Armed Conflict Criminal Justice & the Rule of Law Terrorism & Extremism

9/19 Session #7: Exit Glover, Enter Bechtold

Wells Bennett
Thursday, September 19, 2013, 6:05 PM

Our recess ends. Brent Glover, encryption maven, abbreviation jockey and government witness, is recalled. Cheryl Bormann has but one question, about the scope of Glover’s testimony and expertise: this deals solely with encryption, and not monitoring, eavesdropping, migration of email, or other things, right?  Yup, that’s right.

Published by The Lawfare Institute
in Cooperation With
Brookings

Our recess ends. Brent Glover, encryption maven, abbreviation jockey and government witness, is recalled. Cheryl Bormann has but one question, about the scope of Glover’s testimony and expertise: this deals solely with encryption, and not monitoring, eavesdropping, migration of email, or other things, right?  Yup, that’s right.

Abbreviation lovers will relish our next bout of cross-examination, from Col. Sterling Thomas, al-Baluchi’s counsel.  Like Bormann, Thomas has only a few quick queries, first about using Outlook remotely.  The witness says he does this on occasion, but only by means of government-furnished equipment, or “GFE”---though he understands that sometimes private, not-GFE computers have been used to accomplish “OWA,” or “Outlook Web Access.”  Thomas then continues with a topic Bormann explored earlier, regarding secure communications with foreign individuals.  Sure, we know this is possible, provided the recipient has purchased a commercial encryption product on the open market.  Well, what if the recipient has done that, as Glover suggested earlier---but the product doesn’t work, and Thomas can’t communicate with so-and-so who lives abroad? Glover says defense technical support could help in that case.  Failing that, so could Glover’s shop, or even the third party ECA---or the ”External Certificate Authority,” that is, the company that sold Thomas the product initially.  Nothing further for Mr. Glover, it seems; he is dismissed. Next comes Ronald Bechtold.  He’s the Chief Information Officer at the Pentagon.  Prosecutor Johanna Baltes questions him, first about his duties.  Unsurprisingly, a top priority for Bechtold is to anticipate and defeat a swelling complex information security threats---the theft of intellectual property, and so on.  His greatest fear of all, he says, is that “control systems” for water, banking and other vital resources would be hacked or destroyed. That takes Baltes to network security.  DoD web connection points are closely monitored, according to Bechtold, in order to detect threats. Moreover, only an authorized user can access the DoD network; DoD-issued common access cards or “CACs” ensure authorization, and thus an added layer of protection.  The prosecutor: DoD users also consent to security monitoring when they log on?  That’s right, but Bechtold says that no humans really are involved in this, at least initially.  The process is automated, and simply looks for patterns; if a pattern has been shown to be malicious before, for example, it is flagged, and IT staff within the appropriate DoD component will get involved.  A human-led inquiry occurs once a day at the Pentagon, and might concern malicious code, data spills---or even, the witness agrees with Baltes, the appearance of classified materials on unclassified servers.  But nobody, Bechtold underscores, is monitoring the “body” of documents or data; given his Office’s mission, he’s naturally more interested in “controls,” or identifying information.  

Bechtold’s group has furnished staff to the Military Commissions. Such people support, among others, the defense.  Suppose the defense wanted a defense-only IT person.  Would that be possible?  Absolutely, answers the witness.  It would be worth it to discuss this project with Col. Mayberry and her staff, maybe even to swap out or augment her complement of IT people.

Talk turns to investigative search requests.  These, Bechtold says, can come from FOIA or other sources.  Always, Bechtold will look to see if a request is legally authorized, and also check on any “privilege protocols” that might apply.   Then Bechtold’s group will convert a request to technically-deployable, Boolean logic. There’s trial and error there, and indeed, the conversion process is part science, part art.  What Bechtold means is that initially, some Boolean terms will be too broad-sweeping, but others will be too narrow.  Indeed it appears this swept-too-much-at-first, swept-too-little-next sequence characterized the search issued in connection with the Court of Military Commission Review’s order in Al-Qosi.  On questioning from the court, Becthold testifies that initial searches there returned 200,000 hits, at least some of which could have been emails.  (The witness can’t recall numbers here.)

Apropos, Bechtold’s office has reviewed the Al-Qosi  process.  This inquiry found that, among other things, the staffer who carried out the Al-Qosi search conversion was not supported by supervisory personnel (who were absent for some reason).  His shop thus tried to correct this and other mistakes, in newly issued, standard procedures.  Among other things, these add safeguards to protect legal privileges.  Baltes clarifies that Col. Mayberry, the Chief Defense Counsel, took part in the retrospective conducted by Becthold'shop; Bechtold says Mayberry did.   When asked by Baltes, the witness says that recent DoD email migration also will be addressed by new search procedures at some stage.  Generation of those procedures is evidently ongoing.

Direct examination of Becthold will keep going---tomorrow.  We’re in recess until then.

Wells C. Bennett was Managing Editor of Lawfare and a Fellow in National Security Law at the Brookings Institution. Before coming to Brookings, he was an Associate at Arnold & Porter LLP.

Subscribe to Lawfare