Edward Snowden’s revelations have shed much light on how secret government programs are collecting huge amounts of telephone, email and other electronic data generated by every US citizen even though, as Marcy has shown repeatedly, claims that collecting all of this data have enabled the capture of terrorists turn out to be significantly overblown. Sadly, it’s not just records of our communications that the government is collecting. The FBI is taking the lead in putting together what it calls Next Generation Identification. This program will expand the conventional FBI fingerprint database to include significant amounts of biological, or biometric data. From the FBI’s own description:
The future of identification systems is currently progressing beyond the dependency of a unimodal (e.g., fingerprint) biometric identifier towards multimodal biometrics (i.e., voice, iris, facial, etc.). The NGI Program will advance the integration strategies and indexing of additional biometric data that will provide the framework for a future multimodal system that will facilitate biometric fusion identification techniques. The framework will be expandable, scalable, and flexible to accommodate new technologies and biometric standards, and will be interoperable with existing systems. Once developed and implemented, the NGI initiatives and multimodal functionality will promote a high level of information sharing, support interoperability, and provide a foundation for using multiple biometrics for positive identification.
Wait. See that “etc.” in the “voice, iris, facial, etc”? Given the government’s behavior on electronic data, throwing in an “etc.” on biometric data is pretty unnerving. Impressive work is being done by the Electronic Privacy Information Center to shed light on just what the government is up to with Next Generation Identification. Here is their description of the program:
The Federal Bureau of Investigation is developing a biometric identification database program called “Next Generation Identification” (NGI). When completed, the NGI system will be the largest biometric database in the world. The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database. Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Drivers license photos and other biometric records collected by civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. There are an estimated 30 million surveillance cameras in the United States. The NGI system will be integrated with CCTV cameras operated by public agencies and private entities.
So just as the government has moved far beyond tapping communications only with a warrant to include the communications of innocent civilians, biometric identifiers of innocent civilians will be included in NGI alongside identifiers of known criminals. And what could possibly go wrong with our information being assembled in this way? Here’s how EPIC says the database will be built and maintained: Continue reading
Chuck Grassley just released a summary of violations of NSA authority he requested back in August.
The data is pretty meaningless. As I have shown, NSA’s own internal reporting shows about 9% (and up to 20% in some categories) of its violations are “due diligence” violations, which are violations of rules that an analyst knows (human error, intelligence error, and training are treated as distinct violations). If today’s hearing was any indication, the Senate Intelligence Committee seems to have no understanding that 9% of all violations are willful violations of rules.
All that said, of the 12 incidents the NSA reported (there are 3 incidents still under investigation), fully half appear to be committed by members of different agencies (though one of those was a military person reported to NSA). That’s a lot of other agency personnel abusing SIGINT authorities they’re granted access to.
And note, DOJ has never prosecuted any of these. In just about all cases where DOJ gets a referral, the person resigns before being charged. The UCMJ does better — DOD has punished two people.
Jim Comey has officially been in charge of the FBI for less than two weeks.
Today, in honor of Constitution Day, the ACLU just released a report showing how the FBI’s expanded mandate since 9/11 has led to Constitutional abuses.
Most of the details of the report have been reported here in depth. But the Big Data section includes some details I haven’t covered. It explains:
FBI collects Suspicious Activities Reports that duplicate — but lower the standard for — an existing database
Another major problem is that eGuardian effectively competes with another federal government SAR. The Intelligence Reform and Terrorism Prevention Act of 2004 established the Information Sharing Environment (ISE) to serve as the conduit for terrorism-related information sharing between state and local law enforcement and the federal government.114 A March 2013 Government Accountability Office report found that though the two programs share information between them, eGuardian uses a lower evidentiary threshold for inclusion of SARs, which creates risks and privacy problems.
FBI will soon have the equivalent of 20 pieces of intelligence on every American — and they share this broadly
An FBI budget request for fiscal year 2008 said the FBI had amassed databases containing 1.5 billion records, and two members of Congress described documents predicting the FBI would have 6 billion records by 2012, which they said would represent “20 separate ‘records’ for each man, woman and child in the United States.”119
According to a 2012 Systems of Records Notice covering all FBI data warehouses, the information in these systems can be shared broadly, even with foreign entities and private companies, and for a multitude of law enforcement and non-law enforcement purposes.133
There’s far more in the report, chronicling the slow creep of abusive FBI techniques since 9/11.
Sadly, given that this has all been treated as legal, I doubt that Comey will do anything about it, even with ACLU’s demonstration that the dragnet has led FBI to miss real crimes.
Last night, The Smoking Gun and then CBS reported on the latest sting carried out by our government to keep us safe from people too stupid for their own good. This time, instead of the FBI setting up the security theater sting, it was an undercover agent for ICE, or Immigration and Customs Enforcement within the Department of Homeland Security. The criminal complaint (pdf) filed yesterday is written by an ICE Special Agent working out of Miami (I’ll return later to the ironic job position she holds).
Once again, as we see repeatedly in the government’s adventures in security theater, we appear to have ensared a small-time hustler but will undoubtedly play this up as a major interdiction of international terrorism. The hustler this time is one Patrick Campbell, who stands accused of brokering a deal to sell U3O8 to Iran. Campbell apparently was promising to ship 1000 tons of the processed uranium ore, but was arrested in New York
yesterday Wednesday when he entered the country from Sierra Leone, where he reportedly lives.
How was Campbell caught? Here is how the complaint describes the elaborate trap ICE devised:
Yup. Everybody knows that Iran absolutely would go shopping for uranium on alibaba.com. Note that ICE does not appear to be able to get their high-tech document production equipment to produce subscripts. There really is no such thing as Uranium 308 or U308. Writing it that way makes it look like they are referring to a uranium isotope. The naturally occurring isotopes of uranium are listed here, where we see that the atomic masses range from 232 (= U-232) to 238 (=U-238). The isotope of interest is U-235, which occurs in nature as only 0.7% of the uranium atoms. Uranium is mined as raw ore which is chemically treated to produce U3O8, which is otherwise known as yellowcake. For further processing, the yellowcake is then converted to UF6 gas and then put into gas centrifuges where the mixture is selectively enriched for the U-235 isotope. Low-grade enriched uranium has the U-235 enriched from the naturally occurring 0.7% to the range of 3-5%. Iran has also produced mid-grade uranium at 20% U-235 for its research reactor used to produce medical isotopes, but this still falls short of the 90% or so U-235 needed for a nuclear weapon.
It would appear that ICE ran this scam on such a short budget that they wouldn’t even front Campbell the money for travel to the US from Sierra Leone. In his negotiations with the undercover agent, Campbell demonstrated a pitiful level of awareness of operational security. The complaint notes many communications with Campbell by email, telephone and Skype. There is no indication that any of the communications were encrypted. The extent of his op-sec appears to be his brilliant use of an acronym to refer to the transaction:
Campbell finally made it to New York
yesterday Wednesday, where he was promptly arrested. Here is how The Smoking Gun opened their report:
A foreigner who agreed to sell undercover Homeland Security agents 1000 tons of yellowcake uranium for shipment to Iran was arrested yesterday when he flew into the United States with uranium samples hidden inside the soles of shoes in his luggage, The Smoking Gun has learned.
Wow. He tried to hide his yellowcake samples in the soles of his shoes, which he then put into checked baggage.
This whole episode is stupid and wasteful on a wide range of levels.
First, Iran purchased huge stockpiles of yellowcake back in the days of the Shah. Continue reading
One of the more colorful revelations in today’s Guardian scoop is the newsletter piece that describes increased sharing of PRISM (Section 702) data with FBI and CIA.
The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.
The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that “enables our partners to see which selectorsthe National Security Agency has tasked to Prism”.
The document continues: “The FBI and CIA then can request a copy ofPrism collection of any selector…” As a result, the author notes: “these two activities underscore the point that Prism is a team sport!”
But that’s something that has actually been built into the program for years. While the Joint IG Report on the illegal wiretap program claimed,
NSA also was responsible for conducting the actual collection of information under the PSP and disseminating intelligence reports to other agencies such as the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), and the Office of the Director of National Intelligence (ODNI) National Counterterrorism Center (NCTC) for analysis and possible investigation.
The Draft NSA IG Report explained,
Coordination with FBI and CIA. By 2004, four FBI integrees and two CIA integrees, operating under SIGINT authorities in accordance with written agreements, were co-located with NSA PSP-cleared analysts. The purpose of co-locating these individuals was to improve collaborative analytic efforts.
And the minimization procedures released by the Guardian (which date to 2009), make it clear NSA can provided unminimized content to CIA and FBI on whatever selectors they request.
(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.
(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.
And none of that should be surprising, given the tasking slide — above — that was first published by the WaPo. FBI, at least, is solidly in the midst of this collection, for a program deemed to be foreign intelligence collection.
There have been a variety of claims about all this team sport participation. But I’m not convinced any of them explain how all this works.
And in perhaps related news, the Fifth Circuit today said that Nidal Hasan could not have access to the FISA material on him, in spite of the fact that William Webster published a 150 page report on it last year. Legally, that material should be utterly distinct from PRISM, since a wiretap on Anwar al-Awlaki would require a specific FISA warrant (and the latest Guardian scoop refers to expanded cooperation since 2012). But I suspect the reason Hasan, the FISA evidence against whom has already been extensively discussed, can’t see it is because we would see what this actually looks like from the FBI side.
DOJ has to protect its team, you know.
I’ve been focusing on Edward Snowden’s NSA revelations, but I didn’t want this tidbit of news to go unnoticed. Among the other documents EFF has gotten in its FOIA on drones in the United States is a planning document for Customs and Border Patrol’s use of the Predator drone. In it, there’s one line that suggests future upgrades (the report dates to 2010) might include non-lethal immobilization technology.
A Customs & Border Protection (CPB) report, released in response to EFF’s Freedom of Information Act lawsuit against the agency, shows CBP has considered adding weapons to its domestic Predator drones.
The report, titled “Concept of Operations for CBP’s Predator B Unmanned Aircraft System” and submitted to Congress on June 29, 2010 shows that, not only is the agency planning to sharply increase the number of Predator drones it flies and the amount of surveillance it conducts by 2016 (detailed further in a separate blog post tomorrow), but it has considered equipping its Predators with “non-lethal weapons designed to immobilize” targets of interest. (p. 63).
And remember: CBP loans out its drones to other Federal agencies. I suspect when Robert Mueller testified recently that FBI had used drones he had CBP ones in mind.
So the next time LAPD uses loaner drones in a manhunt across Southern California, that drone may well be armed with industrial sized tasers.
But the thing is, it doesn’t come out and explain whether and if so how it continues to go on.
This passage, written in the present tense, sure seems to suggest it continues.
MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.
The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.
What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see. “You could do analyses that give you more information, but the law and procedures don’t allow that,” a senior U.S. intelligence lawyer said.
Yet buried in the last paragraphs of the story, WaPo’s sources suggest “the NSA is no longer doing it.” Or — as elaborated — doing “it” under the guise of and with the oversight of the FISA court.
As for bulk collection of Internet metadata, the question that triggered the crisis of 2004, another official said the NSA is no longer doing it. When pressed on that question, he said he was speaking only of collections under authority of the surveillance court.
“I’m not going to say we’re not collecting any Internet metadata,” he added. “We’re not using this program and these kinds of accesses to collect Internet metadata in bulk.”
I keep saying this: sources on this story are trying hard to get us to focus on a few programs managed by FBI and NSA under two particular provisions of law that happen to have (secret, limited) court oversight, Section 215 of the PATRIOT Act and the FISA Amendments Act. But that leaves out several other likely candidates to conduct such intelligence analysis, notably the NCTC. And it leaves out other potential sources of collection, such as cybersecurity in the name of self-defense.
The discussion about the various “NSA” programs we’ve seen so far have discussed only how NSA works with FBI. FBI requests the dragnet phone information and hands it over to NSA. NSA negotiates direct access to internet companies that allow FBI to make direct queries.
We’ve heard from Keith Alexander about what NSA does — its only use of Section 215, he said, was the phone records.
We heard from Robert Mueller who gave less clear answers about what FBI does and does not do.
But we have yet to have direct testimony from James “least untruthful too cute by half” James Clapper. Mind you, we’ve gotten several fact sheets and Clapper’s hilarious interview with Andrea Mitchell. Just no specific public testimony.
And curiously, in the DNI’s own fact sheets, he doesn’t specify who does what, aside from describing the statutory role his position and the Attorney General play in authorizing FAA 702 orders. He doesn’t say what FBI does, what NSA does … or what his own organization does.
That’s important, because in addition to overseeing all intelligence, Clapper’s office also includes the National Counterterrorism Center. And the NCTC is the entity in charge sharing data. Indeed, it is statutorily required to have access to everything.
[The National Security Act] provides that “[u]nless otherwise directed by the President, the Director of National Intelligence shall have access to all national intelligence and intelligence related to the national security which is collected by any federal department, agency, or other entity, except as otherwise provided by law, or as appropriate, under guidelines agreed upon by the Attorney General and the Director of National Intelligence.
That means, presumably, that NCTC is doing a lot of the work that NSA and FBI are making narrow denials about.
But it also means that NCTC can play with these databases — the dragnet and the access via PRISM to 702 data — as well as any other data in the Federal government, including databases that John Brennan gave it the ability to go get.
So here’s the thing. When Keith Alexander gives you pat reassurances about how limited NSA’s access to Americans’ call data is, that may disclose a whole lot more intrusive data mining over at James Clapper’s shop.
Remember, here is what James Clapper was initially asked.
Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?
Clapper: No, sir.
Wyden: It does not?
Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.” [my emphasis]
His first attempt to walk back that lie went like this:
What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. [my emphasis]
His second attempt to walk it back went like this:
ANDREA MITCHELL: Senator Wyden made quite a lot out of your exchange with him last March during the hearings. Can you explain what you meant when you said that there was not data collection on millions of Americans?
JAMES CLAPPER: First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.
And again, to go back to my metaphor. What I was thinking of is looking at the Dewey Decimal numbers– of those books in that metaphorical library– to me, collection of U.S. persons’ data would mean taking the book off the shelf and opening it up and reading it.
ANDREA MITCHELL: Taking the contents?
JAMES CLAPPER: Exactly. That’s what I meant. Now–
ANDREA MITCHELL: You did not mean archiving the telephone numbers?
All of those efforts were, by context at least, limited exclusively to NSA. They don’t address, at all, what NCTC might do with this data (or, for that matter, FBI).
So what does the NCTC do with the data that NSA and FBI have issued careful denials about?
Update: I’m going to replicate a big chunk of this post on the oversight over NCTC’s use of other agencies data, complete with the bit about how the guy in charge of it thought Cheney’s illegal program was the shit.
Back when John Negroponte appointed him to be the Director of National Intelligence’s Civil Liberties Protection Officer, Alexander Joel admitted he had no problem with Cheney’s illegal domestic wiretap program.
The Washington Post has a long article detailing how the FBI held onto their original suspect in the case of letters laced with ricin sent to various political figures long after they knew that he was innocent and had obtained evidence pointing to James Everett Dutschke, who now has been jailed for the crime. The article did a very good job of drawing the parallel of the FBI’s arrest and mistreatment of Elvis impersonator Paul Kevin Curtis in this case with the Amerithrax investigation that falsely targeted Steven Hatfill after the anthrax attacks of 2001:
After keeping Elvis impersonator Paul Kevin Curtis in jail for a week, interrogating him while he was chained to a chair and turning his house upside down, federal authorities had no confession or physical evidence tying him to the ricin-laced letters sent to President Obama and other public officials.
“They wanted to keep Mr. Curtis in custody while they built a case,” said Hal Neilson, a former FBI agent who is Curtis’s attorney. “They knew early on he wasn’t the right guy, but they fought to hold on to him anyway.”
Criminal justice experts say the arrest of Curtis without any physical evidence to tie him to the crime harks back to the investigation of bioweapons expert Steven J. Hatfill, who was falsely accused of the 2001 anthrax-letter attacks that killed five people. Like Curtis, Hatfill had an unpublished novel that seemed to tie him to the crime.
With Curtis, however, experts said the FBI’s leap was larger.
“Hatfill had technical qualifications and a background that also led the FBI to zero in on him, but this guy is an Elvis impersonator with an apparent history of mental instability and a Facebook page with some distinctive and curious language on it,” said Amy E. Smithson, a senior fellow with the James Martin Center for Nonproliferation Studies who studies biological weapons.
The circumstantial case against Dutschke appears quite strong on its own, given the ongoing feud he was known to have with Curtis. One bit that somewhat supports Dutshcke possibly being capable of acting on his own to produce the ricin found in the letters comes from the widespread knowledge that Dutschke is quite intelligent, although his membership in Mensa was used by Curtis as part of the ongoing feud.
But what is the nature of the evidence that is known at the current time linking Dutschke to the crime? Unlike the Georgia wanna-be ricin terrorists, where the FBI only found the criminals to be in possession of intact castor beans and an unworkable plan, the ricin in this case was actually processed somewhat. From the criminal complaint (pdf): Continue reading
Yesterday, charges against Paul Kevin Curtis that he sent letters testing positive for ricin to Senator Lowell Wicker and the White House were dropped. It is quite encouraging that the FBI would this time choose not to continue harassing Curtis once they realized they had no evidence against him, unlike their behavior in the Amerithrax case where they pursued Steven Hatfill for years (until paying out a $2.8 million dollar settlement) and drove Bruce Ivins to his grave on the basis of evidence that couldn’t withstand scrutiny.
Curtis was true to his quirky and colorful character yesterday after being released, and the New York Times reported how he explained at a subsequent press conference that he had no idea what ricin is:
Mr. Curtis, a party entertainer who dresses and sings as Elvis, Prince, Johnny Cash, Bon Jovi and others, had been in jail since Wednesday. He said he had never even heard of ricin. “I thought they said rice,” he said. “I said I don’t even eat rice.”
Curtis was already known to local officials when the tainted letters surfaced and most press coverage of his arrest provided details about why he wrote so many letters before the tainted ones emerged. From a Washington Post article on his arrest:
But a darker world apparently also existed for Curtis, according to frequent writings on social media Web sites, legal records and a lengthy trail of letters sent previously to lawmakers from Mississippi to Capitol Hill.
The man the FBI says unnerved much of official Washington this week, leaving mail handlers, staffers and aides seeing danger in any crinkled or unmarked envelope, was also a well-practiced conspiracy theorist. He wrote online that Elvis-impersonating contests had become rigged and politicized.
Many of his diatribes revolved around conspiracy theories, on which he blamed many of the malignancies in his life. The broken relationships, the financial duress, the increasing isolation he perceived — all grew out of an episode when he was working in a morgue as a contract cleaner, according to an online post on ripoffreport.com, which was signed, “I am Kevin Curtis and I approve this message.”
According to the long, detailed post, Curtis accidentally discovered bags of body parts in the morgue and reported his finding to authorities, who immediately made him a “person of interest where my every move was watched and video taped.” He described cameras zooming in on him and said he was followed by agents.
So the picture painted when he was arrested and charged was that Curtis was a disturbed person who was so crazy he believed that there is a black market in human body parts and that he was being persecuted for exposing a portion of that market. Interestingly, now that the charges against him have been dropped, the New York Times piece linked above makes no mention of the conspiracy theory while today’s Washington Post story makes only a very brief reference to it in a list of other portions of his life story:
Curtis is known for detailed Internet diatribes, his long-held conspiracy theory about underground trafficking in human body parts — which he has turned into a novel-in-progress called “Missing Pieces” — and his work as an Elvis impersonator. The Corinth, Miss., man has been arrested four times since 2000 on charges that include cyber-harassment.
Curtis’ account of discovering evidence of illegal body part trafficking stood out to me because I knew that such illegal trafficking in fact exists. A local firm here in Gainesville has been in the middle of an ugly story unfolding around the difficult legal and ethical issues relating to how tremendous advances in medical science have driven a huge demand for human tissue and bone.
Most people are quite aware of the process of organ transplantation and how organ donation either through advance planning or by surviving family members signing off on donation saves many lives. But there also are many medical procedures that rely on human bone or tissue that has been processed.
Back in July of 2012, the International Consortium of Investigative Journalists posted a long article that goes into the details of the black market for human tissue and bones and how this market is driven by the huge profits to be made: Continue reading