John Rizzo: DOD Engaged in Cyberwarfare with Limited Oversight

I’ve done two posts on John Rizzo’s recent address to ABA’s Standing Committee on Law and National Security. But I wanted to call attention to a few more things he said in his talk.

Slightly more than halfway through his talk, he talks about how DOD gets to conduct what seem to him to be covert actions in the field of cyberwarfare without the Congressional oversight that CIA would have. (Note, this is my transcription and he’s a big mumbler, so I’m not sure of the accuracy of this transcription.)

I did want to mention–cause I find this interesting–cyberwarfare, on the issue of cyberwarfare. Again, increasing discussion there clearly is an active arena, will continue to be active. For us lawyers, certainly for the lawyers in the intelligence community, I’ve always found fascinating and personally I think it’s a key to understanding many of the legal and political complexities of so-called cyberlaw and cyberwarfare is the division between Title 10, Title 10 operations and Title 50 operations. Title 10 operations of course being undertaken by the Pentagon pursuant to its war-making authority, Title 50 operations being covert action operations conducted by CIA.

Why is that important and fascinating? Because, as many of you know being practitioners, how these cyber-operations are described will dictate how they are reviewed and approved in the executive branch, and how they will be reported to Congress, and how Congress will oversee these activities. When I say, “these activities,” I’m talking about offensive operations–computer network attacks.

This issue, this discussion, has been going on inside the executive branch for many years, actually. I mean I remember serious discussions during the Clinton Administration. So, again, this is not a post-9/11 phenomenon. Now, I’m speaking her from a CIA perspective, but I’ve always been envious of my colleagues at the Department of Defense because under the rubrik of Title 10, this rubrik of “preparing the battlefield.” They have always been able to operate with a–to my mind [?] a much greater degree of discretion and autonomy than we lawyers at CIA have been, have had to operate under, because of the various restrictions and requirements of Title 50 operations. Covert actions require Presidential Findings, fairly explicit reports to the Intelligence Oversight Committees. We have a very, our Intelligence Committees are … rigorous, rigorous and thorough in their review. I’ve never gotten the impression that the Pentagon, the military, DOD is subject to the same degree of scrutiny for their information warfare operations as CIA. I’m actually very envious of the flexibility they’ve had, but it’s critical–I mean I guess I could say interesting but critical how–I mean if there were operations that CIA was doing, they would be called covert actions, there’s no getting around that. To the extent I’ve ever understood what DOD does in this arena, they certainly sound like covert actions to me but given that I’ve had more than my hands full over the years trying to keep track of what CIA’s doing at any given time, I’ve never ventured deeply into that area. But I think it’s fascinating.

This is precisely the same asymmetry that Seymour Hersh has reported with regards to paramilitary operations.

Under the Bush Administration’s interpretation of the law, clandestine military activities, unlike covert C.I.A. operations, do not need to be depicted in a Finding, because the President has a constitutional right to command combat forces in the field without congressional interference.


“This is a big deal,” the person familiar with the Finding said. “The C.I.A. needed the Finding to do its traditional stuff, but the Finding does not apply to JSOC. The President signed an Executive Order after September 11th giving the Pentagon license to do things that it had never been able to do before without notifying Congress. The claim was that the military was ‘preparing the battle space,’ and by using that term they were able to circumvent congressional oversight. Everything is justified in terms of fighting the global war on terror.” He added, “The Administration has been fuzzing the lines; there used to be a shade of gray”—between operations that had to be briefed to the senior congressional leadership and those which did not—“but now it’s a shade of mush.”

But it extends, according to John Rizzo, to the field of cyberwarfare. And while I can understand why Rizzo would like to play in cyberworld with no congressional oversight the way DOD can, I take the opposite conclusion that he does. That is, that DOD is engaged in stuff online–offensive attacks–that should be subject to congressional oversight (and written acknowledgment from the President).

But, at least according to John Rizzo, it’s not.

16 replies
  1. klynn says:

    That is, that DOD is engaged in stuff online–offensive attacks–that should be subject to congressional oversight (and written acknowledgment from the President).

    But it’s not.

    I really wonder what he means by computer network attacks?

    Cyberwarfare is a broad sweep as well. It will include Psych ops.

    So, if I am writing articles online about things the DOD does not like, does my computer/blog become a battlefield?

  2. scribe says:

    Not for nothing, this posture would include JSOC/DoD/NSA (a part of DoD, remember) ignoring little things like … FISA. And reading the contents of everyone’s mail, just to make sure they know the contours of the battlefield.

  3. scribe says:

    Not for nuthin’, again, back when Abu Ghraib was just breaking, some interesting things happened on the net.

    German radio was covering the story (correctly characterizing the US’ conduct as “atrocities”) like the proverbial blanket and broadcasting it over the internet.

    After about 12 hours of that kind of coverage, a curious thing happened to the internet radio news broadcasts: the top of the hour would come and the hews would be announced, then the web would pack up with traffic such that the broadcasts would not get through. You’d get the hourglass and buffering, buffering, buffering for about 5 minutes. Then, just in time for the weather and the vehicular traffic reports, the web traffic would dissipate and the livestream would continue.

    Just so long as those nasty reports on Abu Ghraib didn’t get through.

    This went on for a couple days, until the news cycle moved on. It bore all the hallmarks of a DDOS attack.

  4. kgb999 says:

    Rizzo’s not the only one saying this. It came up in the written answers provided by Lt. Gen. Keith Alexander for the confirmation hearings to lead the new Cyber Command. There are many interesting tidbits about the DoD in general and our cyberwarfare policy in specific. The questions related to Title 10 vs. Title 50 and similar issues are around Pg. 20.

  5. BillE says:

    Didn’t the last admin put forth a proposition that it could prosecute the war anywhere without geographic boundaries. Terraists you know can be anywhere. So, since GWOT then DOD can literally do anything it wants. I wonder if there is a way to actually stop the war? As I remember of the authorization to go after al-queda there is no time frame or boundaries involved. Literally, the executive has carte blanche ( at least they think and who is going to stop them? I don’t think congress can actually end the war. They seem to be able to start them but then only the executive can do a treaty or something like it.


    • PJEvans says:

      Congress can refuse to fund the war.
      Make them have a bake sale, if they really feel they have to use drones on people who have not attacked us.

  6. Stephen says:

    Meanwhile the SEC has announced they haven’t got a clue why the stock market dived recently. You would think they would be data mining that institution all to hell on an ongoing basis.

    • Hmmm says:

      Two things to look at:

      – Who?: Someone bought the stocks at abnormally low prices?

      – When?: ‘Audit the Fed’, ‘Too Big to Fail’, and ‘Greek Bailout’ were all on the table at the time of the nosedive. Was someone sending a signal that they can crash that mofo whenever they want, so don’t fuck with them?

      Just one more round of the ol’ Who-Benefits two-step.

Comments are closed.