Newsletters

Get Where+When delivered to your inbox every Monday and Thursday.

The government has been aggressively pursuing those who disclose secrets, and the reporters they talk to, for a decade. By Shane Harris

You’d be forgiven for not believing it, but there was a time when seizing a reporter’s private e-mails and accusing him in court documents of possibly aiding and abetting a criminal conspiracy for doing his job would have been unthinkable. 

By now, were well acquainted with the Obama administration's unprecedented prosecutions of suspected leakers, and how that pursuit has ensnared journalists and jeopardized their ability to protect their sources identities. But this anti-leaking zeal didnt begin in 2009 with the inauguration of Barack Obama. 

The course was set in 2003, when an influential appeals court judge opined that journalists supposedly legal right not to reveal their sources, known as “reporters privilege,” was complete bunk. The privilege—or at least lawyers perception of it—was the constitutional cornerstone that backed up journalists pledges never to reveal the names of people who talked to them in confidence. But now that the legitimacy of the privilege was questioned, prosecutors were emboldened to acquire reporters confidential information using tactics they wouldnt have dared try in a prior era. 

In a piece for the magazine three years ago, I wrote about how federal prosecutors have flexed their legal muscles over the past decade, and how the undermining of the reporters privilege helps explain why the Obama administration is so keen to go after leakers and is willing to turn journalists into unwitting, and unwilling, tools of investigations. Here are the key moments in the timeline. 


July 2003: Judge Richard Posner of the Seventh Circuit writes an opinion explaining why the court had ruled against a group of authors who refused to hand over tape recordings of interviews theyd done with a source. Unexpectedly, Posner argues that the landmark Supreme Court decision in Branzburg v. Hayes that supposedly established reporters privilege actually did no such thing.

Journalists dont have an “absolute” privilege to protect their sources, Posner writes. Instead, courts need to “make sure” that a media subpoena “is reasonable in the circumstances. . . . We do not see why there need to be special criteria merely because the possessor of the documents or other evidence sought is a journalist.” 

Posner lowers a gate separating the government and the press. And within a few years, federal prosecutors are climbing over it. 


December 2003: US Attorney Patrick Fitzgerald, acting as a special prosecutor in the investigation of who may have leaked the name of CIA officer Valerie Plame to news reporters, subpoenas five journalists to testify before a grand jury. Judith Miller of the New York Times refuses to comply and eventually spends 85 days in jail.  

“Plamegate” becomes a watershed for the press, in large part because Miller fought the subpoena and lost. This becomes a precedent that weakens reporters assertion of privilege where the underlying leak, in this case identifying a clandestine CIA officer, might involve a crime. In retrospect, then-Times executive editor Bill Keller wonders whether the paper should have tried to strike a deal with prosecutors that would have prevented Miller from having to fight the subpoena and go to jail. 


February 2006: The Justice Department investigates the source of a New York Times article that revealed a secret program of warrantless surveillance by the National Security Agency. In testimony before a Senate panel, Attorney General Alberto Gonzales is asked whether the administration had considered “any potential violation [by the newspaper] for publishing that information.” Gonzales replies, “Obviously our prosecutors are going to look to see all the laws that have been violated. And if the evidence is there, they’re going to prosecute those violations.” 

This is the first time any administration official has hinted that the government might prosecute journalists under criminal law for reporting on national security information. 


March 2006: A pair of FBI agents shows up at the Bethesda home of Mark Feldstein, a journalism professor and former investigative reporter for CNN. They demand that Feldstein hand over decades-old documents that he’d been researching for a book on investigative columnist Jack Anderson, who’d died a few months earlier. When Feldstein asks what crime the FBI was investigating, an agent replies, “Violations of the Espionage Act.”

The agents say theyre investigating a case involving two lobbyists for the American Israel Public Affairs Committee who’d been indicted for receiving classified information. The FBI wants Feldstein to tell them the names of reporters who’d worked for Anderson and who held pro-Israel views and had pro-Israel sources.

Feldstein doesnt hand over the documents or assist the FBI. He later writes that the agents actions “suggested that the bureau viewed reporters’ notes as the first stop in a criminal investigation rather than as a last step reluctantly taken only after all other avenues have failed.”


May 2006: A federal prosecutor subpoenas two reporters for the San Francisco Chronicle who’d seen transcripts of confidential grand-jury testimony in an investigation of the Bay Area Laboratory Co-Operative (BALCO), which produced performance-enhancing drugs for athletes. The reporters linked well-known players to steroid use, including players who publicly proclaimed that theyd never taken drugs. The government wanted to know who had violated the rules of grand-jury secrecy and shown court documents to the reporters.

The BALCO case tests the limits of internal guidelines that Justice Department lawyers are supposed to follow when subpoenaing members of the media. No national-security issue was at stake, nor was knowing who leaked the grand-jury information, which was a crime, necessary to establish the guilt or innocence of anyone involved in steroid use. The subpoenas were approved by Attorney General Gonzales.

Mark Corallo, the Justice Department spokesman under Gonzales’s predecessor, John Ashcroft, later says the prosecutors had broken the department’s rules. “This was an abuse of power,” Corallo tells the PBS news program Frontline. “. . . The government just did not meet the standards set by their own guidelines. . . . This one doesn’t even come close.”

The reporters, who had once been personally thanked by President George W. Bush, a former baseball team owner, for their public service journalism, ultimately avoid going to jail when their source identifies himself. 


August 2006: A freelance videographer, Joshua Wolf, is sent to jail after he refuses to turn over video footage of a protest in San Francisco in which a police car was burned and an officer was injured. Wolf spends 226 days in prison. He is released when he finally agrees to turn over his uncut footage. 


January 2008: The Justice Department subpoenas New York Times reporter James Risen, demanding to know the source of information for a chapter in his book, State of War, about a botched CIA operation against Iran. The government had been investigating the case for two years, and had considered trying to halt the books publication, in 2006. Risen resists the subpoena, which eventually expires at the end of the Bush administration. 


February 2008: Newspaper reporter Toni Locy is held in contempt of court for refusing to identify her sources for a series of articles in USA Today. Locy had written in 2001 about Steven Hatfill, a virologist who was identified as a “person of interest” in the anthrax attacks, allegations that later proved false. Hatfill sued the government for violating his privacy and subpoenaed several journalists to find out who in the government fingered him as a suspect. 

The Justice Department, which is defending the US government in the civil suit, argues that Judge Reggie Walton “should reject this attempt at expanded discovery” and quash Hatfills subpoena. Walton disagrees, underscoring judges new willingness not to recognize the reporters privilege, even in non-criminal cases. He rules that for every day Locy refuses to testify, she must pay $5,000 in penalties out of her own pocket. The decision is stayed pending appeal, and a court eventually vacates the judges ruling, but only because Hatfill had settled his case with the government, rendering Locys testimony needless. The appeals court did not reach any decision about the reporters privilege. 


April 2010: The Justice Department subpoenas New York Times reporter James Risen a second time. Judge Leonie Brinkema questions why the government needs a subpoena when there appears to be enough evidence of who the leaker is to secure an indictment. She requires prosecutors to get the sign-off of Attorney General Eric Holder. Risen continues to fight the subpoena, and eventually Brinkema limits the questions the government may ask him in court. Risen appeals to keep that decision in place. The case could end up in the Supreme Court. 


May 2010: A federal judge authorizes a search warrant for the personal e-mails of Fox News reporter James Rosen in connection with the suspected leak of classified information about North Korea a year earlier. An FBI agent swears in an affidavit in support of the warrant that “there is probable cause to believe” that Rosen is violating a criminal law on disclosing “national defense information” by acting as “an aider and abettor and/or co-conspirator” with a State Department official suspected of being his source. Rosen is reportedly not informed that the government wants to search his e-mails and has no opportunity to resist the warrant. 


May 2013: The Justice Department informs the Associated Press that it had subpoenaed the phone records of several AP journalists. The records, obtained months earlier, include numbers dialed to and from phone lines in four AP offices, possibly implicating the communications of 100 journalists, over a period around two months. The Justice Department appears to be investigating an AP story on a successful CIA operation to thwart a bombing plot hatched in Yemen. 

Posted at 12:34 PM/ET, 05/21/2013 | Permalink | Comments ()
The extraordinary records seizure shows leaks investigations are getting more aggressive. By Shane Harris

The Justice Department secretly obtained the phone records of several Associated Press journalists, apparently in an investigation of who disclosed to the organization information about a classified counterterrorism operation in Yemen. According to the AP, investigators "obtained two months of telephone records of reporters and editors . . . in what the news cooperative's top executive called a 'massive and unprecedented intrusion' into how news organizations gather the news." 

This is a significant threat to journalists' ability to shield the identify of their sources. But it is not surprising and was probably inevitable. 

Last year, a Justice Department official said the administration was "out for scalps" in its zealous investigation of leaks and subsequent prosecutions. Identifying those who disclose classified information to journalists is easier today because the government has several means of legally accessing electronic records, such as phone logs, and more sophisticated software for analyzing who was communicating with whom. 

When an agency reports a leak of classified information to investigators, they first look at the so-called BIGOT list, which contains the names of all individuals who are read in on any classified program, and how much information they're authorized to know. That helps them determine, among other things, whose phone records to examine. 

It's not clear on what grounds the Justice Department was able to subpoena the AP's phone records, but investigators may already have had some notion who was on the other end of any calls to reporters or editors. 

"The records obtained by the Justice Department listed incoming and outgoing calls, and the duration of each call, for the work and personal phone numbers of individual reporters, general AP office numbers in New York, Washington and Hartford, Conn., and the main number for AP reporters in the House of Representatives press gallery, according to attorneys for the AP," the organization reports. 

The breadth of these records is what's most perplexing. In the past, investigators have obtained access to a specific reporter's records, but I can't think of any case where the government got so much information and from so many offices, as well as private lines. Do investigators really have reason to believe that their suspected leaker or leakers were talking to at least six journalists in at least four different AP offices? To get a media subpoena, they'd have to persuade a judge, and the attorney general, that this was so, and that the only way to know for sure who was disclosing the secrets was to seize all these journalists' records. 

There's no indication from the AP report that investigators were listening in on journalists' conversations. But they wouldn't have to in order to determine that a reporter and a particular government employee have a relationship. The phone log will tell them that. 

“I’ve done investigations like this, and I know that the longer I stay on phone with you, the more suspicious it looks,” Steven Tyrrell, a former Justice Department prosecutor who had been in charge of two high-profile leaks cases, told me last year. During the second term of the Bush administration, Tyrrell led the Justice Department's case that reportedly scrutinized the phone records of New York Times reporter James Risen, in an attempt to find out who gave him classified information about a CIA operation in Iran. 

Risen's case has some important lessons for the AP, which has demanded that the Justice Department return the phone records and destroy all copies. According to a former intelligence official, when the Justice Department first sought a subpoena to compel Risen to identify his source to a grand jury, in 2008, investigators already had a suspect. They "already know who it is," the former official said, adding that the person was a former CIA employee. 

Seeking a subpoena under these circumstances may have breached the Justice Department's own guidelines on when prosecutors can try to compel reporters to disclose their sources. The guidelines state that the government must have exhausted all other reasonable means of identifying a suspect. Prosecutors must also get the approval of the Attorney General. Media subpoenas are a tool of last resort, and they are supposed to be narrowly crafted. 

The subpoena for Risen's testimony expired at the end of the Bush administration, but then, during the first term of the Obama administration, prosecutors sought to renew it. A judge resisted prosecutors' second attempt, ordering them to get Eric Holder's sign-off. According to another former official, the judge thought the government had enough information to go ahead and indict their suspect without forcing Risen to testify. 

Prosecutors ultimately charged Jeffrey Sterling, a former CIA employee, with disclosing secrets.

The pattern here suggests that prosecutors are getting more aggressive not just about finding the source of leaks, but about making journalists tools of their investigations. 


Posted at 05:32 PM/ET, 05/13/2013 | Permalink | Comments ()

As the House considers cybersecurity legislation this week, it's illuminating to compare how the United States proposes to protect critical infrastructure vis a vis other Western powers. 

The approach in Germany-- a country with which the US has deep and abiding mutual interests in the military and intelligence community--is to protect cyberspace through direct regulation of companies that provide Internet and communications services. This is a broader and more direct approach than what the US is considering. According to a new proposal from Germany's Minister of the Interior, the following would be “required to meet minimum IT security standards”: 

“Operators of critical infrastructure;” 

“telecom providers;” 

“telemedia services.”  

In addition, all those companies must “report significant IT security incidents” to Germany’s Federal Office for Information Security. The providers must also make “easy-to-use security tools” available to their customers. And the telemedia companies would be “obligated to implement recognized protective measures to improve IT security to a reasonable degree.” 

There’s a lot in this document that isn’t defined. What does the German government consider a “critical infrastructure?” What qualifies as “easy-to-use”? Who are “telemedia services” companies? (Presumably companies like YouTube or Netflix, but it’s not clear to me how Germany would go about regulating non-German companies in this context.) 

The document is just a proposal. But as Paul Rosenzweig at Lawfare (who helpfully posted the English translation) points out, “In Germany, more so than in the US, government proposals come from the executive and are likely to be adopted by the parliament.”  

When you compare this German proposal to an earlier set of proposed rules by the European Union, which also would require companies--such as banks and Internet providers--to report security incidents, you start to see a common picture emerging. The European approach to getting a handle on cyber threats is to require companies to cooperate with the government, which presumes some overall responsibility for the security of networks in the national interest. 

This broad of an approach hasn’t flown in the United States, though there have arguably been versions of it in specific sectors. The Defense Industrial Base, for instance. It’s important to keep that in mind as Congress moves forward with cyber legislation. The US approach may end up looking something like the German one, but in individual sectors that the government deems need the most protection. This wouldn’t look like a broad regulatory regime, but maybe a set of sticks and carrots applied to, say, energy companies that effectively force them to beef up their security to a standard that the government accepts. I’ve heard from some energy company executives who say they’re already required to do this--through their current regulators. 

Posted at 10:45 AM/ET, 04/15/2013 | Permalink | Comments ()

Ken Anderson and Ben Wittes, two good friends of Dead Drop, are embarking on an intriguing and from my perspective quite welcome new project. They're writing a book that will pull together all the significant speeches Obama administration officials have given on national security law, and then "weave it all back together, creating a synthetic account of the administration’s views that is worth more collectively than the sum of its parts." 


Called Speaking the Law,  it will be "a kind of handbook on the framework for counterterrorism," using administration officials' own words as the foundation. "Consider it the White Paper the administration has never issued," say Ken and Ben. 

I suspect Obama administration officials themselves will be among this book's most avid readers, given the authors' premise, and that journalists and scholars will find it useful as well: 

"There is a myth that the administration has had little to say on the subject of its counterterrorism authorities, especially targeted killing and drones--largely because it has declined to release publicly its Office of Legal Counsel targeted killing memoranda. Part of the point of Speaking the Law is to show how wrong this myth really is. The administration has actually said a huge amount. It’s just that it has said a great deal of it orally, and has broken up its utterances among a number of different statements."

The authors are publishing the chapters serially online, and then the Hoover Institution will put out a hardcover version when all the work is finished. The introduction and first chapter are available now. 

Posted at 11:07 AM/ET, 03/28/2013 | Permalink | Comments ()
A new report from Google suggests that government investigators are interested in broad and potentially very detailed information about Internet users. By Shane Harris

Google is expanding its regular “transparency report” to include some broad statistics on the numbers of national security letters it receives from the US government. It’s a significant step for the company to publicly disclose what it privately tells the authorities about its users, and it gives us some more insight into how the government monitors the vastness of the Internet.  

The numbers Google is reporting are broad. But the big takeaway here is that the FBI--the primary user of national security letters--appears to be interested not so much in the content of a person's email, but rather in what's known as "basic subscriber information," more high-level data such as a person's name, address, and the length of service on his account. This information is potentially more useful, and surely easier to get, than the written contents of an e-mail. 

At first glance, the numbers of NSL requests Google is reporting look “awfully high” for one company, says Cato’s Julian Sanchez, who breaks down the report and places it the context of what we already know about how NSLs, which are notoriously opaque tools for secretly obtaining information, are used.  

Comparing the Google numbers for NSLs to those released by the Justice Department, one might conclude that the company received one-seventh of all NSL requests, something Sanchez concludes “seems impossible.” Google is big, but not so big that it would account for an outsized share of all NSLs relative to every other company that receives them. Telecommunications companies, including phone and Internet service providers, as well as financial institutions regularly get NSLs, which require companies to hand over different kinds of information short of the actual content of a message. 

So why are Google’s numbers so high? Sanchez persuasively argues that Google is counting requests for basic subscriber information, and that the Justice Department, in its own NSL reports, is not. Looking at Google’s numbers, it would appear that the “overwhelming majority” of NSL requests it receives are for this basic subscriber information, Sanchez writes, which suggests, troublingly, “that the total number of Americans affected by all NSLs is thus vastly, vastly larger than the official numbers would suggest.” 

I think Sanchez is right. And it makes sense based on what we know about how law enforcement and intelligence agencies use electronic information to track people and monitor the Internet for various threats. 

For instance, shortly before the 9/11 attacks, the National Security Agency asked Qwest Communications for subscriber information on its then-quickly expanding communications network. The NSA’s goal was to monitor the Internet for potential cyber threats against the government. (This was years before cyber security became de rigueur in national security circles, so this was a very foresighted move by the NSA.) After the attacks, the NSA again made the request, this time for tracking terrorists. 

Qwest refused, however, after concluding that access to such detailed customer information was illegal without a warrant. Qwest executives and lawyers decided that even though the information wasn't technically "content," it was still revealing enough that giving it to the government required some legal approval. 

This is an important point. Call logs and records of phone calls may be called “basic” information under the law, but they are full of rich, potentially illuminating information about a person. Today, government agencies, including the NSA, use basic data, particularly phone logs and Internet addresses, to create detailed pictures of a person’s communications and his associations. It doesn’t really matter, in this context, that the data doesn’t include the text of an e-mail or the spoken words of a phone call. 

The Google disclosure underscores the extent to which the government is after this kind of general data, more so than actual content. National security letters are not warrants, but they’re being used today to obtain information of the kind that the NSA wanted from Qwest. This should come as no surprise, given how well the NSA, and the FBI, anticipated the ways that digital technology would transform communication, and how that would, in turn, give the government new opportunities for collecting information. 

The way the FBI is using national security letters today, if Sanchez's analysis is correct, suggests that written e-mails aren’t really what investigators want most. It’s easier under the law to get basic information, and that information can tell them a lot about their targets, often more than the text of an e-mail itself. Think about it: How likely is a suspected terrorist to spell out his intentions in a message? You’d learn a lot more about his capability to do harm by positioning him within a bigger terrorist network, and you can understand and illuminate that network with the kinds of information that Google and other NSL recipients provide. This broad information is also useful to investigators when they're trying to identify individuals who they can scrutinize more closely with searches that require a warrant. 

The other reason why a government agency would want this kind of basic information? “To effectively de-anonymize the otherwise unknown user of a particular account,” Sanchez says. That's just what investigators did when they determined that Paula Broadwell was sending anonymous e-mails to a friend of Gen. David Petraeus. Sanchez speculates that this digital de-cloaking may be “the primary reason” an agency would ask Google for basic subscriber information. 

There’s an important wrinkle in all of this. Google also said that when it receives NSLs, it doesn’t disclose Internet protocol addresses. “Since these can be crucial to linking a wide array of online activity to a particular user, their exclusion would somewhat limit the potential of NSLs to undermine Internet anonymity,” Sanchez writes. But it could be that this exclusion is just a Google policy. Sanchez concludes that “it is not at all clear whether other providers will disclose IP addresses in response to NSLs.”  

We should also keep in mind that NSLs are not the only means by which companies share information with the government, nor are IP addresses the only way to unmask someone or provide useful intelligence for investigators. Nevertheless, this is an enlightening report, and it adds to the ever-accreting body of details about how the government watches us, and what companies are doing to comply with the law and at the same time protect their customers’ information. Never an easy balance. It’ll only get harder. 



Posted at 10:08 AM/ET, 03/06/2013 | Permalink | Comments ()

If a hacker disrupts a company's networks, does the company have the right to track the hacker down and try to knock him offline? If a thief tries to steal proprietary data, can a company seed its networks with documents rigged to unleash malware on the intruder's system when he opens them?

These questions have increasingly been a subject of debate, in articles, at security conferences, and during a small roundtable discussion I attended in Cambridge, Mass., early this week. I'm not at liberty to disclose the individual participants, but I can say they are subject matter experts from government, private industry, and academia, and that we all spent a significant amount of time on this nettlesome and fascinating set of questions. 

The overarching context for our meeting was how the proliferation of relatively inexpensive and increasingly easy-to-get technologies such as malware and drones is creating an environment in which threats of violence, or actual violence, are essentially available to anyone. The notion of companies "hacking back" against their aggressors resonated in this context, because while government agencies or the military may have the legal authority to retaliate against an intruder, the means to do so are not exclusively theirs. 

There are a couple of schools of thought here. In one view, private cyber offense is a form of illegal vigilantism, or at least has the potential to become so. If someone breaks into your house and steals your TV, you don't have the right to go to his house, break in, and steal it back. Given the proliferation of malware today, and the relatively low barrier to entry for hacking, malicious or otherwise, it's pretty easy to see how this tit for tat could turn into a private cyber war, with the potential for unforeseen colateral damage. 

But might private offense be a legal form of self defense? Continuing with the TV analogy, if someone breaks into your house and threatens you or your property, states generally recognized that you have a right to defend yourself through the exercise of violence, or the threat of it. 

This is a subject that I'll turn to again on the blog and elsewhere. But for now, it seemed particularly relevant in light of tomorrow's release by President Obama of an executive order on cyber security. 

Simply put, there is only so much that the government can do to assit private industry and defend it from espionage or attack. In light of that, a new practice--dare we call it in industry?--of private cyber offense is growing, and it takes it cues, I'd argue, from the official strategy of active defense that is overtly practiced by the military and the intelligence community. The legal and ethical implications here are profound. 

It will be interesting to see if Obama's executive order addresses this issue, or if in the language we can read any government position on the usefulness, or the harm, caused by private cyber offense. 

As additional reading, I'd suggest Herb Lin's recent article in World Politics Review, as well as this synopsis of a session at the recent Spooks & Suits conference in Washington. 

Posted at 02:53 PM/ET, 02/12/2013 | Permalink | Comments ()

John Brennan's confirmation hearing for CIA Director has suddenly become a lot more consequential. 

In the past few days, we've gotten a window into Brennan's role in the Bush-era terrorist interrogation program--it looks more significant than previously reported--and now comes a leaked Justice Department "white paper" that describes the administration's rationale for why targeted killings of U.S. citizens, a program that Brennan has overseen, are legal.

The revelations in both documents seem obviously engineered to put Brennan in the hot seat about two controversial programs, one of which, targeted killings, some members of the Senate Intelligence Committee still believe they have insufficient information. So, now we know the likely frame for Thursday's confirmation hearing, and I presume that some significant debate will turn on the question of what constitutes an "imminent threat." 

The leaked Justice Department white paper arguably attempts to redefine what most people would consider the common sense definition of imminent threat--that is, an enemy is about to take up arms against you, or is preparing to attack you. Think bombers readying for takeoff, or a foreign nation basing missiles within range of the United States or its allies. 

But that's not the kind of imminence the administration is looking for when deciding whether to kill a U.S. citizen. Indeed, the white paper argues that it would have made no sense to wait for the 9/11 hijackers to board airplanes before moving with lethal, preemptive force against them, had that been an option. 

The paper argues that terrorist groups are always plotting, and that they would presumably strike if they had the opportunity. So if someone is a member of Al Qaeda, or an affiliate, he by definition poses a threat to America. But that doesn't mean said terrorist is poised to strike, and therefore, in a given moment, constitutes an imminent threat. Does it? 

Now we enter a gray area that this white paper is unable to clear up. 

"Imminence must incorporate considerations of the relevant window of opportunity, the possibility of reducing collateral damage to civilians, and the likelihood of heading off future disastrous attacks on Americans," the white paper states in a section that addresses the central issues. (The question of imminence comprises much of the 16-page document.) Nothing in that sentence tells you when a terrorist is judged to be an imminent threat. Rather, it describes the considerations government officials must make when determining whether to kill him now. Or, imminently. 

"Thus, a decision maker determining whether an al-Qa'ida operational leader presents an imminent threat of violent attack against the United States must take into account that certain members of [AQ] (including any potential target of lethal force) are continually plotting attacks against the United States; that [AQ] would engage in such attacks regularly  to the extent it were able to do so; that the U.S. government may not be aware of all [AQ] plots as they are developing and thus cannot be confident that none is about to occur; and that, in light of these predicates, the nation may have a limited window of opportunity within which to strike in a manner that both has a high likelihood of success and reduces the probability of American casualties." 

This paragraph could be summed up as "a list of reasons not to not kill a terrorist."  

The white paper attempts to give some more detail on the decision-making process for concluding that someone is, in fact, imminently threatening the United States. But it's thin.  

"A high-level official [the white paper never specifies that this must be the President] could conclude, for example, that an individual posts an 'imminent threat' of violent attack against the United States where he is an operational leader of [AQ] or an associated force and is personally and continually involved in planing terrorist attacks against the United States." 

Ok, we're getting somewhere. You're an operational leader of a terrorist cell, you're a very dangerous guy. 

"Moreover, where the [AQ] member in question has recently been involved in activities posing an imminent threat of violent attack against the United States, and there is no evidence suggesting that he has renounced or abandoned such activities, that member's involvement in [AQ's] continuing terrorist campaign against the United States would support the conclusion that the member poses an imminent threat." 

That seems a reasonable conclusion to draw, presuming that the evidence of previous activities is sound. I doubt anyone would argue that a terrorist who has attempted to kill Americans, but who has failed, won't try to do so again. 

But nothing in the white paper constitutes a check list of all the requirements or characteristics for becoming an imminent threat in the government's eyes. Does the high-level official rely on visual identification of a target from drone footage? Intercepted communications showing X degrees of separation to a known terrorist group? Human tips? Some combination of the above? Is two out of three enough?  

We're not likely to hear anything about these specifics, not in an open, unclassified hearing of the Senate Intelligence Committee. And the white paper doesn't go there. 

"This paper does not attempt to determine the minimum requirements necessary to render" a lawful targeted killing, it states. So, this paper can be described as the legal rationale for targeted killing in theory, if not as practiced by the Obama administration today. This is not a new revelation. (Indeed, the white paper references some speeches on this subject by senior administration officials.) But the introduction of the white paper into the public domain creates many new dynamics, and not just for Brennan's upcoming confirmation hearing. 

One last point that may have implications beyond the realm of counterterrorism. Does the administration think its legal rationale for targeted killings is flexible enough to be applied to non-terrorist threats to national security? Could it justify, say, killing a member of a hacker collective whom the government believes is trying to take down a power grid with a cyber attack?  

The white paper "does not assess what might be required to render a lethal operation against a U.S. citizen lawful in other circumstances," it states. So, the paper doesn't say the rationale could not be used against hackers. It just doesn't assess the question at all. If the potential breadth of the rationale does come up at Brennan's hearing, we'll be in the land of "hypotheticals," and in Washington, those are always easy to dodge. 


Posted at 11:21 AM/ET, 02/05/2013 | Permalink | Comments ()

Ben Wittes, editor-in-chief of the essential national security blog Lawfare, has a fascinating and newsworthy interview with Brigadier General Mark Martins, who is prosecuting five of the 9/11 plotters, including Khalid Sheik Mohammed. This interview, part of Lawfare's podcast series, will be of interest to those closely following the legal proceedings, as well as to anyone who finds the whole military commissions process mystifying and wants to know more about how it works on a practical level. 

Martins' breaking news, which he discusses in detail, is that he's going to recommend dropping the charge of conspiracy against Mohammed and his co-defendants. Martins has concluded that in light of a previous court ruling in another terrorism case, the military commission doesn't have jurisdiction over conspiracy. Martins didn't want to create any obstacles to a successful prosecution, so he's taking this one charge off the table. 

So how does that affect the most high-profile 9/11 case to date? Martins says that the remaining charges include attacking civilians, murder of 2,976 people, hijacking civilian aircraft, and terrorism.  Each of those carries a maximum penalty of the death penalty. These are grave, serious charges, so the chances of the accused receiving less punishment or even escaping prosecution appear to be zero. 

"We have a clear path to sustainable charges, " Martins said. 

As Wittes writes, the discusion with Martins, who was precluded from talking about certain aspects of the case, "sheds a lot of new light on the prosecutor's thinking after Hamdan II," which was the case the led Martins to recommend dropping the conspiracy charge. 

Now, even if you aren't paying close attention to these proceedings, the podcast gives you an opportunity to get up to speed on the fundamentals of the military commission process, and how it's different than the criminal justice system. I think Martins did a good job of clearly describing his authorities in lay terms, as well as mapping out how he works with other parts of the government that have a stake in the outcomes of this case--particularly the Justice Department. (Martins also addresses reported tensions between his office and DOJ over how to prosecute terrorism detainees. For more on that, read Charlie Savage's reporting in the New York Times.) 

You can listen to the full Lawfare interview with Martins at the blog. And you can also download it, and all previous podcasts, at iTunes, Instacast (my preference), etc. 


Posted at 10:35 AM/ET, 01/11/2013 | Permalink | Comments ()