There’s a lot of confusion and disagreement over how the government should manage two increasingly important techniques of waging war: drones and cyber-activities.
President Barack Obama’s current counter-terrorism adviser and nominee to head the CIA, John Brennan, says the drone operations should be largely shifted from the CIA to the Pentagon. Some lawmakers want to create a special new court to review targeted killing operations. Meanwhile, Congress has repeatedly failed to agree on how to build cybersecurity domestically, and there is no consensus on what laws should control offensive cyber-operations.
Let me suggest one overarching principle that could help us bring these new ways of war under better control.
Congress should write a new law putting both drone operations and offensive cyber-operations under the same rules that now govern covert operations by the CIA. That law has two key features: a formal decision by the President, called a “finding,” and notification of a small group of members of Congress.
That law has worked pretty well since it was first enacted in 1974. Presidents have to be persuaded that the operation is well-designed and important to carry out, and Congress is informed so that it can exercise oversight on behalf of the American people. On occasion, covert actions have been modified or cancelled in response to congressional concerns. This kind of oversight is better than what a court could do, because courts judge only issues like due process, not the strategic and political factors that routinely confront the executive and legislative branches.
Right now, drone operations are conducted in a crazy bifurcated system. Those done by the CIA are regularly reviewed by the intelligence committees. Those done by the Pentagon are reportedly eventually briefed to the congressional defense committees, but there is no regular and required process as there is for the CIA operations.
The situation becomes especially murky when both the CIA and the Pentagon are conducting drone operations in the same area, as in Yemen, or when the CIA and the Joint Special Operations Command work together, as in the bin Laden raid. The Pentagon operates under laws called Title 10 of the U.S. Code, while the CIA is controlled by the war powers provisions of Title 50. What we need is a “Title 60” to bridge the gaps.
Otherwise, a devious executive could assign tasks to the Pentagon precisely to escape notification and oversight. Or the compartmentalization that necessarily surrounds sensitive operations could lead to conflicts in the field.
There are always risks of leaks when the circle of knowledgeable officials widens. But even in the case of the bin Laden raid, where the secrecy held, CIA Director Leon E. Panetta notified the intelligence committees in a general way months in advance.
The case for a “Title 60” process for drone operations is even stronger if the administration adopts Mr. Brennan’s suggestion to move most CIA drone operations to Pentagon control.
Offensive cyber-operations would also be best handled under a similar legal process. CIA-run operations are already covered, but the Pentagon has created a new Cyber Command that could carry out large-scale cyber operations. And the administration has reportedly concluded that the President has broad power even to launch a pre-emptive cyber-strike to thwart an impending digital attack from abroad.
If the circumstances are that dire, I suppose most Americans would support such an action. But the way to limit abuses, and be sure that there is careful consideration beforehand and accountability afterward, is for the President himself to make the final decision and for a designated group in Congress to be notified as soon as possible.
If Congress ever resolves its disagreements over domestic cybersecurity and passes some kind of law, I hope it also would include a provision requiring congressional notification and oversight if the President ever chooses to use special authorities to compel compliance with security directives.
Do drone and cyber-operations have to be reported to Congress every time? Will a reporting requirement prevent timely action?
The concerns are overblown because the experience with CIA covert operations has worked in practice, despite occasional complaints.
And the frequency issue can easily be solved by a simple rule: if the President has to decide under the executive branch’s own rules, then the matter is important enough that the Congress should be notified.
As technology provides new ways of fighting and killing, we need to modify our rules and processes to guarantee accountability and oversight. These are political questions, not legal ones, and they should be settled by the two political branches.
Charles A. Stevenson is the author of America’s Foreign Policy Toolkit: Key Institutions and Processes (CQ Press, 2012). He teaches at Johns Hopkins’ Nitze School of Advanced International Studies.