Drug War

DOJ Inspector General Investigating DEA’s Use of Parallel Construction under Hemisphere

Screen Shot 2014-04-18 at 11.02.49 AMAs I noted in my last post, DOJ’s Inspector General recently created a page showing their ongoing investigations. It shows some things not described in Inspector General Michael Horowitz’ last report to Congress.

Of particular interest is this investigation.

Administrative Subpoenas

The OIG is examining the DEA’s use of administrative subpoenas to obtain broad collections of data or information. The review will address the legal authority for the acquisition or use of these data collections; the existence and effectiveness of any policies and procedural safeguards established with respect to the collection, use, and retention of the data; the creation, dissemination, and usefulness of any products generated from the data; and the use of “parallel construction” or other techniques to protect the confidentiality of these programs.

The description doesn’t say it, but this is Hemisphere, the program under which DEA submits administrative subpoenas to AT&T for phone records from any carrier that uses AT&T’s backbone. DEA gets information matching burner phones as well as the call records. In addition, it gets some geolocation — and continued to increase what it was getting even after US v Jones raised concerns about such tracking.

The presentation on Hemisphere makes it very clear the government uses “parallel construction” to hide Hemisphere.

Protecting the Program: When a complete set of CDRs are subpoenaed from the carrier, then all memorialized references to relevant and pertinent calls can be attributed to the carrier’s records, thus “walling off” the information obtained from Hemisphere. In other words, Hemisphere can easily be protected if it is used as a pointed system to uncover relevant numbers.

Exigent Circumstances — Protecting the Program: In special cases, we realize that it might not be possible to obtain subpoenaed phone records that will “wall off” Hemisphere. In these special circumstances, the Hemisphere analyst should be contacted immediately. The analyst will work with the investigator and request a separate subpoena to AT&T.

Official Reporting — Protecting the Program: All requestors are instructed to never refer to Hemisphere in any official document. If there is no alternative to referencing a Hemisphere request, then the results should be referenced as information obtained from an AT&T subpoena.

And this is not the only area where DEA Is using parallel construction to hide where it gets its investigative leads. Reuters reported in August that DEA also uses parallel construction to hide the leads it gets from purportedly national security-related wiretapping.

A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin – not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to “recreate” the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant’s Constitutional right to a fair trial. If defendants don’t know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence – information that could reveal entrapment, mistakes or biased witnesses.

[snip]

The two senior DEA officials, who spoke on behalf of the agency but only on condition of anonymity, said the process is kept secret to protect sources and investigative methods. “Parallel construction is a law enforcement technique we use every day,” one official said. “It’s decades old, a bedrock concept.”

A dozen current or former federal agents interviewed by Reuters confirmed they had used parallel construction during their careers. Most defended the practice; some said they understood why those outside law enforcement might be concerned.

Presuming that Horowitz is investigating whether DEA’s extensive use of parallel construction complies with the Constitution (and not, as is possible, whether the sources of this information are being adequately buried), this is welcome news indeed.

But it’s also one of several reasons why I’m particularly alarmed, in retrospect, that Horowitz is complaining about his ability to get grand jury information without having to get either Attorney General Holder or Deputy Attorney General James Cole to personally approve it.

After all, the only way you can learn what truly happens in prosecutions that have used parallel construction to hide their sources is to work backward from the actual prosecution. Continue reading

El Chapo

Screen Shot 2014-02-22 at 5.21.44 PMToday, they announced the capture of Chapo Guzmán.

According to Mexico’s el Universal, Sinaloa Cartel boss Chapo Guzmán was captured by authorities at 6:40 AM (it’s unclear whether this is Mexico City or Mazatlán time, which are an hour and two behind ET, respectively; and the local Sinaloa press says the operation started at 3:30 AM).

The AP broke the story at 10:52 AM, sourcing to a US official. At around 11:00 (presumably, Mexico City time), Mexico’s Attorney General Jesús Murillo Karam announced the capture — he attributed the delay to taking time to confirm Guzmán’s identity.

And around that same time, President Enrique Peña Nieto tweeted out congratulations to Mexico’s security services for the capture.

As of right now, I’ve seen no comment from the White House on the capture, even though the DEA were said to be heavily involved.

There have been two pictures circulating relating to the arrest: a KSM-style picture of Guzmán at least partially undressed, and pictures taken in full daylight of him being transferred, fully dressed, to a helicopter by masked men wearing Mexican Navy uniforms.

I lay out these details because I have been wondering for some time why, alone among the world leaders spied on by the NSA, Peña Nieto never complained all that loudly. When Speigel first reported the spying, it suggested the US was trying to determine how seriously Peña Nieto — then still a candidate — meant his campaign promises to change the war on drugs. But according to Dana Priest, subsequent to the start of that spying, upon being presented with the range of our spying in Mexico, the President ended much of that “cooperation.”

The new administration has shifted priorities away from the U.S.-backed strategy of arresting kingpins, which sparked an unprecedented level of violence among the cartels, and toward an emphasis on prevention and keeping Mexico’s streets safe and calm, Mexican authorities said.

Some U.S. officials fear the coming of an unofficial truce with cartel leaders. The Mexicans see it otherwise. “The objective of fighting organized crime is not in conflict with achieving peace,” said Eduardo Medina Mora, Mexico’s ambassador to the United States.

[snip]

U.S. officials got their first inkling that the relationship might change just two weeks after Peña Nieto assumed office Dec. 1. At the U.S. ambassador’s request, the new president sent his top five security officials to an unusual meeting at the U.S. Embassy here. In a crowded conference room, the new attorney general and interior minister sat in silence, not knowing what to expect, next to the new leaders of the army, navy and Mexican intelligence agency.

In front of them at the Dec. 15 meeting were representatives from the U.S. Drug Enforcement Administration (DEA), the CIA, the FBI, the Office of the Director of National Intelligence and other U.S. agencies tasked with helping Mexico destroy the drug cartels that had besieged the country for the past decade.

The Mexicans remained stone-faced as they learned for the first time just how entwined the two countries had become during the battle against narco-traffickers, and how, in the process, the United States had been given near-complete entree to Mexico’s territory and the secrets of its citizens, according to several U.S. officials familiar with the meeting

Four months after that meeting, Peña Nieto involved his government in the information sharing process between the US and Mexico, and he reportedly kicked out Americans working in Mexican fusion centers.

Medina Mora, the Mexican ambassador, said in an interview that his nation considers U.S. help in the drug war “a centerpiece” of Mexico’s counternarcotics strategy. But the Mexican delegation in Washington also informed U.S. authorities that Americans will no longer be allowed to work inside any fusion center, including the one in Monterrey. The DEA agents and retired military contractors there will have to go.

Mind you, it’s clear that this change in strategy didn’t really come about — or if it has, the US has accelerated its own work without the Mexicans — as can be seen by the string of Guzmán associates who’ve been rolled up in recent weeks.

There were further hints of Mexico’s close cooperation when James Clapper, at a recent hearing, refused to elaborate in public session on an answer suggesting that Mexico was cooperating as closely as ever. And this response — in a background briefing in advance of President Obama’s trip to Toluca last week — makes it clear the Americans believe cooperation is still ongoing.

Q I was wondering, since we’re on the topic of messages, and you’ve already outlined the main topics of the summit, what sort of message is the President going to give the Mexican President Peña Nieto with the ongoing violence in Michoacán and whether or not they’re going to talk about new initiatives or somehow renewing the — or expanding the Merida initiative to combat drug traffickers down there. So in other words, what sort of deliverables can we expect from this summit? Thank you.

SENIOR ADMINISTRATION OFFICIAL: Thanks for that question. First of all, we have a very good and effective security relationship with Mexico and we have a for a number of years now, including with this administration. Certainly our shared security interests are going to be a part of the conversation. As President Obama made very clear in his initial meeting with President Peña Nieto, we stand by to help in any way we can and to cooperate as determined by the government of Mexico as it develops its security posture and deals with security concerns and judicial reform in Mexico.

You mentioned the Merida programs; those are continuing. And there’s a process in place between our two governments to develop priorities for cooperation. There’s a greater emphasis on the judicial cooperation now and finding ways to work together in that field. With respect to Michoacán, certainly we’re following closely what is happening there and stand by the government of Mexico as it confronts challenges there and elsewhere. [my emphasis]

And now Chapo is in custody, reportedly as a result of several weeks of cooperation between the DEA and Mexico’s Navy.

We shall see whether this time he stays in custody, and if so, in which country.

Keith Alexander Refutes Claims NSA Doesn’t Get Cell Data

Eight days ago, the country’s four major newspapers reported a claim that the NSA collected 33% or less of US phone records (under the Section 215 program, they should have specified, but did not) because it couldn’t collect most cell phone metadata:

  • “[I]t doesn’t cover records for most cellphones,” (WSJ)
  • “[T]he agency has struggled to prepare its database to handle vast amounts of cellphone data,” (WaPo)
  • “[I]t has struggled to take in cellphone data,” (NYT)
  • “[T]he NSA is gathering toll records from most domestic land line calls, but is incapable of collecting those from most cellphone or Internet calls.” (LAT)

Since that time, I have pointed to a number of pieces of evidence that suggest these claims are only narrowly true:

  • A WSJ article from June made it clear the cell gap, such as it existed, existed primarily for Verizon and T-Mobile, but their calls were collected via other means (the WaPo and NYT both noted this in their stories without considering how WSJ’s earlier claim it was still near-comprehensive contradicted the 33% claim)
  • The NSA’s claimed Section 215 dragnet successes — Basaaly Moalin, Najibullah Zazi, Tsarnaev brothers — all involved cell users
  • Identifying Moalin via the dragnet likely would have been impossible if NSA didn’t have access to T-Mobile cell data
  • The phone dragnet orders specifically included cell phone identifiers starting in 2008
  • Also since 2008, phone dragnet orders seem to explicitly allow contact-chaining on cell identifiers, and several of the tools they use with phone dragnet data specifically pertain to cell phones

Now you don’t have to take my word for it. Here’s what Keith Alexander had to say about the claim Friday:

Responding to a question about recent reports that the NSA collects data on only 20% to 30% of calls involving U.S. numbers, Alexander acknowledged that the agency doesn’t have full coverage of those calls. He wouldn’t say what fraction of the calls NSA gets information on, but specifically denied that the agency is completely missing data on calls made with cell phones.

“That part is not true,” he said. “We don’t get it all. We don’t get 100% of the data. It’s not where we want it to be, but it has been sufficient to go after the key targets that we’re going after.” [my emphasis]

Admittedly, Alexander is not always entirely honest, so it’s possible he’s just trying to dissuade terrorists from using cellphones while the NSA isn’t tracking them. But he points to the same evidence I did — that NSA has gotten key targets who use cell phones.

There’s something else Alexander said that might better explain the slew of claims that it can’t collect cell phone data.

The NSA director, who is expected to retire within weeks, indicated that some of the gaps in coverage are due to the fact that the NSA “paused any changes to the program” during the recent controversy and discussions about restructuring the effort.

The NSA has paused changes to the program.

This echoes WaPo and WSJ reports that crises (they cited both the 2009 and current crisis) delayed some work on integrating cell data, but suggests that NSA was already making changes when the Snowden leaks started.

There is evidence the pause — or at least part of it — extends back to before the Snowden leak. As I reported last week, even though the NSA has had authority to conduct a new auto-alert on the phone dragnet since November 2012, they’ve never been able to use it because of technical reasons.

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes.

This description actually came from DOJ, not the FISC, and I suspect the issue is rather that NSA has not solved some technical issues that would allow it to perform the auto-alert within the legal limits laid out by the FISC (we don’t know what those limits are because the Administration is withholding the Primary Order Supplement that would describe it, and redacting the description of the search itself in all subsequent orders).

That said, there are plenty of reasons to believe there are new reasons why NSA is having problems collecting cell phone data because it includes cell location, which is far different than claiming (abundant evidence to the contrary) they haven’t been collecting cell data all this time. In addition to whatever reason NSA decided to stop its cell location pilot in 2011 and the evolving understanding of how the US v. Jones decision might affect NSA’s phone dragnet program, 3 more things have happened since the beginning of the Snowden leaks:

  • On July 19, Claire Eagan specifically excluded the collection of cell site location information under the Section 215 authority
  • On September 1, NYT exposed AT&T’s Hemisphere program; not only might this give AT&T reason to stop collating such data, but if Hemisphere is the underlying source for AT&T’s Section 215 response, then it includes cell location data that is now prohibited
  • On September 2, Verizon announced plans to split from Vodaphone, which might affect how much of its data, including phone metadata, is available to NSA via GCHQ under the Tempora program; that change legally takes effect February 21

Remember, too, there’s a February 2013 FISC Section 215 opinion the Administration is also still withholding, which also might explain some of the “technical-meaning-legal” problems they’re having.

Underlying this all (and assuredly underlying the problems with collecting VOIP calls, which are far easier to understand and has been mentioned in some of this reporting, including the LAT story) is a restriction arising from using an ill-suited law like Section 215 to collect a phone dragnet: telecoms can only be obligated to turn over records they actually “already generate,” as described by NSA’s SID Director Theresa Shea.

[P]ursuant to the FISC’s orders, telecommunications service providers turn over to the NSA business records that the companies already generate and maintain for their own pre-existing business purposes (such as billing and fraud prevention).

To the extent telecoms use SS7 data, which includes cell location, to fulfill their Section 215 obligation (after all, what telecoms need billing records on a daily basis?), it probably does introduce problems.

Which, I suspect, will mean that Alexander and the rest of the dragnet defenders will recommend that a third party collate and store all this data, the worst of all solutions. They need to have a comprehensive source (like Hemisphere apparently plays for the DEA), one that will shield the government from necessarily having collected cell location data that is increasingly legally suspect to obtain. And they’ll celebrate it as a great sop to the civil libertarians, too, when in fact, they’ve probably reached the point where it is clear Section 215 can’t legally authorize what it is they want it to do.

The issue, more and more evidence suggests, is that they can’t collect the dragnet data without a law designed to construct the dragnet. Which is another way of saying the dragnet, as intended to function, is illegal.

Is Hemisphere Creating Problems for the Phone Dragnet?

Screen Shot 2014-02-12 at 4.39.40 PMYou are all probably bored with my repeated posts about why the claim that NSA only collects 30% of US data is probably only narrowly true.

So I won’t discuss how absurd it would be to argue that the terrorist dragnet drawing on the records of at least 3 phone companies was less comprehensive than Hemisphere, the similar AT&T-specific database it makes available to hunt drug crime.

I just want to raise a methodological issue.

In her declaration submitted in support of the suits challenging the Section 215 dragnet, Theresa Shea emphasized something implicit in the Business Records order: the telecoms are only turning over records they already have.

[P]ursuant to the FISC’s orders, telecommunications service providers turn over to the NSA business records that the companies already generate and maintain for their own pre-existing business purposes (such as billing and fraud prevention).

Presumably, AT&T provides precisely this same data to the NSA for its master phone dragnet. That is, to the extent that AT&T compiles this data in particular form, that may well be the form it hands onto NSA.

And that’s interesting for several reasons.

Hemisphere includes not just AT&T call records. It includes records from “CDRs for any telephone carrier that uses an AT&T switch to process a telephone call.” It gets 4 billion call records a day, including international ones and cell ones. As Scott Shane explained,

AT&T operates what are called switches, through which telephone calls travel all around the country. And what AT&T does in this program is it collects all the—what are called the CDRs, the call data records, the so-called metadata from the calls that we’ve heard about in the NSA context. This is the phone number—phone numbers involved in a call, its time, its duration, and in this case it’s also the location. Some are cellphone calls; some are land line calls. Anything that travels through an AT&T switch, even if it’s not made by an AT&T customer—for example, if you’re using your T-Mobile cellphone but your call travels through an AT&T switch somewhere in the country, it will be picked up by this project and dumped into this database.

Which supports the report from last summer that the government can get T-Mobile calls off AT&T’s records. These are the pre-existing records that NSA can come get and they include T-Mobile calls.

There’s another interesting part of that. As I noted the first two phone dragnet orders provided for compensation to the providers, even though the statute doesn’t envision that. That would bring you to November 2006; Hemisphere started in 2007, with funding from ONCDP, the White House Drug Czar. Remember, too, that FBI had the equivalent of Hemisphere onsite until late 2007-2008. That is, one thing Hemisphere does is pay for one provider to store what serves as a good baseline dragnet that can then be handed over to the NSA. That’s significant especially given Geoffrey Stone’s claims that the dragnet is not comprehensive because the cost involved: there should be no cost, but somehow it’s driving decisions.

In any case, as luck would have it, Hemisphere got exposed at the same time as the dragnet.

Hemisphere operates with different legal problems than the NSA phone dragnet. At least with the phone dragnet, after all, AT&T has been compelled to turn over records; with Hemisphere they’re effectively retaining them voluntarily to turn surveillance into a profit center (though they do get compelled on an order-by-order basis). Moreover, AT&T’s far more exposed by the publication on Hemisphere than it is on the NSA dragnet (or perhaps, than even Verizon is under the phone dragnet). The exposure of Hemisphere might make AT&T more hesitant to “voluntarily” retain this data.

Finally, there’as the amicus challenge EFF and ACLU submitted in a criminal case in Northern California notes, Hemisphere includes precisely the data the NSA is struggling with: cell location data.

Hemisphere goes even further than the NSA’s mass call-tracking program, as the CDRs stored in the Hemisphere database contain location information about callers (see Hemisphere Slide Deck at 3, 13), thus implicating the specific concerns raised by five Justices in Jones. See 132 S. Ct. at 955 (Sotomayor, J., concurring) (“wealth of detail about [a person’s] familial, political, professional, religious, and sexual associations” revealed through “trips to the psychiatrist, the plastic surgeon, the abortion clinic,” etc.) (internal quotation marks, citation omitted); id. at 964 (Alito, J., concurring).

The FISC has created all sorts of problems for NSA to store cell location data, most explicitly with Claire Eagan’s order in July specifically prohibiting it.

But here AT&T is, creating the opportunity for the perfect challenge to use Jones to challenge location in a dragnet specifically.

Which is all a way of saying that the tensions with the phone dragnet may not be entirely unrelated from the fact that Hemisphere also got challenged.

Is There a 702 Certificate for Transnational Crime Organizations?

I joked yesterday that James Clapper did no more than cut and paste to accomplish President Obama’s order of providing a list of acceptable bulk collection. But I’d like to note something about the list of permissible uses of bulk collection.

  1. Espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
  2. Threats to the United States and its interests from terrorism;
  3. Threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
  4. Cybersecurity threats;
  5. Threats to U.S. or allied Armed Forces or other U.S. or allied personnel; and
  6. Transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above.

For months, I have been noting hints that the use of Section 702 — which is one of several kinds of domestic bulk collection — is limited by the number of certifications approved by FISC, which might be limited by FISC’s assessment of whether such certifications establish a certain level of “special need.”

In 2011, it seems clear from John Bates’ opinion on the government’s Section 702 applications, there were 3 certifications.

Screen shot 2013-12-19 at 7.10.00 AM

If there are just 3 certifications, then it seems clear they cover counterterrorism, counterproliferation, and cybersecurity (which is consistent with both ODNI’s public descriptions of Section 702 and the Presidential Review Group’s limits on it), 3 of 6 of the permitted uses of bulk collection.

Furthermore, there’s some history (you’ll have to take my word for this for now, but the evidence derives in part from reports on the use of National Security Letters) of lumping in Counterintelligence and Cybersecurity, because the most useful CI application of bulk collection would target technical exploits used for spying. So if that happens with 702 collection, then 4 of the 6 permissible applications would be covered by existing known certifications.

Threats against Armed Forces would, for the most part, be overseas, suggesting the bulk collection on it would be too. (Though it appears Bush’s illegal program used the excuse of force protection to spy on Iraqi-related targets, potentially even in the US, until the hospital confrontation stopped it.)

Which leaves just transnational crime threats — against which President Obama rolled out a parallel sanctions regime to terrorism in 2011 (though there had long been a regime against drug traffickers) — as the sole bulk collection that might apply in the US that doesn’t have certifications we know about.

Given that at least drug cartels have a far more viable — and deathly — operation in the United States than al Qaeda, I can’t think of any reason why the Administration wouldn’t have applied for a certification targeting TCOs, too (one of Treasury’s designated TCO targets — Russian and East European mobs — would have some overlap with the cyber function, and one — Yakuza — just doesn’t seem like a big threat to the US at all).

And last year’s Semiannual Compliance Assessment may support the argument that there are more than 3 certificates. In its description of the review process for 702 compliance, the report lays out review dates by certifications. Here’s the NSA review schedule:

Screen Shot 2014-02-11 at 9.49.59 AM

This seems to show 4 lines of certifications, one each in August and December, but two in October. Perhaps they re-review one of the certifications (counterterrorism, most likely). But if not, it would seem to suggest there’s now a 4th certification.

Here’s the FBI review schedule (which apparently requires a lot more manual review).

Screen Shot 2014-02-11 at 12.30.28 PM

Given that this requires manual review, I wouldn’t be surprised if they repeated the counterterrorism certifications review (and we don’t know whether all the NSA certifications would be used by FBI). But the redactions would at least allow for the possibility that there is a 4th certification, in addition to the 3 we know about.

Perhaps Obama rolled out TCOs as a 4th certification as he rolled out his new Treasury initiative on it (which would be after the applications laid out by Bates).

Of course, we don’t know. But I think two things are safe to say. First, the use of 702 is tied to certifications by topic. And the public statement about permissible use of bulk collection, it would seem to envision the possibility of a 4th certification covering TCOs, and with it, drug cartels.

In Cut and Paste Tumblr Post, James Clapper Describes Who We Can Spy on without Discriminants

As part of his Presidential Policy Directive on Signals Intelligence, Obama said this about bulk collection:

In particular, when the United States collects nonpublicly available signals intelligence in bulk, it shall use that data only for the purposes of detecting and countering: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; (4) cybersecurity threats; (5) threats to U.S. or allied Armed Forces or other U.S or allied personnel; and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section. In no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S . business sectors commercially; or achieving any purpose other than those identified in this section.

The Assistant to the President and National Security Advisor (APNSA), in consultation with the Director of National Intelligence (DNI), shall coordinate, on at least an annual basis, a review of the permissible uses of signals intelligence collected in bulk through the National Security Council Principals and Deputies Committee system identified in PPD-1 or any successor document. At the end of this review, I will be presented with recommended additions to or removals from the list of the permissible uses of signals intelligence collected in bulk.

The DNI shall maintain a list of the permissible uses of signals intelligence collected in bulk. This list shall be updated as necessary and made publicly available to the maximum extent feasible, consistent with the national security.

To fulfill that bolded “shall” language, James Clapper just released this on his IContheRecord Tumblr page:

Presidential Policy Directive/PPD-28 – Signals Intelligence Activities establishes a process for determining the permissible uses of nonpublicly available signals intelligence that the United States collects in bulk. It also directs the Director of National Intelligence to “maintain a list of permissible uses of signals intelligence collected in bulk” and make the list “publicly available to the maximum extent feasible, consistent with the national security.”

Consistent with that directive, I am hereby releasing the current list of permissible uses of nonpublicly available signals intelligence that the United States collects in bulk.

Signals intelligence collected in “bulk” is defined as “the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).” As of Jan. 17, 2014, nonpublicly available signals intelligence collected by the United States in bulk may be used by the United States “only for the purposes of detecting and countering:

  1. Espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
  2. Threats to the United States and its interests from terrorism;
  3. Threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
  4. Cybersecurity threats;
  5. Threats to U.S. or allied Armed Forces or other U.S. or allied personnel; and
  6. Transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above.”

Further, as prescribed in PPD-28, “in no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S. business sectors commercially;” or achieving any purpose other than those identified above.

Effectively, Clapper fulfilled an obligation mandated by the PPD by simply cutting and pasting the list of 6 permissible uses of bulk collection in the PPD.

Given that this list is expected to be assessed annually, does that mean the PPD itself should be considered valid for no more than a year?

Faster and Furiouser Domestic Spying: Why Would the NSA Review Group Talk to the ATF?

Because I’m working on a post on John Bates’ response to the NSA Review Group recommendations, I happened to re-review the list of people the Review Group spoke with today (see page 277; Bates was the only one from the FISA Court they spoke with),

See if you find anything odd with this list of entities the Review Group spoke with from the Executive Branch (here’s a handy list of intelligence agencies to compare it to):

Assistant to the President for Homeland Security & Counterterrorism

Bureau of Alcohol, Tobacco, Firearms and Explosives

Central Intelligence Agency

Defense Intelligence Agency

Department of Commerce

Department of Defense

Department of Homeland Security

Department of Justice

Department of State

Drug Enforcement Agency

Federal Bureau of Investigations

National Archives and Records Administration

National Counterterrorism Center

National Institute for Standards and Technology

National Reconnaissance Office

National Security Advisor

National Security Agency

Office of the Director of National Intelligence

President’s Intelligence Advisory Board

Privacy and Civil Liberties Oversight Board

Program Manager for the Information Sharing Environment (PM-ISE)

Special Assistant to the President for Cyber Security

Treasury Department

Much of the list makes sense. You’ve got the people largely in charge of terrorism (NCTC, Lisa Monaco, FBI, Treasury), you’ve got some of the people in charge of cyber and/or corrupting encryption standards (DHS, Michael Daniel, NIST), you’ve got the people who have to deal with angry foreign leaders (State), you’ve got people in charge of data sharing and storage (PM-ISE and NARA), and you’ve got Commerce (which serves to boost, but also coerce, the tech companies on these issues).

There are some absences. I’m surprised Department of Energy, which plays a key role in counterproliferation, isn’t on here. It’s light on counterintelligence functions, both at DNI and things like AFOSI (which I believe has some nifty cybertools). I’m also a little surprised DOD was represented as a whole, but not some of the branch intelligence organizations. Similarly, DHS was represented as a whole, but not some of its relevant branches (TSA, CBP, and Secret Service).

And then there’s the Drug Enforcement Agency, which is on the list.

And even more alarmingly, the Bureau of Alcohol, Tobacco, Firearms and Explosives.

Don’t get me wrong, neither is all that surprising. We know some of the tools covered by the Review Group — notably National Security Letters — have actually been (mis)used in drug investigations as well as in terrorism ones. Given the logic of the certifications we know exist — not to mention the Administration’s fear-mongering and increasing focus on Transnational Crime Organizations not run by Jamie Dimon — I wouldn’t be surprised if Section 702 were used to fight the war on drugs, if it hasn’t already been. And the drug war certainly is a foreign intelligence priority for EO 12333 collection. Given NSA’s increasing inclusion of drug cartels in the boilerplate comments it releases about Snowden stories, I expect we’ll hear some nifty things about the war on drugs before this is out.

Similarly, one of the first things we learned the government was using Section 215 and/or NSLs to collect was purchase records for beauty supplies, otherwise known as explosives precursors. Since then, Members of Congress have talked about tracking fertilizer purchases. And I’d be shocked if there weren’t at least a half-hearted attempt to track pressure cooker purchases. I guess, from ATF’s inclusion among the Review Group’s interlocutors, we know a little bit about where this data resides: in probably the most fucked up law enforcement agency in government (though maybe that’s Immigration and Customs Enforcement, which thankfully was not considered central enough to talk to the Review Group).

Still, given the increasing number of signals that these authorities have been used to track gun purchases, and ATF’s notorious failures at tracking gun purchases in the past, I wonder whether they’re involved not just to talk about explosives purchases, but also gun records?

The Review Group warned that,

Like other agencies, there are situations in which NSA does and should provide support to the Department of Justice, the Department of Homeland Security, and other law enforcement entities. But it should not assume the lead for programs that are primarily domestic in nature.

For a variety of reasons (both reasonable and unreasonable), it is much harder to claim that tracking gun purchases pertains to counterterrorism or another foreign intelligence purpose than tracking acetone purchases.

Is this one of the domestic security functions the Review Group worried about?

DishFire and the Drug War

I imagine that NSA’s success at spying on Felipe Calderón’s inner circle made it a lot easier for the US to convince him to allow “near-complete entree to Mexico’s territory and the secrets of its citizens” in the name of the war on drugs.

A report classified as “top secret” said: “TAO successfully exploited a key mail server in the Mexican Presidencia domain within the Mexican Presidential network to gain first-ever access to President Felipe Calderon’s public email account.”

I presume continued spying on Enrique Peña Nieto has convinced him to permit that access to largely remain in place, in spite of his campaign promises.

But one of the most interesting aspects of the Spiegel story outlining such spying is the description of how metadata relates to content. In 2012, the NSA conducted analysis of Peña Nieto’s metadata, along with that of 8 of his associates, to figure out who to wiretap.

For two weeks in the early summer of 2012, the NSA unit responsible for monitoring the Mexican government analyzed data that included the cell phone communications of Peña Nieto and “nine of his close associates,” as an internal presentation from June 2012 shows. Analysts used software to connect this data into a network, shown in a graphic that resembles a swarm of bees. The software then filtered out Peña Nieto’s most relevant contacts and entered them into a databank called “DishFire.” From then on, these individuals’ cell phones were singled out for surveillance.

According to the internal documents, this led to the agency intercepting 85,489 text messages, some sent by Peña Nieto himself and some by his associates. This technology “might find a needle in a haystack,” the analysts noted, adding that it could do so “in a repeatable and efficient way.”

That is, at least in this case, NSA used metadata analysis to find the content that might be most interesting. It’s not entirely sure what “needles” the NSA imagined Peña Nieto had in his haystack (always this metaphor!), but Spiegel describes that US prioritizes collection on the drug war over issues — like human rights and economic development — that might combat the underlying conditions that allow drug trafficking to flourish.

In the case of Mexico, the US is interested primarily in the drug trade (priority level 1) and the country’s leadership (level 3). Other areas flagged for surveillance include Mexico’s economic stability, military capabilities, human rights and international trade relations (all ranked at level 3), as well as counterespionage (level 4).

This metadata to content relationship is not surprising in the least. But it implies a faith — and I do mean “faith” — in data analysis that might not be sound.

Not to mention, when transplanted into the United States, a suspect basis for probable cause.

Why Did NSA Raise Traffickers for a Story about Drone Killing Terrorists?

Screen shot 2013-10-17 at 10.53.24 AM

There was an odd statement from NSA in the middle of yesterday’s WaPo story describing how NSA facilitates CIA’s drone mission (click to embiggen).

The NSA is “focused on discovering and developing intelligence about valid foreign intelligence targets, such as terrorists, human traffickers and drug smugglers,” the agency said Wednesday in a statement. “Our activities are directed against valid foreign intelligence targets in response to requirements from U.S. leaders in order to protect the nation and its interests from threats such as terrorism and the proliferation of weapons of mass destruction.” [my emphasis]

While the NSA is finally admitting again their central cybersecurity focus, I believe this is the first time since the Snowden leak that NSA has suggested its “valid foreign intelligence targets” include “human traffickers and drug smugglers.”

It’s not surprising they are, mind you, especially given the Obama Administration’s focus on Transnational Criminal Organizations.

It’s just that the admission comes in a story about NSA’s contributions to drones for which the WaPo explained,

[T]he documents provide the most detailed account of the intricate collaboration between the CIA and the NSA in the drone campaign.

The Post is withholding many details about those missions, at the request of U.S. intelligence officials who cited potential damage to ongoing operations and national security.

It seems the only reason to raise the issue is if some of the materials on drones make it clear they’re being used — if not lethally — against entirely new kinds of targets: human traffickers and drug smugglers (though there have been a slew of stories that they were even used to hunt Chapo Guzman).

Ah well. It’s all moot now. OneKade alerts me that the reference has now been removed from the story.

Poof! All record the NSA and CIA used drones against drug traffickers gone!

Badly Broken: We Are Walter White

BreakingBad_logophotoI’ll bet tonight’s blog traffic will drop sharply, and explode on Twitter — and at 9:00 p.m. EDT exactly. That’s when the last episode of AMC’s Breaking Bad will air, following a 61-hour marathon of all preceding episodes from the last five years.

A friend expressed concern and astonishment at the public’s investment in this cable TV program, versus the Intergovernmental Panel on Climate Change’s Fifth Assessment Report published Friday, expressing heightened confidence in anthropogenic climate change:

“The report increases the degree of certainty that human activities are driving the warming the world has experienced, from “very likely” or 90% confidence in 2007, to “extremely likely” or 95% confidence now.” [source]

He’s right; we’ll be utterly absorbed by the conclusion of former high school chemistry teacher and cancer patient Walter White’s tale. We’ll have spent a fraction of intellectual energy on our own existential threat, in comparison to the mental wattage we’ll expend on a fictional character’s programming mortality.

But perhaps Breaking Bad’s very nature offers clues to our state of mind. Viewers are addicted to a program that upends perspectives and forces greater examination.

— The entire story of Walter White, a middle class white guy with a good education whose cancer threatens his life and his family’s long-term financial well-being, would not be viable were it not for the dismal state of health care in America. There are no Walter Whites in Canada, for example; the U.S. has become little better than a third world narco-state, our health and shelter dependent on ugly choices like crime because our system of governance cannot respond appropriately under pressure for corporate profitability.

We cling to White, though he has become the very thing we pay our law enforcement to battle, because he is us — morally conflicted, trying to safeguard our lives and our families in a deeply corrupt system. At the end of each Breaking Bad episode the distortion of our values is evident in viewers’ failure to reject a criminal character depicting a drug lord manufacturing and selling a controlled substance, while guilty of conspiracy, murder, and racketeering in the process.

In the background as we watch this program, we permit corporate-owned congresspersons to shut down our government in a fit of pique over the illusion of better health care for all. Continue reading

Emptywheel Twitterverse
emptywheel RT @carolrosenberg: Crosby: The accused USSCole bomber had "persistent and chronic anal-rectal complaints..."
56mreplyretweetfavorite
emptywheel Odd part of hanging with @FalguniSheth: who knew that Amherst had decent Mexican and Chinese food?
2hreplyretweetfavorite
bmaz @joshgerstein Wow, that is quite a plea.
2hreplyretweetfavorite
bmaz @MikeScarcella He's rt about better shopping in Tucson; Douglas is a pit. Still, seizure+search based on non-crim+innocuous activity. Ugh.
3hreplyretweetfavorite
bmaz It is completely unacceptable for @CNN to be claiming credit for the Phoenix VA Hospital story; @azrover + @azcentral broke it first.
3hreplyretweetfavorite
bmaz @OKnox Ooops!
3hreplyretweetfavorite
bmaz @nadabakos @robertcaruso @AllThingsHLS Well, they are cops, so credibility IS an issue!
3hreplyretweetfavorite
bmaz @nadabakos @robertcaruso @AllThingsHLS I thought so too. Just relating how the livestock inspectors treated them for these purposes.
3hreplyretweetfavorite
bmaz Whether favor far greater transparency for OLC or not (I do) this paper by @ericisbeautiful looks very informative http://t.co/2eARGM8y9g
3hreplyretweetfavorite
bmaz @ericisbeautiful I have downloaded for reading, but have a feeling I will disagree!
3hreplyretweetfavorite
bmaz RT @ericisbeautiful: If you're following the recent case about the Al-Awlaki memo, might enjoy my note about downsides of OLC transparency …
3hreplyretweetfavorite
bmaz @RebekahLSanders I meant to say that yesterday, but was distracted by the arrival of Founders Beer in Phoenix. Thanks for reminding me!
3hreplyretweetfavorite
April 2014
S M T W T F S
« Mar    
 12345
6789101112
13141516171819
20212223242526
27282930