Posts

Ron Wyden’s Past Provocative Hearing Question on Cell Site Location

/8 Comments/in , /by

As I’ve noted, yesterday Ron Wyden got Keith Alexander to refuse to answer a question about whether the NSA has ever collected or made plans to collect Americans’ cell-site information in bulk.

Wyden: Senators Udall, Heinrich and I and about two dozen other senators have asked in the past whether the NSA has ever collected or made any plans to collect Americans’ cell-site information in bulk. What would be your response to that?

Gen. Keith Alexander (Alexander): Senator, on July 25, Director Clapper provided a non-classified written response to this question amongst others, as well as a classified supplement with additional detail. Allow me to reaffirm what was stated in that unclassified response. Under section 215, NSA is not receiving cell-site location data and has no current plans to do so. As you know, I indicated to this committee on October 20, 2011, that I would notify Congress of NSA’s intent to obtain cell-site location data prior to any such plans being put in place. As you may also be aware, –

Wyden: General, if I might. I think we’re all familiar with it. That’s not the question I’m asking. Respectfully, I’m asking, has the NSA ever collected or ever made any plans to collect Americans’ cell-site information. That was the question and we, respectfully General, have still not gotten an answer to it. Could you give me an answer to that? [my emphasis]

In addition to saying NSA is not doing so under Section 215, Alexander also pointed to two classified responses he would not repeat in unclassified setting.

Which I think confirms — as if there was any doubt — that the answer is yes, the NSA has at least planned, if not actually collected, cell-site location in bulk (though not necessarily under Section 215).

That said, many people are treating this as Wyden’s first provocative hearing question on the topic. This one — from February 2012, just after the US v Jones decision found use of a GPS to constitute a search — may provide some important insight onto the timing and rationale behind such bulk collection.

Wyden: Director Clapper, as you know the Supreme Court ruled last week that it was unconstitutional for federal agents to attach a GPS tracking device to an individual’s car and monitor their movements 24/7 without a warrant. Because the Chair was being very gracious, I want to do this briefly. Can you tell me as of now what you believe this means for the intelligence community, Read more

Ron Wyden’s What’s-Old-Is-New Question: Reverse Targeting

/2 Comments/in , /by

When you track Ron Wyden’s persistent attempts to squeeze answers out of National Security officials, you grow familiar with the rhythm of questions. Drone memos — Article II or AUMF, he asked for years before getting a still-secret answer. Has the government ever bulk collected location, Keith Alexander refused to answer yet again yesterday. As I noted, he publicly asked for the common commercial agreement OLC memo back in January before he asked again yesterday, in addition to a number of non-public requests he (and Russ Feingold) made.

That’s true of most of his questions from yesterday.

He asked, again, about the NSA’s ability to search through incidentally collected data for US person communications.

Section 702 of FISA was intended to give the government new authority to target foreigners, but the executive branch has argued that the NSA should have the authority to deliberately go through communications collected under section 702 and conduct warrantless searches for the communications of individual Americans. Has the NSA ever conducted any of these warrantless searches for individual Americans’ communications?

He tried to limit this in last year’s reauthorization, asked about it last fall, and caught Keith Alexander lying about it back in June.

The answer to the question, of course, is “Yes.”

He asked, again, how long the government has used PATRIOT to conduct bulk collection of US person data.

How long has the NSA used Patriot Act authorities to engage in the bulk collection of Americans’ records? And was this collection underway when Congress was voting to reauthorize the Patriot Act in late 2005 and early 2006?

He — and 25 other Senators — asked this question back in June. But Clapper refused to answer it.

The answer to the question (as has been confirmed by the 2009 draft NSA IG Report) is “Yes.” Which of course either means Congress added the “relevant to” language to shut down such bulk collection, or the government lied about how it was using the Pen Register/Trap and Trace and Business Records provisions when Congress reauthorized the PATRIOT Act in 2006.

But it’s the last question that — in this form at least — is new:

One of the recurring debates about section 702 of FISA is whether the law should include stronger protections against reverse targeting, which is the prohibited practice of trying to spy on Americans by collecting the communications of foreigners that those Americans are believed to be talking to. Since the FISA Amendments Act was passed in 2008, have there been any instances of reverse targeting by NSA analysts?

Don’t get me wrong. There has been plenty of discussion of reverse targeting going back to before the FISA Amendments Act (and, for that matter, the Protect America Act) were passed.

But the answer to this question, as with the two others, is almost surely “Yes.” Otherwise, Wyden wouldn’t have asked it (and planned to ask it during a public hearing).

Which means that, either before or after the FISA Court permitted the NSA to search through incidentally collected for US person communications (see question 1), it caught analysts picking foreign targets in such a way that they could collect the communications of Americans.

They did precisely what the law prohibits explicitly.

That is new.

No wonder DiFi ensured Wyden wouldn’t get a second round of questions, saving Keith Alexander and James Clapper from answering this in public.

Senate Intelligence Committee Open Hearings: A Platform for Liars

/9 Comments/in , /by

Pentagon Papers era NYT Counsel James Goodale has a piece in the Guardian attracting a lot of attention. In it, he says the first step to reform NSA is to fire the liars.

The NSA has lied to the Congress, the courts, and perhaps even to the president himself, but no one seems to care.

The Director of National Intelligence James R Clapper admitted he lied to Congress about the NSA metadata collection program. He said the NSA had no such program – and then added that that was the least “untruthful” remark he could make. General Keith Alexander, director of the National Security Agency, lied in 2012 that the NSA does not hold data on US citizens, and repeated similar misstatements, under oath, to Congress about the program:

We’re not authorized to do it [data collection on US citizens], nor do we do it.

NSA lawyers lied to secret Fisa court Judges John D Bates and Reggie B Walton. In recently released opinions, Bates said he had been lied to on three separate occasions and Walton said he had been lied to several times also.

But Clapper and Alexander have not been held in contempt of Congress. Nor have the Justice Department attorneys, who lied to Judges Walton and Bates, been disciplined.

And while he links to many of the best examples of James Clapper and Keith Alexander lying, he misses this.

In just its third open hearing this year, the Senate Intelligence Committee has arranged the following witnesses for tomorrow’s hearing on NSA’s spying.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.) today announced the committee will hold an open hearing to consider legislative changes to the Foreign Intelligence Surveillance Act, to include the NSA call records program, on Thursday, September 26, at 2 p.m.

WHAT:  Public hearing on FISA, NSA call records

WHO:

Panel I

  • Director of National Intelligence James Clapper
  • National Security AgencyDirector General Keith Alexander
  • Deputy Attorney General James Cole

Panel II

  • Ben Wittes, Brookings Institution
  • Tim Edgar, Watson Institute for International Studies, Brown University

So DiFi’s idea of an “open hearing” is to invite two established liars. And for her non-governmental witnesses, one keeps declaring Congress NAKED! in the face of evidence the government lies to them, and the other tells fanciful stories about how much data NSA shares.

It’s like DiFi goes out of her way to find liars and their apologists to testify publicly.

That’s nothing new, though. Those other two open hearings? The Global Threat Assessment hearing where Clapper assured Ron Wyden the NSA didn’t collect data on millions of Americans. And the confirmation hearing for John Brennan, who once claimed the US had killed no civilians in an entire year of drone strikes (and, if his odd mouth gestures were the tell they appeared to be, he lied about leaks to journalists including on UndieBomb 2.0 in the hearing as well.)

It’s DiFi’s committee. And if she wants every single open hearing to serve as a platform for accomplished liars, I guess that’s her prerogative.

But observers should be clear that’s the purpose of the hearings.

Dilma Throws Obama a BRIC

/7 Comments/in , , , /by

Screen shot 2013-09-17 at 2.57.28 PMI was actually surprised, back in May, when the White House announced a State Visit for Brazil’s President, Dilma Rousseff.

After all, not long after Obama visited Brazil in March 2011, the real started gaining value against the dollar, significantly slowing the boom Brazil had enjoyed in the wake of our crash.

When she was here in April 2012, Dilma explicitly blamed US Quantitative Easing for the reversal in currencies, and suggested the policy was meant to slow growth in countries like Brazil. Before that, Brazil’s boom and its advances in energy independence had put Brazil in a position to assume the global stature a country of its size might aspire to. And Dilma (partly correctly) blamed US actions for undercutting that stature.

I interpreted the State Dinner to be an attempt to woo Brazil away from natural coalitions with the Bolivarist governments of Latin America and the BRICS (Brazil, Russsia, India, China, and South Africa).

Fast forward to today, when the Brazilian government announced that it has postponed the visit that had been scheduled for October 23.

The usual suspects are mocking Dilma’s decision, insisting that everyone spies, and that Brazil is just making a stink for political gain. The White House statement echoes that, suggesting that it was the revelation of US spying, and not the spying itself, that created the problems.

The President has said that he understands and regrets the concerns disclosures of alleged U.S. intelligence activities have generated in Brazil and made clear that he is committed to working together with President Rousseff and her government in diplomatic channels to move beyond this issue as a source of tension in our bilateral relationship.

There is something to that stance. Dilma’s government faces a lot of unrest and the tensions of preparing for the World Cup. The portrayal that the US was taking advantage of Brazil caught her at a politically sensitive time.

All that said, those poo-pooing Brazil’s complaints ignore the specific nature of the spying as revealed. As I noted, even James Clapper’s attempt to respond to concerns raised by the original reports in Brazil didn’t address (and indeed, may have exacerbated) concerns that the US is engaging in financial war, including manipulating its currency to undercut other countries as they rise in relative power. If the US is using its advantages in SIGINT to engage in such financial war, Brazil has every reason to object, because it’s not something Brazil’s currency or telecommunications position make possible.

US disclaimers of industrial espionage no longer matter if the US is collecting SIGINT that would support substantive financial attacks, especially since Clapper in March made it clear the US envisions such attacks (even if they only admit to thinking in defensive terms).

Read more

Wyden/Udall: If Intelligence Community Is Dumb Rather than Malicious, Why Should We Trust Them?

/16 Comments/in /by

Ron Wyden and Mark Udall just released a second statement on last week’s Section 215 dragnet document dump, taking the intelligence community’s excuse — that no one really knew what these programs were doing — at face value.

If the IC is dumb rather than malicious, they ask, why should we take their word on the value of the programs?

The intelligence community’s defense was that these violations were occurring because no one had a full grasp of how the bulk collection program actually worked.

If the assertion that ineptitude and not malice was the cause of these ongoing violations is taken at face value, it is perfectly reasonable for Congress and the American people to question whether a program that no one fully understood was an effective defense of American security at all. The fact that this program was allowed to operate this way raises serious concerns about the potential for blind spots in the NSA’s surveillance programs. It also supports our position that bulk collection ought to be ended.

The government’s misrepresentations inevitably led to the Foreign Intelligence Surveillance Court being consistently misinformed as it made binding rulings on the meaning of U.S. surveillance law. This underscores our concern that intelligence agencies’ assessments and descriptions about particular collection programs — even significant ones — are not always accurate. It is up to Congress, the courts and the public to ask the tough questions and require intelligence officials to back their assertions up with actual evidence. It is not enough to simply defer to these officials’ conclusions without challenging them. [my emphasis]

Though I get the feeling that Wyden and Udall aren’t buying this “dumb not malicious” line.

Obama’s James Clapper’s Committee To Make You Love the Dragnet Has a Kiddie Table

/15 Comments/in /by

Spencer Ackerman has a review of how the first two meetings of Obama’s Non-Tech Tech Review panel have gone. And while they went about as horribly as I suspected — certainly there was no talk of actually fixing obvious problems with the dragnet — there are a few details that show how “most exceptional” this effort is.

The White House, having taken pains to pretend James Clapper is not in charge of the Director of National Intelligence Review Group on Intelligence and Communications Technologies, referred comment to James Clapper.

The White House deferred comment to the Office of the Director of National Intelligence, which did not respond.

The Non-Tech Tech Review Panel comes with a kiddie table — or rather, a conference room almost two miles away from the White House, where the tech giants got to eat.

During its first round of meetings, the panel, known as the Review Group on Intelligence and Communications Technology, separated two groups of outside advisers. One group included civil libertarian organizations such as the ACLU and the Electronic Privacy Information Center. It met in a conference room on K and 20th Streets. Morrell and Clarke did not attend.

The other, which met in the White House Conference Center, included technology companies that have participated – sometimes uneasily and at court behest – in NSA surveillance. All five panel members participated.

I’m not surprised the CIA’s representative on the Committee to Make You Love the Dragnet refused to be seen at the kiddie table with civil libertarians. But Richard Clarke?

Finally, the tech companies appear not to have sent tech experts.

The meeting itself struck [New America Foundation VP Sascha] Meinrath as bizarre. Representatives from the technology firms were identified around the table not by their names, but by placards listing their employers. There was minimal technical discussion of surveillance mechanisms despite the presence of technology companies; Meinrath took the representatives to be lawyers, not technologists.

When it appeared like the meeting would discuss a surveillance issue in a sophisticated way, participants and commissioners suggested it be done in a classified meeting.

Apparently, Cass Sunstein didn’t even have to get caught proposing weird conspiracy theories to make this thing a laughingstock.

How Many People Are Included in Contact Chaining with 27,090 Numbers?

/18 Comments/in , /by

I’ve decided that if I could have a nickel for every time I’ve said “I told the apologists so” as I’ve read these documents, I’d be Warren Buffet. But I don’t get a nickel for predicting the NSA is as bad as it is. So I could use your help to keep doing what I do. 

One of the most stunning revelations from ODNI’s conference call with Officials Who Can’t Be Quoted Because They Might Be Lying is that only 11% of the numbers the NSA was comparing daily business record collections against should have been included.

Those numbers are presented in the government’s first response to Reggie Walton’s order for more information.

In short, the system was designed to compare both SIGINT and BR metadata against the identifiers on the alert list but only to permit alerts generated from RAS-approved identifiers to be used to conduct contact chaining [redacted] of the BR metadata. As a result, the majority of telephone identifiers compared against the incoming BR metadata in the rebuilt alert list were not RAS-approved. See id. at 4, 7-8. For example, as of January 15, 2009, the date of NSD’s first notice to the Court regarding this issue, only 1,935 of the 17,835 identifiers on the alert list were RAS-approved. (10-11)

This means that every day, the NSA was comparing names they thought maybe might could be terrorist numbers, as well as numbers they actually had reason to believe actually were, with all the phone records in the US to see if Americans were talking to these people. [Update: And to clarify, the 89% on the list who were “compared” to the daily business record take weren’t contact chained — NSA just checked to see if they should look further.]

As I said, per the Officials Who Can’t Be Quoted Because They Might Be Lying who gave today’s conference call, that’s as bad as it gets.

But it appears to get worse.

You see, as NSA was confessing all this to DOJ’s National Security Division, they were also cleaning up their lists (the January 15 numbers come from a week after NSD first got involved). And it appears that before they started their confessional process (in the days before Obama took over from George Bush), they had far more people on their list. And they were contact-chaining those numbers.

At the meeting on January 9, 2009, NSA and NSA also identified that the reports filed with the Court have incorrectly stated the number of identifiers on the alert list. Each report included the number of telephone identifiers purported on the alert list. See, e.g., NSA 120-Day Report to the FISC (Dec. 11, 2008), docket number BR 08-08 (Ex. B to the Government’s application in docket number BR 08-13), at 11 (“As of November 2, 2008, the last day of the reporting period herein, NSA had included a total of 27,090 telephone identifiers on the alert list . . . .”). In fact, NSA reports that these numbers did not reflect the total number of identifiers on the alert list; they actually represented the total number of identifiers included on the “station table” (NSA’s historical record of RAS determinations) as currently RAS-approved) (i.e., approved for contact chaining [redacted]

This appears to mean the NSA could (they don’t say whether they did) conduct chaining two or three degrees deep on all these potential maybe might could be terrorists.

If those 27,090 talked to 10 people in the US, and those 270,090 people in the US regularly talked to 40 people in the US, and those people talked to 40, then it would potentially incorporate 433 millio–oh wait! That’s more people than live in the US!

That is, there’s a potential that, by contact chaining that many people, this actually represented a comprehensive dragnet of all the networked relationships in the US until the days before Obama became President.

And they lied to Reggie Walton about it as they got their first real legal review of the program.

But honest, all this was really just unintentional.

Update: Later in the filing, the government admits they were doing more than 3 hops until early 2009.

Second, NSA is implementing software changes to its system that will limit to three the number of “hops” permitted from a RAS-approved seed identifier.

This means those 27,090 identifiers that were in use on November 1, 2008 (at which point it became clear Obama would win the election) could have been contact chained far deeper into American contacts. This makes it very likely that that “contact chaining” actually did include everyone in the US.

James Clapper’s Financial War on the World

/22 Comments/in , , /by

I’m fundraising this week. Please support me if you can. 

Yesterday, TV Globo published details of NSA spying on Brazil’s oil company, Petrobras, SWIFT, and financial organizations. Besides revealing that man-in-the-middle attacks are sometimes used, the report didn’t offer details of what the NSA was actually collecting. Its sources suggest NSA might be seeking Brazil’s leading deep sea drilling technology or geological information that would be useful in drilling auctions, but it is also conceivable the NSA is just trying to anticipate what the oil market will look like in upcoming years (this is one area where we probably even spy on our allies the Saudis, since they have been accused of lying about their reserves).

To some degree, then, I await more details about precisely what we’re collecting and why.

But what I am interested in is James Clapper’s response. He released this statement on the I Con site.

It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.

We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets.

Our collection of information regarding terrorist financing saves lives. Since 9/11, the Intelligence Community has found success in disrupting terror networks by following their money as it moves around the globe. International criminal organizations, proliferators of weapons of mass destruction, illicit arms dealers, or nations that attempt to avoid international sanctions can also be targeted in an effort to aid America’s and our allies’ interests.

What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line.

As we have said previously, the United States collects foreign intelligence – just as many other governments do – to enhance the security of our citizens and protect our interests and those of our allies around the world. The intelligence Community’s efforts to understand economic systems and policies and monitor anomalous economic activities is critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security.

Let me take this extraordinary statement in reverse order.

In the fourth paragraph, Clapper reiterates the final defense that NSA defenders use: that we’re better than, say, China and France, because we don’t engage in industrial espionage, stealing technology with our spying. That may be true, but I suspect at the end of the day the economic spying we do might be more appalling.

In the third paragraph, he retreats to the terror terror terror strategy the Administration has used throughout this crisis. And sure, no one really complains that the government is using financial tracking to break up terrorist networks (though the government is awfully selective about whom it prosecutes, and it almost certainly has used a broad definition of “terrorism” to spy on the financial transactions of individuals for geopolitical reasons). But note, while the Globo report provided no details, it did seem to describe that NSA spies on SWIFT.

That would presumably be in addition to whatever access Treasury gets directly from SWIFT, through agreements that have become public.

That is, the Globo piece at least seems to suggest that we’re getting information from SWIFT via two means, via the now public access through the consortium, but also via NSA spying. That would seem to suggest we’re using it for things that go beyond the terrorist purpose the consortium has granted us access for. Past reporting on SWIFT has made it clear we threatened to do just that. The Globo report may support that we have in fact done that.

Now the second paragraph. James Clapper, too cute by half, asserts, spying on financial information,

could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy

Hahahahahaha! Oh my word! Hahahaha. I mean, sure, the US needs to know of pending financial crises, in the same way it wants to know what the actual versus claimed petroleum reserves in the world are (and those are, of course, closely related issues). But with this claim, Clapper suggests the US would actually recognize a financial crisis and do something about it.

Hahahahaha. Didn’t — still doesn’t — work out that way.

Read more

Microsoft, Google, as Unimpressed as I Am with I Con’s New Data Release Promise

/1 Comment/in , /by

I showed earlier that the Director of National Intelligence’s promise to release certain information — much of which they’re already obligated to release — wasn’t all that impressive. As part of that, I noted that the DNI wasn’t providing data specific to each provider.

Moreover, the government doesn’t, apparently plan to release the number Google and Yahoo would like it to release, numbers which likely show how much more enthusiastic the well-lubricated telecoms are about providing this material than the less-well lubricated Internet providers. That is, the government isn’t going to (or hasn’t yet agreed to) provide numbers that show corporations have some leeway on how much of our data they turn over to the government.

It turns out, Microsoft and Google agree with me that the promised new release is none too impressive.

More importantly, they view it as a refusal — after serial delays from the government — to release that provider specific and content type specific information they want to release.

Yesterday, the Government announced that it would begin publishing the total number of national security requests for customer data for the past 12 months and do so going forward once a year.  The Government’s decision represents a good start.  But the public deserves and the Constitution guarantees more than this first step.  Read more

The Black Budget

/35 Comments/in , /by

Screen shot 2013-08-29 at 2.50.28 PMThe Washington Post just published an excellent package on the FY2013 Black Budget for intelligence. I’m reading through the summary now.

I’ll put working comments below. But one of my first impressions is that all of this is useful information, and in some ways really encouraging information (in others, horrifying).

For that reason, this is one of my favorite parts of the story itself:

Lee Hamilton, an Indiana Democrat who was a former chairman of the House Intelligence Committee and co-chairman of the commission that investigated the Sept. 11 attacks, said that access to budget figures has the potential to enable an informed public debate on intelligence spending for the first time, much as Snowden’s disclosures of NSA surveillance programs brought attention to operations that had assembled data on nearly every U.S. citizen.

“Much of the work that the intelligence community does has a profound impact on the life of ordinary Americans, and they ought not to be excluded from the process,” he said.

“Nobody is arguing that we should be so transparent as to create dangers for the country,” he said. But, he said, “there is a mindset in the national security community — leave it to us, we can handle it, the American people have to trust us. They carry it to quite an extraordinary length so that they have resisted over a period of decades transparency. . . . The burden of persuasion as to keeping something secret should be on the intelligence community, the burden should not be on the American public.”

Hamilton is absolutely right. There’s no reason why information at this level of detail shouldn’t be shared with American taxpayers ponying up the $52.6 billion to pay for it all.

Working comments on Budget Justifications

4: The IC is apparently going to start researching trade disputes. I assume that’ll be primarily targeted at China. But it’s an interesting development.