Intelligence

1 2 3 93

CIA’s Idea of Digital Innovation: Attempt (and Fail) to Buy an Existing News Service

A week ago Sunday, the WSJ reported that Twitter had cut off an In-Q-Tel funded company, Dataminr, from sharing data with the intelligence community.

Twitter Inc. cut off U.S. intelligence agencies from access to a service that sifts through the entire output of its social-media postings, the latest example of tension between Silicon Valley and the federal government over terrorism and privacy.

The move, which hasn’t been publicly announced, was confirmed by a senior U.S. intelligence official and other people familiar with the matter.

Twitter spokesperson Nu Wexler told me this is actually long-standing policy.

Dataminr uses public Tweets to sell breaking news alerts to media organizations such as Dow Jones and government agencies such as the World Health Organization, for non-surveillance purposes. We have never authorized Dataminr or any third party to sell data to a government or intelligence agency for surveillance purposes. This is a longstanding Twitter policy, not a new development.

Indeed, as CNBC reported later in the week, this has been something the IC has been badgering Twitter about since September. Just as interesting, CNBC reports that CIA’s OSINT center wants the data.

It has not been clear exactly which entity in the vast U.S. intelligence apparatus was involved in the dispute with Twitter, but sources tell CNBC that it was a division of the CIA known as Open Source Enterprise. According to the CIA’s website, that unit is a part of the CIA’s directorate of digital innovation. It was created in the wake of recommendations by both the 9-11 Commission and the Iraq Weapons of Mass Destruction Commission that CIA focus more effort on gathering “open source” information — data that is available to anyone in the public, as opposed to information that can only be gathered through covert means.

 

Which raises even more questions for me about the timing of the request, and of these misleading claims from anonymous intelligence officials. Why go public now? It’s not like CIA is any more popular than it was six months ago (though it’s possible the pressure is tied to CIA’s reorganization).

As far as the request, it’s interesting CIA never made this demand after the Arab Spring, which CIA missed entirely because it was listening to Omar Suleiman rather than watching social media like the rest of us. That would have been the moment to make this case (I assume CIA and FBI both use more targeted tracking of ISIS Twitter).

Instead, the request seems more likely tied to the roll out of the larger organization, CIA’s new McKinsey-recommended Directorate of Digital Innovation last October. I would have thought that a claimed commitment to developing digital expertise would have led CIA to set up its own scraping system, rather than trying to purchase the same service news outlets use (to questionable value, according to some people commenting on this). Unless, of course, CIA’s goal is Dataminr’s “firehose,” including all Americans’ Twitter.

This incident ought to raise two questions: one why is CIA lying to ratchet pressure up on Twitter. And two, what the heck is the Digital Innovation Center for if this is the kind of “innovation” they’re seeking?

FBI Can’t Have Whistleblower Protection Because It Would Encourage Too Many Complaints

The Department of Justice is undercutting Chuck Grassley’s efforts to provide FBI employees whistleblower protection. That became clear in an exchange (2:42) on Wednesday.

The exchange disclosed two objections DOJ has raised to Grassley’s FBI Whistleblower Protect Act. First, as Attorney General Loretta Lynch revealed, DOJ is worried that permitting FBI Agents to report crimes or waste through their chain of command would risk exposing intelligence programs.

What I would say is that as we work through this issue, please know that, again, any concerns that the Department raises are not out of a disagreement with the point of view of the protection of whistleblowers but again, just making sure that the FBI’s intelligence are also protected at the same time.

I suspect (though am looking for guidance) that the problem may be that the bill permits whistleblowers to go to any member of Congress, rather than just ones on the Intelligence Committees. It’s also possible that DOJ worries whistleblowers will be able to go to someone senior to them, but not read into a given program.

Still, coming from an agency that doesn’t adequately report things like its National Security Letter usage to Congress, which has changed its reporting to the Intelligence Oversight Board so as to exempt more activities, and can’t even count its usage of other intelligence programs, it seems like a tremendous problem that DOJ doesn’t want FBI whistleblowers to have protection because it might expose what FBI is doing on intelligence.

That’s sort of the point!

Especially given Grassley’s other point: apparently, DOJ is opposed to the bill because it will elicit too many complaints.

One of the issues that your department has raised is that allowing FBI employees to report wrong-doing to their chain of command could lead to too many complaints. You know? What’s wrong with too many complaints? … Seems to me you’d invite every wrong doing to get reported to somebody so it could get corrected.

Apparently, DOJ knows there are so many problems FBI employees would like to complain about that things would grind to a halt if they were actually permitted to complain.

This is the FBI! Not only a bureau that has tremendous power over people, but also one with a well-documented history of abuse. It should be the first entity that has whistleblower protection, not the last!

Grassley raised two more points. First, in April 2014, DOJ promised to issue new guidelines on whistleblowing for FBI, clarifying who employees could go to. That hasn’t been done yet.

FBI has, however, created a video about whistleblowing which is, according to what Grassley said, pretty crappy. He’s asking for both those things as well.

Snickers Bars and Fudged ISIS Intelligence

Yesterday, Shane Harris and Nancy Youssef informed us that there is now a second allegation of manipulation of intelligence on ISIS:

U.S. military analysts told the nation’s top intelligence official that their reports on ISIS were skewed and manipulated by their bosses, The Daily Beast has learned. The result: an overly optimistic account of the campaign against the terror group.

The complaints, lodged by analysts at U.S. Central Command in 2015, are separate from allegations that analysts made to the Defense Department inspector general, who is now investigating “whether there was any falsification, distortion, delay, suppression, or improper modification of intelligence information” by the senior officials that run CENTCOM’s intelligence group.

This second set of accusations, which have not been previously reported, were made to the Office of the Director of National Intelligence (ODNI). They show that the officials charged with overseeing all U.S. intelligence activities were aware, through their own channels, of potential problems with the integrity of information on ISIS, some of which made its way to President Obama.

Once again, it is senior officials at CENTCOM who are accused of manipulating the reports from analysts to make it look as though the US is making more progress against ISIS than is actually happening.

I had never gotten around to posting on this issue when the first accusations came out, but it is my belief that neither investigation will find these senior people at CENTCOM to be guilty of any transgressions. Instead, it seems very likely to me that these officers will claim that they were taking part in an Information Operation aimed at making the fighters within ISIS think that the situation is deteriorating more than is the actual case. I wrote about operations of this sort, termed MILDEC (for Military Deception) back in 2010.

One tidbit I had found back then related to the functions of MILDEC:

Causing ambiguity, confusion, or misunderstanding in adversary perceptions of friendly critical information, which may include: unit identities, locations, movements, dispositions, weaknesses, capabilities, strengths, supply status, and intentions.

Simply by stating that this is what they were doing, these senior officers seem likely to avoid any negative consequences for what they have done. But Harris and Youssef seem to think that the fudging of data was done to fit the intelligence to the Obama administration’s previous comments:

The analysts have said that they believe their reports were altered for political reasons, namely to adhere to Obama administration officials’ public statements that the U.S.-led campaign against ISIS is making progress and has put a dent in the group’s financing and operations.

While that does seem like a distinct possibility, it feels backwards to me. Although the Pentagon is not allowed to aim any of its propaganda toward a US audience (unlike recent loosening of this regulation for propaganda from the State Department), I would think that the real target for these senior officers would be the President and Congress. Even though they have the cover of saying they are spinning yarns to fool ISIS, keeping the bosses who control the purse strings happy would fit quite well with what is going on. [Over at Moon of Alabama, b has an alternate theory about various forces at work relating to ISIS, especially in Syria.]

What a coincidence for me, though, that as I was thinking about MILDEC relating to capability estimates of ISIS, this hilarious AP story came out less than 24 hours later:

Faced with a cash shortage in its so-called caliphate, the Islamic State group has slashed salaries across the region, asked Raqqa residents to pay utility bills in black market American dollars, and is now releasing detainees for a price of $500 a person.

The extremists who once bragged about minting their own currency are having a hard time meeting expenses, thanks to coalition airstrikes and other measures that have eroded millions from their finances since last fall. Having built up loyalty among militants with good salaries and honeymoon and baby bonuses, the group has stopped providing even the smaller perks: free energy drinks and Snickers bars.

Interestingly, the story goes back over most of the information in those two opening paragraphs and makes attributions (although some look pretty flimsy) for the sources of the information. The Snickers part, however, is credited to no sources.

At a time when senior officers at CENTCOM are fudging data on ISIS supplies and capabilities, perhaps as part of an Information Operation, why shouldn’t they throw in a gratuitous Snickers jab?

But then again, if ISIS really isn’t getting their Snickers bars, we could be in big trouble:

What We Don’t Know about What Rummy Didn’t Know

Screen Shot 2016-01-28 at 10.45.31 AMEarlier this week, Politico did a story on a report done for Donald Rumsfeld in summer 2002 about what the Joint Chiefs of Staff’s Intelligence team knew about Saddam’s WMD program.

There are two specifics of significant note the Politico report doesn’t get into. First, it notes that the report itself was dated September 5 and Rumsfeld passed it on to Richard Myers, saying, “It is big” on September 9. But it neglects one significant detail about the date.

The report said “we think a centrifuge enrichment program is under development but not yet operational.” Someone — presumably either Rummy or Myers — marked that passage in the Powerpoint. That same person also marked an earlier slide that said “Our assessments rely heavily on analytic assumptions and judgment rather than hard evidence,” though that person did not mark the following line that read, “The evidentiary base is particularly sparse for Iraqi nuclear programs.”

Those dates are significant, however, because between the time the report was finished on September 5 and Rummy passed it on on September 9, both he and Myers did the Sunday shows as part of the aluminum tube bonanza, which itself was premised on the claim that Iraq had tried to obtain those tubes because they “were intended as components of centrifuges to enrich uranium.” (On Saturday, at least Rummy and possibly Myers spent the day at Camp David with other top Bush officials and Tony Blair planning to get their war on.)

To be fair to them both, they didn’t say anything that greatly varied from this report (in any case, both may not have read it yet) or even directly address the centrifuge story.

The secretary also asserted that Iraq is on the list of the world’s terrorist states, and under Saddam Iraq continues to possess chemical and biological weapons, and seeks to acquire nuclear arms, as well. As such, he said, Iraq represents a clear and present danger to America — and to the world.

Show host Bob Schieffer asked Rumsfeld if the United States was close to going to war against Iraq. The secretary said President Bush has decided that a regime change in Iraq is necessary, but hasn’t yet decided how it would be accomplished. The nation’s leader is slated to go before the United Nations to “make what he believes to be is a recommendation to the international community and to the world” about what to do about Saddam and Iraq, Rumsfeld said.

Iraq, Rumsfeld said, has invaded its neighbors, persists in violating U.N. resolutions it had agreed to, and continues to amass weapons of mass destruction, creating a significant problem for the international community.

The world can approach the problem of Saddam in a number of ways, Rumsfeld remarked. However, he emphasized that he agrees with the president in that doing nothing is not an option.

People seeking a “smoking gun” — absolute, conclusive evidence that Saddam has nuclear weapons — Rumsfeld noted, is like developing a case in a court of law by proving a person’s guilt without a reasonable doubt.

“The way one gains absolute certainty as to whether a dictator like Saddam Hussein has a nuclear weapon is if he uses it. And that’s a little late,” Rumsfeld emphasized.

The secretary pointed out how some U.S. intelligence on Iraqi capabilities may not be revealed to the public for good reason. Putting certain intelligence out to the public could “put people’s lives at risk,” he noted. However, the secretary said more information about Iraq would likely become known in the days and months ahead.

Rumsfeld noted there is also “a category of things we don’t know.” After Operation Desert Storm, he noted, American officials discovered that Saddam was six months to a year away from developing a nuclear weapon. The best previous intelligence had estimated it would take two to six years for Saddam to obtain a nuclear bomb, Rumsfeld said. [my emphasis]

Indeed, while Rummy used a variant of the “smoking gun” line Condi Rice used, he presented it more as a legalistic phrase than the fearful line the National Security Advisor delivered it as. He stressed that US intelligence was withholding information. And he admitted that there was stuff “we don’t know,” though suggested that in the past the stuff we didn’t know ended up being that Saddam was closer to getting nukes than previously believed.

And Myers, too, emphasized Saddam’s quest to improve his nuke program.

Air Force Gen. Richard B. Myers, chairman of the Joint Chiefs of Staff, reiterated to ABC This Week host Sam Donaldson that Saddam Hussein has chemical and biological weapons.

Saddam, Myers added, also wants “to better his nuclear program.”

“He’s going to go to any means to do that, we think,” he said. “Our estimate is at this point he does not have nuclear weapons, but he wants one.”

Basically, though, it appears that after Rummy and Myers had just been put on the Sunday shows to reinforce the hysteria Condi and Cheney were sowing, Rummy read a report and learned that his own intelligence people were none too sure about what he and Myers had just said, at which point he sent it to Myers and said “it is big.”

Screen Shot 2016-01-28 at 11.28.13 AMAt that point, it was probably too late.

The other thing Politico didn’t note, however, is that the actual Powerpoint was not entirely declassified. Indeed, the entire last page was redacted under 1.4 a, b, and c exemptions.

1.4(a) military plans, systems, or operations;

1.4(b) foreign government information;

1.4(c) intelligence activities, sources or methods, or cryptology;

I find that interesting because the Iraq foreign government information in the presentation is no longer considered sensitive, so it presumably cites some other foreign government information.

I suspect the redacted information either cites the equally dubious British intelligence claiming Saddam had WMD or that it invokes Saddam’s ties to terrorism (which both Rummy and Myers did mention in their Sunday appearances). If it’s the latter, it would mean the government is still trying to hide — as it is with a letter Carl Levin tried but failed to get declassified before he retired — the utterly bogus claims about Saddam having ties to Al Qaeda that were partially used to justify the war.

All of which is to say, we know that Rummy probably learned a bit more about what his unknown unknowns immediately after going on a the Sunday shows making a claim about known unknowns. But there’s still something about what Rummy didn’t know that we don’t know.

“Is Our Congressmens Learning?

George Bush once famously asked whether “our children is learning,” demonstrating that those setting policy for education might be least suited for measuring the efficacy of education.

Two different members of Congress in the last day suggest the same is true of counterterrorism policy.

First there was IN Senator Dan Coats, who apparently attributed his understanding of terrorism tactics to 24 and Homeland yesterday. As Mia Bloom pointed out, they’re fiction (though probably supported by intelligence agencies). Experts have attacked the realism of both shows.

The worst part of Coats admitting he takes 24 and Homeland as true, though, is that he’s on the Senate Intelligence Committee. He has — or should have — a way of getting factual details about terrorist tactics. He appears to turn to fiction instead.

Who knows what source CA Congresswoman (and Senate candidate) Loretta Sanchez relied on for her claim that 5 to 20% of Muslims want a Caliphate.

“There is a small group, and we don’t know how big that is—it can be anywhere between 5 and 20 percent, from the people that I speak to—that Islam is their religion and who have a desire for a caliphate and to institute that in anyway possible, and in particular go after what they consider Western norms—our way of life,” she said.

But she, like Coats, is privy to intelligence briefings on both the Armed Services and — especially, in this context — Homeland Security Committees. Did some whackdoodle from Homeland Security tell Sanchez a significant chunk of Muslims are itching to set up an all-Muslim empire?

Something’s wrong with our congressional briefing process. Either these people aren’t attending, they’re not useful, or they’re being fed junk.

And it’s making America less safe.

Update: Dan Coats’ state corrected thanks to “mitch daniels.”

The Businessman’s Briefcase of ISIS Propaganda

The Guardian has a story today about what it claims is ISIS’ manual in state-building which explains — the Guardian concludes — how it became the richest and most destabilizing Jihadi group of the past 50 years (as if that’s a category tracked somewhere).

A leaked internal Islamic State manual shows how the terrorist group has set about building a state in Iraq and Syria complete with government departments, a treasury and an economic programme for self-sufficiency, the Guardian can reveal.

The 24-page document, obtained by the Guardian, sets out a blueprint for establishing foreign relations, a fully fledged propaganda operation, and centralised control over oil, gas and the other vital parts of the economy.

The manual, written last year and entitled Principles in the administration of the Islamic State, lays bare Isis’s state-building aspirations and the ways in which it has managed to set itself apart as the richest and most destabilising jihadi group of the past 50 years.

It explains that this manual came from a businessman “working within ISIS” who in turn handed it onto scholar Aymenn al-Tamimi.

The document came from a businessman working within Isis via the academic researcher Aymenn al-Tamimi, who has worked over the past year to compile the most thorough log of Isis documents available to the public.

For safety reasons, the Guardian cannot reveal further information about the businessman but he has leaked nearly 30 documents in all, including a financial statement from one of Isis’s largest provinces.

That’s the news in this article, in my opinion — that this documents, as well as a slew of other purportedly ISIS documents, including a widely-cited financial one that “proved” ISIS was funding itself using extortion rather than donations from US Sunni allies — all came from the same businessman.

I had been pondering the financial one for some time, mostly wondering why it is that everyone believed this document that showed up out of nowhere. Now we learn there’s a series of documents showing up out of nowhere, forming a key basis for public understanding of ISIS.

And yet somehow that businessman keeps wandering off with ISIS’ founding documents without getting executed.

That’s, um, rather incredible.

Which, I suggest, ought to raise questions about who might want to produce the understanding we’re getting from these documents, and why that entity would be pushing this particular understanding.

Let me be clear. It is possible this really came from ISIS. But I would suggest its continued supply means either that ISIS wants it out or it’s not from ISIS.

Of related interest is that this story keeps getting fed, first, to non-US media outlets.

Both Iran and the US Have Their Scary Monsters

“Cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber…”

That’s my best summary of the intended jist of this NYT story (I’ll return to the real news in it in a big), reporting that Iran is trying to acquire influence with what it variously calls “cyberattacks” and “cyberespionage,” having now been dissuaded from acquiring influence with a nuclear weapons program. It quite literally uses the word “cyber” 19 times.

But what it really means is that Iran is spying, like all other nations do.

But last year, private security researchers say, Iranians began using cyberattacks for espionage, rather than for destruction and disruption.

Interestingly, it says this WSJ story reported bits of it first; that story clearly insinuates Iran used contacts found on the computer of an Iranian-American businessman they arrested to find other contacts, which is not something NYT mentions at all.

Friends and business associates of Mr. Namazi said the intelligence arm of the IRGC confiscated his computer after ransacking his family’s home in Tehran.

In any case, NYT has put two reporters in charge of wielding that scary word “cyber” over and over to make Iran’s actions, acting like any other country, more scary.

That story appeared yesterday.

Today, the AP has this story.

Iran’s top leader says the United States is using “money and sex” to try to infiltrate the Islamic Republic and warns Iranians not to fall into the “enemy’s trap.”

In remarks to commanders of the elite Revolutionary Guard Wednesday, Ayatollah Ali Khamenei says authorities should take concerns about “infiltration” seriously and that political factions should not use the issue against each other.

Khamenei’s warning is just as ridiculous as the NYT’s. Breaking: The US is using the kinds of carrots and sticks used for millennia to recruit spies!

I just find it funny that each sees their scary monster — cyber, in the case of the US, and sex, in the case of Iran — as the means to fear-monger about everyday spying.

Defining Stingray Emergencies … or Not

A couple of weeks ago, ACLU NoCal released more documents on the use of Stingray. While much of the attention focused on the admission that innocent people get sucked up in Stingray usage, I was at least as interested in the definition of an emergency during which a Stingray could be used with retroactive authorization:
Screen Shot 2015-11-08 at 9.27.59 AM

I was interested both in the invocation of organized crime (which would implicate drug dealing), but also the suggestion the government would get a Stingray to pursue a hacker under the CFAA. Equally curiously, the definition here leaves out part of the definition of “protected computer” under CFAA, one used in interstate communication.

(2) the term “protected computer” means a computer—
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

Does the existing definition of an emergency describe how DOJ has most often used Stingrays to pursue CFAA violations (which of course, as far as we know, have never been noticed to defendants).

Now compare the definition Jason Chaffetz used in his Stingray Privacy Act, a worthwhile bill limiting the use of Stingrays, though this emergency section is the one I and others have most concerns about. Chaffetz doesn’t have anything that explicitly invokes the CFAA definition, and collapses the “threat to national security” and, potentially, the CFAA one into “conspiratorial activities threatening the national security interest.”

(A) such governmental entity reasonably determines an emergency exists that—

(i) involves—

(I) immediate danger of death or serious physical injury to any person;

(II) conspiratorial activities threatening the national security interest; or

(III) conspiratorial activities characteristic of organized crime;

Presumably, requiring conspiratorial activities threatening the national security interest might raise the bar — but would still permit — the use of Stingrays against low level terrorism wannabes. Likewise, while it would likely permit the use of Stingrays against hackers (who are generally treated as counterinteligence threats among NatSec investigators), it might require some conspiracy between hackers.

All that said, there’s a whole lot of flux in what even someone who is often decent on civil liberties like Chaffetz considers a national security threat.

And, of course, in the FISA context, the notion of what might be regarded as an immediate danger of physical injury continues to grow.

These definitions are both far too broad, and far too vague.

Response to Snooper’s Charter: URL Searches Are Broadly Available in the US

In an unsuccessful effort to beat ACLU in a lawsuit over the constitutionality of the Child Online Protection Act, in 2005 DOJ sent a subpoena to Google asking for “all URL’s that are available to be located to a query on your company’s search engine as of July 31, 2005” and “all queries that have been entered on your company’s search engine between June 1, 2005 and July 31, 2005.” By challenging the order, Google was able to get the request significantly reduced. But it is understood that DOJ sent the same request to Yahoo, Microsoft, and AOL, and those providers substantially complied (it’s possible they negotiated what DOJ claimed was a more reasonable production of 1 million randomly-selected URLs and one week of actual searches with Personally Identifiable Information removed, but they are presumed to have done at least that much).

That’s a demonstration of the fact that the Federal government can and has gotten massive amounts of URL data from search engine operators with only a subpoena. The government can and does get such information in criminal investigations with a subpoena as well. The government probably faces more scrutiny when using FISA to get such information, as since 2009 it has likely falled under Section 215 and the minimization procedures finally adopted in 2013, but that would still represent access to URLs with a relevance standard.

Which means the primary limit on the government’s access to URL searches with a subpoena in the US is providers’ data retention policy. And that means URL searches are, in general, readily available. Neither Google nor Microsoft state in their privacy policy how long they retain this stuff — though in response to European pressure and to stave off regulation on the issue, in 2010 Google stated it would “only” retain and associate URLs with individual users for 18-24 months, and Microsoft claimed it would only associate Bing records with IPs for 6 months (though that claim is no longer available on its site). Yahoo keeps search data tracked to user for 18 months, with some law enforcement exceptions. All would keep the searches, but de-identify from individual users, thereafter.

Google now permits users to delete past searches (though again, it keeps the searches themselves).

That means for 97% of US users, URL searches will be available to law enforcement with a subpoena for at least 6 months and more often 18 months, unless opting out in Google makes such things genuinely unavailable to law enforcement requests.

On the ISP side, Comcast — which serves half of America’s broadband users — in the recent past has said it keeps IP records for 6 months (though I’m not sure if that’s still in their privacy policy). Time Warner, which has a 13% market sharedoesn’t appear to say, though it has said 6 months in the past. So for the overwhelming majority of broadband subscribers in the US, that information will be available for at least 6 months and possibly far longer. That information, too, is available with a subpoena.

I raise this because one of the things in the British Snooper’s Charter — a scary, comprehensive new surveillance bill designed, for the most part, to provide legal basis for the existing practice — rolled out earlier this week that people have reacted against is the proposed mandate in the bill that would require all providers to keep records of internet activity for a year. That is a problem. But not only does the proposal appear to be intended for more targeted use (that is, data retention requests that would override all of the above retention deadlines), it also is explicitly intended for more limited use. Unlike in the US, investigators are not supposed to be able to find out details of what people were doing online. Such information commonly appears in terrorist (especially) criminal cases.

That is, in most areas (not all; location data is one area where UK practice is clearly worse) where the Snooper’s Charter seems extreme, the reality for the overwhelming majority of Americans rivals what will be mandated under the UK bill. What the UK bill may do is eliminate the safety of services like DuckDuckGo (which doesn’t keep records of your searches), as well as the value of opt-out policies to the extent they really protect a user from law enforcement.

But if people think what’s in the Snooper’s Charter is bad, then you also need to be worried about the reality in the US for most users.

I will have far more to say about the Snooper’s Charter going forward. But one reason why people seem more worried about the Snooper’s Charter than similar permissions here in the US is that we have not had a Snowden for the FBI. That is, much of what is described in the Snooper’s Charter involves domestic intelligence. And the FBI has never been asked to provide a comprehensive view of all the kinds of surveillance it uses (indeed, it has succeeded in evading legal oversight in a number of ways), and very very little of it got included in Snowden’s leaks.

For all the problems of the policies laid out in the Snooper’s Charter, at least the UK’s spooks and cops have had to reveal what they’re actually doing. It’s high time for FBI (and DEA and all the other surveillance-crazy domestic law enforcement agencies in the US) to do the same.

Updated: Corrected an error in DOJ’s “reasonable” request to Google and tweaked for clarity.

Who Was Actually Doing “FBI’s” Aerial Surveillance of Black Lives Matter in Baltimore?

FBI's Critical Incident Response Group does surveillance but do not appear in unredacted parts of the documents.

BPD said they would call in FBI’s Critical Incident Response Group, which does aerial surveillance, but CIRG does not appear in unredacted parts of the documents.

The ACLU just released a series of documents about the FBI’s aerial surveillance of Black Lives Matter protests after Baltimore cops killed Freddie Gray. As they note, the documents show two different parts of FBI, the Washington Field Office and Special Flight Operations Unit, conducting electronic surveillance of protestors, using night vision and other technology. At least two of the flights were claimed to be “consensual,” which ACLU’s Nate Wessler thinks might just reflect public monitoring. Both of those consensual flights appear to have been “collected from” a third party.

Because I’m interested in what happened to one set of video cards, I’m going to do a timeline based on the flight logs and the evidence log.

The timeline shows several things:

FBI did surveillance before Baltimore asked for it

The FBI conducted at least 5 surveillance flights, including several by the Washington Field Office, before a May 1 memo reflecting Baltimore Police Department (BPD) requesting help, prospectively, from Washington Field Office, though a BPD passenger had been on two Special Flights Operations Unit (SFOU) flights before then.

Of signifiant note, the memo said it would ask for help from FBI’s Critical Incident Response Group.

The potential for large scale violence and riots throughout the week presents a significant challenge for the Baltimore Police Department for airborne surveillance and observation. Baltimore will request the assistance of CIRG and WFO in the matter of airborne surveillance to assist the Baltimore Police Department.

CIRG is an elite group within FBI, and includes a Surveillance and Aviation Section, which would (presumably) have far more sophisticated aerial surveillance technology than your typical field office. Correction: It is that, but SAS also manages FBI’s airplanes generally.

CIRG’s Surveillance and Aviation Section (SAS) provides modern jets and other aircraft that respond to crisis situations domestically and around the world. SAS can deploy aviation assets worldwide, including assignments in combat theaters.

CIRG does not appear, unredacted, in any of the flight or evidence logs turned over to ACLU, but if they were involved with this surveillance it might explain some of the other odd details in these documents. As noted below, there are some other interesting redactions that might indicate CIRG involvement.

One more detail about the memo. It used looting to justify the request for help. But it also invoked online discussions among people alleged to be sovereign citizens. So they used a number of different claimed threats to justify the request for help.

FBI changed its case number after conducting the first flights

In many cases, the flight logs show changes made in the notes associated with each flight; in such cases, the log will show both the old set of notes and the new one. For the SFOU flights logged before that memo showing BPD asking for FBI help, someone updated the flight logs with the case number that FBI has left unredacted for this release (the original case number is redacted) after that memo got written. For example, this shows SFOU updating the log from their 4/30 flight on 5/2, replacing a redacted case number with case number “343A-BA-6337966” which is the case file that all these documents are associated with.

Screen Shot 2015-10-30 at 2.15.01 PM

This means SFOU originally conducted the earlier flights under a different FBI case number. This could either be another specific case, or a general number they use for standing investigations, as the FBI does both.

The Washington Field Office flights didn’t get logged until after that memo got written (they appear to all have been logged in one sitting on 5/4), so they always used the same case number.

You have to wonder how often the FBI delays doing flight logs until they have a case number to do the flight under–that likely violates protocols tying surveillance to a specific investigation.

ACLU didn’t get the flight logs for at least one flight

ACLU received flight logs for flights occurring between 4/29 and 5/3. But this document shows a flight occurring (or at least starting) on 4/28.

Screen Shot 2015-10-30 at 2.23.07 PM

This might just reflect an overnight flight the night of 4/28-29 (most of these flights occurred at night), except that there are two other evidence log files for flights on 4/29 that would correlate with the two flight logs from that date. I think it’s possible this is a BPD or a different federal agency’s flight — either Secret Service or Homeland Security, which the memo says BPD was working with — though the evidence appears to have come through FBI.

One flight reflects an FBI passenger

There are, in general, one flight a day for the days logged from each part of FBI, the SFOU and WF. The exception is 4/30, when what appears to be the Baltimore office flew an FBI passenger (whose identity was redacted under a 7E, law enforcement technique, FOIA exemption). Curiously, this flight wasn’t logged until well after the actual flight, on 5/21. Note, since this is a Baltimore flight, it’s unlikely it’s someone flying in from DC to see events.

Two consensual flights appear to have come from a third party

As ACLU itself noted, some (two) of these evidence logs claim the surveillance was consensual.  The two have something else in common. The entry for “collected from” (which elsewhere has unredacted descriptions where it is used, often “Aerial Surveillance Washington” or “…Baltimore”) is redacted, but it clearly shows the file is collected from a third party via an interim one.

Screen Shot 2015-10-30 at 2.31.14 PM

This would seem to suggest the entity that did the surveillance is being hidden. Note, it is being hidden with a 7E law enforcement technique.

Much of this evidence didn’t get logged until a delayed evidence turnover

As I said, the reason I decided to map out this timeline is because there was a delay in some of the SD cards arriving, presumably in Baltimore, to be logged. Even the description, written on 6/1, offered to justify the delay raises questions.

The purpose of this communication is to explain the late submission of Bureau aircraft[redacted] video to the Baltimore ELSUR unit. For background, Washington Field Office (WFO) and Special Flight Operations provided airborne support for the Baltimore Division during the week of April 27, 2015. Missions were flown from April 29 through May 2. The [redacted] SD cards were shipped to the Baltimore Division via FEDEX and arrived on May 5. The FEDEX package arrived at [redacted] approximately May 8. Due to operational missions on May 9 and May 10, the [redacted] SD cards were submitted to the ELSUR unit on May 11.

For example, where were the cards that they needed to be FedExed to (presumably) Baltimore, given that WFO was supposed to be involved in this? Why is FBI redacting the receiving office? Did these SD cards need to be reviewed for sources and methods? And what explains the uncertainty — we’re talking chain of evidence, after all — about when precisely they were received?

As the timeline notes, 4 of the evidence disks were not logged until after this justification got written. This includes the 3 instances where the file was collected via a third party, as well as a Washington Surveillance video attributed to 5/2 but actually taken on 5/1. Two of these are the “consensual” videos.


4/28: Aerial surveillance Serial 4 collected, collected from Washington, WF holding, logged 5/5

4/29: Aerial surveillance Serial 5 collected, collected from “Aerial Surveillance Video, Baltimore,” logged 5/6

4/29: Aerial surveillance Serial 9 collected, collected from indicates third party, holding office Baltimore, logged 6/2

4/29: 2.6 hour night SFOU flight with 3 crew members, 1 BPD passenger, originally logged at 7:52PM on 4/30, then updated with new case number on 5/2 at 2:01AM, Risk = 0

4/29: 4.5 hour WF flight (1.5 of which were at night), 2 crew members, no passengers, originally logged at 5/4 at 2:28 PM, then updated with virtually same information (without decimals) 5/4 at 2:35PM, Risk = 18

4/30: 4.9 hour SFOU night flight with 3 crew members, 1 BPD passenger, first logged at 4/30 at 7:46 PM, then updated with new case number at 5/02 at 2:02 AM, Risk = 0

4/30: Aerial surveillance Serial 2 collected, “collected from” redacted name [a category not always used elsewhere], Washington holding, logged 5/4

4/30: 3.4 hour WF night flight with 2 crew members, first logged at 5/4 at 1:38PM, then updated with virtually same information (without decimals) 5/4 at 1:38 PM, Risk = 20

4/30: 2 hour Baltimore night flight with 1 crew member, 1 FBI passenger (hidden, in part, for b7E), first logged 5/21 at 3:23PM, Risk = 18

5/1: Aerial surveillance Serial 11 collected (surveillance start 4/30, but end 5/1), collected from redacted but via third party, Baltimore holding, logged 6/2, surveillance listed as consensual

5/1: Memo, titled to include 4/27 date but reflecting events back to 4/25, stating, “Baltimore will request the assistance of CIRG and WFO in the matter of airborne surveillance to assist the Baltimore Police Department.”

5/1: 1.4 hour SFOU night flight, with 3 crew members, 1 BPD passenger, first logged 5/1 at 1:15 AM, updated without decimals 5/1 at 1:32 AM, then updated with new case number at 5/2 at 2:02 AM Risk =0

5/2: Aerial surveillance Serial 10 collected (though surveillance start and end listed as 5/1), collected from redacted, but via third party, Baltimore holding, logged 6/2, surveillance described as consensual

5/1: 5 hour WF flight (spanning night and day), with 2 crew members, first logged 5/4 at 1:58 PM then updated without decimals 5/4 at 2:00 PM Risk = 24

5/1: Aerial surveillance Serial 3 collected, collected from WF, holding Washington, logged 5/4

5/2: 3.9 hour SFOU night flight, with 3 crew members, 1 BPD passenger, first logged 5/2 at 2:03AM then updated 5/2 at , 2:04AM and 2:05AM, adding decimals, possibly changed flight ID? without Risk = 0

5/2: 4.3 hour WF flight — including training — spanning night and day, first logged 5/4 at 2:08 PM then logged 5/4 at 2:09 PM Risk = 20

5/2: Aerial surveillance Serial 8 collected, collected from Aerial Surveillance, Washington, logged 6/1

5/3: 4.2 hour SFOU flight, with 3 crew members, 1 BPD passenger, first logged 5/4 2:44 PM, then 2:45PM, then updated 5/4 4:42PM, Risk = 0

5/3: Aerial surveillance Serial 6 collected, no details on receipt from (but Baltimore, not WF, is holding office), logged 5/12

5/4: Serials 2, 3 logged

5/4?: SD cards shipped, unknown date

5/5: Serial 4 logged

5/5: SD cards shipped by FedEx arrive in Baltimore

5/6: Serial 5 logged

5/8, approximate: SD cards arrive at [location redacted]

5/9, 5/10: Operational missions disrupt logging

5/12: Serial 6 logged

6/1: Explanation for late turnover of one video, claiming missions were flown from 4/29 to 5/2

6/1: Serial 8 logged

6/2: Serial 9, 10, 11 logged

 

1 2 3 93