“Folksy and Firm” Flummoxes Fancy NYT Journalists

/18 Comments/in /by

Less than 10 days ago, Keith Alexander admitted to Patrick Leahy that the single solitary case in which the phone dragnet proved critical was that of Basaaly Moalin. But that was not an attack. Rather, it was an effort to send money to al-Shabaab (and others) because they were protecting Somalia against a US backed Ethiopian invasion.

And yet two crack “journalists” used this as the lead of their “interview” with Alexander with not a hint of pushback.

The director of the National Security Agency, Gen. Keith B. Alexander, said in an interview that to prevent terrorist attacks he saw no effective alternative to the N.S.A.’s bulk collection of telephone and other electronic metadata from Americans.

The phone dragnet has never — never! — been more than one tool in preventing any attack, and yet Alexander gets to imply, unchallenged, it is critical going forward.

Instead of actual reporting, we get platitudes like this.

General Alexander was by turns folksy and firm in the interview. But he was unapologetic about the agency’s strict culture of secrecy and unabashed in describing its importance to defending the nation.

That culture is embodied by two installations that greet visitors to Fort Meade. One is a wall to honor N.S.A. personnel killed on overseas missions. The other is a tribute to the Enigma program, the code-breaking success that helped speed the end of World War II and led to the creation of the N.S.A. The intelligence community kept Enigma secret for three decades.

The only thing remotely resembling a challenge came when these “reporters” note Alexander’s claim to have willingly shut down the Internet metadata program (which the NSA has largely kept secret, in spite of having been disclosed) ignores NSA claims it (like the phone dragnet now, purportedly) was critical.

But he said the agency had not told its story well. As an example, he said, the agency itself killed a program in 2011 that collected the metadata of about 1 percent of all of the e-mails sent in the United States. “We terminated it,” he said. “It was not operationally relevant to what we needed.”

However, until it was killed, the N.S.A. had repeatedly defended that program as vital in reports to Congress.

The rest consists of more of the same kind of rebuttal by redefinition. The claim that NSA shares data with Israel is wrong, this “journalism” says, because “the probability of American content in the shared data was extremely small” (which of course says nothing about the way it would violate minimization procedures in any case). The claim that NSA launched 200 offensive cyberattacks in 2011 is wrong because many of those were actually other “electronic missions.” Besides, Alexander claims,

“I see no reason to use offensive tools unless you’re defending the country or in a state of war, or you want to achieve some really important thing for the good of the nation and others,” he said. [my link, for shits and giggles]

We are not now nor were we in 2006 when StuxNet started “in a state of war” with Iran, so how credible are any of these claims?

Mostly though, this appears to be an attempt, four months after highlighting the importance of PRISM against cyberattacks but then going utterly silent about that function, to reassert the importance of NSA’s hacking to prevent hacking.

Even there, though, Alexander presented dubious claims that got no challenge.

General Alexander said that confronting what he called the two biggest threats facing the United States — terrorism and cyberattacks — would require the application of expanded computer monitoring. In both cases, he said, he was open to much of that work being done by private industry, which he said could be more efficient than government.

In fact, he said, a direct government role in filtering Internet traffic into the United States, in an effort to stop destructive attacks on Wall Street, American banks and the theft of intellectual property, would be inefficient and ineffective.

“I think it leads people to the wrong conclusion, that we’re reading their e-mails and trying to listen to their phone calls,” he said.

The NSA already is filtering Internet traffic into the United States (and also searching on and reading incidentally collected Internet traffic without a warrant) under Section 702 certificates supporting counterterrorism, counterproliferation and … cyberattacks.

But nosiree, Alexander can’t envision doing what he’s already doing — and had been doing in a way that violated statute and the Fourth Amendment for three years already by 2011 — in the name of protecting the banksters who’ve gutted our economy. Only all of that — including the retention of US person data in the name of protecting property (presumably including intellectual property) is baked right into the NSA’s minimization procedures.

And that bit about violating Section 702 and the Fourth Amendment for over three years with a practice that was also baked into NSA’s minimization procedures? Here’s the claim the NYT’s crack journalists allow Alexander to end this charade with.

“We followed the law, we follow our policies, we self-report, we identify problems, we fix them,” he said. “And I think we do a great job, and we do, I think, more to protect people’s civil liberties and privacy than they’ll ever know.”

Findings versus Law: “The Intelligence Community Does Not Task Itself”

/9 Comments/in , /by

Predictably, Ben Wittes adopted the Shane Harris piece airing NSA gripes about the White House’s flaccid defense of them as part of Lawfare’s Empathy for Wiretappers series (brought to you in part by NSA contractor Northrop Grumman!).

In his commentary on the piece, Wittes compares Bush’s defense of torture (which Wittes calls coercive interrogation) and warrantless wiretapping (I assume he means the illegal warrantless wiretapping, as distinct from the warrantless wiretapping permitted under the existing legally sanctioned program) with Obama’s relative silence on NSA’s programs.

Another comparison would be to the way President Bush handled the firestorms over NSA’s warrantless wiretapping program and the CIA’s coercive interrogation program. Whatever one thinks of the programs in question, in my view the comparison does not flatter Obama.

Say what you will about Bush and the CIA’s interrogation program; there’s no question that he owned it. Nobody in the public ever thought that the program belonged to then-CIA Director George Tenet—though Tenet certainly was an enthusiastic executor. It was Bush’s program, and the reason it came off this way was that Bush publicly, repeatedly, and personally defended it. He made speeches about it. He wrote about it in his book. He never ran away from it. Nor, notably, did his attorney general. Similarly, Bush never ran away from warrantless wiretapping program. We associate him so personally with these programs, because he stoutly stood by them.

Obama has a lot on his plate right now. But he and his White House should not be leaving defense of intelligence programs he believes in to the intelligence community. Nor should Eric Holder, whose department convinced the FISA Court of the legal views currently at issue and oversees day-to-day FISA collection activity at NSA.

The intelligence community does not task itself. And when the political leadership tasks it to do something that then engulfs it in controversy, it should be a matter of honor not to let it dangle in the breeze.

As a threshold matter, who in their right mind would ask Eric Holder to defend a program? For better or worse, he has no more credibility right now than James Clapper or Keith Alexander, particularly among conservatives who believe he’s responsible for Fast and Furious. That may make him ineffective as an AG, but that is the AG Obama has chosen to retain.

Furthermore, which Attorney General does Ben have in mind that also defended these programs (or does he mean just torture?). Not only did John Ashcroft refuse to reauthorize parts of the illegal wiretap program, but Alberto Gonzales lied about it to get confirmed as Attorney General. Or does he mean Michael Mukasey, who by all appearances sold his soul at a meeting with David Addington, promising he wouldn’t oppose torture, in order to become Attorney General in the first place?

But I’m more interested, generally, in what I consider an inapt comparison.

One can argue that the President should aggressively defend whatever intelligence activities take place under his watch. But there is a big difference between the illegal wiretap and torture programs — which were authorized by a Presidential Directive and Finding, respectively — and the surveillance programs being exposed as a result of the Snowden  leaks — which were authorized by law.

In the former case, the intelligence agencies are all the more reliant on the President’s vocal defense, because without it they are entirely illegal. And for better and worse, the President should (but didn’t, at least not in the case of torture) pay close attention to the execution of those programs because he’s on the hook for them himself. That makes it much harder for the President to criticize any violations of the programs he authorized (like torture contractors James Mitchell and Bruce Jessen exceeding the terms of the program).

To the extent that the Intelligence Committees operate within the terms of the law, the same could be said of congressionally sanctioned programs.

That’s not what we’re talking about here. We’re talking about phone dragnet, Internet dragnet, and upstream collection, all of which violated the laws and/or Court ordered procedures authorizing them. When the government moved the phone dragnet under Section 215, it retained access for other agencies, performed contact chaining on unapproved selectors, and allowed access to the database from other NSA interfaces, old features of the illegal program that should have been turned off in 2006. We don’t know what the Internet dragnet violations were, but they’re likely also continuations of the illegal program. And NSA used FISA to intentionally target (according to John Bates) US person communications, in violation of the law and the Fourth Amendment, but also a practice that continued from the illegal program.

And the phone dragnet and (presuming they were discovered as part of the end-to-end review, though if they weren’t it’d be even more damning) Internet dragnet violations were admitted, after having persisted for 3 years, just as Obama entered the White House. The phone dragnet violations, at least, did not operate unchecked under the Obama Administration.

Further, as I noted yesterday, the woman now being criticized for her silence, Lisa Monaco, is one of the handful of people who had to ride herd on NSA as DOJ’s National Security Division brought NSA practices into compliance with the actual letter of the law.

I’d like to learn more about the tensions between Agencies as the Administration tried to bring the NSA programs into line with the letter of the law and FISC orders. Perhaps NSA worked proactively to reveal and fix everything (though the record seems to suggest the opposite). Perhaps it didn’t, and David Kris and Lisa Monaco had to push to force them to comply. But under Keith Alexander, the NSA failed to stay within the letter of the law (which ought to be reason enough to fire him). That makes the problems now being revealed substantively different from the torture and illegal wiretap programs, where the Executive only had to comply with what the President personally bought off on.

It may well be that Obama has approved all of what we’re seeing (he certainly approved an expanded StuxNet so should be held responsible for much of the hacking we’re doing; note that our offensive attacks actually are parallel to the covert programs raised by Wittes), though he couldn’t have approved the phone dragnet violations. It may well be that his Administration instead reined them in as soon as they discovered them, with whatever cooperation or resistance from NSA. We simply don’t know.

But an Agency violating the letter of the law and court orders affirmatively authorizing their actions is qualitatively different than an Agency violating the law based on direct orders from the President.

Shorter Rupp: We Inform Members at Briefings They Can’t Attend Because They’re Too Busy

/3 Comments/in /by

Since it became clear Mike Rogers had chosen not to pass on the Administration’s notice of phone dragnet problems, I’ve been wondering if he did the same with any notice about the FISA Amendments Act upstream problems.

In response to a query from Politico, Rogers and his counterpart Dutch Ruppersberger seem to suggest they did not pass on the notice.

Moreover, the House leaders who held the keys to the report did not loudly broadcast its existence to the rest of the chamber. The chairman of the Intelligence Committee, Rogers, and the panel’s ranking Democrat, Dutch Ruppersberger of Maryland, declined to say whether they even had sent a letter in 2012 informing members there had been a critical document to view. Hill sources say they don’t recall anything of the sort.

More telling still, though, is Rupp’s justification for providing briefings instead of the actual white paper.

Party leaders did hold unclassified and classified briefings on FISA, but they occurred just days before the House’s September 2012 vote to reauthorize the law. The Republican briefing, for example, occurred only two days before the House approved the FISA Amendments Act, according to an invite obtained by POLITICO. Yet nowhere in the message, sent Sept. 7, 2012, is any mention of the White House white paper on FISA oversight — the document that detailed how the agency had erred in collecting U.S. communications.

Committee leaders, though, stress they acted appropriately. “Members were notified of the contents of the white paper through the briefing,” Ruppersberger told POLITICO. “We felt that a briefing was an appropriate way to notify members of this important issue so that they would have the opportunity to get all of their questions answered immediately.”

The congressman continued: “Some members chose to take advantage of a briefing and some did not. We thought offering a briefing shortly before the vote was held would work best with members’ busy schedules and keep the issue fresh in their minds as they cast their vote.” [my emphasis]

In his explanation, Rupp explains that members have busy schedules.

And his accommodation for those busy schedules was to require members who want to be informed on issues they didn’t receive notice of adjust their busy schedule to show up at one of two briefings, rather than go to a SCIF to read a document during whatever time is most convenient for them. Indeed, I’ve heard from members that that’s part of the problem with briefings — they require people to drop all their other important issues and cater to Rogers’ and Rupp’s schedules, instead. All to learn about issues not identified in the meeting notice.

I’d add two points to the Politico piece. First, while it notes that the notice pitched the 2011 compliance problems as an example of functional oversight, there’s another problem with it. It doesn’t appear to reveal that some agency (probably FBI) already did, and the NSA newly started searching on incidentally collected US person data. Thus, it left out one of the most crucial aspects of the 2011 opinion, that it permitted the access to US person communications without a warrant.

And then a persnickety issue. Politico makes this claim.

The Washington Post first revealed that lapse in PATRIOT Act oversight in August, which at the time Rogers acknowledged “very few members” had taken advantage of any related briefing opportunities.

As the reporter admitted he knew, the WaPo did not, in fact, “first” reveal the earlier failure to pass on the notice. The WaPo reporting followed my own and the Guardian’s, as well as several other sites. The whole issue of “first” is stupid, but why use it, particularly if you know it is factually inaccurate?

“Together, we all prevail”

/17 Comments/in /by

For a 1,500-word Shane Harris piece that could be part of Lawfare’s Empathy for Wiretappers series (brought to you by NSA contractor Northrop Grumman!), Stewart Baker blames the White House failure to mount a vocal defense of NSA on John Brennan’s departure.

“I think actually this is the first signal that John Brennan is gone,” said Baker, the former NSA general counsel. “I think that if Brennan had still been there he would have immediately appreciated the importance, and communicated that to the president, of defending the program.”

John Brennan, of course, played a key role in rationalizing Dick Cheney’s illegal wiretap program, and therefore not only has a stake in protecting NSA, but also in insisting that the current program — which is just a rehashed version of the illegal program — is critical for detecting terrorists.

By comparison, Lisa Monaco, whom Baker implicitly criticizes (and the article explicitly notes) for her silence in the face of NSA’s problems, headed DOJ’s National Security Division from 2010 2011 until this year, and so likely had to deal with the aftermath of the phone dragnet problems, the full brunt of the Internet dragnet problems (which purportedly got shut down under her tenure), and the upstream collection problems — all three “features” of the illegal program that never got shut down when it moved under FISA Court supervision, and got called “bugs” when DOJ (Monaco!) had to reveal them.

And while the piece provides interesting new details about White House’s chilly relationship with a man they’ve nevertheless given vastly increasing amounts of power to,

The weak backing from top administration officials has aggravated the relationship between Alexander and the White House, where he has never been warmly embraced.

[snip]

Alexander has never been especially close to Obama or White House officials. Some thought he had tried to amass too much surveillance authority without appreciating the legal constraints on his agency, according to a former administration official. “I don’t understand why the White House didn’t throw Alexander under the bus,” the official added.

It actually doesn’t consider whether the Administration might be pursuing a conscious strategy of weakening Alexander’s considerable power (I have no reason to believe they are, but I can imagine why they might want to weaken someone who has only expanded his power since 2005 and got caught in serial fuck-ups as well).

It also doesn’t consider the possibility that one reason NSA employees are dispirited is because they’re learning about programs that violate the self-image they’ve got of their Agency.

Former intelligence officials who remain in regular contact with those still in government say that morale at the NSA is low, both because of the reaction to leaks by former contractor Edward Snowden, which put the normally secretive agency under intense scrutiny, and because of budget cutbacks and the continuing government shutdown, which has left some employees furloughed without pay.

Ah well. The NSA spokesperson is issuing slogans, so all is well in the national security world.

An NSA spokesperson downplayed any rift between the agency and the administration. “National security is a team sport. For us, collaboration is built into the very fabric of who we are,” said Vanee Vines. “There is no truth to rumors of dissension between NSA and the administration regarding the Agency’s mission to help defend the nation and save lives. Together, we all prevail.”

Together, we all prevail.

Jack Goldsmith’s Code

/9 Comments/in /by

On May 6, 2004, Jack Goldsmith signed an OLC memo that read, in part,

We conclude that in the circumstances of the current armed conflict with al Qaeda, the restrictions set out in FISA, as applied to targeted efforts to intercept the communications of the enemy in order to prevent further armed attacks on the United States, would be an unconstitutional infringement on the constitutionally assigned powers of the President. The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States. Congress does not have the power to restrict the President’s exercise of that authority.

[snip]

Finally, as part of the balancing of interests to evaluate the Fourth Amendment reasonableness, we think it is significant that [redacted] is limited solely to those international communications for which “there are reasonable grounds to believe … [that] a party to such communication is a group engaged in international terrorism, or activities in preparation therefor, or any agent of such a group.” March 11, 2004 Authorization [redacted] The interception is thus targeted precisely at communications for which there is already a reasonable basis to think there is a terrorism connection. This is relevant because the Supreme Court has indicated that in evaluating reasonableness, one should consider the “efficacy of [the] means for addressing the problem.”

[snip]

Thus, a program of surveillance that operated by listening to the content of every telephone call in the United States in order to find those calls that might relate to terrorism would require us to consider a rather difference [sic] balance here. [redacted] however, is precisely targeted to intercept solely those international communications for which there are reasonable grounds already to believe there is a terrorism connection, a limitation which further strongly supports the reasonableness of the searches.

We now know that opinion not only authorized the wiretapping of calls involving US persons, but also at least assumed the collection and contact chaining of the call records of all Americans (there’s an almost entirely redacted section of the memo that describes the March 19 halt to the collection of Internet metadata and the April 2 modification we don’t yet know about).

It’s worth keeping in mind that Goldsmith laid out the case that such a program was “reasonable” under the Fourth Amendment as you read his current writing on the NSA. For example, when — several weeks ago — he scolded the White House for not more aggressively defending the program that has actually expanded since he authorized it 9 years ago…

The government cannot rely on outsiders to explain these documents.  It must do so itself, aggressively and comprehensively, even at the expense of revealing more classified information or having to acknowledge embarrassing information.  If it doesn’t do so, the information already leaked, and the information that will be leaked in the weeks and months ahead, will continue to be portrayed in a very unfavorable light.

He was in part calling for the White House to protect programs he — back in 2004 — deemed critical to protect against terrorism.

Even more interesting is Goldsmith’s prediction (funded by Northrop Grumman, which is a significant NSA contractor) that we’ll all learn to welcome NSA scanning all the metadata and content of US communications — searches far more intrusive, and not committed under the guise of war — in search of hackers in the future.

“I can’t defend the country until I’m into all the networks,” General Alexander reportedly told senior government officials a few months ago.

For Alexander, being in the network means having government computers scan the content and metadata of Internet communications in the United States and store some of these communications for extended periods. Read more

Surveillance Logic: Snowden Is Bad because AQAP Conference Call Leak Was

/in , , /by

McClatchy did an interview with former national security official Ken Wainstein. He focuses on leaks, explaining how sometimes the “good leaks” don’t get prosecuted and admitting that overclassification is a problem.

But in response to McClatchy’s suggestion that Edward Snowden’s leaks are good, Wainstein responds in a bizarre fashion — by bringing up an entirely different leak.

Q: Do you weigh the public’s interest in the information that was leaked and whether it served the public good? For example, would you weigh whether Snowden’s actions triggered a broader debate about classified programs that the public should have known more about?

A: I think prosecutors would look at the intent of the leaker and what that person was intending to do.

But you wouldn’t have consensus that (the Snowden leak) was the best way to bring about this debate and that there hasn’t been damage. Just last week, for example, there was talk about how al Qaeda has shut down some of its communications because of aleak. I wouldn’t say it’s a given that it’s in the public interest that these disclosures are out there.

Wainstein’s talking, of course, of the NYT report that the public reports about the AQAP conference call story caused the terrorists to start using other communication methods.

But there are several problems with his claim. First, as I’ve pointed out, there’s a significant likelihood the leak in question came from AQAP sympathizers in the Yemeni government; in any case the leak was sourced to a broadly known fact in Yemen, not the US.

More importantly, the entire point of the story was that that AQAP leak had done more damage than all of Edward Snowden’s leaks. In fact, when criticized for the story, NYT’s editor pointed to that comparative fact as the entire point of the story.

He also said that many of the critics of the story “are missing part of the news here – that Snowden has not given away the store” in terms of harming national security or counterterrorism efforts.

The article, Mr. Hamilton said, “told an important and surprising story given the focus on Edward Snowden and the N.S.A. leaks. It had the kind of detail about terrorist operations that only reporters with long experience in national security coverage – and sources they can trust – can uncover.”

In other words, in response to a suggestion that Snowden’s leak did more harm than good, Wainstein points to a story that, even if the emphasis was wrong, pointed out that Snowden hadn’t done much damage.

Maybe Wainstein brought it up to suggest that McClatchy had better watch out; the AQAP story was also a McClatchy story. He’d be better off thanking McClatchy for making it clear someone in Yemen doesn’t keep our secrets very well.

But I guess that would ruin his entire scold about Edward Snowden.

The Business as Usual Brigade

/7 Comments/in /by

I missed the CATO surveillance event today (they’ll have video up soon, Julian Sanchez promises), but here’s the speech Ron Wyden gave.

I’m amused by this line:

We wanted to put this marker down early because we know in the months ahead we will be up against a “business-as-usual brigade” – made up of influential members of the government’s intelligence leadership, their allies in thinktanks and academia, retired government officials, and sympathetic legislators.

Wyden, a politician, can’t name these people.

But I would suggest they are all immediately identifiable as an archetype:

Influential members of the government’s intelligence leadership: Keith Alexander and James Clapper

Their allies in thinktanks and academia: Ben Wittes

Retired government officials: Michael Hayden

Sympathetic legislators: Dianne Feinstein

Indeed, further in his speech, he repeats claims these people have made, without identifying the speaker.

Some of the “business as usual” arguments have something of an Alice in Wonderland flavor.

We have heard that surveillance of Americans’ phone records, aka metadata, is not actually surveillance at all – it’s simply the collection of bits of information. [DiFi]

We’ve been told that falsehoods aren’t falsehoods – they are simply imprecise statements. [Clapper]

We’ve been told that rules that have been repeatedly broken are a valuable check on government overreach. [Wittes]

And we’ve been told that codifying secret surveillance laws and making them public surveillance laws is the same as actually reforming these overreaching surveillance programs. [Hayden]

And Wyden is absolutely correct. DiFi has submitted changes to Section 215 and 702 that … don’t change a single solitary thing, except that they (1) write down what the FISA Court has already mandated and (2) expand surveillance by authorizing the wiretapping of roamers for a period in the US.

So maybe Wyden isn’t correct? Maybe this is not the “Business as Usual Brigade,” but the “Use a crisis to authorizing phone wiretapping in the US brigade”?

Whatever it is, these are recognizable people. And the press should be focusing on the many ways in which their legislation actually increases surveillance.

How Can NSA Protect Our Power Grid from Cyberattack When It Can’t Keep Its Own Power On?

/34 Comments/in , /by

In the United States, it is usually a safe bet to attribute massive government fuck-ups to the bloated contractors we’ve outsourced our projects to.

And the electrical problems plaguing NSA’s new UT data center — described as lightening in a box that has caused $100,000 of damage each of the 10 times it has happened — do seem to stem from poorly supervised contractors.

The Army Corps of Engineers is overseeing the data center’s construction. Chief of Construction Operations, Norbert Suter said, “the cause of the electrical issues was identified by the team, and is currently being corrected by the contractor.” He said the Corps would ensure the center is “completely reliable” before handing it over to the NSA.

But another government assessment concluded the contractor’s proposed solutions fall short and the causes of eight of the failures haven’t been conclusively determined. “We did not find any indication that the proposed equipment modification measures will be effective in preventing future incidents,” said a report last week by special investigators from the Army Corps of Engineers known as a Tiger Team.

[snip]

It took six months for investigators to determine the causes of two of the failures. In the months that followed, the contractors employed more than 30 independent experts that conducted 160 tests over 50,000 man-hours, according to project documents.

[snip]

Contractors have started installing devices that insulate the power system from a failure and would reduce damage to the electrical machinery. But the fix wouldn’t prevent the failures, according to project documents and current and former officials.

Now, don’t pee your pants laughing.

But I did have two thoughts as I read this.

First, this extended confusion sounds similar to that which Iranian nuclear scientists experienced as they tried to figure out why their centrifuges kept blowing up, thanks to StuxNet. While I think the chances some kind of hack caused this are small (but not zero), I do find it ironic that we cause ourselves the same kind of havoc we cause our worst enemies.

And consider the mission!

Back in February, Keith Alexander warned of the possibility of cyberattacks on our grid (which, anonymous sources made clear, could probably only be launched by China or Russia, but that didn’t stop Alexander from suggesting Anonymous might launch such attacks). The NSA needs more authority to protect against attacks that might bring down our power sources, the head of the NSA suggested.

But the entity that proposes to wield that authority, it seems, can’t even build a brand spanking new electrical system immune from some kind of failure.

6 Years Later, Are the Internet Companies Trying to Expose Telecoms Stealing Their Data, Again?

/13 Comments/in /by

Update: And now this, too, has been halted because of the shutdown (h/t Mike Scarcella). This motion suggests the government asked the Internet companies for a stay on Friday. This one suggests the Internet companies asked the government for access to the classified information in the government filing, but the government told them they can’t consider that during the shut-down. 

As Time lays out, unlike several of the other NSA-related transparency lawsuits, the fight between the government and some Internet companies (Google, Yahoo, Facebook, Microsoft, and LinkedIn, with Dropbox as amicus) continues even under government shut-down. The government’s brief and declaration opposing the Internet bid for more transparency is now available on the FISA Court docket.

Those documents — along with an evolving understanding of how EO 12333 collection works with FISA collection — raise new questions about the reasons behind the government’s opposition.

When the Internet companies originally demanded the government permit them to provide somewhat detailed numbers on how much information they provide the government, I thought some companies — Google and Yahoo, I imagined — aimed to show they were much less helpful to the government than others, like Microsoft. But, Microsoft joined in, and it has become instead a showdown with Internet companies together challenging the government.

Meanwhile, the phone companies are asking for no such transparency, though one Verizon Exec explicitly accused the Internet companies of grandstanding.

In a media briefing in Tokyo, Stratton, the former chief operating officer of Verizon Wireless, said the company is “compelled” to abide by the law in each country that it operates in, and accused companies such as Microsoft, Google, and Yahoo of playing up to their customers’ indignation at the information contained in the continuing Snowden leak saga.

Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”

“This is a more important issue than that which is generated in a press release. This is a matter of national security.”

Stratton said the larger issue that failed to be addressed in the actions of the companies is of keeping security and liberty in balance.

“There is another question that needs to be kept in the balance, which is a question of civil liberty and the rights of the individual citizen in the context of that broader set of protections that the government seeks to create in its society.”

With that in mind, consider these fascinating details from the government filings.

  • The FBI — not the NSA — is named as the classification authority and submits the declaration (from Acting Executive Assistant Director Andrew McCabe) defending the government’s secrecy claims
  • The government seems concerned about breaking out metadata numbers from content (or non-content from non-content and content, as Microsoft describes it), even while suggesting this is about providing our “adversaries” hints about how to avoid surveillance
  • The government suggests some of what the Internet companies might disclose doesn’t fall under FISC’s jurisdiction

All of these details lead me to suspect (and this is a wildarsed guess) that what the government is really trying to hide here is how they use upstream metadata collection under 12333 to develop relatively pinpointed requests for content from Internet companies. If the Internet companies disclosed that, it would not only make their response seem much more circumscribed than what we’ve learned about PRISM, but more importantly, it would reveal how the upstream, unsupervised collection of metadata off telecom switches serves to target this collection.

The FBI as declarant

Begin with the fact that the FBI — and not NSA or ODNI — is the declarant here. I can think of two possible reasons for this.

One, that much of the collection from Internet companies is done via NSL or another statute for which the FBI, not the NSA, would submit the request. There are a number of references to NSLs in the filings that might support this reading. [Correction: FBI is not required to submit NSLs in all cases, but they are in 18 USC 2709, which applies here.]

It’s also possible, though, that the Internet companies only turn over information if it involves US persons, and that the government gets all other content under EO 12333. As with NSLs, the FBI submits applications specifically for US person data, not the NSA. But if that’s the case, then this might point to massive parallel construction, hiding that much of the US person data they collect comes without FISC supervision.

And remember — the FBI seems to have had the authority to search incidentally collected (presumably, via whatever means) US person data before the NSA asked for such authority in 2011.

There may be other possibilities, but whatever it is, it seems that the FBI would only be the classification authority appropriate to respond here if they are the primary interlocutor with the Internet companies — at least within the context of collection achieved under the FISA Court’s authority.

Breaking out metadata from content numbers and revealing “timing”

While the government makes an argument that revealing provider specific information would help “adversaries” to avoid surveillance, two other issues seem to be of more acute concern.

First, it suggests Google and Microsoft’s request to break out requests by FISA provision — and especially Microsoft’s request to “disclose separate categories for ‘non-content’ requests and ‘content and non-content requests” — brought negotiations to a head (see 2-3). This suggests we would see a pretty surprising imbalance there — perhaps (if my theory that the FBI goes to Internet companies only for US person data is correct) primarily specific orders (though that would seem to contradict the PRISM slide that suggested it operated under Section 702). It also suggests that the Internet companies may be providing either primarily content or primarily metadata, not both (as we might expect under PRISM).

The government is also concerned about revealing “the timing of when the Government acquires certain surveillance capabilities.” (see brief 19; the brief references McCabe’s discussion of timing, but the discussion is entirely redacted). That’s interesting because these are to a large extent (though not exclusively) storage companies. It may suggest the government is only asking for data stored in the Internet companies’ servers, not data that is in transit.

The FISC may not have jurisdiction over all this

Then there are hints that the FISC may not have jurisdiction over all the collection involving the Internet companies. That shows up in several ways.

First, in one spot (page 17) the government refers to the subject of its brief as “FISA proceedings and foreign intelligence collection.” In other documents, we’ve seen the government distinguish FISC-governed collection from collection conducted under other authorities — at least EO 12333. Naming both may suggest that part of the jurisdictional issue is that the collection takes place under EO 12333.

There’s another interesting reference to the FISC’s jurisdiction, where the government says it wants to reveal information on the programs “overseen by this Court.”

Although the Government has attempted to release as much information as possible about the intelligence collection activities overseen by this Court, the public debate about surveillance does not give the companies the First Amendment right to disclose information that the Government has determined must remain classified.

I’m increasingly convinced that the government is trying to do a limited hangout with the Edward Snowden leaks, revealing only the stuff authorized by FISC, while refusing to talk about the collection authorized under other statutes (this likely also serves to hide the role of GCHQ). If this passage suggests — as I think it might — that the Government is only attempting to release that information overseen by the FISC, then it suggests that part of what the Internet companies would reveal does not fall under FISC.

Then there are the two additional threats the government uses — in addition to gags tied to FISA orders — to ensure the Internet personnel not reveal this information: nondisclosure agreements and the Espionage Act.

I’m not certain whether the government is arguing whether these two issues — even if formulated in conjunction with FISA Orders — are simply outside the mandate of the FISC, or if it is saying that it uses these threats to gag people engaged in intelligence collection not covered by FISA order gags.

The review and construction of nondisclosure agreements and other prohibitions on disclosure unrelated to FISA or the Courts rules and orders fall far outside the powers that “necessarily result to [this Court] from the nature of [the] institution,” and therefore fall outside the Court’s inherent jurisdiction.

Whichever it is (it could be both), the government seems intent on staving off FISC-mandated transparency by insisting that such transparency on these issues is outside the jurisdiction of the Court.

There there’s this odd detail. Note that McCabe’s declaration is not sworn under oath, but is sworn under penalty of perjury under 18 USC 1746 (see the redaction at the very beginning of the declaration) . Is that another way of saying the FISA Court doesn’t have jurisdiction over this matter? [Update: One possibility is that this is shut-down related–that DOJ’s notaries who validate sworn documents aren’t considered essential.]

The PRISM companies and the poisoned upstream fruit

One more thing to remember. Though we don’t know why, the government had to pay the PRISM companies — that is, the same ones suing for more transparency — lots of money to comply with a series of new orders after John Bates imposed new restrictions on the use of upstream data. I’ve suggested that might be because existing orders were based on poisoned fruit, the illegally collected US person data collected at telecom switches.

That, too, may explain why PRISM company disclosure of the orders they receive would reveal unwanted details about the methods the government uses: there seems to be some relation between this upstream collection and the requests the Internet companies that is particularly sensitive.

As I have repeatedly recalled, back in 2007, these very same Internet companies tried to prevent the telecoms from getting retroactive immunity for their actions under Bush’s illegal wiretap program. That may have been because the telecoms were turning over the Internet companies’ data to the government.

They appear to be doing so again. And this push for transparency seems to be an effort to expose that fact.

Update: Microsoft’s Amended Motion — the one asking to break out orders by statute — raises the initial reports on PRISM, reports on XKeyscore, and on the aftermath of the 2011 upstream problems (which I noted above). It doesn’t talk about any story specifically tying Microsoft to Section 215. However, it lists these statutes among those it’d like to break out.

1These authorities could include electronic surveillance orders, see 50 U.S.C. §§ 1801-1812; phyasical search orders, see 50 U.S.C. §§ 1821-1829; pen register and trap and trace orders, see 50 U.S.C. §§ 1841-1846; business records orders, see 50 U.S.C. §§ 1861-1862; and orders and directives targeting certain persons outside the United States, see 50 U.S.C. §§ 1881-1881g. [my emphasis]

If I’m not mistaken, the motion doesn’t reference this article, which described how the government accessed Skype and Outlook, which you’d think would be one of the ones MSFT would most want to refute, if it could. But I’ve also been insisting that they must get Skype info for the phone dragnet, otherwise they couldn’t very well claim to have the whole “phone” haystack.

But the mention of Section 215 suggests they may be included in that order.

Also, we keep seeing physical search orders included in a communication arena. I wonder if that’s a storage issue.

Update: One more note about the MSFT Amended Motion. It lists where the people involved got their TS security clearances. MSFT’s General Counsels is tied to DOD; the lawyers on the brief all are tied to FBI.

One final detail on MSFT. Though the government brief doesn’t say this, MSFT is also looking to release the number of accounts affected by various orders, not just the number of targets (which is what the government wants to release). That’s a huge difference.

I Con the Record Admits All This Spying Also Serves Counterintelligence

/10 Comments/in , , /by

Screen shot 2013-10-04 at 6.02.34 PMJames Clapper has a statement up at I Con the Record trying to dismiss any concerns that the US is using the same kind of technologies as China uses against its people to crack Tor.

As per usual, Clapper complains that the stories don’t paint the Intelligence Community in the light they’d like to be described.

In particular, he complains that — notwithstanding the Guardian’s publication of NSA’s graphic suggesting every Tor communication hides a bearded terrorist — the stories haven’t emphasized the “very naughty” targets of this spying.

However, the articles fail to make clear that the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.

But that complaint comes with a new admission, one that has been all but unmentioned since when, on June 10, Clapper’s most impressive PRISM success story pertained to cybersecurity. For the first time in quite a while, Clapper today acknowledged NSA uses this not only for counterterrorism and other foreign targets, but also counterintelligence.

The articles fail to mention that the Intelligence Community is only interested in communication related to valid foreign intelligence and counterintelligence purposes and that we operate within a strict legal framework that prohibits accessing information related to the innocent online activities of US citizens.

Within our lawful mission to collect foreign intelligence to protect the United States, we use every intelligence tool available to understand the intent of our foreign adversaries so that we can disrupt their plans and prevent them from bringing harm to innocent Americans. [my emphasis]

The admission is important not just because Clapper and Keith Alexander have consistently been trying to hide the cybersecurity application of this. But because it makes clear that NSA requires no foreign nexus to target Tor communications.

Which they couldn’t well require in any case, since the design of Tor ensures the government can’t know whether an encrypted message is a domestic or foreign communication.

Of course, once you include counterintelligence (and threats to property) as a valid excuse to keep encrypted communications indefinitely and even to compromise people’s computers (see slide 16), particularly in an environment where leaks of even unclassified information are treated as spying, then the distinction between “citizens” and “targets” crumbles.