Ahmed Warsame and StuxNet

Back in November, I suggested one intended purpose of the detainee provisions in the Defense Authorization is to require a paper trail that would make it a little harder for the Administration to disappear detainees on floating prisons. The bill:

  • Requires written procedures outlining how the Administration decides who counts as a terrorist
  • Requires regular briefings on which groups and individuals the Administration considers to be covered by the AUMF
  • Requires the Administration submit waivers whenever it deviates from presumptive military detention

These are imperfect controls, certainly. But they do seem like efforts to bureaucratize the existing, arbitrary, detention regime, in which the President just makes shit up and tells big parts of Congress–including the Armed Services Committees, who presumably have an interest in making sure the President doesn’t make the military break the law–after the fact.

I suggested this effort to impose bureaucratic controls was, in part, a reaction to the Ahmed Warsame treatment, in which it appears that the Armed Services Committees learned Obama had declared war against parts of al-Shabaab and used that declaration as justification to float Warsame around on a ship for two months. (It appears that the Intelligence Committees, but not the Armed Services Committees, got briefed in this case, though Admiral McRaven was testifying about floating prisons as it was happening). [Update: I may be mistaken about what Lindsey Graham’s language about making sure the AUMF covered this action meant, so italicized language may be incorrect.]

This is not to say the ASCs are going to limit what the President does–just make sure they know about it and make sure the military has legal cover for what they’re doing.

With that in mind, take a look at Robert Chesney’s review of the new cyberwar authorization in the Defense Authorization, which reads:


Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to—

(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and

(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).

Chesney’s interpretation of this troubling language is that by requiring a Presidential statement in some cases, it will force interagency consultation before, say, DOD launches a cyberwar on Iran. (Oh wait, too late.)

Second, the utility of insisting upon presidential authorization, as opposed to just SecDef authorization or that of a commander, is that it makes it likely if not certain that there would be interagency screening of the proposed OCO (or set thereof) under the auspices of the NSC staff process, with more than just DOD weighing in on the question.  For example, the State Department – which institutional equities disposing it to perhaps pay more attention to collateral/unintended consequences that an operation might have on other countries – might well have more of a voice as a proposal for a particular operation makes its way up the chain to the President.    In this respect, I should emphasize at this point that the public record reveals that there has been a fairly long-running fight over just these sorts of issues within the executive branch over the past couple of years.  Ellen Nakashima’s story last week is highly relevant here, and there also is relevant material in the Schmitt & Shanker book Counterstrike.  Hard to tell from the outside if section 954 is a codification of what has been worked out, or if instead it will break some sort of logjam.

At least as Chesney reads it (and you should click through for the full post), this is about imposing the same kind of inadequate bureaucratic controls that the detainee provisions appear at least partly to impose.

Both, in other words, seem to be an effort to stop the Executive Branch from just launching wars unilaterally without a paper trail and adequate review.

Now, I suggested the detainee provisions were, in part, a response to Warsame’s treatment. If so, is StuxNet (and Duqu) the reason behind the cyberwar provision? Is it the proposed Libyan cyberattack, which was reportedly called off? Or did the Administration launch another cyberwar, one that hasn’t broken in the press yet?

In any case, it’s not like Congress is telling the President to stop launching wars. Just to do so in some organized bureaucratic fashion.

8 replies
  1. bmaz says:

    Excellent analysis and questions. Either way, it does seem at least a little heartening that Congress is reestablishing and reasserting some separation of powers of authority. Good.

  2. MadDog says:

    It seems the Military Activities in Cyberspace legislation provision appears to be a means for Congressional Armed Services Committees to seek, if not prior approval for intended offensive cyberspace actions by the Executive branch (via the War Powers Resolution section), then at least notification of the intended offensive cyberspace actions.

    I get the sense though that this is something of a straw man construction by the Congressional Armed Services Committees.

    What I mean by that is the Congressional Armed Services Committees seem to envision something like a publicly enjoined and debated Congressional Declaration of War or a Congressional Authorization to use Military Force (AUMF) with regard to (some? all?) offensive cyberspace actions similar to the US declaration of war on Japan or even the al-Qaeda 9/11 AUMF.

    While that might please the Congressional Armed Services Committees with regard to their involvement in such decisions, I find it much more likely that the Executive branch will (continue to) push their use of offensive cyberspace actions under the rubric of “covert actions” subject only to Intelligence committee notifications.

    In some sense, this seems only like the Congressional Armed Services Committees’ wishful thinking and trying to get their nose under the tent, but that the Executive branch will easily parry their attempt by running offensive cyberspace actions as “covert actions”.

  3. Bob Schacht says:

    @bmaz: That’s the most optimistic thing of yours that I’ve read in quite some time.

    What would it take to elect a less interventionist Congress? The way things are headed, we are going to bankrupt ourselves on foreign interventions, just like the Soviet Union bankrupted itself by its war in Afghanistan, and policing its Eurasian satellites. Just because we’re the most powerful nation in the world doesn’t mean that it is wise policy to gallop around the world, ousting tyrants, intervening in civil wars, and assisting the MOTU in their quest for World Fiscal and Commercial Domination.

    But our Congress doesn’t have time to be wise. They have to spend too much time kissing the butts of the wealthy people who fund their re-election campaigns. We’ll be better off when the Koch Brothers of the world have no more, and no less influence on elections than Joe the Carpenter.

    Bob in AZ

  4. earlofhuntingdon says:

    “Offensive operations in cyberspace to defend our Nation”??????

    The breadth of the language is [Steve or Book of] Jobian, leaving Orwell in the dust and rotating in his grave.

    This is a carte blanche to unleash the dogs of war without restraint or paper or digital trail. How would we even know that such propaganda and other operations – such as DOS attacks, other kinds of message jamming, and UK police-style raids on bloggers in Newcastle – are even undertaken, let alone wondrously kept from having an impact on the US or on US nationals. We won’t, they will, and this language would be construed to make it legal, despite conflicting common law, legislative and once-upon-a-time constitutional protections.

  5. earlofhuntingdon says:

    “Undertaking offensive operations” is also permission to pay for them, barring affirmative congressional action to the contrary, despite the former norm that Congress had explicitly to allocate funds for a project in order for it to be legal to spend federal money on it. Neither Congress nor its constituents will know what’s being done or how much it costs, but Congress will be deemed to have approved it anyway.

    This is a tremendous stocking stuffer for the outsourced “security-tel” contractors, the proverbial gift that will keep on giving, all the better because most of its benefits are provided hush-hush and on the Q-T. It would be hard to create a better foundation for a police state.

  6. William Ockham says:

    I’m a little late to the party here, but I think there are a couple of things missing from Chesney’s analysis. First, the whole issue of cyberwar has been an open issue for the military since at least 2003. Part of what this is about is settling internal conflicts within DoD about the necessary bureaucratic mechanisms for doing cyberops so that the CIA doesn’t get all that sexy cyberwar action. Stuxnet and Duqu are CIA actions (which is to be expected in that they are sabotage and espionage, respectively). The DoD has a huge shiny new cybercommand with tons of money, but it is all dressed up with no place to go.

    The other thing I think is missing is the real importance of the Presidential notification is about making plausible deniability harder. The military doesn’t want to get hung out to dry if there is blowback from one of their cyberops. Read that link and imagine what would have happened if the military had done that and caused much more widespread chaos than they intended.

Comments are closed.