Remarks as Prepared

The Learning Curve

As the towers were falling and the Pentagon fire was burning on 9/11, I was walking toward the US Capitol. My destination was the intelligence committee rooms in the Capitol dome—the place most believe was the intended target of the fourth plane which, thanks to the heroism of its passengers, went down in Shanksville, Pennsylvania.

My staff called to alert me that the Capitol had just been closed, as were the House office buildings. So most of Congress and I milled around on the lawn in front of the Capitol. There was no evacuation plan…

We had no roadmap for response. And as I look back over the 12 years since, our actions (including mine) were less strategic than they should have been.

One thing we quickly corrected was to reopen the Capitol on the evening of 9/11 and to stand on the steps holding hands and singing “God Bless America.”

On the worst day in American history, we should never have closed it in the first place.

Days later, we passed the Authorization to Use Military Force (AUMF), which enabled the Administration to go after those in Afghanistan who had attacked us.

No one who voted for it that day conceived that it would become the cornerstone of administration CT policy around the world—and I applaud the efforts of people like Senator Bob Corker, who want to reconsider it and enact something that fits the evolved threat.

In October 2001, we passed the Patriot Act to modernize a number of law-enforcement tools. For example, “trap and trace authorities” were designed for landlines in a pre-cell phone age.

Congress did the right thing by sun-setting some of the new authorities, and it took a while to shape the so-called Library Provision so that top FBI leadership had to approve applications for library records, to ensure that investigations focused on terror suspects, not your average grandmother taking out a library book.

I became ranking member of the House Intelligence Committee in 2003 and had an extraordinary opportunity to learn our national security secrets through the “Gang of 8” process.

Looking back, I give myself mixed marks.

When I was briefed on the so-called “enhanced interrogation techniques” in early 2003, I wrote a letter (then classified) asking whether there had been White House guidance and warning the Administration not to destroy any videotapes made of the use of the techniques.

My letter (since declassified) was never answered substantively. But I am proud that I wrote it…

On the other hand, I was briefed on the code-named program now known as the Terrorist Surveillance Program (TSP).

I was assured—over and over—that it complied fully with law and was persuaded that it was crucial to protect it.

However, following unauthorized disclosures about TSP by the New York Times, President Bush partially declassified its existence in 2005, and I asked a well-qualified expert, Jeff Smith, former CIA general counsel, about the legal underpinnings of TSP. He explained that TSP must have been conducted outside of the 1978 Foreign Intelligence Surveillance Act—a stunning revelation to me.

So…the assurances that the program was legal referred to the OLC memos by John Yoo, not the applicable statute.

That discovery led to a three-year long effort to revise FISA, which we ultimately did—to put the program fully under law.

I am also proud of my own role in coauthoring the 2004 intelligence reform law.

That bipartisan legislation refashioned the intelligence community’s 1947 business model to create a joint command across America’s 16 intelligence agencies. It was one of my proudest legislative achievements, and the experience allowed me to forge a strong friendship with Maine Republican Senator Susan Collins.

By collaborating across party lines and across Capitol Hill, and by sharing the credit, we showed that big issues can be addressed and good policy can be developed by the United States Congress. Sadly, that experience is rare—and, eight years later, almost non-existent.

A chilling indictment of the past has come recently in a New Yorker piece by Jill Lepore.

In the article, called “The Dark Ages,” she says: “The White House’s answer to terrorism, which is an abandonment of the law of war, was the abandonment of the rule of law.”

While I think that characterization is harsh given some of the efforts I have described, some is fair.  

Jill Lepore is talking specifically about interrogation tactics, but many worry that the same could be said about some of our other counterterrorism tools. Think detention, targeted killing and cyberwarfare.

As threats, technologies, and tactics have evolved, the law has not kept up. Before he left the White House for the CIA, John Brennan reportedly compiled a highly classified “playbook”—a set of standards to govern our counterterrorism actions.

That’s a necessary short-term fix. But, in the long-term, Congress needs to own the game…and insist on transparency and legislative limits.  

Using new tools—particularly lethal ones—without public debate or clear legal authority is a mistake…and a slippery slope.

We need a comprehensive counterterrorism strategy across the U.S. government.  Disparate tactics, with varied consequences, will not win us any friends (we’ve lost quite a few along the way)—and will not ultimately help reduce threats against the United States. 

In fact, if we continue to operate without a comprehensive legal framework around our actions, we may end up creating more enemies than we’re eliminating.

“Why Are They the Enemy?”

Consider what Gen. Stanley McChrystal, former commander of the International Security Assistance Force in Afghanistan (ISAF) and the Joint Special Operations Command, recently said about what he learned in Iraq and Afghanistan.

In Iraq, he says, the first question he asked was, “Where is the enemy?'”

As things evolved, the question became, “Who is the enemy?”

Then “What’s the enemy doing or trying to do?'” and, finally, “Why are they the enemy?”

This catechism is so revealing, but shouldn’t be surprising: the tactic of taking out bad guys may ultimately create more of them.  I was recently on a panel at a security conference in Herzliya, Israel, where a thoughtful academic named Boaz Ganor discussed this so-called “boomerang effect.”  The idea is that there is often a contradiction between dismantling the capability of terrorists and removing their motivation.

Without a strategy and clear legal framework around our counterterrorism tactics, they can become inadvertent recruitment tools (think Gitmo). Moreover, playing whack-a-mole will not win the argument with the kid in rural Yemen deciding whether or not to strap on a suicide vest.

Now that the American public is finally tuning in to the debate and insisting on clear limits on the tactics we use, Congress—the nation’s lawmakers—need to step back in.

Change in Terror Threat

Today, we face a horizontally organized threat.

A confluence of multiple events – from reduction in al Qaeda Senior Leadership, to the rise of al Qaeda affiliates, to the new networks between Al Qaeda and among a range of extremist groups to the US drawdowns in Iraq and Afghanistan to the civil war in Syria – has changed the threat landscape tremendously.  This constantly changing state of affairs – where the new “safehaven” is in many places, even hidden behind computer screens – means that the US will probably face an increase in smaller-scale attacks. 

To the casual observer, it may seem as though there’s been an explosion in growth of extremist terror organizations and networks in North and West Africa – Mali, Algeria, Nigeria and Morocco to name a few – but many of these groups have been around for a while.  Older groups, including al Qaeda in the Islamic Maghreb, are mixing with new and taking advantage of power vacuums in many countries with weak governments.  Libya hasn’t helped the situation. 

But these groups for the most part are opportunistic and won’t launch attacks directly on the homeland.  On US citizens and installations abroad, yes, but not the U.S. homeland.

But the other AQ affiliates – especially AQAP, or al Qaeda in the Arabian Peninsula – seek specifically to target the West.  AQAP is also technically capable – unlike most of the other extremist groups – of plotting and carrying out complex attacks. 

This group also continues to publish Inspire magazine – releasing its tenth edition last month, even after the death of spiritual and operational leader Anwar al-Awlaki. Inspire dedicates many pages to proclaiming the advantages of smaller-scale attacks and provides specific instructions for carrying them out - signaling that this is the new normal.

In Syria, Jabhat al Nusra has emerged as a radical faction of the Opposition.  Nusra is attracting so-called “foreign fighters” easily, gaining experience and organizational skills, and without careful scrutiny, could develop into a major threat down the road.

Hezbollah is often tossed by the wayside in assessments of terror threat, but historically, this group has been more lethal than al Qaeda or its affiliates.  More an army than a terror group, they are better trained, better equipped, and better funded. 

Hezbollah is responsible for the recent attack in Bulgaria.  Hezbollah attacked the US in Beirut in the 80s and the Jewish Community Center in Buenos Aires in the 90s. And Hezbollah has deep ties with the Iranian Revolutionary Guard Qods Force.

Groups like Hezbollah – and even AQAP – have capabilities to carry out crude cyber attacks (think nuclear pressure controls and railroad traffic lights) as well as kinetic attacks. 

We can’t just worry about state actors like China, Iran and North Korea. 

The ranks of some terror groups are full of what I call “digital natives” – the younger generation who are tech savvy – who could easily arrange a black-market purchase of so-called “Exploits” that provide key vulnerabilities in software. 

To give you an example of the possible magnitude of Exploits: the “Stuxnet” virus used four of them.  And they range in price, starting at an affordable $25,000 – less than half a year’s tuition!

The evolution in threat means we can – and should – increasingly rely on a combination of law enforcement, counterterrorism cooperation with other countries, and limited use of kinetic power to mitigate terror threats.

Tactics & Legal Authorities

So, what does this evolution mean for US counterterrorism policy?

First, let’s discuss the rise of “remote-control warfare”—and the failure of laws to keep up.

I’m sure you’ve all seen the latest Gallup Poll data on American opinions about drones:

  • 65% of Americans largely support drone strike against foreign terrorist suspects abroad. 
  • Only 41% support targeting Americans overseas.
  • 25% of Americans support the prospect of domestic drone strikes.  (Yikes!)

But America doesn’t own the drone – or any other kind of Unmanned Aerial Vehicle.  Other countries are already in the game, more than 70, in fact. 

The total absence of international rules for drone use is troubling, and the U.S. must take the lead and develop a strict legal framework for drone use internationally and domestically.

Why are there safeguards to track communications of Americans abroad but not for killing them?

The United States has experience in constructing protective, rule-based foundations for our most sensitive programs. The framework established in the 35-year-old FISA legislation should be used to cover targeted killings of U.S. citizens abroad and for offensive cyber operations. Probable cause judicial determinations used in the current FISA legal architecture can be easily applied in the context of new counterterrorism tools.

Let me be clear: the “drone court” would not review operational decisions. I’m suggesting a FISA-like framework and a renamed CT court to review the criteria for making decisions to strike.

As commander-in-chief, the President would determine whether and when to strike.

And to answer concerns by some that the FISA court is just a rubber stamp: you may be missing the point. 

FISA adds judicial review to our efforts to intercept communications, which means that the Intelligence Community must go through a careful analysis and reporting process that some say can at times be “agony” and requires diligence. 

Yes, most cases are approved.  But that ignores the large number that are not pursued because the case isn’t strong enough to meet FISA scrutiny…

Inside the U.S., without exception, an American suspected of plotting a terror attack should never be targeted by an armed drone. In ''ticking-bomb’' situations – when a person in the U.S. is poised to push the button and create large-scale mayhem – SWAT teams and helicopters can do the work. This is consistent with long-standing law enforcement protocol.

Second, let’s discuss new domestic surveillance capabilities: unarmed drones and cell-site simulators like the StingRay.

Three years ago, when I was chair of the congressional Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment, few were paying attention to moves being made by the Department of Homeland Security and a handful of U.S. police departments to use satellite imagery for routine law enforcement or emergency operations.

Fortunately, Congress was able to force DHS to close its National Applications Office program that gave law enforcement access to sensitive satellites.

But since that success, there has been radio silence.

Except at the Federal Aviation Administration, which has been tasked with reviewing safety of domestic drones - nothing related to legal or security issues.

And the federal government is forging ahead with plans to put drones into domestic airspace. DHS has a Robotic Aircraft for Public Safety Program, and it is testing multiple types of Unmanned Aerial Vehicles (UAV). After testing, DHS will transfer whatever UAV system it determines has the best capabilities for its "customers" – U.S. law enforcement.

Hold on!

Will law enforcement be able to fly a drone over Los Angeles or Topeka at will?

How will the information gathered be used?

What if increasingly capable drones can "see" into private homes and "hear" private conversations?

Can such information gathered without an individualized warrant be used in a court of law?

House members like Zoe Lofgren and Ted Poe have offered proposals to put in place due process protections for Americans against government-operated drones in U.S. airspace and prevent them from being armed, but their bill is far from passage.

In the absence of congressional action, more than 30 state legislatures are banning or contemplating bills governing domestic drone use. But we need a national solution – not a fragmentation of state and local laws.

Beyond the lack of rules for domestic drones, these vehicles are inexpensive. What’s more, the FAA predicts there may be 30,000 of them in the domestic airspace over the next decade and it may be difficult to track them – at least currently – like the drone sighting by an airline pilot in New York.

Don’t get me wrong. Drone technology is not going away and it can be a very useful tool. Fire crews use drones to get a closer look at wildfires when helicopters can’t. And helicopters are expensive for police departments to maintain and fuel.

But helicopters give a clear signal of their presence. Drones – in most cases – are nearly silent and can dwell longer over a particular area.

Another silent tool, the “StingRay” – made famous last week in Ellen Nakashima’s Washington Post story – is a technology the American public learned about via Freedom of Information Act request.  It apparently simulates a cell tower and allows collection of cell phone serial numbers and the locations of those phones.

The Justice Department has said that a warrant based on probable cause is not needed to use “cell-site simulators” – like StingRay – because the government is not employing them to intercept communications. 

So it’s OK just to track individuals?

How many other tools like this are out on the street?  And what are the rules governing their use?

Third, let’s discuss offensive cyber.

Just two weeks ago, General Keith Alexander announced that the Department of Defense Cyber Command has created 13 offensive cyber war teams to attack computer systems and networks. 

No reaction.

Imagine if the Pentagon announced 13 new battalions were preparing to deploy anywhere, at any time. This is a huge deal.

But there are some critical questions to raise:

  • How will we decide whether to conduct denial of service attacks against adversaries or write malicious computer code?
  • Does the victim of the attack matter? 
  • Will our response be different if an attack occurs on our banking system rather than our power grid? 
  • When will these teams engage?  What are the red lines?

There are just too many unanswered questions.  I’m thrilled that the House is planning a cyber week April 15th to consider legislation, but we also need an explanation of the current US approach to offensive cyber by the Administration.

Congress: Own the Game!

In response to abuses of the Nixon years, Congress established legislative oversight of intelligence through enacting FISA and creating the House and Senate Intel Committees.

But then after 9/11, the Bush White House “leaned in” and asserted Executive power—which cut out Congress. 

I’ve heard all the arguments that the President is more uniquely positioned from an institutional perspective to exercise dexterity as it relates to national security. However, Congress is constitutionally and structurally capable of taking the lead on laying down the ground rules.

So, what should our strategy look like? 

For starters, we must review the operational framework for new declarations of armed conflict or attacks if a group poses a sustained and organized threat to the US or its citizens. Congress must take the lead.

A full debate about this framework will be crucial, and likely painful.  But without it, we have no hope of addressing the concerns of both sides of the aisle.

Then, we must determine what laws must be amended and if new ones must be enacted.


America has seen the ''creeping executive power’' movie before.

The drawdown in Afghanistan, the decimation of the al Qaeda core leadership, the horizontal organization of “affiliates,” the explosion of drone technology across the world suggests that the US can—and must—reevaluate its counterterrorism policies and strategy, starting now.

We need clear rules of the road going forward.

Here at Penn, with your new Center for Ethics and the Rule of Law, you are already beginning to tackle these tough issues. 

It’s you, the new crop of smart lawyers, who can make the difference.