Posts

Shorter WaPo: It Would Take Months to Know about Spying Misconduct

/11 Comments/in , , /by

For what it’s worth, I consider reports that the government doesn’t know what Edward Snowden took to be disinformation. And indeed, claims to that effect in this WaPo article are sourced to: “one former government official,”a “former senior U.S. official,” and “a former senior U.S. intelligence official who served in Russia.” There’s also “a senior intelligence official” who says only it’ll take months to complete the damage assessment on Snowden’s materials, which is different from claiming (as the other sources do) that Russia and China have what he took. And a “second senior intelligence official” who fearmongers improbably about how much easier this will make things on the terrorists.

But ultimately, most of the people claiming NSA doesn’t know what Snowden took are former officials, presumably out of the loop on such issues (unless, of course, they’re Booz Allen Hamilton revolving doormen).

Funny thing is, if all that were true — if the government is still struggling to figure out what Snowden took a month after he left NSA — it indicates that the government would not know if a Sysadmin at the NSA had spied on Americans, if ever, until months after someone did so.

But, promise, this giant dragnet is secure.

Update: Mark Hosenball’s version of this apparently organized leak (his is sourced to “several U.S. officials,” “one non-government source familiar with Snowden’s materials,” and “2 U.S. national security sources,” makes it fairly clear the government intends to release this disinformation — along with incorrect claims about the history of WikiLeaks — as a way to fearmonger about that connection.

Although WikiLeaks initially made the diplomatic cables available to media outlets, including the Guardian and New York Times, who redacted potentially sensitive information before publishing them, the website eventually released an entirely unredacted archive of the material, to the dismay of the Obama Administration. U.S. officials said the information put sources at risk and damaged relations with foreign governments.

The disinformation people spreading this story apparently are less worried about confirming genuine concerns about the security of these programs than they are about trying to catch up to WikiLeaks involvement with a new line of fearmongering.

Update: I changed the title of this after it was published.

Obama’s Stubbornness and the Risk of Snowden

/56 Comments/in , , , /by

At the outset of this post, let me lay out my following assumptions (I can’t prove these points, but I suspect them):

  • The documents released so far by Guardian and WaPo — information on the Section 215 program, PRISM, and the PPD on cyberwar — have done negligible damage to our security (indeed, even Sheldon Whitehouse, a big defender of these programs, said the government should have been transparent about them earlier)
  • China already knew the content of Edward Snowden’s public revelations about our hacking into Chinese networks (we know China’s compromises of us, so it is unlikely China, which is more successful and aggressive at hacking than we are, doesn’t know our compromises of it); the revelations on this front so far have served primarily to even out the playing field on mutual accusations of hacking
  • Snowden personally (and his laptops) have information that China and Russia could both find of more use, particularly given that some of our programs targeting them were run out of HI
  • Snowden may also have things that might be of use to others, such as organized crime (If I were planning on longevity and had access, for example, I would take some zero day exploits when I left the NSA, though the street value of them would diminish once NSA had inventoried what I took)
  • The reporting I’ve seen has not confirmed reports that either China or Russia has debriefed Snowden or scanned his computers (indeed, this report on China’s involvement in his departure from Hong Kong suggests they did not talk with him directly)
  • Julian Assange knows where Snowden is, leading to the possibility he has escaped Russia to a country that has not yet been named in reports of Snowden’s escape (named countries have included Venezuela, Cuba, Ecuador, and Iceland)

All of that is a roundabout way of saying that Snowden could do great damage to the US, but may not have yet, and certainly hadn’t by the time he first revealed himself in Hong Kong.

If that’s right, then it seems the Obama approach has been precisely the wrong approach in limiting potential damage to national security. The best way to limit damage, for example, would be to get Snowden to a safe place where our greatest adversaries can’t get to him, where we could make an eternal stink about his asylum there, but still rest easy knowing he wasn’t leaking further secrets. Indeed, if he were exiled in some place like France, we’d likely have more influence over what he was allowed to do than if he gets to Ecuador, for example.

The most likely approach to lead to further damage, however, is to charge him with Espionage. This not only raises the specter of the treatment we’ve given Bradley Manning — giving Snowden Denise Lind’s judgement that Manning’s rights were violated to include in any asylum application — but also easily falls under what states can call political crimes, which permits them to ignore extradition requests. That is, we appear to be pursuing the approach that could lead to greater damage.

By contrast, letting Snowden get someplace safe is perfectly equivalent to letting the CIA off for torture (or, for that matter, James Clapper off for lying to Congress). It’s a violation of rule of law, but it also serves to minimize the tremendous damage the spooks might do to retaliate. Obama has chosen this path already when the criminals were his criminals; he clearly doesn’t have the least bit of compunction of setting aside rule of law for pragmatic reasons. But in Snowden’s case, he seems to be pursuing a strategy that not only might increase the likelihood of damage, but also lets China and Russia retaliate for perceived slights along the way.

All this is just an observation. I believe Obama’s relentless attacks on whistleblowers and his ruthless enforcement of information asymmetry have actually raised the risk of something like this. And he seems to be prioritizing proving the power of the US (which has, thus far, only proved our diminishing influence) over limiting damage Snowden might do.

Update: This fearmongering WaPo article nevertheless quotes a former senior US official admitting that what Snowden has released so far wouldn’t help China or Russia.

A former senior U.S. official said that the material that has leaked publicly would be of limited use to China or Russia but that if Snowden also stole files that outline U.S. cyber-penetration efforts, the damage of any disclosure would be multiplied.

Keith Alexander’s “Packets in Flight” Turn Hackers into Terrorists

/12 Comments/in , , /by

Keith Alexander showed up to chat with a typically solicitous George Stephanopoulos yesterday. The interview demonstrates something I’ll be increasingly obsessed with in upcoming weeks.

The government is using the limited success of NSA’s counterterrorism spying to justify programs that increasingly serve a cybersecurity function — a function Congress has not enthusiastically endorsed.

The interview starts with Alexander ignoring Steph’s first question (why we didn’t find Snowden) and instead teeing up 9/11 and terror terror terror.

And when you think about what our mission is, I want to jump into that, because I think it reflect on the question you’re asking.

You know, my first responsibility to the American people is to defend this nation. And when you think about it, defending the nation, let’s look back at 9/11 and what happened.

The intel community failed to connect the dots in 9/11. And much of what we’ve done since then were to give us the capabilities — and this is the business record FISA, what’s sometimes called Section 215 and the FAA 702 — two capabilities that help us connect the dots.

The reason I bring that up is that these are two of the most important things from my perspective that helps us understand what terrorists are trying to do. And if you think about that, what Snowden has revealed has caused irreversible and significant damage to our country and to our allies.

When — on Friday, we pushed a Congress over 50 cases where these contributed to the understanding and, in many cases, disruptions of terrorist plots.

Steph persists with his original question and gets Alexander to repeat that they’ve “changed the passwords” at NSA to prevent others from leaking.

Steph then asks Alexander about Snowden’s leaks of details on our hacking of China (note, no one seems to be interested in this article, which is just as revealing about our hacking of China as Snowden’s revelations).

Note how, even here, Alexander says our intelligence collection in China is about terrorism.

STEPHANOPOULOS: In the statement that Hong Kong put out this morning, explaining why they allowed Snowden to leave, they also say they’ve written to the United States government requesting clarification on the reports, based on Snowden’s information, that the United States government attacked (ph) computer systems in Hong Kong.

He said that the NSA does all kinds of things like hack Chinese cell phone companies to steal all of your SMS data.

Is that true?

ALEXANDER: Well, we have interest in those who collect on us as an intelligence agency. But to say that we’re willfully just collecting all sorts of data would give you the impression that we’re just trying to canvas the whole world.

The fact is what we’re trying to do is get the information our nation needs, the foreign intelligence, that primary mission, in this case and the case that Snowden has brought up is in defending this nation from a terrorist attack.

Alexander then shifts the issue and suggests we’re collecting on China because it is collecting on us.

Now we have other intelligence interests just like other nations do. That’s what you’d expect us to do. We do that right. Our main interest: who’s collecting on us?

Alexander next goes on to answer Steph’s question about whether we broke Hong Kong law by saying this hacking doesn’t break our law. Read more

Remember How Angry Russia Is about Viktor Bout

/3 Comments/in /by

As we await the next installment from Edward Snowden’s White Bronco chase around the globe, it’s worth remembering our attempt to overthrow Bashar al-Assad and the Boston Marathon attack (and subsequent whitewashing about how closely Russia is cooperating) are not the only things underlying US-Russian relations.

Russia is still very angry about our assertion of jurisdiction to entrap Viktor Bout for selling arms to FARC.

Indeed, Preet Bharara is among the US officials that Russia sanctioned in retaliation for the Magnitsky list, along with such leading lights of American law as John Yoo and David Addington.

Jeralyn lays out Russian frustrations over our manufactured jurisdiction with two of their citizens here.

Bout’s story (background here)is even worse. He was the victim of a DEAsting in Thailand. The U.S. fought tooth and nail to extradite him and lost. The U.S. appealed (and likely pulled some strings, if the Wikileaks cables are any indication, and lo and behold, The higher court in Thailand approved his extradition. He spent a miserable two years at MCC in New York, was convicted and sentenced to 35 years which he is serving at theUSP in Marion, IL., one of our SuperMax prisons. The U.S. claims he’s a “Lord of War” and seller of arms. He never sold arms here. What’s it our business? Why have a prisoner transfer treaty if you aren’t going to use it? Did anyone ask the American taxpayers if they want to pay $40,000 a year times 30 years to warehouse Bout in a high security prison when Russia’s willing to take him?

You don’t have to like what Bout did (which is not much more destabilizing than what Erik Prince has done) to understand that when the US claims jurisdiction over anyone in the world, even if they do nothing to harm the US directly, is going to piss off other countries.

Eventually, those countries may have an opportunity to express their frustration about it.

Minimization in the Age of Cyberwar

/29 Comments/in , /by

I’d like to compare how the NSA talking point document released yesterday compares with a document Glenn Greenwald has or has seen, with respect to minimization under Section 702 (PRISM/FAA) collection. Remember PRISM allows the government to access Internet communications with little review of individual targeting decisions, and any American communications accessed with that foreign target communication is also viewed.

The NSA document says US person communications can only be disseminated (this includes getting shared with FBI) if it is necessary to understand the communication, and evidence of crime, or indicates a threat of death.

The dissemination of any information about U.S. persons is expressly prohibited unless it is necessary to understand foreign intelligence or assess its importance; is evidence of a crime; or indicates a threat of death or serious bodily harm.

The Guardian document (which they did not publish) says US person communications — and note, these are entirely domestic communications — can be disseminated in two slightly different cases and a third unrelated one. The unrelated one permits US person communications to be disseminated if it contains “information necessary to understand or assess a communications security vulnerability.”

One typical example is a document submitted by the NSA in July 2009. In its first paragraph, it purports to set forth “minimization procedures” that “apply to the acquisition, retention, use, and dissemination of non-publicly available information concerning unconsenting United States persons that is acquired by targeting non-United States persons reasonably believed to be located outside the United States in accordance with section 702 of the Foreign Intelligence Surveillance Act of 1978, as amended.”

That document provides that “communications of or concerning United States persons that may be related to the authorized purpose of the acquisition may be forwarded to analytic personnel responsible for producing intelligence information from the collected data.” It also states that “such communications or information” – those from US citizens – “may be retained and disseminated” if it meets the guidelines set forth in the NSA’s procedures.

Those guidelines specifically address what the NSA does with what it calls “domestic communications”, defined as “communications in which the sender and all intended recipients are reasonably believed to be located in the United States at the time of acquisition”. The NSA expressly claims the right to store and even disseminate such domestic communication if: (1) “it is reasonably believed to contain significant foreign intelligence information”; (2) “the communication does not contain foreign intelligence information but is reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed”; or (3) “the communication is reasonably believed to contain technical data base information, as defined in Section 2(i), or information necessary to understand or assess a communications security vulnerability.” [my emphasis]

Now, this is not an apple to apple comparison. Indeed, this could very well be an apples to small rubber child’s ball comparison.

The NSA document purports to describe minimization as it occurs today. The Guardian one dates to July 2009, so may be out of date, for starters.

And by design, the NSA timeline focuses on terrorism examples because TERROR TERROR TERROR is very convincing to people who don’t want to think. Based on the mention of a “communications security vulnerability,” the Guardian one seems to be a 702 order describing minimization for a cybersecurity order.

If that’s true, though, it suggests two things. First, that hacking has been equated to terrorism as a crime adequate to disseminate US person communications with no warrant.

And this is where the difference in the standard on foreign intelligence gets interesting: the NSA document claims that only communications necessary to understand foreign intelligence merits dissemination. The Guardian document only need be “reasonably believed to contain significant foreign intelligence information” (though admittedly, that may be the language used in the first instance).

But again, this minimization order is 4 years old. The other day the WaPo suggested that the NSA has changed how they collect Internet metadata (which may be what that other clause “technical data base information, as defined in Section 2(i)” in the minimization order refers to. It may be they’re conducting their cybersecurity dragnet via other means, perhaps even as a way to maintain this lower standard of minimization.

The government is clearly planning to engage in far more intrusive collection in the name of cyberwar than described in discussions about Section 702 (and at the end of the hearing yesterday, Mike Rogers alluded to keeping the programs in place, with their permissive standards, for other reasons, which I took to mean cybersecurity). And that is bound to treat far more Americans as targets of foreign-type collection.

Terrorist Hobgoblins Bite the Intelligence Community in Its Efficacy Ass

/36 Comments/in , , , /by

I just finished watching the House Intelligence Committee hearing on the NSA programs revealed by Edward Snowden. I’ll have a lot more to say about the content of the revelations in the next few days. But first, a general observation.

Since the initial Snowden revelations, the Intelligence Community and other Administration surrogates have been trying to minimize our understanding of the scope of their surveillance and use traditional fearmongering to justify the programs by focusing on the importance of the Section 702 collection to stopping terrorism. While James Clapper’s office has made it clear that Section 702 goes beyond counterterrorism by revealing that its  successes include counterproliferation and cybersecurity successes, as well as counterterrorism ones, the focus has nevertheless been on TERROR TERROR TERROR.

Today’s hearing was really the culmination of that process, when Keith Alexander boasted up upwards of 50 terrorist plots — about 40 of which were overseas — that Section 702 has prevented.

Of the four plots the government has revealed — David Headley, Najibullah Zazi, as well as these two today

Mr. Joyce described a plot to blow up the New York Stock Exchange by a Kansas City man, whom the agency was able to identify because he was in contact with “an extremist” in Yemen who was under surveillance. Mr. Joyce also talked about a San Diego man who planned to send financial support to a terrorist group in Somalia, and who was identified because the N.S.A. flagged his phone number as suspicious through its database of all domestic phone call logs, which was brought to light by Mr. Snowden’s disclosures.

… the government has either overblown the importance of these programs and their success or are fairly minor plots.

None of the four may be as uniquely worthwhile as the cyberattack described by Clapper’s office a week ago, which it has not, however, fleshed out.

Communications collected under Section 702 have provided significant and unique intelligence regarding potential cyber threats to the United States, including specific potential network computer attacks. This insight has led to successful efforts to mitigate these threats.

That is, the government might–might!–be able to make a far better case for the value of these programs in discussing their role in preventing cyberattacks rather than preventing terrorist plots.

And yet it hasn’t done so, even as it pushes one after another attempt to legislate internet access in the name of protecting Intellectual Property and critical infrastructure.

Given the increasing focus on cybersecurity — and the already dishonest claims people like Mike Rogers have made about the means to accomplish that focus — this is the discussion we need to be having, rather than digging up terror plots first developed in 2004 that never happened. But in the same way the government shied away from conducting an honest discussion with us in 2001 and again in 2006 about these programs, it is refusing to conduct an honest discussion about cybersecurity today.

And, ironically, that refusal is preventing them from describing the value of a program that surely contributes more to countering cyberattacks than terror attacks at this point.

Edward Snowden: Congress Has Immunity from Spying, But You Don’t

/21 Comments/in , /by

I’ll admit from the start that the Snowden chat at the Guardian was a brilliant journalistic and technical feat. At the same time, it’s clear that Snowden is still closely following the news, and presumably shaping his answers for maximal political effect.

So I take this comment, the last words he spoke on the chat, with a grain of salt.

This is the precise reason that NSA provides Congress with a special immunity to its surveillance.

Certainly, it would seem technically feasible to block all Verizon numbers associated with official Congressional communications devices. It would be far harder to block the abundant communications devices tied to campaign activity.

From this, shall we assume the White House and Courts are also immune?

Contrast that with Snowden’s claims about we peons’ communications.

NSA likes to use “domestic” as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as “incidental” collection, but at the end of the day, someone at NSA still has the content of your communications. Even in the event of “warranted” intercept, it’s important to understand the intelligence community doesn’t always deal with what you would consider a “real” warrant like a Police department would have to, the “warrant” is more of a templated form they fill out and send to a reliable judge with a rubber stamp.

[snip]

US Persons do enjoy limited policy protections (and again, it’s important to understand that policy protection is no protection – policy is a one-way ratchet that only loosens) and one very weak technical protection – a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the “widest allowable aperture,” and can be stripped out at any time. Even with the filter, US comms get ingested, and even more so as soon as they leave the border. Your protected communications shouldn’t stop being protected communications just because of the IP they’re tagged with.

I do believe I pointed out James Clapper using “domestic” as just on such weasel word (I prefer to call it Orwellian turd-splat) this morning!

Clearly, Snowden is trying to make it clear that our Congressional overseers aren’t protecting our interests as well as the NSA has protected theirs (for good reasons under the Constitution, I would add).

So this claim may just be an effort to make us more pissed.

Remember, however, the day after the first leak on this, Eric Holder testified before the Senate Appropriations Committee. Barbara Milulski, who (as a tremendously powerful Senator representing NSA) had not previously publicly ever met NSA surveillance she didn’t like, was up in arms about the possibility the government was surveilling her communications.

Those concerns had been placated by the time Keith Alexander testified a day or so later.

So while Snowden is clearly trying to push the debate, it is also quite likely that the immunity comment is true.

Al Gore: Get Your Hands Off of My (Our?) Internet

/19 Comments/in , /by

Working on posts and then will have my sis-in-law in to watch the Grand Rapids Griffins defeat her Syracuse Crush tonight in hockey. (Really!)

But I did like this Al Gore interview:

Gore said he was not persuaded by the argument that the NSA surveillance had operated within the boundaries of the law.

“This in my view violates the constitution. The fourth amendment and the first amendment – and the fourth amendment language is crystal clear,” he said. “It is not acceptable to have a secret interpretation of a law that goes far beyond any reasonable reading of either the law or the constitution and then classify as top secret what the actual law is.”

Gore added: “This is not right.”

Gore even recognized the problem of the Director of National Intelligence lying under oath.

Gore did say, however, that he had serious concerns about some aspects of the testimony offered by national intelligence director James Clapper during testimony to the Senate intelligence committee last March.

Clapper, in response to pointed questions from Democratic senator Ron Wyden, had said during that appearance that the NSA did not collect data on Americans.

“I was troubled by his direct response to Senator Wyden’s very pointed question,” Gore said. “I was troubled by that.”

Yeah! Me too!

 

House Intelligence Parrot: These Programs Are Not Secret…

/10 Comments/in , /by

… but it’s a grave danger for you to know about them.

Bob Minehart, a staffer for Democrats (presumably Dutch Ruppersberger) on the House Intelligence Committee, has put together a pair of talking point documents for members of the House to talk about the programs revealed by the Guardian last week. (I found out Minehart is the author by checking the documents’ metadata.) The talking points largely track what James Clapper released, though with a few differences that may come from Mike Rogers which I may return to.

The talking points claim the reporting on the programs have inaccuracies.

The articles referenced above contain numerous inaccuracies that imply the United States Government is spying on Americans. That is just plain false.

But the documents include a number of claims that are meaningless, given the underlying standards involved.

The FISA Court authorizes intelligence collection only after the Intelligence Community has proven its case, based on underlying facts and investigations.

The most pathetic part of these talking points, however, is the claim that these are not secret programs. Not the Section 215 dragnet of every Americans’ call data.

There is no secret program involved here – it is strictly authorized by a U.S. statute.

And not the direct access to Internet companies data with just a 51% certainty that the data collected is foreign.

There is no secret program involved – it is strictly authorized by a U.S. statute.

But in spite of this claim that massive dragnets deceitfully denied in Congressional hearings are not secret, the PRISM-related set still warns about what grave danger the leak of the information created.

The unauthorized disclosure of information about this critical legal tool puts our national security in grave danger, puts Americans at risk of terrorist and cyber attacks, and puts our military intelligence resources in danger of being revealed to our adversaries.

These are not secret programs, Dutch Ruppersberger wants you to know. But revealing them will kill us all.

Who Are the Potential Targets of the OTHER Section 215 Program(s)

/18 Comments/in , , , /by

There are several small, but significant, discrepancies between what Dianne Feinstein and Keith Alexander said in yesterday’s Senate Appropriation Committee hearing on cyber and what others have said. As one example, last week James Clapper said this was the standard for accessing the dragnet of Americans’ call data:

The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization. [my emphasis]

DiFi yesterday said this was the standard:

It can only look at that data after a showing that there is a reasonable, articulable suspicion that a specific individual is involved in terrorism, actually related to al Qaeda or Iran. [my emphasis]

These are slightly different things (and Congress has fought hard over the word “articulable” in very similar contexts to this in the past — plus, whichever word is used may trace back to Jack Goldsmith’s 2004 OLC opinion on the illegal wiretap program). It’s possible — likely even — that Clapper was just dumbing down his statement the other day. But it is a difference.

I’m particularly interested in the point I raised yesterday. DiFi, in discussing the NSA’s use of the Section 215 data, says it can only be used to find people in the US with ties to terrorists or Iran.

But when Clapper discussed all the potential targets the Intelligence Community might want to trace using Section 215 data, he mentioned a broader group.

There are no limitations on the customers who can use this library. Many and millions of innocent people doing min– millions of innocent things use this library, but there are also nefarious people who use it. Terrorists, drug cartels, human traffickers, criminals also take advantage of the same technology. So the task for us in the interest of preserving security and preserving civil liberties and privacy is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read. [my emphasis]

But remember. Clapper oversees all 16 members of the intelligence community, including FBI and the National Counterterrorism Center. DiFi’s statement (and Alexander’s confirmation) applied only to NSA. Elsewhere in the hearing, Alexander said NSA only used what he called “BR” (for business records) to collect phone records. And we know that — at least as recently as 2011 — there was at least one other secret collection program using Section 215. So one of those other entities — almost certainly FBI — must run that program.

Moreover, there’s no reason to believe that Edward Snowden, who had unbelievable access to NSA’s networks and, some time ago, CIA’s records, would have access to programs that didn’t involve those agencies.

And Keith Alexander probably knows that.

Also, terrorists, certainly, and Iran, sort of, are legitimate targets for DOD (I’m actually wondering if the government has acrobatically justified going after Iranian contacts by relying on the still extant Iraq AUMF). For NSA to pursue drug cartels and criminals might present a posse comitatus problem (one that I believe was part of the problem behind the 2004 hospital confrontation).

So I’m wondering how many of the answers we’re getting are designed to minimize the scope of what we know by referring only to the NSA programs?