Edward Snowden

1 2 3 11

Chuck Grassley: Insider Threat Program Poses Threat to Whistleblowers

Chuck Grassley rarely gets the credit he deserves for championing whistleblowers. But, while there have been notable exceptions, Grassley has long defended both generalized protections for whistleblowers, as well as whistleblowers themselves.

Yesterday, he gave a long speech on the Whistleblower Protection Act. As part of it, he laid out a number of ways President Obama’s Insider Threat detection program threatened whistleblowers.

He described how the FBI has refused to explain whether Insider Threat Program training adequately distinguishes between whistleblowers and inside threats. Just last week, FBI walked out in the middle of a briefing for Grassley and Pat Leahy!

Meanwhile, the FBI fiercely resists any efforts at Congressional oversight, especially on whistleblower matters.  For example, four months ago I sent a letter to the FBI requesting its training materials on the Insider Threat Program.  This program was announced by the Obama Administration in October 2011.  It was intended to train federal employees to watch out for insider threats among their colleagues.  Public news reports indicated that this program might not do enough to distinguish between true insider threats and legitimate whistleblowers.  I relayed these concerns in my letter.  I also asked for copies of the training materials.  I said I wanted to examine whether they adequately distinguished between insider threats and whistleblowers.

In response, an FBI legislative affairs official told my staff that a briefing might be the best way to answer my questions.  It was scheduled for last week.  Staff for both Chairman Leahy and I attended, and the FBI brought the head of their Insider Threat Program.  Yet the FBI didn’t bring the Insider Threat training materials as we had requested.  However, the head of the Insider Threat Program told the staff that there was no need to worry about whistleblower communications.  He said whistleblowers had to register in order to be protected, and the Insider Threat Program would know to just avoid those people.

Now I have never heard of whistleblowers being required to “register” in order to be protected.  The idea of such a requirement should be pretty alarming to all Americans.  Sometimes confidentiality is the best protection a whistleblower has.  Unfortunately, neither my staff nor Chairman Leahy’s staff was able to learn more, because only about ten minutes into the briefing, the FBI abruptly walked out.  FBI officials simply refused to discuss any whistleblower implications in its Insider Threat Program and left the room.  These are clearly not the actions of an agency that is genuinely open to whistleblowers or whistleblower protection.

Grassley raises concerns that the monitoring of intelligence community employees will help the IC track whistleblowers who communicate properly to Congress.

Like the FBI, the intelligence community has to confront the same issue of distinguishing a true insider threat from a legitimate whistleblower.  This issue could be impacted by both the House- and Senate-passed versions of the intelligence authorization.  Both include language about continuous monitoring of security clearance holders, particularly the House version.

Director of National Intelligence James Clapper seems to have talked about such procedures when he appeared before the Senate Armed Services Committee on February 11, 2014.  In his testimony, he said:

We are going to proliferate deployment of auditing and monitoring capabilities to enhance our insider threat detection.  We’re going to need to change our security clearance process to a system of continuous evaluation. . . .  What we need is . . . a system of continuous evaluation, where . . . we have a way of monitoring their behavior, both their electronic behavior on the job as well as off the job, to see if there is a potential clearance issue. . . .

Director Clapper’s testimony gives me major pause.  It sounds as though this type of monitoring would likely capture the activity of whistleblowers communicating with Congress.

Continue reading

Fingerprints and the Phone Dragnet’s Secret “Correlations” Order

Yesterday, I noted that ODNI is withholding a supplemental opinion approved on August 20, 2008 that almost certainly approved the tracking of “correlations” among the phone dragnet (though this surely extends to the Internet dragnet as well).

I pointed out that documents released by Edward Snowden suggest the use of correlations extends well beyond the search for “burner” phones.

At almost precisely the same time, Snowden was testifying to the EU. The first question he answered served to clarify what “fingerprints” are and how XKeyscore uses them to track a range of innocent activities. (This starts after 11:16, transcription mine.)

It has been reported that the NSA’s XKeyscore for interacting with the raw signals intercepted by mass surveillance programs allow for the creation of something that is called “fingerprints.”

I’d like to explain what that really means. The answer will be somewhat technical for a parliamentary setting, but these fingerprints can be used to construct a kind of unique signature for any individual or group’s communications which are often comprised of a collection of “selectors” such as email addresses, phone numbers, or user names.

This allows State Security Bureaus to instantly identify the movements and activities of you, your computers, or other devices, your personal Internet accounts, or even key words or other uncommon strings that indicate an individual or group, out of all the communications they intercept in the world are associated with that particular communication. Much like a fingerprint that you would leave on a handle of your door or your steering wheel for your car and so on.

However, though that has been reported, that is the smallest part of the NSA’s fingerprinting capability. You must first understand that any kind of Internet traffic that passes before these mass surveillance sensors can be analyzed in a protocol agnostic manner — metadata and content, both. And it can be today, right now, searched not only with very little effort, via a complex regular expression, which is a type of shorthand programming. But also via any algorithm an analyst can implement in popular high level programming languages. Now, this is very common for technicians. It not a significant work load, it’s quite easy.

This provides a capability for analysts to do things like associate unique identifiers assigned to untargeted individuals via unencrypted commercial advertising networks through cookies or other trackers — common tracking means used by businesses everyday on the Internet — with personal details, such as individuals’ precise identity, personal identity, their geographic location, their political affiliations, their place of work, their computer operating system and other technical details, their sexual orientation, their personal interests, and so on and so forth. There are very few practical limitations to the kind of analysis that can be technically performed in this manner, short of the actual imagination of the analysts themselves.

And this kind of complex analysis is in fact performed today using these systems. I can say, with authority, that the US government’s claim that “keyword filters,” searches, or “about” analysis, had not been performed by its intelligence agencies are, in fact, false. I know this because I have personally executed such searches with the explicit authorization of US government officials. And I can personally attest that these kind of searches may scrutinize communications of both American and European Union citizens without involvement of any judicial warrants or other prior legal review.

What this means in non-technical terms, more generally, is that I, an analyst working at NSA, or, more concerningly, an analyst working for a more authoritarian government elsewhere, can without the issue of any warrant, create an algorithm that for any given time period, with or without human involvement, sets aside the communications of not only targeted individuals, but even a class of individual, and that just indications of an activity — or even just indications of an activity that I as the analyst don’t approve of — something that I consider to be nefarious, or to indicate nefarious thoughts, or pre-criminal activity, even if there’s no evidence or indication that’s in fact what’s happening. that it’s not innocent behavior. Continue reading

Keith Alexander’s Bubble Floats into the Sunset of Defense Contractor Sinecures

Screen shot 2013-11-27 at 11.11.07 AM

In a training program developed in 2009, the NSA itself identified abuses it likened to Projects Shamrock and Minaret.

Today, LAT has an extremely friendly exit interview with Keith Alexander that nevertheless depicts the now-retired General as hopelessly lost inside a bubble far removed from those who paid his salary. It depicts Alexander confusing objections to what NSA’s leaders have ordered with what the presumably honorable people who implement those decisions.

But something else seems likely to shape the legacy of the NSA’s longest-serving director, who retired Friday: something that Alexander failed to anticipate, did not prepare for and even now has trouble understanding.
Thanks to Edward Snowden, a former NSA contractor, the world came to know many of the agency’s most carefully guarded secrets. Ten months after the disclosures began, Alexander remains disturbed, and somewhat baffled, by the intensity of the public reaction.
“I think our nation has drifted into the wrong place,” he said in an interview last week. “We need to recognize that those who are working to protect our nation are not the bad people.

I find it particularly troubling that Alexander sees in skepticism about authority the nation “drifting into the wrong place.”

The profile goes on to convey Alexander’s laughable belief that what has been depicted since June is the model of oversight.

When Snowden’s disclosures began, Alexander and his deputies knew they were in for a storm. But they felt sure the American public would be comforted when they learned of the agency’s internal controls and the layers of oversight by Congress, the White House and a federal court.
“For the first week or so, we all had this idea that we had nothing to be ashamed of, and that everyone who looked at this in context would quickly agree with us,” Inglis said.
Instead, polls show, many Americans believe that the NSA is reading their emails and listening to their phone calls. A libertarian group put an advertisement in the Washington transit system calling Alexander, a 62-year-old career military officer, a liar. U.S. technology companies are crying betrayal.

Side note: it would be useful if LAT noted that in fact the disclosures do show that the NSA is conducting warrantless back door searches on US person emails, rather than using the conjunction “instead” suggesting this impression is false. And that’s all before you get into the vast collection overseas and upstream for which NSA refuses to count US person data.

I’m particularly interested in Alexander’s attempt to distinguish this scandal from the scandals of the 1970s.

He sees a fundamental difference between the intelligence abuses uncovered by Congress in the 1970s — including revelations that the NSA spied without warrants on domestic dissidents — and the programs exposed by Snowden.
“What the Church and Pike committees found” nearly 40 years ago was “that people were doing things that were wrong. That’s not happening here,” Alexander said, referring to the panels headed by Sen. Frank Church (D-Idaho) and Rep. Otis Pike (D-N.Y.) that examined intelligence-agency activities in that era.

As I have noted repeatedly, 4 years into Alexander’s tenure, the NSA itself likened some of its abuses to Projects Shamrock and Minaret. So perhaps Alexander should at least cede that under his leadership, the NSA was also doing things that it itself considered to be analogues to those earlier scandals (and yes, they violated the law and limits of the programs in question).

Even the LAT conducts a soft fact check of Alexander’s claim that the President’s Review Group and PCLOB found a model of oversight.

Outside reviews, including one released in December by a presidential task force, he said, found that “lo and behold, NSA is doing everything we asked them to do, and if they screw up, they self-report.”
The task force reported it found “no evidence of illegality or other abuse of authority for the purpose of targeting domestic political activity.” But it also noted “serious and persistent instances of noncompliance” with privacy and other rules. Even if unintentional, those violations “raise serious concerns” about the NSA’s “capacity to manage its authorities in an effective and lawful manner,” the report said.

I’d go further, too, and point out that this self-reporting only came with the greater involvement of DOJ’s National Security Division, after years of NSA not reporting these violations. Even months into one of those incidents, the NSA was failing to report its violations to the FISC without NSD involvement.

But perhaps the most egregious example of Alexander’s bubble comes in his assessment of the Snowden leaks themselves.

The ease with which Snowden removed top-secret documents also embarrassed an agency that is supposed to be the first line of defense against cyberattacks.
In July, Alexander offered to resign, but the White House turned him down, he said. He didn’t think holding other senior officials accountable would be right because a massive theft of documents by a systems administrator could not have been foreseen, he added.

Are you kidding me? First, how is it that the NSA couldn’t anticipate the large scale exfiltration of documents via removable media in the 3 years after Chelsea Manning did so? And why didn’t NSA comply with requirements to implement software to prevent just that, the kind of software Alexander insists his agency should have on our private communications? But note what else doesn’t get mentioned, as Alexander rides off into the sunset of generous defense contractor sinecures? Not only didn’t Alexander hold his subordinates responsible, but he didn’t hold Booz responsible, the company under whose lucrative eyeballs Snowden did this work.

As of Friday, the Bubble General is gone into retirement. While I fully expect soon-to-be Admiral Mike Rogers to be just as aggressive in hiding the scope of his programs and doing what he can because he can, I do hope he is not this detached from the reality in which he works.

Ron Wyden, Refusing to Play Prosecutor, Says We Need to Ban Dragnet Collection of Purchase Records

Meet the Press continues to spew absolute idiocy regarding the Snowden leaks. In an attempt to get Ron Wyden to call Edward Snowden a criminal today, Chuck Todd suggested because Wyden is a Senator he has the authority to decide who gets prosecuted or not.

Todd: Where are you on Snowden? Is he whistleblower? Is he a criminal? And if he’s brought back to the United States, should charges be brought up against him?

Wyden: Chuck, I decided a long time ago if somebody was charged criminally I wasn’t going to be just doing running commentary. But the bottom line is this is a debate that shouldn’t have started that way, it should have started with the House leadership– [interrupting]

Todd: But did he commit a crime? Did he commit a crime?

Wyden: I think that’s something for lawyers–

Todd: You’re in the United States Senate! You have the–you can’t tell me whether he committed a crime?!

Wyden: I’m not a prosecutor, I’m not a prosecutor. And I can tell you years ago in the House I asked the Tobacco executives whether nicotine was addictive, they were under oath, they said no, and the prosecutors said they couldn’t prove intent. Here’s what the bottom line is for me. The American people deserve straight information from the intelligence leadership. If the American people don’t get it, you can bet there’ll be other situations like this.

It must be tedious for Todd that the Fifth and Sixth Amendments might inhibit his ability to sow controversy on a Sunday show, but they nominally exist in this country.

And the rush to force Wyden to convict Snowden led him to ignore what Wyden actually said.

When Todd asked Wyden, the Senator described some other things that needed fixed. In addition to ending the bulk collection of phone records right away, Wyden said,

  • We’ve got to fix this back door search loophole in the Foreign Intelligence Surveillance Act
  • We ought to ban all dragnet surveillance on law abiding Americans–not just phone records, but also medical records, purchases and others

Todd interrupted Wyden as he talked about back door searches to prove he didn’t know what the fuck Wyden was talking about (he believed it entailed getting records without court review in an emergency). Later, having been told that the government was reading the emails of innocent Americans without a warrant and possibly collecting bulk records of their purchases, but proven ignorant about what that means, he asked Wyden if there was anything else that would make us feel insecure about our privacy.

Ron Wyden implied today that the government is collecting bulk records of our purchases (almost certainly in search of our beauty supply and pressure cooker purchases).

But revealing critical details like this is not what Chuck Todd believes Senators are for. Their job is to determine guilt or innocence on the Sunday shows.

Taking Kaplan’s Defense of Empire on Its Face

Robert Kaplan wrote a predictably horrible defense of empire that a number of people are giving the appropriate disdainful treatment.

Against my better judgement, I’d like to take a different approach and treat it as a useful piece (though not one I agree with or find palatable at all).

I think its useful, in part, against the background of the NSA disclosures. Key players in NSA discussions — people who travel some of the same circles as Kaplan, even — premise their treatment of the disclosures from an exclusively national perspective, completely ignoring that the NSA (and its GCHQ poodle) is different precisely because it depends on and serves as a key instrument of authority in an empire (or global hegemon, if the term empire gives you the willies). Approaching and assessing NSA’s behavior solely from a national perspective not only represses the obvious reasons why NSA’s dragnet of other countries’ citizens matters, but it also fails to assess our actions in the proper light, even from the standpoint of efficacy. NSA’s tasking choices reflect not our national interest, but rather the needs of the empire, which is why a relatively minor country like Venezuela gets prioritized along with Russia and China. That’s why we made Huawei such a high priority target: because it presents a unique threat to the functioning of our empire.

I would like to get to the point where we can discuss the NSA disclosures not just in terms of what they mean for Americans’ civil liberties as well of those who may not enjoy Fourth Amendment protection but nevertheless are citizens in a US order, but also whether the prioritization of complete dragnet and offensive spying and hacking serves the interests to which they’ve been put, that of the American global hegemon.

And here’s where I think Kaplan, in spite of his racism and paternalism and selective history, serves a useful role at this point in time. He claims, cherry picking from history, that only empires can provide order.

Throughout history, governance and relative safety have most often been provided by empires, Western or Eastern. Anarchy reigned in the interregnums.

And then he asks whether or not America can afford to sustain its own empire.

Nevertheless, the critique that imperialism constitutes bad American foreign policy has serious merit: the real problem with imperialism is not that it is evil, but rather that it is too expensive and therefore a problematic grand strategy for a country like the United States. Many an empire has collapsed because of the burden of conquest. It is one thing to acknowledge the positive attributes of Rome or Hapsburg Austria; it is quite another to justify every military intervention that is considered by elites in Washington.

Thus, the debate Americans should be having is the following: Is an imperial-like foreign policy sustainable?

[snip]

Once that caution is acknowledged, the debate gets really interesting. To repeat, the critique of imperialism as expensive and unsustainable is not easily dismissed.

Perhaps predictably Kaplan dodges his own question, never seriously answering it. Instead of answering the question that he admits might have answers he doesn’t much like, he instead spends a bunch of paragraphs, in all seriousness, arguing that Obama is pursuing a post-Imperial presidency.

Rather than Obama’s post-imperialism, in which the secretary of state appears like a lonely and wayward operator encumbered by an apathetic White House, I maintain that a tempered imperialism is now preferable.

No other power or constellation of powers is able to provide even a fraction of the global order provided by the United States.

And by dodging his own question by launching a partisan attack, Kaplan avoids a number of other questions. Not just whether the American empire is sustainable, but whether there’s something about the means of American empire that has proven ineffective (which is really a different way of asking the same question). Why did Iraq end up being such catastrophe? Why did we lose the Arab Spring, in all senses of the word? Why, even at a time when the US still acts as global hegemon, is instability rising?

There are some underlying reasons, like climate change, that the imperialists would like to distinguish from our oil-based power and the dollar exchange it rests on.

But even more, I think, the imperialists would like to ignore how neoliberalism has gutted the former source of our strength, our manufacturing, has led us to increased reliance on Intellectual Property, and has not offered the people in our realm of influence the stability Kaplan claims empire brings. People can’t eat, they can’t educate their children, they can’t retire because of the policies Kaplan and his buddies have pushed around the world. And the US solution to this is more trade pacts that just further instantiate IP as a core value, regardless of how little it serves those people who can’t eat.

The NSA is intimately a part of this, of course. The reason I find it so hysterical that NSA’s one defense against China is effectively the IP one — the NSA doesn’t steal IP and give it to “private” companies to use. But that’s just another way of saying that the empire we’ve rolled out has failed to protect even the increasingly ineffective core basis of our power, its IP.

I’ve said this before, but what is happening, increasingly, is that the US has to coerce power rather than win it through persuasion — persuasion that used to be (at least for our European allies) increased quality of life. It’s a lot more expensive to coerce power, both in terms of the military adventures or repression you must engage in, but also in terms of the dragnet you must throw across the world rather than the enhanced communication of an open Internet. Nevertheless, the Obama Administration, for all of Kaplan’s claimed post-Imperialism, seems to be doubling down on more coercive (or, in the case of trade agreements, counterproductive) means of retaining power.

And so Kaplan, who’s so sure that empire is a great thing, might be better considering not empire in the abstract (indeed, abstracted to the point of suppressing the many downsides of empire), but the empire we’ve got. He seems to implicitly admit he can’t rebut the claim that our empire is no longer sustainable, but since he can’t he changes the subject. Why is our empire unsustainable, Robert Kaplan? And for those who believe the US offers a good — or even a least-bad — order for the globe, what do you intend to do to return it to sustainability?

Dragnets and austerity aren’t going to do it, that’s for sure.

Update: Thanks to Wapiti for alerting me to my huge error of substituting Kagan (generic neocon name) for Kaplan’s actual last name. Sorry for the confusion.

2008′s New and Improved EO 12333: Sharing SIGINT

As part of my ongoing focus on Executive Order 12333, I’ve been reviewing how the Bush Administration changed the EO when, shortly after the passage of the FISA Amendments Act, on July 30, 2008, they rolled out a new version of the order, with little consultation with Congress. Here’s the original version Ronald Reagan issued in 1981, here’s the EO making the changes, here’s how the new and improved version from 2008 reads with the changes.

While the most significant changes in the EO were — and were billed to be — the elaboration of the increased role for the Director of National Intelligence (who was then revolving door Booz executive Mike McConnell), there are actually several changes that affected NSA.

Perhaps the most striking of those is that, even while the White House claimed “there were very, very few changes to Part 2 of the order” — the part that provides protections for US persons and imposes prohibitions on activities like assassinations — the EO actually replaced what had been a prohibition on the dissemination of SIGINT pertaining to US persons with permission to disseminate it with Attorney General approval.

The last paragraph of 2.3 — which describes what data on US persons may be collected — reads in the original,

In addition, agencies within the Intelligence Community may disseminate information, other than information derived from signals intelligence, to each appropriate agency within the Intelligence Community for purposes of allowing the recipient agency to determine whether the information is relevant to its responsibilities and can be retained by it.

The 2008 version requires AG and DNI approval for such dissemination, but it affirmatively permits it.

In addition, elements of the Intelligence Community may disseminate information to each appropriate element within the Intelligence Community for purposes of allowing the recipient element to determine whether the information is relevant to its responsibilities and can be retained by it, except that information derived from signals intelligence may only be disseminated or made available to Intelligence Community elements in accordance with procedures established by the Director in coordination with the Secretary of Defense and approved by the Attorney General.

Given that the DNI and AG certified the minimization procedures used with FAA, their approval for any dissemination under that program would be built in here; they have already approved it! The same is true of the SPCMA — the EO 12333 US person metadata analysis that had been approved by both Attorney General Mukasey and Defense Secretary Robert Gates earlier that year. Also included in FISA-specific dissemination, the FBI had either just been granted, or would be in the following months, permission — in minimization procedures approved by both the DNI and AG — to conduct back door searches on incidentally collected US person data.

In other words, at precisely the time when at least 3 different programs expanded the DNI and AG approved SIGINT collection and analysis of US person data, EO 12333 newly permitted the dissemination of that information.

And a more subtle change goes even further. Section 2.5 of the EO delegates authority to the AG to “approve the use for intelligence purposes, within the United States or against a United States person abroad, of any technique for which a warrant would be required if undertaken for law enforcement purposes.” In both the original and the revised EO, that delegation must be done within the scope of FISA (or FISA as amended, in the revision). But in 1981, FISA surveillance had to be “conducted in accordance with that Act [FISA], as well as this Order,” meaning that the limits on US person collection and dissemination from the EO applied, on top of any limits imposed by FISA. The 2008 EO dropped the last clause, meaning that such surveillance only has to comply with FISA, and not with other limits in the EO.

That’s significant because there are at least three things built into known FISA minimization procedures — the retention of US person data to protect property as well as life and body, the indefinite retention of encrypted communications, and the broader retention of “technical data base information” — that does not appear to be permitted under the EO’s more general guidelines but, with this provision, would be permitted (and, absent Edward Snowden, would also be hidden from public view in minimization procedures no one would ever get to see).

Continue reading

GAP, POGO, Experience Break-Ins

Jeff Stein has a troubling scoop that both the Government Accountability Project and POGO have been burgled — POGO in recent weeks and GAP several years ago.

The POGO break-in seems of lesser concern, because they don’t appear to have taken anything — though Stein notes that POGO was involved in releasing the DOD IG Report that revealed CIA’s close ties to Zero Dark Thirty (and, because some dirty fucking hippie pointed it out, that William McRaven ordered Osama bin Laden photos “destroyed immediately” when Judicial Watch FOIAed them).

POGO is also relentless in its documentation of the waste of the F-35 program.

The GAP break-in occurred back in January 2011.

In the Jan. 6, 2011 incident, the burglars seemed interested in just a few of the computers among the dozen or so in the office. Of the six stolen, two belonged to GAP’s national security attorneys, and one to its legal director, according to GAP President Louis Clark. No culprits have been arrested.

Jesselyn Radack, the director of GAP’s National Security and Human Rights Program, is a legal adviser to Snowden.

This was the period when the WikiLeaks investigation was heating up, as was the Jeffrey Sterling prosecution. Several months later, Thomas Drake would get his plea deal.

In addition, in recent months, someone has been trying to deal GAP classified documents.

In the months since the group’s association with the fugitive leaker began, Clark said, “We have had a highly suspicious person twice try to give us so-called ‘classified’ documents.” Because the group is not a news organization, accepting classified documents could leave it open to prosecution.

It’s not surprising that weird stuff is happening to Raddack’s organization as she assist Snowden. But this does seem like a setup.

Troubling.

Update: Via Twitter Radack made it clear the break in to GAP was during the Thomas Drake case.

Between Two Ends of the WikiLeaks Investigation: Parallel Constructing the FBI’s Secret Authorities

Two pieces of news on the government’s investigation of WikIleaks came out yesterday.

At the Intercept, Glenn Greenwald reported:

  • In 2010, a “Manhunting Timeline” described efforts to get another country to prosecute what it called the “rogue” website
  • In a targeting scenario dating to July 25, 2011, the US’ Targeting and General Counsel personnel responded to a question about targeting WikiLeaks’ or Pirate Bay’s server by saying they’d have to get back to the questioner
  • In 2012, GCHQ monitored WikiLeaks — including its US readers — to demonstrate the power of its ANTICRISIS GIRL initiative

Screen Shot 2014-02-19 at 9.42.54 AM
Also yesterday, Alexa O’Brien reported (and contextualized with links back to her earlier extensive reporting):

  • The grand jury investigation of WikiLeaks started at least as early as September 23, 2010
  • On January 4, 2011 (21 days after the December 14, 201 administrative subpoena for Twitter records on Appelbaum and others), DOJ requested Jacob Appelbaum’s Gmail records
  • On April 15, 2011, DOJ requested Jacob Appelbaum’s Sonic records

Now, as O’Brien lays out in her post, at various times during the investigation of WikiLeaks, it has been called a Computer Fraud and Abuse investigation, an Espionage investigation, and a terrorism investigation.

Which raises the question why, long after DOJ had deemed the WikiLeaks case a national security case that under either the terrorism or Espionage designation would grant them authority to use tools like National Security Letters, they were still using subpoenas that were getting challenged and noticed to Appelbaum? Why, if they were conducting an investigation that afforded them all the gagged orders they might want, were they issuing subpoenas that ultimately got challenged and exposed?

Before you answer “parallel construction,” lets reconsider something I’ve been mulling since the very first Edward Snowden disclosure: the secret authority DOJ and FBI (and potentially other agencies) used to investigate not just WikiLeaks, but also WikiLeaks’ supporters.

Back in June 2011, EPIC FOIAed DOJ and FBI (but not NSA) for records relating to the government’s investigation of WikiLeaks supporters.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

In their motion for summary judgment last February, DOJ said a lot of interesting things about the records-but-not-lists they might or might not have and generally subsumed the entire request under an ongoing investigation FOIA exemption.

Most interesting, however, is in also claiming that some statute prevented them from turning these records over to EPIC, they refused to identify the statute they might have been using to investigate WikiLeaks’ supporters.

All three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham – claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

Invoking a statutory exemption but refusing to identify the statute was, as far as I’ve been able to learn, unprecedented in FOIA litigation.

The case is still languishing at the DC District.

I suggested at the time that the statute in question was likely Section 215; I suspected at the time they refused to identify Section 215 because they didn’t want to reveal what Edward Snowden revealed for them four months later: that the government uses Section 215 for bulk collection.

While they may well have used Section 215 (particularly to collect records, if they did collect them, from Visa, MasterCard, and PayPal — but note FBI, not NSA, would have wielded the Section 215 orders in that case), they couldn’t have used the NSA phone dragnet to identify supporters unless they got the FISC to approve WikiLeaks as an associate of al Qaeda (update: Or got someone at NSA’s OGC to claim there were reasons to believe WikiLeaks was associated with al Qaeda). They could, however, have used Section 215 to create their own little mini WikiLeaks dragnet.

Continue reading

Former Professional Journalist Suggests NYT Shouldn’t Pay Its Journalists

I’m working on a more substantive response to this Ben Wittes post claiming that the NYT’s latest Snowden story doesn’t mean the NSA spies on lawyers.

But I wanted to note how it begins.

Unless the public is really tiring of matters Snowden, the New York Times’s latest is going to stir up the hornet’s nest. “Spying by N.S.A. Ally Entangled U.S. Law Firm,” blares the headline of the story by reporter James Risen and freelancer Laura Poitras—from whom the Times (which insists it never pays for information) sometimes procures Snowden-leaked documents and to whom it gives a byline when it does so. [my emphasis]

The apparent subtext here is that the NYT is paying Laura Poitras not to do journalism on a story she has covered in depth for the last 8 months, but instead for access to documents in her possession (or to use Mike Rogers’ formulation, Poitras is fencing stolen property).

The comment is odd not just because Wittes has not (as far as I know) complained that the NYT also got (or may have in this case — I frankly don’t claim to know these arrangements) Snowden documents directly from the Guardian in a necessary attempt to bypass the UK’s crackdown on press freedom.

Odder still, according to Wittes’ Brookings bio, he worked as a professional journalist for at least a decade, both as a WaPo staffer and as an independent contributor.

Between 1997 and 2006, he served as an editorial writer for The Washington Post specializing in legal affairs. Before joining the editorial page staff of The Washington Post, Wittes covered the Justice Department and federal regulatory agencies as a reporter and news editor at Legal Times. His writing has also appeared in a wide range of journals and magazines including The Atlantic, Slate, The New Republic, The Wilson Quarterly, The Weekly Standard, Policy Review, and First Things.

Therefore I assume he is familiar with the tradition in journalism that when someone reports — even (especially) for a major newspaper as a freelancer — one gets paid.

Except he seems to want to make an exception just in this one case so as to insinuate certain things about Poitras’ reporting.

I do hope all of Wittes’ reporter friends remind him that their profession is still … a profession, and that equating professional journalism with crime sort of puts a damper on the whole freedom of the press thing, not to mention their claim that they should be compensated for their labor.

Disclosure: Obviously, with my affiliation with First Look Media, I do have a tie with Poitras (though not with this story). As an EW post, however, this post has no tie to First Look, and I have talked to neither Poitras nor anyone else at First Look before writing it.

Update: Wittes explains himself at length here (though the *@^$&*# hackers have brought Lawfare down again). It seems Wittes is nostalgic for the time when newspapers and the government had such a cozy relationship the NYT could lie us into catastrophic war in the service of the government.

I confess that I’m troubled by the power dynamics at work—for reasons that I’m sure will not endear me to my Twitter critics: I believe in institutional media. I believe in editors. And while I also deeply believe in the proliferation of voices that new media has enabled, I don’t like it that Greenwald, Gellman, and Poitras have such enormous leverage against big media organizations which I expect to make responsible publishing decisions. Put simply, I am uncomfortable with the unaccountable power that this arrangement gives people like Poitras over organizations like the New York Times.

DOD Complains about “Speculative” Risk of Bulk Collection

Maybe I have a sick sense of humor.

But I laughed at the irony of this NYT story about how Edward Snowden used a web-crawler to scrape data from the NSA’s servers.

In paragraphs 28 and 29 (of 29), Defense Intelligence Agency head Michael Flynn admits what he has avoided admitting in public hearings: he has no fucking clue what Snowden took.

The head of the Defense Intelligence Agency, Lt. Gen. Michael T. Flynn, told lawmakers last week that Mr. Snowden’s disclosures could tip off adversaries to American military tactics and operations, and force the Pentagon to spend vast sums to safeguard against that. But he admitted a great deal of uncertainty about what Mr. Snowden possessed.

“Everything that he touched, we assume that he took,” said General Flynn, including details of how the military tracks terrorists, of enemies’ vulnerabilities and of American defenses against improvised explosive devices. He added, “We assume the worst case.”

DOD doesn’t actually know what Snowden took. They know he had access to a bunch of files on military operations.

But that leaves open the question of how Mr. Snowden chose the search terms to obtain his trove of documents, and why, according to James R. Clapper Jr., the director of national intelligence, they yielded a disproportionately large number of documents detailing American military movements, preparations and abilities around the world.

But DOD doesn’t know whether he just touched them, or took them with him. It doesn’t know whether he deleted any he took before turning them over to journalists.

For his part, Snowden says DOD’s claims he deliberately took military information are unfounded.

In his statement, Mr. Snowden denied any deliberate effort to gain access to any military information. “They rely on a baseless premise, which is that I was after military information,” Mr. Snowden said.

Snowden suggests any military information he got, he got incidentally. DOD will just have to trust him.

Nevertheless, DOD will assume the worst because that’s the only way to protect DOD equities — and indeed, the lives of our military service members (that is, if Flynn’s claims are true; given his track record I don’t necessarily believe they are).

The necessity of protecting people and secret plans because of a potential risk is actually not funny at all. Indeed, it points to the problem inherent with bulk collection conducted in secret: Those potentially targeted by it have to assume the worst to protect themselves.

Mind you, if Sam Alito were a fair and balanced kind of guy, he’d tell DOD to suck it up. The risk of this bulk collection inflicting harm on military operations is speculative.

Respondents’ claim of future injury is too speculative to establish the well-established requirement that certain injury must be “certainly impending.”

But I think Alito is wrong. I definitely don’t fault DOD for adjusting to potential risks given the lack of certainty over which of their most sensitive secrets bulk collection has compromised.

If it is a problem that Snowden touched or maybe even incidentally collected data that could cause DOD great harm — if it is understandable that DOD would assume and prepare for the worst — then NSA needs to shut down its own indiscriminate scraping of data from all over the world. Because it is imposing the same kinds of risk and costs and worries to private individuals all over the world.

Update: Eli Lake got sources who received DIA’s briefing on their Snowden report to distinguish between what DIA knows and what they’re just assuming.

1 2 3 11

Emptywheel Twitterverse
emptywheel @quinnnorton Well, it will make a VERY interesting challenge some day, when, some DFH blogger cites it to claim privilege. @saftergood
3mreplyretweetfavorite
emptywheel @jasonemryss When you're talking security clearances "law" is an entirely arbitrary and capricious concept. @trevortimm
7mreplyretweetfavorite
emptywheel 2nd circuit judge humor: Govt still considering appealing to defend their "no number no description" claim. But we have a number: > 271.
8mreplyretweetfavorite
emptywheel @AskZelda_ You just qualified. @trevortimm
18mreplyretweetfavorite
emptywheel @trevortimm Yes! When I get busted I can tell the judge that James "Too Cute by Half" Clapper insists I'm media.
19mreplyretweetfavorite
emptywheel FWIW: NYT and ACLU are going to get Awlaki memo bc I noted and @JasonLeopold FOIAed the White Paper when Leahy mentioned.
20mreplyretweetfavorite
JimWhiteGNV Latest Parchin Accusation: Centrifuges! http://t.co/DJwNnjxjtk
35mreplyretweetfavorite
emptywheel @1Dimitri Seeing as how they haven't substantively reported those others discussions, can almost guarantee it.
42mreplyretweetfavorite
JimWhiteGNV RT @mattduss: Iran says it is drafting complete account of past nuclear work http://t.co/lrW6dNoiE0 via @YahooNews
52mreplyretweetfavorite
emptywheel RT @csoghoian: The Federalist Society will be hosting a live debate on US Gov use of 0-days w/ me and @RosenzweigP on Thursday. http://t.co
1hreplyretweetfavorite
emptywheel @Steven_Nelson50 That's not at all what I think. But thanks for playing. @alexqgb @JameelJaffer
1hreplyretweetfavorite
April 2014
S M T W T F S
« Mar    
 12345
6789101112
13141516171819
20212223242526
27282930