Heinonen Moves Deceptive Anti-Iran Campaign from Washington Post Opinion Page to New York Times News Page

/15 Comments/in , /by
Composite figure of partial screengrabs from the Leadership page for United Against Nuclear Iran showing Heinonen's role as a member of its Advisory Board. Remarkably, Heinonen prefers not to note this role while his spouting his strongest anti-Iran positions.

Composite figure of partial screengrabs from the Leadership page for United Against Nuclear Iran showing Heinonen’s role as a member of its Advisory Board. Remarkably, Heinonen prefers not to note this role while his spouting his strongest anti-Iran positions.

Last week, I called attention to the fact that in printing an op-ed by Olli Heinonen (co-authored by Michael Hayden and Ray Takeyh), the Washington Post failed to disclose Heinonen’s position on the advisory board of the anti-Iran group United Against Nuclear Iran. One week later, the Post still has not corrected its identification of Heinonen. Today, we see that Heinonen’s deceptive anti-Iran campaign continues, where he appears as a key expert quoted in a front page New York Times article by David Sanger and Michael Gordon. Once again, Heinonen is only identified by his previous IAEA and current Harvard roles, ignoring his more relevant current role with UANI.

Ironically, today’s Times story is a follow-up to a story in November in which Sanger committed a glaring error which still has not been noted by the Times. Heinonen’s co-conspirator from the Post op-ed, Ray Takeyh, also makes an appearance in today’s Sanger and Gordon article, suggesting that their propaganda will remain as a package deal for the duration of the P5+1 negotiations.

Note also that last Monday, the defamation case by Victor Restis against UANI was thrown out by a district court after the Department of Justice successfully intervened to have the case quashed under a claim that state secrets would have been divulged. Writing in Bloomberg View, Noah Feldman mused:

What makes matters worse is the lingering possibility, indeed probability, that what the government fears is not a true threat to national security, but a severe case of embarrassment. It’s difficult to escape the conclusion that United Against is a front organization for U.S. intelligence, possibly acting in conjunction with other foreign intelligence services. The allegation that Restis was doing business in Iran seems almost certain to have come from one of these intelligence services. Would acknowledging cooperation between, say, the Central Intelligence Agency and Mossad regarding Iran really upend national security? True, it’s a delicate time in the Iran nuclear negotiations. But no one, least of all the Iranians, doubts that U.S. and Israeli intelligence collaborate.

Though Feldman notes that it seems obvious there is an intelligence conduit between the CIA and/or Mossad and UANI and he even notes that disclosing this now would be awkward for the P5+1 negotiations, he should have gone further to note that this intelligence link, and the subsequent selective leaks, seem aimed to disrupt those negotiations and prevent an agreement.

In that same vein, it should be noted that the Sanger and Gordon article focuses only on barriers to an agreement. In addition to Heinonen and Takeyh, the article also sought out comment from John Boehner. No comment was offered in the article from anyone favoring an agreement or suggesting that Iran has abided by the terms of the interim agreement (although they do note IAEA has reported this cooperation) despite Boehner’s protestation that the Iranians don’t keep their word.

Further, Sanger and Gordon write that Heinonen published a paper on the breakout time needed for Iran to enrich enough uranium to weapons grade to produce a bomb. As a scientist, when I read that someone has published a paper, I assume that means it has appeared in a peer-reviewed journal. Following the link in the Times article for Heinonen’s “paper”, though, brings one to the website for a think tank, where Heinonen’s piece is only referred to as a fact sheet. [And, true to form, the site mentions Heinonen’s former IAEA role but not his current UANI role.]

It is impossible for me to escape the conclusion that Olli Heinonen and Ray Takeyh are part of an organized propaganda campaign aimed at disrupting the P5+1 talks and preventing an agreement. This propaganda is eagerly published by a compliant press, with the New York Times, Washington Post and AP among the most recent examples I have noted.

It is long past time for Heinonen to list his UANI affiliation in all his public pronouncements. His refusal to do so can only be seen as deception on his part and an effort to lend IAEA and Harvard credence to UANI propaganda.

Update: The US has disputed the central claim of the Sanger and Gordon article at the heart of this post. Sanger and Gordon report on that here.

FBI’s Preventative Role: Hygiene for Corporations, Spies for Muslims

/7 Comments/in , , /by

I’m still deep in this 9/11 Follow-up Report FBI, which Jim Comey and now-retired Congressman Frank Wolf had done last year and which released the unsurprising topline conclusion that Jim Comey needs to have more power, released earlier this week.

About the only conclusion in the report that Comey disagreed with — per this Josh Gerstein report — is that it should get out of the business of Countering Violent Extremism.

Comey said he agreed with many of the report’s recommendations, but he challenged the proposal that the FBI leave counter-extremism work to other agencies.

“I respectfully disagree with the review commission,” the director said. “It should not be focused on messages about faith it should not be socially focused, but we have an expertise … I have these people who spend all day long thinking dark thoughts and doing research at Quantico, my Behavioral Analysis Unit. They have an incredibly important role to play in countering violent extremism.”

Here’s what the report had to say about FBI and CVE (note, this is a profoundly ahistorical take on the serial efforts to CVE, but that’s just one of many analytical problems with this report).

The FBI, like DHS, NCTC, and other agencies, has made an admirable effort to counter violent extremism (CVE) as mandated in the White House’s December 2011 strategy, Empowering Local Partners to Prevent Violent Extremism in the United States. In January 2012, the FBI established the Countering Violent Extremism Office (CVEO) under the National Security Branch.322 The CVEO was re-aligned in January 2013 to CTD’s Domestic Terrorism Operations Section, under the National JTTF, to better leverage the collaborative participation of the dozens of participating agencies in FBI’s CVE efforts.323 Yet, even within FBI, there is a misperception by some that CVE efforts are the same as FBI’s community outreach efforts. Many field offices remain unaware of the CVE resources available through the CVEO.324 Because the field offices have to own and integrate the CVE portfolio without the benefit of additional resources from FBI Headquarters, there is understandably inconsistent implementation. The Review Commission, through interviews and meetings, heard doubts expressed by FBI personnel and its partners regarding the FBI’s central role in the CVE program. The implementation had been inconsistent and confusing within the FBI, to outside partners, and to local communities.325 The CVEO’s current limited budget and fundamental law enforcement and intelligence responsibilities do not make it an appropriate vehicle for the social and prevention role in the CVE mission. Such initiatives are best undertaken by other government agencies. The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

[snip]

(U) Recommendation 6: The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

For what it’s worth, Muslim communities increasingly agree that the FBI — and the federal government generally — should not be in the business of CVE. But that’s largely because the government approaches it with the same view Comey does: by thinking immediately of his analysts thinking dark thoughts at Quantico. So if some agency that had credibility — if some agency had credibility — at diverting youth (of all faiths) who might otherwise get caught in an FBI sting, I could support it moving someplace else, but I’m skeptical DHS or any other existing federal agency is that agency right now.

While the Review doesn’t say explicitly in this section what it wants the FBI to be doing instead of CVE, elsewhere it emphasizes that it wants the FBI to do more racial profiling (AKA “domain awareness”) and run more informants. Thus, I think it fair to argue that the Ed Meese-led panel thinks the FBI should spy on Muslims, not reach out to them. Occupation-style federal intelligence gathering, not community based.

Which is why I think this approach to Muslim communities should be compared directly with the Review’s approach with corporations. The same report that says FBI should not be in the business of CVE — which done properly is outreach to at-risk communities — says that it should accelerate and increase its funding for its outreach to the private sector.

(U) Recommendation 5: The Review Commission recommends that the FBI enhance and accelerate its outreach to the private sector.

  • (U) The FBI should work with Congress to develop legislation that facilitates private companies’ communication and collaboration and work with the US Government in countering cyber threats.
  • (U) The FBI should play a prominent role in coordinating with the private sector, which the Review Commission believes will require a full-time position for a qualified special agent in the relevant field offices, as well as existing oversight at Headquarters.

Indeed, in a paragraph explaining why the FBI should add more private sector liaisons (and give them the same credit they’d get if they recruited corporations as narcs, only corporations shouldn’t be called “sources” because it would carry the stigma of being a narc), the Review approvingly describes the FBI liaison officers working with corporations to promote better Internet hygiene.

The Review Commission learned that the FBI liaison positions have traditionally been undervalued but that has begun to change as more experienced special agents take on the role, although this has not yet resulted in adequate numbers of assigned special agents or adequate training for those in the position. One field office noted that it had 400 cleared defense contractors (CDCs) in its AOR—ranging from large well known names to far smaller enterprises—with only one liaison officer handling hundreds of CDCs. This field office emphasized the critical need for more liaison officers to conduct outreach to these companies to promote better internet hygiene, reduce the number of breaches, and promote long-term cooperation with the FBI.319 Another field office noted, however, some sensitivity in these liaison relationships because labeling private sector contacts as sources could create a stigma. The field office argued that liaison contacts should be considered valuable and special agents should receive credit for the quality of liaison relationships the same way they do for CHSs.320

Ed Meese’s panel wants the FBI to do the digital equivalent of teaching corporations to blow their nose and wash their hands after peeing, but it doesn’t think the FBI should spend time reaching out to Muslim communities but should instead spy on them via paid informants.

Maybe there are good reasons for the panel’s disparate recommended treatment of corporations and Muslim communities. If so, the Review doesn’t explain it anywhere (though the approach is solidly in line with the Intelligence Committees’ rush to give corporations immunity to cyber share information with the federal government).

But it does seem worth noting that this panel has advocated the nanny state for one stakeholder and STASI state for another.

FBI Field Offices Don’t See the Point in Racial Profiling

/6 Comments/in /by

As I noted earlier, I’m reading the 9/11 Follow-Up Report just completed for FBI. And while there are some interesting insights in it, in general I think the analysis of the report itself is pretty horrible (which is funny because the report says FBI needs more analysts). I’ll have more specific details on that later, but I wanted to point to what the report says about FBI not adopting “Central Strategic Coordinating Components” or CSCCs, which are basically analysts in each Field Office that are supposed to do “domain awareness” for the Field Office. That means they’re supposed to get to know the neighborhood to anticipate any problems that might come up. (As far as I know, no one has ever thought of doing a domain awareness for Wall Street, in spite of all the new threats that pop up there over and over.)

As the report makes clear, every Field Office is supposed to have someone doing this. But, as documents obtained by ACLU under FOIA have shown, it often amounts to racial profiling, whether that be Muslims or Latinos or something else. And, at least given the NYPD example, where their domain awareness program never found any plot (and didn’t find two plots covered by this FBI report, notably the Najibullah Zazi attack), there’s no evidence I know of that they actually help to prevent crimes.

Yet rather than analyzing whether this concept serves any purpose whatsoever, it instead says, “it’s corporate policy, no one is doing it well, so it needs to improve.” (Note, most of the named people interviewed for the report are not FBI agents, and many come from CIA or another intelligence agency; John Brennan, who almost certainly had a role in setting up NYPD on the Hudson, for example, was interviewed.)

What I find particularly remarkable is what the report found in the field.

According to one anecdote, 20% of analysts (not even Field Agents!) understand the point of this. And even in offices where they do understand, the Field Agents won’t do their part by going and filling in the blanks analysts identify.

Call me crazy. But maybe the people responding to actual crimes believe they learn enough in that process — and are plenty busy enough trying to catch criminals — that they don’t see the point of racially profiling people like NYPD does? Maybe they believe the ongoing threats are where the past ones of have been, and there’s no need to spend their time investigating where there aren’t crimes in case there ever are in the future?

I don’t know. But I think the Field Agents might be onto something.

Update, 3/27: Adding, there seems to be a logic problem with this too. Another big push for the FBI — a more understandable one, but not without risks of its own — is that FBI partner much more closely with local cops. If the local cops are doing their job well, wouldn’t they provide the “domain awareness” FBI needs? This is actually a point a senior FBI manager noted in discussing its relationship with ODNI (see page 92). Admittedly, a lot of cops are occupiers rather than local stewards of safety, but that’s a separate problem.

Update, 3/27: The report returns to domain awareness again, pointing to that as the one thing that can differentiate between a domestic security agency and an intelligence agency.

As the FBI began its transformation into a national security organization, at the heart of that transformation was the concept of domain awareness. Domain awareness reflected the realization that the FBI could not be reactive and wait for cases to develop, it had to proactively seek to understand its environment. From the Review Commission’s perspective, that means that domain analysis, which attempts to capture what is known and identify gaps for further collection, is at the heart of the FBI’s transformation into a domestic intelligence agency, and it needs to be a process informed by everything the USIC has to offer. This includes all information from local sources—law enforcement, colleges and universities, and prisons—to which other parts of the USIC do not have access. Robust domain analysis will allow the FBI to harness its considerable skill at collection and source development in support of identifying new threats in addition to collecting against known threats. A failure to achieve that goal will leave the US with a domestic security service rather than a domestic intelligence agency, and with a vulnerability to homegrown threats that fall outside the purview of our foreign intelligence establishment.316

(U) CSCCs are responsible for the FBI’s domain awareness and analysis. Each field office is required to establish a CSCC. The groups are comprised of small groups of intelligence analysts who are tasked to produce foundational documents such as Domain Intelligence Notes (DINs) and Threat Mitigation Strategies (TMSs). They also expose information gaps and guide special agents’ planned or incidental collection efforts. Effective CSCCs are critical to ensuring that field office efforts are threat-based and intelligence-driven.

(U) But during its field office visits, the Review Commission observed an uneven application of the CSCC concept and that many field offices struggled with effectively operating its CSCC. In the majority of the field offices the Review Commission visited, the CSCCs were not performing their intended functions. 215 Many of the intelligence analysts who were initially assigned to the CSCC had been moved to operational squads to provide tactical support to case agents, leaving the CSCC understaffed and unable to fulfill its primary mission.216 In some field offices, CSCC analysts were so involved in tactical support that their DINs and TMSs languished until the SAC accounted for them in the office’s mid and year-end reviews.217

(U) A centerpiece of the FBI’s intelligence framework is domain analysis, which entails the ability to understand what is happening in a given area of operations using all available sources of data. Accordingly, domain management is the FBI’s systematic process to develop strategic awareness in order to: identify and prioritize threats, vulnerabilities, and intelligence gaps; contribute to the efficient allocation of resources and operational decisions; discover new opportunities for collection; and set tripwires to provide advance warning.218 The Review Commission strongly believes that the field offices must prioritize collection opportunities to identify, develop, and pursue new intelligence leads in concert with their ongoing investigations.

(U) In many field offices we visited there was only one intelligence analyst left on the CSCC to conduct domain analysis for the field office and even then they spent much of their time mapping existing incidents and/or efforts. There was no observable forward looking aspect to the work. From the Review Commission’s observations, even when the DINs and TMSs are produced they are not generally valued at the field office-level as parts of a comprehensive intelligence collection plan (e.g., the plan that establishes the field’s baseline knowledge, identifies intelligence gaps, and informs the field’s strategy to mitigate new threats).219 In one field office we were told that an analyst had produced a comprehensive collection plan but it was ignored by the special agents who would have to implement it.220 We attribute this to a special agent-driven culture that still does not necessarily understand the value of filling intelligence collection requirements and, therefore, renders this overall mission a lower priority than it should be. It can also be attributed to the lack of sufficient leadership to hold field office personnel accountable for intelligence as well as criminal responsibilities.

 

215 (U) Some offices demonstrated a much higher comprehension of the CSCC concept and value and consequently provided higher levels of resources to facilitate mission success. The Review Commission would like to commend, however, the one field office that acknowledged that it was struggling with creating an effective CSCC and planned to visit another field office that is believed to be doing a better job so as to learn how others are operating a CSCC and perhaps identify best practices to bring back and implement. Memorandum for the Record, July 28, 2014.

216 (U) One intelligence analyst speculated the CSCC concept was widely misunderstood across the FBI because the benefit to special agents is unclear. The intelligence analyst also estimated that approximately 20 percent of analysts understood the meaning and purpose of the CSCC. Memorandum for the Record, September 17, 2014.

217 (U) Memorandum for the Record, August 14, 2014.

218 (U) Federal Bureau of Intelligence, Directorate of Intelligence, Intelligence Program Corporate Policy Directive and Policy Implementation Guide, May 2, 2013: 62.

219 (U) Memorandum for the Record, September 19, 2014.

220 (U) Memorandum for the Record, July 29, 2014.

Have the Banks Escaped Criminal Prosecution because They’re Spying Surrogates?

/11 Comments/in , , /by

I’m preparing to do a series of posts on CISA, the bill passed out of SSCI this week that, unlike most of the previous attempts to use cybersecurity to justify domestic spying, may well succeed (I’ve been using OTI’s redline version which shows how SSCI simply renamed things to be able to claim they’re addressing privacy concerns).

But — particularly given Richard Burr’s office’s assurances this bill is great because “business groups like the Financial Services Roundtable and the National Cable & Telecommunications Association have already expressed their support for the bill” — I wanted to raise a question I’ve been pondering.

To what extent have banks won themselves immunity by serving as intelligence partners for the federal government?

I ask for two reasons.

First, when asked why she, along with Main Justice’s Lanny Breuer, authorized the sweetheart deal for recidivist transnational crime organization HSBC, Attorney General nominee Loretta Lynch implied that there was insufficient admissible evidence to try any individuals associated with this recidivism.

I and the dedicated career prosecutors handling the investigation carefully considered whether there was sufficient admissible evidence to prosecute an individual and whether such a prosecution otherwise would have been consistent with the principles of federal prosecution contained in the United States Attorney’s Manual.

That’s surprising given that Carl Levin managed to come up with 300-some pages of evidence. Obviously, there are several explanations for this response: she’s lying, the evidence is inadmissible because HSBC provided it willingly thereby making it unusable for prosecution, or the evidence was collected in ways that makes it inadmissible.

It’s the last one I’ve been thinking about: is it remotely conceivable that all the abundant evidence against banksters their regulators have used to obtain serial handslaps is for some reason inadmissible in a criminal proceeding?

I started thinking about that as a real possibility when PCLOB revealed that Treasury’s Office of Intelligence and Analysis has never once — not in the 30-plus years since Ronnie Reagan told them they had to — come up with minimization procedures to protect US person privacy with data collected under EO 12333. Maybe that didn’t matter so much in 1981, but since 2004, Treasury has had an ever-increasing role in using intelligence (collected from where?) to impose judgments against people with almost no due process. And those judgements are, in turn, used to impose other judgments on Americans with almost no due process.

The thing is, you’d think banks might care that Treasury wasn’t complying with Executive Branch requirements on privacy protection. Not only because they care (ha!) about their customers, whether American or not, but because many of them are, themselves, US persons. US bank US person status should limit how much Treasury diddles with bank-related intelligence, but Treasury doesn’t appear bound by that.

Which leads me to suspect, at least, that there’s something in it for the banks, something that more than makes up for the serial handslaps for sanctions violations.

And one possibility is that because of the way this data is collected and shared, it can’t be used in a trial. Voila! Bank immunity.

All that’s just a wildarsed guess.

But one made all the more pressing given that Treasury is among the Appropriate Federal Entities that will be default intelligence recipients for cyber information under CISA.

(3) APPROPRIATE FEDERAL ENTITIES.—

The term ‘‘appropriate Federal entities’’ means the following:

(A) The Department of Commerce.

(B) The Department of Defense.

(C) The Department of Energy.

(D) The Department of Homeland Security.

(E) The Department of Justice.

(F) The Department of the Treasury.

(G) The Office of the Director of National Intelligence.

To some degree, this is not in the least bit surprising. After all, financial regulators have increasingly made cybersecurity a key regulatory concern of late, so it makes sense for Treasury to be in the loop.

But banksters rarely — never! — add regulatory exposure for themselves without a fight and, as Burr’s office has made clear, the banks love this bill.

One more datapoint, back to HSBC. As I noted when Lanny Breuer and Loretta Lynch announced that handslap, Breuer neglected to mention that HSBC was getting a handslap not just for helping cartels profit off drugs, but also helping terrorists fund their activities (at the time Pete Seda was being held without bail on charges the government insisted amounted to material support for terrorists for handing a check to Chechens using cash that had come indirectly from HSBC). The actual settlement, however, made mention of it by explaining that HSBC had “assisted the Government in investigations of certain individuals suspected of money laundering and terrorist financing.” By dint of that cooperation, in other words, HSBC went from being a material supporter of terrorism to being a deputy financial cop. And Breuer expanded that notion of banks serving as deputized financial cops thereafter.

Are the methods and terms by which we’re collecting all this financial intelligence to use against some bad guys precisely what prevents us from holding the even bigger bad guys — the ones affecting far more of us directly, in the form of the houses we own, the towns we live in, the opportunity costs paid to financial crime — accountable?

And will this system now be replicated under CISA (or has it, already) as banks turn into cyber crime deputized cops?

If US Won’t Share Intelligence with Those Hosting Snowden, Why Are We Engaged with Russia on ISIL?

/8 Comments/in /by

Glenn Greenwald reports that, when he asked German Vice Chancellor Sigmar Gabriel why he doesn’t offer asylum to Edward Snowden, Gabriel revealed the US had threatened to cut Germany off from intelligence sharing if they did.

German Vice Chancellor Sigmar Gabriel (above) said this week in Homburg that the U.S. Government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. “They told us they would stop notifying us of plots and other intelligence matters,” Gabriel said.

The Vice Chancellor delivered a speech in which he praised the journalists who worked on the Snowden archive, and then lamented the fact that Snowden was forced to seek refuge in “Vladimir Putin’s autocratic Russia” because no other nation was willing and able to protect him from threats of imprisonment by the U.S. Government (I was present at the event to receive an award). That prompted an audience member to interrupt his speech and yell out: “why don’t you bring him to Germany, then?”

[snip]

Afterward, however, when I pressed the Vice Chancellor (who is also head of the Social Democratic Party, as well as the country’s Economy and Energy Minister) as to why the German government could not and would not offer Snowden asylum – which, under international law, negates the asylee’s status as a fugitive – he told me that the U.S. Government had aggressively threatened the Germans that if they did so, they would be “cut off” from all intelligence sharing. That would mean, if the threat were carried out, that the Americans would literally allow the German population to remain vulnerable to a brewing attack discovered by the Americans by withholding that information from their government.

Which is odd, because CIA Director John Brennan just implied — in a speech that was largely about information sharing — that the US continues to engage with Russia on terrorism issues, even though it hosts Snowden.

QUESTION: James Sitrick, Baker & McKenzie. You spent a considerable amount of your opening remarks talking about the importance of liaison relationships. Charlie alluded to this in one of his references to you, on the adage—the old adage has it that the enemy of your enemy is your friend. Are we in any way quietly, diplomatically, indirectly, liaisoning with Mr. Soleimani and his group and his people in Iraq?

BRENNAN: I am not engaging with Mr. Qasem Soleimani, who is the head of the Quds Force of Iran. So no, I am not.

I am engaged, though, with a lot of different partners, some of close, allied countries as well as some that would be considered adversaries, engaged with the Russians on issues related to terrorism.

We did a great job working with the Russians on Sochi. They were very supportive on Boston Marathon. We’re also looking at the threat that ISIL poses both to the United States as well as to Russia.

So I try to take advantage of all the different partners that are out there, because there is a strong alignment on some issues—on proliferation as well as on terrorism and others as well.

Admittedly, the timing on Snowden’s asylum in Russia is pretty remarkable, coming as it did after Sochi and two months after the Marathon attack, launched by brothers with ties to Chechnya. In fact, in Dzhokhar’s trial, we just learned that Tamerlan sent $900 back to Chechnya in the weeks before the attack. Thus, at the time Putin granted Snowden his first year of asylum, the US needed Russian cooperation more urgently than Russia needed America’s (and Putin was carefully managing that relationship).

Still, by tying cooperation with Russia to ISIL, Brennan implied it is ongoing (not least because the government was not as engaged against ISIL as it might have been until a year after Snowden arrived in Russia).

At least if we’re to believe Gabriel, the US threatened to cut off a close ally if it hosted Snowden, but it continues to share intelligence with one of our major adversaries on matters of common interest.

What an XKeyscore Fingerprint Looks Like

/10 Comments/in , , /by

As part of its cooperation with New Zealand’s best journalist on that country’s SIGINT activities, Nicky Hager, the Intercept has published a story on the targets of a particular XKeyscore query (note: these stories say the outlets obtained this document; they don’t actually say they obtained it from Edward Snowden): top officials in the Solomon Islands and an anti-corruption activist there.

Aside from the targets, which I’ll get to, the story is interesting because it shows in greater detail than we’ve seen what an XKS query looks like. It’s a fairly standard computer query, though initiated by the word “fingerprint.” Some of it is consistent with what Snowden has described fingerprints to include: all the correlated identities that might be associated with a search. The query searches on jremobatu — presumably an email unique name — and James Remobatu, for example. As I have noted, if they wanted to target all the online activities of one particularly person — say, me! — they would add on all the known identifiers, so emptywheel, @emptywheel, Marcy Wheeler, and all the cookies they knew to be associated with me.

What’s interesting, though, is this query is not seeking email or other Internet communication per se. It appears to be seeking documents, right out of a file labeled Solomon government documents. Those may have been pulled and stored as attachments on emails. But the query highlights the degree to which XKS sucks up everything, including documents.

Finally, consider the target of the query. As both articles admit, the reason behind some of the surveillance is understandable, if sustained. Australia and New Zealand had peacekeepers in the Solomons to deal with ethnic tensions there, though were withdrawing by January 2013 when the query was done. The query included related keywords.

In the late 1990s and early 2000s the islands suffered from ethnic violence known as “The Tensions.” This led to the 2003 deployment to the Solomons of New Zealand, Australian and Pacific Island police and military peacekeepers. By January 2013, the date of the target list, both New Zealand and Australia were focused on withdrawing their forces from the island country and by the end of that year they were gone.

The XKEYSCORE list shows New Zealand was carrying out surveillance of several terms associated with militant groups on the island, such as “former tension militants,” and “malaita eagle force.” But with the security situation stabilized by 2013, it is unclear why New Zealand spies appear to have continued an expansive surveillance operation across the government, even tailoring XKEYSCORE to intercept information about an anti-corruption campaigner.

More specifically, however, the query was targeting not the militants, but the Truth and Reconciliation process in the wake of the violence.

I would go further than these articles, however, and say I’m not surprised the Five Eyes spied on a Truth and Reconciliation process. I would fully expect NSA’s “customer” CIA to ask it to track the South African and Colombian Truth and Reconciliation processes, because the CIA collaborated in the suppression of the opposition in both cases (going so far as providing the intelligence behind Nelson Mandela’s arrest in the former case). While I have no reason to expect CIA was involved in the Solomons, I would expect one or more of the myriad intelligence agencies in the Five Eyes country was, particularly given the presence of Aussie and Kiwi peacekeepers there. And they would want to know how their role were being exposed as part of the Truth and Reconciliation process. This query would likely show that.

Which brings me to the point the activist in question, Benjamin Afuga (who sometimes publishes leaked documents) made: this spying, which would definitely detail all cooperation between him and the government, might also reveal his sources.

Benjamin Afuga, the anti-corruption campaigner, said he was concerned the surveillance may have exposed some of the sources of the leaks he publishes online.

“I’m an open person – just like an open book,” Afuga said. “I don’t have anything else other than what I’m doing as a whistleblower and someone who exposes corruption. I don’t really understand what they are looking for. I have nothing to hide.”

Ah, but Afuga does have things to hide: his sources. And again, if one or another Five Eyes country had intelligence operatives involved both during the tensions and in the peace keeping process, they would definitely want to know them.

Again, this is all standard spying stuff. I expect CIA (or any other HUMINT agency) would want to know if they’re being talked about and if so by whom — I even expect CIA does a more crude version of this within the US about some of its most sensitive topics, not least because of the way they went after the SSCI Torture investigators.

But this query does provide a sense of just how powerful this spying is in a world when our communications aren’t encrypted.

Better Put Tom Cotton and His 46 Co-Conspirators on the No-Fly List

/14 Comments/in , /by

Screen Shot 2015-03-09 at 2.46.18 PMAs Josh Rogin first reported, Tom Cotton and 46 other Senators have written a letter to the “leaders of the Islamic Republic of Iran.” They want to warn them that without Senate ratification, the agreement they’re working to sign with President Obama will just be an executive agreement that a future President could just revoke with the stroke of a pen.

Now, much as I’d like the Executive to be reined in in other areas, foreign affairs is the area where they’re supposed to act like an Executive. That was the whole point of moving from a confederation to a federation. So this intervention is improper in that sense, on top of serving the purported interests of Israeli right-wingers more than serving American interests.

The entire production ought to focus more attention on something I’ve been trying to get people to look at: the fundraiser held directly after Congress willingly acted like Bibi Netanyahu’s trained seal, also reported by Josh Rogin. Did Sheldon Adelson pay off all of  Bibi’s trained seals? On what scale?

Plus, Jack Goldsmith catches the Senators in an error about what the Constitution actually says (Tom Cotton as a JD from Harvard Law School, where Goldsmith teaches).

The letter states that “the Senate must ratify [a treaty] by a two-thirds vote.”  But as the Senate’s own web page makes clear: “The Senate does not ratify treaties. Instead, the Senate takes up a resolution of ratification, by which the Senate formally gives its advice and consent, empowering the president to proceed with ratification” (my emphasis).  Or, as this outstanding  2001 CRS Report on the Senate’s role in treaty-making states (at 117):  “It is the President who negotiates and ultimately ratifies treaties for the United States, but only if the Senate in the intervening period gives its advice and consent.”  Ratification is the formal act of the nation’s consent to be bound by the treaty on the international plane.  Senate consent is a necessary but not sufficient condition of treaty ratification for the United States.  As the CRS Report notes: “When a treaty to which the Senate has advised and consented … is returned to the President,” he may “simply decide not to ratify the treaty.”

This is a technical point that does not detract from the letter’s message that any administration deal with Iran might not last beyond this presidency.  (I analyzed this point here last year.)  But in a letter purporting to teach a constitutional lesson, the error is embarrassing.

Me, I’ve got another concern for these poor Senators.

Iran’s leaders are, according to the Senators’ own claims, evil terrorist-supporting murderers. Indeed, our own government considers them as such, not only imposing sanctions but — according to Dianne Feinstein and Keith Alexander — also treating Iran as one of the few “terrorist groups” association with which the NSA can use to contact chain on its dragnets of American communications.

In short, the government believes that anyone conducting communications with such people are terrorist suspects themselves, and should be dumped into a big database to have all their collected metadata analyzed for further signs of terrorism.

Tom Cotton and his 46 collaborators are now just 1-degree of separation from what they consider some badass terrorists. We’ve seen people be put on the No-Fly list for far less.

I don’t think that’s right, mind you. There’s a problem with metadata analysis.

That’s a problem the Senators might do better looking to correct, rather than working to keep the Middle East unstable for Israel’s interests.

Update: As the screen capture above makes clear, Tom Cotton has now placed himself at one degree of separation from the terrorist sponsor Ayatollah Khamenei via dead tree and Twitter.

In 2015, CIA Will Proactively Respond to the “Digital Revolution”

/3 Comments/in , , /by

I noted some weeks ago about how John Brennan — who had failed spectacularly on cybersecurity while at the White House but then learned the joys of hacking targets when he spied on the Senate Intelligence Committee — was rolling out a cyber directorate.

On Wednesday and yesterday, Brennan rolled out that change amid a larger restructuring.

In a troubling sign, the plan twice refers to the “digital revolution” as if it were in progress right now, not something that has already happened and is now our status quo. “Second, we must be positioned to embrace and leverage the digital revolution to the benefit of all mission areas.” But don’t worry, because Brennan says this reorganization will prevent the CIA from suffering the fate of Kodak, which didn’t anticipate digital cameras. CIA is embracing the “digital revolution” so it doesn’t miss the next one, I guess, as it did with the Arab Spring.

With all the focus on the digital directorate, however, I think there are aspects of this reorganization plan that are far more worthy of note.

First, the whole thing reads like a mid-1990s business reorganization plan, organized into “themes” and speaking of “investing in our people” and a new Talent Development Center of Excellence and embracing and modernizing and blah blah blah. That’s troubling, because those jargon-driven reorganizations usually failed after some Mitt Romney type had stripped the entity in question for cash. At least in the unclassified description of the reorganization, the plan seems better served to attract credulous investors than to effect change.

Just as telling, the unclassified plan says nothing about how CIA will retain what linguistic and cultural skills it has after it shifts to a more topical and less geographic structure. Digital analysis is nice, but there will come a time when someone is going to have read the content that metadata has identified, and we can’t simply rely on foreign partners to do this or we’ll be susceptible to their disinformation.

Finally, there’s this section:

Theme Three: Modernize the way we do business. The pace of world events and technological change demands that Agency leaders be able to make decisions with agility, at the appropriate level, with the right information, and in the interests of the broader enterprise.  We must have the capacity to make the sound strategic decisions needed to build a better Agency and run it efficiently, even as we respond to urgent external requirements. We must empower our officers to address the operational, analytical, technological, support, and other issues that are at the heart of what we do every day. Accordingly, we will:

  • Enhance and empower the Executive Director’s role and responsibilities to manage day-to-day organizational functions, including overseeing a revamped corporate governance model.
  • Create a restructured Executive Secretary office to streamline core executive support functions, thereby increasing effectiveness and efficiency.
  • Even as we improve our ability to govern and make decisions and streamline our processes at the enterprise level, there will be a corresponding effort to delegate decisionmaking and accountability for achieving mission to the lowest appropriate level and to streamline our processes and practices throughout the Agency.

Perhaps I should just trust Brennan here, because he has served as both Chief of Staff to the Director and Deputy Executive Director, so he knows how these critical management roles function. But it also sounds like a bid to have the Director’s immediate staff more involved in the nitty gritty of operations, perhaps akin to the way the White House National Security Council (where Brennan has served more recently) has done the same with operations, in part to bypass oversight. If Brennan wants to make it easier to hold officers accountable for fuck-ups, great. But if Brennan wants to make it easier to conduct ill-considered operations without a grown-up objecting, it’ll lead to more problems from the CIA.

Alfreda Bikowsky has been the model of the analyst-who-sticks-her-nose into the operations function that seems to be the goal here. The CIA thinks she’s great, but she’s also the poster child for hackishness, abuse, and in some cases obstinate stupidity. I wish Brennan the best of luck in making CIA a more effective agency. I just hope he doesn’t end up making it still more problematic.

Why Did ODNI Fight So Hard to Hide the Census Opinion?

/3 Comments/in , /by

Congratulations to EFF, which yesterday liberated another document on Section 215: a 2010 OLC opinion finding that the Department of Commerce (then counseled by Cameron Kerry who, curiously enough, hosted the Bob Litt speech the other day) did not have to turn over data to the FBI under Section 215 (which was the only one of many statutes it reviewed that OLC considered possibly binding).

After reviewing a bunch of legislative language on both Congress’ intent to provide affirmative confidentiality to census data and on its silence on census data during the PATRIOT Act reauthorization debates, Deputy Assistant Attorney Genereal Jeannie Rhee concluded,

We therefore conclude that section 215 should not be construed torepeal otherwise applicable Census Act protections for covered census information, such that they would require their disclosure by the Department of Commerce.Because no other PatriotAct provision that you have, identified, nor any such provision that we have separately reviewed, would appear to have that effect, we agree that the Patriot Act, as amended, does not alter the. confidentiality protections in sections 8, 9, and 214 of the Census Act in a manner that could require the Secretary of Commerce to disclose such information.

Many outlets are hailing this as OLC noting some limits to the otherwise unlimited demands the government thinks it can make under Section 215.

But I’m left puzzled.

Why did the Administration fight so hard to keep this secret? This suit has been going on for years, and ODNI tried to keep this secret long after reams of more interesting — and more classified — information got released on the phone dragnet and related authorities.

I can think of several possible reasons (and these are all speculative):

FISC decisions

Perhaps the government thinks this might endanger FISC’s decision that Section 215 does repeal two other privacy statutes. In 2008, Judge Reggie Walton found that Section 215 overrode the privacy protections for call data under ECPA [SCA]. And in 2010, John Bates found that it overrode the privacy protections in RFPA. Effectively, both decisions found that the government could do with Section 215 (and court review) what the FBI could otherwise do with NSLs. But of course, by doing them under Section 215, the government managed to do them in greater bulk, and probably with some exotic requests added in. At least the ECPA opinon was probably elicited by DOJ IG pointing out that the NSL rule did prevent other access to such data. In both opinions, the FISC reviewed the absence of legislative language and used it to conclude something dissimilar to what OLC concluded here: that in the absence of language, it provided permission. Does ODNI think the publication of this OLC opinion will make it easier to challenge the use of Section 215 for phone and financial records?

Update: This passage, from ACLU’s challenge to the phone dragnet, more eloquently suggests this is precisely why ODNI wanted to bury this opinion. It cites the importance of statutory construction, and then notes ties it to earlier statements on the Census Act.

On its face, Section 215 provides the government with general authority to compel the disclosure of tangible things. However, the Stored Communications Act (“SCA”) specifically addresses the circumstances in which the government can compel the disclosure of phone records in particular. The SCA provision states that a “provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service . . . to any governmental entity.” 18 U.S.C. § 2702(a)(3). While the SCA provision lists exceptions to its otherwise categorical prohibition, see id. §§ 2702(c), 2703, Section 215 is not among them. This omission is particularly notable because Congress enacted sections 2702(c) and 2703 in the same bill as Section 215.

The district court held that Section 215 constitutes an implicit exception to Section 2702 because Section 215 orders “are functionally equivalent to grand jury subpoenas.” SPA027. But well-settled rules of statutory construction require that the list of exceptions in section 2702 and 2703 be treated as exhaustive. See United States v. Smith, 499 U.S. 160, 167 (1991) (“Where Congress explicitly enumerates certain exceptions . . . additional exceptions are not to be implied, in the absence of evidence of a contrary legislative intent.” (quotation marks omitted)). Congress has enacted a comprehensive scheme to regulate the government’s collection of electronic communications and records relating to those communications. That comprehensive scheme, which addresses the precise circumstances in which the government can collect the records at issue in this case, must be given precedence over provisions that are more general. See In re Stoltz, 315 F.3d 80, 93 (2d Cir. 2002) (holding that it is a “basic principle of statutory construction that a specific statute . . . controls over a general provision” (quoting HCSC–Laundry v. United States, 450 U.S. 1, 6 (1981))); see also PCLOB Report 92–93.

Indeed, the Justice Department has itself acknowledged that it would contravene the structure of the SCA to “infer additional exceptions” to the “background rule of privacy” set out in section 2702(a). See Office of Legal Counsel, Memorandum Opinion for the General Counsel [of the] FBI: Requests for Information Under the Electronic Communications Privacy Act 3 (Nov. 5, 2008), http://1.usa.gov/1e5GbvC (concluding that the FBI could not use national security letters to compel the production of records beyond those specifically exempted from the general privacy rule). Moreover, it has acknowledged that principle with respect to Section 215 itself, concluding that the statute does not override the privacy protections of the Census Act, 13 U.S.C. §§ 8, 9, 214. Letter from Ronald Weich, Assistant Attorney General, to Hon. Nydia Velázquez, Chair, Congressional Hispanic Caucus, U.S. House of Representatives (Mar. 3, 2010), http://wapo.st/aEsETd. [my emphasis]

The Second Circuit already sounded like it wanted to boot the dragnet on statutory grounds (if they did, doing so should have the same effect for financial records as well). And the release of this opinion may well help them do that.

Presumptive Section 215 Collection

In 2010, this OLC memo reveals, DOJ’s National Security Division — then headed by David Kris — believed that the government ought to be able to use Section 215 to obtain raw census data (the rest of DOJ, curiously, did not agree). Kris lost that battle.

But data very similar to census data is readily available, from private marketing brokers. If NSD saw the need to obtain this kind of data, it’s not clear what would prevent the government from just obtaining very similar data from marketing firms. Should we assume it has done so?

Census data in racial profiling

I also wonder whether this came up in the context of ways both the NYPD (with CIA assist) and FBI have used census data to conduct their racial profiling efforts. Both have relied on published (aggregated) census data to find which neighborhoods to spy on. Was there some kind of effort to fine tune this racial profiling by using the underlying data?

NCTC’s access to internal databases

Finally, I wonder whether ODNI’s reticence about this OLC opinion pertains to its own National Counterterrorism Center guidelines  on information sharing, which permit NCTC to demand entire databases from other government agencies if it says the database includes information on terrorists (effectively making us all terrorists). Discussions about doing so started in 2011 and resulted in broad new data sharing guidelines in 2012, so that change actually took place after this opinion. Also note the opinion’s interesting timing: January 4, 2010, so probably too soon after the UndieBomb attempt on Christmas day in 2009 to be considered part of the expanded information sharing that happened after that attack, though not so long after the Nidal Hassan attack.

Whatever the timing, I’m curious how this opinion has influenced discussions about and limits to that data-sharing initiative — and how it should have influenced such data sharing?

 

Does Dianne Feinstein Realize DOJ Has a Big Exception for National Security Interrogations?

/1 Comment/in , /by

On the day on which her tenure as Chair of the Senate Intelligence Committee ended — and with it, a significant chunk of her power to effect any change — Dianne Feinstein released a letter she sent last week to President Obama with recommendations on how to “make sure that the United States never again engages in actions that you have acknowledged were torture..”

I’ll deal with the substance of the recommendations later. But for now I wanted to look at one specific recommendation: that the government videotape national security interrogations.

8. Recommendation: The Attorney General and DNI should issue a new directive to require that all national security interrogations are videotaped, based on the May 12, 2014 Department of Justice requirement.

Rationale: Creating and retaining a video record of interrogations will ensure that there is an objective record of key investigations and interactions with individuals who are held in U.S. custody. It will also provide federal authorities clear and indisputable records of important statements and confessions made by individuals who have been detained by the U.S. government.

Now, as Roll Call pointed out, Rush Holt already tried to get intelligence interrogations videotaped in 2010’s Intelligence Authorization but after DOD balked, it was not passed by — among others — SSCI Chair Dianne Feinstein.

But there’s another problem with DiFi’s recommendation.

She seems to suggest that DOJ guidelines currently “require” “all national security interrogations” to be videotaped.

Here’s what the DOJ guidelines — rolled out last year — actually say.

This policy establishes a presumption that the [FBI, DEA, ATF, and USMS” will electronically record statements made in their custody in the circumstances set forth below.

This policy also encourages agents and prosecutors to consider electronic recording in investigative or other circumstances where the presumption does not apply.

[snip]

Exceptions to the presumption.

[snip]

Public Safety and National Security Exception. Recording is not prohibited in any of the circumstances covered by this exception and the decision whether or not to record should whenever possible be the subject of consultation between the agent and the prosecutor. There is no presumption of electronic recording where questioning is done for the purpose of gathering public safety information under New York v. Quarles. The presumption  of recording likewise does not apply to those limited circumstances where questioning is undertaken to gather national security-related intelligence or questioning concerning intelligence, sources, or methods, the public disclosure of which would cause damage to national security.

That is, not only doesn’t DOJ require interrogations to be videotaped, but it excludes public safety and national security interrogations from even presumptive recording.

I suspect (and hope) that Senate Judiciary Committee member Dianne Feinstein knows this, that she has (at a time when she no longer has power to make this happen) suggested something that not only won’t happen, but doesn’t happen. Indeed, as someone who — back when she had the authority of SSCI Chair — capitulated most times an agency invoked “sources and methods” to refuse to do obvious record keeping, I suspect she knows how unlikely it would be for DOJ not only to reverse its presumption exception but for other agencies to adopt DOJ’s stance too. Even if she knows that, nevertheless, interrogations should all be recorded.

But the government is not about to do that.