Keith Alexander Archives - Page 11 of 17

Posts

NSA Bids to Expand Power Domestically to Track Chinese (!?) Terrorists

September 26, 2013/12 Comments/in FISA /by emptywheel

While all sane people are trying to rein in NSA’s authority, the Gang of Four plans to use today’s parade of liars to expand NSA’s authority.

In explaining the need for this expanded authority, Dianne Feinstein and Mike Rogers claimed to the AP this is about terrorists.

The chairwoman of the Senate Intelligence Committee, Sen. Dianne Feinstein, D-Calif., told The Associated Press that her committee is drafting a bill that would amend the law’s Section 702 provision, which authorizes targeting non-Americans outside the U.S., to allow uninterrupted spying on a suspect for “a limited period of time after the NSA learns the target has traveled to the United States, so the government may obtain a court order based on probable cause.”

“Logically, someone under NSA surveillance, such as a terrorist, may present more interest to the government if they are inside the United States,” but the surveillance can be temporarily stopped while the NSA or FBI builds its case to permit uninterrupted spying, Feinstein said.

[snip]

“I call it the terrorist lottery loophole,” said Rep. Mike Rogers, D-Mich., the chairman of the House Intelligence Committee. “If you can find your way from a foreign country where we have reasonable suspicion that you are … a terrorist … and get to the United States, under a current rule, they need to turn it off and do a complicated handoff” to the FBI.

But further down, Rogers make it clear that this measure is designed to address the roamer problem that was revealed in an internal NSA audit earlier this year.

“It’s a foreign phone, it’s pinging off foreign networks,” Rogers said. “The suspect may turn it off. The suspect gets here. Now all of the sudden, the next thing they know, they (the NSA) are picking it up, but it’s in Brooklyn. … But they’ve been listening to it for two days. They have to turn it off, and then report it as an incident.”

We know from that audit report that this roamer problem actually declined during the period in question (though it did rise for Section 702 authority), contrary to NSA attempts to attribute the rise in violations to it. In addition, at least at that time, the problem primarily arose from Chinese targets entering the US, not Middle Eastern terrorists (the breakdown of violations from NSA’s geographical focus areas seems to support this). Indeed, the NSA made the embarrassingly false claim that the increase (which was actually a decrease) of roaming incidents was just about Chinese New Year.

The increase [sic] in incidents reported for 1QCY12 was due to an increase in the number of reported Global System for Mobile Communications (GSM) roamer1 incidents, which may be attributed to an increase in Chinese travel to visit friends and family for the Chinese Lunar New Year holiday.

So apparently we’re now beset by hordes of Chinese terrorists visiting the US for Chinese New Year we knew nothing about.

There’s one more problem with the claim that they will allow the NSA (or maybe the FBI) to track GSM phones without a warrant domestically. The Gang of Four claims the amended law would allow the NSA to continue tracking that GSM phone for “a limited period of time after the NSA learns the target has traveled to the United States.”

But the entire reason the roamer problem exists is because NSA only gets updates on location quarterly, so unless they learn about these Chinese terrorists’ travel by some content data, they don’t even know the phone is in the US. Read more →

Why Isn’t the NSA Evaluating Why It Didn’t Have Chechen Intelligence on Tamerlan Tsarnaev?

September 25, 2013/12 Comments/in FISA /by emptywheel

As I noted last week, four Inspectors General are conducting (an indefinitely delayed) review of their Agencies’ handing of intelligence in advance of the Boston Marathon attack. But just four Agencies are involved:

Intelligence Community
CIA
DOJ
DHS

That is, the NSA’s Inspector General is not participating in the review.

And while I understand that Tamerlan Tsarnaev’s domestic communications could not have been collected by NSA (and presumably none of the people from Dagestan and Chechnya with whom he had contact were selected as identifiers for the Section 215 dragnet), he still allegedly had contacts while in Russia with fairly prominent extremists. And there are two reasons why NSA might have collected Chechen contacts of Tamerlan’s: both because extremists in Chechnya have ties to al Qaeda (indeed, a number of them are and were fighting in Syria), and because Chechen mobsters have ties to the mobs being targeted under Obama’s Transnational Criminal Organization initiative.

So did the NSA have anything on the Chechens Tamerlan allegedly met with? In any case, wouldn’t it be worth a review of what they have and what they might have had?

Apparently not, at least according to the IC.

There is precedent for protecting the NSA from such retroactive scrutiny. Recall that the 9/11 Commission barely touched what files the NSA might have had.

[T]he 9/11 Commission, which went out of business in 2004, failed to conduct a thorough inspection of the government’s most important library of raw intelligence on al Qaeda and the 9/11 plot. And nobody appears to have inspected that intelligence since.

The archives, maintained by the National Security Agency at its headquarters in Fort Meade, Maryland, were reviewed—in a cursory fashion—only in the final days of the commission’s investigation, and then only because of last-minute staff complaints that the NSA’s vast database was being ignored.

Throughout its investigation, staffers complained, the commission’s leaders were fixated on what could be found in the terrorism files of the CIA and the FBI, the two big targets for criticism in the panel’s final report, and largely ignored the NSA, the government’s chief eavesdropping agency.

[snip]

“It’s always been frightening to me to consider what is still at the NSA, whatever we never had time to see,” said a former commission staff member, who now works elsewhere in the federal government and is barred from speaking to the press for attribution. “It’s kind of shocking to me that no one has tried to get back in there since. We certainly didn’t see everything at NSA.”

And I can imagine why, particularly after Edward Snowden started leaking, the NSA might not want to check whether it had data it simply missed. How embarrassing if it had to admit that it missed a terrorist because its haystack has gotten too big?

Still, given the allegations about Tamerlan’s entirely foreign associates, I’m not convinced the NSA would have collected nothing.

Keith Alexander today claimed NSA used the Section 215 database in the wake of the Boston Marathon attack (though how they claimed the allegedly self-radicalized Tsarnaev’s had ties to Al Qaeda, I don’t know) to chase down potential associates in NYC.

“We did use [Section] 215,” he said, referring to the Patriot Act provision that the government has claimed a federal court has agreed gives it the authority to collect data on practically all calls made in the United States. “We used it to support the FBI in their investigation.”

So the NSA was involved in the investigation, at least.

So can’t we have a teensy review to see if it did, and if our target selection in Chechnya and Dagestan and appropriate?

Senate Intelligence Committee Open Hearings: A Platform for Liars

September 25, 2013/9 Comments/in FISA, PATRIOT /by emptywheel

Pentagon Papers era NYT Counsel James Goodale has a piece in the Guardian attracting a lot of attention. In it, he says the first step to reform NSA is to fire the liars.

The NSA has lied to the Congress, the courts, and perhaps even to the president himself, but no one seems to care.

The Director of National Intelligence James R Clapper admitted he lied to Congress about the NSA metadata collection program. He said the NSA had no such program – and then added that that was the least “untruthful” remark he could make. General Keith Alexander, director of the National Security Agency, lied in 2012 that the NSA does not hold data on US citizens, and repeated similar misstatements, under oath, to Congress about the program:

We’re not authorized to do it [data collection on US citizens], nor do we do it.

NSA lawyers lied to secret Fisa court Judges John D Bates and Reggie B Walton. In recently released opinions, Bates said he had been lied to on three separate occasions and Walton said he had been lied to several times also.

But Clapper and Alexander have not been held in contempt of Congress. Nor have the Justice Department attorneys, who lied to Judges Walton and Bates, been disciplined.

And while he links to many of the best examples of James Clapper and Keith Alexander lying, he misses this.

In just its third open hearing this year, the Senate Intelligence Committee has arranged the following witnesses for tomorrow’s hearing on NSA’s spying.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.) today announced the committee will hold an open hearing to consider legislative changes to the Foreign Intelligence Surveillance Act, to include the NSA call records program, on Thursday, September 26, at 2 p.m.

WHAT: Public hearing on FISA, NSA call records

WHO:

Panel I

Director of National Intelligence James Clapper

National Security AgencyDirector General Keith Alexander

Deputy Attorney General James Cole

Panel II

Ben Wittes, Brookings Institution

Tim Edgar, Watson Institute for International Studies, Brown University

So DiFi’s idea of an “open hearing” is to invite two established liars. And for her non-governmental witnesses, one keeps declaring Congress NAKED! in the face of evidence the government lies to them, and the other tells fanciful stories about how much data NSA shares.

It’s like DiFi goes out of her way to find liars and their apologists to testify publicly.

That’s nothing new, though. Those other two open hearings? The Global Threat Assessment hearing where Clapper assured Ron Wyden the NSA didn’t collect data on millions of Americans. And the confirmation hearing for John Brennan, who once claimed the US had killed no civilians in an entire year of drone strikes (and, if his odd mouth gestures were the tell they appeared to be, he lied about leaks to journalists including on UndieBomb 2.0 in the hearing as well.)

It’s DiFi’s committee. And if she wants every single open hearing to serve as a platform for accomplished liars, I guess that’s her prerogative.

But observers should be clear that’s the purpose of the hearings.

NSA Caught Illegally Spying on Americans and Keith Alexander’s Answer Is a Group Hug

September 20, 2013/31 Comments/in FISA, PATRIOT /by emptywheel

Kevin Gosztola had a superb post yesterday on a letter NSA Deputy Director John Inglis and DIRNSA Keith Alexander sent to family members of NSA employees to make them feel better about the dragnet. It’s a two page letter attempting to convince the family members of our SIGINT spies that their mission is noble and their actions within the scope of the law.

I’m particularly interested in the timing of it. As Kevin notes, the letter cites a typically obsequious post from Ben Wittes on how the Administration should have responded to WaPo’s disclosure of an internal review (just as one example, Ben claims to have read the report closely but somehow misses that 9 to 20% of violations consist of analysts breaking rules they know).

Inglis and Alexander write,

There are some in the media who are taking the time to actually study the leaked material, and they have drawn conclusions that are very different from those who are in it for a quick headline. One such legal scholar wrote that we should have made our case more forcefully by responding,

Shameful as it is that these documents were leaked, they actually should give the public great confidence both in NSA’s internal oversight mechanisms and in the executive and judicial oversight mechanisms outside the agency. They show no evidence of any intentional spying on Americans or abuse of civil liberties. They show a low rate of the sort of errors any complex system of technical collection will inevitably yield. They show robust compliance procedures on the part of the NSA.

We couldn’t agree more.

I wonder if NSA would like to send family members my way, given that I have taken even more time than Ben studying these revelations and find he’s frequently engaging in spin?

Hmm. Probably not.

But what’s most fascinating by this citation is the timing.

Ben wrote that post on August 18, in the midst of a slew of disclosures by WaPo and the Guardian.

But Inglis and Alexander wrote this letter on September 13 — last Friday — at the end of a month when all of the major US-based disclosures (save that NSA has deliberately made all of us more vulnerable to hackers) have come from the government. In the month leading up to this letter, we learned the NSA:

Was intentionally collecting up to 55,000 entirely domestic communications at the telecom switches (and had been for more than 4 years)
Started (and some other agency had already been) searching incidentally collection US person communications in an uncounted (and therefore unmonitored) backdoor use of Section 702
Kept all the “features” of Dick Cheney’s illegal program in the phone dragnet program when it moved under Court sanction in 2006, and only 2.5 years later told the FISA Court about them, calling them “bugs;” this included CIA and FBI accessing a database of all US phone records directly

At the end of 2008, the NSA had authorized contact chaining off of 27,090 identifiers and analysts could go four hops deep into the data, which effectively would allow them to create a relationship map of the entire country. And they used it not just to find “terrorists,” but also people they could coerce to inform on targets.

A system the Stasi would envy!

And FISA Court judges had deemed some of the first and third practices illegal. One threatened criminal referral and the other even shut down at least part the program for a period.

In Wake of Revelations about Corruption and Coercion, OCC Wails about Bank Cybersecurity

September 19, 2013/11 Comments/in Cybersecurity, Financial Fraud, FISA /by emptywheel

Over 3 months ago, the Guardian revealed that the President reserved the right to declare “inherent right of self defense” to access private networks deemed part of our critical infrastructure in the name of cybersecurity.

2 weeks ago, the Guardian, ProPublica, and NYT reported that, to make it easier to spy on others, the NSA had “deliberately weakened the international encryption standards adopted by developers.”

Also 2 weeks ago, FP reported that “many corporate participants” in an NSA initiative to protect US critical infrastructure “say Alexander’s primary motive” in that initiative “has not been to share what the NSA knows about hackers. It’s to get intelligence from the companies.”

And just this week, Spiegel provided details of how NSA conducts Man-in-the-Middle attacks — hacks — on financial giants like VISA and SWIFT.

Yet none of those revelations prevented Comptroller of the Currency Thomas Curry to give a fairly breathtaking speech yesterday about financial cybersecurity.

In it, a member of the Executive Branch that has made everyone less security by corrupting encryption said,

The growing sophistication and frequency of cyberattacks is a cause for concern, not only because of the potential for disruption, but also because of the potential for destruction of the systems and information that support our banks. These risks, if unchecked, could threaten the reputation of our financial institutions as well as public confidence in the system.

A member of a regime that is routinely hacking financial entities said,

The global nature of the Internet means they can conduct their activity from almost anywhere, including in countries with regimes that, at worst, sponsor attacks and, at a minimum, act as criminal havens by turning a blind eye toward criminal behavior.

And a member of the government that has hacked key third party providers like SWIFT and cooperated with third party telecoms to just steal data said,

Banks not only operate their own networks, they also rely on third parties to support their systems and business activities. Some of these third parties have connections to other institutions and servicers. Each new relationship and connection provides potential access points to all of the connected networks and introduces different weaknesses into the system.

I recognize the cybersecurity threat to banks is real. I’d like to be protected against criminals trying to steal my money online and I endorse OCC including IT security among things bank inspectors review. I grant that Curry may well be operating in good faith when he says all these things. But when he talks about partnerships like this, he simply loses credibility.

Clearly, much of the responsibility for assessing cyber threats is housed in other agencies, from the Department of Homeland Security to the FBI to the National Security Agency. They are on the front lines, and they are the ones that are doing the most within government to identify, evaluate, and respond to threats in this area. However, we – the OCC, the FFIEC, and the other regulatory agencies individually – are working closely with them to strengthen the coordination and overall effectiveness of government’s approach to cybersecurity of critical infrastructure.

[snip]

But this is not a problem that can be addressed by one agency alone or by any one institution acting on its own. It is a threat that we can deal with only if we work together in a collegial and collaborative way for the good of our country.

The banks’ regulators may believe he is in a position to lecture about collegiality in the face of threats. But since the government is one of the biggest of those threats, it doesn’t strike me as all that convincing.

An Illegal Program Sanctioned with a Rubber Stamp Is Still That Same Illegal Program

September 16, 2013/4 Comments/in FISA, PATRIOT /by emptywheel

Consider this anecdote from Barton Gellman’s story on the many violations of the NSA’s spying programs.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

[snip]

In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a “large number” of intercepted calls. A spokesman declined to discuss the matter.

The NSA has different reporting requirements for each branch of government and each of its legal authorities. The “202” collection was deemed irrelevant to any of them. “The issue pertained to Metadata ONLY so there were no defects to report,” according to the author of the secret memo from March 2013.

Viewed against the background of the documents on the 2009 Section 215 dragnet problems, the anecdote tells us several things:

The phone metadata for Egypt and for DC were both accessible from the same user interface until at least 2008
US phone metadata was accessible by area code, not just by single phone identifier
Because it internally reported this incident, NSA was well aware of that fact
Among all the violations reported to Reggie Walton in 2009 (see my rough summary), it did not include this one (indeed, it appears NSA has never reported it to FISC, which may be why in response to this story Walton went on the record to complain that the FISA Court relies on the NSA’s self-disclosure)

That is, this violation undermines many of the stories the NSA told Walton during the 10 month period when they were purportedly coming clean on major problems with the dragnet, starting with the claim that these problems were a surprise not identified until after he wrote the first substantive opinion — 31 months after FISC first gave it sanction — authorizing the program. (I consider the 2006 opinion authorizing the dragnet a shockingly thin document, and Walton seems to have felt the need to lay out a more substantive case for the legality of it in 2008.)

But something else undermined that story: the pretense that the entire program arose from virgin birth in 2006.

Indeed, we know (though the government hasn’t actually admitted it, even though Ron Wyden has asked them to) that the Section 215 dragnet is actually just a part of the Dick Cheney’s illegal surveillance program placed under court sanction. Here’s how the NSA’s own draft IG Report (which was completed right smack dab in the middle of the discussions between Walton and the NSA about these violations) describes some aspects of the program, including the alert program that was part of the initial “discovery” of the violations.

(TS//SII/OC/NF) Analysis. NSA used a variety of tools to conduct metadata analysis and view the results. NSA’s primary tool for conducting metadata analysis, for PSP and traditional SIGINT collection, was MAINWAY. MAINWAY was used for storage, contact chaining, and for analyzing large volumes of global communications metadata. At the beginning of the PSP, only the “SIGINT Navigator” tool was available to view MAINWAY output. Over time, new tools and new processes, such as automated chaining alerting, were created to improve analysts’ efficiency. To obtain the most complete results, analysts used data collected under PSP and non-PSP authorities. Typically, they analyzed networks with two degrees of separation (two hops) from the target. Analysts determined if resulting information was reportable.

(TS//SII/OC/NF) In addition, an automated chaining alert process was created to alert analysts of new potentially reportable selectors. Previously approved selectors were compared to incoming MAINWAY data authorized by the PSP, E.O. 12333, or the FISC. Alerts of direct contacts with approved selectors were reported to NSA analysts for further analysis and potential reporting to FBI and CIA.

And here’s where the IG Report admits this all became the Section 215 dragnet.

(TS//SV/NF) According to NSA General Counsel Vito Potenza, the decision to transition telephony metadata to the Business Records Order was driven by a private sector company. After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephony metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order. 11

(TS//SII/NF) As with the PR/TT Order, DoJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisers. Their previous experience in drafting the PR/TT Order made this process more efficient.

Read more →

Double Dipping at SWIFT

September 15, 2013/16 Comments/in Financial Fraud, FISA /by emptywheel

Spiegel today reveals more details about NSA’s “Follow the Money” program, in which it collects credit card information from select geographical regions. In addition, as TV Globo also revealed last week, they are conducting Tailored Access Operations against SWIFT, the international financial transfer messaging system.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

Now, some caution about this claim is in order. Spiegel reports that NSA’s financial records database has 180 million records, of which 84% are credit card transactions.

The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.

Even assuming the balance of the records in the database come from SWIFT, that’s less than 29 million records (in 2011, so assume the number is larger now). In 2011, SWIFT was sending 17.5 million records a day. So whatever makes it into the actual database is just a small fraction of international traffic.

But that almost certainly doesn’t account for the bulk of the SWIFT information collected by the US government. Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.

The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.

Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.

Note, too, the timing. While Spiegel doesn’t provide enough details about the exploitation of SWIFT for us to date it, the dates it does provide about this financial spying are 2010 and 2011. That was the period when the EU was trying to put sensible limits to Treasury’s access of SWIFT.

Back when the intelligence community first decided to go after SWIFT data, their first plan was to just steal it.

Intelligence officials were so eager to use the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.

12 years later, they apparently are stealing at least some of it. That probably means they wanted data for transactions that have nothing to do with the counterterrorism application first SWIFT and then the EU bought off on. So there’s the legal access to counterterrorism data via Treasury, and the illegal access to (presumably) some other kind of data via NSA.

NSA’s Corruption of Cryptography and Its Methods of Coercion

September 12, 2013/9 Comments/in Cybersecurity, FISA /by emptywheel

Just one more day to give as part of Emptywheel’s fundraising week.

I want to return to last week’s Edward Snowden related scoop (Guardian, ProPublica/NYT) that the NSA has corrupted cryptography. Remember, there are several reasons the story was important:

NSA lost the battle for the Clipper Chip and turned instead to achieve the same goals via means with less legal sanction
NSA broke some companies’ encryption by “surreptitiously stealing their encryption keys or altering their software or hardware”
NSA also worked to “deliberately weaken[] the international encryption standards adopted by developers”

One key result of this — as Rayne and Julian Sanchez have emphasized — is to make everyone more exposed to hackers.

This is a bit like publishing faulty medical research just to prevent a particular foreign dictator from being cured. It makes everyone on the Internet more vulnerable, increasing the chances that dissidents will be uncovered by despotic regimes and that corporations will fall victim to cybercriminals.

[snip]

Bear this in mind the next time you see people on Capitol Hill wringing their hands about the threat of a possible “Digital Pearl Harbor”—especially if they think the solution is to give more data and authority to the NSA. Because the agency is apparently perfectly happy to hand weapons to criminals and hostile governments, as long as it gets to keep spying too.

And since then, the NSA has responded to rampant cyberattacks and threats of them against targets it cares about by demanding yet more access to those targets’ data, as explained by Shane Harris in a Keith Alexander profile.

Under the Defense Industrial Base initiative, also known as the DIB, the NSA provides the companies with intelligence about the cyberthreats it’s tracking. In return, the companies report back about what they see on their networks and share intelligence with each other.

Pentagon officials say the program has helped stop some cyber-espionage. But many corporate participants say Alexander’s primary motive has not been to share what the NSA knows about hackers. It’s to get intelligence from the companies — to make them the NSA’s digital scouts. What is billed as an information-sharing arrangement has sometimes seemed more like a one-way street, leading straight to the NSA’s headquarters at Fort Meade.

“We wanted companies to be able to share information with each other,” says the former administration official, “to create a picture about the threats against them. The NSA wanted the picture.”

After the DIB was up and running, Alexander proposed going further. “He wanted to create a wall around other sensitive institutions in America, to include financial institutions, and to install equipment to monitor their networks,” says the former administration official. “He wanted this to be running in every Wall Street bank.”

That aspect of the plan has never been fully implemented, largely due to legal concerns. If a company allowed the government to install monitoring equipment on its systems, a court could decide that the company was acting as an agent of the government. And if surveillance were conducted without a warrant or legitimate connection to an investigation, the company could be accused of violating the Fourth Amendment. Warrantless surveillance can be unconstitutional regardless of whether the NSA or Google or Goldman Sachs is doing it.

“That’s a subtle point, and that subtlety was often lost on NSA,” says the former administration official. “Alexander has ignored that Fourth Amendment concern.”

With all that as background, I want to return to a post I did months ago, laying out the methods the Presidential Policy Directive on Cyberwar envisioned for getting cooperation from private companies. It defines four kinds of access to private computer networks:

Network defense, which is what network owners do or USG (or contractors) do at their behest to protect key networks. I assume this like anti-virus software on steroids.
Cyber collection that, regardless of where it occurs, is done in secret. This is basically intelligence gathering about networks.
Nonintrusive Defensive Countermeausres, which is more active defensive attacks, but ones that can or are done with the permission of the network owners. This appears to be the subset of Defensive Cybereffects Operations that, because they don’t require non-consensual network access, present fewer concerns about blowback and legality.
Defensive Cybereffects Operations, which are the entire category of more active defensive attacks, though the use of the acronym DCEO appears to be limited to those defensive attacks that require non-consensual access to networks and therefore might cause problems. The implication is they’re generally targeted outside of the US, but if there is an imminent threat (that phrase again!) they can be targeted in the US.

In the area of cyberdefense or offense (remember, this is an overlapping part of NSA’s mission with cryptography) the government envisions collecting information (because cryptography overlaps with this mission, this might be included in that secret data collection) without a network owner’s consent, conducting defensive measures with a network owner’s consent, or conducting defensive measures without a network owner’s consent (the latter is only supposed to happen in the US with the President’s authorization).

Working Thread: Section 215 Dragnet Document Dump, Part II

September 11, 2013/2 Comments/in FISA, PATRIOT /by emptywheel

It’s fundraising week. Please support the work I do with a donation.

This is part of a working thread on yesterday’s Section 215 dragnet. Part I is here. The documents are here.

IG Report

(i) Note that the cover letter was signed by the Acting IG, Brian McAndrew, but the report itself was signed by Joel Brenner.

(3) The IG Report uses a lot of passive voice where it should assign some responsibility for implementing controls.

(4) Note this recommendation is redacted but almost certainly is S 215 or S 332, based on the distribution list.

(4) Note the definition of processing.

(8) Note the finding the info assurance was adequate turned out to be wrong, as people were just wandering into this database.

(9) The audits OIG was supposed to conduct didn’t happen, per the description on page 31 of the Alexander declaration. This is sort of a big deal. Was OIG excluded (as they had been under the illegal program)? Or did they just not do their job?

(13) Note the review started immediately after the program started and by its own admission “did not conduct a full range of compliance and/or substantive testing.”

(18) Curious whether NSA introduced the word “archive” in the table.

(19) The language on metadata retention is another tell: they describe not “keeping” the data but “keeping it online” while avoiding mention of archive.

Compliance Incidents, Feb 26, 2009 & Supplemental Alexader

(4) Three different analysts querying databases. Again the timing on this is interesting, from day after election to day after transferring power. Note there’s still no discussion of where all those other identifiers went.

(SAlexander 2) Note the reference to telecoms remains unredacted.

Keith Alexander’s Ignorance By Design

September 11, 2013/8 Comments/in FISA, PATRIOT /by emptywheel

Oops! Forgot to encourage you all to support this work with a donation.

One of the most publicized lines from yesterday’s FOIA disclosures comes from Keith Alexander’s declaration to Reggie Walton on how the Section 215 dragnet went so horribly awry. He claims — without explaining the basis for his knowledge — that no one knew how all this worked.

Furthermore, from a technical standpoint, there was no single person who had a complete technical understanding of the BR FISA system architecture. (Alexander 19)

The comment comes amidst a section that discusses not system architecture, but simple legal compliance, in which Alexander describes how,

NSA’s lawyers consistently gave incorrect data to FISC over 3 years time
NSA’s lawyers exempted a whole class of data — that not yet “archived” — from the plain meaning of the law

At the beginning of this particular section, he says his knowledge comes from,

Reviews of NSA records and discussions with relevant NSA personnel (Alexander 16)

But at the beginning of Alexander’s declaration, he states his statements,

are based on my personal knowledge, information provided to me by my subordinates in the course of my official duties, advice of counsel, and conclusions reached in accordance therewith. (Alexander 2)

That is, for the declaration overall, Alexander says he only spoke to “counsel” and other NSA people in “the course of [his] official duties,” and there only with subordinates. Admittedly, all NSA personnel should be his subordinates, but it is curious he doesn’t describe the NSA personnel he spoke with as such.

That’s important, because throughout this section, Alexander’s statements are caveated with “it appears” introductions.

… the inaccurate description of the BR FISA alert list initially appears to have occurred to a mistaken belief …(Alexander 17)

… Therefore, it appears there was never a complete understanding among the key personnel who reviewed the report … (Alexander 18)

… Nevertheless, it appears clear in hindsight from discussions with the relevant personnel as well as reviews of NSA’s internal records that the focus was almost always on whether analysts were contact chaining the Agency’s repository of BR FISA data in compliance … (Alexander 18)

Now perhaps Alexander spoke to the people who actually knew what went on. It turns out they would, in significant part, be lawyers. Counsel.

Though that’s rarely reflected in his descriptions. In perhaps just one sentence, he makes an assertion about what the SIGINT Directorate and the OGC [counsel] “realized,” though note he doesn’t specify a single human subject for that realization.

Or perhaps he spoke only to “relevant personnel” who provided him information in the course of his normal duties.

But one thing is clear: he either doesn’t claim actual knowledge about the subject he is addressing beyond what actually got documented, the most important topic in his declaration. Or he does, but for some reason he was, in this matter alone, uncomfortable asserting that as a clear fact.

Yet somehow, having spoken to remarkably few people, he somehow feels confident claiming no one knew about the entire architecture (an irrelevant issue to the legal and management problem at hand)?

I would suggest Alexander’s lawyers [counsel!] — the very people who provided false information to the court and false advice to NSA personnel — might have a good deal more certainty about what happened than Alexander. But somehow they managed to avoid making sworn declarations to the court about those subjects.

Update: The list of people who knew about this stuff on Alexander 25-26 is of particular interest. Two OGC lawyers and 3 program managers had access to both what was allowed to analysts and what was reported to the court (though Alexander helpfully notes, “[t]his does not mean that an individual who was on distribution for the reports was actually familiar with the contents of the reports.”

Alexander also says he had conversations with the people on distribution of the original email drafting language for the court.

Alexander goes on to note there were a lot of people that knew of how the alerts worked but, “[b]ased on information available to me, I conclude it is unlikely that this category of personnel knew how the Agency had described the alert process to the Court.”