It’s far more grave than one compromised NSA contractor.
Latest in NSA
Friday morning, the White House announced it will elevate Cyber Command to a full unified combatant command. Within 60 days, the Secretary of Defense will recommend whether Cyber Command should also be split from the National Security Agency.
The Government Accountability Office last week published a report that, among other things, weighs in on the pros and cons of the NSA/CYBERCOM “dual-hat” system (pursuant to which the director of the NSA/CSS and commander of CYBERCOM are the same person). The report deserves attention but also some criticism and context. Here’s a bit of all three.
1. What is the “dual-hat” issue?
In light of Michael Sulmeyer’s excellent recent piece on splitting NSA and CYBERCOM, which ran at War on the Rocks last week, I want to pull together some of the key legal and policy developments of the past year in a single narrative. My aim is to put them in context with each other in a way that will provide useful background for those new to this issue, while also putting a spotlight on the deconfliction-of-equities issue that the split proposal raises.
The New York Times has published a declassified version of a 2016 report from the Defense Department Inspector General that assesses the reforms implemented to improve security of the NSA's most sensitive systems after the Snowden disclosures.
Reality Leigh Winner, a recently separated Air Force linguist and a new hire by Pluribus International Corporation as a support contractor with a Top Secret clearance, allegedly searched for and printed out a Top Secret government report, folded it up, and dropped it in the mail to an online news outlet. Yesterday, the U.S. Attorney’s office revealed her arrest in an unsealed indictment.
The most important policy question raised by the WannaCry ransomware fiasco is not the most obvious one.
In this surveillance-heavy episode, Professors Chesney and Vladeck dig into a raft of news about foreign-intelligence collection authorities.
What Is the "Right" Number of Call Detail Records for 42 Targets under FISA's Business Records Authority?
ODNI's transparency report contains loads of interesting information. In this post, I'd like to draw attention to the statistics on use of the FISA Business Records authority, 50 USC 1861.
We learned today that NSA has decided to abandon "about" collection altogether, and this appears to have been central to to getting the FISC to reissue a certification (and perhaps also will help avert a trainwreck when Section 702 comes up for renewal later this year).