DEA’s Dragnet and David Headley

/2 Comments/in , , , /by

In a piece on the DEA dragnet the other day, Julian Sanchez made an important point. The existence of the DEA dragnet — and FBI’s use of it in previous terrorist attacks — destroys what little validity was left of the claim that NSA needed the Section 215 dragnet after 9/11 to close a so-called “gap” they had between a safe house phone in Yemen and plotters in the US (though an international EO 12333 database would have already proven that wrong).

First, the program’s defenders often suggest that had we only had some kind of bulk telephone database, the perpetrators of the 9/11 attacks could have been identified via their calls to a known safehouse in Yemen.  Now, of course, we know that there was such a database—and indeed, a database that had already been employed in other counterterror investigations, including the 1995 Oklahoma City bombing. It does not appear to have helped.

But the DEA dragnet is even more damning for another set of claims, and for another terrorist attack such dragnets failed to prevent: former DEA informant David Headley, one of the key planners of the 2008 Mumbai attack.

Headley provided DEA the phone data they would have needed to track him via their dragnet

As ProPublica extensively reported in 2013, Headley first got involved in Lashkar-e-Taiba while he remained on the DEA’s payroll, at a time when he was targeting Pakistani traffickers. Indeed, after 9/11, his DEA handler called him for information on al Qaeda. All this time, Headley was working phone based sources.

Headley returned to New York and resumed work for the DEA in early 2000. That April, he went undercover in an operation against Pakistani traffickers that resulted in the seizure of a kilo of heroin, according to the senior DEA official.

At the same time, Headley immersed himself in the ideology of Lashkar-i-Taiba. He took trips to Pakistan without permission of the U.S. authorities. And in the winter of 2000, he met Hafiz Saeed, the spiritual leader of Lashkar.

Saeed had built his group into a proxy army of the Pakistani security forces, which cultivated militant groups in the struggle against India. Lashkar was an ally of al Qaeda, but it was not illegal in Pakistan or the United States at the time.

[snip]

Headley later testified that he told his DEA handler about his views about the disputed territory of Kashmir, Lashkar’s main battleground. But the senior DEA official insisted that agents did not know about his travel to Pakistan or notice his radicalization.

On Sept. 6, 2001, Headley signed up to work another year as a DEA informant, according to the senior DEA official.

On Sept. 12, Headley’s DEA handler called him.

Agents were canvassing sources for information on the al Qaeda attacks of the day before. Headley angrily said he was an American and would have told the agent if he knew anything, according to the senior DEA official.

Headley began collecting counterterror intelligence, according to his testimony and the senior DEA official. He worked sources in Pakistan by phone, getting numbers for drug traffickers and Islamic extremists, according to his testimony and U.S. officials.

Even at this early stage, the FBI had a warning about Headley, via his then girlfriend who warned a bartender Headley had cheered the 9/11 attack; the bartender passed on the tip. And Headley was providing the DEA — which already had a dragnet in place — phone data on his contacts, including Islamic extremists, in Pakistan.

ProPublica’s sources provide good reason to believe DEA, possibly with the FBI, sent Headley to Pakistan even after that tip, and remained an informant until at least 2005.

So the DEA (or whatever agency had sent him) not only should have been able to track Headley and those he was talking to using their dragnet, but they were using him to get phone contacts they could track (and my understanding is that agreeing to be an informant amounts to consent to have your calls monitored, though see this post on the possible “defeat” of informant identifiers).

Did Headley’s knowledge of DEA’s phone tracking help the Mumbai plotters avoid detection?

Maybe. And/or maybe Headley taught his co-conspirators how to avoid detection.

Of course, Headley could have just protected some of the most interesting phone contacts of his associates (but again, DEA should have tracked who he was talking to if they were using him to collect telephony intelligence).

More importantly, he may have alerted Laskar-e-Taiba to phone-based surveillance.

In a December joint article with the NYT, ProPublica provided details on how one of Headley’s co-conspirators, Zarrar Shah, set up a New Jersey-based VOIP service so it would appear that their calls were originating in New Jersey.

Not long after the British gained access to his communications, Mr. Shah contacted a New Jersey company, posing online as an Indian reseller of telephone services named Kharak Singh, purporting to be based in Mumbai. His Indian persona started haggling over the price of a voice-over-Internet phone service — also known as VoIP — that had been chosen because it would make calls between Pakistan and the terrorists in Mumbai appear as if they were originating in Austria and New Jersey.

“its not first time in my life i am perchasing in this VOIP business,” Mr. Shah wrote in shaky English, to an official with the New Jersey-based company when he thought the asking price was too high, the GCHQ documents show. “i am using these services from 2 years.”

Mr. Shah had begun researching the VoIP systems, online security, and ways to hide his communications as early as mid-September, according to the documents.

[snip]

Eventually Mr. Shah did set up the VoIP service through the New Jersey company, ensuring that many of his calls to the terrorists would bear the area code 201, concealing their actual origin.

We have reason to believe that VOIP is one of the gaps in all domestic-international dragnets that agencies are just now beginning to close. And by proxying through the US, those calls would have been treated as US person calls (though given the clear foreign intelligence purpose, they would have met any retention guidelines, though may have been partly blocked in CIA’s dragnet). While there’s no reason to believe that Headley knew that, he likely knew what kind of phone records his handlers had been most interested in.

But it shouldn’t have mattered. As the article makes clear, GCHQ not only collected the VOIP communications, but Shah’s communications as he set them up.

Did FBI claim it tracked Headley using the NSA dragnet when it had actually used the DEA one?

I’ve been arguing for years that if dragnet champions want to claim they work, they need to explain why they point to Headley as a success story because they prevented his planned attack on a Danish newspaper, when they failed to prevent the even more complex Mumbai attack. Nevertheless, they did claim it — or at least strongly suggest it — as a success, as in FBI Acting Assistant Director Robert Holley’s sworn declaration in Klayman v. Obama.

In October 2009, David Coleman Headley, a Chicago businessman and dual U.S. and Pakistani citizen, was arrested by the FBI as he tried to depart from Chicago O’Hare airport on a trip to Pakistan. At the time of his arrest, Headley and his colleagues, at the behest of al-Qa’ida, were plotting to attack the Danish newspaper that published cartoons depicting the Prophet Mohammed. Headley was later charged with support for terrorism based on his involvement in the planning and reconnaissance for the 2008 hotel attack in Mumbai. Collection against foreign terrorists and telephony metadata analysis were utilized in tandem with FBI law enforcement authorities to establish Headley’s foreign ties and put them in context with his U.S. based planning efforts.

That said, note how Holley doesn’t specifically invoke Section 215 (or, for that matter, Section 702, which the FBI had earlier claimed they used against Headley)?

Now compare that to what the Privacy and Civil Liberties Oversight Board said about the use of Section 215 against Headley.

In October 2009, Chicago resident David Coleman Headley was arrested and charged for his role in plotting to attack the Danish newspaper that published inflammatory cartoons of the Prophet Mohammed. He was later charged with helping orchestrate the 2008 Mumbai hotel attack, in collaboration with the Pakistan-based militant group Lashkar-e-Taiba. He pled guilty and began cooperating with authorities.

Headley, who had previously served as an informant for the Drug Enforcement Agency, was identified by law enforcement as involved in terrorism through means that did not involve Section 215. Further investigation, also not involving Section 215, provided insight into the activities of his overseas associates. In addition, Section 215 records were queried by the NSA, which passed on telephone numbers to the FBI as leads. Those numbers, however, only corroborated data about telephone calls that the FBI obtained independently through other authorities.

Thus, we are aware of no indication that bulk collection of telephone records through Section 215 made any significant contribution to the David Coleman Headley investigation.

First, by invoking Headley’s role as an informant, PCLOB found reason to focus on DEA right before they repeatedly point to other authorities: Headley was IDed by “law enforcement” via means that did not involve 215, his collaborators were identified via means that did not involve 215, and when they finally did query 215, they only “corroborated data about telephone calls that the FBI had obtained independently through other authorities.”

While PCLOB doesn’t say any of these other authorities are DEA’s dragnet, all of them could be (though some of them could also be NSA’s EO 12333 dragnet, or whatever dragnet CIA runs, or GCHQ collection, or Section 702, or — some of them — FBI NSL-based collection, or tips). What does seem even more clear now than when PCLOB released this is that NSA was trying to claim credit for someone else’s dragnet, so much so that even the FBI itself was hedging claims when making sworn declarations.

Of course, whatever dragnet it was that identified Headley’s role in Laskar-e-Taiba, even the DEA’s own dragnet failed to identify him in the planning stage for the larger of the attacks.

If the DEA’s own dragnet can’t find its own informant plotting with people he’s identified in intelligence reports, how successful is any dragnet going to be?

 

PCLOB’s New Work: Examining “Activities” Taking Place in the Loopholes of EO 12333

/1 Comment/in /by

On Wednesday, the Privacy and Civil Liberties Oversight Board met to approve its next project. They are just about completing a general overview of the Intelligence Community’s use of EO 12333 (as part of which they’ve been nagging agencies, notably DEA and Treasury, to comply with requirements imposed by Ronald Reagan). Next, they will move onto a deep dive of two programs conducted under EO 12333, one each for NSA and CIA. PCLOB has now posted materials from Wednesday’s meeting, though this overview is also useful.

Keeping in mind that PCLOB already has a pretty good sense of what the agencies are doing, consider this description of its deep dive into activities of NSA and CIA.

During the next stage of its inquiry, the Board will select two counterterrorism-related activities governed by E.O. 12333, and will then conduct focused, in-depth examinations of those activities. The Board plans to concentrate on activities of the CIA and NSA, and to select activities that involve one or more of the following: (1) bulk collection involving a significant chance of acquiring U.S. person information; (2) use of incidentally collected U.S. person information; (3) targeting of U.S. persons; and (4) collection that occurs within the United States or from U.S. companies. Both reviews will involve assessing how the need for the activity in question is balanced with the need to protect privacy and civil liberties. The reviews will result in written reports and, if appropriate, recommendations for the enhancement of civil liberties and privacy.

Some of this is unsurprising. If PCLOB were to conduct a review of SPCMA, it would be assessing NSA’s analysis of incidentally collected US person data collected in great volume as a result of collecting in bulk. Indeed, conducting such a review would get to a lot of the issues raised by John Napier Tye in PCLOB testimony.

But I’m more interested in bullets 3 and 4.

Bullet 3 suggests that CIA and/or NSA are targeting US persons under EO 12333.

There are certainly ways that’s permissible. For example, EO 12333 permits agencies to conduct physical surveillance of their employees.

(1) Physical surveillance of present or former employees, present or former intelligence element contractors or their present or former employees, or applicants for any such employment or contracting; and

(2) Physical surveillance of a military person employed by a non-intelligence element of a military service;

And it permits physical surveillance overseas if significant information can’t reasonably acquired by other means.

Physical surveillance of a United States person abroad to collect foreign intelligence, except to obtain significant information that cannot reasonably be acquired by other means.

You’d think this would bump up against the FISA Amendments Act very quickly, but remember that this EO was updated in the days after FAA was completed, so everything in it likely accounts for FAA.

On that note, this useful post from Jonathan Mayer (click through for the handy graphic) describes how NSA’s classified EO 12333 permits the Attorney General to authorize the surveillance of US persons or entities for limited periods of time.

A third area of Executive Order 12333, on American soil, is the “Classified Annex Authority” or “CAA.” Its source is a classified addition to Executive Order 12333, set out in an NSA policy document.13 The most recent revision, from 2009, reads:

Communications of or concerning a United States person14 may be intercepted intentionally or selected deliberately . . .

with specific prior approval by the Attorney General based on a finding by the Attorney General that there is probable cause to believe the United States person is an agent of a foreign power and that the purpose of the interception or selection is to collect significant foreign intelligence. Such approvals shall be limited to a period of time not to exceed ninety days for individuals and one year for entities.

That provision appears to allow the Attorney General to unilaterally trump FISA. I’m notentirely confident that’s what it means, but it sure looks like it.15

I’m skeptical that the executive branch can just brush aside FISA, especially on American soil. In Justice Jackson’s famous phrasing, when the executive branch acts in clear violation of a legislative enactment, its “power is at its lowest ebb.” Nevertheless, the executive branch does appear to claim that Article II can override FISA, and it does appear to have invoked this Classified Annex Authority on occasion.16

Finally, remember that CIA has conducted investigations targeting Senate Intelligence Committee staffers, which suggests it interprets its ability to conduct counterintelligence investigations unbelievably broadly.

Then there’s bullet 4, which suggests CIA and/or NSA are collecting “within the United States or from U.S. companies.”

With regards collection “within the US,” Mayer’s post is helpful here too, pointing to loopholes for wireless and satellite communication.

The law that results is quite counterintuitive. If a communication is carried by radio waves, and it’s one-end foreign, it falls under Executive Order 12333. If that same communication were carried by a wire, though, it would fall under FISA. (Specifically, the Section 702 upstream program.)

As for how this Executive Order 12333 authority might be used beyond satellite surveillance, I could only speculate. Perhaps intercepting cellphone calls to or from foreign embassies?12 Or along the national borders? At any rate, the FISA-free domestic wireless authority appears to be even broader than the Transit Authority.

As far as collection outside the US, this may simply be a reference to providers voluntarily providing data under 18 U.S.C. § 2511(2)(f), as we know at least some of the telecoms do.

But we also know NSA and its partner GCHQ have stolen unencrypted US company data overseas. And while the theft off Google’s fiber has, hopefully, been stopped, there’s still quite a lot of ways NSA can steal this data.

In any case, the terms of PCLOB’s investigation sure seem to suggest that CIA and/or NSA are exploiting the holes in EO 12333 in significant enough ways to raise concerns for PCLOB.

Government’s Assassination of Anwar al-Awlaki Used “Significantly Different” EO 12333 Analysis

/10 Comments/in , /by

Jameel Jaffer has a post on the government’s latest crazy-talk in the ongoing ACLU and NYT effort to liberate more drone memos. He describes how — in the government’s response to their appeal of the latest decisions on the Anwar al-Awlaki FOIA — the government claims the Court’s release of an OLC memo does not constitute official release of that memo. (Note, I wouldn’t be surprised if the government is making this claim in anticipation of orders to release torture pictures in ACLU’s torture FOIA suit that’s about to head to the 2nd Circuit.)

But there’s another interesting aspect of that brief. It provides heavily redacted discussion of the things Judge Colleen McMahon permitted the government to withhold. But it makes it clear that one of those things is a March 2002 OLC memo that offers different analysis about the assassination ban than the analysis used to kill Anwar al-Awlaki.

The district court also upheld the withholding of a March 2002 OLC Memorandum analyzing the assassination ban in Executive Order 12,333 (the “March 2002 Memorandum”). (CA 468-70; see CA 315-29). Although the district court noted that the OLC-DOD Memorandum released by this Court contained a “brief mention” of Executive Order 12,333, the district court concluded that the analysis in the March 2002 Memorandum is significantly different from any legal analysis that this Court held has been officially disclosed and for which privilege has been waived.

The statement here is carefully worded, probably for good reason. That’s because the February 19, 2010 memo McMahon permitted the government to almost entirely redact clearly explains EO 123333 and its purported ban on assassinations in more depth than the July 16, 2010 one; the first paragraph ends,

Under the conditions and factual predicates as represented by the CIA and in the materials provided to us from the Intelligence Community, we believed that a decisionmaker, on the basis of such information, could reasonably conclude that the use of lethal force against Aulaqi would not violate the assassination ban in Executive Order 12333 or any application constitutional limitations due to Aulaqi’s United States citizenship.

I pointed out that there must be more assassination analysis here. It almost certainly resembles what Harold Koh said about a month later, for which activists at NYU are now calling into question his suitability as an international law professor.

Fourth and finally, some have argued that our targeting practices violate domestic law, in particular, the long-standing domestic ban on assassinations. But under domestic law, the use of lawful weapons systems—consistent with the applicable laws of war—for precision targeting of specific high-level belligerent leaders when acting in self-defense or during an armed conflict is not unlawful, and hence does not constitute “assassination.”

But the government is claiming that because that didn’t get disclosed in the July 2010 memo, it doesn’t have to be disclosed in the February 2010 memo, and the earlier “significantly different” analysis from OLC doesn’t have to be disclosed either.

At a minimum, ACLU and NYT ought to be able to point to the language in the white paper that addresses assassinations that doesn’t appear in the later memo to show that the government has already disclosed it.

But I’m just as interested that OLC had to change its previous stance on assassinations to be able to kill Awlaki.

Of course, the earlier memo was written during a period when John Yoo and others were pixie dusting EO 12333, basically saying the President didn’t have to abide by EO 12333, but could instead violate it and call that modifying it. Perhaps that’s the difference — that David Barron invented a way to say that killing a high ranking leader (whether or not he’s a citizen) didn’t constitute assassination because of the weapons systems involved, as distinct from saying the President could blow off his own EOs in secret and not tell anyone.

I suggested Dick Cheney had likely pixie dusted EO 12333’s ban on assassinations back in 2009.

But there’s also the possibility the government had to reverse the earlier decision in some other fashion. After all, when Kamal Derwish was killed in a drone strike in Yemen on November 9, 2002, the government claimed Abu Ali al-Harithi was the target, a claim the government made about its December 24, 2009 attempt to kill Anwar al-Awlaki, but one they dropped in all subsequent attempts, coincident with the February 2010 memo. That is, while I think it less likely than the alternative, it is possible that the 2010 analysis is “significantly different” because they had to interpret the assassination ban even more permissively. While I do think it less likely, it might explain why Senators Wyden, Udall, and Heinrich keep pushing for more disclosure on this issue.

One thing is clear, however. The fact that the government can conduct “significantly different” analysis of what EO 12333 means, in secret, anytime it wants to wiretap or kill a US citizen makes clear that it is not a meaningful limit on Executive power.

“Information Is No Longer Being Collected in Bulk [Pursuant to 21 U.S.C. § 876]”

/6 Comments/in , /by

Given the details in yesterday’s USAT story on DEA’s dragnet, I wanted to re-examine the DEA declaration revealing details of the phone dragnet in the Shantia Hassanshahi case which I wrote about here. As I noted then, there’s a footnote modifying the claim that the database in question “was suspended in September 2013” that is entirely redacted. And the declaration only states that “information is no longer being collected in bulk pursuant to 21 U.S.C. §876,” not that it is no longer being collected.

According to the USAT, DEA moved this collection to more targeted subpoenas that may number in the thousands.

The DEA asked the Justice Department to restart the surveillance program in December 2013. It withdrew that request when agents came up with a new solution. Every day, the agency assembles a list of the telephone numbers its agents suspect may be tied to drug trafficking. Each day, it sends electronic subpoenas — sometimes listing more than a thousand numbers — to telephone companies seeking logs of international telephone calls linked to those numbers, two official familiar with the program said.

The data collection that results is more targeted but slower and more expensive. Agents said it takes a day or more to pull together communication profiles that used to take minutes.

We should expect this move occurred either in the second half of 2013 (after the dragnet first got shut down) or the first half of 2014 (after DEA backed off its request to restart the draget). And we should expect these numbers to show in the telecoms transparency reports.

But they don’t — or don’t appear to.

Both AT&T and Verizon reported their 2013 numbers for the entire year. They both broke out their 2014 numbers semiannually. (Verizon; AT&T 2013AT&T 2014; h/t Matt Cagle, who first got me looking at these numbers)

Here are the numbers for all subpoenas (see correction below):

Screen Shot 2015-04-08 at 1.50.32 PM

Both companies show a decrease in overall criminal subpoenas from 2013 to 2014. And while Verizon shows a continued decline, AT&T’s subpoena numbers went back up in the second half of 2014, but still lower than half of 2013’s numbers.

In any case, both companies report at least 15% fewer subpoenas in 2014, at a time when — according to what USAT got told — they should have been getting thousands of extra subpoenas a day.

It is possible what we’re seeing is just the decreased utility of phone records. As the USAT notes, criminals are increasingly using messaging platforms that use the Internet rather than telecoms.

But it’s possible the DEA’s dragnet went somewhere else entirely.

Though USAT doesn’t mention it (comparing instead with the Section 215 dragnet, which is not a comparable program because it, like Hemisphere as far as we know, focuses solely on domestic records), the NSA has an even bigger phone and Internet dragnet that collects on drug targets. Indeed, President Obama included “transnational criminal threats” among the uses permitted for data collected in bulk under PPD-28, which he issued January 17, 2014. So literally weeks after DEA supposedly moved to subpoena-based collection in December 2013, the President reiterated support for using NSA (or, indeed, any part of the Intelligence Community) bulk collections to pursue transnational crime, of which drug cartels are the most threatening.

There is no technical reason to need to collect this data in the US. Indeed, given the value of location data, the government is better off collecting it overseas to avoid coverage under US v. Jones. Moreover, as absolutely crummy as DOJ is about disclosing these kinds of subpoenas, it has disclosed them, whereas it continues to refuse to disclose any collection under EO 12333.

Perhaps it is the case that DEA really replaced its dragnet with targeted collection. Or perhaps it simply moved it under a new shell, EO 12333 collection, where it will remain better hidden.

Update: I realized I had used criminal subpoenas for AT&T, but not for Verizon (which doesn’t break out criminal and civil). Moreover, it’s not clear whether the telecoms would consider these criminal or civil subpoenas.

I also realized one other possible explanation why these don’t show up in the numbers. USAT reports that DEA uses subpoenas including thousands of numbers, whereas they used to use a subpoena to get all the records. That is, the telecoms may count each of these subpoenas as just one subpoena, regardless of whether it obtains 200 million or 1,000 numbers. Which would have truly horrifying implications for “Transparency.”

Update: There would be limitations to relying on the NSA’s database (though DEA could create its own for countries of particular interest). First, DEA could not search for US person identifiers without Attorney General approval (though under SPMCA, it could conduct chaining it knew to include US persons). Also, as of August 2014, at least, NSA wasn’t sharing raw EO 12333 data with other agencies, per this Charlie Savage story.

The N.S.A. is also permitted to search the 12333 storehouse using keywords likely to bring up Americans’ messages. Such searches must have “foreign intelligence” purposes, so analysts cannot hunt for ordinary criminal activity.

For now, the N.S.A. does not share raw 12333 intercepts with other agencies, like the F.B.I. or the C.I.A., to search for their own purposes. But the administration is drafting new internal guidelines that could permit such sharing, officials said.

That said, it’s clear that NSA shares metadata under ICREACH with other agencies, explicitly including DEA.

Everything in the War on Terror Came from the War on Drugs

/15 Comments/in , /by

bmaz has long insisted, correctly, that all the tricks they have used in the war on terror came first from the war on drugs.

The USA Today’s Brad Heath demonstrates how true that is with a blockbuster story on a DEA dragnet, called the USTO, of US to international calls covering up to 116 countries that operated similarly to the NSA dragnet. It dates back to the last days of Poppy Bush’s administration. And key figures — especially Robert Mueller, but also Eric Holder — played roles in it in their earlier Executive Branch careers. And, no surprise, the DEA never gave discovery on the collection to defendants.

Definitely read the whole thing. But I’m particularly interested in the last paragraphs, which explain what happened to it. After Snowden exposed the NSA version of the dragnet (which includes the US, as well as foreign countries) and the government kept arguing that was justified because of its special intelligence purpose, the claims they made to justify the DEA dragnet started to fall apart. Plus, it has become less useful anyway, now that more people use the Intertoobz.

It was made abundantly clear that they couldn’t defend both programs,” a former Justice Department official said. Others said Holder’s message was more direct. “He said he didn’t think we should have that information,” a former DEA official said.

By then, agents said USTO was suffering from diminishing returns. More criminals — especially the sophisticated cartel operatives the agency targeted — were communicating on Internet messaging systems that are harder for law enforcement to track.

Still, the shutdown took a toll, officials said. “It has had a major impact on investigations,” one former DEA official said.

The DEA asked the Justice Department to restart the surveillance program in December 2013. It withdrew that request when agents came up with a new solution. Every day, the agency assembles a list of the telephone numbers its agents suspect may be tied to drug trafficking. Each day, it sends electronic subpoenas — sometimes listing more than a thousand numbers — to telephone companies seeking logs of international telephone calls linked to those numbers, two official familiar with the program said.

The data collection that results is more targeted but slower and more expensive. Agents said it takes a day or more to pull together communication profiles that used to take minutes.

This lesson is instructive for the NSA dragnet. It points to one reason why the NSA dragnet may not get all the “calls” it wants: because of messaging that bypasses the telecom backbone. And it shows that an alternative approach can be used.

 

The AP’s Recycled “We Don’t Need a Phone Dragnet” Story Lays the Groundwork for Swapping Section 215 for CISA

/3 Comments/in , , /by

The AP has a story that it calls an “Exclusive” and says “has not been reported before” reporting that the NSA considered killing the phone dragnet back before Edward Snowden disclosed it.

The National Security Agency considered abandoning its secret program to collect and store American calling records in the months before leaker Edward Snowden revealed the practice, current and former intelligence officials say, because some officials believed the costs outweighed the meager counterterrorism benefits.

After the leak and the collective surprise around the world, NSA leaders strongly defended the phone records program to Congress and the public, but without disclosing the internal debate.

The proposal to kill the program was circulating among top managers but had not yet reached the desk of Gen. Keith Alexander, then the NSA director, according to current and former intelligence officials who would not be quoted because the details are sensitive. Two former senior NSA officials say they doubt Alexander would have approved it.

Still, the behind-the-scenes NSA concerns, which have not been reported previously, could be relevant as Congress decides whether to renew or modify the phone records collection when the law authorizing it expires in June.

The story looks a lot like (though has mostly different dates) this AP story, published just after USA Freedom Act failed in the Senate in November.

Years before Edward Snowden sparked a public outcry with the disclosure that the National Security Agency had been secretly collecting American telephone records, some NSA executives voiced strong objections to the program, current and former intelligence officials say. The program exceeded the agency’s mandate to focus on foreign spying and would do little to stop terror plots, the executives argued.

The 2009 dissent, led by a senior NSA official and embraced by others at the agency, prompted the Obama administration to consider, but ultimately abandon, a plan to stop gathering the records.

The secret internal debate has not been previously reported. The Senate on Tuesday rejected an administration proposal that would have curbed the program and left the records in the hands of telephone companies rather than the government. That would be an arrangement similar to the one the administration quietly rejected in 2009.

The unquestioned claim that the program doesn’t get cell data — presented even as the Dzhokhar Tsarnaev case makes clear it does* — appears in both (indeed, this most recent version inaccurately references T-Mobile cell phone user Basaaly Moalin’s case — getting the monetary amounts wrong — without realizing that that case, too, disproves the cell claim).

Most importantly, however, both stories report these previous questions about the efficacy of the phone dragnet in the context of questions about whether the program will be reauthorized after June.

Perhaps the most telling detail, however, is that this new story inaccurately describes what happened to the Internet dragnet in 2011.

There was a precedent for ending collection cold turkey. Two years earlier, the NSA cited similar cost-benefit calculations when it stopped another secret program under which it was collecting Americans’ email metadata — information showing who was communicating with whom, but not the content of the messages. That decision was made public via the Snowden leaks.

The NSA in no way went “cold turkey” in 2011. Starting in 2009, just before it finally confessed to DOJ it had been violating collection rules for the life of the program, it rolled out the SPCMA program that allowed the government to do precisely the same thing, from precisely the same user interface, with any Internet data accessible through EO 12333. SPCMA was made available to all units within NSA in early 2011, well before NSA “went cold turkey.” And, at the same time, NSA moved some of its Internet dragnet to PRISM production, with the added benefit that it had few of the data sharing limits that the PRTT dragnet did.

That is, rather than going “cold turkey” the NSA moved the production under different authorities, which came with the added benefits of weaker FISC oversight, application for uses beyond counterterrorism, and far, far more permissive dissemination rules.

That AP’s sources claimed — and AP credulously reported — that this is about “cold turkey” is a pretty glaring hint that the NSA and FBI are preparing to do something very similar with the phone dragnet. As with the Internet dragnet, SPCMA permits phone chaining for any EO 12333 phone collection, under far looser rules. And under CISA, anyone who “voluntarily” wants to share this data (which always includes AT&T and likely includes other backbone providers) can share promiscuously and with greater secrecy (because it is protected by both Trade Secret and FOIA exemption). Some of this production, done under PRISM, would permit the government to get “connection” chaining information more easily than under a phone dragnet. And as with the Internet dragnet, any move of Section 215 production to CISA production evades existing FISC oversight.

A year ago, Keith Alexander testified that if they just had a classified data sharing program — like CISA — they could live without the dragnet. A year ago, basically, Alexander said he’d be willing to swap CISA for the phone dragnet.

Remarkably, these inaccurate AP stories always seem to serve that story, all while fostering a laughable myth that “ending the phone dragnet” would in any way end the practice of a phone dragnet.

*Update 3/30: My claim that the Marathon case proves they got cell call data relies only on FBI claims they were able to use the dragnet to good effect. I actually think that FBI used an AT&T specific dragnet — not the complete phone dragnet — to identify the brothers’ phones (while the government has offered conflicting testimony on this account, I’m fairly certain all of Dzhokhar’s phones and Tamerlan’s pre-paid phone discussed at Dzhokhar’s trial were T-Mobile phones). But if that’s the case, then FBI lied outright when making those earlier claims. I’m perfectly willing to believe that, but if that’s the now-operative story I’d love for someone to confirm it.

Tamerlan’s Search on Remote Control Car Info

/5 Comments/in , /by

I want to do a quick post about details defense attorney Timothy Watkins snuck into today’s testimony at the Dzhokhar Tsarnaev trial. FBI Supervisory Special Agent Edward Knapp testified at length about how he investigated the bombs used in the attacks. At the end of direct, the government had him show how closely the bombs — both the elbow pipe bombs used at Watertown and the pressure cooker bombs — resembled bomb instructions included in Inspire Magazine.

The effort was, as so much of this trial has been, a carefully scripted effort to tell a narrative that probably doesn’t reflect the full truth of how the brothers got or made the bombs using what propaganda. Judge George O’Toole had, earlier in the trial, prevented the defense from entering evidence about the Russian bomb making materials on Tamerlan’s hard drive. Knapp focused on the bombs that most closely resembled Inspire bombs (focusing on the elbow pipe bomb, for example, and not the straight one also used in Watertown). He didn’t get into really big detail about the trigger used for the bombs used at the race. Knapp even focused on a green Christmas light in one of the bombs to show it was just like the green Christmas light in the Inspire recipe.

Ultimately, it was about how the bombs could have been made from the recipes in Inspire magazine.

In addition to trying, unsuccessfully, to get Knapp to reveal what fingerprint evidence had shown about the bomb materials (they almost certainly show that Tamerlan handled the bombs, not Dzhokhar), Watkins asked,

Watkins: Inspire Magazine doesn’t mention RC cars as a bomb component, does it? Knapp: I don’t think so.

In the midst of an objection, Watkins sneaks in question…did u know Tamerlan searched internet for RC car info? Objection, sustained.

The question, if permitted as evidence, would have shown several things: that Tamerlan didn’t follow Inspire exactly for the bombs used at the race, that Tamerlan was the one putting them together, and — possibly — that Tamerlan was at least partly using a Russian model for the bomb, not Inspire’s model. (One detail defense revealed yesterday is that there was nitroglycerine at the Cambridge apartment which was stronger than the firecrackers used in the pressure cookers.)

That, by itself is notable: once again, the government’s pat narrative is almost certainly not a description of what actually happened.

But the detail also raised questions about why Tamerlan’s searches for what ultimately were bomb parts were not found by the FBI or NSA.

There are several answers.

1) These were searches for toy parts, not bomb parts. While FBI might now trigger on remote controllers, they probably didn’t then, even if they had a dragnet. FBI appears to keep expanding its dragnets as terrorists use certain tools.

2) While FBI should have done a back door search on Tamerlan when they did the assessment of him in 2011, nothing we know of would have triggered a new assessment in the interim, even if they did dragnet on remote controllers which I doubt.

3) I do strongly suspect that NSA had picked up the brothers’ downloads of Inspire, which I suspect is triggered to the encryption codes included in the magazine and not to any key word content of the magazines or even the URL. If I’m right (and that’s just a guess), then the NSA would have had data on the brothers. In fact, we know the NSA did have data on one or both of the brothers that didn’t get read until after the attack. If it was Inspire, I think they probably didn’t attract attention because they weren’t 2-degrees of someone interesting or hadn’t been found in one of the more targeted chat rooms. It would also mean that FBI didn’t then share Tamerlan’s identifiers they identified during their 2011 assessment of him with NSA for future mapping (I don’t necessarily think they should, but if they had, then NSA might have paid more attention to whatever data they did have on the brothers, potentially eliciting a second look once they collected it). Also remember, the brother may not even have been downloading Inspire until after the FBI stopped investigating Tamerlan.

4) While XKeyscore certainly has the ability to do searches on “remote car controllers” it’s not clear that would pull off content collected in the US, so it would only show up if the server Tamerlan went to was overseas; they were probably local and Amazon. Who knows? Maybe now FBI has also started an Amazon dragnet on remote controllers. But again, you’d need something else to trigger interest in Tamerlan’s identifier doing the search.

5) I suspect that what Watkins was referring to came from a subpoena to Tamerlan’s ISP for all his web searches. So that they had the searches are themselves unsurprising.

Update: Here’s the shipping bill for some of the remote control supplies he bought, from a site called NitroRCX which appears to be in the metro Los Angeles area. I believe the other one was from Amazon.

Have the Banks Escaped Criminal Prosecution because They’re Spying Surrogates?

/11 Comments/in , , /by

I’m preparing to do a series of posts on CISA, the bill passed out of SSCI this week that, unlike most of the previous attempts to use cybersecurity to justify domestic spying, may well succeed (I’ve been using OTI’s redline version which shows how SSCI simply renamed things to be able to claim they’re addressing privacy concerns).

But — particularly given Richard Burr’s office’s assurances this bill is great because “business groups like the Financial Services Roundtable and the National Cable & Telecommunications Association have already expressed their support for the bill” — I wanted to raise a question I’ve been pondering.

To what extent have banks won themselves immunity by serving as intelligence partners for the federal government?

I ask for two reasons.

First, when asked why she, along with Main Justice’s Lanny Breuer, authorized the sweetheart deal for recidivist transnational crime organization HSBC, Attorney General nominee Loretta Lynch implied that there was insufficient admissible evidence to try any individuals associated with this recidivism.

I and the dedicated career prosecutors handling the investigation carefully considered whether there was sufficient admissible evidence to prosecute an individual and whether such a prosecution otherwise would have been consistent with the principles of federal prosecution contained in the United States Attorney’s Manual.

That’s surprising given that Carl Levin managed to come up with 300-some pages of evidence. Obviously, there are several explanations for this response: she’s lying, the evidence is inadmissible because HSBC provided it willingly thereby making it unusable for prosecution, or the evidence was collected in ways that makes it inadmissible.

It’s the last one I’ve been thinking about: is it remotely conceivable that all the abundant evidence against banksters their regulators have used to obtain serial handslaps is for some reason inadmissible in a criminal proceeding?

I started thinking about that as a real possibility when PCLOB revealed that Treasury’s Office of Intelligence and Analysis has never once — not in the 30-plus years since Ronnie Reagan told them they had to — come up with minimization procedures to protect US person privacy with data collected under EO 12333. Maybe that didn’t matter so much in 1981, but since 2004, Treasury has had an ever-increasing role in using intelligence (collected from where?) to impose judgments against people with almost no due process. And those judgements are, in turn, used to impose other judgments on Americans with almost no due process.

The thing is, you’d think banks might care that Treasury wasn’t complying with Executive Branch requirements on privacy protection. Not only because they care (ha!) about their customers, whether American or not, but because many of them are, themselves, US persons. US bank US person status should limit how much Treasury diddles with bank-related intelligence, but Treasury doesn’t appear bound by that.

Which leads me to suspect, at least, that there’s something in it for the banks, something that more than makes up for the serial handslaps for sanctions violations.

And one possibility is that because of the way this data is collected and shared, it can’t be used in a trial. Voila! Bank immunity.

All that’s just a wildarsed guess.

But one made all the more pressing given that Treasury is among the Appropriate Federal Entities that will be default intelligence recipients for cyber information under CISA.

(3) APPROPRIATE FEDERAL ENTITIES.—

The term ‘‘appropriate Federal entities’’ means the following:

(A) The Department of Commerce.

(B) The Department of Defense.

(C) The Department of Energy.

(D) The Department of Homeland Security.

(E) The Department of Justice.

(F) The Department of the Treasury.

(G) The Office of the Director of National Intelligence.

To some degree, this is not in the least bit surprising. After all, financial regulators have increasingly made cybersecurity a key regulatory concern of late, so it makes sense for Treasury to be in the loop.

But banksters rarely — never! — add regulatory exposure for themselves without a fight and, as Burr’s office has made clear, the banks love this bill.

One more datapoint, back to HSBC. As I noted when Lanny Breuer and Loretta Lynch announced that handslap, Breuer neglected to mention that HSBC was getting a handslap not just for helping cartels profit off drugs, but also helping terrorists fund their activities (at the time Pete Seda was being held without bail on charges the government insisted amounted to material support for terrorists for handing a check to Chechens using cash that had come indirectly from HSBC). The actual settlement, however, made mention of it by explaining that HSBC had “assisted the Government in investigations of certain individuals suspected of money laundering and terrorist financing.” By dint of that cooperation, in other words, HSBC went from being a material supporter of terrorism to being a deputy financial cop. And Breuer expanded that notion of banks serving as deputized financial cops thereafter.

Are the methods and terms by which we’re collecting all this financial intelligence to use against some bad guys precisely what prevents us from holding the even bigger bad guys — the ones affecting far more of us directly, in the form of the houses we own, the towns we live in, the opportunity costs paid to financial crime — accountable?

And will this system now be replicated under CISA (or has it, already) as banks turn into cyber crime deputized cops?

Edward Snowden Got One Fifth of Americans to Adopt Better Passwords

/4 Comments/in /by

Thanks to Edward Snowden, almost 22% of Americans have adopted more complex passwords, one of the most basic things they could do to keep themselves safer online.

That’s according to a Pew Research study released this week tracking how Americans have responded to the disclosures about government spying. It found that 87% of Americans are aware of the surveillance programs. And of those 87%, 25% are using more complex passwords. That likely means they’ve ditched passwords like “password” and replaced them with things that are harder for the average criminal hacker to guess.

That’s actually a very significant change, all brought about by one guy’s effort to illuminate what our government is doing. It won’t protect most people against the NSA, but will make people safer from identity theft.

Meanwhile, Congress is diddling away passing a bill, CISA, that probably would not have prevented any known hack. I’d say Snowden is doing a better job at protecting the country.

Dick Cheney on the Dangers of Internet Spying

/6 Comments/in /by

There are several notable things about this interview [Playboy link: mostly SFW] with Dick Cheney (in addition to the detail that Cheney has his “slender, mustachioed housekeeper named Gus” provide a never-ending stream of lattes, prepared at the house, but served in paper Starbucks cups). One of the most striking, however, is how he responds to interviewer James Rosen’s suggestion that the Internet is democratizing.

Do you regard the internet as an intrinsically democratizing force?
[Chuckles, pauses] Oh boy, you know, we’re blue-skyin’ it now. I think it clearly has had a significant impact. “A democratizing force.” Um. [pauses]

In the sense that whenever you have a freer flow of information, that’s going to redound to the forces of good.
Yeah, but on the other hand, I suppose you could argue that it provides ways in which the government, an authoritarian government, can exert control over and monitor and keep track of what everybody is up to and what they are doing. It’s not a one-way street. It’s not necessarily—I need to think about that before I comment further.

The man who implemented an illegal dragnet admits that governments (only authoritarian ones, he suggests? or does the use of such methods make a government authoritarian?) might exert control via the Internet.

If it weren’t for Cheney’s long history implementing just that type of monitoring (certainly on the rest of the world, and to an extent on Americans), I might think he’d been hanging around with Edward Snowden!