Robert Mueller became director of the FBI one week before 9/11 and spent the next 12 years adding global terrorists to the agency’s most-wanted list of gangsters, kidnappers and bank robbers – and aggressively hunting them down.
Now, two months after leaving the job that allowed him to transform the FBI and focus its agents more on counterterrorism and emerging threats like cyber crimes, Mueller will work closely with Stanford scholars to better understand the challenges and issues surrounding international security and online networks.
At the invitation of the Freeman Spogli Institute for International Studies and Stanford Law School, Mueller will spend the current academic year as a consulting professor and the Arthur and Frank Payne Distinguished Lecturer.
He will also visit the Haas Center for Public Service and meet with students to discuss leadership and service around cybersecurity, and work through FSI to train and mentor undergraduate students.
"I look forward to working with the students and faculty of Stanford to address critical issues of the day, including counterterrorism, cybersecurity and shepherding institutions through transition,” Mueller said. “Having worked on these issues as FBI director over the last several years, I hope to pass on the lessons I have learned to those who will be our leaders of tomorrow. For my part, I hope to gain fresh insight and new thoughts and ideas for the challenges our country continues to face."
Mueller will make several visits to Stanford, spending about 30 days on campus during the academic year. His first visit comes next week, and will be marked by his delivery of the Payne lecture on Nov. 15. The public talk will focus on the FBI’s role in safeguarding national security. It will be held at 4:30 p.m. at the Koret-Taube Conference Center in the John A. and Cynthia Fry Gunn Building.
“Bob Mueller is an extraordinary public servant who will bring an enormously important perspective to some of the most complex security issues in the world,” said FSI Director Mariano-Florentino Cuéllar. “We’re excited that he can help shape our research agenda on cybersecurity and other security issues.”
Mueller will spend the year working with FSI and Stanford Law School scholars to develop research agendas on emerging issues in international security. He will hold graduate seminars and deliver a major lecture at the law school and work with students and fellows at the Haas Center, the law school and the Graduate School of Business. He will also mentor honors students at FSI’s Center for International Security and Cooperation and Center on Democracy, Development, and the Rule of Law.
"Robert Mueller has been a federal prosecutor and the nation’s leading law enforcement official during very difficult times. We are thrilled he will be interacting with our students and faculty because he has much to teach us,” said M. Elizabeth Magill, dean of the law school. "His unique perspective on the intersection of law and international security will be tremendously beneficial to our community. We are delighted to welcome Director Mueller back to Stanford Law School."
As the FBI’s chief, Mueller created a dedicated cybersecurity squad in each of its field offices and dedicated about 1,000 agents and analysts to fight Web-based crimes. At Stanford, he will bring together academics and practitioners with an eye toward creating an unofficial diplomacy dialogue.
“Should a terrorist utilize cyber capabilities to undertake an attack, it could be devastating,” he said just before leaving the FBI in September. “We have to be prepared.”
Mueller received a bachelor’s from Princeton in 1966 and a master’s in international relations from New York University a year later. He fought in Vietnam as a Marine, leading a rifle platoon and earning the Bronze Star and Purple Heart. After leaving the military, Mueller enrolled at the University of Virginia Law School and received his law degree in 1973.
He began his law career as a litigator in San Francisco, and in 1976 began a 12-year career serving in United States Attorney’s offices in San Francisco and Boston focusing on financial fraud, terrorist and public corruption cases. He worked for two law firms before returning to the U.S. Attorney’s office in Washington, D.C., where he was a senior homicide investigator.
He was named U.S. Attorney in San Francisco in 1998, and held that job until President George W. Bush tapped him to lead the FBI. His first day on the job was Sept. 4, 2001.
“When I first came on board, I thought I had a fair idea of what to expect,” Mueller said during his farewell ceremony at the FBI ‘s headquarters in Washington “But the September 11 attacks altered every expectation.”
About the Topic: The cyber security landscape has seen dramatic changes in recent years with the advent and evolution of new, growing, and ever-present adversaries. As targeted attacks and advanced adversaries continue to evolve and become increasingly sophisticated, it becomes difficult to keep pace and stay protected. Existing security technologies are incapable of identifying determined adversaries and protecting your intellectual property. Enterprises must combat these threats with targeted attack detection, prevention, and monitoring. By leveraging big data technologies and security intelligence, companies can proactively respond to advanced threats while also gaining the ability to hunt, query, and gain insight into all activity across the enterprise.
About the Speaker: Serial entrepreneur George Kurtz co-founded CrowdStrike, a cutting-edge, big data, security technology company focused on helping enterprises and governments protect their most sensitive intellectual property and national security information. Kurtz is an internationally recognized security expert, author, entrepreneur, and speaker. He has more than 20 years of experience in the security space, including extensive experience driving revenue growth and scaling small and large organizations. His entrepreneurial background and ability to commercialize nascent technologies has enabled him to drive innovation throughout his career by identifying market trends and correlating them with customer feedback, resulting in rapid growth for the businesses he has run.
His prior roles at McAfee, a $3-billion security company, include Worldwide Chief Technology Ocer and GM, as well as SVP of Enterprise. Prior to joining McAfee, Kurtz started Foundstone in October 1999 as the founder and CEO responsible for recruiting the other six founding team members. Foundstone, a world wide security products and services company, had one of the leading incident response practices in the industry, and was acquired by McAFee in October of 2004. He also authored the best-selling security book of all time, Hacking Exposed: Network Security Secrets & Solutions.
CISAC Conference Room
George Kurtz
President/CEO & Co-Founder, CrowdStrike
Speaker
ABOUT THE TOPIC: In his talk, Jack Goldsmith will explain why he is skeptical about significant cybersecurity cooperation among military rivals, especially at the treaty level. He will, however, argue that the Snowden revelations make such cooperation more, not less, likely.
ABOUT THE SPEAKER: Jack Goldsmith is Henry L. Shattuck Professor of Law at Harvard University, where he specializes in national security law, international law, internet law, and presidential power. Goldsmith is the author of five books and numerous articles covering these topics. His recent books include: Power and Constraint: The Accountable Presidency After 9/11 (W.W. Norton, 2012); The Terror Presidency: Law and Judgment Inside the Bush Administration (W.W. Norton, 2007); Who Controls the Internet? Illusions of a Borderless World (Oxford Press, 2006, with Tim Wu); and The Limits of International Law (Oxford Press, 2005, with Eric Posner). Prior to his time at Harvard, Goldsmith was Assistant Attorney General in the Office of Legal Counsel from October 2003 to July 2004 and Special Counsel to the General Counsel to the Department of Defense from September 2002 through June 2003.
CISAC Conference Room
Jack Goldsmith
Henry L. Shattuck Professor of Law, Harvard Law School
Speaker
Jonathan Mayer
Cybersecurity Fellow, CISAC
Commentator
CISAC Co-Director Amy Zegart and nine other national security and intelligence scholars were recently invited to the headquarters of the National Security Agency in Fort Meade, Md., for unprecedented talks with high-ranking officials. They discussed cybersecurity, the plummeting public trust in the agency, its relationship with Congress and how to rebuild the agency’s reputation and rethink its program operations.
The academics were first taken to the black granite wall carved with the names of 171 military and civilian cryptologists who have died in service. “I think they wanted us to know that this is an organization of people, not some robots trolling through your emails,” said Zegart, author of the book, “Spying Blind,” which examines why U.S. intelligence agencies failed to adapt to the terrorist threat before the 9/11 attacks.
The scholars were then taken to a windowless conference room for several hours of what Zegart called remarkably frank and free-ranging talks about the agency and its tactics.
The NSA is one of the world’s most secret intelligence gathering organizations. Its methods have come under intense scrutiny with a series of damaging leaks about its operations. Former NSA contractor Edward Snowden and national intelligence reporters have revealed tactics that have left many Americans cold and questioning the legality and necessity of the agency’s methods. From monitoring emails and phone calls, to secretly cracking encryption codes that protect personal email as well as financial and medical records and Internet chats – the revelations just keep coming. Civil liberty organizations and Internet privacy advocates here at Stanford are outraged, while some foreign governments are accusing Washington of Big Brother tactics run amok.
Zegart answers questions about those perceptions and her Sept. 23 briefing at NSA headquarters.
Are the accusations that the NSA is Big Brother squared fair?
Image
If you look at the reporting on the NSA so far, there is zero evidence of a widespread, deliberate and nefarious plan by the agency to violate the law and spy on American citizens. This is a policy debate, not a scandal. There’s no question in my mind that the NSA has interpreted its legal authority to the maximum extent of the law possible. They’ve taken what Congress has granted them and they have pushed to the edge – but that’s a very big difference from running amok.
How did this unprecedented meeting come about and why do you think the senior NSA officials – who asked not to be identified – called on social scientists?
In our group, the last time someone went to the NSA was in 1975, which tells you how rare it is for them to invite academics in. The was a sense at senior levels that they need to think more systematically and long-term about education, about being more open to academics coming in and doing research about the NSA and hearing what academics have to say. In part, thought-leaders at universities can play a role in transmitting some of the complexities in which the NSA operates – the tradeoffs the agency is confronting and the constrains under which they are operating.
The other academics invited to the NSA on Monday were William Inboden of the University of Texas, Austin; Michael Desch of Nortre Dame University; Jeffrey Engel and Joshua Rovner of Southern Methodist University; Thomas Mahnken of the U.S. Naval War College; Richard Betts of Columbia University; Benjamin Wittes of The Brookings Institution; Kori Schake of Stanford University; and Robert Chesney of the University of Texas, Austin.
One thing this meeting highlighted for me is that the NSA is not free to respond to the criticism it gets in the press. It’s intertwined with other organizations that have a say in how it responds: the Office of the Director of National Intelligence, the FBI, the Justice Department and the White House. And they have never had to deal with the spotlight before. They gave me this statistic: Last summer, there were 167 legitimate questions from the press; in the summer of 2013 there were 1,900 media requests. That’s a tenfold increase. This is a whole new world for this agency. And to go against secrecy is just totally counter to their culture. This was a bold step for them to have us come in.
Did the NSA officials talk about whether they had broken any laws?
They definitely wanted us to believe that what they are doing is lawful and effective. I believe the lawful part; I’m not so sure about the effective part. I think they haven’t looked hard enough about what effective means. Do they know it when they see it? And who’s to judge?
They were quick to point out that they’re under extensive oversight both by Congress and the Foreign Intelligence Surveillance Act (FISA) court. The question is whether Americans are comfortable with the lines that have been drawn by their own government and if they’re comfortable with the lack of transparency. The NSA is really bad at letting us know what the gains are (from surveillance) and they’ve struggled with how to deal with the public reaction to the Snowden revelations.
This is an intelligence agency and they’re supposed to be stealing information from other governments; that’s what we pay them to do and other governments would use those capabilities in an instant if they had them. That has gotten lost in the debate. When I talk to my parents and friends, they think that the NSA is listening in on their phone calls. That’s just not true. They’re examining phone logs: who called whom and for how long. No one is listening to your conversation with grandma.
The fundamental problem is that the NSA is highly regulated – but nobody trusts the regulatory framework."
Did you discuss former NSA contractor Edward Snowden?
Extensively. It’s the biggest breach in the agency’s history. They’ve been in crisis mode since June. They’ve been putting our fires every day and the arsonist is still out there. NSA officials told us that they know 125 documents have been compromised; they believe Snowden probably has already passed to the press another 50,000 documents and that the entire tranche that he may have taken is bigger than that. But there’s a question about whether that tranche is accessible, that Snowden may have done things to make some of his data hard to read.
They said Snowden didn’t just download documents he himself had access to. He used social engineering, convincing someone else to give him access to additional information to breach security protocols. Meanwhile, Snowden had plenty of avenues for whistleblowing, including five inspectors-general and the members of the congressional intelligence committees, but he availed himself of none.
Have Snowden’s actions endangered national security or international relations?
The standard lines about “irreparable harm” are not convincing to many people because they are so vague, we’ve heard them so often, and the government classifies boatloads of information that shouldn’t be secret. But NSA officials got a little more specific. They said Snowden has hurt national security in three ways: The first is that he revealed government surveillance capabilities. Second, he’s revealed politically embarrassing things that are harming relations with our allies – and they believe there is more to come. (Brazilian President Dilma Rousseff postponed a state visit to Washington, for example, following the release of evidence that the U.S. spied on Brazilian politicians and business leaders.) They said Snowden has a pattern of releasing embarrassing information around big international meetings, such as the G20 summit. The third damaging impact is that Snowden has hurt the NSA’s ability to produce intelligence.
What are some of the challenges and solutions moving forward?
Intelligence is a political loser and so you see a lot of members of Congress who says they are shocked – shocked! – to find out what the NSA is doing when they had full opportunity to be briefed on these programs for a long time. So they’re making political hay out of NSA’s difficulties. Most members of Congress have zero incentive to actually learn anything about the complexities of intelligence because the voters don’t hear about it and they don’t reward them for it.
The near-term challenge is to stop Congress from doing something stupid, such as the wholesale cancelling of NSA programs and capabilities. The medium-term challenge is to figure out what sensible options there are to restoring the public trust and make the NSA more transparent and more targeted in its collection approach. When NSA chief Keith Alexander steps down, we are going to see all of these issues come to a head in a very public way with the confirmation of the next director.
The longer-term challenge is creating better mechanisms to assess whether NSA should do things just because it can technically – to weigh the wisdom and efficacy of programs, not just their legality. The NSA also needs a sustainable education campaign so that when things break in the news, legislators and constituents have an understanding of what this agency does and can put these revelations into perspective.
They definitely wanted us to believe that what they're doing is lawful and effective; I believe the lawful part, I'm just not so sure about the effective part."
What are the strengths of the NSA that the public doesn’t get to see?
The NSA is the organization that’s responsible for information assurance, like if you’re in government on a secure phone line. And most people don’t know the NSA wrote the codes to protect our nuclear arsenal from day one. So the NSA has two, often conflicting missions. One is signals intelligence, which is offense, and the other is the information assurance that is defense. In an era of cyber vulnerabilities, information assurance is huge. They feel like they were doing what they were authorized to do and serving the mission and that they are being characterized as evil for doing what they think is right.
What were your biggest takeaways from this meeting?
I would say one of the things that I did walk away from the meeting hearing – and I think that perhaps this is the big policy question – is that the NSA orientation is to collect now, ask questions later. So the question is: Is that the right operating philosophy; are we comfortable as a democratic society with that collect-now-ask-later approach?
About the Topic: What do the National Security Agency’s bulk surveillance programs reveal about Americans? This talk presents ongoing studies of Internet and telephone metadata. Preliminary results suggest that technical restrictions are far less effective than many observers have assumed.
Jonathan Mayer is a Ph.D student in Computer Science and a J.D. student in Law at Stanford University. He joined CISAC as a predoctoral cybersecurity fellow in 2012, and continued as a cybersecurity fellow at CISAC for 2013-2014.
His research aims to advance difficult problems in technology policy. His recent work has focused on how to protect consumer privacy while promoting online innovation. In one line of studies, Jonathan has used web measurement to shed light on the information collected about consumers online. Another project aims to develop third-party web services that deliver functionality without tracking users.
Jonathan completed his undergraduate degree at Princeton University in 2009, with a concentration in the Woodrow Wilson School of Public and International Affairs.
CISAC Conference Room
Jonathan Mayer
Cybersecurity Fellow, CISAC
Speaker
Rebecca Slayton is a lecturer in Stanford’s Public Policy Program and a junior faculty fellow at CISAC for 2013-2014. She was a visiting scholar at CISAC for 2012-2013. Her research examines how experts evaluate the prospects and risks of new technology, and how they make their judgments politically persuasive in the context of international security. She recently completed a book, Arguments that Count: Physics, Computing, and Missile Defense, 1949-2012, which will be published by MIT Press in 2013. Arguments that Counts compares how two different ways of framing technology—physics and computer science—lead to very different understandings of the risks associated with weapons systems, and especially missile defense. It also shows how computer scientists established a disciplinary repertoire—quantitative rules, codified knowledge, and other tools for assessment—that enabled them to analyze the risks of missile defense, and to make those analyses “stick” in the political process. She has recently begun studying how different cultures of risk have shaped, and continue to shape, the field of cyber security.
Slayton was a lecturer in the Science, Technology and Society Program at Stanford University and a CISAC affiliate from 2005-2011. In 2004-2005 she was a CISAC science fellow. She earned a PhD in physical chemistry at Harvard University in 2002. From 2002-2004, she retooled in the social sciences as a National Science Foundation postdoctoral fellow at the Massachusetts Institute of Technology. She also won a AAAS Mass Media Science and Engineering Fellowship in 2000, and has worked as a science journalist.
About the Topic: Air, sea, land, and space are the traditional domains of military operations. Now, as the Information Age unfolds, cyberspace has become the fifth domain. The relative newness of cyberspace and the interdependencies between it and the preexisting domains pose many challenges, both in terms of the wise integration of cyber into ongoing operations and the creation of personnel with the right combination of technical and non-technical knowledge to apply activities on computers and networks in ways consistent with high-level policy. Cyber operations include both the defense of networks and computers, but also actions to achieve specific effects on adversaries. These effects may extend to the physical world, or may be circumscribed entirely to cyber systems. Through examples and observations, this unclassified talk will illustrate the complexity of our quest to use cyber space.
About the Speaker: Dr. Cynthia Irvine is the chair of the Cyber Academic Group and director of the Center for Information Systems Security Studies and Research (CISR) at the Naval Postgraduate School where she is a professor of computer science. Her research centers on the design and construction of secure high assurance systems and multilevel security, and now cyber systems and operations. She is an author on over 160 papers and reports and has supervised the research of over 140 Masters and PhD students. Dr. Irvine is a recipient of the Naval Information Assurance Award and the William Hugh Murray Founder’s Award from the Colloquium for Information Systems Security Education. She is a member of the Association for Computing Machinery, a lifetime member of the Astronomical Society of the Pacific, and a Golden Core Member of the Institute of Electrical and Electronics Engineers (IEEE). From 2005 through 2009, she served as Vice- Chair and subsequently as Chair of the IEEE Technical Committee on Security and Privacy.
CISAC Conference Room
Cynthia Irvine
Chair, Naval Postgraduate School Cyber Academic Group; Professor of Computer Science and Director, Center for Information Systems Security Studies and Research (CISR), Naval Postgraduate School
Speaker
Caleb Sima founded Bluebox, a startup specializing in mobile security, and SPI Dynamics, the leading provider of Web application security testing software and services. When Hewlett-Packard (HP) acquired SPI Dynamics in 2007, Sima took on the role of Chief Technologist at HP's Application Security Center, where he directed the company's security solutions' lifecycles and spearheaded development of its cloud-based security service. He began his security career at the S1 Corporation in 1996.
He joined Internet Security Systems as a Member of the X-Force, where he focused on the research and development of security advisories for ISS. A thought leader and technical visionary in the Web application security field, he has co-authored textbooks on the subject, is a frequent media contributor and regularly speaks at key industry conferences such as RSA and Blackhat. His engineering exploits have gained media attention in publications such as the New York Times and the Washington Post. Sima is a co-author of the book Hacking Exposed Web Applications: Web Security Secrets & Solutions.
Reuben W. Hills Conference Room
Caleb Sima
Founder and CEO, Bluebox; Co-founder, CTO, Director of SPI Labs, SPI Dynamics, Inc.
Speaker
Speaker's Biography: Vinton G. Cerf has served as vice president and chief Internet evangelist for Google since October 2005. He is also an active public face for Google in the Internet world. Cerf was appointed by President Obama to serve on the National Science Board beginning in February 2013.
Widely known as one of the "Fathers of the Internet," Cerf is the co-designer of the TCP/IP protocols and the architecture of the Internet. In December 1997, President Clinton presented the U.S. National Medal of Technology to Cerf and his colleague, Robert E. Kahn, for founding and developing the Internet. Kahn and Cerf were named the recipients of the ACM Alan M. Turing award in 2004 for their work on the Internet protocols. The Turing award is sometimes called the “Nobel Prize of Computer Science.” In November 2005, President George Bush awarded Cerf and Kahn the Presidential Medal of Freedom for their work.
Oak Lounge
Tresidder Memorial Union, 2nd Floor
Stanford
Vinton G. Cerf
Vice President and Chief Internet Evangelist, Google
Speaker
Thomas Fingar spoke with Federal News Radio about his thoughts on insider threats in the U.S. government. Fingar said that the best approach is a risk management approach, instead of trying to protect all information. This approach allows for analysts to continue doing their work, while limiting the threat posed by contractors, government officials, and other individuals who do not need comprehensive access to government data to conduct their work effectively.
Freeman Spogli Institute for International Studies
Stanford University
Encina Hall, C-327
Stanford, CA 94305-6055
(650) 723-9149
(650) 723-6530
0
tfingar@stanford.edu
Shorenstein APARC Fellow
Affiliated Scholar at the Stanford Center on China's Economy and Institutions
tom_fingar_vert.jpg
PhD
Thomas Fingar is a Shorenstein APARC Fellow in the Freeman Spogli Institute for International Studies at Stanford University. He was the inaugural Oksenberg-Rohlen Distinguished Fellow from 2010 through 2015 and the Payne Distinguished Lecturer at Stanford in 2009.
From 2005 through 2008, he served as the first deputy director of national intelligence for analysis and, concurrently, as chairman of the National Intelligence Council. Fingar served previously as assistant secretary of the State Department’s Bureau of Intelligence and Research (2000-01 and 2004-05), principal deputy assistant secretary (2001-03), deputy assistant secretary for analysis (1994-2000), director of the Office of Analysis for East Asia and the Pacific (1989-94), and chief of the China Division (1986-89). Between 1975 and 1986 he held a number of positions at Stanford University, including senior research associate in the Center for International Security and Arms Control.
Fingar is a graduate of Cornell University (A.B. in Government and History, 1968), and Stanford University (M.A., 1969 and Ph.D., 1977 both in political science). His most recent books are From Mandate to Blueprint: Lessons from Intelligence Reform (Stanford University Press, 2021), Reducing Uncertainty: Intelligence Analysis and National Security (Stanford University Press, 2011), The New Great Game: China and South and Central Asia in the Era of Reform, editor (Stanford University Press, 2016), Uneasy Partnerships: China and Japan, the Koreas, and Russia in the Era of Reform (Stanford, 2017), and Fateful Decisions: Choices that will Shape China’s Future, co-edited with Jean Oi (Stanford, 2020). His most recent article is, "The Role of Intelligence in Countering Illicit Nuclear-Related Procurement,” in Matthew Bunn, Martin B. Malin, William C. Potter, and Leonard S Spector, eds., Preventing Black Market Trade in Nuclear Technology (Cambridge, 2018)."
