Tuesday, November 24, 2015

Critique of Citizen Four

Here is a Business Insider critique of the film we watched Monday, Citizen Four.  Please participate in our discussion of the film on Blackboard, and feel free to post links to other relevant news stories here.

Thursday, November 19, 2015

Because They Said So


On October 28, 2015, in an article titled: “How 4 Federal Lawyers Paved the Way to Kill Osama bin Laden,” the New York Times reported the measures that would be taken during the mission to enter Osama bin Laden’s compound in Pakistan was vetted through four Obama administration lawyers to ensure the legality of any and all outcomes. In this article, Charlie Savage reports that Stephen W. Preston, Mary De Rosa, Rear Admiral James W, Crawford III, and Jeh C. Johnson “worked in intense secrecy,” even conducting their own research; unbeknownst to then- Attorney General Eric Holder. Understanding that things could go badly, these memos would serve as support for the legal rationale of the mission itself. 
The scope of the combined memos covered every aspect of the mission, from the breach of Pakistan’s sovereignty-which they decided was necessary to maintain covert integrity, up to and including the eventual decision to kill Osama bin Laden and apprehend no others, and how to properly bury his remains. Although they agreed on the justification to delay congressional notification, they soon learned that then-CIA director Leon Panetta had already broken the secrecy and the order of the White House by notifying several members of congress about the plan. Ultimately, they built their framework on the congressional authorization to use military force against perpetrators of the Sept. 11 terrorist attacks.  Savage reports Stephen W. Preston said, “We should memorialize our rationales because we may be called upon to explain our legal conclusions, particularly if the operation goes terribly badly.”
The issues addressed in this article are similar to those surrounding drone strikes; significant time and effort is invested in intelligence gathering, planning, and logistics. For that it seems there is little controversy or contention.  What appears to be most controversial, however, is the intense secrecy and lengths to which the executive branch has hashed out every aspect of the mission and to decidedly assassinate Osama bin Laden as the goal of the mission itself.   The question then is: Were these lawyers assembled to provide a strategic plan to cover the Obama administration’s assets? Or, were they assembled to allow the executive branch an opportunity to weigh out the rule of proportionality in the style of the Obama administration’s new approach to combating terrorism? 
First, to dismiss legality as a strategic asset is-in my opinion- careless.  I believe that for far too long the government has asked for forgiveness rather than permission from the people, applying the rationale that we all sleep better at night for the secret missions of spies and assassins; what the people don’t know, CAN hurt them so it best not to tell.   Contemporary society is far more educated and highly motivated to hold the government accountable for any and all actions that may disrupt the growth of the economy and the status of foreign trade. This is, after all, a nation build on capitalism and entrepreneurship. However, to accept in blind-faith that President Obama brings a kinder and gentler arsenal to the war on terror- an executive branch dream team- by painstakingly weighing out the tenets of international law, human rights, and wartime protocol before battling any combatant is perhaps accepting a too neatly wrapped gift. 
Maybe the answer to both questions is yes, I certainly do not believe it is no, but I believe there are degrees to each yes answer. It always seems easier to evaluate, analyze, re-assess, and develop alternative strategies after the fact. This is done daily by experts in their fields, and in the media for every incident act towards, or reaction to a combatant-whether home grown or foreign. However, in this case it appears that the experts were tapped prior to an incident act towards a combatant for the purposes of preparing a strategic plan of action and the legal justification to address the reaction, analyses, and questions of alternative avenues that were sure to take place when the mission was complete.
At face-value the administration’s plan of convening a four member secret panel, within the executive branch itself, to prepare “sealed” memoranda addressing the legal scope of a military mission appears intellectually prudent and thoughtful from a humanitarian perspective, but I feel we must always be vigilant scholars and continually seek to understand the deeper and more critical motivators of such intense preparations. While this article does provide some insight to understanding the motivators, it certainly does not pry too much. Rather it mostly teases my curiosity and leaves me driven to know “the rest of the story,” which will be available in book form soon.  Maybe that was the point.


http://www.nytimes.com/2015/10/29/us/politics/obama-legal-authorization-osama-bin-laden-raid.html?_r=0

Monday, November 16, 2015

Zero Dark Thirty: Is Torture Okay?

By: Yocheved Cahn

A New Yorker article discusses squashed issues relating to the 2012 film “Zero Dark Thirty” in regards to its portrayal of torture.  This film is about the ten year manhunt for Al-Qaeda leader Osama Bin Laden and his ultimate assassination at the end of the film.  Zero Dark Thirty starts out with a hard to watch intense “interrogation” scene featuring water boarding, sleep deprivation, and humiliation of suspected terrorists (warranted by the Bybee Memos at the time).  The main protagonist of the film, Maya, is a young CIA analyst brought to Pakistan gather information after the 9/11 attacks and has a noticeable sympathy for the “interrogated” suspects at first.  The film follows her as she becomes a hardened terrorist hunter ultimately losing all sympathy for suspects and the “interrogations” they may face.  All of her work leads to the eventual raid and assassination of Osama Bin Laden.  The New Yorker article sees this as the moral of the story, that torture will lead to success and it was not questioned at all.  
The article, written by Jane Mayer, points out that throughout the whole film, even if torture is shown, the question whether it was legal never comes up.  She points out that during the initial “interrogation” scene when Maya is noticeably disturbed by what is happening to the suspect, she still remains silent. In actuality, an on looking FBI agent was so troubled by what was happening; he made a big deal that got up to the top of the Bush Administration.  The only anti-torture moment in the film comes when a short clip of newly elected Barack Obama  condemning torture while the main protagonists seem to either not care or are annoyed by his announcement.  Right before the clip is shown, one “interrogator” warns Maya to be careful because politics are changing and so might the definition of torture.

Mayer notes that although torture is depicted as leading to the finding of Bin Laden which was not true, a letter to Senator John McCain showed that CIA got their information from a non-detainee. Several other senators have come forward stating that information did not come from detainees indicating that if any torture was conducted it did not get the key information to finding Bin Laden.  Later, detainee explains he will cooperate because he does not want to be tortured again showing that torture brings results. Many other commentators including Frank Bruni say that this film will help Americans embrace torture as a means to a justified end, “no waterboarding, no Bin Laden.” The real problem is, according to Mayer, this film was not portrayed as full fiction but “based on a true story.”  Knowing that there are cases of mistaken identity such as El-Masri v United States and cases like his, Zero Dark Thirty, which justifies torture, hard to watch.  

I found this article useful in understanding the controversy of Zero Dark Thirty, that the film can influence thoughts on torture.  It also shows me that the New Yorker believes that moviegoers are quite naive about the laws against torture which may or may not be true.  I think the article does not give enough credit to the filmmakers for being vague enough to allow people to get curious and research the laws against torture.  I would think that most people found the torture scenes horrifying and perhaps lead to questioning.  As we have learned, the most important checks on national security is us.  So, when a film tries to portray a certain view to us such as torture, we must discern if this view is truly legal and if it is not we must correct it.   

Source:

The $100 Million Question

                  In the world of encryption, assume anyone can view your communications. That is the basis behind the Diffie-Hellman public key exchange (DHE), a method of encrypting digital communications between two parties. The DHE works like this: two parties, "Alice" and "Bob", want to send secret data to each other over the internet. They know that anyone could be listening in on what they are saying, so they use the DHE so that, even though someone can see what they send, it will appear as an undecipherable jumble. The DHE can be analogized like this: Alice and Bob both want to send each other documents back and forth to each other in a secure manner. They decide on using a safe, which has two locks. Alice has the key to one of the locks, and Bob has the key to the other. Alice puts her document into the safe and closes it, locking both of the locks. She then unlocks her lock using her own private key, and sends the safe over to Bob. Along the way, the safe is examined, but because it is still locked no one can see the document inside. When it gets over to Bob, he uses his key to open the safe and read the document. This can continue indefinitely, with no one but Alice and Bob being able to open the safe.     
                  There are two main vulnerabilities in the DHE system, called the Logjam vulnerabilities, and both potentially being exploited by the NSA. The first vulnerability is categorized by 512 bit DHE public keys. If the NSA exploited this vulnerability, they could decrypt communications from 8.4% of the top one million web domains and 3.4% of all HTTPS websites (websites secured by encryption). This in and of itself is a huge deal, but the main problem with this vulnerability is how easy it is to exploit: a reasonably-well funded enterprise only needs two weeks to generate the key needed to decrypt all of those communications. Thankfully, this was fixed after it was discovered, but unfortunately the fix led to the second of the Logjam vulnerabilities, involving 1024 bit DHE public keys. Most businesses that used 512 bit keys began to use 1024 bit keys, which are much, much harder to crack. However, documents released by Edward Snowden have revealed that the NSA has been able to spy on the communications protected by these 1024 bit keys. How is that possible, when they are supposed to be impossible to crack? Researchers crunched the numbers, and found that it would take someone approximately $100 million, as well as a year of time, to break one 1024 bit key and use it to spy. Since there are only a couple of 1024 bit keys in use, $100 million and a year of time would be worth it for some agency to be able to eavesdrop on trillions of encrypted connections. Researchers have concluded that they are "almost positive" that the NSA has already done this, and is using these public keys to decrypt a startling large percentage of all communications.
                  These discussions of wrong-doing on the NSA's part also bring up a little-discussed question: isn’t the NSA supposed to protect us from these kinds of vulnerabilities? Part of the founding goals of the NSA was to protect the US from intelligence gathering and cyber-attacks launched by those outside of the US. If the NSA cannot help companies prevent and prepare for a China-based cyber attack, then who can? Any time these vulnerabilities are discovered by the NSA, they face an ultimatum: go public with these vulnerabilities and teach us how to protect ourselves, or keep them secret and use them for their own good. We will never know exactly how many vulnerabilities the NSA has uncovered, but from the documents leaked so far, we know that they will not hesitate to exploit. Sometimes, when they do reveal and help us make encryption stronger, they still work for their own benefit. An example of this is Dual_EC_DRBG, an cryptographic algorithm. The NSA developed and pushed for standardization of this algorithm, which included a backdoor that allowed them and only them to decrypt anything encrypted with this algorithm. The revelation of this backdoor has made security experts wary of trusting the advice of the NSA in the future, which is counterproductive to their goal of helping us stay safe.

                  With this knowledge made available, we must ask ourselves, what do we do now? We are almost certain that the government is using hundreds of millions of dollars to break encryptions that we as Americans rely on. The government is able to access trillions of communications across the globe, with the entire process shrouded in secrecy. Many argue for heavier and more secure encryptions. While breaking a 1024 bit key is possible but extremely difficult, breaking a 2048 bit key is impossible with today's technology. There are also different encryption technologies that do not have the vulnerabilities that the DHE does. However, the true difficulty lies in the arms race between encryption and decryption technology. A 2048 bit DHE may be secure for a time, but in the future processing power will advance far enough that even these can be easily broken. Instead of simply trying harder and harder to create cryptographically secure technology, the power and scope of the NSA should be reeled in. They could work towards making our technology safer against foreign governments, instead of keeping it unsafe for their benefit.  This process could be done through the courts, but because the NSA is shrouded in so much secrecy, we have no solid proof or evidence that these things are being done, and even if we did the case could be thrown out on state secrets grounds. There is no right answer to what needs to be done about this problem, and most likely there will be a multitude of different solutions before it is actually solved. Until then, we can simply fight the good (legal and technological) fight.

Sources:
http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/
https://www.lawfareblog.com/nsa-and-weak-dh

Tuesday, November 10, 2015


DRONES USED AS POLICY 
EXPOSED: U.S. HYPOCRISY 
EDWARD SNOWDEN TAKE TWO  
By Samantha Peacock

When asked about the aspects of cyber warfare and its ramifications Chief of the Defense Staff of the British Armed Forces, General Sir Nicholas Houghton stated, "There is no longer a simple distinction between war and peace. We are in a state of permanent engagement in a global competition." This particular quote resonates with the theme of our class content and conceptualizes cyber warfare as it is seen internationally, a global competition. General Houghton is not alone in his quarrels regarding cyber security and warfare; this problem isn't new but it is new enough to cause threats that cannot be properly assessed or even defined. It's vast and the statement in itself does not answer a question but the content addresses the class' narrative: what connotation does cyber warfare have in relation to the law of war? The evolution of technology is evolving at a faster rate than laws can be created or terms defined. The lines have been blurred as to what is and what is not an act of war. That very sort of line blurring has come into question with the recently leaked U.S. military documents. The ethicality of actions undertaken by the U.S. has drawn sharp criticism after a website published classified documents regarding special forces, operations, drone strikes, targeted kill lists, and extra-judicial killings. First, The Intercept worked with Edward Snowden and now The Intercept has published documents from an anonymous source detailing our military operationsThe source believes the public should be privy to what our government is doing and who they've "decided to kill".  

The drone strike operations America has taken part in has come under scrutiny before but until now has been shredded with secrecy. In response to previous scrutiny America has said they follow a strict criteria and are very precise. These documents paint a different story. Maybe we do have strict criteria but it is evident from these documents that it is not followed.  The document indicates for every 10 individuals killed by an airstrike, 9 of them are not intended targets. Operation Haymaker saw a total of 219 casualties. This operation had 35 intended targets, which equates to a mere 15% of the total casualties. The source concluded that the practice used by special operations to hunt down and kill targets via drone strikes contributes to, "dehumanizing the people before you've even encountered the moral question, is this a legitimate kill or not?" It is my opinion that the public has reason to believe that this dehumanizing effect does not merely extend to those conducting the operations. It was stated that in a 5-month span 90% of those killed were not intended targets yet all deaths all were labeled EKIA, 'enemy killed in action'. If the American people merely see 219 EKIA killed in drone strike in Pakistan, Afghanistan, Syria, Yemen, Iraq, etc. flash across the news an association with those States and terrorism starts to begin. These are no longer countries with living, breathing people but terrorist targets both to the American people and their operatives. When in reality the intended target that U.S. intelligence has been tracking for months via cellphone data could be the suspect's mother, sister, or a child who was given the phone to impede U.S. intelligence. The source stated that in Yemen and Somalia phone data alone has been used to guarantee a kill. Documents now show that the U.S. has relied on less than accurate intelligence in their air strikes, which has came at the cost of civilian causalities. These causalities can be attributed to faulty intelligence or merely being within the vicinity of an intended target. In the case, Prosecutor v. Stanislav Galic the defense argued that the civilian casualties were collateral damage in a legitimate military activity. The U.S. has argued the same defense in response to the backlash. In both instances I believe a reasonable person would conclude that excessive use of force has been used.  
If a state wishes to remain under the political and military reaction threshold that Article 5 of the North Atlantic Treaty transpired to keep then certain requirements must be upheld.  Cyber warfare is a form of hybrid warfare and to remain under the threshold of Article 5, hybrid warfare must remain under the corresponding legal threshold of armed attackThe Obama administration has stated that in strict legal terms the U.S. is in an armed conflict with al Qaeda in Yemen in Somalia and thus the legality of these actions are not in question. Air strikes can be lawfully used against an enemy belligerent in an armed conflict or under circumstances in which the belligerent constitutes an imminent threat to national security. President Obama has also approved air strikes in Yemen on unknown people, labeling them TADS,  “terror attack disruption strikes Under these circumstances I believe it is foreseeable that your intended target could be a civilian and under international law it's hard to find the legality in deeming this proportionate in action or imminent in threat. The documents reveal that intended targets are tracked for months, in one instance the article lists a target that was under surveillance for 8 months and another several years. If the U.S. can track these threats for months or even years, how is this threat imminent?  

 The documents also expose how the President authorizes these targeted killings. When the report was made the President would receive a baseball like card with the target's portrait and the threat they posed to national security. The report concluded that on average it took the President 58 days to sign off on a killing at which point U.S. special forces had 60 days to carry out the strike. Again, I do not see the imminent threat in four months especially in situations like Bilal el-Berjawi where the United States tracked an individual over the course of several years. According to a UN Special Report targeted killings are premeditated acts of lethal force employed by states in times of peace or during armed conflict to eliminate specific individuals outside their custody. The very definition of these killings implies the threat is not imminent. Still the United States believes it has acted in accord with the law of war with the usage of targeted killingsif the civilian casualties could be removed from these strikes I would be inclined to agree. Since, these operations have untold civilian casualties and the threat appears impossible to remove given the United States' strategies, I do not feel these strikes are in accordance with the laws of war. A possible civilian casualty rate of 90% does not reflect proportionality or necessity. These documents expose American secrecy at a new level. With the recent information being made available I believe an important question all Americans should ask is: What danger does technology without any regard to legal or constitutional limits pose?   

Monday, November 9, 2015

Classified Pentagon Documents Undermine the Legitimacy of the U.S. Drone Program in Yemen and Somalia

Last month, The Intercept uncovered a trove of classified documents relating to the United States’ drone programs in Yemen and Somalia. Originating from a study by a Pentagon Task Force on Intelligence, Surveillance, and Reconnaissance (ISR), these documents shed light on the process by which Joint Special Operations Command, or JSOC, tracked targets for lethal missions between January 2011 and summer 2012. The ISR report indicates that there have been critical shortfalls in the technology and intelligence the U.S. military utilizes in these “find, fix, finish” operations. Although much has changed in the United States drone program since 2012, these details demonstrate that the Obama administration has been acting with less legitimacy than it originally claimed in public statements about the program.

The first concern relates to the U.S. military’s inability to conduct full-time surveillance of its targets in Yemen and the Horn of Africa. Because of a deficit in the number of drones available, and the unique challenges posed by the distance between U.S. airbases and targets in Somalia and Yemen, JSOC was unable to maintain constant surveillance of targets in these regions.  In doing so, the United States has run the risk of violating the principle of distinction. This principle requires international actors to ensure that civilians are not the object of an attack. Interruptions in surveillance could cause military actors to misjudge the presence of individuals within a targeted location, making civilian deaths far more likely.

The deficits in intelligence gathering were not limited to airborne surveillance. A key component of the find, fix, finish cycle is the process is the use of materials collected on the ground and from detainee interrogations. However, there are usually no operatives on the ground to collect any remaining intelligence after a deadly strike, which comprise 75% of the operations in Yemen and Somalia. To compensate, the military has begun to rely heavily on local security forces and the host governments for support. These entities have a history of unreliability and are known for misleading the U.S. military into eliminating political enemies. Even if the U.S. military killed only its targets, these intelligence issues show that it may be targeting civilians instead of combatants, further eroding the principle of distinction in the drone program.

The U.S. military’s response to its limited ability to obtain ground-level intelligence, increasing its reliance on signals intelligence, further jeopardizes the legitimacy drone strikes. Signals intelligence, or SIGINT, consists of the monitoring of electronic communications to discover and locate targets. Documents in the ISR report, however, state the SIGINT is an inferior form of intelligence, even though it comprises more than half of the intelligence collected on targets in Somalia and Yemen. Besides the relative ease with which targets can fool SIGINT, a problem is that the military lacked the requisite technology to capture SIGINT effectively. Even though the main components of SIGINT are video footage and cell phone data, only some of the Reaper drones could record high definition video and most of the aircraft lacked the ability to collect “dial number recognition” data. This creates an even more serious problem for the principle of distinction. These inadequate identification systems may cause the U.S. military to mistake civilians with similar physical characteristics to combatants for the combatants themselves. This increases the likelihood of civilian deaths even more, yet again showing the Obama administration’s disregard for the principle of distinction.

The Obama administration has gone to great lengths to justify its increasing reliance on drone strikes to engage with threats abroad. President Obama and his advisers have characterized the drone campaign as a precise and effective tool to protect United States’ national security interests, especially in remote locations like Somalia and Yemen. However, the revelations in the ISR report demonstrate that intelligence and technology constraints have prevented the U.S. military from following through on this promise. International court cases regarding the principle of distinction have found that the responsibility to protect civilians lies with the attacking force. The United States, as the attacking force in this conflict, must do more to ensure the safety of civilians if it is claim that its actions are legitimate. Until then, by disregarding them when it is inconvenient, the Obama administration is undermining the principles it wishes to protect.


Sunday, November 1, 2015

US-EU Data Sharing Agreement found Illegal

The Snowden revelations posted by The Guardian early last year just won’t stop giving lawmakers headaches. Safe Harbour is the data sharing agreement that exists between the European Union (EU) and the United States (US). The National Security Agency’s (NSA) mass spying program, known as PRISM, make Safe Harbour illegal. The Charter of Fundamental Rights of the EU guarantees all its citizens the “right to respect for private life and the right to protection of personal data.”
Some of the largest and most popular technology companies today are based in the US; in order for non-European companies to service European customers, Safe Harbour was adopted, to legally transfer data under European data privacy laws. Now the Court of Justice of the European Union (CJEU) has struck down the Safe Harbour.
According to the Advocate General Yves Bot, "the inability of citizens of the EU to be heard on the question of the surveillance and interception of their data in the United States," is "an interference with the right of EU citizens to an effective remedy, protected by the Charter."
The effects of the decision will be far reaching and devastating, although not immediate. Following the ruling of the high court, the judiciaries of individual member nations confirm the decision independently, although they are unlikely to stray from the CJEU’s ruling. Now, companies must store their European data within the EU until the US can provide real privacy protection. Although pressure from the NSA will likely make the later a long while off (Arstechnica). The EU could always attempt to negotiate another Safe Harbour agreement with the U.S., but because the CJEU’s decision is binding for European Commission as well as the European Legislature, the new legislation would have to be quite stringent.
Before the final ruling by the CJEU, the United State Mission to the EU attempted to refute the Advocate General’s logic. For one, the Mission states that the U.S. never uses “indiscriminate surveillance.” Attempting to claim that the NSA didn’t carry out mass surveillance, despite overwhelming evidence to the contrary, isn’t the least sound argument made against the Advocate General. The Mission also attempts to argue that once the EU has entered into an international agreement, it’s courts should not be able to overturn the agreement. This is an even more convoluted argument, considering the court's’ purpose is to check the powers of the other branches of government.
The feeble arguments are likely a last ditch effort to salvage the work done on other treaties that rely on the framework already defined by Safe Harbour. For example, the Transatlantic Trade and Investment Partnership (TTIP), which is still in the drafting phase, hopes to knock down “non-tariff” barriers to trade by allowing European companies to ignore product compliance with U.S. law with impunity and vice versa. The idea being that because the regulatory agencies on both sides of the Atlantic require different criteria to gain approval, companies spend double the cost, effort, and time in bringing products to market. Similarly, the Trade in Services Agreement (TISA), which hopes to deregulate companies and ensure that once privatized, companies cannot be re-nationalized, also has chapters on data sharing that referred to the framework in place by Safe Harbour, now neither treaty can pass without either cutting the offending sections or addressing the CJEU’s concerns.
While the CJEU is right to question the level of protection European personal information given in the United States, let us not forget the mass surveillance by European governments is also an intrusion of privacy.
This controversy laid out in the article relates to the issue of how nations deal with international pressures and their international responsibilities in this course. During the Detention and Interrogation unit. We saw how Poland and Macedonia were both found in violation of the EU Charter and EU Convention Against Torture and struggled to balance their responsibilities as members of the EU and their diplomatic ties with the United States. My team mate and I also relied heavily on international treaties, such as the EU Charter, EU Convention, and UN Charter, when arguing our Moot Court case: Mohamed v Jeppesen.

Source: [ArsTechnica] [WSJ]