Apple vs the FBI: Security vs Security

I thought the national threat assessments presented by DNI Clapper and DIA Director LtGen Stewart along with the release of the FY17 defense budget would offer plenty to engage you with in February, but the more I examined them the less interesting I found them to be.  The biggest news in the Obama Administration’s last defense budget is that it remains essentially flat while laying down markers for transitioning to the as yet to be defined “Third Offset” which will increase military power through the smart use of technology to enhance human capabilities in the battle space.  The intelligence threat assessments presented to the House and Senate Armed Services Committees were, to be kind, a laundry list of twenty plus threats that seemed more aimed at justifying why the defense and intel budgets for FY 17 should not be cut than providing the national leadership with informed insights about the most dangerous threats confronting our country.  It seems the media and the presidential campaigns reacted the same way I did given the amount of attention they have shown these threat assessments and what would be the next President’s inherited defense budget.

Far more interesting to me in February were the three national security stories that continue to be slowed rolled.  During LtGen Stewart’s threat assessment testimony, HPSCI Chairman Devin Nunes expressed his growing impatience with the slow pace of the DoD IG’s investigation into the now six month old charges that CENTCOM intelligence assessments were being altered by seniors in the chain of command so the White House could claim progress against ISIS.  Similarly the Chairman of the Senate Armed Services Committee Senator McCain expressed public anger with the Navy and DoD for not providing his committee with more details regarding the capture and release of two USN riverine patrol boats off of Farsi Island in the Persian Gulf by Iranian Revolutionary Guard forces.  Unless DoD and/or the Navy becomes more responsive, Senator McCain says he is ready to subpoena the eleven USN sailors involved in this bizarre capture and release incident.  Then there is former Secretary of State Hillary Clinton’s email saga, which the Justice Department keeps signaling that it does not intend to deal with until after the election in November.

Certainly the most controversial national security topic of 2016 so far is the debate about whether Apple can refuse to comply with the FBI’s warrant that the company provide a decryption code for unlocking the iPhone of San Bernardino Terrorist Syed Rizwan Farook.   The FBI says it needs Apple’s assistance to unlock Farook’s phone so it can determine who else might have been involved in the December 2nd shooting that left 14 dead and 22 seriously injured.  Apple is refusing on the basis that by assisting the FBI it will make its customers’ data less secure to both domestic and foreign intrusions in the future.  There is also the interesting legal wrinkle that the FBI is not asking Apple for an existing decrypt code but that the company develop one for unlocking Farook’s iPhone.  The larger issue at play here, of course, is the commercial IT industry’s ability to make available in the market place end-to-end encryption that could put information beyond the reach of the government even with a warrant for legitimate criminal and national security investigations and would effectively create “evidence free zones” for those meaning to do harm to American citizens and interests.

As would be expected, the law enforcement and intelligence community support the FBI’s position as essential to protecting Americans from both terrorists and criminal enterprises that could be domestic or foreign in origin.  Conversely, civil libertarians and the tech Industry side with Apple in terms of protecting American citizens from the U.S. Government, foreign governments, terrorists, criminals, and corporations from accessing private information for their own purposes.

Two developments have surprised me though as this fascinating and important legal debate has unfolded.

The first is Secretary of Defense Ash Carter telling the RSA Conference in San Francisco during the first week of March that he favors strong encryption without backdoors.   “Data security — including encryption — is absolutely essential for us,” he said. “None of our stuff works unless it’s connected … So we’re four-square behind strong data security and strong encryption.”  NSA Director Admiral Mike Rogers in his remarks earlier in the week at this same RSA Conference avoided directed comment on the FBI/Apple debate but said in concluding his presentation that one of the things that gives him the greatest concern is cyber operatives expanding from denial of service and theft of information to the manipulation of data such that we lose confidence in the data the digital enterprise is delivering to us.  While comments he has made in different venues suggest Admiral Rogers sees a strong need for government access to commercial encryption for national security reasons, his concerns about data manipulation also indicate he understands the importance of data protection for these same national security concerns.

The second surprise is the Chertoff Group White Paper “The Ground Truth about Encryption and the Consequences of Extraordinary Access” ( The conclusion this paper comes to is that “an extraordinary access requirement is likely to have a negative impact on technological development, the United States’ international standing, and the competitiveness of the U.S. economy and will have adverse long-term effects on the security, privacy, and civil liberties of citizens.”  The surprise is not in the arguments this paper makes for unbreakable commercial encryption, but that it is coming from a group founded and lead by Michael Chertoff who served as President George W. Bush’s Department of Homeland Security Secretary from 2005 to 2009.

This clash of competing rights between the government’s legitimate needs to have access to information essential for ensuring the security/safety of Americans and the needs of American’s to protect access to their information from intrusion and misuse when the federal government can’t or won’t is the grist for a landmark Supreme Court decision.  I am not smart enough to know whether we are safer with the government being able to obtain citizens’ digital information with a warrant or if we are more secure if encrypted data is protected from all seeking access to it.  What I am confident about is that our judicial and legislative processes will arrive at a conclusion for this access to encrypted data conundrum (perhaps with assists from the tech and policy communities) that will be widely accepted because we will all understand how and why it was arrived at thanks to our Constitution.

That’s what I think; what do you think?




The “New Normal” and DIA

It is Memorial Day and I am surprised by how inured I am to our military being at war for 13 years now.  I am careful to say the military rather than the nation being at war, because since 9/11 two very different two-term Presidents have as a matter of policy made the fights in Iraq and Afghanistan the sole purview of the armed forces vice the nation they are protecting.  It seems to me that in different ways both the Bush and Obama Administrations reached the same political calculation: if the American people have to sacrifice in terms of higher taxes, reduced entitlements or less consumer goods they will quickly use their voting power to end these conflicts. Now the wars in Iraq and Afghanistan seem to have come to an end out of wearing frustration and crushing expense with results that don’t seem to have made the United States any safer.  This is especially true when we consider what a small group of passionately anti-American terrorists operating from a failed state can do with kinetic, chemical/biological, or cyber weapons of mass destruction.  We have, however, demonstrated what terrorists can expect should they bring harm to the homeland of the United States.

It is in this context I am viewing the news of the world in a state of constant crisis as being the “new normal,” from the coup in Thailand, Boko Haram taking 200 school girls hostage, continuing armed conflict in Syria, escalating violence in Iraq, political upheaval in Egypt, instability in Pakistan, events in the Ukraine, or the confrontation in the South China Sea.  In all of his public appearances for the past year or so Defense Intelligence Agency (DIA) Director LTG Mike Flynn has been warning that crisis is the “new normal” and implying that solid intelligence is the capability most in need by policy makers and military operators for sorting out which world events present serious security threats to the interests of the United States and how to effectively deal with them.  In other words, putting this daily menu of crises into context so that national energy and resources can be effectively engaged against those that matter the most. And when force is employed by providing military commanders with decision advantage.

Given his Special Operations Forces (SOF) background and his description and prescription for what is wrong with military intelligence in his seminal 2010 paper “Fixing Intel: A Blueprint for Making Intelligence Relevant in Afghanistan”,  I was not surprised by Mike Flynn’s aggressive efforts through personnel and organizational change to make DIA more relevant to decision makers and military officers dealing with constant crisis.  I was surprised, however, that for reasons not clear to me he was not continued for a normal third year of his tour as DIA Director because according to press reports he was disruptive!  Really?  So what was the DoD and IC leadership who selected him to lead DIA expecting from a person this transparent?

DIA was established in 1961 to provide the Secretary of Defense and the wider defense enterprise with timely, relevant, and actionable intelligence to support policy, acquisition, and operations. DIA was also seen as adding to the competitive analysis of intelligence offered by the military services State Department and the CIA.  Nonetheless, DIA has struggled throughout its history to establish itself on an equal professional footing with the CIA and the other four national intelligence agencies (NSA, NRO, NGA, and FBI).  Since the mid-1990’s I have observed Flynn’s seven  predecessors become DIA Director with a mandate and/or agenda to revive DIA and make it a more meaningful player for DoD’s needs and by extension give it influence within the larger Intelligence Community (IC) commensurate with its mission and size.  In their own ways each of these well thought of three star officers achieved incremental success in modernizing and equipping DIA for the post-Cold War Intelligence challenges DoD, the IC and the nation faced.  In aggregate, though, none of these seven directors significantly changed how DIA was perceived externally by its consumers or IC peers; nor did they impact how DIA is internally viewed by its own workforce.

When Mike Flynn became Director DIA in July 2012 it seemed to me his approach for changing DIA was employing a quick hitting “SOF raid” where he and a cadre of trusted subordinates in short order shifted over 100 SES’s to new positions (detaching most from their bureaucratic power bases) while also reorganizing DIA out of its hierarchical structure to a flatter more fluid “centers” based approached driven by consumer needs.  In retrospect what LTG Flynn misgauged was that as a bureaucratically hardened target with practiced survival skills DIA was not a good SOF target.  In the end it seems DIA’s entrenched ways attrited Flynn’s more agile but smaller force before he could change DIA’s organizational outlook.  DIA’s change-resistant culture also got some serious top cover from the military service intelligence organizations that see gains for DIA as working against their prestige and budgets.  Similarly, CIA has no interest in DIA becoming a meaningful counterweight on the military side to its role as the IC’s leading all source intelligence producer.

I suspect Mike Flynn understood that there were long odds against dramatically changing DIA on his watch, but doing a risk verses benefit calculation I can see where he saw virtually only personal danger to himself and unlimited upside if the effort to make DIA more relevant to the “new normal” environment of continuing crisis succeeded. Presumably, whoever the next DirDIA is they will be informed by LTG Flynn’s experience of attempting to rapidly alter DIA and return to a path of incremental change for the agency.

Here are some recommendations I hope the next DIA Director will consider as this officer assesses the direction they want DIA to move in:

  • No reorganizations; play the cards you are dealt so the DIA workforce will stop being concerned about organization charts and be more focused producing intelligence.  Moreover, continuing the DIA “Centers” will allow the agency to avoid the disruptive ad hoc task force response to crises that it has traditionally used.
  • The quickest path to relevance is through tailored embedded (virtual where this makes sense) intelligence support teams for military operating forces going in harm’s way.  DIA “go teams” that train up with SOF, Army, Navy, Air Force and Marine units they are supporting will provide these units with better intelligence while infusing DIA at the working level with what military forces need and how they want it.
  • Avoid becoming “cyber warriors” but develop a deeper understanding of collection, analysis, signatures, and order of battle associate with the cyber domain.  What should the Modernized Intelligence Data Base (MIDB) look like for cyber targets?
  • Intelligence support to DoD acquisition is under served and is in the sweet spot of DIA’s capabilities and strengths.  Begin to view intelligence for acquisition as supporting the next generation of warfighters.
  • Information Technology (IT) is an “enabler” but not a core mission for DIA so stop spending so much time and money on it!  Shift to an outsourced managed services model similar to Ground Breaker to both save money and improve IT infrastructure performance.  Turn DIA to being an IT consumer/follower vice developer/innovator.  Leverage IT capabilities offered by ICITE, DI2E, and DISA

In the final analysis it doesn’t matter if DIA becomes a more relevant IC player through revolutionary or evolutionary change.  The radical organizational change and sense of urgency LTG Flynn has introduced into DIA, I believe will provide the next DirDIA a platform to help DIA through an incremental approach to achieving its true potential

That’s what I think; what do you think?