Meta (Facebook) and US national security data requests: A study in media imperialism

This article seeks to ask whether the US National Security Agency (NSA) doing its job or stumbling through a midlife crisis. It reviews what has occurred at NSA during the last decade. It argues that some statements that have appeared in the American press that NSA was solely responsible for some of the US intelligence community's recent intelligence failures are factually incorrect. Furthermore, NSA's Sigint collection capabilities have actually improved considerably during the last decade, and evidence suggests that the technological obstacles that have been often cited in press reports as contributing to NSA's current problems have not yet begun to be widely used outside of the developed countries in Western Europe and East Asia. NSA's most pressing problem is, instead, an area which unfortunately has received little public attention in recent months, specifically the deterioration of the Agency's Sigint processing, analysis and reporting capabilities. It is clear that NSA must recruit substantial numbers of analysts and information technology specialists in the near future, and invest money in acquiring new processing technologies in order to begin to address this problem. The Agency must also take immediate steps to shore up its strained relations with its customers inside the US government and the armed forces. Given the transient and oftentimes fickle nature of politics, NSA must realize that it cannot depend solely on a few allies in the US Congress for its continued survival. Equally important, but more difficult, will be NSA's internal management problems, such as how to trim the Agency's large bureaucracy, eliminate duplication of effort and how to put NSA's financial accounts in order. Finally, it is time that NSA adopts a policy of greater openness about what it does and how it does it. One obvious way to do this is to declassify documents which detail the Agency's significant accomplishments since the end of World War II.

ABSTRACT: Recent debates about the organizational relationship between Cyber Command and the NSA stress political issues over force employment. This article focuses on the latter, making the case that Cyber Command should be split from the NSA, because nations that marshal and mobilize their cyber power and integrate it into strategy and doctrine will ensure significant national security advantage. Cyber Command provides the best route for developing the tactics, techniques, and procedures necessary for achieving these goals. ********** For twenty years, members of the United States' national security community, including readers of this journal, have debated the potential tactical, operational, and strategic effects of cyber components and capabilities. (1) Recently, these discussions have become intertwined with arguments about the organizational relationships as well as the Title 10 (traditional military) and Title 50 (intelligence and covert) authorities that exist under the Unified Command Plan. Because of this expanding controversy, there is a growing chorus calling for a split between the National Security Agency (NSA) and US Cyber Command. These debates are important. Yet they subsume the pivotal issue --how cyber components and capabilities will affect US national security--beneath more transient legal and political issues generated in the wake of Edward Snowden. Furthermore, past and current debates often overlook a basic truth: battlefield outcomes and strategic effects are the product of actual force employment, not theoretical arguments or proving-ground tests. Cyber Command should be cleaved from NSA, but not for reasons of political expediency. Cyber Command should be split from NSA because the United States needs an organizational arrangement that provides for the development and normalization of Title 10 and Title 50 cyber capabilities, while maintaining a focus on how such will affect the use of military force and US national security. Cyber Command should be split from the NSA because nations that marshal and mobilize their cyber power and integrate it into strategy and doctrine will ensure significant national security advantage, and Cyber Command currently provides the best route for achieving such. (2) Cyber Command should be removed from under US Strategic Command and established as a unified combatant command. That action represents the most effective means for developing and maturing the tactics, techniques, and procedures that will allow US cyber components and capabilities to be employed for military purposes and to generate strategic effects. Currently, there are two primary reasons why the establishment of a unified combatant command presents a better solution than tasking existing branch and service structures. First, speed is of the essence. Tasking an existing branch or service, or even establishing a new service, would open up organizational and bureaucratic rivalries likely to slow (if not cripple) the development of cyber components and capabilities. Second, in the near term, Title 10 and Title 50 concerns, vagueness in the cyber rules of engagement, concerns about political blowback, and fears that US cyber weapons could be reverse engineered and used against the United States, all highlight the importance of an organizational solution that synchronizes and deconflicts activities across the whole of government. In short, the United States needs a combatant command that can do two things: (1) craft the tactical, operational, and strategic cyber capabilities US national security will need in the decades to come; and, (2) oversee their application, integration, and execution. Cyber Command is the best choice and now is the time to act. Operationalizing Cyber When Cyber Command was established in 2009, it made sense that it be stood up as a sub-unified command under Strategic Command. Until recently the line between computer network attacks and computer network exploits was chiefly one of intent (i. …

The United States Government has published the NSA Commercial National Security Algorithm (CNSA) Suite, which defines cryptographic algorithm policy for national security applications. This document specifies the conventions for using the United States National Security Agency's CNSA Suite algorithms in Secure/Multipurpose Internet Mail Extensions (S/MIME) as specified in RFC 8551. It applies to the capabilities, configuration, and operation of all components of US National Security Systems that employ S/MIME messaging. US National Security Systems are described in NIST Special Publication 800-59. It is also appropriate for all other US Government systems that process high-value information. It is made publicly available for use by developers and operators of these and any other system deployments.

PurposeIn the current trade war between the United States and China, CFIUS’s analysis of the risks of foreign investments to US national security has increased. The purpose of the article is to verify that access to data for the purposes of this risk analysis is difficult or impossible, and therefore it is not possible to assess strategic risk management, which increases the national security of the United States.Design/methodology/approachData were extracted from a review of US federal law, including hard law and soft law. In addition, data for the study were extracted from US government documents of strategic importance and official and scientific documents produced by or for US federal government officials.FindingsIn analyzing the risk of foreign investment, there is great difficulty, and in some circumstances even an inability, to see the classified data underpinning the decisions made by CFIUS or the President, which enhances the national security of the United States.Originality/valueIn the wake of the US launching a trade war with China, the risk of foreign investment to US security has increased dynamically, thus increasing the need for CFIUS to analyze risk. However, vis-à-vis this analysis, there are great difficulties and, in some circumstances, even impossibilities in knowing the classified data underpinning the decisions made by CFIUS or the President of the United States, how national and global security risks are identified and assessed, and the model or tool used to assess the balance maintained between economic openness and national security protection. Consequently, the highest value of a foreign investment risk management strategy for US national security is to protect the strategy by preventing it from being assessed in detail and holistically.

The National Security Agency (NSA) revelations leaked by Edward Snowden on June 6, 2013 regarding the digital surveillance tactics of the United States government were a series of profoundly disruptive discursive events that signaled an uncomfortably cozy relationship between US technology companies and the US government for the maintenance of US national security. Leaked internal NSA slides revealed a host of domestic and foreign clandestine spying programs, including PRISM and MUSCULAR, which suggested the unscrupulous collection of data from US technology giant Google’s cloud servers and private networks, among other technology companies. Google’s cloud computing services particularly became implicated in a crisis of global proportions, as the technology giant and US technology industry writ large faced a global loss of confidence and future revenue from cloud computing customers unhappy with the implications the NSA revelations had for the security of their personal and corporate data. This paper conducts a multi-layer critical discourse analysis about the effect the NSA revelations had on US cloud computing with a specific focus on Google’s cloud computing services. By focusing on the sociopolitical and economic functions of surveillance as established within surveillance literature, this project examines how the crisis was discursively constructed in order to paint a larger picture about how popular press coverage framed the NSA revelations and the relationship of this rhetoric to the technology companies it implicates.

The National Security Agency (NSA) revelations leaked by Edward Snowden on June 6, 2013 regarding the digital surveillance tactics of the United States government were a series of profoundly disruptive discursive events that signaled an uncomfortably cozy relationship between US technology companies and the US government for the maintenance of US national security. Leaked internal NSA slides revealed a host of domestic and foreign clandestine spying programs, including PRISM and MUSCULAR, which suggested the unscrupulous collection of data from US technology giant Google’s cloud servers and private networks, among other technology companies. Google’s cloud computing services particularly became implicated in a crisis of global proportions, as the technology giant and US technology industry writ large faced a global loss of confidence and future revenue from cloud computing customers unhappy with the implications the NSA revelations had for the security of their personal and corporate data. This paper conducts a multi-layer critical discourse analysis about the effect the NSA revelations had on US cloud computing with a specific focus on Google’s cloud computing services. By focusing on the sociopolitical and economic functions of surveillance as established within surveillance literature, this project examines how the crisis was discursively constructed in order to paint a larger picture about how popular press coverage framed the NSA revelations and the relationship of this rhetoric to the technology companies it implicates.

In Greek mythology, the Gods gave the hero Hercules twelve, tremendously difficult labors, which he accomplished through clever strategy, tactics, guile, and divine support. (1) In contrast, they condemned Sisyphus, a Greek king, to an eternity at hard and frustrating labor. His assignment was to roll a great boulder to the top of a hill. Only every time Sisyphus, by the greatest of exertion and toil, attained the summit, the stone rolled back down again. Depending on the interagency strategy and policy approach chosen to address threat finance, the US government's resolution of it could produce either a Herculean or Sisyphean outcome. While considered less critical than kinetic operations and therefore somewhat neglected, threat finance is an important subject in the US national security field with both domestic and international implications. Conceptually, the global financial network is a domain similar to its air, land, maritime, and cyber counterparts, requiring similar strategic and interagency approaches. Threat financiers exploit this sphere to the overall detriment of US national security interests. Hence a host of terrorism theorists, military operators, and intelligence officials all posit that the financing of terrorists and cartel groups is so pivotal to sustaining their operations, that their money systems have to become key targets in counter operations. (2) In reality, this aspiration proves exceedingly difficult to execute. This article will explore threat finance by defining it, and then differentiating between its two subcomponents of terrorist financing and cartel money laundering. While acknowledging both the similarities and differences between these subelements of threat finance, this article will then detail the challenges of monitoring the financial networks supporting these illicit global flows, and show the difficulties in combating these criminal money transfers. After highlighting the progress to date, the article will then move beyond the foundational discussion to provide concrete interagency proposals and policy recommendations for further addressing the growing financial nexus between terrorist movements and criminal enterprises. Threat Finance, Terrorist Financing, and Cartel Money Laundering Threat finance is an umbrella term used to encompass various types of financing that support activities harmful to US national security. Within the US government and the Department of Defense, no singular, accepted definition of threat financing exists, and often the variance in definition reflects the particular nature of an organization; predominantly military or law enforcement, or an area of focus--strategic, theater strategic, or operational. (3) One reason for the lack of a clear and comprehensive definition may be the complexity of the topic, combined with the diversity of government actors involved. While the term terrorist finance is commonly used in international security literature to mean threat finance, it is too narrow, focusing only on organizations, cells, and individuals linked to terrorism. Other sources see threat finance as a much broader-based concept that includes: * Proliferation and Weapons of Mass Destruction/Effects (WMD/E) funding. * Terrorist financing. * Narcotics trafficking. * Organized crime. * Human trafficking. (4) The article supports this broader view which lends more utility when dealing with the highly adaptive, secretive, and flexible financing regimes and networks that straddle the criminal and terrorist worlds. (5) This article defines threat finance through its two major of terrorist financing (which subsumes WMD/E) and cartel money laundering (which includes organized crime, narcotics, fraud, corruption, and human trafficking). Terrorist financing is simply the process of raising, storing, and moving funds, obtained through illegal or legal means, for the purpose of terrorist acts or sustaining the logistical structure of a terrorist organization. …

Infectious diseases and bioweapons: Science and the political economics of affliction

Asian Perspective 39 (2015), 541-553 COMMENTARY Words Mightier Than Hacks: Narratives of Cyberwar in the United States and China Cuihong Cai and Diego Dati In recent years cyberwar has been a regular topic in both official and unofficial commentaries in China and the United States. As there is not yet a universally accepted definition of cyberwar, use of the term has become very broad and sometimes confusing in both countries. Charges of crime and espionage have been raised to the level of war, amplifying existing conflicts among countries, in particular between the United States and China. Nar­ ratives of cyberwar have also provided justification for policies supporting the development of offensive capabilities in cyber­ space and the implementation of intrusive surveillance systems. Such narratives, combined with several incidents between the United States and China, have led the two governments to under­ take protectionist measures to reduce possible vulnerabilities in cyberspace, creating repercussions for both countries’ economies and societies. Our commentary aims at raising awareness about the differ­ ences and similarities between US and Chinese narratives of cyberwar and explaining some of the reasons underlying them. We might be able to shed light on how the two countries understand these issues and suggest ways to improve mutual understanding. Media, experts, and government officials are among the most influential contributors to the proliferation of cyberwar narratives. Although the narratives produced by media and experts in the United States and China are slightly different in their tone, emphasis, and content, they are very similar in some respects, especially their tendency to excessively broaden the definition of cyberwar. US and Chinese government narratives, on the other hand, tend to differ in their terminology, priorities, 541 542 Words Mightier Than Hacks and identification with the unofficial narratives produced by the media and experts. Narratives of Cyberwar Produced by the Media In both China and the United States, media often use narratives of cyberwar to warn of a foreign threat. Cyberwar has been making the headlines during the last several years not only for events related to armed conflicts but also for malicious cyber activities such as theft of intellectual property rights, the operations of the hacker group Anonymous, Internet censorship, and espionage. In both countries these narratives have been exploited in the same way, but the threats highlighted are different. Generally, media produce three kinds of narratives about cyberwar. The first kind stresses the threat of foreign actors. In the US narrative these are Russia, China, and a few others, while in China it has recently become the United States. The second kind of narrative focuses on cyberweapons such as Stuxnet1 that act as proof of the existence of new and terrible cyberthreats endangering the regular functioning ofboth civil and military sys­ tems. These first two narratives are often combined with stories concerning cyber espionage and cyber crime to create a height­ ened sense of danger, encompassing a wide array of cybersecurity issues. The third narrative, which is probably the least popular and is most common in the West, claims that cyberwar has not happened yet and that it still does not represent as much of a threat as many believe. Narratives stressing the threat of cyberattacks by foreign actors were first produced by the US media and were responsi­ ble for popularizing cyberwar narratives more broadly. Russian hackers were the source, causing a disturbance in Estonia and later supporting Russian government military operations in Georgia. US media pointed to Russia as being the first cyberthreat to US national security, but since then China has increasingly been depicted as the main threat because of alleged cyber operations conducted against US industries and military suppliers. Cuihong Cai and Diego Dati 543 In China the same kind of narrative exists, but the threat is said to come primarily from the United States because of its advanced military capabilities in cyberspace and also because of the National Security Agency operations against Chinese net­ works revealed by Edward Snowden. Nevertheless, until now Chinese media have been mainly using reports produced in the West instead of investing their own resources to prove their point and argue against the choices of the US government. China still relies on foreign research...

Foreign companies looking for good deals buying US businesses that were hit hard by the economic downturn need to be aware that transactions that implicate the US national security are subject to significant scrutiny by the Committee on Foreign Investment in the United States (CFIUS). Several recent foreign investments have failed because of national security concerns raised by this little-known US government committee. National security review by the CFIUS can be a frustrating process for international investors who are not well-prepared. Potential foreign investors should understand how the US national security review process works and how the Obama Administration’s trade policy and the highly politicized national security debate in the US could impact their transactions. This article provides international investors an informal guide to the CFIUS process to help them understand what is involved and benefit from lessons learned from past transactions.

From Healthcare to Warfare and Reverse: How Should We Regulate Dual-Use Neurotechnology?

The object of this research is the declassified transcript of the US National Security Council Meeting of July 9, 1981, dedicated to introduction of the economic and political restrictions on building of the Soviet gas main pipeline. The subject of this research is the analysis information-bearing capabilities of the office documentation of the US National Security Council Meetings for conducting the scientific assessment of sanctions policy of the US government against the Soviet Union in the 1980s as part of directives on restricting the access of the Soviet Union to foreign markets. The article examines the published protocol the US National Security Council Meeting and related documents that contain information on creating the regime to impede the construction of the gas main pipeline to Europe. The novelty of lies in the fact that this article is first within the framework of historiographical analysis to study the plans of the US President R. Reagan on interruption of the active efforts of the Soviet Union to supply Western Europe with energy. Publication of the document clearly demonstrates that the ideas of restarting the trade-economic development of the Soviet Union were later implemented in other countries in the XXI century, when the Russian Nord Stream pipeline became one of the crucial vanguards within the system of control of the US national security interests in Europe. Based on the newly introduced documents from the foreign archives of the CIA, Ronald Reagan Presidential Library, materials of the US periodical press, and memoirs, the author explores the options prepared by the US agencies aimed at complete shutdown, and restriction of access of the participants of the Soviet-German gas pipeline deal to foreign markets and resources, as well as the response of business community to trade embargo with the USSR.

: Selecting the right aircraft and associated armament to sell to a foreign air force can be a complex and risky decision. There is potentially much to be gained by making the good sell, but even more to lose due to a bad decision to sell. Many factors go into the decision, and there are often more countries available to sell similar systems if the US government disapproves the sale. Using the three core values presented in US National Security Strategy, along with some case studies from past sales, this paper develops a set of guidelines. These guidelines can be used to assist in making this somewhat complex decision with consistency and logic. Using this information, the paper finishes with a discussion and general recommendations on what should be done when confronted with future cases of weapons releases involving the F-16, JSF, F-22, AMRAAM, and AIM-9X. All data presented was obtained from public access documents such as magazines, books, and US government web sites. The analysis of cases studied is done with the objective of supporting US National Security.

Thomas M. Nichols No Use: Nuclear Weapons and U.S. National Security Policy Philadelphia: University of Pennsylvania Press, 2014. 232 pp., $39.95 (cloth) ISBN: 978-0-8122-4566-0Based on data for late 2013, United States' nuclear arsenal includes an estimated 7400 warheads; of these, 4650 ready for use, with an additional 2700 awaiting destruction.1 What utility do these weapons have? This question lies at centre of No Use, as Thomas Nichols of US Naval War College considers what role nuclear force can and should play in US national security strategy. Nichols advances a compelling argument that challenges prevailing assumptions about nuclear force and its role in US national security policy. The United States, Nichols argues, should abandon its Cold War outlook completely in favour of its existing unspoken nuclear toward Russia and China of minimum deterrence (173). No Use makes an important contribution to our understanding of past and present US nuclear strategy, as well as offering well-reasoned recommendations regarding future role of nuclear weapons in US national security policy.At core of Nichols' argument lies a paradox: although decades have passed since collapse of Soviet Union, US nuclear policy continues to be dominated by Cold War thinking. To demonstrate ongoing predominance of Cold War interpretations, Nichols briefly explores history of US nuclear strategy, illustrating predominant assumption that nuclear weapons were (and continue to be) a successful deterrent. While post-Cold War administrations have undertaken nuclear posture reviews (NPRs), these reviews have not precipitated any concrete change in US strategy. Instead, policymakers have retained an approach of favouring the devil we know rather than overhauling policy (81-82). In absence of significant change resulting from NPRs, US post-Cold War nuclear doctrine retains Cold War thinking, continuing to be a diluted version of Mutually Assured Destruction. As a result, United States is more prepared to respond to a nuclear threat from Russia or China-the easy scenarios to plan for, according to Nichols-than to a more probable, but less predictable, threat posed by a nuclear-armed smaller state or non-state actor (55-56).The challenges confronting United States and its allies today, however, not same as those posed by Soviet Union in past. While this seems obvious, No Use makes it clear that US nuclear thinking today draws no such distinction. Instead of reconsidering role of nuclear weapons, policymakers continue to recycle old assumptions, hoping that deterrence will work again (if indeed it did in first place). Existing US policy assumes that small states are subject to same supposedly iron laws of deterrence that constrain large powers (132). This poses a number of questions. Can a small state be deterred by threat of nuclear retaliation? Is United States willing to retaliate, and if so, how? Nichols addresses a lengthy list of issues that would face US government, including co-location of civilian and nuclear targets and potential damage to neigh- bouring allies. …

Ask a Political Scientist: A Conversation with Cynthia Enloe about Gender and Global Politics