The federal government is very concerned about cybersecurity these days. America faces a real potential threat to its infrastructure, company trade secrets, and military defense systems through malicious online activity. But, who would have thought defense lawyers also needed cybersecurity protection from government intrusion into their networks? This is not another revelation from Edward Snowden about the NSA’s surveillance capabilities, but the NSA does have its hand in this story too. Hearings on Sept. 16-20, 2013, addressed this very real threat to client confidences by the government in the capital case against the five alleged 9/11 co-conspirators. In fact, the government has so intruded on the attorney-client and work product privilege that defense lawyers asked the military judge to abate proceedings until their IT system is free from the government’s roaming eye.
Trustworthiness of The IT Network
Until late December 2012, defense lawyers in the Guantánamo (GTMO) military commissions system believed they could use the IT network they share with the Department of Defense (DoD) — the employer of many commission defense lawyers and the part of the executive branch responsible for prosecuting the case — and comply with their ethical obligations to reasonably protect client confidences. That is, defense lawyers thought they could use this network until the government attempted to replicate files between the District of Columbia and GTMO and in the process lost nearly 7 GB of data, including defense files containing mitigation investigation notes and potential witness and expert resource files. The government contends that the files are not “lost” but instead are “missing.” Files of detailed counsel to Khalid Sheikh Mohammed, Major Jason Wright, were sent to someone at another agency. To date, some privileged and confidential files remain missing. The Walid bin Attash defense team has yet to recover more than 50 investigation files. The government restored other files, some with modification dates different from the actual dates counsel had accessed them. There was even an instance when prosecution files were placed on the defense drives.
Subsequently, in late March, there was a near-disclosure of over 500,000 defense emails to the prosecution in a different military commission case. This is the first known intrusion into defense files. The breach resulted from an Investigative Search Request in the al Qosi case for emails between defense lawyers and prosecutors in that case. In light of the massive data dump, the government used a “privilege review team,” without notice to the chief defense counsel, whose members were unknown to the defense lawyers and were outside of the defense privilege, to review the email hits for privileged information. DoD is working to implement a system in which defense emails are “turned off” and must be “turned on” to conduct a search. The chief defense counsel is supposed to be notified before the switch is turned on and the results of the search should go to the chief defense counsel or her designee within the privilege to review for privileged information. But this does not address the real issue — a third party has the ability to search through protected defense emails.
Further, defense lawyers discovered that their Internet usage was being tracked in close-to-real time by the government when a DoD IT staff member approached a defense consultant and asked about his search for open source information. This has happened more than once, even though the individuals were “engaged in the creation and study of work product” as directed by the lawyers. In fact, all systems connected to the DoD network are monitored, including the name of the user, the location of the user, the Web addresses accessed, the search terms used, and the duration of time spent on a site. A computer collects this information in real time. All of this information can reveal work product or privileged information. A human is then notified if the computer detects something suspicious, constituting a potential breach of client confidences. The chief defense counsel concedes that using the DoD system will require some monitoring to preserve the security of the network, but she argues the monitoring should be conducted by someone within the privilege.
Following these technology breaches, in April Colonel Karen Mayberry, the chief defense counsel to the commissions, issued a directive to the defense lawyers prohibiting their use of the DoD network for privileged or confidential communications or the production of work product. Hearings set to take place in April were continued due to the IT issues. Since then, the defense lawyers have been operating with “one hand tied behind their backs,” as learned counsel David Nevin said to Judge Pohl during oral argument on the motion to abate.
The Starbucks Method
Instead of functioning in a traditional way — using an office desktop computer to draft and save files to that computer or the office’s shared drives, and sending emails to colleagues and performing Internet research — some lawyers have invoked the “Starbucks Method” of sending privileged and confidential communications. Currently, some defense teams use personal computers to draft documents and communications — outside of the office because personal computers are not permitted in a secure office — then they seek out an outside wireless connection (such as from the local Starbucks) and send these documents on that wireless system instead of the breached DoD network. They are also using external hard drives to save their information rather than the DoD-provided computers. This system can take up to five times as long as it would take to use the DoD network. The lawyers acknowledge that it is not ideal to be dependent on the security of an outside wireless server over the security of the DoD servers, but at this time they feel it is “the best bad option” they have to protect the privilege, as learned counsel Jim Harrington put it.
To their credit, the defense lawyers worked under this system for over five months — defending their clients in a death penalty case — before moving the commission to abate proceedings, taking the government’s word back in June that the situation would be remedied within 45 days. According to defense counsel, the problems have only exacerbated over the past three months and they have no other choice but to ask the commission to continue proceedings until they are able to effectively represent their clients in this digital age.
The standard is reasonableness. What is now reasonable in light of this summer’s NSA revelations and three days’ worth of testimony on the government’s control over the defense’s IT network? Prosecutors in the case suggested that encryption of emails and defense files may easily solve the problem, but during his testimony government witness Brent Glover, team leader for the Washington Headquarters Service Identity Protection and Management team, revealed that the NSA is the holder of the DoD encryption keys the government provides to the defense lawyers! If lawyers do not trust DoD, suggested government witnesses, the defense lawyers can use encryption software from one of three DoD approved vendors, such as VeriSign, to communicate with each other or non-DoD contacts. No one asked if these vendors supply the DoD or NSA with their encryption keys, but media reports following the Snowden leaks suggest that many private companies have agreements with the government to share encryption keys or create backdoors into their encryption software. Other reports indicate that the NSA has become very good at cracking encryption. How can the lawyers ever be sure the government is not reading their emails, scanning their Internet searches, or opening their files? They can never be 100 percent sure, but the standard is reasonableness. David Nevin asked, “Are we supposed to say the NSA is omnipresent so let’s just give up on security altogether?”
Looking for a Way Forward
Colonel Mayberry testified and seemed to approve of a way forward to remedy the situation and get the lawyers back online. She understands the need to protect the security of the DoD network, and she understands the need to protect client confidences. There is a balance to be struck and Colonel Mayberry suggested that including tech specialists within the defense privilege, to guarantee the security of the network and to hold the encryption keys, may be a strong first step in the right direction. A more secure move ahead would be to give the Office of Chief Defense Counsel its own server, much like the setup of the DoD Inspector General’s Office.
As with most things at GTMO, this issue would never come up in a civilian federal court. Federal public defenders are not forced to share an IT network with the Department of Justice, nor are their computers subject to security breaches by nonprivileged personnel with legal access to the network. In fact, in the Southern District of New York, defenders work from a closed system maintained by their office.
The prosecution suggested that the entire military justice system faces the same ethical conundrums because all branches use the DoD network. Prosecutor Ed Ryan pointed to the Bradley Manning and Nidal Hasan cases and asked whether lawyers in those cases were also in violation of ABA Rule 1.6. Colonel Mayberry made clear that the lawyers in those cases did not have 500,000 emails seized, experience disappearing files, or suffered other mass intrusions of the privilege. Yes, the government could potentially see emails and files of all lawyers who practice in military courts, but until December that was a hypothetical for the GTMO defense lawyers.
Colonel Mayberry wants to be convinced that the system provides minimal safeguards, not routine disclosure to nonprivileged individuals, before she lifts her directive. While ethical decisions are within the sole discretion of each lawyer, the lawyers agree with Colonel Mayberry’s directive. Prosecutor Ryan suggested that Colonel Mayberry’s order may simply be a delay tactic, but David Nevin pointed out that there has already been substantial delay in this case at the hands of the government — three years of delay due to the rendition, detention, and interrogation program and four years between dismissal of the commission charges in 2008 and arraignment in 2012.
In addition to privilege concerns, Jim Harrington says this latest debacle affects the relationship they have with their clients. The history of the case over the last year has revealed monitoring at defense tables, other agency access to the courtroom, and smoke detectors that act as listening devices. The lawyers have to tell their clients that there is some validity to the system and they cannot do that now. “It’s pretty apparent that the one that we have is terrible.” Learned Counsel Cheryl Bormann argued that with missing investigation files it is difficult to submit her theory of defense for the judge to consider in making classified discovery determinations and nearly impossible to present substantive and zealous arguments. She said the current system disables her client. Lieutenant Colonel Sterling Thomas put it this way: the defense is “stuck with a bolt-action rifle that hardly works, in a modern age, fighting the most complex case in American history.”
Throughout the week, there were underlying suggestions by the government that cases involving classified information should be treated differently. That monitoring would be required in addition to the procedures that are already in place that govern access to classified information only in specifically designated places, just like in civilian trials. This is not about cybersecurity and it is not about classified information. It is about protecting government secrets in a system designed to keep them. The government must intrude on the secrets of the defense to ensure that its own secrets will not be revealed. One lawyer suggested that the government should treat privileged information the same way it treats classified information and we would not have this problem. But, at the end of the day, as David Nevin said, the lawyers have an obligation to protect privileged information under the Sixth and Eighth Amendments to the U.S. Constitution, and they cannot practice law under the current system.
On Oct. 1, 2013, Judge Pohl denied the defense motion to abate proceedings. He “ruled that the defense use of the information technology system is ethically reasonable, given Department of Defense plans to improve the system.”1
- Jane Sutton, Computer Problems Won’t Halt September 11 Hearings at Guantánamo, Judge Rules (Chi. Trib. Oct. 1, 2013), available at http://www.chicagotribune.com/news/sns-rt-us-usa-guantanamo-20131001,0,563405.story.