John Rizzo: DOD Engaged in Cyberwarfare with Limited Oversight
Slightly more than halfway through his talk, he talks about how DOD gets to conduct what seem to him to be covert actions in the field of cyberwarfare without the Congressional oversight that CIA would have. (Note, this is my transcription and he’s a big mumbler, so I’m not sure of the accuracy of this transcription.)
I did want to mention–cause I find this interesting–cyberwarfare, on the issue of cyberwarfare. Again, increasing discussion there clearly is an active arena, will continue to be active. For us lawyers, certainly for the lawyers in the intelligence community, I’ve always found fascinating and personally I think it’s a key to understanding many of the legal and political complexities of so-called cyberlaw and cyberwarfare is the division between Title 10, Title 10 operations and Title 50 operations. Title 10 operations of course being undertaken by the Pentagon pursuant to its war-making authority, Title 50 operations being covert action operations conducted by CIA.
Why is that important and fascinating? Because, as many of you know being practitioners, how these cyber-operations are described will dictate how they are reviewed and approved in the executive branch, and how they will be reported to Congress, and how Congress will oversee these activities. When I say, “these activities,” I’m talking about offensive operations–computer network attacks.
This issue, this discussion, has been going on inside the executive branch for many years, actually. I mean I remember serious discussions during the Clinton Administration. So, again, this is not a post-9/11 phenomenon. Now, I’m speaking her from a CIA perspective, but I’ve always been envious of my colleagues at the Department of Defense because under the rubrik of Title 10, this rubrik of “preparing the battlefield.” They have always been able to operate with a–to my mind [?] a much greater degree of discretion and autonomy than we lawyers at CIA have been, have had to operate under, because of the various restrictions and requirements of Title 50 operations. Covert actions require Presidential Findings, fairly explicit reports to the Intelligence Oversight Committees. We have a very, our Intelligence Committees are … rigorous, rigorous and thorough in their review. I’ve never gotten the impression that the Pentagon, the military, DOD is subject to the same degree of scrutiny for their information warfare operations as CIA. I’m actually very envious of the flexibility they’ve had, but it’s critical–I mean I guess I could say interesting but critical how–I mean if there were operations that CIA was doing, they would be called covert actions, there’s no getting around that. To the extent I’ve ever understood what DOD does in this arena, they certainly sound like covert actions to me but given that I’ve had more than my hands full over the years trying to keep track of what CIA’s doing at any given time, I’ve never ventured deeply into that area. But I think it’s fascinating.
This is precisely the same asymmetry that Seymour Hersh has reported with regards to paramilitary operations.
Under the Bush Administration’s interpretation of the law, clandestine military activities, unlike covert C.I.A. operations, do not need to be depicted in a Finding, because the President has a constitutional right to command combat forces in the field without congressional interference.
“This is a big deal,” the person familiar with the Finding said. “The C.I.A. needed the Finding to do its traditional stuff, but the Finding does not apply to JSOC. The President signed an Executive Order after September 11th giving the Pentagon license to do things that it had never been able to do before without notifying Congress. The claim was that the military was ‘preparing the battle space,’ and by using that term they were able to circumvent congressional oversight. Everything is justified in terms of fighting the global war on terror.” He added, “The Administration has been fuzzing the lines; there used to be a shade of gray”—between operations that had to be briefed to the senior congressional leadership and those which did not—“but now it’s a shade of mush.”
But it extends, according to John Rizzo, to the field of cyberwarfare. And while I can understand why Rizzo would like to play in cyberworld with no congressional oversight the way DOD can, I take the opposite conclusion that he does. That is, that DOD is engaged in stuff online–offensive attacks–that should be subject to congressional oversight (and written acknowledgment from the President).
But, at least according to John Rizzo, it’s not.