Tweet
In a very interesting Op-Ed in today’s Washington Post, Jack Goldsmith appears to slip and disclose new information* about a US cyberattack on al Qaeda in Iraq. Since Goldsmith displays inside information about this attack, it is curious that the Post would neglect to mention Goldsmith’s service in the Bush Department of Justice’s Office of Legal Counsel.
Goldsmith opens the Op-Ed by pointing out the hypocrisy of the US position on cyberwarfare, quoting US Secretary of State Hillary Clinton’s blanket condemnation of cyberattacks and then pointing out that the US has a highly developed offensive capability that it has put into use. It is in getting down to the details of this offensive capability that Goldsmith reveals new information on a previously disclosed attack. This new information raises the question of whether Goldsmith might have been involved, in his previous role in OLC, in delivering legal authorization for this attack or others like it. Given that possibility, it seems puzzling that the Post would only identify Goldsmith by his current Professorship at Harvard and his participation in the Hoover Institution while ignoring his OLC history.
Here is the critical part of the Op-Ed:
Finally, the U.S. government has perhaps the world’s most powerful and sophisticated offensive cyberattack capability. This capability remains highly classified. But the New York Times has reported that the Bush administration used cyberattacks on insurgent cellphones and computers in Iraq, and that it approved a plan for attacks on computers related to Iran’s nuclear weapons program. And the government is surely doing much more. "We have U.S. warriors in cyberspace that are deployed overseas" and "live in adversary networks," says Bob Gourley, the former chief technology officer for the Defense Intelligence Agency.
Note that Goldsmith says the US hacked into both cellphones and computers in Iraq. Yet, if we go to the New York Times April, 2009 article he cites, we find reference only to computers:
When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group’s computers and altered information that drove them into American gun sights.
/snip/
So far, however, there are no broad authorizations for American forces to engage in cyberwar. The invasion of the Qaeda computer in Iraq several years ago and the covert activity in Iran were each individually authorized by Mr. Bush. When he issued a set of classified presidential orders in January 2008 to organize and improve America’s online defenses, the administration could not agree on how to write the authorization.
Because a date for the incident the Times reports is not given (it is merely "several years ago" in the April, 2009 article), it is not possible to determine whether it occurred during Goldsmith’s brief tenure in OLC from October, 2003 to July, 2004. Note that Goldsmith is credited with having the worst of the initial OLC torture memos rescinded, only for new torture authorizations to be put into place after his departure. Also note that the Times states that the Iraq and Iran attacks were individually authorized actions, with the Bush administration still not achieving an overall authorization policy as late as January, 2008, long after Goldsmith’s departure from OLC.
In one sense, Goldsmith appears to be playing partisan games with his emphasis on the hypocrisy of the US position on cyberwarfare. What he really is doing with the Op-Ed becomes much murkier, though, when we realize that he is disclosing new information on previous attacks in which he might have played a role. I welcome any further insights that might be provided on what forces are in play with Goldsmith’s piece. Despite the uncertainty over Goldsmith’s motivations, his conclusion is good reading and appears to provide a useful framework from which to develop a cybersecurity policy:
Everyone agrees on the need to curb this race by creating proper norms of network behavior. But like Clinton, U.S. cybersecurity policymakers are in the habit of thinking too much about those who attack us and too little about our attacks on others. Creating norms to curb cyberattacks is difficult enough because the attackers’ identities are hard to ascertain. But another large hurdle is the federal government’s refusal to acknowledge more fully its many offensive cyber activities, or to propose which such activities it might clamp down on in exchange for reciprocal concessions by our adversaries.
[Update: Since my editing window is closed, could the mods please append an asterisk at “disclose new information” in the opening sentence and refer the readers to comments 29, 30, 32, 34 and 40 for further discussion of the point? ]
52 Comments
Interesting. I’ll bet that at some point there will be an international standard regarding cyber warfare, just as there are international standards for uh…actual warfare.
Of course, these standards would be ignored, once constructed.
Yes, the US will ignore them while insisting they apply to everyone else.
Nah. The US won’t ignore it.
They’ll call it “terrorism” and then use it as an excuse to deploy military resources under the AUMF against terrorism (the one which should have been more tightly written to authorize force in Afghanistan only).
I’m only surprised that anybody would be surprised by govt hacking. Why risk going to prison for hacking into the Pentagon for shits and giggles when the Pentagon will pay beaucoup bucks to hack into other peoples networks. Job of a lifetime for a geek.
I wonder if the hackers the government is hiring are more capable than James O’Keefe. Are they hired primarily through plea agreements with hackers who get caught by the Feds?
There may be some of those but I suspect most are self-referred. It would only take a couple new hires to put the word out. Where else are they gonna get a chance to put those skills to use for such easy money?
And that’s not to say they might not be doin’ a little somethin’ on the side that Uncle Sam wouldn’t be real happy to find out about.
This sounds like the propaganda push the military did for stealth bombers, pin point bombing and Predator drones.
The army wants some new computer toy weapons so they hype them before the budget gets decided.
If any of this stuff worked Ossama would be dead. Both wars would be over, and Iran would not have a nuclear reactor.
The Pentagon has shopping addiction bad. Forget the shiny armored vehicles, bullet proof vests showers that don’t electrocute our troops we need to spend on the basics first or have the Generals forgotten we are fighting 2 wars for over 8 years?
Forget hacking the pentagon needs bankers and hedgefund managers to send al Quieda just imagine the damage they could do.
Financial Weapons of Mass Destruction!
actually 3/4′s of our “intel” is contracted to corps now so this can be (probably is) easily done via msoft, ATT et. al. with the added benefit of selling the info to higher bidders.
/s ?
karen
That has a lot of potential; we have quite a few to spare. *g*
Yet more proof that there is no more LIBERAL MEDIA!!!
All that technology to “spy” yet none to actually help humans. Amazing.
If they had any real wins they would be bragging about them like we hacked all the Ossama family computers and found out that Ossama is at a hospital getting kidney dialysis.
8 years in a cave running a kidney dialysis machine on a series of portable generators flying, driving and ridding on horseback kidney dialysis techs and parts all while (we hope ) evading CIA tails from Pakistani Hospitals.
I assume the cyber war guys were tracking every order for kidney dialysis parts and the movement of kidney dialysis techs in Pakistan.
But another large hurdle is the federal government’s refusal to acknowledge more fully its many offensive cyber activities, or to propose which such activities it might clamp down on in exchange for reciprocal concessions by our adversaries.
Umm, one of the core powers of any sovereign government is the monopoly of violence. The US government has nothing to apologize for whenever it can ‘locate, close with, and destroy’ our military enemies whether by cyberattack or Marine rifle squad (“The mission of the Rifle Squad is to locate, close with, and destroy the enemy by Fire and Maneuver, or repel the enemy’s assault by Fire, Close Combat and Violence of Action”).
Observations:
The timing is on the day of the announcement of the FY 2011 Budget.
The article undercuts any moral authority Clinton might have been asserting against the Chinese in the attacks on Google, which are totally different in nature than what Goldsmith describes and go to the undermining of the commercial web and not just battlefield or government communications.
That argument while on the surface true is specious. Who is this “everyone” who agrees with Goldsmith? And the “like Clinton” is a gratuitous criticism given that she was thinking about the attack on Google whose intent was to shut down legitimate web access by ordinary people. But yes, add cyberattacks to the list of technologies that the world must have some standards of behavior — along with nuclear weapons, chemical weapons, and biological weapons.
Too bad that Goldsmith was not interested in David Margolis’s whitewashing of the torture authorizations.
Saudi’s do fund Ossama Saudi’s are invested in our economy I wonder if by destroying our economy Bush hurt Ossama more doing that than anything else he did.
Its the shoot the nose to spite the face theory of warfare as practiced by Dick Cheney only Bush shot our face.
Cyber war hasn’t gotten Ossama, ended the 2 wars we are fighting, stopped Iran from getting a Nuclear reactor but it very well might work on the blogs.
Cyber war success is classified bull torture took credit for every bit of *cough* success Bush had. I’m sure Ossama has noticed by now he’s been hacked a few times so why keep the cyber war success secret?
Ossama could learn our methods? Like I’m sure he doesn’t have hackers of his own studying everything we do.
The successes are to small to mention if the army wants to get new computers the army knows this so it claims its secret.
This is a budget tactic by the Pentagon an old one Congress should get wise.
Who I’m sure won’t use the cover of hunting Terror to research companies stocks to play the stockmarket with.
In a sense we create a secret police with police powers, immunity but no transparency no freedom of information act.
“Jack Goldsmith himself claims that he largely succeeded in correcting what he saw as overbroad legal opinions issued by his predecessors at OLC. In his book, The Terror Presidency, he claims he resigned partly in an attempt to ensure those corrections stuck and partly because he felt he had lost the confidence of administration leaders.
He does not specify who those leaders were, but notes that White House Counsel Alberto Gonzales several times asked him to remain while David Addington, then the legal counsel to the Vice-President and an influential White House figure, was concerned with how often he had overturned previous OLC opinions.[6]The Terror Presidency
Goldsmith is the author of The Terror Presidency, a book that details the legal issues the Bush administration faced in the war on terror, including the definition of torture, the applicability of the Geneva Conventions to the war on terror and the Iraq War, the detention and trial of suspected terrorists at Guantanamo Bay and elsewhere, and wiretapping laws. Though he is largely sympathetic with the concerns of the Bush administration’s terrorism policies, his primary claim is that the administration’s focus on the hard power of prerogative rather than the soft power of persuasion had been counterproductive, both in the war on terror and in the extension of effective executive authority.
Some of the assertions made in the book include that the Chief of Staff to Vice President Dick Cheney, David Addington, at one point said that “we’re one bomb away from getting rid of that obnoxious court,” referring to the secret FISA court that rules on warrants for secret wiretapping by the United States government.”[2]Wiki
NOTE:I posted this yesterday, with a couple of other Goldsmith items.
Odd that he does an OPED today. I wonder if this is somehow related to the very recent Isikoff piece about the OPR being watered down? Jason Leopold did a article yesterday for Truthout which he discussed to a degree over at ew,yesterday, on a thread entitled “OPR Report Altered….”
I first learned of Goldsmith’s role in the OLC through watching the online version of Frontline’s documentary, Cheney’s Law. Did you ever see that, Jim? I should allow that I may have read about him through emptywheel’s blogs, as well, but not really knowing who he was.
As far as U.S. acts of cyber aggression goes, people who live in glass houses shouldn’t throw stones.
welcome to 1984 + the chicago boys “911 shock doctrine” + “may you live in interesting times”
karen
Would cyberattacks be subject to FISA laws or wiretapping laws?
You might ask…Goldsmith, among others.
Great the Chicago School guys suck at running economies.
Independent contractors subject to laws that restrict the government? Maybe but I doubt it.
Just in case the Post changes the information at the bottom of Goldsmith’s piece, here is how it reads now (and when I first saw it):
I’ll check a few times during the day to see if it changes.
Consider these links a starting point to recognize what might be happening.
It’s from IT Chuiko;
Take a look at this discussion from Wired;
This from Ask The Admin;
My first question upon reading technical blogs that called my attention to the multitude of hidden processes that live within MS products was this;
How has MS managed to de-rail the various lawsuits they have faced here and around the world related to their behaviour as a monopoly?
Any bets a general is connected to these independent contractors or GOP fundraisers.
Here’s a quote from the NY Times article you cited:
I don’t see how you, Jim, arrive at the conclusion that Goldsmith has insider information about NSA activities. However, if you watch the documentary, you’ll see that the NSA is part of the story and Goldsmith was present in the hospital room when the ailing Ashcroft was reading the riot act to White House flunkies, Card and Gonzo.
The argument is based on whether OLC was involved in producing legal authority for the actions described. I think there is a good chance of that, and we know Goldsmith spent time in OLC.
Thanks for the post Jim.
You raise some thoughtful concerns.
The timing is interesting.
Yes, but you’re using the the paper to as your evidence that Goldsmith revealed insider knowledge, when in fact all he said was in fact in the newspaper. Your claim that targeting cells was not mentioned is incorrect, was my point.
Goldsmith appeared on Bill Moyers’ show on September 7, 2007 to discuss his work, and his time in Attorney General John Ashcroft’s hospital room when Alberto Gonzales and White House Chief of Staff Andrew Card attempted to persuade Ashcroft to change his mind about the Bush administration’s warrantless wiretap program. He reported that Mrs. Ashcroft stuck her tongue out at Gonzales and Card as they left the room.[7]
Goldsmith has clarified his opinions more recently on Now on PBS, going so far as to respond to the question “What’s the downside of regular courts” a statement culminating in “Another reason you might not want to use the trial system is that the trial system, to be legitimate, has to have the possibility of acquitting someone of a crime” in reference to attempts to allow military trials of American Citizens while withholding government evidence.[8]
Wiki
The context for the statement about cell towers that you quote is entirely different. It is about theoretical studies on taking out towers to sow chaos, not hacking signals to send false information on the Iraq al Qaeda action, as Goldsmith is suggesting.
I hope you guys aren’t missing the forest for the trees.
What I take away from Goldsmith’s Op-Ed is that the cyber-warfare/surveillance capability that some envision leveraging for national security purposes is rooted in a vulnerability of computers and networks that leave both our enemies and us at risk.
Brad Friedman has devoted his career to pointing out that those who built the crooked Electronic voting system whereby they can covertly control our country’s election results, act as-if they are blind to the fact that if they can hack the election system, so could some foreign government.
So here’s a point to ponder, if the Chinese had hacked the Republican’s vote rigging system in Ohio during the 2004 election to reverse the Bush win and hand the election to Kerry, would the Republicans cry foul and admit they had been hacked, or would they remain quiet and allow China to choose our president?
In like manner, Goldsmith is drawing our attention to the fact that by exercising an offensive cyber warfare capability, we are in fact inviting our adversaries to counter with a capability of their own.
When you take into account the facts that I’ve hinted at above (@27), that it seems probable that our government’s security infrastructure conspired with MS to augment our capability with features built-in to it’s operating systems, you could, with just a little more effort, understand that our nation stands every bit as vulnerable to attack as Al Qaeda, and as a matter of fact, the price we might pay for provoking a successful counter attack is probably on the order of millions of times the cost of our attacks on our enemies.
Not only should people who live in glass houses refrain from throwing stones, they shouldn’t even threaten to throw stones.
I make a living, in part by securing computer networks.
How Cheney-like to claim that his knowledge of certain attacks comes to him via the New York bloody Times. And yes, thanks for pointing out the glaring omission in the Times bio of one of Bush’s most famous employees at the OLC, an omission that must have come via newspaperdom’s most “talented” editorial staff. In fact, it is his prior work for the OLC that would have been most attractive to those editors in publishing this OpEd among the large number submitted every day. Have you no shame, NYT?
Thanks for pointing that out. It looks like we’re heading toward another round “mutually assured destruction”, but in this case we have much to loose than the other side and it’s not at all clear the assured destruction will serve as any kind of deterrent.
This seems an expensive way for the “non-partisan” yet rightwing Goldsmith to score political points. That the US has such capability is a given; the flip side of being able to defend against such attacks is being among the most able to use them offensively.
Goldsmith is jumping on the “Why don’t you use all the tools Bush bequeathed you to ‘defend’ us, Obama?” bandwagon. His argument is once removed from torture and indefinite detention. But that’s what makes it so smarmy and harmful.
As the Japanese and Chinese know and practice, the most effective governmental (or anti-governmental) and negotiating programs are aimed from top to bottom of an opponent’s organization. Making similar points at the working level, among bureaucratic line managers, at senior policy and political levels, and from “think” tanks and universities is the strongest signal that you mean business and that you mean to win. It creates a “sea level” unique to one’s argument, it sets the standard against which the opponent has to fight.
Goldsmith’s is not an isolated argument, but part of a political attack on normalcy. It is certainly an attack against the rule of law, against progressives and against retribution aimed at extremists, of which Goldsmith was and seems still to be a part.
You might want to read up on the Estonian experience with cyber warfare, it was an eye-opener for many.
This occured in May of 2007.
Estonia found it necessary to totally disconnect from the internet which had literaly turned against it, but at least they could isolate themselves, in the USA, we’d be in even more trouble because the attack would likely be coming primarily from botnet computers located within our own country.
Jim, your thesis doesn’t hold water, simply because this was public knowledge. Goldsmith merely got his source wrong. The story was in the National Journal. Here’s a quote from that article:
Here’s the money quote:
Btw, Jack Goldsmith is a good egg.
Thanks. I didn’t check other sources. But as EOH points out at #36, it’s misleading for Goldsmith to claim the Times as the source of his knowledge on actions which could well have included his legal input. I would think that stands whether the disclosure of hijacking phones is new or not.
Since my editing window is closed, could the mods please append an asterisk at “disclose new information” in the opening sentence and refer the readers to comments 29, 30, 32, 34 and 40 for further discussion of the point? Thanks!
I don’t think I’d go that far. He may be slightly less offensive than the others, but he quite willingly worked with a group of people who seemed determined to tear down our Constitution. Your National Journal link identifies the attacks described there as happening in 2007, so that would be after Goldsmith’s OLC time, but there remains the distinct possibility that the legality of such attacks was discussed during his tenure. It’s still very irresponsible of him and the Post to run the Op-Ed without disclosing his OLC role.
I agree, Jack, at least as far as his motives in writing this Op-Ed appears to be a “good egg”, but I disagree about the point of his piece.
What I take away, and what I think he believes is most imporant is this;
It’s a variation on the question; “Why do they hate us?” .
Those who keep asking that question studiously ignore our long history of interference in the politics of the ME.
Similarly, those decrying other’s cyberattacks ignore the fact that most cyberagression originates from within the USA.
Jack brings up that point, which is a very good one and one which we’re going to have to address.
I recommend the viewing of the Frontline documentary linked above for another insight into Goldsmith’s motives. He was friendly with Yoo who was already on board OLC. I expect this relationship had something to do with his getting a placement there. However, Goldsmith left after a year, after confrontations with Addington and subsequent discoveries of what Yoo had been authorizing, in documents that were kept in secret.
Goldsmith is correctly challenging war hawk Clinton to address the U.S.’s principal role in cyberwarfare, citing records of activity that outweigh threats from abroad. The main threat, currently, the U.S. capabilities.
But wouldn’t a “good egg” do more than just walk away from such evil? Wouldn’t someone with a moral conscience drop a letter to the House and Senate Judiciary Committees about what was going on? If he really cared about stopping what was going on, he would have done those things. Instead, he wrote a book about his time there and made some money. I’d like to think I would have chosen very differently if I had been in his shoes.
You have a point, but consider who he was dealing with. Are you certain you could’ve done anything substantially differently in his shoes?
Consider the fact that they were only interested in hiring lackeys in OLC. I expect they made a mistake when they hired a friend of Yoo’s who turned out to be not like Yoo in a very fundamental respect; the fact that he had a conscience.
The DOD budget is being dicussed live NOW on C-Span. They have been talking about Cyber securiity expenditures.
Isn’t that interesting? Helps explain the timing a bit more, doesn’t it?
Heh. Almost enough to make a guy paranoid. My first boot error in months comes on a day I blog about cyberwarfare. System recovery disks are a blogger’s best friend!