Boko Haram: Nigeria’s Islamist Insurgency

A Review of Boko Haram: Nigeria’s Islamist Insurgency by Virginia Comolli (Hurst & Company, 2015)

By Isaac Kfir

(Re-published from Journal of Islamic Studies, 28:1) The emergence in Northern Nigeria of Boko Haram—Jamāʿat ahl al-Sunna li-l-daʿwa wa-l-jihād (“The Group Committed to the Propagation of the Prophet’s Teachings and Jihad”)—has spawned a number of studies offering to explain its origins, rise, and rationale. In Boko Haram: Nigeria’s Islamist Insurgency, Virginia Comolli, a research fellow for security and development at the International Institute for Strategic Studies, offers her interpretation for the rise of the group and the continued threat that it poses to Nigeria, the region and possibly the international system. The threat stems from Boko Haram nurturing and building relations with various al-Qaeda affiliates in Africa and beyond. An additional objective of the book is to highlight how counterinsurgency operations can feed an insurgency.

“Yusuf managed to appeal to these individuals because he was charismatic and also wealthy, able to provide micro-loans.”

Comolli’s study frankly admits to the inherent difficulties of gathering primary information about the group and Northern Nigeria in general. This is because the group generally does not engage with Westerners (senior members of the group do not give interviews for example), its public statements are limited (some are available on YouTube, but Comolli does not seem to use them). Rather, Boko Haram opts for action, and access to its area of operation is restricted mainly by the Nigerian security services. Thus, Comolli bases her research on interviews with Nigerian security services, ordinary Nigerians (including some survivors of Boko Haram attacks), open-source information, and historical materials. This approach allows her to put together a compendium about the group. In some respects, the book’s goal, as Comolli recognizes, is to develop a more comprehensive approach to the dynamics of religious extremism in Nigeria and the region. To achieve such a goal Comolli’s takes a historical, societal approach to what prompted the emergence of the group. The book’s chapters, though meant to be thematically organized, read more chronologically, which makes sense as Comolli traces the evolution of Boko Haram to its current manifestation as a regional entity committed to violence across the Sahel and West Africa.

Comolli opens with an account of religious extremism in Nigeria, focused mainly on Usman Dan Fodio’s Jihad and the Sokoto Caliphate. Included in this account is Britain’s preference for indirect rule in Nigeria, which allowed, if not encouraged, the adoption of Shariʿa in Northern Nigeria. The chapter underlies the North-South division that has plagued Nigeria from the moment of independence. The next chapter describes the origins of many contemporary Islamist groups, noting how they formed, splintered, transformed and reformed, as seen for example with Ansaru (in full, Jamāʿat anṣār al-Muslimīn fī bilād al-Sudān). This provides the foundation for Comolli to deconstruct and explain Boko Haram, which she does in ch. 4. She describes its social make-up, funding and support networks.

In reviewing the evolution of the group, Comolli explores its first leader, Yusuf’s role and how he sought ties with the people, particularly the children who become almajirai—a complex term that has elicited different descriptions from different scholars, some seeing them as unemployed vagabonds, others as those who come to study the Qurʾān, or who migrate to avoid the hardship of the dry season, to those who are essentially street hustlers. Yusuf managed to appeal to these individuals because he was charismatic and also wealthy, able to provide micro-loans. What Yusuf did was to give many of the young men an identity and a sense of belonging …

To read the full article, click here.

Isaac Kfir, Associate Professor of International Relations and the Middle East at Tokyo International University, is an INSCT Research and Practice Associate.

A Step Forward: The UN & Justice for Syria

By David M. Crane

(Re-published from | Jan. 1, 2017) On 21 Dec., 2016, 105 member states of the United Nations General Assembly took an important step forward in seeking justice for the people of Syria. The action-taking was a resolution that paves the way for an independent organization to begin collecting, cataloging, and analyzing data and other criminal information coming out of Syria into proper evidence to be used someday by a local, regional, or international prosecutor someday in order to hold accountable all parties committing international crimes in Syria from March 2011 to the present.

“As we began to consider various mechanisms to cure this problem, an accountability center became apparent.”

Since the beginning of the civil war in 2011, there have been dozens of efforts by various nongovernmental organizations to collect data on the crimes being committed in Syria. Though laudable in their efforts, this massive amount of data is useless in a court of law. It is unreliable and not authenticated, with no chains of custody or other safeguards. Essentially almost all of the data being collected regarding crimes in Syria is tainted and inadmissible.

Three organizations did begin to emerge that were working in tangent to correct this problem. One of these is the Syrian Accountability Center, which I founded in March of 2011 to create a trial package for a future local, regional, or international prosecutor. It is designed along the same methods I used to investigate and indict President Charles Taylor for war crimes and crimes against humanity in West Africa. Additionally, two other organizations are doing important work, the Coalition for International Justice and Accountability and the Syrian Justice and Accountability Center. The heads of these three organizations met and briefed various UN ambassadors on the evidence challenges in November. It was there I urged the creation of the accountability center concept.

As we began to consider various mechanisms to cure this problem, an accountability center became apparent, a center run by experienced international criminal law professionals who could take this mass of data already collected, and still coming out of Syria, and turn it into that evidence necessary to hold accountable those parties committing crimes in violation of Syrian and international law.

The international community has spent millions of dollars supporting efforts to build data bases by organizations who in large measure do not have the experience to build a criminal case. The accountability center concept was designed to fix this problem. Throughout Fall 2016, we carefully planned a campaign to garner the support necessary to succeed in creating the accountability center. Under the leadership of ambassadors Christian Weneweser of Lichtenstein and Alya Althani of Qatar various paths were considered from the Security Council, the General Assembly, and possibly a regional organization such as the European Union or the Arab League. The General Assembly was the most realistic pathway to success …

To read the complete article, click here.


Trump’s Plan to Move US Embassy to Jerusalem Could Help the Peace Process

By Miriam F. Elman

(Re-published from The Washington Post Monkey Cage | Dec. 29, 2016) President-elect Donald Trump’s pledge to move the US Embassy from Tel Aviv to Jerusalem and his selection of an ambassador to Israel who heartily supports the relocation have produced a deluge of dire warnings. Critics claim the move would unleash a wave of extremism, making past clashes pale by comparison. But these warnings may be exaggerated. A careful look at conflict-resolution theory suggests that moving the embassy could be a constructive move, pushing Israelis and Palestinians back to negotiations.

“The costs of a move may be high, but the literature on conflict resolution suggests this could prove a strength, not a weakness.”

Many assumed Trump would renege on his campaign pledge once in office, as presidents Bill Clinton and George W. Bush did. But relocating the embassy allows the Trump Administration to reinforce that, unlike the Obama administration, it doesn’t consider settlements the key obstacle to peace. Trump will be particularly keen to make this distinction after the US abstention Friday on U.N. Security Council Resolution 2334, which effectively declares illegal all Israeli presence beyond the 1949 armistice lines, including in East Jerusalem. Trump’s transition team has publicly called moving the embassy a “very big priority” and is reportedly exploring the logistics for its new location.

Conflict resolution experts call this tactic a “burning bridges” move, which sends a clear, credible commitment to act. The costs of a move may be high, but the literature on conflict resolution suggests this could prove a strength, not a weakness. As has long been noted by scholars, the perception of a party’s will and commitment is essential to peacemaking. Demands and offers need to be believable, and concrete actions can display a readiness to react.

Though some Arab states may protest, official relations between Israel and its neighbors have never been better as they face down common threats, from Islamist extremism to an expanding Iranian influence. Additionally, the argument that moving the embassy would drive a wedge between the United States and Arab states or Europe is less tenable following the passage of the UN resolution.

As highlighted by a former member of the Knesset, not only does the resolution delegitimize Israeli communities set up on land captured in the 1967 war, but it also designates pre-1967 territory as “Israel proper.” So while the international community hadn’t previously recognized Israeli sovereignty over any part of Jerusalem, the resolution actually commits the world to recognizing the western half of the city as part of the state of Israel, making Trump’s campaign promise more feasible than before.

Critics are right that an embassy move could spark demonstrations and perhaps even other forms of retribution, undermining the shaky Palestinian Authority. But Jerusalem has already faced a wave of violence in recent months, and the potential for future clashes isn’t sufficient cause for delay. For the moment, Palestinian Authority President Mahmoud Abbas would probably be able to control any fallout after emerging considerably stronger since last week’s Security Council vote and the Fatah central party elections earlier this month.

Negative reactions may be dampened if the move recognizes Muslim and Palestinian connections to the city. One small site shows how this might work. On the outskirts of Jerusalem, perched on a hilltop with magnificent views, the Tomb of Samuel is a model of interfaith harmony. Jews and Muslims conduct prayers there simultaneously. Scholars who study sacred sites note that it’s the only place on the planet where a functioning synagogue operates underneath a working mosque. The tomb’s low-density population area and relatively minor religious importance for Muslims have helped to preserve the peace. But strong coordination and dialogue between the local Muslim clerics who administer the mosque and Israeli civil authorities who control the Jewish prayer room there as a national park have also been essential to stability …

To read the full post, click here.


Dear Congress: You Will Not Solve the Attribution Problem by Creating a Temporary Committee to Investigate the DNC Hack

By Christopher Folk

(Re-published from Crossroads: Cybersecurity Law & Policy | Dec. 19, 2016) According to CNBC, the latest news from Washington indicates that long-time senators John McCain (R-AZ) and Charles Schumer (D-NY) are pushing for the creation of a select committee to ensure that congressional focus is directed at investigating the hacking of Democratic Party emails during the Presidential campaign.

“How about this senators: form a committee to determine why cybersecurity hygiene continues to receive short-shrift.”

This is fascinating. Two years ago we witnessed the Office of Personnel Management (“OPM”) as it tried to perform damage control in the aftermath of a large-scale exfiltration that affected upwards of 22M records.  Then, as now, the problem is exacerbated by attribution or rather the lack thereof.  For the non-technical types, attribution is “figuring out who the bad guys were (or are).”  In the case of high-profile incidents such as the Sony Hack or the OPM data breach, we may hear rumors here and there, some coming from unnamed sources, providing cryptic comments such as “most likely the hacking originated from a nation-state” or other such similar verbiage.  What that really means is that either the methods employed or the ability to operated undetected for a given period of time indicates that the level of sophistication required could only have been performed by a large state-based actor with significant resources and expertise (and patience).

So, going back to the OPM data breach, do we know who did it?  There have been the usual suspects but nothing definitive stating where the attacks originated from and who carried them out.  We are talking about sensitive information related to background investigations, very detailed and potentially damaging intelligence that was exfiltrated from within the government itself.  So, we still have not ascertained who was responsible and certainly have not launched public counter-strikes. Even after a lengthy investigation and committee hearings and testimony from OPM personnel, yet we should somehow infer that the DNC investigation will bear more fruit?

When you look at the OPM hearings and see the level of subterfuge employed by OPM to attempt to diminish the magnitude of the breach you begin to realize that these committee hearings become a lengthy and arduous process. In the end these hearings produced reports such as the “OPM Data Breach: How the Government Jeopardized our National Security for More than a Generation” which took only a year to compile and which comes in at just over 240 pages.  In the final analysis after all the hearings, the testimony, and this voluminous report, it still seems that we cannot definitively say exactly “who” did this.  However, we are supposed to believe that if we put together a special “single-purpose cyber committee” whose sole mandate is to investigate the DNC hack and “put focus on it” we will somehow get answers to our questions?

How about this senators: form a committee to determine why cybersecurity hygiene continues to receive short-shrift.  To determine why sensitive data continues to remain unencrypted and transmitted over insecure mediums.  To determine why the human element continues to be the weakest link in the cybersecurity chain and yet we continue to put time and effort into forming committees instead of allocating money to training and educational efforts.  If I thought this “committee” was going to get to the bottom of the DNC hack and tell us once and for all exactly “who” was behind this and develop meaningful recommendations to prevent future breaches then it would seem worthwhile; however that is highly unlikely …

To read the whole article, click here.

Christopher Folk is a candidate (2017) for both a master’s in Forensic Science and Technology (Syracuse University) and a Juris Doctor degree (SU Law). Also a software engineer, Folk’s legal externship is with Chertoff Group company Delta Risk, where he focuses on legal and policy analysis pertaining to US and International cyber law.

Jasper County Allocates Funds for Cyber Assessment: Proceed With Caution

By Christopher Folk

(Re-published from Crossroads: Cybersecurity Law & Policy | Dec. 14, 2016) According to a recent article in the Jasper Sun Times, South Carolina’s Jasper County has recently allocated funds in the amount of $40,000 to hire a company to perform a network threat and vulnerability cyber assessment. On the one hand, it is good to see that a local government is paying attention to issues of cybersecurity and is taking steps to gain situational awareness. However, starting out by throwing money at the problem is not the most prudent nor efficient course of action. While I won’t downplay the effectiveness of network threat assessment and vulnerability efforts, those are but one piece in a much larger and more comprehensive approach to cybersecurity.

“The $40,000 that this county is going to spend on having a network threat assessment performed could be used to actually review the IT systems, controls, processes, and procedures and to understand exactly what PII is stored and where and what access controls are in place.”

This is the problem when the media picks up on buzzwords like threats, assessments, hackathons, vulnerabilities and—now on an almost daily basis—cybersecurity. This is once again an opportunity for the government to both develop and lend some expertise. If you look at the impacts on individuals affected by a cybersecurity breach, and specifically the exfiltration or exploitation of personally identifiable data (PII), then it isn’t much of a stretch to see that this goes directly to the state police power (public health safety, welfare, and morals). Consequently, and minimally, states need to be doing their part to ensure minimum levels of cybersecurity hygiene across entities operating within their states and so too, the federal government should be tackling this issue and providing education and guidance to the public as well as private sectors.

Neither municipalities nor small businesses should be saddled with the burden of having to understand and tackle complex cybersecurity issues. Certainly, applying time and resources to single-point aspects of the problem are not going to provide a good return on investment and one could almost analogize the hiring of a network assessment company to hiring a security guard to surveil a warehouse while failing to require access control for employees/contractors or even implementing background checks. This seems to be part of an ingrained mentality amongst many that “doing something” is somehow better than “doing nothing.” This simply isn’t always the case. The $40,000 that this county is going to spend on having a network threat assessment performed could be used to actually review the IT systems, controls, processes, and procedures and to understand exactly what PII is stored and where and what access controls are in place. The point being that one has to develop a baseline understanding of what assets they need to protect before they can begin to develop the requisite situational awareness necessary to do so.

I hope that other municipalities or small businesses facing similar issues will begin by understanding the cybersecurity issues they may face and then determining which areas require further investigation and exploration. As someone preparing to enter the cybersecurity law and policy field, I certainly don’t wish to preclude any future contracts. However, I would like people to spend their money wisely and ensure that they are applying resources to the entire cybersecurity issue and not merely one small facet.

Christopher Folk is a candidate (2017) for both a master’s in Forensic Science and Technology (Syracuse University) and a Juris Doctor degree (SU Law). Also a software engineer, Folk’s legal externship is with Chertoff Group company Delta Risk, where he focuses on legal and policy analysis pertaining to US and International cyber law.

Fatal Attraction: The International Criminal Court & Politics

By David M. Crane

(Re-published from Jurist | Nov. 30, 2016) Several years ago, I gave a speech in which I stated that prosecutor who does not consider politics and diplomacy in their prosecutorial decision-making is naive. I still stand by those remarks. The basis for the statement was to shift the focus not on the process of prosecution at the international level, but on the victims themselves. I repeatedly told my staff in the Office of the Prosecutor at the Special Court for Sierra Leone that all that we are doing is for and about the victims of the ten-year horror that was the civil war in West Africa.

“The ICC is an institution worth saving. Its supporters must do all that they can to ensure its viability to including its political viability.”

When one shifts this focus to the victims it becomes clear that there are several factors that come into play for an international prosecutor as they consider a prosecution plan to account for an atrocity and to do whatever they can to seek that justice. These factors include the law to be sure, but also politics, diplomacy, custom and practical implications of a possible series of indictments. Within ethical bound of the law, an international prosecutor seeks a just result, free of bias and favor.

International tribunals are creatures of politics. Created from a geopolitical event and products of political compromise, tribunals have political DNA baked into their systems. The bright red thread of international criminal law is politics. Leave out the political dimension in a prosecution strategy and a tribunal may have challenges that could harm the process of accountability for the victims of an atrocity.

Throughout my time in West Africa I took in all of the above factors and focused on politics. Now it is important to understand that this is politics with a small “p.” Most creative statutes for international courts and tribunals have a provision which clearly says that the prosecutor cannot seek favor [PDF] or be influenced by outside entities in their decisions on who to investigate and prosecute.

That is not what we are talking about here. We are talking about engaging politicians and diplomats in an ongoing dialog on what is best for a country, a region and even internationally. Listening to a politician or diplomat’s views on the political situation in the region, seeking their perspectives on what happened to that region shows to the politicians and diplomats that any prosecution plan is deliberative, careful, balanced taking in the political, diplomatic, cultural, practical and legal ramifications of a prosecution plan. Showing local, regional, and international politicians and diplomats a little respect goes a long way in seeking justice for victims of atrocity.

The International Criminal Court (ICC), the world’s permanent court set up to prosecute the most egregious, must always take into consideration the factors discussed above—particularly politics. This important court exists in a political world driven by political considerations. Nation states always consider the political ramifications of their international and national security decisions. When an outside entity threatens that security, a nation-state will react to protect its interests using whatever means necessary, hopefully within the law.

Recent decisions by state-party to the Rome Statute [PDF] to withdraw from the treaty and the paradigm of accountability for victims of atrocity reflects some earlier decisions made by the ICC that have festered into open defiance. This is not healthy for the evolution of the rule of law internationally and justice for victims specifically.

The ICC is an institution worth saving. Its supporters must do all that they can to ensure its viability to including its political viability. The current and former Chief Prosecutors are talented and capable colleagues and friends. They are certainly not naïve. The recent initiative by the current Chief Prosecutor, Fatou Bensoudain issuing her Policy Paper on Case Selection and Prioritization [PDF] this autumn is a step in the right direction …

To read the complete article, click here.

Proposed NY Cybersecurity Regulations: Not Great, But Better Than Nothing?

By Christopher Folk

(Re-Published from Crossroads: Cybersecurity Law & Policy | Dec. 4, 2016) Judith Germano recently wrote an article in Forbes entitled “Proposed NY Cybersecurity Regulation: A Giant Leap Backward?”  We covered these Proposed Department of Financial Services Regulations (“DFS”) in a couple of previous posts—“N.Y. Regulators Consider Cybersecurity Requirements for Banks and Insurers” and “New York: Proposed Regulations for Cybersecurity come up Short”—and some of the insights in Germano’s article are similar to positions that we posited.

“Some forms of cyber harassment can be prosecuted, but it often times depends on the severity of the offense.”

However, our analysis differed in a few key areas.  Germano’s article states that mandates imposed at the state level make things too difficult for businesses, resulting in a patchwork of rules and regulations that vary across jurisdictions.  Germano also argues that this makes it difficult to do business and that trying to keep track of these myriad regulations is fractured and ineffective.

Germano posits that the NY DFS approach is flawed for two specific reasons: (1) it will result in the same scenario we see with breach notification laws, where instead of a single federal statutory guideline, we have 47 data breach notification laws, making it harder for businesses to operate in multi-jurisdictional settings; and (2) cybersecurity is not a one-size-fits-all approach but rather it should be individualized and particularized in order to be effective and feasible.

While I would concur that the situation we are now faced with, wherein there are 47 different breach notification laws, is far from ideal, it is conceivably better than nothing.  While it would be easier for businesses to comply with breach notification regulations if there were fewer (or one national regulation), it would certainly be more harmful to consumers if none existed.  The point is that while enough time has passed for 47 different breach notification laws to have been enacted, there is still no movement on the Federal level. Consequently, without the individual breach notification statutes, we would face a situation where consumers were unprotected, having no breach notification laws whatsoever. While this scenario might be beneficial for businesses it would provide little comfort for those whose personally identifiable information (PII) is, or was, subject to a breach.

Germano’s second point is that cybersecurity has to be individualized and should not apply broadly across all systems. However, Germano also asserts that frameworks created by organizations such as the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC) can be helpful and provide a baseline while acknowledging that there is no single approach that can be applied to cybersecurity across all industries.

So, on the one hand Germano states that a federal approach is the best course of action so that individual states are not legislating in this area.  While on the other hand, Germano advocates for a specialized and particularized application to meet the needs of the specific industry or segment. Any points raised with respect to having sufficient resources to monitor and coordinate enforcement of the NY DFS regulations are countered by Germano’s own argument that cybersecurity should be individualized instead of using a unified approach across all entities. One can only presume that such an approach would require even greater resources since evaluations would have to be conducted at a more micro rather than macro level, thus making a much more resource-intensive process merely to determine which regulations should apply to an entity (leaving issues of enforcement unclear as well).  So too, the process of monitoring and enforcement would then be dependent on the entities regulations, further adding to the complexity of such a scheme. Germano makes the point that while penetration (“PEN”) testing, end-to-end encryption, multi-factor authentication (MFA), and logging tools are valuable, these are not viable options for some companies since it would divert funds that could be used for other security purposes.

I do agree with the overall framework approach and with entities being able to determine which portions of the framework can and should be adopted and applied to their internal IT/IS systems. It is important to have a common scheme from which regulators and companies can operate within …

To read the full blog, click here.

Christopher Folk is a candidate (2017) for both a master’s in Forensic Science and Technology (Syracuse University) and a Juris Doctor degree (SU Law). Also a software engineer, Folk’s legal externship is with Chertoff Group company Delta Risk, where he focuses on legal and policy analysis pertaining to US and International cyber law.

Tara Helfman Addresses Trump’s Conflicts of Interest, FCPA on Commentary

Trump Must Sell Up and Sell Out

By Tara Helfman

(Re-published from Commentary Magazine | Nov. 21, 2016) Now that Donald Trump has won the presidency, one of his transition team’s top priorities should be ensuring that the candidate who came to power on a pledge to drain the federal swamp of corruption and self-dealing is not pulled into the mire upon his inauguration. The problem is not Trump’s wealth per se; America has had many wealthy presidents. The problem is the form of Trump’s wealth.

Not since the early decades of the Republic, when presidents like Washington, Jefferson, and Jackson held fortunes built in part on land speculation, has an American president taken office whose wealth was so extensively rooted in real property. But there is more to the Trump Organization than trophy properties and golf courses. Donald Trump is a brand unto himself, a name that appears on everything from neckties to cologne to bottled water. Donald J. Trump brand eyeglasses (made in China) are available for purchase online. The Trump Winery, located down the road from Thomas Jefferson’s Monticello, produces Trump Cabernet, Bordeaux, and Viognier. All these assets are managed by a closely-held corporation at the heart of which is Trump and his adult children.

So how is the President-elect to manage his wealth while running the nation? During the 1990s, Bill Clinton cashed in most of his securities to avoid a conflict of interests. Other presidents like John F. Kennedy, Lyndon Johnson, and George Bush (both father and son) relied heavily on blind trusts. These presidents had no control over the trusts, nor did they have any knowledge of the assets held in them. And since the presidents had no idea what assets were in the trusts, their decisions could not be influenced by the prospect of private gain.

A blind trust would entail selling Trump’s assets and reinvesting the proceeds in securities, which would be managed by trustees for his sole benefit. Trump would not know which securities the trust contained, rendering it impossible for his administration to engage in self-dealing. Having his children assume control over his holdings would hardly put blinders on Trump’s financial interests. And with Donald Jr., Ivanka, and Eric already hard at work on Trump’s transition team, it seems unlikely that our President-elect will be keeping his children out of politics.

Neither the Constitution nor federal law explicitly requires the president to divest his assets in order to avoid a conflict of interest, but that may be the only meaningful solution available if President Trump is to avoid falling afoul of legal, constitutional, and ethical strictures. For example, Article I of the Constitution prohibits the President from accepting any present or emolument of any kind from a foreign state without the consent of Congress. Depending on how one interprets the word emolument, it is not difficult to imagine how Trump’s ongoing joint golf course venture with a U.A.E. government-controlled enterprise might raise constitutional alarm bells. This is of course not his only foreign holding: SEC filings indicate that Donald Trump owns a direct stake in over 500 companies including many in strategic countries such as Dubai, Egypt, India, Israel, the Philippines, and more.

Furthermore, the Foreign Corrupt Practices Act bars any domestic concern (including business trusts) from making payments, offers, or promises to pay money or anything of value with the knowledge that the payment or promise will be passed on to a foreign official for the purpose of securing a business advantage. No matter how fair the face value of the transaction, any foreign dealings by the Trump Organization’s business trust could be suspect under this provision. Foreign enterprises (and associated government officials) might be keen to do business with the Trump Organization for the sole reason that the leader of the free world is its chief beneficiary. Steering clear of even a perception of impropriety under the FCPA would thus be a herculean task for a business trust run by the President’s own children …

Read the full article here …

Trump Must Sell Up and Sell Out

INSCT Faculty Member Tara Helfman is an associate professor of law at Syracuse University College of Law.

Strong Man, Isolationist, or Something Else? The Trump Administration & the Future of Counterterrorism

By Marc Barnett

Donald J. Trump shocked the US and the world in November 2016 by winning the US presidency. His deft combination of isolationism and “strong man” rhetoric wooed many voters during both the Republican primary and the general election. However, it remains to be seen whether these two opposing ideals can successfully be forged into a coherent, comprehensive foreign policy framework.

“The [American] exceptionalism myth … has the effect of narrowing policy options exclusively to the military realm. By dialing back the exceptionalism myth in counterterrorism policy, the next administration can prevent the elevation of the ‘War on Terror’ to a mythic and martial battle of good against evil.”

The Republican national security establishment spurned, on two separate occasions, candidate Trump, issuing letters denouncing his knowledge and instincts on national security issues. Consequently, president-elect Trump seems unlikely to draw from the “establishment” for his national security and foreign policy team. In light of this debacle, the next administration faces a difficult security situation with terrorism and insurgency rampant in many parts of the globe yet without a coherent strategy nor the experience and expertise of prominent figures who served in the George W. Bush Administration.

With the US-backed coalition seemingly poised to push ISIS out of Raqqa, Syria, and Mosul, Iraq, in the coming months, the most pressing issues for the next administration will revolve around shifting alliances and competing strategies in the Middle East and South Asia. If ISIS continues to lose territory in Iraq and Syria, the Trump Administration will confront the immediate crisis of quelling sectarian violence in a deeply divided Iraq. If sectarian violence endures, another Sunni insurgency, fueling terrorist acts, could easily take shape again, undermining security in the region. In Syria, the entrenched position of the Assad regime may force rebels toward terrorism and extremism. A weakened Iraq and Syria, the most likely outcome, will play right into the hands of a strengthened Iran and Russia, looking for further influence in the region.

American Exceptionalism and the Construction of the War on Terror: An Analysis of Counterterrorism Policies Under Clinton, Bush, and Obama (INSCT Working Paper 2016).
American Exceptionalism and the Construction of the War on Terror: An Analysis of Counterterrorism Policies Under Clinton, Bush, and Obama (INSCT Working Paper 2016).

Furthermore, assuming the aftermath of a coalition victory against ISIS, Trump and his principals must deal with the problem of a de facto Kurdish state in northern Iraq and a strengthened Kurdish identity across northern Syria and southern Turkey. Ankara will likely block any political solution that strengthens the Kurds, which may fuel political violence in the region with President Recep Tayyip Erdoğan decrying Kurdish violence as terrorism. The Trump Administration will then have to deal with the potential of violence among anti-ISIS coalition allies. If the US does not adequately support Erdogan and Turkish concerns, Ankara may look toward an eager Moscow. Russia might then exploit any potential weakness in order to press their interests and influence in the region beyond Syria.

Further south in Yemen, a civil war, increasingly turning into proxy war between Iran and Saudi Arabia, has given Al Qaeda in the Arabian Peninsula (AQAP) more operational capacity by distracting government forces and regional powers. As the war endures, AQAP’s position likely will strengthen and threaten the US and allies in the region; it is not clear, however, whether AQAP has the capacity or capability to attack Europe or the US directly. As the conflict continues, a strengthened AQAP will look to exploit sectarian differences between the Shi’a Houthis and the Sunni regime. Jihadis feeling from Iraq and Syria may look toward Yemen as a potential safe haven, allying with AQAP to stoke sectarian flames.

Turning to Afghanistan, President Trump will have to deal with a revitalized and strengthened insurgency that continues to undermine the perpetually weak and ineffective central government in Kabul. Moreover, the next administration will have to decide whether US, and to some extent NATO, troops will continue to play a role in Afghanistan past 2017, the US withdrawal date set by President Barack Obama. The withdrawal of US troops could lead to the collapse of the current Afghan state. The spread of ISIS to safe havens in Afghanistan and Pakistan also may press the Trump Administration into a more aggressive foreign policy in the region, as Trump will certainly try to match policy with his bombastic campaign rhetoric against ISIS. Rather than drawing down the Afghan conflict, success against ISIS in the Iraq and Syria may prolong military operations in Afghanistan.  In Pakistan, withdrawal from Afghanistan  will certainly have destabilizing effects in the tribal regions, and increased instability in Pakistan and Afghanistan will pressure the new administration into assessing the current drone/targeted killing policy.

Yet more so than any incoming administration in recent years, the Trump Administration presents a number of unknowns in regards to foreign policy. Even though Trump, as a candidate, positioned himself as an isolationist—on matters of trade policy and the future of NATO—the way he advocated for aggressive action against ISIS suggests several possibilities. Firstly, similar to the Bush II Administration, Trump probably will not eschew unilateral action, and he certainly will not wait for allies and coalitions to coalesce before acting. Secondly, he views terrorism as an existential threat to the American people and the American way of life, and he has strongly advocated military action, primarily, to deal with the ISIS threat abroad. At the same time as expressing isolationist tendencies, he wooed supporters with a “strong man” approach to national security and foreign policy, and his supporters likely will hold him to his promise of aggressive action against terrorists both at home and abroad.

Lastly, Trump and his principals profoundly believe in the American Exceptionalism myth, an enduring foundation story about America and its place in the world expressed in the nation’s early years by Puritan John Winthrop and by French diplomat Alexis de Tocqueville, who coined the term. Like many before him, Trump believes that the US is a nation chosen for greatness, a sentiment expressed by his notorious campaign slogan. It remains to be seen how “Make America Great Again” will play out in his foreign policy and, more specifically, the counterterrorism realm, but early signs point to an aggressive and militant zeal in fighting terrorism, similar to the three prior administrations, particularly Bush II.

From my research and analysis of the counterterrorism rhetoric and polices of the William J. Clinton, George W. Bush, and Barack Obama administrations, I propose four recommendations for the incoming administration. For the Trump team to be successful in counterterrorism, I believe that context should be brought to each individual conflict and terrorist group. If a group pledges allegiance or has links to ISIS or Al Qaeda, for instance, their motives should be investigated rather than taken at face value. Oftentimes a terrorist group “joins” with ISIS or Al Qaeda merely to garner support and attention for their own conflict through the exploitation of the Al Qaeda or ISIS “brand.” In fact, most terrorist groups have origins in the unique political, economic, or cultural reality on the ground where they are fighting, and the new administration should acknowledge and formulate their policies based on this reality. This includes a “problem-solving” approach in which the administration pursues political solutions, rather than just chasing military victories. Problem-solving means negotiating a political solution when terrorists and insurgencies have legitimate political grievances. The legitimacy of these grievances can only be fully understood when considering the entire context and history of the conflict, which often has very little to do with anti-US sentiment or radicalized Islam at all.

Next, the future administration should not view terrorism as an existential threat to the United States. The viewpoint that terrorism represents an existential threat has led to a massive expansion of US military presence worldwide, with an aim of fighting terrorists or insurgents anywhere and everywhere. If terrorism is seen as an existential threat, then the US will only be safe when every terrorist is dead—an unrealistic goal. Rather, the Trump Administration should concentrate on terrorist mitigation, prevention, and “problem-solving.” Thirdly, the next administration should resist blaming terrorism on the religion of Islam and on Muslim people as a whole, a belief which is not true and which is dangerous. After all, history has shown that all societies, cultures, and religions are susceptible to terrorism—for instance, the bomb-throwing Anarchists of the 1880s hailed from both Europe and the US.

Finally, it is my opinion that the myth of American Exceptionalism and, as I explain in my INSCT Working Paper, the “War on Terror” rhetoric that it has engendered are not appropriate lenses through which to view counterterrorism policy. The exceptionalism myth, for instance, has the effect of narrowing policy options exclusively to the military realm. By dialing back the exceptionalism myth in counterterrorism policy, the next administration can prevent the elevation of the “War on Terror” to a mythic and martial battle of good against evil. Successful counterterrorism policy must be rational and measured. However, early rhetorical signs from the Trump Administration do not bode well in this regard.

Marc Barnett is an MAIR and MPP candidate at the SU Maxwell School and the Hertie School of Governance, Berlin, Germany. He is a recipient of a grant from the Andrew Berlin Family National Security Research Fund, which funded archival research at the US Library of Congress for his master’s degree project and for the INSCT Working Paper “American Exceptionalism and the Construction of the War on Terror: An Analysis of Counterterrorism Policies Under Clinton, Bush, and Obama.”


Regarding Bruce Schneier & “Understanding the Role of Connected Devices in Recent Cyber Attacks”

By Christopher Folk

(Re-published from Crossroads: Cybersecurity Law & Policy | Nov. 15, 2016) This post specifically discusses the testimony provided by Bruce Schneier, Fellow, Berkman-Klein Center at Harvard University and Special Advisor to IBM Security, in advance of “Understanding the Role of Connected Devices in Recent Cyber Attacks,” a Congressional Joint Hearing on the security of the Internet of Things (IoT) scheduled for Nov. 16, 2016. 

“Schneier’s assertion rests on the premise that in the absence of consumer demand, there is no incentive for manufacturers to deliver more secure and updatable products and thus the government must intervene.”

In October, there was a widespread distributed denial-of-service attack (DDoS) that impacted multiple websites such as the social and payment networks Pinterest, Reddit, PayPal, and Twitter.  The attack leveraged a known exploit and general lack of cybersecurity hygiene in use within the devices commonly referred to as IoT devices.  To cause the domain name service provider Dyn to go offline which resulted in dozens of websites becoming unreachable as hosts were not able to properly resolve IP address to domain names.

Schneier asserts that the DDoS attack essentially recruited thousands or perhaps millions of IoT devices to send traffic to Dyn which caused the service to slow down and eventually crash.  According to Schneier, there are two approaches to effecting such an outcome:

  1. use a high-end multi-node server with tremendous bandwidth to overwhelm the capabilities of the target of the attack (this is a very large effort); or 
  2. using a scale vector to leverage multitudes of devices, each of which has a smaller individual payload that in the aggregate overwhelms the capabilities of the target causing it to crash and go offline.  

The IoT DDoS, then, is the latter model, and in using otherwise innocent systems to work together in a common nefarious goal, the devices are controlled and therein referred to as botnets as active or passive software is used to direct their behavior to a shared purpose.

Schneier highlights the fact that this attack, while an inconvenience, was altogether benign and caused no real harm within the physical realm.  The target was taken offline and websites were therefore inaccessible; however, there were no direct physical impacts.  Schneier states that the distinction is important because the lines between the virtual and physical worlds are increasingly blurred as we leverage and implement technology in several areas, such as medical devices, autonomous weapons systems, water and dam controls, etc.  Therefore, there exists the possibility that an attack could have targeted devices that while technological in nature have a more visceral impact since they directly control physical implementations.

The inherent lack of security in IOT devices is essentially a fundamental market failure per Schneier.  He asserts that the market has placed a lesser emphasis on security and a higher premium on features and interoperability.  Many of these devices lack a secure protocol or medium through which security updates can be verified and applied even when the longevity of many of these devices is significantly longer than standard technology (e.g., a home thermostat has an extremely long expected life; whereas a computer or phone has a much shorter usage cycle).  

This fact is important in many respects, not the least of which is that the exploit used for the IoT DDoS attack is now public and can be harnessed by script kiddies or less technically inclined malfeasor and as such in the absence of a clear path for security upgrades all the IoT devices currently in the marketplace are suddenly vulnerable and highly exploitable.  Schneier posits that this is further compounded by the fact that consumers are indifferent to this issue as they value price over security and the manufacturers have no incentive to bake-in additional security protocols as this would merely represent a cost and impact to the bottom-line that could not be offset by higher pricing models since the current marketplace is placing a zero premium on security features.

Having addressed the issue, Schneier states that the most viable solution is to impose government regulations similarly to the model used for pollution controls (namely government must take action to force implementation). Schneier’s assertion rests on the premise that in the absence of consumer demand, there is no incentive for manufacturers to deliver more secure and updatable products and thus the government must intervene.  This control could be done in one of two ways: either by imposing liability on manufacturers for harm caused by their devices when used in attacks for instance, or by enforcing a floor that represents minimum security standards.

Schneier then goes on to say that the government must also resist the urge to weaken the security of any computing device based upon a request from law enforcement (e.g., the FBI).  Stating further that weakening encryption, for instance, would make attacks easier and more damaging and will cause greater harm to society than any benefit that may be provided to the FBI.  This assertion seems somewhat of an aside and is not strengthened by any particular assertion nor any argument beyond pure rhetoric …

To read the full blog, click here.

Christopher Folk is a candidate (2017) for both a master’s in Forensic Science and Technology (Syracuse University) and a Juris Doctor degree (SU Law). Also a software engineer, Folk’s legal externship is with Chertoff Group company Delta Risk, where he focuses on legal and policy analysis pertaining to US and International cyber law.