9/20 Session #2: Back to Bechtold
Now we carry on with the week’s central---and until this morning, only---agenda item: evidence bearing on AE155, the defense’s motion to abate or postpone the case, in light of information technology that insufficiently protects privileged or confidential materials---and that compels defense lawyers to opt for alternative procedures to keep their secrets safe. The government’s witness is recalled. Ronald Bechtold, Chief Information Officer at the Pentagon, is once more questioned by Prosecutor Johanna Baltes.
Published by The Lawfare Institute
in Cooperation With
Now we carry on with the week’s central---and until this morning, only---agenda item: evidence bearing on AE155, the defense’s motion to abate or postpone the case, in light of information technology that insufficiently protects privileged or confidential materials---and that compels defense lawyers to opt for alternative procedures to keep their secrets safe. The government’s witness is recalled. Ronald Bechtold, Chief Information Officer at the Pentagon, is once more questioned by Prosecutor Johanna Baltes.
(The pair talk for only a few moments, before a beeping alarm sound is heard, and an automated female voice warns of cell phone use. Baltes looks confused; the court looks confused. Does anyone have their iPhone here? The court calls a quick recess to figure out if anybody brought a mobile phone, in violation of court rules. It comes to a quick end, and we resume---Droids, Samsungs, and all turned off or stored elsewhere.)
Witness and counsel return to a familiar theme: external access to defense computers. Bechtold always has recommended to defense counsel, he says, to employ existing, audit logging features on their machines. These allow for reporting, which will tell a user about additions and deletions, and about access---by whom, and with what sort of permissions. The defense already has such tools within their reach, Bechtold says; they have only to use them. A curious Baltes: you mean to say that on a daily basis, the defense can determine whether their systems have been accessed? Correct. Moreover, the witness has reached out to Col. Mayberry about this, in connection with IT security concerns conveyed by the defense---but received no response. It pains him, not having spoken to Mayberry personally, given Bechtold’s goal of solving IT problems. The court: are you involved in the process of formulating technical solutions to defense concerns? Not directly; Bechtold’s deputy is involved, though, and Bechtold believes he understands the defense’s position. But those pending solutions to one side, he thinks audit-logging could be commenced as early as tonight. The witness conveys this much strongly: he really wants to help the defense to fix this stuff. To that end, he’s willing to furnish a dedicated, in-privilege-bubble IT person to Mayberry’s crew.
The next subject is email encryption, which Bechtold also has proposed to Col. Mayberry. The latter was concerned, rightfully in Bechtold’s view, about the fact that encryption does not mask addressing and subject data. Likewise, Bechtold proposed encrypting files, as well. This sets of an exchange about Col. Mayberry’s instruction, to defense counsel, not to use email or shared drives for privileged and confidential material. Defense lawyers opted for external drives, but not for “full disk” encryption, which Bechtold thought necessary; he doesn’t remember Mayberry asking about whether an external drive approach would better protect data than the shared network drives. Still, Bechtold thinks opting for the external approach might create new problems while solving those Col. Mayberry had identified. Regarding email, Bechtold finds it “troubling” that defense counsel would opt for open WiFi, at places like Starbucks, in situations calling for privileged communications. Starbucks links to the Internet in an unsecured manner, and the latter is chock full of people trying to do harm, to inject malware, or to steal money. And defense counsel can’t possibly detect those threats in an unsecured setting. Why put the government at risk? The problem is only more acute when counsel affixes DoD-supplied, external hard drives to his or her personal laptop. Bechtold has never spoken to Mayberry about the risks involved in using insecure WiFi. At some point, the witness suspects, the defense stopped trusting Bechtold’s crew.
But that only takes him back to his proposed fix: a dedicated, Booz Allen IT staffer for the defense, not within Bechtold’s purview at all. That’s been in play since late May or June, he thinks. He adds that he’s worked through issues like this in the past, with the Army Inspector General’s office---though he thinks that a 100%, completely separate IT system for the defense is a bad idea. (The IG offices in fact use some shared networks, the witness says, subject to firewalls.) Bechtold nevertheless puts a fine point on this: a physically separate, defense controlled file---that’s no problem, and readily doable. That, in essence, is what is contemplated by the two pending information technology solutions that Col. Mayberry is reviewing.
There’s some more, among other things, about replication. Bechtold was aware of that multi-month project, and of course obliged Col. Mayberry’s subsequent request not to continue with replication for her staff. But the witness was not aware of trouble with replication until after the flawed procedure’s completion. When he followed up, he discovered mistakes---among other things, the replication of live data. It also took considerable time, learning how files had seemingly “disappeared,” but Bechtold and crew eventually figured it out: if the software finds copies of the same file, one larger than the other, it removes both to a separate “holding bin,” one unfortunately invisible to the user. Thus the perceived file “loss” by the defense. Lots of stuff landed in that bin. As to that bin’s contents, Bechtold tried some initial forensic investigation, which didn’t work. That lead him to try a “file comparison,” using special software. It was deployed sometime in June---but was, according to an email from defense counsel to Bechtold, only partially successful. At that point, Bechtold essentially dropped the replication project, and focused instead on proposed changes to the defense IT structure. A bit more on this, and Baltes shifts gears.
She asks about migration of email accounts. At the time, Bechtold knew of Mayberry’s desire to remain off of DoD-wide networks; for that reason, he decided not to migrate the defense’s email aliases. (Others within the Office of Military Commissions were migrated.) In hindsight this may have been a mistake, given the risk of “dual persona” problems. Such problems, for example, plague Army personnel assigned to the Commissions, as they now have two emails---one for the Army, and another for the Commissions---and thus two “personas,” for DoD IT purposes. This will be an ongoing problem, but Bechtold aims to mitigate it as best he can---even, he says, while he’s here at Guantanamo. This last week, the witness has been in conversation with tech folks assigned to both the prosecution and defense. Moreover, his intent is to compile a list of all known issues---regarding email migration and other things---to take with him back to the Pentagon.
The examination touches on a few more topics---among other things, the witness’s intent to speedily resolve defense problems, with encryption and audit logs---and then winds up.