I Con the Record Transparency Bingo (3): CIA Continues to Hide Its US Person Network Analysis

/2 Comments/in , /by

As I noted in this post on the single positive hit in a criminal back door 702 search and this post on the inexplicable drop in PRTT numbers, I’m going to clarify things I’m seeing confusion over in the I Con the Record Transparency Report, then do a full working thread.

This year’s report shows a steady increase in the number of metadata searches in raw Section 702 data, a 22% (6,555 query) increase off year.

The graphic admits that these 30,355 queries don’t include the FBI (because the transparency procedures passed by USAF freedom pretty much exempted FBI from everything important). But then further down in the written text, I Con the Record admits that one agency of the IC could not estimate its metadata queries.

As with last year’s transparency report, one IC element remains currently unable to provide the number of queries using U.S. person identifiers of unminimized Section 702 non-content information.

That Agency is the CIA, not the FBI (which isn’t required to count its queries).

We know this from a number of places, including James Clapper’s original report on back door searches to Ron Wyden and the PCLOB 702 report (page 58). PCLOB’s most recent Recommendations update noted that CIA hasn’t implemented the recommendation to track foreign intelligence purpose for queries because it has not yet updated its data management. Nor do ODNI and DOJ review it.

The status of the CIA metadata queries remains the same as reported in the Board’s Recommendations Assessment Report of January 2015, namely with respect to the CIA’s metadata queries using U.S. person identifiers, the CIA accepted and plans to implement this recommendation as it refines internal processes for data management. Thus, the CIA’s new minimization procedures do not reflect changes to implement this recommendation with regard to metadata queries.

[snip]

U.S. person queries by the NSA and CIA are already subject to rigorous executive branch oversight (with the exception of metadata queries at the CIA), supplying this additional information to the FISC could help guide the court by highlighting whether the minimization procedures are being followed and whether changes to those procedures are needed.

And a recently ACLU liberated report on CIA’s back door searches also cites data management reasons for not documenting these searches.

CiA’s metadata-only repository does not have the capacity for documenting why the query is reasonably likely to provide foreign intelligence information. Upon opening the repository, however, users will be met with a pop-up reiterating the query standard and requiring their assent before they may proceed.

I officially bet a quarter that CIA will find a way to count this next year, as by then, many of these queries will have moved to EO 12333 querying, which does not get counted.

So the report on metadata searches only shows what NSA does. Since last year, we have confirmed that these metadata queries include upstream 702 data, which carry their own risks.

And we also now have a sense that those queries are automated. The I Con the Record report explains this is just a good faith effort.

The above is a good faith estimate of the number of queries concerning a known U.S. person that the government conducted of unminimized (i.e., raw) lawfully acquired Section 702 metadata.

That’s because this is done by algorithm and business rule, not by any kind of tracking (I’m guessing because of the way metadata is used to triage newly collected identifiers).

NSA will rely on an algorithm and/or a business rule to identify queries of communications metadata derived from the FAA 702 [redacted] and telephony collection that start with a United States person identifier. Neither method will identify those queries that start with a United States person identifier with 100 percent accuracy.

The privacy community made great celebration about shutting down a phone dragnet that was just used to query 200 or so selectors. Meanwhile, each year the NSA, alone, conducts thousands more such queries (and in a way that likely ties more closely to content searches). And 3 years after people started pressuring it to do so, CIA still doesn’t count how many queries it is doing.

Which likely means CIA is doing a whole bunch of network analysis on US persons that it doesn’t want us to know about.

Stagnant Wages And Slow Productivity Growth

/14 Comments/in , /by

This article on productivity at Forum Economics says that there has been a global slowdown in productivity growth, and discusses some common explanations. As I pointed out, there is every reason to think that the actual slowdown in productivity growth is greater than the numbers suggest. That’s because productivity grows when output increases while hours worked remains the same or declines, as happens when firms exercise market power to increase prices without changed costs. Forum Economics argues that if productivity growth slows down, workers will not be able to improve their standards of living, explaining:

Household income is dependent on wages, which are consequently dependent on a firm’s ability to grow through greater productivity. The widening gap in productivity would account for the widening gap in household income and consequently, social equality.

At one level, this is just a version of the economic maxim that markets pay people what they are worth. In this case, the argument is that the productive people get the increased rewards. In the case of exercise of market power, this means that some people benefit from exercise of market power, and we know it isn’t the producers of the goods and services; it’s the people at the top, holders of debt and equity, and financiers.

At another level, it says that companies can’t pay higher wages unless workers increase their productivity. And certainly not at the expense of returns to capital.

Economists used to think there was some magic connection between productivity and wages. That was generally true for some time. But, as this This chart shows the relationship between wages and productivity split beginning around 1980, while productivity was growing rapidly.

That’s just after Paul Volker, then Fed Chair, raised interest rates to ludicrous levels. At the same time, economists were preaching that the problem facing the economy was inadequate levels of capital. So Reagan and the Republicans, along with plenty of complicit Democrats, slashed taxes on the rich, reduced regulations, deregulated industries, and clobbered unions. At the same time, they increased taxes on the working people of the country by increasing FICA taxes.

That worked. According to this 2012 report from Bain & Co.:

By 2010, global capital had swollen to some $600 trillion, tripling over the past two decades. Today, total financial assets are nearly 10 times the value of the global output of all goods and services. …

Our analysis leads us to conclude that for the balance of the decade, markets will generally continue to grapple with an environment of capital superabundance.

This article estimates total financial assets at about $294 Trillion in 2014. And, of course, banks have an almost unlimited capacity to lend for any useful purpose. There is certainly no shortage of capital today.

Once capital achieves a new baseline of return, it doesn’t drop back without a bitter fight, sometimes just political, but always with the threat or reality of physical violence. That’s how labor got its share in the first place, a fact no one wants to talk about. When was the last time you heard an economist discuss the violence in the coal fields, the violence that won miners safer working conditions and better wages. Once labor loses its power, workers can’t defend themselves, and can’t force the rich to share the benefits that flow from any level of productivity, whether or not that level is increasing. And indeed, the rich are now taking all the gains from productivity and more, the labor participation rate is at pre-1980 levels, and wages have been stagnant for decades. Even so, all discussion about wages is centered around increasing productivity, as if it mattered to workers when all the benefits flow to the richest among us.

One school of thought blames workers, saying they have to increase their training and preparation for the work force. A kinder version blames hysterisis effects, the idea that when workers are unemployed for extended periods, they lose their skills. The Republican answer is invest in yourself, borrow money, and get that training. Of course, you take all the risks, for example, whether you can master the schooling, or figure out what training might get you a job, or find a school that will actually train you, and by the way, if you fail, you still have to pay until you die. The Democratic version is jobs training, but that’s only sporadically available, and it’s always underfunded and rarely useful, thanks to the neoliberals in both parties. As to the older people in the workforce who can’t retrain, and can’t move to where there are jobs, both parties do nothing. We don’t just blame the victims, we ignore them, and treat them as losers who deserve nothing.

Many of the 23 economic writers cited in the Focus Economics article, and the other experts it discusses, say the problem is inadequate business investment. So the solutions offered are centered around stimulating demand and cutting taxes and regulations. No one explains how this solves the problem of the rich taking all the gains.

There are few outside the box observations. A couple of the writers think maybe the problem is that there are too many low-productivity jobs available, and too few high-productivity jobs. People see the available jobs as dead-end, and their treatment as demeaning, and they don’t do more than the absolute minimum necessary to get that minuscule paycheck. Another writer points out that the next wave of capital investment is not going to make people more productive, it’s going to replace them. I assume he means industrial robots, for the short term at least.

Another suggests that we are already very efficient at a lot of things, and in those areas, improvements in productivity won’t make much difference. In areas we aren’t very efficient at, it’s going to require something enormous to make a difference, or we would already done it. John Quiggan says that the financial sector has separated itself from the productive sector, which seems true. You can almost hear the words “Vampire Squid”. All these are intractable problems.

But I think the problem is different. The economic orthodoxy is that capital is always efficient, while labor is always bloated, lazy, indifferent, greedy, demanding, corrupt and insufferable. That was and is the rallying cry of the union-busters, and you can hear it today. That is a perfect description of the capitalists of today. They don’t want to take risks. They want protected markets, special tax treatment, immunity from criminal prosecution and civil suits, and they have the money to pay off politicians to get that and more. They want all the money. They don’t want to pay their share. They want the right to wreck the economy with impunity. They want the right to screw consumers into the ground. They want the right to destroy the environment. And they want to make all the decisions about the future.

We have the power to solve that problem if we have the will.

Update: after I posted, I ran across this astonishing article by Michael Hiltzik at the Los Angeles Times, discussing the reaction of Wall Street analysts to American Airlines decision to increase pay to its pilots and flight attendants. Do read it.

The Productivity Problem

/15 Comments/in , /by

Productivity growth is apparently trending downward around the globe. The problem is addressed in Focus Economics, Why is Productivity Growth So Low: 23 Economic Experts Weigh In. The author, whose name I can’t find, begins by explaining the problem as economists see it.

Productivity is considered by some to be the most important area of economics and yet one of the least understood. Its simplest definition is output per hour worked, however, productivity in the real world is not that simple. Productivity is a major factor in an economy’s ability to grow and therefore is the greatest determinant of the standard of living for a given person or group of people. It is the reason why a worker today makes much more than a century ago, because each hour of work produces more output of goods and services.

It’s certainly true that the concept is important. The simple definition gives us the rough idea but the details are very difficult indeed. The text gives us the example of productivity at a branch bank.

Bill Conerly put it well in an article for Forbes: “Take banking, for example. Your checking account is clear as mud. The bank provides to you the service of processing checks, for which you don’t pay (aside from exorbitant fees for bounced checks and stop-payments). However, the bank does not pay you a market rate of interest on the money you keep in your checking account. It’s a trade: free services in exchange for free account balances. Government statisticians estimate the dollar value of the trade, so that the productivity of bankers can be assessed, but the figures are not very precise.

At least in that example, we can see how productivity improvement at a bank might improve your standard of living, perhaps indirectly by enabling the bank to pay a bit more interest on your checking account. Here are three different kinds of examples, in which we can see how improvements in reported productivity result in worse outcomes for us.

Productivity is defined as the ratio of output to hours worked. Output is measured by receipts to the producer. Hours worked are collected by the Census Bureau.

1. A pharmaceutical company raises the price of its generic drugs with no change in its costs. Its receipts go up while hours worked remain the same. Under the definition, productivity goes up.

2. A high frequency trading company inserts itself into an increasing number of purchases of securities on stock exchanges. The purchaser pays a higher price. The HFT company has higher revenue but hours worked remain the same. Again, by this definition, productivity goes up.

3. Two dominant corporations in the same industry merge. The new company fires a lot of people. Hours worked go down. Prices remain the same in the short run, and rise as the new entity exercises oligopoly power. With hours down and receipts up, productivity rises by definition.

Are these examples realistic? In the medicine example, this article lays out the issues. For those interested, this chart shows the value of pharmaceuticals and medicines shipped by manufacturers beginning in 2000. It shows that there was a steady rise, with a sudden jump in 2013. This chart shows that per capita expenditure on pharmaceuticals and other medical products has nearly doubled since 2000.

It’s likely that there are several causes for this, not least the startling prices sought for new drugs. Government productivity figures do not take into account any improvement in the results that new drugs bring, although quality adjustments are made in calculating inflation figures. Given the increased pressure from insurers and doctors to switch to generics, and increased focus on drug prices as a problem, it’s reasonable to see this data and various reports as support for my drugs example. But it’s hard to put a dollar value on it.

On the second example, here’s an article from CFA Magazine written in 2011, detailing the costs of high frequency trading. More recent reports say that the problems are going away, and who knows because it’s hidden behind a wall of words mostly from the people who run the systems and their friends at the exchanges, and the captured SEC. Here’s a review of the literature (behind a paywall), which concludes with this: “This suggests that the identified economic benefits of HFTs (market making, venue competition, more trading opportunities) outweigh their economic costs (large-order predation and run games).” For my purposes, it’s clear that the older article tells us that initially, at least, HFT operated as my example suggests, raising productivity without doing anything useful.

As to the third example, the impact of private equity on employment is everywhere, and the concentration of economic power in oligopoly control of most industries is obvious. Dave Dayen has been writing about it for some time; here’s a recent example. Oligopolistic control also reduces paychecks for the remaining workers.

In these examples, and I could produce many more, productivity as defined by economists goes up but individual consumers are worse off. That is maddening. Once upon a time, we might have thought we could just ignore this kind of thing as an insignificant part of GNP, but that’s not true today, either in the US or globally. The economy, measured by output, is growing, but it is the opposite of the notion of productivity as good for society: it makes people’s lives worse. Except, of course, for a few rich people.

My three examples are exercises of market power. Here’s a long but worthwhile discussion of the harm it does and its increasing presence in the economy. Market power is not the same as rent-seeking, which is usually defined as an effort to get the government to give special treatment to one of a number of competitors. Both are damaging and both inflate productivity figures.

My examples show that reported productivity growth is most likely higher than the kind of productivity growth that the author discusses, the kind that increases the amount of goods and services available in the economy. It’s not unusual for an economics writer to assume only good people operate in the capitalist economy, and ignore the crooks and the cheats. Suppose the author is right that rising productivity that makes for a better life. If real productivity growth is even lower than the low reported productivity growth, his logic explains why life is getting worse for most of us.

How to Spy on Carter Page

/2 Comments/in , , /by

I have no personal knowledge of the circumstances surrounding the alleged wiretapping of Carter Page, aside from what WaPo and NYT have reported. But, in part because the release of the new, annual FISC report has created a lot of confusion, I wanted to talk about the legal authorities that might have been involved, as a way of demonstrating (my understanding, anyway, of) how FISA works.

FISC did not (necessarily) reject more individual orders last year

First, let’s talk about what the FISC report is. It is a new report, mandated by the USA Freedom Act. As the report itself notes, because it is new (a report covering the period after passage of USAF), it can’t be compared with past years. More importantly, because the FISA Court uses a different (and generally more informative) reporting approach, you cannot — as both privacy groups and journalists erroneously have — compare these numbers with the DOJ report that has been submitted for years (or even the I Con the Record report that ODNI has released since the Snowden leaks); that’s effectively an apples to grapefruit comparison. Those reports should be out this week, which (unless the executive changes its reporting method) will tell us how last year compared with previous years.

But comparing last year’s report to the report from the post-USAF part of 2015 doesn’t sustain a claim that last year had record rejections. If we were to annualize last year’s report (covering June to December 2015) showing 5 rejected 1805/1824 orders (those are the individual orders often called “traditional FISA”) across roughly 7 months, it is actually more (.71 rejected orders a month or .58% of all individual content applications) than the 8 rejected 1805/1824 orders last year (.67 rejected orders a month or .53% of all individual content applications). In 2016, the FISC also rejected an 1861 order (better known as Section 215), but we shouldn’t make too much of that either given that that authority changed significantly near the end of 2015, plus we don’t have this counting methodology for previous years (as an example, 2009 almost surely would have at least one partial rejection of an entire bulk order, when Reggie Walton refused production of Sprint records in the summertime).

Which is a long-winded way of saying we should not assume that the number of traditional content order rejections reflects the reports that FBI applied for orders on four Trump associates but got rejected (or maybe only got one approved for Page). As far as we can tell from this report, 2016 had a similar number of what FISC qualifies as rejections as 2015.

The non-approval of Section 702 certificates has no bearing on any Russian-related spying, which means Page would be subject to back door searches

Nor should my observation — that the FISC did not approve any certifications for 1881a (better known as Section 702, which covers both upstream and PRISM) reflect on any Carter Page surveillance. Given past practice when issues delayed approvals of certifications, it is all but certain FISC just extended the existing certifications approved in 2015 until the matters that resulted in an at least 2 month delay were resolved.

Moreover, the fact that the number of certificates (which is probably four) is redacted doesn’t mean anything either: it was redacted last year as well. That number would be interesting because it would permit us to track any expansions in the application of FISA 702 to new uses (perhaps to cover cybersecurity, or transnational crime, for example). But the number of certificates pertains to the number of people targeted only insofar as any additional certificates represent one more purpose to use Section 702 on.

In any case, Snowden documents, among other things, show that a “foreign government” certificate has long been among the existing certificates. So we should assume that the NSA has collected the conversations of known or suspected Russian spies located overseas conducted on PRISM providers; we should also assume that as a counterintelligence issue implicating domestic issues, these intercepts are routinely shared in raw form with FBI. Therefore, unless last year’s delay involved FBI’s back door searches, we should assume that when the FBI started focusing on Carter Page again last spring or summer, they would have routinely searched on his known email addresses and phone numbers in a federated search and found any PRISM communications collected. In the same back door search, they would have also found any conversations Page had with Russians targeted domestically, such as Sergey Kislyak.

The import of the breakdown between 1805 and 1824

Perhaps the most important granular detail in this report — one that has significant import for Carter Page — is the way the report breaks down authorizations for 1805 and 1824.

1805 covers electronic surveillance — so the intercept of data in motion. It might be used to collect phone calls and other telephony communication, as well as (perhaps?) email communication collected via upstream collection (that is, non-PRISM Internet communication that is not encrypted); it may well also cover prospective PRISM and other stored communication collection. 1824 covers “physical search,” which when it was instituted probably covered primarily the search of physical premises, like a house or storage unit. But it now also covers the search of stored communication, such as someone’s Gmail or Dropbox accounts. In addition, a physical search FISA order covers the search of hard drives on electronic devices.

As we can see for the first time with these reports, most individual orders cover both 1805 and 1824 (92% last year, 88% in 2015), but some will do just one or another. (I wonder if FBI sometimes gets one kind of order to acquire evidence to get the other kind?)

As filings in the Keith Gartenlaub case make clear, “physical search” conducted under a FISA order can be far more expansive than the already overly expansive searches of devices under a Article III warrant. Using a FISA 1824 order, FBI Agents snuck into Gartenlaub’s house and imaged the hard drives from a number of his devices, ostensibly looking for proof he was spying on Boeing for China. They found no evidence to support that. They did, however, find some 9-year old child pornography files, which the government then “refound” under a criminal search warrant and used to prosecute him. Among the things Gartenlaub is challenging on appeal is the breadth of that original FISA search.

Consider how this would work with Carter Page. The NYT story on the Page order makes it clear that FBI waited until Page had left the Trump campaign before it requested an order covering him.

The Foreign Intelligence Surveillance Court issued the warrant, the official said, after investigators determined that Mr. Page was no longer part of the Trump campaign, which began distancing itself from him in early August.

I suspect this is a very self-serving description on the part of FBI sources, particularly given reports that FISC refused orders on others. But regardless of whether FISC or the FBI was the entity showing discretion, let’s just assume that someone was distinguishing any communications Page may have had while he was formally tied to the campaign from those he had after — or before.

This is a critical distinction for stored communications because (as the Gartenlaub case makes clear) a search of a hard drive can provide evidence of completely unrelated crime that occurred nine years in the past; in Gartenlaub’s case, they reportedly used it to try to get him to spy on China and they likely would do the equivalent for Page if they found anything. For Page, a search of his devices or stored emails in September 2016 would include emails from during his service on Trump’s campaign, as well as emails between the time Page was interviewed by FBI on suspicion of being recruited by Victor Podobnyy and the time he started on the campaign, as well as communications going back well before that. So if FISC (or, more generously, the FBI) were trying to exclude materials from during the campaign, that might involve restrictions built into the request or the final order

The report covering 2016 for the first time distinguishes between orders FISC modifies (FISC interprets this term more broadly than DOJ has in its reports) and orders FISC partly denies. FISC will modify an order to, among other things,

(1) impos[e] a new reporting requirement or modifying one proposed by the government;

(2)  chang[e] the description or specification of a targeted person, of a facility to be subjected to electronic surveillance or of property to be searched;

(3)  modify[] the minimization procedures proposed by the government; or

(4)  shorten[] the duration of some or all of the authorities requested

Using Page as an example, if the FISC were permitting FBI to obtain communications from before the time Page joined the campaign but not during it, it might modify an order to require additional minimization procedures to ensure that none of those campaign communications were viewed by the FBI.

The FISC report explains that the court will partly deny orders and “by approving some targets, some facilities, places, premises, property or specific selection terms, and/or some forms of collection, but not others.” Again, using Page as an example, if the court wanted to really protect the election related communications, it might permit a search of Page’s homes and offices under 1824, but not his hard drives, making any historic searches impossible.

There’s still no public explanation of how Section 704/Section 705b work, which would impact Page

Finally, the surveillance of Carter Page implicates an issue that has been widely discussed during and since passage of the FISA Amendments Act in 2008, but not in a way that fully supports a democratic debate: how NSA spies on Americans overseas.

Obviously, the FBI would want to spy on Page both while he was in the US, but especially when he was traveling abroad, most notably on his frequent trips to Russia.

The FISA Amendments Act for the first time required the NSA to obtain FISC approval before doing that. As I explain in this post, for years, public debate has claimed that was done under Section 703 (1881b in this report). But abundant evidence shows it is all done under 704 (1881c in this report). The biggest difference between the two, according to an internal NSA document, is the government doesn’t explain its methods in the latter case. With someone who would be spied on both in the US and overseas, that spying would be done under 705b (conducted under 1881d section b), which permits the AG to approve of spying overseas (effectively, 704 authority) for those already approved under a traditional order.

This matters in the context of spying on Carter Page for two reasons. First, as noted government doesn’t share details about how it spies overseas with the court. And some of the techniques we know NSA to use — such as XKeyscore searches drawing on bulk overseas collection — would seem to present additional privacy concerns on top of the domestic authorities. If the FBI (or more likely, the FISC) is going to try to bracket off any communications that occur during the period Page was associated with the campaign, that would have to be done for overseas surveillance as well, most critically, for Page’s July trip to Russia.

This report shows that 704, like the domestic authorities, also gets modified sometimes, so it may be that FISC did just that — permitted NSA to collect information covering that July meeting, but imposed some minimization procedures to protect the campaign.

But it’s unclear whether the court would have an opportunity to do so for 705b, which derives from Attorney General authorization, not court authorization. I assume that’s why 1881d was not included in this reporting requirement, but it seems adding 705b reporting to Title VII reauthorization this year would be a fairly minor change, but one that might reveal how often the government uses more powerful overseas spying techniques on Americans. It’s unclear to me, for example, whether any modifications or partial approvals the FISC made on a joint 1805/1824 order covering Page would translate into a 705b order, particularly if the modifications in question included additional reporting to the FISC.

Carter Page might one day be the first American to get review of his FISA dossier

All of which is why, no matter what you think of Carter Page’s alleged role in influencing the Trump campaign to favor Russia, I hope he one day gets to review his FISA dossier.

No criminal defendant has ever gotten a review of the FISA materials behind the spying, in spite of clear Congressional intent, when the law was passed in 1978, to allow that in certain cases. Because of the publicity surrounding this case, and the almost unprecedented leaking about FISA orders, Page stands a better chance than anyone else of getting such review (particularly if, as competing stories from CNN and Business Insider claim, the dossier formed a key, potentially uncorroborated part of the case against him). Whatever else happens with this case, I think Page should get that review.

The WikiLeaks Deterrent Theory, AKA the Arbitrary Official Secrets Act

/14 Comments/in , , /by

Three outlets yesterday — first the WaPo, then CNN, then NYT — reported that DOJ is considering charges against Julian Assange and WikiLeaks. The discussion of what charges, and for what leaks, differs between the reports.

While mentioning the Vault 7 leaks, WaPo also focuses on Chelsea Manning’s leaks and Assange’s discussions about how to gain access.

In March, WikiLeaks published thousands of files revealing secret cyber-tools used by the CIA to convert cellphones, televisions and other ordinary devices into implements of espionage. The FBI has made significant progress in the investigation of the leak, narrowing the list of possible suspects, officials said. The officials did not describe WikiLeaks’ exact role in the case beyond publishing the tools.

Prosecutors are also reexamining the leaks from Chelsea Manning, the Army soldier who was convicted in 2013 of revealing sensitive diplomatic cables. Manning chatted with Assange about a technique to crack a password so Manning could log on to a computer anonymously, and that conversation, which came up during Manning’s court-martial, could be used as evidence that WikiLeaks went beyond the role of publisher or journalist.

Alexa O’Brien tweeted out some thoughts and links to what any further prosecution of the Manning leak might entail.

CNN, which is the most certain charges have already been drawn up, explains that DOJ believes WikiLeaks’ actions changed in nature with Edward Snowden.

The US view of WikiLeaks and Assange began to change after investigators found what they believe was proof that WikiLeaks played an active role in helping Edward Snowden, a former NSA analyst, disclose a massive cache of classified documents.

I think that may be demonstrably true of Sarah Harrison, who helped a fugitive escape. But I’m not sure the US has equally compelling evidence against Assange.

Perhaps the most interesting discussion comes from NYT, which discusses the ongoing debate — with “senior Justice Department officials … pressuring prosecutors” over what is realistic and what authorities actually want, which is an Espionage conviction.

The official, speaking on the condition of anonymity because the details of the discussions remain secret, said senior Justice Department officials had been pressuring prosecutors in the Eastern District of Virginia to outline an array of possible charges against Mr. Assange.

But the official said prosecutors remained skeptical that they could pursue the most serious charges, of espionage, with regard to the documents Mr. Assange disclosed years ago with the help of an Army intelligence analyst, Chelsea Manning. Ms. Manning was convicted and sent to prison, but President Barack Obama commuted her sentence in January.

Given how few people Trump has confirmed into positions in government, these outlets should be a bit more descriptive. In that passage, for example, and the following from WaPo, what does “senior justice department official” mean when US Attorney Dana Boente is (as I’ve noted but none of these stories do) also acting DAG and acting AG for any Russia-related charges.

Prosecutors in recent weeks have been drafting a memo that contemplates charges against members of the WikiLeaks organization, possibly including conspiracy, theft of government property or violating the Espionage Act, officials said. The memo, though, is not complete, and any charges against members of WikiLeaks, including founder Julian Assange, would need approval from the highest levels of the Justice Department.

Would Boente be approving charges filed under Boente’s name?

Though that may not matter. Rod Rosenstein, who will become DAG shortly, has himself pursued excessive charges in leak cases, both against Thomas Drake and Hal Martin.

Perhaps the most interesting claim is that the FBI thought indicting Assange — who likely won’t be prosecuted in any case unless Ecuador suddenly changes their mind about their house guest — would provide some kind of deterrent effect.

Officials have said that the F.B.I. supports prosecuting Mr. Assange. Several years ago, the agency sent a series of documents to the Justice Department outlining charges that investigators claimed to have evidence to support. At the time, F.B.I. counterintelligence agents believed that charging Mr. Assange would deter him from posting new troves of American documents.

I think you’d have to be daft to think prosecuting Assange would deter him from posting more, assuming this happened while he was in the Ecuadoran Embassy. Prosecuting him would only mean he’d have less to lose — and, frankly, more reason to post things that might please America’s adversaries, like Russia.

But it might serve as deterrence for other publishing outlets that aren’t holing up in an Embassy. Short of some really distinguishing actions (and Harrison’s might amount to that in the Snowden case), indicting Assange would put everyone else with a SecureDrop on notice that they, too, might be prosecuted. Surely, DOJ would pick and choose who gets prosecuted. They might choose other easily easily targeted people — people who are gay, people who no longer live in this country, people who have too many dogs — to similarly make examples of (though pity the fool that challenges Glenn Greenwald’s First Amendment rights.

DOJ wants to start cutting away at the First Amendment. All the better for them, if in the name of prosecutorial discretion, Jeff Sessions’ DOJ could pick and choose which publishers’ speech gets curtailed.

The Think Tank Story Actually Suggests the Think Tank Wasn’t That Important

/3 Comments/in , , /by

Reuters has what at first seemed to be an important story, based on three current and four former US officials (a descriptor which can include members of Congress or their staffers) noting that a think tank close to Putin laid out a plan to influence the US election in two separate reports last year. But in fact, the story actually may undermine some of its own claims.

Before I describe the reports, consider two inconsistent claims made in the story. First, the article claims that these two reports were central to the Obama Administration’s conclusions on Russian interference.

The documents were central to the Obama administration’s conclusion that Russia mounted a “fake news” campaign and launched cyber attacks against Democratic Party groups and Clinton’s campaign, the current and former officials said.

These officials — seven of them!! — suggest there’s a tie between these two reports and the total conclusion, the fake news and the hacking.

But then later in the story, half the officials state that the reports never once mentioned the hacks. They explain that detail away by saying that the two parts of the campaign — the hacking and the propaganda — reinforced each other because RT and Sputnik do what RT and Sputnik allegedly do anyway, make the most of opportunities to cause the US discomfort.

Neither of the Russian institute documents mentioned the release of hacked Democratic Party emails to interfere with the U.S. election, according to four of the officials. The officials said the hacking was a covert intelligence operation run separately out of the Kremlin.

The overt propaganda and covert hacking efforts reinforced each other, according to the officials. Both Russia Today and Sputnik heavily promoted the release of the hacked Democratic Party emails, which often contained embarrassing details.

Again, before we get into the reports themselves, note that the sources here appear to have oversold this story. Or the Obama Administration thinking on this is … problematic. Because there’s no way two reports on propaganda — of the sort American think tanks and the CIA develop for elections and adversaries all over the world, even if the CIA doesn’t run state media outlets like Russia does to implement them — that don’t mention the hack should be presented as proof of (or proof against) the whole kit and kaboodle, the hack-and-leak plus propaganda. Either these reports weren’t central to the plan, or the propaganda effort had nothing to do with the hacking one. In other words, these documents should in no way lead Obama (or us) to conclude anything about the hacking.

That’s all the more true when you consider the description of these reports.

[The seven sources] described two confidential documents from the think tank as providing the framework and rationale for what U.S. intelligence agencies have concluded was an intensive effort by Russia to interfere with the Nov. 8 election. U.S. intelligence officials acquired the documents, which were prepared by the Moscow-based Russian Institute for Strategic Studies [en.riss.ru/], after the election.

The institute is run by retired senior Russian foreign intelligence officials appointed by Putin’s office.

The first Russian institute document was a strategy paper written last June that circulated at the highest levels of the Russian government but was not addressed to any specific individuals.

It recommended the Kremlin launch a propaganda campaign on social media and Russian state-backed global news outlets to encourage U.S. voters to elect a president who would take a softer line toward Russia than the administration of then-President Barack Obama, the seven officials said.

A second institute document, drafted in October and distributed in the same way, warned that Democratic presidential candidate Hillary Clinton was likely to win the election. For that reason, it argued, it was better for Russia to end its pro-Trump propaganda and instead intensify its messaging about voter fraud to undermine the U.S. electoral system’s legitimacy and damage Clinton’s reputation in an effort to undermine her presidency, the seven officials said.

The first report was done in June (no date specified). Per the description, it didn’t even take an anti-Hillary stance, but instead an anti-Obama stance, which translates into anti-Hillary but not as strongly as it could, given Hillary’s specific actions that have infuriated Putin. The second was done in October (again, no date specified) and by description adopted a stance Republicans in this country have adopted towards elections for decades, to delegitimize elections your preferred candidate loses.

The dates are more important (and I find the non-disclosure of the actual dates to be telling, whether that decision was made by the seven sources or by Reuters, as the dates would provide another detail that would allow us to assess the credibility of this story).

Let’s review the timeline of the hack-and-leak narrative. APT 29, associated with FSB, hacked the DNC during summer 2015, and stayed there, quietly. Then, according to the existing narrative, as part of the kind of operation we’ve seen many times, in mid-March 2016 APT 28, associated with GRU also hacked the DNC, as well as John Podesta. DC Leaks, which is supposed to be part of the same operation, registered its domain on April 19. As Thomas Rid pointed out yesterday, FireEye believes the same people tried to register “electionleaks” a week earlier, on April 12. A persona calling himself Guccifer 2.0 appeared on June 15 and started leaking documents currently (and not entirely correctly, I believe) attributed to the DNC hack, immediately after the WaPo and Crowdstrike revealed the hack and attributed it to Russia. Which is to say the first think tank document (which again, is described as anti-Obama, not anti-Hillary) post-dated the beginning of what is considered the hack-and-leak campaign by three months and the beginning of the set-up to leak stolen documents by two. If the report is dated after June 15, it post-dated the first Guccifer 2.0 leaks, yet made no mention of their possible exploitation as part of the propaganda campaign (there are still unexplained problems with claims about the Guccifer persona, but I will bracket them here).

Then there’s the second report, from some unrevealed date in October. Again, it’s crucially important whether the report was done before or after October 7, when even outside observers learned there was going to be a second batch of leaks because Wikileaks started releasing the Podesta emails. Nevertheless, anyone following closely would have known (at least from Roger Stone) more might be coming, and insiders in both the Democratic Party and the Kremlin knew there were more documents that could be released. But this second report once again made no mention of hacked documents, not the ones that had leaked in the summer, and not the ones that were already or were about to be leaked.

That’s some pretty remarkable disinterest in available propaganda material that everyone following closely knew about. Though it’s worth noting that the Podesta emails didn’t support the “illegitimate election” narrative being pushed by the think tank in October as well as the DNC emails that were already public and available for propaganda purposes.

Taking just the think tank documents as evidence, which is what the seven sources behind this story do in advancing them as proof, you would conclude that there was actually not a strong tie between the hack-and-leak campaign and the propaganda one, because even after the entire world knew about the former, those strategizing the latter didn’t accommodate for the former.

All of which is to say that if we’re to believe these think tank documents provided “the framework and rationale” for the Russian election operation story, then we should conclude the dominant narrative is incorrect, that there actually was no intention of coordinating the hack-and-leak part of the operation with the propaganda part, or even that the hack-and-leak wasn’t part of that grand framework. Alternately, we might conclude that these think tank documents represent what tangential people with close ties to Putin thought smart advice, but which aren’t actually proof of Putin’s intent except insofar as sycophants reflect the perceived intent of those they’re serving.

Later the article does provide an explanation that sustains the current narrative of a coordinated hack-and-leak and propaganda campaign. Even before the first strategy document that purportedly provided the rationale and framework for the campaign, Reuters’ sources reveal, the Kremlin had already instructed media outlets to favor Trump.

Four of the officials said the approach outlined in the June strategy paper was a broadening of an effort the Putin administration launched in March 2016. That month the Kremlin instructed state-backed media outlets, including international platforms Russia Today and Sputnik news agency, to start producing positive reports on Trump’s quest for the U.S. presidency, the officials said.

That order, coming from the Kremlin itself which therefore might accommodate for what Reuters’ sources call a covert campaign even though by all reports, starting in March, the second wave of hacking stopped all effort at maintaining persistent secrecy from its targets, certainly could reflect coordination between the propaganda and the hack-and-leak parts of the campaign. It would suggest the Kremlin moved its propaganda arms at the same time APT 28 set out to ostentatiously collect what APT 29 had already been secretly collecting, documents that could provide material for the propaganda.

If so (and I have no problem interpreting it as such), then it suggests that the think tank documents should not be considered all that informative, as they appear to ignore stuff even Americans were commenting heavily on. Indeed, the story provides more evidence to suggest they weren’t that key in directing the campaign. In the US, at least, think tanks often recommend policies that coincide with (blatantly obvious) policies already chosen; it’s a good way to appear to influence policy even while chasing it. But that doesn’t mean we or anyone else should take it as definitive proof of anything.

One more comment. As stunning as it is to learn of Russian think tank documents that made no mention of the hack-and-leak campaign, or even the documents that became available as a result, months after the leaking started, it’s worth reminding that the Trump dossier, for whatever juicy evidence it presents about Trump associates potentially colluding with Russians, also doesn’t reflect any prospective knowledge of the hack-and-leak campaign (though it certainly discusses its implementation after the fact). In fact, its retrospective reports suggest that in mid-September, the consensus was that the hack-and-leak campaign was backfiring, with advisors suggesting they didn’t need to release more documents to make Hillary look “weak and stupid.” And when, five days after the Podesta emails first started coming out, the dossier reported on the emails being released, it suggested a great deal of anger within the Kremlin both that the emails hadn’t done more besides create backlash and that Trump was such a divisive figure.

The two data points, taken together, might support a close hold on the hack-and-leak effort (in spite of the obviousness with which it was carried out). But it’s worth noting that in spite of rampant leaking and some vague allegations of more, we have yet to see or learn of a data point that predicted the hack-and-leak campaign, not even via intelligence agencies that knew about the earlier APT 29 hack for nine months.

One final note. I’ve long mocked the intelligence community for calling the combined efforts of APT 28 and 29, along with the propaganda effort, “Grizzly Steppe” for the way it dissolves all distinction between the various parts of the program. This is an example of why I think it unwise: because it clouds people’s ability to assess and try to address flaws in the individual parts of the campaign which may be quite important.

Pompeo Likens Wikileaks’ Release of CIA’s Hacking Tools to Philip Agee

/9 Comments/in , , /by

In a speech designed to generate headlines, CIA Director Mike Pompeo just attacked WikiLeaks as a “a non-state hostile intelligence service often abetted by state actors like Russia.” The speech was explicitly a response to an op-ed Julian Assange had in the WaPo a few days ago.

Now, for those of you who read the editorial page of the Washington Post—and I have a feeling that many of you in this room do—yesterday you would have seen a piece of sophistry penned by Mr. Assange. You would have read a convoluted mass of words wherein Assange compared himself to Thomas Jefferson, Dwight Eisenhower, and the Pulitzer Prize-winning work of legitimate news organizations such as the New York Times and the Washington Post. One can only imagine the absurd comparisons that the original draft contained.

But the speech deserves closer analysis for several reasons.

CIA Directors hoping to build trust should fact and hypocrisy check better

First, it had the predictable CIA Director errors. As an example, it pretends to be rebutting “false narratives” purportedly spread by WikiLeaks, but uses as an example “the fanciful nation that they spy on their fellow citizens via microwave ovens,” a suggestion first spread by KellyAnne Conway, not WikiLeaks (though WikiLeaks responded by pointing to ways to spy with microwaves, though not ovens). It suggests Assange “directed Chelsea Manning in her theft of specific secret information;” had Assange’s direction been that clear cut, he would have been indicted. Perhaps most hilariously, a guy who — nine months ago — was applauding a WikiLeaks release today had this to say:

First, it is high time we called out those who grant a platform to these leakers and so-called transparency activists. We know the danger that Assange and his not-so-merry band of brothers pose to democracies around the world. Ignorance or misplaced idealism is no longer an acceptable excuse for lionizing these demons.

Yes. By all means, we should call out those who grant a platform to WikiLeaks. Like Mike Pompeo.

The never-ending defense of all spying overseas

The speech is also worth reviewing because of something that has become tiresome in recent years.

To rebut that false narrative Pompeo rebuts a claim that’s beside the point to WikiLeaks’ presentation of the CIA Vault 7 files (though it is one WikiLeaks has suggested on Twitter): that CIA spies on Americans.

[W]e are an intelligence organization that engages in foreign espionage. We steal secrets from foreign adversaries, hostile entities, and terrorist organizations. We analyze this intelligence so that our government can better understand the adversaries we face in a challenging and dangerous world.

[snip]

So I’d now like to make clear what CIA doesn’t do. We are a foreign intelligence agency. We focus on collecting information about foreign governments, foreign terrorist organizations, and the like—not Americans. A number of specific rules keep us centered on that mission and protect the privacy of our fellow Americans. To take just one important example, CIA is legally prohibited from spying on people through electronic surveillance in the United States. We’re not tapping anyone’s phone in Wichita.

Assange has focused primarily not on domestic spying, but on how incompetent CIA was for losing its hacking tools and for the proliferation risk it poses. Here’s what Assange said in his op-ed.

Our most recent disclosures describe the CIA’s multibillion-dollar cyberwarfare program, in which the agency created dangerous cyberweapons, targeted private companies’ consumer products and then lost control of its cyber-arsenal. Our source(s) said they hoped to initiate a principled public debate about the “security, creation, use, proliferation and democratic control of cyberweapons.”

Pompeo admits aggressive use of tools, and promises better security

That’s not a point that Pompeo really debates, though he does say,

CIA is aggressive in our pursuit of the information we need to help safeguard our country. We utilize the whole toolkit at our disposal, fully employing the authorities and capabilities that Congress,

As for losing the cyber toolkit (Pompeo does not, of course, confirm that that is what WikiLeaks has been releasing), Pompeo does promise these changes to improve CIA’s own security.

Second, there are steps that we have to take at home—in fact, this is a process we’ve already started. We’ve got to strengthen our own systems; we’ve got to improve internal mechanisms that help us in our counterintelligence mission. All of us in the Intelligence Community had a wake-up call after Snowden’s treachery. Unfortunately, the threat has not abated.

I can’t go into great detail, but the steps we take can’t be static. Our approach to security has to be constantly evolving. We need to be as clever and innovative as the enemies we face. They won’t relent, and neither will we.

We can never truly eliminate the threat but we can mitigate and manage it. This relies on agility and on dynamic “defense in depth.” It depends on a fundamental change in how we address digital problems, understanding that best practices have to evolve in real time. It is a long-term project but the strides we have taken—particularly the rapid and tireless response of our Directorate of Digital Innovation—give us grounds for optimism.

If these changes go beyond finally ensuring all devices require multi-factor authentication (something a Mike Pompeo overseen CIA did not have this time last year), then it will be a good thing.

The Philip Agee comparison

But I’m perhaps most interested in the implicit comparison Pompeo makes to start his speech. He suggests a comparison between Philip Agee (and the murder of Chief of Station Richard Welch after being outed by Agee) and WikiLeaks (or perhaps Assange personally).

That man was Philip Agee, one of the founding members of the magazine Counterspy, which in its first issue in 1973 called for the exposure of CIA undercover operatives overseas. In its September 1974 issue, Counterspy publicly identified Richard Welch as the CIA Chief of Station in Athens. Later, Richard’s home address and phone number were outed in the press in Greece.

In December 1975, Richard and his wife were returning home from a Christmas party in Athens. When he got out of his car to open the gate in front of his house, Richard Welch was assassinated by a Greek terrorist cell. At the time of his death, Richard was the highest-ranking CIA officer killed in the line of duty.

That’s a pretty remarkable way to introduce this speech. Perhaps to defend it, in the section of the speech dedicated to painting WikiLeaks as a hostile actor, Pompeo notes AQAP thanked WikiLeaks for tipping it off to a way to fight the US it hadn’t thought of.

Following a recent WikiLeaks disclosure, an al Qa’ida in the Arabian Peninsula member posted a comment online thanking WikiLeaks for providing a means to fight America in a way that AQAP had not previously envisioned.

That’s still a long way from posting CIA officers’ identities.

Security firms begin to expose CIA’s roles

All that said, I can’t help but wonder whether this spat between former WikiLeaks booster Mike Pompeo and WikiLeaks stems from a development that I’ve been anticipating: when security firms start treating US intelligence hackers like they do Russian or Chinese ones.

In the wake of WikiLeaks’ Vault 7 documents, both Symantec and Kaspersky wrote reports on Vault 7 hacks they had seen working with clients. Symantec provided a very convincing table correlating the compilation time of what they’ve seen with the evidence WikiLeaks presented.

Symantec also described the victims generally (including describing what sounds like CIA detasking as soon as they realized they had accidentally attacked a US target).

Longhorn has infiltrated governments and internationally operating organizations, in addition to targets in the financial, telecoms, energy, aerospace, information technology, education, and natural resources sectors. All of the organizations targeted would be of interest to a nation-state attacker.

Longhorn has infected 40 targets in at least 16 countries across the Middle East, Europe, Asia, and Africa. On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally.

Kaspersky offered no such public detail.

Nevertheless, these reports are just one of several developments of late (which I hope to return to) that exhibit the US’ hackers being treated like Russian or Chinese hackers are — as general adversaries outside of their country. If, as seems likely given Symantec’s description of European victims, some of the victims are nominal US allies, that’ll grow worse.

If I’m right, it’s a significant development. It may not equate to a CIA officer being outed. But it may case far more problems.

Update: As a number of people have made clear, Agee was not responsible for Welch’s death. So I’ve deleted those words.

A Different Kind Of Modeling Tool

/in , /by

In this post I pointed out that basic economics as taught in Econ 101 relies on math and physics from the 19th Century, and complained that economists are not taking advantage of advances in both math and physics. Several commenters pointed out that there are economists working with current math tools in various ways, and of course that’s true; it just is’t taught in introductory classes. One of the new approaches is Agent-Based Modeling, which has the potential to offer new theories of the economy that focus on observed behavior rather than ideology colored with moral judgments and guesses. Here’s an introduction.

Computers introduced new areas of mathematics by making it possible to do things that take too long if done by hand. This site introduces one of these, a cellular automaton called The Game of Life. There is a simulation at the link, which is fun, and shows how powerful the idea can be. The Game of Life operates on a two-dimensional grid like a sheet of graph paper. The squares, called cells, are either empty or occupied. There is a set of rules. At each iteration, the rules are applied to every cell, and the results are entered into the grid all at once. Each cell has 8 neighbors. An occupied cell is deemed to be live, and an empty cell is dead. Here are the rules, which can be found at the link with graphics:

1) Any live cell with fewer than two live neighbors dies, as if caused by under-population.
2) Any live cell with more than three live neighbors dies, as if by overcrowding.
3) Any live cell with two or three live neighbors lives on to the next generation.
4) Any dead cell with exactly three live neighbors becomes a live cell.

Start at time 0. The machine calculates the status of each cell for the first iteration. All results are entered at once. That’s called a tick, as in a clock tick. Then the process is repeated. The iterations continue until you lose interest, or because the simulation has an artificial cut-off. Even with these simple rules, you get surprisingly complicated outcomes. Try a few experiments with the simulator (click the clear button) at the link and you’ll see.

The Game of Life is two-dimensional, but there is no reason there can’t be any number of dimensions, including one. The Game of Life operates on a limited grid of squares, but that doesn’t have to be so either. It’s possible to imagine that the Game of Life operates on the outside of an open-ended cylinder, or some other surface. Most important, the rules of the Game of Life are simple. Each rule relates solely to status of the 8 neighbors of the cell to be calculated. Again, there is no limit to the rule sets that could be used, to the number of dimensions, to the shapes of the cells, or to the cells which are considered in calculating the status of each cell. And that makes this idea useful for other purposes.

Take the simple-minded version of economics described by Katrine Marçal in Who Cooked Adam Smith’s Dinner: unchanging individuals driven solely by self-interest. That can be modeled with simple rules. First, populate a huge grid with some black squares representing individuals. We endow each of them with different quantities of three objects and we assign each cell a valuation for each object, with some variety in both. We move the individuals one square after each turn. If two black squares come into contact, they engage in the exchange of objects if and only if the exchange benefits both by increasing the total value of objects each would have after the exchange. After such an exchange, the black cells are moved some distance apart. If there is no contact, they move one cell in the same direction as the previous iteration. As a side note, we use a different definition of contact than being in one of the eight neighboring cells: each cell moves one square at each tick and thus it’s possible for two live cells to occupy the same grid square.

Let’s crank this up mentally and watch it for a while. It seems intuitively obvious that eventually each cell will have some collection of objects that would maximize their total value for each cell’s valuation criteria. Also, it’s boring. So we run it again in our head, with different movements assigned to each unit. Again, we reach a stasis perhaps with different quantities of each object in each cell. Also, boring. We could make it last longer by adding more objects.

Alternatively, we could put them to work making more objects, assigning different productivity levels to the cells. After each iteration, each cell has a bit more of one or more of the objects depending on their productivity. We run the cellular automaton again in our heads, and we see that this time it isn’t obvious that it will reach equilibrium. That’s because we put no limits on the amount of each object that the cell values more highly. That’s not right: as a general rule humans do not have a use for an unlimited amount of anything, and desire less of some things than others, and for most things there is some level of decreasing marginal utility for stuff. So we learn that we need parameters for human desire. Also we learn that we didn’t account for consumption of the objects, or wearing out, or fair wear and tear, so we need a number that will reduce the amount of each object, perhaps every few ticks, or on some other schedule.

Suppose we combine two cells into one unit with a change in priorities to model the formation of a household. That changes things too. Not only does it affect production, it changes consumption and the nature of the equilibrium. If we let the two-cell critters add a couple of more we get even more complications.

Next we introduce the firm. One way would be to use a third dimension, so that our cells could be in one one level for their individual and household behaviors and in another for their participation in a firm, so that the production part moves to the firm. Firms would have their own production rules and their own distribution rules for gains. That introduces something more like money to mediate exchanges, and changes the rules of exchange. There would have to be model banks and model hedge funds and other aggregations of capital that would deal in meta-products like cash and stocks and bonds.

We could use other levels in the third dimension, or maybe a fourth dimension to represent participation in social groups such as governments, universities, political interest groups, Churches, bowling leagues and so on. These levels would add something more to the accumulations of the individual cells, measured in units of satisfaction, or pleasure, or other forces that motivate people. This could include negative forces like racism, hostility, and agression.

So far, the game is determinate, and does not model reality, which is contingent. To fix that, we allow the various levels to change the valuation of the objects of accumulation. To speed up the calculation, the code would use look-up tables for all the variables to determine the changes between ticks. So the various levels or dimensions could change the look-up tables in sensible ways, and occasionally in ways that aren’t so sensible. For example, the individual would change the value of some object not needed in a paired state, or needed because of “children”. The government state could change the value of the “tax”. The firm could change the valuation of the product. Or it could add a new product and set up a value. And so on. The Fed model can change interest rates. The government level could change its acquisition patterns.

This sketch suggests that we could create a very complicated model, with thousands of rules and calculations. But with efficient use of look-up tables, simple calculations and highly parallel operations, it’s just the kind of problem computers are good at.

To make this idea usable, there are open platforms for creation of models like this. Here’s one called Repast, and another called Swarm. And here’s a link to an exercise in modeling that raises interesting issues using Thomas Piketty’s r > g idea. Here’s a difficult article entitled Cellular Automata based Artificial Financial Market by Jingyuan Ding of Shanghai University China. The writer created a cellular automaton to model the capital markets.

Any tool can and will be misused. For example, economists could use existing theories of human behavior in constructing models. That would be a terrible mistake. The closer we get to empirically derived rules, the closer we get to a set of ideas about the economy that do not depend on assumptions like the efficient market hypothesis or that humans are solely rational utility-maximizers. A good test is whether the model produces booms and busts, common features in reality.

One good thing is that platforms like Repast and Swarm are used by modelers from other scientific fields like biology and political science. That might enable economists to learn from people outside their specialty. We can always hope.

The ISP/ECTR Workaround: The New Broadband Rules May Be Not So Much What They’ll Sell, But What They Give Away

/3 Comments/in , /by

Senator Ed Markey and seven of his colleagues (Franken, Blumenthal, Warren, Sanders, Wyden, Leahy, and Van Hollen) just sent letters to major ISP providers (AT&T, Comcast, Charter, Verizon, Sprint, T-Mobile, and CenturyLink, the latter of which I find most interesting for the purposes of this post) regarding what practices they’ll follow in the wake of Congressional Review Act overturning President Obama’s broadband privacy rules.

The letters focus on a lot of consumer right issues — such as whether customers will learn of any changes in a provider’s privacy policy, the ability to opt in or out, forced arbitration, data breach provisions, and de-identification. That’s all great stuff and I look forward to the answers Markey gets; the information will be as useful as the information he has obtained from wireless providers about information they keep.

But towards the end, the letters include what I’ll call “Wyden questions,” not because I know they came from him, but because they address issues about which he has long been obsessed. There’s one on location, reflecting a concern that providers might presume consent from customers, resulting in the sharing of their location data with third parties.

Under Section 222 of the Communications Act, carriers may not disclose subscriber location information without the “express prior authorization of the customer”.  Over each of the last three years, how many times did your company disclose to third parties individually identifiable customer location data or other Customer Proprietary Network Information with a customer’s express prior authorization?  Does your company obtain the consent from the subscriber directly?  If not, and the third party obtains the consent (or claims they do), do you request or retain a copy of documentation showing that the customer provided such consent?

More interesting still is the question asking whether providers would retain and provide — in response to a National Security Letter — “netflow” records.

Many ISPs retain so called “netflow” records, related to their customers’ internet usage. Do you retain netflow records for your customers’ web browsing activity? If so, for how long do you retain them? Will you disclose netflow records pursuant to a National Security Letter, or only court orders?

Remember, on several occasions last year, Republicans tried to change the rules of National Security Letters so as to permit the FBI to demand providers to turn over “electronic communications transactional records” (ECTRs) with just a National Security Letter. The FBI always asks for ECTRs on NSLs, but a number of providers started refusing to turn them over in the wake of a 2008 OLC decision stating they weren’t included under the law. And Republicans have been trying to force through language that would permit FBI to always obtain such things.

While the discussion about ECTRs started by focusing on email and then moved to URLs, the possibility that FBI had been and wanted to obtain netflow data had been made apparent by — among other things — Nick Merrill’s efforts to declassify the NSL he received in 2004. As he described in a 2015 declaration,

Electronic communication service providers can also record internet “NetFlow” data. This data consists of a set of packets that travel between two points. Routers can be set to automatically record a list of all the NetFlows that they see, or all the NetFlows to or from a specific IP ,address. This NetFlow data can essentially provide a complete history of each electronic communications service used by a particular Internet user.

So in effect, this question (whether or not it comes from Wyden) would reflect a concern that that would become available if these providers were willing to respond to FBI’s requests for ECTRs, and may remain widely available because of the change in the broadband rules. It also reminds me of Wyden’s neverending quest to liberate an OLC memo John Yoo wrote as part of Stellar Wind, but which purportedly pertains to cybersecurity.

In wake of the broadband rule change, AT&T, Verizon, and Comcast (but not, for example, CenturyLink) have assured customers they won’t change their practices and won’t be selling individual customers’ data.

But I’m not seeing any of the providers making assurances about what they’ll be giving away to the government.

The October Non-Surprise

/12 Comments/in , , /by

Both the Wikileaks Podesta release and the Access Hollywood tape drowned out the Intelligence Community report on Russia

Earlier this week, in an interview with Politico (the story and the interview transcript seem to be memory holed for now), Obama’s Homeland Security Czar Lisa Monaco insisted that the Obama response to the Russian hack of the DNC was actually quite forceful, but that it got lost in the release of the Access Hollywood video showing Trump threatening to grab women by the pussy.

But strong supporters of Clinton’s campaign argued—some at the time, many more in the wake of the former secretary of state’s shocking November election defeat—that the Obama team should have done more to publicize the hacking for what it was: a heavy-handed Kremlin intervention on behalf of one side in America’s presidential election. Monaco pushed back against that, recalling that the heads of U.S. intelligence agencies issued a joint statement publicly blaming the Russians for the pre-election hack on Oct. 7. “That was an unprecedented statement,” she says, “a fact that sometimes gets lost in this discussion” given that it came on the same day as the revelation of the “Access Hollywood” tape showing Trump joking about sexually assaulting a woman.

I point to Monaco’s argument because it’s a mirror image to claims Hillary supporters make about the same week. They argue that the release of the John Podesta emails drowned out the Access Hollywood video. Here’s John Podesta in a December appearance on Meet the Press.

So October 7th, Wiki– October 7th, let’s go through the chronology. On October 7th, the Access Hollywood tape comes out. One hour later, WikiLeaks starts dropping my emails into the public. One could say that there might, those things might not have been a coincidence.

Monaco is in the right here. The Google Trends graph above maps “Wikileaks emails” in blue, “Access Hollywood” in red, and “Russian hack” in yellow (“Grab them by the pussy” shows a more extreme but shorter spike, “John Podesta” doesn’t show as high). In fact, the Grab them by the pussy video drowned out the first releases of the Podesta emails — which suggests it would have been stupid strategy to intentionally release them at the same time, as doing so would mean fewer people would read the excerpts from Hillary’s speeches that got released on the first day. By the following Tuesday, Wikileaks had taken over. By comparison, the Russian hack was a mere blip compared to those two stories, though.

The Roger Stone and Wikileaks narrative misses a few data points

I return to this chronology for another reason. The events of the week of October 3 have been in the news for another reason: their role in the claim that Roger Stone was coordinating with Wikileaks during that week (which is presumably a big part of the reason Podesta insinuated there was coordination on that timing).

CNN has a timeline of many of Stone’s Wikileaks related comments, which actually shows that in August, at least, Stone believed Wikileaks would release Clinton Foundation emails (a claim that derived from other known sources, including Bill Binney’s claim that the NSA should have all the Clinton Foundation emails).

It notes, as many timelines of Stone’s claims do, that on Saturday October 1 (or early morning on October 2 in GMT; the Twitter times in this post have been calculated off the unix time in the source code), Stone said that on Wednesday (October 5), Hillary Clinton is done.

Fewer of these timelines note that Wikileaks didn’t release anything that Wednesday. It did, however, call out Guccifer 2.0’s purported release of Clinton Foundation documents (though the documents were real, they were almost certainly mislabeled Democratic Party documents) on October 5. The fact that Guccifer 2.0 chose to mislabel those documents is worth further consideration, especially given public focus on the Foundation documents rather than other Democratic ones. I’ll come back to that.

Throughout the week — both before and after the Guccifer 2.0 release — Stone kept tweeting that he trusted the Wikileaks dump was still coming.

Monday, October 3:

Wednesday, October 5 (though this would have been middle of the night ET):

Thursday, October 6 (again, this would have been nighttime ET, after it was clear Wikileaks had not released on Wednesday):

On October 7, at 4:03PM, David Fahrenthold tweeted out the Access Hollywood video.

On October 7, at 4:32 PM, Wikileaks started releasing the Podesta emails.

Stone didn’t really comment on the substance of the Wikileaks release. In fact, even before the Access Hollywood release, he was accusing Bill Clinton of rape, and he continued in that vein after the release of the video, virtually ignoring the Podesta emails.

For its part, Wikileaks was denying it had any knowing contact with Stone within a week, as it had before. CNN finally reported those denials in the wake of reporting on Stone’s August 2016 contacts with Guccifer 2.0. It’s worth noting that in precisely that time period, Wikileaks managed to discredit a still unexplained US-based hoax launched against Julian Assange, accusing him of soliciting a minor via the online dating site Todd and Claire. In addition, this was the period when the odd Alfa Bank story was being pitched to journalists.

Thus far, anyway, the full chronology suggests that either Stone’s information was only vaguely accurate or Wikileaks delayed its release for a few days. That does weird things to Podesta’s narrative, since either Wikileaks delayed their release so the actually newsworthy part of it — Hillary’s speech excerpts — would be overshadowed (as it was) by the Access Hollywood video, or the Access Hollywood video was timed to coincide with the Wikileaks release — which after all had been announced publicly in a way the Access Hollywood video had not been.

Democrats had more warning of impending emails than Podesta makes out

There’s another part of Podesta’s narrative that deserves review. He liked to suggest he had no idea when his emails were being released — in part, to criticize the FBI for not warning him.

It’s not just that Stone appears to have had a vaguer sense of when the next dump (which, as noted, he appeared to believe would be Clinton Foundation emails) was coming than often made out. Democrats also had more warning than often claimed.

In his December Meet the Press appearance, Podesta made a big deal out of the fact that the FBI had not informed him before the October 7 release.

CHUCK TODD:

This is your personal account that was hacked. I’ve got to think you’re getting updates on the investigation that others would not. What can you share?

JOHN PODESTA:

I will share this with you, Chuck. The first time I was contacted by the F.B.I. was two days after WikiLeaks started dropping my emails.

CHUCK TODD:

Let me pause here.

JOHN PODESTA:

The first, the first–

CHUCK TODD:

Two days after?

But as he went on to reveal, he had seen a document released earlier that he had reason to believe may have been from him (I think, but will have to return to this, that it may have been one of the original Guccifer 2.0 documents).

CHUCK TODD:

But when were you aware that you had been hacked? Before October 7th?

JOHN PODESTA:

I think it was confirmed on October 7th in some of the D.N.C. dumps that had occurred earlier.

CHUCK TODD:

Earlier, yeah.

JOHN PODESTA:

And other campaign officials also had their emails divulge earlier than October 7th. But in one of those D.N.C. dumps, there was a document that appeared to me was– that appeared came– might have come from my account. So I wasn’t sure, I didn’t know, I didn’t know what they had, what they didn’t have. It wasn’t until October 7th when Assange both really in his first statements said things that were incorrect, but started dumping them out and said they were going to all dump out. That’s when I knew that they had the contents of my email account.

Even putting aside Podesta’s suspicion one of the release documents had come from him and Stone’s warnings, Podesta would have had one more warning there would be a further release: from the Christopher Steele reports being done as opposition research for the Hillary campaign.

On September 14, Steele reported that the Russians were considering releasing more emails after the September 18 Duma elections, though the Russians thought they might not have to release any more emails to make Hillary look “weak and stupid.”

Russians do have further “kompromat” on CLINTON (e-mails) and considering disseminating it after Duma (legislative elections) in late September. Presidential spokesman PESKOV continues to lead on this.

[snip]

Continuing on this theme, the senior PA official said the situation was that the Kremlin had further “kompromat” on candidate CLINTON and had been considering releasing this via “plausibly deniable” channels after the Duma (legislative elections) were out of the way in mid-September. There was however a growing train of thought and associated lobby, arguing that the Russians could still make candidate CLINTON look “weak and stupid” by provoking her into railing against PUTIN and Russia without the need to release more of her e-mails.

Curiously, as with all other Wikileaks releases, the publicly-released Steele reports never prospectively confirm a release. Steele’s sources seemed to have little prospective insight to offer about non-public events tied to the release of emails. But on October 12, a report (based on undated early October reporting, which raises questions why the reporting on this wasn’t as quick as on some other reports) notes that the Russians have dumped more anti-Clinton material, which would continue until election day.

Russians have injected further anti-CLINTON material into the “plausibly deniable” leaks pipeline which will continue to surface, but best material already in public domain.

[snip]

Speaking separately in confidence to a trusted compatriot in early October 2016, a senior Russian leadership figure and a Foreign Ministry official reported on recent developments concerning the Kremlin’s operation to support Republican candidate Donald TRUMP in the US presidential election. The senior leadership figure said that a degree of buyer’s remorse was setting in among Russian leaders concerning TRUMP, PUTIN and his colleagues were surprised and disappointed that leaks of Democratic candidate, Hillary CLINTON’s hacked e-mails had not had greater impact on the campaign.

Continuing on this theme, the senior leadership figure commented that a stream of further hacked CLINTON material already had been injected by the Kremlin into compliant western media outlets like Wikileaks, which remained at least “plausibly deniable”, so the stream of these would continue through October and up to the election. However s/he understood that the best material the Russians had already was out and there were no real game-changers to come.

Suffice it to say, even without an FBI warning, Podesta had good reason to expect the emails would occur, though he may have had only a vague idea of the timing.

The other missing detail

Which brings me to one final event from that week that rarely makes the timelines, particularly not the Democratic ones (though Glenn Greenwald pointed out some of it in this post).

From at least the time of the DNC email release in July, Democrats insinuated that Russia and/or Wikileaks had doctored the emails, without ever offering proof, besides the original obvious doctoring of metadata in the Guccifer 2.0 documents (though some DNC people have since credibly claimed that not all of their emails got published). Chief among those people was Malcolm Nance, who was writing a book on the hack. He started warning of spoofed emails in late July. He started pitching his book, which predicted the leaks would include tampering, at the end of September.

And then, just over an hour after the Podesta emails dropped (5:44PM) documents including excerpts from Hillary’s speeches, a pro-Clinton Twitter account responded to Michael Tracey’s observations about the excerpts with a badly faked transcript of a Hillary Goldman Sachs speech.

At 7:25PM, one of the key Russian story commenters linked to it, accusing “Trumpists” of “dirtying docs.” Then at 7:43PM, Nance tweeted, “Official Warning: #PodestaEmails are already proving to be riddled with obvious forgeries & #blackpropaganda not even professionally done.”

Click through to Greenwald’s post to see how it went viral after that (MSNBC’s Joy Reid, who had repeatedly had Nance on, was key to both of Nance’s claims of forgeries go viral), including how it got picked up in the Democrats’ own fake news sites.

Here’s the thing: in multiple places, the guy who later claimed credit, under the name “Marco Chacon,” for the hoax stated he had done the transcript in advance of the release of the emails.

The biggest breakout I had came when a Vice reporter, Michael Tracey, was holding forth on Twitter in the wake of the Podesta Email leaks. He was speaking about the Goldman Sachs transcripts—and I had one.

I had written up a fake Goldman Sachs transcript days before, wherein Hillary Clinton is preparing a run for president and is speaking to the board of directors in 2014 about the coming threat to Wall Street and Washington power. That threat? Bronies, adult male fans of the cartoon My Little Pony: Friendship Is Magic. She has to explain this “Bronie Threat” to them and, in the process, describes a group of internet denizens she calls a “bucket of losers.”

When I tweeted the link and an image of some of the text at Tracey, I did it because I find him to be something of a self-important git and wanted to poke fun at him. I didn’t know at the time that there were Goldman Sachs transcript fragments in the WikiLeaks release.

Note, too, that his claim that when he tweeted the hoax transcript to Tracey, he didn’t know there were Goldman transcripts in the Wikileaks release is laughable: That’s what Tracey’s tweet was about!

Just days later, Kurt Eichenwald would make another claim that Russia had doctored emails that went even more wildly viral (and became among the most remembered fake news stories of the election cycle). In Eichenwald’s discussions with the Sputnik writer in question, Bill Moran, he insisted that spooks had alerted him to the (mis)use of his story.

There is definitely evidence that Roger Stone had at least enough feedback with those leaking stolen emails to know to expect them the first week of October — though he clearly didn’t know precisely when or what to expect. Moreover, he clearly didn’t have an open channel with Assange to find out when the delayed release would be — it appears, instead, he got a warning, but no update.

But there are at least as many reasons to ask whether the Democrats (or perhaps even a government agency) had advance warning of what was coming, and had planned in response.

And all that played out at the time when, per Lisa Monaco, the Intelligence Community made what they viewed as an unprecedented announcement blaming Russia for the hack of the Democrats.

There are definitely reasons to scrutinize Stone’s foreknowledge in all this. But that is by no means the only feedback loop that appears to have been in operation by this point.