emptywheel
Fact-Checking 9/11 Anniversary Report on Info and Dragnets with 9/11 Report
In Salon, I point out something funny about the report released on Tuesday to mark the 10 year anniversary of the release of the 9/11 Commission report. The report says we must fight the “creeping tide of complacency.” But then it says the government has done almost everything the 9/11 Commission said it should do.
There is a “creeping tide of complacency,” the members of the 9/11 Commission warned in a report released on Tuesday, the 10-year anniversary of the release of their original report. That complacency extends not just to terrorism. “On issue after issue — the resurgence and transformation of al Qaeda, Syria, the cyber threat — public awareness lags behind official Washington’s.” To combat that “creeping tide of complacency,” the report argues, the government must explain “the evil that [is] stalking us.”
Meanwhile, the commissioners appear unconcerned about complacency with climate change or economic decline.
All that fear-mongering is odd, given the report’s general assessment of counterterrorism efforts made in the last decade. “The government’s record in counterterrorism is good,” the report judged, and “our capabilities are much improved.”
If the government has done a good job of implementing the 9/11 Commission recommendations but the terror threat is an order of magnitude worse now, as the report claims, then those recommendations were not sufficient to addressing the problem. Or perhaps the 13 top security officials whom the Commission interviewed did a slew of other things — like destabilizing Syria and Libya — that have undermined the apparatus of counterterrorism recommended by the original 9/11 Commission?
Which is a polite way of saying the 10-year report is unsatisfying on many fronts, opting for fear-mongering than another measured assessment about what we need to do to protect against terrorism.
Perhaps that’s because, rather than conduct the public hearings with middle-level experts, as it boasted it had done in the original report, it instead privately interviewed just the people who’ve been in charge for the last 10 years, all of whom have a stake in fear and budgets and several of whom now have a stake in profiting off fear-mongering?
Suffice it to say I’m unimpressed with the report.
Which brings me to this really odd detail about it.
The report takes a squishy approach to Edward Snowden’s leaks. It condemns his and Chelsea Manning’s leaks and suggests they may hinder information sharing. It also suggests Snowden’s leaks may be impeding recruiting for cybersecurity positions.
But it also acknowledges that Snowden’s leaks have been important to raising concerns about civil liberties — resulting in President Obama’s decision to impose limits on the Section 215 phone dragnet.
Since 2004, when we issued the report, the public has become markedly more engaged in the debate over the balance between civil liberties and national security. In the mid-2000s, news reports about the National Security Agency’s surveillance programs caused only a slight public stir. That changed with last year’s leaks by Edward Snowden, an NSA contractor who stole 1.7 million pages of classified material. Documents taken by Snowden and given to the media revealed NSA data collection far more widespread than had been popularly understood. Some reports exaggerated the scale of the programs. While the government explained that the NSA’s programs were overseen by Congress and the courts, the scale of the data collection has alarmed the public.
[snip]
[I]n March, the President announced plans to replace the NSA telephone metadata program with a more limited program of specific court-approved searches of call records held by private carriers. This remains a matter of contention with some intelligence professionals, who expressed to us a fear that these restrictions might hinder U.S. counterterrorism efforts in urgent situations where speedy investigation is critical.
Having just raised the phone dragnet changes, the report goes on to argue “these programs” — which in context would include the phone dragnet — should be preserved.
We believe these programs are worth preserving, albeit with additional oversight. Every current or former senior official with whom we spoke told us that the terrorist and cyber threats to the United States are more dangerous today than they were a few years ago. And senior officials explained to us, in clear terms, what authorities they would need to address those threats. Their case is persuasive, and we encountered general agreement about what needs to be done.
Senior leaders must now make this case to the public. The President must lead the government in an ongoing effort to explain to the American people—in specific terms, not generalities—why these programs are critical to the nation’s security. If the American people hear what we have heard in recent months, about the urgent threat and the ways in which data collection is used to counter it, we believe that they will be supportive. If these programs are as important as we believe they are, it is worth making the effort to build a more solid foundation in public opinion to ensure their preservation.
This discussion directly introduces a bizarre rewriting of the original 9/11 Report.
Given how often the government has falsely claimed that we need the phone dragnet because it closes a gap that let Khalid al-Midhar escape you’d think the 9/11 Commission might use this moment to reiterate the record, which shows that the government had the information it needed to discover the hijacker was in the US.
Nope.
It does, however, raise a very closely related issue: the FBI’s failure to discover Nawaf al Hazmi’s identity. Continue reading
Breaking: CIA Tortured Abu Zubaydah at a Prison in Poland
Earlier today, the European Court of Human Rights ordered Poland to pay Abu Zubaydah and Abd al Rahim al-Nashiri a combined total of 230,000 Euros for facilitating the torture suffered at Stare Kiejkuty.
The court found Poland violated its obligations under the European Convention on Human Rights to prevent torture, ensure the right to liberty, and properly investigate allegations a crime had been committed on its territory.
It ordered Poland to pay al-Nashiri 100,000 euros in damages and 130,000 euros to Zubaydah.
“The ruling of the tribunal in Strasbourg on CIA jails is embarrassing for Poland and is a burden both in terms of our country’s finances as well as its image,” said Joanna Trzaska-Wieczorek, a spokeswoman for the Polish president.
Of course, that Poland hosted one of CIA’s black sites is not breaking news at all. We’ve known it for years.
But this is an official judgment affirming that to be true. Finally, a court has called America’s torture torture.
The judgment comes as the CIA dawdles over declassifying the Senate Intelligence Committee’s torture report. One reason for the delay, prior reporting has said, comes from a desire to protect our foreign partners in crimes — notably the UK and Poland.
So now that Poland’s role has been confirmed, can we please get the torture report?
You’re Doing Counter-Propaganda Wrong, Hand-Picked Journos Edition
I’ve been so buried in Netroots Nation and related issues I’ve only followed the top-line coverage of the MH17 shoot-down. I think the version the Administration released yesterday — that Ukrainian rebels shot down the airliner by mistake — is the most plausible explanation, though I’m aware of questions about that story.
All that said, there’s something about yesterday’s dog-and-pony show offered at the Office of Director of National Intelligence that seriously discredits the US story.
As the WSJ account of it makes clear, the reporters brought in for that dog-and-pony were explicitly told the dog-and-pony was being held to “not let[] a Russian narrative get out there.”
The Russian government is making a “full-court press” to spread a Russian version of events that try to pin the shoot-down on the Ukrainians, which is “not plausible to us,” one senior intelligence official said.
A key goal of Tuesday’s presentation, said one senior intelligence official was “not letting a Russian narrative get out there,” said one senior U.S. intelligence official.
(Apparently this senior intelligence official is not honest enough to admit both sides are already in a game of full court pressing – and John Kerry has already gotten beyond what the government released yesterday.)
Here’s the thing. While the Russians have not offered as much proprietary intelligence as the US offered yesterday, the presentation this dog-and-pony show is meant to rebut involve their Ministry of Defense providing a televised briefing on their questions about the event.
By contrast, noted liar James Clapper’s office invited hand-picked journalists in, and swore them to silence about who actually gave the briefing, and only afterwards released a transcript and other materials on the briefing. Spencer Ackerman was among the obvious journalists who should have been but was not invited.
Some of the evidence provided by US intelligence – whose fiscal 2013 budget was $68bn – included Facebook posts. “After it became evident that the plane was a civilian airliner, separatists deleted social media posts boasting about shooting down a plane and possessing a Buk (SA-11) surface-to-air missile system,” a senior intelligence official said in the briefing, held on condition of anonymity. The Guardian was not invited to the briefing, a transcription of which was later made available.
Look, if the US government has a case, they can release it publicly. But what they appear to be doing instead is creating their own official press corps and presenting their case there.
That’s especially true given that something else said at the briefing undermines the US case against the rebels.
They noted that it can be difficult to track the transportation of weapons because they are often moved at night, and the Russians have provided the separatists with types of weapons that the Ukrainians also have in order to maintain “plausible deniability.”
If the Russians have gone to some length to hide their role in arming rebels, why would they also give them a weapon that would draw so much attention (the Ukrainian government has them as well, but they haven’t used them)? (Though I actually think the point is they have been fired, but weren’t considered so fancy until they took down a civilian jet.)
I suspect at this point both sides are hiding interesting details they know. But the US has the more plausible case, thus far. So why are they unwilling to present their case publicly?
David Medine’s PCLOB Defense
Today, David Medine attempts to answer (most) of the questions Jennifer Granick argues weren’t answered in the Privacy and Civil Liberties Oversight Board’s report on Section 702. Here’s my summary of how he does so:
Even while Medine “challenges” Granick’s assessment that her questions weren’t answered, he admits “Professor Granick may not find that all of her questions have been fully answered.”
And that’s clear from my summary: for classification reasons, PCLOB didn’t answer the questions about volume of US person communications collected (question 1) or the kinds of selectors used (question 5), and only hinted at an answer to whether NSA had direct access to providers’ networks (question 2). As I’ve suggested, even with the 100 new pieces of data PCLOB got declassified, their subjection to obviously bogus government classification claims discredits their report.
The most useful response Medine provides Granick — though not for what it says about the underlying question – is to inform us that buddy lists and a bunch of other things are treated as communications.
“Do intelligence agencies minimize address books, buddy lists, stored documents, system backups and/or other electronic transmissions where there is no human being on the received end of the transmission as “communications” under the minimization procedures? Or are those fair game?”The report answers this question directly: “Everything that is collected under Section 702 is treated as a ‘communication’ and therefore is protected by the applicable minimization procedures.” PCLOB report at p. 127 n. 524. As explained elsewhere in the report, the statute itself “requires that all acquired data be subject to minimization procedures.” PCLOB report at p. 50 (emphasis added).
In a sense, Granick’s original question was overtaken by events when it was confirmed – both in the WaPo’s analysis of 702 collected data and in PCLOB — that minimization doesn’t work as mandated by law (though PCLOB seems relatively untroubled by that). Sure, US person names in an address book will be masked, but they won’t be destroyed because they have no foreign intelligence value. So even US person names in buddy lists will be available for analysis.
But Medine’s answer — emphasizing that “everything .. is treated as ‘communication’” — is important for his answer regarding what the government uses for upstream selectors. Continue reading
Sting: Two New Reports on How the FBI Creates Terrorists
In the last several days, two important new reports on the FBI’s creation of Muslim terrorists.
The first is an Al Jazeera English video, above, from Trevor Aaronson, who also wrote The Terror Factory. He interviews both informants and the men who entrapped them, the latter of whom describe the FBI’s method. The video includes an extended look at a Toledo informant not previously profiled.
Today Human Rights Watch released a report (I’m part way done with it). That did both statistical analysis of the terrorism cases since 9/11 and close reviews of 27 cases across the country. They did interviews with a number of detainees. They examined the use of pre-trial solitary confinement.
Both reports make a key point: by putting informants in mosques, the FBI is effectively inserting potentially dangerous criminals inside faith communities rather than imprisoning them. The HRW report notes that in some cases, those informants “trolled” for potential leads.
Some of the cases we reviewed appear to have begun as virtual fishing expeditions, where the FBI had no basis to suspect a particular individual of a propensity to
commit terrorist acts. In those cases, the informant identified a specific target by
randomly initiating conversations near a mosque. Assigned to raise controversial
religious and political topics, these informants probed their targets’ opinions on
politically sensitive and nuanced subjects, sometimes making comments that
appeared designed to inflame the targets. If a target’s opinions were deemed
sufficiently troubling, officials concerned with nascent radicalization pushed the
sting operation forward.
HRW’s primary recommendation is more controls on the use of informants. In particular it describes how FBI sometimes uses an effort for spiritual advice to push a (usually young) target towards violence.
Both reports provide valuable new details on how the FBI makes terrorists. We’re getting closer to mapping how all these systems fit together.
EO 12333 Threatens Our Democracy
Among the many posts I’ve written about Executive Order 12333 — the order that authorizes all non-domestic spying — includes this post, where I noted that proposed changes to NSA’s phone dragnet won’t affect programs authorized by EO 12333.
Obama was speaking only about NSA’s treatment of Section 215 metadata, not the data — which includes a great amount of US person data — collected under Executive Order 12333.
[snip]
Section 215 metadata has different and significantly higher protections than EO 12333 phone metadata because of specific minimization procedures imposed by the FISC (arguably, the program doesn’t even meet the minimization procedure requirements mandated by the law). We’ve seen the implications of that, for example, when the NSA responded to being caught watch-listing 3,000 US persons without extending First Amendment protection not by stopping that tracking, but simply cutting off the watch-list’s ability to draw on Section 215 data.
Basically, the way NSA treats data collected under FISC-overseen programs (including both Section 215 and FISA Amendments Act) is to throw the data in with data collected under EO 12333, but add query screens tied to the more strict FISC-regulations governing production under it.
[snip]
NSA’s spokeswoman will say over and over that “everyday” or “ordinary” Americans don’t have to worry about their favorite software being sucked up by NSA. But to the extent that collection happens under EO 12333, they have relatively little protection.
That’s precisely the point made in an important op-ed by the State Department’s former Internet freedom chief, John Napier Tye, who had access to data from EO 12333 collection.
Bulk data collection that occurs inside the United States contains built-in protections for U.S. persons, defined as U.S. citizens, permanent residents and companies. Such collection must be authorized by statute and is subject to oversight from Congress and the Foreign Intelligence Surveillance Court. The statutes set a high bar for collecting the content of communications by U.S. persons. For example, Section 215 permits the bulk collection only of U.S. telephone metadata — lists of incoming and outgoing phone numbers — but not audio of the calls.
Executive Order 12333 contains no such protections for U.S. persons if the collection occurs outside U.S. borders.
[snip]
Unlike Section 215, the executive order authorizes collection of the content of communications, not just metadata, even for U.S. persons. Such persons cannot be individually targeted under 12333 without a court order. However, if the contents of a U.S. person’s communications are “incidentally” collected (an NSA term of art) in the course of a lawful overseas foreign intelligence investigation, then Section 2.3(c) of the executive order explicitly authorizes their retention. It does not require that the affected U.S. persons be suspected of wrongdoing and places no limits on the volume of communications by U.S. persons that may be collected and retained.
Dick Durbin’s Obscure Transparency Bid
Steven Aftergood notes that the Senate Appropriations Committee has included a reporting requirement on NSA on its “bulk collection” programs.
That’s all well and good, if the language isn’t stripped before final passage. But there are a couple of limits to the language.
First, the reporting requirements on Section 215 only go back to 2009.
For the last 5 years, on an annual basis, the number of records acquired by NSA as part of the bulk telephone metadata program authorized by the Foreign Intelligence Surveillance Court, pursuant to section 215 of the USA PATRIOT Act, and the number of such records that have been reviewed by NSA personnel in response to a query of such records;
Of course, the program changed significantly in 2009; the collection scope may have narrowed at that point. And many of the abuses were ended in that year.
And there are two problems with the requirement to provide a list of all “bulk collection” programs.
A report, unclassified to the greatest extent possible, and with a classified annex if necessary, describing all NSA bulk collection activities, including when such activities began, the cost of such activities, what types of records have been collected in the past, what types of records are currently being collected, and any plans for future bulk collection.
We know the intelligence community only includes programs that use no discriminator as “bulk collection.” So the report would list what the IC considers bulk collection, not what normal human beings do.
In addition, only NSA would have to report its bulk programs. We know, for example, that the FBI has a Pen Register program that presumably involves some bulk. That would not show up in this list.
So, great! Transparency!
But not transparency that will tell us what we need to know.
Edward Snowden’s Smut
In an interview with the Guardian published yesterday, Edward Snowden claimed that compromising pictures get shared around NSA.
Made a startling claim that a culture exists within the NSA in which, during surveillance, nude photographs picked up of people in “sexually compromising” situations are routinely passed around.
Boing Boing transcribed his comments on it.
The usual whiners are suggesting Snowden is making this up and demanding proof.
They seem to have forgotten the proof we’ve already seen of NSA officially retaining sexually compromising material. Here’s what Bart Gellman described in a follow-up to WaPo’s recent report on the data collected under Section 702.
Among the large majority of people who are not NSA targets, many of the conversations in our sample are exceedingly private. Often they are very far from publishable, without editing.
Him: “How about you [verb, possessive adjective, noun]
Her: “I [verb] if you [another verb].”
Him: “That can be arranged.”
Her: “I really need punishment.”
Another young woman, also not a target, responds to a suitor who proposes to pay a visit.
Her: “don’t think that would b fair on the guy im seeing”
Him: “you can be a bit naughty at times lol”
Her: “Yeah lol”
The conversation proceeds from there.
This is stuff officially retained by NSA. This is stuff they claim has foreign intelligence value. This is sexually compromising. And Gellman says many of the retained communications are like that.
Sure, I get that NSA wants to contact chain on who’s fucking whom, just as they want to chain on who’s calling whom. But to do that, they’re retaining smut.
The Other Authority for the Phone Dragnet
Back in February, I noted Ron Wyden’s question for then acting OLC head Caroline Krass (she’s now CIA’s General Counsel) about Jack Goldsmith’s 2004 OLC opinion authorizing the dragnet.
In the follow-up questions for CIA General Counsel nominee Caroline Krass, Ron Wyden asked a series of his signature loaded questions. With it, he pointed to the existence of still-active OLC advice — Jack Goldsmith’s May 6, 2004 memo on Bush’s illegal wiretap program — supporting the conduct of a phone (but not Internet) dragnet based solely on Presidential authorization.
He started by asking “Did any of the redacted portions of the May 2004 OLC opinion address bulk telephony metadata collection?
Krass largely dodged the question — but did say that “it would be appropriate for the May 6, 2004 OLC opinion to be reviewed to determine whether additional portions of the opinion can be declassified.”
In other words, the answer is (it always is when Wyden asks these questions) “yes.”
This is obvious in any case, because Goldsmith discusses shutting down the Internet dragnet program, and spends lots of time discussing locating suspects.
Wyden then asked if the opinion relied on something besides FISA to conduct the dragnet.
[D]id the OLC rely at that time on a statutory basis other than the Foreign Intelligence Surveillance Act for the authority to conduct bulk telephony metadata collection?
Krass dodged by noting the declassification had not happened so she couldn’t answer.
But the 2009 Draft NSA IG Report makes it clear the answer is yes: NSA collected such data, both before and after the 2004 hospital showdown, based solely on Presidential authorization (though on occasion DOJ would send letters to the telecoms to reassure them both the metadata and content collection was legal).
Finally, Wyden asks the kicker: “Has the OLC taken any action to withdraw this opinion?”
Krass makes it clear the memo is still active, but assures us it’s not being used.
This is an exchange Center for National Security Studies Kate Martin brings back into the discussion of whether USA Freedumber actually ends bulk collection.
[W]e don’t know whether the Justice Department has opined that other statutory authorities – not now addressed in the USA Freedom Act – could authorize the NSA’s bulk collection. Without this knowledge, we can’t be certain whether the proposed amendments to section 501 (215) will in fact be sufficient to prohibit the NSA from engaging in bulk collection of metadata using some other hitherto unidentified authority.
This is not a fanciful concern. There is in fact a still partly secret OLC opinion by the Justice Department that may address precisely this question.
CNSS is using the debate over USA Freedumber to demand the Administration declassify the rest of that opinion.
When the government declassified the statements submitted in the Jewel v. NSA case last December, it basically declassified everything that should be in that memo. So what’s the holdup on releasing the memo itself?
The Anglo-American Data Empire
In a piece for Salon today, I note that both in US domestic warrants for Stored Communication and in the law the UK will push through, DRIP, the US and the Brits are asserting they should be able to demand data stored anywhere in the world. Here’s the US part:
The U.S. data grab started back in December, when the Department of Justice applied for a warrant covering an email account Microsoft held in Ireland as part of a drug-trafficking investigation. Microsoft complied with regards to the information it stored in the U.S. (which consisted of subscriber information and address books), but challenged the order for the content of the emails. After Magistrate Judge James Francis sided with the government – arguing, in part, that Mutual Legal Assistance Treaties, under which one country asks another for help on a legal investigation, were too burdensome — Microsoft appealed, arguing the government had conscripted it to conduct an extraterritorial search and seizure on its behalf.
As part of that, Microsoft Vice President Rajesh Jha described how, since Snowden’s disclosures, “Microsoft partners and enterprise customers around the world and across all sectors have raised concerns about the United States Government’s access to customer data stored by Microsoft.” Jha explained these concerns went beyond NSA’s practices. “The notion of United States government access to such data — particularly without notice to the customer — is extremely troubling to our partners and enterprise customers located outside of the United States.” Some of those customers even raised Magistrate Francis’ decision specifically.
[snip]
The government’s response, however, argued U.S. legal process is all that is required. DOJ’s brief scoffed at Microsoft for raising the real business concerns that such big-footing would have on the U.S. industry. “The fact remains that there exists probable cause to believe that evidence of a violation of U.S. criminal law, affecting U.S. residents and implicating U.S. interests, is present in records under Microsoft’s control,” the government laid out. It then suggested U.S. protection for Microsoft’s intellectual property is the tradeoff Microsoft makes for complying with legal process. “Microsoft is a U.S.-based company, enjoying all the rights and privileges of doing business in this country, including in particular the protection of U.S. intellectual property laws.” It ends with the kind of scolding usually reserved for children. “Microsoft should not be heard to complain that doing so might harm its bottom line. ”
Click through to find out why the UK data grab is even worse.
Effectively, both English speaking behemoths are arguing that borders don’t matter, they can have any data in the world. And while we know NSA and GCHQ were doing that for spying purposes, here they’re arguing they can do it for crime prevention.
Breathtaking claims, really.
Emptywheel Twitterverse
bmaz
RT @stephenlemons: Arizona Spokeschick Promises Botched Execution Was Really Kittens’ Whiskers And Unicorn Farts http://t.co/W636WRHqZg via…
bmaz
@rickhasen Yep, I find that thought pretty compelling. Think AMK is now going to have a problem too. cc: @JoshMBlackman
bmaz
@armandodkos Let me know how I can help, I have some experience with the state....
bmaz
@armandodkos Whatever it takes to get you here works for me. Invitation open. I continue to vehemently disagree about this boycott though.
emptywheel
@onekade Still not a peep why we would embrace the contact chaining on smart phone data.
bmaz
@armandodkos Whatever you want to call it, the invitation is open. Room and board are free at Casa de bmaz.
bmaz
@armandodkos Come here, stay with me a few days. See the real state of play. Talk to the change agents on the ground. Personal invite.
bmaz
@armandodkos The presence of actual liberal leaders and activists, giving help to, and light on, those working here is what I am saying.
bmaz
@armandodkos You are my friend; don't be an ass by putting words in my mouth that are not mine.