The next National Defense Authorization Act (the NDAA FY’18) is nearing the finish line. A Conference Report is now available, and so the time has come for a closer look at some of the key provisions of interest to Lawfare readers. My colleague Scott Anderson is going to post a broad overview shortly. For my part, I’d like to walk you through the “Cyberspace-Related Matters” section (sections 1631-1649C).
Latest in NSA
It’s far more grave than one compromised NSA contractor.
Friday morning, the White House announced it will elevate Cyber Command to a full unified combatant command. Within 60 days, the Secretary of Defense will recommend whether Cyber Command should also be split from the National Security Agency.
The Government Accountability Office last week published a report that, among other things, weighs in on the pros and cons of the NSA/CYBERCOM “dual-hat” system (pursuant to which the director of the NSA/CSS and commander of CYBERCOM are the same person). The report deserves attention but also some criticism and context. Here’s a bit of all three.
1. What is the “dual-hat” issue?
In light of Michael Sulmeyer’s excellent recent piece on splitting NSA and CYBERCOM, which ran at War on the Rocks last week, I want to pull together some of the key legal and policy developments of the past year in a single narrative. My aim is to put them in context with each other in a way that will provide useful background for those new to this issue, while also putting a spotlight on the deconfliction-of-equities issue that the
The New York Times has published a declassified version of a 2016 report from the Defense Department Inspector General that assesses the reforms implemented to improve security of the NSA's most sensitive systems after the Snowden disc
Reality Leigh Winner, a recently separated Air Force linguist and a new hire by Pluribus International Corporation as a support contractor with a Top Secret clearance, allegedly searched for and printed out a Top Secret government report, folded it up, and dropped it in the mail to an online news outlet. Yesterday, the U.S. Attorney’s office revealed her arrest in an unsealed indictment.
The most important policy question raised by the WannaCry ransomware fiasco is not the most obvious one.
In this surveillance-heavy episode, Professors Chesney and Vladeck dig into a raft of news about foreign-intelligence collection authorities.
What Is the "Right" Number of Call Detail Records for 42 Targets under FISA's Business Records Authority?
ODNI's transparency report contains loads of interesting information. In this post, I'd like to draw attention to the statistics on use of the FISA Business Records authority, 50 USC 1861.