DOJ’s IG Hints at Concerns about Back Door Search Issues

/4 Comments/in , /by

In addition to focusing on whether the classification of past IG Reports will limit what he can release about the Section 215 dragnet and Section 702 content collection, DOJ Inspector General Michael Horowitz laid out one more significant civil liberties concern related to national security investigations.

Additional concerns about civil rights and liberties are likely to arise in the future. For example, significant public attention has been paid to programs authorizing the acquisition of national security information, but relatively less has been paid to the storing, handling, and use of that information. Yet after information has been lawfully collected for one investigation, crucial questions arise about whether and how that information may be stored, shared, and used in support of subsequent investigations. Similar questions arise about the impact on civil rights and liberties of conducting electronic searches of national security information and about whether and how information obtained in a national security context can be used for criminal law enforcement. As the Department continues to acquire, store, and use national security information, these issues will arise more and more frequently, and the Department must ensure that civil rights and liberties are not transgressed.

I don’t guarantee this is a reference to back door searches.

But we know that FBI has been permitted to conduct searches on content collected under traditional FISA or FISA Amendments Act since at least 2008. We know that the Intelligence Community does not believe it needs even Reasonable Articulable Suspicion — of a national security concern or of a crime — to search this data. And in the past, DOJ has argued it can use FISA-collected information to find things like evidence of rape to use to coerce people to turn informant.

So I’m going to wildarseguess that at least part of what Horowitz alludes to here pertains to whether DOJ can search this incidentally collected information in support of criminal investigations. That would of course violate the spirit of every wiretap law in the country, but given the government’s past interpretations of what the elimination of the wall between NSA and FBI means and their claims they don’t need RAS to search these databases, it is a real possibility that’s what they doing (though they may be claiming that the crimes in question are “related” to the national security claims — things like money laundering and drug sales and so forth).

I’m also interested in Horowitz’ allusion to “national security information.” Does this go beyond content? Is he worried about the use of bulk-collected data in criminal investigations?

OK, now he’s got me worried.

But note what he doesn’t say: that he’s investigating this.

Will DOJ’s 1,265-Day Old Section 215 Review Be Squelched By Past Classifications?

/8 Comments/in , /by

DOJ’s Inspector General Michael Horowitz released his annual list of challenges today (which includes a focus on prison problems). In his section on national security and civil liberties he spends 4 paragraphs calling for more information sharing before he turns to civil liberties. In that section, he once again promises the report on the use of Section 215 his office has been working on for 1,265 days.

But he adds something new. He suggests this report may be limited by whether or not DOJ and ODNI declassify sections of the past reports.

The OIG’s ongoing reviews also include our third review of the Department’s requests for business records under Section 215 of the Foreign Intelligence Surveillance Act (FISA), as well as our first review of the Department’s use of pen register and trap-and-trace devices under FISA.  Although the full versions of our prior reports on NSLs and Section 215 all remain classified, we have released unclassified versions of these reports, and we have requested that the Department and the Office of the Director of National Intelligence (ODNI) conduct declassification reviews of the full classified versions.  The results of any declassification review may also affect how much information we will be able to publish regarding our pending reviews when they are complete.

As I have noted in the past, the 2008 report includes two appendices on then-secret uses of Section 215, one of which almost certainly pertains to the phone dragnet. In addition, it includes a sharply critical section on DOJ’s failure to institute new minimization procedures specific to Section 215 (which would dramatically affect its use for the phone dragnet).

Now Horowitz is saying that, unless DOJ and ODNI declassify these past reports, he won’t be able to present in unclassified form all the findings in his current report (which covers the period through 2009, and therefore the violations discovered in that year).

Horowitz suggests something similar is going on with DOJ IG’s work on content collection as well. Both a report he did last year on the FISA Amendments Act (which may suggest the FBI has not always abided by its targeting and minimization procedures) and Glenn Fine’s DOJ-specific review on the illegal wiretap program remain classified.

The OIG has also conducted oversight of other programs designed to acquire national security and foreign intelligence information, including the FBI’s use of Section 702 of the FISA Amendments Act (FAA), which authorizes the targeting of non-U.S. persons reasonably believed to be located outside the United States to acquire foreign intelligence information.  The OIG’s 2012 review culminated in a classified report released to the Department and to Congress that assessed, among other things, the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity and the FBI’s compliance with the targeting and minimization procedures required under the FAA.  Especially in light of the fact that Congress reauthorized the FAA for another 5 years last session, we believe the findings and recommendations in our report will be of continuing benefit to the Department as it seeks to ensure the responsible use of this foreign intelligence tool.  This report also was included in our request to the Department and ODNI for a declassification review, as was the full, classified version of our 2009 report on the President’s Surveillance Program, which described certain intelligence-gathering activities that took place prior to the enactment of the FAA. [my emphasis]

Elsewhere, Horowitz alludes to the Snowden leaks. Clearly, much of what appears in the 2009 and 2012 reports has been covered in leaks and releases to Congress. And yet, it seems, someone is stalling the declassification of DOJ IG’s work.

What has DOJ’s IG found that Eric Holder and James Clapper are trying to hide?

“We’re Not Going to Leave It To the Guy Who Lies to Congress with Impunity Anymore”

/25 Comments/in , /by

The regular outlets for NSA leakers are presenting details of the recommendations the NSA Review Committee has given to President Obama (Gorman, Sanger). Curiously, Siobhan Gorman suggests that because the recommendations closely following the Leahy-Sensenbrenner bill, it bodes well for passage of that bill.

The panel’s idea “aligns very closely” with a bill offered by House Judiciary Committee Chairman James Sensenbrenner (R., Wis.) and Senate Judiciary Chairman Patrick Leahy (D., Vt.), said one person familiar with the report, suggesting it could give ammunition to congressional efforts.

From what I’ve seen so far, I’m not sure that’s actually true. Moreover, that’s not how intelligence reform generally works. Rather, usually the executive adopts changes asked by Congress, thereby dissuading Congress from actually passing those changes into enforceable law. With Jim Sensenbrenner correctly calling Dianne Feinstein’s Fake FISA Fix “a joke” and growing number of co-sponsors for Sensenbrenner’s bill, I can imagine why the Executive would want to pre-empt actual law.

Significantly, the proposed recommendations don’t end the concept of a phone dragnet; they just move administration of it elsewhere — either a third party or the telecoms — equally prone for abuse. The Review Committee apparently didn’t review efficacy of these programs.

Besides, according to David Sanger, the proposals predictably focus  more on Angela Merkel’s privacy than the hundreds of millions of others whose privacy the NSA compromises.

The advisory group is also expected to recommend that senior White House officials, including the president, directly review the list of foreign leaders whose communications are routinely monitored by the N.S.A. President Obama recently apologized to Chancellor Angela Merkel of Germany for the N.S.A.’s monitoring of her calls over the past decade, promising that the actions had been halted and would not resume. But he refused to make the same promise to the leaders of Mexico and Brazil.

Administration officials say the White House has already taken over supervision of that program. “We’re not leaving it to Jim Clapper anymore,” said one official, referring to the director of national intelligence, who appears to have been the highest official to review the programs regularly.

[snip]

[National Security Council spokesperson Caitlin Hayden] added that the review was especially focused on “examining whether we have the appropriate posture when it comes to heads of state; how we coordinate with our closest allies and partners; and what further guiding principles or constraints might be appropriate for our efforts.”

It’s that James Clapper line that ought to be the tell, however: that folks within the Administration are boldly stating that James Clapper won’t be able to run amok anymore.

The same James Clapper, of course, on whom the White House imposed no consequences for lying to Congressional overseers.

Which brings me to my favorite detail, from the NYT:

One of the expected recommendations is that the White House conduct a regular review of those collection activities, the way covert action by the C.I.A. is reviewed annually.

Obama suggested last week he serves in no more than an advisory role for the Deep State, someone who can propose changes, but not someone who can order them. That an advisory committee has to tell the President that the NSA operates with less oversight than the CIA whose covert operations have systematically exceeded the claimed authority granted by the President says something.

I do fear this Review will pre-empt some of the most important legislative fixes.

But I also hope we’ll finally see heightened distance between the Deep State and the Executive that is overdue for reining it in.

Did DOJ Prosecute Basaaly Moalin Just to Have a Section 215 “Success”?

/3 Comments/in , /by

At yesterday’s Senate Judiciary Committee hearing on the dragnet, the government’s numbers supporting the value of the dragnet got even worse. At one point, Pat Leahy asserted that the phone dragnet had only been useful in one case (in the last hearing, there had been a debate over whether it had been critical in one or two cases).

Leahy (after 1:09:40): We’ve already established that Section 215 was uniquely valuable in just one terrorism case, not the 54 that have been talked about before.

In a follow up some minutes later, Keith Alexander laid out numbers that explain how the Administration had presented that 1 case as 12 in previous claims.

Alexander (at 1:21:30): As you correctly stated, there was one unique case under 215 where the metadata helped. There were 7 others where it contributed. And 4 where it didn’t find anything of value, and we were able to tell the FBI that.

That is, to publicly claim that the phone dragnet has been useful in 12 cases, the Administration included 7 cases where — as with the Najibullah Zazi case — it proved to be a tool that provided non-critical information available by other means, and 4 cases where it was useful only because it didn’t show any results.

To fluff their numbers, the Administration has been counting cases where the phone dragnet didn’t show results as showing results of no results.

With sketchy numbers like that, it’s high time for a closer examination of the details — and the timing — of the Basaaly Moalin prosecution, the only case (Alexander now agrees) where the phone dragnet has been critical.

As a reminder, Moalin was first identified via the dragnet — probably on a second hop away from Somali warlord Aden Ayro — in October 2007.  They used that and probably whatever tip they used to investigate him in 2003 to get a FISA warrant by December 20, 2007. Only 2 months later, February 26, 2008, was al-Shabaab listed as a foreign terrorist organization. Ayro was killed on May 1, 2008, though the government kept the tap on Moalin through December 2008, during which period they collected evidence of Moalin donating money (maybe 3 times as much as he gave to al-Shabaab-related people) to a range of people who had nothing to do with al-Shabaab. A CIPA stipulation presented at the trial revealed that during this period after the inculpatory conversations, Moalin’s tribe and Shabaab split and Moalin’s collections supported other entities in Somalia.

1. Money collected for the Ayr sub-clan was given to individuals including Abukar Suyare (Abukar Mohamed) and Fare Yare, who were associated with the Ilays charity.

2. Money collected by the men in Guracewl on behalf of the Ayr sub-clan was given to a group that was not as-Shabaab. [sic]

3. There was a dispute between al-Shabaab, the Ayr clan and Ilays over the administration pf [sic] of Galgaduud regions.

4. Members of the Ilays charity and the Ayr sub-clan, including Abukar Suryare, were opposed to the al-Shabaab and were Ayrow’s enemies.

On April 8, 2009, FBI would search the hawala used to send money based entirely on Moalin’s case. Yet on April 23, 2009, according to a document referenced but not provided to Moalin’s defense, the FBI concluded that Moalin not only no longer expressed support for al-Shabaab, but that he had only ever supported it because of tribal loyalties, not support for terrorism.

The San Diego FIG assesses that Moalin, who belongs to the Hawiye tribe/Habr Gedir clan/Ayr subclan, is the most significant al-Shabaab fundraiser in the San Diego Area of Operations (AOR). Although Moalin has previously expressed support for al-Shabaab, he is likely more attentive to Ayr subclan issues and is not ideologically driven to support al-Shabaab. The San Deigo FIG assesses that Moalin likely supported now deceased senior al-Shabaab leader Aden Hashi Ayrow due to Ayrow’s tribal affiliation with the Hawiye tribe/Habr Gedir clan/Ayr subclan rather than his position in al-Shabaab. Moalin has also worked diligently to support Ayr issues to promote his own status with Habr Gedir elders. The San Diego FIG assesses, based on reporting that Moalin has provided direction regarding financial accounts to be used when transferring funds overseas that he also serves as a controller for the US-based al-Shabaab fundraising network.

The intercepts on which the prosecution was based support this. They show that Moalin’s conversations with Ayro and others focused on fighting the (American-backed) Ethiopian invaders of his region, not anything outside of Somalia.

Read more

Sheldon Whitehouse: We Can’t Unilaterally Disarm, Even to Keep America Competitive

/5 Comments/in , , /by

I have to say, the Senate Judiciary Committee hearing on the dragnet was a bust.

Pat Leahy was fired up — and even blew off a Keith Alexander attempt to liken the Internet to a library with stories of the library card he got when he was 4. While generally favoring the dragnet, Chuck Grassley at least asked decent questions. But because of a conflict with a briefing on the Iran deal, Al Franken was the only other Senator to show up for the first panel. And the government witnesses — Keith Alexander, Robert Litt, and James Cole — focused on the phone dragnet disclosed over 6 months ago, rather than newer disclosures like back door searches and the Internet dragnet, which moved overseas. Litt even suggested — in response to a question from Leahy — that they might still be able to conduct the dragnet if they could bamboozle the FISA Court on relevance, again (see Spencer on that). As a result, no one discussed the systemic legal abuses of the Internet dragnet or NSA’s seeming attempt to evade oversight and data sharing limits by moving their dragnet overseas.

Things went downhill when Leahy left for the Iran briefing and Sheldon Whitehouse presided over the second panel, with the Computer & Communications Industry Association’s Edward Black, CATO’s Julian Sanchez, and Georgetown professor (and former DOJ official) Carrie Cordero. Sanchez hit some key points on the why Internet metadata is not actually like phone pen registers. Cordero acknowledged that metadata was very powerful but then asserted that the metadata of the phone-based relationships of every American was not.

And Black tried to make the case that the spying is killing America.

Or, more specifically, his industry’s little but significant corner of America, the Internet. While only some of this was in his opening statement, Black made the case that the Internet plays a critical role in America’s competitiveness.

While these are critical issues, it is important that the Committee also concern itself with the fact that the behavior of the NSA, combined with the global environment in which this summer’s revelations were released, may well pose an existential threat to the Internet as we know it today, and, consequently, to many vital U.S. interests, including the U.S. economy.

[snip]

The U.S. government has even taken notice. A recent comprehensive re- port from the U.S. International Trade Commission (ITC) noted, “digital trade continues to grow both in the U.S. economy and globally” and that a “further increase in digital trade is probable, with the U.S. in the lead.” In fact, the re- port also shows, U.S. digital exports have exceeded imports and that surplus has continually widened since 2007.

[snip]

As a result, the economic security risks posed by NSA surveillance, and the international political reaction to it, should not be subjugated to traditional national security arguments, as our global competitiveness is essential to long-term American security. It is no accident that the official National Security Strategy of the United States includes increasing exports as a major component of our national defense strategy.

Then he laid out all the ways that NSA’s spying has damaged that vital part of the American economy: by damaging trust, especially among non-American users not granted to the protections Americans purportedly get, and by raising suspicion of encryption.

Black then talked about the importance of the Internet to soft power. He spoke about this generally, but also focused on the way that NSA spying was threatening America’s dominant position in Internet governance, which (for better and worse, IMO) has made the Internet the medium of exchange it is.

The U.S. government position of supporting the multi-stakeholder model of Internet governance has been compromised. We have heard increased calls for the ITU or the United Nations in general to seize Internet governance functions from organizations that are perceived to be too closely associated with the U.S. government, such as the Internet Corporation for Assigned Names and Numbers (ICANN).

And he pointed to proposals to alter the architecture of the Internet to minimize the preferential access the US currently has.

Let’s be honest, Black is a lobbyist, and he’s pitching his industry best as he can. I get that. Yet even still, he’s not admitting that these governance and architecture issues really don’t provide neutrality — though US stewardship may be the least-worst option, it provides the US a big advantage.

What Black hinted at (but couldn’t say without freaking out foreign users even more) is that our stewardship of the Internet is not just one of the few bright spots in our economy, but also a keystone to our power internationally. And it gives us huge spying advantages (not everyone trying to erode our control of the Internet’s international governance is being cynical — Edward Snowden has made it clear we have abused our position).

Which is why Whitehouse’s response was so disingenuous. He badgered Black, interrupting him consistently. He asked him to compare our spying with that of totalitarian governments, which Black responded was an unfair comparison. And Whitehouse didn’t let Black point out that American advantages actually do mean we spy more than others, because we can.

Basically, Whitehouse suggested that, in the era of Big Data,  if we didn’t do as much spying as we could — and to hell with what it did to our preferential position on the Internet — it would amount to unilaterally disarming in the face of Chinese and Russian challenges.

If we were to pass law that prevented us from operating in Big Data, would be unilaterally disarming.

Whitehouse followed this hubris up with several questions that Sanchez might have gladly answered but Black might have had less leeway to answer, such as whether a court had ever found these programs to be unconstitutional. (The answer is yes, John Bates found upstream collection to be unconstitutional, he found the Internet dragnet as conducted for 5 years to be illegal wiretapping, and in the Yahoo litigation in 2007, Yahoo never learned what the minimization procedures were, and therefore never had the opportunity to make the case.) Black suggested, correctly, I think, that Whitehouse’s position meant we were just in an arms race to be the Biggest Brother.

I get it. Whitehouse is one of those who believelike Keith Alexander (whose firing Whitehouse has bizarrely not demanded, given his stated concerns about the failure to protect our data during Alexander’s tenure) that the Chinese are plundering the US like a colony.

Not only does this stance seem to evince no awareness of how America used data theft to build itself as a country (and how America’s hardline IP stance will kill people, making America more enemies). But it ignores the role of the Internet in jobs and competition and trade in ideas and goods.

Sheldon Whitehouse, from a state suffering economically almost as much as Michigan, seems anxious to piss away what competitive advantages non-defense America has to conduct spying that hasn’t really produced results (and has made our networks less secure as a result — precisely the problem Whitehouse claims to be so concerned about). That’s an ugly kind of American hubris that doesn’t serve this country, even if you adopt the most jingoistic nationalism imaginable.

He should know better than this. But in today’s hearing, he seemed intent on silencing the Internet industry so he didn’t learn better.

Update: Fixed the Black quotation.

Update: Jack Goldsmith pushes back against the American double standards on spying and stealing here.

In Naming Its Man of the Year, Time Proves It Doesn’t Even READ the News

/15 Comments/in , /by

I’m probably fairly lonely among my crowd to be satisfied that Time picked Pope Francis over Edward Snowden to be Person of the Year. Not only do I prefer that the focus remain on the reporting on NSA than revert back to caricatures like Time creates of Snowden as a “Dark Prophet” reading Dostoevsky. The Pope’s criticism of — above all — inequality may have as much or more impact on people around the globe as Snowden’s criticism of the surveillance state.

Would that both the Catholic Church and the United States live up to the idealist claims they purport to espouse.

But reading the profile Time did of Snowden, I can’t help but suspect they picked the Pope out of either fear or ignorance about what Snowden actually revealed. Consider this paragraph, which introduces a section on the lies NSA has told.

The NSA, for its part, has always prided itself on being different from the intelligence services of authoritarian regimes, and it has long collected far less information on Americans than it could. The programs Snowden revealed in U.S. ­surveillance agencies, at least since the 1970s, are subject to a strict, regularly audited system of checks and balances and a complex set of rules that restrict the circumstances under which the data gathered on Americans can be reviewed. As a general rule, a court order is still expected to review the content of American phone calls and e-mail ­messages. Unclassified talking points sent home with NSA employees for Thanksgiving put it this way: “The NSA performs its mission the right way—­lawful, compliant and in a way that protects civil liberties and privacy.” Indeed, none of the Snowden disclosures published to date have revealed any ongoing programs that clearly violate current law, at least in a way that any court has so far identified. Parts of all three branches of government had been briefed and had given their approval.

It’s full of bullshit. There’s the claim that NSA collects far less on Americans than it could. Does that account for the fact that, in the Internet dragnet and upstream collection programs, it collected far more than it was authorized to? Those same programs prove that surveillance can go on for (in the case of the Internet dragnet) 5 years before anyone realizes it has been violating the law — not exactly the definition of a regularly audited system. And, with its claim that “all three branches of government have been briefed,” Time must have missed Dianne Feinstein’s admission that the stunning sweep of the programs conducted under EO 12333 (which also collect US person data) don’t get close scrutiny from her committee (and none from the FISA Court).

But this claim most pisses me off:

As a general rule, a court order is still expected to review the content of American phone calls and e-mail ­messages.

Journalistic outlet Time must have missed where NSA’s General Counsel Raj De, in a public hearing, testified that NSA doesn’t even need Reasonable Articulable Suspicion — much less a court order — to read the content of Americans’ data collected incidentally under the FISA Amendment Act’s broad sweep, to say nothing of the even greater collection of data swept up under 12333. To support this demonstrably false claim, Time then points to the similarly false talking points the NSA sent home at Thanksgiving. It points to the NSA’s talking points just two paragraphs before Time lays out how often NSA has lied, both describing the government as actively misleading…

At the time Snowden went public, the American people had not just been kept in the dark; they had actively been misled about the actions of their government.

And then describing the specific lies of Keith Alexander and James Clapper.

The NSA lies, and lies often. But Time points to the NSA’s own lies to support its bad reporting.

At the same time, Time dances around the many things the US does that make us less secure. For example, it gives credence to the nonsense claim that Snowden singlehandedly prevented us from pressuring China into stopping hacking of us.

While in Hong Kong, Snowden gave an interview and documents to the South China Morning Post describing NSA spying on Chinese universities, a disclosure that frustrated American attempts to embarrass China into reducing its industrial-espionage efforts against U.S. firms.

This repeats the anachronistic claims and silence about US cyberwar that Kurt Eichenwald made in Newsweek.

And Time says Bullrun — a program that involves inserting vulnerabilities into code — “decodes encrypted messages to defeat network security,” which also minimizes the dangerous implications of NSA’s hacking.

If Time had actually read the news, rather than wax romantic about Russian literature, it might report that NSA in fact does collect vast amounts of and can the read incidentally collected content of most Americans. It might describe the several times NSA has been found to be violating the law, for years at a time. It might explain that many of these programs, because they operate solely under the President’s authority, might never get court review without Snowden’s leaks. And Time might bother to tell readers that, in some ways at least, the NSA makes us less safe because it prioritizes offensive cyberattacks (and not just on China) over keeping American networks safe.

As I said, I could have been happy about either a Pope Francis or an Edward Snowden selection. But as it is, Time might better call their scheme “Caricature of the Year,” because at least in their Snowden profile, they’re not actually presenting the news.

FISA Orders for Hacking Help

/6 Comments/in /by

In its latest Snowden story, the WaPo reports that NSA has used Google’s cookies to help track people for hacking purposes.

The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using “cookies” and location data to pinpoint targets for government hacking and to bolster surveillance.

The agency’s internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.

[snip]

The NSA’s use of cookies isn’t a technique for sifting through vast amounts of information to find suspicious behavior; rather, it lets NSA home in on someone already under suspicion – akin to when soldiers shine laser pointers on a target to identify it for laser-guided bombs.

This will be sure to make software opposition to NSA’s unbridled spying louder, if not less hypocritical (after all, every way Google limits its own tracking amounts to another tool the NSA can’t exploit).

I’m particularly interested in how NSA collects cookies it uses. The article suggests they may do it via FISC order (though they don’t say whether it would involve an individualized FISA order or bulk FAA collection).

These specific slides do not indicate how the NSA obtains Google PREF cookies or whether the company cooperates in these programs, but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. If the NSA gets the data that way, the companies know and are legally compelled to assist.

That is, is a PREF cookie just one of many identifying details they’re asked to turn over on customers in general? If so, in what volume?

Remember, too, that one thing the Internet companies are fighting for in their transparency suit is the right to explicate metadata requests from content ones. This is the kind of information request that would be very informative for potential targets (because, if they don’t already, they can just keep their cookies clean).

I’m particularly interested in the disclosure that the NSA may be using information collected on a FISA order for offensive hacking purposes, not for information collection. That’s not surprising — it doesn’t necessarily clearly distinguish between information collection and hacking. And we know the NSA uses the content it collects to coerce informants, so why not aide in hacks?

But that does seem to extend the use of FISC orders beyond the spirit of their use.

Three-Hopping the Corporate Store, in Theory

/6 Comments/in , /by

Stanford University has been running a project to better understand what phone metadata can show about users, MetaPhone, in which Android users can make their metadata available for analysis.

They just published a piece that suggests we could be underestimating the intrusiveness of the government’s phone dragnet program. That’s because most assumptions about degrees of separation consider only human contacts, and not certain hub phone numbers that quickly unite us.

A common approach for calculating these figures has been to simply assume an average number of call relationships per phone line (“degree”), then multiply out the number of hops. If a single phone number has average degree d, and the NSA can make h hops, then a single query gives expected access to about dh complete sets of phone records.34


We turned to our crowdsourced MetaPhone dataset for an empirical measurement. Given our small, scattershot, and time-limited sample of phone activity, we expected our graph to be largely disconnected. After all, just one pair from our hundreds of participants had held a call.

Surprisingly, our call graph was connected. Over 90% of participants were related in a single graph component. And within that component, participants were closely linked: on average, over 10% of participants were just 2 hops away, and over 65% of participants were 4 or fewer hops away!

In spite of the fact that just 2 of its participants had called each other, the fact that so many people had called TMobile’s voicemail number connected 17% of participants at two hops.

Already 17.5% of participants are linked. That makes intuitive sense—many Americans use T-Mobile for mobile phone service, and many call into voicemail. Now think through the magnitude of the privacy impact: T-Mobile has over 45 million subscribers in the United States. That’s potentially tens of millions of Americans connected by just two phone hops, solely because of how their carrier happens to configure voicemail.

And from this, the piece concludes that NSA could get access to a huge number of numbers with just one seed.

But our measurements are highly suggestive that many previous estimates of the NSA’s three-hop authority were conservative. Under current FISA Court orders, the NSA may be able to analyze the phone records of a sizable proportion of the United States population with just one seed number.

This analysis doesn’t account for one thing: NSA uses Data Integrity Analysts who take out high volume numbers — numbers like the TMobile voice mail number.

Here’s how the 2009 End-to-End review of the phone dragnet described their role.

As part of their Court-authorized function of ensuring BR FISA metadata is properly formatted for analysis, Data Integrity Analysts seek to identify numbers in the BR FISA metadata that are not associated with specific users, e.g., “high volume identifiers.” Read more

NSA Failures and Terror Successes Drive the Dragnet

/8 Comments/in /by

Ryan Lizza has a long review of the dragnet programs. As far as the phone dragnet, it’s a great overview. It’s weaker on NSA’s content collection (in a piece focusing on Ron Wyden, it doesn’t mention back door searches) and far weaker on the Internet dragnet, the technical and legal issues surrounding which he seems to misunderstand on several levels. It probably oversells Wyden’s role in bringing pressure on the programs and treats Matt Olsen’s claims about his own role uncritically (that may arise out of Lizza’s incomplete understanding of where the dragnet has gone). Nevertheless, it is well worth a read.

I think it most valuable for the depiction of Obama’s role in the dragnet and its description of the ties between the war on terror and perceptions about the dragnet. Take this account of Obama’s decision not to embrace transparency during the PATRIOT Act Reauthorization in 2009-10. Lizza describes Wyden pressuring Obama to make information on the dragnets available to Congress and the public (we know HJC members Jerry Nadler, John Conyers, and Bobby Scott were lobbying as well, and I’ve heard that Silvestre Reyes favored disclosure far more than anyone else in a Ranking Intelligence Committee position).

But then the UndieBomb attack happened.

The debate ended on Christmas Day, 2009, when Umar Farouk Abdulmutallab, a twenty-three-year-old Nigerian man, on a flight from Amsterdam to Detroit, tried to detonate a bomb hidden in his underwear as the plane landed. Although he burned the wall of the airplane’s cabin—and his genitals—he failed to set off the device, a nonmetallic bomb made by Yemeni terrorists. Many intelligence officials said that the underwear bomber was a turning point for Obama.

“The White House people felt it in their gut with a visceralness that they did not before,” Michael Leiter, who was then the director of the National Counterterrorism Center, said. The center was sharply criticized for not detecting the attack. “It’s not that they thought terrorism was over and it was done with,” Leiter said, “but until you experience your first concrete attack on the homeland, not to mention one that becomes a huge political firestorm—that changes your outlook really quickly.” He added, “It encouraged them to be more aggressive with strikes”—drone attacks in Yemen and Pakistan—“and even stronger supporters of maintaining things like the Patriot Act.”

Obama also became more determined to keep the programs secret. On January 5, 2010, Holder informed Wyden that the Administration wouldn’t reveal to the public details about the N.S.A.’s programs. He wrote, “The Intelligence Community has determined that information that would confirm or suggest that the United States engages in bulk records collection under Section 215, including that the Foreign Intelligence Surveillance Court (fisc) permits the collection of ‘large amounts of information’ that includes ‘significant amounts of information about U.S. Persons,’ must remain classified.” Wyden, in his reply to Holder a few weeks later, expressed his disappointment with the letter: “It did not mention the need to weigh national security interests against the public’s right to know, or acknowledge the privacy impact of relying on legal authorities that are being interpreted much more broadly than most Americans realize.” He said that “senior policymakers are generally deferring to intelligence officials on the handling of this issue.”

Curiously, Lizza makes no mention of Nidal Hasan who, unlike Umar Farouk Abdulmutallab, actually succeeded in his attack, and like Abdulmutallab, had had communications with Anwar al-Awlaki intercepted by the NSA (and FBI) leading up to the attack. Weeks before the UndieBomb attack, Pete Hoekstra had already started criticizing the Obama Administration for not responding to Hasan’s emails to Awlaki, and Hasan’s attack led to more tracking of Awlaki (and, I suspect, Samir Khan’s) online interlocutors. I also suspect that, because of certain technical issues, the Hasan experience led to increased support for suspicionless back door searches.

But whether or not the UndieBomber alone or in conjunction with the Hasan attack was the catalyst, I absolutely agree Obama got spooked.

The question is whether Obama took the correct lesson from the UndieBomb, in particular. While the Hasan attack definitely led to real lessons about how to better use content collection (FISA and PRISM), the UndieBomb case should have elicited conclusions about having too much data to find the important messages, such as Abdulmutallab’s text to Awlaki proposing Jihad. (Note that Hoekstra’s blabbing about the Awlaki taps may have led AQAP to encrypt more of their data — as Awlaki was alleged to have done with Rajib Karim — which would have led to legitimate concerns about publicizing NSA techniques.) With the UndieBomb, NSA purportedly had advance warning of the attack that didn’t get read until after the attempt. Why not? And why wasn’t that Obama’s main takeaway?

And the National Security people still seem to be taking the wrong lessons. Here’s Matt Olsen and DiFi’s version of the National Security crowd’s latest fearmongering, that we need dragnets even more so now because the terrorist group has dispersed.

As core members of Al Qaeda were killed, the danger shifted to terrorists who were less organized and more difficult to detect, making the use of the N.S.A.’s powerful surveillance tools even more seductive. “That’s why the N.S.A. tools remain crucial,” Olsen told me. “Because the threat is evolving and becoming more diverse.”

Feinstein said, “It is very difficult to permeate the vast number of terrorist groups that now loosely associate themselves with Al Qaeda or Al Nusra or any other group. It is very difficult, because of language and culture and dialect, to really use human intelligence. This really leaves us with electronic intelligence.”

Olsen says the problem is, in part, that Al Qaeda is “less organized.” DiFi says one problem we have “permeating” terrorist groups is language and culture and dialect and her solution to that is to use “electronic intelligence.” While electronic intelligence — and specifically metadata — provides a way to compensate for linguistic failures (the NSA uses structure to identify which are the important conversations), in terrorist attack after terrorist attack (as well as CW attack) we turn out not to have been watching the right content feeds. And if we don’t have the linguistic skills, we’re likely not going to understand the messages correctly in any case.

And these are less organized groups! Are they really any more effective than crime gangs at this point, and crime gangs in countries far away with little means to access the US?

But rather than saving money on the dragnet and working instead on shoring up our cultural and linguistic failures, this failure is instead seen as another excuse to sustain the dragnet.

It’s clear that terror — whether NSA has failed or not — serves as a evergreen excuse for the dragnet. The real question is whether it should.

World of Spycraft in Virtual Space

/17 Comments/in /by

The Guardian’s latest Snowden scoop describes how they decided to infiltrate World at Warcraft and other virtual gaming environments. As they point out, there’s no clear proof terrorists have used such space (though they were able to follow some credit card thieves into Second Life once). But what the heck? There’s metadata to be collected, so why not conquer it. As the original document describes,

GVEs are an opportunity! We can use games for: CNE exploits, social network analysis, HUMINT targeting, ID tracking (photos, doc IDs), shaping activities, geo-location of target, and collection of comms.

I’m particularly interested in the treatment of the propaganda and training value of virtual space. There, they focus on Hezbollah’s use of Special Force 2 to train potential recruits (and fundraise).

GVEs have been made that reinforce prejudices and cultural stereotypes while imparting a targeted message or lesson both from the Western point of view and in the Middle East. America’s Army is a U.S. Army produced game that is free download from its recruitment page and is acknowledged to be so good at this the army no longer needs to use it for recruitment, they use it for training. The Lebanese Hizballah has taken this concept and the same basic game design and made its own version of the game called Special Forces 2 (SF2), which its press section acknowledges is used for recruitment and training in order to prepare their youth to “fight the enemy”, a radicalizing medium; the ultimate goal is to become a suicide martyr. One cannot discount the “fun factor” involved—it is important to hold your target audience’s attention– and makes ingesting the message not even noticeable. SF2 features multi-player, online text and voice chat for up to 60 players simultaneously, effectively acting like a VPN or private chat forum. SF2 is offered at $10 a copy and so also goes to fund terrorist operations.

This was admission that we regard such games as legitimate war tools.

I immediately thought of Amir Mirzaei Hekmati, the Iranian-American ex-Marine sentenced to death by the Iranians while visiting relatives in 2011 (that is, well after this NSA document was written in 2008; his death sentence has since been overturned). At the time, public reports described the detention as a big misunderstanding over the role of Hekmati’s role in an online game company, Kuma Wars.

A Pentagon language-training contract won in 2009 by Kuma Games, a New York-based company that develops reality-based war games — including one called “Assault on Iran” — lists as a main contact Amir Mirzaei Hekmati, the former Marine from Flint, Mich., now on death row in an Iranian prison, convicted of spying for the C.I.A.

That $95,920 contract, and Mr. Hekmati’s military background, his Iranian heritage and some linguistics work he did for the Defense Advanced Research Projects Agency, help explain why the authorities in Iran, increasingly paranoid and belligerent about perceived American threats, had him arrested last August while he was visiting Iran for the first time.

[snip]

“They don’t want to say anything that might have negative repercussions,” said Michael Kelly, a spokesman for Mott Community College in Flint, where the father teaches. “Something that appears harmless here could be interpreted differently there.”

Sure enough, however, NSA treats Kuma Wars similar to the way it treated Hezbollah’s war game.

Kuma Wars is a U.S. owned company that offers realistic battle simulation of real battles in Iraq usually one month after they actually happened. The player can re-do maneuvers in a lessons learned way for training, or you can switch sides and see how it works from the opposite side. It also provides real terrain features, such as real road signs from real roads in Iraq, and a simulated night-vision goggles environment.

Meanwhile, the LAT reports the CIA’s NOC program has been a colossal flop.

If the US is going to treat all these platforms as the next battleground in the war against al Qaeda or Iran, we should expect Americans — innocent or not — to be treated as spies in that space.