Posts

Scary Terror Metrics: Do Indicted “Terrorists” Really Measure Back Door Spying?

Screen shot 2013-12-04 at 9.02.37 AM

Given how often fellow Michigander Juan Cole and I demonstrate what a mendacious hack Mike Rogers is…

Mike Rogers voted to give arms to the Syrian rebels. And while he may hope they don’t go to the al-Qaeda affiliates (as happened when Ronald Reagan gave $5 billion to the Afghan Mujahidin in the 1980s), he has no guarantee that won’t happen and is willing to take the risk. If Rogers were really, really concerned about the Jabhat al-Nusra, he wouldn’t be risking upping its firepower with Americans’ tax dollars as a justification for monitoring who your 15 year old daughter calls on her cell phone.

Let us say that again. Feinstein and Rogers just came on television to scaremonger the American people with the Syrian jihadis, and both of them voted to give the Syrian rebels millions of dollars in arms.

… You’d think some of the MI press might look into it.

Thankfully, Cole and I are no longer the only ones asking substantive questions about Rogers and Dianne Feinstein’s fearmongering on this Sunday’s shows. Peter Bergen has a piece that — like Cole — looks at actual numbers to challenge their claims. He relies on a New America Foundation study of Americans and residents indicted or killed over the last decade, showing that those numbers show terrorism to be going down (and be propagated by smaller, less capable groups).

But is there any real reason to think that Americans are no safer than was the case a couple of years back? Not according to a study by the New America Foundation of every militant indicted in the United States who is affiliated with al Qaeda or with a like-minded group or is motivated by al Qaeda’s ideology.

In fact, the total number of such indicted extremists has declined substantially from 33 in 2010 to nine in 2013. And the number of individuals indicted for plotting attacks within the United States, as opposed to being indicted for traveling to join a terrorist group overseas or for sending money to a foreign terrorist group, also declined from 12 in 2011 to only three in 2013.

Of course, a declining number of indictments doesn’t mean that the militant threat has disappeared. One of the militants indicted in 2013 was Dzhokhar Tsarnaev, who is one of the brothers alleged to be responsible for the Boston Marathon bombings in April. But a sharply declining number of indictments does suggest that fewer and fewer militants are targeting the United States.

Recent attack plots in the United States also do not show signs of direction from foreign terrorist organizations such as al Qaeda, but instead are conducted by individuals who are influenced by the ideology of violent jihad, usually because of what they read or watch on the Internet.

None of the 21 homegrown extremists known to have been involved in plots against the United States between 2011 and 2013 received training abroad from a terrorist organization — the kind of training that can turn an angry, young man into a deadly, well-trained, angry, young man.

Of these extremists, only Tamerlan Tsarnaev, one of the alleged Boston bombers, is known to have had any contact with militants overseas, but it is unclear to what extent, if any, these contacts played in the Boston Marathon bombings. [my emphasis]

The post got me thinking about the validity of this metric. Are the number of people indicted since 2009 a reflection of the actual threat, or that Federal officials have exhausted all the leads they’ve gotten from backdoor searches of existing COMINT collections?

Consider what one anonymous source said in the months after Anwar al-Awlaki was killed.

U.S. intelligence analysts miss the publication, too, at least to the extent that it provided a window into the thinking of al-Qaeda in the Arabian Peninsula, as the Yemen-based group is known.

“It was something that helped us gain insight into the group,” said a U.S. defense official involved in tracking AQAP, who spoke on the condition of anonymity. The publication’s apparent demise is “an intelligence loss for us,” the official said.

Yet Inspire probably wasn’t just a window onto AQAP’s thinking (if it really was that). Particularly given the indications NSA had some access to its code (if I were NSA I would have attached some kind of flag to the code used to decrypt the document, and I would also search on that code in upstream collection), I would assume Inspire was a major source of leads. So did killing Awlaki and Samir Khan simply make it harder for US officials to find Muslims to trap in stings over time?

NAF’s data is inconclusive on this point.  Read more

Stealing US Person Data Overseas: A Fox Source and Method

Catherine Herridge, one of Fox’s national security journalists, is usually fairly credible.

But yesterday, she gave House Intelligence Chair Mike Rogers an opportunity to claim evidence suggested Edward Snowden had help — without providing any evidence.

The evidence surrounding the case of former NSA contractor Edward Snowden suggests he did not act alone when he downloaded some 200,000 documents, according to the Republican head of the House Intelligence Committee.

“We know he did some things capability-wise that was beyond his capabilities. Which means he used someone else’s help to try and steal things from the United States, the people of the United States. Classified information, information we use to keep America safe,”  Rep. Mike Rogers, R-Mich., told Fox News.  [my emphasis]

To Herridge’s credit, she balances Rogers’ evidence-free claim with Glenn Greenwald’s statement noting that Rogers and others keep making such claims but have never provided any evidence.

That’s when things go south quickly. Herridge claims that a review of the Snowden leaks “shows the majority of the leaks since June now deal with sources, methods and surveillance overseas.”

A review of the NSA leaks by Fox News shows the majority of the leaks since June now deal with sources, methods and surveillance activities overseas, rather than the privacy rights of American citizens.

Now, perhaps she conducted a strict count, including every report on the extensiveness of NSA spying on various countries, to come up with this assertion.

But I find it bizarre that, less than a week after the report that NSA has been spying on the smut habits of 6 non-terrorists, including one US person, she deems this spying not to infringe on the privacy rights of American citizens (though we admittedly don’t know whether the US person is a permanent resident or a citizen).

More importantly, Herridge seems to dismiss the bulk of the recent reports — on deeply concerning dragnets overseas that don’t discriminate on US person data — because they happen overseas.

Now perhaps it’s because she’s doing a flyby on this reporting, and is unfamiliar with the evidence that that collection went overseas at precisely the time similar collection was deemed illegal within the US. Perhaps she’s not considering what it means that NSA steals from Google and Yahoo’s cables overseas in addition to the legally sanctioned spying they’re doing via PRISM. Perhaps she hasn’t reflected on the fact that, when NSA spies on US persons overseas, they get far less protection under EO 12333, no FISC oversight, and almost no Congressional oversight, than they would under FISA Amendments Act.

Perhaps she hasn’t thought through all the ways that this overseas spying may be a far bigger privacy violation than the spying it does in the US, not to mention evidence of NSA’s ongoing refusal to abide by the laws protecting Internet content.

And all that’s before you consider the secondary disclosures — such as the RAS-free searches of Americans’ data via back door searches — that we’re getting because of earlier Snowden leaks.

So perhaps there is a way to count all this up and dismiss worries about US privacy. But real reporting on it says recent leaks provide more cause for concern than most of the early ones.

 

“Journalists” Still Parroting DiFi’s Fear-Mongering

Excuse me for a little post holiday crabbiness.

But people who write stories like this are really not doing their jobs.

Appearing on CNN’s “State of the Union,” Sen. Dianne Feinstein, D-CA said there was “huge malevolence” against the United States, and warned that the terrorism threat against the country is on the rise.  “I think terror is up worldwide,” she said. “The numbers are way up.”

[snip]

Both lawmakers admitted that the more diffuse nature of today’s terrorist groups has made it harder to counter potential threats. Rogers pointed out that the rise in al-Qaeda affiliates spread around the globe raises the risk of a smaller scale attack and makes it “exponentially harder” for U.S. intelligence to keep track of them all.

It has been clear for two weeks that this fearmongering is part of an attempt to justify the dragnet. But the premise and the response are so illogical they should never be presented as “news.”

If we’re less safe, then what thousands of experts will be fired for screwing up the war on terror?

If we’re less safe, then why aren’t our overseers scrambling to understand why massive dragnets haven’t kept us safe?

If we’re less safe, than why isn’t the press asking why both Dianne Feinsein and Mike Rogers be fired for their failures?

If we’re less safe (and the real numbers don’t support these fear-mongers), then the response should be far more aggressive than simply repeating the claims that show a massive failure on the part of our security establishment.

But, if the claims are transparently bullshit, then reporters should not report them as fact.

Keith Alexander: The One General Obama Didn’t Fire

Obama has developed a reputation for firing Generals (so much so the wingnuts have developed some conspiracy theories about it).

Most famously, of course, he fired Stanley McChrystal for insubordination. He ousted CENTCOM Commander James Mattis early because of dissent on Iran policy (what on retrospect, with the distance and this AP report, might have been opposition to the back channel discussions that led to this weekend’s interim nuclear deal). A slew of Generals have been fired for offenses including drinking, fucking (including sexual abuse), swearing, and cheating at poker, as well as abusing their positions (Hamm, Gaouette, Baker, Roberts, Sinclair, Giardina, CarryHuntoon). Obama accepted then CIA Director David Petraeus’s resignation, ostensibly for fucking, too, but even before that kept refusing Petraeus the promotions he thought he deserved. Generals Gurganus and Sturdevant got fired for not sufficiently defending a big base in Afghanistan.

It’s that background that makes the premise of this WSJ piece on NSA so unconvincing. It presents the fact that General Keith Alexander offered — but Obama did not accept — his resignation as proof of how significantly the Snowden leaks have affected NSA.

Shortly after former government contractor Edward Snowden revealed himself in June as the source of leaked National Security Agency documents, the agency’s director, Gen. Keith Alexander, offered to resign, according to a senior U.S. official.

The offer, which hasn’t previously been reported, was declined by the Obama administration. But it shows the degree to which Mr. Snowden’s revelations have shaken the NSA’s foundations—unlike any event in its six-decade history, including the blowback against domestic spying in the 1970s.

[snip]

When the leaks began, some top administration officials found their confidence in Gen. Alexander shaken because he presided over a grave security lapse, a former senior defense official said. But the officials also didn’t think his resignation would solve the security problem and were concerned that letting him leave would wrongly hand Mr. Snowden a win, the former defense official said.

Even before Edward Snowden started working for the NSA via Booz, Alexander had presided over — by his own provably exaggerated admission — the plunder of America via cybertheft.

Then, on top of that purportedly catastrophic failure, Snowden served to demonstrate how easy it was to walk away with details on some of NSA’s most sensitive ops.

And yet the guy who left the entire US Internet as well as NSA’s codebreaking exposed — as compared to a single base in Afghanistan — did not get fired for his failures.

Because that might wrongly hand Snowden a win, apparently.

That’s the real tell. The article provides new details on an effort to weigh the value of wiretapping elite targets. But the rest of the article quotes hawks like Dutch Ruppersberger and Mike Rogers complaining about the risk of big new controls that might end the Golden Age of SIGINT while — again — focusing almost exclusively on the wiretapping of elites (the article includes one paragraph predicting a compromise on the dragnet programs, not noting, of course, how much of the dragnet has already moved overseas).

Broad new controls, though, run the risk of overcorrecting, leaving the agency unable to respond to a future crisis, critics of the expected changes warn.

[snip]

Another change under consideration is placing a civilian in charge of the NSA for the first time after Gen. Alexander leaves next spring, as he has been planning to do. Deputy Defense Secretary Ashton Carter is advocating internally for the change, according to current and former officials. Mr. Carter declined to comment.

“We’re getting clobbered, and we want a better story to tell than: ‘It’s under review, and everybody does it,’ ” the senior administration official said, speaking of the U.S. belief that other governments routinely electronic eavesdrop on foreign leaders.

There’s one more odd part of this story. It claims that after 9/11, the NSA was pilloried for its lapses leading up to the attack.

After the 2001 terrorist attacks, the NSA was pilloried for missing clues of the plot. It reinvented itself as a terrorist-hunting machine, channeling its computing power to zero in on suspects any time they communicated.

That’s not what happened. The National Security establishment has repeatedly, falsely portrayed NSA’s failure to realize Khalid al-Mihdhar was calling an Al Qaeda line in Yemen and CIA’s failure to share information about Mihdhar’s travel. And none of the 9/11 Commission’s recommendations address NSA (by the time of the report, the “wall” between intelligence and FBI, which otherwise would have been a recommendation, had been down for almost 3 years). But beyond that, no one has scrutinized NSA’s collections (in part because they include damning intercepts implicating the Saudis).

Moreover, the claim that this dragnet exists solely to “zero in on suspects any time they communicated” ignores the shift from terrorism to cybersecurity.

In short, while WSJ’s sources seem to be claiming catastrophe, the story they’re telling is business as usual.

Obama has fired Generals for failure to protect a single base, not to mention cheating at poker. He seems intent on keeping Alexander — at least to get through this scandal — precisely because he’s so good at cheating at (metaphorical) poker.

Like Obi Wan, Osama bin Laden Has Come Back More Powerful Than Ever Before

In a piece that serves only to claim we need even more invasive online surveillance because we’ve made al Qaeda more insidious than before Osama bin Laden died, Michael Hirsh tries to make Abu Musab al-Suri the new boogeyman (who, as J.M. Berger notes, may not even be alive!).

The truth is much grimmer. Intelligence officials and terrorism experts today believe that the death of bin Laden and the decimation of the Qaida “core” in Pakistan only set the stage for a rebirth of al-Qaida as a global threat. Its tactics have morphed into something more insidious and increasingly dangerous as safe havens multiply in war-torn or failed states—at exactly the moment we are talking about curtailing the National Security Agency’s monitoring capability. And the jihadist who many terrorism experts believe is al-Qaida’s new strategic mastermind, Abu Musab al-Suri (a nom de guerre that means “the Syrian”), has a diametrically different approach that emphasizes quantity over quality. The red-haired, blue-eyed former mechanical engineer was born in Aleppo in 1958 as Mustafa Setmariam Nasar; he has lived in France and Spain. Al-Suri is believed to have helped plan the 2004 train bombings in Madrid and the 2005 bombings in London—and has been called the “Clausewitz” of the new al-Qaida.

[snip]

But the agency’s opponents may not realize that the practice they most hope to stop—its seemingly indiscriminate scouring of phone data and emails—is precisely what intelligence officials say they need to detect the kinds of plots al-Suri favors.

[snip]

And the consensus of senior defense and intelligence officials in the U.S. government is that NSA surveillance may well be the only thing that can stop the next terrorist from blowing apart innocent Americans, as happened in Boston last April. “Al-Qaida is far more a problem a dozen years after 9/11 than it was back then,” [Navy Postgraduate School expert John] Arquilla says.

[snip]

Officials also say they need more intelligence than ever to determine which of the multifarious new jihadist groups is a true threat. “The really difficult strategic question for us is which one of these groups do we take on,” [Michael] Hayden says. “If you jump too quickly and you put too much of a generic American face on it, then you may make them mad at us when they weren’t before. So we are going to need a pretty nuanced and sophisticated understanding of where there these new groups are going and where we need to step up and intervene.”

Some officials suggest that to do that—to discriminate carefully between the terrorists who are directly targeting U.S. interests and those who aren’t—the United States needs to step up, not slow down, the NSA’s monitoring of potential targets. [my emphasis]

Hirsh doesn’t seem to notice it, but even while he quotes former and current architects of our counterterrorism strategy like Michael Hayden and Mike Rogers, if his tale is to be believed, you have to also believe those former and current counterterrorism leaders committed these grave counterterrorism failures:

  • Allowing no fewer than 25 failed states to flourish, especially in Yemen, Somalia, Syria, Libya, and Iraq
  • Failing to win or even establish governance in Afghanistan
  • Rendering al-Suri to Syria where he may or may not have been let free
  • Taking on Bashar al-Assad (who the article admits provided us counterterrorism support, including presumably proxy torturing al-Suri) even while not backing dictators who provide counterterrorism support during the Arab Spring
  • Abandoning Syrian rebels to Assad

Then Hirsh goes on to recite the debunked claims about how useful the Section 215 dragnet is (though curiously, he doesn’t mention Basaaly Moalin, perhaps because elsewhere Harold Koh admits that even most members of al-Shabaab aren’t members of al Qaeda, much less those who materially support al-Shabaab), how that would have (and, the implication is) and is the only thing that might have prevented 9/11.

Hirsh doesn’t even seem to notice that he repeats the claim that only NSA dragnets can prevent a Boston Marathon attack, yet NSA dragnets didn’t prevent the Boston Marathon attack.

Obviously, the whole thing is just as Mike Rogers/Michael Hayden sponsored advertisement to pass DiFi’s Fake FISA Fix (the article doesn’t address why she doesn’t just accept the status quo).

But in the process, Hirsh has instead laid out solid evidence we should never trust the people who’ve been running our war on terror for the last 12 years, because, if even a fraction of what he claims is true, they’ve actually made us far less safe.

DiFi’s Circular Defense of the Phone Dragnet’s Legality Proves It Is Illegal

In the report on her own Fake FISA Fix, DiFi makes this case that the phone dragnet program is not illegal.

First, in reference to the call records program, some people will say that the FISA Improvements Act codifies an illegal program. It does not. This legislation does not provide any new legislative authority with which the government may acquire call records or any other information under Section 215—in fact, it narrows the existing authority for it. Section 2 of the FISA Improvements Act clearly prohibits the use of the Business Records authority to collect bulk communication records except through the supplemental procedures and restrictions required by this section, as are detailed in this report.

As part of this previously classified program, in 2006, the Department of Justice sought approval from the FISA Court to collect call records in large number under the Section 215 Business Records provision. The FISA Court approved that request, and has reviewed and renewed that authority every 90 days for the past seven years. These renewal applications have been approved by at least 15 different federal court judges selected by the Chief Justice of the United States to serve on this Court.

The Department of Justice’s legal analysis of the call records program has recently been publicly released, as have the two most recent opinions by the FISA Court as part of the reauthorization of the program every 90 days.

Critics of the program may dispute the legal reasoning, but there should be no disagreement that this program currently is authorized under law and has been determined to be legal and Constitutional by the Executive and Judicial branches. [my emphasis]

Her rebuttal that this doesn’t codify the program is pretty funny given that just 1 paragraph earlier she talks about “codifying existing privacy protections,” which is the equivalent claim.

I’m more interested in what she doesn’t address.

She lays out how DOJ applied for and got authorization to collect this data in 2006 (she doesn’t say what date).

She points to two FISC court opinions — the one that forgot to address Jones and the one that cleaned up that obvious error — and the Administration White Paper. And she claims that’s “the legal reasoning.”

But of course, it’s not. There was either legal reasoning dated February 24, 2006 that they’re hiding, or there was an absence of legal reasoning, which ought to be a major giveaway in either case.

Moreover, all three documents DiFi points to as “the legal reasoning” suffer from a critical flaw. They all point to Congress’ “fully informed” reauthorization of the law to justify the validity of the law today.

But that “fully informed” reauthorization didn’t happen.

Indeed, DiFi’s own comments on the Fake FISA Fix twice tacitly admit that, when she notes that every member of the Senate got a chance to read notice on the dragnet, while remaining silent about the House.

In addition, information concerning the bulk telephone metadata program has been made available to every member of the Senate prior to the reauthorization of Section 215, most recently in 2011.

[snip]

For example, the NSA telephone metadata program was approved by federal judges and overseen by Congress, where every member of the Senate had access to information concerning how the programs were conducted and an opportunity to voice objections and debate their efficacy.

The White Paper goes even further. It obliquely admits not just that Mike Rogers refused to allow the House to learn about the dragnet before they voted on it.

An updated version of the briefing paper, also recently released in redacted form to the public, was provided to the Senate and House Intelligence Committees again in February 2011 in connection with the reauthorization that occurred later that year. See Letter from Assistant Attorney General Ronald Weich to the Honorable Dianne Feinstein and the Honorable Saxby Chambliss, Chairman and Vice Chairman, Senate Select Committee on Intelligence (Feb. 2, 2011); Letter from Assistant Attorney General Ronald Weich to the Honorable Mike Rogers and the Honorable C.A. Dutch Ruppersberger, Chairman and Ranking Minority Member, House Permanent Select Committee on Intelligence (Feb. 2, 2011). The Senate Intelligence Committee made this updated paper available to all Senators later that month. See Letter from Sen. Diane Feinstein and Sen. Saxby Chambliss to Colleagues (Feb. 8, 2011). [my emphasis]

But it also, even more obliquely, admits that the Executive did not provide the legal reasoning in question until August 16, 2010, after PATRIOT was reauthorized the first time.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this [Section 215] program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees. [my emphasis]

So to sum up DiFi’s legal defense of the dragnet:

  1. Three documents say it is legal
  2. All 3 documents say it is legal largely because Congress has reauthorized a previously legally suspect program
  3. One of those 3 documents that says it is legal because Congress reauthorized a legally suspect program admits (obliquely) that Congress was not fully informed either time it reauthorized that suspect program
  4. DiFi’s document pointing to these 3 documents claiming it is legal because Congress reauthorized a legally suspect program also admits Congress was not fully informed when it reauthorized that suspect program

I’m convinced! DiFi has made the case! The program does not, because of the ample notice problems in the past, fulfill the standards which the 3 documents require it would need to meet to be legal.

But it might be if her Fake FISA Fix becomes law.

In Which Ben Wittes Proves Ben Wittes Is NAKED

160 days ago, Jim Sensenbrenner released a letter to Eric Holder expressing concern about the way DOJ had interpreted Section 215. In it, he did some creative editing to hide that he had had an opportunity to learn about that interpretation before he voted to reauthorize the PATRIOT Act.

160 days ago, I was (I believe) the first person to point out that obfuscation.

In those 160 days, I have also documented the serial lies and obfuscations of people like Keith Alexander, James Clapper, Robert Mueller, Mike Rogers, Valerie Caproni, Dianne Feinstein, Raj De, and Robert Litt. (one, two, three, four, five, six, seven, eight, nine, ten, eleven, twelve, thirteen, fourteen, fifteen, sixteen, seventeen, eighteen, nineteen, twenty, twenty-one, twenty-two, twenty-three, twenty-four, twenty-five, twenty-six, twenty-seven, twenty-eight, twenty-nine, thirty, thirty-one, thirty-two, thirty-three; trust me, this is just a quick survey). The most recent of these lies came last week when Raj De and Robert Litt claimed Congress had been fully informed about the authorities they were voting on, a claim which the Executive Branch’s own record proves to be false.

In spite of the clear imbalance between the lies NSA critics have told and those NSA apologists have told, Ben Wittes has made it a bit of a hobby to use Sensenbrenner’s single (egregious) lie to try to discredit NSA critics (without, of course, pointing out the serial, at times even more egregious, lies NSA apologists were telling). Of late, Wittes has harangued that, because he told a lie 160 days ago, Sensenbrenner is operating in bad faith when he criticizes NSA’s programs now. (See also this post.)

I have never questioned the good faith of Senators Patrick Leahy, Ron Wyden, or Rand Paul. They are legislators with a perspective. That’s how Congress works.

Rep. James Sensenbrenner is a different matter.

Since the bulk metadata program broke, the former chairman of the House Judiciary Committee has been on a campaign of denunciation of both agency activity under the Patriot Act—the law he helped write. And he has been denouncing the administration for having misled him about how Section 215 is being used too. He has done so with a breathtaking dishonesty that puts him in a different category from those members who have a policy dispute with the administration. [my emphasis]

Mind you, Wittes did not examine the content of Sensenbrenner’s more recent claims. Had he done so, he might have realized that the record supports Sensenbrenner’s complaints, even if the messenger for those complaints might be less than perfect.

It ignored restrictions painstakingly crafted by lawmakers and assumed a plenary authority never imagined by Congress. Worse, the NSA has cloaked its operations behind such a thick cloud of secrecy that, even if our trust was restored, Congress and the American people would lack the ability to verify it.

Note, we’re still learning the full extent of how the Executive Branch blew off limits placed on the PATRIOT authorities.

Wittes might even have noted Sensenbrenner’s apparent commitment to do his own job better.

“I hope that we have learned our lesson and that oversight will be a lot more vigorous,” Sensenbrenner said.

Even ignoring Wittes’ remarkable double standard, in which he suggests Sensenbrenner’s one lie should disqualify him from speaking on this topic forever while Clapper and Alexander’s seeming addiction to lies apparently shouldn’t even be mentioned in polite company, a highly regarded expert recently laid out new evidence for why Sensenbrenner has good reason to be angry, regardless of his role in passing PATRIOT in 2001 or 2006 or 2010 or even 2011.

The expert?

Ben Wittes.

Read more

NSA Lost the House Judiciary Committee During the 2011 PATRIOT Act Reauthorization

I want to put the two documents pertaining to the NSA’s geolocation effort released last week into context. Because they show yet another instance where the Intelligence Community did not inform Congress about what they were doing.

The two documents make it clear NSA started considering collecting geolocation in February 2010, almost certainly before the February 26-27 one year reauthorization of PATRIOT Act that month. The December 2009 letter that provided notice to Congress — which wasn’t shared with the rest of Congress until February 23-24 — provided no notice NSA was going to start testing on geolocation. So the NSA missed one opportunity to brief Congress that it was again expanding its interpretation of Section 215.

Then on February 2, 2011, Ronald Weich provided the Intelligence Chairs a second letter designed to inform Congress about the dragnet. Again, this letter also appears to make no mention of the geolocation testing. So NSA missed a second opportunity to brief Congress. Moreover, this is the letter that Mike Rogers did not pass onto members of the House.

It is unclear when NSA briefed the Intelligence Committees about the program, but a Senate Intelligence Committee staffer posed questions to NSA on March 7, but even those basic questions about legal support for the testing did not get answered until April 1.

The 4-year extension of the PATRIOT Act passed on May 26, 2011.

It took another three months before the House Judiciary Committee would get notice of a geolocation program already in action.

In other words, this was a clear instance where NSA was expanding the dragnet during the entire 15 month period of PATRIOT Act reauthorization. But according to the public record, it didn’t even inform the House Judiciary Committee — which the I Con insists always gets adequate briefing — until months after 4-year reauthorization of the PATRIOT Act.

NSA defenders are trying to use HJC member Jim Sensenbrenner’s earlier prevarications to suggest he doesn’t have reason to claim the NSA keeps secrets from Congress. Too bad the record — as it always tends to, once it becomes public — proves them wrong.  Read more

In Which the I Con Uses Top Secret Spy Weapon, the “Conjunction,” Against Journalists


Man, it looks Mike Rogers and Keith Alexander conducted one hell of an InfoOp against the nation’s NatSec journalists today. Congratulations, spooks, you’ve finally managed successful propaganda.

Before I explain what I understand to have happened, let me be clear: I don’t claim to know what the slides and Q&A from Boundless Informant mean. It may well be that the truth lies between what a bunch of reporters are now reporting and what a series of papers around the world have reported. What I am focusing on here is what the I Con has said as compared to how it has been reported.

As I noted last week, James Clapper used a poor translation of a French article which clearly talked about collecting metadata, denied that the NSA was collecting call content, and based on that gimmick claimed Le Monde had made an error.

Then, in remarkable timing that has been replicated several times during this scandal, the WSJ reported just before the hearing on a topic that both Mike Rogers and Keith Alexander had rehearsed answers for during the hearing. I believe the original lede of the WSJ story (it has been updated) read the same as the current article does,

Millions of phone records at the center of a firestorm in Europe over spying by the National Security Agency were secretly supplied to the U.S. by European intelligence services—not collected by the NSA, upending a furor that cast a pall over trans-Atlantic relations

I don’t think the story ever said all the records were collected by Europeans, just that millions were. But in any case, I have zero doubt that WSJ’s secret sources told them something like this, that Europeans gave us data, which got reported in a way to suggest the Europeans collected all of it.

At the end of a long sequence in the hearing itself, in a comment not read from prepared statement, Alexander said this (all transcriptions here my own — please let me know of any errors):

Those screen shots that show–or at least, lead people to believe that we, NSA, or the United States, collected that information is false. And it’s false that it was collected on European citizens. It was neither.

And that statement, which did not accord with what Alexander had just said (including a long passage read from a prepared statement), resulted in headlines like this:

NSA Chief Says Phone Records Given to Agency by Cooperating European Intelligence Services, Not Intercepted by NSA

Or, from the WSJ’s update, making this conclusion:

In a congressional hearing Tuesday, the National Security Agency director, Gen. Keith Alexander, confirmed the broad outlines of the Journal report, saying that the specific documents released by Mr. Snowden didn’t represent data collected by the NSA or any other U.S. agency and didn’t include records from calls within those countries.

I think one of the reasons this InfoOp worked so well is that reporters had almost no time between the hearing and their filing deadline to review what actually got said (I tweeted immediately that Alexander’s statement actually didn’t confirm the WSJ’s early report, but am only now getting this all down).

So let’s look carefully at what Alexander really said (this starts at 41:14).

Rogers starts by asking Alexander to elaborate, specifically with regards to the US and NSA (he may be invoking the WSJ story, but he doesn’t say so). 

Rogers: And to that end, if I can, Mr. Alexander, there was some reporting that the story about French citizens being spied on by a particular slide that was leaked on a slide deck concluded that French citizens were being spied on. Can you expound on that a little bit? By the United States, by the way, specifically the National Security Agency.

Reading from a document of some sort, Alexander repeats the gimmick Clapper used last week, suggesting that the reports said the NSA had collected phone calls (content), then “corrects” their report to say Boundless Informant actually tracks metadata (which is actually what the reports had said).

Alexander: Chairman, the assertions by reporters in France, Le Monde, Spain, El Mundo, and Italy, L’Espresso, that NSA collected tens of millions of phone calls are completely false. They cite as evidence screen shots of the results of a web tool used for data management purposes but both they and the person who stole the classified data did not understand what they were looking at. The web tool counts metadata records from around the world and displays the totals in several different formats. [my emphasis]

Alexander then adds to last week’s gimmick of claiming the Europeans reported these as calls, not metadata, by denying we, alone, collected this data.

The sources of the metadata include data legally collected by NSA under its various authorities as well as data provided to NSA by foreign partners. To be perfectly clear, this is not information that we collected on European citizens. It represents information that we and our NATO allies have collected in defense of our countries and in support of military operations.

This is not information “we” collected (on European citizens, but I’ll come back to that), it’s data “collected by NSA … as well as data provided … by foreign partners.” It’s data “we and our NATO allies have collected.”

Those conjunctions — “as well as” … “and” — which in Alexander’s written statement make it clear that both the Europeans and US collect this intelligence, disappeared from much of the reporting on this.

Read more

The Common Commercial Services OLC Memo and Zombie CISPA

Some time last summer, Ron Wyden wrote Attorney General Holder, asking him (for the second time) to declassify and revoke an OLC opinion pertaining to common commercial service agreements. He said at the time the opinion “ha[d] direct relevance to ongoing congressional debates regarding cybersecurity legislation.”

That request would presumably have been made after President Obama’s April 25, 2012 veto threat of CISPA, but at a time when several proposed Cybersecurity bills, with different information sharing structures, were floating around Congress.

Wyden asked for the declassification and withdrawal of the memo again this January as part of his laundry list of requests in advance of John Brennan’s confirmation. Then, after having been silent about this request for 8 months (at least in public), Wyden asked again on September 26.

It appears that Wyden had intended to ask the question of one of the witnesses at an open Senate Intelligence Committee hearing (perhaps Deputy Attorney General James Cole), but — having had warning of his questions (because he sent them to the witnesses in advance) — Dianne Feinstein and Susan Collins ensured there would not be a second round of questions.

As it happens, Wyden made the request for the memo two days after DiFi told The Hill she was preparing to advance her version of CISPA, and the day after Keith Alexander started calling for cybersecurity legislation again.

In a brief interview with The Hill in the U.S. Capitol on Tuesday, Feinstein said she has prepared a draft bill and plans to move it forward.

The legislation would be the Senate’s counterpart to the Cyber Intelligence Sharing and Protection Act, known as CISPA, which cleared the House in April.

CISPA would remove legal barriers that prevent companies from sharing information with each other and the government about cyber attacks. It would also allow the government to share more information with the private sector.

Since then, Alexander has pitched new cybersecurity legislation in an “interview” with the NYT, admitting he needs to be more open about his places for cybersecurity.

Now, the Executive Branch’s unwillingness to actually share the law as it interprets it with us mere citizens prevents us from understanding precisely what relationship this OLC memo has with proposed cybersecurity legislation — but Wyden made it clear in January that it does have one. But here are some things we might surmise about the memo:

  • The Administration is currently relying on this memo. If it weren’t using it, after all, it wouldn’t need to be revoked. That means that since at least January 14, 2011 (before which date Wyden and Russ Feingold first asked it be revoked), the Administration has had a secret interpretation of law relating in some way to cybersecurity.
  • The interpretation would surprise us. As Wyden notes, “this opinion is inconsistent with the public’s understanding of the law” (he doesn’t say what that law is, but I’ll hazard a guess and say it pertains to information sharing). It’s likely, then, that some form of online provider has been sharing cyber-intelligence with the federal government under some strained interpretation of our privacy protections (and, probably, some kind of Attorney General assurances everything’s cool).

Let’s use the lesson we learned during the FISA Amendments Act where the telecoms were clambering for the legislation and the retroactive immunity, but the Internet companies were grateful for “clarity,” but explicitly opposed to retroactive immunity. When we learned the telecoms had been turning over the Internet companies metadata and content, this all made more sense. The Internet Companies wanted the telecoms to be punished for stealing their data.

In this case, in the first round of CISPA (which had broad immunity protections), Facebook and Microsoft were supporters. But in this go-around (which has still generous but somewhat more limited immunity), the big supporters consist of:

  • Telecoms (AT&T, Verizon; interestingly, Sprint did not sign a letter of support)
  • Broadband and other backbone providers (Boeing, Cisco, Comcast, TimeWarner, USTelecom)
  • Banks and financial transfer
  • Power grid operators and other utilities

Now, who knows with which of these entities the government is already relying on this common commercial services memo, which of our providers we believe have made some assurances to us but in fact they’ve made entirely different ones.

But I will say the presence of the telecoms, again, angling for immunity for information sharing, along with their analogues the broadband providers does raise questions. Especially considering Verizon Exec’s trash talking about consumer-centric Internet companies that don’t prioritize national security.

Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”

“This is a more important issue than that which is generated in a press release. This is a matter of national security.”

After all, the telecoms have a history of willingly cooperating with the government, even if it bypassed the protections offered by Internet companies, even if it violated the law. Have they been joined by big broadband?

Well, DOJ could clear all this up by revoking and releasing the memo. Until they do, though, my wildarsed guess is that those operating the Toobz in the country — the telecom and broadband companies — have already started sharing consumers’ data that a plain reading of the law seemingly wouldn’t permit them to do.