Who Turned over the Google Group Conversations Involving Aaron Swartz?

/25 Comments/in /by

The legal documents on the investigation into Aaron Swartz show three signs of witnesses cooperating with the prosecution.

Most of the public attention has focused on this detail, which in September 2011 publicly indicated Quinn Norton had been provided immunity to testify before the grand jury.

Promises, rewards, or inducements have been given to witness Erin Quinn Norton. Copies of the letter agreement with her and order of immunity with respect to her grand jury testimony are enclosed on Disk 3.

Norton’s account of her testimony is here.

That same motion to compel discovery reveals that an MIT student IDed Swartz in a photo lineup.

Defendant Aaron Swartz was a subject of an investigative identification procedure used with a witness the government anticipates calling in its case-in-chief involving a photospread documented by MIT Police Detective Boulter. Relevant portions of the police report of Detective Boulter and a copy of the photospread used in the identification procedure are enclosed on Disk 3. In both instances, the name of the identifying MIT student has been redacted to protect the student’s continuing right to privacy at this initial stage of the case.

There are hints elsewhere that an MIT student gave Swartz some tips on how to get around MIT (someone must have told him about the accessible network closet, after all); I’ve wondered whether this student, or someone else, is who IDed Swartz.

Finally, a discovery motion dating to June 2012 reveals there are personal communications involving him, including both emails and Googlegroup conversations.

Swartz has received in discovery internet memoranda and chats purporting to be from him. For example, the discovery contains a number of chats on googlegroups.com which contain entries which facially indicate that Swartz was a participant in the communications. The discovery also contains a number of emails which on their faces indicate that they were either to or from Swartz. Swartz requires the additional information requested – the source of these statements and the procedure used by the government to obtain them – to enable him to move to suppress such statements if grounds exist to do so, which he cannot determine without the requested information.

And in response to Swartz’ motion for the source of the communications involving him, the government said everything was either turned over willingly or accessed from a public site. It also said it would not turn over the identity of the people who had turned it over because that would identify its witnesses before it had to. Read more

Quinn Norton’s Testimony

/11 Comments/in /by

The docket of Aaron Swartz’ prosecution made it clear that Quinn Norton, Swartz’ ex-girlfriend, testified with immunity. It also made it clear that someone — or some people — handed over communications, including LISTSERVs, to DOJ. [See update]

In the Atlantic, she provides her side of the story. While it includes a range of useful details, the most significant revelation is that — she believes — she was the first to alert Prosecutor Stephen Heymann to the Guerilla Open Manifesto.

Steve asked if there was anything I knew of to suggest why Aaron would do this, or what he thought about academic journals. I cast around trying to think of something, something that made sense to them, when Aaron had just gathered these datasets for years, the way some people collect coins or cards or stamps.

I mentioned a blog post. It was a two-year-old public post on Raw Thought, Aaron’s blog. It had been fairly widely picked up by other blogs. I couldn’t imagine that these people who had just claimed to have read everything I’d ever written had never looked at their target’s blog, which appeared in his FBI file, or searched for what he thought about “open access” They hadn’t.

So this is where I was profoundly foolish. I told them about the Guerrilla Open Access Manifesto. And in doing so, Aaron would explain to me later (and reporters would confirm), I made everything worse. This is what I must live with.

I opened up a new front for their cruelty. Four months into the investigation, they had finally found their reason to do it. The manifesto, the prosecutors claimed, showed Aaron’s intent to distribute the JSTOR documents widely. And I had told them about it. It was beyond my understanding that these people could pick through his life, threaten his friends, tear through our digital history together, raid his house, surveil him, and never actually read his blog. But that seemed to be the fact of it.

I’ll come back to this Manifesto; I think people keep forgetting that almost all of what it espouses is legal. That while the government treated it as a Rosetta Stone, it didn’t do all they claimed it did.

But before I do that, consider the terms of Norton’s testimony. She was first interviewed without counsel, then served a subpoena, in San Francisco.

They said they were from the Secret Service and that they wanted to ask me a few questions. Shocked and unsure of myself, I let them in to talk to me. One should never, ever do this.

They asked about Aaron, I told them I didn’t know anything. They pointed out that he’d called me, and asked what he told me. I told them I hadn’t asked anything about his arrest, and they were incredulous.

Eventually I ran out of things to tell them, and they produced the real reason for their visit: a subpoena.

At this point, Norton would have been locked into the testimony she gave the Secret Service — including her claim that when Swartz called her to help arrange bail after he was arrested, he didn’t tell her why he had been arrested — or risk false statement charges. (I’m not saying she didn’t tell the truth, just that interviews without counsel can prove sticky going forward.)

In addition, in the guise of seeking her communications with Swartz, the Feds were getting close to her computer, with all her reporting on it.

As strange as it seems now, when I was first subpoenaed, Aaron was more worried about me than him, and both of us were worried about Ada, my seven-year-old daughter. She was the light of both of our lives, and we wanted to make sure none of this would touch her. The problem was my computer. It contained interviews and communications with confidential sources for stories going back five years. The subpoena didn’t actually call for my computer, but materials on my computer. Jose and Adam implied that if the prosecutor didn’t think I was being honest, he might move against me, seize things.

And if the prosecutor took my computer, I would have to go to jail rather than turn over my password.

Norton had been reporting on a range of hacker culture, including Anonymous and WikiLeaks. So while the subpoena only mentioned CFAA and wire fraud violations (see page 4), I can see why she — and the lawyers she first got, who didn’t challenge the subpoena as a violation of DOJ’s rules on subpoenaing journalists — might have been worried. I can see why Swartz would have been worried: by going after Norton, DOJ was going after someone who might have real evidence on the other more serious crimes they were trying to investigate. And by going after her, they may well have been trying to tie Swartz, by association, to that blacker hat hacker culture.

They eventually talked her into taking an immunity deal.

They told me Steve wanted to meet me, and they wanted me to meet him. They wanted to set up something called a proffer — a kind of chat with the prosecution. Steve offered me a “Queen for a day” letter, granting me immunity so that the government couldn’t use anything I said during the session against me in a criminal prosecution.

[snip]

I was outraged and disturbed. I didn’t want a deal, I didn’t want immunity, I just wanted to sit down and talk about the whole terrible business, to tell them why this case wasn’t worth their time, and Aaron didn’t deserve their attention. I didn’t need a deal, and in fact, given that I had nothing to offer the government’s case, I didn’t think I even qualified for it.

I asked my lawyers to refuse, and we fought about it, repeatedly. They brought up things from my past that could be used against me; not criminal behavior per se, even they admitted, but they wanted me to have immunity. I had a terrible headache, and eventually gave in.

And in fact, that appears to have been how Heymann looked at Norton. In the proffer session, they described Norton as “being connected to hackers.”

They said I must have known something because I was connected with hackers. They knew this, they told me, because they’d read everything I’d ever written online.

This, then, is the background to why she testified. She was a broke single mother, relying on pro bono lawyers who had probably been warned about Norton’s purported ties with hackers, under a tremendous amount of stress.

I’ve long noted that Swartz’ story, awful as it is, is in some ways far better than what most people experience with prosecution, because he had the financial wherewithal, at least at first, to fight back. Norton did not.

One thing that’s not clear is what would have happened if these first lawyers had complained about what amounted to a very broad subpoena to a journalist.

I found out it was DOJ policy to subpoena journalists last, yet I had been subpoenaed first. Jose didn’t seem to know that the journalist rules might apply to my hard drive, despite being a former federal prosecutor.

Norton started to pursue these questions only after she had gotten new counsel. It’s not clear it would have made any difference. Aside from the fact that they were demanding stuff partly outside of her journalistic work (the LISTSERVs presumably would overlap her personal relationship with Swartz and her work), by the end of the year DOJ would formalize a policy that offered freelance journalists and bloggers almost zero protection as journalists. Norton didn’t have — and still doesn’t — the institutional affiliation and the  million dollars to fight a subpoena that association with the NYT would have brought.

I am, however, curious whether her first lawyers discussed this, because it’s pretty clear DOJ doesn’t believe any journalist with ties to hacker culture, as Norton has, counts as a journalist. It would have been nice to test that belief legally.

Also note: the very first thing the subpoena asked for was any computers Swartz may have given Norton.

All computers, hard drives, USB drives, DVDs, CDs and other electronic and optical Storage devices currently or previously owned 0r possessed by Aaron Swartz at any time from  September l, 2010 to the present. These shall include, without limitation, all computers and hard drives transferred to you by Aaron Swartz, loaned by you to Aaron Swartz, loaned to you by Aaron Swartz, or stored by or on behalf of Aaron Swartz at any premises over which you have custody or control.

Remember, by that point of the investigation (and to this day, as far as I’ve been able to tell from the public record), DOJ had not found the Macintosh Swartz had used remotely in some of the earlier downloads. I’ve long assumed that Mac was one of Swartz’ personal computers, with a mix of JSTOR files and his personal business (including, just as an example, records from Demand Progress and the SOPA/PIPA fight), though for all we know it could have been someone else’s computer. It appears they believed Norton might have that computer.

So rather than call his lawyer after getting arrested, Swartz called his girlfriend, who just happened to have extensive professional ties to the hackers DOJ would love to nail. The fact that he used his one call to call her made DOJ believe that she could verify Swartz’ motive. And they clearly suspected he had given her the Mac that might tie the JSTOR downloads to larger issues.

I’m still not convinced the focus on the Manifesto is evidence of anything so much as DOJ’s criminalization of open source culture. It incriminates DOJ more than it ever did Swartz.

But (presumably though not definitely in addition to personal communications), that’s what they got by hammering on someone far more vulnerable than Swartz.

Update: Via Twitter, Norton says she did not turn over any LISTSERV material. Someone else must have.

Once Again, Lying to Courts to Protect Banks Goes Unpunished

/10 Comments/in , , /by

This story — about how Occupy Wall Street protestor Michael Premo beat an assaulting an officer charge when his lawyers found video evidence to disprove the NYPD’s claims — might make you believe in justice.

Except for this. Premo’s lawyers first went to the cops for video, knowing they had tons of officers deployed with cameras during the protests. They found the cop who had relevant video. And … he apparently lied in court about whether he had that video.

Prosecutors told them that police TARU units, who filmed virtually every moment of Occupy street protests, didn’t have any footage of the entire incident. But [Premo’s lawyer Meghan] Maurus knew from video evidence she had received while representing another defendant arrested that day that there was at least one TARU officer with relevant footage. Reviewing video shot by a citizen-journalist livestreamer during Premo’s arrest, she learned that a Democracy Nowcameraman was right in the middle of the fray, and when she tracked him down, he showed her a video that so perfectly suited her needs it brought a tear to her eye.

For one thing, the video prominently shows a TARU cop named Bosco, holding up his camera, which is on, and pointing at the action around the kettle. When Premo’s lawyers subpoenaed Bosco, they were told he was on a secret mission at “an undisclosed location,” and couldn’t respond to the subpoena. Judge Robert Mandelbaum didn’t accept that, and Bosco ultimately had to testify [Correction: Bosco didn’t take the stand; he had to appear at the District Attorney’s office for a meeting with Maurus and prosecutors. Judge Mandelbaum accepted that Bosco would likely say on the stand what he said in the meeting, and didn’t require him to testify.] Bosco claimed, straining credibility, that though the camera is clearly on and he can be seen in the video pointing it as though to frame a shot, he didn’t actually shoot any video that evening.

Bosco almost certainly lied. The NYPD clearly lied, repeatedly.

And yet there’s no hint they’ll be charged with obstructing justice.

While you’re reflecting on that, remember what the cops were doing (funded, in part, by JP Morgan Chase $4.6 million donation to the NYPD Foundation). They were making sure that a bunch of hippies could not continue to engage in a highly visible challenge to bank power, and certainly not in the banks’ turf around Wall Street.

Sure, OWS did not present as significant a financial threat as preventing banks from foreclosing on homes they did not hold the proper paperwork on — the threat that robosigners lied under oath to combat. But they did present an ideological threat to the banks.

And here we are, again finding people — cops! — lying in court to protect the banks. And here we are, once again, finding those liars go unpunished.

The Traditional Press’ Blind Spot in Aiding the Enemy

/10 Comments/in , /by

This post by Kevin Gosztola lays out many of the implications of the news — revealed in Bradley Manning’s statement to the court yesterday — that he tried to publish the Iraq and Afghan cables with WaPo, NYT, and Politico before he turned to WikiLeaks. He describes, as Michael Calderone has laid out at length, how NYT and WaPo claim to have no memory of Manning’s pitch.

He wonders what the NYT and WaPo would have done had they actually gotten exclusive dibs on Manning’s trove of information.

Had the Times or Post obtained the logs and begun to examine them for publication, what would the organizations have done? Would they have published? Would they have notified the government they now possessed the documents? The Timescommunicated with the government when preparing to publish State Department cables:

Because of the range of the material and the very nature of diplomacy, the embassy cables were bound to be more explosive than the War Logs. Dean Baquet, our Washington bureau chief, gave the White House an early warning on Nov. 19. The following Tuesday, two days before Thanksgiving, Baquet and two colleagues were invited to a windowless room at the State Department, where they encountered an unsmiling crowd. Representatives from the White House, the State Department, the Office of the Director of National Intelligence, the C.I.A., the Defense Intelligence Agency, the FBI and the Pentagon gathered around a conference table. Others, who never identified themselves, lined the walls. A solitary note-taker tapped away on a computer.

What would have happened to Manning? Would they have been able to protect the identity of the lower-level soldier who had passed on information because he believed they were “some of the most significant documents of our time, removing the fog of war and revealing the true nature of 21st Century asymmetric warfare.”

The example of Jeffrey Sterling, where NYT’s apparent consultation with the government on whether to publish Risen’s story about Merlin appears to have launched the investigation into Sterling, heightens this concern.

And I would also ask whether the papers would sit on the information, using it as their exclusive data, rather than releasing it to be crowd sourced and accessed by people with more expertise on particular areas. A WikiLeaks trove would have made (and to some extent has in any case) the NYT brand for some time. Would the paper have put more stock in that than in sharing the information.

After raising questions about whether NYT would expose its source in such a case, Gosztola concludes, shows the value of organizations like WikiLeaks.

This is why leaks organizations like WikiLeaks are needed. Not only do they have the power to reveal what governments are doing in secret, they also are uniquely positioned—if constructed appropriately—to protect the identity of sources in a such way that makes it near impossible for governments to pursue those blowing the whistle. It creates the possibility that employees in militaries or national security agencies can reveal what they are seeing, be conscientious citizens and at the same time keep their job and, perhaps, not risk their livelihood.

I’d add two points to that.

NYT’s normally excellent ombud, Margaret Sullivan, suggested that the paper could continue the “time-tested way” of sourcing leaks directly to reporters. Dan Froomkin argues this news proves the need for a whistleblower drop box.

Both are ignoring a very dangerous new reality of the war on leakers. Read more

Secret Service Claims It’s Still Investigating Now-Deceased Aaron Swartz

/9 Comments/in /by

After Aaron Swartz died, Jason Leopold FOIAed Secret Service, since that’s the agency that was investigating Swartz when he died.

Curiously, contrary to the FBI — which at least claims to have treated Swartz as they would any other deceased person and turned over all but two pages of his PACER investigation file — Secret Service denied Leopold’s FOIA.

“Disclosure could reasonably be expected to interfere with enforcement proceedings,” they said.

Or, to translate from FOIA-speak, the investigation into Aaron Swartz, who died weeks and weeks ago, is an active investigation.

Most interesting came when USSS’s FOIA officer claimed there was nothing segregable from this “open case.”

We were then transferred to Latita Payne, the Secret Service’s FOIA disclosure officer, who explained to Truthout, “we did a search of our offices [for responsive records] and they responded that it’s an open case.”

Payne said there weren’t any segregable portions of records on Swartz that the Secret Service could release.

Secret Service doesn’t want to turn over Swartz’ file — any of it — because any little bit of it might reveal its investigation into … something. Someone. Presumably not Swartz, since he’s dead.

Now, since USSS first responded to Leopold, they seem to have decided that this answer — the claim they can’t release any files on an investigation into a deceased person — isn’t going to fly, so they’re going to reconsider that answer.

We’ll see how forthcoming that response is.

One other detail. Notice how FBI released its response to Swartz FOIA just long enough before this response so distracted people might think the FBI file is all there is (as if a huge indictment would leave no tracks)? Nice timing.

DOD Uses Sequester to Excuse 5 Year Delay in Implementing Basic Network Security

/3 Comments/in , /by

More than 22 months ago, I wrote a post analyzing Congressional testimony describing the gaping holes in DOD network security 3 years after a nasty malware infection and a year after the publication of Collateral Murder by WikiLeaks.

Almost two years later, Assistant Secretary of Defense Zachary Lemnios says sequestration might hold up improving network security on classified and unclassified networks.

Zachary J. Lemnios, the assistant secretary of defense for research and engineering, was asked by Sen. Rob Portman (R-Ohio) to describe the “most significant” impacts on cybersecurity that could follow from the anticipated cuts to the Pentagon’s budget.

Mr. Lemnios replied that “cuts under sequestration could hurt efforts to fight cyber threats, including […] improving the security of our classified Federal networks and addressing WikiLeaks.”

This is news not just for the specific details offered about how bad DOD’s network security remains (click through for more details). But also for the tacit admission that 3 years after a breach DOD considers tantamount to aiding the enemy, and 5 years after a malware infection that badly affected DOD’s networks in Iraq, DOD still hasn’t completed security enhancements to its networks.

DOJ Used the Open Access Guerilla Manifesto to Do More than Justify Prosecution, They Justified a Search of Aaron Swartz’ Home

/28 Comments/in /by

Yesterday, the HuffPo caught up to reporting I did in January, reporting that DOJ used Aaron Swartz’ 2008  Guerilla Open Access Manifesto to justify their investigation of him.

A Justice Department representative told congressional staffers during a recentbriefing on the computer fraud prosecution of Internet activist Aaron Swartz that Swartz’s “Guerilla Open Access Manifesto” played a role in the prosecution, sources told The Huffington Post.

[snip]

The “Manifesto,” Justice Department representatives told congressional staffers, demonstrated Swartz’s malicious intent in downloading documents on a massive scale.

[snip]

Reich told congressional staffers that the Justice Department believed federal prosecutors acted in a reasonable manner, according to the sources. He also made clear that prosecutors were in part influenced by wanting to deter others from committing similar offenses.

When considering punishment, courts are supposed to impose an “adequate deterrence to criminal conduct” under federal statute. Swartz’s “Manifesto,” prosecutors said they believed, made clear that he intended to share the academic articles widely.

But there’s something the HuffPo is still missing.

Not only does the Guerilla Manifesto advocate doing a lot of things that may well be legal — the biggest exception is the one most applicable, downloading scientific journals and upload them to file sharing networks…

And look at the passage from the Manifesto they quote in the brief, which appears in this larger passage.

There is no justice in following unjust laws. It’s time to come into the light and, in the grand tradition of civil disobedience, declare our opposition to this private theft of public culture.

We need to take information, wherever it is stored, make our copies and share them with the world. We need to take stuff that’s out of copyright and add it to the archive. We need to buy secret databases and put them on the Web. We need to download scientific journals and upload them to file sharing networks. [my emphasis]

In context, much of the manifesto advocates for things that are perfectly legal: sharing documents under Fair Use. Taking information that is out of copyright and making it accessible. Purchasing databases and putting them on the web.

Aside from sharing passwords, about the only thing that might be illegal here (depending on copyright!) is downloading scientific journals and uploading them to file sharing networks.

But it’s the way the government used Swartz’ manifesto legally. They used it, as far as I’ve found, primarily to justify HOW they investigated Swartz.

They used it in a brief rebutting his effort to suppress a number of searches they had done in the investigation.

And that’s significant because of an oddity in the investigation. The government, at first, wasn’t all that quick to investigate Swartz. The let the actual evidence of the alleged crime just sit for weeks and weeks. Read more

Jane Harman Now Targeting Individual CyberTargets with Drone Court

/15 Comments/in , /by

Jane Harman’s advocacy for a drone court suffers from the same problem I touched on here (and will lay out at more length in the next day or so): before you can have a Drone and/or Targeted Killing Court, you need some law the court will apply. Harman seems to envision just applying the standards the Executive — not Congress — came up with, which isn’t how Schoolhouse Rock taught me the government is supposed to work.

Congress, in her model, would just be fully apprised of what goes on in the Drone and/or Targeted Killing Court, not write law to limit what can be approved.

But I’m more interested — alarmed, really — by the way Harman seamlessly adds cybertargeting to her advocacy.

The FISA court, renamed the CT Court, could also oversee drones and cyber. A FISA court application must show that specific individuals are connected to a foreign power – which is defined, in part, as a group engaged in international terrorism. Drone and cyber applications could (1) list the individual/cyber target against whom the lethal operation is directed and (2) submit a finding of probable cause that the individual/cyber target is connected to a foreign power, is in a senior operational capacity and poses an imminent threat of violent attack against the United States.

Approved applications for drone strikes and cyberattacks would need to be renewed after a certain period, and discontinued if evidence is presented that the targets no longer meet the criteria. [my emphasis]

Granted, it would have been nice if the government had had to go to a court to explain why a publisher like WikiLeaks should be targeted with a persistent DNS attack, assuming that’s what happened. But given that both our FISA targeting and our targeting killing targeting probably allow for far too much abuse of the First Amendment, I’m not convinced the FISA Court would have noted the problem with that incident of prior restraint.

More generally, though, isn’t Harman’s neat inclusion of cyber targeting here a hint that our cyberattacks have gone beyond just Iran and WikiLeaks?

Five Questions for John Brennan

/20 Comments/in , , , , , /by

I’m sure I could grill John Brennan for hours. But after a lot of thought, here are the five questions I believe most important that should be asked of him Today.

1) Do you plan to continue lying to Americans?

You have made a number of demonstrable lies to the American people, particularly regarding the drone program and the Osama bin Laden raid. Most egregiously in 2011, you claimed “there hasn’t been a single collateral death” in almost a year from drone strikes; when challenged, you revised that by saying, “the U.S. government has not found credible evidence of collateral deaths,” even in spite of a particularly egregious case of civilian deaths just months earlier. On what basis did you make these assertions? What definition of civilian were you using in each assertion? (More background)

In addition, in a speech purportedly offering transparency on the drone program, you falsely suggested we know the identities of all people targeted by drones. Why did you choose to misrepresent the kind of intelligence we use in some strikes?

2) What was the intelligence supporting the first attempt to kill Anwar al-Awlaki?

The US government’s first attempt to kill Anwar al-Awlaki with a drone strike was December 24, 2009. WikiLeaks cables make it clear that Awlaki was a primary target of that strike, not just intended collateral damage. Yet the Webster report makes clear that on that day — that is, until the Underwear Bomber attempt the next day — the Intelligence Community did not consider Awlaki to be operational. Thus, the strike seems to have been approved before he fulfilled the criteria of the white paper released the other day, which authorizes the targeting of senior operational leaders of groups like AQAP. What was the legal basis for targeting this American citizen at a time when the IC did not believe him to be operational? (More background)

3) Will your close friendships with Saudis cloud your focus on the US interest?

In a fawning profile the other day, Daniel Klaidman nevertheless laid out the following points:

  • You considered Yemen to be a “domestic conflict.”
  • You opposed signature strikes in the country.
  • You nevertheless approved signature strikes in Yemen because of personal entreaties from people you know from when you were stationed on the Arabian peninsula in the 1990s.

In addition, recent reports have confirmed that the drone strike that killed Anwar al-Awlaki was launched from Saudi territory.

Were the personal entreaties you responded to from Yemenis or Saudis (or both)?

What role did the Saudis have in the Awlaki strike? Did they have an operational role?

As someone with such close ties to liaison sources, how have you and will you manage to prioritize the interests of the United States over the interests of friends you have from two decades ago?

To what degree is your intelligence sharing — especially with the Saudis — a stovepipe that creates the same risks of intelligence failures that got us into the Iraq War? (More background)

4) What role did you have in Bush’s illegal wiretap program?

The joint Inspector General report on the illegal wiretap program reported that entities you directed — the Terrorist Threat Integration Center in 2003 and 2004, and the National Counterterrorism Center in 2004 and 2005 — conducted the threat assessments for the program.

What role did you have, as the head of these entities, in the illegal wiretapping of Americans? To what extent did you know the program violated FISA? What role did you have in counseling Obama to give telecoms and other contractors immunity under the program? What influence did you have in DOJ decisions regarding suits about the illegal program, in particular the al-Haramain case that was thrown out even after the charity had proved it had been illegally wiretapped? Did you play any role in decisions to investigate and prosecute whistleblowers about this and other programs, notably Thomas Drake? (More background)

5) Did you help CIA bypass prohibitions on spying domestically with the NYPD intelligence (and other) programs?

In your additional prehearing questions, you admit to knowing about CIA’s role in setting up an intelligence program that profiled Muslims in New York City. What was your role in setting up the program? As someone with key oversight over personnel matters at the time, did you arrange Larry Sanchez’ temporary duty at the NYPD or CIA training for NYPD detectives?

Have you been involved in any similar effort to use CIA resources to conduct domestic spying on communities of faith? You said the CIA provides (among other things) expertise to local groups spying on Americans. How is this not a violation of the prohibition on CIA spying on Americans?  (More background)

Update: I realized that I have left out a caveat in Brennan’s drone lies — he was talking in the previous year. I’ve fixed that.

When All You Have Is a CyberHammer, You Have to Expect to Go to War against Nails

/6 Comments/in , /by

There are two things about this NYT article describing Obama’s new cyberwar policy that deserve note.

A secret legal review on the use of America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review.

[snip]

The rules will be highly classified, just as those governing drone strikes have been closely held.

First, according to the WaPo, the government has conducted a search of any and all government officials who have had contact with the lead author of the story, David Sanger.

Investigators, they said, have conducted extensive analysis of the e-mail accounts and phone records of current and former government officials in a search for links to journalists.

Frankly, I think the WaPo is naively ignoring the real possibility, given the updates to DOJ’s Domestic Investigations and Operations Guide, that DOJ has accessed Sanger’s email records directly.

Nevertheless, however they’ve gotten that information, the government now has a pretty good idea who speaks to David Sanger. Presumably, folks who talk to Sanger — particularly those privy to secret workings of the White House — are cognizant of this fact.

From that I assume it’s likely — though by no means certain — that the Administration is not that unhappy about having an article boasting about its aggressive cyberwar stance, even while noting that the details of it will be remain legally classified.

Meanwhile, I’m struck by this claim.

Mr. Obama is known to have approved the use of cyberweapons only once, early in his presidency, when he ordered an escalating series of cyberattacks against Iran’s nuclear enrichment facilities.

Sure, there’s only been the one attack (or rather the serial set of attacks) on Iran.

But I’m struck — particularly in the wake of DOJ’s filing making it clear they’re investigating WikiLeaks as a spy, while refusing to tell us what laws it is using to conduct that investigation — that there has been a rather notable cyberattack whose author we don’t know: the DDOS attacks on WikiLeaks as it first started to release the WikiLeaks cables, and then again last summer (a group called AntiLeaks claimed credit for the second one).

As Jack Goldsmith and Thomas Rid both point out, the Administration appears to be badly fumbling cyber defense (largely because the private sector doesn’t want to play along and the Administration isn’t prepared to make them), but they are very aggressively pursuing cyberoffense. Perhaps, as Goldsmith suggests, this leak to the journalist whose contacts are being monitored is intended to deter attacks on the US (though I’m not sure how a story in a newspaper that the Chinese have hacked is going to scare the Chinese from doing what they have been doing for years).

But if the US is so intent on bragging about its offensive capability, isn’t it time we learned the scope of that offensive capability? Shouldn’t we finally know whether the government took down a publisher’s website?

image_print