January 8, 2007 and NSA’s Sloppy Bureaucracy

/10 Comments/in /by

I’m going to do a post on all the Section 215 documents the Most Transparent Administration Evah™ didn’t turn over in its fit of feigned transparency. But first I want to clarify something about timing.

There are 7 documents in the ACLU Vaughn Index “dated” January 8, 2007. There is an 8th in the EFF Vaughn Index (see document 3). There are 4 documents on ACLU’s site linking all the NSA documents released bearing that date, one of which was released by Edward Snowden.

But at least some (and probably all) of these documents were not written on January 8, 2007.

For example, this document, an “interim competency test” for the phone dragnet, must date to sometime after March 2009, because it describes restrictions in place only between that month and September 2009. Document 3 in EFF’s Vaughn Index (which was not released) refers to the June 25, 2009 End-to-End report (it may be an earlier version of this report, but I suspect it describes some rejection on the part of FISC of some activity).

The date January 8, 2007 actually refers to the date of the policy on classification governing the documents in question. (That policy superseded one dated November 23, 2004, and it was superseded on November 16, 2012.)

I raise this partly to clear up fairly widespread confusion (confusion that started with DOJ and ODNI’s actions, but which has extended to a number of journalists).

But also because it betrays a real bureaucratic sloppiness on the part of NSA.

The documents mis-identified as January 8, 2007 documents are largely training manuals and guidelines, as well as some less formal Congressional notice. Some of the other training manuals and guidelines are not dated at all (even the documents that are effectively drafts should have version control on them). This is surprising in any bureaucracy the size of NSA, but particularly given that many of these documents play a key role in legal compliance. (To its credit, what appears to be the most recent training program released, which is actually a story-board for a multi-module training program, is dated.)

While I suspect NSA accomplishes some of this version control via online file management (meaning that an analyst who goes to the file for “dragnet training” will only have access to the most up-to-date version), there still remains the risk that employees won’t follow new restrictions because they’re operating from outdated documents and can’t easily determine which is newest.

It also, of course, makes it harder — for both us and, in all probability (given that these documents were all in possession of DOJ), DOJ — to determine whether NSA was providing the training it assured the FISA Court it was providing (and all that’s before you consider how utterly crappy most of these materials are from a training perspective).

Consider the irony: for at least some of its documentation, NSA takes more care to date the policy guiding its classification than to date its legal validity.

The James Clapper Plan to “Change” NSA by Keeping John Inglis in Charge

/5 Comments/in /by

Yesterday, Ellen Nakashima reported that James Clapper supports splitting CyberCommand off of NSA. To understand whether this would represent real change or not, consider that they’re considering John Inglis — currently Keith Alexander’s Deputy — to lead NSA.

At a White House meeting of senior national security officials last week, Director of National Intelligence James R. Clapper Jr. said he was in favor of ending the current policy of having one official in charge of both the National Security Agency and U.S. Cyber Command, said the individuals, who spoke on the condition of anonymity.

Also, officials appear inclined to install a civilian as director of the NSA for the first time in the agency’s 61-year history. Among those said to be potential successors to the current director, Gen. Keith B. Alexander, is his deputy, John C. “Chris” Inglis.

Frankly, I think splitting off Cyber is the wrong solution in any case. The problem, as I see it, is that both the cyberoffensive and the information collecting missions favor a policy of creating vulnerabilities that both US hackers and collectors can exploit in the future. That leaves the third NSA mission — protecting US networks — stuck with an approach of finding those entities that are exploiting vulnerabilities, rather than working on a resilience strategy that not only might work better, but also would provide Americans greater privacy. I think splitting off the defensive side, potentially creating a champion for real security, would do more than splitting off Cyber, which probably only leaves two competing champions for creating and exploiting vulnerabilities.

In any case, though, if John Inglis is in charge of one of those champions of creating vulnerabilities, chances are negligible the NSA will change its approach.

 

The Cayman Islands Agrees to Share Tax Data with the Five Eyes Countries

/6 Comments/in , /by

Screen shot 2013-11-29 at 5.18.17 PMApparently, the people at Treasury don’t need to take advantage of the Black Friday sales. Instead, they’re at work and announcing that the Cayman Islands (and Costa Rica) will share information on US taxpayers with the IRS. The move comes after the Brits rolled out a similar agreement earlier this month.

I assume we’ll see other advanced countries demand similar agreements. But for the moment, just the NSA and GCHQ’s home countries will be able to learn which of their citizens are stashing money in one of the world’s most important tax havens (and one that has been important to Anglo-American financial dominance).

There are two submarine cables serving the Cayman Islands. One — Maya 1 — carries telecom traffic to Hollywood, FL. It is owned, in part, by NSA spy partners AT&T and Verizon. The other carries traffic to Jamaica. Another of the cables that serves Jamaica lands in Boca Raton. A third carries traffic to British Virgin Islands. From BVI, cables carry traffic directly to several other landing spots in the US, as well as — by way of Bermuda — Canada.

Earlier this year, someone leaked massive amounts of data on BVI’s tax shelter clients and habits (though curiously, no US persons were identified among the most prominent culprits). As far as I know, no one has ever discovered how that data got leaked, and there seems little concern from the powers that be about this leaker who, after all, was as audacious as Chelsea Manning or Edward Snowden.

Now, I’m not saying that the US and UK were already stealing Cayman Islands’ data. I’m only saying that doing so would be perfectly within the known practices of America and Britain’s spy agencies.

The NSA versus “Issue-Based Extremists”

/3 Comments/in /by

The CBC has a Snowden-based story about how the NSA helped Canada’s Communications Security Establishment Canada in advance of and during the G20 held in Toronto in 2010. That isn’t all that surprising. As the story notes, it’s consistent with other stories of NSA spying surrounding international diplomatic meetings.

But the story does note that the Snowden documents make it clear there was no specific al Qaeda threat. Instead, the “threat” to the meeting came from “issue-based extremists.”

Much of the secret G20 document is devoted to security details at the summit, although it notes: “The intelligence community assesses there is no specific, credible information that al-Qa’ida or other Islamic extremists are targeting” the event.

No matter. The NSA warns the more likely security threat would come from “issue-based extremists” conducting acts of vandalism.

The comment reminds me of a paragraph in testimony Alberto Gonzales and Robert Mueller gave to the Senate Intelligence Committee in 2005, in advance of the first PATRIOT Act reauthorization. The testimony is notable for Gonzales and Mueller’s silence about the use of Pen Registers to collect a significant chunk of all the Internet-based metadata in the US (NSA had already been caught collecting “metadata” that was really “content” by then), even while he emphasized the “relevant to” language that had been added to Pen Registers in 2001.

Sensibly, Section 214 of the USA PATRIOT Act simplified the standard that the government must meet in order to obtain pen/trap data in national security cases. Now, in order to obtain a national security pen/trap order, the applicant must certify “that the information likely to be obtained is foreign intelligence information not concerning a United States person, or is relevant to an investigation to protect against international terrorism or clandestine intelligence activities.” Importantly, the law requires that such an investigation of a United States person may not be conducted solely upon the basis of activities protected by the First Amendment to the Constitution.

Section 214 should not be permitted to expire and return us to the days when it was more difficult to obtain pen/trap authority in important national security cases than in normal criminal cases. This is especially true when the law already includes provisions that adequately protect the civil liberties of Americans. I urge you to reauthorize section 214.

Over the course of the reauthorization process, of course, Congress added that “relevance” language to Section 215, which served as the basis for the phone dragnet of all American’s phone calls.

But the paragraph of the Gonzales/Mueller testimony that stuck out at me described how PATRIOT Section 203 — which permitted the sharing of Grand Jury, wiretap, and other criminal investigation information with intelligence professionals — had authorized information sharing at similar high profile meetings. After 8 bullet point examples showing how this information sharing had supported terrorism (or Iraqi) investigations, the testimony then revealed it had been used to authorize information sharing during 2004’s G-8 and Presidential Conventions.

In addition, last year, during a series of high-profile events — the G-8 Summit in Georgia, the Democratic Convention in Boston and the Republican Convention in New York, the November 2004 presidential election and other events — a task force used the information sharing provisions under Section 203(d) as part and parcel of performing its critical duties. The 2004 Threat Task Force was a successful inter-agency effort where there was a robust sharing of information at all levels of government.

Now perhaps these big meetings faced an Al Qaeda threat in 2004 that the G-20 didn’t face in 2010. But I’m cognizant that PATRIOT defines “foreign intelligence information” to include “sabotage,” which might be used to treat legitimate “issue-based extremists” as terrorists.

We already know that anti-war protestors (the kind of “single-issue extremists” who protested in big numbers in 2004) were investigated as terrorists as early as 2002, though DOJ professed to be unable to connect all the investigations together. Indeed, precisely that kind of “criminal” investigation started in local FBI offices is the kind of information that might be shared under PATRIOT 203(d) with a Task Force facing protestors.

We don’t know, from this one paragraph, what kind of information the government shared in 2004 in the name of “foreign intelligence.” But the 2010 Canadian example suggests the government is still (or was, as recently as 2010) treating legitimate protestors as outside infiltrators. Which makes it likely that the US did the same back during the height of anti-Iraq War protests.

In 2009, NSA Said It Had a “Present Example” of Abuse Similar to Project Minaret

/4 Comments/in /by

Screen shot 2013-11-27 at 11.11.07 AM

While we’re discussing new hints that the NSA actually has targeted Americans in creepy old-style spying, I want to look closely at a training program that ODNI describes as dating to August 2009. The I Con description reads, in part,

August 2009 NSA Cryptological School Course on Legal, Compliance, and Minimization Procedures. These course materials, designed for NSA personnel provided access to bulk telephony and electronic communications metadata acquired pursuant to Section 501 of FISA and Section 402 of FISA respectively

There should be some tie to the PATRIOT-authorized phone and Internet dragnets, otherwise this document wouldn’t be responsive to the ACLU and EFF FOIAs it was released in response to. But I actually suspect they may have grabbed the wrong August 2009 training program from their “heap of trouble in 2009” file, because there’s not a hint of PATRIOT authorities in the course. In fact, I think it’s possible that the training instead responded to the violations reported on by Risen and Lichtblau in April 2009,

The intelligence officials said the problems had grown out of changes enacted by Congress last July in the law that regulates the government’s wiretapping powers, and the challenges posed by enacting a new framework for collecting intelligence on terrorism and spying suspects.

[snip]

But the issue appears focused in part on technical problems in the N.S.A.’s ability at times to distinguish between communications inside the United States and those overseas as it uses its access to American telecommunications companies’ fiber-optic lines and its own spy satellites to intercept millions of calls and e-mail messages.

[snip]

As part of that investigation, a senior F.B.I. agent recently came forward with what the inspector general’s office described as accusations of “significant misconduct” in the surveillance program, people with knowledge of the investigation said. Those accusations are said to involve whether the N.S.A. made Americans targets in eavesdropping operations based on insufficient evidence tying them to terrorism.

And in one previously undisclosed episode, the N.S.A. tried to wiretap a member of Congress without a warrant, an intelligence official with direct knowledge of the matter said.

The training covers things like the FISA Amendments Act statutes limiting wiretapping of Americans overseas (sections 703, 704, and 705). It seems to talk about necessary limits on upstream collection. It discusses how to narrow search terms on already collected data to avoid collecting innocent US person data. It also appears to have several heavily redacted sections that talk about wiretapping protected persons like members of Congress.

All that said, I’m particularly interested in the training for another reason (though the violations reported by Risen and Lichtblau may provide helpful background). In several sections, the training seems almost plaintive in its efforts to convince analysts to follow the rules, as on page 83 where it explains the best way to protect the NSA is to play by the rules.

The best way to protect ourselves and our SIGINT is to play by the rules.

No matter how inconvenient the rules may seem, if we fail to adhere to them, the next set of rules will be far stricter. (82)

More interesting still are two series of slides that bookend what we see of the presentation save a last mostly-redacted section (see pages 6-8 and 114-116, excerpted above; click to enlarge). After introducing Katz v. US, a Supreme Court case that recognized the expectation of privacy in phone conversations, the presentation reviewed 3 past wiretapping scandals.

Operation Shamrock: 1945-1975

  • NSA received copies of international telegrams to, from, and transiting the U.S.

Narcotics Collection: 1970-1973

  • Obtained Communications that Law Enforcement could not acquire under Title III

Project Minaret: 1967-1973 (The Watch List)

  • Names of U.S. persons used systematically as basis for selecting messages

Then almost a hundred pages later, the presentation includes 3 slides that match those earlier abuses with what it calls present examples (in the image above I’ve matched the original slide to the follow-up). The first — the one matching Operation Shamrock — is almost entirely redacted, showing only that it involves “targeting of …” (presumably referring to email or phone calls).

Telegrams

The second — the one matching illegal Narcotics wiretaps — describes a “Restaurant in Texas to identify narcotics smugglers.”

TX Restaurant

The third — the one matching Project Minaret — admits to “unauthorized targeting of suspected terrorists in U.S.”

Unauthorized suspected terrorists

 

These comparisons, it seems, aimed to match historic abuses to “present” (or recent) practices, warning that if NSA analysts didn’t clean up their act something like a Church Committee and more stringent rules would be imposed.

I have no idea what NSA meant when it called these three things “Present Examples” (though I’m sure the lawyers for the restaurant in Texas would be interested in this news). It’s quite possible the first and third refer to practices under Bush’s illegal wiretap program, which we know involved domestic wiretapping of the phone and email of people alleged to be terrorist suspects. In other words, these abuses may refer to pre-2007 activities rather than the violations Risen and Lichtblau reported in early 2009.

That said, NSA’s OGC seems to have believed — or at least fear-mongered — that the “present” abuses were similar in kind to the famous abuses from the 1970s.

Definition of a “Radicalizer:” A Sunni Opponent to Unchecked US Power

/13 Comments/in /by

As if on cue in response to my post noting that while the NSA may not be like the Stasi for most Americans, it may well be closer for Muslims, Glenn Greenwald teams up with HuffPo’s two Ryans to disclose that the NSA has been snooping on online porn habits.

The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document.

Beyond the eye-popping lede, however, I find the underlying premise just as troubling.

The NSA calls the 6 targets it describes as “radicalizers.”

DNI flack Shawn Turner suggests these are valid terrorist targets.

“Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence,” Shawn Turner, director of public affairs for National Intelligence, told The Huffington Post in an email Tuesday.

Former NSA GC Stewart Baker characterizes them as “trying to recruit folks to kill Americans.”

“If people are engaged in trying to recruit folks to kill Americans and we can discredit them, we ought to,” said Baker. “On the whole, it’s fairer and maybe more humane” than bombing a target, he said, describing the tactic as “dropping the truth on them.”

But consider the profile presented in the story and underlying documents. None have been tied to any terrorist plots.

None of the six individuals targeted by the NSA is accused in the document of being involved in terror plots.

The English speaking ones have minimal ties with people characterized even as extremist groups (which may be different than a terrorist group; and the Arab speakers do have such ties).

The NSA accuses two of the targets of promoting al Qaeda propaganda, but states that surveillance of the three English-speakers’ communications revealed that they have “minimal terrorist contacts.”

In particular, “only seven (1 percent) of the contacts in the study of the three English-speaking radicalizers were characterized in SIGINT as affiliated with an extremist group or a Pakistani militant group. An earlier communications profile of [one of the targets] reveals that 3 of the 213 distinct individuals he was in contact with between 4 August and 2 November 2010 were known or suspected of being associated with terrorism,” the document reads.

And the messages these so-called “radicalizers” promote range from 9/11 trutherism to intolerance for non-Sunni Muslims to justifying the killing of non-Muslim invaders.

One target’s offending argument is that “Non-Muslims are a threat to Islam,” and a vulnerability listed against him is “online promiscuity.” Another target, a foreign citizen the NSA describes as a “respected academic,” holds the offending view that “offensive jihad is justified,” and his vulnerabilities are listed as “online promiscuity” and “publishes articles without checking facts.” A third targeted radical is described as a “well-known media celebrity” based in the Middle East who argues that “the U.S perpetrated the 9/11 attack.” Under vulnerabilities, he is said to lead “a glamorous lifestyle.” A fourth target, who argues that “the U.S. brought the 9/11 attacks on itself” is said to be vulnerable to accusations of “deceitful use of funds.”

And that well-known cleric who opposes Al Qaeda’s targeting of civilians and approves killing invaders of his country even adopts a pragmatic approach to the Arab Spring — which is more than our Saudi allies can say.

While some of these 6 targets may count as extremist propagandists, several of them, at least, might better be described as outspoken opponents to unfettered American dominance.

And the NSA proposes not just to discredit these people with smut (a tactic they attempted to use, unsuccessfully, against Anwar al-Awlaki), but to accuse them of — gasp! — charging exorbitant speaking fees.

So, yeah, this does prove that the NSA is using its considerable resources to repeat J Edgar Hoover’s tactics.

But it also shows that it is deploying such efforts against men who may not be the bogeymen NSA’s apologists make them out to be.

Update: Juan Cole takes the same angle on this story I did.

Update: DNI flack’s name corrected, thanks to SA.

Chomsky v. Gellman on the Stasi

/11 Comments/in /by

[youtube]RB7U_0ARbMI[/youtube]

Noam Chomsky and Barton Gellman did a panel at an MIT Big Data conference. In the middle of it, they get into a quasi debate about whether the NSA is like the Stasi (this starts after 20:00).

For what it’s worth, I think they agree that the Stasi was far more “monstrous” (Chomsky’s term) than the US and NSA. Chomsky’s point is that Americans are making the same argument in defending the dragnet that many apparatchiks in monstrous regimes also made in complete good faith. Whereas Gellman argues that the scale is so different that such comparisons risk distracting the discussion.

All that said, I wanted to focus on this line from Gellman (at 25:00).

Stasi was knowingly, deliberately, consciously discovering and squashing dissent, blackmailing people, arresting people, preventing the emergence of any kind of opposition force, I don’t think that’s what we’re seeing here at all.

I agree with it generally — the NSA is not squashing all dissent (which is not to say other domestic agencies don’t harass dissenters in organized fashion, possibly employing NSA-related data several steps removed).

But I’m not Muslim or Arab, and I’m not sure I’d be as quick to say the same about the effect of the dragnet — and associated actions — on those communities. I noted back on (heh) 9/11 that the government justified the dragnet, in part, because it helps identify people the government can recruit as assets.

It turns out that rationale was built into the (FISC-authorized) program from the start. Only, when the government laid out the case in its original memorandum in support of the phone dragnet, it specified these targeted people would become FBI informants (that is, domestic informants).

The ability to see who communicates with whom may lead to the discovery of other terrorist operatives, may help to identify hubs or common contacts between targets of interest who were previously thought to be unconnected, and may help to discover individuals willing to become FBI assets.

So start with the government’s stated intent to use a database of all the phone-based (and, presumably, Internet-based, though I haven’t seen this language in the more limited PR/TT documents that have been released) relationships in the US — which shows not just the people who are three degrees of separation from someone who is more likely than not “associated” with a terrorist group, but also things like who is having extramarital affairs they want to continue to hide — to find informants.

Then consider the way the government very sloppily dismisses both the generalized threat to Freedom of Association posed by the dragnet, as well as the possibility that someone more likely than not associated with a terrorist organization might be talking, on first hop, someone in an NGO like CAIR or ACLU. Such consideration very quickly gets you to the point where at least the activities of such “dissident” groups would be chilled — to say nothing of groups like NYC’s Arab American Association, a social services group the NYPD targeted for infiltration.

Those actions don’t squash dissent for everyone. They just go a long way toward squashing dissent for Muslims and Arabs and South Asians other potentially targeted groups.

It would take expanding this activity two orders of magnitude, at least, to reach the level of generalized infiltration the Stasi accomplished; Gellman’s point about scope is correct. We’re not there yet (though if any Administration ever wants to go there, the dragnet has apparently already proven useful in systematizing the selection of potential informants).

But I do recognize I’m not in the position of saying how corrosive this secret program has been on the communities that would be most targeted by it.

Phone and Internet Associations Are Both Terror Group Membership and a Chance Encounter in a Dance Hall

/5 Comments/in , /by
Screen shot 2013-11-25 at 12.59.34 PM

The sole discussion of First Amendment considerations in this undated training (it’s probably between early 2008 and 2011) is one page with a list of protected activities.

As I noted last week, from the start of the dragnet programs, neither the Court nor the government appear to have considered the implications dragnet analysis had for Freedom of Association.

Several of the training documents released last week — notably this August 29, 2008 NSA Memo — suggest the NSA reconsidered the associational implications of the dragnet in 2008. Nevertheless, in a document that appears to reflect an August 20, 2008 effort to protect associations, the NSA continued to use at least some associations as evidence of terrorist affiliation.

The rules on dragnet queries changed on August 20, 2008

As I noted some weeks ago, the government has withheld at least 3 FISC opinions pertaining to Section 215; one of the withheld opinions is dated August 20, 2008. This memo, written 9 days later, lays out the legal standard for contact-chaining for both the phone and Internet dragnet programs as described in two 2008 dockets.

Specifically, the memo elaborates on the legal standard applicable to the contact-chaining activities in which SID offices engage pursuant to Business Records Order 08-08 (as well as subsequent Orders for the production of telephony records)1 as well as to the contact chaining activities in which SID analysts engage pursuant to the Pen Register and Trap and Trace Order 08-110 (as well as subsequent Pen/Trap Orders ).

The documents must be the most recent, given the way the memo applies this standard to orders going forward. And it replaces an earlier memo, written just months after the start of the phone dragnet.

OGC memorandum dated October 13, 2006, same subject, is canceled. This memorandum updates the prior memorandum to reflect changes in the Foreign Intelligence Surveillance Court (FISC) authorizations specifically authorizing access to the data acquired under the Orders for analysis related to [redacted — probably describes terrorism subjects] The substantive guidance concerning the application of the “reasonable articulable suspicion” standard with respect to the authorizations remains unchanged.

All of which strongly suggests this memo served to incorporate whatever changes the August 2008 opinion made into NSA practice.

The change in the rules pertain to the treatment of association

The structure of the memo — along with the footnote’s explanation that the standards for Reasonable Articulable Suspicion  (cited above) have not changed — suggest that what did change pertains to Association.

After an introductory section, the memo has this structure:

A. Summary of the [RAS] Standard

B. Association with [redacted — probably terrorist targets]

C. First Amendment Considerations

D. Summary

In other words, the memo seems to assess the impact of an August 20, 2008 FISC opinion commenting on the degree to which First Amendment protected activity may serve as proof of a tie (an association) to a terrorist organization.

Regardless of what the FISC said, association is the same thing as membership

Before I lay out the logic dismissing any associational concerns presented by using phone contacts to assume a tie to terrorism, let me get to the punch line. After explaining that simply lobbying a member of Congress to “cut off funding for U.S. troops in Iraq” does not prove an association with terrorism (though some other NSA documents suggest it may have been regarded as such at one time), the memo explains that in some circumstances direct contact can do so.

But, as we have already made clear, we do not read the Order to preclude under all circumstances the conclusion that a number is associated with [redacted — probably terrorist groups] solely on the basis of its communications [redacted] and, more specifically, based on its contacts with numbers about which NSA has the appropriate level of suspicion. Our conclusion is supported by First Amendment law, as we discuss below.

In a footnote on that same page, the memo makes a breathtaking conflation of “member” and “associated with” a terrorist group.

We note also that the very object of the overall effort supported by these Orders is to determine whether or not particular individuals are members of or are associated with the terrorist organizations named in the Orders. Thus, under these Orders, simply by being a member of a named group one becomes subject to government scrutiny. [my emphasis]

That is, NSA sets out to argue that, regardless of whatever that FISC opinion states, association with a terrorist group (provided that they engage in direct contact) amounts to membership in it.

And here’s how that analysis ends up. Read more

Keith Alexander: The One General Obama Didn’t Fire

/5 Comments/in /by

Obama has developed a reputation for firing Generals (so much so the wingnuts have developed some conspiracy theories about it).

Most famously, of course, he fired Stanley McChrystal for insubordination. He ousted CENTCOM Commander James Mattis early because of dissent on Iran policy (what on retrospect, with the distance and this AP report, might have been opposition to the back channel discussions that led to this weekend’s interim nuclear deal). A slew of Generals have been fired for offenses including drinking, fucking (including sexual abuse), swearing, and cheating at poker, as well as abusing their positions (Hamm, Gaouette, Baker, Roberts, Sinclair, Giardina, CarryHuntoon). Obama accepted then CIA Director David Petraeus’s resignation, ostensibly for fucking, too, but even before that kept refusing Petraeus the promotions he thought he deserved. Generals Gurganus and Sturdevant got fired for not sufficiently defending a big base in Afghanistan.

It’s that background that makes the premise of this WSJ piece on NSA so unconvincing. It presents the fact that General Keith Alexander offered — but Obama did not accept — his resignation as proof of how significantly the Snowden leaks have affected NSA.

Shortly after former government contractor Edward Snowden revealed himself in June as the source of leaked National Security Agency documents, the agency’s director, Gen. Keith Alexander, offered to resign, according to a senior U.S. official.

The offer, which hasn’t previously been reported, was declined by the Obama administration. But it shows the degree to which Mr. Snowden’s revelations have shaken the NSA’s foundations—unlike any event in its six-decade history, including the blowback against domestic spying in the 1970s.

[snip]

When the leaks began, some top administration officials found their confidence in Gen. Alexander shaken because he presided over a grave security lapse, a former senior defense official said. But the officials also didn’t think his resignation would solve the security problem and were concerned that letting him leave would wrongly hand Mr. Snowden a win, the former defense official said.

Even before Edward Snowden started working for the NSA via Booz, Alexander had presided over — by his own provably exaggerated admission — the plunder of America via cybertheft.

Then, on top of that purportedly catastrophic failure, Snowden served to demonstrate how easy it was to walk away with details on some of NSA’s most sensitive ops.

And yet the guy who left the entire US Internet as well as NSA’s codebreaking exposed — as compared to a single base in Afghanistan — did not get fired for his failures.

Because that might wrongly hand Snowden a win, apparently.

That’s the real tell. The article provides new details on an effort to weigh the value of wiretapping elite targets. But the rest of the article quotes hawks like Dutch Ruppersberger and Mike Rogers complaining about the risk of big new controls that might end the Golden Age of SIGINT while — again — focusing almost exclusively on the wiretapping of elites (the article includes one paragraph predicting a compromise on the dragnet programs, not noting, of course, how much of the dragnet has already moved overseas).

Broad new controls, though, run the risk of overcorrecting, leaving the agency unable to respond to a future crisis, critics of the expected changes warn.

[snip]

Another change under consideration is placing a civilian in charge of the NSA for the first time after Gen. Alexander leaves next spring, as he has been planning to do. Deputy Defense Secretary Ashton Carter is advocating internally for the change, according to current and former officials. Mr. Carter declined to comment.

“We’re getting clobbered, and we want a better story to tell than: ‘It’s under review, and everybody does it,’ ” the senior administration official said, speaking of the U.S. belief that other governments routinely electronic eavesdrop on foreign leaders.

There’s one more odd part of this story. It claims that after 9/11, the NSA was pilloried for its lapses leading up to the attack.

After the 2001 terrorist attacks, the NSA was pilloried for missing clues of the plot. It reinvented itself as a terrorist-hunting machine, channeling its computing power to zero in on suspects any time they communicated.

That’s not what happened. The National Security establishment has repeatedly, falsely portrayed NSA’s failure to realize Khalid al-Mihdhar was calling an Al Qaeda line in Yemen and CIA’s failure to share information about Mihdhar’s travel. And none of the 9/11 Commission’s recommendations address NSA (by the time of the report, the “wall” between intelligence and FBI, which otherwise would have been a recommendation, had been down for almost 3 years). But beyond that, no one has scrutinized NSA’s collections (in part because they include damning intercepts implicating the Saudis).

Moreover, the claim that this dragnet exists solely to “zero in on suspects any time they communicated” ignores the shift from terrorism to cybersecurity.

In short, while WSJ’s sources seem to be claiming catastrophe, the story they’re telling is business as usual.

Obama has fired Generals for failure to protect a single base, not to mention cheating at poker. He seems intent on keeping Alexander — at least to get through this scandal — precisely because he’s so good at cheating at (metaphorical) poker.

NSA Denies Their Existing Domestic Cyberdefensive Efforts, Again

/9 Comments/in , /by

James Risen and Laura Poitras have teamed up to analyze a 4-year plan the NSA wrote in 2012, in the wake of being told its collection of some US person content in the US was illegal. I’ll discuss the document itself in more depth later. But for the moment I want to look at the denials anonymous senior intelligence officials (SIOs) gave Risen and Poitras about their domestic cyberdefensive efforts.

As a reminder, since before 2008, the government has been collecting bulk Internet data from switches located in the US by searching on selectors in the content. Some of that collection searches on identifiers of people (for example, searching for people sharing Anwar al-Awlaki’s email in the body of a message). But the collection also searches on other identifiers not tied to people. This collection almost certainly includes code, in an effort to find malware and other signs of cyberattacks.

We know that’s true, in part, because the Leahy-Sensenbrenner bill not only restricts that bulk domestic collection to actually targeted people, but also because it limits such collection only to terrorism and counterproliferation, thereby silently prohibiting its use for cybersecurity. The bill gives NSA 6 months to stop doing these two things — collecting non-person selectors and doing so for cybersecurity — so it’s clear such collection is currently going on.

So in 2012, just months after John Bates told NSA that when it collected domestic communications using such searches, it was violating the Constitution (the NSA contemplated appealing that decision), the NSA said (among other things),

The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on NSA’s mission.

The document then laid out a plan to expand its involvement in cybersecurity, citing such goals as,

Integrate the SIGINT system into a national network of sensors which interactively sense, respond, and alert one another at machine speed

Cyberdefense and offense are not the only goals mapped out in this document. Much of it is geared towards cryptanalysis, which is crucial for many targets. But it only mentions “non-state actors” once (and does not mention terrorists specifically at all) amid a much heavier focus on cyberattacks and after a description of power moving from West to East (that is, to China).

Which is why the SIO denials to Risen and Poitras ring so hollow.

Read more