In Reality Winner Case, Government Warns of Recruitment by Media Outlets that “Procure the Unauthorized Disclosure of Classified Info”

/6 Comments/in , , /by

As I’ve reported recently Reality Winner has claimed both that her interview with the FBI was not consensual and that she should be released on bail like people who’ve leaked more sensitive documents, including David Petraeus. Significantly, Winner made claims about her interview and DOJ’s lack of related accusations to suggest the leak of the single document to the Intercept is all they’ve got on her.

The government responded to Winner’s claims — in their response to her request for bail — with a whole new set of claims not included in other documents (on top of making fairly ridiculous claims to suggest Winner should be detained when those who had access — and in the case of David Petraeus, leaked — far more classified information were not).

In the response itself, they raise issues that are fair and significant. But they all seem designed to suggest that Winner must be treated more harshly than Petraeus because she’s more likely to be “recruited” by “non-governmental organizations and media outlets that advocate and procure the unauthorized disclosure of classified information.”

At the same time, the Defendant is an attractive candidate for recruitment by well-funded foreign intelligence services and non-governmental organizations and media outlets that advocate and procure the unauthorized disclosure of classified information.

Consider how the government treats different media outlets.

The Washington Post

First, the government’s description of Winner’s phone searches suggest Winner sent the document to a “print news outlet” in addition to the Intercept, and kept looking at both to see if they published the document.

  • On May 9, the Defendant searched for the secure mailing address of a Print News Outlet, viewed a document called “How to Share Documents and News Tips with [Print News Outlet] Journalists” on the Print News Outlet’s website, searched for an Online News Outlet and “secure drop,” and viewed the Online News Outlet’s page containing instructions for the anonymous transmission of leaked information.
  • On May 12, a few days after she mailed the leaked document, the Defendant searched online for the Print News Outlet referenced on May 9, as well as the Online News Outlet to which she transmitted the leaked document, and viewed the homepages of both publications.
  • On May 13, the Defendant searched for the Print News Outlet, viewed its homepage, and then searched “[IC component] leak” and “[IC component] leak [Foreign Country]” on multiple occasions.
  • On May 14, the Defendant searched for and viewed the Print News Outlet’s homepage, and then searched within the Print News Outlet’s website for the name of the relevant IC component. She also searched for and viewed the Online News Outlet’s homepage.
  • On May 22, the Defendant viewed both the Print News and Online News Outlets’ websites, and she searched for the name of the relevant IC component within both websites.

The Washington Post’s “confidential tips” page comes up on a search for “How to Share Documents and News Tips” (though the page does not now have that name). That suggests Winner shared a copy of this document with the WaPo as well as the Intercept. But the focus in these materials on a completed crime is exclusively focused on the Intercept (which also is not named).

The interview transcript released with this filing does not, apparently, discuss Winner’s leak to what appears to be the WaPo, aside from asking if she sent the leaked document anywhere else, to which she said “no.” The agents interviewing her tipped her that the document had been sent to an online news source that she “subscribes” to. So FBI may not have mentioned WaPo because WaPo did nothing with the story — or at least nothing with a source who then informed the government, which is how the Intercept got exposed — meaning the FBI did not yet know about it. Or perhaps the FBI was just far more interested in the fact that Winner leaked to the Intercept.

Wikileaks and Anonymous

The filing does its most significant damage in repeating Winner’s support for WikiLeaks, Edward Snowden, and Anonymous. According to the filing, at the same time she was looking for clearance jobs in November 2016 (at the end of her deployment), she was researching anonymous and Wikileaks.

The Defendant’s duplicity is starkly illustrated by the fact that she researched opportunities to access classified information (multiple searches for jobs requiring a security clearance on ClearanceJobs.com) at the same time in November 2016 that she searched for information about anti-secrecy organizations (Anonymous and Wikileaks).

And in March, she told her sister she was “on Assange’s [and Snowden’s] side.”

On March 7, 2017, the Defendant searched for online information about Vault 7, Wikileaks’s alleged compromise of classified government information. Later on March 7, 2017, the Defendant engaged in the following Facebook chat with her sister in which she expressed her delight at the impact of the alleged compromise reported by Wikileaks:

SISTER: OMG that Vault 7 stuff is scary too

WINNER: It’s so awesome though. They just crippled the program.

SISTER: So you’re on Assange’s side

WINNER: Yes. And Snowden

It’s not just that Winner is reading Wikileaks and Snowden-leaked documents (which the government would be happy to use to villainize a leaker in any case). She’s cheering the destruction of CIA (and by association, NSA) capabilities. Which is not something the more prolific leaker David Petraeus did.

The curious declassification of an FBI interview about leaking

Before I get into how these materials treat the Intercept, let me take a detour to talk about the declassification of Winner’s interview which, because it discusses her work at NSA, includes a lot of information that must be classified.

As a number of outlets noted (I believe Politico reported it first), when the transcript of her FBI interview was first released, it included Winner’s social security number and date of birth — a no-no for PACER documents. It included her home computer password. It also revealed Winner worked on collection targeting Iranian Aerospace Forces Group, a remarkable disclosure given that the government says Winner can’t be released because she’ll be targeted by foreign governments (in addition to “non-governmental organizations and media outlets that advocate and procure the unauthorized disclosure of classified information”); they’ve just put a bullseye on her back for Iran. It also reveals she used to work for a drone mission. It includes the code name and the street name of her NSA location.

For either privacy and security reasons, those are remarkable disclosures.

Now consider what they did redact.

There’s a reference to Russian hacking (or the election), and Winner’s description of something akin to that. There’s a few more references, perhaps on the election, again redacted.

Perhaps the most interesting (and understandable) redaction is her explanation for why she thought the collection points on Russian hackers were already compromised.

[sigh] I had figured that, uhm, [half line redacted] that it didn’t matter anyway. Uhm honestly, uh, I just figured that whatever we were using had already been compromised, and this report was just going to be like a – one drop in the bucket.

All of which is to say the classification decisions here are pretty random.

Which is all the more interesting given the fact that the document has no declassification notes, describing who declassified it and for what purpose. If I’m Winner’s lawyers, I’m on the phone with former ISOO head Bill Leonard (who has served as an expert witness in past leak cases), asking him to testify that in a case about mishandling classified information, the government didn’t handle this document in rigorous fashion.

The Intercept: hiding the name, the motive, and a few more details

Which brings me to the decisions about redactions on parts of the transcript that pertain to the Intercept.

It hides the Intercept’s name, but also several references to her motive, including one very long description (on PDF 69)

More interesting, it redacts details about how she mailed it to the Intercept.

And redacts another passage where she describes how she found the address to send it to the Intercept — the actual details of which are included in the passage on her phone searches, above.

It redacts another passage asking whether she included anything in the envelope to the Intercept.

All of which is to say that in submissions that claim Winner is a particular risk because she might be “recruited” by NGOs and “media outlets that advocate and procure the unauthorized disclosure of classified information,” it is still hiding key details about Winner’s descriptions of her actions with respect to the Intercept.

After reading this transcript, I’m actually surprised the government hasn’t (yet) taken a harsher approach, perhaps charging her for a leak to the WaPo or for lying, initially, to the FBI (not charging her for lying to the FBI is one way, I guess, where she is getting the treatment David Petraeus got).

That may suggest they’re entertaining going after the Intercept here, for “recruiting” Reality Winner — a replay of the tactic they tried with Chelsea Manning years ago, only this time with an Attorney General and a Congress rushing to invent new categories of non-state hostile intelligence services to criminalize some kinds of publishing.

Government Decides Reality Winner Leaked Just One Document After All

/3 Comments/in , /by

Back in June, I noted that one of the reasons the government convinced a judge to deny Reality Winner bail was that she had leaked documents, plural.

There’s no written record for this yet, but it appears from one of the less-shitty reports on the hearing that the claim is based on three things: First, Winner stuck a thumb drive in a Top Secret computer last year.

Winner inserted a portable hard drive in a top-secret Air Force computer before she left the military last year. She said authorities don’t know what happened to the drive or what was on it.

Second, because Solari portrayed the 25-year old translator’s knowledge as a danger unto itself (more ridiculously, she painted Winner’s knowledge of Tor — which Winner didn’t use to look up sensitive information — as a means by which she might flee).

“We don’t know how much more she knows and how much more she remembers,” Solari said. “But we do know she’s very intelligent. So she’s got a lot of valuable information in her head.”

And finally, because Winner told her mother, in a conversation from jail that was recorded, that she was sorry about the documents, plural.

Solari said Winner also confessed to her mother during a recorded jailhouse phone call, saying: “Mom, those documents. I screwed up.”

Solari apparently emphasized the latter point as a way to suggest Winter might still have documents to leak.

Solari stressed that Winner referred to “documents” in the plural, and that federal agents were looking to see whether she may have stolen other classified information.

The idea is that because Winner used the plural and she only leaked one document, there must be more she’s planning on leaking.

Except that doesn’t appear right.

It appears Winner actually already leaked two documents. [my emphasis]

I showed that Winner actually leaked two documents to the Intercept.

Curiously, it appears the prosecutor in this case, Jennifer Solari, has changed her mind. Attached to a motion to reconsider bail, Winner’s lawyers have noted that weeks after claiming Winner had to be jailed because she told her mom she had stolen multiple documents, Solari listened to the transcript and decided Winner only referred to a document, singular.

The following is new evidence that was not available at the time of the initial detention hearing (and could not have reasonably been available given the mere three days between the initial appearance and detention hearing), all of which have a material bearing on the issue of release. • While repeatedly alleging that Ms. Winner disclosed numerous “documents” at the initial detention hearing—a fact that the Court specifically noted in its findings to support detention the Government has, via email to this Court, retracted those assertions. The Government now alleges there was only one document, rather than numerous documents, at issue. [See Exhibit A (email correspondence from Assistant United States Attorney Jennifer Solari to defense counsel and the Court dated June 29, 2017); Doc. 29 p. 105; see also Doc. 72].

In her email informing the defense of this, Solari explained,

Before the hearing, I had only heard a portion of the call in which the defendant asked her mother to “play that angle” regarding the alleged circumstances of her FBI interview. I proffered information about the other jail calls based upon verbal summaries I was provided by the FBI just before the hearing. Now that I’ve heard the recordings myself, I’d like to clarify some of the information for the court and counsel.

Solari goes on to suggest that another correction — regarding why Winner had her mom transfer money — came from an inference the FBI agent made.

I’m glad Solari corrected these issues — prosecutors often double down in such instances. I’d certainly scrutinize the other claims made by the FBI agents in the case after this.

Apparently, the government also left other details out of its story when painting Winter as an opsec genius to deny her bail. For example, in addition to pointing out how many people use Tor, her lawyers revealed that she had used it to access Wikileaks once.

The Government failed to explain, however, that Ms. Winner told the Government during her interrogation on June 3, 2017, that she used Tor once for looking at WikiLeaks.

It also notes that the superseding indictment still just charges Winner for the one document.

Finally, it compares her treatment with all of the other alleged leakers who got bail (including David Petraeus).

It’s unclear whether this will win her release. But it certainly suggests the government overstated her threat in her bail hearing.

The Mark Zaid Materials from the Jeffrey Sterling Trial

/15 Comments/in , /by

Because he just formed a new whistleblower group with John Napier Tye, there as been renewed interest in allegations an FBI Agent made during the Jeffrey Sterling case about attorney Mark Zaid. But there was actually a second detail regarding Zaid released just after the trial that has not been publicly reported: Zaid was interviewed by the FBI, twice, and was even interviewed before Sterling himself was.

I asked Zaid whether he was obligated to do the FBI interviews on Twitter but got no response. I think it’s possible FBI asked to interview him as much because the Senate Intelligence Committee was refusing to cooperate in the investigation as anything else; at the time, FBI considered SSCI staffer Bill Duhnke a more likely suspect than Sterling (and it’s not clear they ever ruled him out).

Let me be clear: I’m posting these materials to make the full context of them accessible. Zaid has not explained these, but he has promised repeatedly there is an explanation for them. As noted, there may be a perfectly logical explanation that has as much to do with Senate privileges as it does with attorney-client.

In any case, these materials are just what was directly related to the criminal case. The criminal investigation actually interacted with events in Sterling’s EEO lawsuit — which is what Zaid was primarily representing Sterling on in 2003 — in even more interesting ways I may return to.

Special Agent Ashley Hunt’s accusations

The following accusation came in prosecutor Eric Olshan’s redirect of Ashley Hunt, the FBI witness in the trial, after Sterling’s lawyers had demonstrated that the investigation was narrowly focused on Sterling without questioning some of the other possible witnesses in the case.

Q. When you initiated the investigation, I believe you testified it was in April of 2003?

A. That’s correct.

Q. At the time when you initiated your investigation concerning unauthorized disclosure of classified information to James Risen, did you learn any information regarding Mark Zaid and Mr. Krieger that, that directed your investigation?

A. I did.

MR. MAC MAHON: Your Honor, objection. That door was not opened as to Mr. Sterling’s prior lawyers.

MR. OLSHAN: Your Honor, this is about why —

THE COURT: Again, the scope of the investigation, what was done and not done, was clearly part of the cross. I’m going to allow it, excuse me, on redirect; and if there needs to be recross on that, you’ll be allowed to. Go ahead.

MR. MAC MAHON: Thank you, Your Honor.

BY MR. OLSHAN: Q. What did you learn at the outset of your investigation about information from Mr. Krieger and Zaid that helped you direct your investigation and focus it?

A. When I opened my investigation on April 8, 2003, my investigation was based on a report I received from the CIA dated April 7, 2003. In that report, the CIA provided information about the fact —

MR. MAC MAHON: Your Honor, that’s hearsay.

THE COURT: Wait.

MR. OLSHAN: Your Honor, this is not for the truth. It’s why she took the actions.

THE COURT: It explains why she is acting, takes the investigative tacks that she does, so I’m going to overrule the objection. It’s not hearsay.

BY MR. OLSHAN: Q. You may continue, Special Agent Hunt.

A. The CIA advised that on February 24, 2003, it was contacted by Mark Zaid and Roy Krieger. They told the CIA on February 24 that a client of theirs had contacted them on February 21, 2003, and that that client, that unnamed client at the time voiced his concerns about an operation that was nuclear in nature, and he threatened to go to the media.

Q. Did you later learn who that client was from Mr. Zaid and Mr. Krieger in the course of your investigation?

A. I did.

Q. Did those facts help you focus the direction of your investigation?

A. They did.

Q. And who did you learn was the client of Mr. Krieger and Mr. Zaid?

A. Jeffrey Sterling.

On recross, Sterling lawyer Edward McMahon worked to undercut the revelation by having Hunt describe how, when she wrote up a memo on the case on April 12, 2003, she believed it unlikely he was the leaker.

Q. Okay. And you had written about Mr. Sterling in 2003, hadn’t you, the same time you’re telling in answer to Mr. Olshan’s questions that you were hearing some hearsay about Mr. Sterling’s lawyers?

A. I’m sorry, what’s the question?

Q. You said you had heard some hearsay that Mr. Sterling’s lawyers were talking about him at the CIA, correct?

A. What I said is that his attorneys went to the CIA on February 24. At that time, they did not name Jeffrey Sterling.

Q. All right. But on April 12 of 2003, you wrote a memo about Mr. Sterling, and you said that it was unlikely that it was Mr. Sterling who was the leak, correct?

A. If I wrote that at that time, then that was based on the information I had at that time.

Q. Right. You said that it’s unlikely that someone who has already attempted to settle an EEO lawsuit for a few hundred thousand dollars would choose to attack and enrage the organization from which he seeks but has not yet received a settlement. That’s your writing, isn’t it?

A. I don’t know. You haven’t shown me the document.

Q. And you also in the same document dismiss your concerns about Mr. Zaid and Krieger, correct? You don’t remember that?

A. I don’t know. It was 12 years ago.

Q. And in the last 12 years, you still haven’t come up with any proof that Mr. Sterling ever talked to Mr. Risen about Classified Program No. 1 or Merlin, right?

A. Correct.

Thus far, the timeline looks like this:

February 21: Alleged contact between Sterling and Zaid (not stated whether this is phone call or email, which would show up in call records available with a relevance standard)

February 24: Alleged call from Zaid and his partner warning that one of their clients would leak

April 7: CIA referral includes their claim about Zaid call

April 8: Hunt opens investigation

April 12: Hunt writes memo dismissing likelihood that Sterling is leaker

The FBI Interview Dates

Now consider the dates of the 2003 FBI 302s included in these two CIPA letters (the names with the first initial last name are CIA witnesses; it’s unclear whether that’s true of the entirely redacted names).

April 12: Redacted name

April 12: Robert J. E

April 12: Bob S

April 13: Redacted name

April 13: Redacted name

April 14: Bill H (almost certainly Bill Harlow, CIA’s then spox)

April 18: Mark Zaid (three page 302)

April 28: Bill H (again, almost certain Harlow)

May 7: Redacted name

May 9: Redacted name

June 19: Sterling

June 26: Bob S (Sterling’s supervisor)

July 18: Redacted name

July 21: Thomas H

August 1: David C

August 13: Redacted name

August 14: Diane F

That is, the memo where Hunt said she didn’t think Sterling was the leaker was written either before she had done any interviews, or after she had done just the first CIA ones (including with Sterling’s boss, who definitely blamed Sterling). The first round of interviews appear to be primarily or all CIA witnesses.

And the next interview — at least among those that Sterling’s defense thought they might use at trial — was Zaid. Zaid’s interview, in fact, was months before Sterling’s. The second letter shows a second Zaid interview on September 2, 2010.

To emphasize: Sterling’s lawyers requested these FBI interviews be available for trial, not the prosecution. It’s unclear whether they did that because the interviews would have helped them, or because (as was the case with virtually all the other witnesses) they thought they might need to draw on those interviews for cross-examination.

But unless there’s some wildly egregious error in these files, Mark Zaid did two interviews with the FBI before he — obligated by subpoena, he said repeatedly — testified before the grand jury on September 22, 2010.

Not Mentioned in Roger Stone’s Straw Rat-Fucker Statement: the Peter Smith Rat-Fuck

/14 Comments/in , , /by

Earlier today, legendary rat-fucker Roger Stone had a three hour interview before the House Intelligence Committee. Before the interview, he leaked his testimony, as all of the most implicated Trump officials — save Paul Manafort — have.

The testimony is telling for multiple reasons. Given the recent trouble I got in for saying “rat-fucker” on TV, I’m particularly invested in the way he avoided calling himself one.

As to the substance of the report, it is delightfully, tellingly, squirrelly in two different ways. First, his generalized denial is very specific to colluding with the Russian state to affect the outcome of the 2016 election; this is a point Renato Mariotti makes here.

I have no involvement in the alleged activities that are within the publicly stated scope of this Committee’s investigation  — collusion with the Russian state to affect the outcome of the 2016 election.

I’m even more interested in how he depicts what he claims are the three allegations made against him.

Members of this Committee have made three basic assertions against me which bust be rebutted her today. The charge that I knew in advance about, and predicted, the hacking of the Clinton campaign chairman John Podesta’s email, that I had advanced knowledge of the source or actual content of the WikiLeaks disclosures regarding Hillary Clinton or that, my now public exchange with a persona that our intelligence agencies claim, but cannot prove, is a Russian asset, is anything but innocuous and are entirely false.

In point of fact, this tripartite accusation is actually a misstatement of the allegations against him (though in his rebuttal of them, he is helped immensely by the sloppiness of public statements made by Democrats, especially those on the panel, which I’ve criticized myself). Generally, the accusation is more direct: that in conversing with both Julian Assange (though a cut-out) and Guccifer 2.0, Stone was facilitating or in some way helping the Trump campaign maximally exploit the Russian releases that were coming.

Which is why I find one other silence quite interesting: Stone makes no mention of the Peter Smith operation to find the emails, purportedly related to the Clinton Foundation, deleted from Hillary’s server. As I noted here, along with reaching out to multiple suspected Russian hackers and advising those with emails that might be Foundation emails to share them with WikiLeaks, rat-fucker Smith also pushed GOP operatives like rat-fucker Stone to reach out to Guccifer 2.0.

Instead, Johnson said, he put the word out to a “hidden oppo network” of right-leaning opposition researchers to notify them of the effort. Johnson declined to provide the names of any of the members of this “network,” but he praised Smith’s ambition.

“The magnitude of what he was trying to do was kind of impressive,” Johnson said. “He had people running around Europe, had people talking to Guccifer.” (U.S. intelligence agencies have linked the materials provided by “Guccifer 2.0”—an alias that has taken credit for hacking the Democratic National Committee and communicated with Republicanoperatives, including Trump confidant Roger Stone—to Russian government hackers.)

As I noted, there is much about the events from August to October that suggest Republicans may have believed WikiLeaks had obtained, and might be leaking, the Clinton Foundation emails, only to have the John Podesta ones released in their stead.

If I’m right, it would mean that by pitching everything as pertaining to Podesta, and not to other emails, Stone can more successfully deny his involvement.

And Stone’s timeline obscures some of the key details here, notably leaving out his incorrect predictions not just of an October 5 release, but that they’d be the Foundation emails.

Also note: Stone describes his exchange with Guccifer as starting on August 14. That’s actually not right. It started on August 13 (actually, August 12 East Coast time), with this tweet, which puts it in the context of two offers for files.

It’s definitely true (in the DMs that Stone includes) that Stone ultimately doesn’t response to Guccifer 2.0’s offers of data.

But that timeline also extends matters just to where things were heating up on Smith’s hunt for Clinton Foundation documents.

As noted above, Stone has denied colluding with the Russian state to affect the outcome of the election. But that’s not a denial of colluding with Russian hackers or Russian assets (the latter a rather curious term Stone uses twice to refer to Guccifer 2.0 in his statement, but not in the Breitbart piece in which he claims to have refuted claims he was an “asset”) to “prove Hillary’s corruption” or some such excuse for digging up more dirt on Hillary.

And that’s precisely the kind of thing we know a rat-fucker like Stone would do, and precisely the kind of thing we know other rat-fuckers were doing.

One Thing Not Mentioned in Mueller Requests from the White House: The Putin Phone Call

/18 Comments/in , /by

Yesterday, three different outlets published versions of the list of stuff Robert Mueller has requested of the White House. The NYT describes Mueller asking for details of the in-person meeting with Russians after Comey’s firing, as well as details of Comey and Flynn’s firing,

Mueller’s office sent a document to the White House that detailed 13 different areas that investigators want more information about. Since then, administration lawyers have been scouring White House emails and asking officials whether they have other documents or notes that may pertain to Mr. Mueller’s requests.

One of the requests is about a meeting Mr. Trump had in May with Russian officials in the Oval Office the day after James B. Comey, the F.B. I director, was fired. That day, Mr. Trump met with the Russian foreign minister, Sergey V. Lavrov, and the Russian ambassador to the United States, Sergey I. Kislyak, along with other Russian officials. The New York Times reported that in the meeting Mr. Trump said that firing Mr. Comey relieved “great pressure” on him.

Mr. Mueller has also requested documents about the circumstances of the firing of Michael T. Flynn, who was Mr. Trump’s first national security adviser. Additionally, the special counsel has asked for documents about how the White House responded to questions from The Times about a June 2016 meeting at Trump Tower. That meeting was set up by Donald Trump Jr., the president’s eldest son, to get derogatory information from Russians about Hillary Clinton.

WaPo adds communications with Paul Manafort to the list and fleshes out the nature of the requests on Flynn and Comey.

Mueller has requested that the White House turn over all internal communications and documents related to the FBI interview of Flynn in January, days after he took office, as well as any document that discusses Flynn’s conversations with then­-Russian Ambassador Sergey Kislyak in December. Mueller has also asked for records about meetings then-Deputy Attorney General Sally Yates held with White House counsel Don McGahn in late January to alert him to Justice Department concerns about Flynn, as well as all documents related to Flynn’s subsequent ouster by the White House.

Regarding Comey, Mueller has asked for all documents related to meetings between Trump and Comey while Comey served at the FBI, records of any discussions regarding Comey’s firing and any documents related to a statement by then-press secretary Sean Spicer made on the night Comey was fired.

Here’s CNN’s mostly derivative version.

There’s one thing that’s not explicitly on this list (though it might be included in the larger request for details on Flynn’s firing): details surrounding the January 28th phone conversation between Trump and Putin, which included a bunch of people who happen to no longer be at the White House.

As a number of Democrats noted in the Sally Yates hearing before Senate Judiciary Committee, the call took place in the immediate wake of Yates’ two conversations with Don McGahn about Flynn’s potential for compromise by the Russians because of his lies about his conversation with Sergey Kislyak.

HIRONO: Others of my colleagues have mentioned, and you yourself, Mr. Clapper, said that RT is a Russian mouthpiece to spread propaganda. And, of course, we know that General Flynn attended a gala hosted by — or a 10th anniversary gala for RT in December, 2015, where he sat next President Putin and got paid over $33,000 for that.

Mr. Clapper, given the conversation that Ms. Yates provided to the White House regarding — and this is during the January 26th and 27th timeframe — regarding General Flynn, should he have sat in on the following discussions?

On January 28th, he participated in an hour-long call, along with President Trump, to President Putin. And on February 11th, he participated in a discussion with Prime Minister Abe and the president at Mar-a-Lago to discuss North Korea’s missile tests.

Should he — given the — the information that had already been provided by Ms. Yates, should he have participated in these two very specific instances?

In comments on Yates’ testimony when it got canceled on March 28, Adam Schiff focused on the possible explanation for why Flynn was kept on, through that meeting and for 18 days total after Yates’ warning to the White House.

In other words, the big question surrounding Flynn’s firing seems to have as much to do with why he wasn’t fired as why he was, eventually, 18 days after getting notice he was in trouble with DOJ. And the import of including him in that phone call with Putin seems to be a part of that.

Again, that may well be included in the universe of documents on Flynn’s firing (I’d love to see Yates’ firing in there as well, as the Muslim ban was used as an excuse to fire her just as she was raising concerns about Flynn). But it seems important to learn why Trump felt the need to keep Flynn on even after his communications with the Russians had gotten him in legal trouble.

Can Congress — or Robert Mueller — Order Facebook to Direct Its Machine Learning?

/7 Comments/in , , , , /by

The other day I pointed out that two articles (WSJ, CNN) — both of which infer that Robert Mueller obtained a probable cause search warrant on Facebook based off an interpretation that under Facebook’s privacy policy a warrant would be required — actually ignored two other possibilities. Without something stronger than inference, then, these articles do not prove Mueller got a search warrant (particularly given that both miss the logical step of proving that the things Facebook shared with Mueller count as content and not business records).

In response to that and to this column arguing that Facebook should provide more information, some of the smartest surveillance lawyers in the country discussed what kind of legal process would be required, but were unable to come to any conclusions.

Last night, WaPo published a story that made it clear Congress wanted far more than WSJ and CNN had suggested (which largely fell under the category of business records and the ads posted to targets, the latter of which Congress had been able to see but not keep). What Congress is really after is details about the machine learning Facebook used to identify the malicious activity identified in April and the ads described in its most recent report, to test whether Facebook’s study was thorough enough.

A 13-page “white paper” that Facebook published in April drew from this fuller internal report but left out critical details about how the Russian operation worked and how Facebook discovered it, according to people briefed on its contents.

Investigators believe the company has not fully examined all potential ways that Russians could have manipulated Facebook’s sprawling social media platform.

[snip]

Congressional investigators are questioning whether the Facebook review that yielded those findings was sufficiently thorough.

They said some of the ad purchases that Facebook has unearthed so far had obvious Russian fingerprints, including Russian addresses and payments made in rubles, the Russian currency.

Investigators are pushing Facebook to use its powerful data-crunching ability to track relationships among accounts and ad purchases that may not be as obvious, with the goal of potentially detecting subtle patterns of behavior and content shared by several Facebook users or advertisers.

Such connections — if they exist and can be discovered — might make clear the nature and reach of the Russian propaganda campaign and whether there was collusion between foreign and domestic political actors. Investigators also are pushing for fuller answers from Google and Twitter, both of which may have been targets of Russian propaganda efforts during the 2016 campaign, according to several independent researchers and Hill investigators.

“The internal analysis Facebook has done [on Russian ads] has been very helpful, but we need to know if it’s complete,” Schiff said. “I don’t think Facebook fully knows the answer yet.”

[snip]

In the white paper, Facebook noted new techniques the company had adopted to trace propaganda and disinformation.

Facebook said it was using a data-mining technique known as machine learning to detect patterns of suspicious behavior. The company said its systems could detect “repeated posting of the same content” or huge spikes in the volume of content created as signals of attempts to manipulate the platform.

The push to do more — led largely by Adam Schiff and Mark Warner (both of whom have gotten ahead of the evidence at times in their respective studies) — is totally understandable. We need to know how malicious foreign actors manipulate the social media headquartered in Schiff’s home state to sway elections. That’s presumably why Facebook voluntarily conducted the study of ads in response to cajoling from Warner.

But the demands they’re making are also fairly breathtaking. They’re demanding that Facebook use its own intelligence resources to respond to the questions posed by Congress. They’re also demanding that Facebook reveal those resources to the public.

Now, I’d be surprised (pleasantly) if either Schiff or Warner made such detailed demands of the NSA. Hell, Congress can’t even get NSA to count how many Americans are swept up under Section 702, and that takes far less bulk analysis than Facebook appears to have conducted. And Schiff and Warner surely would never demand that NSA reveal the extent of machine learning techniques that it uses on bulk data, even though that, too, has implications for privacy and democracy (America’s and other countries’). And yet they’re asking Facebook to do just that.

And consider how two laws might offer guidelines, but (in my opinion) fall far short of authorizing such a request.

There’s Section 702, which permits the government to oblige providers to provide certain data on foreign intelligence targets. Section 702’s minimization procedures even permit Congress to obtain data collected by the NSA for their oversight purposes.

Certainly, the Russian (and now Macedonian and Belarus) troll farms Congress wants investigated fall squarely under the definition of permissible targets under the Foreign Government certificate. But there’s no public record of NSA making a request as breathtaking as this one, that Facebook (or any other provider) use its own intelligence resources to answer questions the government wants answered. While the NSA does draw from far more data than most people understand (including, probably, providers’ own algorithms about individually targeted accounts), the most sweeping request we know of involves Yahoo scanning all its email servers for a signature.

Then there’s CISA, which permits providers to voluntarily share cyber threat indicators with the federal government, using these definitions:

(A) IN GENERAL.—Except as provided in subparagraph (B), the term “cybersecurity threat” means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.

(B) EXCLUSION.—The term “cybersecurity threat” does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.

(6) CYBER THREAT INDICATOR.—The term “cyber threat indicator” means information that is necessary to describe or identify—

(A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;

(B) a method of defeating a security control or exploitation of a security vulnerability;

(C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability;

(D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;

(E) malicious cyber command and control;

(F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat;

(G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or

(H) any combination thereof.

Since January, discussions of Russian tampering have certainly collapsed Russia’s efforts on social media with their various hacks. Certainly, Russian abuse of social media has been treated as exploiting a vulnerability. But none of this language defining a cyber threat indicator envisions the malicious use of legitimate ad systems.

Plus, CISA is entirely voluntary. While Facebook thus far has seemed willing to be cajoled into doing these studies, that willingness might change quickly if they had to expose their sources and methods, just as NSA clams up every time you ask about their sources and methods.

Moreover, unlike the sharing provisions in 702 minimization procedures, I’m aware of no language in CISA that permits sharing of this information with Congress.

Mind you, part of the problem may be that we’ve got global companies that have sources and methods that are as sophisticated as those of most nation-states. And, inadequate as they are, Facebook is hypothetically subject to more controls than nation-state intelligence agencies because of Europe’s data privacy laws.

All that said, let’s be aware of what Schiff and Warner are asking for, however justified it may be from a investigative standpoint. They’re asking for things from Facebook that they, NSA’s overseers, have been unable to ask from NSA.

If we’re going to demand transparency on sources and methods, perhaps we should demand it all around?

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Domestic Communications NSA Won’t Reveal Are Almost Certainly Obscured Location Communications

/3 Comments/in , /by

The other day, I laid out the continuing fight between Director of National Intelligence Dan Coats and Senator Ron Wyden over the former’s unwillingness to explain why he can’t answer the question, “Can the government use FISA Act Section 702 to collect communications it knows are entirely domestic?” in unclassified form. As I noted, Coats is parsing the difference between “intentionally acquir[ing] any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States,” which Section 702 prohibits, and “collect[ing] communications [the government] knows are entirely domestic,” which this exchange and Wyden’s long history of calling out such things clearly indicates the government does.

As I noted, the earlier iteration of this debate took place in early June. Since then, we’ve gotten two sets of documents that all but prove that the entirely domestic communication the NSA refuses to tell us about involves communications that obscure their location, probably via Tor or VPNs.

Most Entirely Domestic Communications Collected Via Upstream Surveillance in 2011 Obscured Their Location

The first set of documents are those on the 2011 discussion about upstream collection liberated just recently by Charlie Savage. They show that in the September 7, 2011 hearing, John Bates told the government that he believed the collection of discrete communications the government had not examined in their sampling might also contain “about” communications that were entirely domestic. (PDF 113)

We also have this other category, in your random sampling, again, that is 9/10ths of the random sampling that was set aside as being discrete communications — 45,000 out of the 50,0000 — as to which our questioning has indicataed we have a concern that some of the about communications may actually have wholly domestic communications.

And I don’t think that you’ve really assessed that, either theoretically or by any actual examination of those particular transactions or communications. And I’m not indicating to you what I expect you to do, but I do have this concern that there are a fair number of wholly domestic communications in that category, and there’s nothing–you really haven’t had an opportunity to address that, but there’s nothing that has been said to date that would dissuade me from that conclusion. So I’m looking there for some convincing, if you will, assessment of why there are not wholly domestic communications with that body which is 9/10s of the random sample.

In a filing submitted two days later, the government tried to explain away the possibility this would include (many) domestic communications. (The discussion responding to this question starts at PDF 120.) First, the NSA used technical means to determine that 41,272 of the 45,359 communications in the sample were not entirely domestic. That left 4,087 communications, which the NSA was able to analyze in just 48 hours. Of those, the NSA found just 25 that were not to or from a tasked selector (meaning they were “abouts” or correlated identities, described as “potentially alternate accounts/addresses/identifiers for current NSA targets” in footnote 7, which may be the first public confirmation that NSA collects on correlated identifiers). NSA then did the same kind of analysis it does on the communications that it does as part of its pre-tasking determination that a target is located outside the US. This focused entirely on location data.

Notably, none of the reviewed transactions featured an account/address/identifier that resolved to the United States. Further, each of the 25 communications contained location information for at least one account/address/identifier such that NSA’s analysts were able assess [sic] that at least one communicant for each of these 25 communications was located outside of the United States. (PDF 121)

Note that the government here (finally) drops the charade that these are simply emails, discussing three kinds of collection: accounts (which could be both email and messenger accounts), addresses (which having excluded accounts would significantly include IP addresses), and identifiers. And they say that having identified an overseas location for the communication, NSA treats it as an overseas communication.

The next paragraph is even more remarkable. Rather than doing more analysis on those just 25 communications it effectively argues that because latency is bad, it’s safe to assume that any service that is available entirely within the US will be delivered to an American entirely within the US, and so those 25 communications must not be American.

Given the United States’ status as the “world’s premier electronic communications hub,” and further based on NSA’s knowledge of Internet routing patterns, the Government has already asserted that “the vast majority of communications between persons located in the United States are not routed through servers outside the United Staes.” See the Government’s June 1, 2011 Submission at 11. As a practical matter, it is a common business practice for Internet and web service providers alike to attempt to deliver their customers the best user experience possible by reducing latency and increasing capacity. Latency is determined in part by the geographical distance between the user and the server, thus, providers frequently host their services on servers close to their users, and users are frequently directed to the servers closest to them. While such practices are not absolute in any respect and are wholly contingent on potentially dynamic practices of particular service providers and users,9 if all parties to a communication are located in the United States and the required services are available in the United States, in most instances those communications will be routed by service providers through infrastructure wholly within the United States.

Amid a bunch of redactions (including footnote 9, which is around 16 lines long and entirely redacted), the government then claims that its IP filters would ensure that it wouldn’t pick up any of the entirely domestic exceptions to what I’ll call its “avoidance of latency” assumption and so these 25 communications are no biggie, from a Fourth Amendment perspective.

Of course, the entirety of this unredacted discussion presumes that all consumers will be working with providers whose goal is to avoid latency. None of the unredacted discussion admits that some consumers choose to accept some latency in order to obscure their location by routing it through one (VPN) or multiple (Tor) servers distant from their location, including servers located overseas.

For what it’s worth, I think the estimate Bates did on his own to come up with a number of these SCTs was high, in 2011. He guessed there would be 46,000 entirely domestic communications collected each year; by my admittedly rusty math, it appears it would be closer to 12,000 (25 / 50,000 comms in the sample = .05% of the total; .05% of the 11,925,000 upstream transactions in that 6 month period = 5,962, times 2 = roughly 12,000 a year). Still, it was a bigger part of the entirely domestic upstream collection than those collected as MCTs, and all those entirely domestic communications have been improperly back door searched in the interim.

Collyer claims to have ended “about” collection but admits upstream will still collect entirely domestic communications

Now, if that analysis done in 2011 were applicable to today’s collection, there shouldn’t be a way for the NSA to collect entirely domestic communications today. That’s because all of those 25 potentially domestic comms were described as “about” collection. Rosemary Collyer has, according to her IMO apparently imperfect understanding of upstream collection, shut down “about” collection. So that should have eliminated the possibility for entirely domestic collection via upstream, right?

Nope.

As she admits in her opinion, it will still be possible for the NSA to “acquire an MCT” (that is, bundled collection) “that contains a domestic communication.”

So there must be something that has changed since 2011 that would lead NSA to collect entirely domestic communications even if that communication didn’t include an “about” selector.

In 2014 Collyer enforced a practice that would expose Americans to 702 collection

Which brings me back to the practice approved in 2014 in which, according to providers newly targeted under the practice, “the communications of U.S. person will be collected as part of such surveillance.”

As I laid out in this post, in 2014 Thomas Hogan approved a change in the targeting procedures. Previously, all users of a targeted facility had to be foreign for it to qualify as a foreign target. But for some “limited” exception, Hogan for the first time permitted the NSA to collect on a facility even if Americans used that facility as well, along with the foreign targets.

The first revision to the NSA Targeting Procedures concerns who will be regarded as a “target” of acquisition or a “user” of a tasked facility for purposes of those procedures. As a general rule, and without exception under the NSA targeting procedures now in effect, any user of a tasked facility is regarded as a person targeted for acquisition. This approach has sometimes resulted in NSA’ s becoming obligated to detask a selector when it learns that [redacted]

The relevant revision would permit continued acquisition for such a facility.

It appears that Hogan agreed it would be adequate to weed out American communications after collection in post-task analysis.

Some months after this change, some providers got some directives (apparently spanning all three known certificates), and challenged them, though of course Collyer didn’t permit them to read the Hogan opinion approving the change.

Here’s some of what Collyer’s opinion enforcing the directives revealed about the practice.

Collyer’s opinion includes more of the provider’s arguments than the Reply did. It describes the Directives as involving “surveillance conducted on the servers of a U.S.-based provider” in which “the communications of U.S. person will be collected as part of such surveillance.” (29) It says [in Collyer’s words] that the provider “believes that the government will unreasonably intrude on the privacy interests of United States persons and persons in the United States [redacted] because the government will regularly acquire, store, and use their private communications and related information without a foreign intelligence or law enforcement justification.” (32-3) It notes that the provider argued there would be “a heightened risk of error” in tasking its customers. (12) The provider argued something about the targeting and minimization procedures “render[ed] the directives invalid as applied to its service.” (16) The provider also raised concerns that because the NSA “minimization procedures [] do not require the government to immediately delete such information[, they] do not adequately protect United States person.” (26)

[snip]

Collyer, too, says a few interesting things about the proposed surveillance. For example, she refers to a selector as an “electronic communications account” as distinct from an email — a rare public admission from the FISC that 702 targets things beyond just emails. And she treats these Directives as an “expansion of 702 acquisitions” to some new provider or technology.

Now, there’s no reason to believe this provider was involved in upstream collection. Clearly, they’re being asked to provide data from their own servers, not from the telecom backbone (in fact, I wonder whether this new practice is why NSA has renamed “PRISM” “downstream” collection).

But we know two things. First: the discrete domestic communications that got sucked up in upstream collection in 2011 appear to have obscured their location. And, there is now a means of collecting bundles of communications via upstream collection (assuming Collyer’s use of MCT here is correct, which it might not be) such that even communications involving no “about” collection would be swept up.

Again, the evidence is still circumstantial, but there is increasing evidence that in 2014 the NSA got approval to collect on servers that obscure location, and that that is the remaining kind of collection (which might exist under both upstream and downstream collection) that will knowingly be swept up under Section 702. That’s the collection, it seems likely, that Coats doesn’t want to admit.

The problems with permitting collection on location-obscured Americans

If I’m right about this, then there are three really big problems with this practice.

First, in 2011, location-obscuring servers would not themselves be targeted. Communications using such servers would only be collected (if the NSA’s response to Bates is to be believed) if they included an “about’ selector.

But it appears there is now some collection that specifically targets those location-obscuring servers, and knowingly collects US person communications along with whatever else the government is after. If that’s right, then it will affect far more than just 12,000 people a year.

That’s especially true given that a lot more people are using location-obscuring servers now than on October 3, 2011, when Bates issued his opinion. Tor usage in the US has gone from around 150,000 mean users a day to around 430,000 users.

And that’s just Tor. While fewer VPN users will consistently use overseas servers, sometimes it will happen for efficacy reasons and sometimes it will happen to access content that is unavailable in the US (like decent Olympics coverage).

In neither of Collyer’s opinions did she ask for the kind of numerical counts of people affected that Bates asked for in 2011. If 430,000 Americans a day are being exposed to this collection under the 2014 change, it represents a far bigger problem than the one Bates called a Fourth Amendment violation in 2011.

Finally, and perhaps most importantly, Collyer newly permitted back door searches on upstream collection, even though she knew that (for some reason) it would still collect US person communications. So not only could the NSA collect and hold location obscured US person communications, but those communications might be accessed (if they’re not encrypted) via back door searches that (with Attorney General approval) don’t require a FISA order (though Americans back door searched by NSA are often covered by FISA orders).

In other words, if I’m right about this, the NSA can use 702 to collect on Americans. And the NSA will be permitted to keep what they find (on a communication by communication basis) if they fall under four exceptions to the destruction requirement.

The government is, once again, fighting Congressional efforts to provide a count of how many Americans are getting sucked up in 702 (even though the documents liberated by Savage reveal that such a count wouldn’t take as long as the government keeps claiming). If any of this speculation is correct, it would explain the reluctance. Because once the NSA admits how much US person data it is collecting, it becomes illegal under John Bates’ 2010 PRTT order.

Jemele Hill Is Right, Trump Is A Racist Bigot, Trash Talk

/22 Comments/in , , , , /by

The biggest sports story of the week, unless you are a legal freak in the Zeke Elliot weeds, is more politics than sports. The classy and wonderful Jemele Hill of ESPN let fly some hard truth about Trump on his favorite medium, Twitter. And of course the vacuous suits at Fox News got bent out of shape over the fact a smart woman, especially one of color, had the temerity to point out that their boy Trump was indeed a racist bigot.

I usually tailor videos and images, but had a hard time with this one from USA Today, so you get the full screen scene this time. It is short and lays everything out that you need:

Did Jemele take to a soapbox and do this on air with her partner, Michael Smith on their absolutely excellent Sportscenter 6 platform? Nope, she did it in her private time, on her own personal Twitter account. Now, ESPN is a business, a House of Mouse one at that, so first amendment protections are inapplicable. But that does not mean ESPN ought be censoring or punishing her private thoughts and political speech. Especially on a platform that the snowflake President takes to daily to issue outright lies, bigotry, racism and generally ignorant screed. To ESPN’s credit, while they stepped back from Hill slightly, they did not step away from her. That is good, because Jemele Hill is not only a better and smarter person than Trump, she is quite likely far more popular too. I will stand with her any day and every day.

Okay, back to the games! Hell of a tilt between USC and Texas last night. Don’t know how in the world the Trojans let the Horns back in it, but it was thrilling. In the NFL, it is getting to where who “isn’t” playing is as important as who is. The Cardinals looked horrible last week against Detroit when they had David Johnson, now they don’t, and may not the rest of the year. Luckily, they are playing the Colts, who do not have Andrew Luck. Think Homer Simpson is scheduled to start for the Colts. He probably will beat the hapless Cards.

The Eagles at Chiefs looks to be a great game. Vikings at Steelers looked like it would be too…..but this morning it was announced that Sam Bradford is out for the game. Bradford looked like a world beater last week in collecting up offensive player of the week accolades. But apparently tweaked a knee in the process that we didn’t really see. So, the Vikes will go with Case Keenum today. Not the worst substitute, he is capable.

Cowboys at Broncos looks pretty interesting too. Trevor Siemian did not look that good in the second half last week, and the Broncs were lucky to emerge with a win. He will have to play much better this week, even with the aid of Mile High. The Sunday Night feature of Packers at Falcons should also be great. First NFL game for the Dirty Birds in their new gazillion dollar nest.

Who knows what you will get out of the MNF game between the Lions and Giants? Last week was the return of Really Bad Eli. I am not sure this week will be the return of Good Eli. That is the beauty of it though, like Forrest Gump’s stupid box of chocolates, you just never know what you will get! Matt Stafford has been playing consistently solid ball for quite a while though.

Last, but not least, two future Hall of Famers duel down in Nawlins. Brady and Brees. Deflategate versus Bountygate. Two weeks ago, I would have said this is a laugher. Nut, man, the Patriots looked awfully non-Belichickian last week. So maybe worth a watch.

That is it for this week, rock on.

Financing Medicare For All

/16 Comments/in , /by

If you only read mainstream media you’d think Bernie Sanders’ Medicare for All bill was terrifyingly expensive. An opinion piece behind the paywall in the Wall Street Journal cites a couple of studies with huge headline numbers like $2.5 trillion dollars in the first year, from the Urban Institute. Taxes will soar, government takeover of health care blah blah blah. It comes from centrist Democrats like Jonathan Chait and Ezra Klein who I saw in an appearance on Seth Meyer’s show. Here are two things to bear in mind in self-defense.

1. In 2015, we spent about $3.2 trillion on health care in the US. There is a cool graphic here showing where it was spent and who paid that amount. Maybe the cost of health care covering everyone for the kinds of things the Affordable Care Act requires would cost more than that. (The Sanders Plan covers other services as well as those under the ACA, but let’s ignore that because I can’t find numbers.) We calculate the additional amount we would need by adding the cost of all uninsured people and the cost of the care that people with insurance can’t afford because of deductibles and other co-pays, and subtracting the savings from the new plan. Any analysis that doesn’t start with this is bullshit.

It’s true that the Sanders plan would change who pays and how much, so someone would have to redo that cool graphic I mentioned. Some businesses would pay more, others less, and there would be a change in corporate taxation as deductible costs of insurance change. Some individuals would pay more and others less. But whatever those changes might be, the amount we need to raise isn’t frightening, and practically everyone will be better off.

It’s easy to see the savings from negotiating drug prices, lowering the reimbursement to doctors and hospitals, reducing excess profits from the health insurance companies, and reducing the costs of administration throughout the health care business.

It’s also easy to see that the additional costs are not that high. Approximately 9.1% of us were uninsured in 2015, so the cost might be as high as 10%, or $320 billion. That doesn’t seem too terrible when the savings are deducted. It will be easy to finance that if we want to. I have a long list of things to cut if anyone cares, starting with dismantling the carceral state.

2. We need to think clearly about taxation. We live in a fiat money system; the US is sovereign in its own currency and cannot go bankrupt. I’ve read Modern Monetary Theory by Randall Wray and many shorter pieces and I am convinced. I could make an interesting argument from MMT about this whole matter, but I won’t and I not going to focus on that. If single-payer a hard sale, convincing the devotees of Econ 101 (course title: My Neoliberalism) about MMT is hopeless. Actually with the excellent Stephanie Kelton as a teacher and leader I could well be wrong. Check out this on the Twitter, and follow her if you don’t already.

I agree with Warren Mosler, another MMT theorist, that taxes for revenue are obsolete. But that doesn’t mean that taxes are obsolete. Quite the contrary. Mosler quotes from a 1945 speech by Beardsley Ruml, chair of the New York Fed, to the American Bar Association. Ruml gives four grounds for taxation other than revenue:

1. As an instrument of fiscal policy to help stabilize the purchasing power of the dollar;

2. To express public policy in the distribution of wealth and of income, as in the case of the progressive income and estate taxes;

3. To express public policy in subsidizing or in penalizing various industries and economic groups;

4. To isolate and assess directly the costs of certain national benefits, such as highways and social security.

We can make a case for taxes and other measures to support Medicare for All relying solely on those four principles, without explicitly discussing MMT. If we do that, we lay a foundation for future tax issues, and for a sensible discussion of tax reform more broadly. I have a list of tax changes that will meet those standards. How about that NASCAR deduction for a starter. We raise a bit of money and get rid of a bit of corruption with one change.

This is a great teachable moment for MMT, just as the government shutdowns were with the heated arguments about the trillion dollar coin. I know Kelton and others will push on the MMT side. We need to win this, and we can’t afford to fight on two fronts. In particular, it isn’t helpful to attack people who don’t want to argue about MMT on the way to fixing our health care system. People like me.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Shadow Brokers and the “Second Source”

/3 Comments/in , , , /by

When I emphasized Der Spiegel’s reporting on TAO in this post on the tool for which Shadow Brokers recently released a manual, UNITEDRAKE, I was thinking along the same lines Electrospaces was here. Electrospaces lays out a universe of documents and reporting that doesn’t derive from Edward Snowden leaked documents, notes some similarity in content (a focus on NSA’s Tailored Access Operations), and the inclusion of documents from NSA’s San Antonio location. From that, Electrospaces posits that Shadow Brokers could be “identical with the Second Source.”

With the documents published by the Shadow Brokers apparently being stolen by an insider at NSA, the obvious question is: could the Shadow Brokers be identical with the Second Source?

One interesting fact is that the last revelation that could be attributed to the second source occured on February 23, 2016, and that in August of that year the Shadow Brokers started with their release of hacking files. This could mean that the second source decided to publish his documents in the more distinct and noticeable way under the guise of the Shadow Brokers.

But there’s probably also a much more direct connection: the batch of documents published along with Der Spiegel’s main piece from December 29, 2013 include a presentation about the TAO unit at NSA’s Cryptologic Center in San Antonio, Texas, known as NSA/CSS Texas (NSAT):


TAO Texas presentation, published by Der Spiegel in December 2013
(click for the full presentation)And surprisingly, the series of three slides that were released by the Shadow Brokers on April 14 were also from NSA/CSS Texas. They show three seals: in the upper left corner those of NSA and CSS and in the upper right corner that of the Texas Cryptologic Center:

TAO Texas slide, published by the Shadow Brokers in April 2017
(click for the full presentation)NSA/CSS TexasIt’s quite remarkable that among the hundreds of NSA documents that have been published so far, there are only these two sets from NSA/CSS Texas, which is responsible for operations in Latin America, the Caribbean, and along the Atlantic littoral of Africa in support of the US Southern and Central Commands.Besides the one in San Antonio, Texas, NSA has three other regional Cryptologic Centers in the US: in Augusta, Georgia, in Honolulu, Hawaii and in Denver, Colorado. These four locations were established in 1995 as Regional Security Operations Centers (RSOC) in order to disperse operational facilities from the Washington DC area, providing redundancy in the event of an emergency.So far, no documents from any of these regional centers have been published, except for the two from NSA/CSS Texas. This could be a strong indication that they came from the same source – and it seems plausible to assume that that source is someone who actually worked at that NSA location in San Antonio.

Frankly, I’m skeptical of the underlying reports that Shadow Brokers must be a disgruntled NSA employee or contractor, which derives in part from the conclusion that many of the files released include documents that had to be internal to NSA, and in part from this report that says that’s the profile of the suspect the government is looking for.

The U.S. government’s counterintelligence investigation into the so-called Shadow Brokers group is currently focused on identifying a disgruntled, former U.S. intelligence community insider, multiple people familiar with the matter told CyberScoop.

Sources tell CyberScoop that former NSA employees have been contacted by investigators in the probe to discover how a bevy of elite computer hacking tools fell into the Shadow Brokers’ possession.

Those sources asked for anonymity due to sensitivity of the investigation.

While investigators believe that a former insider is involved, the expansive probe also spans other possibilities, including the threat of a current intelligence community employee being connected to the mysterious group.

The investigatory effort is being led by a combination of professionals from the FBI, National Counterintelligence and Security Center (NCSC), and NSA’s internal policing group known as Q Group.

It’s not clear if the former insider was once a contractor or in-house employee of the secretive agency. Two people familiar with the matter said the investigation “goes beyond” Harold Martin, the former Booz Allen Hamilton contractor who is currently facing charges for taking troves of classified material outside a secure environment.

The report clearly suggests (and I confirmed with its author, Chris Bing) that the government is still testing out theories, and that the current profile (or the one they were chasing in July) happens to be an insider of some sort, but that they didn’t have a specific insider in mind as the suspect.

There are a number of  reasons I’m skeptical. First, part of that theory is based on Shadow Brokers making comments about Jake Williams that reflects some inside knowledge about an incident that happened while he was at NSA (Shadow Brokers has deleted most of his tweets, but they’re available in this superb timeline).

trying so hard so  helping out…you having big mouth for former  member what was name of.

leak OddJob? Windows BITS persistence? CCI? Maybe not understand gravity of situation USG investigating members talked to Q group yet

theshadowbrokers ISNOT in habit of outing  members but had make exception for big mouth, keep talking shit  your next

Even there, Shadow Brokers was falsely suggesting that Matt Suiche, who’s not even an American citizen, might be NSA. But things got worse in June, when Shadow Brokers thought he had doxed @drwolfff as a former NSA employee, only to have @drwolfff out himself as someone else entirely (see this post, where Shadow Brokers tried to pretend he hadn’t made a mistake). So Shadow Brokers has been wrong about who is and was NSA more often than he has been right.

Another reason I doubt he’s a direct insider is because when he posted the filenames for Message 6, he listed a good many of the files as “unknown.” (Message 6 on Steemit, archived version)

That suggests that even if Shadow Brokers had some insider role, he wasn’t using these particular files directly (or didn’t want to advertise them as what they were).

And because I’m not convinced that Shadow Brokers is, personally, an insider, I’m not convinced that he necessarily is (as Electrospaces argues) “identical with the Second Source.”

Rather, I think it possible that Jacob Appelbaum and Shadow Brokers have a mutually shared source. That’s all the more intriguing given that Wikileaks once claimed that they had a copy of at least the first set of Shadow Brokers files, which Shadow Brokers recalled in January, and that Julian Assange released an insurance file days after Guccifer 2.0 first started posting hacked Democratic documents (see this post on the insurance file and this one on Shadow Brokers calling out WikiLeaks for hoarding that document).

Maybe they’re all bullshitting. But given Electrospaces’ observation that some of the files (covering intercepts of US allies, often pertaining to trade deals) for which there is no known source went straight to WikiLeaks, I think a shared source is possible.

All that said, there’s one more detail I’d add to Electrospaces’ piece. As noted, he finds the inclusion, in both the Shadow Brokers and the Appelbaum files, of documents from NSA’s San Antonio location to be intriguing. So do I.

Which is why it’s worth noting that that location is among the three where — as late as the first half of 2016 — a DOD Inspector General audit found servers and other sensitive equipment unlocked.

An unlocked server would in no way explain all of the files included even in a narrowly scoped collection of “Second Source” files. But it would indicate that the San Antonio facility was among those that wasn’t adequately secured years after the Snowden leaks.