I’m going to have a longer post about this opinion recommending a judge throw out the warrant, based on evidence FBI obtained by shutting down DSL and then pretending to be the cable guys that would fix it, used in bust Paul Phua (see this article for more).
But I want to point to the excuse FBI Agent Minh Pham used to explain away several other errors he made in the search warrant:
After Pham submitted and obtained the search warrant, he learned the affidavit contained errors. Specifically, it stated that Paul Phua wired $4 million into a Caesars account to secure a credit line. Pham later discovered it was actually Seng Chen “Richard” Yong that requested the wire to secure both their lines of credit. However, at the time Pham submitted the search warrant affidavit, he believed it was correct that Paul Phua had initiated this transfer.
The affidavit also stated Paul Phua had transferred approximately $900,000 from a casino in Fort Lauderdale, Florida, to the Caesars account. However, Pham later learned that Paul Phua had been only one of the individuals who signed the consent to have that money wire-transferred into Yong’s account. At the time Pham submitted the affidavit, he believed the statement was true based on documents from Caesars concerning monetary transfers that he had received. Pham referred to the spreadsheet contained in government’s Exhibit 2F as a document he relied upon to support his statement in the affidavit. The font size was very small and difficult to read.
He also discovered another error in the affidavit days later. There were transfers for $3 million between individuals in the villas. He looked at the spreadsheet, and it was off by one or two lines,” which caused him to associate the wrong name with the transfer. [my emphasis]
The font on the spreadsheet Caesars Palace had given the FBI when it requested they open an investigation was “very small difficult to read.”
You’ll recall that when the FBI went after Lavabit to get its crypto key, Lavar Levison tried to comply by providing a printout of the key. But the government complained it was illegible, and got Levison held in contempt.
In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout “illegible.”
“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.
The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.
Apparently, huge casinos are held to a different standard than small email providers.
I’ve been contemplating how to respond to this hilarious piece from Yishai Schwartz — another of the many “rebuttals” to CitizenFour that betrays rank ignorance of many of the things Edward Snowden leaked. To some degree, Conor Friedersdorf already hit on many key points, notably his takedown of Schwartz’ claims that because people overwhelmingly support the drone program, Snowden shouldn’t be able to invoke it when defending his leaks.
Schwartz goes on to attack Snowden in a particularly unpersuasive way:
Snowden couches his policy disagreements in grandiose terms of democratic theory. But Snowden clearly doesn’t actually give a damn for democratic norms. Transparency and the need for public debate are his battle-cry. But early in the film, he explains that his decision to begin leaking was motivated by his opposition to drone strikes. Snowden is welcome to his opinion on drone strikes, but the program has been the subject of extensive and fierce public debate. This is a debate that, thus far, Snowden’s and his allies have lost. The president’s current drone strikes enjoy overwhelmingpublic support. So citing his opposition to a widely debated policy as his motivation for increasing transparency is, well, odd. But it’s also illustrative. Snowden’s leaks aren’t primarily aimed at returning transparency or triggering a public debate; they are about creating his preferred policy outcomes, outcomes that usually involve a weaker state.
This is a fantastical description of the debate over drones. The White House has repeatedly invoked the state-secrets privilege in lawsuits attempting to stop drone strikes as a violation of the Constitution. The American public was not permitted to see the legal rationale for a drone strike that targeted and killed a U.S. citizen until earlier this year, long after Snowden decided to become a whistleblower. To this day, the government suppresses information on the number of innocents killed in drone strikes.
“In refusing to release to Congress the rules and justifications governing aprogram that has conducted nearly 400 unmanned drone strikes and killed at least three Americans in the past four years, President Obama is ignoring the system of checks and balances that has governed our country from its earliest days,” John Podesta declared in a March 13, 2013, Washington Post op-ed. “And in keeping this information from the American people, he is undermining the nation’s ability to be a leader on the world stage and is acting in opposition to the democratic principles we hold most important.”
To this day the drone debate is a case study in executive-branch officials subverting democracy by withholding information from Congress, sidestepping the judiciary, and denying the public information vital to a policy debate; the matter was even worse when Snowden first decided to become a whistleblower. To cite it as an example of democracy in action betrays deep confusion about American democracy.
I had been thinking precisely the same thing — but also that the drone program also betrays how naive Schwartz’ dismissal of a public interest defense is.
Purportedly, Snowden will not return to face American justice because he would not receive a “fair trial.” But in the movie, Snowden lawyer Ben Wizner admits that his use of the term is somewhat “unusual.” He accepts that Snowden won’t be denied due process, access to counsel or an impartial jury. Rather his complaint centers on the fact that the law doesn’t include a justification defense for leaks made “in the public interest.” Neither, of course, do many other such prohibitions (murder, theft, littering…).
Generally, Schwartz is right that you can’t murder someone and then claim you did it in the public interest.
You can’t, that is, unless you’re the CIA killing an American citizen with no due process. In that case, you can claim a public authority defense, even though you need to torque the law all out of recognition to do it. Ultimately, though, all you’re doing then is arguing that if the President orders you to do it, you can murder another American.
Then there’s Schwartz’ claim (also mocked by Friedersdorf), that he, a white male, doesn’t worry that the government will invade his house. I would add to Friedersdorf that the claim is especially neat coming as it did the day after EFF confirmed what everyone had predicted: the government has been conducting over 10,000 sneak-and-peak searches (ACLU’s Chris Soghoian insists we call these black bag jobs) a year, using a law justified by terrorism, to look for drugs.
Still, what I find funniest about Schwartz’ piece is the way he conflates categories without any apparent awareness.
Snowden’s experience holed up in his hotel—his fear, his precautions, and the U.S. government’s attempt to apprehend him—becomes an illustration of the very tyranny that Snowden set out to unmask.
That latter connection offends me, and it should offend others as well. The implication is that Snowden has been targeted and persecuted by the government because he is a dissenter. This is false. Snowden is a dissenter, but he is also a law-breaker. And the latter is the reason he has been targeted. There are a host of journalists, pundits, and commentators who share Snowden’s views, and they are all dissenters. But as far as I know, journalist Conor Friedersdorf and anchor Piers Morgan do not fear arrest.
For starters, Snowden was exhibiting that “paranoia” (the same paranoia he claims to have taught diplomats, of course) before the NSA knew to worry. He was not yet a law-breaker — at least not as far as the government knew. Moreover (even setting aside that Piers Morgan, newly re-implicated in illegal spying, should fear arrest), journalists are among a fairly broad class of people who should be paranoid even if they don’t fear arrest, because if they’re not sufficiently paranoid they can’t do their job.
But even if Snowden’s behavior were motivated from his role as “law-breaker,” Schwartz’ point should still be wrong, but is not. Snowden has been charged with Espionage, but even with all the propaganda out there, credible law enforcement sources have never claimed they had evidence Snowden was an Agent of a Foreign power. As such, he should be safe from the paranoia that an all-seeing state can find him in Hong Kong, because to find even a law-breaker in Hong Kong, the state should be using mutual legal assistance treaties and the like (though the downing of Evo Morales’ plane should disabuse you of the notion that the state would have in this case). They should be using law enforcement, not the dragnet.
Yet we know — thanks, in part, to Edward Snowden, that the government routinely uses the dragnet as it conducts assessments of people against whom it doesn’t even have evidence of wrong-doing. While the government might, in the first days of Snowden’s leaks, have been able to convince FISC Snowden was probably acting with Chinese or Russian help, that doesn’t change the fact — admitted now by the FBI — that they use the dragnet with mere racial profiling and the like.
Then finally there is Schwartz’ skepticism about the danger of this dragnet, operating globally.
Poitras has little do add to the debate over American surveillance programs. Through the mouths of privacy activist Jacob Appelbam, former NSA whistleblower William Binney and others, she argues that the reach of America’s (and our allies’) surveillance is unprecedented, which is true. But she also insists that our surveillance programs are unnecessary, that increases in government capabilities inherently infringe on our liberty, and warns ominously that dictatorships begin their oppression with the collection of data.
Henry Farrell, in an awesome piece skewering the more liberal version of this American exceptionalism (read for the skewering, but definitely make sure to read through to the argument at the end), warns about the dangers of this globalizing dragnet.
Since September 11, 2001, surveillance has been quietly remaking domestic politics and international relations. The forces of globalization, which rapidly accelerated during the 1990s, made travel, trade and communication far easier and cheaper between the advanced industrial democracies and a key group of less developed countries. The 9/11 attacks exposed the dangers of interdependence. Domestic-security agencies sought—and usually got—vastly expanded resources, allowing them to implement new forms of large-scale data gathering, analysis and sharing. The risks and opportunities of interdependence also led them to work together across borders in unprecedented ways. Not only was it far easier and cheaper than ever before to gather information on how ordinary members of the population were behaving and communicating with each other, but it was also far easier and cheaper to share this information across countries. It is hard to overstate the importance of these data-sharing arrangements.
Most liberals assume a clear division between national politics, where we have strong rights and duties toward each other, and international politics, where these rights and duties are attenuated. National-security liberals, in contrast, start from the belief that we owe it to the world to remake it in more liberal ways and that America is uniquely willing to further this project and capable of doing so by projecting state power.
Snowden and Greenwald suggest that this project is not only doomed but also corrupt. The burgeoning of the surveillance state in the United States and its allies is leading not to the international spread of liberalism, but rather to its hollowing out in the core Western democracies. Accountability is escaping into a realm of secret decisions and shadowy forms of cross-national cooperation and connivance.
Almost all Snowden critics refuse to engage this larger problem, the degree to which America’s dragnet is turning its position as global hegemon from a force (debatably) for good into something far more ominous, an infrastructure of discipline. While it may now primarily target dissidents in other countries (though it already does target those who oppose American power), the infrastructure can easily be adapted (and may have, when it was still Stellar Wind) to target US dissidents. And it already does incorporate people — lawyers, human rights workers, journalists — whose roles need protection for democracy to function. In any case, given that it has already incorporated the dragnet into its efforts to racially profile and recruit informants, there’s adequate reason to be alarmed, even if you are a jingoistic American.
This morning, the Nobel Prize awarded the Peace Price to Pakistani activist Malala Yousafzai.
In a piece published earlier this morning at Salon, I pointed out that so long as countries like Norway participate in the NSA’s dragnet, Edward Snowden will never get a Nobel Prize.
No European country but Russia has offered Snowden asylum, so it’s unlikely the Norwegians will do something just as likely to piss off the U.S. Numerous European countries, after all, play willing partners in America’s global dragnet. Europe — including Norway — are the spies Snowden warned us against.
But I also made a more important point.
Like Obama — who got a Nobel Prize well before he had delivered on his promises — the world community has not yet really acted on Edward Snowden’s invitation to reform.
Snowden has completed a courageous act, leaking a mother lode of documents revealing just how exposed we are to the NSA’s glare. He has continued to speak out, to the extent he is able from Russia.
But the response remains very much in flux. Across the world, it’s quite possible Snowden’s leaks provide more repressive government the excuse to crack down. Certainly America’s Five Eyes spying partners (in addition to the UK, New Zealand, Australia, and Canada) are doing so: all but Canada have passed or are passing expansive laws legalizing still more surveillance. Citizens — in Five Eyes countries and outside — have not yet seized the opportunity created by Snowden to roll back the dragnet. Even in the U.S., the only reform on offer, Patrick Leahy’s USA Freedom Act, worsens some aspects of spying while achieving the important goal of removing all Americans’ phone records from the government.
Snowden did a courageous thing by leaking the NSA’s secrets, and continues to engage, as possible, in constructive fashion. If the world responded well to those disclosures, it might lead to a more just world, one much safer for dissent and human relationships. But we — the rest of the world — have not yet delivered on that promise yet, and may not. So a prize for Snowden — no matter how important his actions — may yet reward the merehope of change, not real progress towards it.
The world’s relative inaction in response to Snowden’s warnings does not at all detract from Snowden’s courage. But it does mean it is far too early to conclude that we’ve used this opportunity Snowden gave us to reverse a dangerous dragnet.
Pew released a new poll yesterday that has led to some remarkably bad reporting. The most problematic I’ve seen is the WaPo declaring the “Post-Snowden Era” that suggests the concern for civil liberties purportedly sparked by Edward Snowden’s disclosures has shifted in light of the “real fear” Americans have of ISIS.
We’re now just 15 months removed from Edward Snowden’s first bombshell revelation about the United States’ massive surveillance apparatus. But with Islamic extremists putting down roots in Syria and Iraq, Americans are very much reverting to a pre-Snowden attitude toward civil liberties.
Or perhaps we should call it “post-Snowden.”
While the Snowden revelations led to a lot of American soul-searching when it came to just how much of our civil liberties we want to yield in the name of protecting ourselves from terrorism, the soul-searching has largely come to an end, according to a new poll.
Given that very real fear, it’s perhaps not surprising to see people willing to cash in some of their civil liberties in exchange for peace of mind when it comes to their safety. But it also suggests the shift toward civil libertarianism and the criticism of the National Security Agency in the aftermath of all the Snowden revelations — of which more could certainly come and change things again– were very temporary.
Before I get into why this is so bad, first, look at what the report said. Amidst reporting that people are increasingly worried about “Islamic extremism,” Pew claims,
The survey also finds a shifting balance between concerns about civil liberties and protection from terrorism. In a reversal from last year after Edward Snowden’s NSA leaks, 50% today say they are more concerned that government anti-terrorism policies have not gone far enough to protect the country, while 35% are more concerned that the policies have gone too far in restricting civil liberties.
It claims to be reporting on a “balance” between “government anti-terrorism policies” and “restricting civil liberties.” But here’s what they actually asked: “What concerns you more about the government’s anti-terrorism policies?” In addition to picking either “They have gone too far in restricting the average person’s civil liberties” or “They have not gone far enough to adequately protect the country,” people apparently answered “Both,” “neither,” “approve of policies” (9% of respondents in this poll answered one of those things; the number has varied from 8% to 13% since Pew started doing this question in July 2004), or “don’t know” or “refused” (6% in this poll, which is the all-time low, with the number ranging up to 13%). So around 10% of respondents have consistently rejected the structure of the question.
I’d say there’s a good reason for that: because there is not necessarily any reason to believe there is a balance between counterterrorism and civil liberties. Not to mention, there are plenty of other legitimate concerns about our counterterrorism policy that Pew didn’t poll. What would the polling look like, for example, if it included “Our anti-terrorism policies have involved far too many illegal wars launched against Muslim countries”?
In other words, Pew is asking people to choose, but it doesn’t actually ask respondents to “balance” these two things. Thus by reporting this as a balance, Pew is imposing its own judgment that it is a balance, a belief which its question isn’t designed to measure. Pew just assumes it is so and reports it as such.
Let me interject and say that I am not doubting the polls reflect a very real change in attitudes in recent weeks. Nor am I doubting that a lot of people do believe this is a balance. Nor do I doubt that some of the poll movement is satiation with a civil liberties focus or even a belief that we do have to double down on the dragnet.
It would be very interesting to measure those things, if someone actually asked questions designed to measure them. I am not doubting Pew’s numbers, just what we can conclude from them.
Now let’s go back to the WaPo. It claimed, in part, that polls reflected people choosing to “cash in some of their civil liberties in exchange for peace of mind.” That adopts the same unjustified “balance” interpretation that Pew did (perhaps because Pew used that language in its report). Some people likely are thinking in terms of cashing in their civil liberties, but this poll didn’t actually measure that.
The WaPo reporting is even worse with respect to its claims that Edward Snowden is the sole explanation for higher support for civil liberties last year. Not only does it have a correlation/causation problem, it doesn’t even have correlation.
Pew and WaPo compare — correctly for measurement purposes — last week’s results with the results from a poll taken in the same series July 2013 (though WaPo gets the timing of that poll wrong), just a month after Snowden’s leaks started. It is true that July was — in Pew’s poll — the high point for civil liberties support in its poll, and that an October 2013 poll showed the beginning of a decline in concern for civil liberties and a rise in concern about protecting the country. Therefore it is true that support for civil liberties since a month after the Snowden leaks first started appearing has declined.
Also Pew did a different series of polls tracking opinion about what Snowden disclosed, which is a fair measurement about changes in perception of spying since Snowden’s leaks. That measured a real decline in support for what Pew inaccurately described in questions as NSA’s counterterrorism spying that persisted at least as late as January. In that series, Pew also presumed factually false details about the dragnet. So a flawed series of polls had actually shown increasing disapproval of the dragnet the last time it was released, but we don’t know how that data has changed in the 8 months since it was polled.
But the real problem with WaPo’s proclamation of a post-Snowden era is it doesn’t cite any polling from before the Snowden stories started (Pew’s previous poll in the civil liberties or counterterrorism series was way back in 2010). To make a claim about how much Snowden influenced civil liberties support, you’d have to cite the same poll from before and from after those stories started. WaPo doesn’t do that at all; it just assumes the record high support for civil liberties was caused by Snowden.
Now I wish Pew had polling from just before the Snowden leaks, because they might show something really remarkable.
Consider this CNN poll, taken (from a much smaller sample) on April 30, 2013, just two weeks after the first successful terrorist attack targeted at civilians since the anthrax attacks. It showed a somewhat elevated level of concern that the respondent or a family member might be the victim of a terrorist attack. (It also showed an all time high in that series — 63% — believing that terrorists would always find a way to attack.)
But the most remarkable part of that poll — one which got a lot of coverage at the time — was this question:
Again, this can’t be compared with the Pew poll; the questions and polling methodology are different. Though to the extent they might be comparable, it would support an interpretation of a decline in relative support for civil liberties. It would also, however, raise real questions about whether Snowden was responsible for all or even most of Americans’ heightened support for civil liberties.
But what a poll taken two weeks after an actual terrorist attack and a month before Snowden’s stories started being reported showed that Americans were far more worried that the response to the attack would be a crackdown on civil liberties than they were about needing new anti-terror policies. Americans already showed a remarkably high degree of support for civil liberties.
Now I agree with the WaPo: a slew of polls do show Americans peeing their pants about perceived threats. As the WaPo notes, this NBC/WSJ poll shows more Americans feel less safe now than they have since 9/11 — almost a 20 point spike from this time last year, a year when terrorists actually succeeded in attacking the US.
And I’d love to know what’s behind the numbers on whether changes have been more good than bad. Are so many people peeing their pants because a general malaise has the susceptible to fear-mongering? Does that mean they like or hate the dragnet? Or just the President?
But here’s the thing.
If there is a tie between the way America is peeing its pants and support or not for civil liberties, this is not about actual threats. Here’s what President Obama said last night.
So ISIL poses a threat to the people of Iraq and Syria, and the broader Middle East — including American citizens, personnel and facilities. If left unchecked, these terrorists could pose a growing threat beyond that region, including to the United States. While we have not yet detected specific plotting against our homeland, ISIL leaders have threatened America and our allies.
This is not to say ISIS is not a threat or — more accurately, a very dangerous entity that is currently focused far away from the US. But the President, at least, doesn’t think they’re about to attack Boston.
13 years after 9/11 the American people are far more afraid after a month of fearmongering about an inflated threat than they were last year, weeks after terrorists succeeded in attacking.
But all this seems to be saying that Americans are far more afraid of the fearmongering images than of the actual threat of terrorism. If Americans have changed their relative concern about civil liberties because they are afraid, it’s not the actual threats that are causing that change.
Perhaps Pew should start a new series: Are you more afraid of terrorism, or of what your country will do by inflating the threat of terrorism?
As I pointed out the other day, the CIA IG Report on spying on the Senate Intelligence Committee appears to say the egregious spying happened after John Brennan told Dianne Feinstein and Saxby Chambliss on January 15 CIA had been spying on SSCI.
Agency Access to Files on the SSCI RDINet:
Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.
Agency Crimes Report on Alleged Misconduct by SSCI Staff:
The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.
Office of Security Review of SSCI Staff Activity:
Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on the RDINet system.
With respect to your second question about monitoring of Members of Congress and Legislative Branch employees, in general those individuals will not be subject to [User Activity Monitoring] because their classified networks are not included in the definition of national security systems (NSS) for which monitoring is required.
Because no internally owned or operated Legislative branch network qualifies as a national security system, UAM by the Executive Branch is accordingly neither required nor conducted. To be clear, however, when Legislative Branch personnel access a national security system used or operated by the Executive Branch, they are of course subject to UAM on that particular system.
CIA’s spying on SSCI took place on CIA’s RDI network, not on the SSCI one. SSCI had originally demanded they be given the documents pertaining to the torture program, but ultimately Leon Panetta required them to work on a CIA network, as Dianne Feinstein explained earlier this year.
The committee’s preference was for the CIA to turn over all responsive documents to the committee’s office, as had been done in previous committee investigations.
Director Panetta proposed an alternative arrangement: to provide literally millions of pages of operational cables, internal emails, memos, and other documents pursuant to the committee’s document requests at a secure location in Northern Virginia. We agreed, but insisted on several conditions and protections to ensure the integrity of this congressional investigation.
Per an exchange of letters in 2009, then-Vice Chairman Bond, then-Director Panetta, and I agreed in an exchange of letters that the CIA was to provide a “stand-alone computer system” with a “network drive” “segregated from CIA networks” for the committee that would only be accessed by information technology personnel at the CIA—who would “not be permitted to” “share information from the system with other [CIA] personnel, except as otherwise authorized by the committee.”
It was this computer network that, notwithstanding our agreement with Director Panetta, was searched by the CIA this past January,
Presumably, those limits on access should have prevented CIA’s IT guys from sharing information about what SSCI was doing on the network. But it’s not clear they would override Clapper’s UAM.
Remember, too, when Brennan first explained how this spying didn’t qualify as a violation of the Computer Fraud and Abuse Act, he said CIA could conduct “lawfully authorized … protective … activity” in the US. Presumably like UAM.
I have no idea whether this explains why CIA’s IG retracted what Feinstein said had been his own criminal referral or not. But I do wonder whether the CIA has self-excused some of its spying on SSCI in the interest of continuous user monitoring?
If so, it would be the height of irony, as UAM did not discover either Chelsea Manning’s or Edward Snowden’s leaks. Imagine if the only leakers the Intelligence Community ever found were their own overseers?
In an interview with the Guardian published yesterday, Edward Snowden claimed that compromising pictures get shared around NSA.
Made a startling claim that a culture exists within the NSA in which, during surveillance, nude photographs picked up of people in “sexually compromising” situations are routinely passed around.
The usual whiners are suggesting Snowden is making this up and demanding proof.
They seem to have forgotten the proof we’ve already seen of NSA officially retaining sexually compromising material. Here’s what Bart Gellman described in a follow-up to WaPo’s recent report on the data collected under Section 702.
Among the large majority of people who are not NSA targets, many of the conversations in our sample are exceedingly private. Often they are very far from publishable, without editing.
Him: “How about you [verb, possessive adjective, noun]
Her: “I [verb] if you [another verb].”
Him: “That can be arranged.”
Her: “I really need punishment.”
Another young woman, also not a target, responds to a suitor who proposes to pay a visit.
Her: “don’t think that would b fair on the guy im seeing”
Him: “you can be a bit naughty at times lol”
Her: “Yeah lol”
The conversation proceeds from there.
This is stuff officially retained by NSA. This is stuff they claim has foreign intelligence value. This is sexually compromising. And Gellman says many of the retained communications are like that.
Sure, I get that NSA wants to contact chain on who’s fucking whom, just as they want to chain on who’s calling whom. But to do that, they’re retaining smut.
In addition to its exposure of the sheer senselessness of much of the spying NSA engages in, yesterday’s WaPo story also shows that the government’s assurances that Edward Snowden could not access raw data have been misplaced.
For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material.
As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists.
“He didn’t get this data,” Alexander told a New Yorker reporter. “They didn’t touch —”
“The operational data?” the reporter asked.
“They didn’t touch the FISA data,” Alexander replied. He added, “That database, he didn’t have access to.”
Robert S. Litt, the general counsel for the Office of the Director of National Intelligence, said in a prepared statement that Alexander and other officials were speaking only about “raw” intelligence, the term for intercepted content that has not yet been evaluated, stamped with classification markings or minimized to mask U.S. identities.
“We have talked about the very strict controls on raw traffic, the training that people have to have, the technological lockdowns on access,” Litt said. “Nothing that you have given us indicates that Snowden was able to circumvent that in any way.”
In the interview, Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA’s Hawaii operations center gave him “unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ‘Dual Authorities’ role,” a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content — and “task” new collection — without prior approval of his search terms.
No one should ever have believed those assurances.
That’s because the documentation on the Section 215 program makes it clear how little oversight there is over tech people just like Snowden. The current phone dragnet order, for example, makes it clear that:
The audit language in the dragnet order applies only to “foreign intelligence analysis purposes or using foreign intelligence analysis tools,” suggesting the tech analysis role access to the dragnet data is not audited.
Language in the order defining “NSA” suggests contractors may access the data (though it’s unclear whether they do so in a technical or intelligence analysis function); something made explicit in Dianne Feinstein’s bill.
That is, it is at least possible that Booz analysts are currently conducting audit-free tech massaging of the raw phone dragnet data.
And NSA knew this access was a vulnerability. As recently as 2012, tech analysts were found to have 3,000 files worth of phone dragnet data (it’s unclear how much data each file included) on an improper server past its required destruction date. NSA destroyed that data before definitively researching what it was doing there.
Thus, the risk of tech analyst breach is very real, and no one — not NSA, and not Congress, which has only codified this arrangement — seems to be addressing it.
Indeed, it is likely that some kind of Booz-type contractors will continue to have direct access to this data after it gets outsourced to the telecoms, otherwise USA Freedumber would not extend immunity to such second-level contractors.
For months, intelligence officials claimed not only that Snowden had not accessed raw data, but could not. That was always a dubious claim; even if Snowden couldn’t have accessed that data, other contractors just like him could and still can, with less oversight than NSA’s intelligence analysts get.
But it turns out Snowden could and did. And thanks to that, we now know many of the other claims made by government witnesses are also false.
I’ve decided the best way to digest the collection of documents released by Spiegel this week is to do a working thread. You can find links to the individual files here, or a very big PDF of all files here.
Note they describe using XKeyscore for “behavior detection techniques.” Even in physical space, it’s not clear current science supports the validity of such behavior detection. But this involves using someone’s online behavior to translate “behavior” into suspicion.
In the list of topics they share on, there’s Der Spiegel has redacted the place in “Europeans traveling to [redacted] to fight.” That’s presumably Syria (though could be Somalia). It’d be interesting to see the lead time on this international sharing and the time it shows up in news articles.
Note the reference to using XKeyscore for (German) domestic warranted content.
In October 2011, SSG partnered with SUSLAG and BND to conduct a demonstration of XKEYSCORE to the BfV using BfV domestic warranted collection. The BND XKEYSCORE system successfully processed DSL wiretap collection belonging to a German domestic CT target.
I’ve long wondered whether they can use XKS for US domestic content. This would seem to suggest they can. It sort of makes you wonder whether they’d give XKS to telecoms under USA Freedumber?
Note the other documents describe the partnership primarily in terms of CT, but this document makes it clear it also includes transnational crime and counternarcotics, Afghan support, and one redacted topic.
Note cyber is something that is later described as something NSA is pushing (in January 2013) to get BND to partner on. This document describes IAD as leading discussions at this point (January 2013); but described a follow-up meeting with NTOC and FAD that same month.
Note Germany’s role in translating Igbo, left unredacted. This, and a number of other redacted references, seems to suggest the Germans play a key role in our collection and analysis of intelligence from Nigeria. Note, that might support the notion that one of the redacted sharing purposes is energy-related.
Germany appears to play a key role in our GSM collection. Note they also play a key role in VoIP, which may be why they were so interested in accessing Skype. Germany has already changed its privacy law to help us, but NSA isn’t satisfied. I’m reminded of US Ambassador to Germany Philip Murphy’s bitching about Germans not understanding the need to share information in the Internet era.
In 2012, Boundless Informant was going to soon roll out a “if you like this you’ll like this” query suggestion mode.
I’ve been tracking Keith Alexander’s utterly predictable new gig, getting rich off of having drummed up cybersecurity concerns for the last several years, while at the same time shacking up with the most dubious of shadow bank regulators, Promontory Financial Group.
Apparently, I’m not the only one. Alan Grayson just sent some of the entities that Alexander has been drumming up business with — the Security Industries and Financial Markets Association, Consumer Bankers Association, and Financial Services Roundtable — a letter asking how the former NSA Director can be making a reported $600,000 a month. He cites Bruce Schneier wondering whether part of the deal is that Alexander will share classified information he learned while at NSA.
Security expert Bruce Schneier noted that this fee for Alexander’s services is on its face unreasonable. “Think of how much actual security they could buy with that $600K a month.Unless he’s giving them classified information.” Schneier also quoted Recode.net, which headlined this news as: “For another million, I’ll show you the back door we put in your router.”
Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you.
Please send me all information related to your negotiations with Mr. Alexander, so that Congress can verify whether or not he is selling military and cybersecurity secrets to the financial services industry for personal gain.
Alexander is just the latest of a long line of people who profit directly off driving up the cybersecurity threat. But — as Recode.net notes — he’s also got the kind of inside information that could be particularly valuable.
As the Intelligence Industrial Complex and the Banking industry hop into bed together, there ought to be some transparency about just what kind of deals are being made. There’s simply too much immunity handed out to this community to let boondoggles like Alexander’s slide.
The intelligence community is subjecting every low level clearance holder to intense scrutiny right now. But thus far, there has not been a peep from those quarters that the former DIRNSA could command these fees for the expertise gained while overseeing the nation’s secrets.
I was asked to participate in a CATO debate about where we are a year post Snowden. My contribution to that debate — in which I argue any big drama going forward will come from the newly adversarial relationship between Google and the NSA — is here.
As part of that, I argued that the government made a choice after Snowden: to double down on hard power over soft power.
The conflict between Google and its home country embodies another trend that has accelerated since the start of the Snowden leaks. As the President of the Computer & Communications Industry Association, Edward Black, testified before the Senate last year, the disclosure of NSA overreach did not just damage some of America’s most successful companies, it also undermined the key role the Internet plays in America’s soft power projection around the world: as the leader in Internet governance, and as the forum for open speech and exchange once associated so positively with the United States.
The U.S. response to Snowden’s leaks has, to a significant degree, been to double down on hard power, on the imperative to “collect it all” and the insistence that the best cyberdefense is an aggressive cyberoffense. While President Obama paid lip service to stopping short of spying “because we can,” the Executive Branch has refused to do anything – especially legislatively – that would impose real controls on the surveillance system that undergirds raw power.
And that will likely bring additional costs, not just to America’s economic position in the world, but in the need to invest in programs to maintain that raw power advantage. Particularly given the paltry results the NSA has to show for its domestic phone dragnet – the single Somali taxi driver donating to al-Shabaab that Sanchez described. It’s not clear that the additional costs from doubling down on hard power bring the United States any greater security.
Because I was writing this essay, that’s largely where my mind has been as we debate getting re-involved in Iraq.
In the 3 or 4 wars we’ve waged in the Middle East/South Asia since 9/11 (counting Afghanistan, Iraq, Libya, and Syria), we’ve only managed to further destabilize the region. That was largely driven by a belligerence that goes well beyond our imperative to collect it all.
But I do think both the Snowden anniversary and the Iraq clusterfuck should focus far more energy on how we try to serve American interests through persuasion rather than bombs and dragnets.