The Congressional Research Service once played a prominent role in supporting oversight by congressional committees. Although that support has diminished sharply in recent years, it could conceivably be restored in a new Congress, writes former CRS analyst Kevin R. Kosar in a new paper.

In the past, CRS “closely assisted Congress in a myriad of major oversight efforts, including the Watergate investigation, the implementation of the Freedom of Information Act, and the Iran-Contra affair.”

But over time, Kosar writes, “CRS’ role in oversight declined due to various factors, most of which were out of its control. Congress changed. Congressional committees, particularly in the House of Representatives, lost capacity, and hyper-partisanism turned much oversight into political point-scoring rather than an exercise in governing that required expert assistance.”

See “The Atrophying of the Congressional Research Service’s Role in Supporting Committee Oversight” by Kevin R. Kosar, Wayne Law Review, vol. 64:149, 2018.

“CRS does not have to passively accept this fate,” said Kosar by email. His paper suggested various steps CRS could take to foster greater appreciation among committee leaders for the independent expertise CRS could provide.

CRS’s “raison d’être is to educate Congress, and it can engage its oversight and appropriations committees in a dialogue about the value of analysis and in-depth research. It can raise the issue of more extended oversight engagements and explain why they are valuable to Congress.”

“It is good for Congress, good for CRS staff, and good for the public to have nonpartisan experts more frequently and more deeply engaged in oversight,” he wrote.

Meanwhile, new and updated publications from CRS include the following.

Defense Primer: Lowest Price Technically Acceptable Contracts, CRS In Focus, September 4, 2018

Federal Role in U.S. Campaigns and Elections: An Overview, September 4, 2018

Securities Regulation and Initial Coin Offerings: A Legal Primer, updated August 31, 2018

The “Flores Settlement” and Alien Families Apprehended at the U.S. Border: Frequently Asked Questions, updated August 28, 2018

Turkey: Background and U.S. Relations, updated August 31, 2018

Cuba: U.S. Policy in the 115th Congress, updated September 1, 2018

U.N. Report Recommends Burmese Military Leaders Be Investigated and Prosecuted for Possible Genocide, CRS In Focus, September 4, 2018

India: Religious Freedom Issues, updated August 30, 2018

The Made in China 2025 Initiative: Economic Implications for the United States, CRS In Focus, updated August 29, 2018

Questioning Judicial Nominees: Legal Limitations and Practice, updated August 30, 2018

Rebuking the Trump Administration for its “passivity,” Congress is pressing the Department of Defense to engage in “active defense” in cyberspace against Russia, China, North Korea and Iran.

A new provision in the conference report on the FY2019 national defense authorization act (sect. 1642) would “authorize the National Command Authority to direct the Commander, U.S. Cyber Command, to take appropriate and proportional action through cyberspace to disrupt, defeat, and deter systematic and ongoing attacks by the Russian Federation in cyberspace.” It would further “add authorizations for action against the People’s Republic of China, the Democratic People’s Republic of Korea, and the Islamic Republic of Iran.”

“The conferees have been disappointed with the past responses of the executive branch to adversary cyberattacks and urge the President to respond to the continuous aggression that we see, for example, in Russia’s information operations against the United States and European allies in an attempt to undermine democracy.”

“The administration’s passivity in combating this campaign. . . will encourage rather than dissuade additional aggression.”

“The conferees strongly encourage the President to defend the American people and institutions of government from foreign intervention,” the report language said.

The congressional report does not propose an actual cyber strategy, nor does it specify desired outcomes, or address unintended consequences.

Another provision in the new conference report says that the Department of Defense ought to be just as assertive and “aggressive” in cyberspace as it is elsewhere (sect. 1632).

“The conferees see no logical, legal, or practical reason for allowing extensive clandestine traditional military activities in all other operational domains (air, sea, ground, and space) but not in cyberspace,” the report said.

“It is unfortunate that the executive branch has squandered years in interagency deliberations that failed to recognize this basic fact and that this legislative action has proven necessary.”

“The conferees agree that the Department should conduct aggressive information operations to deter adversaries.”

Curiously, the report found it necessary to add that “the conferees do not intend this affirmation as an authorization of clandestine activities against the American people.”

In general, another provision (sect. 1636) states, the U.S. needs to be ready for war in cyberspace:

“It shall be the policy of the United States, with respect to matters pertaining to cyberspace, cybersecurity, and cyber warfare, the United States should employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond to when necessary, all cyber attacks or other malicious cyber activities of foreign powers that target United States interests with the intent to… cause casualties among United States persons or persons of United States allies; significantly disrupt the normal functioning of United States democratic society or government (including attacks against critical infrastructure that could damage systems used to provide key services to the public or government); threaten the command and control of the Armed Forces, the freedom of maneuver of the Armed Forces, or the industrial base or other infrastructure on which the United States Armed Forces rely to defend United States interests and commitments; or achieve an effect, whether individually or in aggregate, comparable to an armed attack or imperil a vital interest of the United States.”

In its new report on the FY 18-19 Intelligence Authorization bill, published today, the Senate Select Committee on Intelligence would require the Director of National Intelligence “to develop a whole-of-government strategy for countering Russian cyber threats against United States electoral systems and processes.”

As if to underscore the gulf in the perception of the Russian threat that separates President Trump and the US intelligence community, the Senate Intelligence Committee comes down firmly on the side of the latter, taking “Russian efforts to interfere with the 2016 United States presidential election” as a given and an established fact.

The Senate report describes numerous other provisions of interest on election security, classification policy, cybersecurity, and more.

The House Intelligence Committee published its report on the pending FY18-19 intelligence authorization bill earlier this month.

The Justice Department has not reported to Congress on the government’s use of the state secrets privilege since 2011, the Department acknowledged this week, contrary to a policy promising regular reporting on the subject.

In a 2009 statement of policy and procedures concerning the state secrets privilege, then-Attorney General Eric Holder said that “The Department will provide periodic reports to appropriate oversight committees of Congress with respect to all cases in which the Department invokes the privilege on behalf of departments or agencies in litigation, explaining the basis for invoking the privilege.”

In April 2011, the first such report was produced. It was one of several steps that were “intended to ensure greater accountability and reliability in the invocation of the privilege. They were developed in the wake of public criticism concerning the propriety of the Government’s use of the state secrets privilege.”

But the first periodic report on the state secrets privilege has turned out to be the last.

In 2014, John Carlin of the Department’s National Security Division affirmed the policy during his confirmation. “I understand that the Department’s policy remains to provide periodic reports to appropriate oversight committees of Congress regarding invocations of the State Secrets Privilege in litigation, and the Department provided its initial report to Congress on April 29, 2011,” he told the Senate Intelligence Committee. “I believe that the Department plans to submit another report in the near future.”

But no such report was ever submitted.

“No records responsive to your request were located,” the Justice Department stated this week in response to a FOIA request for any subsequent reports.

While Congress could request and require such a report at any time, it has not done so. And because the 2009 Holder policy on state secrets was “voluntarily” adopted by the Justice Department in response to public controversy, there was nothing to stop the policy from being unilaterally abandoned.

The U.S. Department of Defense spent $11.3 billion on purchases abroad in 2015, including $1.6 billion worth of goods or services from the United Arab Emirates, according to a newly released DoD report to Congress.

The majority of foreign purchases by DoD were for fuel, services, construction and subsistence. The DoD report breaks down the total that was spent abroad by DoD in each of several dozen foreign countries.

See Purchases from Foreign Entities in FY2015, DoD report to Congress, June 2016 (released under FOIA May 2018).

Update: The June 2017 DoD report on purchases from foreign entities in FY 2016 is here. Reports from prior years can be found here.

DoD reports to Congress are often a significant source of official information and perspective on various aspects of U.S. military policy.

Most recently, DoD produced its required report on Civilian Casualties in Connection With United States Military Operations in 2017, June 1, 2018.

A few months ago, the Pentagon submitted an Interim Report on Organizational and Management Structure for the National Security Space Components of the Department of Defense, March 2018.

A report last year addressed Department of Defense Infrastructure Capacity, October 2017.

Public access to such reports is sporadic and often delayed. A bill pending in the House of Representatives would require the Government Publishing Office to post all such (unclassified) reports online. See Access to Congressionally Mandated Reports Act (HR 4631).

For the fourth year in a row, the Department of Defense has asked Congress to legislate a new exemption from the Freedom of Information Act in the FY2019 national defense authorization act for certain unclassified military tactics, techniques and procedures.

Previous requests for such an exemption were rebuffed or ignored by Congress.

The Defense Department again justified its request by explaining that a 2011 US Supreme Court decision in Milner v. Department of the Navy had significantly narrowed its authority to withhold such information under FOIA.

“Before that decision, the Department was authorized to withhold sensitive information on critical infrastructure and military tactics, techniques, and procedures from release under FOIA pursuant to Exemption 2,” DoD wrote in a legislative proposal that was transmitted to Congress on March 16 and posted online yesterday by the Pentagon’s Office of General Counsel.

“This proposal similarly would amend section 130e to add protections for military tactics, techniques, and procedures (TTPs), and rules of engagement that, if publicly disclosed, could reasonably be expected to provide an operational military advantage to an adversary.”

In a new justification added this year, DoD further argued that the exemption was needed to protect its cyber activities. “The probability of successful cyber operations would be limited with the public release of cyber-related TTPs. This [FOIA exemption] proposal would add a layer of mission assurance to unclassified cyber operations and enhance the Department of Defense’s ability to project cyber effects while protecting national security resources.”

New FOIA exemptions are often unpopular and are not always routinely approved by Congress, which has repeatedly dismissed this particular proposal.

DoD has circumscribed the proposed exemption in such a way as to limit its likely impact and to make it somewhat more palatable if it were ever adopted. It would not apply to all TTPs, many of which are freely disclosed online. It would require personal, non-delegable certification by the Secretary of Defense that exemption of particular information was justified. And it would include a balancing test requiring consideration of the public interest in disclosure of information proposed for exemption.

But many FOIA advocates said the proposal was nonetheless inappropriate. It “would undermine the FOIA, creating an unnecessary and overbroad secrecy provision at odds with FOIA’s goal of transparency and accountability to the public,” they wrote in a letter objecting to last year’s version of the proposal.

Some members of the House Armed Services Committee want the Pentagon’s Missile Defense Agency to return to its previous practice of publicly disclosing information about planned flight tests of ballistic missile defense (BMD) systems and components.

Earlier this year, the Department of Defense said that information about BMD flight tests, objectives and schedules was now classified, even though such information had routinely been made public in the past. (DOD Classifies Missile Defense Flight Test Plans, Secrecy News, March 5, 2018).

But in their initial markup of the FY2019 National Defense Authorization Act, members of the House Armed Services Strategic Forces Subcommittee said that the new secrecy was unacceptable, at least with respect to the test schedule.

They directed that “Together with the release of each integrated master test plan of the Missile Defense Agency, the Director of the Missile Defense Agency shall make publicly available a version of each such plan that identifies the fiscal year and the fiscal quarter in which events under the plan will occur.”

The pending provision would “require that MDA make the quarter and fiscal year for execution of planned flight tests unclassified.” (h/t Kingston Reif)

Aside from the merits of the House language, it represents a noteworthy legislative intervention in national security classification policy.

Under other circumstances, the executive branch might consider it an intolerable infringement on its authority for Congress to require information to be unclassified over and against an agency’s own judgment or preference.

But in the context of the context of the ambitious and contentious defense authorization act — which among other things would establish a new U.S. Space Command under U.S. Strategic Command — this particular dispute over classification authority recedes into comparative insignificance.

Somewhat relatedly, the Joint Chiefs of Staff have updated DoD doctrine on space operations, with an expanded discussion of natural and man-made threats.

“Our adversaries’ progress in space technology not only threatens the space environment and our space assets but could potentially deny us an advantage if we lose space superiority.”

The doctrine describes general approaches to defending against threats to space-based assets, including defensive operations, reconstitution, and enhanced resilience through distribution, proliferation and deception. See Joint Publication (JP) 3-14, Space Operations, 10 April 2018.

In just the last few weeks and months, U.S. military officials imposed new restrictions on media interviews and base visits, at least temporarily; they blocked (but later permitted) publication of current data on the extent of insurgent control of Afghanistan; and they classified previously unclassified information concerning future flight tests of ballistic missile defense systems.

“We’ve seen multiple instances in the past year where the [military] services have sought to be more guarded in their transparency and accessibility to the media,” said Rep. Mike Gallagher (R-WI) at an April 12 hearing of the House Armed Services Committee. “Part of that’s understandable, but I think transparency is needed now more than ever.”

Defense Secretary James Mattis said in response that he didn’t exactly disagree.

“I want more engagement with the media, [but] I want you to give your name, I don’t want to read that somebody spoke on condition of anonymity because they weren’t authorized to speak,” Mattis said.

“I have yet to tell anyone they’re not authorized to speak. So if they’re not willing to say they know about the issue and give their name that would concern me. If they’re giving background, they should just be a defense official giving background information authorized to give it.”

“What I don’t want is pre-decisional information, or classified information or any information about upcoming military movements or operations, which is the normal lose lips sink ships kind of restriction.”

“Pre-decisional, we do not close the president’s decision making maneuver space by saying things before the president has made a decision. But otherwise, I want more engagement with the military, and I don’t want to see an increase in opaqueness about what we’re doing.”

“We’re already remote enough from the American people by our size and by our continued focus overseas. We need to be more engaged here at home,” Secretary Mattis said.

Part of that is understandable, as Rep. Gallagher said. But it does not correspond to, or justify, the way that DoD conducts itself in practice, which has certainly produced “an increase in opaqueness.”

Last week, for example, DoD published its regular quarterly report for December 2017 on the number of US troops deployed abroad — but now with the number of troops in Iraq, Syria and Afghanistan deleted. See Pentagon strips Iraq, Afghanistan, Syria troop numbers from web by Tara Copp, Military Times, April 9. (Previously disclosed numbers in prior quarterly reports were also deleted but then reposted last week.)

Citing the new secrecy, Rep. Jackie Speier (D-CA) said “I’m very concerned about that. I think that there’s no combat advantage to obfuscating the number of U.S. service members that were in these countries three months ago. And, furthermore, the American public has a right to know. Do you intend to restore that information to the website?,” she asked Secretary Mattis at last week’s hearing.

“I’ll certainly look at it,” he replied. “I share your conviction that the American people should know everything that doesn’t give the enemy an advantage.”

Members of Congress are urging the executive branch to update and expand the security clearance process by examining the social media presence of individuals who are being considered for a security clearance for access to classified information, which is now being done only on a limited and uneven basis.

“I put more effort into understanding who my interns are” than the security clearance process does in granting clearances, said Senate Intelligence Committee chairman Sen. Richard Burr at a hearing yesterday. “You go to the areas that you learn the most about them — social media is right at the top of the list.”

“I can’t envision anyone coming into the office that you haven’t thoroughly checked out everything that they’ve said online,” Sen. Burr said.

On Tuesday, the House of Representatives passed a bill to promote the use of social media in security clearance investigations.

“It may be hard to believe, but the Federal Government often fails to conduct a simple internet search on individuals before they are trusted with a security clearance,” said Rep. Ron DeSantis (R-FL).

“Publicly available social media is one of the best ways to understand an individual’s interests and intentions, but our investigatory process still focuses on interviewing the applicant’s family, friends, and neighbors,” he said.

In fact, then-Director of National Intelligence James R. Clapper issued a directive in 2016 authorizing — but not requiring — the use of social media in security clearance background investigations. See Security Executive Agent Directive 5 on Collection, Use, and Retention of Publicly Available Social Media Information in Personnel Security Background Investigations and Adjudications, May 12, 2016.

But the practice has apparently been adopted unevenly and on a limited basis.

“For example, the Army initiated a pilot program that found that while checking social media is a valuable tool, it can be costly and may raise some legal issues,” said Rep. Gerry Connolly (D-VA).

The bill passed by the House this week would require the OMB to report on current use of social media in background investigations, legal impediments to such use, the results of any pilot programs, and options for widespread implementation.

The bill “is a much needed first step in modernizing federal security clearance background investigations,” said a House Committee report on the bill. “In recent years, there have been several cases in which federal contractor employees with security clearances leaked classified information after previously sharing suspicious posts on publicly available social media sites.”

If Republicans on the House Intelligence Committee want to publicly release a classified memo that they prepared on alleged misconduct in the FBI, what could be wrong with that?

Quite a lot, actually. Even if the risks of disclosing classified information in this case are small (a point that is disputed), the selective disclosure of isolated claims is bound to produce a distorted view of events. The suppression of dissenting views held by Democratic members of the Committee only aggravates the distortion.

“Deliberately misleading by selectively declassifying is an established technique, and it is one that is both shady and dangerous,” said Sen. Sheldon Whitehouse (D-RI) on the Senate floor on Tuesday.

“This business of selectively cherry-picking things out of classified information to spread a false narrative has a very unpleasant echo for me because this is what the Bush administration was up to when it was trying to defend the torture program. They selectively declassified, for instance, that Abu Zubaydah had been the subject of what they called their enhanced interrogation techniques program and that he had produced important, actionable intelligence. What they did not declassify was that all the actionable intelligence he gave them had been provided before they started on the torture techniques.”

Sen. Whitehouse said that the practice resembled Soviet and Russian information warfare activities that were used “to poison the factual environment.”

“You start with the selective release of classified material that the public can’t get behind because the rest is classified, the false narrative that the ranking member has pointed out that that creates, the partisan and peculiar process for getting there, the ignoring of warnings from their own national security officials about how bad this is, the convenient whipping up of all of this in far-right media at the same time, the amplification of that actually by Russian bots and other sources, and the fact that this is all pointed, not coincidentally, at the agency and officials who are engaged in investigating the Trump White House and the Trump campaign, it is so appallingly obvious what the game is that is being played here.”

Meanwhile, Sen. Whitehouse said, Congress has taken no action to protect against foreign interference in U.S. elections.

“We are warned that a hostile foreign power is going to attack our 2018 election. Where is the legislation to defend against that? Where is the markup of the legislation? Where is the effort to do what needs to be done to defend our democracy? Here we are just a few months out from the election. We are 9 months out. Do I have the math right? It is 9 months between here and there. Nothing.”

Yesterday, the FBI put out a brief statement noting that “we have grave concerns about material omissions of fact that fundamentally impact the memo’s accuracy.”

But as far as is known, no similar concerns have been expressed by intelligence community leaders.

“It is stunning to me,” Sen. Whitehouse said, “that we have heard nothing–at least I have heard nothing– […] from our Director of National Intelligence, DNI Coats, and I have heard nothing from CIA Director Pompeo for–how long it has been?”

Yesterday, coincidentally, the Office of the Director of National Intelligence announced that DNI Coats had directed the declassification of classified intelligence records concerning the Tet Offensive launched by North Vietnamese forces in January 1968.

An ODNI posting said that it is part of a “New Transparency Effort To Share Historical Information of Current Relevance.”

Any declassification of historical information is welcome. But for all of its historical gravity, the Tet Offensive could hardly have less “current relevance.”

What constitutes an act of war in the cyber domain?

It’s a question that officials have wrestled with for some time without being able to provide a clear-cut answer.

But in newly-published responses to questions from the Senate Armed Services Committee, the Pentagon ventured last year that “The determination of what constitutes an ‘act of war’ in or out of cyberspace, would be made on a case-by-case and fact-specific basis by the President.”

“Specifically,” wrote then-Undersecretary of Defense (Intelligence) Marcel Lettre, “cyber attacks that proximately result in a significant loss of life, injury, destruction of critical infrastructure, or serious economic impact should be closely assessed as to whether or not they would be considered an unlawful attack or an ‘act of war.'”

Notably absent from this description is election-tampering or information operations designed to disrupt the electoral process or manipulate public discourse.

Accordingly, Mr. Lettre declared last year that “As of this point, we have not assessed that any particular cyber activity [against] us has constituted an act of war.”

See Cybersecurity, Encryption and United States National Security Matters, Senate Armed Services Committee, September 13, 2016 (published September 2017), at p. 85.

See related comments from Joint Chiefs Chairman Gen. Joseph Dunford in U.S. National Security Challenges and Ongoing Military Operations, Senate Armed Services Committee, September 22, 2016 (published September 2017), at pp. 56-57.

In January 2017, outgoing Obama DHS Secretary Jeh Johnson for the first time designated the U.S. election system as critical infrastructure. “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law,” he wrote. It follows that an attack on the electoral process could now be considered an attack on critical infrastructure and, potentially, an act of war.

“Russia engaged in acts of war against America, not with bullets and bombs, but through a modern form of warfare, a cyberattack on our democracy,” opined Allan Lichtman, a history professor at American University, in a letter published in the latest issue of the New York Review of Books.

Not so fast, replied Noah Feldman and Jacob Weisberg: “The US is not now in a legal state of war with Russia despite that country’s attempts to affect the 2016 election.”

The current issue of the US Army’s Military Intelligence Professional Bulletin (Oct-Dec 2017) includes an article on Recommendations for Intelligence Staffs Concerning Russian New Generation Warfare by MAJ Charles K. Bartles (at pp. 10-17).

Do the security clearance procedures that are used for granting access to classified information actually serve their intended purpose?

To help answer that question, the Senate Intelligence Committee mandated a review of security clearance requirements, including “their collective utility in anticipating future insider threats.”

See the Committee’s new report on the Intelligence Authorization Act for Fiscal Year 2018, filed September 7, 2017.

The report summarizes the content of the pending intelligence authorization bill (S. 1761), which was filed last month, and adds Committee comments on various aspects of current intelligence policy.

So, for example, “The Committee remains concerned about the level of protection afforded to whistleblowers within the IC and the level of insight congressional committees have into their disclosures.”

The central point of contention in the bill is a provision (sec. 623) declaring a sense of Congress “that WikiLeaks and the senior leadership of WikiLeaks resemble a non-state hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.”

The provision had originally stated that WikiLeaks and its leadership “constitute” a non-state hostile intelligence service. But this was amended to replace “constitute” with “resemble”. That move might have attenuated the provision’s significance except that it went on to say — whether WikiLeaks constitutes or merely resembles a non-state hostile intelligence service — that the U.S. should treat it as such.

A hostile state-based intelligence service would presumably be subject to intense surveillance by the US. A competent US counterintelligence agency might also seek to infiltrate the hostile service, to subvert its agenda, and even to take it over or disable it.

Whether such a response would also be elicited by “a non-state hostile intelligence service” is hard to say since the concept itself is new and undefined.

“The Committee’s bill offers no definition of ‘non-state hostile intelligence service’ to clarify what this term is and is not,” wrote Sen. Kamala Harris, who favored removal of this language, though she said WikiLeaks has “done considerable harm to this country.”

Sen. Ron Wyden, who likewise said that WikiLeaks had been “part of a direct attack on our democracy,” opposed the bill due to the WikiLeaks-related provision.

“My concern is that the use of the novel phrase ‘non-state hostile intelligence service’ may have legal, constitutional, and policy implications, particularly should it be applied to journalists inquiring about secrets,” Sen. Wyden wrote in minority views appended to the report. “The language in the bill suggesting that the U.S. government has some unstated course of action against ‘non-state hostile intelligence services’ is equally troubling.”