Dianne Feinstein

1 2 3 26

CIA’s Torture Pushback Gets More Artful

I well remember when Robert Grenier testified at Scooter Libby’s trial. His performance – like most of the witness testimony — was a performance. But I was more intrigued by the response. Even the cynical old DC journalists were impressed by the smoothness of the performance. “You can tell he was a great briefer,” one journalist who had written a book on the CIA said.

Today, he takes up the role of bogus pushback to the Senate torture report, complete with all the false claims about the report, including:

  • SSCI should not have relied exclusively on documents — which, if true, is an admission that millions of CIA’s cables are fraudulent and false
  • The claim that members of the Gang of Four were briefed earlier and more accurately than even CIA’s own documents show them to have been
  • SSCI — and not CIA — made the decision that CIA officers should not testify to the committee
  • That a report supported by John McCain and Susan Collins is a Democratic report (Grenier also claims all involved with it know history from history books, not — as McCain did — from torture chambers)
  • That the CIA cables exactly matched the torture depicted on the torture tapes (see bullet 1!), and that CIA’s IG reported that, both of which are false

But perhaps Grenier’s most cynical assertion is his claim — in a piece that falsely suggests (though does not claim outright) that Congress was adequately briefed that Congress’ job, their sole job, is to legislate, not oversee.

A second, related reason would be to build support for comprehensive legislation — that is what Congress is supposed to concern itself with, after all — to remove any of the interpretive legal ambiguity which permitted coercive interrogation to be considered in the first place, and ensure it never happens again.

It is a cynical move, but given the rest of his argument, the part that I find compelling, necessary.

Because Grenier warns Dianne Feinstein that her attack on the Presidentially authorized counterterrorism methods of the past will chill President Obama’s preferred presidentially authorized counterterrorism methods — drone strikes — going forward.

It is not just the past which is at stake, but the present and the future as well. Make no mistake — those currently serving in CIA are watching these developments closely.

Senator Feinstein, we are told, though having great moral qualms about vigorously interrogating terrorists, appears to have no particular compunction about killing them — so long as it is done remotely, with little direct contact with the gruesome details. As anyone reading the press will know, the current, Democratic administration has shown great enthusiasm for directed killings, employing drones in lethal operations around the world to an extent that might have shocked their Republican predecessors in the Bush administration. Death by video game has its attractions, particularly for those lacking intestinal fortitude. It enables them to avoid confronting the essential and unavoidable brutality of what they are doing.

Just as was the case with harsh interrogations during the last administration, the current resort to directed killings, including so-called “signature strikes,” in which the specific identities of those targeted are unknown, though remarkably uncontroversial at the outset of the current administration, has become anything but uncontroversial since. Should the perceived threat from various bits of ungoverned, terrorist-dominated geography around the globe diminish, the controversy involving drone strikes will only grow further. At some point soon, if they haven’t already, the tribunes of the people in the U.S. Congress will begin to wonder about the political wisdom of their association with directed killings.

They needn’t worry — they have already demonstrated their ability to avoid all responsibility — but those charged with carrying out such strikes should, and they know it. Those in both the White House and the Congress who have chosen to comfort themselves by propagating the myths associated with drone strikes — that they are universally “surgical,” always precisely targeted, and that any civilian casualties associated with them are rare — will inevitably find themselves shocked — perhaps “chilled” is the word — by reality when political calculation dictates that they examine it more closely. Drone strikes, like any other aspect of war, are far more messy and imprecise than advertised, involving subjective judgments easily vulnerable to second-guessing and ex-post-facto recrimination. They benefit only by comparison with more primitive methods, including ground attacks and conventional air strikes, but those comparisons will no longer matter when political interest moves in the other direction. Some successor to Dianne Feinstein may well soon find political cover or political advantage, as the case may be, in a thorough, negative investigation of the drone program — we can watch for it.

I told you CIA would invoke Obama’s drone strikes to limit the damage of the torture report.

To be sure, there is already evidence CIA is lying to Congress about drone strikes, just as it lied about torture, particularly about the numbers of civilians it has killed. Yet DiFi has willfully continued to believe those lies, to believe the CIA’s purportedly better record on drone strikes stems from some inherent skill and not the preference of foreign partners to work with a malleable CIA rather than DOD.

Grenier is absolutely right that Congress and the White House want to be lied to on this point.

Grenier then launches a more interesting implicit threat — that CIA will stop doing what the President demands under Article II.

In my own time in CIA, as perhaps in all times, there were those inside the organization who preached that the Agency should steadfastly avoid presidential directives to affect or shape events, rather than just report on them. “Stick to traditional intelligence collection,” they’d say. We hear similar voices now. But presidents always feel otherwise. Every president confronts foreign policy challenges for which a cheap, clandestine solution appears tempting. Given CIA’s unique capabilities, it’s often the right thing to do. But the opportunities to frustrate the president’s wishes and avoid such entanglements are rife for those who are so inclined. There is even a term for it: “slow rolling.” Current events, and the anticipated Senate report, will greatly strengthen the hand of the slow-rollers. It’s hard to disagree with them now.

[snip]

Rather than taking responsibility for changes in counterterrorism policy on itself, it is a far safer, if more insidious course — one instinctive to Congress — to abuse the CIA to the point where it self-regulates. But as noted above, there are serious downsides to that approach. U.S. national security will not be served by fostering a culture within CIA in which the organization decides for itself which of its lawful orders it will choose to follow, and makes those judgments based on what CIA officers consider best for themselves and their institution, rather than on what their elected masters deem best for the country. That is not the way the system is supposed to work. The federal bureaucracy is supposed to follow legal orders. That is what CIA has always done, frequently to its cost, and that is what the American people need it to do. If they don’t like what their elected leaders have done, they can throw them out. They shouldn’t look to CIA to make these decisions for them — on their own, and for their own purposes.

Ostensibly, this talk about slow rolling the President’s Findings is about drone strikes. Except that the President is re-launching the war in Iraq even as we speak, based solely on Article II authority (I presume JSOC features as prominently as CIA, but CIA clearly has been on the ground for some time).

The implicit threat: if SSCI continues to push, both the President and the Democrats who want to respond to ISIS without declaring war will regret it.

Even here, Grenier is full of shit. He makes no mention of the structure of the September 17, 2001 Gloves Come Off Finding, which itself outsourced most substantive decisions to CIA. It’s one thing to demand Congress do something about that — and they should — and yet another to suggest the rest of Obama’s covert operations employ such structure (though I wouldn’t put it beyond the National Security establishment). Moreover, the abundant evidence (in CIA’s own records, which Grenier treats both as accurate and as inaccurate!) that CIA ignored even the limits imposed by DOJ makes their actions illegal, regardless of what order Bush originally gave.

The problem is the orders — both to torture and to drone strike. But it is also the type of relationship Cofer Black and Dick Cheney embraced (and Obama has retained, at least with respect to the Gloves Come Off MON).

Which is why this is my favorite line from Grenier’s piece.

Goodness. If even a substantial portion of this were true, I would be among the first to advise that CIA be razed to the ground and begun all over again.

This is coming (as Grenier alludes to but doesn’t fully lay out, just as he lays out the suggestion that CIA resumed torture after he refused in early 2006) from a guy who tried to stay within the law, stopped torturing after the Detainee Treatment Act forbade it. It is, perhaps, the best line, given the impasse we’re at.

CIA has become the instrument of illegal actions, an arm of the Executive that evades all law, precisely because of its corrupted relationships with both the Executive and Legislative branch.

So, I take you up on the suggestion, Robert Grenier. Let’s raze the damn thing and — if a thorough assessment says a democracy really needs such an agency, which it may not — start over.

 

Under Clapper’s Continuous Monitoring CIA Could Continuously Monitor SSCI on CIA Network

As I pointed out the other day, the CIA IG Report on spying on the Senate Intelligence Committee appears to say the egregious spying happened after John Brennan told Dianne Feinstein and Saxby Chambliss on January 15 CIA had been spying on SSCI.

Agency Access to Files on the SSCI RDINet:

Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.

Agency Crimes Report on Alleged Misconduct by SSCI Staff:

The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.

Office of Security Review of SSCI Staff Activity:

Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on the RDINet system.

With that in mind, consider this passage of James Clapper’s July 25, 2014 response to Chuck Grassley and Ron Wyden’s concerns about Clapper’s new ongoing spying on clearance holders.

With respect to your second question about monitoring of Members of Congress and Legislative Branch employees, in general those individuals will not be subject to [User Activity Monitoring] because their classified networks are not included in the definition of national security systems (NSS) for which monitoring is required.

[snip]

Because no internally owned or operated Legislative branch network qualifies as a national security system, UAM by the Executive Branch is accordingly neither required nor conducted. To be clear, however, when Legislative Branch personnel access a national security system used or operated by the Executive Branch, they are of course subject to UAM on that particular system.

CIA’s spying on SSCI took place on CIA’s RDI network, not on the SSCI one. SSCI had originally demanded they be given the documents pertaining to the torture program, but ultimately Leon Panetta required them to work on a CIA network, as Dianne Feinstein explained earlier this year.

The committee’s preference was for the CIA to turn over all responsive documents to the committee’s office, as had been done in previous committee investigations.

Director Panetta proposed an alternative arrangement: to provide literally millions of pages of operational cables, internal emails, memos, and other documents pursuant to the committee’s document requests at a secure location in Northern Virginia. We agreed, but insisted on several conditions and protections to ensure the integrity of this congressional investigation.

Per an exchange of letters in 2009, then-Vice Chairman Bond, then-Director Panetta, and I agreed in an exchange of letters that the CIA was to provide a “stand-alone computer system” with a “network drive” “segregated from CIA networks” for the committee that would only be accessed by information technology personnel at the CIA—who would “not be permitted to” “share information from the system with other [CIA] personnel, except as otherwise authorized by the committee.”

It was this computer network that, notwithstanding our agreement with Director Panetta, was searched by the CIA this past January,

Presumably, those limits on access should have prevented CIA’s IT guys from sharing information about what SSCI was doing on the network. But it’s not clear they would override Clapper’s UAM.

Remember, too, when Brennan first explained how this spying didn’t qualify as a violation of the Computer Fraud and Abuse Act, he said CIA could conduct “lawfully authorized … protective … activity” in the US. Presumably like UAM.

I have no idea whether this explains why CIA’s IG retracted what Feinstein said had been his own criminal referral or not. But I do wonder whether the CIA has self-excused some of its spying on SSCI in the interest of continuous user monitoring?

If so, it would be the height of irony, as UAM did not discover either Chelsea Manning’s or Edward Snowden’s leaks. Imagine if the only leakers the Intelligence Community ever found were their own overseers?

But Brennan Didn’t Fuck His Biographer!

Brennan with TorturePresident Obama made a bunch of news today with the following.

On Brennan and the CIA, the RDI report has been transmitted, the declassified version that will be released at the pleasure of the Senate committee.

I have full confidence in John Brennan.  I think he has acknowledged and directly apologized to Senator Feinstein that CIA personnel did not properly handle an investigation as to how certain documents that were not authorized to be released to the Senate staff got somehow into the hands of the Senate staff.  And it’s clear from the IG report that some very poor judgment was shown in terms of how that was handled.  Keep in mind, though, that John Brennan was the person who called for the IG report, and he’s already stood up a task force to make sure that lessons are learned and mistakes are resolved.

With respect to the larger point of the RDI report itself, even before I came into office I was very clear that in the immediate aftermath of 9/11 we did some things that were wrong.  We did a whole lot of things that were right, but we tortured some folks.  We did some things that were contrary to our values.

I understand why it happened.  I think it’s important when we look back to recall how afraid people were after the Twin Towers fell and the Pentagon had been hit and the plane in Pennsylvania had fallen, and people did not know whether more attacks were imminent, and there was enormous pressure on our law enforcement and our national security teams to try to deal with this.  And it’s important for us not to feel too sanctimonious in retrospect about the tough job that those folks had.  And a lot of those folks were working hard under enormous pressure and are real patriots.

But having said all that, we did some things that were wrong.  And that’s what that report reflects.

Amidst calls for Brennan’s firing, Obama basically responded, “Sure, we tortured some folks, but I still have confidence in the guy who found the waterboard and black sites at which to torture.”

But I’m not sure why folks are so surprised by Obama’s reluctance to criticize Brennan for lying about hacking the SSCI. Aside from the mutual complicity — Brennan was personal witness to each and every drone strike Obama approved that violated international law, after all — CIA Directors don’t get fired for lying.

They get fired for fucking their biographer.

Did ACLU and EFF Just Help the NSA Get Inside Your Smart Phone?

EFF ACLUThe ACLU and EFF normally do great work defending the Fourth Amendment. Both have fought the government’s expansive spying for years. Both have fought hard to require the government obtain a warrant before accessing your computer, cell phone, and location data.

But earlier this week, they may have taken action that directly undermines that good work.

On Wednesday, both civil liberties organizations joined in a letter supporting Patrick Leahy’s version of USA Freedom Act, calling it a necessary first step.

We support S. 2685 as an important first step toward necessary comprehensive surveillance reform. We urge the Senate and the House to pass it quickly, and without
making any amendments that would weaken the important changes described above.

ACLU’s Laura Murphy explained why ACLU signed onto the bill in a column at Politico, analogizing it to when, in 2010, ACLU signed onto a bill that lowered, but did not eliminate,  disparities in crack sentencing.

Reform advocates were at a crossroads. Maximalists urged opposition despite the fact the bill would, in a very real way, make life better for thousands of people and begin to reduce the severe racial and ethnic inequality in our prison system. Pragmatists, fearing that opposition to the bill would preclude any reform at all, urged support.

It was a painful compromise, but the ACLU ultimately supported the bill. It passed, astoundingly, with overwhelming support in both chambers.

And then something amazing happened. Conservative lawmakers, concerned about government waste, increasingly came to the table to support criminal justice reform. Liberals realized they could vote their conscience on criminal justice without accusations of being “soft on crime.” It has not been easy and there have been many steps backward, but in recent years, we’ve seen greater public opposition to mandatory minimum sentences and real movement on things like reducing penalties for low-level drug offenses.

The analogy is inapt. You don’t end crack disparities by increasing the number of coke dealers in jail. But Leahy’s USA Freedom Act almost certainly will increase the number of totally innocent Americans who will be subjected to the full brunt of NSA’s analytical authorities indefinitely.

That’s because by outsourcing to telecoms, NSA will actually increase the total percentage of Americans’ telephone records that get chained on; sources say it will be more “comprehensive” than the current dragnet and Deputy NSA Director Richard Ledgett agrees the “the actual universe of potential calls that could be queried against is [potentially] dramatically larger.” In addition, the telecoms are unlikely to be able to remove all the noisy numbers like pizza joints — as NSA currently claims to – meaning more people with completely accidental phone ties to suspects will get sucked in. And USA Freedom adopts a standard for data retention — foreign intelligence purpose — that has proven meaningless in the past, so once a person’s phone number gets turned over to the NSA, they’ll be fair game for further NSA spying, the really invasive stuff, indefinitely.

But that’s not the reason I find ACLU and EFF’s early support for USA Freedom so astounding.

I’m shocked ACLU and EFF are supporting this bill because they don’t know what the NSA will be permitted to do at the immunized telecoms. They have blindly signed onto a bill permitting “connection chaining” without first understanding what connection chaining entails.

As I have reported extensively, while every witness who has talked about the phone dragnet has talked about chaining on phone calls made — all the calls Anwar al-Awlaki made, all the calls those people made — the language describing this chaining process has actually been evolving. Dianne Feinstein’s Fake FISA Fix last fall allowed the NSA to chain on actual calls — as witnesses had described — but also on communications (not just calls) “to or from any selector reasonably linked to the selector.” A February modification and the last two dragnet orders permitted NSA to chain on identifiers “with a contact and/or connection” with the seed, making it clear that a “connection” is something different than a “contact.” The House bill USA Freedumber adopted the same language in a legislative report. Leahy’s bill adopts largely the same language for chaining.

(iii) provide that the Government may require the prompt production of call detail records—

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;

Now, it’s possible that this language does nothing more than what NSA illegally did until 2009: chain on both the identifier itself, but also on identifiers it has determined to be the same person. Back in 2009, NSA referred to a separate database to determine these other identifiers. Though that’s unlikely, because the bill language suggests the telecoms will be identifying these direct connections.

It’s possible, too, that this language only permits the telecoms to find “burner” phones — a new phone someone adopts after having disposed of an earlier one — and chain on that too.

But it’s also possible that this language would permit precisely what AT&T does for DEA in its directly analogous Hemisphere program: conduct analysis using cell site data. The bill does not permit NSA to receive cell site data, but it does nothing to prohibit NSA from receiving phone numbers identified using cell site data. When Mark Warner asked about this, Ledgett did not answer, and James Cole admitted they could use these orders (with FISC approval) to get access to cell location.

It’s possible, too, that the telecoms will identify direct connections using other data we know NSA uses to identify connections in EO 12333 data, including phone book and calendar data.

The point is, nobody in the public knows what “connections” NSA will be asking its immunized telecom partners to make. And nothing in the bill or even the public record prohibits NSA from asking telecoms to use a range of smart phone information to conduct their analysis, so long as they only give NSA phone identifiers as a result.

In response to questions from Senators about what this means, Leahy’s office promised a letter from James Clapper’s office clarifying what “connections” means (No, I don’t remember the part of Schoolhouse Rock where those regulated by laws get to provide “clarifications” that don’t make it into the laws themselves). That letter was reported to be due on Tuesday, by close of business — several days ago. It hasn’t appeared yet.

I asked people at both EFF and ACLU about this problem. EFF admitted they don’t know what this language means. ACLU calls the language “ambiguous,” but based on nothing they were able to convey to me, insists getting smart phone data under the guise of connection chaining would be an abuse. ACLU also pointed to transparency provisions in the bill, claiming that would alert us if the NSA starting doing something funky with its connection language; that of course ignores that “connection chaining” is an already-approved process, meaning that existing processes won’t ever be need to be released. It also ignores that the Administration has withheld what is probably a directly relevant phone dragnet opinion from both ACLU and EFF in their dragnet FOIA.

I get Laura Murphy’s point about using USA Freedom to start the process of reform. But what I don’t understand is why you’d do that having absolutely no idea whether that “reform” codifies the kind of warrantless probable cause-free access to device data that ACLU and EFF have fought so hard to prevent elsewhere.

ACLU and EFF are supposed to be leaders in protecting the privacy of our devices, including smart phones. I worry with their embrace of this bill, they’re leading NSA right into our smart phones.

Is CIA’s Admission of Spying an Effort to Undercut Whistleblowers?

The CIA spied on Congress! The headlines yesterday read.

By the end of the day, the CIA shared the unclassified summary of Inspector General David Buckley’s conclusions.

But the conclusions are a muddle:

Agency Access to Files on the SSCI RDINet:

Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.

Agency Crimes Report on Alleged Misconduct by SSCI Staff:

The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.

Office of Security Review of SSCI Staff Activity:

Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on the RDINet system.

Lack of Candor:

The three IT staff members demonstrated a lack of candor about their activities during interviews by the OIG.

Compare the suggested chronology of these bullets with some of the details Dianne Feinstein provided in March.

[O]n January 15, 2014, CIA Director Brennan requested an emergency meeting to inform me and Vice Chairman Chambliss that without prior notification or approval, CIA personnel had conducted a “search”—that was John Brennan’s word—of the committee computers at the offsite facility. This search involved not only a search of documents provided to the committee by the CIA, but also a search of the ”stand alone” and “walled-off” committee network drive containing the committee’s own internal work product and communications.

According to Brennan, the computer search was conducted in response to indications that some members of the committee staff might already have had access to the Internal Panetta Review. The CIA did not ask the committee or its staff if the committee had access to the Internal Review, or how we obtained it.

Instead, the CIA just went and searched the committee’s computers.

[snip]

Days after the meeting with Director Brennan, the CIA inspector general, David Buckley, learned of the CIA search and began an investigation into CIA’s activities. I have been informed that Mr. Buckley has referred the matter to the Department of Justice given the possibility of a criminal violation by CIA personnel.

[snip]

Weeks later, I was also told that after the inspector general referred the CIA’s activities to the Department of Justice, the acting general counsel of the CIA filed a crimes report with the Department of Justice concerning the committee staff’s actions.

According to DiFi, CIA had already accessed the servers by January 15. Buckley says that at least some of the searches — the ones by the Office of Security — happened after that point, after Brennan ordered them to stop.

This limited hangout is not just an admission that CIA spied on SSCI, but that they spied and continued spying.

Buckley also appears to be saying that what DiFi described as his own referral (though he doesn’t refer to it as such) — made sometime before March — was based off erroneous information. The implication is DOJ didn’t pursue charges because they were told the original allegations — which Buckley passed on, according to DiFi — were incorrect.

That’s all very fishy, particularly when you recall this story, about the CIA spying on its own whistleblower in the matter.

The CIA obtained a confidential email to Congress about alleged whistleblower retaliation related to the Senate’s classified report on the agency’s harsh interrogation program, triggering fears that the CIA has been intercepting the communications of officials who handle whistleblower cases.

[snip]

Buckley obtained the email, which was written by Daniel Meyer, the intelligence community’s top official for whistleblower cases, to the office of Sen. Chuck Grassley, R-Iowa, a leading whistleblower-protection advocate. The Senate Intelligence Committee also learned of the matter, said the knowledgeable people.

After obtaining the email, Buckley approached Meyer’s boss, I. Charles McCullough III, the inspector general for the 17-agency U.S. intelligence community, in what may have constituted a violation of the confidentiality of the whistleblowing process, they said.

[snip]

Meyer’s email concerned allegations that Buckley failed to thoroughly investigate a whistleblower retaliation claim, McClatchy has learned. The retaliation allegedly involved delays by the CIA in paying the legal fees of CIA officials who cooperated with the Senate committee. An indemnification agreement required the agency to cover those costs – which it eventually did – as long as the officers weren’t found to have committed any wrongdoing.

We know David Buckley has been treating whistleblowers inappropriately. Yet he’s the guy who apparently reneged on his claims that CIA illegally spied. Even though they spied after the time John Brennan told them (heh) to stop.

Having Been Absolved by DOJ, CIA Now Admits They Illegally Spied on SSCI

When Ron Wyden first asked John Brennan whether CIA had to comply with the Computer Fraud and Abuse Act, Brennan suggested they didn’t have to if they were conducting investigations.

The statute does apply. The Act, however, expressly “does not prohibit any lawfully authorized investigative, protective, or intelligence activity … of an intelligence agency of the United States.” 18 U.S.C. § 1030(f).

Then in March, after Senator Feinstein accused the CIA of improperly spying on her committee, Brennan claimed it was outside the realm of possibility.

As far as the allegations of, you know, CIA hacking into, you know, Senate computers, nothing could be further from the truth. I mean, we wouldn’t do that. I mean, that’s — that’s just beyond the — you know, the scope of reason in terms of what we would do.

Now that DOJ has decided not to investigate CIA’s illegal domestic spying, we learn it was well within the realm of possibility.

CIA employees improperly accessed computers used by the Senate Intelligence Committee to compile a report on the agency’s now defunct detention and interrogation program, an internal CIA investigation has determined.

Findings of the investigation by the CIA Inspector General’s Office “include a judgment that some CIA employees acted in a manner inconsistent with the common understanding reached between SSCI (Senate Select Committee on Intelligence) and the CIA in 2009,” CIA spokesman Dean Boyd said in a statement.

Brennan’s solution is to have corrupt hack Evan Bayh conduct an accountability review of the spying.

Mark Udall and Ron Wyden are furious. DiFi is less so. The Republicans on the Committee have been silent; apparently they’re okay with CIA breaching separation of powers.

And yet again, the CIA proves it refuses to subsist within democratic structures.

Cofer Black Gets to Rebut Torture Report that Shouldn’t Include Him

Brennan with TortureIn a piece that gets at some of the points of leverage between the White House and CIA over torture, Mark Mazzetti describes George Tenet’s effort to “challenge” the torture report.

It suggests Brennan’s close ties to Tenet — Brennan was once Tenet’s Chief of Staff – led the CIA Director to reach out to Tenet to lead pushback. It describes how Brennan’s close ties to Obama Chief of Staff Denis McDonough from when he served as White House Counterterrorism Czar led McDonough to intervene when Dianne Feinstein tried to require any CIA review to take place in Senate Intelligence Committee space.

All that’s beside the real source of CIA’s power over the White House — the fact that torture operated as a Presidentially-authorized covert op for years, as has the drone program, which means CIA has the ability to implicate both George Bush personally (and Obama, in illegal drone strikes), as well as the Office of the President more generally.

My favorite detail, however, is that Cofer Black has also been involved in this pushback campaign.

Just after the Senate Intelligence Committee voted in April to declassify hundreds of pages of a withering report on the Central Intelligence Agency’s detention and interrogation program, C.I.A. Director John O. Brennan convened a meeting of the men who had played a role overseeing the program in its seven-year history.

The spies, past and present, faced each other around the long wooden conference table on the seventh floor of the C.I.A.’s headquarters in Northern Virginia: J. Cofer Black, head of the agency’s counterterrorism center at the time of the Sept. 11 attacks; the undercover officer who now holds that job; and a number of other former officials from the C.I.A.’s clandestine service. Over the speakerphone came the distinctive, Queens-accented voice of George J. Tenet.

Over the past several months, Mr. Tenet has quietly engineered a counterattack against the Senate committee’s voluminous report, which could become public next month. [my emphasis]

According to Ken Dilianian’s version of the same story, Black will not be allowed to preview the report — he’s probably among the dozen people who thought they could review it but recently learned they would not be able to.

About a dozen officials were called in recent days and told they could read the executive summary at a secure room at the Office of Director of National Intelligence, as long as they agreed not to discuss it, four former officials said.

Then, on Friday, CIA officials called them and told them that due to a miscommunication, only former CIA directors and deputy directors would be given that privilege. Former directors Michael Hayden, Porter Goss and George Tenet have been invited to read it, as have former acting directors John McLaughlin and Michael Morell.

Black’s involvement, of course, should be a story unto itself.

According to the CIA’s official version of torture, it got authorized under the September 17, 2001 Finding by language authorizing the capture and detention of top Al Qaeda officials. But they didn’t start considering torture until they picked up Abu Zubaydah at the end of March in 2002. They didn’t start torturing, the official story goes, until DOJ gave them the green light in August 1, 2002.

Why, then, would Black need to be involved in the torture pushback?

He left the Counterterrorism Director spot in May 2002, well before the torture started — at least according to the CIA version, but not the personal experience of Ibn Sheikh al-Libi and Binyam Mohamed, both of whom got tortured before Black’s departure. In his book Jose Rodriguez claims, falsely, the torture program started in June, and he led it. If this official CIA chronology is correct, Black should have had no role — and no personal interest — in the torture program.

And yet there he is with the other torturers, leading pushback.

Even in their pushback effort, then, the CIA proves that they’ve been lying for years.

CISA: The Banks Want Immunity and a Public-Private War Council

A group of privacy and security organizations have just sent President Obama a letter asking him to issue a veto threat over the Cybersecurity Information Sharing Act passed out of the Senate Intelligence Committee last week. It’s a great explanation of why this bill sucks and doesn’t do what it needs to to make us safer from cyberattacks. It argues that CISA’s exclusive focus on information sharing — and not on communications security more generally — isn’t going to keep us safe.

Which is why it really pays to look at the role of SIFMA — the Securities Industry and Financial Markets Association – in all this.

As I’ve noted, they’re the banksters whom Keith Alexander is charging big bucks to keep safe. As Bloomberg recently reported, Alexander has convinced SIFMA to demand a public-private cyber war council, involving all the stars of revolving door fearmongering for profit.

Wall Street’s biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document.

The proposal by the Securities Industry and Financial Markets Association, known as Sifma, calls for a committee of executives and deputy-level representatives from at least eight U.S. agencies including the Treasury Department, the National Security Agency and the Department of Homeland Security, all led by a senior White House official.

The trade association also reveals in the document that Sifma has retained former NSA director Keith Alexander to “facilitate” the joint effort with the government. Alexander, in turn, has brought in Michael Chertoff, the former U.S. Secretary of Homeland Security, and his firm, Chertoff Group.

Public reporting positions SIFMA as the opposition to the larger community of people who know better, embracing this public-private war council approach.

Kenneth Bentsen, chief executive at the Securities Industry and Financial Markets Association, said in a statement that leaders of the Senate Intelligence panel who wrote the bill have “taken a balanced and considered approach which will help the financial services industry to better protect our customers from cyber terrorists and criminals, as well as their privacy.”

According to the same banksters who crashed our economy 6 years ago, this bill is about protecting them at the expense of our privacy and rule of law.

And in their reply to Alan Grayson’s questions about WTF they’re paying Keith Alexander so handsomely for, SIFMA repeats this line (definitely click through to read about Quantum Dawn 2).

Cyber attacks are increasingly a major threat to our financial system. As such, enhancing cyber security is a top priority for the financial services industry. SIFMA believes we have an obligation to do everything possible to protect the integrity of our markets and the millions of Americans who use financial services every day.

[snip]

However, the threat increases every day. SIFMA and its members have undertaken additional efforts to develop cyber defense standards for the securities industry sector as a follow on to the recently published NIST standards. And we are developing enhanced recovery protocols for market participants and regulators in the event of an attack that results in closure of the equity and fixed income markets. We are undertaking this work in close collaboration with our regulators and recently held a meeting to brief them on our progress. And, we plan to increase our efforts even further as the risks are too great for current efforts alone.

We know that a strong partnership between the private sector and the government is the most efficient way to address this growing threat. Industry and investors benefit when the private sector and government agencies can work together to share relevant threat information. We would like to see more done in Congress to eliminate the barriers to legitimate information sharing, which will enable this partnership to grow stronger, while protecting the privacy of our customers.

This is not — contrary to what people like Dianne Feinstein are pretending — protecting the millions who had their credit card data stolen because Target was not using the cyberdefenses it put into place.

Rather, this is about doing the banksters’ bidding, setting up a public-private war council, without first requiring them to do basic things — like limiting High Frequency Trading — to make their industry more resilient to all kinds of attacks, from even themselves.

Meanwhile, if that’s not enough indication this is about the bankstsers, check out what Treasury Secretary Jack Lew is doing this afternoon.

In the afternoon, the Secretary will visit Verizon’s facilities in Ashburn, Virginia to discuss cybersecurity and highlight the important role of telecommunications companies in supporting the financial system. 

Just what we need: our phone provider serving the interests of the financial system first.

DiFi wants to make it easier to spy on Americans domestically to help private companies that have already done untold damage to Main Street America. We ought to be protecting ourselves from them, not degrading privacy to subsidize their insecure practices.

The Unaudited Tech Analyst Access to US Person Data

In addition to its exposure of the sheer senselessness of much of the spying NSA engages in, yesterday’s WaPo story also shows that the government’s assurances that Edward Snowden could not access raw data have been misplaced.

For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material.

As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists.

“He didn’t get this data,” Alexander told a New Yorker reporter. “They didn’t touch —”

“The operational data?” the reporter asked.

“They didn’t touch the FISA data,” Alexander replied. He added, “That database, he didn’t have access to.”

Robert S. Litt, the general counsel for the Office of the Director of National Intelligence, said in a prepared statement that Alexander and other officials were speaking only about “raw” intelligence, the term for intercepted content that has not yet been evaluated, stamped with classification markings or minimized to mask U.S. identities.

“We have talked about the very strict controls on raw traffic, the training that people have to have, the technological lockdowns on access,” Litt said. “Nothing that you have given us indicates that Snowden was able to circumvent that in any way.”

In the interview, Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA’s Hawaii operations center gave him “unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ‘Dual Authorities’ role,” a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content — and “task” new collection — without prior approval of his search terms.

No one should ever have believed those assurances.

That’s because the documentation on the Section 215 program makes it clear how little oversight there is over tech people just like Snowden. The current phone dragnet order, for example, makes it clear that:

  • Tech personnel may access the phone dragnet data to tweak it in preparation for contact-chaining
  • Unlike intelligence analysts, tech personnel may query the phone dragnet data with selectors that have not been RAS-approved
  • Tech personnel may also conduct regular queries using RAS-approved selectors
  • Tech personnel may access the dragnet data to search for high volume numbers — this may require access to raw data
  • Some of the tech personnel (those in charge of infrastructure and receiving data from the telecoms) are exempt from special training on the phone dragnet data

The audit language in the dragnet order applies only to “foreign intelligence analysis purposes or using foreign intelligence analysis tools,” suggesting the tech analysis role access to the dragnet data is not audited.

Language in the order defining “NSA” suggests contractors may access the data (though it’s unclear whether they do so in a technical or intelligence analysis function); something made explicit in Dianne Feinstein’s bill.

That is, it is at least possible that Booz analysts are currently conducting audit-free tech massaging of the raw phone dragnet data.

And NSA knew this access was a vulnerability. As recently as 2012, tech analysts were found to have 3,000 files worth of phone dragnet data (it’s unclear how much data each file included) on an improper server past its required destruction date. NSA destroyed that data before definitively researching what it was doing there.

Thus, the risk of tech analyst breach is very real, and no one — not NSA, and not Congress, which has only codified this arrangement — seems to be addressing it.

Indeed, it is likely that some kind of Booz-type contractors will continue to have direct access to this data after it gets outsourced to the telecoms, otherwise USA Freedumber would not extend immunity to such second-level contractors.

For months, intelligence officials claimed not only that Snowden had not accessed raw data, but could not. That was always a dubious claim; even if Snowden couldn’t have accessed that data, other contractors just like him could and still can, with less oversight than NSA’s intelligence analysts get.

But it turns out Snowden could and did. And thanks to that, we now know many of the other claims made by government witnesses are also false.

In Advance of USA Freedom and CISA Fights, PCLOB Pretends Section 702 Doesn’t Have a Cyber Function

In a piece for Salon, I note some of the weird silences in yesterday’s PCLOB report, from things like the failure to give defendants notice (which I discussed yesterday) to the false claim that Targeting Procedures haven’t been released (they have been — by Edward Snowden). One of the most troubling silences, however, pertains to cybersecurity.

That’s especially true in one area where PCLOB inexplicably remained entirely silent. PCLOB noted in its report that, because Congress limited its mandate to counterterrorism programs, it focused primarily on those uses of Section 702. That meant a number of PCLOB’s discussions — particularly regarding “incidental collections” of Americans sucked up under Section 702 — minimized the degree to which Americans who corresponded with completely innocent foreigners could be in a government database. That said, PCLOB did admit there were other uses, and it discussed the government’s use of Section 702 to pursue weapons proliferators.

Yet PCLOB remained silent about a use of Section 702 that both Director of National Intelligence James Clapper’s office, in its very first information sheet on Section 702 released in June 2013, and multiple government witnesses at PCLOB’s own hearing on this topic in March, discussed: cybersecurity. Not only should that have been discussed because Congress is preparing to debate cybersecurity legislation that would be modeled on Section 702. But the use of Section 702 for cybersecurity presents a number of unique, and potentially more significant, privacy concerns.

And PCLOB just dodged that issue entirely, even though Section 702′s use for cybersecurity is unclassified.

In the transcript of the March PCLOB hearing on Section 702 uses, the word “cyber” shows up 12 times. Four of those references come from DOJ’s Deputy Assistant Attorney General Brad Wiegmann’s description of the kinds of foreign intelligence uses targeted under Section 702. (The other references came from Information Technology Industry Council President Dean Garfield.)

MR. WIEGMANN: You task a selector. So you’re identifying, that’s when you take that selector to the company and say this one’s been approved. You’ve concluded that it is, does belong to a non-U.S. person overseas, a terrorist, or a proliferator, or a cyber person, right, whoever it is, and then we go to the company and get the information.

[snip]

It’s aimed at only those people who are foreign intelligence targets and you have reason to believe that going up on that account that I mentioned, bad guy at Google.com is going to give you back information, information that is foreign intelligence, like on cyber threats, on terrorists, on proliferation, whatever it might be.

[snip]

So in other words, if I need to, if it’s Joe Smith and his name is necessary if I’m passing it to that foreign government and it’s key that they understand that it’s Joe Smith because that’s relevant to understanding what the threat is, or what the information is, let’s say he’s a cyber, malicious cyber hacker or whatever, and it was key to know the information, then you might pass Joe Smith’s name.

Yesterday’s report, however, doesn’t mention “cyber” a single time. Indeed, it seems to go out of its way to avoid mentioning it.

As discussed elsewhere in this Report, the Board believes that the Section 702 program significantly aids the government’s efforts to prevent terrorism, as well as to combat weapons proliferation and gather foreign intelligence for other purposes.

[snip]

The Section 702 program, for instance, is also used for surveillance aimed at countering the efforts of proliferators of weapons of mass destruction.473 Given that these other foreign intelligence purposes of the program are not strictly within the Board’s mandate, we have not scrutinized the effectiveness of Section 702 in contributing to those other purposes with the same rigor that we have applied in assessing the program’s contribution to counterterrorism. Nevertheless, we have come to learn how the program is used for these other purposes, including, for example, specific ways in which it has been used to combat weapons proliferation and the degree to which the program supports the government’s efforts to gather foreign intelligence for the benefit of policymakers.

It’s footnote to that last section cites DOJ’s 2012 report to SSCI on the uses of Section 702 (which doesn’t mention cyber) rather than the information sheet released in June 2013, which does.

I find PCLOB’s silence about the use of Section 702 to pursue cyber targets particularly interesting for several reasons.

First, because cyber targets pose unique privacy threats — in part because cyberattackers are more likely to hide their location and exploit the communications of entirely innocent people, meaning Section 702′s claimed targeting limits offer no protection to Americans. Additionally, targeting (as Wiegmann describes it) a “malicious cyber hacker” goes beyond any traditional definition of foreign agent; it is telling he didn’t use a Chinese military hacker as his example instead! Indeed, while proliferation (along with foreign governments, the other presumed certification) is solidly within FISA Amendment Act’s definition of foreign intelligence, cybersecurity is not. In its discussion of back door searches, PCLOB admits there are concerns raised by back door searches that are heightened (or perhaps more sensitive, because they involve affluent white people) outside the counterterrorism context, that’s especially true for cybersecurity targeting.

Consider, too, the likelihood that cyber collection is among the categories of about collection that PCLOB obliquely mentions but doesn’t describe due to classification.

Although we cannot discuss the details in an unclassified public report, the moniker “about” collection describes a number of distinct scenarios, which the government has in the past characterized as different “categories” of “about” collection. These categories are not predetermined limits that confine what the government acquires; rather, they are merely ways of describing the different forms of communications that are neither to nor from a tasked selector but nevertheless are collected because they contain the selector somewhere within them.

At the beginning of the report, PCLOB repeated the government’s claim this is primarily about emails; here in the guts of it, it obliquely references other categories of collection, without really considering whether these categories present different privacy concerns.

Remember, too, that the original, good version of USA Freedom Act remains before the Senate Judiciary Committee. That bill would disallow the use of upstream 702 for any use but counterterrorism and counterproliferation. Did PCLOB ignore this use of Section 702 just to avoid alerting Senators who haven’t been briefed on it that it exists?

Finally, I also find PCLOB’s silence about NSA’s admitted use of Section 702 to pursue cyberattackers curious given that, after Congress largely ditched ideas to involve PCLOB in various NSA oversight — such as providing it a role in the FISA Advocate position — Dianne Feinstein’s Cyber Information Sharing Act all of a sudden has found a use for PCLOB again (serving a function, I should add, that arguably replaces FISC review).

(1) BIENNIAL REPORT FROM PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD.—Not later than 1 year after the date of the enactment of this Act and not less frequently than once every 2 years thereafter, the Privacy and Civil Liberties Oversight Board shall submit to Congress and the President a report providing—

(A) an assessment of the privacy and civil liberties impact of the type of activities carried out under this Act; and

(B) an assessment of the sufficiency of the policies, procedures, and guidelines established pursuant to section 5 in addressing privacy and civil liberties concerns.

Feinstein introduced this bill on June 17, several weeks after PCLOB briefed her staffers on their report (they briefed Congressional committee aides on June 2, and the White House on June 17 — see just after 9:00).

A renewed openness to expanding PCLOB’s role may be entirely unmotivated, or it may stem from PCLOB’s chastened analysis of the legal issues surrounding Section 702.

But I do find it interesting that PCLOB uttered, literally, not one word about the topic that, if DiFi’s bill passes, would expand their mandate.

1 2 3 26

Emptywheel Twitterverse
JimWhiteGNV RT @AntonioFrench: An officer told Lillian Guthrie to "go get a job" as she and her son protested Monday. She's a financial analyst. http:/…
7hreplyretweetfavorite
JimWhiteGNV RT @seanpaulkelley: #blackopencarry is when we see whether or not Libertarians are truly color-blind. http://t.co/QrgCVQL3VB Libertarians: …
8hreplyretweetfavorite
emptywheel @adambonin But yeah, tomorrow will be fun,
8hreplyretweetfavorite
emptywheel @adambonin No no. Whichever gets a second chance at LV.
8hreplyretweetfavorite
emptywheel @adambonin Well, I think either team will do better with a second shot.
8hreplyretweetfavorite
JimWhiteGNV RT @elonjames: Listening to residents "In the 60's they sent the National Guard to protect US. Now they send them to protect the cops." #Fe
8hreplyretweetfavorite
emptywheel @adambonin They played them closer than Chicago did, didn't they?
8hreplyretweetfavorite
JimWhiteGNV RT @DSweetWCW: Brother @Carl_Dix surrounded by armed gang which has no regard for the lives of Black people. @cornelwest #Ferguson http://t…
8hreplyretweetfavorite
JimWhiteGNV RT @KagroX: Hands up, get shot. Hands down, get shot.
9hreplyretweetfavorite
JimWhiteGNV Aw, crap.
9hreplyretweetfavorite
JimWhiteGNV God is mooning #Ferguson! #ButtCheekCloud RT @aterkel: OMG LOOK AT THIS CLOUD #Ferguson with @ryanjreilly http://t.co/YdGe31c71E
9hreplyretweetfavorite
August 2014
S M T W T F S
« Jul    
 12
3456789
10111213141516
17181920212223
24252627282930
31