9/18 Session #2: the Chief Defense Counsel on IT

Our morning’s litigation commences in earnest with AE155, a defense bid to postpone the pretrial proceedings, for reasons having to do with information technology.  (We got a preview of this motion already, during the case’s last session.)  Bormann will handle the direct of the morning’s witness, Air Force Col. Karen Mayberry---better known as the Chief Defense Counsel for the Office of Military Commissions.

She describes the defense office’s organization and layout---including that concerning information technology.  One civil servant and three contractors handle the latter, which includes a standalone classified system located in Rosslyn, as well as classified and unclassified networks.  These two encompass a number of shared drives, themselves broken down into IT-administered, personnel restricted folders for the defense teams in each military commissions case.  Next Borman asks about, and Mayberry sketches, the workings of defense Outlook email accounts; these, too, are access-controlled and thus can, in theory, only be checked by the individual account holder.  (Each user is given a card, without which neither email nor other systems can be entered.)

In December of 2012, Mayberry learned of a file transfer---or “replication”---planned for late that month.  This involved the mirroring, or shifting, of information contained on servers in Washington D.C. to other servers Guantanamo, the idea being to ensure the same level and speed of access in both locations.  Mayberry had no notice of what came next, in early January: the discovery, in D.C. and in Guantanamo, that privileged and/or confidential defense material had disappeared from servers during the replication.  Some defense folks also could not access their drives at all.  Every day brought a different consequence, Mayberry testified, and each attorney was impacted individually.  The situation worsened over the month, as access would be restored intermittently for some lawyers, but not others; still others could not edit files contained on the shared drives.  The impact on Mayberry’s office was across-the-board, she says,  unsurprisingly because replication---as Mayberry later learned---happens daily on the defense’s systems, and not just on specific occasions.  

This made for severe defense burdens, most acutely during a three-week commissions session at Guantanamo in both the 9/11 and Al-Nashiri cases.  Thereafter, Mayberry received a report from information technology personnel, about recent repairs made to defense systems; though it cautioned that defense lawyers should save working files to their desktops, Mayberry certainly didn’t read that as an instruction to “back up” all defense files (which she couldn’t do in any case) or to assume that IT networks would be less than secure, going forward.  Thus defense lawyers resumed use of their drives and folders as before---but, lo and behold, the same problems persisted over the next months, with computers becoming inaccessible or work product going missing.  That lead Mayberry, eventually, to put a halt to the replication process in late March.  The defense office was getting nowhere, said the witness, who again noted the seemingly office-wide impact of the IT snafus.

She therefore reported the situation to the Defense Department’s General Counsel, and asked for assistance, regarding not merely defense work product losses but the safety of attorney-client material, and what we now know as the “Al Qosi issue”---meaning the inadvertent disclosure, by court technology personnel, of defense emails to the prosecution in Al-Qosi, another military commission case.  The Court of Military Commission Review had ordered a review of certain prosecution emails in that case, and their production.   The latter marked Mayberry’s first experience with the ability of information technology officials to root around in defense communications.  It was an odd event, too, as the court’s request didn’t seem to implicate internal defense emails, and was directed to information in the prosecution’s hands only. (The prosecutor in Al Qosi had brought the issue to Mayberry’s attention.)  Mayberry, when asked, agrees that defense work product theoretically can be searched and removed by information technology personnel, just as emails in Al-Qosi were.   And she speculates that, in the past, searches might well have encompassed defense counsel materials.

All this lead, in April, to a key order from Mayberry: defense counsel were not to use the defense network system for the creation or storage of privileged information. She did so, having lost confidence in the system as constructed; they had to abandon it, in light of ethical obligations imposed by state bars and military law.