Sailors stand watch at headquarters of U.S. Fleet Cyber Command/U.S. 10th Fleet at Fort Meade, Maryland, in 2018

Sailors stand watch at headquarters of U.S. Fleet Cyber Command/U.S. 10th Fleet at Fort Meade, Maryland, in 2018 U.S. Navy/Samuel Souvannason

Could Trump Deploy US Cyber Command Against Protestors?

It’s time to set better limits on the U.S. military’s ability to operate against Americans.

American paratroopers were almost sent into the streets of Washington, D.C., this summer, just days after President Trump warned, “If a city or a state refuses…to defend the life and property of their residents, then I will deploy the United States military and quickly solve the problem for them.” But for the cooler heads of senior military officials and officers, the president might have had his way. And just as a president can deploy paratroopers, so one might authorize online disruption against American citizens. The Department of Defense has invested billions to build the offensive capabilities of U.S. Cyber Command to thwart Russian election interference, combat Islamic State online, and disrupt Iran’s regional meddling. The country’s digital dependence, combined with emergency powers given to the executive branch, means there are scenarios even more worrying than the 82nd Airborne on America’s streets. 

The Constitution did not originally give presidents authority to deploy military forces against American citizens at home; Congress granted it in 1807 to allow Thomas Jefferson to put down a military plot by Aaron Burr. The Insurrection Act reads, “The President, by using the militia or the armed forces, or both, or by any other means…shall take such measures as he considers necessary to suppress, in a State, any insurrection, domestic violence, unlawful combination, or conspiracy, if it…opposes or obstructs the execution of the laws of the United States or impedes the course of justice under those laws.” According to the Congressional Research Service, this statute “does not require the request or even the permission of the governor of the affected state,” just a “proclamation, immediately order[ing] the insurgents to disperse.” 

This authority goes beyond mere Defense Support to Civil Authorities and law enforcement. President Abraham Lincoln invoked the Act to send troops to the South to fight the Civil War. Later presidents used it for other purposes, sending troops to enforce desegregation and, as in the 1992 Rodney King riots, to conduct tasks that seem recognizably military in all but location.

Who, then, is an insurrectionist? As protests continue and the election draws nearer, Trump and his proxies shout that those who oppose his policies are not concerned citizens but traitors. Going well beyond Trump’s ritually declaring various “enemies of the people,” Attorney General William Barr has called antifa a “highly organized” group conducting a “new form of urban guerilla warfare” including “domestic terrorism.” Liberals, Barr has said, are “tearing down the system” and BLM “are a revolutionary group that is interested in some form of socialism, communism.” And Sen. Tom Cotton has directly equated protesters with “insurrectionists.”

It does not take much to imagine various potential scenarios. A far-from-exhaustive list might include:

“Law enforcement can’t handle it.” Trump seeks to energize his base by cracking down on protesters and “antifa,” but federal law enforcement lack the capacity or the will to conduct widespread or significant operations. The FBI might, for example, be focused on the scrupulous collection of evidence to build cases against crimes already committed rather than preemptively taking the fight to the enemy. In a Digital Portland scenario, with protesters hacking Federal property, there may not be enough cyber offensive capacity in Trump’s preferred paramilitary organizations (like the law enforcement elements of the Department of Homeland Security). So Trump directs U.S. Cyber Command to target protestors. Using capacities developed to dismantle the online presence of Islamic State, the command works with intelligence units to identify key people in the protest movement, determine their login information, and take over their accounts one-by-one.

“Rally around the troops.” Trump sends in soldiers — infantry and cyber — to deliver his smackdown against “enemies of America.” Violent images of troops dominating the urban battlespace while uniformed cyber warriors fight the president’s domestic foes could deliver a better October Surprise than relying on law enforcement. U.S. Cyber Command could infiltrate the mobile phones of suspected domestic enemies, “prepare the battlespace” by conducting intrusions into computer servers and cloud service providers (such as Amazon and Google) suspected of storing illicit documents, and disrupting these when they ready. 

“Thwart the election.” The scariest scenario is if Trump “attempts to wield the power of the presidency to thwart the electoral process,” as recently warned by Robert Taylor, a former DoD Deputy General Counsel with a reputation for even-headedness. If the president claims he was the rightful victor, he might attempt to order the military to deny the transition, perhaps by ordering the disruption of the emails, servers, and online planning of “insurrectionists” — in this case, the Democratic party and Biden transition team, or those supporting them. Armed with a broad definition of “support,” and a vague identification of insurrection, this could quickly affect millions of Americans whose chief offense is to oppose the president’s reelection. 

Regardless of the scenario, it is not clear what limits govern a president acting under the Insurrection Act. In the cyber realm, at least, the Foreign Intelligence Surveillance Act, Computer Fraud and Abuse Act, Title III limitations on wiretaps, and of course the Bill of Rights would still have force. But while CFAA did not, for example, envisage military offensive cyber capabilities to defeat an armed domestic rebellion, the Insurrection Act, by allowing “any means,” arguably has. The Justice Department might argue the president is at the “zenith of his powers…acting in accordance with congressional authorization” as it did in 2006 when defending the Bush administration’s warrantless intercepts

The Obama administration went further in 2011, arguing: “Were the target of a lethal operation a U.S. citizen who may have rights under the Due Process Clause and the Fourth Amendment, that individual's citizenship would not immunize him from a lethal operation” because of the obligation to forestall “the threat of violence and death to other Americans.” 

These arguments were controversial when they were made and would only be more so if defending domestic military operations. But they may be enough to stall, giving a president time to act decisively. After all, lawyers may argue, it would be odd if soldiers were authorized to machine-gun “insurrectionists” but not DDoS their computers. Since Congress authorized the president to respond “by any means,” Department of Justice lawyers might argue that the Insurrection Act requires deference to the executive in any cases of ambiguity.

In any event, Congress may not know what actions the president takes after invoking the Act, for it contains no reporting requirements. Beyond the initial proclamation, a president could keep such orders and operations not only classified from the public but hidden from immediate legislative inquiry (though of course there would be endless leaks).

The practical limit of a president’s actions under the Insurrection Act may be his ability to get troops and civil servants to carry them out. The DoD’s current military leaders (and some civilians) would be looking for every opportunity to stonewall to avoid operating against U.S. citizens; military generals counsel and judge advocate generals would find countless issues requiring further analysis.

Ambiguity, deliberately created, can exploit the tensions between loyalty and obedience to commanders and the military obligation stay out of politics and disobey illegal orders. The issue won't be whether military cyber warriors will cross clear bright lines—they won't. The issue is how they will respond when faced with ambiguous grey zones, what happens when small steps into the grey get pulled into bigger ones by increment.

Even if the military successfully resists involvement, the incident would trigger a constitutional crisis and the most dangerous moment in civil-military affairs since at least the Vietnam War. 

This past summer, in Washington, D.C., it so happened that cooler heads and military professionalism prevailed. The 82nd Airborne Division's Immediate Response Battalion 1 never deployed to the streets of the national capital, and flew home after several days. Trump was eventually “dissuaded” from committing them by the chairman of the Joint Chiefs of Staff, Gen. Mark Milley and Attorney General Barr. Defense Secretary Mark Esper initially “seemed to back the president’s position,” but later took a prominent lead in resisting the commander-in-chief.

The next time, whether under this president or another, the cabinet and chain of command may be more complicit. If a president chose to use of the Insurrection Act to deploy U.S. paratroopers to our streets and U.S. cyber warriors to our networks, there may be few formal, speedy mechanisms to stop it. Civil society and state governors will file suit – though this won’t help in not-a-state Washington, D.C. – and Congress may complain. Neither is likely to lead to a quick resolution. 

Kelly Magsamen at the Center for American Progress has recommended four reasonable check-and-balance safeguards to guarantee presidents have tools they need against true insurrection while limiting the possibilities for tyranny: requiring congressional notification and authorization; imposing executive branch checks such as certification by the Attorney General or Defense Secretary; adding an expedited judicial review; and explicitly prohibiting invocation against peaceable assembly.

Congress can also consider an escalating set of authorities based on different scales of crisis, with domestic use of cyber capabilities restricted to the highest categories, rather than an all-or-nothing “break glass in case of emergency.” Such thresholds are already in place for the president’s war powers over telecommunications, in the Telecommunications Act of 1934, with differing authorities kicking in if the country is at war or there is merely a “threat of war.” An updated Insurrection Act could meaningfully distinguish between a local disturbance, requiring a modest Federal presence, versus a armed insurrection requiring major combat operations, with corresponding presidential powers including offensive cyber operations.

It is likely of no use to limit U.S. military cyber capabilities. This only increases national security risk for little domestic protection. 

Abuse of a power such as U.S. Cyber Command’s would clearly be tyranny, but if it were to happen it would be in an environment of fog, ambiguity, and slippery slopes. And with all that ambiguity around the edges, to unwind it all could take time. Our best defense against this may be to reinforce, in advance, the norms of military professionalism and responsibility to obey only legal orders that we have long relied upon and which may become even more important – if harder to discern clearly – in the unprecedented conditions of the 2020 campaign.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.