Posts

Jim Sensenbrenner Flip-Flops Wildly on Value of Classified Hearings

/in /by

Jenna McLaughlin has a report on what I noted here — House Judiciary Committee Chair Bob Goodlatte has scheduled a classified hearing to talk about Section 702 of the FISA Amendments Act on February 2. In it, she includes this unbelievable quote from Jim Sensenbrenner.

“Closed briefings are necessary for members of Congress to ask questions about classified information,” said Judiciary Committee member Jim Sensenbrenner, R-Wisc., in a statement to The Intercept. “However, I would support a subsequent open hearing on Section 702 of the Foreign Intelligence Surveillance Act because transparency and public discussion are critical to the reform and reauthorization of Section 702.”

It’s unbelievable because, after Sensenbrenner made some horseshit claims of ignorance immediately after Edward Snowden revealed the phone dragnet that had been authorized by legislation Sensenbrenner had authored, people started asking why he hadn’t gone to the classified hearings, at which DOJ briefed members about the dragnet (and FBI later lied about the abuses carried out in executing that dragnet).

Sensenbrenner’s spokesperson explained back in 2013 that he didn’t go to those classified hearing because he didn’t want to be restrained by confidentiality.

Asked whether his boss had attended any of those sessions during that period, Sensenbrenner spokesperson Ben Miller said the congressman “does not want to be limited by the restraints of confidentiality. Therefore, he believes in an open dialogue by which legislative solutions can be constructed and passed into law before the public.” Miller said Sensenbrenner had “attended confidential briefings in the past,” but didn’t say how many, which ones, or whether any dealt directly with the “sensitive” application of section 215.

[snip]

“While some members of Congress were briefed, particularly those on the intelligence committees, most, including myself, were not,” Sensenbrenner wrote in a column for The Guardian newspaper. Sensenbrenner did not disclose, as his spokesperson did for this story, that he chooses not to attend the briefings.

So back in 2013, when Sensenbrenner was disclaiming any responsibility for a dragnet, he didn’t to be restrained by what he gets told in a classified hearing.

But now, at a time when Congress might consider stopping FBI from doing its uncounted back door searches of people it has no evidence against, Sensenbrenner says “closed briefings are necessary.”

Given what 2013 Sensenbrenner said about the importance of conducting these discussions in the light of day, and given that Section 702 has always been debated in public, I would suggest Sensenbrenner’s support for closed hearings now suggests the fix is in.

One wonders what squeals of outrage Sensenbrenner will make in 2023 after new abuses of Section 702 get disclosed?

 

Share this entry

NSA Propagandist John Schindler Suggests Boston Marathon Terrorist Attack Not “Major Jihadist Attack”

/25 Comments/in , /by

NSA propagandist John Schindler has used the San Bernardino attack as an opportunity to blame Edward Snowden for the spy world’s diminished effectiveness, again.

Perhaps the most interesting detail in his column is his claim that 80% of thwarted attacks come from an NSA SIGINT hit.

Something like eighty percent of disrupted terrorism cases in the United States begin with a SIGINT “hit” by NSA.

That’s mighty curious, given that defendants in these cases aren’t getting notice of such SIGINT hits, as required by law, as ACLU’s Patrick Toomey reminded just last week. Indeed, the claim is wholly inconsistent with the claims FBI made when it tried to claim the dragnet was effective after the Snowden leaks, and inconsistent with PCLOB’s findings that the FBI generally finds such intelligence on its own. Whatever. I’m sure the discrepancy is one Schindler will be able to explain to defense attorneys when they subpoena him to explain the claim.

Then there’s Schindler’s entirely illogical claim that the shut-down of the phone dragnet just days before the attack might have helped to prevent it.

The recent Congressionally-mandated halt on NSA holding phone call information, so-called metadata, has harmed counterterrorism, though to what extent remains unclear. FBI Director James Comey has stated, “We don’t know yet” whether the curtailing of NSA’s metadata program, which went into effect just days before the San Bernardino attack, would have made a difference. Anti-intelligence activists have predictably said it’s irrelevant, while some on the Right have made opposite claims. The latter have overstated their case but are closer to the truth.

As Mike Lee patiently got Jim Comey to admit last week, if the Section 215 phone dragnet (as opposed to the EO 12333 phone dragnet, which remains in place) was going to prevent this attack, it would have.

Schindler then made an error that obscures one of the many ways the new phone dragnet will be better suited to counterterrorism. Echoing a right wing complaint that the government doesn’t currently review social media accounts as part of the visa process, he claimed “Tashfeen Malik’s social media writings [supporting jihad] could have been easily found.” Yet at least according to ABC, it would not have been so easy. “Officials said that because Malik used a pseudonym in her online messages, it is not clear that her support for terror groups would have become known even if the U.S. conducted a full review of her online traffic.” [See update.] Indeed, authorities found the Facebook post where Malik claimed allegiance to ISIS by correlating her known email with her then unknown alias on Facebook. NSA’s new phone program, because it asks providers for “connections” as well as “contacts,” is far more likely to identify multiple identities that get linked by providers than the old program (though it is less likely to correlate burner identities via bulk analysis).

Really, though, whether or not the dragnet could have prevented San Bernardino which, as far as is evident, was carried out with no international coordination, is sort of a meaningless measure of NSA’s spying. To suggest you’re going to get useful SIGINT about a couple who, after all lived together and therefore didn’t need to use electronic communications devices to plot, is silliness. A number of recent terrorist attacks have been planned by family members, including one cell of the Paris attack and the Charlie Hebdo attack, and you’re far less likely to get SIGINT from people who live together.

Which brings me to the most amazing part of Schindler’s piece. He argues that Americans have developed a sense of security in recent years (he of course ignores right wing terrorism and other gun violence) because “the NSA-FBI combination had a near-perfect track record of cutting short major jihadist attacks on Americans at home since late 2001.” Here’s how he makes that claim.

Making matters worse, most Americans felt reasonably safe from the threat of domestic jihadism in recent years, despite repeated warnings about the rise of the Islamic State and terrible attacks like the recent mass-casualty atrocity in Paris. Although the November 2009 Fort Hood massacre, perpetrated by Army Major Nidal Hasan, killed thirteen, it happened within the confines of a military base and did not involve the general public.

Two months before that, authorities rolled up a major jihadist cell in the New York City area that was plotting complex attacks that would have rivalled the 2005 London 7/7 atrocity in scope and lethality. That plot was backed by Al-Qa’ida Central in Pakistan and might have changed the debate on terrorism in the United States, but it was happily halted before execution – “left of boom” as counterterrorism professionals put it.

Jumping from the 2009 attacks (and skipping the 2009 Undiebomb and 2010 Faisal Shahzad attempts) to the Paris attack allows him to suggest any failure to find recent plots derives from Snowden’s leaks, which first started in June 2013.

However, the effectiveness of the NSA-FBI counterterrorism team has begun to erode in the last couple years, thanks in no small part to the work of such journalists-cum-activists. Since June 2013, when the former NSA IT contactor [sic] Edward Snowden defected to Moscow, leaking the biggest trove of classified material in all intelligence history, American SIGINT has been subjected to unprecedented criticism and scrutiny.

There is, of course, one enormous thing missing from Schindler’s narrative of NSA perfection: the Boston Marathon attack, committed months before the first Snowden disclosures became public. Indeed, even though the NSA was bizarrely not included in a post-Marathon Inspector General review of how the brothers got missed, it turns out NSA did have intelligence on them (Tamerlan Tsarnaev was in international contact with known extremists and also downloaded AQAP’s Inspire magazine repeatedly). Only, that intelligence got missed, even with the multiple warnings from FSB about Tamerlan.

Perhaps Schindler thinks that Snowden retroactively caused the NSA to overlook the intelligence on Tamerlan Tsarnaev? Perhaps Schindler doesn’t consider an attack that killed 3 and injured 260 people a “major jihadist attack”?

It’s very confusing, because I thought the Boston attack was a major terrorist attack, but I guess right wing propagandists trying to score points out of tragedy can ignore such things if it will spoil their tale of perfection.

Update: LAT reports that Malik’s Facebook posts were also private, on top of being written under a pseudonym. Oh, and also in Urdu, a language the NSA has too few translators in. The NSA (but definitely not the State Department) does have the ability to 1) correlate IDs to identify pseudonyms, 2) require providers to turn over private messages — they could use PRISM and 3) translate Urdu to English. But this would be very resources intensive and as soon as State made it a visa requirement, anyone trying to could probably thwart the correlation process.

Share this entry

Brennan Was Probably Talking about the Telegram PRISM Gap as Much as Encryption

/8 Comments/in /by

I noted the other day that at a pre-scheduled appearance Monday, Josh Rogin cued John Brennan to explain how the Paris attack happened without warning. In my opinion, the comment has been badly misreported as an indictment solely of Edward Snowden (though it is that) and encryption. I’ve put the entire exchange below but the key exchange was this:

And as I mentioned, there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it. And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve. And in the past several years because of a number of unauthorized disclosures and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that are taken that make our ability collectively internationally to find these terrorists much more challenging. And I do hope that this is going to be a wake-up call, particularly in areas of Europe where I think there has been a misrepresentation of what the intelligence security services are doing by some quarters that are designed to undercut those capabilities.

Brennan talks about technology that makes it difficult technically and legally to uncover plots. Encryption is a technical problem — one the NSA has proven its ability to overcome — that might be called a legal one if you ignore that NSA has the ability to overcome the lack of a legal requirement to provide back doors. But I agree this passage speaks to encryption, if not other issues.

In the next sentence, though, he talks about inadvertent or intentional gaps created “particularly in Europe.” He talks about plural unauthorized disclosures — as I noted, Josh Rogin’s own disclosure that the US had broken AQAP’s online conferencing technique may have been more directly damaging than most of Snowden’s leaks —  and “handwringing.” Those have led to “policy and legal and other actions” that have made it harder to find terrorists. In the next sentence, Brennan again emphasizes that “particularly in areas of Europe,” there needs to be a “wake-up call” because “there has been a misrepresentation” of what the spooks are doing, which he suggests was deliberately “designed to undercut those capabilities.”

So the paragraph where he speaks of these problems, he twice emphasizes that Europe in particular needs to adjust its approach.

Last I checked, Europe didn’t pass USA Freedom Act (which would not, in any way, have restricted review of Parisian targeters). Some countries in Europe are more vigorously considering limits on encryption, but those would be just as ineffective as eliminating the code that’s already out there.

What Europe has done, however, is make it harder for our PRISM providers to share data back and forth between Europe (and with providers considering moving servers to Europe, it will raise new questions about the applicability of PRISM for that data). And Europe (not just Europe, but definitely including Europe) has created a market need for US tech companies to distance themselves from the government.

And in the case of Germany, politicians have been investigating how much its BND has done for NSA, and especially which impermissible German people and companies were targeted as part of the relationship. I noted that Brennan raised similar issues just days after the BND investigation turned scandalous in March, and recent revelations have raised new pressure on BND.

With that in mind, in particular, consider what one of the more responsible reports on Brennan’s speech, that of Shane Harris, focused on — terrorists’ use of Berlin headquartered social messaging app Telegram. If terrorists were using WhatsApp (which a lot of the fearmongering focused on), the metadata, at least, would be available via Facebook. But since Telegram is not a US company, it cannot be obliged under Section 702 of FISA, and that surely creates just the kind of gap Brennan was talking about.

Since Brennan’s speech, Telegram has started deleting the special channels set up by ISIS to communicate.

I’m sure Brennan is complaining about encryption and if he can get Congress to force domestic back doors, I’m sure he will (though ISIS reportedly shies away from Apple products, so forcing Apple to give up its encrypted iMessage won’t help track down ISIS). But his speech seemed focused much more intently on ways in which, in the aftermath of the Snowden leaks, Europeans have opportunistically localized data and, in the process, made that data far less accessible to the NSA. Brennan, as I made clear in March, definitely would prefer the Europeans rely on Americans for their SIGINT (and in the process agree to some inappropriate spying in their home country), and the gap created by terrorists’ reliance on Telegram is one way to exert pressure on that point.

Read more

Share this entry

Author of Story Based on Leaks about Surveillance Parrots Brennan Condemning Leaks about Surveillance

/7 Comments/in , /by

Josh Rogin is among many journalists who covered John Brennan’s complaints about how “a number of unauthorized disclosures”and hand-wringing about our surveillance capabilities this morning (which was a response to Rogin asking “what went wrong” in Paris in questions).

But Brennan also said that there had been a significant increase in the operational security of terrorists and terrorist networks, who have used new commercially available encryption technologies and also studied leaked intelligence documents to evade detection.

“They have gone to school on what they need to do in order to keep their activities concealed from the authorities,” he said. “I do think this is a time for particularly Europe as well as the U.S. for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence services to protect the people that they are asked to serve.”

The FBI has said that Internet “dark spaces” hinder monitoring of terrorism suspects. That fuels the debate over whether the government should have access to commercial applications that facilitate secure communications.

Brennan pointed to “a number of unauthorized disclosures” over the past several years that have made tracking suspected terrorists even more difficult. He said there has been “hand wringing” over the government’s role in tracking suspects, leading to policies and legal action that make finding terrorists more challenging, an indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.

I find it interesting that Rogin, of all people, is so certain that this is an “indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.” It’s a non-sensical claim on its face, because no surveillance program has yet been restricted in the US, though FBI has been prevented from using NSLs and Pen Registers to bulk collection communications. The phone dragnet, however, is still going strong for another 2 weeks.

That reference — as I hope to show by end of day — probably refers to tech companies efforts to stop the NSA and GCHQ from hacking them anymore, as well as European governments and the EU trying to distance themselves from the US dragnet. That’s probably true, especially, given that Brennan emphasized international cooperation in his response.

I’m also confused by Rogin’s claim Jim Comey said Tor was thwarting FBI, given that the FBI Director said it wasn’t in September.

Even more curious is that Rogin is certain this is about Snowden and only Snowden. After all, while Snowden’s leaks would give terrorists a general sense of what might not be safe (though not one they tracked very closely, given the Belgian Minister of Home Affair’s claim that they’re using Playstation 4 to communicate, given that one of Snowden’s leaks said NSA and CIA were going after targets use of gaming consoles to communicate at least as early as 2008).

But a different leak would have alerted terrorists that their specific communications techniques had been compromised. The leak behind this story (which was a follow-up on leaks to the NYT, McClatchy, and WaPo).

It wasn’t just any terrorist message that triggered U.S. terror alerts and embassy closures—but a conference call of more than 20 far-flung al Qaeda operatives, Eli Lake and Josh Rogin report.
The crucial intercept that prompted the U.S. government to close embassies in 22 countries was a conference call between al Qaeda’s senior leaders and representatives of several of the group’s affiliates throughout the region.

The intercept provided the U.S. intelligence community with a rare glimpse into how al Qaeda’s leader, Ayman al-Zawahiri, manages a global organization that includes affiliates in Africa, the Middle East, and southwest and southeast Asia.

Several news outlets reported Monday on an intercepted communication last week between Zawahiri and Nasser al-Wuhayshi, the leader of al Qaeda’s affiliate based in Yemen. But The Daily Beast has learned that the discussion between the two al Qaeda leaders happened in a conference call that included the leaders or representatives of the top leadership of al Qaeda and its affiliates calling in from different locations, according to three U.S. officials familiar with the intelligence. All told, said one U.S. intelligence official, more than 20 al Qaeda operatives were on the call.

[snip]

Al Qaeda leaders had assumed the conference calls, which give Zawahiri the ability to manage his organization from a remote location, were secure. But leaks about the original intercepts have likely exposed the operation that allowed the U.S. intelligence community to listen in on the al Qaeda board meetings.

That story — by Josh Rogin himself! (though again, this was a follow-up on earlier leaks) — gave Al Qaeda, though maybe not ISIS, specific notice that one of their most sensitive communication techniques was compromised.

It’s really easy for journalists who want to parrot John Brennan and don’t know what the current status of surveillance is to blame Snowden. But those who were involved in the leak exposing the Legion of Doom conference call (which, to be sure, originated in Yemen, as many leaks that blow US counterterrorism efforts there do) might want to think twice before they blame other journalism.

Share this entry

Obama’s Extends Forever War in Afghanistan before MSF Report Comes Out

/21 Comments/in /by

President Obama, as you’ve likely heard, just announced an extension of the Afghan mission. He insists combat operations in Afghanistan are over. He insists the role of the “train, advise, assist” advisors on the ground won’t change. Our troops just need to stick around in Afghanistan until the training begins to take hold.

I’m most interested in the timing of this announcement. It comes 12 days after Americans — working at the behest of the Afghans we’re “train, advise, assisting” — destroyed a Médecins Sans Frontières hospital in Kunduz. Afghan commander General John Campbell, on a pre-planned trip to testify about how we need to extend our deployment, also answered questions about the attack and promised an investigation; he even suggested a preliminary investigation should be done within a month (so within the next 20 days).

Lucky for Obama, American reporters have short memories, otherwise some might ask him about the combat role these TAA advisors played two weeks ago today, returning fire against Taliban forces, just before the US destroyed a hospital. Because then we might be focusing on how Kunduz underscored that Americans will still be drawn into fighting.

But it’s the MSF bombing that would really undercut Obama’s decision to have us stay. Probably, the DOD investigation is going to show that the Afghans made unjustified claims about the Taliban operating from the hospital, most charitably because of confusion, but possibly because they didn’t like that the hospital treated Taliban members (and likely was treating some from fighting earlier in the week). It will also show Special Operations process on vetting totally violated protocol, which will raise more questions about precisely what role SOF is playing on the ground (and how our counterterrorism operations, such as this was, threaten to drag us back in).

So Obama rolled out his decision in that sweet spot, where most of the big reporting on the MSF attack has passed, but before the report will renew attention on precisely what we’re doing in Afghanistan.

One other point about Obama’s decision. In his announcement today — and in Campbell’s testimony last week — both men raved about what a great partner Ashraf Ghani is (both also made overly optimistic claims about how well power sharing is working). That should make it clear — if this analysis wasn’t already enough — that the shut-down of NSA’s full take on Afghanistan cell phone content that happened after WaPo and Intercept described the MYSTIC/SOMALGET programs has since been reversed. It’s clear Ghani has agreed to do what we have asked in order to get us to stay, and we surely asked for turn the full take back on, for troop protection if not to better spy on the Taliban. Which, of course, would indicate Clapper was lying again.

Finally, MSF has not backed off its demand for an independent investigation. It just launched a Change.org petition calling on President Obama to consent to an independent investigation.

Share this entry

The Lessons NSA Teaches When It Conflates Use of Encryption with Terrorism

/6 Comments/in , /by

Screen shot 2013-08-01 at 9.34.18 AM
Just a few days after our Egyptian allies sentenced 3 Al Jazeera journalists to 3 years in prison, Turkey joined the club, charging 2 UK Vice employees and their Turkish fixer with terrorism. Today, Al Jazeera explained why the Vice journalists got charged: because the fixer uses an encryption technique that members of ISIS also use.

Three staff members from Vice News were charged with “engaging in terrorist activity” because one of the men was using an encryption system on his personal computer which is often used by the Islamic State of Iraq and the Levant (ISIL), a senior press official in the Turkish government has told Al Jazeera.

Two UK journalists, Jake Hanrahan and Philip Pendlebury, along with their Turkey-based Iraqi fixer and a driver, were arrested on Thursday in Diyarbakir while filming clashes between security forces and youth members of the outlawed and armed Kurdistan Workers’ Party (PKK).

On Monday, the three men were charged by a Turkish judge in Diyarbakir with “engaging in terrorist activity” on behalf of ISIL, the driver was released without charge.

The Turkish official, who spoke on condition of anonymity, told Al Jazeera: “The main issue seems to be that the fixer uses a complex encryption system on his personal computer that a lot of ISIL militants also utilise for strategic communications.”

Note, the Vice journalists were reporting on PKK, not ISIS, but it wouldn’t be the first time Turkey used ISIS as cover for their war against PKK.

A lot of people are treating this as a crazy expression of rising Turkish repression, that it conflates use of encryption — even a certain kind of encryption! — with membership in ISIS.

But they’re not the only one who does so. As the slide above — and some other documents released by Snowden — makes clear, NSA makes the same conflation. How do you find terrorists without other information, this slide asks? Simple! You find someone using encryption.

While the US might not arrest people based on such evidence (though it did hold Al Jazeera journalist Sami al-Hajj for years without charge), they certainly make the same baseless connection.

Share this entry

Is the US Thwarting China’s Anti-Corruption (and Political Crime) Campaign to Retaliate for the OPM Hack?

/1 Comment/in , /by

Screen Shot 2015-08-17 at 6.13.36 PMTwo weeks after floating a story to the NYT the Obama asked for some creative ways to retaliate against China for the OPM hack, the NYT reported (in both English and a prominently linked Chinese translation) that “in recent weeks” the US told agents trying to chase down Chinese nationals accused of corruption to get out.

The Obama administration has delivered a warning to Beijing about the presence of Chinese government agents operating secretly in the United States to pressure prominent expatriates — some wanted in China on charges of corruption — to return home immediately, according to American officials.

The American officials said that Chinese law enforcement agents covertly in this country are part of Beijing’s global campaign to hunt down and repatriate Chinese fugitives and, in some cases, recover allegedly ill-gotten gains.

The Chinese government has officially named the effort Operation Fox Hunt.

The American warning, which was delivered to Chinese officials in recent weeks and demanded a halt to the activities, reflects escalating anger in Washington about intimidation tactics used by the agents. And it comes at a time of growing tension between Washington and Beijing on a number of issues: from the computer theft of millions of government personnel files that American officials suspect was directed by China, to China’s crackdown on civil liberties, to the devaluation of its currency.

Operation Fox Hunt is not new — or secret. It has been covered before by the US press, including updates on how many people official Chinese sources claim they have gotten to return for prosecution. The NYT follow-up admits — though the original didn’t provide the same level of detail — that DHS agreed in April to prosecute Chinese economic fugitives (which would extend the US habit of asserting jurisdiction where none exists) if provided real evidence of corruption.

But in April, the Department of Homeland Security worked out a new arrangement with China’s Ministry of Public Security, which oversees Operation Fox Hunt, to assist Beijing’s efforts to prosecute economic fugitives according to United States law. American officials, however, say China has so far failed to provide the necessary evidence.

Both NYT articles mention what the WSJ reports in more depth, including details of how these operatives are working: Among the economic fugitives in the US China is aggressively pursuing is Ling Wangcheng, the brother of a former top Hu Jintao aide

Mr. Ling’s brother was a top aide to China’s previous president, Hu Jintao, but was placed under investigation by the Communist Party in December and formally accused in July of bribe-taking, adultery and illegally obtaining state secrets.

For much of 2014, Mr. Ling was living under an alias in a mansion in a gated community in Loomis, Calif., near Sacramento, with Mr. Yuan’s ex-wife, neighbors said. The couple hasn’t been seen there since around October.

Mr. Ling is now the focus of political intrigue that could overshadow a visit to the U.S. in September by China’s leader, Xi Jinping.

Diplomats and analysts said Mr. Ling might have had access through this brother to sensitive information about Chinese leaders. If he sought political asylum, Mr. Ling would be the most significant Chinese defector in decades.

It isn’t clear why Mr. Ling, 55 years old, moved to the U.S. in 2013 or 2014. He lost touch with many friends in China around last fall, a family acquaintance said, but later reassured friends he was safe in the U.S.

The implication from this — and other recent reporting on Ling — is that he did get asylum in October, and has been cooperating with US authorities.

All that is probably only tangentially related to the US leak of its earlier decision — taken precisely as the US tries to find a way to retaliate for the OPM hack — to start cracking down on this Chinese effort.

There are two things I haven’t seen mentioned in coverage of this. First, remember that the US has engaged in a similar effort, using an offer of amnesty for rich tax cheats who had stashed their money in Swiss banks (though there have been what I believe to be similar efforts on the part of the US to expose tax cheats that have mostly focused on non-US citizens).

And don’t forget the lengths to which the US went to get someone who had top secrets to come back to the US, including when it had Austria ground Evo Morales’ plane so it could search for Edward Snowden.

In any case, I suspect the US used Operation Fox Hunt as an opportunity to let China know it knew of these admitted agents. Sort of a way for the US to tell China we know where its operatives in the US are, just as it knows where our operatives are in China, thanks to the OPM hack.

For its part, China’s Xinhua paper has scolded the US for harboring crooks (and provided slightly different details of the agreement pertaining to Fox Hunt).

Corruption is not only a serious problem in China, but also in the rest of the world. And in a world which is more and more connected, countries should take coordinated efforts in fighting corruption.

Although there is no extradition agreement between the United States and China, the two countries actually have already agreed on anti-corruption cooperation.

In April 2015, U.S. Homeland Security Secretary Jeh Johnson met Chinese Public Security Minister Guo Shengkun in Beijing, and they agreed to strengthen cooperation in law enforcement.

They agreed not to provide shelter for the other side’s fugitives and would try to repatriate them in accordance with law. Specifically, Johnson also promised to actively support China’s “Sky Net” and “Fox Hunt” operations, which aim to bring back corrupt officials.

So the U.S. government’s decision to force China’s law enforcement stuff to leave the country obviously reveals that Washington lacks sincerity and has failed to translate its words into action.

Some analysts even say that the United States is reluctant to repatriate those corrupt officials for the sake of their money of course.

Therefore, the United States, as a country that often stresses the rule of law, should clarify the issue and by no means become a safe haven for Chinese criminal suspects.

The US may have decided this would be an easy way to push back on China, but that won’t prevent China from scoring points from it.

Share this entry

Department of Energy: CyberSprinting Backwards

/2 Comments/in /by

Earlier this week, I noted that of the seven agencies that would automatically get cybersecurity data shared under the Cyber Information Sharing Act, several had similar or even worse cyberpreparedness than the Office of Personnel Management, from which China stole entire databases of information on our cleared personnel.

To make that argument, I used data from the FISMA report released in February. Since then — or rather, since the revelation of the OPM hack — the Administration has been pushing a “30 day sprint” to try to close the gaping holes in our security.

Yesterday, the government’s Chief Information Officer, Tony Scott, released a blog post and the actual results, bragging about significant improvement.

And there have been significant results (though note, the 30 day sprint turned into a 60 day middle distance run), particularly from OPM, Interior (which hosted OPM’s databases), and — two of those CISA data sharing agencies — DHS and Treasury.

Screen Shot 2015-08-01 at 9.19.01 AM

 

Whoa! Check out that spike! Congratulations to those who worked hard to make this improvement.

But when you look at the underlying data, things aren’t so rosy.

Screen Shot 2015-08-01 at 9.10.51 AM

 

We are apparently supposed to be thrilled that DOD now requires strong authentication for 58% of its privileged users (people like Edward Snowden), up 20% from the earlier 38%. Far more of DOD’s unprivileged users (people like Chelsea Manning?) — 83% — are required to use strong authentication, but that number declined from a previous 88%.

More remarkable, however, is that during a 30 day 60 day sprint to plug major holes, the Department of Energy also backslid, with strong authentication going from 34% to 11%. Admittedly, more of DoE’s privileged users must use strong authentication, but only 13% total.

DOJ (at least FBI and probably through them other parts of DOJ will receive this CISA information), too, backslid overall, though with a huge improvement for privileged users. And Commerce (another CISA recipient agency) also had a small regression for privileged users.

There may be explanations for this, such as that someone is being moved from a less effective two-factor program to a better one.

But it does trouble me that an agency as central to our national security as Department of Energy is regressing even during a period of concerted focus.

Share this entry

DOJ IG Report Confirms Government Flouted Statutory Requirements of Section 215 for 7 Years

/6 Comments/in /by

For over a year, Congress has been working on a “reform” to Section 215 that it claims will rein in abusive government spying.

Also for about a year, DOJ’s Inspector General has been trying to release a Report on Section 215 use up to 2009. That investigation first began 1,800 days ago.

DOJ has finally managed to release the report.

It confirms a number of things I have been reporting for years: that the government uses the provision to collect records that have nothing to do with phone records in bulk, the majority of which are now Internet records, definitely including URLs and probably including subject lines.

But the takeaway report is something else I’ve been reporting on for some time.

The government completely blew off a requirement imposed with the 2006 PATRIOT Act Reauthorization that the FBI (which is the only agency that’s supposed to use Section 215) adopt minimization procedures specifically for Section 215. Even after FBI missed its September 2006 deadline by claiming it had Interim Procedures, FISC kept approving Section 215 orders, even including paragraphs that appear in every phone dragnet order claiming the government has met that statutory requirement. A year after DOJ’s Inspector General pointed out FBI was violating the statute, FISC started imposing its own minimization procedures and reporting requirements (though not — as a court operating with more transparency might have done — denying orders). Finally, in March 2013, DOJ adopted minimization procedures (though it did not start actually complying with them until more than four months after Edward Snowden’s leaks focused more attention on bulk 215 orders).

In other words, Congress imposed a mandate designed to protect innocent Americans’ privacy in 2006. And DOJ blew that statutory mandate off for years. And FISC let it do so for years, approving order after order requiring FBI to have fulfilled that mandate. And only after 7 years (and some unexpected transparency) did DOJ start following the law.

These are the people Congress is rushing headlong to provide new authorities (including an Emergency provision that is designed to invite abuse): government agencies who simply refuse to follow Congressional mandates.

Share this entry

Edward Snowden Richard Burr Exposes IP Address Dragnet on Senate Floor

/12 Comments/in , /by

Update: As I show in this post, the transcription of Burr’s speech in the Congressional record removed the reference to IP addresses. 

Update: While Burr’s office did not respond to my request for comment, they did respond to Buzzfeed (which sadly didn’t ask the obvious follow-up questions). His office claims he misspoke, though apparently didn’t explain why he would confuse Section 215 and PRTT, why he would tie the Internet dragnet to phone calls, or why, if the current dragnet doesn’t collect Internet data but USA F-ReDux would, why that would not then be a welcome return for the Senator given his stated desire to track such collection. I have asked for comment again from Burr’s office on those questions. 

Since last summer, I have been emphasizing that the bulk of Section 215 orders collect Internet data, not phone records under the phone dragnet. I pointed to evidence that that production included data flows and noted FBI claims they use it to conduct hacking investigations.   But I have assumed that was primarily bulky collection, not bulk collection.

Not so. Earlier today, noted whistleblower Edward Snowden Senate Intelligence Chair Richard Burr revealed that there is also an IP address bulk collection program. (h/t Andrew Blake, after 2:15)

Now what’s bulk data? Bulk data is storing telephone numbers and IP addresses — we have no idea who they belong to — that are domestic. And the whole basis behind this program is that as a cell phone is picked up in Syria, and you look at the phone numbers that phone talked to, if there’s some in the United States we’d like to know that — at least law enforcement would like to know it — so that we can understand if there’s a threat against us here in the homeland [sic] or somewhere else in the world. So Section 215 allows the NSA to collect in bulk telephone numbers and IP addresses with no identifier on it. We couldn’t tell you who that American might be.

I thought when you leaked details like this it helped our enemies? I thought if you did such things you were a traitor, deserving of an orange jumpsuit at Gitmo?

Apparently not.

So it appears it’s the IP dragnet, and not the phone dragnet, that the Republicans are trying to save?

It’s a little late for that, though, given that the Second Circuit just ruled such dragnets illegal.

Share this entry