The Complex

Here are the U.S. China Commission's cyber recommendations

The U.S. China Economic and Security Review Commission came out with its biannual report today and as expected it had a whole section dedicated to China's efforts at cyber, espionage, intellectual property theft and military capabilities.

While most of the report's contents on Chinese cyber efforts recap what has appeared in the media over the last few years, it does make three recommendations for action -- the last of which urges congress to revisit the effectiveness of laws banning industrial espionage. As we all know, senior U.S. defense officials have been warning that China is stealing incredibly large amounts of intellectual property from American businesses every year via cyber espionage.

Here are the commission's recommendations:

 

  • Congress should order a DoD report on how the Pentagon's buying regulations allow it to ban foreign products for use in weapons "where there is a concern as to the potential impact of cyber vulnerabilities."
  • "Relevant Congressional committees" should conduct an in depth assessment of Chinese cyber espionage practices and report the findings in an unclassified format.
  • "Congress should conduct a review of existing legal penalties for companies found to engage in, or benefit from, industrial espionage."

National Security

When can the FBI read your email?

We've all read about the process that revealed former CIA director David Petraeus' affair with Paula Broadwell: The FBI began looking at Jill Kelley's emails after she complained about receiving anonymous electronic threats (and possibly info about generals at U.S. Central Command headquarters). Investigators traced the threatening emails to Broadwell's IP address. Agents realized both Broadwell and Kelley had ties to the nation's top spy and got Broadwell to confess to being his lover. At that point, they searched her computer and email where they actually found Petraeus' messages in a Gmail account he shared with Broadwell, as well as classified documents.

But what exactly allows the FBI to look at all of a private U.S. citizen's electronic communications?

Basically, if a field agent believes that a crime -- harassment, for example-- might have been committed over email he or she will start by looking at the threatening messages and possibly more in the victim's email account. If it appears that there's more evidence to suggest a crime or the possibility of a crime in progress, the agent will seek a subpoena from a local judge allowing him to monitor the emails of the person sending the electronic threats.

"If they can say with some confidence that it's a potential crime, they can probably do some preliminary work on their own without too much difficulty," Stewart Baker, an attorney who specializes in telecommunications law at Steptoe and Johnson, told Killer Apps.

"In order to get access to the account information, what I would do if I were investigating this is, I would start by saying, I don't need to read this person's emails, I just need to know who's logging onto this account, what IP address they have, look for other information about that IP address and what other email addresses is this IP address logging onto -- so that you can start to see a pattern. They can do that without reading any of Paula Broadwell's emails," said Baker, who also served as assistant secretary of homeland security for policy.

Once agents figure out who their suspect is -- Broadwell in the Petraeus affair -- they will want to actually read the emails being sent by the suspect; for that they would likely need a search warrant. That warrant to search through the contents of the emails could be issued by a magistrate or, possibly by a Foreign Intelligence Surveillance Act court, according to Baker.

"To read the most recent emails, they would [potentially] need to get a search warrant; which means there should be a search warrant justification somewhere, signed by a judge, saying there's probably cause to believe there's evidence of a crime -- presumably the same crime as before, harassment and threats," said Baker. "It's not hard to get probable cause if you can show that the IP address that was logging on to the account that sent the harassing emails is the same IP address that used the other account [between say Petraeus and Broadwell] so you ought to be able to access the other account so you can read the mail and you're there."

The risk that someone could have used Petraeus' affair with Broadwell to try to blackmail him into giving up secrets provides further justification for digging around in Broadwell's email -- as does the fact that investigators found classified information on her computer (that did not come from Petraeus) and they had to find out where those documents came from.

Wikimedia Commons