9/20 Session #4: All IT, All The Time
The lights dim here at Smallwood, as our piped-in-from-GTMO proceedings resume---with a quick summation of precisely what is pending before the court. Of course we have AE155, this week's motion to abate for IT issues. There’s also AE181, the defense’s motion regarding the scheduling of commission sessions. On the latter, it seems there will be an ex parte submission by the defense, later today.
Published by The Lawfare Institute
in Cooperation With
The lights dim here at Smallwood, as our piped-in-from-GTMO proceedings resume---with a quick summation of precisely what is pending before the court. Of course we have AE155, this week's motion to abate for IT issues. There’s also AE181, the defense’s motion regarding the scheduling of commission sessions. On the latter, it seems there will be an ex parte submission by the defense, later today.
Back to Ronald Bechtold, Chief Information Officer at the Pentagon, and the “Path Forward,” as J. Connell III describes the would-be solutions to the defense’s IT security problems. That Path would, presumably, obviate the need for something Al-Baluchi’s lawyer asks the witness about: ad hoc use of DoD-issued external hard drives. (This is defense counsel’s current alternative for DoD shared networks---which defense counsel no longer use, per Col. Mayberry’s order.) When coupled with a personal computer, Connell says, an external drive can pose security problems, right? Bechtold very much agrees. But couldn’t there be other problems, like the absence of backup? There could, the witness tells him. Especially important is what Bechtold describes as “positive control” over data at all times. One won't get that in the external hard drive scenario. And, the witness agrees with Connell, external drive use can complicate information sharing---the very goal of networking.
Connell also asks about the mechanics of IT systems, by posing a hypothetical: let's say he does a Google search on his client’s name. How does that work? Bechtold explains this, going connection point by connection point, switch by switch. At some point, these stop being DoD-owned and start being privately held---thus the query flies off into the vast and (from Becthold’s standpoint) unsafe Internet ether, and eventually to the nearest Google server. This can mean all kinds of bad things, among them the addition of malicious logic to Connell’s computer---without any technical means to uncover or fight the bug. DoD infrastructure can detect that, though, with its monitoring procedures. The latter, Bechtold says, takes place at the network level, when data is in transit, not at the individual workstation level. (Connell now walks the witness through one of his helpful demonstratives, which describes the various roles played by monitoring personnel.) What if a search suggests a threat pattern, asks Connell, like Osama bin Laden’s speeches? In that case, there’s an investigation of the technical data, and then a person follows up. That person might in turn contact the user, and ask about why he or she carried out the search in question, what the details were, and so forth---the idea being to uncover information needed to address the IT threat, say the spread of malicious code or the improper downloading of classified data. Bechtold’s shop will try to take these remedial actions---including cleaning affected machines---quickly, in under 24 hours sometimes. But, he emphasizes, he can’t do all of this, when defense counsel opt for external hard drives rather than the DoD network.
Al-Baluchi’s lawyer asks about the IT threats Bechtold mentioned yesterday (any DoD person who works outside the DoD network doesn’t understand the threat environment, which is quite grave, in his view); and about standardization of IT policies regarding threatening material (that’s still ongoing, and was begun in earnest with statutory changes made in 2002). Connell: could somebody decide that our office, which represents accused terrorists, could be specially targeted for monitoring under IT policy? A less-than-clear Bechtold thinks IT decision makers would view defense counsel as doing legal work, a categorization that could trigger heightened attention. The witness, when asked, confirms that he is the decision maker for IT matters affecting the Office of Military Commissions---but he doesn’t recall when the defense’s monitoring status was determined by IT personnel. The lawyer’s next questions have to do with IT systems used by the DoD Inspector General, and by the prosecution---its about parity, says Connell.Parity? Mention of the word visibly irritates Judge Pohl. This entire week was supposed to be about a defense request not to employ a system like the prosecution’s, wasn’t it? This was supposed to be about walling off the defense, not mirroring defense and prosecution IT setups. Connell agrees, and explains that his query means to respond to a prior suggestion---false in his view---that the defense’s motion seeks special, heightened protections. No, his crew intends here only to abate the proceedings, until the IT regime properly protects legal privileges and confidences. Mention of this prompts Judge Pohl to ask how he could grant this sought relief, as improvements to the IT regime depend not on his discretion, but on that of Col. Mayberry, who must devise and ultimately sign off on any changes to defense IT systems. Surely he can’t abate the case until such time as she decides to proceed, right? The lawyer observes that he serves many masters: the court, the Convening Authority, Col. Mayberry. He thus must represent his client in light of that tripartite arrangement---in this case, by seeking relief from the commission. This raises the prospect of a conflict between an order from the Chief Defense Counsel, and an order from the military judge. The detour takes a few more minutes, before we return to Mr. Bechtold, and IT matters.
On those, do the current COA proposals touch on classified networks? Evidently not, Bechtold thinks, as Col. Mayberry asked only for reforms to unclassified ones. Mention of the classified network reminds Bechtold: he wants to spend more time with Mayberry and company, in order to better understand the latter’s IT needs. How many DoD IT people have sufficient privileges to log into the defense network now? The number isn’t one, it might be in the hundreds, answers Bechtold.
We move to the subject of investigative search requests (“ISRs”)---like that issued by the appellate court in Al-Qosi, and that lead to the disclosure, to prosecutors, of some defense emails. Connell marches through Defense Department ISR procedures, which are displayed onscreen in an exhibit. Baltes objects: why are we talking about this? Col. Mayberry has said, in testimony, that she is satisfied with ISR procedures as they stand now; Connell’s question goes to historical procedures that have since been altered, Baltes explains. Some more exasperation from the military judge, who says that, at some point, he doesn’t need to hear the same testimony for the umpteenth time. Despite the complaint, he doesn’t preclude Connell’s historical inquiry---though he exacts a promise from counsel that it will be brief. Bechtold then describes breakdowns in the ISR process, including the lack of a Boolean logic-qualified person at the helm of the search that occurred. That prompts him to describe the addition, afterwards, of greater safeguards---which, as we know, Col. Mayberry has accepted.
Lawyer and witness then turn to encryption, of documents and email alike. Does Bechtold know that the defense sought encryption software in the past, and negotiated for the purchase of a particular product---one that wound up not working on DoD systems? The witness doesn’t, among other things because he isn’t sure who Connell and company had spoken to. (He adds that the doesn’t know every employee in the DoD IT office.) Connell is keen to suggest hard, prior work, on the defense's part, to obtain encryption. But the witness’s lack of knowledge on this point brings an instruction from the court to move on.
And we will, after a brief recess.