Illegal Spying on Hackers

I’m going to have plenty to say on Shane Harris’ story revealing that the NSA used hackers and foreign cyberhacks as their excuse for illegally accessing customer data prior to 9/11. First, though, I’d like to remind readers of this earlier Shane Harris story (with Tim Naftali)–to my mind the best reporting on this topic outside of the Risen-Lichtblau early scoop.

A former telecom executive told us that efforts to obtain call detailsgo back to early 2001, predating the 9/11 attacks and the president’snow celebrated secret executive order. The source, who asked not to beidentified so as not to out his former company, reports that the NSAapproached U.S. carriers and asked for their cooperation in a"data-mining" operation, which might eventually cull "millions" ofindividual calls and e-mails.

In other words, nearly two years ago, Harris (with Naftali) quoted a telecom executive saying that something had gone on earlier than 9/11. And now, he’s providing details about Qwest’s refusal to cooperate.

The Rationale

So, returning to this story after Nacchio’s appeal has raised a lot of questions about the earlier request, Harris reveals the rationale the Administration offered for its earlier data mining.

However, in February 2001, the NSA’s primary purpose in seeking accessto Qwest’s network apparently was not to search for terrorists but towatch for computer hackers and foreign-government forces trying topenetrate and compromise U.S. government information systems,particularly within the Defense Department, sources said. Governmentofficials have long feared a "digital Pearl Harbor" if intruders wereto seize control of these systems or other key U.S. infrastructuresthrough the Internet.

[snip]

[former NSA Director] Minihan singled out Russia and China; the latter, he said, had alreadyincorporated cyber-warfare into its military training. He also pointedto the emergence of "transnational security challenges," includingterrorism, drug trafficking, and international organized crime. "Theseopportunists, enabled by the explosion of technology and theavailability of inexpensive, secure means of communication, pose asignificant threat to the interests of the United States and itsallies," Minihan said.

Harris also gives a general sense of how the program was justified as legal.

A former senior NSA official said that the agency also worried thatbecause these groups understood privacy laws so well, they knew how toavoid detection and could predict what the NSA would, and wouldn’t, doto track them. "There was such a nuanced understanding of how to tie usin knots and use American law against us, that there were certainlypockets of people saying, ‘We’ve got to be assertive; we’ve got to bemore aggressive on this,’ " the former official said.

Hayden, who ran the NSA from 1999 to 2005, was well known forhis willingness to push operations to the legal edge. "We’re prettyaggressive within the law," Hayden said in public remarks after 9/11. "As a professional, I’m troubled if I’m not using the full authority allowed by law."

Hayden has repeated that refrain since the attacks. But formerintelligence officials doubted that he would have authorized anyrequest to Qwest, or other companies, that he believed violated thelaw. They noted, however, that many in the agency had long thought thatmonitoring "metadata," such as a phone number, the length of a call, ora series of calls placed from a particular phone, didn’t implicateprivacy because such information didn’t constitute the "content" of amessage — its written or spoken words. [my emphasis]

This excuse sounds precisely like public denials about the program Hayden made after the NYT revealed the problem with the program involved data mining (this quote is a riff on a Glenn Greenwald quote).

In January, 2006, Gen. Michael Hayden — the NSA Director during theimplementation of the "TSP" and the current CIA Director — gave apress briefing at the National Press Club in which he emphatically denied that the NSA had been engaging in the type of "data mining" which this morning’s articles describe. During his opening remarks, Hayden said:

Let me talk for a few minutes also about what this program is not. It is not a driftnet over Dearborn or Lackawanna or Freemont grabbingconversations that we then sort out by these alleged keyword searchesor data-mining tools or other devices that so-called experts keeptalking about.

This is targeted and focused. This is not about interceptingconversations between people in the United States. This is hot pursuitof communications entering or leaving America involving someone webelieve is associated with al Qaeda.

Hethen made clear that the NSA could not and would not engage in suchdata mining because of the "ethical" and "practical" considerationsinvolved:QUESTION: Are you spying on or intercepting ourcommunications, e-mails and telephone conversations of those of us whoare organizing The World Can’t Wait to Drive Out the Bush Regime?

GEN. HAYDEN: You know, I tried to make this as clear as I couldin prepared remarks. I said this isn’t a drift net, all right? I said we’re not there sucking up coms and then using some of these magically alleged keyword searches — "Did he say ‘jihad’?

[bold Glenn’s; italics mine]

In other words, faced with the anonymous description that the problem with the warrantless wiretap program had to do with data mining, Hayden neatly parsed that it couldn’t be data mining because they didn’t "[suck] up coms and then [use] some of those magically alleged keyword searches." Hayden denied that they had mined content, but he stopped well short of saying that they hadn’t mined metadata.

Which strongly suggests that Michael Hayden was well aware that the NSA was mining metadata, long before 9/11.

image_print
  1. P J Evans says:

    nitpick:
    The quote about Gates’s office network being hacked is in there twice.

    I don’t know how much of what data they’re pulling in now, but I’m assuming they know who I call and what I buy and where I go online.

  2. P J Evans says:

    I thought that was what you’d intended -copy-and-paste sometimes doesn’t copy when you want, and the wrong thing pastes.

    I’d say the Pentagon needs better firewalls.

  3. Darclay says:

    Glad you are back, hope you had a great time.
    Could you give us your take on the House impeachment bill(privilege)

  4. Jodi says:

    emptywheel,

    don’t you think that the term â€illegal spying on hackers†is somewhat of a oxymoron?

  5. earlofhuntingdon says:

    February 2001, by the way, was within days of the start of the Bush administration. No doubt, Cheney’s paranoia, nurtured since he was a working stiff in Nixon’s White House, played a part in wanting access to everyone’s communications. No doubt, he observed the impact of Hoover’s FBI files on formal and informal â€political discourseâ€. [I also note the irony of throwing dead pigeons at Google for giving data to the Chinese govt when any number of telecoms have given as much or more data to the USG.]

    As for defending USG computers, one would think that would start with the best firewalls money could buy, the best monitoring and detection s/w, the best virtual and physical security protocols, etc. But note how many computers and reams of data have gone missing during Shrub’s tenure, which suggests that computer security was not the highest of priorities.

    Listening in on hackers offshore seems useful, but unrelated to copying entire data streams from ISP’s and telecoms.

    As for protecting against hacks from China and Russia, that argumetn is so 1980’s. Any company of substance is offshoring its IT and DP, much of it to China and India. Even if you’ve managed to keep your data service provider onshore, they almost certainly offshore. Any company of substance now has operations in China, and those operations interact constantly with other int’l operations of the same company. They frequently interact with customers, suppliers, etc. All by computerized telecoms equipment.

    Every computer system, fax, phone, satellite link, etc., in China is subject to being listened in on by the government. The government also has key personnel hired into targets of interest, such as major investors and those who might compete with major Chinese companies. That includes the Chinese army, which has its finger in a large plurality of companies and industries.

    That doesn’t mean everything is listened in on all the time. Just targets of interest. If an automotive research center in Shanghai has an interesting project whose data would benefit the government, for example, I would not bet the farm on the security of that data. So Cheney listening in on phone calls routed through SFO wouldn’t have much impact on securing anything other than his backside, or exposing those of his targets of interest.

  6. Ken Muldrew says:

    I know it’s a stretch to think that these guys might rely on a careful parsing of their words, but it could be that the denial of â€data mining†means only that they are not doing statistical analysis with no underlying model. For instance, they may be using other studies of network traffic to generate models, maybe even tens of thousands of other models, and then performing statistical analyses on the telecom data using those specific models. With close parsing, that’s not data mining. It’s illegal as hell, but it’s not mining.

  7. earlofhuntingdon says:

    I think that parsing of words is exactly what Cheney and others are counting on to stay out of jail and, more importantly, as a bulwark to avoid disclosing what they did, which would have political consequences far removed from how much jail time Big Dick does with Bubba.

  8. William Ockham says:

    I don’t have time to write a full-fledged analysis of the NJ article, but there are a few important things I want to point out. First, the lede is buried:

    Another source, a former high-ranking intelligence official, said that other companies, both before and after 9/11, had less of a problem complying with government requests if they were accompanied by a legal order. The ex-official added that some companies were willing to offer data and to assist the government â€as necessary†on a voluntary basis, without a court order.

    I think we know why the telecoms need amnesty.

    Also, the article confuses which programs were the result of the two different missions of the NSA (spying and counterspying). You don’t rebuild Echelon to fight hackers. You rebuild Echelon to spy on your enemies. Go read up on the NSA’s 2001 transition plan and you will have a better idea how this all fits together.

    I’ll be back later with more. I have to run off to a meeting now. I spent last week at the Borg collective in Redmond and am still catching up on my work at the office.

  9. radiofreewill says:

    The signal-splitting/hacker-watching angle in this story is very reminiscent of the storyline in the excellent, true story told in â€The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage†by Clifford Stoll (1990) – when hackers were called ’crackers’:

    http://en.wikipedia.org/wiki/The_Cuckoo’s_Egg_(book)

    Over the next ten months, Stoll spent a great deal of time and effort tracing the cracker’s origin. He saw that the cracker was using a 1200 baud connection and realized that the intrusion was coming through a telephone modem connection. Over the course of a long weekend he rounded up fifty terminals (mostly by â€borrowing†them from the desks of co-workers away for the weekend) and teletype printers and physically attached them to the fifty incoming phone lines. When the cracker dialed in that weekend, Stoll located the phone line, which was coming from the Tymnet routing service. With the help of Tymnet, he eventually tracked the intrusion to a call center at MITRE, a defense contractor in McLean, Virginia.

    Stoll returned his â€borrowed†terminals and left a teletype printer attached to the intrusion line; that way he could see and record everything the cracker did (this took place in 1986, so the cracker was using the command line via telnet.) He took notes as the cracker sought, and sometimes gained, unauthorized access to military bases around the United States, looking for files that contained words such as â€nuclear†or â€SDIâ€. The cracker also copied password files (in order to make dictionary attacks) and set up Trojan horses to find passwords. Stoll was amazed that on many of these high-security sites the cracker could easily guess passwords, since many system administrators never bothered to change the passwords from their factory defaults. Even on Army bases the cracker was sometimes able to log in as â€guest†with no password.

    Over the course of this investigation, Stoll contacted various agents at the FBI, CIA, NSA, and Air Force OSI. Since this was almost the first documented case of cracking (Stoll seems to have been the first to keep a daily log book of the cracker’s activity) there was some confusion as to jurisdiction and a general reluctance to share information (Stoll quotes an NSA agent as saying, â€We listen, we don’t talkâ€).

    —

  10. dead last says:

    â€Government officials have long feared a â€digital Pearl Harbor†if intruders were to seize control of these systems or other key U.S. infrastructures through the Internet.â€

    If this is the case, why do they allow Washington Mutual, Citibank, and most other banks (reportedly not BofA) to outsource to India back office operations including data storage and retrival? Because we trust their word they will protect the data OR the free market will decide if a company is adequately safeguarding thier customers’ data?

  11. emptywheel says:

    WO

    Yes, I was going to return to that â€voluntary.†I think the reasonable Dems who voted for amnesty in SSCI did so knowing that wasn’t all of it. But at the same time, unless I’m mistaken (and I haven’t reviewed the cases to be sure), all but two of the lawsuits are so general they don’t and won’t get to the voluntary pre-9/11 and the AG requested post-9/11 distinction. So the judge will be hard-pressed not throwing everything out in any case.

    When you come back, I hope you say more about Echelon. I knew the article didn’t sound right, there, but wasn’t quite sure how it was wrong.

  12. earlofhuntingdon says:

    The â€free market†will never know if most companies adequately protect their data, which rather guts the â€free market’s†ability to act as a check and balance on poor service providers, including the US Government, whose ability to protect Social Security and VA records, in particular, is abysmal.

    A vast amount, possibly the bulk, of US data resides offshore. It’s not just IT service providers, and their subcontractors and consultants; it includes companies ranging from American Express to General Motors to the Cleveland Clinic to NW coast insurance providers.

    Persons holding data offshore, regardless of other rules that may apply to the data, such as EU data protection rules, must also comply with the often conflicting demands (and machinations) of local governments. India is apparently less intrusive but China, but that’s unproven. That’s what makes the â€data security†argument by the administration so laughable.

  13. JohnLopresti says:

    WashingtonPo and other outlets are mentioning the now staid reference technician of some repute in the Hepting matter in the context of the FISA rewrite SJC ostensibly is reviewing today, though it is after 5:00 p.m. I used to have the coordinates of his consultancy website, but within time constraints unable to locate. This diverges somewhat from the hacker whitehat efforts which were virulent pre millenia y2k, and is far from what affectionately are called script kiddies, a subdemographic which emerged in the jocund jargon of the trade about mid90s ff. In modern parlance hacker has taken on a pejorative and pernicious overtone. But as one winds back the timemachine more than two decades the air of opprobrium evanesces and the flavor emerges more like the moniker of that now fairly mundane discussion board arstechnica, i.e., code as art. In those times a shift of university presidents at a silicon valley venue included some bandying about of the handle hacker as denotative of creativity, as the incoming top official described his own youthful code ’hacks’. There was a recent article about a Google data dump to China which abetted some sociopolitical engineering, though I have yet to rediscover where that article was; maybe when MFN status argument again is at the fore in our trade policy review I will find that.

  14. Anonymous says:

    In honor of Emptywheel’s superb postings on this topic and and of Senator Chris Dodd’s unflagging courage and patriotism in standing up for US, a new poll at The Poll Vault:

    â€Should the Congress give Telecoms retroactive immunity for warrantless eavesdropping?â€

  15. Hmmm. says:

    Not to detract from the importance of the metadata mining story, which EW is doing a downright fine job of analyzing. But I do notice that a careful parsing of Hayden’s wording (â€Let me talk for a few minutes also about what this program is not,†… â€â€¦that we then sort out by these alleged keyword searches or data-mining tools or other devices that so-called experts keep talking about†[my bold]) indicates he’s not saying (1) that they don’t do exactly the same thing under other programs, nor (2) that entities other than â€we†— private sector contractors, for example — don’t do exactly the same thing under this same program. So the existence of full-content (phone conversation recordings, email full contents) data mining per se is not ruled out by these statements.

    Although I admit that if it were actually happening, it’s hard to imagine why he’d feel the need to work the semantics so tortuously hard just to avoid technically lying about it.

  16. emptywheel says:

    Hmmm

    Good point. Will keep that in mind. After all, at least a few of the stories on this have said the telecoms were just asked to do what they already do–the kind of analysis on us they get to do in the course of doing business.

  17. Anonymous says:

    Under historical Constitutional and criminal law analysis under the Fourth Amendment, it should not matter that â€private sector contractors†did the nefarious activity instead of the government itself. The problem arises with the government accumulating, storing and using information inappropriately obtained. If it is done at the request of the government, it is presumed to be government activity so if this is what Hayden and the Bush Administration is relying on, they are in a world of hurt. And where, like here, it is a designed scheme and artifice to skirt the bounds of Constitutionality, the presumption of governmental activity effectively becomes an assumption. They simply do not get to break the law by blithely having someone private do it for them; instead, the person (company) doing their bidding becomes their agent in fact, and it is still the government doing it.

  18. Mary says:

    EW – I don’t know how they do NPR interviews, but I caught what was probably only about 3 or so of the last minutes of an interview today with the ATT whistleblower, Klein and pulled it up just in time to hear him talk about some of the equipment in the splitoff room. He mentioned one piece of equipment (I was grabbing for my cell that was ringing and cant tell you the name of it) and said something like, â€look, it is not equipment you use for metadata searches, it is used to search content†and seemed to be making the point that, while he had reservations about what they could/couldn’t do legally with metadata, he was quite confident that they were not limiting themselves to metadata.

    He also mentioned that he had stayed quiet for awhile bc of the power of what was aligned together, GOV and a huge corp, and he was hoping to see if there were any possible allies, so the NYT story (how long was it that they sat on that story???) was a big factor in him coming forward.

    Just think if anyone had cared enough about the law in 2004 when all the confrontations were taking place to have made sure the story was made known before the elections.

    They should look at the names and faces of the dead – American, Afghan and Iraqi, and memorize them, because they have some very real share in each death, each maiming, each scream of pain.

  19. William Ockham says:

    The reference to Echelon is particularly telling. Echelon was aimed primarily at satellite-carried phone conversations. We (the DFH crowd from the 70’s and 80’s) always suspected that the U.S. provided all the technical equipment to the other major English-speaking countries in return for them doing the spying on Americans that the NSA was legally prohibited from doing. A private Echelon would be a pretty good description of what Mr. Klein hooked up at the AT&T San Francisco switching center. He installed a fiber optic splitter to feed a real-time copy of all traffic flowing through the AT&T West Coast network operations center to the NSA. The NSA needed Qwest to do the same thing in Europe, the Middle East and South America (not to mention the Qwest network inside the U.S.).

  20. pdaly says:

    Mary, I missed the interview but Klein has mentioned in his Wired.com interview that the Narus STA 6400 was the equipment he spotted as peculiar in AT&T’s cabinet.

    Here’s a rather long post. Check out the dates at the bottom. Something does not add up with respect to the Qwest completion dates in the AT&T listening room.

    According to a January 2006 article about the Electronic Frontier Foundation’s suit of AT&T, the “Hawkeye†database and the “Daytona†software were key for sifting the data:

    â€One of AT&T’s databases, known as â€Hawkeye,†contains 312 terabytes of data detailing nearly every telephone communication on AT&T’s domestic network since 2001, according to the complaint. The suit also alleges that AT&T allowed the NSA to use the company’s powerful Daytona database-management software to quickly search this and other communication databases.
    http://www.wired.com/science/d…..6/01/70126

    HOWEVER, from Klein’s April 06, 2006 interview in Wired.com, Klein singles out the “Narus STA 6400†as the extraordinary machinery in the NSA listening room
    http://www.wired.com/science/d…..6/04/70621

    “In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco — actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public’s phone calls are routed. I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room. The regular technician work force was not allowed in the room.

    In October 2003, the company transferred me to the San Francisco building to oversee the Worldnet Internet room, which included large routers, racks of modems for customers’ dial-in services, and other equipment. I was responsible for troubleshooting problems on the fiber optic circuits and installing new circuits.
    While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet circuits by splitting off a portion of the light signal. I saw this in a design document available to me, entitled â€Study Group 3, LGX/Splitter Wiring, San Francisco†dated Dec. 10, 2002. I also saw design documents dated Jan. 13, 2004 and Jan. 24, 2003, which instructed technicians on connecting some of the already in-service circuits to the â€splitter†cabinet, which diverts some of the light signal to the secret room. The circuits listed were the Peering Links, which connect Worldnet with other networks and hence the whole country, as well as the rest of the world.

    One of the documents listed the equipment installed in the secret room, and this list included a Narus STA 6400, which is a â€Semantic Traffic Analyzerâ€. The Narus STA technology is known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets. The company’s advertising boasts that its technology â€captures comprehensive customer usage data … and transforms it into actionable information…. (It) provides complete visibility for all internet applications.â€

    See the Klein exhibits at the Electronic Frontier Foundation website
    http://www.eff.org/cases/att/a…..n-exhibits

    “Narus STA 6400†is listed as part of Exhibit C on page 16 of 22
    “Study Group 3 LGX/Splitter wiring/San Francisco
    (Issue 1, 12/10/2002)

    Then see page 9 of 22. “Figure 5†shows the “Arrangement 3- Circuit Connectivity-Cut Night Measurementsâ€
    (whatever that means!) –I presume it is part of the arrangement in the AT&T/NSA room.

    Possible interesting detail for emptywheel’s timeline,
    See page 11 of 22 of the EFF klein exhibits.
    Notice how Qwest is only 5th priority for circuit engineering, but that its “complete date ACTUAL†occurs sooner than not only the “complete date Requested†but also the â€Change order Issue date.†It is the only telco with this strange timeline.
    Is it a typo? Or is AT&T psychic?

    Circuit Engineering…
    Priority Change order Issue date, Complete date Requested, Complete date Actual
    1. ConXion 01/22/2004, 01/31/2003, 01/22/2003
    2. Verio 01/23/2003, 01/31/2003, 01/22/2003
    3. XO 01/23/2003, 01/31/2003, 01/23/2003
    4. Genuity 01/23/2003, 01/31/2003, 01/23/2003
    5. Qwest 01/30/2003, 02/07/2003, 01/23/2003
    .
    .
    .
    then check out 9. Global Crossing (now defunct satellite network) ? ? ? ?

  21. pdaly says:

    clarification: â€It is the only telco with this strange timelineâ€=> by this I mean of the first 5 telcos listed in the document. Timelines for Priorities 6-8 are like Qwest (which is priority 5).

    Maybe Klein could enlighten us about the meanings of the columns.

  22. Rayne says:

    Have been stewing angrily about all this today re: domestic spying via telcos, after reading this morning that Republicans (including Hastert) are asking for scrutiny of Google’s advertising and search algorithms because of their potential to abuse consumers’ privacy.

    Dawned on me that the problem is NOT the privacy breach. The problem is:
    – Google may be able to replicate or surpass what the government was doing;
    – Google won’t share it with the government;
    – Google, as a supporter of open source, will share it widely with the public where not proprietary.

    And the government will use a willing tool, a certain threatened company from Washington State, as the argument by which they will threaten Google for not playing along, rolling over and playing dead.

    —-

    Jodi: stop. Just stop. You do not have a clue what you are talking about.

  23. Mary says:

    pdaly – interesting stuff, thank you.

    Circuit Engineering…
    Priority Change order Issue date, Complete date Requested, Complete date Actual
    1. ConXion 01/22/2004, 01/31/2003, 01/22/2003
    2. Verio 01/23/2003, 01/31/2003, 01/22/2003
    3. XO 01/23/2003, 01/31/2003, 01/23/2003
    4. Genuity 01/23/2003, 01/31/2003, 01/23/2003
    5. Qwest 01/30/2003, 02/07/2003, 01/23/2003
    .

    So did they just go ahead and change Qwest’s and later someone managed to inviegle a change order and completion date request to paper over the changes already done?

  24. pdaly says:

    Mary, that was my thought, too. But since the NSA was pestering Qwest and Nacchio in 2001 (and saying that the other telcos were already cooperating) I wonder if this cabinet was the first iteration or a revision, next generation, etc.

    BTW, I see I introduced a typo in the â€Verio†data. The Complete date Actual for Verio (Verizon I assume) was 01/23/2003 and not 01/22/2003 as I wrote earlier

    Here’s the correct table reposted (I should have printed out the exhibit from the EFF website instead of tilting my head to the right to read it online)

    Circuit Engineering…
    Priority Change order Issue date, Complete date Requested, Complete date Actual
    1. ConXion 01/22/2004, 01/31/2003, 01/22/2003
    2. Verio 01/23/2003, 01/31/2003, 01/23/2003
    3. XO 01/23/2003, 01/31/2003, 01/23/2003
    4. Genuity 01/23/2003, 01/31/2003, 01/23/2003
    5. Qwest 01/30/2003, 02/07/2003, 01/23/2003
    .
    .
    I did not mention some other columns on the above form.
    Looks like the optical splitters were tested for each telco and then the individual splitter circuits went live on various days throughout February 2003, completed by 02/27/2003.

    Splitter PreTest date 02/04/2003 for Priorities 1-4, and 2/11/2003 for priority 5 (Qwest), etc.
    Splitter In Circuit date 2/6/2003 for Priorities 1-4, and 2/13/2003 for priority 5 (Qwest), etc.

  25. earlofhuntingdon says:

    I agree that the US govt’s pouncing on Google involves more than meets the eye. From a consumer’s perspective, they have built enormous marketing power and are certainly suspect on privacy issues. But none of that would bother this administration. It would be an ideal cover for retaliatory action for another perceived â€wrong†to Cheney’s government.

    Google has apparently cooperated with the Chinese, and presumably other, governments in providing them information. Ignore for a moment that every foreign investor is obligated to comply with its host government’s legal requests. Google’s actions would not in the least bother Cheney unless it was his camel’s nose, and its backside, that was not allowed in the tent, too.

    We all know that Cheney is even more reluctant [not] than J. Edgar Hoover to use any and all means at his disposal to intimidate or harass a perceived opponent. This is well worth following for what it might involve, not at all for what Cheney says it involves.

  26. Hugh says:

    Late to the party but just wished to agree that Hayden’s remarks should never be taken at face value. When he makes some surprising assertion that seems to go against the facts, he is almost always trading on some distinction that he hopes will go unnoticed or unchallenged. I remember recently in a Charlie Rose interview he claimed that the rate of renditions was higher under Clinton. But as someone pointed out to me, ordinary renditions (with host government approval) are not the same as extraordinary renditions (in violation of the host country’s laws).

  27. Jodi says:

    I have to repeat-

    â€don’t you think that the term â€illegal spying on hackers†is somewhat of a oxymoron?â€

  28. Mary says:

    Hugh – if we saw the same Rose interview (and I could only stand to watch a few minutes) you’ll have to tell me – were Hayden’s ticks and twitches non-stop or where they just in the parts I watched (where he was asked about harsh interrogation and said we had to use it waaaaaaaaaaaay before we got to the ticking time bomb stage).

    Hayden is also just a plain vanilla fibber who relies on the fact that torture isn’t torture if we say it isn’t and extraordinary renditions aren’t if we say they aren’t. I’m sure he would twitchily opine that Arar’s shipment for Syrian torture wasn’t an extraordinar rendition (although it was sending him to a country with no outstanding warrant against him and against his will, to be ’tortured to order’ on behalf of the US Gov).

    Rendition has grey edges on its definition, but it generally involves taking someone from another country without following extradition procedures SO AS TO BRING THEM TO TRIAL in another country.

    That kind of thing has definitely dropped off simply bc we don’t do trial anymore. So even just one or two in the Clinton admin would be many more than in the Bush admin – which has focused on kidnapping people, not to face trials, but to â€disappear†them into US or third country proxy torture and typically in a country with no connection with the kidnap victim and no charges or warrants outstanding against them.

    I’m wondering what kind of special quantum mechanics it takes to keep the molecules in the fabric surrounding him to stay in the shape of an American military uniform. Perhaps proof that shame is not a quantum force?

  29. Rayne says:

    earlofhuntingdon 11:58 — you’ll note that there was no hubbub of Republican concern over a certain software maker’s institution of WGA, which forces an audit of any user’s desktop at nearly any time. But then the same company also hired Ralph Reed as a lobbyist in the last handful of years…

    The protest is pointed and for a reason that appears corporate on the face of it.

    —–

    Jodi — thank you for re-confirming that you are the only moron in this thread, oxy- or otherwise. Do we need to find a dictionary or encyclopedia for you and point out the multiple definitions of â€hackerâ€?

  30. emptywheel says:

    WRT the AT&T data (and I need to come back to this later) consider two things.

    First, this passage from the Harris:

    The companies responded in various ways, with Qwest being the most reluctant to cooperate.

    We know from Nacchio’s lawyer that he refused in Fall 2001–though we have no more details than that. I wonder what that refusal entailed.

    Further, remember that Nacchio was fired resigned in June 2002. I’ve long wondered whether the board ousted him so they could put someone more compliant in and begin doing govt business again.

  31. pdaly says:

    Thanks, emptywheel.

    I was looking for the date of Nacchio’s resignation last night but got side tracked while looking into his indictment timeline.

    Nacchio was indicted Feb 23, 2003
    (by DoJ’s Ashcroft, Thompson, and US Attorney Suthers of District of Colorado), but this paragraph in the indictment caught my eye:

    â€The Qwest Communications Arizona School Facilities Board case was investigated by the Federal Bureau of Investigation and the SEC. The case is being prosecuted by First Assistant U.S. Attorney Bill Leone and Assistant U.S. Attorneys William Taylor and Tim Neff. â€

    No idea how Leone’s prosecution of Qwest Communications Arizona School Facilities Board case turned out, but wasn’t assistant US attorney Bill Leone fired or overlooked for a promotion during the US Attorney scandal?

    Was he failing in a task to take down Qwest quickly enough?

    In March 2007, Elevated Voices posted (http://www.5280.com/blog/?p=2352
    ) Jerilyn Merrit’s summary of the cross examination of former Qwest CFO Robin Szeliga during Nacchio’s trial:

    â€She [Szeliga] testified for the government in an unrelated proceeding brought by the US Attorney’s office in Denver. Bill Leone was prosecuting. She didn’t know when she testified there that she was a target in this investigation. Her testimony was in 2003 or 2004.

    She left Qwest at the end of July, 2003.

    Other than the two sales of 10,000 shares, she had never sold any Qwest stock.

    When she left Qwest, she had around 300,000 shares of Qwest.â€

  32. readerOfTeaLeaves says:

    Thoughts:

    First, when is information ’metadata’, and when is it ’content’?
    [Please bear with me here; the actual symbols for what I’d like to convey would probably make TNH interface cough, wheeze, and choke, so I’ll type in some ’close enough’ text and punt.]

    ——————————————-
    With any XML-related markup language, you can ’nest’ one file inside another, and another, and another, and another…. on and on and on and on. So here’s a rough sketch: (Message 1 [contains Message 2 and Message 3]):


    Message 1 = ?xml version #, time, data, filetype, filesize…Content…
    ******Message 2 = ?xml version #, time, data, filetype, filesize…Content…VideoFileABC…messageEndCode2
    ************Message 3 = ?xml version #, time, data, filetype, filesize…Content…Picture1a…Picture2a…messageEndCode3
    messageEndCode1


    Message 1 = ?xml version #, time, data, filetype, filesize…Content…
    ******Message 2 = ?xml version #, time, data, filetype, filesize…Content…VideoFileABC…messageEndCode2
    ************Message 3 = ?xml version #, time, data, filetype, filesize…Content…Picture1a…Picture2a…messageEndCode3
    messageEndCode1


    Message 1 = ?xml version #, time, data, filetype, filesize…Content…
    ******Message 2 = ?xml version #, time, data, filetype, filesize…Content…VideoFileABC…messageEndCode2
    ************Message 3 = ?xml version #, time, data, filetype, filesize…Content…Picture1a…Picture2a…messageEndCode3
    messageEndCode1

    PROBLEM #1: ’When you talk about ’metadata’ tags, what do you mean? If Congress means ALL TAGS THAT CONTAIN METADATA, whether or not they are nested, that’s one thing.
    But if Congress means, ’ONLY THE METADATA FOR A GIVEN TRANSMISSION’, then that’s different.
    So which situation applies?
    How do they definte ’metadata’ so that everyone is in agreement with the meaning, and the legal implications, of that term?
    Is a tag ’content’ when it’s nested? Or not?

    I don’t expect Congress to count the number of angels on the head of a pin, but this level of confusion is a potentially significant Legislative Bug. (Logging Bug Report FISA07_111 â€Confusion Over Term ’Metadata’â€, rOTL, 11.8.07)
    People will waste time, waste time, waste time, waste time…. because there is no clear decision criteria about when something is ’metadata’ and when it isn’t.
    Sheesh.

    ———————————————

    PROBLEM #2: ENABLING CARELESS IRRESPONSIBILITY: how does simply covering people’s butts — by offering them ’retroactive immunity’ — help clarify what’s legal, or enlighten anyone about the need for cybersecurity? But offering ’retroactive immunity’ only perpetuates letting people do stupid, illegal things without making them accountable for their actions — which means they’ll repeat their malfeasance. And then the confusion will continue exponentially. (Speaking of ’poor feedback loops’…!)

    ————————————————

    PROBLEM #3: CYBERSECURITY: I happen to strongly agree with EW that there is a huge risk of hacking, that cyberwar is a serious risk, and that this whole topic needs discussion.

    Sadly, the way that this issue has come to our attention is incredibly backasswards; reeking of deceit and dishonesty. The BushCheney administration couldn’t have f*cked this up any worse if they’d planned it. So first they spied on us all, and then they lied about it.

    This is the same administration in which K-k-k-Karl Rove and his minions used their Blackberries to send emails (to servers in Canada) about subverting the DoJ, and tampered with election returns. Then they deleted records of their transmissions.
    I guess if you’re the only one who knows about a system, it’s an advantage you can use to game everyone else. (Here’s hoping the Chinese and Putini’s thugs grabbed copies; if so, k-k-k-Karl Rove is now vulnerable to foreign extortionists. How that’s good for US security escapes me completely, but oh, well…)

    Which leads me to note that (as usual) Friar William has made a shrewd observation – in this instance, about satellite and cell phones. If one looks at power grids or power supplies, they’re weak in poorer countries. So people who can’t afford a computer, and couldn’t afford the power even if they had one, are increasingly relying on cell phones. The growth is incredible. Which raises new issues for wireless security that actually do need to be publicly discussed and addressed — if only to prevent fraud.

    But BushCheney are the same group of asshats that failed to fund about 1200 FBI fraud investigators, requested back at least in 2005 to address mortgage fraud. Repeat — in an era of global electronic transfers of funds, Bu$hCo t failed ensure wireless security. That alone is grounds for impeachment; the opportunities for fraud are exploding, and they can’t even approve 1200 FBI fraud investigators? Disgusting!
    Wireless security is definitely related to ’national security’, yet once again Condi Rice and Steven Hadley failed to rise to the occasion. Gosh, I feel so safe…

    ————————————
    PROBLEM #4: CO-OPTING GOOGLE. OR TRYING TO….
    Rayne’s point about Google perhaps being more proficient than the feds… I doubt the BushCheney acolytes comprehend ’Open Source’ anything 8((

    So if you have a technically proficient engineer, who are they going to work for…? Google? Or Darth Cheney and his aging frat boy sidekick? Gosh… that’s a tough choice… I just can’t picture anyone I know turning down a job at Google to go get mixed up with people who approve torture.

    Rayne and WO, please say nicer things about the Pacific Northwest and it’s Borgier Realms in future comments. Ralph Reed was making $20,000/month selling his ’expertise’ and ’access’ to MS/Redmond, but once ThePowersThatBe caught wind of it, I gather that Ralphie was off the payroll. Which was an early sign that the whole wingnut/neocon infestation had run its course.

    I’m an avid Mac user myself, but Microsoft is a barometer of social, cultural, political, and economic shifts. And one ought not forget that the first place the Chinese Premier traveled in the U.S. was the home of Bill and Melinda Gates, so there’s a case to be made that the software industry is doing its damndest to at least neutralize the criminal malfeasance of the BuShCheney crowd. Relish the irony.

  33. Rayne says:

    readerOfTeaLeaves — I love the Seattle area, had a great visit there when working on a contract for the borg. I will say nicer things about the borg when Ballmer leaves. The Ralph Reed episode was merely an indicator of larger problems inside the borg (so was the brouhaha about MSFT’s support for LGBT community in 2004 — a reall eff-up, that). That I own GOOG and not MSFT should tell you something about my belief in business acumen and prospects.

    Need to remember, too, that the other reason the Repugs will put pressure on GOOG is that GOOG is a major disruptive force, has enough capital in concert with its open source practices that it could completely up end the telsatco industry. It alone poses a massive threat to the telco industry, which is already fighting for its life.

    That point is the quid pro quo itself, the reason why telcos have caved to the government. The Repug majority (and now stupider elements in the Dem majority) likely offered life-support to the telcos’ business model, killing off any potential threat in the FCC or before it could be licensed, in exchange for rolling over on spying. The question I have: did Qwest already see the marketplace differently than its competitors? Did Nacchio believe that the lifeline would merely preserve the status quo and the grip of the largest players, actually constituting a threat to Qwest’s ability to emerge as a more serious competitor?

    In re: Meta-Data — think about the nature of anti-spam software; earliest versions picked stuff off by simple criteria, including meta-data in headers and attachments. But now the anti-spam software must comb the entire message to determine the threat…there is NO meta-data except in the minds of users. Meta-data is determined solely by context, and with this administration, there is none save preservation of power.

  34. Rayne says:

    EW — who was on the Qwest board? there had to be somebody/ies on the board who could both interpret the pressure and be â€read into†the information that Nacchio had as a signal that they needed to cave.

  35. readerOfTeaLeaves says:

    Rayne, I’m kind of kicking myself for coming online too early in the day, but I knew that I’d posted too long a comment and am still thinking through the whole NSA/metadata foolery. Your comments are splendid; thanks so much!

    You’ve nailed every single point — more concisely and astutely than I did.

    As for metadata, you’ve synthesized superbly: â€CONTEXT is meaningâ€â€¦? Indeed, It’s ALL metadata. (Had I thought of the issue in terms of anti-spam software, I might have gained clarity more rapidly; I was using another kind of software as my model for thinking about the issue.)

    Ballmer… Being several degrees of separation away from Redmond gives me enough distance to admire his intensity and focus, while not having to deal with him. MSFT is what it is. I steer clear of Borg Central as a general rule, as my interests tend to other kinds of software and I work on Macs. Nevertheless, I have known some right-wing Softies, and found their ignorance about many public policy topics quite alarming. All the more reason to be intrigued that Bush’s most recent fundraiser in the region occurred in a hotel, rather than in someone’s swank palace ;-))))

    GOOG = major disruptive force.
    Basically, a Google map is ’all metadata’. And we could go on from that starting topic, but I’m already running behind today… (!)

    This whole NSA/intel and metadata conversation places in stark illumination the sorry, scary fact that we’re still using mechanical paradigms at a time when we’ve mapped the genome, integrated circuits, and developed WiFi. Every time we use an outmoded paradigm in an effort to solve a novel problem, we screw ourselves over even worse. And the stakes keep climbing. (FWIW, I completely agree with Hagel’s recent comments that we’re in transformational times. But that fact is not exactly hard to recognize; why are so few political leaders articulating this critical fact?? The dearth of solid, informed discussion is exasperating. Which is only one reason that the blogs have mushroomed.)

    I simply don’t see national leadership applying useful, newer paradigms to solving problems. The newer paradigms are basically biological — whether they relate to Object Orienting Programming paradigms, or whether they relate to cancer research, the STRUCTURES are analogous. But despite the biological, modular, contextual technologies we’re using, our governing and legislative paradigms seem to be suited for steam engines and railroads (!). Deeply disturbing. No wonder the world’s on fire.

    Final comment: whatever I do, or don’t, think of MSFT and Redmond, I have tremendous respect for the Gates Foundation’s health initiatives. And it’s as if Hagel (and Patty Murray) are the only two people in the US Senate who ’get’ the implications of the fact that such an organization even exists (!)

  36. Rayne says:

    readerOfTeaLeaves — thanks for the reply. Appreciate your comprehension that the problems we face are increasingly complex, beyond the ability of many of our elected officials to comprehend them let alone develop solutions. After 30-plus years of badmouthing public service, begun by the left during the Vietnam War and Watergate, and pounded home for decades by the right bashing at well-meaning Carter and the constant drumbeat of the VRWC against liberal lawmakers, there are too few persons of the intellect we need as a nation now willing to serve. We vote for leaders-by-default, the few left who are willing to put up with crap but for a price.

    And the price is our willingness to allow our Constitutional rights to be savaged systematically. While GOOG and its competitors are willing to openly use our personal preferences to market to us and often to our benefit, we’ve allowed leaders-by-default to use this same information secretly to our detriment, or to benefits that will never be ours.

    We end up giving more respect to corporate elements than to our government, which is supposed to US, you, me, of, by and for the people. I cannot help be skeptical of Gates Foundation for this reason; the foundation becomes another kind of leader-by-default, not elected, but risen financially from the choices of attention we make in lieu of being engaged and active citizenry. And I cannot help be skeptical about the ultimate motivation of a foundation whose founder sees third-world countries in dire need as under-developed marketplaces…

    Context is most definitely meaning; we make meta-data. My context is different, as you can see. That’s why THEY need both your context and mine — all of it — in order to own us.

  37. readerOfTeaLeaves says:

    Rayne, thx for another interesting comment. At the risk of letting this thread get too long, I’ll reply.

    1. Agree completely that there is a significant problem recruiting and supporting smart, curious, creative people to government — particularly in leadership positions.

    2. It’s my understanding that Bill Gates has long been interested in molecular biology, and he’s been a moving force for investing in biotech and research, so I think you may not have the full background — his interests, one gathers, are quite genuine. And his expertise is highly respected by several researchers with whom I’ve spoken. They are tremendously frustrated at the appalling, almost unbelievable stupidity of elected leadership at both the state and national levels about basic science. (Must stop; I could write for days on this topic… 8(

    3. As for the Gates Foundation, I’m far more optimistic than you seem to be. First, b/c of the changes that occur when people work for an organization bent on providing health care — at the level of the cell, racism, nationalism, languages, and all the things that are used to divide us simply don’t exist. (For more, read â€Mountains Beyond Mountains†.) When people actually have the luxury and wherewithal to travel and see very basic human needs unmet, it changes them profoundly. When they actually confront a group of women in India spending hours of each day simply obtaining drinking water, people become deeply engaged. (With respect to some of these resource-scarcity issues, the NYT has actually done some outstanding reporting. And the Christian Science Monitor has long been the best tracker of subtle, real-life impacts of resource scarcity on the lives of individuals and families. I’ve found the CSM to be one of the most information-dense, thoughtful, contextual resources around, but people usually overlook them. They’re very, very good at spotting offbeat, seemingly innocuous stories that have much larger significance.) People working for foundations aren’t obligated to gain customers; I’d argue that working for a foundation — rather than a business — changes WHAT people pay attention to. Which in turn then CHANGES THE CONTEXT within which they seek, organize, tag, and retrieve info. So over a period of time, organizations like the Gates Foundation are also quietly disruptive and reshape the world. Combine it with Google Earth, and a new paradigm might be gasping to be born.

    Anyway, too long (and too personal) a response, but the topics are certainly important.

    Just for the record, I don’t work for the Gates Foundation, nor am I working for any other non-profit at the moment. Don’t want to inadvertantly confuse. My comments are strictly, ideosyncratically personal.

    However, sometimes I do work related to cells and health care, so I see analogies between the structures and patterns of cell behavior, and technologies like metadata, which are contextual. How does a cell signal that it’s a white blood cell? Then, after it sends out that signal, what other changes occur in that cell, and how does the body treat it? All that occurs through chemical signals that function much the way that metadata functions.

    I think it could be argued quite easily that metadata is a bit like DNA; read when it’s relevant, ignored when its not. But always embedded within the file structures, in order to be available when it is needed.

  38. readerOfTeaLeaves says:

    Rayne, should have added — as people confront the effects of political adn economic corruption, appallingly unequal income distributions, and see the end results in terms of very scary pollutants, hideous birth defects… (okay, I’ll stop at those two), then in an odd fashion, their curiousities seem to turn back, Mobius-like, to ask more tough, serious questions about the role, purpose, and functions of governments. But I also see a new, quiet, almost somber questioning about the roles and powers allowed to corporations — I think this is coming from two sources. More people are finally recognizing that the Bu$hCo paradigm of government = ’a whore for profit’. But the other source, if I’m listening astutely, is that more and more people are finally connecting health issues with unconsciable corporate behavior — where there was no context, and no linkage, in the past, more people are increasingly adding lots of links between corruption, bad governance (both corporate and government), and health problems. I’ve observed people who cynically dismissed ’government’ in past years start to wake up and pay attention. Significantly, these people are not used to sitting back and taking sh*t from people they don’t view as holding legitimate authority (as near as I can tell, ’illegitimate authority’ currently includes anyone linked to Bu$hCo at this hlstorical moment).

    I’m not yet completely confident, but it certainly seems that a new focus, and new standards of ’performance’ or ’accountability’ are being born that are adding new context to HOW people think about government. The costs — the exterenalities — of corrupt government are becoming more evident — as a result of a wider, more informed context, which is increasingly shared by people who’d never known they had common interests.

    It’s not some bizarre quirk that books like ’Confessions of an Economic Hit Man’, a book that had to be published by a very small press, hit the NYT bestseller list with virtually zero marketing behind them. Significantly, Paul Hawken’s â€Blessed Unrest†is selling steadily — in hardcover! It’s basically a compilation of ’tea leaves’, with a profoundly quiet, almost whispered narrative. I’ve seen very little marketing of that book, yet its’ selling steadily months after publication. If you are unfamiliar with it, I recommend you check out Hawkens (of ’Smith and Hawkens’) at [email protected]

    Yeah, I’m now an [email protected] junkie.
    Yet another tremendously important innovation that GOOG is offering, and one that is enormously promising.

    Thx for the link to the essay about photographs, truth, and context. Useful.

    Kind Regards, rOTL