Need more of it than usual given the wacky stuff I’ve been reading into the wee hours over the weekend — like this stuff:
Former DHS Secretary now University of California prez surveils staff emails
Holy cats. This is ugly. After an alleged network security breach in June last year at UCLA’s medical center, an outside party was contracted by University of California president Janet Napolitano to monitor networks at all of University of California’s campuses. Collection of content both inbound and outbound, in violation of UoC-Berkeley’s IT policy, is alleged. UCOP has been opaque about the reason for the monitoring or data collection. Keep an eye on this case.
DDoS attack on HSBC crimps UK freelancers’ tax filing
The end of January in the United Kingdom is the filing deadline for the self-employed. Unfortunately, those who banked with HSBC lost access to their records for roughly four hours on Friday due to a distributed denial of service (DDoS) attack. It’s the second service outage inside a month for HSBC. The last outage lasted roughly two days but was not attributed to a DDoS. If UK lawmakers were testy after the first outage in January, they’re going to be ugly today.
Oil crash: massive wealth transfer, or increased dependency on oil?
Francisco Blanch, Commodities and Derivatives Strategist at BofA Merrill Lynch, claims plummeting oil prices have transferred roughly $3 trillion to consumers away from oil producers, and the resulting uptick in consumption will spur the economy. This assumption neatly ignores the likelihood consumers will have to pay one way or another for increasing losses due to unchecked climate change. Buying more insurance against weather damage and paying more taxes to replace infrastructure, as well as paying more for food due to crop losses won’t stimulate anything but consumer frustration.
War of words inside military about F-35’s readiness
In a December memo, the Defense Department’s director of operational test and evaluation Michael Gilmore wrote that the Joint Program Office’s July 2017 deadline for the F-35 jet’s full warfighting capability is “not realistic.” Software completion, testing and debugging is the risk. Folks in JPO are pushing back, with at least one official grousing online. So not cool, JPO. Address the concerns and then get to work on that software. Americans are paying for a working jet, not trash talk on Facebook.
Speaking of military…Sonic boom(s) caused minor earthquake in New Jersey
Just for fun, browse through a Twitter search for tweets from last Friday. Something caused more than one sonic boom — perhaps as many as nine — loud enough to register as an earthquake on USGS’ meters. At first, the military said it knew nothing about it, claiming there are no training exercises or other missions in the area. NASA’s Wallops Flight Facility-Virginia, Federal Aviation Administration, and the North American Aerospace Defense Command had no knowledge of flights in the area capable of generating sonic booms. But then the Navy piped up later, saying the Naval Test Wing Atlantic had been conducting test flights. Though not named, the F-35 fighter is believed to be the source of the booms. Were JPO and Lockheed Martin trying to make a rather loud and indiscreet point?
Or were the sonic booms due to some other unknown/unspecified cause, given Joint Base McGuire-Dix-Lakehurst’s inability to explain the booms when asked? USGS’ website is still taking feedback from folks in New Jersey — did you feel the earth move, too?
Time to taper off from espresso and move to an Americano. Hope your Monday is as caffeinated as you need it to be.
I’m preparing to do a series of posts on CISA, the bill passed out of SSCI this week that, unlike most of the previous attempts to use cybersecurity to justify domestic spying, may well succeed (I’ve been using OTI’s redline version which shows how SSCI simply renamed things to be able to claim they’re addressing privacy concerns).
But — particularly given Richard Burr’s office’s assurances this bill is great because “business groups like the Financial Services Roundtable and the National Cable & Telecommunications Association have already expressed their support for the bill” — I wanted to raise a question I’ve been pondering.
To what extent have banks won themselves immunity by serving as intelligence partners for the federal government?
I ask for two reasons.
First, when asked why she, along with Main Justice’s Lanny Breuer, authorized the sweetheart deal for recidivist transnational crime organization HSBC, Attorney General nominee Loretta Lynch implied that there was insufficient admissible evidence to try any individuals associated with this recidivism.
I and the dedicated career prosecutors handling the investigation carefully considered whether there was sufficient admissible evidence to prosecute an individual and whether such a prosecution otherwise would have been consistent with the principles of federal prosecution contained in the United States Attorney’s Manual.
That’s surprising given that Carl Levin managed to come up with 300-some pages of evidence. Obviously, there are several explanations for this response: she’s lying, the evidence is inadmissible because HSBC provided it willingly thereby making it unusable for prosecution, or the evidence was collected in ways that makes it inadmissible.
It’s the last one I’ve been thinking about: is it remotely conceivable that all the abundant evidence against banksters their regulators have used to obtain serial handslaps is for some reason inadmissible in a criminal proceeding?
I started thinking about that as a real possibility when PCLOB revealed that Treasury’s Office of Intelligence and Analysis has never once — not in the 30-plus years since Ronnie Reagan told them they had to — come up with minimization procedures to protect US person privacy with data collected under EO 12333. Maybe that didn’t matter so much in 1981, but since 2004, Treasury has had an ever-increasing role in using intelligence (collected from where?) to impose judgments against people with almost no due process. And those judgements are, in turn, used to impose other judgments on Americans with almost no due process.
The thing is, you’d think banks might care that Treasury wasn’t complying with Executive Branch requirements on privacy protection. Not only because they care (ha!) about their customers, whether American or not, but because many of them are, themselves, US persons. US bank US person status should limit how much Treasury diddles with bank-related intelligence, but Treasury doesn’t appear bound by that.
Which leads me to suspect, at least, that there’s something in it for the banks, something that more than makes up for the serial handslaps for sanctions violations.
And one possibility is that because of the way this data is collected and shared, it can’t be used in a trial. Voila! Bank immunity.
All that’s just a wildarsed guess.
But one made all the more pressing given that Treasury is among the Appropriate Federal Entities that will be default intelligence recipients for cyber information under CISA.
(3) APPROPRIATE FEDERAL ENTITIES.—
The term ‘‘appropriate Federal entities’’ means the following:
(A) The Department of Commerce.
(B) The Department of Defense.
(C) The Department of Energy.
(D) The Department of Homeland Security.
(E) The Department of Justice.
(F) The Department of the Treasury.
(G) The Office of the Director of National Intelligence.
To some degree, this is not in the least bit surprising. After all, financial regulators have increasingly made cybersecurity a key regulatory concern of late, so it makes sense for Treasury to be in the loop.
But banksters rarely — never! — add regulatory exposure for themselves without a fight and, as Burr’s office has made clear, the banks love this bill.
One more datapoint, back to HSBC. As I noted when Lanny Breuer and Loretta Lynch announced that handslap, Breuer neglected to mention that HSBC was getting a handslap not just for helping cartels profit off drugs, but also helping terrorists fund their activities (at the time Pete Seda was being held without bail on charges the government insisted amounted to material support for terrorists for handing a check to Chechens using cash that had come indirectly from HSBC). The actual settlement, however, made mention of it by explaining that HSBC had “assisted the Government in investigations of certain individuals suspected of money laundering and terrorist financing.” By dint of that cooperation, in other words, HSBC went from being a material supporter of terrorism to being a deputy financial cop. And Breuer expanded that notion of banks serving as deputized financial cops thereafter.
Are the methods and terms by which we’re collecting all this financial intelligence to use against some bad guys precisely what prevents us from holding the even bigger bad guys — the ones affecting far more of us directly, in the form of the houses we own, the towns we live in, the opportunity costs paid to financial crime — accountable?
And will this system now be replicated under CISA (or has it, already) as banks turn into cyber crime deputized cops?
Loretta Lynch is an excellent nominee for Attorney General, and her prior actions in whitewashing the blatant and rampant criminality of HSBC should not be held against her, because she didn’t know that at the time she last whitewashed that criminal enterprise, right?
No. Nothing could be further from the truth.
This is a cop out by Lynch’s advocates. Lynch either knew, or damn well should have known. She signed off on the HSBC Deferred Prosecution Agreement (DPA), if she was less than fully informed, that is on her. That is what signing legal documents stands for….responsibility. Banks like HSBC, Credit Suisse, ING etc were, and still are, a cesspool of criminal activity and avoidance schemes. Willful blindness to the same old bankster crimes by Lynch doesn’t cut it (great piece by David Dayen by the way).
But, all the above ignores the Swiss Alps sized mountains of evidence that we know Lynch was aware of and blithely swept under the rug by her HSBC DPA. So, we are basically left to decide whether Lynch is a bankster loving toady that is her own woman and cravenly whitewashed this all on her own, or whether she is a clueless stooge taking orders to whitewash it by DOJ Main. Both views are terminally unattractive and emblematic of the oblivious, turn the other cheek to protect the monied class, rot that infects the Department of Justice on the crimes of the century to date.
And that is only scratching the real surface of my objections to Lynch. There are many other areas where Lynch has proven herself to be a dedicated, dyed in the wool “law and order adherent” and, as Marcy Wheeler artfully coined, “executive maximalist”. Lynch’s ridiculous contortion, and expansion, of extraterritorial jurisdiction to suit the convenient whims of the Obama Administration’s unparalleled assault on the Rule of Law in the war on terror is incredibly troubling. Though, to be fair, EDNY is the landing point of JFK International and a frequent jurisdiction by designation. Some of these same questions could have been asked of Preet Bharara (see, e.g. U.S. v. Warsame) Loretta Lynch has every bit the same, if not indeed more, skin in the game as Bharara, whether by choice or chance.
Lynch has never uttered a word in dissent from this ridiculous expansion of extraterritorial jurisdiction. Lynch’s record in this regard is crystal clear from cases like US v. Ahmed, Yousef, et. al. where even Lynch and her office acknowledged that their targets could not have “posed a specific threat to the United States” much less have committed specific acts against the US.
This unconscionable expansion is clearly all good by Lynch, and the ends justify the means because there might be “scary terrists” out there. That is just dandy by American “executive maximalists”, but it is toxic to the Rule of Law, both domestically and internationally (See, supra). If the US, and its putative Attorney General, are to set precedents in jurisdictional reach on common alleged terroristic support, then they ought live by them on seminal concerns like torture and war crimes under international legal norms. Loretta Lynch has demonstrated a proclivity for the convenience of the former and a toady like disdain for the latter.
And the same willingness to go along to get along with contortion of the Rule of Law in that regard seems beyond certain to extend to her treatment of surveillance issues and warrant applications, state secrets, over-classification, attack on the press and, critically, separation of powers issues. Those types of concerns, along with how the Civil Rights Division is utilized to rein in out of control militarized cops and voting rights issues, how the OLC stands up to Executive overreach, whether OPR is allowed to continue to shield disgraceful and unethical AUSAs, and whether she has the balls to stand up to the infamously insulated inner Obama circle in the White House. Do you really think Loretta Lynch would have backed up Carolyn Krass and OLC in telling Obama no on the Libyan War Powers Resolution issue?
For my part, I don’t think there is a chance in hell Lynch would have stood up to Obama on a war powers, nor any other critical issue, and that is a huge problem. Krass and Holder may have lost the Libyan WPR battle, but at least they had the guts to stand up and say no, and leave a record of the same for posterity.
That is what really counts, not the tripe being discussed in the press, and the typically preening clown show “hearing” in front of SJC. That is where the rubber meets the road for an AG nominee, not that she simply put away some mobsters and did not disgrace herself – well, beyond the above, anyway (which she absolutely did) – during her time as US Attorney in EDNY. If you are a participant in, or interested observer of, the criminal justice system as I am, we should aspire to something better than Eric Holder. Holder may not have been everything hoped for from an Obama AG when the Administration took office in January of 2009, but he was a breath of fresh air coming off the AG line of the Bush/Cheney regime. Loretta Lynch is not better, and is not forward progress from Holder, indeed she is several steps down in the wrong direction. That is not the way to go.
The fact that Loretta Lynch is celebrated as a great nominee by not just Democrats in general, but the so called progressives in specific, is embarrassing. She is absolutely horrible. If Bush had put her up for nomination, people of the progressive ilk, far and wide, would be screaming bloody murder. Well, she is the same person, and she is a terrible nominee. And that does not bode well for the Rule of Law over the remainder of the Obama Administration.
And this post has not even touched on more mundane, day to day, criminal law and procedure issues on which Lynch is terrible. And horrible regression from Eric Holder. Say for instance pot. Decriminalization, indeed legalization, of marijuana is one of the backbone elements of reducing both the jail and prison incarceration rate, especially in relation to minorities. Loretta Lynch is unconscionably against that (See, e.g., p. 49 (of pdf) et. seq.). Lynch appears no more enlightened on other sentencing and prison reform, indeed, she seems to be of a standard hard core prosecutorial wind up law and order lock em up mentality. Lynch’s positions on relentless Brady violations by the DOJ were equally milquetoast, if not pathetic (See, e.g. p. 203 (of pdf) et. seq.). This discussion could go on and on, but Loretta Lynch will never come out to be a better nominee for Attorney General.
Observers ought stop and think about the legal quality, or lack thereof, of the nominee they are blindly endorsing. If you want more enlightened criminal justice policy, to really combat the prison state and war on drugs, and to rein in the out of control security state and war on terror apparatus, Loretta Lynch is a patently terrible choice; we can, and should, do better.
As part of her Questions for the Record, Attorney General nominee Loretta Lynch was asked about her role in the HSBC handslap in 2012. (See Q 38, h/t Katherine Hawkins)
38. As United States Attorney for the Eastern District of New York, you helped secure nearly $2 billion from HSBC over its failure to establish proper procedures to prevent money laundering by drug cartels and terrorists. You were quoted in a DOJ press release saying, “HSBC’s blatant failure to implement proper anti-money laundering controls facilitated the laundering of at least $881 million in drug proceeds through the U.S. financial system.”
You stated that the bank’s “willful flouting of U.S. sanctions laws and regulations resulted in the processing of hundreds of millions of dollars in [Office of Foreign Assets Control]-prohibited transactions.” Still, no criminal penalties have been assessed for any executive who may have been involved.
a. Did you make any decision or recommendation on charging any individual with a crime?
i. If so, please describe any and all decisions or recommendations you made.
ii. Please explain why such decisions or recommendations were made.
b. If you did not make any decision or recommendation on charging any individual with a crime, who made the decision not to prosecute?
RESPONSE: On December 11, 2012, the Department filed an information charging HSBC Bank USA with violations of the Bank Secrecy Act and HSBC Holdings with violating U.S. economic sanctions (the two entities are collectively referred to as “HSBC”). Pursuant to a deferred prosecution agreement (“DPA”), HSBC admitted its wrongdoing, agreed to forfeit $1.256 billion, and agreed to implement significant remedial measures, including, among other things, to follow the highest global anti-money laundering standards in all jurisdictions in which it operates. As the United States District Judge who approved the deferred prosecution found, “the DPA imposes upon HSBC significant, and in some respect extraordinary, measures” and the “decision to approve the DPA is easy, for it accomplishes a great deal.” Although grand jury secrecy rules prevent me from discussing the facts involving any individual or entity against whom we decided not to bring criminal charges, as I do in all cases in which I am involved, I and the dedicated career prosecutors handling the investigation carefully considered whether there was sufficient admissible evidence to prosecute an individual and whether such a prosecution otherwise would have been consistent with the principles of federal prosecution contained in the United States Attorney’s Manual.
I want to reiterate, particularly in the context of recent media reports regarding the release of HSBC files pertaining to its tax clients, that the Deferred Prosecution Agreement reached with HSBC addresses only the charges filed in the criminal violations of the Bank Secrecy Act for failures to maintain an adequate anti-money laundering program and for sanctions violations. The DPA explicitly does not provide any protection against prosecution for conduct beyond what was described in the Statement of Facts. Furthermore, I should note the DPA explicitly mentions that the agreement does not bind the Department’s Tax Division, nor the Fraud Section of the Criminal Division. information, which are limited to violations of the Bank Secrecy Act for failures to maintain an adequate anti-money laundering program and for sanctions violations. The DPA explicitly does not provide any protection against prosecution for conduct beyond what was described in the Statement of Facts. Furthermore, I should note the DPA explicitly mentions that the agreement does not bind the Department’s Tax Division, nor the Fraud Section of the Criminal Division. [my emphasis]
Lynch seems to want to have her cake and eat it too.
Sure, she and her prosecutors were unable to find the evidence in Carl Levin’s gift-wrapped case. But trust her, she seems to be saying, she might one day see fit to charge some warm bodies with fraud if she’s confirmed.
And note she makes no mention of material support for terrorism????
Because if you’re a bank, such things are legal, apparently.
As I noted in this post, the declaration submitted in EFF’s FOIA for Section 215 by ODNI’s Jennifer Hudson is remarkably revealing. I’m particularly intrigued by these comments about the financial dragnet order released on March 28.
A FISC Supplemental Order in BR 10-82, dated November 23, 2010 and consisting of two pages, has been withheld in part to protect certain classified and law enforcement sensitive information. The case underlying BR 10-82 is an FBI counterterrorism investigation of a specific target. That investigation is still pending. Here, in the course of a pending counterterrorism investigation, the FBI sought authorization under the FISA to obtain financial records, under the FISA’s business records provision, pertaining to the target of the investigation and in fact obtained such authorization.
Here, in the course of a pending counterterrorism investigation, the FBI sought authorization under the FISA to obtain certain financial records. The FISC Supplemental Order, which was issued in relation to its authorization for such collection, was thus compiled for law enforcement purposes, in furtherance of a national security investigation within the FBI’s authorized law enforcement duties.
Here, the FBI has determined that the release of the final paragraph of the order, which describes certain requirements reflecting the FBI’s particular implementation of the authority granted by the FISC, could reasonably be expected to adversely impact the pending investigation and any resulting prosecutions. Release of this paragraph would reveal the specific and unique implementation requirements imposed on the FBI under this FISA-authorized collection during a particular time period. It is unclear what and how much the target might already know about the FBI’s investigation. However, as more fully explained in my classified ex parte, in camera declaration, there is reason to believe that the target or others knowledgeable about the nature and timing of the investigation could piece together this information, the docket number, the dates of the collection, and other information which has already been released or deduced to assemble a picture that would reveal to the target that the target was the subject of a particular type of intelligence collection during a specific time period, and by extension, that the target’s associates during that period may have been subject to similar intelligence collections. This could lead the target to deduce the scope, focus, and direction of the FBI’s investigative efforts, and potentially any gaps in the collections, from which the target could deduce times when the target’s activities were “safe.” [my emphasis]
The bolded section says that certain people — the target, but also “others knowledgeable about the nature and timing of the investigation” — could put the financial dragnet request together with other information released or deduced to figure out that the target and his associates had had their financial data collected.
Gosh, that’s like waving a flag at anyone who might be “knowledgeable about the nature of the investigation.”
What counterterrorism investigation has generated sufficient attention such that not only the target, but outsiders, would recognize this order pertains the investigation in question? The investigation would be:
The CIA & etc. Money Order Orders
One obvious possibility is the generalized CIA investigation into Western Union and international money transfers reported by WSJ and NYT last year. While both stories said the CIA got these orders, I suggested it likely that FBI submitted the orders and disseminated the information as broadly as FBI’s information sharing rules allowed, not least because CIA has no analytical advantage on such orders, as NSA would have for the phone dragnet.
There are two reasons this is unlikely. First, there’s the timing. The WSJ version of the story, at least, suggested this had been going on some time, before 2010. If that’s the case, then there’s no reason to believe a new order in 2010 reviewed this issue. And while I don’t think the 2010 order necessarily indicates the first financial 215 order (after all, it took 2.5 years before FISC weighed the equivalent question in the phone dragnet), it is unlikely that this order comes from an existing program.
That’s true, too, because this seems to be tied to a specific investigation, rather than the enterprise counterterrorism investigation that underlies the phone dragnet (and presumably the CIA program). So while this practice generated enough attention to be the investigation, I doubt it is.
The Scary Car Broker Plot
Then there’s what I call the Scary Car Broker Plot, which I wrote about here. Basically, it’s a giant investigation into drug trafficking from Colombia through Western Africa that contributes some money to Hezbollah and therefore has been treated as a terror terror terror investigation when in reality it is a drug investigation. Treasury named Ayman Joumaa, the ultimate target of that investigation, a Specially Designated Trafficker in February 2011, so presumably the investigation was very active in November 2010, when FISC issued the order. The case’s domestic component involves the car broker businesses of a slew of (probably completely innocent) Lebanese-Americans, who did business with the larger network via wire transfers.
The Car Buyers also received wire transfers for the purpose of buying and shipping used cars from other account holders at the Lebanese Banks (“Additional Transferors”), including the OFAC-designated Phenicia Shipping (Offshore); Ali Salhab and Yasmin Shipping & Trading; Fadi Star and its owners, Mohammad Hammoud and Fadi Hammoudi Fakih for General Trade, Khodor Fakih, and Ali Fakih; and Youssef Nehme.
Perhaps most interesting, the government got at these businessmen by suing them, rather than charging them, which raised significant Fifth Amendment Issues. So between that tactic and Joumaa’s rather celebrated status, I believe this is a possible case. And the timing — from 2007 until 2011, when Joumaa got listed — would certainly make sense.
All that said, this aspect of the investigation was made public in the suit naming the car brokers, so FBI would be hard-pressed to claim that providing more details would compromise the investigation.
HSBC’s Material Support for Terrorism
Then there’s a very enticing possibility: that this is an investigation into HSBC for its material support for terrorism, in the form of providing cash dollars to the al Rajhi bank which went on to support terrorist attacks (including 9/11).
HSBC’s wrist slap for money laundering is one of the most noted legal atrocities in recent memory, but most people focus on the bank’s role laundering money for drug cartels. Yet as I’ve always emphasized, HSBC also played a key role in providing money to al Qaeda-related terrorists.
As the Permanent Subcommittee on Investigations’ report made clear, HSBC’s material support for terror continued until 2010.
After the 9-11 terrorist attack in 2001, evidence began to emerge that Al Rajhi Bank and some of its owners had links to financing organizations associated with terrorism, including evidence that the bank’s key founder was an early financial benefactor of al Qaeda. In 2005, HSBC announced internally that its affiliates should sever ties with Al Rajhi Bank, but then reversed itself four months later, leaving the decision up to each affiliate. HSBC Middle East, among other HSBC affiliates, continued to do business with the bank.
Due to terrorist financing concerns, HBUS closed the correspondent banking and banknotes accounts it had provided to Al Rajhi Bank. For nearly two years, HBUS Compliance personnel resisted pressure from HSBC personnel in the Middle East and United States to resume business ties with Al Rajhi Bank. In December 2006, however, after Al Rajhi Bank threatened to pull all of its business from HSBC unless it regained access to HBUS’ U.S. banknotes program, HBUS agreed to resume supplying Al Rajhi Bank with shipments of U.S. dollars. Despite ongoing troubling information, HBUS provided nearly $1 billion in U.S. dollars to Al Rajhi Bank until 2010, when HSBC decided, on a global basis, to exit the U.S. banknotes business. HBUS also supplied U.S. dollars to two other banks, Islami Bank Bangladesh Ltd. and Social Islami Bank, despite evidence of links to terrorist financing. Each of these specific cases shows how a global bank can pressure its U.S. affiliate to provide banks in countries at high risk of terrorist financing with access to U.S. dollars and the U.S. financial system. [my emphasis]
Now, the timing may match up here, and I’d really love for a bankster to be busted for supporting terrorism. Plus, an ongoing investigation into this part of HSBC’s crimes might explain why Lanny Breuer said nothing about it when he announced the settlement with HSBC. But I doubt this is the investigation. That’s because former Treasury Undersecretary for Terrorism and Financial Intelligence Stuart Levey moved to HSBC after this point in time, in large part in a thus-far futile attempt to try to clean up the bank. And I can’t imagine a lawyer could ethically take on this role while (presumably) knowing about such seizures. Moreover, as the PSI report made clear, there are abundant other ways to get at the kind of data at issue in the HSBC investigation without Section 215 orders.
Who am I kidding? This DOJ won’t ever really investigate a bank!
WikiLeaks the Aider of Al Qaeda
I realize these three possibilities do not exhaust the list of sufficiently significant and sufficiently old terrorism investigations that might be the target named in the order. So I’m happy to hear other possibilities.
But there is one other investigation that is a near perfect fit for almost all the description provided by Hudson: WikiLeaks.
As I’ve reported, EPIC sued to enforce a FOIA for records the FBI has on investigations into WikiLeaks supporters. The FOIA asked for and FBI did not deny having, among other things, financial records.
All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks.
In addition to withholding information that they apparently have because of an ongoing investigation (though the Judge has required the government to confirm it is still ongoing by April 25), the government also claimed exemption under a statute that they bizarrely refused to name. I speculated four months before Edward Snowden’s leaks that that statute was Section 215.
And the timing on this investigation is a perfect fit. On November 3, 2010, Joint Terrorism Task Force Officer Darin Louck seized David House’s computer as he came across the border from Mexico. While House refused to give the government his encryption passwords, the seizure makes it clear FBI was targeting WikiLeaks supporters. Then, according Alexa O’Brien, on November 21, 2010, a report on the upcoming Cablegate release was included in President Obama’s Daily Brief. The government spent the weeks leading up to the first releases in Cablegate on November 28, 2010 scrambling to understand what might be in them. On December 4, PayPal started refusing donations to WikiLeaks. And on December 6, Eric Holder stated publicly he had authorized extraordinary investigative measures “just last week.”
Nor would he say whether the actions involved search warrants, requests under the Foreign Intelligence Surveillance Act, which authorizes wiretaps or other means, describing them only as “significant.”
“I authorized just last week a number of things to be done so that we can, hopefully, get to the bottom of this and hold people accountable as they should be,” he said.
December 6 was a Monday and technically Tuesday, November 23 would have been 2 weeks earlier, just 2 days before Thanksgiving. But a Section 215 order doesn’t require AG approval, and indeed, dragnet orders often generate leads for more intrusive kinds of surveillance.
Moreover, according to Hudson’s declaration, this order did precisely what EPIC’s FOIA seems to confirm FBI did, investigate not just Julian Assange, but also his associates (also known as supporters), including WikiLeaks donors.
The only thing — and it is a significant thing — that would suggest this guess is wrong is Hudson’s description of this as a “counterterrorism” investigation and not a “counterespionage” investigation (which is how Holder was discussing it in December 2010).
But that doesn’t necessarily rule WikiLeaks out. As noted above, already by early November 2010, the FBI had JTTF agents involved in the investigation. And central to the government’s failed claim that Chelsea Manning had aided the enemy was that she had made the Afghan war logs available knowing (from the DIA report she accessed) that the government worried about al Qaeda accessing such things, and that some Afghan war logs were found at Osama bin Laden’s compound. So the government clearly has treated its WikiLeaks investigation as a counterterrorism investigation.
Moreover, all Hudson’s declaration claims is that the government currently considers this a counterterrorism investigation. Section 215 can be used for counterintelligence investigations (as I’ve noted over and over). Since the Osama bin Laden raid revealed al Qaeda had accessed cables, the government has maintained that it does involve al Qaeda. So it may be that Hudson’s reference to the investigation as a counterterrorism investigation only refers to its current status, and not the status used to obtain the order in 2010.
That said, Hudson also provided a classified version of her statement to Judge Yvonne Gonzales Rogers, and I can’t imagine she’d try to pitch the WikiLeaks case as a counterterrorism one if a judge actually got to check her work. But you never know!
It’s likely that I’m forgetting a very obviously publicly known counterterrorism investigation.
But I think it possible that either the Scary Car Broker plot or WikiLeaks is the target named in the order.
As I noted last year, when DOJ trumpeted their settlement with HSBC for a slew of money laundering violations, they didn’t mention that HSBC had provided almost a billion dollars to a Saudi bank that funded terrorists. Effectively, HSBC’s material support for terrorism for 5 years after it first realized it was doing so got completely ignored.
It turns out, between the time in 2010 when HSBC stopped providing cash dollars to a terror-supporting bank and the time of the DOJ settlement, HSBC was still violating counterterrorism sanctions. Treasury’s Office of Foreign Assets Controls just issued another settlement with HSBC’s US branch, detailing how HSBC processed 3 transfers totaling over $40,164 involving Husayn Tajideen after the bank learned he had gotten listed a designated terrorist. Not a huge amount of money, but over 4 times what Basaaly Moalin is going to jail for.
It’s OFAC’s rationale it uses to rationalize giving a recidivist just a $32,400 penalty that I find particularly egregious.
The settlement amount reflects OFAC’s consideration of the following facts and circumstances, pursuant to the General Factors under OFAC’s Economic Sanctions Enforcement Guidelines, 31 C.F.R. part 501, app. A. OFAC considered the following to be mitigating factors: HBUS voluntarily self-disclosed the apparent violations to OFAC; HBUS took appropriate remedial action in response to these apparent violations and now has a more robust compliance program in place; and HBUS has not received a penalty notice or Finding of Violation from OFAC for substantially similar apparent violations in the five years preceding the earliest date of the transactions giving rise to the apparent violations. The settlement amount reflects the following aggravating factors: HBUS managers and employees whose primary responsibility includes OFAC compliance were aware of the first apparent violation and had reason to be aware of the second and third apparent violations; the apparent violations resulted in actual economic benefit to an SDGT; HBUS is a large and commercially sophisticated financial institution; HBUS initially provided an incomplete response to an administrative subpoena; and, at the time of the first apparent violation, HBUS’ compliance program did not screen all MT 199 messages for potential OFAC matches. OFAC further reduced the proposed penalty in light of HBUS’ agreement to settle its potential liability for the apparent violations. [my emphasis]
Some of this is typical mumbo jumbo (though in this case, should be read with the awareness that Stuart Levey, who used to be Under Secretary of Terrorism Finance and Intelligence, got named HSBC’s General Counsel in 2012, so the subsequent actions likely represent his involvement).
But the claim that HBUS hadn’t had any substantially similar violations in the five years previous is just ridiculous. They had been busted for all sorts of very similar money laundering problems involving known drug kingpins and were uniquely important in providing cash that terrorists likely used for significant attacks. It’s only not substantially similar because it is orders of magnitude worse, so much so DOJ got involved and the settlement was with a different agency!
And in response to a recidivist being caught again, OFAC fines a bank with $14 billion in profits $32,400.
Update: In a statement to WSJ, Treasury said this settlement with a recidivist is unrelated to the past settlement with the recidivist.
But a Treasury spokesman said in an email that Tuesday’s settlement is unrelated to the December 2012 agreement with OFAC and other federal and state agencies.
“This action is similar to other settlements OFAC has reached with regard to apparent violations committed by U.S. financial institutions,” he said.
Yesterday, the Italian magazine Panorama claimed that the NSA had wiretapped the Vatican.
I have some questions about the veracity of the report. NSA has denied it more vigorously than other allegations of tapping world leaders. Panorama is not known to have access to the Edward Snowden documents. One key claim — that the current Pope, Jorge Mario Bergoglio, has been surveilled since 2005 — was actually sourced to WikiLeaks in the story (In addition to cables on Argentine politics, Bergoglio shows up in a 2003 cable speculating on the possibility of a Latin American Pope).
All that said, I am intrigued by this claim.
Panorama said the recorded Vatican phone calls were catalogued by the NSA in four categories – leadership intentions, threats to the financial system, foreign policy objectives and human rights.
I did a quick review of WikiLeaks cables on the Vatican (remember, these are classified at no more than the Secret level, and therefore are not going to have any intercept information in them, and they of course stop at 2010). The human rights issues pertain to interfaith dialogue and the rights of Catholics in repressive countries, the Church’s role in anti-gay laws, and allegations of anti-Semitism (this cable, on the Church prioritizing unity and thereby endorsing Holocaust denial, is one of the few Secret ones). There are fewer that relate directly to the Church’s role in the financial system; though a good many cables with “financial” content relate to Syria or, especially, Lebanon, and include the Vatican because of its influence with Christian power brokers in the region (this cable, on Syrian money laundering, was forwarded to the Vatican mission for some reason).
But there two other reasons why the Vatican might be an NSA target based on those topics: its multi-decade cover-up of pedophilia (and the impact legal investigations and settlements might have around the world), and the Vatican’s role in money laundering. The recent disclosures of Vatican money laundering suggest Iraq, Iran, and Indonesia have used the bank, as well as the Italian mafia, but given its ties to Lebanon, I wouldn’t be surprised if it were also laundering money from that country, which is another close focus of the US’ own money laundering attention.
In other words, in addition to wiretapping the Vatican because it wields special influence in countries around the world (the leadership intentions and foreign policy objectives category), the US would have reason to surveil it because of what amount to Vatican actions that make it a Transnational Criminal Organization, completely apart from matters of faith.
That is, if NSA applied its apparent mandate to track TCOs indiscriminately.
But I bet you they don’t. While I am sure they track Latin American, African, and South Asian drug networks, I’m certain they track Russian mobsters who have ties to online crime, and I’m sure they are tracking and probably have an active role in the investigation of Yakuza’s ties to big Japanese banks (most of these are either named Treasury drug kingpin or TCO targets), I also believe if the NSA tracked transnational crime organizations generally, its efforts would be shut down tomorrow.
Imagine, for example, if in addition to using Title III wiretaps (though barely) and self-disclosure and evidence generated by other financial institutions in put-back suits, the NSA used its bulk collection to track JPMC’s international transfers to see whether any of it constituted “foreign intelligence,” and from that referred any evidence of a crime to the FBI? Imagine if the NSA were stealing all of JPMC’s transfer information, even outside its access to SWIFT, to see how JPMC laundered its world-destabilizing actions through multiple jurisdictions? And both JPMC and HSBC have a known history of material support for terrorism, which certainly ought to justify such spying (noting, of course, that I think JPMC did get spied on in conjunction with the Scary Iran Plot, which may have forced FinCEN to settle with it on other outstanding sanction violation issues).
They wouldn’t even need to track JPMC and other multinational banks in the name of transnational crime and terrorism; the Sovereign Wealth Funds of the world — both of volatile Middle Eastern countries, Asian targets, but even in Europe — have effectively become foreign policy entities. Do they track what Qatar and the Emirates do with their SWFs?
As I said, I doubt it. While I suspect as this scandal develops we’ll find more and more evidence that the NSA has spied on targets selected for their financial competition with the US and UK (we’ve already seen hints they collected intelligence on the Euro versus the dollar, Brazil’s competitive position vis as vis the US, for example), I also suspect if there were ever a hint that the NSA treated JPMC or HSBC like it did other TCO targets, it would get shut down in a matter of weeks.
I’m in the middle of a deep dive in the Section 215 White Paper — expect plenty of analysis on it in coming attractions!
But I want to make a discrete point about this passage, which describes what happen to query results.
Results of authorized queries are stored and are available only to those analysts trained in the restrictions on the handling and dissemination of the metadata. Query results can be further analyzed only for valid foreign intelligence purposes. Based on this analysis of the data, the NSA then provides leads to the FBI or others in the Intelligence Community. For U.S. persons, these leads are limited to counterterrorism investigations.
The Primary Order released several weeks back calls these stored query results “the corporate store.” As ACLU laid out, the government can do pretty much whatever it wants with this corporate store — and their analysis of it is not audited.
All of this information, the primary order says, is dumped into something called the “corporate store.” Incredibly, the FISC imposes norestrictions on what analysts may subsequently do with the information. The FISC’s primary order contains a crucially revealing footnote stating that “the Court understands that NSA may apply the full range of SIGINT analytic tradecraft to the result of intelligence analysis queries of the collected [telephone] metadata.” In short, once a calling record is added to the corporate store, anything goes.
More troubling, if the government is combining the results of all its queries in this “corporate store,” as seems likely, then it has a massive pool of telephone data that it can analyze in any way it chooses, unmoored from the specific investigations that gave rise to the initial queries. To put it in individual terms: If, for some reason, your phone number happens to be within three hops of an NSA target, all of your calling records may be in the corporate store, and thus available for any NSA analyst to search at will.
But it’s even worse than that. The primary order prominently states that whenever the government accesses the wholesale telephone-metadata database, “an auditable record of the activity shall be generated.” It might feel fairly comforting to know that, if the government abuses its access to all Americans’ call data, it might eventually be called to account—until you read footnote 6 of the primary order, which exempts entirely the government’s use of the “corporate store” from the audit-trail requirement.
The passage from the White Paper seems to suggest there are limits (though it doesn’t explain where they come from, because they clearly don’t come from FISC).
This analysis must have a valid foreign intelligence purpose — which can include political information, economic information, espionage information, military information, drug information, and the like. Anything other countries do, basically.
But if the data in the corporate store pertains to US persons, the FBI can only get a lead “for counterterrorism purposes.”
At one level, this is (small) comfort, because it provides a level of protection on the dragnet use.
But it also may explain why HSBC’s US subsidiary didn’t get caught laundering al Qaeda’s money, or why JP Morgan always gets to self-disclose its support for Iranian “terrorism.” So long as the government chooses not to treat banks laundering money for terrorists as material support for terror, then they can consider these links (which surely they’ve come across in their “corporate store!) evidence of a financial crime, not a terrorist one, and just bury it.
I would be curious, though, whether the government has ever used the “corporate store” to police Iran sanctions. Does that count as a counterterrorism purpose? And if so, is that why Treasury “finds” evidence of international bank violations so much more often than it does American bank violations?
Colleen Rowley has a great list of questions Jim Comey should be asked today in his confirmation hearing (I’ll be live-tweeting it, so follow the twitter feed over there. >>>>>>
Here are five questions I would add:
Glenn Greenwald has a tremendous scoop, for the first time I know of publishing a Section 215 warrant — in this case one asking for all US-based traffic metadata from Verizon Business Services from April until July.
Now, I think that this actually affects just a subset of all Verizon traffic: the business-focused traffic rather than Verizon Wireless or similar consumer products most people subscribe to (and if that’s so, the shitstorm that is about to break out will be all the more interesting given that rich businessmen will be concerned about their privacy for once).
Also, this does not ask for call content. It asks only for metadata, independent of any identifying data.
In other words, they’re using this not to wiretap the conversations of Occupy Wall Street activists but to do pattern analysis on the telecom traffic of (I think) larger businesses.
The request does, however, ask for location data (and Verizon does offer bundles that would include both cell and cloud computing). So maybe the FBI is analyzing where all Verizon’s business customers are meeting for lunch.
My extremely wildarsed guess is that this is part of hacking investigation, possibly even the alleged Iranian hacking of power companies in the US (those stories were first reported in early May).
I say that because cybersecurity is a big part of what Verizon Enterprise (as I believe they now go by) sells to its business customers; the infographic above, warning of data breaches when you least expect it (heh), is part of one they use to fear-monger its customers. Energy consumers are one of its target customer bases. And the case studies it describes involve several Smart Grid projects. Precisely the kind of thing the government is most freaked out about right now.
After all, aside from Medicare fraud, the government simply doesn’t investigate businesses, ever. Certainly not the kind of bankster businesses we’d like them to investigate. One of the few things they investigate business activities for is to see if they’ve been compromised. Moreover, the Section 215 order requires either a counterintelligence or a counterterrorist nexus, and the government has gone to great lengths to protect large businesses, like HSBC or Chiquita, that have materially supported terrorists.
Anyway, that’s all a wildarsed guess, as I said.
Ah well. If the government can use Section 215 orders to investigate all the Muslims in Aurora, CO who were buying haircare products in 2009, I’m sure big business won’t mind if the government collects evidence of their crimes in search of Iran or someone similar.
Update: Note, this order seems to show a really interesting organizational detail. This is clearly an FBI order (I’m not sure who, besides the FBI, uses Section 215 anyway). But the FISA Court orders Verizon to turn the data over to the NSC. This seems to suggest that FBI has NSA store and, presumably, do the data analysis, for at least their big telecom collections in investigations. That also means the FBI, which can operate domestically, is getting this for DOD, which has limits on domestic law enforcement.