Posts

One Potential Civil Liberties Bright Spot from Yesterday’s Shellacking: Thad Cochran

There has been a lot of belated attention to the impact that Mark Udall’s loss yesterday will have on the Senate Intelligence Committee. I’ve been pointing to the possibility of a Udall loss and a Richard Burr Chairmanship since March. I warned you all of this when there was still time to do something about it!

Yesterday’s election will have huge impact on intelligence matters. It’s crystal clear, for example, that Burr has zero intention of exercising any oversight into the intelligence community, as we know he has been uninterested in their law-breaking in the past. I actually think Burr may be more interested in their competence than Feinstein has been, but that may be just a pipe-dream.

Burr might even be the very very rare Gang of Four member who doesn’t use the position to leak what the intelligence community wants to make public to the press. I say that because Burr was a key player in requiring the White House to provide the committees a list of sanctioned leaks, which I actually think was a badly needed reform (though I have no idea whether the White House has complied).

There’s also the matter of the 3 or 4 new Republicans that will gain seats on the Intelligence Committee (adding at least one for the majority, along with replacing Saxby Chambliss and Tom Coburn, both of whom retired). It’d be nice to see a libertarian among these — perhaps someone like Mike Lee, given that Utah has a lot of intelligence equities. But I highly doubt Mitch McConnell would put anyone with an interest in civil liberties on the Committee.

But there is one area where yesterday’s shellacking might harbor good news for civil liberties: Thad Cochran.

With Republicans in the majority, Barb Mikulski (D-NSA) will lose her Chairmanship of the Appropriations Committee; Cochran is expected to get that Chair. Mikulski has always been — even more than Dianne Feinstein — the impediment to any real civil liberties change in the Senate, because she is far more powerful. Importantly, she served as a guarantee that smart policies put through on appropriations bills — like Alan Grayson’s elimination of a requirement that NIST consult with the NSA on encryption standards, and the Massie-Lofgren amendment to defund back door searches — would not make it into any final bill.

Losing the majority, even losing Mikulski on Appropriations on all other matters, is a huge loss, don’t get me wrong.

But it does mean that Thad Cochran might, just maybe, allow good things to move through the Senate on appropriations. With Barb Mikulski there was no chance in hell of doing something on an appropriations bill. Without her, there’s at least a possibility. (Remember that Ted Stevens permitted a Ron Wyden amendment defunding TIA to go through appropriations in 2003, so such things are not unheard of.)

There’s no reason to believe that Cochran, in general, is any friendlier to civil liberties than Mikulski. But he’s not the NSA’s own personal senator. And that may be a tiny bright spot.

CISA: The Banks Want Immunity and a Public-Private War Council

A group of privacy and security organizations have just sent President Obama a letter asking him to issue a veto threat over the Cybersecurity Information Sharing Act passed out of the Senate Intelligence Committee last week. It’s a great explanation of why this bill sucks and doesn’t do what it needs to to make us safer from cyberattacks. It argues that CISA’s exclusive focus on information sharing — and not on communications security more generally — isn’t going to keep us safe.

Which is why it really pays to look at the role of SIFMA — the Securities Industry and Financial Markets Association — in all this.

As I’ve noted, they’re the banksters whom Keith Alexander is charging big bucks to keep safe. As Bloomberg recently reported, Alexander has convinced SIFMA to demand a public-private cyber war council, involving all the stars of revolving door fearmongering for profit.

Wall Street’s biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document.

The proposal by the Securities Industry and Financial Markets Association, known as Sifma, calls for a committee of executives and deputy-level representatives from at least eight U.S. agencies including the Treasury Department, the National Security Agency and the Department of Homeland Security, all led by a senior White House official.

The trade association also reveals in the document that Sifma has retained former NSA director Keith Alexander to “facilitate” the joint effort with the government. Alexander, in turn, has brought in Michael Chertoff, the former U.S. Secretary of Homeland Security, and his firm, Chertoff Group.

Public reporting positions SIFMA as the opposition to the larger community of people who know better, embracing this public-private war council approach.

Kenneth Bentsen, chief executive at the Securities Industry and Financial Markets Association, said in a statement that leaders of the Senate Intelligence panel who wrote the bill have “taken a balanced and considered approach which will help the financial services industry to better protect our customers from cyber terrorists and criminals, as well as their privacy.”

According to the same banksters who crashed our economy 6 years ago, this bill is about protecting them at the expense of our privacy and rule of law.

And in their reply to Alan Grayson’s questions about WTF they’re paying Keith Alexander so handsomely for, SIFMA repeats this line (definitely click through to read about Quantum Dawn 2).

Cyber attacks are increasingly a major threat to our financial system. As such, enhancing cyber security is a top priority for the financial services industry. SIFMA believes we have an obligation to do everything possible to protect the integrity of our markets and the millions of Americans who use financial services every day.

[snip]

However, the threat increases every day. SIFMA and its members have undertaken additional efforts to develop cyber defense standards for the securities industry sector as a follow on to the recently published NIST standards. And we are developing enhanced recovery protocols for market participants and regulators in the event of an attack that results in closure of the equity and fixed income markets. We are undertaking this work in close collaboration with our regulators and recently held a meeting to brief them on our progress. And, we plan to increase our efforts even further as the risks are too great for current efforts alone.

We know that a strong partnership between the private sector and the government is the most efficient way to address this growing threat. Industry and investors benefit when the private sector and government agencies can work together to share relevant threat information. We would like to see more done in Congress to eliminate the barriers to legitimate information sharing, which will enable this partnership to grow stronger, while protecting the privacy of our customers.

This is not — contrary to what people like Dianne Feinstein are pretending — protecting the millions who had their credit card data stolen because Target was not using the cyberdefenses it put into place.

Rather, this is about doing the banksters’ bidding, setting up a public-private war council, without first requiring them to do basic things — like limiting High Frequency Trading — to make their industry more resilient to all kinds of attacks, from even themselves.

Meanwhile, if that’s not enough indication this is about the bankstsers, check out what Treasury Secretary Jack Lew is doing this afternoon.

In the afternoon, the Secretary will visit Verizon’s facilities in Ashburn, Virginia to discuss cybersecurity and highlight the important role of telecommunications companies in supporting the financial system. 

Just what we need: our phone provider serving the interests of the financial system first.

DiFi wants to make it easier to spy on Americans domestically to help private companies that have already done untold damage to Main Street America. We ought to be protecting ourselves from them, not degrading privacy to subsidize their insecure practices.

Keith Alexander Has Finance Worried about Being Zeroed Out, Just Like President’s Review Group

Keith Alexander’s clients in the finance industry are proposing what he proposed to them: a government-finance industry council to protect against cyberthreats.

Alexander had been pitching Sifma and other bank trade associations to purchase his services through his new consulting firm, IronNet Cybersecurity Inc., for as much as $1 million per month, according to two people briefed on the talks.

He has made much the same argument to Sifma as the association is now making to the government about the emergence of new kinds of software assaults.

How tidy.

I’ll have more to say about their plot in a follow-up. But for the moment, look at what the consider one of the threats to the industry.

The next wave of attacks “in the near-medium term” is likely to be more destructive and could result in “account balances and books and records being converted to zeros,” while recovering the lost information “would be difficult and slow,” according to the Sifma document.

“We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack, the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks,” the document says.

This seems like tacit admission that the finance industry doesn’t create enough backups, but instead of doing that, they apparently prefer setting up this government-finance council.

It’s great to see Keith Alexander creating such a profitable panic among the richest industry.

But I can’t help but note that this fear mimics one the President’s Review Group raised in an oblique recommendation.

(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise  manipulate the financial systems;

Second, governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.

So are these seeming parallel worries based on classified information? If so, has Keith Alexander already started leaking classified information, as Alan Grayson raised concerns about?

Alan Grayson: Is Keith Alexander Selling Classified Information to the Banks?

I’ve been tracking Keith Alexander’s utterly predictable new gig, getting rich off of having drummed up cybersecurity concerns for the last several years, while at the same time shacking up with the most dubious of shadow bank regulators, Promontory Financial Group.

Apparently, I’m not the only one. Alan Grayson just sent some of the entities that Alexander has been drumming up business with — the Security Industries and Financial Markets Association, Consumer Bankers Association, and Financial Services Roundtable — a letter asking how the former NSA Director can be making a reported $600,000 a month. He cites Bruce Schneier wondering whether part of the deal is that Alexander will share classified information he learned while at NSA.

Security expert Bruce Schneier noted that this fee for Alexander’s services is on its face unreasonable. “Think of how much actual security they could buy with that $600K a month.Unless he’s giving them classified information.” Schneier also quoted Recode.net, which headlined this news as: “For another million, I’ll show you the back door we put in your router.”

[snip]

Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you.

Please send me all information related to your negotiations with Mr. Alexander, so that Congress can verify whether or not he is selling military and cybersecurity secrets to the financial services industry for personal gain.

Alexander is just the latest of a long line of people who profit directly off driving up the cybersecurity threat. But — as Recode.net notes — he’s also got the kind of inside information that could be particularly valuable.

As the Intelligence Industrial Complex and the Banking industry hop into bed together, there ought to be some transparency about just what kind of deals are being made. There’s simply too much immunity handed out to this community to let boondoggles like Alexander’s slide.

The intelligence community is subjecting every low level clearance holder to intense scrutiny right now. But thus far, there has not been a peep from those quarters that the former DIRNSA could command these fees for the expertise gained while overseeing the nation’s secrets.

Syria: The Administration’s Attribution Failure

Like what we do? Please support our fundraiser if you can! 

Reuters confirms something that I have long suggested: the government doesn’t know who ordered the CW attack in Syria on August 21.

The Administration’s best case tying Bashar al-Assad to the attack, through the Scientific Studies and Research Council, consists of speculation that the group may be involved and apparent specific knowledge that the head of the organization was not involved.

A declassified French intelligence report describes a unit of the SSRC, known by the code name “Branch 450”, which it says is in charge of filling rockets or shells with chemical munitions in general.

U.S. and European security sources say this unit was likely involved in mixing chemicals for the August 21 attack and also may have played a more extensive role in preparing for it and carrying it out.

[snip]

U.S. officials say Amr Armanazi, a Syrian official identified as SSRC director in a State Department sanctions order a year ago, was not directly involved. [my emphasis]

This is what every government has used as central proof; yet even here they appear to just assume that because SSRC controls Assad’s CW they probably were involved.

Remember, we’ve already had anonymous admissions that the intelligence community isn’t really sure who controls Assad’s CW; nor do they know what happened when rebels took over a location where weapons had been stored.

Over the past six months, with shifting front lines in the 2½-year-old civil war and sketchy satellite and human intelligence coming out of Syria, U.S. and allied spies have lost track of who controls some of the country’s chemical weapons supplies, according to the two intelligence officials and two other U.S. officials.

U.S. satellites have captured images of Syrian troops moving trucks into weapons storage areas and removing materials, but U.S. analysts have not been able to track what was moved or, in some cases, where it was relocated. They are also not certain that when they saw what looked like Assad’s forces moving chemical supplies, those forces were able to remove everything before rebels took over an area where weapons had been stored. [my emphasis]

And months ago, the government worried a rogue officer might launch Assad’s CW.

So on multiple occasions the intelligence community has raised ways — rebel capture, non-authorized capture on the Syrian side, or rogue officer — in which CW might be released against Assad’s wishes. Yet their case tying this attack to Assad relies on mere assumptions that none of those things have happened, even while they know the chain of command did not operate as it normally would have.

With all that in mind, consider the implications in this Alan Grayson op-ed. He explicitly reports the Administration has provided no more than a 12-page classified summary. He suggests the summary doesn’t refer to individual social media reports and, given the rules imposed by Mike Rogers, he would be unable to take notes on which social media reports it referred and cross-check them.

Per the instructions of the chairman of the House Intelligence Committee, note-taking is not allowed.

Once we leave, we are not permitted to discuss the classified summary with the public, the media, our constituents or even other members. Nor are we allowed to do anything to verify the validity of the information that has been provided.

Remember, the Administration’s own map betrays some doubts that the social media reports, at least, would all hold up. Read more

The Syrian Not-War: Money Issues

Screen shot 2013-09-04 at 1.05.30 PMThe most interesting details in today’s House Foreign Relations Committee hearing on Syria pertained to money.

First, when asked how much this not-war (for a second day, Kerry insisted this isn’t a real war) would cost, Chuck Hagel said it would cost tens of millions of dollars.

But when Alan Grayson asked whether Hagel would commit that he would not need supplemental funding for it (tens of millions are, after all, a rounding error for DOD), Hagel first said it depended on what options the President chose, then said um no, he couldn’t commit to that.

Finally, very early in the hearing, John Kerry intimated that someone (presumably the Saudis, but we’ve got a lot of rich autocrats in the region who want to oust Bashar al-Assad) had offered to pay the entire price of the operation if we would simply do it. But we weren’t going to take that friend up on the offer.

At this point, I’m not even sure the AUMF can pass the Senate (it passed out of the Senate Foreign Relations Committee with just a 55% yes vote: 10-7-1, which doesn’t bode will for the Senate’s filibuster customs–though that may not matter). But even if it does, the Administration would be well-served to remember they’ve got a debt limit fight coming up.

Mike Rogers’ Double Secret Invitation to Dance

I’m working on a very weedy post on the White Paper’s duplicitous presentation of what it calls support for Congress for the Section 215 dragnet.

But I’d like to compare a claim from this WaPo story on how secrecy makes it difficult for Congress to exercise oversight with a detail from the White Paper.

Rogers said “very few members” take advantage of his invitations to receive quarterly staff briefings on counterterrorism operations, and others skipped briefings on the NSA bulk surveillance.

“If you have individual members who say they don’t have time to be on the intelligence committee, then I say get off the intelligence committee,” he said.

Ruppersberger said all members benefit from an expert staff and a push in recent years for greater bipartisanship on the panel. The issues are complex and time-consuming, he said, “but we have to learn them. We have to hold these agencies accountable, but we also have to give them the resources they need to protect our country.”

Sen. John D. Rockefeller IV (D-W.Va.), a member of the Senate Intelligence Committee who expressed anger that Congress was kept in the dark about interrogation and surveillance tactics under the George W. Bush administration, now feels that Congress has what it needs. He credits Feinstein and the Senate panel’s ranking Republican, Sen. Saxby Chambliss of Georgia, for inviting every senator into the committee offices to examine classified materials.

“The intelligence oversight committees have kicked the tires on these programs very hard, with hearings and legislation and oversight, and the programs have overwhelming bipartisan support on these committees,” a Rockefeller spokeswoman said.

At this point in the story, I started wondering why the WaPo made no mention of this Guardian report, which documented what the House Intelligence Committee’s responsiveness was really like.

Rep. [Morgan] Griffith requested information about the NSA from the House Intelligence Committee six weeks ago, on June 25. He asked for “access to the classified FISA court order(s) referenced on Meet the Press this past weekend”: a reference to my raising with host David Gregory thestill-secret 2011 86-page ruling from the FISA court that found substantial parts of NSA domestic spying to be in violation of the Fourth Amendment as well as governing surveillance statutes.

In that same June 25 letter, Rep. Griffith also requested the semi-annual FISC “reviews and critiques” of the NSA. He stated the rationale for his request: “I took an oath to uphold the United States Constitution, and I intend to do so.”

Almost three weeks later, on July 12, Rep. Griffith requested additional information from the Intelligence Committee based on press accounts he had read about Yahoo’s unsuccessful efforts in court to resist joining the NSA’s PRISM program. He specifically wanted to review the arguments made by Yahoo and the DOJ, as well as the FISC’s ruling requiring Yahoo to participate in PRISM.

On July 22, he wrote another letter to the Committee seeking information. This time, it was prompted by press reports that that the FISA court had renewed its order compelling Verizon to turn over all phone records to the NSA. Rep. Griffith requested access to that court ruling.

The Congressman received no response to any of his requests.

The Guardian story also reveals how the House Intelligence Committee voted against giving Alan Grayson material, and quotes Justin Amash saying he had similar difficulties getting information.

But I also wondered, since this WaPo report was clearly written in part to assess claims in the White Paper that Congressional approval has been a key part of this program, why it didn’t quote these two passages:

In December 2009, DOJ worked with the Intelligence Community to provide a classified briefing paper to the House and Senate Intelligence Committees that could be made available to all Members of Congress regarding the telephony metadata collection program. A letter accompanying the briefing paper sent to the House Intelligence Committee specifically stated that “it is important that all Members of Congress have access to information about this program” and that “making this document available to all members of Congress is an effective way to inform the legislative debate about reauthorization of Section 215.” See Letter from Assistant Attorney General Ronald Weich to the Honorable Silvestre Reyes, Chairman, House Permanent Select Committee on Intelligence (Dec. 14, 2009). Both Intelligence Committees made this document available to all Members of Congress prior to the February 2010 reauthorization of Section 215. See Letter from Sen. Diane Feinstein and Sen. Christopher S. Bond to Colleagues (Feb. 23, 2010); Letter from Rep. Silvestre Reyes to Colleagues (Feb. 24, 2010);

[snip]

An updated version of the briefing paper, also recently released in redacted form to the public, was provided to the Senate and House Intelligence Committees again in February 2011 in connection with the reauthorization that occurred later that year. See Letter from Assistant Attorney General Ronald Weich to the Honorable Dianne Feinstein and the Honorable Saxby Chambliss, Chairman and Vice Chairman, Senate Select Committee on Intelligence (Feb. 2, 2011); Letter from Assistant Attorney General Ronald Weich to the Honorable Mike Rogers and the Honorable C.A. Dutch Ruppersberger, Chairman and Ranking Minority Member, House Permanent Select Committee on Intelligence (Feb. 2, 2011). The Senate Intelligence Committee made this updated paper available to all Senators later that month. See Letter from Sen. Diane Feinstein and Sen. Saxby Chambliss to Colleagues (Feb. 8, 2011).

They describe the two notices the Intelligence Community sent the Intelligence Committees during PATRIOT Act reauthorization describing the phone and Internet dragnets.

Read more

George Steph Wrings His Hands

George Stephanopoulos, clutching his pearls, wants to know why it was necessary for Alan Grayson to call out Republicans on the floor of the House for their stubborn defense of the status quo failed health care in this country (note, in his post, Steph uses Eric Cantor’s YouTube of this speech, which ought to tell you on whose behalf he decided to cover this).

Why Is This Necessary?

Rep. Alan Grayson , D-Fla., says GOP plan is for people to "die quickly." House Republicans are demanding an apology. Don’t they deserve one? Watch here: UPDATE: At Noon today. Rep. Tom Price plans to introduce a new resolution admonishing…

I’m going to pretend Steph is asking sincerely why this is necessary. 

Exhibit One: What Steph had to say about Joe Wilson’s outburst.

If you needed any more evidence that passions run high on health care and America’s partisan divide cuts deep, it came tonight.  When was the last time you heard a member of Congress (Joe Wilson of S.C.) call the President a liar during a joint session address? (Rahm Emanuel has already approached the GOP Congressional leadership and demanded an apology. John McCain has said Wilson should apologize, too. And just moments ago, Wilson bowed to the inevitable and apologized). For that matter, when was the last time you heard a President use the word “lie” in a joint session address? 

No mention of the fact that Wilson was the one lying here. Instead, an excuse for Wilson because "passions run high." No mention of Wilson’s lie–or those of his Republican colleagues–the following day, either (though, once again, Steph highlights what Eric Cantor wants out there). No mention of Wilson’s lie in Steph’s discussion of Wilson’s opponent’s financial bonanza for his outburst either.

Exhibit Two: George Steph’s "outrage" in response to much more incendiary comments from Republicans–such as when Mike Huckabee said that Democrats would have forced Teddy Kennedy to "go home to take pain pills and die." 

Mike Huckabee tossed a hand grenade into the debate over who’s politicizing Ted Kennedy’s death Thursday morning when he told his radio audience that under Obamacare, Kennedy would be told to "go home to take pain pills and die."

Which Democrat will toss it back first?

Read more