Posts

Pew-Related Headlines Should Read: Americans More Scared of ISIS than Real Attack

/23 Comments/in /by

Pew released a new poll yesterday that has led to some remarkably bad reporting. The most problematic I’ve seen is the WaPo declaring the “Post-Snowden Era” that suggests the concern for civil liberties purportedly sparked by Edward Snowden’s disclosures has shifted in light of the “real fear” Americans have of ISIS.

We’re now just 15 months removed from Edward Snowden’s first bombshell revelation about the United States’ massive surveillance apparatus. But with Islamic extremists putting down roots in Syria and Iraq, Americans are very much reverting to a pre-Snowden attitude toward civil liberties.

Or perhaps we should call it “post-Snowden.”

While the Snowden revelations led to a lot of American soul-searching when it came to just how much of our civil liberties we want to yield in the name of protecting ourselves from terrorism, the soul-searching has largely come to an end, according to a new poll.

[snip]

Given that very real fear, it’s perhaps not surprising to see people willing to cash in some of their civil liberties in exchange for peace of mind when it comes to their safety. But it also suggests the shift toward civil libertarianism and the criticism of the National Security Agency in the aftermath of all the Snowden revelations — of which more could certainly come and change things again— were very temporary.

Before I get into why this is so bad, first, look at what the report said. Amidst reporting that people are increasingly worried about “Islamic extremism,” Pew claims,

The survey also finds a shifting balance between concerns about civil liberties and protection from terrorism. In a reversal from last year after Edward Snowden’s NSA leaks, 50% today say they are more concerned that government anti-terrorism policies have not gone far enough to protect the country, while 35% are more concerned that the policies have gone too far in restricting civil liberties.

It claims to be reporting on a “balance” between “government anti-terrorism policies” and “restricting civil liberties.” But here’s what they actually asked: “What concerns you more about the government’s anti-terrorism policies?” In addition to picking either “They have gone too far in restricting the average person’s civil liberties” or “They have not gone far enough to adequately protect the country,” people apparently answered “Both,” “neither,” “approve of policies” (9% of respondents in this poll answered one of those things; the number has varied from 8% to 13% since Pew started doing this question in July 2004), or “don’t know” or “refused” (6% in this poll, which is the all-time low, with the number ranging up to 13%). So around 10% of respondents have consistently rejected the structure of the question.

I’d say there’s a good reason for that: because there is not necessarily any reason to believe there is a balance between counterterrorism and civil liberties. Not to mention, there are plenty of other legitimate concerns about our counterterrorism policy that Pew didn’t poll. What would the polling look like, for example, if it included “Our anti-terrorism policies have involved far too many illegal wars launched against Muslim countries”?

In other words, Pew is asking people to choose, but it doesn’t actually ask respondents to “balance” these two things. Thus by reporting this as a balance, Pew is imposing its own judgment that it is a balance, a belief which its question isn’t designed to measure. Pew just assumes it is so and reports it as such.

Let me interject and say that I am not doubting the polls reflect a very real change in attitudes in recent weeks. Nor am I doubting that a lot of people do believe this is a balance. Nor do I doubt that some of the poll movement is satiation with a civil liberties focus or even a belief that we do have to double down on the dragnet.

It would be very interesting to measure those things, if someone actually asked questions designed to measure them. I am not doubting Pew’s numbers, just what we can conclude from them.

Now let’s go back to the WaPo. It claimed, in part, that polls reflected people choosing to “cash in some of their civil liberties in exchange for peace of mind.” That adopts the same unjustified “balance” interpretation that Pew did (perhaps because Pew used that language in its report). Some people likely are thinking in terms of cashing in their civil liberties, but this poll didn’t actually measure that.

The WaPo reporting is even worse with respect to its claims that Edward Snowden is the sole explanation for higher support for civil liberties last year. Not only does it have a correlation/causation problem, it doesn’t even have correlation.

Pew and WaPo compare — correctly for measurement purposes — last week’s results with the results from a poll taken in the same series July 2013 (though WaPo gets the timing of that poll wrong), just a month after Snowden’s leaks started. It is true that July was — in Pew’s poll — the high point for civil liberties support in its poll, and that an October 2013 poll showed the beginning of a decline in concern for civil liberties and a rise in concern about protecting the country. Therefore it is true that support for civil liberties since a month after the Snowden leaks first started appearing has declined.

Also Pew did a different series of polls tracking opinion about what Snowden disclosed, which is a fair measurement about changes in perception of spying since Snowden’s leaks. That measured a real decline in support for what Pew inaccurately described in questions as NSA’s counterterrorism spying that persisted at least as late as January. In that series, Pew also presumed factually false details about the dragnet. So a flawed series of polls had actually shown increasing disapproval of the dragnet the last time it was released, but we don’t know how that data has changed in the 8 months since it was polled.

But the real problem with WaPo’s proclamation of a post-Snowden era is it doesn’t cite any polling from before the Snowden stories started (Pew’s previous poll in the civil liberties or counterterrorism series was way back in 2010). To make a claim about how much Snowden influenced civil liberties support, you’d have to cite the same poll from before and from after those stories started. WaPo doesn’t do that at all; it just assumes the record high support for civil liberties was caused by Snowden.

Now I wish Pew had polling from just before the Snowden leaks, because they might show something really remarkable.

Consider this CNN poll, taken (from a much smaller sample) on April 30, 2013, just two weeks after the first successful terrorist attack targeted at civilians since the anthrax attacks. It showed a somewhat elevated level of concern that the respondent or a family member might be the victim of a terrorist attack. (It also showed an all time high in that series — 63% — believing that terrorists would always find a way to attack.)

But the most remarkable part of that poll — one which got a lot of coverage at the time — was this question:

Screen shot 2014-09-11 at 2.20.51 PM

Again, this can’t be compared with the Pew poll; the questions and polling methodology are different. Though to the extent they might be comparable, it would support an interpretation of a decline in relative support for civil liberties. It would also, however, raise real questions about whether Snowden was responsible for all or even most of Americans’ heightened support for civil liberties.

But what a poll taken two weeks after an actual terrorist attack and a month before Snowden’s stories started being reported showed that Americans were far more worried that the response to the attack would be a crackdown on civil liberties than they were about needing new anti-terror policies. Americans already showed a remarkably high degree of support for civil liberties.

Now I agree with the WaPo: a slew of polls do show Americans peeing their pants about perceived threats. As the WaPo notes, this NBC/WSJ poll shows more Americans feel less safe now than they have since 9/11 — almost a 20 point spike from this time last year, a year when terrorists actually succeeded in attacking the US.

Screen shot 2014-09-11 at 2.38.04 PM

 

 

And I’d love to know what’s behind the numbers on whether changes have been more good than bad. Are so many people peeing their pants because a general malaise has the susceptible to fear-mongering? Does that mean they like or hate the dragnet? Or just the President?

But here’s the thing.

If there is a tie between the way America is peeing its pants and support or not for civil liberties, this is not about actual threats. Here’s what President Obama said last night.

So ISIL poses a threat to the people of Iraq and Syria, and the broader Middle East — including American citizens, personnel and facilities.  If left unchecked, these terrorists could pose a growing threat beyond that region, including to the United States.  While we have not yet detected specific plotting against our homeland, ISIL leaders have threatened America and our allies.

This is not to say ISIS is not a threat or — more accurately, a very dangerous entity that is currently focused far away from the US. But the President, at least, doesn’t think they’re about to attack Boston.

13 years after 9/11 the American people are far more afraid after a month of fearmongering about an inflated threat than they were last year, weeks after terrorists succeeded in attacking.

But all this seems to be saying that Americans are far more afraid of the fearmongering images than of the actual threat of terrorism. If Americans have changed their relative concern about civil liberties because they are afraid, it’s not the actual threats that are causing that change.

Perhaps Pew should start a new series: Are you more afraid of terrorism, or of what your country will do by inflating the threat of terrorism?

Under Clapper’s Continuous Monitoring CIA Could Continuously Monitor SSCI on CIA Network

/8 Comments/in , /by

As I pointed out the other day, the CIA IG Report on spying on the Senate Intelligence Committee appears to say the egregious spying happened after John Brennan told Dianne Feinstein and Saxby Chambliss on January 15 CIA had been spying on SSCI.

Agency Access to Files on the SSCI RDINet:

Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.

Agency Crimes Report on Alleged Misconduct by SSCI Staff:

The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.

Office of Security Review of SSCI Staff Activity:

Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on the RDINet system.

With that in mind, consider this passage of James Clapper’s July 25, 2014 response to Chuck Grassley and Ron Wyden’s concerns about Clapper’s new ongoing spying on clearance holders.

With respect to your second question about monitoring of Members of Congress and Legislative Branch employees, in general those individuals will not be subject to [User Activity Monitoring] because their classified networks are not included in the definition of national security systems (NSS) for which monitoring is required.

[snip]

Because no internally owned or operated Legislative branch network qualifies as a national security system, UAM by the Executive Branch is accordingly neither required nor conducted. To be clear, however, when Legislative Branch personnel access a national security system used or operated by the Executive Branch, they are of course subject to UAM on that particular system.

CIA’s spying on SSCI took place on CIA’s RDI network, not on the SSCI one. SSCI had originally demanded they be given the documents pertaining to the torture program, but ultimately Leon Panetta required them to work on a CIA network, as Dianne Feinstein explained earlier this year.

The committee’s preference was for the CIA to turn over all responsive documents to the committee’s office, as had been done in previous committee investigations.

Director Panetta proposed an alternative arrangement: to provide literally millions of pages of operational cables, internal emails, memos, and other documents pursuant to the committee’s document requests at a secure location in Northern Virginia. We agreed, but insisted on several conditions and protections to ensure the integrity of this congressional investigation.

Per an exchange of letters in 2009, then-Vice Chairman Bond, then-Director Panetta, and I agreed in an exchange of letters that the CIA was to provide a “stand-alone computer system” with a “network drive” “segregated from CIA networks” for the committee that would only be accessed by information technology personnel at the CIA—who would “not be permitted to” “share information from the system with other [CIA] personnel, except as otherwise authorized by the committee.”

It was this computer network that, notwithstanding our agreement with Director Panetta, was searched by the CIA this past January,

Presumably, those limits on access should have prevented CIA’s IT guys from sharing information about what SSCI was doing on the network. But it’s not clear they would override Clapper’s UAM.

Remember, too, when Brennan first explained how this spying didn’t qualify as a violation of the Computer Fraud and Abuse Act, he said CIA could conduct “lawfully authorized … protective … activity” in the US. Presumably like UAM.

I have no idea whether this explains why CIA’s IG retracted what Feinstein said had been his own criminal referral or not. But I do wonder whether the CIA has self-excused some of its spying on SSCI in the interest of continuous user monitoring?

If so, it would be the height of irony, as UAM did not discover either Chelsea Manning’s or Edward Snowden’s leaks. Imagine if the only leakers the Intelligence Community ever found were their own overseers?

Edward Snowden’s Smut

/9 Comments/in /by

In an interview with the Guardian published yesterday, Edward Snowden claimed that compromising pictures get shared around NSA.

Made a startling claim that a culture exists within the NSA in which, during surveillance, nude photographs picked up of people in “sexually compromising” situations are routinely passed around.

Boing Boing transcribed his comments on it.

The usual whiners are suggesting Snowden is making this up and demanding proof.

They seem to have forgotten the proof we’ve already seen of NSA officially retaining sexually compromising material. Here’s what Bart Gellman described in a follow-up to WaPo’s recent report on the data collected under Section 702.

Among the large majority of people who are not NSA targets, many of the conversations in our sample are exceedingly private. Often they are very far from publishable, without editing.

Him: “How about you [verb, possessive adjective, noun]

Her: “I [verb] if you [another verb].”

Him: “That can be arranged.”

Her: “I really need punishment.”

Another young woman, also not a target, responds to a suitor who proposes to pay a visit.

Her: “don’t think that would b fair on the guy im seeing”

Him: “you can be a bit naughty at times lol”

Her: “Yeah lol”

The conversation proceeds from there.

This is stuff officially retained by NSA. This is stuff they claim has foreign intelligence value. This is sexually compromising. And Gellman says many of the retained communications are like that.

Sure, I get that NSA wants to contact chain on who’s fucking whom, just as they want to chain on who’s calling whom.  But to do that, they’re retaining smut.

The Unaudited Tech Analyst Access to US Person Data

/16 Comments/in /by

In addition to its exposure of the sheer senselessness of much of the spying NSA engages in, yesterday’s WaPo story also shows that the government’s assurances that Edward Snowden could not access raw data have been misplaced.

For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material.

As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists.

“He didn’t get this data,” Alexander told a New Yorker reporter. “They didn’t touch —”

“The operational data?” the reporter asked.

“They didn’t touch the FISA data,” Alexander replied. He added, “That database, he didn’t have access to.”

Robert S. Litt, the general counsel for the Office of the Director of National Intelligence, said in a prepared statement that Alexander and other officials were speaking only about “raw” intelligence, the term for intercepted content that has not yet been evaluated, stamped with classification markings or minimized to mask U.S. identities.

“We have talked about the very strict controls on raw traffic, the training that people have to have, the technological lockdowns on access,” Litt said. “Nothing that you have given us indicates that Snowden was able to circumvent that in any way.”

In the interview, Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA’s Hawaii operations center gave him “unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ‘Dual Authorities’ role,” a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content — and “task” new collection — without prior approval of his search terms.

No one should ever have believed those assurances.

That’s because the documentation on the Section 215 program makes it clear how little oversight there is over tech people just like Snowden. The current phone dragnet order, for example, makes it clear that:

  • Tech personnel may access the phone dragnet data to tweak it in preparation for contact-chaining
  • Unlike intelligence analysts, tech personnel may query the phone dragnet data with selectors that have not been RAS-approved
  • Tech personnel may also conduct regular queries using RAS-approved selectors
  • Tech personnel may access the dragnet data to search for high volume numbers — this may require access to raw data
  • Some of the tech personnel (those in charge of infrastructure and receiving data from the telecoms) are exempt from special training on the phone dragnet data

The audit language in the dragnet order applies only to “foreign intelligence analysis purposes or using foreign intelligence analysis tools,” suggesting the tech analysis role access to the dragnet data is not audited.

Language in the order defining “NSA” suggests contractors may access the data (though it’s unclear whether they do so in a technical or intelligence analysis function); something made explicit in Dianne Feinstein’s bill.

That is, it is at least possible that Booz analysts are currently conducting audit-free tech massaging of the raw phone dragnet data.

And NSA knew this access was a vulnerability. As recently as 2012, tech analysts were found to have 3,000 files worth of phone dragnet data (it’s unclear how much data each file included) on an improper server past its required destruction date. NSA destroyed that data before definitively researching what it was doing there.

Thus, the risk of tech analyst breach is very real, and no one — not NSA, and not Congress, which has only codified this arrangement — seems to be addressing it.

Indeed, it is likely that some kind of Booz-type contractors will continue to have direct access to this data after it gets outsourced to the telecoms, otherwise USA Freedumber would not extend immunity to such second-level contractors.

For months, intelligence officials claimed not only that Snowden had not accessed raw data, but could not. That was always a dubious claim; even if Snowden couldn’t have accessed that data, other contractors just like him could and still can, with less oversight than NSA’s intelligence analysts get.

But it turns out Snowden could and did. And thanks to that, we now know many of the other claims made by government witnesses are also false.

Snowden’s Spiegel Files, Working Thread

/5 Comments/in /by

I’ve decided the best way to digest the collection of documents released by Spiegel this week is to do a working thread. You can find links to the individual files here, or a very big PDF of all files here.

NSA, BND, BfV sharing

Note they describe using XKeyscore for “behavior detection techniques.” Even in physical space, it’s not clear current science supports the validity of such behavior detection. But this involves using someone’s online behavior to translate “behavior” into suspicion.

In the list of topics they share on, there’s Der Spiegel has redacted the place in “Europeans traveling to [redacted] to fight.” That’s presumably Syria (though could be Somalia). It’d be interesting to see the lead time on this international sharing and the time it shows up in news articles.

Note the reference to using XKeyscore for (German) domestic warranted content.

In October 2011, SSG partnered with SUSLAG and BND to conduct a demonstration of XKEYSCORE to the BfV using BfV domestic warranted collection. The BND XKEYSCORE system successfully processed DSL wiretap collection belonging to a German domestic CT target.

I’ve long wondered whether they can use XKS for US domestic content. This would seem to suggest they can. It sort of makes you wonder whether they’d give XKS to telecoms under USA Freedumber?

Comprehensive internal summary of history

Note the other documents describe the partnership primarily in terms of CT, but this document makes it clear it also includes transnational crime and counternarcotics, Afghan support, and one redacted topic.

Note cyber is something that is later described as something NSA is pushing (in January 2013) to get BND to partner on. This document describes IAD as leading discussions at this point (January 2013); but described a follow-up meeting with NTOC and FAD that same month.

Note Germany’s role in translating Igbo, left unredacted. This, and a number of other redacted references, seems to suggest the Germans play a key role in our collection and analysis of intelligence from Nigeria. Note, that might support the notion that one of the redacted sharing purposes is energy-related.

Germany appears to play a key role in our GSM collection. Note they also play a key role in VoIP, which may be why they were so interested in accessing Skype. Germany has already changed its privacy law to help us, but NSA isn’t satisfied. I’m reminded of US Ambassador to Germany Philip Murphy’s bitching about Germans not understanding the need to share information in the Internet era.

Beginnings of ESC

In 2012, Boundless Informant was going to soon roll out a “if you like this you’ll like this” query suggestion mode.

Read more

Alan Grayson: Is Keith Alexander Selling Classified Information to the Banks?

/12 Comments/in , , /by

I’ve been tracking Keith Alexander’s utterly predictable new gig, getting rich off of having drummed up cybersecurity concerns for the last several years, while at the same time shacking up with the most dubious of shadow bank regulators, Promontory Financial Group.

Apparently, I’m not the only one. Alan Grayson just sent some of the entities that Alexander has been drumming up business with — the Security Industries and Financial Markets Association, Consumer Bankers Association, and Financial Services Roundtable — a letter asking how the former NSA Director can be making a reported $600,000 a month. He cites Bruce Schneier wondering whether part of the deal is that Alexander will share classified information he learned while at NSA.

Security expert Bruce Schneier noted that this fee for Alexander’s services is on its face unreasonable. “Think of how much actual security they could buy with that $600K a month.Unless he’s giving them classified information.” Schneier also quoted Recode.net, which headlined this news as: “For another million, I’ll show you the back door we put in your router.”

[snip]

Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you.

Please send me all information related to your negotiations with Mr. Alexander, so that Congress can verify whether or not he is selling military and cybersecurity secrets to the financial services industry for personal gain.

Alexander is just the latest of a long line of people who profit directly off driving up the cybersecurity threat. But — as Recode.net notes — he’s also got the kind of inside information that could be particularly valuable.

As the Intelligence Industrial Complex and the Banking industry hop into bed together, there ought to be some transparency about just what kind of deals are being made. There’s simply too much immunity handed out to this community to let boondoggles like Alexander’s slide.

The intelligence community is subjecting every low level clearance holder to intense scrutiny right now. But thus far, there has not been a peep from those quarters that the former DIRNSA could command these fees for the expertise gained while overseeing the nation’s secrets.

Post Snowden: The Government Doubles Down on Hard Power

/14 Comments/in , /by

I was asked to participate in a CATO debate about where we are a year post Snowden. My contribution to that debate — in which I argue any big drama going forward will come from the newly adversarial relationship between Google and the NSA —  is here.

As part of that, I argued that the government made a choice after Snowden: to double down on hard power over soft power.

The conflict between Google and its home country embodies another trend that has accelerated since the start of the Snowden leaks. As the President of the Computer & Communications Industry Association, Edward Black, testified before the Senate last year, the disclosure of NSA overreach did not just damage some of America’s most successful companies, it also undermined the key role the Internet plays in America’s soft power projection around the world: as the leader in Internet governance, and as the forum for open speech and exchange once associated so positively with the United States.

The U.S. response to Snowden’s leaks has, to a significant degree, been to double down on hard power, on the imperative to “collect it all” and the insistence that the best cyberdefense is an aggressive cyberoffense. While President Obama paid lip service to stopping short of spying “because we can,” the Executive Branch has refused to do anything – especially legislatively – that would impose real controls on the surveillance system that undergirds raw power.

And that will likely bring additional costs, not just to America’s economic position in the world, but in the need to invest in programs to maintain that raw power advantage. Particularly given the paltry results the NSA has to show for its domestic phone dragnet – the single Somali taxi driver donating to al-Shabaab that Sanchez described. It’s not clear that the additional costs from doubling down on hard power bring the United States any greater security.

Because I was writing this essay, that’s largely where my mind has been as we debate getting re-involved in Iraq.

In the 3 or 4 wars we’ve waged in the Middle East/South Asia since 9/11 (counting Afghanistan, Iraq, Libya, and Syria), we’ve only managed to further destabilize the region. That was largely driven by a belligerence that goes well beyond our imperative to collect it all.

But I do think both the Snowden anniversary and the Iraq clusterfuck should focus far more energy on how we try to serve American interests through persuasion rather than bombs and dragnets.

Those Cable Landings Chelsea Manning Didn’t Leak

/1 Comment/in , /by

Oman Cable LandingsYesterday, The Register published what it claims is the story that led GCHQ to destroy the Guardian’s hard drives: the location of a key GCHQ base in the Middle East and its relationships with British Telecom and Vodaphone.

While the BT/Vodaphone details are worth clicking through to read, I’m particularly interested in the focus on the base in Oman. (See an interactive map of the cable landings here.)

The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen.

British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.

The Brits would have you believe — and I have no reason to doubt them — that this cable landing in Oman is one of the key points in their surveillance infrastructure.

I raise this because of a cable listing the globe’s critical infrastructure — and fearmongering surrounding it — that Chelsea Manning leaked to Wikileaks. As I noted at the time, while the cable lists a slew of cable landings as critical infrastructure sites — including the Hibernia Atlantic undersea cable landing in Dublin, which gets mentioned in the Register story — it does not list a single cable landing site in the Middle East.

NEAR/MIDDLE EAST

Djibouti:
Bab al-Mendeb: Shipping lane is a critical supply chain node

Egypt:
‘Ayn Sukhnah-SuMEd Receiving Import Terminal
‘Sidi Kurayr-SuMed Offloading Export Terminal
Suez Canal

Iran:
Strait of Hormuz
Khark (Kharg) Island Sea Island Export Terminal
Khark Island T-Jetty

Iraq:
Al-Basrah Oil Terminal

Israel:
Rafael Ordnance Systems Division, Haifa, Israel: Critical to Sensor Fused Weapons (SFW), Wind Corrected Munitions Dispensers (WCMD), Tail Kits, and batteries

Kuwait:
Mina’ al Ahmadi Export Terminal

Morocco:
Strait of Gibraltar
Maghreb-Europe (GME) gas pipeline, Morocco

Oman:
Strait of Hormuz

Qatar:
Ras Laffan Industrial Center: By 2012 Qatar will be the largest source of imported LNG to U.S.

Saudi Arabia:
Abqaiq Processing Center: Largest crude oil processing and stabilization plant in the world
Al Ju’aymah Export Terminal: Part of the Ras Tanura complex
As Saffaniyah Processing Center
Qatif Pipeline Junction
Ras at Tanaqib Processing Center
Ras Tanura Export Terminal
Shaybah Central Gas-oil Separation Plant

Tunisia:
Trans-Med Gas Pipeline

United Arab Emirates (UAE):
Das Island Export Terminal
Jabal Zannah Export Terminal
Strait of Hormuz

Yemen:
Bab al-Mendeb: Shipping lane is a critical supply chain node

Note, Bahamas’ telecom, which recent reporting has also noted is critical to NSA’s spying, also gets no mention.

That’s not surprising in the least. The cable (and the list) is classified Secret. NSA and GCHQ’s prime collection points are (as the Register notes) classified several levels above Top Secret.

And while the list provided some indication of what sites were significant by their absence, it’s likely that the sites that were listed were the relatively unimportant sites.

At trial, Manning’s lawyers repeatedly point out that she had chosen not to leak stuff from JWICS, which would be classified at a higher level. The stuff she leaked, which she got on SIPRNET, was by definition less sensitive stuff.

I don’t mean to suggest this reflects on the relative value of what either Edward Snowden or Chelsea Manning leaked. I think it is a good indication, though, of how unfounded a lot of the fear mongering surrounding this particular leaked cable was.

Predictably, Saxby Chambliss Makes a Bid for USA Freedumbest

/12 Comments/in /by

I’ve written several times about how HR 3361 — what others call USA Freedom Act and I dubbed the USA Freedumber Act when it was gutted in the House — is worse than the status quo in a number of ways.

But I’m also aware that the Senate could make it worse. I’m still waiting to see what kind of surprises Dianne Feinstein has in store for Thursday’s Senate Intelligence Committee hearing.

So I am thoroughly unsurprised that Ranking Republican Saxby Chambliss wants to make Freedumber worse.

Sen. Saxby Chambliss (R-Ga.) said the surveillance reform bill that passed the House last month goes too far in ending some of the National Security Agency’s (NSA) sweeping surveillance programs.

“I actually think they went a little bit too far on the bulk collection side of it,” Chambliss — the top Republican on the Senate Intelligence Committee — said Tuesday while speaking a Bloomberg event on cybersecurity.

I actually think this is a calculated move to add various transparency measures that Pat Leahy will respond to, but open up the floodgates to a full Internet-and-smart-phone dragnet. It will allow those who’ve gotten badly played in this negotiation an opportunity to declare victory even as the dragnet gets even worse.

Add this to the evidence this  is all a big play:

Chambless said that he and Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) and House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) will be able to reconcile any differences between the House bill and a reform bill that comes out of the Senate.

“I’m confident that Rogers, Ruppersberger, Dianne and I can bridge that gap quickly if we can get a bill out of the Senate,” he said.

The Gang of Four is just working to get to Conference, where they already seem to have in mind what they’ll produce.

Before we’re done, we’re sure to see USA Freedumbest.

As Snowden Leak Anniversary Approaches, Intelligence Community Prepares to Declare Victory

/21 Comments/in /by

As June 5 approaches — and with it the one year anniversary of the first reporting on Edward Snowden’s leaks — the privacy community is calling supporters to redouble efforts to improve the NSA “reform bill,” which I call the USA Freedumber Act, in the Senate.

I explained here why the Senate is unlikely to improve USA Freedumber in any meaningful way. The votes just aren’t there — not even in the Senate Judiciary Committee.

Ominously, Dianne Feinstein just scheduled an NSA hearing for Thursday afternoon, when most of the privacy community will be out rallying the troops.

Unless the surveillance community finds some way to defeat USA Freedumber, the intelligence community will soon be toasting themselves that they used the cover of Edward Snowden’s disclosures to expand surveillance. The “Edward Snowden Put the NSA in Your Smartphone Act,” they might call it.

To prevent that, the privacy community needs to find a way to defeat USA Freedumber. It’s not enough, in my opinion, to point to the judicial review codified by USA Freedumber to accede to letting this pass. Not only doesn’t USA Freedumber end what most normal people call, “bulk collection,” but it expands collection in a number of ways.

That’s true, in part, because of the way the bill defines “bulk collection.” USA Freedumber only considers something “bulk collection” if it collects all of some kind of data (so, all phone data in the US). If NSA limits collection at all — selecting to collect all the phone records from Area Code 202, for example — it no longer qualifies as bulk collection under the Intel Community definition used in the bill, no matter how broadly they’re collecting.

Here’s a post where I lay that out.

To make things worse, the last version of the House bill changed the term “selection term” to make it very broad: including “entities,” “addresses,” and “devices” among the things that count as a single target, all of which invite mass targeting. I was always skeptical about “specific selection term” serving as the limiting factor in the bill; key language about how the FISC currently understands “selection term” remains classified. But I do know that Zoe Lofgren and others in the House kept saying that under the current definition of the bill the government could collect all records in, say, my Area Code 202 example. And if that’s possible, it means the phone dragnet under this “reform” may be little more targeted than upstream Section 702 collection currently is, which has telecoms sniff through up to 75% of US Internet traffic.

But it’s not just that the bill doesn’t deliver what its boosters claim it does.

There are 4 other ways that the bill makes the status quo worse, as I show in this post:

  • The move to telecoms codifies changes in the chaining process that will almost certainly expand the universe of data being analyzed — potentially significantly
  • In three ways, the bill would permit the use of phone chaining for purposes beyond counterterrorism, which isn’t currently permitted
  • The bill weakens the minimization procedures on upstream Section 702 collection imposed by FISC Judge John Bates in 2011, making it easier for the government to collect and keep domestic content domestically
  • The bill moves the authority to set minimization procedures for Pen Registers from FISC to the Attorney General (and weakens them significantly), thus eliminating the tool John Bates used to shut down illegal content-as-metadata collection

In my opinion, these changes mean the NSA will be able to do much of what they were doing in 2009, before what were then called abuses — but under this bill would be legalized — were discovered. That, plus they’re likely to expand the dragnet beyond terrorism targets.

For a year, privacy advocates have believed we’d get reform in response to Snowden’s leaks. For too long, advocates treated HR 3361 as positive reform.

But unless we defeat USA Freedumber, the Intelligence Community will have used the event of Snowden’s leaks as an opportunity to expand the dragnet.