Mike Rogers Says 4 Briefings Recently Makes Up for Withholding Information before PATRIOT Act Vote

/8 Comments/in , , /by

Here’s House Intelligence Chair Mike Rogers’ response to the White Paper’s revelation, backed by Justin Amash’s reports, that he didn’t invite all members of the House to read notice of the Section 215 dragnet.

The House Intelligence Committee makes it a top priority to inform Members about the intelligence issues on which Members must vote. This process is always conducted consistent with the Committee’s legal obligation to carefully protect the sensitive intelligence sources and methods our intelligence agencies use to do their important work. Prior to voting on the PATRIOT Act reauthorization and the FAA reauthorization, Chairman Rogers hosted classified briefings to which all Members were invited to have their questions about these authorities answered. Additionally, over the past two months, Chairman Rogers has hosted four classified briefings, with officials from the NSA and other agencies, on the Section 215 and Section 702 programs and has invited all Republican Members to attend and receive additional classified briefings on the use of these tools from Committee staff. The Committee has provided many opportunities for Members to have their questions answered by both the HPSCI and the NSA. And Chairman Rogers has encouraged members to attend those classified briefings to better understand how the authorities are used to protect the country. [my emphasis]

So even according to Mike Rogers, Mike Rogers provided briefings to members to answer the questions they’d have no notice they needed to ask before reauthorization of the PATRIOT Act because Mike Rogers hadn’t provided the explanation of what they might want to ask questions about.

And since Edward Snowden exposed all this, he has had 4 briefings.

Nowhere in Rogers’ statement does he deny he failed to pass on the notice that read,

We believe that making this document available to all members of Congress, as we did with a similar document in December 2009, is an effective way to inform the legislative debate about reauthorization of Section 215.

Which, I take, is additional confirmation (in addition to the White Paper and reports from Congress) he failed to pass on notice that DOJ and the Administration claimed they wanted shared with all of Congress.

The legality of the 215 dragnet depends, in part, on whether or not the Executive briefed Congress. And because of Mike Rogers, it appears that that legal case is beginning to crumble.

Obama’s Credibility Trap

/22 Comments/in , , /by

President Obama just stood before the nation and said,

And if you look at the reports — even the disclosures that Mr. Snowden has put forward — all the stories that have been written, what you’re not reading about is the government actually abusing these programs and listening in on people’s phone calls or inappropriately reading people’s emails. What you’re hearing about is the prospect that these could be abused. Now, part of the reason they’re not abused is because these checks are in place, and those abuses would be against the law and would be against the orders of the FISC.

Even as he was speaking, his Administration released a document that said, in part,

Since the telephony metadata collection program under Section 215 was initiated, there have been a number of significant compliance and implementation issues that were discovered as a result of DOJ and ODNI reviews and internal NSA oversight. In accordance with the Court’s rules, upon discovery, these violations were reported to the FISC, which ordered appropriate remedial action. The incidents, and the Court’s responses, were also reported to the Intelligence and Judiciary Committees in great detail. These problems generally involved human error or highly sophisticated technology issues related to NSA’s compliance with particular aspects of the Court’s orders. The FISC has on occasion been critical of the Executive Branch’s compliance problems as well as the Government’s court filings. However, the NSA and DOJ have corrected the problems identified to the Court, and the Court has continued to authorize the program with appropriate remedial measures.

While (as I will show in a future post), Obama’s Administration has worked hard to prevent details of these violations from becoming public and delayed even the Judiciary Committees from being briefed, some of them may come out as part of the DOJ Inspector General review that the Administration tried to thwart in 2009.

Also, even as he was speaking, EFF announced the government will turn over a redacted copy of the October 3, 2011 FISA Court ruling that found the minimization procedures for Section 702 violated the Fourth Amendment. A new Guardian report suggests that ruling may pertain to the use of a backdoor to conduct warrantless searches on US person content already collected under Section 702. (While many commentators have insisted the Guardian report provides no evidence of abuse, NSA and DNI’s Inspectors General refused to count how often Americans have been searched in such a way, effectively refusing to look if it has been abused.)

As Shane Harris astutely describes, all of this kabuki is designed solely to make people feel more comfortable about these dragnets.

And the President’s message really boiled down to this: It’s more important to persuade people surveillance is useful and legal than to make structural changes to the programs.

“The question is, how do I make the American people more comfortable?” Obama said.

Not that Obama’s unwilling to make any changes to America’s surveillance driftnets — and he detailed a few of them — but his overriding concern was that people didn’t believe him when he said there was nothing to fear.

But the President just stood up and claimed the government hasn’t abused any of these programs.

It has, by its own admission, violated the rules for them.

Meanwhile, Ron Wyden has already released a statement applauding some of these changes while noting that Obama is still minimizing how bad the violations have been.

Notably absent from President Obama’s speech was any mention of closing the backdoor searches loophole that potentially allows for the warrantless searches of Americans’ phone calls and emails under section 702 of the Foreign Intelligence Surveillance Act. I believe that this provision requires significant reforms as well and I will continue to fight to close that loophole. I am also concerned that the executive branch has not fully acknowledged the extent to which violations of FISC orders and the spirit of the law have already had a significant impact on Americans’ privacy.

Ultimately, details of these violations will come out, and are on their way out in some form already.

If this press conference was designed solely to make us feel better, wouldn’t Obama have been better advised to come clean about these violations than to pretend they don’t exist?

 

Against Legion of Doom Alert, Is Hadi Playing Saleh’s Old Game?

/2 Comments/in , /by

After President Obama met with Yemen’s President Abdo Rabu Mansour Hadi on the eve (or during the progression) of the Legion of Doom alert last week, he said this about Hadi’s cooperation on terrorism.

I thank President Hadi and his government for the strong cooperation that they’ve offered when it comes to counterterrorism. Because of some of the effective military reforms that President Hadi initiated when he came into this office, what we’ve seen is al Qaeda in the Arabian Peninsula, or AQAP, move back out of territories that it was controlling.

And President Hadi recognizes that these threats are not only transnational in nature, but also cause severe hardship and prevent the kind of prosperity for the people of Yemen themselves. [my emphasis]

Hadi responded,

Our work together insofar as countering terrorism is concerned and also against al Qaeda is expressive, first and foremost, of Yemeni interests, because as a result of the activities of al Qaeda, Yemen’s development basically came to a halt whereby there is no tourism, and the oil companies, the oil-exploring companies had to leave the country as a result of the presence of al Qaeda. So our cooperation against those terrorist elements are actually serving the interests of Yemen. [my emphasis]

Note how this carefully scripted puppet show emphasized Yemen’s own interests in defeating al Qaeda.

Here’s what, in the wake of disagreements whether a disrupted plot (that may have had nothing to do with AQAP) had anything to do with the Legion of Doom alert, the WSJ now reports really happened at the meeting between Obama and Hadi.

The U.S. raised concerns in meetings in Washington last week, with officials complaining to President Abd Rabbu Mansour Hadi that Yemeni forces weren’t taking the al Qaeda threat seriously and needed to stop pulling back from military offensives, people familiar with the meetings said. Yemeni officials say they have spared no effort battling al Qaeda and its affiliates but that the threat remains too large for their ill-equipped military.

“We don’t have the capabilities or man power to capture large swaths of territory,” said one Yemeni official familiar with counterterrorism policy. “AQAP has hide-outs in remote villages and towns spread across the country.”

The history of U.S.-Yemeni counterterrorism relations has been checkered with missteps and mistakes, even before this latest terror alert. Mr. Hadi—who came to power in large part due to America’s diplomatic intervention—has tried to strengthen military and economic ties with the U.S.

Some officials in San’a, however, worry that President [my emphasis]

It goes onto lay out details of the cooperation — though the reported influx of JSOC members to Yemen may reflect a dramatic departure from this cooperation.

At the heart of the U.S.-Yemeni cooperation is a joint command center in Yemen, where officials from the two countries evaluate intelligence gathered by America and other allies, such as Saudi Arabia, say U.S. and Yemeni officials. There, they decide when and how to launch missile strikes against the highly secretive list of alleged al Qaeda operatives approved by the White House for targeted killing, these people say.

But local sensitivities about the bilateral counterterrorism cooperation have spiked in recent years due to high-profile civilian deaths by U.S. missiles, prompting tight limitations on any visible American role in the fight against al Qaeda.

For example, U.S. Special Forces aren’t allowed to accompany Yemeni units on patrols through the rugged mountains where al Qaeda cells have found haven, military officials familiar with the situation say. But Yemeni units have neither the skill nor political will to take on these sorts of quick-strike operations, the officials said.

Instead, Yemeni armed forces conduct periodic high-profile land operations against militants whose affiliation with al Qaeda isn’t clear.

And all that’s built on a bunch of military toys which Foreign Policy catalogs here. (Note, why are we paying Gallup $280,000 for a “Yemen Assessment Survey” when they can’t even poll in the US competently anymore? If we insist on using a US firm, why not use Zogby, which would have better ties to Arabic speakers?)

But underlying all this parroted language about cooperation is the reality that a focus on Al Qaeda tends to distract Hadi, who already relies on the US and Brits and Saudis to retain power, from issues that matter to Yemenis. This superb Guardian piece notes how counterterrorism delegitimizes him.

Among ordinary Yemenis, meanwhile, the latest al-Qaida drama has been greeted with scepticism and even some derision. Read more

Behind Legion of Doom: Breaking “Encrypted Electronic Communications between High Level Al Qaeda Leaders”

/10 Comments/in , , /by

[youtube]xY-wsEh6CZk[/youtube]

David Garteinstein-Ross, who did his own research into the Daily Beast Legion of Doom story, noted a couple of things via Twitter that I have been pointing to: the conference call behind the Legion of Doom scare wasn’t the first intercept, and Al Qaeda leaders on the conference call (which Eli Lake clarified wasn’t via telephone) assumed the call was secure.

3) There has been more than one intercept related to the plot. The report refers to a captured courier in addition to the conference call.

5) Many reactions to the report assume AQ completely broke OPSEC. The report states that AQ leaders assumed the call was secure.

And in the appearance above on MSNBC, he describes the conference call as,

Encrypted electronic communications between high level Al Qaeda leaders in which they were discussing this plot.

[snip]

This is encrypted communication. It’s hard to penetrate their communications. And if you make clear that we have, and which communications we’ve penetrated, then they’re simply going to adapt.

In general, that suggests that something the government got from the courier allowed them to break the encrypted conference call. And, if Gartenstein-Ross is accurately informed, that we did, in fact, break their encrypted communications.

While that doesn’t prove or disprove my outtamyarse guess that the Tor compromise had a connection to Legion of Doom, it does make it more likely.

It also means the leaks are that much more damaging, in that they would have ended the period when we had location data on operatives they didn’t realize had been exposed.

Displacing the Reset with Russia

/12 Comments/in , , , , /by

As you no doubt heard yesterday, Obama called off a planned meeting with Putin after the G20 next month in response to a number of things (including Russia’s increasing persecution of gays), but largely triggered by Russia’s offer of asylum to Edward Snowden.

In addition to this piece applauding that decision, Julia Ioffe wrote up all the things about our approach to Snowden in Russia that Lawrence O’Donnell deemed unfit for MSNBC last night, which echo what I said back in June. The key bullet points are:

  • You can’t back Putin into a corner and leave him no options. If you are a world leader worth your salt, and have a good diplomatic team working for you, you would know that. You would also know that when dealing with thugs like Putin, you know that things like this are better handled quietly. Here’s the thing: Putin responds to shows of strength, but only if he has room to maneuver. You can’t publicly shame him into doing something, it’s not going to get a good response. Just like it would not get a good response out of Obama.
  • The Obama administration totally fucked this up. I mean, totally. Soup to nuts. Remember the spy exchange in the summer of 2010? Ten Russian sleeper agents—which is not what Snowden is—were uncovered by the FBI in the U.S. Instead of kicking up a massive, public stink over it, the Kremlin and the White House arranged for their silent transfer to Russia in exchange for four people accused in Russia of spying for the U.S. Two planes landed on the tarmac in Vienna, ten people went one way, four people went the other way, the planes flew off, and that was it. That’s how this should have been done if the U.S. really wanted Snowden back.

You don’t back ego-driven world leaders into corners — whether it is Putin or Obama — and succeed in achieving your goals.

All that said, Reuters reported a far more interesting development than Obama blowing off the Putin meeting yesterday. The Saudis have offered to bribe Putin to back off his support of Bashar al-Assad.

Saudi Arabia has offered Russia economic incentives including a major arms deal and a pledge not to challenge Russian gas sales if Moscow scales back support for Syrian President Bashar al-Assad, Middle East sources and Western diplomats said on Wednesday.

[snip]

Syrian opposition sources close to Saudi Arabia said Prince Bandar offered to buy up to $15 billion of Russian weapons as well as ensuring that Gulf gas would not threaten Russia’s position as a main gas supplier to Europe.

In return, Saudi Arabia wanted Moscow to ease its strong support of Assad and agree not to block any future Security Council Resolution on Syria, they said.

Finally, America’s allies (and it’s unclear how involved the US was in this deal, though Bandar usually plays nicely with us) are speaking to Putin in terms of Russia’s interests, rather than insisting Assad’s overthrow benefits everyone.

I’m especially interested in Bandar’s promise to “ensur[e] that Gulf gas would not threaten Russia’s position as a main gas supplier to Europe.” That, frankly, is probably the biggest carrot on the table here. But I can imagine no way Bandar could guarantee it (did the Qataris buy in? can Bandar control fracking in Europe? and what happens if and when the Saudis succeed in getting us to overthrow the Iranians?).

It appears the Saudis are more impressed with the meeting than Putin.

One Lebanese politician close to Saudi Arabia said the meeting between Bandar and Putin lasted four hours. “The Saudis were elated about the outcome of the meeting,” said the source, without elaborating.

[snip]

Putin’s initial response to Bandar’s offer was inconclusive, diplomats say. One Western diplomat in the Middle East said the Russian leader was unlikely to trade Moscow’s recent high profile in the region for an arms deal, however substantial.

He said Russian officials also appeared skeptical that Saudi Arabia had a clear plan for stability in Syria if Assad fell.

But it at least appears to suggest that Putin would respond to discussions that acknowledged Russia’s interests, for a change. Even if Bandar can’t yet present a plan that seems plausible.

Does Putin really have to be the grown-up in the room who points out that Syria without Assad will not be stable anytime soon?

No matter what happens with Snowden, very few have acknowledged that, in addition to details of spying on Americans, he has also mapped out the backbone of our increasingly fragile hegemony over the world.  We have responded only by ratcheting up pressure, rather than attempting persuasion.

It will be interesting to see, first, whether this Saudi initiative has any better effect. And if it does, whether we’ve been included in implementing it.

Update: Washington Institute’s Simon Henderson says we weren’t part of this scheme.

The Saudi diplomatic push shows Riyadh’s determination to force the Assad regime’s collapse, which the kingdom hopes will be a strategic defeat for Iran, its regional rival in both diplomatic and religious terms. It also reflects Riyadh’s belief, shared by its Gulf Arab allies, that U.S. diplomacy on Syria lacks the necessary imagination, commitment, and energy to succeed.

[snip]

Meanwhile, the United States is apparently standing on the sidelines — despite being Riyadh’s close diplomatic partner for decades, principally in the hitherto successful policy of blocking Russia’s influence in the Middle East. In 2008, Moscow agreed to sell tanks, attack helicopters, and other equipment to the kingdom, but the deal never went through. Instead, in 2010, Washington and Riyadh negotiated a huge $60 billion defense deal (including attack helicopters), the details of which are still being finalized. The events of the past week suggest that the U.S.-Saudi partnership — which covers regional diplomacy, the Middle East peace process, the global economy, and weapons sales — is, at best, being tested. It would be optimistic to believe that the Moscow meeting will significantly reduce Russian support for the Assad regime. But meanwhile Putin will have pried open a gap between Riyadh and Washington. The results of the latest U.S.-Russian spat will be watched closely, particularly in Saudi Arabia.

I Told You So, It’s about Cybersecurity Edition

/14 Comments/in , , , /by

When James “Least Untruthful” Clapper released the first version of PRISM success stories and the most impressive one involved thwarting specific cyberattacks, I noted that the NSA spying was about hackers as much as terrorists.

When  “Lying Keith” Alexander answered a question about hacking China from George Stephanopoulos by talking about terror, I warned that these programs were as much about cybersecurity as terror. “Packets in flight!”

When the Guardian noted that minimization procedures allowed the circulation of US person communications collected incidentally off foreign targets if they were “necessary to understand or assess a communications security vulnerability,” I suggested those procedures fit cybersecurity targets better than terror ones.

When Ron Wyden and Mark Udall caught Lying Keith (again) in a lie about minimization, I speculated that the big thing he was hiding was that encrypted communications are kept until they are decrypted.

When I compared minimization procedures with the letter of the law and discovered the NSA had secretly created for itself the ability to keep US person communications that pose a serious threat to property (rather than life or body), I suggested this better targeted cyber criminals than terrorists.

When Joel Brenner suggested Ron Wyden was being dishonorable for asking James Clapper a yes or no question in March 2013, I noted that Wyden’s question actually referred to lies Lying Alexander had told the previous year at DefCon that hid, in part, how hackers’ communications are treated.

When the Guardian happened to publish evidence the NSA considers encryption evidence of terrorism the same day that Keith Alexander spokes to a bunch of encrypters exclusively about terrorism, I suggested he might not want to talk to those people about how these programs are really used.

And when I showed how Lying Keith neglected his boss’ earlier emphasis on cyber in his speech to BlackHat in favor of terror times 27, I observed Lying Keith’s June exhortation that “we’ve got to have this debate with our country,” somehow didn’t extend to debating with hackers.

I told you it would come to this:

U.S. officials say NSA leaks may hamper cyber policy debate

Over two months after Edward Snowden’s first disclosures, the cyberwarriors are now admitting disclosures about how vast is NSA’s existing power — however hidden behind the impetus of terror terror terror — might lead Congress to question further empowering NSA to fight cyberwar.

I told you so. Read more

Was It NSA or a Yemeni “Ally” Leaking the “Clear Orders” from Zawahiri to Wuhayshi?

/26 Comments/in , /by

Apparently, it wasn’t enough for someone to leak this information to the NYT (which said that it withheld some information at the request from the government).

The United States intercepted electronic communications this week among senior operatives of Al Qaeda, in which the terrorists discussed attacks against American interests in the Middle East and North Africa, American officials said Friday.

The intercepts and a subsequent analysis of them by American intelligence agencies prompted the United States to issue an unusual global travel alert to American citizens on Friday, warning of the potential for terrorist attacks by operatives of Al Qaeda and their associates beginning Sunday through the end of August.

Then someone apparently in Sanaa leaked this to McClatchy.

An official who’d been briefed on the matter in Sanaa, the Yemeni capital, told McClatchy that the embassy closings and travel advisory were the result of an intercepted communication between Nasir al-Wuhayshi, the head of the Yemen-based Al Qaida in the Arabian Peninsula, and al Qaida leader Ayman al Zawahiri in which Zawahiri gave “clear orders” to al-Wuhaysi, who was recently named al Qaida’s general manager, to carry out an attack.

The official, however, said he could not divulge details of the plot. AQAP’s last major attack in Sanaa took place in May 2012 when a suicide bomber killed more than 100 military cadets at a rehearsal for a military parade. [my emphasis]

Which the WaPo has now reported too.

Al-Qaeda leader Ayman al-Zawahiri ordered the head of the terrorist group’s Yemen affiliate to carry out an attack, according to intercepted communications that have led to the closure of U.S. embassies and a global travel alert, said a person briefed on the case.

In one communication, Zawahiri, who succeeded Osama bin Laden, gave “clear orders” to Nasir al-Wuhayshi, the founder of al-Qaeda in the Arabian Peninsula, to undertake an attack, the source said. McClatchy newspapers first reported the exchange on Sunday. [my emphasis]

In a follow-up story, McClatchy attributes their information to a Yemeni official.

U.S. officials have been secretive about what precise information led to the worldwide travel advisory and embassy closings, but a Yemeni official told McClatchy on Sunday that authorities had intercepted “clear orders” from al Qaida leader Ayman Zawahiri to Nasir al Wuhayshi, the head of the affiliate in Yemen, to carry out an attack.

Remember, Saudis and Yemeni sources have a well-established history of leaking sensitive intelligence about our thwarted plots. But in this case, the original source (to the NYT) seems to be American, with a Yemeni first providing the really remarkable level of detail.

And thus far, no one from the government has called for the NYT, McClatchy, and WaPo sources to be jailed. How … telling.

Perhaps just as interesting, the US has used a C-17 to evacuate what State is calling emergency personnel from Yemen.

Pentagon officials said a U.S. Air Force C-17 transport plane carrying some American government personnel had taken off from Yemen. They said the State Department had ordered non-essential personnel to leave the country.

An unknown number of U.S. Embassy personnel remain in Sanaa.

Pentagon Press Secretary George Little said the Defense Department “continues to have personnel on the ground in Yemen to support the U.S. State Department and monitor the security situation.”

But someone wants Andrea Mitchell not to report this as an evacuation; whatever it is, almost 100 people have been, um, evacuated.

Are these “emergency personnel” people whose identity has been leaked?

Now, as a threshold level, the news that the US has collections of whatever presumably well-protected communication channel exist(ed) between Zawahiri and Wuhayshi sure seems to undermine government claims that Edward Snowden has ruined their collections, given that two of our very sharpest targets are still using communications accessible to US targeting.

Consider one more thing. If our collections are that good that we have a bead on either Zawahiri or Wuhayshi, why don’t we have their location?

We’ve launched 4 drone strikes in 10 days in Yemen. If we did have means of intercepting Wuhayshi’s communications and are clearly on a drone strike binge, then what does it mean that sources — including at least one Yemeni official — are leaking news that we have those intercepts?

Update: And here’s Michael Hayden, who for weeks has been arguing that Edward Snowden should be made an example of, suggesting this alert is good because it lets the bad guys know we’re onto them.

“The announcement itself may also be designed to interrupt Al Qaeda planning, to put them off stride,” Michael V. Hayden, a former C.I.A. director, said on “Fox News Sunday.” “To put them on the back foot, to let them know that we’re alert and that we’re on at least to a portion of this plotline.”

US Justice: A Rotting Tree of Poisonous Fruit?

/13 Comments/in , , , /by

Saturday, the NYT reported that other agencies within government struggle to get NSA to share its intelligence with them.

Agencies working to curb drug trafficking, cyberattacks, money laundering, counterfeiting and even copyright infringement complain that their attempts to exploit the security agency’s vast resources have often been turned down because their own investigations are not considered a high enough priority, current and former government officials say.

Of the 1,410 words in the article, 313 words are explicitly attributed to Tim Edgar, who used to work for ACLU but starting in 2006 worked first in the Office of Director of National Intelligence and then in the White House. Another 27 are attributed to “a former senior White House intelligence official,” the same description used to introduce Edgar in the article.

The article ends with Edgar expressing relief that NSA succeeded in withholding material (earlier he made a distinction between sharing raw data and intelligence reports) from agencies executing key foreign policy initiatives in the age of cyberwar and Transnational Criminal Organizations, and in so doing avoid a “nightmare scenario.”

As furious as the public criticism of the security agency’s programs has been in the two months since Mr. Snowden’s disclosures, “it could have been much, much worse, if we had let these other agencies loose and we had real abuses,” Mr. Edgar said. “That was the nightmare scenario we were worried about, and that hasn’t happened.”

Today, San Francisco Chronicle reminds that NSA does hand over evidence of serious criminal activities if it finds it while conducting foreign intelligence surveillance, and prosecutors often hide the source of that original intelligence.

Current and former federal officials say the NSA limits non-terrorism referrals to serious criminal activity inadvertently detected during domestic and foreign surveillance. The NSA referrals apparently have included cases of suspected human trafficking, sexual abuse and overseas bribery by U.S.-based corporations or foreign corporate rivals that violate the Foreign Corrupt Practices Act.

[snip]

“If the intelligence agency uncovers evidence of any crime ranging from sexual abuse to FCPA, they tend to turn that information over to the Department of Justice,” Litt told an audience at the Brookings Institution recently. “But the Department of Justice cannot task the intelligence community to do that.”

[snip]

“The problem you have is that in many, if not most cases, the NSA doesn’t tell DOJ prosecutors where or how they got the information, and won’t respond to any discovery requests,” said Haddon, the defense attorney. “It’s a rare day when you get to find out what the genesis of the ultimate investigation is.”

The former Justice Department official agreed: “A defense lawyer can try to follow the bouncing ball to see where the tip came from — but a prosecutor is not going to acknowledge that it came from intelligence.”

And (as bmaz already noted) Reuters reminds that the DEA has long had its own electronic surveillance capability, and it often hides the source of intelligence as well.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin – not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to “recreate” the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant’s Constitutional right to a fair trial. If defendants don’t know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence – information that could reveal entrapment, mistakes or biased witnesses.

As bmaz also noted, none of this was very secret or new. The FISA sharing is clearly permitted by the minimization procedures. Litigation on it 11 years ago suggested it may be even more abusive than laid out under the law. And bmaz has personally been bitching about the DEA stuff as long as I’ve known him.

These articles suggesting there may be more sharing than the NYT made out on Saturday, then, are primarily reminders that when the fruits of this intelligence get shared, the source of the intelligence often remains hidden from those it is used against.

Which brings me to this WSJ op-ed Edgar published last week. Read more

Shut Down CyberCommand — US CyberCommander Keith Alexander Doesn’t Think It’s Important

/13 Comments/in , , , /by

Back on March 12 — in the same hearing where he lied to Ron Wyden about whether the intelligence community collects data on millions of Americans — James Clapper also implied that “cyber” was the biggest threat to the United States.

So when it comes to the distinct threat areas, our statement this year leads with cyber. And it’s hard to overemphasize its significance. Increasingly, state and non-state actors are gaining and using cyber expertise. They apply cyber techniques and capabilities to achieve strategic objectives by gathering sensitive information from public- and private sector entities, controlling the content and flow of information, and challenging perceived adversaries in cyberspace.

That was the big takeaway from Clapper’s Worldwide Threat Assessment. Not that he had lied to Wyden, but that that cyber had become a bigger threat than terrorism.

How strange, then, that the US CyberCommander (and Director of National Security) Keith Alexander mentioned cyber threats just once when he keynoted BlackHat the other day.

But this information and the way our country has put it together is something that we should also put forward as an example for the rest of the world, because what comes out is we’re collecting everything. That is not true. What we’re doing is for foreign intelligence purposes to go after counterterrorism, counterproliferation, cyberattacks. And it’s focused. [my emphasis]

That was it.

The sole mention of the threat his boss had suggested was the biggest threat to the US less than 5 months earlier. “Counterterrorism, counterproliferation, cyberattacks. and it’s focused.”

The sole mention of the threat that his audience of computer security professionals are uniquely qualified to help with.

Compare that to his 27 mentions of “terror” (one — the one with the question mark — may have been a mistranscription):

terrorists … terrorism … terrorist attacks … counterterrorism … counterterrorism … terrorists … counterterrorism … terrorist organizations … terrorist activities … terrorist … terrorist activities … counterterrorism nexus … terrorist actor … terrorist? … terrorism … terrorist … terrorists … imminent terrorist attack … terrorist … terrorist-related actor … another terrorist … terrorist-related activities … terrorist activities … stopping terrorism … future terrorist attacks … terrorist plots … terrorist associations

That was the speech the US CyberCommander chose to deliver to one of the premiere group of cybersecurity professionals in the world.

Terror terror terror.

Sitting among you are people who mean us harm

… US CyberCommander Alexander also said.

Apparently, Alexander and Clapper’s previous intense focus on stopping hacktavists and cyberattacks and cybertheft and cyber espionage have all been preempted by the necessity of scaring people into accepting the various dragnets that NSA has deployed against Americans.

Which, I guess, shows us the true seriousness of the cyber threat.

To be fair to our CyberCommander, he told a slightly different story back on June 27, when he addressed the Armed Forces Communications and Electronics Association International Cyber Symposium.

Sure, he started by addressing Edwards Snowden’s leaks.

But then he talked about a debate he was prepared to have.

I do think it’s important to put that on the table, because as we go into cyber and look at–for cyber in the future, we’ve got to have this debate with our country. How are we going to protect the nation in cyberspace? And I think this is a debate that is going to have all the key elements of the executive branch–that’s DHS, FBI, DOD, Cyber Command, NSA and other partners–with our allies and with industry. We’ve got to figure how we’re going to work together.

How are we going to protect the nation in cyberspace? he asked a bunch of Military Intelligence Industrial Complex types.

At his cyber speech, Alexander also described his plan to build, train, and field one-third of the force by September 30 — something you might think he would have mentioned at BlackHat.

Not a hint of that.

Our US CyberCommander said — to a bunch of industry types — that we need to have a debate about how to protect the nation in cyberspace.

But then, a month later, with the group who are probably most fit to debate him on precisely those issues, he was all but silent.

Just terror terror terror.

“Congress Was Fully Briefed” … at the Last Minute

/1 Comment/in , , /by

On September 30, 2009, Silvestre Reyes, then the Chair of the House Intelligence Committee, requested that DOJ provide a description of the Section 215 metadata dragnet program.

Reyes sent that request 8 days after September 22, when Patrick Leahy introduced the Senate’s version of PATRIOT Act reauthorization in the Senate, arguing for new limits on both Section 215 and the Pen Register/Trap and Trace authorities then being used to collect Internet metadata.

This bill adopts the reasonable constitutional standard that I supported in 2006 for 215 orders. First, it would eliminate the presumption in favor of the government’s assertion that the records it is seeking are relevant to its investigation. This bill would require the Government to make a connection between the records or other things it seeks and a suspected terrorist or spy before it is able to obtain confidential records such as library, medical and telephone records. Section 215 orders for tangible things permit the Government to collect an even broader scope of information than NSLs. For that reason, it is critical that the Government show that the records it seeks are both relevant to an investigation and connected to at least a suspected terrorist or spy.

This bill would also establish more meaningful judicial review of Section 215 orders. First, it repeals the requirement in current law that requires a recipient of a Section 215 nondisclosure order to wait for a full year before challenging that gag order. There is no justification for this mandatory waiting period for judicial review, and this bill eliminates it. It also repeals a provision added to the law in 2006 stating that a conclusive presumption in favor of the Government shall apply where a high level official certifies that disclosure of the order for tangible things would endanger national security or interfere with diplomatic relations. These restraints on meaningful judicial review are unfair, unjustified, and completely unacceptable. I fought hard to keep these two provisions out of the 2006 reauthorization, but the Republican majority at that time insisted they be included.

This bill will strengthen court oversight of Section 215 orders by requiring court oversight of minimization procedures when information concerning a U.S. person is acquired, retained, or disseminated. Requiring FISA Court approval of minimization procedures would simply bring Section 215 orders in line with other FISA authorities–such as wiretaps, physical searches, and pen register and trap and trace devices–that already require FISA court approval of minimization procedures. This is another common sense modification to the law that was drafted in consultation with Senators FEINGOLD and DURBIN. If we are to allow personal information to be collected in secret, the court must be more involved in making sure the authorities are used responsibly and that Americans’ information and personal privacy are protected.

Finally, this bill addresses concerns over the use of pen register or trap and trace devices “pen/trap”. The bill raises the standard for pen/trap in the same manner as it raises the standard for Section 215 orders. The Government would be required to show that the information it seeks is both relevant to an investigation and connected to a suspected terrorist or spy. This section also requires court review of minimization procedures, which are not required under current law, and adds an Inspector General audit of the use of pen/trap that is modeled on the the audits of Section 215 orders and NSLs.

On October 8, the Senate Judiciary Committee started consideration of the PATRIOT Reauthorization. On October 13, a substitute bill was adopted, gutting some of these additional limits on Section 215 authority. On October 28, that bill was reported to the Senate, with a report including minority views, including a complaint from Russ Feingold, Dick Durbin, and Arlen Specter that Leahy’s new limits on Section 215 authority weren’t passed.

New sunsets, audits, reporting requirements and executive branch procedures are positive reforms, but ultimately Congress must set the rules for when the Executive Branch can use investigative tools that have implications for Americans’ privacy rights. That is why we were disappointed that the Committee rejected amendments that would have imposed stricter statutory standards for obtaining any tangible things under Section 215 of the USA PATRIOT Act and for obtaining sensitive personal records under the NSL statutes–standards that would have protected against government fishing expeditions.

The standard under current law for both authorities is mere relevance to an investigation to protect against international terrorism or clandestine intelligence activities. That is a very broad standard, which does not provide, in our view, adequate protection against unnecessary, overbroad, or otherwise inappropriate demands for records.

When the Senate Judiciary Committee passed this bill out of committee, DOJ had not yet responded to Reyes’ request.

It was only around this period that the House started on its version of bill. John Conyers submitted it on October 20, and it was reported to the House Judiciary, Intelligence, and Financial Services Committees.

On November 5, the Judiciary Committee marked up and passed the bill. On that day — 36 days after Reyes had made his request — DOJ had still not responded to Reyes’ request.

It was not until December 14, 75 days after Reyes had submitted a request tied to critical legislation, that DOJ responded to Reyes’ request.

Thank you for your letter of September 30, 2009, requesting that the Department of Justice provide a document to the House Permanent Select Committee on Intelligence (HPSCI) that describes the bulk collection program conducted under Section 215 00 the “business records” provision of the Foreign Intelligence Surveillance Act (FISA).

DOJ introduced their letter, acknowledging neither the delay nor that two crucial committees had already voted out their bill in the interim. It continued,

We agree that it is important that all Members of Congress have access to information about this program, as well as a similar bulk collection program conducted under the pen register/trap and trace authority of FISA, when considering reauthorization of the expiring USA PATRIOT Act provisions.

Four pages into the attached document, DOJ admits that the Judiciary Committees — both of which had passed out the bill by this point — had not been briefed on the compliance problems described in the document.

The cover letter to the document indicates its intent “to provide the same document to the Senate Select Committee on Intelligence (SSCI) under similar conductions [in which the intelligence committee staffers must watch as members of Congress read the document in Intelligence Committee chambers], so it may be made available to the Members of the Senate.” But unlike the 2011 version, the 2009 document includes no proof that it was actually provided.

So 75 days after the House Intelligence Chair asked for a document that even DOJ claimed to agree was important for all members of Congress to have access to, DOJ finally provided it.

Read more