Several noted computer security experts have an interesting paper in the current issue of IEEE Security & Privacy Magazine. Rather than critique the civil liberties implications of the Protect America Act, the “fix” to intelligence wiretapping and surveillance law being debated in Congress, the experts examine potential security weaknesses in the surveillance system run by the National Security Agency, the system that the act affects.

The authors’ essential concerns stem from the design of the surveillance system itself, which they regard as inherently—and perhaps unavoidably—prone to abuse, both from outside forces and, more likely, government insiders.

First, they argue that the “surveillance architecture implied by the Protect America Act will, by its very nature, capture some purely domestic communications…” This seems plausible, considering the design of modern telecom networks, which the authors do a good job of summarizing in easy-to-understand terms. They spend a fair amount of the paper describing how the NSA’s system would inevitably capture purely domestic communications without a warrant—which would be illegal, even if unintentional—and also how hackers could theoretically penetrate the system and steal communications and other intelligence. The authors acknowledge that the design of the NSA’s surveillance apparatus is still secret, but they base their assessments of how it works on press accounts, changes in surveillance law, and on accounts by a former AT&T employee, Mark Klein, about an alleged NSA listening post in San Francisco that siphons off traffic from the company’s network.

Another fascinating aspect of the surveillance system involves the use of call detail records, which I’ve written about in some detail. Specifically, the authors are concerned that CDRs, which the government probably can obtain without a warrant, can reveal an enormous amount of personal information about an individual, even though the records only contain so-called “meta data,” such as when a call was placed, what number was called, how long the call lasted, and so on. Could CDRs be a productive form of warantless surveillance?

The authors also point out that CDR information can be inaccurate. The NSA uses meta data to decide which conversations and e-mails to listen to or read. So, if the targeting data is bad, how can the NSA be sure it’s intercepting the appropriate communications? To remedy any potential abuse, intentional or otherwise, the authors recommend “frequent ex post facto review of CDR-based real-time targeting.”

There are some indications in the Protect America Act that this review would occur. The government would be required, for instance, to demonstrate to a secret intelligence court that the means by which it determines the location of certain targets is “reasonable.” (The location of a target is a key factor in whether the NSA can intercept without warrants.) But it remains to be seen how this ex post facto review would work in practice, and whether it would involve CDRs.

A number of the authors have quite a history opposing various enhancements to government surveillance of telecom networks, but their report is by no means an outright condemnation of the pending law or NSA’s activities. It’s worth a read just for the technical explanations of how very difficult it is to intercept communications on the net. But they also offer some constructive suggestions and cautionary tales for a surveillance system that we’ll all be living with for the foreseeable future.

So now, in addition to the Director of National Intelligence, and the President of the United States, add the French government to the dissent column on the explosive National Intelligence Estimate on Iran‘s nuclear weapons program.

Herve Morin, the French defense minister, was in Washington yesterday, and he said that “coordinated information from a number of intelligence services leads us to believe that Iran has not given up its wish to pursue its [nuclear] program,” and is “continuing to develop” it. Morin (unsurprisingly) called upon the International Atomic Energy Agency to “continue carrying out all the necessary investigations” into Iran‘s nuclear activities. The IAEA has also doubted U.S. intelligence.

The French dissent is significant on a number of levels. First, France is a key ally in the administration’s hard line against the Iranian regime, and having their defense minister sound such a provocative note of caution could help put the wind back in the administration’s sails as it tries to rally international pressure on Iran. When the NIE reversed earlier claims that Iran was pursuing a nuclear weapon, it presumably undercut the administration’s push to impose harsher international sanctions on Iran.

Second, note that Morin said “a number of intelligence services” had provided information that led France not to concur with the United States’ key judgments—ones, it should be noted, that the president sought to distance himself from the very day they were declassified. France is saying that a community of nations, which certainly includes Israel, have pooled their notes, and that they find plenty of reason to believe the United States is missing the mark. This contrary assessment probably hinges on Iran’s continued pursuit of enriched uranium, as well as its ongoing ballistic missile program. (See my previous post on how President Bush homed in on these legs in Iran’s nuclear platform.) France has expressed great concern over Iran’s pursuit of ballistic missiles, which could threaten Israel and U.S. bases in the Middle East.

The Russian and Chinese governments—whose support for sanctions is key at the United Nations—haven’t come out in opposition to the NIE, but it doesn’t hurt President Bush’s case to keep up the pressure by having a key European ally come over to his side, especially one that feels threatened by Iran. The United Nations Security Council this week considered a new proposal from the United States and France, among others, for new sanctions against Iran.

President Bush offered fresh evidence in his State of the Union address last night that not all decision-makers share the intelligence community’s view on Iran’s nuclear ambitions. Although he was remarkably restrained in his rhetoric–particularly in comparison to years past–Bush homed in on Iran’s uranium enrichment and ballistic missile programs to remind us that the country still poses a mortal threat.

Tehran is also developing ballistic missiles of increasing range and continues to develop its capability to enrich uranium, which could be used to create a nuclear weapon. [Note: The recent National Intelligence Estimate on Iran’s nuclear program doesn’t contradict him on this point.] … Our message to the leaders of Iran is also clear: Verifiably suspend your nuclear enrichment, so negotiations can begin. And to rejoin the community of nations, come clean about your nuclear intentions and past actions, stop your oppression at home and cease your support for terror abroad. But above all, know this: America will confront those who threaten our troops, we will stand by our allies and we will defend our vital interests in the Persian Gulf.

The NIE concluded that Iran halted its nuclear weapons program in 2003, but it narrowly defined said program as “Iran’s nuclear weapon design and weaponization work,” as well as its covert work to convert and enrich uranium. In other words, this assessment does not cover Iran’s civilian enrichment work, which holds so-called “breakout potential” for a weapons program, nor does it cover work on building a missile to deliver a bomb. Still, it seems the community’s view is that a full weapons program cannot come to fruition without the key weaponization piece.

The president, though, clearly thinks otherwise, and he’s not alone. No less than the Director of National Intelligence, Mike McConnell, said recently that he thinks–apparently despite the NIE’s findings–that Iran is on the path to obtaining a nuclear weapon.

This all could be evidence of a high-level split between the intelligence community and its customers. But there’s another possibility. Intelligence is a special policy input, but it is, in the end, just one input. It’s usually a mistake to take any single NIE or intelligence stream as dispositive. The president learned that painful lesson in the run-up to war in Iraq. Some might find it refreshing that this administration, even if in its final days, is not once again hanging its policy towards a key Middle Eastern country on inherently murky intelligence. It just may be that this time the country in question actually does have nuclear weapons, despite what the intelligence community believes.

President Bush has signed a directive that formally kicks off what intelligence reporters have been chronicling for months: The National Security Agency, the nation’s electronic eavesdropping agency, will take a new, presumably aggressive role in responding to Internet-based attacks against government agencies.

The Washington Post broke news of Bush’s directive on Friday, and the Baltimore Sun had been following this in considerable detail for months. Of particular interest is the distinctly military character of this new plan, known simply as the “cyber initiative” inside government. According to the Post, once the NSA determines that a hostile nation or Internet threat is targeting a government system, the Pentagon can strike back.

The Pentagon can plan attacks on adversaries’ networks if, for example, the NSA determines that a particular server in a foreign country needs to be taken down to disrupt an attack on an information system critical to the U.S. government. That could include responding to an attack against a private-sector network, such as the telecom industry’s, sources said.

Don’t miss the importance of that last sentence. Our government’s critical and sensitive information systems run on or are dependent upon privately-owned networks. An attack on AT&T, under this new initiative, can constitute an attack on the nation. The military’s cyber attack capabilities are something of an open secret. Commanders love not to talk about them in on-the-record interviews.

This new initiative is meant to send a signal to our chief Cyber Cold War adversary, China: “We are going on the offensive.” This campaign will, in some ways, be more significant than the war on terrorism. It will cost billions of dollars, implicate just as many of our most important policies–from privacy to secrecy to the authorities of the intelligence agencies–and ultimately could be a prelude to more overt, off-line conflicts. Settle in. This will be a long ride.

The Protect America Act, a six-month modification to the Foreign Intelligence Surveillance Act that directly affects the National Security Agency’s terrorist surveillance program, expires on Feb. 1. It’s looking more and more like the Congress will punt on this one, passing another temporary extension–perhaps as short as one month–while lawmakers try and sort out a compromise on the law’s most intractable issue: immunity for telecom companies that assisted the government in the NSA program after the 9/11 attacks.

The fact that there has yet been no bargain on this point is an excellent measure of just how politically poisonous the debate over intelligence gathering has become. When Protect America was enacted last summer, no one thought a permanent law would be stymied by the immunity debate. As I wrote last month, immunity is actually a Trojan Horse for the administration’s critics to pry loose more information about classified intelligence activities.

Very few lawmakers honestly believe that the telecom companies acted in bad faith when they helped the government monitor phone calls and e-mails, and very few want to expose those companies to potentially devastating lawsuits. There is also very little practical difference in the kind of permanent eavesdropping laws that Republicans and Democrats want to enact. (See Ben Wittes’ excellent analysis on this fromThe New Republic.)

Given their positions, there’s no logical reason, or even a very principled one, why congressional Democrats and Republicans and the White House can’t hammer out a deal here. The FISA debate has now become utterly political. And despite how one feels about the merits of this law or its proposed changes, history shows us that the mix of politics and intelligence is a dangerous one.

Lawrence Wright of The New Yorker has a new (very long) piece on DNI Mike McConnell, the culmination of an apparently extraordinary level of access and series of intimate interviews. (Wright and McConnell ate together and flew once on the DNI’s private plane.)

While I hate to say the piece didn’t do much to illuminate McConnell’s character, it also may have buried the lead. In the third to last paragraph of the 18-page article, the DNI drops what I consider a mini-bombshell: He thinks that Iran “is on the path to get a nuclear weapon.”

That assessment stands in contrast to the intelligence community’s official, coordinated judgment that Iran shut down its nuclear weapons program in the fall of 2003. That was the remarkable turn-about contained in the unclassified key judgments of the National Intelligence Estimate on Iran, which McConnell released–after publicly vowing not to–last month.

Now, the NIE was uncertain about whether Iran was restarting its nuclear weapons program, and it certainly left open the possibility, but it seems to me a dramatic public pronouncement for the DNI to say he personally believes there’s no doubt about Iran’s intentions.

Here’s the passage in question from Wright’s article.

When we last spoke, McConnell said, ‘There’s no doubt in this observer’s mind that Iran is on the path to get a nuclear weapon. It will force an arms race in the region.’

As Wright chronicles in his piece, McConnell has recently shown a tendency to say things off-the-cuff that turn out to be not quite accurate, but this statement is rather emphatic. Indeed, the term “no doubt” is a much bolder assertion than the intelligence community’s mark of “high confidence,” used in NIEs to indicate that the assessment is based on high-quality information. One has to presume that, as the nation’s top intelligence official, McConnell has access to the very best information. So what does he know that we don’t after reading the NIE?

For background on the build-up to the NIE’s release, see my story from National Journal last month, “The Other About Face on Iran.”

My initial take on the Iran NIE.

The No. 2 official at the Homeland Security Department, Deputy Secretary Michael Jackson, is leaving his post for financial reasons, he announced in an e-mail to colleagues today. Jackson has been at DHS since March 2005. He said he’ll leave next month.

I interviewed Jackson in May about his efforts to prepare DHS for the upcoming presidential transition. The department has been plagued by turnover at the senior most levels, a fact that Jackson acknowledged, and experts worry that this makes the department especially vulnerable in the normally rocky hand-off from one administration to another.

“We’ve had a significant turnover,” Jackson said. “And that turnover has been below the top-level jobs as well.”

Some of Jackson’s other quotes about DHS’ personnel issues seem rather ironic now, in light of his decision to leave.

• “We’re trying to nurture a cadre of owners. I am the part-time help at DHS.”
• “I won’t blow smoke at you and say everything is nailed down and perfectly fixed. The day that someone in my department tells you that about DHS is the day that person should get out of his job.”
• “If a day goes by and I don’t use up some of my brain cells focusing on this [transition] problem, it’s a very unusual day.”

Jackson insisted that the transition was “not something I feel anxiety about.” But employees and DHS watchers are likely to feel a mix of anxiety and maybe some relief with this changing of the guard. On the one-hand, Jackson was managing the sprawling department day-to-day, along with an army of lieutenants. His exit leaves an important vacancy at the very top, which officials will, presumably, scramble to fill.

But others might welcome the change. Some of Jackson’s critics have accused him of micro-managing decisions, and not yielding enough authority to his subordinates. Those critics say that DHS could operate more efficiently with a lighter touch.

Regardless of how Jackson’s departure is greeted, though, one thing is sure: This puts DHS in a precarious position. The department desperately needs strong leadership, and its hierarchical structure necessitates that it come from the top. The new deputy may change that, but for now, it’s the way things are.

As an aside, political strategists will likely see no coincidence between the timing of Jackson’s departure and the nomination of Michael Mukasey to be attorney general. When Alberto Gonzales announced his intention to resign, the early betting was on DHS Secretary Michael Chertoff to replace him. Presumably, had Chertoff become AG, Jackson would have moved up to secretary at DHS. I don’t know what financial concerns were behind Jackson’s decision to depart, but many will presume that when it was clear he wasn’t being promoted, that fact figured into his calculus.

For his part, Chertoff had this to say about his departing colleague in a press release.

Michael will leave this department having made an enduring impact on our homeland security. At this department, he was fundamental in invigorating our operating components, fusing our intelligence capabilities, building a new FEMA, and managing the response to the disrupted airline plot of August 2006. He brought tremendous focus, discipline and planning to department-wide operations, budgets and polices, and he significantly advanced the integration of our component agencies. Michael kept an open door for all 208,000 employees, and was relentless in building with them a common department culture. His work has earned him wide respect throughout the Congress, with state and local officials and among international allies.

Our homeland is more secure and better prepared as result of Michael’s tireless service, and on behalf of all Americans, I offer him our deep gratitude. I respect and admire his difficult decision to move on, and I look forward to our continued friendship.

On the eve of the seventh anniversary of 9/11, I was privileged to join a panel of journalists and national security experts to discuss freedom of the press. The event was held at American University and broadcast on Washington’s local NPR station, WAMU.

Just when you thought it was safe to come back from vacation…

At the same moment we learned Alberto Gonzales would step down as attorney general, that favorite Washington parlor game, “Replacement Pick,” kicked into high gear. Initial speculation focused on Homeland Security Secretary Michael Chertoff, a former prosecutor, federal judge, and senior Justice Department official, who, some have long thought, has had his eye on an an eventual AG nod or a Supreme Court nomination in exchange for his DHS service.

But the odds now seem against Chertoff. The chatter I’m picking up has him as a long-shot pick. One concern is that moving any cabinet secretary into the AG slot would mean two confirmation hearings, at a time when the administration would prefer to keep its chieftains out of Congress’ crosshairs.

I see three big reasons why Chertoff is a radioactive pick as AG. Any one of these might not kill his chances, but cumulatively, I think they add up to a no-go.

1.) Katrina. Today is the second anniversary of the storm’s devastation of New Orleans and the Gulf Coast. Chertoff had been on the job six months at the time, and his department’s response, like the hurricane itself, was a disaster. The Gulf still reels from the storms’ effects. (The Times Picayune had this message, blasted across its front page, for President Bush, who’s visiting the region today.) Some think Chertoff escaped much of the blame for the response, and even though his duties as attorney general would have nothing to do with storm recovery, confirmation hearings would force him to answer questions about his actions two years ago.

2.) Torture Memo and Guantanamo Detainees. It’s worth revisiting Chertoff’s confirmation hearings, at which he faced intense questioning about his role in crafting a memo on detainee treatment. The questions held up the hearings for a time. Mark Benjamin digs deep on this in a piece for Salon, in which he pointedly asks, “Did Chertoff lie to Congress about Guantanamo?“

3.) Politicization and mismanagement at DHS. The new attorney general is supposed to restore credibility and career morale at the Justice Department. Given Chertoff’s mixed track record on both fronts at Homeland Security, it’s questionable whether lawmakers would see him as the right man for that job. The department is in the midst of a transition from mostly political leadership to career managers. Under Chertoff, the trend towards political management–and politicization–was palpable. The House Homeland Security Committee has cited “critical leadership vacancies” at the department; a quarter of top positions remain unfilled. As I wrote in June, DHS has a reputation as a land of misfit toys, a place where Bush loyalists and partisans get patronage posts for which they lack qualifications. Despite Chertoff’s efforts now to turn that tide, the reputation has stuck, and one can imagine how lawmakers would judge skeptically his ability to cleanse Justice of the stain of partisanship.

So, who are the leading contenders to replace Gonzales? The field appears wide open at the moment, which is a good indication that the White House is slowly and deliberately reaching out to several candidates, either to feel out their interest or to begin wearing them down so they’ll eventually agree to take the job.

For my part, I’m putting early money on a dark horse candidate, who, a colleague perceptively noted, is a protege of White House counsel Fred Fielding, the man heading up the AG search. I’m going with former federal judge Michael Luttig, now general counsel at Boeing. The only hole missing in this man’s impeccable resume is a stint as attorney general. Luttig had a dust-up, of sorts, with the administration over the Jose Padilla case. (He had ruled the administration could hold Padilla, a US citizen, as an enemy combatant, and later refused the government’s request to transfer him to criminal court.) But I’m not convinced that rules him out as a pick. (It will certainly provide fuel for the president’s critics, however.) Still, Fielding is known to consider Luttig one of his proudest accomplishments. See Luttig’s resignation letter, in which he thanks Bush’s father for making his dreams come true, and sums up his view of the judiciary’s role in the war on terror. Fielding, you should remember, also groomed another bright jurist by the name of John Roberts.

Scenario 2: In a replay of the 2000 Cheney-led search for a vice president, Fielding himself is put up for the job. Bush has a rough track record with White House counsels turned-AG (read, ahem, Al Gonzales), and Harriet Miers didn’t fare so well in her attempted jump to greener pastures. But Fielding is respected by Republicans and Democrats, and by several accounts, despite his role in stalling the White House’s response to congressional subpoenas on US Attorneys and warrantless wiretapping, is reportedly well-liked by both sides.