Author: Eliot

Some Hawks Actually Harm National Security

https://upload.wikimedia.org/wikipedia/commons/c/c6/BenjaminNetanyahu.jpgI love this article article by the Washington Post about the likelihood of Prime Minister Benjamin Netanyahu of Israel losing to his Labor Party rivals.  It reminds me of the old joke about the CEO.  When she goes into his office for the 1st time she finds three envelopes and a note from the previous CEO that reads, “open these envelopes in order when you run into trouble.”  And so the first time she runs into trouble, she opens the first envelope and finds a note that reads, “blame your predecessor”.  And she does so and it works.  The next time she has problems, the note inside the second envelope reads, “reorganize”, which she does.  And the third time she runs into trouble, she opens the third envelope to find a note that  reads, “write out three envelopes”.  Surely Bibi is on his third envelope.  We will see if he opens it tomorrow.

Hawks in Israel are blaming external forces for Mr. Netanyahu’s downfall.  Could it be that Bibi had something to do with it by alienating the leader of the most powerful nation on earth, by playing into domestic politics in America and potentially making support for Israel a partisan- rather than bipartisan – issue?  In other words, this hawk may have harmed his own country’s through his undermining of support for his country.

The same could be said about Senator Cotton and the 46 senators who sent a letter to Ayatollah Khamenei.  Just because they might want to rely on force doesn’t mean it is the right way to protect Americans.

Senators’ letter to Iran was reckless, but probably not illegal

The senator’s letter to Iran probably wasn’t illegal, but it was foolish.

Tom CottonA lot of buzz went on in the past week over a letter that Senator Tom Cotton of Arkansas wrote and 46 Republican senators signed.  Some have called the letter a violation of the Logan Act.   There are essentially three questions to ask:

  1. Did the Senators violate the Logan Act?
  2. Did they violate their oath to the Constitution?
  3. Was their letter a good idea?

CNN’s Jeremy Diamond has provided an excellent analysis of whether the Logan Act was violated.  In a nutshell, senators receive the same protection from the 1st Amendment of the Constitution that the rest of of receive.  As an inherently political act, the letter would receive the highest level of protection from any court.  CNN points out that in the over 200 years the Logan Act has existed there has been a grand total of one indictment and no actual prosecutions.  In short the the Logan Act is a paper tiger, and rightfully so.

The Act itself reads as follows:

Any citizen of the United States, wherever he may be, who, without authority of the United States, directly or indirectly commences or carries on any correspondence or intercourse with any foreign government or any officer or agent thereof, with intent to influence the measures or conduct of any foreign government or of any officer or agent thereof, in relation to any disputes or controversies with the United States, or to defeat the measures of the United States, shall be fined under this title or imprisoned not more than three years, or both.

One gets the feel that when President John Adams affixed his signature he was thinking in the same way that led him to believe that the title of the head of the new republic should be king and not president.  People every day talk with representatives of foreign governments, to provide them their perspectives.  Indeed successive administrations, including this one, have encouraged those dialogs, because they advance American values.

Some might argue that the senators who signed the letter had in some way violated their oath to uphold the Constitution, as if somehow they did that by conducting foreign policy.  The Constitution itself is mostly quiet about that.  Article II Section 6 does state that it is the job of the president to conclude treaties with other nations, on the advice and consent of other countries.  But it doesn’t say that others in government can’t speak to other governments.

And so we are left with the question as to whether it was a good idea to send any such letter to Ayatollah Khamenei.  Here the senators erred in two ways.  First, the Cotton letter itself advises the Iranians that any deal President Obama makes on nuclear development with the Ayatollah could be overturned with the stroke of a pen of the next president, because it doesn’t have the force of a treaty.  As it happens, most treaties can be abrogated with the same stroke of a pen by a future president, and so their argument that such an agreement should be brought before the Senate is largely moot.

But beyond that and more importantly, the senators have failed to understand it will not be the United states that enforces of any agreement in economic terms, but rather a coalition of countries, largely in Europe, who will decide to either buy Iran’s oil or not.  The fact is that oil is a commodity, and it will be sold at market prices, and Iran doesn’t care where the money comes from, so long as it comes.  Thus whether the next president backs out of an agreement with Iran matters only in as much as the Europeans also back out of the deal.  They will not tolerate intransigence or extremism, either by Iran or the United States, either in advance of an agreement or later.  If they believe that negotiations have been scuttled for other than security reasons, they may either make a separate deal on nuclear development with Iran, or simply let the sanctions they have in place lapse.  If they believe a president has backed out of an agreement other than for cause, the Europeans will not follow suit.

In addition, it would send a horrible message to the rest of the world if the next president did back out of an agreement without strong justification, because it would it would call into question the word of every succeeding U.S. president.  That’s very bad for America.

Therefore we have to ask why the senators sent the letter in the first place.  The only convenient answer is that all politics is local, and that they wanted to show that they were “tough”.  Certainly that is the image that Senator Cotton likes to project, and it certainly plays well with some parts of the population.  But that doesn’t make the letter the smart thing to have done from a diplomatic perspective.  We are at this point with a relatively moderate President Rouhani at the table because of effective economic – not military – measures.  Certainly we have to be wary of future versions of Mahmoud Ahmadinejad, but we should also be aware that much of the distrust between countries can give way to better understanding and an end to hostile behavior only when each nation recognizes that the other is not filled with crazy people.

No pardons for torture

The President can’t pardon people who don’t seek forgiveness. And he can’t forgive as he was not the aggrieved.

Yesterday the U.S. Senate released the long-awaited report on CIA torture.  In an OpEd in the  New York Times, Anthony Romero, the president of the American Civil Liberties Union, stated that he thought the people involved all the way up to the President should be pardoned.  Romero’s logic was that only a crime could be pardoned, and therefore by pardoning these people the President would be a acknowledging that crimes had occurred.

Were only that easy.

Today, CNN reported that in response to that release, former VP Cheney said that he would do it all again and that report itself was deeply flawed.   In that same response he indicated that he hadn’t actually read the report.  Where I come from, before one can be forgiven, one must first seek forgiveness.   Those who tortured but do not see the error of their ways must learn that a civilized society rejects them and their ways.  The best way to convince them and others that we think torture is wrong is to hold those who are responsible accountable in a court of law.   Mr. Cheney may never have been in the chain of command.  What we see from him is simple puffery, an attempt to grab the microphone once again.  His actions are those of a chicken hawk.

Some of the people who committed torture do in fact regret their actions, as was all too clear in an editorial in yesterday’s New York Times from former intelligence officer Eric Fair.  Mr. Fair freely admits that he tortured.   However, he did so under the color of authority of the United States.  It is therefore not appropriate for the President to pardon him, either; because neither the President nor the people of the United States are the aggrieved.  Rather, it is for the President to apologize to the victims on behalf of the United States in whose name these acts were committed, and for the Attorney General to prosecute.  Once that has happened, and if the victims wish it, then and only then should he consider pardons.  I would go so far as to add that Mr. Fair is also an aggrieved party, as he has scarred himself through this experience.  Maybe the next person called upon to torture will learn how to say “no”.  Maybe the Senate report will help us understand what happened, so that it does not happen again.  It happened on our watch.

IANA Transition is on track for protocol parameters

In March of this year U.S. Assistant Secretary of Commerce Larry Strickling announced the administration’s desire to withdraw from its oversight role over Internet naming, numbering, and protocol parameters.  In that announcement he called for the community to come up with a proposal that I can submit through ICANN.  Since that time, the community organized the IANA Coordination Group, develop a timeline, rolled up our sleeves, and got to work.

Now the first part of the proposal is nearly ready. The Internet Engineering Task Force who are responsible for policies relating protocol parameters has issued a last call on the draft that will be submitted to the ICG.  Both the  naming and  number and communities are not far behind.

It was disappointing yesterday to see Gordon Crovitz complaining about a lack of progress in yesterday’s Wall Street Journal, attempting to get the blame on President Obama.   Crovitz acknowledged that nothing was broken. I agree.  In fact in the process of developing the IETF part of the proposal, not a single person complained about the operational performance of the IANA staff. When a government role isn’t needed, it shouldn’t be performed, since it just costs U.S. taxpayer money.  Oddly in this instance, Mr. Crovitz likes big government.

Mr. Crovitz also asserted that the NTIA direction would put the IANA functions into the hands of other governments.  In point of fact all the proposals are being developed by the private sector, and the Internet technical community. While other governments may not trust United States to manage domain names, they do trust the private sector to do so.  Sec. Strickling’s deft move provided strong support for United States positions at the recent ITU plenipotentiary conference in Busan, South Korea, that kept excessive government control of the Internet at bay.

Since we’re not in a hurry to fix something we might as well get the job done right so that the transition can succeed.  The issues around Internet governance are complex and require serious consideration.  While all institutions such as ICANN hold a public trust, abuse should only be heaped on them when it’s deserved.  Today it was not.    Instead what we saw it was a vindictive commentator attempting to score cheap political points against the administration at the expense of hard-working people and the long term interests of the Internet as a whole.

But don’t let the facts get in the way of good column.

It doesn’t matter that much that Apple and Google encrypts your phone

Apple’s and Google’s announcements that they will encrypt information on your phone are nice, but won’t help much. Most data is in the cloud, these days; and your protections in the cloud are governed by laws of numerous countries, almost all of which have quite large exceptions.

CybercrimeAt the Internet Engineering Task Force we have taken a very strong stand that pervasive surveillance is a form of attack.  This is not a matter of lack of trust of any one organization, but rather a statement that if one organization can snoop on your information, others will be able to do so as well, and they may not be so nice as the NSA.  The worst you can say about the NSA is that a few analysts got carried away and spied on their partners.  With real criminals it’s another matter.  As we have seen with Target, other large department stores, and now JP Morgan, theirs is a business, and you are their commodity, in the form of private information and credit card numbers.

So now here comes Apple, saying that they will protect you from the government.  Like all technology, this “advance” has its pluses and minuses.  To paraphrase a leader in the law enforcement community, everyone wants their privacy until it’s their child at risk.  However, in the United States, at least, we have a standard that the director of the FBI seems to have forgotten- it’s called probable cause.  It’s based on a dingy pesky old amendment to the Constitution which states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

So what happens if one does have probable cause?  This is where things get interesting.  If one has probable cause to believe that there is an imminent threat to life or property and they can’t break into a phone, then something bad may happen.  Someone could get hurt, for instance.  Is that Apple’s fault?  And who has the right to interpret and enforce the fourth amendment?  If Apple has a right to do so, then do I have the right to interpret what laws I will?  On the other hand, Apple might respond that it has no responsibility to provide law enforcement anything, and all it is doing is exercising the right of free speech to deliver a product that others use to communicate with.  Cryptographer and Professor Daniel Bernstein successfully argued this case in the 9th Circuit in the 1990s.  And he was right to do so, because going back to the beginning of this polemic, even if you believe your government to be benevolent, if it can access your information, so can a bad guy, and there are far more bad guys out there.

Apple hasn’t simply made this change because it doesn’t like the government.  Rather, the company has recognized that for consumers to put private information into their phone, they must trust the device to not be mishandled by others.  At the same time, Apple has said through their public statements that information that goes into their cloud is still subject to lawful seizure.  And this brings us back to the point that President Obama made at the beginning of the year: government risk isn’t the only form of risk.  The risk remains that private aggregators of information – like Apple and Google or worse, Facebook– will continue to use your information for whatever purposes they see fit.  If you don’t think this is the case, ask how much you pay for their services?

And since most of the data about your or that you own is either in the cloud or heading to the cloud, you might want to worry less about the phone or tablet, and more about where your data actually resides.  If you’re really concerned about governments, then you might also want to ask this question:  which governments can seize your data?  The answer to that question is not straight forward, but there are three major factors:

  1. Where the data resides;
  2. Where you reside;
  3. Where the company that controls the data resides.

For instance, If you reside in the European Union, then nominally you should receive some protection from the Data Privacy Directive.  Any company that serves European residents has to respect the rights specified in that.  On the other hand, there are of course exceptions for law enforcement.  If a server resides in some random country, however, like the Duchy of Grand Fenwick, perhaps there is a secret law that states that operators must provide the government all sorts of data and must not tell anyone they are doing so.  That’s really not so far from what the U.S. government did with National Security Letters.There’s a new service that Cisco has rolled out, called the Intercloud that neatly addresses this matter for large enterprises, providing a framework to keep some data local, and some data in the cloud, and the enterprise has some control over which.  Whether that benefit will extend to consumers is unclear.In the end I conclude that people who are truly worried about their data need to consider what online services they use, including Facebook, this blog you are reading right now, Google, Amazon, or anyone else.  They also have to consider how if at all they are using the cloud.  I personally think they have to worry less about physical devices, and that largely speaking Apple’s announcement is but a modest improvement in overall security.  The same could be said for IETF efforts.