Former Deputy Attorney General James Comey (left), alongside President Barack Obama (center) and outgoing FBI Director Robert Mueller (right) at Comey’s nomination to become the Seventh Director of the FBI. Photo Credit: Federal Bureau of Investigation
For the past six years, the Aspen Institute has hosted a summer security forum in my home state of Colorado. I’ve attended countless security forums and conferences over the years during both my time working for the government and in my follow on career as a writer, but I consider the Aspen Security Forum one of the best for a couple of reasons.
First, the lineup of speakers and presenters is unrivaled and consists of not just senior but the senior heads of key government agencies, as well as prominent journalists from print and broadcast media who keep the speakers on there toes.
Second, for most conferences, the speakers show up shortly before they go on stage and then leave immediately after. At the Aspen Security Forum, many of the speakers spend the entire week hanging out at the conference with the attendees. That gives you plenty of opportunities to walk up to them and discuss issues they may not have had time to cover during their presentations. For the most part, I’ve found everyone is very approachable and candid when responding to questions.
Clark Ervin, head of the Aspen Institute’s Homeland Security Program, set the tone for the forum in the conference brochure:
Generally, there is the feeling that, at best, America is managing the chaos – that we are not even “leading from behind” anymore. We seem to be doing just enough in trouble spot after trouble spot to prevent catastrophe, but not enough to influence events in our favor anywhere.
The campaign of 2016 is now just getting underway, and so it is understandable that national security issues are not yet front and center. All the candidates make the ritualistic pledges to “be tough” or “stand tall” in the world, but none has yet made a central theme of what must be the overriding national security imperative in the next four years- restoring America’s leadership in the world. Over the course of its short history, the Forum has helped to shape the national security agenda. If then, I have a hope for one overriding theme for this year’s Forum, it is that one.
Not surprisingly, cybersecurity and terrorism were the two topics that dominated the week. China and Russia were also prominent themes. Of note, Sergey Kislyak, Russia’s ambassador to the U.S., was in attendance for most of the week. The approach I’m taking in reporting on the forum is to write a series of blogs on what jumped out at me each day, starting with the talk by FBI Director, James Comey, on the Forum’s opening day Wednesday, July 22. The moderator for the session was CNN’s Wolf Blitzer.
Some of the key points Comey made were:
- He considers the Islamic State in Iraq and Syria (ISIS) a bigger threat than Al Qaeda. Specifically he worries about ISIS’s threat to the homeland and what he cannot see. He likened it to looking for needles in a nationwide haystack. A lot of those needles are invisible either because of the way they have or have not communicated.
- Comey also stated that ISIS operates in a different manner than Al Qaeda making extensive use of social media to “crowd source” terrorism:
They have invested, about the last year, in pushing a message of poison primarily through Twitter but other parts of social media that is a siren song with two dimensions — they are preaching through social media to troubled souls urging them to join their so-called “Caliphate” in Syria and Iraq, or if you can’t join, kill where you are. And Twitter is a valuable enterprise because it works, to sell shoes or to sell ideas, it works to sell this message to troubled souls.
- Comey provided some interesting insights to illustrate the scale of investigations ongoing in the FBI:
The FBI has investigations related to this threat all across the country. There are hundreds of investigations. We’re trying to understand where somebody is on the spectrum of a consumer of this poison on Twitter, to an actor who’s about to try and murder innocent people, and evaluate where are they on that spectrum. We have hundreds of people we’re looking at on that spectrum.
The [ISIS] tweeters in theory have 21,000 English language followers. Hundreds of those people, probably thousands, are in the United States. So our job in the law enforcement community is figuring out so who are they and where are they along this line from consuming to acting. And that’s why this is our dominant threat that we face today.
- Mr. Comey said there were two stumbling blocks to his ability to track the activities of ISIS:
The first is the technological one. [ISIS]’s m.o. is they broadcast on Twitter, get people to follow them, then move them to Twitter direct messaging while they evaluate whether they’re a potential liaison either to travel or to kill where they are. Then they’ll move them to an encrypted mobile messaging app where they go dark to us. And so that’s what I mean by the needle becoming invisible. We can with court authority, get access to the Twitter contacts but we don’t have the ability to break strong encryption. And so if they move to the mobile messaging app we’re going to lose them, so that’s a huge worry.
As I understand it, at the heart of the encryption issue is the way private industry is designing encryption devices. Without having access to an encryption key, you can’t access the data being passed over the network. At the center this is a debate over two issues, namely privacy and national security. One of the continuing mantras over the week was the necessity for a government/private industry partnership to solve this and other cyber-related issues. When addressing this topic, all of the speakers emphasized this point while stating that the government did not want to dictate solutions. On the encryption issue, Comey noted:
I can picture the end state we need. We need judges orders to be complied with. Now, how to figure that out, lots of people, smart people, tell me, oh, it’s too hard. I don’t buy that. I don’t think we’ve tried hard enough yet. If we recognize that we all share the same values, I think smart people can figure out how to do it. And it may not be the same for every company, right. The goal of the government is clear — we need to with the right showing to a judge be able to get access to the information in those targeted individual cases. How a company does it may depend upon the company’s business model, right. There are companies out there now that encrypt their data-in-motion and are able to comply with judges’ orders because they see the content of the communication because it’s part of their business model. We need to figure out how to achieve the end goal, but the government will not be telling people this is the way you ought to do it, because we don’t know their business well enough or their technology.
I asked Comey if he had seen instances of terrorists planning or using cyber as a weapon to attack. He responded:
The answer is some. And we’re picking up signs of increasing interest. And logic would tell us that as we’ve made it harder and harder for human beings to get into our country to do bad things, that they will hit upon photons entering our country to do bad things, but not in the main. So it’s a small but potentially growing problem.
Think I’ll end here. More to follow in the next few days.