In recent years, Congress has been building a domestic legal framework for grey zone competition (that is, the spectrum of unfriendly actions that states may undertake against one another, surreptitiously, that are below the threshold of actual hostilities yet more serious and disruptive than the ordinary jostling of international affairs) for military operations conducted in the cyber domain. That project has gone rather well, compared to most things Congress undertakes. Last year, it culminated in NDAA provisions that clarified CYBERCOM’s authority in this area while also ensuring a sound degree of oversight of the resulting activities. So far so good. But the grey zone challenges that define our times of course are not limited to cyber operations as such.

They also include a broader battle over beliefs and identity. We have learned the hard way that today’s information environment, characterized by the ubiquity of decentralized social-media distribution networks, provides malicious actors (including but not limited to hostile foreign governments) with a remarkable opportunity to inject fake information and to selectively amplify or distort other information. Russia obviously appreciates this, and others increasingly do as well. Much like cybersecurity, it is a context in which America’s traditional advantages of conventional military superiority and geographic insulation mean nothing, and indeed we are asymmetrically vulnerable due to our openness and commitments to free expression.

Growing appreciation of the strategic significance of this aspect of grey zone competition, both for us and for our allies, has led to fascinating and difficult questions about whether and how to alter our institutional, doctrinal and legal frameworks so that we can defend and compete more effectively in this space. By and large, the resulting debates have focused on the pressures that might be placed on U.S.-based social media companies to do more to prevent their systems from serving as the vehicle for malicious activity. But what about the role of the U.S. government itself? In the related context of competition in the cyber domain, Congress and the executive branch have determined, for better or worse, that our military should play an important role in that competition, and as noted above Congress has quickly stepped up in a thoughtful way by adapting U.S. domestic legal framework both to facilitate that role and to subject it to oversight (you can read in detail about that here).

Should the same now occur with respect to competition in the broader information environment? Congress thinks so. As I explain below, Section 1631 of the pending NDAA is an important (but little-noticed) provision that borrows heavily from the framework for cyber operations. It is the latest, and least appreciated, elements of the ongoing project in which the United States is building a legal and institutional framework for the grey zone competition—a competition that will define critical aspects of interstate competition throughout the 2020s, in this case along a dimension that ties in directly to our increasingly-ugly domestic politics. Read on for an explanation of the nuts-and-bolts. Or, if you prefer, you can read the full text of the gigantic bill, or just the “joint explanatory statement” issued last night after the House and Senate conferees reached agreement at last.

1. Affirming the authority of the military to conduct (and defend against) information operations

No one doubts that the military already has some authority to conduct information operations. Information operations are a traditional incident of war, after all. And I suspect that no one seriously doubts that some part of the U.S. government ought to be doing something when foreign governments—like Russia—engage in systematic efforts to spread false information to the American public. The interesting question is whether and to what extent the U.S. military should play a role in contexts where hostile information operations are not related to armed conflict, preparation for armed conflict and the like.

One might argue for this function to reside primarily with the CIA, for example, particularly insofar as we are talking about conducting an operation where the U.S. role will not be acknowledged. That’s the very definition of “covert action,” after all, which, as Executive Order 12,333 has long affirmed, is in the CIA’s purview unless and until the President expressly determines otherwise in a particular case. But the same thing might be said about deniable cyber operations in grey zone competition, and yet, for a variety of reasons, we have developed and empowered CYBERCOM to play a central role in that setting. Indeed, as I noted above, Congress has worked hard in recent years to build out a domestic legal framework to facilitate and oversee that military role.

Congress is now following that same script, working to extend the model to competition in the information environment through Section 1631 of the new NDAA.

Section 1631(b) expressly affirms that the Defense Department can conduct “military operations” in the information environment, “including clandestine operations,” for certain purposes. I’ll have more to say about that reference to “clandestine” below. First, let’s note the broad list of purposes.

The military’s role comes into play in three scenarios. First, defense of the United States itself. Second, defense of allies. Third, defense of the “interests” of the United States. The statute notably does not clarify what nature or degree of threats to these objects count, and so the invitation can only be described as quite broad.

Critically, Congress goes on to remove any doubt that this grant of authority encompasses operations in situations below the threshold of hostilities. Section 1631(b) says as much, stating that the authority recognized in this provision includes “the conduct of military operations short of hostilities and in areas outside of areas of active hostilities for the purpose of preparation of the environment, influence, force protection, and deterrence of hostilities.”

2. Are we talking about military “covert action”?

In fact, yes, we are. But the statute goes out of its way to ensure that the statutory framework for “covert action” will not apply to these activities.

Let me explain. You may recall that, for many years, there was considerable debate about whether military cyber operations could qualify for the “traditional military activities” (TMA) exception to the statutory definition of “covert action.” Helpfully, Congress settled that question in the affirmative in the last NDAA, defining military cyber operations for the most part as qualifying as TMA. Ever since then, it is clear that military cyber operations do not trigger the statutory covert action framework even when conducted on a deniable basis. So far so good. Much less helpfully, Congress opted at that time to put the label “clandestine” on that category, despite the fact that “clandestine” is a term that is supposed to signify an intent for an operation not to be detected, in contrast to the idea that U.S. responsibility for said operation is intended to be deniable in the event the operation in fact is detected or has manifest effects. That is the difference, or at least it used to be, between “clandestine” and “covert.”   Of course it made sense for Congress to want a label other than “covert” once it decided to exempt most deniable military cyber operations from triggering the covert-action statutory regime and its oversight requirements. It’s just that clandestine was the wrong word for that job.  But what’s done is done; Congress says that “clandestine military cyber operations” includes deniable ops, and that’s that.

Why mention all that here, where we are talking about operations in the information environment beyond cyber operations? Because, as noted above, Section 1631(b)’s affirmation of authority expressly includes “clandestine” information operations, and the same definitional-confusion issues arises as a result. And because Congress again resolves it in the same way. Section 1631(c) states expressly that clandestine military activity in the information environment shall count for purposes of the TMA exception to the statutory definition of covert action. And, for good measure, a definitional provision further down in this same section reinforces the point by defining this category to include operations that are “marked by, held in, or conducted with secrecy, where the intent is that the operation or activity will not be apparent or acknowledged publicly….” Section 1631(i)(3) (emphasis added).

Had Congress not taken this step, there is no doubt whatsoever that there would have been loads of debate about whether Defense Department information operations below the threshold of hostilities, and not preparatory thereto, would qualify for the TMA exception. That’s how it was with military cyber operations prior to last year’s congressional intervention, after all, and information operations unrelated to anticipated hostilities would have been a still-tougher case for establishing the applicability of the TMA exception, without Section 1631(c).

It is worth pausing here to note that the symmetry between the cyber provisions in last year’s NDAA and the new information-operations provisions in this year’s model make particular sense insofar as they discuss, in practice, about activities with elements of both.

3. Wait, so does that mean there’ll be no oversight of these activities?

By exempting these activities from the covert-action statutory framework, the oversight-and-reporting system associated with that framework also drops out of the picture. If not addressed in some other way, that absence of oversight would be awfully risky. Congress recognized as much in the parallel setting of cyber operations, in the past, and over time it built a parallel system of oversight (running to the House and Senate Armed Services Committees rather than the Intelligence Committees) to ensure that there would still be reporting of deniable cyber activities despite the TMA exception applying. Might it do the same here with information operations?

It has done so, in fact, in the new bill. But for reasons that are unclear, it has chosen to be less aggressive with the rules this time.

In the cyber context, there are several different oversight requirements, including both a general obligation to report to Congress on a quarterly basis and a 48-hour reporting rule for “sensitive military cyber operations” intended to have effects overseas but outside areas of active hostilities. (There is a separate provision of the new NDAA tweaks that cyber-notification rule, which will be the subject of a forthcoming Lawfare post.)] Congress could have adapted exactly that model here, but it is not doing so. Instead, the new NDAA will require only the quarterly-reporting obligation for “significant” activities, in Section 1631(d). There is not, yet, any 48-hour rule for particularly sensitive activities. That’s probably a mistake. On the other hand, Section 1631(d) does smartly insist that all clandestine—meaning covert but TMA—activities automatically count as “significant” and thus must be reported. My quibble is just with the timing.

4. If the Defense Department is going to become more active in this space, does it need new internal organizational structures?

Congress seems to think so, though it’s intervention is modest. Section 1631(a) calls for the creation of a new position: the Principal Information Operations Advisor, who will focus on advising the Secretary of Defense as to all department information operations. Too bad that acronym isn’t very pronounceable. “Quick, get me the PIAO (Pie-oh-uh), there’s a subversive meme trending on Tik-Tok!”

***

That’s all for now. Stay tuned for more Lawfare coverage of the many, many, many interesting aspects of the new NDAA.

 

This post first appeared in Lawfare. Read the original article.

The draft articles of impeachment released on Dec. 10 by House Democrats reflect a series of careful and intentional strategic choices.

First, the document is short—just over eight pages. It contains only two articles of impeachment: one on abuse of power, and one on obstruction of Congress. It uses no Latin terms. It has no footnotes. It is written in clear language, without lawyerly turns of phrase or technicalities. It is designed to tell a straightforward story in terms that are easy to understand. It is, in short, a document meant to be readable by Americans, not just by lawyers.

If read as one would read a criminal indictment, the document’s brevity might seem strange. But that’s not the point. The point, rather, is to tell a story that is both well-supported by witness testimony before the House Intelligence Committee and that jibes with the instinct of most Americans that soliciting a foreign government to damage a domestic political opponent is wrong. It is designed to make things easy for House Democrats heading home for the holidays, who will be encouraging constituents to read the document for themselves. It is designed to support simple talking points for members to justify impeachment to their constituents in town hall meetings.

Second, the document’s simplicity is clearly intended to facilitate a trial strategy as well—to set up a Senate trial that tells a clean story. The articles, after all, are not a press release; they are a litigation document. Keeping things simple will allow the House impeachment managers to tell a single narrative through-line leading to two counts: The president abused his power in his interactions with Ukraine and then proceeded to try to block Congress from investigating his misconduct.

Third, the document clearly reflects a decision to focus not on criminal offenses but on structural abuses. It’s notable, for example, that the articles don’t mention the word “bribery”—an offense that the Constitution specifically notes as impeachable—even though they spell out how Trump’s actions fulfilled the different prongs of the bribery statute, describing how the president conditioned the performance of an official act on the receipt of a thing of value and did so with corrupt intent. This exclusion seems to reflect both a desire to treat the entire Ukraine affair in a single umbrella article covering “abuse of power” and a decision not to focus on a term that has a definition in U.S. criminal law. The latter approach could draw House managers into the rabbit hole of whether Trump’s conduct meets the current criminal statutory definition of bribery. The term “abuse of power” is not so burdened. As former Acting Attorney General Matthew Whitaker so memorably argued, “abuse of power is not a crime.”

Fourth, Nadler has chosen not to include an article based explicitly on findings in the Mueller report. That said, both articles allude to Mueller’s work. The first states that Trump’s efforts to extort Ukraine “were consistent with President Trump’s previous invitations of foreign interference in United States elections.” And the second article, on obstruction of Congress, makes a similar note: “These actions were consistent with President Trump’s previous efforts to undermine United States Government investigations into foreign interference in United States elections.”

But there is no article of impeachment based on obstruction of Mueller’s investigation. This reflects a strategic decision to stay away from the Mueller report, presumably because House Democrats elected from red districts may be skittish about impeachment on this basis. Focusing on the lowest-common-denominator approach and keeping the focus on Ukraine is an acknowledgment of the political reality that keeping the articles streamlined will garner more Democratic votes.

Yet for all the political benefits of this approach, it comes at a cost, too. The concerns of a member of Congress focused on political messaging aren’t the concerns of a prosecutor. And when a single document tries to speak to both sets of goals at the same time, compromises will have to be made.

For one thing, whatever articles the House adopts will inevitably create a precedent with potential consequences for future administrations. Too broad and simplified an account of Trump’s conduct may risk encompassing less objectionable executive branch conduct, which could facilitate later efforts to use impeachment as a partisan political tool. While these concerns are often overstated by those who oppose Trump’s impeachment, they reflect real concerns that were no doubt on the minds of the former executive branch attorneys advising House Democrats on the impeachment proceedings.

And then there are those costs that are chiefly visible in the form of what isn’t included. Back in September, some of us (Hennessey, Jurecic and Wittes) identified five areas of presidential conduct that merited articles of impeachment. Two areas, concerning Trump’s behavior related to Ukraine and his obstruction of Congress, are reflected in the articles produced by the House. But the House’s strategic choices result in other subject matter and fact patterns being avoided entirely. Take the president’s lies—which are, of course, too many and too widely varied to include in a single article, but present serious harm to the American public and democratic accountability. As the three of us observed,

[Trump’s] tenure has genuinely posed the question of whether the president has any obligation at all to tell the truth about anything—ever. His presidency is, among other things, advancing the proposition that the idea of “faithful” execution of the law implies no duty of candor at all… [H]ere impeachment is the only remedy. Congress cannot pass a law demanding that Trump stop lying or tell the truth a higher percentage of the time. It can only vote that lies of such magnitude and nature and frequency as the ones he tells are inconsistent with the conduct of the office he holds.

And there are others. The most obvious omission—as noted above—is the absence of an article related to obstruction of justice in the Mueller investigation. One of us (Hennessey) argued yesterday that Democrats would err in not including an explicit article based on the strongest episode of obstruction, both because of the importance of deterring similar misconduct by future presidents and because including an article regarding a clear criminal violation based on a well-developed record would provide a strong counterpoint to the emerging Republican defenses in L’Affaire Ukrainienne.

But even that modest inclusion would ignore other aspects of the president’s campaign against the FBI and the institutions of independent law enforcement: his efforts to pressure Attorney General Jeff Sessions into limiting the Russia investigation, his dangling of pardons to dissuade witnesses from cooperating with federal investigators and his seeking to remove the special counsel. And it also leaves out another of the more egregious presidential behaviors addressed in Volume II of the Mueller report: Trump’s effort to leverage the power of the Justice Department into politically motivated investigations and prosecutions of his political enemies.

The articles drafted by the House pay a price in their lack of completeness—which is the flip side of their streamlined simplicity. The trade-off of being able to tell a clean and concise story, after all, is that broad and sweeping narratives are ruled out. By focusing narrowly on Ukraine, the House risks forfeiting the ability to tell the full story of Trump’s efforts to leverage the power of the presidency to target his political opponents. Yes, Trump’s effort to pressure Ukraine to investigate Biden is part of this story—but so too are his private and public attempts to pressure the attorney general to investigate Hillary Clinton and his public demands that individual citizens like James Comey, John Brennan, Peter Strzok, Lisa Page and the family members of Michael Cohen be targeted for investigation. It may be easier to tell the story of how Trump tried to turn Ukrainian law enforcement to his own purposes, but what about his abuses of American law enforcement?

The same can be said of the article related to obstruction of Congress. The president’s instruction that current and former officials across the executive branch should not cooperate with the ongoing impeachment inquiry is a discrete and comprehensible offense. But this article of impeachment fails to capture how Trump’s actions represent an outright assault on the very notion of legislative oversight. This strategy ignores broader assertions outside the context of impeachment of absolute immunity and the frivolous claims of executive privilege over the testimony of individuals who have never even served in government. It ignores, for example, the White House’s direction that the executive branch not comply with requests for documents and testimony related to the security clearance process and questions on the U.S. census. While the refusal to comply with demands for information related to impeachment represents a heightened breach, the essence of the constitutional injury lies in the aggregate pattern. And while the articles incorporate these broader patterns by referencing Trump’s “previous” activity, that’s hardly enough to communicate the scope of the abuse.

The optimal balance between political strategy and legal precision is one on which reasonable minds can disagree. Ultimately, there’s not a single right answer—and given that Speaker of the House Nancy Pelosi has a caucus to wrangle, presumably the compromises these articles reflect were made with the counting of votes in mind. In a separate piece, we’ll suggest some specific changes to improve the draft articles within this framework.

This post first appeared in Lawfare. Read the original article.