The Week That Was

Once again, FISA was front and center on Laware this week. Tim Edgar gave us a lesson in intelligence surveillance law 101, defining terms like “incidental collection” and “collection over the wire.” Chris Donesa, former chief counsel for the House intelligence committee, lamented the piecemeal, “band-aid” approach of recent attempts at FISA reform and called for a bolder and more comprehensive public debate about intelligence and national security policy. Lauren updated us on the ongoing metadata preservation saga, explaining that the government's failure to notify the FISC of applicable preservation orders was---at least according to the government---an oversight. Wells posted this week’s Lawfare Podcast, a wide-ranging conversation between Ben and NSA Deputy Director John “Chris” Inglis. Ben and Bobby then followed up with a veritable treasure trove of audio from a recent conference, “The National Security Agency at a Crossroads.” Recorded sessions include panels on the changing role of the media, NSA in historical and diplomatic perspective, the future of the Fourth Amendment, metadata collection, content collection, current reform efforts, compliance and oversight, and an opening speech from former NSA director Admiral Bob Inman. For an internationalist perspective on metadata collection, Hugo Teufel III analyzed the ECJ’s decision striking down the EU’s 2006 Data Retention Directive as exceeding the limits of “proportionality.” He noted that individual member states’ data retention law remain unaffected for the moment, but worries that communications providers are being forced into a privacy versus security is a zero-sum game where they will likely receive conflicting orders. Ben and Jack both responded to a Bloomberg report on Friday that NSA knew about and exploited the Heartbleed OpenSSL bug---and to the government's denials of the claim. Wrote Jack: "the government faces a difficult choice: It can hoard a zero-day for offensive purposes but leave all computer systems affected by the zero-day vulnerable to exploitation or attack; or it can disclose the vulnerability and allow it to be patched, enhancing defense at the cost of a potential offensive tool." And Joel Brenner wrote a piece about the statement this week by the FTC and the Justice Department's Antitrust Division on cybersecurity and antitrust. In this week’s foreign policy essay, Brookings scholar William McCants analyzes the waning fortunes of the Muslim Brotherhood as Saudi Arabia recently appears to have turned on Brotherhood affiliates forcefully. Zachary flagged last week’s executive order authorizing the Treasure Department to impose sanctions on individuals and organizations responsible for the ongoing bloodshed in South Sudan. Paul noted some wishful thinking in Defense Secretary Hagel’s recent attempt to encourage reciprocal transparency with China on cyberdefense doctrine. Jack responded, suggesting that there are benefits even to a unilateral disclosure if it allows the Chinese to interpret US actions accurately and thereby avoid a mistaken escalation. At the same time, he also questioned whether the Chinese have any reason to believe us. And while we’re discussing the Chinese, Lauren analyzed some of the issues at play in Ralls Corp. v. CFIUS, a case probing the extent of Presidential discretion to block foreign companies from buying businesses and property in the US on national security grounds. The case, involving a Chinese-owned firm, will be heard by the DC Circuit on May 5^th. Paul gave us two more installments of his “bits and bytes” feature. In the first, he noted an Israeli INSS report on the development of Iran’s cyber program, an army war college bibliography on cyber, a guide on cyber for Joint Forces commanders, a Foreign Affairs piece on the “internet of things.” In the second, he flagged the New York Times story on the Open SSL bug. Paul also flagged US District Judge Esther Salas’ decision in the “most important cybersecurity case you’ve never heard of,” Wyndham v. FTC. Denying a motion to dismiss, Salas ruled that FTC’s general power to regulate “unfair” business practices includes authority to compel businesses to adopt cybersecurity practices. Stewart Baker posted the next installment of the Steptoe Cyberlaw Podcast, featuring special guest . . . Benjamin Wittes. The usual gang discussed NSA’s influence on encryption standards, a rise in judicially imposed limits on computer search warrants, FISA reform and more. Lawfare also went to the Hill this week: On Monday, I flagged two congressional hearings this week featuring contributors. On Tuesday, Ben testified before a House Foreign Affairs subcommittee on the continuing necessity of the AUMF and the FISA 702 program, and on Thursday, Paul testified about the transfer of the IANA function to ICANN.  Ben gave us a summary version of his testimony, while Ritika flagged the actual hearing and posted the testimony of all witnesses. And in turn, Paul linked to his testimony, and posted some general reflections on the hearing itself. In the targeted killing department, Matt Danzer summarized U.S. District Court Judge Rosemary Collyer’s decision granting the government’s motion to dismiss a Bivens suit brought by the family of Anwar al-Aulaqi, his son, and Samir Khan---all of whom were killed in U.S. drone strikes in Yemen. Collyer found the suit justiciable but reprimanded the government for failing to produce classified documents; she ruled that “special factors” precluded the extension of Bivens liability to such cases. Peter Margulies summarized some of the discussion at a recent Yale Information Society Project Symposium. Bobby noted a conversation happening at the ICRC DC blog, intercross, on IHL’s applicability in connection with the 2001 AUMF that includes contributions from Gary Brown, Jen Daskal and Bobby himself. And on Friday, he flagged a Washington Post story discussing the intense cooperation between JSOC and the FBI, including FBI participation in JSOC raids and firefights. And that was the week that was.