The Council on Intelligence Issues* held a seminar on “Intelligence Operations in a Digital Age” this week. The discussion covered many current issues, but lingered on couple of looming problems with no satisfactory answers aired among a broad group of senior former intelligence officials,

Peacetime Offensive Cyber Operations. The first had to do with offensive cyber operations. There is an ongoing debate about whether such operations should be conducted under defense department authorities (Title 10) or intelligence authorities (Title 50). This has implications for who has oversight in Congress (Armed Services or Intelligence committees) and what authority process and chain of command is required within the administration. That’s complicated but manageable (the debate of drone strikes aired this in the Obama administration).

But what struck me, as a real problem, is that while cyber operations against countries like Iran, North Korea and even Russia and China may be preferable to kinetic operations, the US has a marked asymmetrical weakness.   If we hit them, they can respond by hitting US commercial systems. Iran has demonstrated this ability by hitting US banks some time ago. As a policy matter, will the USG conduct a cyber operation against an adversary (e.g. as a response to attacks on allies shipping in the Gulf) when the response may cause the private sector hundreds of millions and undermine confidence in US systems (esp. banking)?

Moreover, when the favorite US policy “stick” of choice—sanctions—is applied, those on the receiving end could logically respond with their own cyber operations against US private industry. This can be a powerful deterrent. Iran seems to be thinking along these lines. Others, like Russia may do the same—especially if such cyber responses can be cloaked with reasonable deniability.

Defining and determining what’s real. More troubling was consideration of the problem highlighted during the last US presidential election, i.e. foreign efforts to shape voter actions in the US elections. This is a logical extension of the long history of covert actions by various countries to shape outcomes, but combined with the ubiquity of Internet communications today, is a huge problem. With technology offering the opportunity to create false stories and images that are very difficult for average people to distinguish from reality, shaping decision-makers (voters) can be accomplished with remarkable success. Classically, the chief problem in covert action operations is measuring whether the action does in fact have the desired affect. Today, if a country can systematically target stories to select types of voters and gain access to daily tracking polls (or even design their own surrogate) they can have as much if not more affect in shaping election outcomes as the major political parties.

To save the United States from this paralyzing phenomenon, shouldn’t someone be able to, in near real time sort fake from real? There are two very difficult problems: One, technically it takes time and an offensive operation could flood the US with a large number of targeted stories (think of the algorithms that target you with customized ads to your email account).   The second problem is who would do (police) this and why would we trust their judgment?

At the seminar amongst intelligence alumni, the thought was whether the intelligence community (IC) could do this. In principle, it seemed possible given the time and resources. But who would, trust the IC? In my own experience, the IC lost enormous credibility when it got the Iraq WMD estimates badly wrong. In producing the so-called Duelfer report afterwards, I took several steps to try to overcome this, including making the entire report unclassified, including all the background data, and not writing an executive summary. The idea was that an independent reader could consider the data and come to their own conclusion. This was successful, but it was a static case.

A rolling set of stories and data coming in all over the country to various subsets of American voters can not be evaluated and judged in realtime—especially as election day approaches.

Is there another part of the government that could perform this function? I doubt it. Could the companies that current owe their vast wealth and market dominance to their ability to shape messages to consumers provide this service (Google, Facebook, etc)? Possibly they could have the expertise, but the task is labor-intensive and who would trust them? Could journalists do this? They don’t have the resources other that in select cases, and which journalists would you trust—the range of quality and objectivity of individuals who identify themselves as journalist varies wildly.

These are two major problems for our country—especially the second. And the government is not designed to address them. In fact, the fractious political environment seems to make this a major problem no one will wish to raise. It calls into question the outcome of any election—no matter who the winner is.

*The Council on Intelligence Issues provides a critical and unique function for former intelligence (largely CIA) officers—providing post government legal assistance. Unlike virtually any other government employees, former CIA officers can be subject to post-government legal actions that stem from their performance of their jobs. This is one of the reasons for officers to retain their cover even after leaving the service. They can be sued, warrants issued for their arrest, and otherwise attacked—even by their own countrymen. Government legal assistance to former officers may or may not be available, and even if it is, the government’s interests and the individual’s interests may not be aligned.  Incoming officers rarely hear about this type of risk to them and their families the vagaries of political correctness in the world evolve.  Current actions can be judged by some future set of standards that are unforeseeable now.

Beyond a “thank you for your service” you can be left on your own.