OPINION:
Hacking is today’s growth industry. The numbers are staggering. Thirty-two million users of the Ashley Madison sex-sharing website were exposed. Home Depot lost 56 million accounts; Anthem, 80 million; JP Morgan Chase, 76 million; eBay, 145 million; Sony PlayStation Network, 77 million; and TJ Maxx, 94 million records. All of these hacks have caused massive disruption to the targeted organization, legal liability for cyber-negligence, and anguish to consumers.
The U.S. government also is under siege, and along with it the intelligence community (IC), which is a priority target. The recent hacking of the Office of Personnel Management likely exposed the identities of some current and former IC employees. That data breach alone is unlikely to have compromised all IC employees. But when face recognition methods, sophisticated big-data techniques and cross-indexing of multiple data bases such as consumer, insurance or state records, are woven together, it is reasonable to expect most former and even current IC employees eventually will be identified. And when that happens, their identities undoubtedly will be published on the Internet for everyone in the world to see. Then what?
As the information leaks out, the standing army of hostile intelligence community watchers overseas and in the United States will be ready to file lawsuits against individual IC employees or retirees for every type of criminal act and tort they can dream up, no matter how misguided. At the individual level, principles of national jurisdiction guarantee that practically all espionage activities are a violation of the national law where they take place. Generally, there is no immunity for secret agents, although on occasion the acts of an agent have been equated with the national acts of his sovereign and considered sufficient grounds for quietly dropping the suit. But the Internet is making espionage more visible. Counter-espionage, in a sense, has been crowd-sourced to a self-organizing network of watchers worldwide.
Indictment of intelligence officials is not new. Once espionage is uncovered, it is difficult for a prosecutor to resist public outrage by refusing to take action. Prosecution of U.S. intelligence community members is rising in foreign courts. In June, 13 CIA officers were indicted in Italy, and convicted in absentia in July. After all, extraordinary rendition is a casus belli and violation by a nation-state of international law. Now these IC officers no longer can travel to any country that has an extradition treaty with Italy. In February 2007, Italy indicted another 25 supposed CIA agents. In January 2007, Germany issued arrest warrants for 13 CIA operatives. A German citizen, Khaled el-Masri, attempted to sue the United States and Spain over his arrest by American intelligence, but in 2007, the U.S. Supreme Court rejected the case on national security grounds.
What about suing individual U.S. intelligence agents, not in a U.S. court, but in a foreign court? Using standard investigative procedures, in 2005 the Spanish police identified the three American pilots who handled Mr. el-Masri’s flight, and were even able to peel away their false names. For some reason, the German prosecutor held back, and the potential case quickly was escalated up to a matter of diplomacy between the United States and Germany. Nothing happened. This time. But what about the future?
As thousands of intelligence community employee identities are revealed, as they will be, it is reasonable to expect the number of cases against individual IC members will proliferate. Not all can be the subject of bilateral nation-state negotiations. Not all will be in jurisdictions that are close allies with the United States. IC retirees will be faced with mounting headaches, legal bills and seizure of overseas assets.
When intelligence community employees put their lives on the line to serve their country, they knowingly take great personal risks. Their anonymity or false names might help them. But when the curtain is thrown back, and they are exposed, then does the U.S. government owe them protection? Or does the U.S. have a de facto policy that leaves retirees hanging out to dry? This would be neither honorable or just, and undoubtedly is not intended.
Time is short. Sources confirm China’s Ministry of State Security likely has been cross-indexing insurance, airlines and Office of Personnel Management security clearance files. One support network for the IC already has been compromised, and there are more to come.
This problem needs to be studied in greater detail. A legal fund must be established to support the litigation needed to protect exposed agents. U.S. extradition laws might be reviewed. Within the intelligence community, the legal departments that manage accountability need to be funded so they can expand and take on these new challenges. It is bad enough that IC employees no longer can assume their identities will be securely protected by the government, but they should be able to count on robust support if they are attacked in foreign courts.
• Edward M. Roche is a member of the American Society of International Law and the Association of Former Intelligence Officers.
Please read our comment policy before commenting.