Posts

Why We Should Remain Skeptical of the Five (!!) Congressional Investigations into the Russian Hack

/5 Comments/in /by

I was interviewed (on Thursday) about the Flynn resignation and larger investigation into the Russia hack for Saturday’s On the Media. In what made the edit, I made one error (which I’ll explain later), but a key point I made holds. The leaking about Flynn and other Russian events are hypocritical and out of control. But they may create pressure to fix two problems with the current investigations into the Russian hack: the role of Jeff Sessions overseeing the DOJ-led investigations, and the role of Trump advisory officials Devin Nunes and Richard Burr overseeing the most appropriate congressional investigations.

In this post I’ll look at the latter conflicts. In a follow-up I’ll look at what the FBI seems to be doing.

As I noted in the interview, contrary to what you might think from squawking Democrats, there are five congressional investigations pertaining to Russian hacks, though some will likely end up focusing on prospective review of Russian hacking (for comparison, there were seven congressional Benghazi investigations). They are:

  • Senate Intelligence Committee: After months of Richard Burr — who served on Trump’s campaign national security advisory council — saying an inquiry was not necessary and going so far as insisting any inquiry wouldn’t review the dossier leaked on Trump, SSCI finally agreed to do an inquiry on January 13. Jim Comey briefed that inquiry last Friday, February 17.
  • House Intelligence Committee: In December, James Clapper refused to brief the House Intelligence Committee on the latest intelligence concluding Russian hacked the DNC with the goal of electing Trump, noting that HPSCI had been briefed all along (as was clear from some of the leaks, which clearly came from HPSCI insiders). In January, they started their own investigation of the hack, having already started fighting about documents by late January. While Ranking Democratic Member Adam Schiff has long been among the most vocal people complaining about the treatment of the hack, Devin Nunes was not only a Trump transition official, but made some absolutely ridiculous complaints after Mike Flynn’s side of some conversations got legally collected in a counterintelligence wiretap. Nunes has since promised to investigate the leaks that led to Flynn’s forced resignation.
  • Senate Armed Services Committee: In early January, John McCain announced he’d form a new subcommittee on cybersecurity, with the understanding it would include the Russian hack in its focus. Although he originally said Lindsey Graham would lead that committee, within weeks (and after Richard Burr finally capitulated and agreed to do a SSCI inquiry), McCain instead announced Mike Rounds would lead it.
  • Senate Foreign Relations Committee: In December, Bob Corker announced the SFRC would conduct an inquiry, scheduled to start in January. At a hearing in February, the topic came up multiple times, and both Corker and Ben Cardin reiterated their plans to conduct such an inquiry.
  • Senate Judiciary Subcommittee on Crime and Terrorism: After Graham was denied control of the SASC panel, he and Sheldon Whitehouse announced they’d conduct their own inquiry, including a prospective review of “the American intelligence community’s assessment that Russia did take an active interest and play a role in the recent American elections.”

All the while, some Senators — McCain, Graham, Chuck Schumer, and Jack Reed — have called for a Select Committee to conduct the investigation, though in true McCainesque fashion, the maverick has at times flip-flopped on his support of such an inquiry.

Also, while not an investigation, on February 9, Jerry Nadler issued what I consider (strictly as it relates to the Russian hack, not the other conflicts) an ill-advised resolution of inquiry calling for the Administration to release materials relating to the hack, among other materials. Democrats in both the House and Senate have introduced legislation calling for an independent commission, but have gotten no support even from the mavericky Republicans.

As you can see from these descriptions, it took pressure from other committees, especially Lindsey Graham getting control of one of the inquiries, before Richard Burr let himself be convinced by SSCI Vice Chair Mark Warner to conduct an inquiry. Thus far, Mitch McConnell has staved off any Select Committee. As soon as SSCI did claim to be launching an investigation, a bunch of Republicans tried to shut down the others, claiming it was all simply too confusing.

Let me be clear: as I noted in the OTM interview, the intelligence committees are the appropriate place to conduct this investigation, as it concerns really sensitive counterintelligence matters — people who could be witnesses to it are getting killed! — and an ongoing investigation. The only way to conduct a responsible inquiry is to do so in secret, and unless a select committee with clearance is formed, that means doing so in the dysfunctional intelligence committees.

That’s made worse by Nunes and Burr’s obvious conflicts, having served on Trump’s pre-inauguration advisory teams (at a time when Mike Flynn was chatting about ongoing sanctions with Russia), and their equally obvious disinterest in conducting the investigation. Remember that the intelligence committees successfully bolloxed up the independent investigation into Iran-Contra. While neither Nunes nor Burr is as smart as Dick Cheney, who had a key role in that intentional bolloxing, Democrats should be cognizant of the ways that such bolloxing has happened in the past.

And now that SSCI has finally started its inquiry, Ali Watkins published an uncharacteristically credulous report on Burr’s role in the investigation, slathering on the colorful vocabulary — “brutally yanked;” “underground cohort;” “dark shadow of Langley;” “Wearily, they’re trudging forward on a probe littered with potential political landmines;” — before portraying the allegedly difficult position Burr is in:

That he’s now in charge of the sweeping Russia inquiry puts the North Carolina Republican in between a rock and a hard place. Since taking over the helm of the intelligence committee, Burr has pressed for more active and aggressive oversight, and has kept a rigorous travel schedule to match. But his decisive reelection victory in November came at a cost — throughout the contentious race, Burr towed Trump’s line, and hasn’t yet directly criticized the White House publicly.

But Burr has shown no indication that he’s ever angled for a Trump administration job, and says he’s not running for re-election. How seriously he takes his obligation to carry his president’s water remains to be seen.

Burr has been slammed by colleagues in recent days, who fear he’s slow-rolling an investigation into a fast-moving story. But much of the inquiry’s slow start was due to bureaucratic wrangling — some intelligence agencies insisted products be viewed on site rather than sent to the Hill, and some of the intelligence was so tightly controlled that it was unclear if staffers could even view it.

This is just spin. There is abundant public record that Burr has thwarted oversight generally (he has said things supporting that stance throughout his history on both the Senate and House Intelligence Committee, even ignoring his role in covering up torture, and Watkins’ earlier incorrect claims about Burr’s open hearings remain only partly corrected). There is no mention in this article that Burr was on Trump’s national security advisory committee. Nor that SSCI had reason to do hearings about this hack well before January 2017, back when it might have made a difference — at precisely the time when Burr apparently had time to advise Trump about national security issues as a candidate. Plus, it ignores all the things laid out here, Burr’s continued equivocation about whether there should even be a hearing.

There is no reason to believe Burr or Nunes intend to have a truly rigorous investigation (bizarrely, Warner seems to have had more success pushing the issue than Schiff — or Dianne Feinstein when she was Vice Chair — though that may be because the Ranking position is stronger in the Senate than in the House). And history tells us we should be wary that their investigations will be counterproductive.

As I noted, on Friday — the Friday before a recess — Jim Comey briefed the SSCI on the Russian hack. That briefing was unusual for the date (regular SSCI meetings happen on Tuesday and Thursday, and little business of any kinds happens right before a recess). Reporters have interpreted that, along with the presumed silence about the content of the briefing, as a sign that things are serious. That may be true — or it may be that that was the only time a 3-hour briefing could be scheduled. In the wake of the briefing, it was reported that the SSCI sent broad preservation requests tied to the inquiry (that is, they sent the request long after the inquiry was started). And while the press has assumed no one is talking, the day after the briefing, Reuters reported outlines of at least three parts of the FBI investigation into the Russian hack, attributed to former and current government officials.

Share this entry

Seven Democrats Write Obama Asking Him to Declassify More Information on Russian Involvement in the Election

/2 Comments/in , /by

Ron Wyden, five other Democrats, and Dem caucusing Independent Angus King just wrote Obama a cryptic letter. The entire body of the letter reads:

We believe there is additional information concerning the Russian Government and the U.S. election that should be declassified and released to the public. We are conveying specifics through classified channels.

Thank you for your attention to this important matter.

Aside from the fact that this suggests (as Wyden’s cryptic letters always d0) there is something meaty that we really ought to know, I find the list of signers rather curious. In addition to Wyden, the following Senators signed the letter:

  • Jack Reed
  • Mark Warner
  • Barb Mikulski
  • Martin Heinrich
  • Angus King
  • Mazie Hirono

That is, every Democratic SSCI member except current Chair Dianne Feinstein, plus Senate Armed Services Chair Jack Reed, signed the letter. So every Democrat except DiFi and Majority Leader Harry Reid signed the letter, suggesting it is something that got briefed to the full Senate Intelligence Committee as well as the Ranking Members of SASC (the latter of which suggests NSA or CYBERCOM may be involved).

I’m as interested in the fact that DiFi and Reid didn’t sign as that the others did sign. It can’t be that Reid is retiring and DiFi is heading to SJC (it’s still unclear whether she’ll remain on SSCI or not). After all, Mikulski is retiring as well.

Plus, Harry Reid wrote a far more explicit letter last month to Jim Comey — apparently following up on a non-public letter send months earlier — alluding to direct coordination between Trump and Russia.

In my communications with you and other top officials in the national security community, it has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government – a foreign interest openly hostile to the United States, which Trump praises at every opportunity. The public has a right to know this information. I wrote to you months ago calling for this information to be released to the public. There is no danger to American interests from releasing it. And yet, you continue to resist calls to inform the public of this critical information.

Finally, what to make of the fact that not even John McCain signed onto this letter? Reed’s inclusion makes it clear that McCain, too, must have been briefed. He has been outspoken about Trump’s moves to cozy up to Putin. If he has seen — and objects to — such coordination, why not sign onto this letter and give it the patina of bipartisanship?

Share this entry

The Holder-Clapper Letter Ought to Make You Worry about Leahy’s USA Freedom

/10 Comments/in /by

As the press is reporting right now, James “Too Cute by Half” Clapper and Eric Holder have written Patrick Leahy a letter endorsing his version of the dragnet reform bill. Reports claim this shows that Clapper supports reform.

Consider me unimpressed.

To understand why, it helps to understand what this letter was once supposed to do. According to a Senate source who is skeptical this reform does enough, it was supposed to provide language that would endorse civil libertarians’ understanding of key terms of the bill. I’m not sure if the letter is still supposed to do that work — if it is not, that is a story unto itself. But the language in this letter doesn’t make any commitments on the key points of concern.

As an initial matter, I was told this letter would include language making it clear that the “connection chaining” language I’ve been so concerned about would limit contact chaining to actual calls made. The letter doesn’t address connection chaining at all. Huh. How about that?

Here’s what Clapper’s letter says about the prospective call detail record (CDR) collection:

The bill also provides a mechanism to obtain telephone metadata records in order to identify potential contacts of suspected terrorists inside the United States. The Intelligence Community believes that, based on communications providers’ existing practices in retaining metadata, the bill will retain the essential operational capabilities of the existing bulk telephone metadata program while eliminating bulk collection.

It’s good news the IC is not asking for data retention requirements — but you ought to ask why, given that the most important provider, Verizon, has told the Senate Intelligence Committee that it only keeps billing records — not CDRs — for 18 months.

Note, however, that Clapper doesn’t use CDR language here — he uses “metadata,” which is actually broader — potentially far broader — than CDRs as defined by the bill. We know, for example, that the IC considers location data metadata — and James Cole told Mark Warner they might ask for hybrid orders to get location data. We know from the ICREACH documents that the IC admits it uses a different definition of metadata than the FISA Court does (the IC’s definition of metadata not only includes content, but also substantive information about people). We know that providers store customer things-that-count-as-metadata on their clouds, indefinitely. Adopting metadata here, in short, may back off the otherwise limited definition of CDR, which is one of the bills laudable limiting factors.

The letter’s claim to end bulk collection does nothing to reflect that the IC’s definition of bulk — anything without a discriminator — has nothing to do with the common English definition of it; it certainly doesn’t promise to end the English language definition of bulk. Moreover, it only promises to limit bulk collection to the “greatest extent practicable.”

[T]he bill permits collection under Section 215 of the USA PATRIOT Act using a specific selection term that narrowly limits the scope of the tangible things sought to the greatest extent reasonably practicable, consistent with the purposes for seeking the tangible things. Recognizing that the terms enumerated in the statute may not always meet operational needs, the bill permits the use of other terms, provided there are court-approved minimization procedures that prohibit the dissemination and require the destruction within a reasonable period of time of any information that has not been determined to satisfy certain specific requirements.

That “reasonably practicable” language is a direct quote from the bill. It adds nothing, and given that Bob Litt refuses to limit FBI back door searches because it’s not practicable, what the IC means by practicable could very easily encompass gross privacy violations — ones that have already been approved by FISC! And remember–the IC can use corporate persons as selection terms.

Then the letter all but admits it will use selection terms that violate this principle, but points to the minimization procedures required by the law to rationalize that. As I’ve pointed out, there’s no reason to believe the minimization procedures will be any more stringent than what the FISC currently requires — and there’s at least some reason to suspect they might be weaker than current minimization procedures. (And remember, the retention requirements for the CDR authority almost certainly broadens permitted dissemination to foreign intelligence purpose, which might lead to a similar broadening of it elsewhere under the authority.)

The transparency paragraph includes this language.

the transparency provisions  in this bill … among other things, [] recognize the technical limitations on our ability to report certain types of information.

This is James Clapper saying quite clearly to anyone willing to listen that he sees this bill — which explicitly carves out FBI back door searches from any transparency reporting — as Congressional endorsement of the idea that we should never demand the number of FBI back door searches. This language, by itself, ought to make the bill toxic.

Congratulations NGOs. You’re backing the idea that the FBI should be able to use 702 and 12333 collected information in criminal contexts with zero oversight or accountability.

Finally, Clapper’s letter makes it clear that Leahy’s bill will do nothing to stop ex parte communication between the Executive and FISC. And he even points to John Bates’ ridiculous letter (huh, now we have a better sense of who put Bates up to that!) to warn he’ll carve out even more.

We believe that the appointment of an amicus in selected cases, as appropriate, need not interfere with important aspects of the FISA process, including the process of ex parte consultation between the Court and the government. We are also aware of the concerns that the Administrative Offices of the U.S. Courts expressed in a recent letter, and we look forward to working with you and your colleagues to address these concerns.

Especially after we learned Bates single-handedly rewrote PATRIOT last year to make it okay to spy on Americans for their protected speech, we should do nothing to accommodate Bates’ wishes, especially since he didn’t speak with the authority of his position. The FISC, as Bates envisions it, doesn’t resemble a real court at all.

In short, there’s one piece of good news in this letter — that the IC won’t ask for data retention requirements — and a whole lot of reason to be even more skeptical of the bill.

Share this entry

Did ACLU and EFF Just Help the NSA Get Inside Your Smart Phone?

/10 Comments/in /by

EFF ACLUThe ACLU and EFF normally do great work defending the Fourth Amendment. Both have fought the government’s expansive spying for years. Both have fought hard to require the government obtain a warrant before accessing your computer, cell phone, and location data.

But earlier this week, they may have taken action that directly undermines that good work.

On Wednesday, both civil liberties organizations joined in a letter supporting Patrick Leahy’s version of USA Freedom Act, calling it a necessary first step.

We support S. 2685 as an important first step toward necessary comprehensive surveillance reform. We urge the Senate and the House to pass it quickly, and without
making any amendments that would weaken the important changes described above.

ACLU’s Laura Murphy explained why ACLU signed onto the bill in a column at Politico, analogizing it to when, in 2010, ACLU signed onto a bill that lowered, but did not eliminate,  disparities in crack sentencing.

Reform advocates were at a crossroads. Maximalists urged opposition despite the fact the bill would, in a very real way, make life better for thousands of people and begin to reduce the severe racial and ethnic inequality in our prison system. Pragmatists, fearing that opposition to the bill would preclude any reform at all, urged support.

It was a painful compromise, but the ACLU ultimately supported the bill. It passed, astoundingly, with overwhelming support in both chambers.

And then something amazing happened. Conservative lawmakers, concerned about government waste, increasingly came to the table to support criminal justice reform. Liberals realized they could vote their conscience on criminal justice without accusations of being “soft on crime.” It has not been easy and there have been many steps backward, but in recent years, we’ve seen greater public opposition to mandatory minimum sentences and real movement on things like reducing penalties for low-level drug offenses.

The analogy is inapt. You don’t end crack disparities by increasing the number of coke dealers in jail. But Leahy’s USA Freedom Act almost certainly will increase the number of totally innocent Americans who will be subjected to the full brunt of NSA’s analytical authorities indefinitely.

That’s because by outsourcing to telecoms, NSA will actually increase the total percentage of Americans’ telephone records that get chained on; sources say it will be more “comprehensive” than the current dragnet and Deputy NSA Director Richard Ledgett agrees the “the actual universe of potential calls that could be queried against is [potentially] dramatically larger.” In addition, the telecoms are unlikely to be able to remove all the noisy numbers like pizza joints — as NSA currently claims to — meaning more people with completely accidental phone ties to suspects will get sucked in. And USA Freedom adopts a standard for data retention — foreign intelligence purpose — that has proven meaningless in the past, so once a person’s phone number gets turned over to the NSA, they’ll be fair game for further NSA spying, the really invasive stuff, indefinitely.

But that’s not the reason I find ACLU and EFF’s early support for USA Freedom so astounding.

I’m shocked ACLU and EFF are supporting this bill because they don’t know what the NSA will be permitted to do at the immunized telecoms. They have blindly signed onto a bill permitting “connection chaining” without first understanding what connection chaining entails.

As I have reported extensively, while every witness who has talked about the phone dragnet has talked about chaining on phone calls made — all the calls Anwar al-Awlaki made, all the calls those people made — the language describing this chaining process has actually been evolving. Dianne Feinstein’s Fake FISA Fix last fall allowed the NSA to chain on actual calls — as witnesses had described — but also on communications (not just calls) “to or from any selector reasonably linked to the selector.” A February modification and the last two dragnet orders permitted NSA to chain on identifiers “with a contact and/or connection” with the seed, making it clear that a “connection” is something different than a “contact.” The House bill USA Freedumber adopted the same language in a legislative report. Leahy’s bill adopts largely the same language for chaining.

(iii) provide that the Government may require the prompt production of call detail records—

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;

Now, it’s possible that this language does nothing more than what NSA illegally did until 2009: chain on both the identifier itself, but also on identifiers it has determined to be the same person. Back in 2009, NSA referred to a separate database to determine these other identifiers. Though that’s unlikely, because the bill language suggests the telecoms will be identifying these direct connections.

It’s possible, too, that this language only permits the telecoms to find “burner” phones — a new phone someone adopts after having disposed of an earlier one — and chain on that too.

But it’s also possible that this language would permit precisely what AT&T does for DEA in its directly analogous Hemisphere program: conduct analysis using cell site data. The bill does not permit NSA to receive cell site data, but it does nothing to prohibit NSA from receiving phone numbers identified using cell site data. When Mark Warner asked about this, Ledgett did not answer, and James Cole admitted they could use these orders (with FISC approval) to get access to cell location.

It’s possible, too, that the telecoms will identify direct connections using other data we know NSA uses to identify connections in EO 12333 data, including phone book and calendar data.

The point is, nobody in the public knows what “connections” NSA will be asking its immunized telecom partners to make. And nothing in the bill or even the public record prohibits NSA from asking telecoms to use a range of smart phone information to conduct their analysis, so long as they only give NSA phone identifiers as a result.

In response to questions from Senators about what this means, Leahy’s office promised a letter from James Clapper’s office clarifying what “connections” means (No, I don’t remember the part of Schoolhouse Rock where those regulated by laws get to provide “clarifications” that don’t make it into the laws themselves). That letter was reported to be due on Tuesday, by close of business — several days ago. It hasn’t appeared yet.

I asked people at both EFF and ACLU about this problem. EFF admitted they don’t know what this language means. ACLU calls the language “ambiguous,” but based on nothing they were able to convey to me, insists getting smart phone data under the guise of connection chaining would be an abuse. ACLU also pointed to transparency provisions in the bill, claiming that would alert us if the NSA starting doing something funky with its connection language; that of course ignores that “connection chaining” is an already-approved process, meaning that existing processes won’t ever be need to be released. It also ignores that the Administration has withheld what is probably a directly relevant phone dragnet opinion from both ACLU and EFF in their dragnet FOIA.

I get Laura Murphy’s point about using USA Freedom to start the process of reform. But what I don’t understand is why you’d do that having absolutely no idea whether that “reform” codifies the kind of warrantless probable cause-free access to device data that ACLU and EFF have fought so hard to prevent elsewhere.

ACLU and EFF are supposed to be leaders in protecting the privacy of our devices, including smart phones. I worry with their embrace of this bill, they’re leading NSA right into our smart phones.

Share this entry

Verizon Counsel Speaks Out Against “Outsourcing” Intelligence

/14 Comments/in /by

One of the concerns I’ve raised about HR 3361 — AKA USA Freedumber — regards who will do some of the data analysis that the NSA “data integrity analysts” currently do before the contact-chaining stage. As I’ve noted, the most privacy protective thing would be to have the telecoms do it, but that would put them in an inappropriate role of performing analysis for the intelligence community.

Apparently, Verizon agrees with that. As part of Verizon Associate General Counsel Michael Woods’ testimony to the Senate Intelligence Committee the other day, he emphasized how inappropriate it would be for the telecoms to serve as surrogates for the intelligence community. (He emphasized this in his answers as well.)

Included in the reform discussions has been the idea that the collection, searching, and perhaps even analysis, of potentially relevant data is best done not by the government, but by the private holders of that data. One recommendation that garnered particular attention was that bulk collection of telephony metadata might be replaced by a system in which such metadata is held instead either by private providers or by a private third party.

This proposal opens a very complex debate, even when that debate is restricted to just traditional telephony, but the bottom line is this: national security is a fundamental government function that should not be outsourced to private companies.

Verizon is in the business of providing communications and other services to our customers. Data generated by that process is held only if, and only for long as, there is a business purpose in doing so. Outside of internal business operations, there typically is no need for companies to retain data for extended periods of time.

If a company is required to retain data for the use of intelligence agencies, it is no longer acting pursuant to a business purpose. Rather, it is serving the government’s purpose. In this context, the company has become an agent or surrogate of the government. Any Constitutional benefit of having the data held by private entities is lost when, by compelling retention of that data for non-business purposes, the private entity becomes a functional surrogate of the government. Public trust would exist to the extent that companies are believed to be truly independent of the government. When the companies are seen as surrogates for intelligence agencies, such trust will dissipate.

Nor would outsourcing offer any promise of efficiency. Technology is changing too rapidly — telecommunications networks are evolving beyond traditional switched telephony. Voice over Internet Protocol (VoIP) technologies handle voice traffic over the Internet (as opposed to the public switched telephone networks) and already account for a substantial portion of voice traffic. Even more dramatic has been the rise of “over-the-top” applications that use peer to peer or other technologies to establish direct connections between users over the Internet. In 2012, one such application accounted for 34% of all international voice calling minutes. VoIP and over-the-top applications traverse IP networks as Internet traffic and thus do not generate CDRs or similar telephony business records. U.S. intelligence agencies would need to approach application owners to establish access equivalent to the CDRs they obtain under the existing program. The technical difficulties multiply if the intelligence agencies were to eventually seek the same sort of access to IP metadata from Internet Service Providers.

Finally, the commercial effect on U.S. companies of outsourcing collection ought to be considered. No company will be eager to undertake the increased responsibility, scrutiny, and liability entailed by having its employees become surrogates for the government in the collection of intelligence. More troubling for large companies is the negative effect in the international market of overt association with a U.S. intelligence agency.

H.R. 3361 does not include any provisions which would require data retention by telecommunications companies. For all the foregoing reasons, that is a good thing. A framework under which intelligence agencies retain and analyze data that has been obtained from telecommunications companies in a “arms length” transaction compelled by a FISA order should continue. [my emphasis]

I quote this in full not to make you laugh at the prospect of Verizon balking at “becoming” a surrogate of the government.

I think this statement was clearly meant to lay out some clear principles going forward (and I suspect Verizon is by far the most important player in USA Freedumber, so Congress may well listen). Whatever Verizon has done in the past — before Edward Snowden and after him, ODNI exposed it, alone among the telecom companies, as turning over all our phone records to the government — it has made several efforts, some half-hearted and some potentially more significant to establish some space between it and the government. If Verizon has decided it’s time to set real boundaries in its cooperation with the government I’m all in favor of that going forward.

Much of this statement is just a clear warning that Verizon won’t abide by requests to extend their data retention practices, which it terms acting as an agent of the government. That will, by itself, limit the program. As Woods explained, they don’t really need Call Detail Records that long (and I assume they need smart phone data even less). What they keep the required 18 months is just billing records, which doesn’t provide the granular data the government would want. So if Verizon refuses to change its data retention approach, it will put a limit on what the government can access.

That said, that’s clearly what a number of Senators would like to do — mandate the retention of CDRs 18 months, which would in turn significantly raise the cost of this (about which more in a later post). So this could actually become a quite heated battle, aside from what privacy activists do.

There are a few more details of this I’m particularly intrigued by (aside from Woods’ warning that the records of interest will all be Internet-based calls within very short order).

Note that Woods admits there has been some discussion of having telecoms do “analysis” (and I assume he’s not talking just about me). Given his statements, it seems Verizon would refuse that too (good!). But remember: the last round of USA Freedumbing included compensation and immunity for Booz-type contractors in addition to the telecoms, so NSA may still be outsourcing this analysis, just to other contractors (and given that this was a late add, it may have come in response to Verizon’s reluctance to do NSA’s analysis for it).

When Woods claims this is difficult, “even when that debate is restricted to just traditional telephony,” he suggests the debate may not be restricted to traditional telephony. Obviously, Verizon must still be involved in upstream production. And it either is or may well be asked to resume its involvement in Internet metadata collection, because USA Freedumber doesn’t hide the intent to return to Internet dragnet collection. Then there’s the possibility Mark Warner’s questions elicited, that the telecoms will be getting hybrid orders asking for telephony metadata as well as other things, not limited to location.

When we talk about the various ways the NSA may try to deputize the telecoms, the possibilities are very broad — and alarming. So I’m happy to hear that Verizon, at least, is claiming to be unwilling to play that role.

Share this entry

Mark Warner Lays Out How USA Freedumber Will Put the NSA in Your Smartphone

/23 Comments/in /by

I noted this yesterday in a quick post, but I wanted to post the video and my transcription of Mark Warner’s efforts to lay out some of the privacy problems with HR 3361, which I call USA Freedumber.

Warner, who made his fortune as a telecom mogul, points out that USA Freedumber will be able to access calls from smaller cell companies that are currently not included as primary providers to NSA (he doesn’t mention it, but USA Freedumber will also be able to access VOIP).

Warner: It was reported when we think about 215 in the previous program that that collected metadata that was with those entities — those companies — that entered into some relationship with the IC, and I believe there was a February WSJ article that reported — and I don’t want to get into percentages here — that while the large entities, large companies were involved, that in many cases, the fastest growing set of telephone calls, wireless calls, were actually a relatively small percentage. Is that an accurate description of how the press has presented the 215 program prior — previously?

Ledgett: Yes, that’s how the press represented it.

Warner: And if that was an accurate presentation, wouldn’t the universe of calls that are now potentially exposed to these kind of inquiries be actually dramatically larger since any telco, regardless of whether they had a relationship with the IC or not, and any type of call, whether it is wire or wireless, be subject to the inquiries that could be now made through this new process.

Ledgett: Uh Yes, Senator, that’s accurate.

Warner: So, again, with the notion here that under the guise of further protecting privacy, I think on a factual basis, of the number of calls potentially scrutinized, the universe will be exponentially larger than what the prior system was. Is that an accurate statement.

Ledgett: No, Senator, I don’t believe so, because the only calls that the government will see are those that are directly responsive to to the predicate information that we have.

Warner: No, In terms of actual inquiries, correct, but the the universe of potential calls that you could query, when prior to the calls were only queried out of the 215 database that was held at the NSA, which as press reports said did not include — in many cases — the fastest growing number of new calls, wireless calls, now the universe of — even though the number of queries may be the same, because the protections are still the same, the actual universe of potential calls that could be queried against is dramatically larger than what 215 has right now.

Ledgett: Potentially yes, that’s right Senator.

From there, Warner focuses on a more troubling issue: the likelihood that NSA could get cell location data and call detail records with the same request. Read more

Share this entry

Mark Warner Confirms USA Freedumber Expands Surveillance

/6 Comments/in /by

The Senate Intelligence Committee is in the middle of its Snowden Day hearing on the USA Freedumber Act. I’ll have more to say about it later (spoiler alert: the hearing has proven that the overseers don’t understand the program they’re currently overseeing).

The highlight was, surprisingly, when Mark Warner questioned the government witnesses.

Warner (who used to be a telecom mogul) got the government witnesses to concede to two key points.

First, Warner noted that under the new scheme, every telecom would be subject to government requests. As a result, he said, “On factual basis, the number of calls scrutinized universe will be exponentially larger.” Deputy Attorney General James Cole at first tried to prevaricate. But then admitted that more records would be exposed.

Then, Warner noted that telecoms have to keep cell location, and that the current Section 215 program does not obtain cell location. He asked if the NSA could use or obtain cell location going forward. Cole did not deny that; he admitted that sometimes it is very helpful.

Thanks to Mark Warner for getting these two details on the record, as I have been arguing both were true, but now can confirm they are.

 

Share this entry

Do Senators Collins, King, and Warner Like Being Spied On?

/7 Comments/in /by

Over the last few days, I’ve tracked the accusations and counter-accusations between CIA and the Senate Intelligence Committee.

A number of people have asked why, as a way to end this issue, the Committee doesn’t just declassify the entire SSCI Report.

But it’s not so simple as that.

It’s not clear there are the votes to release the Report.

Recall that when the Committee approved the Report back in 2012, the vote was largely split on party lines, with the exception of John McCain, who voted as an Ex Officio member (as Ranking Member of Senate Armed Services Committee) to release the Report. McCain is no longer SASC Ranking member: Jim Inhofe is, and I’m betting he’s not going to vote to release the Report.

There are few other changes in the Committee proper since the report was originally finalized. Martin Heinrich and Angus King have replaced Bill Nelson and Kent Conrad, and Susan Collins and Tom Coburn have replaced Olympia Snowe and Roy Blunt.

And while Heinrich has quickly become one of the better overseers on the Committee, including on torture, it’s not actually clear whether King would vote to release the report. Collins, too, has been reported to be undecided (and her vote would be critical to making this a “bipartisan vote,” now that McCain doesn’t have a vote). There are even hints that Mark Warner wouldn’t vote to support its declassification (though he supported its finalization).

And importantly, King and Collins have been reported to be undecided after the time when, in January, the Committee at least began to suspect they’d been surveilled.

There are, obviously, two different issues (though Saxby Chambliss, at least, sides with CIA on both counts). But there’s been little outcry from the swing votes on releasing the underlying report itself.

Update: h/t to JK for the link to the Collins/King report I was not finding.

Share this entry

Mark Warner Thinks It’s Bold for a $200M Man to Cut Seniors’ Pensions

/22 Comments/in /by

I suggested the other day that Mark Warner’s position on the Gang of Six might bode poorly for SuperCongress being anything but a pre-gamed attack on Social Security and Medicare.

Well, it turns out he has already been running around to the press campaigning for the job, with a conference call and an appearance on Fox.

Sen. Mark Warner (D-Va.) would “love” to serve on the new, bicameral committee established by the debt-limit deal passed Tuesday by the Senate.

“My fear is that this could be made of a group that could be the more ideologically rigid in both parties, and I’m not sure that gets us to where we need to be,” Warner said in a conference call Monday, according to The Richmond Times-Dispatch.

[snip]

Warner said Tuesday on Fox News Channel that the new committee needs to address the two major components missing from the debt-limit deal: entitlements and tax reforms.

“The fact that I’m willing to do that probably means that I’m not actually going to get on the committee,” he said. “Chances are that there will be enormous pressure on leadership in both parties to put members that might not be willing to be as bold.”

Of the three Democrats who were on the Gang of Six–Warner, Durbin, and Conrad–Warner is most excited about cutting Social Security. Plus he’s gunning for things like the home mortgage deduction. And all that while he talks “tax reform,” not increased taxes on people, like him, who have far more than they’ll ever need.

Sure, it’s bold for someone who is worth $200 million to ask seniors and struggling families to make sacrifices to balance the budget.

But that doesn’t mean it’s smart.

Share this entry

Is Mark Warner the Designated Social Security Killer?

/36 Comments/in /by

The propaganda the Administration has put out to spin the debt capitulation as a win–“victory!” “bipartisan!” “compromise!”–would be amusing if the deal weren’t so dangerous. In addition to all the language claiming that cutting expenditures during a Depression–described here as “remov[ing] the cloud of uncertainty– will help the economy, there are these two bullets:

  • Establishes a bipartisan process to seek a balanced approach to larger deficit reduction through entitlement and tax reform;
  • Deploys an enforcement mechanism that gives all sides an incentive to reach bipartisan compromise on historic deficit reduction, while protecting Social Security, Medicare beneficiaries and low-income programs;

Bulllet 3 says this deal establishes a process to bring about entitlement reform. Bullet 4 claims the deal protected Social Security and Medicare. Both of these bullets can’t be true.

Which has set off a discussion about whether SuperCongress is only possibly going to cut Medicare and Social Security, or will almost certainly do so.

I wanted to look at how the membership of the predecessor committees to SuperCongress–the Catfood Commission and the Gang of Six–to suggest which is more likely.

As you recall, the Catfood Commission members voted 11-7 in favor of passing the Commission’s recommendations, which included raising the retirement age. The members of Congress on the Commission voted this way:

  • Tom Coburn: Yes
  • Judd Gregg: Yes*
  • Mike Crapo: Yes
  • Kent Conrad: Yes
  • Dick Durbin: Yes
  • Max Baucus: No
  • Paul Ryan: No
  • Jeb Hensarling: No
  • Dave Camp: No
  • Jan Schakowsky: No
  • Xavier Becerra: No
  • John Spratt: Yes*

Assuming for the sake of argument that the members who are still in Congress would be part of SuperCongress, that would make for a stalemate–though Republican opposition focused on Obama’s healthcare reform, not on the package of entitlement cuts and tax breaks for the rich that the commission recommended.

Both Judd Gregg and John Spratt are gone. Rather than replace Judd Gregg, the former Ranking Member of the Budget Committee with his functional equivalent, Jeff Sessions, Mitch McConnell will likely put Saxby Chambliss on SuperCongress, as Chambliss has been involved in the Gang of Six discussing a deficit reduction plan. John Spratt’s functional equivalent would be Chris Van Hollen, a not horrible addition for liberals. (Update: Or maybe he’s just like Durbin, a so-called liberal who will support this crap.)

But it’s not safe to assume Harry Reid will just pick the Senators who served on the Catfood Commission for SuperCongress. After Max Baucus voted no on the Catfood Commission, saying, “we cannot cut the deficit at the expense of veterans, seniors, ranchers, farmers and hard-working families,” he was replaced on the Gang of Six. Joe Biden and Harry Reid replaced him with Mark Warner, a man worth more than $200 million who has spent much of the tenure of the Gang of Six insisting that working Americans with whom he shares little in common won’t mind so much if they have to work another two years before they can retire.

In other words, one change we’ve already seen happen between the Catfood Commission and the Gang of Six is the replacement of Max Baucus, who proved unwilling to push through the $4 trillion deficit plan Obama has been chasing, with Mark Warner, who is all too willing to champion entitlement cuts for poor people.

If his newly central role in these discussions stands, we can be pretty sure we’ll see cuts to Social Security. And heck, if he won’t do the deed, then alleged liberal, Dick Durbin, and Kent Conrad seem prepared to do the work themselves.

Share this entry