Protecting our metadata is both the new frontier and the new L’Enfant terrible of policy and law.

Attorney General nominee Loretta Lynch should be questioned closely on pioneering civil remedies in response to digital age hacking and theft of government or private information that threatens national security and Americans’ privacy during her confirmation hearings before the Senate Judiciary Committee. 

ADVERTISEMENT

Deterring hackers and keeping national security secrets uncompromised and metadata safe depends on our Department of Justice doing more than symbolic criminal indictments that possess little chance of going to trial. Traditional criminal law enforcement seems obsolete for cyber attacks with a customary international component.  Illustrative is the Justice Department's criminal indictment last year against five Chinese People's Liberation Army members for hacking into the accounts of major United States corporations.  Former U.S. Ambassador to China, Jon Huntsman, Jr. downplayed the indictments as little more than “symbolism.”  China will never extradite the accused, and constitutional due process forbids criminal trials in absentia.    

Edward Snowden and perhaps co-conspirators in the conversion of 1.7 million classified government files for his use and that of his associates, or the media internationally, are also beyond the reach of the criminal law.  Snowden remains in Russia and other infamous media figures associated with him, scattered around the globe. Wikileaks and Julian Assange have remained a menace to the United States over unauthorized disclosure of classified information also beyond the realm of a criminal prosecution. Ditto North Korea’s involvement with the Sony hacking incident.

Worse is the chain of custody and control of stolen government property which is at best uncertain in the international cyber world.  Last summer, FISA Court Judge Reggie Walton ruled that the NSA can’t keep metadata more than 5 years.  However, no such injunction exists for Snowden, Assange, North Korea, the PLA, and the media in possession of stolen government information.

Letting indictments slumber is worse than doing nothing.  The United States has become a paper tiger regarding it’s unwillingness to seek other remedies with consequences severe enough to deter future leakers or hackers which compromise our national security and intellectual property. Precisely why Lynch should be asked about her about plans to pursue more viable civil remedies.

With regard to Snowden, Assange, and the other international bad cyber actors, the United States could consider filing a civil suit against him for conversion of government information.  Remedies could include money damages, return or destruction of the information, or an injunction against further publication of sharing of the documents.  An injunction against international leakers and hackers would not run afoul of the Pentgon Papers precedent because there the parties to be enjoined, The New York Times  and The Washington Post,  had not converted or purloined the documents at issue.  Additionally, the Pentagon Papers  ruling did not foreclose a damage remedy against the newspapers for profiting from the exploitation of stolen property. 

That suggests broadening civil actions against leakers, hackers, and co-conspirators to include all parties that knowingly and directly benefited financially from use of the government's converted documents.  These would include book authors or publishers, movie producers, or media outlets who relied in whole or in part on stolen intelligence materials

There is precedent for the U.S. government to use civil lawsuits to protect classified information. Former CIA agent, Frank Snepp, published a book about CIA activities in South Vietnam, Decent Interval, without submission for prior pre-publication review.  The CIA, upheld by the U.S. Supreme Court, won an injunction providing for the clearance of any future publications by Snepp.  The Court held that the United States was entitled to the profits Snepp derived from the book. 

These civil remedies have more teeth than President Obama's deprecating the North Korean attacks as "cyber-vandalism," curtaling its Internet access for a few hours, and adding superfluous economic sanctions on a handful of North Korean persons or entities or indictments sitting in the Eastern District of Virginia that may never see the convening of a grand jury.

Civil actions to deter cyber theft of government national security matters or private information are not a panacea.  Our future national security and securing private information depends on a future A.G. that will seek remedies beyond symbolic indictments. The cyber theft epidemic will not enter remission on its own and nominee Loretta Lynch should be asked her intentions to use policies and laws already on the books.

Fein is president of M22 Strategies, a policy and research firm focused on security and cyber policy. She recently published suggested legislation after the Sony hacking.