Two-dozen congressional staffers joined academic and Silicon Valley experts at Stanford’s inaugural cybersecurity boot camp to discuss ways to protect the government, the public and industry from cyber attacks, network crimes and breaches of personal privacy.

The staffers listened to presentations from 25 business and technology leaders, as well as experts in privacy, civil liberties and intelligence during the three-day boot camp. They also took part in a role-playing exercise dealing with a cyber crisis, posing as staffers from the White House, Homeland Security, the State and Defense departments, as well as private enterprise.

The idea behind the workshop was to give Capitol Hill staffers the knowledge and contacts that will help them better craft legislation and policies on cybersecurity.

“We’re 3,000 miles away from Washington and we’re at ground zero for the tech revolution,” said CISAC Co-Director Amy Zegart. She is also the Davies Family Senior Fellow at the Hoover Institution, which co-sponsored the boot camp that that ran from Aug. 18-20.

“The boot camp is an important early step in what we envision to be a continuing, leading and lasting cyber program,” said Zegart, co-convener with Herbert Lin, chief scientist at the Computer Science and Telecommunications Board, National Research Council of the National Academies, who joins Stanford in January as a senior scholar for cyber research and policy at CISAC and research fellow at the Hoover Institution.

Zegart had three goals for the boot camp. One was to bring together computer and social scientists across campus and across the country “to broaden and deepen our cutting-edge scholarship.”

Then, from the networking that naturally took place, Zegart hopes to create a Track II cybersecurity council that will convene regularly with leaders from the U.S. government, scholars and key stakeholders from the private industry.

“And finally, we want enhanced education programs not only for students here at Stanford, but key stakeholders for cybersecurity policy,” she said.

The presentations were videotaped and will be packaged and used for educational purposes at Stanford and eventually be made public online.

Some of the staffers said the boot camp exceeded their expectations and they were grateful for the jam-packed, 72-hour crash course in all things cyber.

“What Stanford has done really successfully here is they brought together people from D.C. who wouldn’t necessarily talk to each other, from different committees, from different sides of the aisle,” said Jamil Jaffer, Republican chief counsel and senior advisor to the Senate Committee on Foreign Relations. “Then from the valley community they brought lawyers, educators and technologists – you name it – from across the spectrum in a way that I’ve never seen before.”

He said he hoped CISAC and the Hoover Institution, which co-sponsored the Stanford Congressional Cyber Boot Camp, would convene the next boot camp with the New York business community as well.

“I think there’s a real opportunity to build bridges between these three major cities; I think we need to have these conversations together,” he said.

Staffers also exchanged views about the wide gap between the government and Silicon Valley tech companies with regard to privacy when they met with senior security chiefs at Google during a visit to the nearby Google X campus.

And there were plenty of lively debates about Internet security vs. privacy and whether the government should step in to police public networks.

Benjamin Wittes of Brookings and Hoover faced off with Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society at the Law School.

“Liberty is a feature of security – and security is a feature of liberty,” Wittes said. “So the urge to think that any security measure is going to negatively impact your liberty, or conversely that anything that augments online liberty is going to have negative implications on security is a very easy, and I would say, very lazy instinct.”

Granick countered by saying most professionals in Silicon Valley do not trust the government to police the Internet without secret hacks. For example, documents leaked by former NSA contractor Edward Snowden indicated the National Security Agency tapped into fiber optic cables transmitting data for Yahoo and Google.

“Last night you heard Eric Schmidt say that the NSA had hacked Google,” she said, referring to a keynote dinner conversation between the Google chairman and former Secretary of State Condoleezza Rice, a professor at Stanford's Graduate School of Business and a senior fellow at Hoover and the Freeman Spogli Institute.

The NSA has denied hacking into Google and Yahoo.

“Everyone here in Silicon Valley agrees with what he says,” she said. “Don’t fool yourself that he’s just saying that because that’s just Google marketing. Everybody at Twitter believes it; everybody at Facebook believes it. I am embedded in the privacy world and we’re all worried about consumer privacy and what these companies are doing with this information – but that doesn’t mean we trust the government to protect us.”

Aside from the government trust debate, other big takeaways were that surprisingly little is secure on the Internet and the threat of cyber attacks against the United States is one of the biggest issues facing Washington policymakers today.

They heard a warning in stark and unambiguous language from Jane Holl Lute, president of the Council on CyberSecurity and a consulting professor at CISAC.

"It's no longer possible to ignore this issue," said Lute, who until last year was deputy secretary for the Department of Homeland Security, where she was responsible for the day-to-day management of the department's efforts to prevent terrorism and enhance security. "Life online is fundamentally unsafe.”

She emphasized that the Internet is about "the power to connect, not to protect" and stressed the importance of practicing "cyber hygiene" to reduce problems. This includes monitoring the hardware and software running on a network, limiting administrative permissions, and real-time patching and monitoring of system vulnerabilities.

If organizations would just follow these steps, she said, 80 to 90 percent of cyber attacks would be prevented.

"We know a lot, but we're just not doing it,” she said.

Lute emphasized that today's world has an "existential reliance" on the Internet – more than 3 billion people in the world, including 80 percent of North Americans, have access to the Internet. All of this dependence comes against the reality that many companies and sites do not carry out basic hygiene to protect their networks.

The U.S. Senate and House staffers attending the boot camp come from both political parties and work on the U.S. Senate Select Committee on Intelligence and the Homeland Security, Appropriations, Judiciary, Energy and Commerce committees. The group also includes staffers working with House Minority Leader Nancy Pelosi, D-Calif., U.S. Sen. John McCain, R-Ariz., and Ed Markey, D-Mass., among others.

Senior executives from Microsoft, Visa, Palantir, Palo Alto Networks and U.S. Venture Partners had a robust discussion about how their companies battle cyber crime and share network data.

Ellen Richey, global head of enterprise risk for Visa, talked about her frustration with the international organized crime rings that attack financial institutions and credit cards companies.

“And they’re using that money to finance other types of illicit activities, such as human trafficking, drugs and terrorism, yet their governments don’ t go after them, or if they do go after them, they are released due to corruption in the courts,” Richey said.

She said Visa believes that at the end of the day, it’s not possible to adopt measures that are going to adequately protect against the growing threat of cyber crimes.

“So we believe that the ultimate answer for us is to get vulnerable data out of their hands,” Richey said. “You’ve got to shrink the battlefield.”

Facebook CSO Joe Sullivan addresses the boot camp, Aug. 20, 2014.

And the staffers heard a plea by Joe Sullivan, chief security officer at Facebook, to join them in the valley’s quest for better network security.

“The pace that we work at here in Silicon Valley is amazing. It’s exciting and fun to be a part of – but it’s really scary, too,” said Sullivan, a former federal prosecutor devoted to high-tech crime. “There are challenges that we have to deal with every day and we have to have really large and nimble security teams that are thinking about the next big thing before it launches.

“The question is: are government agencies thinking about these issues? Far too often – that is not the case. Hopefully when you go back to Washington you think about how we engage companies, how we engage with government agencies, think about the roles that we all play.”

Sullivan talked about Facebook’s “white hat” program, in which the social network invites users to find security vulnerabilities and report them for a bounty.

He said they have spent $3 million in the last three years in payouts to users around the world, such as the young Palestinian man who was able to hack into Facebook CEO Mark Zuckerberg’s page to warn him of a security flaw.

“We’ve focused on encryption, we’ve hired a lot of people and we’ve looked at data center traffic and all those things,” Sullivan said. “But one of the areas where I think we’ve tried to be at the forefront is about talking about security in a more open way.”

Sullivan said he believes there’s a “disconnect” when one talks about security between the private and public sectors and consumers.

“I feel like when the government talks about security, they’re talking about surveillance,” Sullivan said. “I think when consumers talk about security, they’re talking about safety.”

The big tech companies – Facebook, Microsoft and Google – must take “full ownership” of network security, though he wishes that were not always the case.

“We honestly don’t count on any government agency anywhere in the world to make the people who use Facebook secure,” he said. “We realize we have to do it on our own. Is that a good thing or a bad thing? I would suggest it’s a bad thing. I think we’d all like more help in securing our services.”

For more details about the boot camp speakers and program, visit this website.

Stanford's Condoleeza Rice and Google's Eric Schmidt greet congressional staffers attending boot camp. ©Rod Searcey

Image

The atomic bombs had been dropped on Hiroshima and Nagasaki just before 18-year-old William J. Perry landed in Japan during the War of Occupation as a mapping specialist. He saw the devastation left behind by American firebombers on Tokyo and Okinawa.

The young man quickly understood the staggering magnitude of difference in the destruction caused by traditional firepower and these new atomic bombs. He would go on to devote his life to understanding, procuring and then trying to dismantle those weapons.

But that was seven decades back. And many young Americans today believe the threat of nuclear weapons waned alongside the Cold War and Cuban Missile Crisis.

So as faculty at Stanford and the Center for International Security and Cooperation evolve with the digital age by taking their lessons online, one of the university’s oldest professors is also adapting to online teaching in an effort to reach the youngest audience, urging them to take on the no-nukes mantle that he’s held for many years.

“The issue is so important to me that I tried all sorts of approaches from books and courses and lectures and conferences to try to get my contemporaries and the generations behind me engaged – all with limited success,” says the 86-year-old Perry, a CISAC faculty member and the Michael and Barbara Berberian Professor (emeritus) at the center’s parent organization, the Freeman Spogli Institute for International Studies.

“First – which is a sine qua non – they must become seriously concerned that there is a nuclear danger, which most of these kids don’t understand at all,” said Perry. “Secondly, we want to convince them that there is something they can actually do about it.”

To reach those students, he believes he must go digital. So Perry – who co-teaches with CISAC’s Siegfried Hecker the popular Stanford course, “Technology and National Security” – began to map out a classroom course that would be videotaped and serve as a pilot for an online class that would be free and open to the public.

That course, “Living at the Nuclear Brink: Yesterday & Today” included lectures by some of the best people working in the field of nuclear nonproliferation today. Among those who will be highlighted in the online course are Perry and Hecker; Joe Martz of the Los Alamos National Laboratory; Stanford nuclear historian David Holloway; Stanford political scientist Scott Sagan; and Ploughshares Fund president, Joseph Cirincione.

The Perry Project will produce short-segment videos highlighting key information and stories from the course, packaging them in an online course available in multiple platforms and possibly offered by the university.

Perry used his personal journey as a young soldier during WWII, a mathematician and later a developer of weapons for the U.S. nuclear arsenal as undersecretary of defense for the Carter administration – and then trying to dismantle those weapons as secretary of defense for President Bill Clinton.

“I’m not doing this simply because I want to put a notch on my belt, to say that I’ve done a MOOC,” Perry said. “I’m doing it because I really want to get across to hundreds of thousands of young people.”

Last summer, he launched the Perry Project by inviting a dozen high school and college students to campus for a nuclear weapons boot camp so that they could take back to campus the message that nuclear annihilation is still a real, contemporary possibility.

He asked them: How do I get through to your generation?

“They said, `We don’t get our information by books or even by television, we get it through social media and YouTube, the various social media platforms. And you want to make the message relevant and relatively compact,’” he recalls.

Perry listened. “Living at the Nuclear Brink: Yesterday and Today” is in production now and a short-segment pilot video should be made available in the fall.

Cybersecurity fellow Jonathan Mayer to teach online class on surveillance.

CISAC is turning to other forms on online learning, as well.

Cybersecurity fellow Jonathan Mayer is teaching an online course in surveillance law.

And lectures from CISAC's signature course, “International Security in a Changing World” (PS114S) will soon go up on YouTube as lecture modules entitled, “Security Matters.”

“Online learning offers a way to expand CISAC's reach to new audiences, geographies, and generations,” says CISAC Co-Director Amy Zegart, who has co-taught the popular course for the past few years with CISAC’s Martha Crenshaw.

“At the same time, the PS114 online modules will give us a living lecture library so that future Stanford students can compare faculty lectures on similar topics across time – learning, for example, how Martha Crenshaw assessed the terrorist threat in 2010 vs. 2015,” Zegart said.

Guest lecturers whose presentations will be included for the YouTube package include:

• Jack Snyder of Columbia University: Democratization and Violence
• Francis Fukuyama of Stanford: The Changing Nature of Power
• Zegart: Understanding Policy Decisions: The Cuban Missile Crisis
• Scott Sagan of CISAC: The Nuclear Revolution; and Why Do States Build/Forego Nuclear Weapons?
• Abbas Milani, director of Iran Studies at Stanford: Historical Perspective on Iran
• Former FBI Director Robert Mueller: the FBI’s Transformation Post 9/11
• U.S. Army Lt. Gen. Karl Eikenberry (Ret.) and former U.S. ambassador to Afghanistan: The War in Afghanistan and the Future of Central Asia
• Jane Holl Lute, former deputy secretary of Homeland Security: Emerging Threats in Cybersecurity
• Perry: Security Issues in Russia, Yesterday and Today
• Brad Roberts: former U.S. Deputy Assistant Secretary of Defense for Nuclear and Missile Defense Policy: Ensuring a (Nuclear) Deterrence Strategy that is Effective for 21^st Century Challenges
• CISAC Co-Director David Relman: Doomsday Viruses

And lectures at CISAC’s Cybersecurity Boot Camp for senior congressional aids will also be videotaped and packaged for YouTube and online consumption later this year.

“We are excited to enter into this phase of experimentation to see what works, what doesn't, and how we can further CISAC's teaching mission both here at Stanford and around the world,” Zegart said.

MANILA, Philippines – When Victor Corpus was an idealistic young military officer, he turned on his country to join the communist New People’s Army. He headed for the mountains and would face years of armed struggle, imprisonment and then a sentence to death.

What made the highly trained Philippine Army first lieutenant lead a bold raid to capture the weapons from his own armory at the Philippine Military Academy – one that would go on to make him a living legend and lead to a movie about his life?

“It was my realization that our society at that time was structured like a pyramid, where the wealth of the nation is controlled by about 100 families on top, where less than 1 percent of the population controls everything,” recalls Corpus, who is now 70.

When the Army ordered the 26-year-old officer and his soldiers to train the private militia of a wealthy warlord in the northern Philippines, a trigger was pulled.

“If you are a member of the Armed Forces and you realize that you are just being used as an instrument of the elite, to preserve and protect their interests, it makes you want to rise up and fight for what you believe are the true interests of the people,” he said.

“That is what made me go to the rebel side.”

Image

It’s still a factor that makes young Filipino men and women pick up arms today: The gap between rich and poor, the government corruption, the dynasties that still rule the impoverished countryside.

The 9/11 terrorist attacks reinforced the U.S. commitment to build the capacity of the Philippine military to prevent their country from becoming a haven for extremists who might use the country to stage and plot another attack against United States’ interests.  

Felter helped the Philippine Army Special Operations Command (SOCOM) set up the country’s first counterterrorist unit. That elite Light Reaction Battalion has now been expanded to a regiment of 1,500 soldiers. Felter traveled to the Philippines in February to receive a medal in honor of his work in establishing this force.

His work with the Armed Forces of the Philippines (AFP) as a military attaché, and dozens of trips back since, allowed him to get behind the scenes and make friends in the military and government. Those close relationships provided him unprecedented access to thousands of sensitive documents chronicling in micro-level detail the history of Philippine military and government efforts to combat insurgency and terrorism in the field.

“All counterinsurgency is local,” says Felter. “You need to study it at the local level to really understand it. And the Philippines is like a Petri dish for studying both insurgency and counterinsurgency because you have multiple, long-running insurgencies, each with distinct characteristics, and with an array of government and military responses to address these threats over time.”

Felter was in the Philippines in 2004 conducting field research as part of his Stanford Ph.D. dissertation when he was first able to gain access to what would become a trove of detailed incident-level data on insurgency and counterinsurgency in this conflict prone country. After bringing back the data and meeting with his faculty advisors – Stanford political science professors David Laitin and James Fearon – he realized the extensive incident-level data could be coded in a manner that would make it a tremendous resource for scholars studying civil wars, insurgencies and other forms of politically motivated violence.

“This comprehensive conflict dataset, when it becomes public later this year, is going to be the Holy Grail of  micro-level conflict data,” Felter says. “It promises to be an unprecedented resource for scholars and policy analysts studying the foundations and dynamics of conflict. It has the potential to drive a significant number of publications, reports and analyses, and enable conflict researchers to develop insights and test theories that they would not have been able to do before.”

They also hope to help journalists do a better job of analyzing conflict.

Jim Gomez, the AP’s chief correspondent in the Philippines, says there is little access to detailed data about the conflicts he has been covering for two decades.

“There is a natural contradiction between military, police, intelligence and other security agencies which, by nature, operate in secrecy,” says Gomez, who has been on the front lines of many battles in his homeland. “The database is one step toward satisfying the need of journalists to be able to write stories with more accurate and in-depth detail and context. It allows for better comparative analysis and can give insights to emerging patterns like those found in the southern Philippines. Better access to information, to my mind, is always a boon to better security policies.”

CISAC Senior Research Scholar Joe Felter awaits a pledge of honor by the Philippines Armed Forces.

Felter coordinated with senior leaders in the Armed Forces of the Philippines to gain approval to access and code the unclassified details from tens of thousands of individual conflict episodes reported by Philippine military units in the field dating back to 1975. Most of data were gleaned from the original hand-typed records maintained by the Philippine Army. Felter worked with contacts in the Philippine military to build a team of military and civilian coders to scan and input data from the only existing copies of these original incident reports.

In 2009 – while a National Security Affairs Fellow at the Hoover Institution prior to his final deployment in Afghanistan – Felter invited his colleague, Navy veteran Jake Shapiro, an assistant professor of politics and international affairs at Princeton University, to join him as ESOC’s co-director. Shapiro and Felter were graduate school classmates and worked together at West Point’s Combating Terrorism Center where the vision for ESOC was first articulated. Felter and Shapiro formally established the Empirical Studies of Conflict (ESOC) project and began to build comprehensive databases on multiple political conflict cases around the world.

Eli Berman, a veteran of the Israeli Defense Forces, joined the team soon after. Today he is research director for international security studies at University of California Institute on Global Conflict and Cooperation and professor of economics at UC San Diego.

“I'm fascinated by how economic development is best achieved in places where property and people are insecure. Unfortunately, that's true of many Philippines communities,” Berman said. “Joe is the perfect partner for that research. He brings insights that come from years of thoughtful experience and local knowledge. The team he has assembled and the data they bring are a joy to work with.”

Image

ESOC members also include David Laitin, James Fearon and Jeremy Weinstein, all from Stanford’s political science department, as well as affiliates and a growing cadre of current and former post-doctoral fellows.

The Empirical Studies of Conflict Project website was launched last year. It highlights some of the key initial findings from ongoing data collection efforts in the Philippines as well as Afghanistan, Colombia, Iraq, Mexico, Pakistan and Vietnam. The site includes geospatial and tabular data as well as thousands of documents, archives and interviews. Ultimately, nearly all of the releasable data Felter is compiling on the Philippines case will be made available via the ESOC website. The non-digitize materials such as hardcopy records and taped interviews will be housed in the Hoover Institution’s Library and Archives.

“This will be the gold standard for micro-level conflict data. The planets aligned for us in many cases,” Felter said. The team also has had unprecedented access to data sources in Iraq and to some degree from Afghanistan, Columbia, and Mexico.

“What’s unique about ESOC is that we’re trying hard to make it easier for others to study conflict by pulling together everything we can on the conflicts we’ve studied,” says Shapiro. “On Iraq, for example, the ESOC website provides data on conflict outcomes, politics, and demographics, in addition to maps, links to other useful information sources, and all the files ESOC members have used in their research on Iraq.”

Shapiro says researchers working for the Canadian Armed Forces, the World Bank and the U.S. military have already turned to ESOC as a resource for data on Iraq “because it’s so useful to have everything in one place.”

The West Point Connection

Many of these documents, some dating back to 1975, were withering in the heat and humidity of an old building at army headquarters before Felter and his Philippine military team arrived to scan and record them.

Felter’s chief Filipino partner in compiling and analyzing the data is another West Point grad, Lt. Col. Dennis Eclarin, an Army Scout Ranger commander who led many of the counterinsurgency missions that he would later come to analyze. Eclarin conducted 1,500 hours of videotaped interviews with rebels who gave up their arms and surrendered.

Eclarin recalls being a lieutenant fresh out of West Point and negotiating the surrender of 20 communist rebels.

“I got the chance to interview the rebel commander of this very elite group, against whom I had been fighting in 2000, and when I interviewed him he said: `You know what? If you had just given us one water buffalo each, we would not have been fighting you, we would have just gone out and tilled our land,’” Eclarin recalls.

He would go on to interview hundreds of rebels and their commanders, such as the Islamic militant chief who talked tactics with him, then revealed that his greatest tool was his men’s belief that Allah was waiting for them on the other side.

There was the Roman Catholic nun who was running guns and money for the communists and the young college freshman recruited with the promise of $40 a month to support her family.
Eclarin heads up the team of coders supporting ESOC in the Philippines. Erwin Agustin, a Staff Sergeant in the Scout Rangers, does data entry – when he’s not out fighting rebels.

“The interviews and the coding has changed me – and it’s changed the perception of the Armed Forces, too,” Eclarin says. “We just appreciate data; we see it in a new light. We were just thinking short term, but the data allows us to look long-term and more strategically. Where are the hot zones we must avoid? What time of day are they likely to attack?”

Eclarin heads up the team of coders supporting ESOC in the Philippines. Erwin Agustin, a Staff Sergeant in the Scout Rangers, does data entry – when he’s not out fighting rebels.

“One time I was coding and was amazed to see the records of some of our comrades who had been ambushed and killed,” Agustin says. “Being a member of the Scout Rangers and seeing those who are missing – you hurt. But you must push through because you’re giving them a voice. They gave their lives for the Army, they sacrificed their lives for their families – and we are going to give them a voice.”

Erwin Olario, a civilian and the lead coder of Eclarin’s team, says the data is agnostic.

“We don’t take sides; we’re not out to prove anything. But, hey, if we could possibly contribute to bringing about peace one day – that would be something.”

The coders are now doubling back over the dataset from 1975 to 2012, to make sure it’s accurate and cleaned of classified details before it goes public. The data are the basis for two of Felter’s ongoing book projects and multiple journal articles, including a recent article in the American Economic Review entitled, “Aid Under Fire: Development Projects and Civil Conflict.”

Denis Eclarin and Joe Felter at a military ceremony outside Manila on Feb. 8, 2014. ©John Tronco



Image

Development and Civil Conflict

Another of Felter’s longtime Filipina friends is Corazon “Dinky” Soliman, cabinet secretary for the Philippine government’s Department of Social Welfare and Development. They go back to 1997, when the two were classmates working on their master’s in public administration at the Harvard Kennedy School of Government.

The two caught up on classmate gossip during a recent meeting in her Manila office. She was on a rare break from her work in the south, where Typhoon Haiyan had claimed more than 6,200 lives in November.

Soliman tells Felter she used a study based on ESOC data to help demonstrate the efficacy of her department’s conditional cash transfer (CCT) program. This flagship development program attempts to reduce poverty by giving cash to families falling under poverty thresholds, conditional on enrolling kids in school and getting them regular medical checkups and vaccines.

Soliman and her staff used the study conducted by Felter – and Benjamin Crost at the University of Illinois and Patrick B. Johnston at the RAND Corporation – in which they took an existing World Bank experiment in the Philippines that separated villages into those that would receive the cash transfers and those that would not. The scholars incorporated measures of violence from the ESOC data to estimate the effect of the CCT program on conflict intensity. They found cash transfers caused a substantial decrease in conflict-related incidents and, using their data on local insurgent influence, they determined the program significantly reduced insurgent influence in the villages that received the cash transfers compared with those that did not.

“Your results were very, very important and it had such a strong impact with the legislators, and in particular the budget, because they saw the program is not just about education and health,” Corazon tells Felter. “They saw it even has impact on peace and security.”

“That’s just great,” Felter says. “That’s what motivates our team to engage in this type of work and really what you want to hear. It’s such a privilege for us to support you in this capacity.”

A Rebel’s Redemption

Felter led the Counterinsurgency Advisory and Assistance Team (CAAT) in Afghanistan, reporting directly to Gens. Stanley McChrystal and David Petaeus, before becoming a senior research scholar at CISAC and retiring from the military in 2012.

While he misses his time on active duty and the sense of purpose that comes with serving in combat, he believes his ESOC research will make a difference and have an impact in stabilizing conflict areas and setting conditions for development and governance efforts to be effective.

“In the last decade, the United States and the international community have devoted tens of billions of dollars towards rebuilding social and political order in troubled countries,” Shapiro says. “Thousands of families today are mourning loved ones lost in those efforts. ESOC is devoted to learning from that experience, and to making it easier for others to do so as well, so that we can all do a better job helping such places in the future.”

Traveling back to the Philippines often to meet with Eclarin and his coders keeps him tied to the men and women who are on the ground. And close to old colleagues such as Corpus, who was pardoned by President Corazon Aquino and went on to become the nation’s head of intelligence.

“Here’s the irony: The intelligence service was one of the organizations that was running after me, and then I was eventually assigned to head this very organization. Only in the Philippines,” says Corpus, whose counterinsurgency plan drafted in 1989 was hugely successful.

The communist New People’s Army is estimated to have approximately 5,000 rebels today, down from its high of 26,000 in the mid-1980s. And the government signed a hard-sought peace deal with the Moro Islamic Liberation Front in last spring, which grants the Muslim areas of the southern Mindanao region greater political autonomy.

Still, many don’t believe the accord will hold and separatists from Moro National Liberation Front and the Abu Sayyef Group continue to threaten stability in the south.

“As long as the root forces remain – the income gap between the rich and the poor – there will always be rebellion,” says Corpus.

CISAC Consulting Professor Thomas Hegghammer writes in this Lawfare Foreign Policy Essay: Calculated Caliphate that the move by the Islamic State in Iraq and Syria (ISIS) to declare itself an Islamic State with a caliphate as its leader is a "bold and unprecedented" move.

Hegghammer, director of terrorism research at the Norwegian Defence Research Establishment and a leading scholar of the jihadist movement, explores the motivations, both strategic and ideological, behind the recent ISIS revelations in Iraq.

Jonathan Mayer's education path is unusual: He has earned a Stanford law degree while working on his Ph.D. in computer science. He did research with a fellow doctoral candidate to discredit NSA claims that sensitive information about American citizens cannot be gleaned in the "metadata" the spy agency gathers from millions of phone calls.

Law and computer science both have their codes, but they're disparate. Legal code is often fuzzy and qualitative. Computer code is precise and quantitative. Not surprisingly, law and computer science tend to attract different people. It's not that the twain shall never meet; it's just that they seldom do.

Mayer is the exception. He has received his law degree and is completing his PhD in computer science, both at Stanford. Along the way he has aimed his double-barreled expertise at the National Security Agency's practice of collecting various forms of electronic information, including telephone metadata of Americans: the phone number of every caller and recipient, the unique serial number of the phones involved, the time and duration of each phone call.

Working with fellow Stanford computer science doctoral candidate Patrick Mutchler, Mayer proved that the NSA was wrong when it claimed that its analysts could not tease detailed personal information from phone metadata searches.

"Phone numbers, as it turns out, aren't just phone numbers," said Mayer, who is also a cybersecurity fellow at the Center for International Security and Cooperation. "They're an avenue for finding out detailed information about individual citizens."

Aleecia McDonald, the director of privacy for the Center for Internet and Society at Stanford Law School, said Mayer's research irrefutably demonstrated that phone metadata is anything but trivial.

"The lovely thing about Jonathan's research is that it made the sensitivity of phone metadata concrete," McDonald said. "The country was told that phone metadata were not worth constitutional protection, and now Jonathan's research confirms otherwise."

McDonald said Mayer's research confirmed the sense of unease felt by many Americans, which could have ramifications beyond the current metadata debate.

"Mobile phones are basically tracking devices, but in addition to geographic data, Jonathan showed you can obtain rich information on daily lives and associations," she said. "This speaks directly to strongly protected privacy issues. No one is calling for stopping all surveillance, but these new dragnet programs essentially treat everyone as criminals and terrorists all the time. People are wondering if they can trust government on anything, and that's dangerous."

Mayer talks to CBS News about his metadata project

Mayer's ability to have significant public impact while still a young academic stems directly from his unusual combination of legal and computer acumen, according to John C. Mitchell, the Mary and Gordon Crary Family Professor in the School of Engineering and Stanford vice provost for online learning. Mitchell, who is Mayer's adviser, is a professor of computer science and, by courtesy, of electrical engineering.

"That ability to apply high technology to legal issues, to understand both fields so deeply – well, not many people have those skill sets," said Mitchell. "In fact, he seems one of a kind. We're lucky to have him working on these issues. I don't know anyone else who could do it."

Go 'geekward,' young man

Mayer traces his interest in computer science – his "geekward leanings," as he puts it – to his childhood in Chicago, where he logged a lot of time on his family's Apple IIGS computer. Once, when he received an elementary school writing assignment, he developed a web page instead. This was in the early stages of the World Wide Web, and his accomplishment engendered both respect and confusion.

As his facility with computers grew, he became increasingly interested in security issues. This was sometimes expressed in unorthodox – even mischievous – fashion. He couldn't help but hack.

One holiday, he recalled, he received a Radio Shack watch that had a TV remote control feature. After fiddling a bit, he discovered that by setting the frequency for a Sony TV, pointing his device at the infrared port on certain Apple computers and hitting channel change, he could force the computer to reboot.

"My school used those kinds of computers, so I spent quite a bit of time pushing channel change when kids were on the computers at school," Mayer said. "They were mystified. I have to admit it was fun, but it also got me thinking about computer vulnerabilities."

Computer science quickly became a focus for Mayer during his undergraduate studies at Princeton. But he also developed interests in public policy and politics – subjects that had previously struck him as dreary.

"They just seemed somewhat vapid and tedious," Mayer said. "But my roommates were intensely interested in policy and politics, and they gradually won me over. I saw that both are viable paths for implementing change, for getting real things done."

His faculty adviser, Princeton computer science and public affairs Professor Ed Felten, reinforced that. Mayer's senior thesis reflected the merging of his interests: It was about web privacy – balancing computer science research with law and policy issues.

Taking dual paths

After graduating from Princeton in 2009 with a degree in public policy, Mayer came directly to Stanford with the intention of becoming, as he tells it, the first student to simultaneously pursue a JD in law and a PhD in computer science (CS).

"I wasn't going to do law and policy lite or CS-lite," Mayer told the Stanford Daily in February. "I was going full in on both."

Among his successes on the legal front: He was recently asked to teach a class at Stanford Law. The seminar explores the legal ramifications of security and privacy in the technology sector, emphasizing "areas of law that are frequently invoked, hotly contested or ripe for reform," according to the course overview.

He finds his new instructor role rewarding: "I get a kick out of the fact that I'm an engineer teaching law at Stanford."

His legal accomplishments notwithstanding, Mayer's computer science efforts – particularly his metadata research – have made more of a public splash. And as so often happens at Stanford, it all started with a conversation among peers.

"Patrick [Mutchler] and I were talking with our adviser [Mitchell] shortly after the Edward Snowden revelations," Mayer recalled. "We were really intrigued by the NSA's programs, especially all the claims and counterclaims about phone metadata. There was a lot of conjecture at that point but very little scientific clarity. So we thought we'd try to bring some focus to bear."

But Mayer and Mutchler found it difficult to acquire the metadata. While the NSA could harvest it directly from telecommunications companies, the Stanford doctoral students had to solicit phone records from the public.

"We realized we might be able to get metadata voluntarily through crowdsourcing," Mayer said. "So we posted an explanation on a Stanford website and provided an Android app that allowed people to send us their data. Crowdsourcing is a pretty risky basis for research, of course, because you never know what you're going to get. We would've been very happy with 100 responses – instead, we got about 500, and we were off to the races."

Metadata was revealing

Again, this innovative tactic took root in the confluence of legal and computing expertise.

"Building and distributing the app was within the capabilities of many computer experts, but its application was very clever," Mitchell said. "The rationale was: 'We would like to see what the NSA sees, but we don't want to behave like the NSA. So how do we do that?' Seeking volunteers willing to provide their phone data and devising and distributing the app was an extremely creative, sophisticated – and effective—approach."

In the course of their analysis, Mayer and Mutchler derived many revealing inferences from the metadata that show who called whom, when, from where to where and how often. For example, they could determine where the subjects lived and worked, and could see some intimation of relationships between the volunteers.

In some cases, the researchers were able to identify who was dating whom. One volunteer contacted a pharmaceutical hotline for multiple sclerosis patients, a management service for rare medical conditions, a specialty pharmacy and several neurology medical groups. Another called several locksmiths, a hydroponics dealer, a head shop and a home improvement store.

Those findings, Mayer drily observed, debunked the NSA's original assertions that phone metadata were impenetrable.

"It gave us pause," he said. "It was pretty clear that we could tease out more sensitive information with some elbow grease."

The findings have caused headaches for the NSA, and Mayer sees waning support for the agency's aggressive pursuit of private information. A number of high-profile cases on metadata are either pending or wending their way through the courts, and the entire program is up for renewal, or cancellation, in 2015. In May, the U.S. House of Representatives passed legislation to halt the National Security Agency's wholesale collection of domestic phone records. Sen. Dianne Feinstein, the chairwoman of the U.S. Senate's intelligence committee, signaled she is amenable to supporting a companion bill.

What's Next?

Mayer, who has received his JD and recently passed the California Bar Exam, expects to complete his computer science PhD in 2015. And after that?

"I would like to go to Washington, to try to bring technical rigor to federal policy," Mayer said, "though I'm aware there's always the danger of sinking into the political morass in that town. I'm working on a start-up NGO that I hope can bridge D.C. and Silicon Valley. In the interim, I just enjoy teaching at the law school."

Glen Martin is a former San Francisco Chronicle reporter based in Santa Rosa, Calif.