ASIL International Law and Technology Interest Group

I’m pleased to announce that I will be serving in a leadership capacity in the American Society of International Law’s new interest group, the International Law and Technology Interest Group (ILTechIG), which will focus on the implications of technological advances across a range of international law disciplines. The group is co-chaired by Molly Land and Anupam Chander, with (me) Greg McNeal serving as the Secretary/Treasurer. To join this interest group, log in at, click on “Interest Groups” (left navigation bar), select the “All Interest Groups” tab, go to page 3, and click on “Join Group” next to ILTechIG. If you have any questions about the group or need your login information, please contact ASIL Services here or by calling +1.202.939.6001.

Report: Efforts to Secure Nation’s Power Grid Ineffective

WIRED Magazine Reports Efforts to Secure Nation’s Power Grid Ineffective:

The official government cybersecurity standards for the electric power grid fall far short of even the most basic security standards observed by noncritical industries, according to a new audit.

The standards have also been implemented spottily and in illogical ways, concludes a Jan. 26 report from the Department of Energy’s inspector general (.pdf). And even if the standards had been implemented properly, they ‘were not adequate to ensure that systems-related risks to the nation’s power grid were mitigated or addressed in a timely manner.’

At issue is how well the Federal Energy Regulatory Commission, or FERC, has performed in developing standards for securing the power grid, and ensuring that the industry complies with those standards. Congress gave FERC jurisdiction in 2005 over the security of producers of bulk electricity — that is, the approximately 1,600 entities across the country that operate at 100 kilovolts or higher. In 2006, FERC then assigned the North American Electric Reliability Corporation (NERC), an industry group, the job of developing the standards.

The result, according to the report, is deeply flawed.

Continue reading the rest of the post at Wired: Threat Level.

Policy Paralysis and Homeland Security: A Review of Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism by Stewart Baker

I recently reviewed Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism, by Stewart Baker former Assistant Secretary for Homeland Security Policy.  The review appears in Engage, Volume 11, Issue 3, December 2010. I’ve pasted the text of the review below.

Policy Paralysis and Homeland Security:  A Review of Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism

The Department of Homeland Security is paralyzed by civil-libertarian privacy advocates, business interests, and bureaucratic turf battles. The result of this paralysis is a bias toward the status quo that is preventing the United States from protecting the homeland. According to Stewart Baker, in his must read book Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism (Hoover, 2010), this policy dynamic, combined with exponential advances in technology are key threats to U.S. national security.

As this review was going to print, the news was filled with the story of a video that went viral; in the video a passenger was subjected to an intrusive TSA pat down after he refused to pass through a full-body scanner. Privacy groups seized on the controversy, as the ACLU declared “Homeland Security wants to see you naked” and that “the jury is still out on the effectiveness of these machines or whether they justify the invasion of privacy involved.”1 One cannot fault the ACLU for questioning whether these systems are effective—in fact the GAO raised similar questions, inquiring as to whether the full-body scanners would have prevented the Christmas Day bombing attempt.2 What one can fault them for, though, is what Baker describes as advocating for “suffocating controls” on the information the U.S. gathers about suspected terrorists and how it is used (p.27). Consider this telling example recounted by Baker:

I started to believe that some of the privacy groups just objected in principle to any use of technology that might help catch criminals or terrorists. The example I remember best was when the police at Logan Airport got handheld computers. The computers were connected to public databases so they could check addresses and other information when they stopped someone. It was pretty much what any businessman could do already with a Blackberry or iPhone. Th e American Civil Liberties Union went nuts. The executive director of the Massachusetts chapter called the handhelds “mass scrutiny of the lives and activities of innocent people,” and “a violation of the core democratic principles that the government should not be permitted to violate a person’s privacy, unless it has a reason to believe that he or she is involved in wrongdoing.”  (p.27)

These were computers tied to public databases that any citizen could search, and still privacy groups fought tooth and nail to prevent their use. Stories and anecdotes like this one appear throughout Skating on Stilts as Baker recounts his tenure in the Department of Homeland Security as Assistant Secretary for Policy. Such stories reveal just how entrenched interest group politics are, and illustrate how resistance to change in the name of privacy has unintended consequences like the pat downs we are now witnessing at the airport. Stewart’s personal quips and observations also liven up the policy discussion, which is accessible even for the non-national security law and policy specialist. For example, when recounting the handheld computer flap above, Stewart writes, “If the ACLU considered that a civil liberties disaster . . . we’d better not tell them that we also have access to the White Pages” (p.28).

Click “Read the full entry” below to continue reading.


TESTIMONY: The U.S. Strategy to Counter Jihadist Websites/Cyberterrorism/Terrorism on the Internet

On Wednesday September 29th I testified before the U.S. House Committee on Foreign Affairs, Subcommittee on Terrorism, Nonproliferation and Trade on the subject of the U.S. Strategy to Counter Jihadist Websites.  A full copy of my written remarks appears here or here.  A webcast can be found here.  The story was picked up by AFP here and the Los Angeles times here.  My oral remarks are below:

In the era of homegrown terrorist plots, jihadist websites are a grave threat to national security.  Combating them requires a three pronged approach combining:

1) Monitoring for intelligence value;

2) Elimination and destruction for operational gains; and

3) Co-optation for propaganda and ideological value.

My remarks today, and my written testimony focus on the elimination and destruction of terrorist websites.

Eliminating selected jihadist websites will enhance our ability to collect intelligence by narrowing the field of enemy sites we must monitor. A smaller number of websites will allow for targeted efforts to undermine the jihadist message. Finally, efforts which keep the enemy on the move impose costs on them, delegitimize them, and at the margins make it more difficult for potential recruits to become radicalized.

Today’s headlines about a plot to engage in co-ordinated, Mumbai style terrorist attacks reveals the critical importance of countering the jihadist web presence. Homegrown, low sophistication, high casualty plots are increasingly facilitated by jihadist websites. Consider just a handful of our close calls here within the U.S.:

– Nidal Hassan, the Fort Hood attacker was inspired by and radicalized by jihadist websites. Those websites now hold him up as a symbol of successful homegrown attacks.

– Najibullah Zazi who planned a second series of attacks against the NY Subway system was radicalized, and educated through jihadist websites.

– Faisal Shazad the Times Square bomber was radicalized through jihadist websites. It was there that he found his inspiration and fixity of purpose that drove him to carry out his attack.

– Internet images of jihad were the singular tie binding together the efforts of the Fort Dix plotters.

– Moreover in the case of Ohio terrorists Mohammad Amawi, Marwan El-Hindi and Wassim Mazloum, jihadist websites were the motivating and enabling factor in their recruitment, providing them with information about how to build bombs.

The common theme running throughout nearly every attempted attack since September 11th is a radical jihadist ideology. That ideology finds its home in a small core of websites with close operational ties to al Qaeda. Those core forums are the main stream media of jihadist ideology. They have the label of legitimacy. Their stories, videos, training materials, and directives are picked up by mirror sites and repeated throughout the web. We should be disrupting their operations.

I would like to address a common myth that shutting down jihadist websites does not work. I say this is a myth because to date, there has been no concerted government effort to shut down these sites. I readily admit that the jihadist web presence cannot be eliminated, but that is not the goal of what I’m advocating for. Rather, the goal I believe we should be pursuing is to impose costs on our enemies in time and resources, to narrow their potential webhosts, and to corral them into places of our choosing so we can monitor and co-opt them.

It should not be easy for our enemies to recruit, train, and proselytize. The internet is not a battlefield that should operate according to the directives of our enemies, rather it is a battle space that we should own. On the traditional battlefield, few would argue that we should forgo killing and capturing terrorists, merely because they may be quickly replaced. Yet when it comes to the internet, that is exactly what those who are opposed to shutting down these websites are advocating.

I’m speaking in the terms of warfare, however the fight against terrorist websites must be an interagency effort. The intelligence community, the military, law enforcement and the State Department are all key players in a comprehensive strategy to counter the threat of jihadist websites. However, this should not be solely the province of the Executive branch. In fact, I believe that comprehensive legislation directing and prescribing the activities of each agency in the cyber realm is essential to national security. Congress can and should make its mark before the Executive branch takes action on its own — forming precedents without policy.

The threat of jihadist websites is one part of a broader need for legislation directing our nation’s cyber warfare efforts. The key to countering the influence of jihadist websites is to first ensure that those websites do not receive any support from U.S. webhosts. This can be accomplished through the application of existing laws and shaming techniques. Second, we should eliminate selected sites using existing statutes, and treasury regulations. Third, we should work with allies to target those individuals who are supporting websites abroad. Finally, when necessary actions should be taken by the Pentagon’s Joint Functional Component Command-Network Warfare unit and Cybercommand to shut down selected websites. However, this should only be done after co-ordination and consultation with the intelligence, law enforcement and diplomatic community and Congress should be regularly informed of these actions.

Following these steps will go a long way toward countering the influence of jihadist websites.