Dhimmitude, ISIS and the AUMF - Part 2
Turning now to Jack's most recent article, What is the Domestic Legal Basis for Planned Cyberattacks in Syria? (by Jack Goldsmith, February 25, 2014):
The rest of Jack's article takes up each of the possible bases for Presidential cyberaction and shoots all of them down, except one (of which, I was not aware). Here are his points, base by base.David Sanger reports [NYT: Syria War Stirs New U.S. Debate on Cyberattack] that the Pentagon and the NSA planned a sophisticated cyberattack aimed at “the Syrian military and President Bashar al-Assad’s command structure” that “would essentially turn the lights out for Assad.”
He also reports that President Obama declined to go forward with the attacks then or since because of uncertainty about the proper role of offensive cyber weapons and worries about retaliation. Sanger suggests that the use of these weapons in Syria is now back on the table.
...
A final note. Sanger says: “Because he has put the use of such weapons largely into the hands of the N.S.A., which operates under the laws guiding covert action, there is little of the public discussion that accompanied the arguments over nuclear weapons in the 1950s and ′60s, or the kind of roiling argument over the wisdom of using drones, another classified program that Mr. Obama has begun to discuss publicly only in the past 18 months.”
I am not sure what this means. The NSA does not always operate under the covert action statute, but assuming it is here, that statute is no bar to public discussion. Rather, that statute says that if the President intends an action abroad to remain unacknowledged, he has to follow certain procedures (like making a finding, reporting, and the like).
The covert action statute is not why programs like the one Sanger discusses cannot be talked about publicly. What prevents public discussion of such programs is classified information rules backed by criminal and administrative sanctions—rules and sanctions, one should note, that were ignored by the people who spoke to Sanger for this story.
Article II Authority
AUMF and Title 50 Statutes[If] the attacks lack congressional authorization ..., the case for the President’s inherent Article II authority to order such attacks in this context is weak, even under Executive branch precedents. The argument is weak for many of the same reasons the planned missile attacks in Syria last summer were weak. I laid out my views on that issue here and here. I will not repeat those points in detail, except to say that even under the Executive branch’s view of Article II, the President must articulate a strong national interest before using force.
And as I said in another post last summer, it is a stretch to say that the United States has an adequate national interest justification under prior executive branch opinions because
I would add that the Stuxnet cyberattack in Iran is not much of a precedent for a cyberattack on Assad’s forces because the President’s Article II powers are robust when it comes to self-defense, and the self-defense argument in Iran is colorable but against Assad is not. For this reason, I think the cyberattack in Syria that Sanger describes could not be justified under Article II without exceeding the scope of presidential war power beyond past Executive branch precedents – at least the precedents we know about.“(1) neither U.S. persons nor property are at stake, and no plausible self-defense rationale exists; (2) the main non-self-defense U.S. interest that the Commander in Chief has invoked since the Korean War to justify unilateral uses of force – upholding the integrity of the U.N. Charter – appears . . . to be disserved rather than served by a military strike in Syria; and (3) a Syria strike would push the legal envelope further even than Kosovo, the outer bound to date of presidential unilateralism, which at least implicated our most important security treaty organization commitments (NATO).”
NDAA 2012But need the President rely on Article II? Might there be statutory authority? The AUMF cannot help in this context.
Nor, I think, can the President rely on the covert action statute, 50 U.S. Code § 413b for authority to conduct these attacks. There is a rarefied debate about whether and under what circumstances Section 413b provides independent authority for the use of force abroad. It certainly says nothing on its face about independent authority to use force, and my own view is that it could not independently support the significant use of force that Sanger describes.
(If it does provide such support, then Congress has given the President super-broad authority to start wars covertly against nations that do not directly threaten us.) There is also the tricky issue whether the covert action statute would even apply in this context , since the operation might be a “traditional military activity” excluded from the definition of covert action by Section 413b(e) of Title 50.
One might also think that the President could glean the authority for the Syrian cyberattacks from 50 U.S.C. § 403-4a [JMM: Section 403–4a, comprising section 104A of the National Security Act of 1947, act July 26, 1947, ch. 343, was editorially reclassified as Section 3036 of Title 50], which includes the CIA’s famous “fifth function.”
I doubt that provision would suffice here on its own terms, but in any event it is at best an authorization to the CIA and Sanger says this operation is [was to be] done by DOD and NSA.(d) Responsibilities
The Director of the Central Intelligence Agency shall—
...
(4) perform such other functions and duties related to intelligence affecting the national security as the President or the Director of National Intelligence may direct.
A "broad authorization" indeed; and one of which I was blissfully ignorant.But the President need not rely on these statutes. Instead, in planning this attack, his lawyers probably relied heavily on § 954 of the National Defense Authorization Act for Fiscal Year 2012, which provides:
Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to—
(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and
(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).
This seems to me the best statutory hook for the planned Syrian cyberattacks, especially since it “affirms” that the President may conduct “offensive operations in cyberspace to defend our Nation, Allies and Interests.” That is a broad authorization indeed.
Not to claim complete Pollyannahood, I've always believed that, if the situation required it, the Presidents during my lifetime have acted (or in hypothetical situations would have acted) as though Congress had actually given them this "make believe" authority:
Of course to me (as I said repeatedly last summer), Syria is not such a situation - as to which, others differ (and we can fight politically on that point).Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations throughout the World to defend our Nation, Allies and interests, subject to—
(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and
(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).
Regards
Mike
Bookmarks