SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2011, Issue No. 77
August 10, 2011

Secrecy News Blog: http://www.fas.org/blog/secrecy/

OFFENSIVE CYBER TOOLS TO GET LEGAL REVIEW, AIR FORCE SAYS

Even the most highly classified offensive cyberwar capabilities that are acquired by the Air Force for use against enemy computer systems will be subject to "a thorough and accurate legal review," the U.S. Air Force said in a new policy directive.

The directive assigns the Judge Advocate General to "ensure all cyber capabilities being developed, bought, built, modified or otherwise acquired by the Air Force that are not within a Special Access Program are reviewed for legality under LOAC [Law of Armed Conflict], domestic law and international law prior to their acquisition for use in a conflict or other military operation."

In the case of cyber weapons developed in tightly secured Special Access Programs, the review is to be performed by the Air Force General Counsel, the directive said. See "Legal Reviews of Weapons and Cyber Capabilities," Air Force Instruction 51-402, 27 July 2011:

The Air Force directive is somewhat more candid than most other official publications on the subject of offensive cyber warfare.

Thus, "for the purposes of this Instruction, an Air Force cyber capability requiring a legal review prior to employment is any device or software payload intended to disrupt, deny, degrade, negate, impair or destroy adversarial computer systems, data, activities or capabilities."

On the other hand, cyber capabilities requiring legal review "do not include a device or software that is solely intended to provide access to an adversarial computer system for data exploitation," the directive said.

One challenge facing such legal reviews is that law and policy in the relatively new field of cyberwar are not fully articulated. Another challenge is that where applicable law and policy do exist, they may be inconsistent with the use of offensive cyber tools.

In response to a question on cyberwarfare from the Senate Armed Services Committee at his confirmation hearing last year, Lt. Gen. Keith Alexander of U.S. Cyber Command said: "President Obama's cybersecurity sixty-day study highlighted the mismatch between our technical capabilities to conduct operations and the governing laws and policies, and our civilian leadership is working hard to resolve the mismatch."

But he added: "Given current operations, there are sufficient law, policy, and authorities to govern DOD cyberspace operations. If confirmed, I will operate within applicable laws, policies, and authorities. I will also identify any gaps in doctrine, policy and law that may prevent national objectives from being fully realized or executed to the Commander, U.S. Strategic Command and the Secretary of Defense."

Asked whether DoD possesses "significant capabilities to conduct military operations in cyberspace," Gen. Alexander would only provide an answer on a classified basis.

The Pentagon does not often acknowledge the existence of offensive cyber capabilities. The "Department of Defense Strategy for Operating in Cyberspace" that was released in unclassified form last month does not address offensive cyber warfare at all.


SOME CRS REPORTS ON ECONOMIC POLICY

New reports from the Congressional Research Service on topics of economic policy include the following.

"Boosting U.S. Exports: Selected Issues for Congress," July 21, 2011:

"Economic Recovery: Sustaining U.S. Economic Growth in a Post-Crisis Economy," July 18, 2011:

"Inflation: Causes, Costs, and Current Status," July 26, 2011:

"Treasury Securities and the U.S. Sovereign Credit Default Swap Market," July 25, 2011:

"The Unemployment Trust Fund (UTF): State Insolvency and Federal Loans to States," July 8, 2011:

"Can Contractionary Fiscal Policy Be Expansionary?," June 6, 2011:


"WHEN SECRECY GETS OUT OF HAND"

The government's relentless pursuit of people suspected of mishandling or leaking classified information underscores the need to combat the misuse of classification authority, wrote J. William Leonard, the former director of the Information Security Oversight Office (ISOO), in an op-ed in the Los Angeles Times today.

"The Obama administration, which has criminally prosecuted more leakers of purportedly classified information than all previous administrations combined, needs to stop and assess the way the government classifies information in the first place."

"Classifying information that should not be kept secret can be just as harmful to the national interest as unauthorized disclosures of appropriately classified information," he wrote. See "When Secrecy Gets Out of Hand" by J. William Leonard, Los Angeles Times, August 10:

Mr. Leonard recently filed a complaint with the new ISOO director, John Fitzpatrick, based on his assessment that a document that served as a basis for criminal prosecution in the case of Thomas Drake should never have been classified at all.

******************************

Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

The Secrecy News blog is at:
      http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to:
      http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
      http://www.fas.org/sgp/news/secrecy/index.html

SUPPORT the FAS Project on Government Secrecy with a donation here:
      http://www.fas.org/member/donate_today.html