The 3 Hop Scotch of Civil Liberties and Privacy

/33 Comments/in , , , , , , , /by

I was in court, so I didn’t see it, but apparently there was a little hearing over at House Judiciary Committee this morning on “Oversight of the Administration’s Use of FISA Authorities“. There was an august roll of Administration authorities and private experts: Mr. James Cole, United States Department of Justice; Mr. John C. Inglis, National Security Agency; Mr. Robert S. Litt, ODNI; Ms. Stephanie Douglas, FBI National Security Branch; Mr. Stewart Baker; Mr. Steven G. Bradbury; Mr. Jameel Jaffer; and Ms. Kate Martin.

Hmmm, let’s take a look and see if anything interesting occurred (as reported by Pete Yost of AP). Uh, well, there was THIS:

For the first time, NSA deputy director John C. Inglis disclosed Wednesday that the agency sometimes conducts what’s known as three-hop analysis. That means the government can look at the phone data of a suspect terrorist, plus the data of all of his contacts, then all of those people’s contacts, and finally, all of those people’s contacts.

If the average person calls 40 unique people, three-hop analysis could allow the government to mine the records of 2.5 million Americans when investigating one suspected terrorist.
….
The government says it stores everybody’s phone records for five years. Cole explained that because the phone companies don’t keep records that long, the NSA had to build its own database.

Go read all of Yost’s report, there is quite a bit in there that is stunning in the blithe attitude the Administration takes on this hoovering of data and personal information. Also clear: Congress has no real grasp or control of the government’s actions. The Article I brakes are out and the Article II car is accelerating and careening down the road.

What Does the Government Consider “Protected” First Amendment Activities?

/13 Comments/in , /by

[youtube]GDFIVVmXE-g[/youtube]

The other day, AP’s Matt Lee called out State Department spokesperson Jen Psaki’s suggestion that Edward Snowden is not entitled to free speech.

QUESTION: Okay. Then I just don’t understand. I think this is an incredibly slippery slope that you’re going down here, that the U.S. Government is going down here, if you are coming up and saying to us that you’re trying to prevent an American citizen – albeit one who has been accused of serious crimes – from exercising his right to free speech. You don’t agree with that?

MS. PSAKI: I believe that what I’ve conveyed most proactively here is our concern about those who helped facilitate this event —

QUESTION: Yes.

MS. PSAKI: — and make it into a propaganda platform.

QUESTION: Right. And —

QUESTION: Or a public asylum —

QUESTION: — the propaganda platform aside, free speech covers propaganda. Last time I checked, it covers a lot of things. And I don’t see, unless he’s somehow violated U.S. law by speaking at this – at the Russian – the transit line at the Russian airport, I don’t see why you would be disappointed in the Russians for, one, facilitating it, but also, apparently from what it sounds like, tried to discourage them from – tried to discourage this – them from allowing this event to take place in the – to take place at all.

MS. PSAKI: Well, Matt, this isn’t happening, clearly, because we wouldn’t be talking about it, in a vacuum. And this is an individual, as we all know, who has been accused of felony crimes in the United States. We have expressed strongly our desire to have him returned —

QUESTION: I understand.

MS. PSAKI: — to face those charges. This is all applicable context to these circumstances.

QUESTION: But as you have also said, he is a U.S. citizen.

MS. PSAKI: He is, yes.

QUESTION: He remains a U.S. citizen, and he enjoys certain rights as a U.S. citizen. One of those rights, from your point of view, is that he has the right to come back and face trial for the crimes he’s committed. But the rights that you’re not talking about are his right to free speech, his right to talk with whoever he wants to, freedom to assemble. I don’t understand why those rights are – why you ignore those and simply say that he has – that he’s welcome to come back to the United States to exercise his right to be tried by a jury of his peers. Why is that the only right that he gets, according to this Administration? [my emphasis]

As it happens, I read it about the same time i read this passage, from the government’s opposition to Basaaly Saeed Moalin’s challenge to the FISA-derived evidence against him (see this post for more background).

Moalin claims he was fargeted for FISC-authorized surveillance in violation of FISA’s stipulation that no United States person may be considered a foreign power or an agent of a foreign power solely on the basis of activities protected by the First Amendment. Docket No 92 at 18-19 (citing 50 U.S.C. §§ 1805(a)(2)(A), 1824(a)(2)(A)). Although protected First Amendment activities canot form the sole basis for FISC-authorized electronic surveillance or physical search, not all speech-related activities fall within the protection of the First Amendment. See infra at 70.

That is, when faced with limitations on surveillance based on First Amendment activities, the government claimed that not all speech is protected.

(Note, I’m not certain because the page numbers listed in this unclassified motion are to the pagination of the classified motion, but I believe that reference to speech that is not protected is redacted.)

That’s important because of the narrative the government presented in this motion (which is different from what Sean Joyce presented to the House Intelligence Committee — I believe both narratives are in fact badly misleading).

In the materials presented in this case, the government suggests FISA-authorized surveillance on Moalin’s calls with al-Shabaab warlord Aden Ayrow started, out of the blue, in December 2007, several months before al-Shabaab was listed as a Foreign Terrorist Organization. I’m not aware of any evidence it presents that precedes these calls. Yet these early calls show no evidence of criminal behavior.

Thus, the evidence suggests that merely calling someone considered a terrorist but whose group was not yet officially designated as such by the government makes one an agent of a foreign power.

Read more

The 8-FISA Judge 11-Docket Spying Authorization to Identify Less than $10,000 to Al-Shabaab

/8 Comments/in , /by

In a hearing last month, FBI Deputy Director Sean Joyce described a case in which the phone metadata database helped catch terrorists. (after 1:07)

Lastly, the FBI had opened an investigation shortly after 9/11. We did not have enough information, nor did we find links to terrorism, so we shortly thereafter closed the investigation. However, the NSA, using the business record FISA, tipped us off that this individual had indirect contacts with a known terrorist overseas. We were able to reopen this investigation, identify additional individuals through legal process, and were able to disrupt this terrorist activity.

While he didn’t name it, subsequent discussions of the case made it clear he meant Basaaly Saeed Moalin, a Somali-American convicted with three others in February for sending less than $10,000 to al-Shabaab (altogether Moalin was charged with sending $17,000 to Somalia, the balance of it to non-Shabaab figures the government claims are also terrorists).

Moalin’s lawyer Joshua Dratel unsuccessfully challenged the government’s use of material derived from FISA (the judge’s opinion rejecting the challenge has never been released). Yet even with that challenge, Dratel was never informed of the use of Section 215 in the case.

All that said, the government’s opposition to his challenge is utterly fascinating, even with huge chunks redacted. I’m going to do a weedy post on it shortly. But for now, I want to point to three indicia that reveal how much more complex this surveillance was than Joyce described to the House Intelligence Committee.

First, as part of the introduction, the government provided an (entirely redacted) Overview of the FISA Collection at Issue. While we have no idea how long that passage is, the government needed 9 footnotes to explain the collection (they are also entirely redacted). Similarly, a section arguing “The FISA Applications Established Probable Cause” has the following structure and footnotes (the content is entirely redacted):

[footnote to general material]

1.

a.

2.

a. [6 footnotes]

b.

i. [2 footnotes]

ii.

iii. [1 footnote]

iv. [2 footnotes]

v. [3 footnotes]

Now it may be that section 1 here pertains to physical collection, and section 2 pertains to electronic collection (both were used, though I suspect the physical collection was metaphorical in some way). But even there, there seem to be at least 6 and possibly far more orders involved, with two types of collection — perhaps one pertaining to bulk 702-style collection (most of the intercepts happened under Protect America Act) and the other to the use of Section 215.

Then, as part of a discussion about the minimization requirements tied to the application(s) involved, the government revealed 8 different FISC judges signed off on orders pertaining to the collection.

In order to fulfill the statutory requirements discussed above, the Attorney General has adopted standard minimization procedures for FISC-authorized electronic surveilance and physical search that are on file with the FISC and that are incorporated by reference into every relevant FISA application that is submitted to the FISC. As a result, the eight FISC judges who issued the orders authorizing the FISA collections at issue in this case found that the applicable standard minimization procedures met FISA’s statutory requirements. The FISC orders in the dockets at issue directed the Governent to follow the approved minimization procedures in conducting the FISA collection. [my emphasis]

But it appears this surveillance involved even more than 8 orders. In a section claiming that this surveillance is not complex, the government cited 11 sealed exhibits that include the dockets at issue.

There is nothing extraordinary about this case that would prompt the Court to be the first to order the disclosure of highly sensitive and classified FISA materials. Disclosure is not necessar for the Court to determine the legality of the collection. Here, the FISA dockets – at Sealed Exhibits 16-26 – are well-organized and easily reviewable by the Court in camera and ex parte. The Index of Materials in the Government’s Sealed Exhibit and this memorandum serve as a road map through the issues presented for the Court’s in camera and ex parte determination. The FISA materials contain ample information from which the Court can make an accurate determination of the legality of the FISA collection; indeed, they are “relatively straightforward and not complex.” [my emphasis]

15 footnotes addressing probable cause approved by 8 judges over 11 different dockets.

This is not a simple check of the phone database. (I’ll explain what I think actually happened with the surveillance we know about in a future post.)

Now, some of this clearly invokes the iterative approval of programmatic orders as described by Eric Lichtblau and the WSJ. The May 2006 opinion authorizing the use of Section 215 to collect phone records for every American surely is one of the authorizations cited. That opinion may rely on the 2004 one that authorized the use of Pen Register/Trap and Trace to collect all the Internet metadata in the country. I suspect there may be several orders authorizing collection on al-Shabaab and/or Somalia generally — one that precedes Protect America Act, one that collects under PAA, and probably one that collects under FISA Amendments Act (the key conversations took place in late 2007 through much of 2008). I suspect, too, there’s an order governing collection of all signals off some switch. Then there may be traditional FISA warrants to collect on Moalin and his co-conspirator Mohamud Abdi Yusuf (the other co-conspirators appear not to have been targets of collection).

Still, that only gets you to 8 dockets, even assuming they used a new one for Somalia each time.

“Relatively straightforward … not complex,” the government said, in arguing the defendant shouldn’t get a look at this jerry-rigged system of surveillance. And we still can’t see the logic Judge Jeffrey Miller used to agree with them.

Carl Levin’s Double Standard for Banksters and Spooks

/6 Comments/in , , /by

Carl Levin is one of the few people in DC who has tried to hold banks accountable — in his case, via investigations conducted at the Permanent Subcommittee on Investigations. Never mind that DOJ has serially taken his investigations and, seemingly, wiped their ass with them for all the banksters who have been held accountable as a result.

One particularly noteworthy ass-wiping came after Levin referred Goldman Sachs CEO Lloyd Blankfein to DOJ for lying to his customers and, more importantly, to Congress. To him.

The chairman of the U.S. Senate’s investigative subcommittee said he believes Goldman Sachs officials made misleading statements about their trading during the financial crisis and should be investigated criminally.

Sen. Carl Levin (D-Mich.) said on Wednesday that he plans to refer Goldman officials, and potentially officials from other organizations, to the Justice Department for possible prosecution and to the Securities and Exchange Commission for possible civil proceedings.

“In my judgment, Goldman clearly misled their clients and they misled the Congress,” said Levin, the chairman of the Senate Permanent Subcommittee on Investigations.

[snip]

“We will be referring this matter to the Justice Department and the SEC,” Levin said.

DOJ did what it does — which apparently includes chatting up CEOs — while it is pretending to investigate when it is actually wiping its ass. Then after a year it decided it wasn’t going to prosecute Blankfein.

Still. Just over 2 years ago, Carl Levin believed that when people, even very powerful people, lie to Congress, DOJ should at least consider prosecuting them.

How times change.

Levin also said he was still “troubled” by Director of National Intelligence James Clapper’s testimony to the Senate Intelligence Committee that the NSA did not collect data on millions of Americans.

“I’m troubled by that testimony, obviously. I don’t know how he’s tried to wiggle out from it, but I’m troubled by it,” Levin said. “How you hold him accountable, I guess the only way to do that would be for the president to somehow or other fire him.”

But, Levin added, “I think he’s made it clear that he regrets saying what he said, and I don’t want to call on the president to fire him although I am troubled by it.”

Golly! Clapper regrets what he said (or rather, that he got caught saying it?). So rather than suggesting we hold Clapper accountable the way Levin tried to do with Blankfein, he instead thinks maybe if the President feels like it on his own because Levin himself isn’t going to call on him to do this, Obama should “somehow or other fire” Clapper.

Hiding the 215 Index from Defendants, Too

/3 Comments/in , , /by

Adam Liptak reviews one of the issues I laid out in this post and the ACLU first laid out here. The government is reneging on multiple promises made over the course of the Amnesty v. Clapper case — including to SCOTUS itself — to make sure defendants could challenge evidence collected under “the program” (then defined as Section 702 of the FISA Amendments Act).

But I’m particularly interested in Liptak’s focus on the government’s use of “derived from” here.

If the government wants to use information gathered under the surveillance program in a criminal prosecution, [Solicitor General Don Verrilli] said, the source of the information would have to be disclosed. The subjects of such surveillance, he continued, would have standing to challenge the program.

Mr. Verrilli said this pretty plainly at the argument and even more carefully in his briefs in the case.

In one brief, for example, he sought to refute the argument that a ruling in the government’s favor would immunize the surveillance program from constitutional challenges.

“That contention is misplaced,” he wrote. “Others may be able to establish standing even if respondents cannot. As respondents recognize, the government must provide advance notice of its intent to use information obtained or derived from” the surveillance authorized by the 2008 law “against a person in judicial or administrative proceedings and that person may challenge the underlying surveillance.” (Note the phrase “derived from.”)

In February, in a 5-to-4 decision that split along ideological lines, the Supreme Court accepted Mr. Verrilli’s assurances and ruled in his favor. Justice Samuel A. Alito Jr., writing for the majority in the case, Clapper v. Amnesty International, all but recited Mr. Verrilli’s representation.

“If the government intends to use or disclose information obtained or derived from” surveillance authorized by the 2008 law “in judicial or administrative proceedings, it must provide advance notice of its intent, and the affected person may challenge the lawfulness of the acquisition.” (Again, note the phrase “derived from.”)

What has happened since then in actual criminal prosecutions? The opposite of what Mr. Verrilli told the Supreme Court. [my emphasis]

It’s time to broaden the focus of this discussion, finally. It’s time to include both Section Section 215 collection (metadata) and 702 collection (content) in this discussion together.

As I have noted, the government has claimed these are “distinct issues” and that 215 metadata collection is not part of the 702 content creation.

But in an interview, Edward Snowden claims the metadata is used to identify and pull content.

In most cases, content isn’t as valuable as metadata because you can either re-fetch content based on the metadata or, if not, simply task all future communications of interest for permanent collection since the metadata tells you what out of their data stream you actually want.

And James Clapper described metadata as a kind of Dewey Decimal system that allows the government to pull selected conversations from its giant library of all conversations.

ANDREA MITCHELL: At the same time, when Americans woke up and learned because of these leaks that every single telephone call in this United States, as well as elsewhere, but every call made by these telephone companies that they collect is archived, the numbers, just the numbers, and the duration of these calls. People were astounded by that. They had no idea. They felt invaded.

JAMES CLAPPER: I understand that. But first let me say that I and everyone in the intelligence community all– who are also citizens, who also care very deeply about our– our privacy and civil liberties, I certainly do. So let me say that at the outset. I think a lot of what people are– are reading and seeing in the media is a lot of hyper– hyperbole.

A metaphor I think might be helpful for people to understand this is to think of a huge library with literally millions of volumes of books in it, an electronic library. Seventy percent of those books are on bookcases in the United States, meaning that the bulk of the of the world’s infrastructure, communications infrastructure is in the United States.

There are no limitations on the customers who can use this library. Many and millions of innocent people doing min– millions of innocent things use this library, but there are also nefarious people who use it. Terrorists, drug cartels, human traffickers, criminals also take advantage of the same technology. So the task for us in the interest of preserving security and preserving civil liberties and privacy is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read.

You think of the li– and by the way, all these books are arranged randomly. They’re not arranged by subject or topic matter. And they’re constantly changing. And so when we go into this library, first we have to have a library card, the people that actually do this work.

Which connotes their training and certification and recertification. So when we pull out a book, based on its essentially is– electronic Dewey Decimal System, which is zeroes and ones, we have to be very precise about which book we’re picking out. And if it’s one that belongs to the– was put in there by an American citizen or a U.S. person.

We ha– we are under strict court supervision and have to get stricter– and have to get permission to actually– actually look at that. So the notion that we’re trolling through everyone’s emails and voyeuristically reading them, or listening to everyone’s phone calls is on its face absurd. We couldn’t do it even if we wanted to. And I assure you, we don’t want to.

ANDREA MITCHELL: Why do you need every telephone number? Why is it such a broad vacuum cleaner approach?

JAMES CLAPPER: Well, you have to start someplace. If– and over the years that this program has operated, we have refined it and tried to– to make it ever more precise and more disciplined as to which– which things we take out of the library. But you have to be in the– in the– in the chamber in order to be able to pick and choose those things that we need in the interest of protecting the country and gleaning information on terrorists who are plotting to kill Americans, to destroy our economy, and destroy our way of life.

And according to William Arkin, the 215 metadata database, called MAINWAY, is considered a “signals navigation database.”

In other words, the 215 database is at least sometimes used as a roadmap to all the other collections the NSA gathers.

As I’ll show in a follow-up post, how that roadmap is used may go to the heart of the legitimacy of investigations into American.

I’m not entirely sure what discovery obligations the government thinks it has with this tool. But given that it’s a moment where the government claims to be exercising reasonable cause analysis (in secret) it sure ought to be disclosed.

Wherein Alexander the Great Conquers the World

/17 Comments/in , , , , /by

“Collect it all,” an anonymous source describes General Keith Alexander’s approach to data, in a bizarre WaPo profile this morning.

The article includes several anonymous condemnations of Alexander the Great’s approach.

  • “But even his defenders say Alexander’s aggressiveness has sometimes taken him to the outer edge of his legal authority.”
  • “Some in Congress complain that Alexander’s NSA is sometimes slow to inform the oversight committees of problems, particularly when the agency’s eavesdroppers inadvertently pick up communications that fall outside the NSA’s legal mandates.”
  • “Even close allies have fretted about the concentration of so much responsibility — not to mention influence — in a single individual.”

It also provides details of why he is so dangerous.

  • “Alexander has argued for covert action authority, which is traditionally the domain of the CIA, individuals familiar with the matter say.”
  • “He has been credited as a key supporter of the development of Stuxnet, the computer worm that infected Iran’s main uranium enrichment facility in 2009 and 2010 and is the most aggressive known use to date of offensive cyberweaponry.”
  • “‘He is the only man in the land that can promote a problem by virtue of his intelligence hat and then promote a solution by virtue of his military hat,’ said one former Pentagon official,”
  • Private companies should give the government access to their networks so it could screen out the harmful software. The NSA chief was offering to serve as an all-knowing virus-protection service, but at the cost, industry officials felt, of an unprecedented intrusion into the financial institutions’ databases.”

But the entire article — which focuses far more closely on Alexander the Great’s cybersecurity and cyberwar activities than terrorism — pretends to be about terrorism.

For NSA chief, terrorist threat drives passion to ‘collect it all,’ observers say

In late 2005, as Iraqi roadside bombings were nearing an all-time peak, the National Security Agency’s newly appointed chief began pitching a radical plan for halting the attacks that then were killing or wounding a dozen Americans a day.

At the time, more than 100 teams of U.S. analysts were scouring Iraq for snippets of electronic data that might lead to the bomb-makers and their hidden factories. But the NSA director, Gen. Keith B. Alexander, wanted more than mere snippets. He wanted everything: Every Iraqi text message, phone call and e-mail that could be vacuumed up by the agency’s powerful computers.

“Rather than look for a single needle in the haystack, his approach was, ‘Let’s collect the whole haystack,’ ” said one former senior U.S. intelligence official who tracked the plan’s implementation. “Collect it all, tag it, store it. . . . And whatever it is you want, you go searching for it.”

The unprecedented data collection plan, dubbed Real Time Regional Gateway, would play a role in breaking up Iraqi insurgent networks and significantly reducing the monthly death toll from improvised explosive devices by late 2008. It also encapsulated Alexander’s controversial approach to safeguarding Americans from what he sees as a host of imminent threats, from terrorism to devastating cyberattacks.

This approach (which appears to be sheer regurgitation on the part of one of WaPo’s writers, perhaps not surprising given Joby Warrick’s contributions) replicates both David Petraeus’ false claims about the surge winning the war in Iraq (rather than bribes to delay the violence that is exploding again) and the very legal ploy I’ve described is built into FISA programs.

That is, every time NSA proposes some vast new expansion of its collection, it does so by pointing to the Terror Terror Terror threat (whether or not that’s the chief threat at hand). People within National Counterterrorism Center troll their files to build up the threat as urgently as possible, including using tortured evidence. And then they pull that together into a justification that probably looks just like the first paragraphs of this article as self-justification.

And remember, Alexander the Great was resuming comprehensive collection on Iraq after Jack Goldsmith had limited it to terrorists in 2004 (presumably after he and others discovered comprehensive collection includes eavesdropping on calls from servicemen calling home).

And by using the Terror Terror Terror threat, Alexander the Great can invoke the certainty of death to describe proposals that include camping on the most private bank websites to hunt for malware (to say nothing of offensively attacking other states).

“Everyone also understands,” he said, “that if we give up a capability that is critical to the defense of this nation, people will die.”

Once you get beyond the initial several paragraphs of propaganda, the story makes clear that a number of people — and not just Jeff Merkley, who is one of the named critics — are beginning to realize this is too much.

But by the time you get there, Alexander the Great has conquered the world.

“Collect it all.”

Edward Snowden Invokes Nuremberg in Defending His Actions

/16 Comments/in , , /by

Here’s his speech:

Hello. My name is Ed Snowden. A little over one month ago, I had family, a home in paradise, and I lived in great comfort. I also had the capability without any warrant to search for, seize, and read your communications. Anyone’s communications at any time. That is the power to change people’s fates.

 

It is also a serious violation of the law. The 4th and 5th Amendments to the Constitution of my country, Article 12 of the Universal Declaration of Human Rights, and numerous statutes and treaties forbid such systems of massive, pervasive surveillance. While the US Constitution marks these programs as illegal, my government argues that secret court rulings, which the world is not permitted to see, somehow legitimize an illegal affair. These rulings simply corrupt the most basic notion of justice – that it must be seen to be done. The immoral cannot be made moral through the use of secret law.

 

I believe in the principle declared at Nuremberg in 1945: “Individuals have international duties which transcend the national obligations of obedience. Therefore individual citizens have the duty to violate domestic laws to prevent crimes against peace and humanity from occurring.”

 

Accordingly, I did what I believed right and began a campaign to correct this wrongdoing. I did not seek to enrich myself. I did not seek to sell US secrets. I did not partner with any foreign government to guarantee my safety. Instead, I took what I knew to the public, so what affects all of us can be discussed by all of us in the light of day, and I asked the world for justice.

 

That moral decision to tell the public about spying that affects all of us has been costly, but it was the right thing to do and I have no regrets.

 

Since that time, the government and intelligence services of the United States of America have attempted to make an example of me, a warning to all others who might speak out as I have. I have been made stateless and hounded for my act of political expression. The United States Government has placed me on no-fly lists. It demanded Hong Kong return me outside of the framework of its laws, in direct violation of the principle of non-refoulement – the Law of Nations. It has threatened with sanctions countries who would stand up for my human rights and the UN asylum system. It has even taken the unprecedented step of ordering military allies to ground a Latin American president’s plane in search for a political refugee. These dangerous escalations represent a threat not just to the dignity of Latin America, but to the basic rights shared by every person, every nation, to live free from persecution, and to seek and enjoy asylum.

 

Yet even in the face of this historically disproportionate aggression, countries around the world have offered support and asylum. These nations, including Russia, Venezuela, Bolivia, Nicaragua, and Ecuador have my gratitude and respect for being the first to stand against human rights violations carried out by the powerful rather than the powerless. By refusing to compromise their principles in the face of intimidation, they have earned the respect of the world. It is my intention to travel to each of these countries to extend my personal thanks to their people and leaders.

 

I announce today my formal acceptance of all offers of support or asylum I have been extended and all others that may be offered in the future. With, for example, the grant of asylum provided by Venezuela’s President Maduro, my asylee status is now formal, and no state has a basis by which to limit or interfere with my right to enjoy that asylum. As we have seen, however, some governments in Western European and North American states have demonstrated a willingness to act outside the law, and this behavior persists today. This unlawful threat makes it impossible for me to travel to Latin America and enjoy the asylum granted there in accordance with our shared rights.

 

This willingness by powerful states to act extra-legally represents a threat to all of us, and must not be allowed to succeed. Accordingly, I ask for your assistance in requesting guarantees of safe passage from the relevant nations in securing my travel to Latin America, as well as requesting asylum in Russia until such time as these states accede to law and my legal travel is permitted. I will be submitting my request to Russia today, and hope it will be accepted favorably.

The Evil Empire

/16 Comments/in , /by

Screen shot 2013-07-11 at 2.39.09 PM
The Guardian has its latest scoop on NSA spying, describing the extent to which Microsoft helps the government spy on its customers. This bullet list is just some of what the article reveals.

  • Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
  • The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
  • The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
  • Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;
  • Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio;
  • Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a “team sport”.

But I’m as interested in some of the details about the cooperation as the impact of that cooperation.

For example, the story describes that this cooperation takes place through the Special Source Operations unit.

The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the “crown jewel” of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

But we saw that when NSA approached (presumably) Microsoft in 2002, it did not approach via SSO; it used a more formal approach through counsel.

In addition, note how Skype increased cooperation in the months before Microsoft purchased it for what was then considered a hugely inflated price, and what is now being called (in other legal jurisdictions) so dominant that it doesn’t have to cooperate with others.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.

Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” the document stated, praising the co-operation between NSA teams and the FBI. “Collaborative teamwork was the key to the successful addition of another provider to the Prism system.”

While this isn’t as obvious as Verizon’s MCI purchase — which for the first time led that carrier to hand over Internet data — it does seem that those companies that cooperate with the NSA end up taking over their rivals.

 

Remember, the Department of Commerce plays some kind of role in ensuring that companies cooperate in protecting our critical infrastructure.

As of 2:30, Microsoft stock is at a high on the day.

Citing a Culture of “Verified Trust,” DefCon Asks Feds Not to Come

/2 Comments/in , , /by

Even after I wrote this post, few people following the NSA story seem to get that James Clapper’s lie to Ron Wyden was just the culmination of a seven month effort on Wyden’s part to get Keith Alexander to correct two misleading statements he made in an unclassified forum at DefCon last year.

That is, when Wyden asked Clapper “Does the NSA collect any type of data at all on ‘millions or hundreds of millions of Americans’?,” he was trying to correct Alexander’s dodge — by way of introducing the notion of “dossiers” — that the NSA doesn’t collect information on all Americans.

Which we now know, thanks to Edward Snowden’s leaks, it does.

So I’m not surprised that — a year after Alexander made lies that have now been exposed as such — DefCon has asked the Feds not to come. (h/t Brian Krebs)

FEDS, WE NEED SOME TIME APART.

POSTED 7.10.13

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a “time-out” and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next. [my emphasis]

The other content of Snowden’s leaks aside, the Verizon order and the minimization procedures show that what Alexander did last year was dress up in a hacker costume and lie — not just about the degree to which NSA collects the contacts of all Americans (the lie Ron Wyden worked so hard to correct), but also about the protections offered to people who encrypt their communications (that is, hackers).

As such, any chill between the Feds and hackers should not be laid at Snowden’s feet. They should be laid at General Alexander’s.

PCLOB: An Exercise in False Oversight

/2 Comments/in , /by

As you may have seen from the reporting or my live-tweeting of yesterday’s Privacy and Civil Liberties Oversight Board hearing on the government’s surveillance program, there were a few interesting bits of news, starting with former FISC judge James Robertson’s assertion that what FISC has done since it started approving bulk collection amounts to “approval” not “adjudication” and puts the court in an inappropriate policy making role. Robertson also said FISC needs an adversarial role it doesn’t currently have. Robertson also raised the possibility Section 215 could be used to create a gun registry not otherwise authorized by law, a point ignored by the former government officials on his panel.

I also thought James Baker’s testimony was interesting. In his prepared statements, Baker seemed to suggest the entire hearing was a wasted exercise, because the program had plenty of oversight. (Remember, Baker was in a key role at DOJ working with FISC through 2007, and got stuck trying to keep intelligence gathered under the illegal program out of traditional FISA applications.) But just before the end of the hearing Baker said before all the bulk collection, FISA worked. He repeated it, FISA worked. Baker may have come to accept these bulk programs, but he sure seemed to think they weren’t necessary.

But the most telling part of the hearing, in my opinion, is the presence of Steven Bradbury and Ken Wainstein on the panel.

There were plenty of other former government officials on the panels, representing all branches. But these two were in far more central positions in the roll out of both the legal and illegal programs. One of the key documents released by the Guardian, showing Wainstein and Bradbury recommending that newly confirmed Attorney General Michael Mukasey resume the contact chaining of Internet metadata, shows them expanding one of the most legally questionable aspects of this surveillance.

The ground rules of the hearing made it worse. The hearing followed the inane rules the Obama Administration adopts in the face of large leaks, pretending these public documents aren’t public. The Chair of PCLOB, David Medine, said no one could confirm anything that hadn’t already been declassified by the government.

Which not only put that document outside the scope of the discussion. But meant neither Bradbury nor Wainstein disclosed this clear conflict.

At one point in the hearing, the moderator even suggested that every time ACLU’s Jameel Jaffer said something, either Bradbury or Wainstein should have an opportunity to rebut what Jaffer said.

Yes, there were a number of interesting revelations at the hearing, along with the typical inanity from Wainstein and, especially, Bradbury. But it was set up with all the conflicts of a Presidential Commission meant to dispel controversy, not a real champion for privacy or civil liberties.

And its treatment of these two former government shills is just representative of that.