Despite no effective oversight of the FISA violations since 2001, we've been assured that there is a robust oversight program in place. However, there are some indications that there are legal compliance problems connected with the DoD's information warfare strategies.
GAO findings are illustrative. DoD's poor program planning and integration raises doubts about effective, consistent legal compliance across these multiple programs. Indeed, inconsistent program missions cannot have consistent legal compliance programs.
This diary assumes efforts to combat cyber crime are -- or should be -- a subset of defensive cyber warfare operations.
GAO found a lack of coordination with DoD's cyber warfare efforts. GAO findings raise questions about coordination in US Cyber Warfare. This lowers the prospect there is an integrated legal compliance plan.
The GAO investigation started in 2010; however, since 2006, the American Cyber Crime Center website stated their mission. It's unclear whether the cyber crime objectives were adequately incorporated within information warfare objectives.
We have no adequate information how an office in 2006 developed a set of "mission" statements related to cyber warfare, but how GAO in 2011 concluded there was no adequate coordination. A specific, detailed missions statement should be attached to specific legal memorandum.
A recent digital forensics conference announcement points to a curious data-sharing between law enforcement, DoD, and academia:
Announcement: Mr. Win.dsor now leads multiple programs within the DC3 Future Explorations directorate focusing on digital forensics education, resource sharing, and consolidation across the Law Enforcement, Counter Intelligence, Intelligence Community, Academia, and the Department of Defense.
We need to know more about this information sharing, especially given GAO's conclusion that there is a lack of coherence within DoD.
Cyber warefare, in theory, should include efforts to safeguard evidence of unlawful activity, including breaches of the laws of war. It is possible that cyber warriors could stumble upon digital evidence related to war crimes. The laws of war require evidence preservation.
Is it DoD's position that Defense Cyber Crime Center (DC3) is not something that should be included within cyber warfare operations, missions, and strategy?
A lack of coherence in national strategy implies there are different policies, strategies, and procedures between the various agencies working within cyber warfare. How is "digital forensic data" shared between DoD and law enforcement, despite the lack of strategic coherence within the cyber warfare community?
Given GAO's conclusion about the lack of coherence, what's the basis for DoD managers asserting their are providing "leadership"? It would be useful for DoD managers claiming they are providing "leadership" to explain which goals, strategies, and missions they are working to advance, develop, or pursue.
DoD uses the Federal Acquisition Regulations (FAR) to conduct procurement. These rules aim to reduce duplication, ensure efficient use of scarce dollars, and ensure there are clear program baselines to develop technology and products useful for American national security objectives.
However, GAO's finding of a lack of coherence within American cyber warfare raises questions about what's been happening in the agencies:
- Despite this lack of coherence in strategy, how did the Office of Secretary of Defense (OSD) review and approve funds despite this mishmash of objectives;
- Why were awards issued to personnel for "accomplishments" within this confusing environment;
- What was the basis for OSD approving and monitoring these cyber warfare contracts;
- Why were program funds awarded to contractors despite these incoherent policies;
- How are the Acquisition Program Baselines established, approved, and reviewed within DoD despite this lack of coherence within cyber warfare operations?
Further, with a lack of coherence in strategy, there's likely poor coordination between the same offices on legal compliance:
What was DOJ OLC's approach to these legal issues?
Where are the DOJ OLC memos related to using information related to cyber warfare for law enforcement uses?
Conclusion
There are indications the Department of Defense cyber warfare and cyber crime programs are not effectively coordinated, and lack a coherent legal compliance program. This conclusion is startling given the FISA Court jurisdiction on warrants.
Poorly coordinated strategies create a playground for legal loopholes. These are especially interesting given the pletheor of ignored FISA violations after 2001. Notwithstanding the enabling DOJ OLC, the public needs to understand which DOJ OLC memos approved which legal compliance programs for cyber warfare, forensics, and crime fighting.
The public needs greater assurances that these different programs -- with inconsistent program strategies and goals -- have a coherent legal compliance program. We also need to understand more about how the information developed within one mishmash of programs is selectively funneled, siphoned, or provided between DoD-NSA and law enforcement.
These issues seem important enough for the participants to openly discuss. The least they could do is provide a complete record before a Congressional committee related to these data transfers between DoD, academia, and law enforcement.
This interest in only heightened given the lengthy time between a program's inception, the time the warrants were issued despite incoherent strategies, and the 2011 GAO findings related to the mish-mash of programs.
A lack of coherence in American 2011 cyber warfare efforts raises questions about what's been going on since these programs were conceived, managed, and provided funds.
Poor coherence in cyber warfare raises questions about the legal compliance programs within intelligence, forensics, and law enforcement. It defies reason for DOJ OLC to suggest that the legal compliance issues were well coordinated while there are poorly coordinated DoD policy statements, missions, and goals since the program inception.
Despite problems with connecting program expenditures to a stable set of coherent, consistent mission objectives, larger legal issues exist: Whether the public should have confidence the judicial oversight exists, was coherent, or had a uniform procedure to effectively oversee warrants related to cyber warfare, cyber crime fighting, and digital forensics.
It remains unclear whether Brady issues have been adequately addressed, especially given the apparent inconsistent program baselines and legal compliance programs.
The public needs to know how information collected by the NSA is disseminated to law enforcement through "cyber crime" initiatives. The public needs greater assurances that the inconsistent DoD efforts have a uniform set of judicial warrant requirements.
The way forward is to examine how these cyber warfare programs were developed, and track the different legal compliance conclusions between the non-coordinated efforts. The public needs to understand more about the disparities within the Cyber Warfare communities. These issues suggest there were similar legal disparities warranting public oversight and understanding.