The annual wiretap report is out. The headline number is that wiretaps have gone up, and judges still don’t deny any wiretap applications.

The number of federal and state wiretaps reported in 2015 increased 17 percent from 2014.   A total of 4,148 wiretaps were reported as authorized in 2015, with 1,403 authorized by federal judges and 2,745 authorized by state judges.  Compared to the applications approved during 2014, the number approved by federal judges increased 10 percent in 2015, and the number approved by state judges increased 21 percent.  No wiretap applications were reported as denied in 2015.

The press has focused more attention on the still very small number of times encryption thwarts a wiretap.

The number of state wiretaps in which encryption was encountered decreased from 22 in 2014 to 7 in 2015.  In all of these wiretaps, officials were unable to decipher the plain text of the messages.  Six federal wiretaps were reported as being encrypted in 2015, of which four could not be decrypted.  Encryption was also reported for one federal wiretap that was conducted during a previous year, but reported to the AO for the first time in 2015.  Officials were not able to decipher the plain text of the communications in that intercept.

Discussing the number — which doesn’t include data at rest — on Twitter got me to look at something that is perhaps more interesting.

Back in July 2015, 7 months into the period reported on today, Deputy Attorney General Sally Yates and FBI Director Jim Comey testified in a “Going Dark” hearing. Over the course of the hearing, they admitted that they simply don’t have the numbers to show how big a problem encryption is for their investigations, and they appeared to promise to start counting that number.

Around January 26, 2016 (that’s the date shown for document creation in the PDF) — significantly, right as FBI was prepping to go after Syed Rizwan Farook’s phone, but before it had done so — Comey and Yates finally answered the Questions for the Record submitted after the hearing. After claiming, in a response to a Grassley question on smart phones, “the data on the majority of the devices seized in the United States may no longer be accessible to law enforcement even with a court order or search warrant,” Comey then explained that they do not have the kind of statistical information Cy Vance claims to keep on phones they can’t access, explaining (over five months after promising to track such things),

As with the “data-in-motion” problem, the FBI is working on improving enterprise-wide quantitative data collection to better explain the “data-at-rest” problem.”

[snip]

As noted above, the FBI is currently working on improving enterprise-wide quantitative data collection to better understand and explain the “data at rest” problem. This process includes adopting new business processes to help track when devices are encountered that cannot be decrypted, and when we believe leads have been lost or investigations impeded because of our inability to obtain data.

[snip]

We agree that the FBI must institute better methods to measure these challenges when they occur.

[snip]

The FBI is working to identify new mechanisms to better capture and convey the challenges encountered with lawful access to both data-in-motion and data-at =-rest.

Grassley specifically asked Yates about the Wiretap report. She admitted that DOJ was still not collecting the information it promised to back in July.

The Wiretap Report only reflects the number of criminal applications that are sought, and not the many instances in which an investigator is dissuaded from pursuing a court order by the knowledge that the information obtained will be encrypted and unreadable. That is, the Wiretap Report does not include statistics on cases in which the investigator does not pursue an interception order because the provider has asserted that an intercept solution does not exist. Obtaining a wiretap order in criminal investigations is extremely resource-intensive as it requires a huge investment in agent and attorney time, and the review process is extensive. It is not prudent for agents and prosecutors to devote resources to this task if they know in advance the targeted communications cannot be intercepted. The Wiretap Report, which applies solely to approved wiretaps, records only those extremely rare instances where agents and prosecutors obtain a wiretap order and are surprised when encryption prevents the court-ordered interception. It is also important to note that the Wiretap Report does not include data for wiretaps authorized as part of national security investigations.

These two answers lay out why the numbers in the Wiretap Report are of limited value in assessing how big a problem encryption is.

But they also lay out how negligent DOJ has been in responding to the clear request from SJC back in July 2015.

Here are the first 36 words of an otherwise useful House Homeland Security Committee report on encryption:

Public engagement on encryption issues surged following the 2015 terrorist attacks in Paris and San Bernardino, particularly when it became clear that the attackers used encrypted communications to evade detection—a phenomenon known as “going dark.”

The statement has grains of truth to it. It is true that engagement on encryption surged following the Paris attacks, largely because intelligence committee sources ran around assuming (and probably briefing the White House) that encryption must explain why those same intelligence committee sources had missed the attack. It surged further months later when FBI chose to pick a fight with Apple over Syed Rizwan Farook’s work phone which — it was clear from the start — had no evidence relating to the attack on it.

It is also true that ISIS had been using Telegram leading up to the Paris attack; in its wake, the social media company shut down a bunch of channels tied to the group. But there has never been a public claim the plotters used Telegram to plan their attack.

It is also true that an ISIS recruit, arrested and interrogated months before the Paris attack, had told French authorities he had been trained to use a Truecrypt key and an elaborate dead drop method to communicate back to Syria.

But it is not true that the Paris attackers used encryption to hide their plot. They used a great many burner phones, a close-knit network (and with it face-to-face planning), an unusual dialect. But even the one phone that had an encrypted product loaded on it was not using that service.

It is also not true that the San Bernardino attackers used encryption to evade detection. They used physical tools to destroy the phones presumably used to plan the attack. They hid a hard drive via some other, unidentified means. But the only known use of encryption — the encryption that came standard on Farook’s work phone — was shown, after the FBI paid to bypass it, not to be hiding anything at all.

Now it’s possible there was encryption involved in these attacks we don’t know about, that HLSC has gotten classified briefings on. But even if there was, it could not very well have led to a public surge of engagement last year, because it would not be public.

There are reasons to discuss encryption. But factually false claims about terrorists’ use of encryption are not among those reasons.

h/t to Access Now’s Nathaniel White, who pointed out this bogosity on Twitter.

Update: See this Grugq post laying out what little encryption ISIS has been known to use in any attack.

As far as the public record shows, Ron Wyden first started complaining about the Common Commercial Service OLC Memo in late 2010, in a letter with Russ Feingold written “over two years” before January 14, 2013. As I’ve written, John Yoo wrote the memo on May 30, 2003, as one of the last things he did before he left the Office of Legal Council. It seems to have something to do with both the Stellar Wind program and cybersecurity, and apparently deals with agreements with private sector partners. At least one agency has operated consistently with the memo (indeed, Ron Wyden’s secret memo submitted to the court probably says the memo was implemented) but the government claims that doesn’t mean that agency relied on the memo and so the ACLU can’t have it in its FOIA lawsuit.

According to a letter liberated by Jason Leopold, however, someone in Congress was raising concerns about a memo — which is probably the same one — even before Wyden and Feingold were. On June 30, 2010, then Chair of the House Intelligence Committee Silvestre Reyes wrote Attorney General Holder a letter about a May 30, 2003 memo. On October 5, Ron Weich wrote Reyes,

We have conferred with Committee staff about your letter and your concerns regarding the potential implications of the opinion. We appreciate your concerns and your recognition of the complexities of the issues involved in our consideration of your request. We will let you know as soon as we are in a position to provide additional information.

In other words, three months after one of the top ranking intelligence overseers in government raised concerns about the memo, DOJ wrote back saying they weren’t yet “in a position to provide additional information.”

That seems like a problem to me.

It also seems to be another data point suggesting that — whatever the government did back in 2003, after Yoo wrote the memo — it was being discussed more generally in 2010, possibly with an eye to implement it.

Update: On reflection, I may have overstated how sure we can be that this May 30 opinion is the same opinion. I’ve adjusted the post accordingly.

EFF’s Dave Maass discovered this conference notice from the Intelligence Advanced Research Projects Activity.

Selecting and evaluating a workforce that is well-suited for the psychological and cognitive demands of the diverse positions across the Intelligence Community (IC) is an important and persistent need. This is growing in importance as the pace and complexity of the challenges facing the IC workforce grow and expand. Methods that enhance our ability to evaluate an individual’s psychological drivers, cognitive abilities, and mental wellness and resilience will enable improved capabilities to select the right person for the right job, evaluate and help maintain optimal performance throughout their career, and better understand and anticipate changes in an individual that may impact their work effectiveness, productivity, and overall health and wellness.

To address this challenge, the MOSAIC program aims to take advantage of multimodal mobile, worn, and carried sensors and the corresponding data to enable the measurement of an individual in situ, throughout their daily activities, using an aggregate of behavior, physiology, social dynamics, physical location and proximity, as well as other novel data sources. Research in this program will aim to establish convergent validity of multimodal signals across a range of researcher-defined contexts and over time to enable accurate and personalized evaluations. It is anticipated that research teams will develop and test a suite of multimodal sensors to collect a range of subject-focused and situational data; build capabilities to develop an integrated model of the subject, their behaviors, and the social and physical context; and advance methods to personalize modeling approaches to develop accurate assessments of an individual over time.

The Program, which uses the intelligence jargon “Mosaic” to stand for “Multimodal Objective Sensing to Assess Individuals with Context” would start with volunteers and then roll out better measurements, though it’s not clear whether the program, as conceived, would roll out to the IC as a whole.

It’s all very spooky, especially given that it doesn’t really say what it wants to measure. Is it going to be a running polygraph, a constant assessment of deceit of the kind the IC doesn’t encourage, if that can be distinguished from the kind it does? Will it measure how the best operatives respond to stress? What kind of spying on the spies will it enable?

But it’s nice to see IARPA making clear whether the push for things like FitBit will lead the rest of society.

Fresh off being caught lying about rolling her eyes in response to calls for Palestinian rights, Neera Tanden has rolled out something called the National Security Leadership Alliance. Best as I can tell, it exists mainly on paper right now — I couldn’t even find it on CAP’s site yet. But it seems designed to fear-monger about what will happen if Trump becomes Commander-in-Chief.

The project, called the National Security Leadership Alliance, will be funded by C.A.P. Action. It will feature a roster of major members of the foreign policy and national security community, including two retired four-star generals; Leon E. Panetta, the former C.I.A. director; Madeleine K. Albright, the former secretary of state; Eric H. Holder Jr., the former attorney general; and Carl Levin, the former Michigan senator. All have endorsed Mrs. Clinton.

There will be an effort to highlight precisely what, in the military arsenal, Donald J. Trump would have access to as president. Mr. Trump has been criticized for his views on foreign policy, criticisms that have been central to the case that Mrs. Clinton has made against him in an effort to describe the stakes of the 2016 presidential election. The Center for American Progress is led by a top outside adviser to Mrs. Clinton, Neera Tanden, and the new project seeks to put a spotlight on what officials are calling a progressive foreign policy vision.

I’m perfectly okay with fearmongering about Trump. But let’s look at this lineup. It features the woman who said letting half a million Iraqi children die was worth the price of enforcing sanctions against the country. It also includes a guy, Panetta, whose exposure of the identities of Osama bin Laden killers’ to Hollywood producers serves to reinforce what a double standard on classified information Hillary (and Panetta) benefit from.

But I’m most curious by a “national security” team that includes both Eric Holder and Carl Levin, especially given the NYT focus, in announcing the venture, on Brexit.

“I think what brought us together is obviously a lot of concern about some of the division and polarization that we’re seeing in the world,” Mr. Panetta said in an interview. “We know we’re living in a time of great change and uncertainty.”

But he added, “The concern we have is we see these forces of division that are prepared to throw out the fundamental” principles of foreign policy in the United States over many decades.

“What we’re learning from ‘Brexit’ is that there’s a price to be paid in terms of letting out emotion dictate policy instead of responsible leadership,” he said, referring to Britain’s vote to leave the European Union. “We shouldn’t throw the baby out with the bath water.”

Leon Panetta, in rolling out a venture including Carl Levin — who as head of the Senate’s Permanent Subcommittee on Investigations worked tirelessly for some kind of accountability on bank crime — and Eric Holder — who ignored multiple criminal referrals from Levin, including one pertaining to Goldman Sachs head Lloyd Blankfein — says the lesson from Brexit is that we can’t let emotion dictate policy but instead should practice “responsible leadership” guarding the “fundamental principles of foreign policy in the United States over many decades.”

Of course, as David Dayen argued convincingly, to the extent Brexit was an emotional vote, the emotions were largely inflamed by elite failures — the failures of people like Eric Holder to demand any responsibility (Dayen doesn’t deal with the equally large failures of hawks like Albright whose destabilizing policies in the Middle East have created the refugee crisis in Europe, which indirectly inflamed Brexit voters).

Again, I’m okay if Hillary wants to spend her time fearmongering about the dangers of Trump.

But to do so credibly, she needs to be a lot more cognizant of the dangers her own team have created.

Kash Hill has a fascinating story about a Facebook flip-flop over a story she reported yesterday.

It started when — as increasingly happens in her work — someone came to her with a scary problem. Facebook recommended he friend someone he had only just met for the first time at a meeting for parents of suicidal teens. In response, Facebook confirmed they do use co-location for such recommendations.

Last week, I met a man who was concerned that Facebook has used his smartphone location to figure out people he might know. After he attended a gathering for suicidal teens, Facebook recommended one of the other parents there as a friend, even though they seemingly had nothing else in common but being in the same place at the same time. He asked me whether Facebook was using location to figure out if people knew each other.

I was skeptical, because that seemed like such an egregious violation of privacy. On Friday, I emailed Facebook:

A Facebook user told me that he attended an event last week with people he’d never met before. The next morning, one of the people at the event came up as a suggested friend. They had no other ties beyond being in the same room the night before. Could their shared location have resulted in the suggestion?

A spokesperson responded, saying that location is one of the signals for “People You May Know.”

But then, as people started making a stink about this, Facebook reached out again and offered this oblique reversal.

Thus I reported that “Facebook is using your phone’s location to suggest new friends—which could be a privacy disaster.” The story garnered lots of negative feedback, with people upset about Facebook using their location information this way without telling them.

Then, on Monday night, the Facebook spokesperson reached out again, saying the company had dug into the matter and found that location isn’t currently used. She sent an updated statement:

“We’re not using location data, such as device location and location information you add to your profile, to suggest people you may know. We may show you people based on mutual friends, work and education information, networks you are part of, contacts you’ve imported and other factors.”

One part of this comment is easy: Facebook is not using locations you mark for yourself (so if I said I was in Grand Rapids, they wouldn’t use that to find new Grand Rapids friends for me). But it’s not really clear what they mean by “device location.” Determined by what? GPS? Cell tower? IP location? Wifi hotspot colocation?

Which got me thinking about the way that federal law enforcement (in both the criminal and FISA context, apparently) are obtaining location data from social media as a way to tie physical location to social media activity.

[Magistrate Stephen Smith] explained he had had several hybrid pen/trap/2703(d) requests for location and other data targeting WhatsApp accounts. And he had one fugitive probation violation case where the government asked for the location data of those in contact with the fugitive’s Snapchat account, based on the logic that he might be hiding out with one of the people who had interacted with him on Snapchat. The providers would basically be asked to to turn over the cell site location information they had obtained from the users’ phone along with other metadata about those interactions. To be clear, this is not location data the app provider generates, it would be the location data the phone company generates, which the app accesses in the normal course of operation.

Doing so with Facebook would be particularly valuable, as you could target an event (say, a meeting of sovereign citizens) and find out who had attended the meeting to see whose location showed up there. The application would be even more useful with PRISM, because if you were targeting meetings overseas, you wouldn’t need to worry about the law on location data.

In other words, I started wondering whether Facebook is using this application — and was perfectly willing to tell Hill about it — until the FBI or someone started complaining that people would figure out one of their favorite new law enforcement (and intelligence) methods.

Hill is still pressing Facebook for real answers (and noted that Facebook may be violating FTC rules if they are doing this, so expects answers from there if not from Facebook directly).

Still, I’m wondering if FBI is now telling our private spy companies they can’t reveal the techniques law enforcement most likes to rely on.

As a number of outlets have reported, Ron Wyden has placed a hold on the Intelligence Authorization in an attempt to thwart FBI’s quest to be able to obtain Electronic Communication Transaction Records with just a National Security Letter.

But Wyden’s released statement on that hold differs in emphasis from what he said in his Senate address announcing the hold yesterday. The statement describes how all toll records — from emails, texts, or web browsing — can infringe on privacy.

The fact of the matter is that ‘electronic communication transaction records’ can reveal a great deal of personal information about individual Americans.  If government officials know that an individual routinely emails a mental health professional, or sends texts to a substance abuse support group, or visits a particular dating website, or the website of a particular political group, then the government knows a lot about that individual.  Our Founding Fathers rightly argued that such intrusive searches should be approved by independent judges.

But in his floor statement, Wyden went on at length about the particular threat posed by obtaining web browsing history (this starts after 4:40).

For example, the National Security Letters could be used to collect what are called Electronic Communication Transaction Records. This would be email and chat records and text message logs, and in particular, Mr. President, and I’ve had Senators come up to me to ask me about whether this could be true, folks at home this weekend, when I was out and responding to questions about this, people asked, “Does this really mean that the government can get the Internet browsing history of an individual without a warrant even when the government has the emergency authority if it’s really necessary?”

And the answer to that question, Mr. President, is yes, the government can. The government can get access to web browsing history under the Intelligence Authorization legislation, under the McCain amendment, and they can do it without getting a warrant, even when the government can go get it without a warrant when there is an emergency circumstance.

Now the reality is web browsing history can reveal an awful lot of information about Americans. I know of little information, frankly Mr. President, that could be more intimate than that web browsing history. If you know that a person is visiting the website of a mental health professional, or a substance abuse support group, or a particular political organization, or — say — a particular dating site, you know a tremendous amount of private and personal and intimate information about that individual — that’s what you get when you can get access to their web browsing history without a warrant, even when the government’s interest is protected, as I’ve said, in an emergency.

The reality is getting access to somebody’s web browsing history is almost like spying on their thoughts. This level of surveillance absolutely ought to come with court oversight, and as I’ve spelled out tonight, that is possible in two separate ways — the traditional approach with getting a warrant, and then under Section 102, which I wrote as part of USA Freedom Act, the government can get the information when there’s an emergency and come back later after the fact and settle up.

Wyden’s statement makes a few other things clear. First, by focusing on the emergency provision of USA Freedom Act, Wyden illustrates that the FBI is trying to avoid court oversight, not so much obtain records quickly (though there would be more paperwork to a retroactive Section 215 order than an NSL).

That means two things. First, as I’ve noted, FBI is trying to avoid the minimization procedures the FISC spent three years imposing on FBI. Right now, we should assume that FISC would prohibit FBI from retaining all of the data it obtains from web searches, but if it moved (back) to NSL collection it would have no such restriction.

The other thing obtaining ECTRs with NSLs would do, though, is avoid a court First Amendment review, which should be of particular concern with web search history, since everything about web browsing involves First Amendment speech. Remember, a form of emergency provision (one limited to Section 215’s phone chaining application) was approved in February 2014. But in the September 2014 order, the FISC affirmatively required that such a review happen even with emergency orders. A 2015 IG Report on Section 215 (see page 176) explains why this is the case: because once FISC started approving seeds, NSA’s Office of General Counsel stopped doing First Amendment reviews, leaving that for FISC. It’s unclear whether it took FISC several cycles to figure that out, or whether they discovered an emergency approval that infringed on First Amendment issues. Under the expanded emergency provision under USAF, someone at FBI or DOJ’s National Security Division would do the review. But FBI’s interest in avoiding FISC’s First Amendment review is of particular concern given that FBI has, in the past, used an NSL to obtain data the FISC refused on First Amendment grounds, and at least one of the NSL challenges appears to have significant First Amendment concerns.

In the Senate yesterday, Senator Wyden strongly suggested the FBI wants this ECTR provision so it can “spy[] on their thoughts” without a warrant. We know from other developments that doing so using an NSL — rather than an emergency Section 215 order — would bypass rigorous minimization and First Amendment review.

In other words, the FBI wants to spy on — and then archive — your thoughts.

For the record, I think it quite likely that UK’s Tories will never trigger Article 50, which would mean the two year process of leaving the EU will never start much less finish. If that happens, we will face an increasing game of chicken between the EU — primarily Germany — and the UK, because until things settle with the UK, other right wing parties will call to Exit the EU.

All that said, I want to consider what a UK exit would mean for security, particularly as regards to the balance between privacy and dragnettery in which the EU has, in recent years, played a key but largely ineffectual role.

From a spying perspective, Brexit came just hours after the US and EU finalized a draft of the Privacy Shield that will replace the Safe Harbor agreement next week. When I read it, I wondered whether the US signed it intended to do some data analysis in the UK, an option that will likely become unavailable if and when the UK actually does leave the EU. Amazingly, the UK’s hawkish Home Secretary Theresa May (who in the past has called for the UK to leave the ECHR) is considered a favorite to replace David Cameron as the Tory Prime Minister, which would be like Jim Comey serving as President. The UK will still need to sign its own IP Bill, which will expand what is authorized spying in the UK.

But all that assumes the relative structure of nesting alliances will remain the same if and when the UK departs the EU. And I don’t think that will happen. On the contrary, I think the US will use the UK’s departure — and security concerns including both a confrontational expanding Russia and the threat of terrorism — to push to give NATO an enhanced role off what it has.

Consider what Obama said in his initial statement about Brexit [my emphasis in all these passages],

The people of the United Kingdom have spoken, and we respect their decision. The special relationship between the United States and the United Kingdom is enduring, and the United Kingdom’s membership in NATO remains a vital cornerstone of U.S. foreign, security, and economic policy. So too is our relationship with the European Union, which has done so much to promote stability, stimulate economic growth, and foster the spread of democratic values and ideals across the continent and beyond. The United Kingdom and the European Union will remain indispensable partners of the United States even as they begin negotiating their ongoing relationship to ensure continued stability, security, and prosperity for Europe, Great Britain and Northern Ireland, and the world.

To Cameron,

President Obama spoke by phone today with Prime Minister David Cameron of the United Kingdom to discuss the outcome of yesterday’s referendum on membership in the European Union, in which a majority of British voters expressed their desire to leave the EU. The President assured Prime Minister Cameron that, in spite of the outcome, the special relationship between the United States and the United Kingdom, along with the United Kingdom’s membership in NATO, remain vital cornerstones of U.S. foreign, security, and economic policy. The President also expressed his regret at the Prime Minister’s decision to step aside following a leadership transition and noted that the Prime Minister has been a trusted partner and friend, whose counsel and shared dedication to democratic values, the special relationship, and the Transatlantic community are highly valued. The President also observed that the EU, which has done so much to promote stability, stimulate economic growth, and foster the spread of democratic values and ideals across the continent and beyond, will remain an indispensable partner of the United States. The President and Prime Minister concurred that they are confident that the United Kingdom and the EU will negotiate a productive way forward to ensure financial stability, continued trade and investment, and the mutual prosperity they bring.

And to Merkel,

The President spoke today by phone with Chancellor Angela Merkel of Germany regarding the British people’s decision to leave the European Union. Both said they regretted the decision but respected the will of the British people. The two leaders agreed that the economic and financial teams of the G-7 partners will coordinate closely to ensure all are focused on financial stability and economic growth. The President and the Chancellor affirmed that Germany and the EU will remain indispensable partners of the United States. The leaders also noted that they looked forward to the opportunity to underscore the strength and enduring bond of transatlantic ties at the NATO Summit in Warsaw, Poland, July 8-9.

NATO, NATO, NATO.

John Kerry and NATO Secretary General Jens Stoltenberg seem to echo that viewpoint, with Stoltenberg arguing NATO will become more important.

“We have high expectations of a very strong NATO meeting and important deliverables,” Kerry said of the summit planned for Warsaw on July 8-9. “That will not change one iota as a consequence of the vote that has taken place.”

Kerry, who is on a lightning tour of Brussels and London intended to reassure U.S. allies following the British vote, noted that 22 EU nations, including Britain, are part of NATO.

In Brussels Kerry met NATO Secretary General Jens Stoltenberg and EU foreign policy chief Frederica Mogherini.

“After the UK decided to leave the European Union I think that NATO has become even more important as a platform for cooperation between Europe and North America but also defence and security cooperation between European NATO allies,” said Stoltenberg, whose own country Norway is in NATO but not the EU.

Retired Admiral Stavridis provides a list of four reasons why Brexit will strengthen NATO.

1. Putin’s adventurism: “NATO has provided the most resolute military balance against [Russia], and thus its stock can be expected to rise with publics in Europe.”
2. UK manpower will be freed up from EU tasks: UK “will have additional ships, troops, and aircraft to deploy on NATO missions because they will not have to support EU military efforts such as the counter-piracy operations off the coast of East Africa or EU missions in the Balkans.”
3. By losing the UK’s military power, the EU will become even more of a soft power entity ceding real military activities to NATO. “And, given that European military efforts will be greatly diminished by the loss of British military muscle, the EU can be expected to defer to NATO more frequently.”
4. The UK will have to prove itself in NATO to retain its “special relationship.” UK “will have to look for new ways to demonstrate value in its partnership with the United States if it hopes to maintain anything like the “special relationship” it has become accustomed to (and dependent on).”

It’s actually the third* bullet that I think will be key — and it will be carried over into spying. Without the UK, the EU doesn’t have the capability to defend itself, so it will be more dependent on NATO than it had been. Similarly, without GCHQ, the EU doesn’t have heightened SIGINT power to surveil its own population. And so — I fear — whereas prior to Brexit the EU (and Germany specifically) would at least make a show of pushing back against US demands in exchange for protection, particularly given the heightened security concerns, everyone will be less willing to push back.

It’s unclear whether Brexit (if it happens) will hurt the UK or EU more. It probably won’t hurt the US as much as any entity in Europe. It might provide the trigger for the dismantling of the EU generally.

I think it very likely it will shift Trans-Atlantic relationships, among all parties, to a much more militaristic footing. That’s dangerous — especially as things heat up with Russia. And the countervailing human rights influence of the EU will be weakened.

But I think the US will gain power, relatively, out it.

Update: I originally said “fourth” bullet but meant third. Also, I originally said an “expanding” Russia, which I changed because with the coup in Ukraine I think the “west” started the expansionary push.

Update: This piece games out a number of possibilities on data protection.

The NYT has a blockbuster story reporting that Jordanian officers have been stealing weapons “shipped into Jordan” by CIA, and selling them on the black market. Some of these weapons were used to kill two American contractors at a training facility in November.

Weapons shipped into Jordan by the Central Intelligence Agency and Saudi Arabia intended for Syrian rebels have been systematically stolen by Jordanian intelligence operatives and sold to arms merchants on the black market, according to American and Jordanian officials.

Some of the stolen weapons were used in a shooting in November that killed two Americans and three others at a police training facility in Amman, F.B.I. officials believe after months of investigating the attack, according to people familiar with the investigation.

The existence of the weapons theft, which ended only months ago after complaints by the American and Saudi governments, is being reported for the first time after a joint investigation by The New York Times and Al Jazeera.

I’m still trying to figure out what to make of this story, so for the moment, I just want to unpack it.

First, consider the players. The story is sourced to US and Jordanian “officials,” (a term which can sometimes mean contractors or Members of Congress). The CIA and FBI both refused to comment for the story; the State Department and Jordan’s press people both gave fluff statements.

The story is a joint project — between Qatar’s media outlet, Al-Jazeera (here’s their link to the story), and the “official press” of the US, the NYT. So Americans, Jordanians, and Qataris were involved in this story.

But no Saudis, in spite of the fact that the story reports that Saudis apparently complained some months ago.

The story seems to suggest that after a Jordanian police official who had just been fired for reasons not yet made public and presumably had his official weapon confiscated went and got this one — it’s not clear whether he purchased it or got it some other way — and killed five (including two American DynCorp contractors) and injured seven others. As part of the FBI investigation, the story suggests, they traced the serial number of the Kalashnikov the killer used to a shipment directly tied to the CIA.

American and Jordanian officials said the investigators believed that the weapons that a Jordanian police captain, Anwar Abu Zaid, used to gun down two Jordanians, two American contractors and one South African had originally arrived in Jordan intended for the Syrian rebel-training programme.

The officials said this finding had come from tracing the serial numbers of the weapons.

Apparently parallel to that investigation, Jordanians have had rumors of the theft for some time.

Word that the weapons intended for the rebels were being bought and sold on the black market leaked into Jordan government circles last year, when arms dealers began bragging to their customers that they had large stocks of US- and Saudi-provided weapons.

Jordanian intelligence operatives monitoring the arms market – operatives not involved in the weapons-diversion scheme – began sending reports to headquarters about a proliferation of weapons in the market and of the boasts of the arms dealers.

Here’s the thing. The article says the theft and sale of the arms has led to a flood of new weapons on the black market.

The theft and resale of the arms – including Kalashnikov assault rifles, mortars and rocket-propelled grenades – have led to a flood of new weapons available on the black arms market.

Investigators do not know what became of most of them, but a disparate collection of groups, including criminal networks and rural Jordanian tribes, use the arms bazaars to build their arsenals.

Perhaps that’s true within Jordan. But the weapons came from the black market in the first place — from the Balkans and elsewhere in Eastern Europe, the story claims. If these weapons did come from Eastern Europe, what has really happened is that the US and Saudis have transported weapons to Jordan, only to have them appear back on the black market there, with some cash in the pockets of some Jordanian officers.

And after the Americans and Saudis complained, there was a crack down with no real consequences for those involved.

Jordanian officials who described the operation said it had been run by a group of GID logistics officers with direct access to the weapons once they reached Jordan. The officers regularly siphoned truckloads of the weapons from the stocks, before delivering the rest of the weapons to designated drop-off points.

Then the officers sold the weapons at several large arms markets in Jordan.

[snip]

It is unclear whether the current head of the GID, General Faisal al-Shoubaki, had knowledge of the theft of the CIA and Saudi weapons. But several Jordanian intelligence officials said senior officers inside the service had knowledge of the weapons scheme and provided cover for the lower-ranking officers.

[snip]

After the Americans and Saudis complained about the theft, investigators at the GID arrested several dozen officers involved in the scheme, among them a lieutenant colonel running the operation. They were ultimately released from detention and fired from the service, but were allowed to keep their pensions and money they gained from the scheme, according to Jordanian officials.

One more point: the story notes that Obama authorized this program, which the story reveals is called Timber Sycamore, in 2013. It says it is run by the US and several Arab intelligence programs, but neglects to mention Qatar is a key player.

Now, it is true, as far as we know, that official covert CIA involvement started in 2013. But the program dates back earlier, to 2011, with the CIA watching the Saudis and Qataris funnel weapons from Libya to Syria in conjunction with the Benghazi attack. The US got more involved in 2013, in part, to try to put some order to the program. You know: to ensure that weapons got to the people we wanted them to get to?

And here were learn — because a Jordanian officer gone back shot up the training program one day — that at least some of those weapons weren’t actually going where they were supposed to?

Update: Moon of Alabama offers his take.

In my earlier post on Brexit, I pointed to this comment, which has gotten a lot of attention. I agree with what the comment said about swapping elites (its first point) and the impact on the young (its second). But I don’t agree with the third:

Thirdly and perhaps most significantly, we now live in a post-factual democracy. When the facts met the myths they were as useless as bullets bouncing off the bodies of aliens in a HG Wells novel.

I’m not saying that the Brexit side told the truth about the downsides of exiting. Indeed, within hours of victory, Ukip leader Nigel Farage admitted a key claim made in Brexit propaganda, that the UK would save £350 million a week that could be put into social services like the National Health Service (which got cut significantly under Cameron) was a “mistake.”

I’m not even saying that this election, in the UK, was not exception in terms of the bald propaganda unleashed. I haven’t seen that measured, but everything I’ve heard reports that it was awful.

Still, what does it mean that we live in a post-factual democracy? I thought, at first, that the US is just ahead of its cousin, in that we’ve had WMD and birther lies for over a decade. But the UK had the very same WMD lies. Indeed, both countries have proudly lied about national security secrets for decades, centuries in England.

Plus, as I thought back in US history, I couldn’t get to a time when democracy didn’t depend on some key, big lies. Remarkably, they’re still some of the very same lies mobilized in the Brexit vote. You don’t get a United States, you don’t get a British Empire, without spewing a lot of lies about the inferiority of black (brown, beige, continental) men. You don’t get America, as it currently exists, without the myth of American exceptionalism, the unique national myth that has served to root an increasingly diverse former colony. You don’t get Britain without certain beliefs, traced back to Matthew Arnold and earlier, about the enobling force of British culture.

Those myths are precisely what have driven the democracy of both countries for a long time. They were a way of imposing discipline, privilege, and selective cohesion such that less privileged members of those included in the myth would buy in and tolerate the other inequities without undue violence.

They’re really the same myths deployed by some in Brexit: the immigrants, not the austerity policies, are taking your jobs and disrupting your English way of life.

Perhaps we’re moving closer to a fact-based democracy. Access to rebut sanctioned lies is more readily accessible, though the scaffold of spying makes it harder to release, except in bulk. We’re becoming more cosmopolitan, too. At least some voted Remain for that reason — the old nationalism has been dented in the decades of a failed European experiment.

But make no mistake, the myths have always been there. We’re still trying to break free.