as they authorize the collection of Americans’ information or searches of Americans’ property, constitute the exclusive means by which such collection or searches may occur for foreign intelligence purposes. Without this modest step, many of the protections Congress wrote into FISA will become largely optional. 

But Congress should go further and use the opportunity presented by the Section 702 sunset to close the data broker loophole completely — that is, not just for foreign intelligence investigations. Congress should make clear that the government may not purchase Americans’ personal information in any situation where it would otherwise require a warrant, court order, or subpoena to obtain the same information. The Fourth Amendment Is Not For Sale Act, a bill introduced in the last Congress by Senators Ron Wyden and Rand Paul and by Representatives Jerrold Nadler and Zoe Lofgren, would go a long way toward accomplishing this goal.

***

Lawmakers on both sides of the aisle can surely agree on this basic principle: There should be no collection of Americans’ communications or other highly sensitive information that takes place outside of any statutory framework and beyond the reach of the courts. There are gaps in FISA’s coverage, however, that are producing exactly that result. If Congress doesn’t fill these gaps, any reforms to Section 702 will have limited effect, as the government will be able to obtain much of the same information — with far fewer constraints — entirely outside the FISA framework.

[1] 1 Throughout this post, I use “Americans” as a shorthand for “U.S. persons,” which is defined under FISA to include citizens and legal permanent residents.

IMAGE: Digitial map (via Getty Images)

The post The Year of Section 702 Reform, Part II: Closing the Gaps and Completing the Modernization of FISA appeared first on Just Security.

The unauthorized disclosure of classified documents from Massachusetts Air National Guard member Jack Teixeira represents a significant security breach for the U.S. Intelligence Community. On Friday, Teixeria appeared before the U.S. District Court for the District of Massachusetts, where he is facing charges for leaking classified information on an online gaming platform.

In the wake of the revelations, Just Security asked top experts and former senior intelligence officials to assess the damage from the Teixeira breach and implications for national security.

Robert Litt, former General Counsel of the Office of the Director of National Intelligence under the Obama administration:

The recent arrest of a 21-year-old National Guardsman for leaking classified documents has raised a number of questions that illustrate the tensions under which the Intelligence Community operates. People have wondered why sensitive information about the Ukraine conflict, Chinese spy balloons, and internal Russian political dynamics was shared with the Massachusetts Air National Guard. But in the aftermath of 9/11, there was tremendous pressure to ease and broaden the flow of intelligence information, both to enable analysts to “connect the dots” and to ensure that agencies charged with protecting national security were fully informed about present and future threats. People have wondered why it took several months after the release of some documents on a social media platform for the authorities to discover them. But privacy and civil liberties concerns appropriately limit the ability of government authorities to monitor postings on social media in the absence of concrete evidence of wrongdoing – particularly social media sites that are not open to the general public. And people have expressed astonishment that, yet again, a leaker has slipped through the security clearance process. Yet with over 1 million people having Top Secret security clearances, even a clearance system that is 99.99% perfect – a degree of perfection that is unimaginable for human processes – there would be over 100 security risks with access to top secret information.

In the aftermath of the leaks, there should be a sober and penetrating review of information sharing, of the number of people with security clearances, of implementation of existing policies regarding “need to know,” and of monitoring of classified systems. But it will be important not to overcorrect and take steps that either burden civil liberties or impede effective intelligence gathering, analysis, and dissemination.

Mary McCord, Executive Director of the Institute for Constitutional Advocacy and Protection (@GeorgetownICAP) and former Acting Assistant Attorney General for National Security at the U.S. Department of Justice:

The Teixeira case raises a number of red flags. First, did Teixeira actually have a “need to know” the information to which he was provided access? Even with the proper clearances, access is supposed to be limited to those with a need to know. Providing technical support to the classified communications systems for the Air National Guard should not establish a need to know the content of the classified information on those systems. The Department of Defense should examine its practices for granting clearances and providing access to highly classified information to those whose jobs are to make sure the computer systems work properly, but who otherwise do not have a need to know the content of the information flowing over those systems.

Second, the casualness with which Teixeira felt he could ignore the lifelong non-disclosure agreements he signed in order to obtain access to highly classified information warrants a review of how the Air National Guard – and the military more generally – trains its members about the importance of complying with classified information procedures, how and to whom the clearances are granted, and how read-ins to special access programs are conducted. This review should also consider the age and maturity of those to whom we are entrusting information which, if disclosed, could cause exceptionally grave harm to our nation’s security. Teixeira’s choice of a gaming platform to make disclosures to a group of boys some of whom may not even have been old enough to enlist in the military, in an apparent attempt to impress them, underscores this point.

Finally, reporting about Teixeira’s racist and anti-Semitic statements and actions, including an alleged video of him shouting these types of statements before shooting a rifle, is reason to review how the Air National Guard – and, again, the military more generally – is recruiting and training its volunteers and enlistees. There is no place in our military for those whose extremist views undermine the mission of the branch in which they seek to serve. The Teixeira case is a wake-up call. Our nation’s security demands that it be heeded.

John Sipher (@john_sipher), 28-year CIA veteran with multiple tours overseas as Chief of Station and Deputy Chief of Station in Europe, Asia, and in high-threat environments:

The recent leak of intelligence relating to the war in Ukraine has provided some interesting – if not surprising – findings. For example, some of the documents have highlighted sensitive signals intelligence that there is increased infighting among Russian military and political officials.

For students of Russia such infighting is nothing new. Even in the best of times, Russian officials seem to be particularly skilled at undercutting each other. Also, over recent years Putin has become adept at using the classic practice of divide and rule. If an official or organization appears to be gaining strength inside the system, they can expect to be cut down to size. Dictators cannot tolerate anyone gaining any kind of authority that might be seen as a political threat.

In such a system (well, in any system), those responsible for military and strategic failures need to shift blame to others. The Kremlin has engaged formal and informal actors, as well as covert and overt units in an effort to destroy Ukraine. All have failed and all need to find a way to cover their backsides.

In normal times, our diplomats and intelligence operatives only gain glimpses of the internal machinations of key Kremlin insiders. Times of war however, provide our intelligence professionals a much wider array of targets to inspect and analyze. Military and political commanders must communicate in a rushed and chaotic manner which allows more opportunities for collection. Indeed, the recent reports of infighting seem to derive from signals intercepts.

While the leak of the intelligence is unfortunate, it is unlikely to lead to a loss of collection across the board. Politicians, commanders, and soldiers cannot easily change their equipment and procedures in a time of war, and the worse things get on the ground, the greater the need to shift the blame to others.

Erik Dahl (@ErikJDahl1), associate professor of national security affairs at the Naval Postgraduate School and faculty member of the Center for Homeland Defense and Security:

This case appears in many ways to be even more dangerous for American intelligence and national security than previous leaks such as Snowden and Manning. From what we know so far, this appears to be a case of a knucklehead with a clearance, and such a person can be much more difficult to detect and track than traditional leakers, who are typically motivated by factors such as ideology, politics, or money.

Counterintelligence efforts can detect internal threats such as leakers at three different stages. First, before the person is granted a clearance and access to secrets, the security investigation and clearance approval process is designed to detect potential danger signs from someone’s past behavior and statements. Second, while the person is working in a position of trust — whether as a member of the military, a civilian employee, or a contractor — there are systems such as periodic clearance reviews designed to spot warning signs that might develop. And third, security systems are in place to detect loss of classified material and other internal threats as soon as possible, in order to contain the threat and identify the persons responsible.

All of these security systems are designed to detect traditional threats, such as insiders who voice extremist or violent views or who communicate with known terrorist groups or foreign security services. And all three of these systems appeared to have failed in this case, in which the offender appears to have been a low-level insider with no ideological or political axe to grind, and who was not motivated by traditional factors such money.

Asha Rangappa (@AshaRangappa_), Senior Lecturer at Yale’s Jackson Institute for Global Affairs and former Special Agent in the New York office of the FBI:

The question that the Texeira case raises is how many cases like his do we NOT know about? Surely he was not the only junior officer in the military who had access to such sensitive material, and he had no problem bringing these documents home. These individuals would be low-hanging fruit for intelligence services seeking to recruit sources; those who might be motivated by financial incentives, rather than narcissism like Texeira, could very well be passing our secrets directly to our adversaries instead of posting them online.

Alex Finley (@alexzfinley), former officer of the CIA’s Directorate of Operations, where she served in West Africa and Europe:

For me, the biggest takeaway is that the government needs to revisit its clearance process and stop handing out Top Secret access like it is candy at Halloween. Getting a clearance has become a bureaucratic process, rather than a common sense process. Issues such as Teixeira’s anti-government views are not likely to manifest themselves on a form, and too many people hold high-level clearances. Lastly, we need to rethink sharing. After 9/11, sharing intelligence widely became a mantra, and rightly so. But perhaps some sharing needs to be reined in.

Image: This photo illustration created on April 13, 2023 in Washington, DC, shows the Discord logo reflected in a screengrab of the suspect, national guardsman Jack Teixeira, being taken into custody by FBI agents in a forested area in North Dighton, in the northeastern state of Massachusetts (Photo by MANDEL NGAN/AFP via Getty Images).

The post The Teixeira Breach: What Top Intelligence and Legal Experts Are Saying appeared first on Just Security.

The unauthorized disclosure points to broader systemic failures in the safeguarding of U.S. intelligence information, as well as new insider threats that pose thorny legal and policy challenges. As intelligence and law enforcement leaders assess the damage, Congress should be asking tough questions to hold the executive branch accountable and prevent future leaks.

The New Insider Threat

The incident differs from previous high-profile leaks, such as Edward Snowden’s revelations or Chelsea Manning’s disclosures. Unlike those cases, Teixeira was apparently not a self-styled whistleblower. There is also no public indication that he was a foreign agent, although the intelligence he leaked eventually ended up in pro-Russian Telegram channels and much of it was a boost for Moscow.

According to Bellingcat and New York Times investigations, the intelligence documents initially were posted on the online gaming platform Discord before migrating elsewhere to Internet sites such as YouTube, image board 4Chan, Telegram, and Twitter. Teixeira shared photos of the intelligence documents in a private chatroom called Thug Shaker Central – a small group of mostly young men who bonded online during the pandemic over guns and racist memes – reportedly to “inform” his “friends” about government overreach.

This type of insider threat is likely to be more pervasive, and in some significant ways more dangerous, than traditional espionage. Counterintelligence measures, though imperfect, are in place to prevent foreign intelligence agencies from recruiting U.S. officials, such as through tracking the finances, travel, and foreign contacts of U.S. government employees. But it is far more challenging to root out potential insider threats with no external connections, where none of these drivers or red flags may be present.

While the Pentagon and law enforcement agencies recently have taken steps to counter extremism in their ranks – particularly in the wake of the January 6th attacks on the U.S. Capitol – domestic extremism within the U.S. Intelligence Community remains a growing and under-appreciated threat. There was no reference to this threat in the recent 40-page unclassified version of the 2023 Annual Threat Assessment of the U.S. Intelligence Community, which contained only a brief section on “transnational racial or ethnically motivated violent extremists.”

This insider threat is compounded by risks emanating from disinformation campaigns. That’s true for both inputs and outputs. In terms of inputs, anti-government extremist conspiracy theories may motivate more insiders to think they have a righteous cause. In terms of outputs, allegations that some aspects of the leaked intelligence documents were deliberately altered, for example, raises the prospect of more sophisticated disinformation operations based on partially correct intelligence.

Legal and Policy Challenges

The incident highlights a longstanding problem with how to monitor online gaming platforms, a less obvious medium for sharing intelligence which poses significant legal and policy challenges. These types of platforms allow potential leakers to “hide in plain sight,” complicating law enforcement efforts to identify them.

From a legal perspective, monitoring private online chatrooms raises a host of concerns about mass surveillance programs, potential privacy violations (notwithstanding reduced protections for national security officials), and intercepting U.S. communications. But these legal concerns are finely balanced against the need to improve investigations into domestic threats. The House Jan. 6 Committee previously concluded that the FBI and other agencies were “too cautious” in acting on information gleaned from social media due to exaggerated concerns about free speech.

The leak also poses policy challenges for the Biden administration, which has tried to downplay the seriousness of the revelations. On Thursday, President Joe Biden during a trip to Ireland said he was concerned the leak occurred, but that there was “nothing contemporaneous…of great consequence.” Even if that statement were perfectly accurate, there has been some political fallout from the revelations, which included intelligence collection on U.S. partners in Israel, the Gulf, and the Korean Peninsula. South Korean leaders, in particular, were outraged by the incident, accusing the United States of “violating the sovereignty” of a key ally.

The leaked documents have also decreased Kyiv’s confidence in their partners in Washington at a critical moment in the war, as Ukrainian troops prepare for a Spring offensive against Russia.

At home, the incident raises questions about potential systemic failures in the U.S. intelligence system more broadly, especially in light of revelations that both Biden and former President Trump mishandled classified documents.

Questions Congress and Senior Administration Officials Should Ask

Congress has an important role to play in identifying these systemic failures and preventing similar leaks in future. As intelligence and law enforcement leaders assess the scope of the damage, Congress should ask the following questions. Senior administration officials, with or without robust congressional oversight, should demand the same answers:

1. Why did it take at least a month for the unauthorized disclosure to come to the attention of U.S. authorities?
2. How does the administration plan to increase surveillance of online gaming platforms and chatrooms? What financial, personnel, and other resources are needed to do so?
3. How will the administration balance surveillance of online gaming platforms with privacy concerns? What legal protections and procedures will be put in place to safeguard individual privacy rights?
4. Should law enforcement authorities be allowed to access, read, and store communications from U.S. citizens to foreign members of private group chats?
5. What is the procedure for conducting background checks of intelligence branches of the Air National Guard and are background checks equally rigorous for all U.S. Intelligence Community agencies? What is the procedure for conducting continuing checks after individuals have joined the government, and what improvements can be adopted to that system?
6. Why was Teixeira able to obtain a security clearance and pass required background checks despite holding anti-government and discriminatory views? Did he undergo a psychological evaluation as part of routine background checks?
7. How did Teixeira gain access to sensitive intelligence on Ukraine and other national security issues outside the scope of his normal duties? Did he have access to raw reporting in addition to finished intelligence products?
8. Did Teixeira receive emails with intelligence roundups? How wide is the distribution list for such roundups?
9. How was Teixeira able to take intelligence documents home?
10. What steps does the administration plan to take to root out extremism within U.S. intelligence agencies and prevent similar disclosures in the future?

[Editor’s note: a previous version of this article indicated Teixeira photographed the documents at work. Initial evidence suggests he brought the documents home and uploaded photos of them to the online gaming platform].

Image: The suspect, national guardsman Jack Teixeira, reflected in an image of the Pentagon in Washington, D.C. (Photo by STEFANI REYNOLDS/AFP via Getty Images).

The post The Teixeira Disclosures and Systemic Problems in the U.S. Intelligence Community appeared first on Just Security.

There is considerable debate about whether the spy balloon (and the U.S. shootdown of it) violated international law. But the incident also raises deeper questions about the legality and morality of espionage more broadly – questions policymakers must address as States rely on more subtle and pervasive forms of spying through artificial intelligence, mass surveillance, and cyber operations.

Legal Considerations

International law treats spying that occurs during wartime and peacetime differently. The rules on wartime spying focus on whether the information gathering is carried out through false pretenses. In peacetime, the analysis centers on whether the methods of spying violate a State’s sovereignty.

Espionage During an International Armed Conflict

Under customary international law and international humanitarian law (IHL) (codified in Additional Protocol (I) to the Geneva Conventions, Art. 46) espionage that occurs during an international armed conflict is carefully defined, though the precise methods of information gathering are not identified or prohibited. As the International Committee of the Red Cross notes, “espionage” is the “gathering or attempting to gather information in territory controlled by an adverse party through an act undertaken on false pretenses or deliberately in a clandestine manner.”

During an armed conflict, an individual who engages in espionage is considered a spy and loses her right to prisoner of war status, including the protections around accommodation and access to food, clothing, hygiene and medical care. By contrast, members of the armed forces who wear their own uniforms (as opposed to those who wear civilian attire or the uniform of the adversary) may gather information in the territory of the adverse party without losing prisoner of war status. Similarly, a spy who rejoins her armed forces but who is then captured must be treated as a prisoner of war and incurs no responsibility for previous acts of espionage. If captured, a spy may not face summary execution and is guaranteed the right to a fair trial.

Espionage During Peacetime

Outside of IHL, many international lawyers take the view that there is no general prohibition against espionage. In the Lotus case, for example, the International Court of Justice observed that international law leaves States “a wide measure of discretion which is only limited in certain cases by prohibitive rules” and that in the absence of those rules “every State remains free to adopt the principles which it regards as best and most suitable.” As Ashley Deeks observes:

Several government officials and scholars believe that the Lotus approach provides the best way to think about spying in international law. For them, the idea is simply that nothing in international law forbids states from spying on each other; states therefore may spy on each other – and each other’s nationals – without restriction.

Other scholars disagree, and argue that international law contains an affirmative “right to spy,” (see, for example, this article by Asaf Lubin and his Just Security podcast episode). Many in this camp take the view that spying is necessary for self-defense because States need to gather military and diplomatic intelligence, implying that a rule prohibiting spying would restrict the right to self-defense.

Still other lawyers take a middle approach and argue that some methods of espionage may be illegal because they inherently violate a State’s sovereignty.

The Sovereignty Test

The view that the principle of sovereignty limits espionage begins with international law’s prohibition on States from violating the territorial sovereignty of other States. Sovereignty extends also to territorial seas, via the U.N. Convention on the Law of the Sea (UNCLOS), and to national airspace, via the Convention on International Civil Aviation (Chicago Convention, for a deeper discussion of whether the spy balloon is an “aircraft” under the Chicago Convention see this article by Batuhan Betin). Recently, the non-binding Tallinn Manual 2.0 has tried to define sovereignty as encompassing cyber infrastructure, though disagreements persist as to whether physical damage, or another standard, should determine if a cyber attack infringes upon State sovereignty.

In treaty law, the Vienna Convention on Diplomatic Relations (VCDR) and the Vienna Convention on Consular Relations (VCCR) effectively prohibit receiving States from conducting espionage against the diplomatic and consular missions of sending States. First, diplomatic and consular premises (the buildings or parts of buildings and ancillary land used for the purposes of the diplomatic mission) are inviolable and can only be entered with the consent of the head of mission, except in special circumstances such as natural disasters. Second, diplomatic and consular archives and documents (broadly defined by VCCR Art. 1(1)(k) as “all the papers, documents correspondence, books, films, tapes and registers of the consular post, together with the ciphers and codes, the card-indexes and any article of furniture intended for their protection or safekeeping”) are similarly inviolable. And finally, “official correspondence” belonging to diplomatic and consular missions is inviolable, a provision intended to guarantee secrecy between diplomatic and consular missions and their sending State.

While spying that violates the sovereignty of another State may violate international law, other forms of espionage are officially condoned. For example, international law permits the taking of satellite imagery of another State, based partly on the principle that the “use” of outer space is the “province of mankind.”

Domestic Law

Although international law allows for at least some forms of spying in diplomatic relations, individual States often create stricter domestic legislation to protect their national interests. For example, many countries punish corporate espionage such as the stealing of trade secrets or information gathering through cyber hacking.

U.S. federal law criminalizes leaks of classified government information in the Espionage Act, and authorizes the government to collect surveillance information against foreign State adversaries and their agents (see this Just Security series on the Foreign Intelligence Surveillance Act). For instance, Yanjun Xu, a Chinese intelligence officer was given a 20-year sentence for economic espionage and theft of U.S. trade secrets and a National Security Agency employee was indicted for attempting to transmit classified information to a foreign government.

Moral Considerations

Regardless of whether spying is legal, separate questions arise as to whether it is morally justified and strategically wise. In the case of the spy balloon, U.S. officials repeatedly referred to China’s actions as both illegal and “unacceptable,” alluding to deeper concerns with espionage itself.

While spying is often viewed as an inherently immoral, if commonplace, practice, different normative frameworks may be invoked. According to the “dirty-hands” approach, spying is a necessary evil – government agents must engage in deceit, bribery, and other morally dubious acts to protect national security. Contractarian approaches to espionage, by contrast, suggest that governments have tactically consented to engage in espionage because it is a mutually beneficial practice that allows states to protect their citizens from harm. On this view, spies follow an unwritten moral code – similar to a code of conduct for soldiers – where certain immoral acts, such as lying, become morally acceptable in the context of espionage.

More commonly, the ethics of espionage can be analyzed through the lens of just war theory. The jus ad bellum and jus in bello principles that apply to the use of force may also apply to espionage. An act of spying, for example, may be morally justified if it is conducted at the behest of a legitimate authority, in pursuit of a just cause, and according to the principles of necessity, discrimination, and proportionality.

But just war theory has limited utility for the majority of espionage cases, including the spy balloon incident. The United States and China, for example, are not at war – at least not in the traditional sense of the term – and it is unclear whether and how just war theory should be applied outside of conflict. (Indeed, there are sound reasons to avoid applying just war theory here, as the moral standards governing conduct in war are typically thought to be more permissive than those governing times of peace.)

A better way to conceive of the ethics of espionage is to adopt a rights-based approach, along the lines that Cécile Fabre has proposed. Fabre argues that states have a moral permission, and at times even a duty, to spy based on the imperative of protecting individual rights. This permission is subject to certain conditions: the act of espionage must be necessary to protect against the violation of fundamental rights, and there must be indications from publicly available sources that such violations are imminent. Intelligence operations are morally justified only insofar as they thwart anticipated rights violations and, even then, spies must not cause more harm than the good they seek to achieve.

What does this mean in practical terms? States will always spy, but they should seek to do so in a way that protects, rather than violates, the fundamental rights of all people everywhere. In an era of artificial intelligence and big data, this is no easy task. But adopting a formal, normative approach to espionage is a moral and strategic imperative. Espionage, like other aspects of foreign policy, must be “values-based” if it is to succeed in countering threats to individual rights and the rule of law.

Image: Abstract representation of spying (via Getty Images). 

The post A Right to Spy? The Legality and Morality of Espionage appeared first on Just Security.

According to the Netherlands, the quala that was bombed, “quala 4131,” was a lawful military objective because it was used by the Taliban to attack NATO forces. However, the plaintiffs – surviving residents of quala 4131 and next-of-kin of deceased residents – denied that it was used by the Taliban and argued that it was a civilian object, occupied by civilians. Attacking the quala was therefore a violation of IHL’s principle of distinction, the plaintiffs submitted. The principle of distinction provides that those involved in armed conflict need to distinguish between civilians and military objectives. 

The court did not conclude that the quala could not have been a lawful military target. But it concluded that the Dutch state, 15 years later, could insufficiently substantiate why the military determined this quala as a military objective. The state had argued that the quala had a strategic position in the Chora Valley, that there was enemy fire on the day of the bombing from the direction of the quala, and that there must have been additional intelligence on the basis of which the quala was identified as a military target. However, concrete intelligence could not or no longer be discovered. According to the court, it may well have been a military target, but it is the duty of the state to substantiate that, which the state insufficiently did. Accordingly, the case was decided in favor of the plaintiffs. 

This case therefore turned on how much information the military has to record and keep stored so that it can substantiate why “a reasonable commander” could determine a location as a military target, which the court also noted must be retained for the duration of the statute of limitations. In the Netherlands, this is five years. Because (most of) the plaintiffs had communicated to the court within that time limit, the case eventually made it to a judgment 15 years later. 

The Battle of Chora

This case arises out of events during the mid-June 2007 battle of Chora, Afghanistan. After 9/11, U.N. Security Council Resolution 1386 (Dec. 10, 2001) authorized the establishment of the International Security Assistance Force (ISAF) and the use of “all necessary means” to assist the Afghan authorities to maintain security, in particular in relation to al-Qaeda and the Taliban. ISAF came under NATO command in August 2003. 

In its judgment, the court relied on the following facts related to the battle of Chora. Between Aug. 1, 2006, and Aug. 1, 2010, the Netherlands was the “lead nation” in the southern Afghan region of Uruzgan. The Dutch supreme commander of the armed forces maintained so called “full control” over all Dutch military units. The locally stationed Dutch contingent commander was the “red card holder,” meaning that he was authorized to prevent the deployment of Dutch military when such would not be in accordance with the conditions the Dutch government had provided. 

The command center of Task Force Uruzgan (TFU) and Camp Holland were located in Tarin Kowt, close to the strategically placed Chora Valley on a crossroads of routes to the Gizab area in the north, Khaz Uruzgan in the east, Deh Rasnan in the south, and the Baluchi valley and Tarin Kowt in the west. From April 2007 onwards, two to three platoons (of 20-30 troops each) were permanently stationed in Chora pursuant to intelligence about an upcoming attack by the Taliban to overtake the valley. Indeed, early June saw an increase in Taliban fighters in the area, and in the early morning of June 16, groups of Taliban attacked the Chora Valley from the east and west and reportedly committed atrocities against civilians. 

After a day of heavy fighting, the police posts in the west were lost to the Taliban, and around 6:30 pm, the intensity of the fighting decreased. ISAF units were pushed back to an area of around 4 square kilometers around the strategically positioned “White Compound,” which the TFU commander assessed as “very threatening”: the TFU needed to either retreat from the Chora Valley or stand and fight. At 8 pm, the TFU commander took the stand-and-fight decision, requiring “all necessary means,” partially to protect Afghan civilians against being killed by the Taliban as reprisal, but also for ISAF’s credibility and Chora’s militarily strategic position. 

Directly after the stand-and-fight decision, the TFU commander requested ISAF’s Regional Command South (RC(S)) provide air assets to attack Taliban targets that were identified earlier, including targets that could no longer be directly observed. This was supported by fire from a TFU Pantserhouwitser. 

The Targeted Quala: Civilian Objective or Military Target?

In the evening of June 16 and the following night, F-16s shot 28 guided bombs, of which 18 were dropped on six or seven qualas in the residential area of Chora, including quala 4131. During the bombing, quala 4131 was completely destroyed, including the quala’s mosque, and 18 people from four families lost their lives, several others were wounded, and 30 animals were also reported to have been killed. 

The TFU Chief Joint Fires led the aerial support. According to his report, at 3:10, 3:32 and 3:43 am (on June 17), quala 4131 was bombed as an enemy firing position, after positive identification of the target by the F-16 pilot as the previously identified quala 4131, and signing off by JTAC. JTAC is the Joint Terminal Attack Controller responsible for authorizing an attack after positive identification of a target. Their report includes a statement that the target had been previously determined as a military target by their “own troops in front.” Prior to the F-16 bombings, several Afghan local authorities were given advance warning that civilians had to leave a so-called “engagement area.” A local authority confirmed prior to the bombings that the civilians had left the designated area. 

Twenty hours prior to the bombing, at 6:58 am on June 16, quala 4131 had been identified as containing enemy units. Around noon, 15 hours prior to the bombings, there was more enemy firing coming “more or less from the direction of quala 4131,” which was reported to the command post but not documented in a log. Around 5 pm, the platoon was again fired at, but this time from approximately 800 meters west of quala 4131. Shortly thereafter, at 5:30 pm, (suspected) hostile units were spotted at approximately 400 meters east from quala 4131 and were fired at from the air by ISAF. This contact was not documented in a log. 

According to the court, these last two instances were insufficiently related to quala 4131 to qualify as circumstances on the basis of which quala 4131 could be determined as military target. From the earlier instances, it was not clear that fire actually came from quala 4131, rather than as part of Taliban movement that passed quala 4131. Moreover, the court concluded that these circumstances were insufficiently recent to justify the bombardment many hours later in the middle of the night, particularly because the court found no evidence that the assumption that quala 4131 was used by the Taliban was verified. 

During the proceedings, the Dutch state acknowledged that the information now available in and of itself would be insufficient to justify the bombing, and that more recent information on the status of quala 4131 would have been required. The state thereby argued that it can be assumed that intelligence was available that one or more identified Taliban fighters were in quala 4131, but that not all communication was recorded and stored. 

The court rejected this argument as insufficiently concrete. The court thereby emphasized that the state did not argue that the intelligence had really existed but was no longer traceable, or that the substance of certain intelligence could not be shared for security reasons, but that the intelligence must be assumed to have been available. Yet, the court was not convinced that this intelligence really was available, since the target report had said that the identification had been conducted “by own troops in front,” which the court interpreted as “own ground forces in the area.” There was no guarantee this would have been sufficient intelligence for a determination that the quala was a legitimate target, because the JTAC positive identification was no more than a verification that the earlier determined target was indeed the target in range of the F-16, rather than a verification of the military use of the residential complex. 

Violation of International Humanitarian Law’s Principle of Distinction

The battle of Chora has been subject to investigation by the Dutch Ministry of Defense, the U.N. Assistance Mission in Afghanistan (UNAMA), the Afghan Independent Human Rights Commission (AIHRC), and NATO. While the NATO-ISAF commander’s investigation raised concerns that it may not have been sufficiently possible to distinguish between military targets and civilian objects without direct observation of the targets, this was overruled by the NATO Supreme Allied Commander Europe and the NATO Secretary General, who concluded that TFU acted in accordance with IHL. The Dutch state, UNAMA, and AIHRC reached the same determination. On that basis, the Dutch Public Prosecutor’s Office concluded it was unnecessary to investigate further whether war crimes would have been committed.  

However, in a civil litigation brought by the surviving quala residents and next-of-kin against the Dutch state, the District Court of The Hague (a domestic court within the Dutch legal system) agreed with the plaintiffs that IHL’s principle of distinction was violated. While this is a torts case before a court that does not usually deal with IHL, torts law assesses whether an unlawful act was committed by violating a plaintiff’s rights. The court explained that it applied IHL because the facts occurred during an armed conflict and that IHL then governs the norms of what the Dutch military were allowed to target. The court applied Articles 48, 52, and 57 of Additional Protocol I to the Geneva Conventions as reflections of customary international law. 

Article 48 provides that parties to a conflict need to distinguish between civilians and combatants and between civilian objects and military objectives, and direct their operations only against military objectives. Article 52 provides that with regard to otherwise civilian objects such as a house, military objectives are only those that make an effective contribution to military action, and that in case of doubt, it shall be presumed that it is not used to make an effective contribution to military action. Article 57 concerns the obligation to take precautionary measures more than the principle of distinction but also provides that everything feasible needs to be done to verify that objectives that are to be attacked are not civilian. Article 57 for instance provides for the obligation to give effective advance warning of attacks that may affect the civilian population, which, according to the judgment, the Dutch military at least seems to have tried to do and that they had received confirmation that civilians had evacuated from the area through a local Afghan authority. The court did not address this point further, and it remains unclear how reliable that confirmation was, whether the entire area was evacuated, whether all civilians had been evacuated, for how long it remained evacuated, and whether the military tried to verify that the area was evacuated.  

However, the court’s main reason to conclude that IHL was violated was because, when a plaintiff claims that a location is civilian, the state needs to be able to show on what basis a “reasonable commander” could determine that the civilian location has become a military target. The court further concluded that the state had an obligation to verify that this was still the case after a significant time lapse between identifying a location as military object and bombing it, given that the target may not still be used for military purposes.

Aftermath

In the Feb. 3 announcement that the Netherlands would not appeal the judgment, the Minister of Defense wrote that – 15 years after the events in Chora – the state is unable to provide further information to substantiate the decision to qualify the quala as military objective. She thereby emphasized that the court explicitly said that the judgment does not mean that the Dutch armed forces committed a war crime, nor that the court concluded that the quala that was bombed could not indeed have been a lawful military target. 

So what is the takeaway? According to this Dutch civil court, the military should have documented their decisions better and/or stored that information for at least the duration of plaintiffs’ right to go to court. While it may appear as a lot to ask from the military to not only distinguish between military objectives and civilians but also to document and preserve related decision-making in ongoing combat, only then can victims exercise their right to a remedy if mistakes were made. The military cannot just be assumed to have followed the laws of armed conflict: they need to be able to explain that they did. The Netherlands accepts the decision.

Yet, in the Dutch media, the decision was criticized by some military personnel who believe that these courts don’t appreciate the complex and time-pressured circumstances and judge from hindsight. This was also a widely aired response when the Hague District Court previously also found the state (partially) responsible for a due diligence violation related to the Srebrenica genocide. Marten Zwanenburg raises that the court imposes a heavy burden on the state to record and preserve relevant information during armed conflict. 

Courts are often seen as an outsider that unfairly mix themselves in military situations that they have no expertise on. However, while courts should be careful and have a realistic appreciation of those complex circumstances, the exercise of power requires checks and balances. Rather than an unwelcome outside interferer, the judiciary is there not only to help victims seek justice, but also to help the military improve their procedures where they insufficiently prevent unnecessary casualties. This is not only in the interest of victims, but also of the military that already too often return from conflict traumatized. 

Whether or not the Ministry of Defense may have shared some of the concerns, their response has been to accept the judgment and not appeal, to focus on (further) improving their procedures and to pay compensation to the plaintiffs. In her Feb. 3 letter to parliament, the Minister of Defense wrote that the military is working on improvements in information-driven action and mission-archiving and that military operatives require better support in doing so in future missions. 

Ideally, a judgment like that in the Chora case can provide, in addition to justice for the plaintiffs, a constructive effect towards a better functioning of the military consistent with the principles of IHL, which, when properly implemented, benefit both the military and civilians.

IMAGE: In this January 21, 2010 photograph, Dutch battle group platoon commander Lieutenant Rik (L) speaks with an Afghan village elder during a patrol in Chora valley in Afghanistan’s southern Uruzgan province. (DESHAKALYAN CHOWDHURY/AFP via Getty Images)

The post Dutch Court, Applying IHL, Delivers Civil Judgment for Victims of 2007 Afghanistan Attack appeared first on Just Security.

This year’s reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) — a law that authorizes broad surveillance of foreigners outside the United States to acquire foreign intelligence information— will be unlike any previous one. In the past, reauthorization was a foregone conclusion, and civil liberties advocates struggled to secure even minor procedural safeguards. But a series of recent government reports and FISA Court opinions have demonstrated that Section 702 has become a go-to domestic spying tool for the FBI, and that FBI agents are routinely violating statutory and court-ordered limits on accessing Americans’ data “incidentally” collected under Section 702. At the same time, conservative lawmakers have turned against FISA in light of the government’s flawed applications to conduct surveillance of Trump associate Carter Page. With House Judiciary Committee Chairman Jim Jordan on record opposing reauthorization, it’s clear that Section 702 will not be renewed without a major overhaul.

In public, at least thus far, the Biden administration is acting as if this year’s reauthorization is business as usual. At a recent Privacy and Civil Liberties Oversight Board (PCLOB) hearing on Section 702, NSA Director Paul Nakasone’s opening remarks struck a tone-deaf note, reciting boilerplate talking points about balancing national security and civil liberties without any mention of the extensive violations revealed since the last reauthorization. Behind the scenes, though, the government’s anxiety is evident. Intelligence officials have been setting up Hill briefings since at least last fall — several months before this type of advocacy usually begins. They are also endeavoring to rebrand Section 702 as a cybersecurity authority, recognizing that the specter of terrorism no longer serves as a trump card in any conversation about reforms. For their part, lawmakers who support reauthorization are attempting to distinguish Section 702 of FISA from Title I (the part of the law used in the investigation of Carter Page), suggesting — wrongly, as discussed below — that Section 702 is used only against foreigners.

At bottom, intelligence officials and other defenders of broad surveillance authorities are aware that a straight reauthorization is out of the question, and so they are attempting to level-set around a small number of modest oversight provisions. This approach is evident in a recent Lawfare post by Adam Klein, President Trump’s appointee to chair the PCLOB, who has occasionally advocated strengthening oversight mechanisms but generally eschews substantive reforms. Klein’s post does not even mention the most controversial aspect of Section 702, namely, backdoor searches (discussed below). Instead, Klein focuses on improvements to the FISA Court process that would apply mainly in the area of Title I applications. Mike Herrington, an FBI official who spoke at the recent PCLOB hearing, similarly focused on ways in which the FBI is supposedly strengthening its internal oversight processes.

This time, however, lawmakers’ concerns are unlikely to be allayed by a mere bolstering of oversight requirements. For one thing, it’s doubtful that adding new layers of internal oversight will accomplish much, given the government’s 15-year cycle of violations, followed by the adoption of new administrative oversight measures, followed by more violations. At a more fundamental level, though, oversight — whether internal, in the form of FBI training or audits, or external, in the form of FISA Court review — is not an end in itself; it is a means to ensure that the government is following the rules. Where, as here, the rules themselves have been interpreted to permit warrantless searches of Americans’ private communications, all the oversight in the world won’t solve the problem.

Congress must rewrite the rules to ensure that the government cannot rely on its foreign intelligence surveillance authorities to conduct warrantless surveillance of Americans. This article is the first in a series that will examine the key reforms Congress should implement, including: (1) imposing a warrant requirement before the government searches Section 702-acquired data for Americans’ communications; (2) closing gaps in the law that permit the collection and use of Americans’ communications and other Fourth Amendment-protected information without any statutory limits or judicial oversight; (3) limiting the permissible pool of Section 702 targets to those who might reasonably have information about foreign threats, which would in turn limit the “incidental” collection of Americans’ communications; and (4) removing artificial barriers to existing judicial review mechanisms established by Congress.

Closing the Backdoor Search Loophole

Congress enacted Section 702 in 2008 to make it easier for the government to conduct surveillance of suspected foreign terrorists. Previously, FISA required the government to obtain an individualized order from the FISA Court in order to acquire communications inside the United States or from a U.S. company, even if the target was a foreigner overseas. The government also had to show probable cause that the target was a foreign power or agent of a foreign power. Under Section 702, no individualized order or probable cause showing is needed. The government may target any foreigner abroad to obtain foreign intelligence, and the FISA Court’s role is limited to approving general procedures for the surveillance on an annual basis.

Although Section 702 surveillance must be targeted at foreigners abroad, it inevitably sweeps in large volumes of Americans’ communications — e.g., calls and emails between foreigners and their American friends, relatives, or colleagues. If the government’s intent were to eavesdrop on those Americans, it would have to obtain a warrant (for a criminal investigation) or a FISA Title I order (for a foreign intelligence investigation) to comply with the Fourth Amendment. Accordingly, Congress required the government to “minimize” the sharing, retention, and use of this “incidentally” collected U.S. person information, and to certify that it is not engaging in “reverse targeting” — i.e., using Section 702 surveillance to spy on Americans.

These protections for Americans’ constitutional rights are simply not working. Rather than “minimize” the sharing and retention of U.S. person information, the National Security Agency (NSA) routinely shares raw Section 702 data — which includes Americans’ communications — with the FBI, CIA, and National Counterterrorism Center (NCTC). All agencies retain the data for a functional minimum of five years. (Agency policies describe the 5-year period as a ceiling, not a floor. However, these same policies include several exceptions to this limit, and the PCLOB has reported that agencies rarely if ever delete information before the 5-year trigger.)

Worse, all of these agencies have policies in place that allow them to search through Section 702 data for Americans’ communications. In other words, after certifying to the FISA Court that it is not seeking the communications of any particular, known Americans (which would be “reverse targeting”), the government searches through the warrantlessly acquired data for the communications of . . . particular, known Americans. This is a bait and switch that violates the spirit, if not the letter, of the prohibition on reverse targeting, and it drives a gaping hole through Americans’ Fourth Amendment rights.

The FBI routinely performs these “backdoor searches” in ordinary domestic investigations that have nothing to do with national security or foreign intelligence. Until recently, though, the full extent of this practice was unknown. Although Congress has long required the NSA and CIA to report how many such searches they perform annually (the number is in the thousands for both agencies), the FBI for years claimed it had no ability to track this information. In early 2018, however, Congress required the FBI to begin keeping records of U.S. person queries. The FBI failed to comply for over two years, advancing an absurd legal argument that it could satisfy the requirement by simply counting all queries (i.e., including queries of non-U.S. persons). It finally began keeping the required records in 2020 after the FISA Court and FISA Court of Review rejected that argument.

Thus, the Office of the Director of National Intelligence (ODNI) included the number of FBI backdoor searches for the first time in its 2022 annual statistical report. The report revealed that the FBI performed up to 3.4 million U.S. person queries of Section 702 data in 2021 alone. ODNI cautioned that this number likely overcounts the number of Americans affected, in part because the FBI might use multiple identifiers for, or run multiple queries on, the same individual. But even if the number is off by an order of magnitude, that still represents nearly 1,000 warrantless searches for Americans’ communications each day.

In light of this new information, the government cannot plausibly maintain that Section 702 is solely foreign-focused. Instead, it has become something Congress never intended: a domestic spying tool — one that enables the government to routinely search for and review Americans’ phone calls, emails, and text messages without obtaining a warrant.

Both Congress and the FISA Court have attempted to place limits, albeit modest ones, on backdoor searches. In 2018, Congress required the FBI to show probable cause and obtain a court order for a very small subset of U.S. person queries: those conducted in predicated criminal investigations unrelated to national security. (The subset is small in part because the FBI generally runs U.S. person queries at early stages of the investigation, i.e., before they qualify as “predicated.”) According to the government’s figures, this requirement to obtain a court order has been triggered on more than 100 occasions since 2018. By the government’s own admission, however, the FBI has never once complied with it. Some of these non-compliance incidents can be traced to a technical issue with how the FBI’s systems display data — a problem the FBI notably failed to fix for nearly two years. But the FISA Court made clear that the violations could not all be explained by this technical issue.

In cases not subject to this statutory court-order requirement — i.e., the vast majority of cases — the only limitation on backdoor searches is a FISA Court-approved requirement that U.S. person queries must be reasonably likely to retrieve foreign intelligence or evidence of a crime. This is a low bar, and it’s been in place, in one form or another, for longer than Section 702 itself (as it has long been part of more general FISA minimization rules). Nonetheless, FISA Court opinions from 2018, 2019, and 2020 reveal that the FBI has engaged in “widespread violations” of this rule. To name just a few examples, FBI agents searched for the communications of people who came to the FBI to perform repairs; victims who approached the FBI to report crimes; business, religious, and community leaders who applied to participate in the FBI’s “Citizens Academy”; college students participating in a “Collegiate Academy”; police officer candidates; and colleagues and relatives of the FBI agent performing the search. The FBI also engages in “batch queries,” querying thousands or even tens of thousands of Americans’ communications at one time using a single justification.

Government reports released in 2022 reveal even more disturbing violations. In one instance, an FBI agent conducted U.S. person queries of Section 702 data because a witness had reported seeing two “Middle Eastern” men loading boxes labeled “Drano” into a vehicle. In another case, an agent conducted several queries using the name of a U.S. congressman, and reviewed information that these queries returned. Another agent conducted queries using the names of “a local political party.” And one agent conducted a batch query that included “multiple current and former United States Government officials, journalists, and political commentators.” These incidents raise the specter of backdoor searches being used to target individuals based on race, religion, politics, and journalistic activity. That’s alarming, but it should not be surprising. When government officials are not required to show probable cause of criminal activity to a court, it dramatically increases the risk that searches will be driven by improper considerations — including officials’ conscious or subconscious prejudices or political leanings.

Finally, while the most flagrant recent violations were committed by the FBI, the NSA has similarly violated the rules limiting access to Americans’ communications. Most notably, in 2011, the FISA Court prohibited the NSA from conducting any U.S. person queries of data obtained through “upstream” collection — a method of Section 702 collection that is more likely to sweep in purely domestic communications. The Court made clear that this prohibition was necessary to preserve the constitutionality of the program. Several years later, the NSA reported to the FISA Court that its agents had not been complying with this rule. The agency blamed the violations on “human error” and “system design issues”; the NSA’s Inspector General found that “the problem was widespread during all periods under review.” In a 2017 opinion, the FISA Court chided the NSA, not only for its failure to comply with the querying prohibition, but for its “institutional lack of candor” in failing to timely report the violations.

Given this background, the only way to fully protect Americans’ Fourth Amendment rights and prevent abuses is to require the government to obtain a probable-cause court order before performing U.S. person queries. In law enforcement investigations, the government should be required to obtain a warrant from a magistrate judge. In foreign intelligence investigations, it should be required to obtain a FISA Title I order from the FISA Court, which means showing probable cause that the subject is an “agent of a foreign power.” (FISA defines this term, as applied to U.S. persons, in a way that requires involvement in espionage, terrorism, identity fraud, or other illegal activity.)

This requirement would prevent the government from using Section 702 as an end-run around the Fourth Amendment. And while there might well be violations of this mandate, as well, “widespread violations” like those we’re seeing now — or, at least, the FISA Court’s willingness to continue approving the program despite such violations — would be far less likely. The FBI has claimed that some agents simply didn’t understand existing limits on conducting U.S. person queries. A requirement to obtain a probable-cause order for all U.S. person queries, however, is as clear and simple as any rule could be. The FBI would be hard pressed to claim confusion over such a requirement.

Many lawmakers have already embraced this approach. Senators Diane Feinstein, Mike Lee, Patrick Leahy, and Kamala Harris cosponsored an amendment requiring the government to obtain a probable-cause order for U.S. person queries the last time Section 702 was reauthorized, although it didn’t receive a vote. And the House has twice passed a similar amendment (in 2014 and 2015) with both Democratic and Republican support.

The FBI’s Arguments

The government, predictably, opposes closing off the backdoor search loophole. It leads with the assertion that these searches are lawful. That is indeed the view of the FISA Court. But among the handful of federal courts outside the FISA Court that have had the opportunity to weigh in on this question, a divide has emerged, with several judges — including a unanimous panel of the Second Circuit Court of Appeals — raising constitutional concerns. (Notably, judges on the other side of this divide have relied heavily on a misrepresentation that the Department of Justice made in litigation, namely, that government officials are required to review Americans’ communications anyway as part of the minimization process.) Outside of the courts, constitutional scholars have argued that backdoor searches must be treated as a separate Fourth Amendment event than the underlying collection, thus triggering the warrant requirement. In short, the constitutionality of backdoor searches is anything but settled.

The FBI next argues that requiring a warrant would interfere with efforts to protect Americans. At the PCLOB hearing, Herrington identified hypothetical scenarios in which backdoor searches could be used to identify victims of cyberattacks and targets of espionage. Indeed, ODNI has stated that 1.9 million of the U.S. person queries conducted in 2021 were for the purpose of identifying potential cyberattack victims. Herrington expressed concern that the government would not be able to obtain a warrant for such searches.

The fundamental problem with this argument is that there is no “cybersecurity” or “victim” exception to the Fourth Amendment. If the FBI were investigating a cyberattack perpetrated by a purely domestic actor, it could not simply help itself to the communications of 1.9 million Americans to identify victims. It would have to use other investigative techniques. The Fourth Amendment doesn’t afford lesser protection to American victims simply because the perpetrator happens to be foreign. The foreign suspect may not have Fourth Amendment rights, but the American victims most certainly do.

In any event, if protecting victims were the sole or even primary purpose of backdoor searches, the government would not oppose a warrant requirement outright. It would instead propose a narrow and rigorously overseen carveout — e.g., one that would not involve accessing communications content and that would require FISA Court approval on a case-by-case basis — for situations in which the government has reason to believe someone is a victim or target of malign foreign activity.

Instead, the government is flatly opposing a warrant requirement on the ground that it would recreate “the wall.” That’s nonsense, and the government knows it. “The wall” refers to pre-9/11 rules that governed how law enforcement officials could use foreign intelligence information acquired with a FISA Title I order. In other words, these were rules that (in practice, if not on paper) limited the use of foreign intelligence information for law enforcement purposes even after the government made the probable-cause showing required by the statute. Requiring a warrant or FISA Title I order for U.S. person queries would involve no such restrictions or distinctions. It would constitute a “wall” only in the sense that the Fourth Amendment’s warrant requirement establishes a wall between the government and the private communications of Americans.

As for the FBI’s widespread violations of existing limits on U.S. person queries, the government told the FISA Court that FBI agents didn’t understand those limits. To address that problem, the FBI is bolstering its training requirements and imposing new internal oversight measures. This would be a more convincing argument if the rule the FBI has been violating (i.e., that queries must be designed to retrieve foreign intelligence or evidence of a crime) was a new one. But the notion that FBI agents didn’t understand the relevant standard — and that they simply need better training and oversight — is hard to accept when that standard has been in place for at least 14 years, and when the government has been touting its rigorous training and oversight throughout that period. As the FISA Court suggested, there’s an alternative explanation for the FBI’s behavior: not just a misunderstanding of the standard, but “indifference toward it.”

Indeed, it’s important to recognize that the recent FISA Court opinions are only the latest in a string of opinions dating back to 2009 that reveal an unbroken pattern of violations — by the FBI, NSA, and CIA — of the rules designed to protect Americans’ privacy. (See here for a compilation of Section 702 violations as of 2017.) In written comments to the PCLOB, I documented the FISA Court’s rising frustration with these violations and the government’s failure to timely disclose them. On multiple occasions, the government has responded by pledging to improve its training and/or bolster internal oversight. None of these efforts has been sufficient to disrupt the pattern. In the words of surveillance expert Julian Sanchez, the FISA Court and the government have been engaged in a game of “compliance whackamole.”

Ultimately, though, even if the FBI could ensure perfect compliance with the existing rules, it wouldn’t obviate the need for a warrant. Communications are collected without a warrant under Section 702 based on the premise that the subjects of the government’s investigative activity are foreigners abroad. If that premise changes, so does the constitutional calculus. Requiring a warrant for U.S. person queries honors the balance between security and liberty struck in the Fourth Amendment and ensures that Section 702 can’t be used to get around Americans’ constitutional rights. That essential reform should be the starting point for any reauthorization of the law.

IMAGE: Futuristic data screen and hologram world map. (Getty) 

The post The Year of Section 702 Reform, Part I: Backdoor Searches appeared first on Just Security.

For senior U.S. decisionmakers, the choice may boil down to a simple binary: double down on the game the IC plays best, or wade into a relatively new game that anyone can play. In terms of resourcing, authorities, and analytic credibility, however, forays into the latter could come at the expense of the former. By dint of its sheer scale, scope, authorities, relationships, organization, and history, the IC’s potential reach into the depths of secrecy is unparalleled. It is this very reach that may stand at greatest risk from unbounded attempts to find what hides in plain sight.

The most recent National Intelligence Strategy from 2019 rightfully acknowledges that “an inability to stay current with rapid changes in technology and industry standards may affect the IC’s competitive advantage.” But what exactly is the IC’s competitive advantage? The strategy does not offer a definition, but I would suggest it is the ability to collect and analyze what no one else can and how no one else can. I borrow this definition from one of the foundational documents governing the very practice of intelligence in the United States: Executive Order (EO) 12333 – wherein the phrase “information not otherwise obtainable” appears several times. 

Granted, EO 12333 is far from the final word on the do’s and don’ts of U.S. intelligence. And, if anything, the 42-year-old directive is long overdue for an update to bring several related disciplines into better alignment with the geopolitical and bureaucratic realities of the 21st century. Even so, as a compass-check against first principles, it might be a good starting point, particularly as it details how and why the IC is charged and authorized to do what no other entity can. 

EO 12333 also sets out the chief goal of the IC: to “provide the President and the National Security Council with the necessary information on which to base decisions concerning the conduct and development of foreign, defense and economic policy, and the protection of United States national interests from foreign security threats” – for which “accurate and timely information about the capabilities, intentions and activities of foreign powers, organizations, or persons and their agents is essential.” Such collection is to be “pursued in a vigorous, innovative and responsible manner that is consistent with the Constitution and applicable law and respectful of the principles upon which the United States was founded.” These clauses should serve as the baseline of both flexibility and limitation as the IC adapts itself to an OSINT-driven era. 

The IC’s initial foray into so-called OSINT hewed to this competitive advantage, filling a gap no one else could. According to the CIA’s history of the Foreign Broadcast Information Service (FBIS), established in 1941, “U.S. officials could not know quickly what national leaders were telling their own people or citizens of nearby countries without some wholesale monitoring of foreign radio…the fastest, cheapest, and most reliable way of getting general information and intelligence concerning a particular country.” The ensuing decades, however, would see intensifying and competing demands from throughout the government and academia, scandal and budget cuts, and a meandering and ballooning mission scope, per the above history. As the information space shifted from one of dearth to deluge for policymakers over that period, discussion of the IC’s proper OSINT role seems to reemerge with each major geopolitical event and technological advance. In 2023, the government has lost the monopoly it once had over collecting and transmitting freely broadcasted info, at speed, cheaply. The urge to recapture that monopoly is understandable, but likely misguided.

As the Biden administration amply demonstrated in the lead up to Russia’s renewed invasion of Ukraine in early 2022, when it comes to understanding adversary plans and intentions, there is no alternative to the human or technical infiltration that only the IC is equipped and permitted to perform. Director of National Intelligence (DNI) Avril Haines acknowledged that “the United States had obtained ‘extraordinary detail’ about the Kremlin’s secret plans for a war it continued to deny it intended.” Consequently, when considering the extent to which it adopts OSINT as a core function, the IC must adopt a “first, do no harm” approach to its most unique and exclusive mission, given the substantial opportunity costs at stake. In an era of limited resources and seemingly boundless collection, decisionmakers may yearn for an IC that can stay one step ahead of the adversary, while also being able to “beat the press.” Even if only periodically successful, it is better to vigorously pursue the former than to catastrophically succeed at the latter. 

Moreover, arguments for the IC to concertedly wade into the OSINT game often fail to distinguish between collection and analysis, and the degree to which the IC should be a consumer versus a producer. On all scores, the degree of faith these arguments often place in algorithms, machine learning, and artificial intelligence seems overly optimistic at best, commercially self-serving at worst. There is no disputing the IC should do more to ensure open-source insights augment and contextualize clandestinely acquired information. It is also clear that the U.S. government needs to seriously overhaul its massive and arcane classification system, which is structurally inclined toward stove-piping. Attempting to duplicate the practice of OSINT collection and analysis at scale, however, poses clear risks to both IC tradecraft and credibility that must be carefully considered.

For example, the explosion of “publicly available information” threatens to turn all-source intelligence into a nebulous, infinite attempt to boil an ocean of data – much of which is embroiled in ongoing domestic and foreign policy debates surrounding privacy and surveillance. The IC cannot take for granted that the imprimatur of government is not simply synonymous with public trust and credibility. Meanwhile, OSINT itself entails significant – and increasingly scarce – personnel resources to triage and assess. For a group of agencies already subject to crippling “information overload,” dedicating linguists and data scientists to OSINT risks robbing Peter to pay Paul. Understanding how OSINT-specific requirements and priorities would be incorporated into existing prioritization and deconfliction processes – in a way that does not expose key gaps in other “-INTs” – is crucial. In other words, the kinds of OSINT data the IC collects, from whom, and at what resource and opportunity costs, are critical questions, too easily papered over with a sweeping nod to the need for “more OSINT.” The answers are vital to ensuring the discipline ultimately benefits national security decision-making more than tech startups or data-brokers, and closely adheres to the Constitutional principles and values enshrined in EO 12333. 

Moreover, the IC has far less leeway in drawing conclusions from the disparate and disaggregated sources than do civil society or journalists leaning on OSINT to draw inferences, which are sometimes faulty. Relative to the IC’s analytic tradecraft, which has been continually refined over decades (but certainly not perfected), OSINT practices are still nascent, and can themselves sometimes suffer from their own myopia: that of “big data.” As social scientists note, the assumption that grand accumulations of unstructured data will necessarily yield better insight “sacrific[es] complexity, specificity, context, depth and critique for scale, breadth, automation.” In other words, reverting to OSINT to find patterns the IC may not have otherwise known to look for must not be deemed a license to make judgments it might have otherwise had to justify.

Meanwhile, to the extent the IC takes up producing so-called OSINT, the question arises as to what then distinguishes intelligence from investigative journalism, not to mention why taxpayer money ought to be dedicated to a discipline for which the private sector will clearly retain the cutting edge. Wading too far into abstract national security threats, unbounded data-sources, and less-than-robust technologies to provide speedier forecasts risks setting the IC up for inevitable failures which could erode the very credibility that OSINT proponents claim must be salvaged.    

The notion that intelligence must adapt to keep pace with the times is hardly new. Nearly two decades ago, Professor Joseph Nye marveled at the post-Cold War increase in “the ratio of mysteries to secrets in the questions that policymakers want answered. A secret is something concrete that can be stolen by a spy or discerned by a technical sensor… a mystery is an abstract puzzle to which no one can be sure of the answer.” The year was 1994. Incidentally, this was the same year that the legendary Michael Jordan inexplicably decided to leave his championship basketball streak to try his hand at a different sport entirely. “Jordan’s decision to leave the NBA at the utmost peak of his powers in order to pursue a short-lived career in professional baseball is still a source of curiosity,” a sports columnist wrote last year. The lesson is this: in weighing the degree of focus on uncovering secrets versus solving mysteries, U.S. officials should err in favor of the IC’s proven competitive advantage and avoid taking their eyes off the ball.

IMAGE: A visualization of big data. (Getty) 

The post The IC’s Biggest Open-Source Intelligence Challenge: Mission Creep appeared first on Just Security.