Yesterday, in announcing the public release of documents relating to CIA’s publication of a Russian edition of Dr. Zhivago, the CIA bragged (justifiably) about its Cold War success in making books Warsaw Pact governments had banned available within those countries.
In a memo dated April 24, 1958 a senior CIA officer wrote: “We have the opportunity to make Soviet citizens wonder what is wrong with their government when a fine literary work by the man acknowledged to be the greatest living Russian writer is not even available in his own country [and] in his own language for his people to read.”
Obtaining, publishing, and distributing banned books like Doctor Zhivago was an important Cold War-era success story for the CIA.
Even as CIA was declassifying the documents underlying Peter Finn’s book on this topic, the 9/11 Gitmo trial was being stalled, once again, by issues arising from the Court’s fragile Constitutional foundation.
The issue, this time, makes for ironic comparison with CIA’s boasts of making banned texts available to societies where the government was too fragile to release such texts.
On Monday, the 9/11 defense lawyers revealed that their Defense Security Officer had been recruited as an informant by the FBI as part of an investigation into how an unclassified 36-page tract written by Khalid Sheikh Mohammed became available to the HuffPo.
The Gitmo prosecutors claim to have no knowledge of the FBI investigation.
At Monday’s hearing, the judge pointedly asked the prosecutor, Army Brig. Gen. Mark Martins, if his prosecution team was “aware of this visit” by two agents to the bin al Shibh team member’s house on Sunday, April 6, to question him after church. At issue, in part, was how the Huffington Post and Britain’s Channel 4 television got a copy of the Mohammed commentary.
“No, we were not,” Martins replied — even before the judge had finished his question.
At the prison, spokesman Navy Cmdr. John Filostrat on Monday night replied to a question of whether the prison staff asked the FBI to investigate the document this way: “I am unaware of any investigation and won’t get into ongoing legal proceedings, anyway.”
Tuesday, a Pentagon spokesman said that while Martins did give the FBI the copy of the Mohammed document neither the chief prosecutor “nor the prosecution team had any idea that an investigation was launched.”
“He gave it to the FBI to maintain as evidence in event that there could at some point be an investigation,” said Army Lt. Col. Todd Breasseale, “and in the event that it is determined that releasing [Mohammed’s 36-page commentary] was unlawful.”
Nevertheless, it appears someone requested an investigation into the disclosure. And DOJ’s part of the prosecution team suggests the judge would infringe on Executive Branch privileges if he investigates the FBI investigation.
Separately, a lead case prosecutor, Ed Ryan of the Justice Department warned the judge against asking to question the FBI agents who visited a defense team member.
“Your Honor is suggesting that you want to investigate an ongoing investigation. There are numerous government privileges that would be at stake,” Ryan said at the hearing. “I think the commission would be greatly mistaken to go down a road of trying to look inside an ongoing investigation being conducted by the Federal Bureau of Investigation if, in fact, one exists.”
Defense Attorneys also complained that a (perhaps now former) member of the Prosecution team is the Chief of Staff to FBI Deputy Director Mark Giuliano.
And then finally, there’s a member of the trial team, Ms. Baltes, who is also — who also serves as the Chief of Staff to the Deputy Director of the FBI. And I appreciate counsel’s unequivocal statement that the prosecution was not aware of this investigation, did not know — did not know that an investigation was taking place and did not direct FBI agents to go and try to penetrate Mr. Harrington’s team, but somebody did, and somebody at the FBI did. And I don’t think it’s too much of a leap to imagine that when a member of the trial team has a dual role as the Chief of Staff to the Deputy Director of the FBI, that there could be an interface there, and I think it would be appropriate to examine Ms. Baltes as well.
Joanna Baltes happens to have been the lawyer who, in January, refused to admit in public that the CIA had installed a means to censor Gitmo proceedings, unbeknownst to the Judge. Is she, once again, answering to the CIA above and beyond her obligations to a court purportedly delivering independent justice?
So our attempt to hold the perpetrators for 9/11 responsible for their crimes has once again ground to a halt as the Judge investigates whether and why (and at whose behest) the FBI is investigating the release of KSM’s unclassified writings.
Americans might ask, like Russians before them, “wonder what is wrong with their government” that we must delay justice in the 9/11 attack because someone made a shitty tract from KSM publicly available.
Don’t get me wrong. Unlike Boris Pasternak’s novel, KSM’s tract is not literature, not even close. Continue reading
Yesterday, just weeks after the time Al Arabiya announced Prince Bandar bin Sultan would resume his duties as head of Saudi intelligence (and therefore the mastermind of the Saudi-backed effort to oust Bashar al-Assad), Bandar was replaced by a little-known deputy.
Prince Bandar bin Sultan is on his way back to Riyadh where he will resume his tasks as head of Saudi Intelligence,reported news portal NOW Lebanon.
An informed Saudi source confirmed the report to Al Arabiya News.
“This is without doubt bad news for Tehran, Damascus and Hezbollah, particularly that anti-Saudi media has been propagating false information for the past two months that Prince Bandar’s absence has been due to his dismissal and due to a Saudi decision to back away from its policies regarding the regional conflict,” said the source in Riyadh.
The source confirms that Prince Bandar has actually been away due to medical reasons, however, he has resumed his activities this week from the Moroccan city of Marrakesh; where he has been recovering and where he has met with former Lebanese PM Saad Hariri and Crown Prince of Abu Dhabi, Sheikh Mohammad bin Zayed.
But today he’s out.
Saudi Arabia’s intelligence chief Prince Bandar bin Sultan has been relieved of his post at his request, the official Saudi Press Agency reported Tuesday.
The royal decree announcing that Prince Bandar was stepping down as president of General Intelligence gave no reasons for the move. He has been replaced by General Yousef Al Idrissi, the decree said.
I’m not sure anyone knows what these tea leaves mean. It may be that the “shoulder” injury Bandar had been treated for remains a serious health issue. It may be that — as one piece suggested — he retains some power here and has not ceded it back to Mohammed bin Nayef, who had taken over before Bandar’s return in March. It may be that this and King Abdullah’s designation of Prince Muqrin bin Abdulaziz as second in succession were done to time with Obama’s visit, to signal that America’s more favored successor, Mohammed bin Nayef, was not going to take over any time soon.
But it also comes among two other developments that may be related. First, since about the beginning of the year and increasingly in recent weeks, the Saudis are actually cracking down on terrorism, both real — including those who went to fight in Syria — and imagined. Perhaps the former, too, was a show for the US. But it did seem to reflect some concerns that Saudi efforts in Syria were increasing security concerns for the Kingdom (as well as other countries in the region and not).
Perhaps most interesting, however, is that the same day that Bandar got “sacked” videos started showing opposition figures in Syria with US made anti-tank missiles, which is the kind of thing Bandar has decades of experience arranging. We’ll see whether those disappear like Bandar or represent a new escalation of efforts to oust Assad.
In response to Frazier Glenn Miller’s arrest in the murder of 3 people at Jewish targets the other day, Peter Bergen reminds that white supremacist terrorists have been more dangerous in recent years than Islamic terrorists.
Now let’s do the thought experiment in which instead of shouting “Heil Hitler” after he was arrested, the suspect had shouted “Allahu Akbar.” Only two days before the first anniversary of the Boston Marathon bombings, this simple switch of words would surely have greatly increased the extent and type of coverage the incident received.
Yet the death toll in the shootings in Kansas is similar to that of last year’s Boston Marathon bombings, where three people were killed and the suspects later killed a police officer as they tried to evade capture. (Many more, of course, were also wounded in the Boston attacks; 16 men, women and children lost limbs.)
In fact, since 9/11 extremists affiliated with a variety of far-right wing ideologies, including white supremacists, anti-abortion extremists and anti-government militants, have killed more people in the United States than have extremists motivated by al Qaeda’s ideology. According to a count by the New America Foundation, right wing extremists have killed 34 people in the United States for political reasons since 9/11. (The total includes the latest shootings in Kansas, which are being classified as a hate crime).
By contrast, terrorists motivated by al Qaeda’s ideology have killed 23 people in the United States since 9/11.
But, as Bergen notes, thus far these murders have been called “hate crimes,” not terrorism.
That’s particularly interesting given this remarkable report from HuffPo’s Ryan Reilly, while he was still at TPM. Back in 2012, Reilly interviewed Miller about his contacts with Kevin Harpham, the MLK bomber. As Reilly notes, Federal prosecutors had used Harpham’s contacts with Miller to argue for harsher sentencing.
Less than a week after 36-year-old Kevin Harpham was arrested for allegedly attempting a racially motivated bombing of a 2011 Martin Luther King Jr. parade in Spokane, white supremacist leader Glenn Miller sent him a letter offering to help start a legal fund on his behalf.
“Keep your chin up and stay strong,” Miller wrote in a letter dated March 14, telling Harpham that he and other members of an online white supremacist forum believed he’d “been set up.”
Federal prosecutors used Miller’s jailhouse letter and Harpham’s response — in which he said he might have Miller screen individuals as he looked for “someone to house sit for a while” – as one of the factors that “supports the imposition of a sentence that will maximize the time the Defendant is incarcerated and subject to judicial oversight.”
Evidently Harpham’s lawyers soon informed him it probably wasn’t a good idea to be sending letters to a well-known white supremacist while in jail accused of a hate crime, as he didn’t respond to any of Miller’s follow up letters.
“He’s kind of let me know he doesn’t want anything to do with me,” Miller said. “It’s not in his self interest to associate with me, and I can understand that, can’t you?” [my emphasis]
As I noted at the time, the FBI called Harpham a “lone wolf” “hate criminal.” That, in spite of the fact that the crime to which he plead guilty — attempted use of a WMD — is one of FBI’s favorite “terrorist” crimes with which to entrap young Muslims, and in spite of the fact that Harpham’s contacts with Miller and his abundant online activity showed him to be a part of a network sharing the same ideology.
Harpham was one of the few white people convicted of a terrorist enhancement crime (the 3 anarchists tied to Occupy who discussed bombing a bridge were also found guilty on WMD charges; both the Hutaree and Schaeffer Cox were initially charged with terrorist-associated crimes, but not found guilty of them; see this a post for Dianne Feinstein’s catalog of such crimes). Whether the FBI called Harpham one or not, he is technically a terrorist.
Just two years ago, they made a big deal out of Harpham’s ties to Miller and used that to substantiate the severity of Harpham’s crimes. Yet not only did the FBI not catch Miller in a sting before he killed. But they’re not even calling Miller a terrorist … yet.
Miller and Harpham were participants in the same kind of network the FBI uses, if they’re Muslim, to identify targets for increased law enforcement attention. Harpham was convicted as a terrorist, in part, based on his ties to Miller.
And yet no one stopped Miller before he (allegedly) killed.
While the mainstream press finally catches up to the fact that there were indeed hundreds of violent attacks on election day in Afghanistan (even though hippies could find the data over a week ago), there is yet another disturbing development in the efforts to hold talks between Afghanistan’s High Peace Council and the Afghan Taliban. I noted nearly a year ago that Mutasim Agha Jan was beginning to bring some attention to a more moderate faction within the Afghan Taliban. He was successful in getting discussions going with the Afghan High Peace Council, but one of his associates, Abdul Raqib, was gunned down in Peshawar in February just after returning from a negotiating session in Dubai. It has now been confirmed that Mutasim Agha Jan has disappeared while in Dubai as he was preparing for another round of talks there. Here is ToloNews on the disappearance:
Agha Jan, who was one of the few crucial Taliban figures that had direct contact with the HPC, lived in Turkey and recently disappeared during a tour to the UAE.
“The government of Islamic Republic of Afghanistan is aware of Agha Jan’s disappearance in the UAE,” MoFA spokesman Ahmad Shekib Mustaghna said on Monday.
There are rumors about the possibility that Agha Jan may have been abducted. MoFA has not released a statement in regards to the rumors, but has called the circumstances surrounding the disappearance ambiguous and questionable.
Over the past month, Agha Jan had met with the HPC delegation twice; both sides had agreed to continue peace discussions.
There is a very interesting bit of language in the Khaama Press story on the disappearance:
The ministry of foreign affairs of Afghanistan confirmed that the former senior Taliban leader Agha Jan Mutasim has gone missing in United Arab Emirates.
Foreign ministry spokesman, Shekib Mostaghni told reporters in Kabul that the Afghan officials have started negotiations with the UAE officials regarding the fate of Agha Jan Mutasim.
Mr. Mostaghni further added that the government of Afghanistan has stepped up efforts to take practical steps to find out Agha Jan Mutasim.
Normally, I would attribute that bit about “negotiations with UAE officials” as poor translation from an initial story about Afghan officials speaking to UAE officials simply to ask questions. But there is also this report in the Express Tribune:
Last week, Mutasim’s family sources and friends confirmed to The Express Tribune that they have lost contact with him in Dubai. They were concerned that the UAE authorities might have detained and shifted Mutasim to an undisclosed location in Abu Dhabi.
The Express Tribune article also makes it clear that he has been missing for quite a while:
After a mysterious silence for nearly two weeks, the Afghan foreign ministry on Monday confirmed that Mutasim is missing in the UAE. “The Afghan government confirms that Agha Jan Mutasim has disappeared in the UAE and we are talking to senior Emirati officials to know his fate,” spokesman Ahmed Shakaib Mustaghni said in Kabul.
“The talks, unfortunately, have not yet produced any results and we do not have any more details,” Mustaghni told a weekly press briefing, according to the recorded version of the briefing received here.
So it would indeed appear that Afghanistan may be in some sort of negotiations with UAE on the fate of Mutasim. But since we don’t have confirmation yet that he actually is under UAE control, we could be back to the list of suspects I discussed in the death of Abdul Raqib also being suspects in this case as well (but read here for a pretty strong argument that Taliban hardliners were responsible for Raqib’s death). I will keep an eye out for further developments on Mutasim’s location and safety.
I have a piece over at The Week on the unusually credible denial the government issued on Friday, claiming they did not know of the Heartbleed vulnerability until earlier this month. In it, I note that Obama adopted a much lower bar for using software vulnerability than his hand-picked Review Group recommended in December. Most troubling, Obama admits he will use exploits for law enforcement, in addition to national security.
But the announcement’s discussion of the interagency review also made clear that the process will, sometimes, approve such a use — which means that the next Heartbleed could be exploited by the NSA. Furthermore, the standard the administration claims to have adopted — “a clear national security or law enforcement need” (italics mine) — is lower than the “urgent and significant national security priority” recommended by the Review Group.
In other words, in very clear language, the government has confessed that it does and will continue to keep secret Heartbleed-style vulnerabilities not just for national security purposes, but also for mere law enforcement.
The idea that the government might hack in the name of law enforcement is not new.
As WSJ reported last month, DOJ is trying to get the Judicial Conference to approve language allowing it to get warrants to hack in multiple districts at once.
The government’s push for rule changes sheds light on law enforcement’s use of remote hacking techniques, which are being deployed more frequently but have been protected behind a veil of secrecy for years.
In documents submitted by the government to the judicial system’s rule-making body this year, the government discussed using software to find suspected child pornographers who visited a U.S. site and concealed their identity using a strong anonymization tool called Tor.
The government’s hacking tools—such as sending an email embedded with code that installs spying software — resemble those used by criminal hackers. The government doesn’t describe these methods as hacking, preferring instead to use terms like “remote access” and “network investigative techniques.”
Right now, investigators who want to search property, including computers, generally need to get a warrant from a judge in the district where the property is located, according to federal court rules.
In a computer investigation, that might not be possible, because criminals can hide behind anonymizing technologies. In cases involving botnets—groups of hijacked computers—investigators might also want to search many machines at once without getting that many warrants.
Some judges have already granted warrants in cases when authorities don’t know where the machine is. But at least one judge has denied an application in part because of the current rules. The department also wants warrants to be allowed for multiple computers at the same time, as well as for searches of many related storage, email and social media accounts at once, as long as those accounts are accessed by the computer being searched.
I especially applaud the way WSJ highlighted DOJ’s complaints about Orin Kerr calling what they do hacking.
Even more timely, a team of computer security experts — Steve Bellovin, Matt Blaze, Sandy Clark, and Susan Landau — just published a paper arguing that legal hacking is a better means to conduct law enforcement collection than a CALEA-type solution. But they argue that the government can and must achieve this law enforcement objective without compromising the security of the network.
¶162 As we alluded to earlier, this is a clash of competing social goods between the security obtained by patching as quickly as possible and the security obtained by downloading the exploit to enable the wiretap to convict the criminal. Although there are no easy answers, we believe the answer is clear. In a world of great cybersecurity risk, where each day brings a new headline of the potential for attacks on critical infrastructure,239 where the Deputy Secretary of Defense says that thefts of intellectual property “may be the most significant cyberthreat that the United States will face over the long term,”240 public safety and national security are too critical to take risks and leave vulnerabilities unreported and unpatched. We believe that law enforcement should always err on the side of caution in deciding whether to refrain from informing a vendor of a vulnerability. Any policy short of full and immediate reporting is simply inadequate. “Report immediately” is the policy that any crime-prevention agency should have, even though such an approach will occasionally hamper an investigation.241
¶163 Note that a report immediately policy does not foreclose exploitation of the reported vulnerability by law enforcement. Vulnerabilities reported to vendors do not result in immediate patches; the time to patch varies with each vendor’s patch release schedule (once per month, or once every six weeks is common), but, since vendors often delay patches,242 the lifetime of a vulnerability is often much longer. Research shows that the average lifetime of a zero-day exploit is 312 days.243 Furthermore, users frequently do not patch their systems promptly, even when critical updates are available.24
¶164 Immediate reporting to the vendor of vulnerabilities considered critical will result in a shortened lifetime for particular operationalized exploits, but it will not prevent the use of operationalized exploits. Instead, it will create a situation in which law enforcement is both performing criminal investigations using the wiretaps enabled through the exploits, and crime prevention through reporting the exploits to the vendor. This is clearly a win/win situation.
¶166 The tension between exploitation and reporting can be resolved if the government follows both paths, actively reporting and working to fix even those vulnerabilities that it uses to support wiretaps. As we noted, the reporting of vulnerabilities (to vendors and/or to the public) does not preclude exploiting them.247 Once a vulnerability is reported, there is always a lead time before a “patch” can be engineered, and a further lead time before this patch is deployed to and installed by future wiretap targets. Because there is an effectively infinite supply of vulnerabilities in software platforms,248 provided new vulnerabilities are found at a rate that exceeds the rate at which they are repaired, reporting vulnerabilities need not compromise the government’s ability to conduct exploits. By always reporting, the government investigative mission is not placed in conflict with its crime prevention mission. In fact, such a policy has the almost paradoxical affect that the more active the law enforcement exploitation activity becomes, the more zero-day vulnerabilities are reported to and repaired by vendors.
They go on to propose a legal regime that can provide clear guidance on which vulnerabilities should be reported, even analogizing the emergency period in which an agency can wiretap before getting a warrant.
But here’s the thing: NSA’s Bull Run program got reported in September, and since then the government has remained coy about whether it uses or even seeds vulnerabilities in software, even though anyone paying attention knew it does. It took claims that the government had been using the Heartbleed vulnerability for two years for the Administration to admit, tacitly, the earlier reports were correct.
The kind of legal regime Bellovin et al recommend requires that this law enforcement function operate within a legal — and therefore publicly acknowledged — framework, rather than piggy backing on the NSA’s executive authorities in secret.
While Friday’s admission is a start, and while it may be true that hacking presents a better solution to law enforcement needs than CALEA, these questions need to be openly discussed.
Otherwise, DOJ not only is hacking — in the dictionary definition Orin Kerr applied — but hacking in the reckless manner that DOJ prosecutes.
As I noted the other day in yet another post showing why investigations into intelligence failures leading up to the Boston Marathon attack must include NSA, the government outright refuses to tell Dzhokhar Tsarnaev whether it will introduce evidence obtained using Section 215 at trial.
Tsarnaev’s further request that this Court order the government to provide notice of its intent to use information regarding the “. . . collection and examination of telephone and computer records pursuant to Section 215 . . .” that he speculates was obtained pursuant to FISA should also be rejected. Section 215 of Pub. L. 107-56, conventionally known as the USA PATRIOT Act of 2001, is codified in 50 U.S.C. § 1861, and controls the acquisition of certain business records by the government for foreign intelligence and international terrorism investigations. It does not contain a provision that requires notice to a defendant of the use of information obtained pursuant to that section or derived therefrom. Nor do the notice provisions of 50 U.S.C. §§ 1806(c), 1825(d), and 1881e apply to 50 U.S.C § 1861. Therefore, even assuming for the sake of argument that the government possesses such evidence and intends to use it at trial, Tsarnaev is not entitled to receive the notice he requests.
This should concern every American whose call records are likely to be in that database, because the government can derive prosecutions — which may not even directly relate to terrorism — using the digital stop-and-frisk standard used in the dragnet, and never tell you they did so.
Note, too, Dzhokhar’s lawyers are not just asking for phone records, but also computer records collected using Section 215, something Zoe Lofgren has made clear can be obtained under the provision.
And in the case in which Dzhokhar’s college buddies are accused of trying to hide his computer and some firecracker explosives, prosecutors profess to be unable to provide any of the text messages Dzhokhar sent after his last text to them. That stance seems to pretend they couldn’t get at least the metadata from those texts from the phone dragnet.
The government, then, claims that defendants can’t have access to data collected using Section 215. They base that claim on the absence of any language in the Section 215 statute, akin to that found in FISA content collection statutes, providing for formal notice to defendants.
But at least in the case of the phone dragnet, that stance appears to put them in violation of the dragnet minimization procedures. That’s because since at least September 3, 2009 and continuing through the last dragnet order released (note, ODNI seems to be taking their time on releasing the March 28 order), the minimization procedures have explicitly provided a way to make the query results available for discovery. Here’s the language from 2009.
Notwithstanding the above requirements, NSA may share information derived from the BR metadata, including U.S. person identifying information, with Executive Branch personnel in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings.
The government routinely points to these very same minimization procedures to explain why it can’t provide information to Congress or other entities. But if the minimization procedures trump other statutes to justify withholding information, surely they must have the weight of law for disclosure to criminal defendants. And all that’s before you consider the Brady and Constitutional reasons that should trump the government’s interpretation as well.
Using the formulation the government always uses when making claims about the dragnet’s legality, on at least 21 occasions, FISC judges have envisioned discovery to be part of the minimization procedures with which the government must comply. At least 7 judges have premised their approval of the dragnet, in part, on the possibility exculpatory information may be shared in discovery.
Now, there is a limit to the discovery envisioned by these 21 FISA orders; this discovery language, in the most recently published order, reads:
Notwithstanding the above requirements, NSA may share results from intelligence analysis queries of the BR metadata, including U.S. person identifying information, with Executive Branch personnel (1) in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings …
That is, this discovery language only includes the “results from intelligence analysis queries.” It doesn’t permit new queries of the entire database, a point the government makes over and over. But in the case of the Marathon bombing, we know the queries have been run, because Executive Branch officials have been bragging about the queries they did after the bombing that gave them “peace of mind.”
Those query results are there, and the FISC judges explicitly envisioned the queries to be discoverable. And yet the government, in defiance of the minimization procedures they claim are sacred, refuse to comply.
Oh, the poor class of 2014 at the United States Military Academy! This morning’s New York Times brings us the tragic news that this year’s class graduating from West Point must somehow find a way to advance their military careers without being deployed to a combat zone. What could our politicians be thinking to so senselessly deprive our “best and brightest” the chance to get those colorful “coveted combat patches on their uniforms”? Why did they pass up the chance to invade Syria? Can’t they send troops quickly to Ukraine? Get with it, Washington, these poor cadets need you:
For the first time in 13 years, the best and the brightest of West Point’s graduating class will leave this peaceful Hudson River campus bound for what are likely to be equally peaceful tours of duty in the United States Army.
“It started to hit home last year, when we started considering what we really wanted to do, and realized that there’s a much more limited opportunity to deploy,” said Charles Yu, who is majoring in American politics and Chinese. Cadet Yu, who will graduate this spring, is going into military intelligence in South Korea, where he hopes to get experience helping to manage the long-running conflict between North and South Korea. He will work at Camp Red Cloud near the demilitarized zone, or, as he put it, “as close as you can get to the DMZ.”
For Cadet Yu and the rest of the class of about 1,100 cadets, there may be few, if any, coveted combat patches on their uniforms to show that they have gone to war. Many of them may not get the opportunity to one day recall stories of heroism in battle, or even the ordinary daily sacrifices — bad food, loneliness, fear — that bind soldiers together in shared combat experience.
The end of the war in Iraq and the winding down of the war in Afghanistan mean that the graduates of the West Point class of 2014 will have a more difficult time advancing in a military in which combat experience, particularly since the attacks of Sept. 11, 2001, has been crucial to promotion. They are also very likely to find themselves in the awkward position of leading men and women who have been to war — more than two million American men and women have deployed to Iraq and Afghanistan — when they themselves have not.
But buck up, young soldiers! There is precedent for how to advance your careers in such desperate times:
Two months after graduation, Petraeus married Holly Knowlton, a graduate of Dickinson College and daughter of Army General William Knowlton, who was superintendent of West Point at the time.
Get on it, soldiers! I don’t know their marital status or ages, but it appears that the current commandant has both a son and a daughter, so choose your target appropriately.
This passage, which reminded me of the old Mad Magazine Spy vs. Spy comic, made me pee my pants in laughter.
Various details of the program remain classified, precluding further explanation here of its scope, but the absence of those details cannot justify unsupported assumptions. For example, the record does not support the conclusion that the program collects “virtually all telephony metadata” about telephone calls made or received in the United States. SPA 32, quoted in Pl. Br. 12; see also, e.g., Pl. Br. 1-2, 23, 24, 25, 48, 58. Nor is that conclusion correct. See Supp. Decl. of Teresa H. Shea ¶ 7, First Unitarian Church of Los Angeles v. NSA, No. 4:13cv3287 (filed Feb. 21, 2014).3
3 The precise scope of the program is immaterial, however, because, as we explain, the government should prevail as a matter of law even if the scope of the program were as plaintiffs describe. [my emphasis]
Note that they’re citing a declaration from SIGINT Director Theresa Shea submitted in another case, the EFF challenge to the phone dragnet? They’re citing that Shea declaration rather than the one Shea submitted in this very case.
In her declaration submitted in this case in October, Shea said NSA collected all the call records from the providers subject to Section 215.
Pursuant to Section 215, the FBI obtains from the FISC directing certain telecommunications service providers to produce all business records created by them (known as call detail records) that contain information about communications between telephone numbers, generally relating to telephone calls made between the U.S. and a foreign country and calls made entirely within the U.S. (¶14) [my emphasis]
Not all providers. But for the providers in question, “all business records.”
Remember, ACLU is suing on their own behalf, and they are Verizon customers. We know Verizon is one of the providers in question, and Shea has told us that providers in question, of which Verizon is one, provide “all business records.”
Theresa Shea, in a declaration submitted in the suit in question: “All.”
Rather than citing the declaration submitted in this suit, the government instead cites a declaration Shea submitted all the way across the country in the EFF suit, one she submitted four months later, after both the ACLU and Judicial Watch suits had been decided at the District level.
Ostensibly written to describe the changes in scope the President rolled out in January, Shea submitted a new claim about the scope of the program in which she insisted that the program (ignoring, of course, that Section 215 is just a small part of the larger dragnet) does not collect “all.”
Although there has been speculation that the NSA, under this program, acquires metadata relating to all telephone calls to, from, or within the United States, that is not the case. The Government has acknowledged that the program is broad in scope and involves the collection and aggregation of a large volume of data from multiple telecommunications service providers, but as the FISC observed in a decision last year, it has never captured information on all (or virtually all) calls made and/or received in the U.S. See In re Application of the FBI for an Order Requiring the Production of Tangible Things from [Redacted], Dkt. No. BR13-109 Amended Mem. Op. at 4 n.5 (F.I.S.C. Aug. 29, 2013) (publicly released, unclassified version) (“The production of all call detail records of all persons in the States has never occurred under under this program.“) And while the Government has also acknowledged that one provider was the recipient of a now-expired April 23, 2013, Secondary Order from the FISC (Exhibit B to my earlier declaration), the identities of the carriers participating in the program(either now, or at any time in the past) otherwise remain classified. [my emphasis]
I explained in detail how dishonest a citation Theresa Shea’s newfound embrace of “not-all” is.
Here, she’s selectively citing the declassified August 29, 2013 version of Claire Eagan’s July 19, 2013 opinion. The latter date is significant, given that the day the government submitted the application tied to that order, NSA General Counsel Raj De made it clearthere were 3 providers in the program (see after 18:00 in the third video). These are understood to be AT&T, Sprint, and Verizon.
Shea selectively focuses on language that describes some limits on the dragnet. She could also note that Eagan’s opinion quoted language suggesting the dragnet (at least in 2011) collected “substantially all” of the phone records from the providers in question, but she doesn’t, perhaps because it would present problems for her “virtually all” claim.
Moreover, Shea’s reference to “production of all call detail records” appears to have a different meaning than she suggests it has when read in context. Here’s what the actual language of the opinion says.
Specifically, the government requested Orders from this Court to obtain certain business records of specified telephone service providers. Those telephone company business records consist of a very large volume of each company’s call detail records or telephony metadata, but expressly exclude the contents of any communication; the name, address, or financial information of any subscriber or customer; or any cell site location information (CSLI). Primary Ord. at 3 n.l.5
5 In the event that the government seeks the production of CSLI as part of the bulk production of call detail records in the future, the government would be required to provide notice and briefing to this Court pursuant to FISC Rule 11. The production of all call detail records of all persons in the United States has never occurred under this program. For example, the government [redacted][my emphasis]
In context, the reference discusses not just whether the records of all the calls from all US telecom providers (AT&T, Sprint, and Verizon, which participated in this program on the date Eagan wrote the opinion, but also T-Mobile and Cricket, plus VOIP providers like Microsoft, owner of Skype, which did not) are turned over, but also whether each provider that does participate (AT&T, Sprint, and Verizon) turns over all the records on each call. The passage makes clear they don’t do the latter; AT&T, Sprint, and Verizon don’t turn over financial data, name, or cell location, for example! And since we know that at the time Eagan wrote this opinion, there were just those 3 providers participating, clearly the records of providers that didn’t use the backbone of those 3 providers or, in the case of Skype, would be inaccessible, would be missed. So not all call detail records from the providers that do provide records, nor records covering all the people in the US. But still a “very large volume” from AT&T, Sprint, and Verizon, the providers that happen to be covered by the suit.
That is, in context, the “all call detail records of all persons in the United States has never occurred” claim meant that even for the providers obligated under the order in question — AT&T, Sprint, and Verizon — there were parts of the call records (like the financial information) they didn’t turn over, though they turned over records for all calls. That’s consistent with Eagan’s quotation of the “virtually all” records with respect to the providers in question.
But by citing it disingenuously, Shea utterly changes the meaning Eagan accorded it.
Theresa Shea, disingenuously citing a declaration submitted in another suit: “Not all.”
It’s like the hilarity of Mad Magazine’s old Spy vs. Spy comics. Only in this case, it pits top spy Theresa Shea against top spy Theresa Shea.
On Thursday, the Inspectors General of the Intelligence Community, DOJ, CIA, and DHS (but not NSA) released their report on the Marathon Bombing. While the public release was just a very condensed summary, included the redaction of both classified and “sensitive” information, and made no attempt to reconstruct data government agencies had or could have had on Dzhokhar Tsarnaev, the report did show that the NSA had data on Tamerlan Tsarnaev and that the FBI found information on his computers that NSA might have gotten via other means.
On Friday, prosecutors in the case against Dzhokhar refused to tell him what they collected under FISA.
Before I get into the government’s refusal on FISA notice — some of which has repercussions for other cases — let’s go over what electronic communications the government did have or could have had.
First, the IG Report (which did not specifically involve NSA’s IG and did not include Dzhokhar in its scope) nevertheless points to information NSA collected in 2012 that was not turned over to FBI until after the attack.
The report also points to communications dating to January 2011, which is entirely redacted. This probably refers to communications the Russians intercepted, not the NSA (indeed, the report discusses NSA data, above, later in the same section, which indicates the earlier redaction doesn’t pertain to NSA). Though there’s no indication whether the NSA received notice of these communications, including the non-US person interlocutor located overseas involved in them, who would have been a legal NSA target.
I started reading the Combined IG Report on the Marathon attack (including the DOJ, CIA, DHS, and Intelligence Community IGs, but not NSA). And the whole thing looked so bogus from the start, I figured a working thread was in order.
One thing to remember here: we’ve only got a 32-page summary that includes 5 pages of agency (but not CIA) response and a title page. We’re getting a mere fraction of the 168-page report.
To make things worse, some things are redacted that aren’t even classified, they’re just sensitive.
Redactions in this document are the result of classification and sensitivity designations we received from agencies and departments that provided information to the OIGs for this review. As to several of these classification and sensitivity designations, the OIGs disagreed with the bases asserted. We are requesting that the relevant entities reconsider those designations so that we can unredact those portions and make this information available to the public.
(PDF 2) Several things in this passage:
Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter.
First, they don’t say what law enforcement officials IDed the brothers. That sentence precedes one which claims there were “unidentified suspects,” which suggests they had suspicions before they were “IDed.” The word “encountered” is awfully suspicious, given that explanations of how the shootout in Watertown happened have been contradictory. And note they don’t say whether Tamerlan died immediately or not–again, an issue about which there’s some contention.
(PDF 2) Note they tell us Anzor’s ethnicity, but not his wife’s (who is more central to this narrative)?
(PDF 2) The report dodges legitimate questions about why the family got refugee status by referring only to “an immigration benefit.” Given reports the uncle had ties to the CIA, that benefit may be more than a simple asylum request.
Note that, after having previously said the brothers were ID’ed by LE, they now specify FBI [Actually, I think that's wrong: this is still ambiguous about who IDed them]. But the timing is crazy: it says FBI reviewed its records by April 19, but never says when they were IDed, and doesn’t say whether they were reviewed during a period of suspicion.
By April 19, 2013, after the Tsarnaev brothers were identified as suspects in the bombings, the FBI reviewed its records and determined that in early 2011 it had received lead information from the FSB about Tamerlan Tsarnaev, had conducted an assessment of him, and had closed the assessment after finding no link or “nexus” to terrorism.
(PDF 4) This seems very broad. I wonder what they’re including? Online communications?
As a result, the scope of this review included not only information that was in the possession of the U.S. government prior to the bombings, but also information that existed during that time and that the federal government reasonably could have been expected to have known before the bombings.
(PDF 4) This passage and footnote are huge dodges, making the entire report meaningless.
We carefully tailored our requests for information and interviews to focus on information available before the bombings and, where appropriate, coordinated with the U.S. Attorney’s Office conducting the prosecution of alleged bomber Dzhokhar Tsarnaev.1
1 The initial lead information from the FSB in March 2011 focused on Tamerlan Tsarnaev, and to a lesser extent his mother Zubeidat Tsarnaeva. Accordingly, the FBI and other agencies did not investigate Dzhokhar Tsarnaev’s possible nexus to terrorism before the bombings, and the OIGs did not review what if any investigative steps could have been taken with respect to Dzhokhar Tsarnaev.
I’ll come back to this. But the indictment lists a number of things that the FBI, in their stings, have found and used to identify easy marks. They did not do so here, with Dzhokhar. Which raises real questions about why they chose not to pursue him when they’ve pursued so many other young men like Dzhokhar?
(PDF 4) Here’s who was included in this review:
We also requested other federal agencies to identify relevant information they may have had prior to the bombings. These agencies included the Department of Defense (including the National Security Agency (NSA)), Department of State, Department of the Treasury, Department of Energy, and the Drug Enforcement Administration.
There has been little discussion of DEA’s likely awareness of the brothers, but it is likely, given that they were dealing drugs with potential ties to organized crime. And NSA, but I harp on that too much. I’m curious what role DOE might have.
(PDF 4) Again, they specify they’re only looking at pre-attack data. Which dodges what they could have collected but didn’t.
Additionally, each OIG conducted or directed its component agencies to conduct database searches to identify relevant pre-bombing information.
(PDF 4-5) As with HHSC’s report, the FBI stalled here.
As described in more detail in the classified report, the DOJ OIG’s access to certain information was significantly delayed at the outset of the review by disagreements with FBI officials over whether certain requests fell outside the scope of the review or could cause harm to the criminal investigation. Only after many months of discussions were these issues resolved, and time that otherwise could have been devoted to completing this review was instead spent on resolving these matters.
(PDF 5) The 12333 passage makes it clear NSA had a big role here. But, again, its IG did not conduct an investigation.
(PDF 6-7) The CIA section is very thin. I assume some stuff is missing.
(PDF 8) Note the importance of NSA’s sharing with FBI here?
Of particular relevance to this review are the relationships between the FBI, CIA, and DHS, as well as the relationship between the FBI and the NSA, and the NCTC’s relationships throughout the Intelligence Community.
(PDF 8) This makes clear that the transcription and birthdate errors were in both FSB warnings; it’s just that CIA didn’t fix the second one.
Importantly, the memorandum included two incorrect dates of birth (October 21, 1987 or 1988) for Tamerlan Tsarnaev, and the English translation used by the FBI transliterated their last names as Tsarnayev and Tsarnayeva, respectively.
(PDF 10) This passage seems to admit that FBI could have, but did not, search FISA related databases. It also suggests there was a “certain telephone database,” which might include the Hemisphere database, which performs the same function as the NSA claims (falsely) the phone dragnet does. Note, too, that they’ve only checked for the Tsarnaevs in FBI databases. I’ll come back to these databases in a later post.
Additionally, the DOJ OIG determined that the CT Agent did not use every relevant search term known or available at the time to query the FBI systems, including certain telephone databases and databases that include information collected under authority of the Foreign Intelligence Surveillance Act (FISA). However, searches of FBI databases conducted at the direction of the DOJ OIG during this review produced little information beyond that identified by the CT Agent during the assessment, with the exception of additional travel-related data for Zubeidat Tsarnaeva.
(PDF 11) Note that the second FBI letter to FSB, dated October 7, 2011, postdated the FSB notice to CIA. But it also comes at a time when Boston area law enforcement were conducting an investigation into the murder of Tamerlan’s best friend. The Waltham murders are not mentioned at all in the unclassified report.
(PDF 12) The IG Report does not tell us the date in September when FSB provided notice to CIA. Given that Tamerlan may have just been or was about to be involved in a grisly murder, I find that omission very notable.
(PDF 12) Note you can be watchlisted without derogatory information. This seems to be because of the exception mentioned in FN 10. But fat lot of good it did in this case. Per the footnote, that exception subsequently got disqualified, though I bet it has been qualified again.
(PDF 12) The IG Report doesn’t even acknowledge there was some other kind of difference between the first and the later watchlist entries as indicated on pp 33-4 of the HHSAC Committee report, which suggests that discussion may be redacted entirely.
(PDF 16) Note that, as happens with all Legal Permanent Residents, Tamerlan was photographed (and fingerprinted) during immigration. I’m surprised there isn’t more discussion of this (though it may be classified). But one big point of this relatively new border protocol is to have recent pictures on hand in case, say, you need to do facial recognition on pictures from a terrorist attack. Were they used?
(PDF 19) Note the big redaction describing intercepted communications. This may simply describe what the Russians had collected, which led to their tip. But I do wonder whether NSA collected its own version, not least because details of the Russian intercept has been widely reported.
(PDF 20) Note that the discussion of Tamerlan’s (remember, Dzhokhar is not included here) computer materials is described solely in terms of what FBI could do. That’s different from what both DHS does (they track public online speech) and NSA. It’s unclear whether they could have found some of this using methods available to them, but the report’s silence on that point is notable.
The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.”
The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.
The passage goes on to report the 7 copies of Inspire on one of the computers used by Tamerlan (again, there’s no mention of Dzhokhar here).
Something they’re not saying, but we know to be true. Had they picked up Inspire either through a 702 upstream search or XKeyscore, they would have had identifiers that could have pegged Tsarnaev’s identity and tied it to all his other identities, regardless of the fact Tamerlan used an alias until February 2013.
And note the big redaction: NSA had information that dated to 2012, which may well have been the intercepts with Plotnikov.
Finally, note that FBI never turned over most of the information about Tamerlan’s Google accounts. The excuse (as noted above) was the ongoing investigation. But I wonder whether that’s ongoing investigation into the Waltham murder or the Marathon attack.
(PDF 25) Note the discussion of enhancement in the 2nd-to-last bullet. I believe this suggests that transliteration questions are only addressed with this enhancement.
(PDF 25) Note that they at least used to delete US person travel info after 6 months unless it represents terrorism information. This would arise from NCTC’s minimization procedures.
(PDF 32) As noted above, we don’t get John Brennan’s response to this, though he presumably sent one. I suspect that means there are classified recommendations for the Agency and that his response reflects that. While it’s not clear what the foreign target would be in this context (perhaps an investigation of the person to whom Zubeidat was speaking about Tamerlan wanting to join jihad?) but there seems to have been some.