Posts

The NSA’s Retroactive Discovery of Tamerlan Tsarnaev

/17 Comments/in , /by

In the days after the Boston Marathon attack last year, NSA made some noise about expanding its domestic surveillance so as to prevent a similar attack.

But in recent days, we’ve gotten a lot of hints that NSA may have just missed Tamerlan Tsarnaev.

Consider the following data points.

First, in a hearing on Wednesday, Intelligence Community Inspector General Charles McCullough suggested that the forensic evidence found after the bombing might have alerted authorities to Tamerlan Tsarnaev’s radicalization.

Senator Tom Carper: If the Russians had not shared their initial tip, would we have had any way to detect Tamerlan’s radicalization?

[McCullough looks lost.]

Carper: If they had not shared their original tip to us, would we have had any way to have detected Tamerlan’s radicalization? What I’m getting at here is just homegrown terrorists and our ability to ferret them out, to understand what’s going on if someone’s being radicalized and what its implications might be for us.

McCullough: Well, the Bureau’s actions stemmed from the memo from the FSB, so that led to everything else in this chain of events here. You’re saying if that memo didn’t exist, would he have turned up some other way? I don’t know. I think, in the classified session, we can talk about some of the post-bombing forensics. What was found, and that sort of thing. And you can see when that radicalization was happening. So I would think that this would have come up, yes, at some point, it would have presented itself to law enforcement and the intelligence community. Possibly not as early as the FSB memo. It didn’t. But I think it would have come up at some point noting what we found post-bombing.

Earlier in the hearing (around 11:50), McCullough described reviewing evidence “that was within the US government’s reach before the bombing, but had not been obtained, accessed, or reviewed until after the bombing” as part of the IG Report on the attack. So some of this evidence was already in government hands (or accessible to it as, for example, GCHQ data might be).

We know some of this evidence not accessed until after the bombing was at NSA, because the IG Report says so. (See page 20)

Screen Shot 2014-04-12 at 12.37.13 PM

That may or may not be the same as the jihadist material Tamerlan posted to YouTube in 2012, which some agency claims could have been identified as Tamerlan even though he used a pseudonym for some of the time he had the account.

The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.” After reviewing a draft of this report, the FBI commented that Tsarnaev’s YouTube display name changed from “muazseyfullah” to “Tamerlan Tsarnaev” on or about February 12, 2013, and suggested that therefore Tsarnaev’s YouTube account could not be located using the search term “Tamerlan Tsarnaaev” before that date.20 The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.

20 In response to a DOJ OIG request for information supporting this statement, the FBI produced a heavily redacted 3-page excerpt from an unclassified March 19, 2014, EC analyzing information that included information about Tsarnaev’s YouTube account. The unredacted portion of the EC stated that YouTube e-mail messages sent to Tsarnaev’s Google e-mail account were addressed to “muazseyfullah” prior to February 12, 2013, and to “Tamerlan Tsarnaev” beginning on February 14, 2013. The FBI redacted other information in the EC about Tsarnaev’s YouTube and Google e-mail accounts.

The FBI may not have been able to connect “muazseyfullah” with Tamerlan, but that’s precisely what the NSA does with its correlations process; it has a database that does just that (though it’s unclear whether it would have collected this information, especially given that it postdated the domestic Internet dragnet being shut down).

Finally, there’s the matter of the Anwar al-Awlaki propaganda.

An FBI analysis of electronic media showed that the computers used by Tsarnaev contained a substantial amount of jihadist articles and videos, including material written by or associated with U.S.-born radical Islamic cleric Anwar al-Aulaqi. On one such computer, the FBI found at least seven issues of Inspire, an on-line English language magazine created by al-Aulaqi. One issue of this magazine contained an article entitled, “Make a Bomb in the Kitchen of your Mom,” which included instructions for building the explosive devices used in the Boston Marathon bombings.

Information learned through the exploitation of the Tsarnaev’s computers was obtained through a method that may only be used in the course of a full investigation, which the FBI did not open until after the bombings.

The FBI claims they could only find the stuff on Tamerlan’s computer using methods available in full investigations (this makes me wonder whether the FBI uses FISA physical search warrants to remotely search computer hard drives).

But that says nothing about what NSA (or even FBI, back in the day when they had the full time tap on Awlaki, though it’s unclear what kind of monitoring of his content they’ve done since the government killed him) might have gotten via a range of means, including, potentially, upstream searches on the encryption code for Inspire.

In other words, there’s good reason to believe — and the IC IG seems to claim — that the government had the evidence to know that Tamerlan was engaging in a bunch of reprehensible speech before he attacked the Boston Marathon, but they may not have reviewed it.

Let me be clear: it’s one thing to know a young man is engaging in reprehensible but purportedly protected speech, and another to know he’s going to attack a sporting event.

Except that this purportedly protected speech is precisely — almost exactly — the kind of behavior that has led FBI to sic multiple informants and/or undercover officers on other young men, including Adel Daoud and Mohamed Osman Mohamud, even in the absence of a warning from a foreign government.

And they didn’t here.

Part of the issue likely stems from communication failures between FBI and NSA. The IG report notes that “the relationship between the FBI and the NSA” was one of the most relevant relationships for this investigation. Did FBI (and CIA) never tell the NSA of the Russian warning? And clearly they never told NSA of his travel to Russia.

But part of the problem likely stems from the way NSA identifies leads — precisely the triaging process I examined here. That is, NSA is going to do more analysis on someone who communicates with people who are already targeted. Obviously, the ghost of Anwar al-Awlaki is one of the people targeted (though the numbers of young men who have Awlaki’s propaganda is likely huge, making that a rather weak identifier). The more interesting potential target would be William Plotnikov, the Canadian-Russian boxer turned extremist whom Tamerlan allegedly contacted in 2012 (and it may be this communication attempt is what NSA had in its possession but did not access until after the attacks). But I do wonder whether the NSA didn’t prioritize similar targets in countries of greater focus, like Yemen and Somalia.

It’d be nice to know the answer to these questions. It ought to be a central part of the debate over the NSA and its efficacy or lack thereof. But remember, in this case, the NSA was specifically scoped out of the heightened review (as happened after 9/11, which ended up hiding the good deal of warning the NSA had before the attack).

We’ve got a system that triggers on precisely the same kind of speech that Tamerlan Tsarnaev engaged in before he attacked the Marathon. But it didn’t trigger here.

Why not?

Garr King’s Speculative FISA Ruling

/9 Comments/in /by

Garr King, the judge in Mohamed Osman Mohamud’s case, has refused Mohamud’s demand for broad discovery into the government’s failure to notice him about the Section 702 surveillance they used to bust him.

Before I get into the substance of King’s ruling, take a look at how King dismisses the reporting–almost exclusively from NYT’s Charlie Savage–about how, upon having lied to SCOTUS, Solicitor General Don Verrilli pushed to change DOJ’s policy on notice about Section 702. Here’s King:

Defendant bases his argument, in part, on events concerning Clapper, 133 S. Ct. 1138. The Solicitor General argued to the Court that the government provided notice to defendants when evidence was derived from § 1881a surveillance. Plaintiffs had not received such notice, so the Court ruled plaintiffs had no standing to challenge the constitutionality of the FAA. Id. at 1143, 1148. Newspapers began to speculate about an internal Justice Department debate on providing notice in these circumstances. Defendant received his Supplemental Notification thereafter. [my emphasis]

That is, King dismisses clear evidence of DOJ misconduct by claiming the reporter — Savage — was just speculating.

Here’s the reporting King bases that “speculate” claim on:

Prosecutors plan to inform the defendant about the monitoring in the next two weeks, a law enforcement official said. The move comes after an internal Justice Department debate in which Solicitor General Donald B. Verrilli Jr. argued that there was no legal basis for a previous practice of not disclosing links to such surveillance, several Obama administration officials familiar with the deliberations said.

[snip]

In February, the Supreme Court dismissed a case challenging its constitutionality because the plaintiffs, led by Amnesty International, could not prove they had been wiretapped. Mr. Verrilli had told the justices that someone else would have legal standing to trigger review of the program because prosecutors would notify people facing evidence derived from surveillance under the 2008 law.

But it turned out that Mr. Verrilli’s assurances clashed with the practices of national security prosecutors, who had not been alerting such defendants that evidence in their cases had stemmed from wiretapping their conversations without a warrant.

 [snip]

Mr. Verrilli sought an explanation from national security lawyers about why they had not flagged the issue when vetting his Supreme Court briefs and helping him practice for the arguments, according to officials.

The national security lawyers explained that it was a misunderstanding, the officials said. Because the rules on wiretapping warrants in foreign intelligence cases are different from the rules in ordinary criminal investigations, they said, the division has long used a narrow understanding of what “derived from” means in terms of when it must disclose specifics to defendants.

Read more

Confirmed: DOJ Uses Section 702 to Get Title I FISA Warrants

/3 Comments/in /by

In addition to the apparent miscommunication between Mark Udall and Acting (and presumably soon to be confirmed) DOJ National Security Division Head John Carlin, there was an even more telling exchange in today’s hearing.

In it, Martin Heinrich asked whether DOJ had yet written down its radical new policy of giving notice to defendants caught using Section 702.

Heinrich: As you know in October 2013, after months and months of discussion and debate in which you and the NSD were involved, DOJ adopted a new policy by which Federal prosecutors would inform defendants when they intended to offer evidence informed, obtained, or derived from intelligence collected under Section 702 of FISA. And when you and I met in December you informed me that that policy had not yet been reduced to a formal written policy, and so, Mr. Carlin, I wanted to ask, is that process done yet and has that policy been finalized and if so has it been disseminated in written form?

Carlin: Thank you Senator, and thank you for having taken the time to meet prior to this uh, hearing, in terms of the question, it is my understanding that it was the practice of the, uh, or policy of the Department, to inform a defendant in a criminal case, to give notice, if there was 702 information that was going to be used against them prior to, uh, prior to this change in practice. The change in practice had to do with a particular set of circumstances when there was an instance where information obtained from one prong of the FISA statute, 702, was used and led to information that led to another prong of FISA, Title I FISA, being used, and that when the notice was given to the defendant that that notice was referring to one type of FISA but not both types of FISA. And that is the practice that we uh reviewed and changed, so that now defendants are receiving notice in those instances of both types of uh, FISA, the review of cases affected like that, uh, affected by that continues, but we have filed such notice now, I believe in three uh criminal matters, including the case of Mohamed Mohamud, the individual convicted by a jury of attempting to uh use an explosive device in a Christmas tree lighting ceremony. In reference to that case we’ve now filed, um, there’s a filing in that case we should provide to your staff where we lay out what our practice is and I will ensure that that filing is distributed to US Attorneys offices across the country so they know exactly what our position is in that issue.

Heinrich: That’s helpful. And so you’ll share that with the committee as well?

Carlin: Yes sir.

Heinrich: Great.

Now, Carlin might be forgiven for all the uming and ahing here. After all, the filing he appears to be referring to is sort of an extended effort to pretend that “derived from” doesn’t mean “derived from,” all in an effort to pretend DOJ hasn’t been deliberately hiding this (in Mohamud’s case) for over 3 years.

But kudos to Carlin for not using that verb — derived — in his answer, choosing instead to use “was used and led to information that led to.”

All that said, Carlin did admit what has been clear for some time: that DOJ has been hiding Section 702 collected information by getting Title I warrants they provide to defendants. Which is another way of saying all the reassurances people have given about the protections given to people collected incidentally in Section 702 fall flat, because what has actually been happening is the government uses that incidental collection to justify Title I warrants.

Um.

I’m glad that’s all cleared up.

Today’s NSA-Related Orwellianism: “Derived From”

/10 Comments/in /by

As I noted in this post, the government has submitted its response to Mohamed Osman Mohamud’s motion for discovery on how DOJ came to forget to tell him he had been discovered through the use of Section 702 spying.

The bulk of their argument basically boils down to this assertion, which they repeat in many forms throughout their response.

A remedy for untimely notice exists under FISA: the defendant will be given the opportunity to challenge evidence obtained or derived from FISA collection in a suppression hearing governed by the procedures set forth in FISA.

That is, they argue the only thing Mohamud is entitled to is an opportunity to challenge the Section 702 evidence, which they intend to prevent adversarial review of by chanting “national security.” Which is another way of saying they believe Mohamud has no real remedy at all.

But the really pathetic part of the response comes in the passage where they try to explain why they didn’t give Mohamud timely review.

The problem was not bad faith, they argue (and they’d like the judge to just ignore the other late notice they gave Mohamud in this case). No, not at all.

Rather, it derived from confusion over the meaning of “derived from.”

You see, DOJ has always known that it must notify defendants when they plan to use information “derived from” Title VII (that is, Section 702) collection.

At the outset, defendant’s assertion regarding the existence of a “secret policy” and claim that the government engaged in deliberate misconduct to conceal the use of Title VII-derived evidence are unfounded. The Department has always understood that it is required to notify any “aggrieved person” of its intent to use or disclose, in a proceeding against such person, any information obtained or derived from Title VII collection as to which that person is an aggrieved person, in accordance with 50 U.S.C. §§ 1806(e), 1881e(a).

It’s just that DOJ didn’t really consider information “derived from” Section 702 to be information “derived from” Section 702, instead considering it to be “obtained from” Title I (traditional FISA) and Title III (stored communication). Or something like that.

The Department’s determination, however, that information obtained or derived from Title I or Title III collection may, in particular cases, also be derived from prior Title VII collection is a relatively recent development (and one that occurred after trial of defendant). The Supplemental Notification filed in this case, which the government provided based on its own review, resulted from that determination and demonstrates good faith, not misconduct.

As this Court knows, pursuant to Title I of FISA, the government must notify any “aggrieved person” of its intent to “enter into evidence or otherwise use or disclose,” in a proceeding against such person, “any information obtained or derived from [FISA authorized] electronic surveillance of that aggrieved person.” 50 U.S.C. § 1806(c); see also 50 U.S.C. § 1825(d) (requiring notice to an aggrieved person of the intent to use evidence against such person obtained or derived from a physical search conducted pursuant to FISA). The FAA provides that information acquired from Title VII collection “is deemed to be” information acquired pursuant to Title I for, among other things, the purposes of the applicability of the statutory notice requirement and the suppression and discovery provisions in Section 1806 of Title I. See 50 U.S.C. § 1881e(a).

The Department has always understood that notice pursuant to Sections 1806(c), 1825(d) and 1881e(a) must be provided when the government intends to use evidence directly collected pursuant to Title I, III, or VII. Such evidence would be evidence that was “obtained from” such FISA collection.

It’s around about here that the government admits it has been using a different definition of “derived from” in the case of criminal Title III warrants “derived from” FISA information than it has been when using FISA warrants “derived from” other FISA collection.

Likewise, the Department has always recognized that notice pursuant to those provisions must be provided when the government intends to use evidence obtained through ordinary criminal process (such as a Rule 41 search warrant) that was itself based directly on information obtained pursuant to Title I, III, or VII. Such evidence would be evidence that was “derived from” such FISA collection.

Prior to recent months, however, the Department had not considered the particular question of whether and under what circumstances information obtained through electronic surveillance under Title I or physical search under Title III could also be considered to be derived from prior collection under Title VII. After conducting a review of the issue, the Department has determined that information obtained or derived from Title I or Title III FISA collection may, in particular cases, also be derived from prior Title VII collection, such that notice concerning both Title I/III and Title VII collections should be given in appropriate cases with respect to the same information.3

3 The Department has concluded that in determining whether information is “obtained or derived from” FISA-authorized surveillance, the appropriate standards and analyses are similar to those appropriate in the context of surveillance conducted pursuant to Title III (Title III of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. §§ 2510-2522).

Breaking! DOJ plans to start treating legal words used in a national security context the same as they treat the same words in a criminal context.

And so you see, the problem was not a matter of bad faith or prosecutorial misconduct. Goodness no! It was just that DOJ used a special definition of “derived from” back in 2010 when it did not provide proper notice to Mohamud.

In November 2010, at the time the original notice was filed, the government knew that some of the evidence to be used in the case had been obtained or derived from Title I and Title III FISA collection. It did not consider whether that same evidence was also “derived,” as a matter of law, from prior FISA collection pursuant to Titles I, III, or VII.

Note they’re subtly changing their argument here. They’re suggesting they didn’t consider whether this information was “derived from” Section 702 in 2010, even though they’ve just explained that even if they had, they would have been using their special definition of “derived from” that would have led them to conclude that information “derived from” Section 702 is not really information “derived from” Section 702.

There’s a reason they’re doing that, I think. DOJ needs to pretend that when it was arguing that the Amnesty v. Clapper plaintiffs shouldn’t get standing to challenge Section 702, because only defendants being prosecuted based on evidence “derived from” 702 should — and more importantly would — get to challenge Section 702, it wasn’t using this sneaky definition of “derived from.”

4 Defendant’s claim that the Department’s statements to the U.S. Supreme Court in Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138 (2013), were inconsistent with existing Department policy is baseless. The Department informed the U.S. Supreme Court in that case, that “[i]f the government intends to use or disclose any information obtained or derived from its acquisition of a person’s communications under [Title VII] in judicial or administrative proceedings against that person, it must provide advance notice of its intent to the tribunal and the person, whether or not the person was targeted for surveillance under [Title VII].” US Gov’t Br. at 8. This is an accurate statement of both the law and the government’s previous and current understanding that FISA imposes an obligation on the government to provide notice of its intent to use or disclose information that was derived from Title VII collection as well as information that was obtained from Title VII collection. The issue before the Court in Clapper did not involve the precise circumstances in which information is properly considered to be derived from Title VII collection, and as such that case has no bearing here.

Using a specious definition of “derived from” with an alleged terrorist is one thing. Using the very same specious definition of “derived from” with SCOTUS is a very different thing. And DOJ would like you to think they’re not doing just that.

It almost makes you wish this very challenge gets appealed up to SCOTUS, to see what the Justices think about DOJ’s special definition of “derived from.”

If One Judge Gives FISA Review, and Another Judge Gives FISA Review, All Hell Will Break Loose!

/3 Comments/in /by

There have been a couple of developments on the government’s effort to continue its practice of shielding its dragnet from adversarial legal review behind the screen of FISA.

First, the 7th Circuit appears to want to punt on the question of whether or not Adel Daoud’s lawyer should be able to review the FISA materials used against him.

It claims (incorrectly, I suspect) it may not have the authority to review Sharon Coleman’s decision to give Daoud review.

A preliminary review of the short record indicates that the order appealed from may not be an appealable order.

Section 3731 of Title 18, United States Code, permits the United States to appeal certain rulings in a criminal case. The district court’s order of January 29, 2014, compelling disclosure of Foreign Intelligence Surveillance Act application materials to defense counsel having the necessary clearance, does not appear to fit within the statute’s list of orders that the government can appeal.

Meanwhile, in Oregon, the government has submitted its response to Mohamed Osman Mohamud’s discovery request for details of why the government didn’t tell him it had used FISA Section 702 to identify him before his trial. (h/t to Mike Scarcella on both documents)

I’ll come back to the substance of that response, as I think it shows the strategy the government will attempt to use to dig out of its discovery obligation hole in Section 702 cases.

But I wanted to point out footnote 19:

A district court order requiring the disclosure of FISA materials is a final order for purposes of appeal. See 50 U.S.C. § 1806(h). In the unlikely event that the Court concludes that disclosure of the classified FAA-related information that defendant requests may be required, given the significant national security consequences that would result from such disclosure, the government would expect to pursue an appeal. Accordingly, the government respectfully requests that the Court indicate its intent to do so before issuing any order, or that any such order be issued in such a manner that the United States has sufficient notice to file an appeal prior to any actual disclosure.

The government is pointing to what will surely be the core of the debate in the 7th Circuit, whether 50 USC 1806(h)‘s mention of Appeals Court review of disclosure decisions trumps  criminal code.

But it’s also revealing something else: with its suggestion that a judge might rule in favor of discovery and start handing over FISA warrant applications willy nilly, and therefore it should get warning before any judge rules against it, it betrays a concern that if judges actual so rule (even assuming they can appeal), it will harm their case.

The government seems to be admitting that one of the only things preventing judges from granting such review is the long history DOJ can point to when no judge has granted such review (which is a line they always use when defendants try to get such review).

It’s the taboo, the unquestioning deference courts have granted every time the Attorney General has claimed such review would harm national security without actually explaining why, that prevents defendants from getting review.

Not any real risk to national security.

And DOJ seems anxious to maintain the power of that taboo at all costs.

One more bit of ironic arrogance in this footnote: the government is suggesting it should get advance review on a ruling about the consequences they might suffer for failing to give a defendant advance review.

Update: I just noticed that Mohamud’s lawyer gave notice of the Daoud ruling and indicated that like Daoud’s lawyer, he also has TS/SCI clearance.

Update: Whoo boy. DOJ is panicking, I think. They’ve suggested that if either of two statutes they cite don’t give the 7th Circuit jurisdiction they should issue a writ of mandamus.

Finally, if the two statutory bases for appellate jurisd iction set forth above were not available, this Court would still have jurisdiction to issue a writ of mandamus to revers e the district court’s order pursuant to 28 U.S.C. § 1651.

Was Adel Daoud Targeted Off of a Back Door Search of Traditional FISA Collection?

/9 Comments/in /by

Daoud Adel is a 20-year old US citizen from suburban Chicago who was charged last year in an FBI sting in which he allegedly tried to set off a car bomb outside a night club. Last year, during the debate on FISA Amendments Act reauthorization, Dianne Feinstein named his case directly, suggesting he had been busted using the legislation before the Senate. His legal team first demanded the FAA material she suggested existed back in May. And in September, they requested discovery for materials relating to FAA.

The government, however, strongly suggests none of the communications used to charge him were collected under FAA. It even suggests he misunderstands the meaning of DiFi’s comment.

Any discovery based on the FAA is unwarranted here because the FAA is simply not at issue in this case. As the Government explained in a previous filing, it “does not intend to use any such evidence obtained or derived from FAA-authorized surveillance in the course of this prosecution.” (DE 49, at 2).

[snip]

The defendant’s claim that the Government should disclose “the nature of the FAA surveillance in this case even, for instance[,] Defendant’s communications themselves were not intercepted” is perplexing. (DE 52, at 15 n.11). If Daoud’s communications were not intercepted, or his facilities not targeted, he would not be aggrieved and have no basis to challenge the collection. The Government sees no legal relevance to his broad discovery request.

Moreover, the defendant has also made multiple claims, in this motion and others, based on his interpretation of a single public remark. While the Government appreciates the defendant’s position in litigating FISA-related matters, it offers that the defendant may misunderstand this public remark, which is not a revelation that has any legal implication.

[snip]

As the Government has explained, this case singularly involves “traditional” FISA surveillance. [my emphasis]

Soapbox Orator’s comments in response to one of my posts on back door searches led me to examine the government’s response closely and I now suspect Daoud may have been identified using a back door search on traditional FISA collection.

Much of this debate centers on comments DiFi made on December 27, 2012, which seemed to suggest the 8 cases she named involved FAA.  But those comments were in response to comments Ron Wyden had just made. In that speech Wyden described (among other problems with FAA) back door searches.

The fact is, once the government has this pile of communications, which contains an unknown but potentially very large number of Americans’ phone calls and e-mails, there are surprisingly few rules about what can be done with it.

For example, there is nothing in the law that prevents government officials from going to that pile of communications and deliberately searching for the phone calls or e-mails of a specific American, even if they do not have any actual evidence that the American is involved in some kind of wrongdoing, some kind of nefarious activity.

Read more

Why We Can’t Save Mohamed Osman Mohamud

/1 Comment/in /by

Remember how Mohamed Osman Mohamud’s father, Osman Barre, called the FBI in hopes they might help him turn his son away from extremism? Instead of helping, they sent informant after informant after him, to catch him in a terrorist sting.

FBI success story and human and societal failure!

Will McCants has the story of a new, laudable effort to pool funds and invest in countering extremism rather than killing it, largely by getting funds to NGOs in affected countries.

But it won’t help someone like Osman Barre, who worries that his son is getting enthralled with violence. Because donors are worried that if they help a Mohamed Mohamud and he does attack something, they’ll be charged with material support for terror.

Although it represents perhaps the most important part of CVE, most governments and NGOs have been leery of trying to turn around young men and women who have expressed support for terrorist organizations — and are thus in prime positions to be recruited — but have not broken any laws. This is because they worry about violating laws against support for designated terrorist organizations. For example, a government development agency or an NGO will not want to put an al-Shabab fanboy — even a law-abiding one — in their programs for fear of being seen as aiding a terrorist group. And, even they decide it’s acceptable to try and reform the al-Shabab fanboy, they risk huge political backlash if he later engages in terrorism.

A cynic might suggest the material support laws — and the Holder v. Humanitarian Law Project decision that held even well-designed support might merit criminal penalties — is set this way to generate a continued supply of FBI success stories.

The Inefficacy of Big Brother: Associations and the Terror Factory

/23 Comments/in , /by

The WSJ has a fascinating story, responding to (but not linking) this post, trying to address the question of whether the NSA programs we’ve learned about are efficient.

But some statisticians and security experts have raised another objection: As a terror-fighting tool, it is highly inefficient and has some serious downsides.

Their reasoning: Any automated approach to spotting something rare necessarily produces false positives. That means for every correctly identified target, many more alarms that go off will prove to be incorrect. So if there are vastly more innocent people than would-be terrorists whose communications are monitored, even an extremely accurate test would ensnare many non-terrorists.

[snip]

Even if the NSA’s algorithm “is terribly clever and has a very high sensitivity and specificity, it cannot avoid having an immense false-positive rate,” said Peter F. Thall, a biostatistician at the University of Texas’ M.D. Anderson Cancer Center. In his arena, false positives mean patients may get tests or treatment they don’t need. For the NSA, false positives could mean innocent people are monitored, detained, find themselves on no-fly lists or are otherwise inconvenienced, and that the agency spends resources inefficiently.

Others, though, noted a key difference between terrorism and, say, a needle in a haystack: Terrorists tend to talk to each other in a way that needles don’t. So by analyzing a network of communications, the NSA could be ferreting out clues from more than just the messages’ particulars.

This question is, obviously, one of the reasons I posted on the 3 apparent false positives presented as implicitly terrorist associates of Najibullah Zazi in 2009. Because — assuming I’m right that they were false positives — it provides a glimpse into precisely how the government understood a lot of these terms in 2009 (I assume, though could be wrong, that their approach continues to be fine-tuned). As a reminder, here’s what we know about these 3 people:

Evidence that “individuals associated with Zazi purchased unusual quantities of hydrogen and acetone products in July, August, and September 2009 from three different beauty supply stores in and around Aurora;” these purchases include:

Person one: a one-gallon container of a product containing 20% hydrogen peroxide and an 8-oz bottle of acetone

Person two: an acetone product

Person three: 32-oz bottles of Ion Sensitive Scalp Developer three different times

For a variety of reasons, I believe the 3 false positives consist of one person (probably person two) with a genuine relationship with Zazi who purchase relatively little acetone, and 2 people with false relationships with Zazi who bought an unusual amount of beauty supplies.

That says the FBI made two mistakes, IMO. Assuming any purchase of a common product, acetone, was criminal on behalf of someone with a real tie to Zazi.

And assuming the relationships between the other two — the ones buying more beauty supplies — were meaningful. This could be, and I suspect it is, an assumption that anyone who belongs to the same mosque (and unlike the radical one he attended in NY, Zazi was reportedly not close to people at his mosque in CO).

Also note. This program (unlike ones I believe to exist at the National Counterterrorism Center) may not be algorithms per se at all. Rather, it could just be associations: If tie to Zazi and if beauty supply purchaser = “positive.” In other words, for better and worse the FBI may not be asking the computers to “think” for it at all.

Nevertheless, the assumptions — that membership in the same mosque  (or, for that matter, a single communication with a suspected terrorist) necessarily equates to a meaningful relationship — probably doom the approach in any case.

Which brings me to my other point. The WSJ suggests the costs of false positives include wasted investigative resources and unfair persecution for false positives.

But it doesn’t consider the other possible uses of what may or may not be considered false positives.

First, there’s the possibility an FBI investigation into a true false positive — someone totally innocent of terrorism — may discover some other criminal exposure, which the FBI could and has been known to use to turn the false positive into an informant.

Then there’s the likelihood, especially if a potentially false positive is a young Muslim male, that the FBI will keep that person under heavy surveillance and recruitment for years and ultimately turn him into a terrorism statistic. The FBI started surveilling Mohamed Osman Mohamud 3 years, starting before he turned 18, before they got him to attempt to bomb a public event. His parents even alerted the authorities to his increasing radicalism, but instead of intervening to reverse it, the FBI exacerbated it with several informants.

Would Mohamud have ever turned to terrorism without all that help from the FBI? Would he have developed the competence and acquired the resources to do harm? We can’t actually know, and I’m actually not aware that anyone has asked this question.

What we also can’t know is whether, had the FBI dedicated its efforts to something else, it could have prevented a crime developing without FBI’s help.

That is, there are a whole slew of questions that have to be asked as we assess this program. Which is why we need real transparency.

Mohamed Osman Mohamud Found Guilty

/4 Comments/in /by

Apparently, the FBI can still take a troubled young man, track him for up to two years, seduce him into terrorism, and win a terrorism conviction.

The jury handed up its verdict after less than seven hours of deliberations in a trial that began Jan. 10 in a downtown courtroom just a few blocks from the scene of the crime.

Mohamud, a 21-year-old Somali American, was convicted of the only charge confronting him: trying to use a weapon of mass destruction. He faces a potential sentence of life in prison. The sentencing hearing was set for May 14.

Chief defense attorney Stephen R. Sady said he will appeal and will seek a “substantially reduced sentence” for Mohamud.

“We’re disappointed with the verdict … we obviously thought he was entrapped,” Sady said. “We will pursue what remedies are available for him.’’

And so the United States continues to pursue the course of training and paying their manufactured terrorists, rather than intervening to save a kid’s future.

Imagine How Future Parents Will Respond to Concerns about Their Son’s Radicalization

/6 Comments/in , /by

While it’s hard to tell from the reporting, it appears that the government tried to claim last week that it wasn’t Mohamed Osman Mohamud’s First Amendment protected but hateful speech that triggered their investigation and entrapment of the teenager, but was instead the subsequent warning Mohamud’s father gave the FBI about his radicalization.

Agents in Charlotte, N.C., picked up on Mohamud’s name in early 2009 while intercepting email traffic of then-U.S. based al-Qaida propagandist Samir Khan.

That August, FBI Special Agent Isaac DeLong was assigned to interview Mohamud’s father, Osman Barre, who feared Muslim extremists were radicalizing his son. Barre had read about Somali youths from Minnesota who were heading overseas to fight, and he worried his own son was trying to fly to Yemen to fight against the West, DeLong testified.

Barre agreed to speak to Mohamud and try to make sure he wouldn’t fly overseas. He took his son’s passport and reported back to the FBI that they had a chat.

Taking that as true (I don’t necessarily believe it, particularly given Hesham Abu Zubaydah’s claim the FBI had him tracking Mohamud even earlier than that), consider the message his father’s testimony now sends to Muslim families worried about their sons getting radicalized. (h/t Teddy, who is far more reliable at this point that Google’s increasingly useless alert system)

[Mohamud’s father] Osman Barre, meanwhile, had phoned the FBI. He told agents that brainwashed Somali kids were flying overseas, and he wanted the bureau’s help. He wanted agents to prevent his boy from getting on a plane.

The agents instead asked him questions about terrorism, which struck a nerve. Osman Barre told the agents he had nothing to hide and that he was grateful to have been given refuge in the U.S. after fleeing the civil war in Somalia.

“Even I say God bless America,” Barre told jurors.

[snip]

Mohamud told his parents he wanted to study at a mosque in Yemen, Osman Barre recalled, and he showed his dad an email about a school there that would teach him Arabic.

The Barres kept talking to their son until he agreed to stay in school. There would be time to study Arabic overseas when he was a grown man, Osman Barre said. He recalled telling his son, “I brought you here to give you a life of prosperity.”

The email Mohamud showed his dad that day was from a Saudi Arabian that he had met at a Portland mosque. Neither Osman nor Mariam Barre knew that the FBI suspected the writer of that email — now identified as Amro Alali — was an al-Qaida recruiter.

FBI agents didn’t share with the Barres that they suspected Mohamud was involved with dangerous extremists, Osman Barre said. Had he been told, he would have reached out to their tight-knit community for help and gotten counseling for their impressionable son.

Barre did exactly what the FBI would hope a father would do: alert the FBI. But rather than helping the father prevent his son from being sucked in, instead the FBI (it claims) used the father’s call as the predicate to suck Mohamud further in, even while they admitted repeatedly he was floundering.

Set aside Mohamud’s guilt or innocence. The message the FBI has sent with its treatment of Mohamud is if family members alert law enforcement to concerns about radicalization, the FBI will then use it as an excuse to entrap their family member.

Just about the least productive thing to do if you want to capture actual threats.