Posts

The People Who Work at Arthur Anderson NSA Are Such Nice People

/8 Comments/in /by

[youtube]uF40mZbrd7I[/youtube]

Back in 2001 or early 2002, I sat next to a lifetime Arthur Anderson accountant on a long plane ride. We talked about the Enron debacle and its ties to Anderson. She hadn’t worked the Enron account, and she insisted that Anderson itself was a highly ethical company — it was just the Enron account that was bad, she said. I gently raised the several other big accounting scandals Anderson starred in — Waste Management and Sunbeam both broke in 2001. But in her mind, that she and the people she worked with seemed like good people was all the proof she needed that Anderson was not a systematically unethical company.

That is, effectively, the defense that Bobby Chesney and Ben Wittes want to offer of the NSA after Chesney helped set up a special meeting of academics (plus Wittes) with the agency.

Our major takeaway concerns the dramatic disparity that separates the perception on the outside of what this agency does and NSA’s self-perception. To hear NSA folks talk about their compliance regime, for example, is to hear about an entirely different animal than the situation depicted in many new stories. To hear NSA folks discuss the relationship between encryption, cyber-security, and cyber offense is a different animal than to read news stories about how NSA breaks encryption. And so forth.  These conversations were all unclassified, but they vividly described a wide gap in understanding between NSA and the press, members of Congress, and the public regarding what the agency does and doesn’t do, how accountable and regulated it is, to what extent it complies with the law and how, and what the relevant law is.

That gap is unnecessary, or at least it need not be so wide. Read more

Share this entry

Bill Binney Told You So

/13 Comments/in /by

Remember when Bill Binney said NSA was compiling dossiers of Americans, but Keith Alexander said that wasn’t true?

A former NSA official has accused the NSA’s director of deception during a speech he gave at the DefCon hacker conference on Friday when he asserted that the agency does not collect files on Americans.

William Binney, a former technical director at the NSA, said during a panel discussion that NSA Director Gen. Keith Alexander was playing a “word game” and that the NSA was indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it.

“Unfortunately, once the software takes in data, it will build profiles on everyone in that data,” he said. “You can simply call it up by the attributes of anyone you want and it’s in place for people to look at.”

[snip]

Binney was contradicting statements made on Friday by Alexander, who told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.

“And anybody who would tell you that we’re keeping files or dossiers on the American people,” Alexander continued, “knows that’s not true.”

The tantalizing reporting duo of Laura Poitras and James Risen (writing at NYT) report the NSA is … compiling graphs that show Americans’ connections with foreign targets, using both communications metadata and public resources like bank, insurance, Facebook, flight, voting property, and GPS information.

Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.

[snip]

The policy shift was intended to help the agency “discover and track” connections between intelligence targets overseas and people in the United States, according to an N.S.A. memorandum from January 2011. The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners.

The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.

It sure sounds like a dossier to me.

But then, the safe bet was always to assume Keith Alexander (and James Clapper, who also denied this) was lying.

Share this entry

Ron Wyden’s Past Provocative Hearing Question on Cell Site Location

/8 Comments/in , /by

As I’ve noted, yesterday Ron Wyden got Keith Alexander to refuse to answer a question about whether the NSA has ever collected or made plans to collect Americans’ cell-site information in bulk.

Wyden: Senators Udall, Heinrich and I and about two dozen other senators have asked in the past whether the NSA has ever collected or made any plans to collect Americans’ cell-site information in bulk. What would be your response to that?

Gen. Keith Alexander (Alexander): Senator, on July 25, Director Clapper provided a non-classified written response to this question amongst others, as well as a classified supplement with additional detail. Allow me to reaffirm what was stated in that unclassified response. Under section 215, NSA is not receiving cell-site location data and has no current plans to do so. As you know, I indicated to this committee on October 20, 2011, that I would notify Congress of NSA’s intent to obtain cell-site location data prior to any such plans being put in place. As you may also be aware, –

Wyden: General, if I might. I think we’re all familiar with it. That’s not the question I’m asking. Respectfully, I’m asking, has the NSA ever collected or ever made any plans to collect Americans’ cell-site information. That was the question and we, respectfully General, have still not gotten an answer to it. Could you give me an answer to that? [my emphasis]

In addition to saying NSA is not doing so under Section 215, Alexander also pointed to two classified responses he would not repeat in unclassified setting.

Which I think confirms — as if there was any doubt — that the answer is yes, the NSA has at least planned, if not actually collected, cell-site location in bulk (though not necessarily under Section 215).

That said, many people are treating this as Wyden’s first provocative hearing question on the topic. This one — from February 2012, just after the US v Jones decision found use of a GPS to constitute a search — may provide some important insight onto the timing and rationale behind such bulk collection.

Wyden: Director Clapper, as you know the Supreme Court ruled last week that it was unconstitutional for federal agents to attach a GPS tracking device to an individual’s car and monitor their movements 24/7 without a warrant. Because the Chair was being very gracious, I want to do this briefly. Can you tell me as of now what you believe this means for the intelligence community, Read more

Share this entry

Ron Wyden’s What’s-Old-Is-New Question: Reverse Targeting

/2 Comments/in , /by

When you track Ron Wyden’s persistent attempts to squeeze answers out of National Security officials, you grow familiar with the rhythm of questions. Drone memos — Article II or AUMF, he asked for years before getting a still-secret answer. Has the government ever bulk collected location, Keith Alexander refused to answer yet again yesterday. As I noted, he publicly asked for the common commercial agreement OLC memo back in January before he asked again yesterday, in addition to a number of non-public requests he (and Russ Feingold) made.

That’s true of most of his questions from yesterday.

He asked, again, about the NSA’s ability to search through incidentally collected data for US person communications.

Section 702 of FISA was intended to give the government new authority to target foreigners, but the executive branch has argued that the NSA should have the authority to deliberately go through communications collected under section 702 and conduct warrantless searches for the communications of individual Americans. Has the NSA ever conducted any of these warrantless searches for individual Americans’ communications?

He tried to limit this in last year’s reauthorization, asked about it last fall, and caught Keith Alexander lying about it back in June.

The answer to the question, of course, is “Yes.”

He asked, again, how long the government has used PATRIOT to conduct bulk collection of US person data.

How long has the NSA used Patriot Act authorities to engage in the bulk collection of Americans’ records? And was this collection underway when Congress was voting to reauthorize the Patriot Act in late 2005 and early 2006?

He — and 25 other Senators — asked this question back in June. But Clapper refused to answer it.

The answer to the question (as has been confirmed by the 2009 draft NSA IG Report) is “Yes.” Which of course either means Congress added the “relevant to” language to shut down such bulk collection, or the government lied about how it was using the Pen Register/Trap and Trace and Business Records provisions when Congress reauthorized the PATRIOT Act in 2006.

But it’s the last question that — in this form at least — is new:

One of the recurring debates about section 702 of FISA is whether the law should include stronger protections against reverse targeting, which is the prohibited practice of trying to spy on Americans by collecting the communications of foreigners that those Americans are believed to be talking to. Since the FISA Amendments Act was passed in 2008, have there been any instances of reverse targeting by NSA analysts?

Don’t get me wrong. There has been plenty of discussion of reverse targeting going back to before the FISA Amendments Act (and, for that matter, the Protect America Act) were passed.

But the answer to this question, as with the two others, is almost surely “Yes.” Otherwise, Wyden wouldn’t have asked it (and planned to ask it during a public hearing).

Which means that, either before or after the FISA Court permitted the NSA to search through incidentally collected for US person communications (see question 1), it caught analysts picking foreign targets in such a way that they could collect the communications of Americans.

They did precisely what the law prohibits explicitly.

That is new.

No wonder DiFi ensured Wyden wouldn’t get a second round of questions, saving Keith Alexander and James Clapper from answering this in public.

Share this entry

Senate Intelligence Committee Open Hearings: A Platform for Liars

/9 Comments/in , /by

Pentagon Papers era NYT Counsel James Goodale has a piece in the Guardian attracting a lot of attention. In it, he says the first step to reform NSA is to fire the liars.

The NSA has lied to the Congress, the courts, and perhaps even to the president himself, but no one seems to care.

The Director of National Intelligence James R Clapper admitted he lied to Congress about the NSA metadata collection program. He said the NSA had no such program – and then added that that was the least “untruthful” remark he could make. General Keith Alexander, director of the National Security Agency, lied in 2012 that the NSA does not hold data on US citizens, and repeated similar misstatements, under oath, to Congress about the program:

We’re not authorized to do it [data collection on US citizens], nor do we do it.

NSA lawyers lied to secret Fisa court Judges John D Bates and Reggie B Walton. In recently released opinions, Bates said he had been lied to on three separate occasions and Walton said he had been lied to several times also.

But Clapper and Alexander have not been held in contempt of Congress. Nor have the Justice Department attorneys, who lied to Judges Walton and Bates, been disciplined.

And while he links to many of the best examples of James Clapper and Keith Alexander lying, he misses this.

In just its third open hearing this year, the Senate Intelligence Committee has arranged the following witnesses for tomorrow’s hearing on NSA’s spying.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.) today announced the committee will hold an open hearing to consider legislative changes to the Foreign Intelligence Surveillance Act, to include the NSA call records program, on Thursday, September 26, at 2 p.m.

WHAT:  Public hearing on FISA, NSA call records

WHO:

Panel I

  • Director of National Intelligence James Clapper
  • National Security AgencyDirector General Keith Alexander
  • Deputy Attorney General James Cole

Panel II

  • Ben Wittes, Brookings Institution
  • Tim Edgar, Watson Institute for International Studies, Brown University

So DiFi’s idea of an “open hearing” is to invite two established liars. And for her non-governmental witnesses, one keeps declaring Congress NAKED! in the face of evidence the government lies to them, and the other tells fanciful stories about how much data NSA shares.

It’s like DiFi goes out of her way to find liars and their apologists to testify publicly.

That’s nothing new, though. Those other two open hearings? The Global Threat Assessment hearing where Clapper assured Ron Wyden the NSA didn’t collect data on millions of Americans. And the confirmation hearing for John Brennan, who once claimed the US had killed no civilians in an entire year of drone strikes (and, if his odd mouth gestures were the tell they appeared to be, he lied about leaks to journalists including on UndieBomb 2.0 in the hearing as well.)

It’s DiFi’s committee. And if she wants every single open hearing to serve as a platform for accomplished liars, I guess that’s her prerogative.

But observers should be clear that’s the purpose of the hearings.

Share this entry

Dilma Throws Obama a BRIC

/7 Comments/in , , , /by

Screen shot 2013-09-17 at 2.57.28 PMI was actually surprised, back in May, when the White House announced a State Visit for Brazil’s President, Dilma Rousseff.

After all, not long after Obama visited Brazil in March 2011, the real started gaining value against the dollar, significantly slowing the boom Brazil had enjoyed in the wake of our crash.

When she was here in April 2012, Dilma explicitly blamed US Quantitative Easing for the reversal in currencies, and suggested the policy was meant to slow growth in countries like Brazil. Before that, Brazil’s boom and its advances in energy independence had put Brazil in a position to assume the global stature a country of its size might aspire to. And Dilma (partly correctly) blamed US actions for undercutting that stature.

I interpreted the State Dinner to be an attempt to woo Brazil away from natural coalitions with the Bolivarist governments of Latin America and the BRICS (Brazil, Russsia, India, China, and South Africa).

Fast forward to today, when the Brazilian government announced that it has postponed the visit that had been scheduled for October 23.

The usual suspects are mocking Dilma’s decision, insisting that everyone spies, and that Brazil is just making a stink for political gain. The White House statement echoes that, suggesting that it was the revelation of US spying, and not the spying itself, that created the problems.

The President has said that he understands and regrets the concerns disclosures of alleged U.S. intelligence activities have generated in Brazil and made clear that he is committed to working together with President Rousseff and her government in diplomatic channels to move beyond this issue as a source of tension in our bilateral relationship.

There is something to that stance. Dilma’s government faces a lot of unrest and the tensions of preparing for the World Cup. The portrayal that the US was taking advantage of Brazil caught her at a politically sensitive time.

All that said, those poo-pooing Brazil’s complaints ignore the specific nature of the spying as revealed. As I noted, even James Clapper’s attempt to respond to concerns raised by the original reports in Brazil didn’t address (and indeed, may have exacerbated) concerns that the US is engaging in financial war, including manipulating its currency to undercut other countries as they rise in relative power. If the US is using its advantages in SIGINT to engage in such financial war, Brazil has every reason to object, because it’s not something Brazil’s currency or telecommunications position make possible.

US disclaimers of industrial espionage no longer matter if the US is collecting SIGINT that would support substantive financial attacks, especially since Clapper in March made it clear the US envisions such attacks (even if they only admit to thinking in defensive terms).

Read more

Share this entry

Wyden/Udall: If Intelligence Community Is Dumb Rather than Malicious, Why Should We Trust Them?

/16 Comments/in /by

Ron Wyden and Mark Udall just released a second statement on last week’s Section 215 dragnet document dump, taking the intelligence community’s excuse — that no one really knew what these programs were doing — at face value.

If the IC is dumb rather than malicious, they ask, why should we take their word on the value of the programs?

The intelligence community’s defense was that these violations were occurring because no one had a full grasp of how the bulk collection program actually worked.

If the assertion that ineptitude and not malice was the cause of these ongoing violations is taken at face value, it is perfectly reasonable for Congress and the American people to question whether a program that no one fully understood was an effective defense of American security at all. The fact that this program was allowed to operate this way raises serious concerns about the potential for blind spots in the NSA’s surveillance programs. It also supports our position that bulk collection ought to be ended.

The government’s misrepresentations inevitably led to the Foreign Intelligence Surveillance Court being consistently misinformed as it made binding rulings on the meaning of U.S. surveillance law. This underscores our concern that intelligence agencies’ assessments and descriptions about particular collection programs — even significant ones — are not always accurate. It is up to Congress, the courts and the public to ask the tough questions and require intelligence officials to back their assertions up with actual evidence. It is not enough to simply defer to these officials’ conclusions without challenging them. [my emphasis]

Though I get the feeling that Wyden and Udall aren’t buying this “dumb not malicious” line.

Share this entry

Obama’s James Clapper’s Committee To Make You Love the Dragnet Has a Kiddie Table

/15 Comments/in /by

Spencer Ackerman has a review of how the first two meetings of Obama’s Non-Tech Tech Review panel have gone. And while they went about as horribly as I suspected — certainly there was no talk of actually fixing obvious problems with the dragnet — there are a few details that show how “most exceptional” this effort is.

The White House, having taken pains to pretend James Clapper is not in charge of the Director of National Intelligence Review Group on Intelligence and Communications Technologies, referred comment to James Clapper.

The White House deferred comment to the Office of the Director of National Intelligence, which did not respond.

The Non-Tech Tech Review Panel comes with a kiddie table — or rather, a conference room almost two miles away from the White House, where the tech giants got to eat.

During its first round of meetings, the panel, known as the Review Group on Intelligence and Communications Technology, separated two groups of outside advisers. One group included civil libertarian organizations such as the ACLU and the Electronic Privacy Information Center. It met in a conference room on K and 20th Streets. Morrell and Clarke did not attend.

The other, which met in the White House Conference Center, included technology companies that have participated – sometimes uneasily and at court behest – in NSA surveillance. All five panel members participated.

I’m not surprised the CIA’s representative on the Committee to Make You Love the Dragnet refused to be seen at the kiddie table with civil libertarians. But Richard Clarke?

Finally, the tech companies appear not to have sent tech experts.

The meeting itself struck [New America Foundation VP Sascha] Meinrath as bizarre. Representatives from the technology firms were identified around the table not by their names, but by placards listing their employers. There was minimal technical discussion of surveillance mechanisms despite the presence of technology companies; Meinrath took the representatives to be lawyers, not technologists.

When it appeared like the meeting would discuss a surveillance issue in a sophisticated way, participants and commissioners suggested it be done in a classified meeting.

Apparently, Cass Sunstein didn’t even have to get caught proposing weird conspiracy theories to make this thing a laughingstock.

Share this entry

How Many People Are Included in Contact Chaining with 27,090 Numbers?

/18 Comments/in , /by

I’ve decided that if I could have a nickel for every time I’ve said “I told the apologists so” as I’ve read these documents, I’d be Warren Buffet. But I don’t get a nickel for predicting the NSA is as bad as it is. So I could use your help to keep doing what I do. 

One of the most stunning revelations from ODNI’s conference call with Officials Who Can’t Be Quoted Because They Might Be Lying is that only 11% of the numbers the NSA was comparing daily business record collections against should have been included.

Those numbers are presented in the government’s first response to Reggie Walton’s order for more information.

In short, the system was designed to compare both SIGINT and BR metadata against the identifiers on the alert list but only to permit alerts generated from RAS-approved identifiers to be used to conduct contact chaining [redacted] of the BR metadata. As a result, the majority of telephone identifiers compared against the incoming BR metadata in the rebuilt alert list were not RAS-approved. See id. at 4, 7-8. For example, as of January 15, 2009, the date of NSD’s first notice to the Court regarding this issue, only 1,935 of the 17,835 identifiers on the alert list were RAS-approved. (10-11)

This means that every day, the NSA was comparing names they thought maybe might could be terrorist numbers, as well as numbers they actually had reason to believe actually were, with all the phone records in the US to see if Americans were talking to these people. [Update: And to clarify, the 89% on the list who were “compared” to the daily business record take weren’t contact chained — NSA just checked to see if they should look further.]

As I said, per the Officials Who Can’t Be Quoted Because They Might Be Lying who gave today’s conference call, that’s as bad as it gets.

But it appears to get worse.

You see, as NSA was confessing all this to DOJ’s National Security Division, they were also cleaning up their lists (the January 15 numbers come from a week after NSD first got involved). And it appears that before they started their confessional process (in the days before Obama took over from George Bush), they had far more people on their list. And they were contact-chaining those numbers.

At the meeting on January 9, 2009, NSA and NSA also identified that the reports filed with the Court have incorrectly stated the number of identifiers on the alert list. Each report included the number of telephone identifiers purported on the alert list. See, e.g., NSA 120-Day Report to the FISC (Dec. 11, 2008), docket number BR 08-08 (Ex. B to the Government’s application in docket number BR 08-13), at 11 (“As of November 2, 2008, the last day of the reporting period herein, NSA had included a total of 27,090 telephone identifiers on the alert list . . . .”). In fact, NSA reports that these numbers did not reflect the total number of identifiers on the alert list; they actually represented the total number of identifiers included on the “station table” (NSA’s historical record of RAS determinations) as currently RAS-approved) (i.e., approved for contact chaining [redacted]

This appears to mean the NSA could (they don’t say whether they did) conduct chaining two or three degrees deep on all these potential maybe might could be terrorists.

If those 27,090 talked to 10 people in the US, and those 270,090 people in the US regularly talked to 40 people in the US, and those people talked to 40, then it would potentially incorporate 433 millio–oh wait! That’s more people than live in the US!

That is, there’s a potential that, by contact chaining that many people, this actually represented a comprehensive dragnet of all the networked relationships in the US until the days before Obama became President.

And they lied to Reggie Walton about it as they got their first real legal review of the program.

But honest, all this was really just unintentional.

Update: Later in the filing, the government admits they were doing more than 3 hops until early 2009.

Second, NSA is implementing software changes to its system that will limit to three the number of “hops” permitted from a RAS-approved seed identifier.

This means those 27,090 identifiers that were in use on November 1, 2008 (at which point it became clear Obama would win the election) could have been contact chained far deeper into American contacts. This makes it very likely that that “contact chaining” actually did include everyone in the US.

Share this entry

James Clapper’s Financial War on the World

/22 Comments/in , , /by

I’m fundraising this week. Please support me if you can. 

Yesterday, TV Globo published details of NSA spying on Brazil’s oil company, Petrobras, SWIFT, and financial organizations. Besides revealing that man-in-the-middle attacks are sometimes used, the report didn’t offer details of what the NSA was actually collecting. Its sources suggest NSA might be seeking Brazil’s leading deep sea drilling technology or geological information that would be useful in drilling auctions, but it is also conceivable the NSA is just trying to anticipate what the oil market will look like in upcoming years (this is one area where we probably even spy on our allies the Saudis, since they have been accused of lying about their reserves).

To some degree, then, I await more details about precisely what we’re collecting and why.

But what I am interested in is James Clapper’s response. He released this statement on the I Con site.

It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.

We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets.

Our collection of information regarding terrorist financing saves lives. Since 9/11, the Intelligence Community has found success in disrupting terror networks by following their money as it moves around the globe. International criminal organizations, proliferators of weapons of mass destruction, illicit arms dealers, or nations that attempt to avoid international sanctions can also be targeted in an effort to aid America’s and our allies’ interests.

What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line.

As we have said previously, the United States collects foreign intelligence – just as many other governments do – to enhance the security of our citizens and protect our interests and those of our allies around the world. The intelligence Community’s efforts to understand economic systems and policies and monitor anomalous economic activities is critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security.

Let me take this extraordinary statement in reverse order.

In the fourth paragraph, Clapper reiterates the final defense that NSA defenders use: that we’re better than, say, China and France, because we don’t engage in industrial espionage, stealing technology with our spying. That may be true, but I suspect at the end of the day the economic spying we do might be more appalling.

In the third paragraph, he retreats to the terror terror terror strategy the Administration has used throughout this crisis. And sure, no one really complains that the government is using financial tracking to break up terrorist networks (though the government is awfully selective about whom it prosecutes, and it almost certainly has used a broad definition of “terrorism” to spy on the financial transactions of individuals for geopolitical reasons). But note, while the Globo report provided no details, it did seem to describe that NSA spies on SWIFT.

That would presumably be in addition to whatever access Treasury gets directly from SWIFT, through agreements that have become public.

That is, the Globo piece at least seems to suggest that we’re getting information from SWIFT via two means, via the now public access through the consortium, but also via NSA spying. That would seem to suggest we’re using it for things that go beyond the terrorist purpose the consortium has granted us access for. Past reporting on SWIFT has made it clear we threatened to do just that. The Globo report may support that we have in fact done that.

Now the second paragraph. James Clapper, too cute by half, asserts, spying on financial information,

could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy

Hahahahahaha! Oh my word! Hahahaha. I mean, sure, the US needs to know of pending financial crises, in the same way it wants to know what the actual versus claimed petroleum reserves in the world are (and those are, of course, closely related issues). But with this claim, Clapper suggests the US would actually recognize a financial crisis and do something about it.

Hahahahaha. Didn’t — still doesn’t — work out that way.

Read more

Share this entry