HomeFeaturesDailyBriefingsRapidReconSpecial ReportsAbout Us

« November 2009 | Return to PrincipalAnalysis | May 2010 »

December 31, 2009

United States of America

I've Got Your Sovereignty

The Best Part About Think Tank 2.0: Heterogeneousness of Thought

By Michael Tanji | December 31, 2009

My colleague Steve Schippert asked recently: "Wither Soverignty." My then-private reply at the time went something like this:

Steve,

I don't want to up the humidity level on this parade, but:

  1. INTERPOL's resources (aside from administrative) are drawn from member nations' police forces (contrary to the movies, you can't be an 'INTERPOL agent') who are there to facilitate and liaison, not conduct police operations themselves.
  1. While this may be seen as something linked to a path to the ICC, congress has to ratify any such agreement. We can't ratify the law of the sea (not that we should) a treaty we helped put together; we can't pass health care (not that we should) something everyone agrees needs to be addressed to a certain degree.
  1. As an international organization that is essentially diplomatic in spirit, it is not unusual to expect that they would ask for similar rights and privileges as other diplomatic missions. We didn't have to give it to them, but we shouldn't be surprised it came during this administration, where making friends overseas is on the top-ten list.

Does anyone think for a second that an FBI agent supporting the US INTERPOL office is going to act against the best interests of the US? No FBI agent I know would. Is Congress ever going to ratify an ICC treaty? Not if health care is any indication. Finally, what one executive order can give, another can take away (or a secret one can effectively counter).

Mike

Steve's reply at the time:

Mike,

All of that is understood and agreed, but my point is that we have surrendered sovereignty as a matter of policy. We now rely on the fidelity of our FBI (et al) personnel to stand athwart policy and potential untoward actions of empowered international law enforcement, which is a lot to ask of an individual in the face of a bureaucracy.

Any information collected on Americans, no matter what our notional FBI agent supporting INTERPOL thinks or cares, is beyond reach of our own law enforcement and citizens themselves. I find this unacceptable.

Yes, it can be undone. Bush already did that once. But that it must be done is the point. That we must remain energetically vigilant toward our own leadership on such matters without rest is enraging.

Steve

I don't blame anyone who tracked this story for feeling concerned about the Executive Order, but I think outrage is unwarranted. We afford such protection and immunity to a wide range of organizations, including those that probably should have been given the boot long ago, but we need to make sure we know exactly what is at stake here: INTERPOL has nothing that participating nations are not already prepared to give up. So you cannot subpoena INTERPOL? Fine. They didn't collect that information, your own government did. So subpoena (or FOIA) them.

If anything, I find this move to be simply one more item added to this administration's internationalism buffet, and an innocuous one at that. If recent events have demonstrated anything, it's that it doesn't matter what sort of mechanism or organization you set up to share information and cooperate if you're not prepared to actually and completely work as a team, because short of that you are setting yourself up for catastrophe.

An organization that is trying to address bad acts and find bad actors from a transnational perspective is a good thing. The more we can cooperate the better, because trying to go it alone is more complicated, time-consuming, and draining than we can afford. When you are frustrated and tired you get lazy, complacent, and that's not where we need to be given the environment we're in.

I stand with Steve and everyone concerned about national sovereignty, we just need to make sure we're picking the right fight.

December 23, 2009

United States of America

Wither Sovereignty

Executive Order Amended to Immunize INTERPOL In America - Is The ICC Next?

By Steve Schippert, Clyde Middleton | December 23, 2009

Last Thursday, December 17, 2009, The White House released an Executive Order "Amending Executive Order 12425." It grants INTERPOL (International Criminal Police Organization) a new level of full diplomatic immunity afforded to foreign embassies and select other "International Organizations" as set forth in the United States International Organizations Immunities Act of 1945.

By removing language from President Reagan's 1983 Executive Order 12425, this international law enforcement body now operates - now operates - on American soil beyond the reach of our own top law enforcement arm, the FBI, and is immune from Freedom Of Information Act (FOIA) requests.
For Immediate Release December 17, 2009
Executive Order -- Amending Executive Order 12425

EXECUTIVE ORDER
- - - - - - -
AMENDING EXECUTIVE ORDER 12425 DESIGNATING INTERPOL
AS A PUBLIC INTERNATIONAL ORGANIZATION ENTITLED TO
ENJOY CERTAIN PRIVILEGES, EXEMPTIONS, AND IMMUNITIES

By the authority vested in me as President by the Constitution and the laws of the United States of America, including section 1 of the International Organizations Immunities Act (22 U.S.C. 288), and in order to extend the appropriate privileges, exemptions, and immunities to the International Criminal Police Organization (INTERPOL), it is hereby ordered that Executive Order 12425 of June 16, 1983, as amended, is further amended by deleting from the first sentence the words "except those provided by Section 2©, Section 3, Section 4, Section 5, and Section 6 of that Act" and the semicolon that immediately precedes them.

BARACK OBAMA

THE WHITE HOUSE,
December 16, 2009.

After initial review and discussions between the writers of this analysis, the context was spelled out plainly.

Through EO 12425, President Reagan extended to INTERPOL recognition as an "International Organization." In short, the privileges and immunities afforded foreign diplomats was extended to INTERPOL. Two sets of important privileges and immunities were withheld: Section 2© and the remaining sections cited (all of which deal with differing taxes).

And then comes December 17, 2009, and President Obama. The exemptions in EO 12425 were removed.

Section 2c of the United States International Organizations Immunities Act is the crucial piece.

Property and assets of international organizations, wherever located and by whomsoever held, shall be immune from search, unless such immunity be expressly waived, and from confiscation. The archives of international organizations shall be inviolable. (Emphasis added.)

Inviolable archives means INTERPOL records are beyond US citizens' Freedom of Information Act requests and from American legal or investigative discovery ("unless such immunity be expressly waived.")

Property and assets being immune from search and confiscation means precisely that. Wherever they may be in the United States. This could conceivably include human assets - Americans arrested on our soil by INTERPOL officers.

Context: International Criminal Court

The importance of this last crucial point cannot be understated, because this immunity and protection - and elevation above the US Constitution - afforded INTERPOL is likely a precursor to the White House subjecting the United States under the jurisdiction of the International Criminal Court (ICC). INTERPOL provides a significant enforcement function for the ICC, just as our FBI provides a significant function for our Department of Justice.

We direct the American public to paragraph 28 of the ICC's Proposed Programme Budget for 2010 (PDF).

29. Additionally, the Court will continue to seek the cooperation of States not party to the Rome Statute and to develop its relationships with regional organizations such as the Organization of American States (OAS), the Arab League (AL), the African Union (AU), the Organization of the Islamic Conference (OIC), ASEAN and CARICOM. We will also continue to engage with subregional and thematic organizations, such as SADC and ECOWAS, and the Commonwealth Secretariat and the OIF. This will be done through high level visits, briefings and, as appropriate, relationship agreements. Work will also be carried out with sectoral organizations such as IDLO and INTERPOL, to increase efficiency.

The United States is not a party to the Rome Statute - the UN treaty that established the International Criminal Court. (See: Rome Statute of the International Criminal Court)

President George W. Bush rejected subjecting the United States to the jurisdiction of the ICC and removed the United States as a signatory. President Bill Clinton had previously signed the Rome Statute during his presidency. Two critical matters are at play. One is an overall matter of sovereignty and the concept of the primacy of American law above those of the rest of the world. But more recently a more over-riding concern principally has been the potential - if not likely - specter of subjecting our Armed Forces to a hostile international body seeking war crimes prosecutions during the execution of an unpopular war.

President Bush in fact went so far as to gain agreement from nations that they would expressly not detain or hand over to the ICC members of the United States armed forces. The fear of a symbolic ICC circus trial as a form of international political protest to American military actions in Iraq and elsewhere was real and palpable.

President Obama's words have been carefully chosen when directly regarding the ICC. While President Bush outright rejected subjugating American armed forces to any international court as a matter of policy, President Obama said in his 2008 presidential campaign that it is merely "premature to commit" to signing America on.

However, in a Foreign Policy in Focus round-table in 2008, the host group cited his former foreign policy advisor, Samantha Power. She essentially laid down what can be viewed as now-President Obama's roadmap to America rejoining the ICC. His principal objections are not explained as those of sovereignty, but rather of image and perception.

Obama's former foreign policy advisor, Samantha Power, said in an early March (2008) interview with The Irish Times that many things need to happen before Obama could think about signing the Rome Treaty.

"Until we've closed Guantánamo, gotten out of Iraq responsibly, renounced torture and rendition, shown a different face for America, American membership of the ICC is going to make countries around the world think the ICC is a tool of American hegemony.

The detention center at Guantánamo Bay is nearing its closure and an alternate continental American site for terrorist detention has been selected in Illinois. The time line for Iraq withdrawal has been set. And President Obama has given an abundance of international speeches intended to "show a different face for America." He has in fact been roundly criticized domestically for the routinely apologetic and critical nature of these speeches.

President Obama has not rejected the concept of ICC jurisdiction over US citizens and service members. He has avoided any direct reference to this while offering praise for the ICC for conducting its trials so far "in America's interests." The door thus remains wide open to the skeptical observer.

CONCLUSIONS

In light of what we know and can observe, it is our logical conclusion that President Obama's Executive Order amending President Ronald Reagans' 1983 EO 12425 and placing INTERPOL above the United States Constitution and beyond the legal reach of our own top law enforcement is a precursor to more damaging moves.

The pre-requisite conditions regarding the Iraq withdrawal and the Guantanamo Bay terrorist detention facility closure will continue their course. meanwhile, the next move from President Obama is likely an attempt to dissolve the agreements made between President Bush and other states preventing them from turning over American military forces to the ICC (via INTERPOL) for war crimes or any other prosecutions.

When the paths on the road map converge - Iraq withdrawal, Guantánamo closure, perceived American image improved internationally, and an empowered INTERPOL in the United States - it is probable that President Barack Obama will once again make America a signatory to the International Criminal Court. It will be a move that surrenders American sovereignty to an international body whose INTERPOL enforcement arm has already been elevated above the Constitution and American domestic law enforcement.

For an added and disturbing wrinkle, INTERPOL's central operations office in the United States is within our own Justice Department offices. They are American law enforcement officers working under the aegis of INTERPOL within our own Justice Department. That they now operate with full diplomatic immunity and with "inviolable archives" from within our own buildings should send red flags soaring into the clouds.

This is the disturbing context for President Obama's quiet release of an amended Executive Order 12425. American sovereignty hangs in the balance if these actions are not prevented through public outcry and political pressure. Some Americans are paying attention, as can be seen from some of the earliest recognitions of this troubling development here, here and here. But the discussion must extend well beyond the Internet and social media.

Ultimately, a detailed verbal explanation is due the American public from the President of the United States detailing why an international law enforcement arm assisting a court we are not a signatory to has been elevated above our Constitution upon our soil.

December 8, 2009

United States of America

Burying Nitze

Calling for an end to cold-war analogs for info-war situations

By Michael Tanji | December 8, 2009

Bob Gourley, an old and trusted colleague in the national security arena, asks if we are any closer to achieving a cyber deterrence policy. While it is worth having the discussion as an academic exercise, it couldn't be less practically relevant to keeping our country's resources secure from digital threats. The problem of course is that its a lot easier to attempt to focus on a narrow set of legacy futures rather than to start to develop new ideas. Whether history repeats or rhymes, there is no rule that says we need to mimic the most recent tune on the radio when there is an epic playlist to consider. Rather than spend countless hours and billions of dollars trying to shoe-horn Vint Cerf thinking into a Paul Nitze world, how about looking around for more appropriate metaphors - or considering something original - for the security problems of the actual physical and digital worlds in which we operate?

Let's start by walking through the points Bob addresses in his paper on the subject from last year. He didn't invent them: they're just the major points most of those who operate in this space consider when they're talking about trying to make sense of things.

Attribution. As the Internet is constructed and operates today there is no way to achieve proof-positive attribution (as you could in the good old days with the launch of an ICBM) without violating local laws and the tenants of good Internet behavior (or other untoward actions). Two wrongs rarely make a right, and things get considerably more difficult if that first wrong is a knock-out punch that takes you off-line for hours. Absent fast and reliable mechanisms that allow for such a granular picture into adversary action, attribution is always going to be an educated guess and adversaries will always have some kind of "out" that they can use to justify their own action or press for redress.

Adversary Knowledge. Always a good thing to have, but there is rarely enough or enough good information to make a sound decision. Sure, there are books and papers about the subject published by those we presume would be our adversaries online, but the most prolific and successful adversaries in cyberspace don't publish doctrine. Those that study these issues are reading the wrong sorts of books. The clear and present danger online is more Red Mafiya than The Main Enemy.

Secrecy. Keeping quiet about how we know what we know is old hat in the intelligence business. When everyone is operating more or less on equal terms however, once an adversary figures out the jig is up, discovering your leak is fairly straight forward. Tradecraft online is computer science, not cloak and dagger, and the dark arts in that domain are public knowledge (more on that train of thought in a bit).

Delineating Behavior. In the cold war you didn't want the other side to turn the key and push the button on the ICBM launch control. The goal was preventing nuclear war; there was no such thing as a nuclear slap-fight. The same is not true in cyberspace because the building blocks of almost any sort of malicious activity online - whether the motivation is intellectual, criminal, or political - are the same. Delineating what to monitor and deter would require capabilities we do not currently have, and the way things are going, probably not achievable in a meaningful time frame.

Effective Responses. I largely agree with the points made here as far as actual delivery is concerned. Our ability to respond to a threat is rarely questioned: stories of our capability to do just that have been leaking out at a steady pace for years. I submit that this is the simplest and most effective approach to take and that not a lot of heavy thinking need be applied going forward. After all, what facet of warfare are we not dominant in? What eight-digit grid coordinate can we not turn into a smoking hole in the ground? The only thing our adversaries need to know is that one way or another we're going to get them.

Dominance over the Operational Environment. Of course to be effective you also have to factor in time as a part of your response. Barring a radical change in how our cyber defense and offense capabilities operate however, there is almost no chance that we will be able to detect and respond to an adversary attack in a timely fashion. Take a look at what is involved in just monitoring and reporting cyber threats across the military. You think the decision-making capability in that spaghetti is able to respond in minutes? Hours? And just how would decision-makers in such an enterprise vet their information? Using present-day solutions? Let's face it: serious national assets get pwned so regularly it's like we're just pretending to care (in radical cases they don't even bother pretending), so this emphasis on responding is largely a horse-and-burning-barn exercise.

Clean Slate

All of the aforementioned points are good things to want, but the idea that we're going to achieve them in a meaningful time frame is folly. I'm not even the grayest beard in this business and I know that we're approaching decade-three of talking about the issues (decade-seven if you're an old crow) but not significantly closer to solving them. From Hiroshima to On Thermonuclear War only took 15 years and except for the delivery mechanisms and yield, a nuke is a nuke: cyberspace today is nothing like ARPANET, and in ten years it'll look nothing like it is today.

So to move forward in this area I think it would be useful if we drew from different historical analogs, or simply made our own history. Cold warriors still set policy, so I expect the comfort level to drop precipitously and I have no hope of traction, but like the proverbial lieutenant who suggested that putting armor where returning bombers weren't shot to pieces by the Luftwaffe was a better approach than reinforcing where the holes were, someone has to sound off.

More Weapons, not Weapons Control. Digital arms control, cyber deterrence . . . it all sounds great. The problem? Cyber weapons are really computer code; computer code is rooted in math: Good luck trying to control math. What's your arms control inspection regimen going to be: reviewing foreign textbooks? Inspecting 9th grade classrooms? Controlling the movements of math professors? Are you going to nationalize Microsoft? Declare Bill Gates a munition? Haven't we learned the futility of that sort of thinking?

A better approach would be the equivalent of a concealed carry policy. Why? To coin a phrase: an armed populace is a polite populace. Crime goes down in areas where people can carry concealed weapons, because even the dumbest criminal wants to avoid a Crocodile Dundee moment.

"But how do you avoid turning cyberspace into the wild west?" you ask? Well, how exactly would that be different than the situation we're in today? At least this is an approach that doesn't mandate victim-hood. If too many "gunfights" broke out, it would drive all authoritative bodies concerned to develop a solution before life online became unlivable. Nothing spurs action like bodies.

Privateering. If cyber space is to be compared to any other environment or construct, I think it should be the open ocean (circa 1700s). Long-time readers are probably tired of hearing about this from me, but I haven't found anyone to say it doesn't make sense or wouldn't work. Gen Hayden is right: we don't expect Wal-Mart to participate in missile defense or blue-water naval operations, but such activities benefit Wal-Mart just the same. So make a decision: service providers and those who own and manage cyberspace have the right defend themselves, or such responsibility falls exclusively to the government: what's it going to be?

/*At this point it is worth noting that the primary focus of the private sector is on the bottom line and up-time, not national security. So any strategy that involves the private sector in earnest but falls short of nationalization is going to have to accept compromises that the fathers of deterrence didn't have to consider. There is no information infrastructure enterprise that doesn't take steps to ensure that its investment and services are not protected against threats, but threats to the infrastructure and threats to the consumer are not necessarily the same thing. Security also need only be sufficient - not perfect - because the closer you get to perfect, the less effective you are as a going economic concern. Hate the game, not the player.*/

Razor, not Barbed Wire. It looks similar from a distance, but they're very different up close. You can breach a barbed wire barrier fairly easily, but razor wire will ruin your day, and it might take a good part of the day to get through it. Digital concertina (a/k/a the firewall) is over 20-years old and still a building block of every online security systems known to man, but a fat lot of good it does against a serious or sufficiently creative assault (which is what we are facing). What other industry do you know of continues to employ ineffective solutions and still retains a market share that is measured in tens of billions? What army goes to war in a Mark V? Odds are you'd get fired for submitting plans for a security architecture that didn't involve firewalls, intrusion detection systems, and signature-based anti-virus: all of which fail with alarming regularity. Developing a security strategy for cyber space means recognizing that almost nothing you are doing today works well as-is; it means thinking Blitzkrieg when the guy next door is building his wall.

Mine Fields. If you can only protect a limited number of paths to your door, or you are drastically outnumbered by an array of forces, a mine field is an excellent tool. Trust me: nothing stops a brigade of infantry, or even an armored column, like the word "mines." Given that processing and memory is so cheap, and connectivity nearly ubiquitous, how come no one has figured out how to build a computing environment that intentionally becomes unusable if things become too hostile? Such a system would 'blow up' sending legitimate users to an alternate environment and forcing attackers to start their hunt for targets anew? How come we're spending so much time and money on a solution that intentionally makes it easier for our adversaries to perform targeting?

Fight the War We're In Now. Why talk about surprise attacks when we've been fighting for years? Why do we look toward theories that sought to avoid global holocaust when we're presently engaged in attrition warfare? Why worry about fighting under a future legal regime that no nation on earth is ever going to ratify (the benefits to being a 'rogue state' far outweigh the benefits of being in the global security club)? To some this is an advocation for frontier justice, but what choice do you have if security is your number one priority and the Marshal is a three-days ride away (and it our case, we're the ones trying to play Marshal)?

When I say there is "no hope" for a strategy similar to nuclear deterrence of course I mean there is some hope, just not enough to factor into practical decision-making. No one - not even the US - has a vested interest in seeing cold-war practices adapted to an information-war environment. There is far too much at stake - yet simultaneously almost no long-term risk - that efforts to walk down the paths blazed by Nitze and Kahn are really just conference fodder and cyber salon chit-chat. You would think that there were no other theories of warfare (generational or otherwise) one could look to for guidance. One could argue that cold war strategy is a good place to look because it worked, but you're working off of an awfully small data set and overlaying that construct onto an entirely different world than the one that existed 50 years ago.

  • AudioFebruary 2, 2010
    [Listen Here]
    What on Earth can Usama bin Laden, the mystical calculus of climate change and US Homeland Security have in common? Does bin Laden really agree with the President of the United States on matters weather? How is it that the...

Special Reports

Recent Features