Posts

The Compartments in WaPo’s Russian Hack Magnum Opus

The WaPo has an 8300 word opus on the Obama Administration’s response to Russian tampering in the election. The article definitely covers new ground on the Obama effort to respond while avoiding making things worse, particularly with regards to imposing sanctions in December. It also largely lays out much of the coverage the three bylined journalists (Greg Miller, Ellen Nakashima, and Adam Entous) have broken before, with new details. The overall message of the article, which has a number of particular viewpoints and silences, is this: Moscow is getting away with their attack.

“[B]ecause of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.”

The Immaculate Interception: CIA’s scoop

WaPo starts its story about how Russia got away with its election op with an exchange designed to make the non-response to the attack seem all the more senseless. It provides a dramatic description of a detail these very same reporters broke on December 9: Putin, who was personally directing this effort, was trying to elect Trump.

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

[snip]

The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read.

[snip]

In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan Rice side after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.

While the sharing of this information with just three aides adds to the drama, WaPo doesn’t consider something else about it. The inclusion of Rice and McDonough totally makes sense. But by including Avril Haines, Brennan was basically including his former Deputy Director who had moved onto the DNSA position, effectively putting two CIA people in a room with two White House people and the President. Significantly, Lisa Monaco — who had Brennan’s old job as White House Homeland Security Czar and who came from DOJ and FBI before that — was reportedly excluded from this initial briefing.

There are a number of other interesting details about all this. First, for thousands of wordspace, the WaPo presents this intelligence as irreproachable, even while providing this unconvincing explanation of why, if it is so secret and solid, the CIA was willing to let WaPo put it on its front page.

For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.

The Washington Post is withholding some details of the intelligence at the request of the U.S. government.

If this intelligence is so sensitive, why is even the timing of its collection being revealed here, much less its access to Putin?

That seemingly contradictory action is all the more curious given that not all agencies were as impressed with this intelligence as CIA was. It’s not until much, much later in its report until WaPo explains what remains true as recently as Admiral Rogers’ latest Congressional testimony: the NSA wasn’t and isn’t as convinced by CIA’s super secret intelligence as CIA was.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

By the time this detail is presented, the narrative is in place: Obama failed to respond adequately to the attack that CIA warned about back in August.

The depiction of this top-level compartment of just Brennan, Rice, McDonough, and Haines is interesting background, as well, for the depiction of the way McDonough undermined a State Department plan to institute a Special Commission before Donald Trump got started.

Supporters’ confidence was buoyed when McDonough signaled that he planned to “tabledrop” the proposal at the next NSC meeting, one that would be chaired by Obama. Kerry was overseas and participated by videoconference.

To some, the “tabledrop” term has a tactical connotation beyond the obvious. It is sometimes used as a means of securing approval of an idea by introducing it before opponents have a chance to form counterarguments.

“We thought this was a good sign,” a former State Department official said.

But as soon as McDonough introduced the proposal for a commission, he began criticizing it, arguing that it would be perceived as partisan and almost certainly blocked by Congress.

Obama then echoed McDonough’s critique, effectively killing any chance that a Russia commission would be formed.

Effectively, McDonough upended the table on those (which presumably includes the CIA) who wanted to preempt regular process.

Finally, even after  these three WaPo journalists foreground their entire narrative with CIA’s super duper scoop (that NSA is still not 100% convinced is one), they don’t describe their own role in changing the tenor of the response on December 9 by reporting the first iteration of this story.

“By December, those of us working on this for a long time were demoralized,” said an administration official involved in the developing punitive options.

Then the tenor began to shift.

On Dec. 9, Obama ordered a comprehensive review by U.S. intelligence agencies of Russian interference in U.S. elections going back to 2008, with a plan to make some of the findings public.

The WaPo’s report of the CIA’s intelligence changed the tenor back in December, and this story about the absence of a response might change the tenor here.

Presenting the politics ahead of the intelligence

The WaPo’s foregrounding of Brennan’s August scoop is also important for the way they portray the parallel streams of the intelligence and political response. It portrays the Democrats’ political complaints about Republicans in this story, most notably the suggestion that Mitch McConnell refused to back a more public statement about the Russian operation when Democrats were pushing for one in September. That story, in part because of McConnell’s silence, has become accepted as true.

Except the WaPo’s own story provides ample evidence that the Democrats were trying to get ahead of the formal intelligence community with respect to attribution, both in the summer, when Clapper only alluded to Russian involvement.

Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D-Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.

At a public security conference in Aspen, Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.

And, more importantly, in the fall, when the public IC attribution came only after McConnell refused to join a more aggressive statement because the intelligence did not yet support it (WaPo makes no mention of it, but DHS’s public reporting from late September still attributed the the threat to election infrastructure to “cybercriminals and criminal hackers”).

Senate Majority Leader Mitch McConnell (R-Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.

Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.

On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.

A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.

When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.

I’m all in favor of beating up McConnell, but there is no reason to demand members of Congress precede the IC with formal attribution for something like this. So until October 7, McConnell had cover (if not justification) for refusing to back a stronger statement.

And while the report describes Brennan’s efforts to brief members of Congress (and the reported reluctance of Republicans to meet with him), it doesn’t answer what remains a critical and open question: whether Brennan’s briefing for Harry Reid was different — and more inflammatory — than his briefing for Republicans, and whether that was partly designed to get Reid to serve as a proxy attacker on Jim Comey and the FBI.

Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.

Nor does this account explain another thing: why Brennan serially briefed the Gang of Eight, when past experience is to brief them in groups, if not all together.

In short, while the WaPo provides new details on the parallel intelligence and political tracks, it reinforces its own narrative while remaining silent on some details that are critical to that narrative.

The compartments

The foregrounding of CIA in all this also raises questions about a new and important detail about (what I assume to be the subsequently publicly revealed, though this is not made clear) Task Force investigating this operation: it lives at CIA, not FBI.

Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.

The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.

They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.

Much later in the story, WaPo reveals how, in the wake of Obama calling for a report, analysts started looking back at their collected intelligence and learning new details.

Obama’s decision to order a comprehensive report on Moscow’s interference from U.S. spy agencies had prompted analysts to go back through their agencies’ files, scouring for previously overlooked clues.

The effort led to a flurry of new, disturbing reports — many of them presented in the President’s Daily Brief — about Russia’s subversion of the 2016 race. The emerging picture enabled policymakers to begin seeing the Russian campaign in broader terms, as a comprehensive plot sweeping in its scope.

It’s worth asking: did the close hold of the original Task Force, a hold that appears to have been set by Brennan, contribute to the belated discovery of these details revealing a broader campaign?

The surveillance driven sanctions

I’m most interested in the description of how the Obama Admin chose whom to impose sanctions on, though it includes this bizarre claim.

But the package of measures approved by Obama, and the process by which they were selected and implemented, were more complex than initially understood.

The expulsions and compound seizures were originally devised as ways to retaliate against Moscow not for election interference but for an escalating campaign of harassment of American diplomats and intelligence operatives. U.S. officials often endured hostile treatment, but the episodes had become increasingly menacing and violent.

Several of the details WaPo presents as misunderstood (including that the sanctions were retaliation for treatment of diplomats) were either explicit in the sanction package or easily gleaned at the time.

One of those easily gleaned details is that the sanctions on GRU and FSB were mostly symbolic. WaPo uses the symbolic nature of the attack on those who perpetrated the attack as a way to air complaints that these sanctions were not as onerous as those in response to Ukraine.

“I don’t think any of us thought of sanctions as being a primary way of expressing our disapproval” for the election interference, said a senior administration official involved in the decision. “Going after their intelligence services was not about economic impact. It was symbolic.”

More than any other measure, that decision has become a source of regret to senior administration officials directly involved in the Russia debate. The outcome has left the impression that Obama saw Russia’s military meddling in Ukraine as more deserving of severe punishment than its subversion of a U.S. presidential race.

“What is the greater threat to our system of government?” said a former high-ranking administration official, noting that Obama and his advisers knew from projections formulated by the Treasury Department that the impact of the election-related economic sanctions would be “minimal.”

Three things that might play into the mostly symbolic targeting of FSB, especially, are not mentioned. First, WaPo makes no mention of the suspected intelligence sources who’ve been killed since the election, most credibly Oleg Erovinkin, as well as a slew of other suspect and less obviously connected deaths. It doesn’t mention the four men Russia charged with treason in early December. And it doesn’t mention DOJ’s indictment of the Yahoo hackers, including one of the FSB officers, Dmitry Dokuchaev, that Russia charged with treason (not to mention the inclusion within the indictment of intercepts between FSB officers). There’s a lot more spy vs. spy activity going on here that likely relates far more to retaliation or limits on US ability to retaliate, all of which may be more important in the medium term than financial sanctions.

Given the Yahoo and other indictments working through San Francisco (including that of Yevgeniey Nikulin, who claims FBI offered him a plea deal involving admitting he hacked the DNC), I’m particularly interested in the shift in sanctions from NY to San Francisco, where Nikulin and Dokuchaev’s victims are located.

The FBI was also responsible for generating the list of Russian operatives working under diplomatic cover to expel, drawn from a roster the bureau maintains of suspected Russian intelligence agents in the United States.

[snip]

The roster of expelled spies included several operatives who were suspected of playing a role in Russia’s election interference from within the United States, officials said. They declined to elaborate.

More broadly, the list of 35 names focused heavily on Russians known to have technical skills. Their names and bios were laid out on a dossier delivered to senior White House officials and Cabinet secretaries, although the list was modified at the last minute to reduce the number of expulsions from Russia’s U.N. mission in New York and add more names from its facilities in Washington and San Francisco.

And the WaPo’s reports confirm what was also obvious: the two compounds got shut down (and were a priority) because of all the spying they were doing.

The FBI had long lobbied to close two Russian compounds in the United States — one in Maryland and another in New York — on the grounds that both were used for espionage and placed an enormous surveillance burden on the bureau.

[snip]

Rice pointed to the FBI’s McCabe and said: “You guys have been begging to do this for years. Now is your chance.”

The administration gave Russia 24 hours to evacuate the sites, and FBI agents watched as fleets of trucks loaded with cargo passed through the compounds’ gates.

Finally, given Congress’ bipartisan fearmongering about Kaspersky Lab, I’m most interested that at one point Treasury wanted to include them in sanctions.

Treasury Department officials devised plans that would hit entire sectors of Russia’s economy. One preliminary suggestion called for targeting technology companies including Kaspersky Lab, the Moscow-based cybersecurity firm. But skeptics worried that the harm could spill into Europe and pointed out that U.S. companies used Kaspersky systems and software.

In spite of all the fearmongering, no one has presented proof that Kaspersky is working for Russia (there are even things, which I won’t go in to for the moment, that suggest the opposite). But we’re moving close to de facto sanctions against Kaspersky anyway, even in spite of the fact (or perhaps because) they’re providing better intelligence on WannaCry than half the witnesses called as witnesses to Congress. But discrediting Kaspersky undercuts one of the only security firms in the world who, in addition to commenting on Russian hacking, will unpack America’s own hacking. You sanction Kaspersky, and you expand the asymmetry with which security firms selectively scrutinize just Russian hacking, rather than all nation-state hacking.

The looming cyberattack and the silence about Shadow Brokers

Which brings me to the last section of the article, where, over 8000 words in, the WaPo issues a threat against Russia in the form of a looming cyberattack Obama approved before he left.

WaPo’s early description of this suggests the attack was and is still in planning stages and relies on Donald Trump to execute.

Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.

But if readers make it all the way through the very long article, they’ll learn that’s not the case. The finding has already been signed, the implants are already being placed (implants which would most likely be discovered by Kaspersky), and for Trump to stop it, he would have to countermand Obama’s finding.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.

Whatever else this article is designed to do, I think, it is designed to be a threat to Putin, from long gone Obama officials.

Given the discussion of a looming cyberattack on Russia, it’s all the more remarkable WaPo breathed not one word about Shadow Brokers, which is most likely to be a drawn out cyberattack by Russian affiliates on NSA. Even ignoring the Shadow Brokers’ derived global ransomware attack in WannaCry, Shadow Brokers has ratcheted up the severity of its releases, including doxing NSA’s spies and hacks of the global finance system, It has very explicitly fostered tensions between the NSA and private sector partners (as well as the reputational costs on those private sector partners). And it has threatened to leak still worse, including NSA exploits against current Microsoft products and details of NSA’s spying on hostile nuclear programs.

The WaPo is talking about a big cyberattack, but an entity that most likely has close ties to Russia has been conducting one, all in plain sight. I suggested back in December that Shadow Brokers was essentially holding NSA hostage in part as a way to constrain US intelligence retaliation against Russia. Given ensuing events, I’m more convinced that is, at least partly, true.

But in this grand narrative of CIA’s early warning and Obama’s inadequate response, details like that remain unsaid.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Last Fall’s Efforts against Russia: Influence versus Tamper

NYT has a story — citing “former government officials” and eventually citing Harry Reid — that’s attracting a lot of attention. It explains the CIA had evidence in August that Russia was affirmatively trying to elect Trump, rather than just hurt Hillary.

In an Aug. 25 briefing for Harry Reid, then the top Democrat in the Senate, Mr. Brennan indicated that Russia’s hackings appeared aimed at helping Mr. Trump win the November election, according to two former officials with knowledge of the briefing.

The officials said Mr. Brennan also indicated that unnamed advisers to Mr. Trump might be working with the Russians to interfere in the election. The F.B.I. and two congressional committees are now investigating that claim, focusing on possible communications and financial dealings between Russian affiliates and a handful of former advisers to Mr. Trump. So far, no proof of collusion has emerged publicly.

[snip]

In the August briefing for Mr. Reid, the two former officials said, Mr. Brennan indicated that the C.I.A., focused on foreign intelligence, was limited in its legal ability to investigate possible connections to Mr. Trump. The officials said Mr. Brennan told Mr. Reid that the F.B.I., in charge of domestic intelligence, would have to lead the way.

Given Jim Comey’s description of the FBI assessment Russia wanted to elect Trump — which he described as an “enemy of my enemy” approach, rooting against the Pats at all times because he’s a Giants fan — and given the NSA’s continued moderate confidence in this claim, I don’t make too much of the CIA claim. Furthermore, given Roger Stone’s public exchanges with Guccifer 2 in the weeks leading up to this briefing (and CIA’s purported prohibition on involvement in domestic affairs), I also don’t put too much stock in CIA’s evidence of Russian coordination. In precisely this period, after all, Brennan continued to publicly brief that Putin was out of his depth, which seemed then and seems even more now to underestimate Putin’s ability to play the United States.

The line about Brennan saying FBI would have to investigate the ties between Trump and Putin also reminds me of the recent complaint, laundered through BBC’s Paul Wood, that FBI is fucking up the investigation and CIA should take the lead.

The rest of the article includes partisan details that have attracted a lot of attention but that — in light of this Lisa Monaco interview — seem to miss some distinction. The NYT describes a conflict between a bipartisan statement about the integrity of the election and a more assertive statement implicating Russia with influencing the outcome of the election.

In the briefings, the C.I.A. said there was intelligence indicating not only that the Russians were trying to get Mr. Trump elected but that they had gained computer access to multiple state and local election boards in the United States since 2014, officials said.

Although the breached systems were not involved in actual vote-tallying operations, Obama administration officials proposed that the eight senior lawmakers write a letter to state election officials warning them of the possible threat posed by Russian hacking, officials said.

But Senator Mitch McConnell of Kentucky, the Republican majority leader, resisted, questioning the underpinnings of the intelligence, according to officials with knowledge of the discussions. Mr. McConnell ultimately agreed to a softer version of the letter, which did not mention the Russians but warned of unnamed “malefactors” who might seek to disrupt the elections through online intrusion. The letter, dated Sept. 28, was signed by Mr. McConnell, Mr. Reid, Speaker Paul D. Ryan and Representative Nancy Pelosi, the ranking Democrat.

On Sept. 22, two other members of the Gang of Eight — Senator Dianne Feinstein and Representative Adam B. Schiff, both of California and the ranking Democrats on the Senate and House intelligence committees — released their own statement about the Russian interference that did not mention Mr. Trump or his campaign by name.

Here’s the full statement from Feinstein and Schiff:

Based on briefings we have received, we have concluded that the Russian intelligence agencies are making a serious and concerted effort to influence the U.S. election.

At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes of the election—we can see no other rationale for the behavior of the Russians.

We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government.

We call on President Putin to immediately order a halt to this activity. Americans will not stand for any foreign government trying to influence our election. We hope all Americans will stand together and reject the Russian effort.

Note the difference in emphasis: the letter from Congressional leaders emphasizes voting apparatus. Also note (and I suspect this is far more important than any report has yet made out) the letter Mitch McConnell was willing to sign states clearly that voting systems are not being designated critical infrastructure (which Jeh Johnson tried to do in early January, to much resistance from the states).

We urge the states to take full advantage of the robust public and private sector resources available to them to ensure that their network is secure from attack. In addition, the Department of Homeland Security stands ready to provide cybersecurity assistance to those states that choose to request it. Such assistance does not entail federal regulation or binding federal directives of any kind, and we would oppose any effort by the federal government to exercise any degree of control over the states’ administration of elections by designating these systems as critical infrastructure.

In other words, the Democrats wanted this to be about Russian influence, whereas the government was primarily worried about Russia affecting the outcome of the election at the polls.

Here’s how Monaco described the effort, which she describes as largely successful.

[M]y own view on that is we did not want to do anything to do the Russians’ work for them by engaging in partisan discussion about this, which is why we were so intent upon getting bipartisan support, and ultimately, we did so from the House and Senate leadership, in trying to get the state and local governments to work with us to shore up their cybersecurity.

We made a specific effort to go to Congress, to say we want bipartisan support for state governments to take us up on our offer to shore up their cybersecurity in their election systems, because there was a tremendous amount of resistance. This is an election year, I think there was a view that we—if we came to state and municipal governments and said, “We want to help you shore up your cybersecurity for your election system,” they viewed it as a big federal takeover.

We really needed bipartisan support for the efforts we were making, largely out of the Department of Homeland Security. Ultimately, that turned out to be a smart way of doing business, and we ended up having 48 of 50 states take us up on our offer, but we needed bipartisan support to do it. Ultimately, that turned out to be a smart way of doing business, and we ended up having 48 of 50 states take us up on our offer, but we needed bipartisan support to do it.

For Monaco, the effort was entirely about convincing states to accept help from DHS to ensure the machines counting the vote would not be compromised in a way that would affect the vote, not about the theft of emails from the DNC.

Incidentally, one of the two states that refused DHS help was Georgia, which of course is conducting an election to replace Tom Price as we speak, and which accused DHS of trying to hack its systems in the weeks after the election.

Two more comments on this. First, Mitch McConnell appears to have been in the right on this. Public discussion of the probes at the time noted that such hacks had happened in the past and generally sought credentials, not voting information. DHS released a warning on the polling probes on September 20, a week before the Leaders’ statement was released, and it still discussed the probes in terms of stealing PII.

(U//FOUO) DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.

(U//FOUO) We judge cybercriminals and criminal hackers are likely to continue to target personally identifiable information (PII), such as that available in voter registration databases. We have no indication, however, that criminals are planning theft of voter information to disrupt or alter US computer-enabled election infrastructure.

And the October 7 joint DHS/ODNI statement –released after the Leaders’ statement — still stopped short of blaming Russia for those probes.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

In other words, McConnell’s resistance to blaming Russia in that September 28 letter was completely consistent with the public intelligence at the time.

Finally, now how the role of Richard Burr and Devin Nunes always gets glossed over in these descriptions? I get that people want to blame Mitch for refusing to take a tougher line. But what were Trump’s campaign surrogates doing at the time?

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The October Non-Surprise

Both the Wikileaks Podesta release and the Access Hollywood tape drowned out the Intelligence Community report on Russia

Earlier this week, in an interview with Politico (the story and the interview transcript seem to be memory holed for now), Obama’s Homeland Security Czar Lisa Monaco insisted that the Obama response to the Russian hack of the DNC was actually quite forceful, but that it got lost in the release of the Access Hollywood video showing Trump threatening to grab women by the pussy.

But strong supporters of Clinton’s campaign argued—some at the time, many more in the wake of the former secretary of state’s shocking November election defeat—that the Obama team should have done more to publicize the hacking for what it was: a heavy-handed Kremlin intervention on behalf of one side in America’s presidential election. Monaco pushed back against that, recalling that the heads of U.S. intelligence agencies issued a joint statement publicly blaming the Russians for the pre-election hack on Oct. 7. “That was an unprecedented statement,” she says, “a fact that sometimes gets lost in this discussion” given that it came on the same day as the revelation of the “Access Hollywood” tape showing Trump joking about sexually assaulting a woman.

I point to Monaco’s argument because it’s a mirror image to claims Hillary supporters make about the same week. They argue that the release of the John Podesta emails drowned out the Access Hollywood video. Here’s John Podesta in a December appearance on Meet the Press.

So October 7th, Wiki– October 7th, let’s go through the chronology. On October 7th, the Access Hollywood tape comes out. One hour later, WikiLeaks starts dropping my emails into the public. One could say that there might, those things might not have been a coincidence.

Monaco is in the right here. The Google Trends graph above maps “Wikileaks emails” in blue, “Access Hollywood” in red, and “Russian hack” in yellow (“Grab them by the pussy” shows a more extreme but shorter spike, “John Podesta” doesn’t show as high). In fact, the Grab them by the pussy video drowned out the first releases of the Podesta emails — which suggests it would have been stupid strategy to intentionally release them at the same time, as doing so would mean fewer people would read the excerpts from Hillary’s speeches that got released on the first day. By the following Tuesday, Wikileaks had taken over. By comparison, the Russian hack was a mere blip compared to those two stories, though.

The Roger Stone and Wikileaks narrative misses a few data points

I return to this chronology for another reason. The events of the week of October 3 have been in the news for another reason: their role in the claim that Roger Stone was coordinating with Wikileaks during that week (which is presumably a big part of the reason Podesta insinuated there was coordination on that timing).

CNN has a timeline of many of Stone’s Wikileaks related comments, which actually shows that in August, at least, Stone believed Wikileaks would release Clinton Foundation emails (a claim that derived from other known sources, including Bill Binney’s claim that the NSA should have all the Clinton Foundation emails).

It notes, as many timelines of Stone’s claims do, that on Saturday October 1 (or early morning on October 2 in GMT; the Twitter times in this post have been calculated off the unix time in the source code), Stone said that on Wednesday (October 5), Hillary Clinton is done.

Fewer of these timelines note that Wikileaks didn’t release anything that Wednesday. It did, however, call out Guccifer 2.0’s purported release of Clinton Foundation documents (though the documents were real, they were almost certainly mislabeled Democratic Party documents) on October 5. The fact that Guccifer 2.0 chose to mislabel those documents is worth further consideration, especially given public focus on the Foundation documents rather than other Democratic ones. I’ll come back to that.

Throughout the week — both before and after the Guccifer 2.0 release — Stone kept tweeting that he trusted the Wikileaks dump was still coming.

Monday, October 3:

Wednesday, October 5 (though this would have been middle of the night ET):

Thursday, October 6 (again, this would have been nighttime ET, after it was clear Wikileaks had not released on Wednesday):

On October 7, at 4:03PM, David Fahrenthold tweeted out the Access Hollywood video.

On October 7, at 4:32 PM, Wikileaks started releasing the Podesta emails.

Stone didn’t really comment on the substance of the Wikileaks release. In fact, even before the Access Hollywood release, he was accusing Bill Clinton of rape, and he continued in that vein after the release of the video, virtually ignoring the Podesta emails.

For its part, Wikileaks was denying it had any knowing contact with Stone within a week, as it had before. CNN finally reported those denials in the wake of reporting on Stone’s August 2016 contacts with Guccifer 2.0. It’s worth noting that in precisely that time period, Wikileaks managed to discredit a still unexplained US-based hoax launched against Julian Assange, accusing him of soliciting a minor via the online dating site Todd and Claire. In addition, this was the period when the odd Alfa Bank story was being pitched to journalists.

Thus far, anyway, the full chronology suggests that either Stone’s information was only vaguely accurate or Wikileaks delayed its release for a few days. That does weird things to Podesta’s narrative, since either Wikileaks delayed their release so the actually newsworthy part of it — Hillary’s speech excerpts — would be overshadowed (as it was) by the Access Hollywood video, or the Access Hollywood video was timed to coincide with the Wikileaks release — which after all had been announced publicly in a way the Access Hollywood video had not been.

Democrats had more warning of impending emails than Podesta makes out

There’s another part of Podesta’s narrative that deserves review. He liked to suggest he had no idea when his emails were being released — in part, to criticize the FBI for not warning him.

It’s not just that Stone appears to have had a vaguer sense of when the next dump (which, as noted, he appeared to believe would be Clinton Foundation emails) was coming than often made out. Democrats also had more warning than often claimed.

In his December Meet the Press appearance, Podesta made a big deal out of the fact that the FBI had not informed him before the October 7 release.

CHUCK TODD:

This is your personal account that was hacked. I’ve got to think you’re getting updates on the investigation that others would not. What can you share?

JOHN PODESTA:

I will share this with you, Chuck. The first time I was contacted by the F.B.I. was two days after WikiLeaks started dropping my emails.

CHUCK TODD:

Let me pause here.

JOHN PODESTA:

The first, the first–

CHUCK TODD:

Two days after?

But as he went on to reveal, he had seen a document released earlier that he had reason to believe may have been from him (I think, but will have to return to this, that it may have been one of the original Guccifer 2.0 documents).

CHUCK TODD:

But when were you aware that you had been hacked? Before October 7th?

JOHN PODESTA:

I think it was confirmed on October 7th in some of the D.N.C. dumps that had occurred earlier.

CHUCK TODD:

Earlier, yeah.

JOHN PODESTA:

And other campaign officials also had their emails divulge earlier than October 7th. But in one of those D.N.C. dumps, there was a document that appeared to me was– that appeared came– might have come from my account. So I wasn’t sure, I didn’t know, I didn’t know what they had, what they didn’t have. It wasn’t until October 7th when Assange both really in his first statements said things that were incorrect, but started dumping them out and said they were going to all dump out. That’s when I knew that they had the contents of my email account.

Even putting aside Podesta’s suspicion one of the release documents had come from him and Stone’s warnings, Podesta would have had one more warning there would be a further release: from the Christopher Steele reports being done as opposition research for the Hillary campaign.

On September 14, Steele reported that the Russians were considering releasing more emails after the September 18 Duma elections, though the Russians thought they might not have to release any more emails to make Hillary look “weak and stupid.”

Russians do have further “kompromat” on CLINTON (e-mails) and considering disseminating it after Duma (legislative elections) in late September. Presidential spokesman PESKOV continues to lead on this.

[snip]

Continuing on this theme, the senior PA official said the situation was that the Kremlin had further “kompromat” on candidate CLINTON and had been considering releasing this via “plausibly deniable” channels after the Duma (legislative elections) were out of the way in mid-September. There was however a growing train of thought and associated lobby, arguing that the Russians could still make candidate CLINTON look “weak and stupid” by provoking her into railing against PUTIN and Russia without the need to release more of her e-mails.

Curiously, as with all other Wikileaks releases, the publicly-released Steele reports never prospectively confirm a release. Steele’s sources seemed to have little prospective insight to offer about non-public events tied to the release of emails. But on October 12, a report (based on undated early October reporting, which raises questions why the reporting on this wasn’t as quick as on some other reports) notes that the Russians have dumped more anti-Clinton material, which would continue until election day.

Russians have injected further anti-CLINTON material into the “plausibly deniable” leaks pipeline which will continue to surface, but best material already in public domain.

[snip]

Speaking separately in confidence to a trusted compatriot in early October 2016, a senior Russian leadership figure and a Foreign Ministry official reported on recent developments concerning the Kremlin’s operation to support Republican candidate Donald TRUMP in the US presidential election. The senior leadership figure said that a degree of buyer’s remorse was setting in among Russian leaders concerning TRUMP, PUTIN and his colleagues were surprised and disappointed that leaks of Democratic candidate, Hillary CLINTON’s hacked e-mails had not had greater impact on the campaign.

Continuing on this theme, the senior leadership figure commented that a stream of further hacked CLINTON material already had been injected by the Kremlin into compliant western media outlets like Wikileaks, which remained at least “plausibly deniable”, so the stream of these would continue through October and up to the election. However s/he understood that the best material the Russians had already was out and there were no real game-changers to come.

Suffice it to say, even without an FBI warning, Podesta had good reason to expect the emails would occur, though he may have had only a vague idea of the timing.

The other missing detail

Which brings me to one final event from that week that rarely makes the timelines, particularly not the Democratic ones (though Glenn Greenwald pointed out some of it in this post).

From at least the time of the DNC email release in July, Democrats insinuated that Russia and/or Wikileaks had doctored the emails, without ever offering proof, besides the original obvious doctoring of metadata in the Guccifer 2.0 documents (though some DNC people have since credibly claimed that not all of their emails got published). Chief among those people was Malcolm Nance, who was writing a book on the hack. He started warning of spoofed emails in late July. He started pitching his book, which predicted the leaks would include tampering, at the end of September.

And then, just over an hour after the Podesta emails dropped (5:44PM) documents including excerpts from Hillary’s speeches, a pro-Clinton Twitter account responded to Michael Tracey’s observations about the excerpts with a badly faked transcript of a Hillary Goldman Sachs speech.

At 7:25PM, one of the key Russian story commenters linked to it, accusing “Trumpists” of “dirtying docs.” Then at 7:43PM, Nance tweeted, “Official Warning: #PodestaEmails are already proving to be riddled with obvious forgeries & #blackpropaganda not even professionally done.”

Click through to Greenwald’s post to see how it went viral after that (MSNBC’s Joy Reid, who had repeatedly had Nance on, was key to both of Nance’s claims of forgeries go viral), including how it got picked up in the Democrats’ own fake news sites.

Here’s the thing: in multiple places, the guy who later claimed credit, under the name “Marco Chacon,” for the hoax stated he had done the transcript in advance of the release of the emails.

The biggest breakout I had came when a Vice reporter, Michael Tracey, was holding forth on Twitter in the wake of the Podesta Email leaks. He was speaking about the Goldman Sachs transcripts—and I had one.

I had written up a fake Goldman Sachs transcript days before, wherein Hillary Clinton is preparing a run for president and is speaking to the board of directors in 2014 about the coming threat to Wall Street and Washington power. That threat? Bronies, adult male fans of the cartoon My Little Pony: Friendship Is Magic. She has to explain this “Bronie Threat” to them and, in the process, describes a group of internet denizens she calls a “bucket of losers.”

When I tweeted the link and an image of some of the text at Tracey, I did it because I find him to be something of a self-important git and wanted to poke fun at him. I didn’t know at the time that there were Goldman Sachs transcript fragments in the WikiLeaks release.

Note, too, that his claim that when he tweeted the hoax transcript to Tracey, he didn’t know there were Goldman transcripts in the Wikileaks release is laughable: That’s what Tracey’s tweet was about!

Just days later, Kurt Eichenwald would make another claim that Russia had doctored emails that went even more wildly viral (and became among the most remembered fake news stories of the election cycle). In Eichenwald’s discussions with the Sputnik writer in question, Bill Moran, he insisted that spooks had alerted him to the (mis)use of his story.

There is definitely evidence that Roger Stone had at least enough feedback with those leaking stolen emails to know to expect them the first week of October — though he clearly didn’t know precisely when or what to expect. Moreover, he clearly didn’t have an open channel with Assange to find out when the delayed release would be — it appears, instead, he got a warning, but no update.

But there are at least as many reasons to ask whether the Democrats (or perhaps even a government agency) had advance warning of what was coming, and had planned in response.

And all that played out at the time when, per Lisa Monaco, the Intelligence Community made what they viewed as an unprecedented announcement blaming Russia for the hack of the Democrats.

There are definitely reasons to scrutinize Stone’s foreknowledge in all this. But that is by no means the only feedback loop that appears to have been in operation by this point.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Trump’s Muslim Ban Forces IC to Conduct Actual Assessment of Terror Threats

CNN reports that the Trump Administration has asked DHS and DOJ to come up with an intelligence report backing the selection of the seven Muslim banned countries. According to CNN, some of those working on the report feel they’re being asked to fit a report to a desired conclusion.

President Donald Trump has assigned the Department of Homeland Security, working with the Justice Department, to help build the legal case for its temporary travel ban on individuals from seven countries, a senior White House official tells CNN.

Other Trump administration sources tell CNN that this is an assignment that has caused concern among some administration intelligence officials, who see the White House charge as the politicization of intelligence — the notion of a conclusion in search of evidence to support it after being blocked by the courts. Still others in the intelligence community disagree with the conclusion and are finding their work disparaged by their own department.

This is another of those areas where I’m grateful for the incompetence of the Trump Administration. If it were me, I’d call the four Obama Administration officials who first named these seven countries a threat: former Deputy CIA Director Avril Haines, former Secretary of State John Kerry, former Homeland Security Czar Lisa Monaco, and former National Security Advisor Susan Rice. They’re already on a court declaration in this case, so even the ones who might have been able to dodge testifying normally, they wouldn’t be able to. Make them explain why Iran and Sudan are on this list. They would either have to admit the truth: that our notions of terrorism generally are utterly politicized, and that if we were to measure on actual threat, our close allies Saudi Arabia and Pakistan would lead the list. Or they’d have to invent something to justify their past politicized actions.

Instead, Trump is trying to politicize intelligence, which not only has elicited this backlash, but will never be able to accomplish its objective. Even after redefining terror attack down to include material support (something that is actually consistent with the last 15 years of FBI fluffing their terror prosecution numbers), it is still impossible to present Iran as a bigger terrorist threat than Saudi Arabia (plus, you’d have to acknowledge that the listing and delisting of MEK, which a number of Trump officials have supported for cash payments, is also totally politicized).

Hopefully, that will lead to a larger reassessment of how we think of terrorism, including the recognition that our allies are actually the problem, not our arch-enemy Iran. That’s obviously wildly optimistic. But it is the kind of possibility that Trump’s incompetence allows us to consider.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Folks Who Picked the Stupid Seven Banned Countries Say the Muslim Ban Is Stupid

Buried in a declaration written by a bunch of former national security officials in the Washington v Trump suit opposing Trump’s Muslim ban is this passage:

Because various threat streams are constantly mutating, as government officials, we sought continually to improve that vetting, as was done in response to particular threats identified by U.S. intelligence in 2011 and 2015. Placing additional restrictions on individuals from certain countries in the visa waiver program –as has been done on occasion in the past – merely allows for more individualized vettings before individuals with particular passports are permitted to travel to the United States.

These officials, which include (among others) former Deputy CIA Director Avril Haines, former Secretary of State John Kerry, former Homeland Security Czar Lisa Monaco, and former National Security Advisor Susan Rice argue that the practice is to tweak immigration rules based on changing threat patterns rather than impose broad bans not driven by necessity and logic. They argue that additional restrictions imposed on certain immigrants in 2015 were “in response to particular threats identified by U.S. intelligence.”

That’s really interesting because the 2015 change they reference is the basis of the Trump list that excludes countries that are real threats and includes others (especially Iran) that are not. Here’s how CNN describes the genesis of the seven countries covered by Trump’s ban.

In December 2015, President Obama signed into law a measure placing limited restrictions on certain travelers who had visited Iran, Iraq, Sudan, or Syria on or after March 1, 2011. Two months later, the Obama administration added Libya, Somalia, and Yemen to the list, in what it called an effort to address “the growing threat from foreign terrorist fighters.

The restrictions specifically limited what is known as visa-waiver travel by those who had visited one of the seven countries within the specified time period. People who previously could have entered the United States without a visa were instead required to apply for one if they had traveled to one of the seven countries.

Under the law, dual citizens of visa-waiver countries and Iran, Iraq, Sudan, or Syria could no longer travel to the U.S. without a visa. Dual citizens of Libya, Somalia, and Yemen could, however, still use the visa-waiver program if they hadn’t traveled to any of the seven countries after March 2011.

Now, Haines, Kerry, Monaco, and Rice might be excused for opposing Trump’s ban on seven poorly picked countries that themselves had a hand in picking. After all, the changes derived from bills presented by Republicans, Candace Miller and Ron Johnson, which got passed as part of the Omnibus in 2015. Obama can’t be expected to veto the entire spending bill because some Republicans wanted to make life harder on some immigrants.

Except that, as far as I understand, the Obama Administration extended the restrictions from the original law, which pertained only to people from or who had traveled to Syria and Iraq, to Iran and Sudan. And then (as CNN notes) they extended it again to three other countries, Libya, Somalia, and Yemen (notably, all countries we destabilized).

So it’s partly the fault of Haines, Kerry, Monaco, and Rice that Iran, which hasn’t targeted the US in real terrorism for decades, is on the list. It’s partly the fault of Haines, Kerry, Monaco, and Rice that countries with actual ties to terrorists who have attacked inside the US — most notably Saudi Arabia and Pakistan — are not on the list.

I have no doubt that the argument presented in the declaration (which was also signed by a bunch of people who weren’t part of Obama’s second term national security team) is right: Trump’s Muslim ban is badly conceived and makes us less safe. But one reason they likely know that is because their own visa restrictions were badly conceived and did little to make us more safe.

Trump is pursuing a lot of stupid policies. But we should remain honest that they largely build on stupid policies of those who came before.

Update: Corrected that this is not an amicus, but a declaration submitted with state opposition.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Game of Telephone about the Election Hacking Review

This morning, the White House announced that Obama has ordered a review of election-related hacking, to be completed before Donald Trump takes over. I want to capture the varying descriptions of what the review will entail.

Politico: The review will look at the hacks blamed on the Russians this year and malicious cyber activity (publicly understood to be China in 2008 and someone else in 2012) going back to 2008

The review will put the spate of hacks — which officials have blamed on Russia — “in a greater context” by framing them against the “malicious cyber activity” that may have occurred around the edges of the 2008 and 2012 president elections, said White House principal deputy press secretary Eric Schultz at a briefing.

“This will be a review that is broad and deep at the same time,” he added.

[snip]

In 2008, the campaigns for both Sen. John McCain (R-Ariz.) and Obama were bombarded by suspected Chinese hackers, according to U.S. intelligence officials. The digital intruders were reportedly after internal policy papers and the emails of top advisers.

And in 2012, Gawker reported that hackers had broken into Republican presidential candidate Mitt Romney’s personal Hotmail account after correctly answering his backup security question: “What is your favorite pet?”

“We will be looking at all foreign actors and any attempt to interfere with the elections,” Schultz said.

WaPo: The review will be a “full review” of Russian hacking during the November election

President Obama has ordered a “full review” of Russian hacking during the November election, as pressure from Congress has grown for greater public understanding of exactly what Moscow did to interfere in the electoral process.

[snip]

U.S. intelligence and law enforcement agencies had already been probing what they see as a broad covert Russian operation to sow distrust in the presidential election process. It was their briefings of senior lawmakers that led a number of them to press for more information to be made public.

[snip]

Though Russia has long conducted cyberspying on U.S. agencies, companies and organizations, this presidential campaign marks the first time Russia has attempted through cyber means to interfere in, if not actively influence, the outcome of an election, the officials said.

CNN: The review will look at “hacking by the Russians aimed at influencing US elections going back to 2008” (CNN notes that the IC “never said there was strong evidence that [hacks of voter registration systems were] tied to the Russian government”)

President Barack Obama has ordered a full review into hacking by the Russians aimed at influencing US elections going back to 2008, the White House said Friday.

“The President has directed the Intelligence Community to conduct a full review of what happened during the 2016 election process. It is to capture lessons learned from that and to report to a range of stakeholders,” White House Homeland Security and Counterterrorism Adviser Lisa Monaco said at a Christian Science Monitor breakfast with reporters Friday. “This is consistent with the work that we did over the summer to engage Congress on the threats that we were seeing.”
White House spokesman Eric Schultz added later that the review would encompass malicious cyber activity related to US elections going back to 2008. [my emphasis]

Wikileaks (relying on the CNN story): The review will look at Wikileaks

CNN: Obama orders report into WikiLeaks timed for release just prior to Trump presidency

NYT: The review will look at all Russian efforts to influence the 2016 election, including publishing email contents and probing the “vote-counting system” (presumably a reference to voter lists that have nothing to do with vote counting)

President Obama has ordered American intelligence agencies to produce a full report on Russian efforts to influence the 2016 presidential election, his homeland security adviser said on Friday. He also directed them to develop a list of “lessons learned” from the broad campaign the United States has accused Russia of carrying out to steal emails, publish their contents and probe the vote-counting system.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Reason Obama Capitulated on the (Phone) Dragnet

This will be a bit of a contrary take on what I believe to be the reasons for President Obama’s capitulation on the dragnet, announcing support today for a plan to outsource the first query in the dragnetting process to the telecoms.

It goes back to the claims — rolled out in February — that the NSA has only been getting 20 to 30% of the call data in the US. Those reports were always silent or sketchy on several items:

  • The claims were always silent that they applied only to Section 215, and did not account for the vast amount of data, including US person cell data, collected under EO 12333.
  • The claims were sketchy about the timing of the claim, especially in light of known collection of cell data in 2010 and 2011, showing that at that point NSA had no legal restrictions on accepting such data.
  • The claims were silent about why, in both sworn court declarations and statements to Congress, Administration officials said the collection (sometimes modified by Section 215, often, especially in court declarations, not) was comprehensive.

Here’s what I think lies behind those claims.

We know that as recently as September 1, 2011, the NSA believed it had the legal authority to collect cell location data under Section 215, because they were doing just that. Congress apparently did not respond well to learning, belatedly, that the government was collecting location data in a secret interpretation of a secret interpretation. Nevertheless, it appears the government still believed it had that authority — though was reevaluating it — on January 31, 2012, when Ron Wyden asked James Clapper about it — invoking the “secret law” we know to be Section 215 — during his yearly grilling of Clapper in the Global Threat hearing.

Wyden: Director Clapper, as you know the Supreme Court ruled last week that it was unconstitutional for federal agents to attach a GPS tracking device to an individual’s car and monitor their movements 24/7 without a warrant. Because the Chair was being very gracious, I want to do this briefly. Can you tell me as of now what you believe this means for the intelligence community, number 1, and 2, would you be willing to commit this morning to giving me an unclassified response with respect to what you believe the law authorizes. This goes to the point that you and I have talked, Sir, about in the past, the question of secret law, I strongly feel that the laws and their interpretations must be public. And then of course the important work that all of you’re doing we very often have to keep that classified in order to protect secrets and the well-being of your capable staff. So just two parts, 1, what you think the law means as of now, and will you commit to giving me an unclassified answer on the point of what you believe the law actually authorizes.

Clapper: Sir, the judgment rendered was, as you stated, was in a law enforcement context. We are now examining, and the lawyers are, what are the potential implications for intelligence, you know, foreign or domestic. So, that reading is of great interest to us. And I’m sure we can share it with you. [looks around for confirmation] One more point I need to make, though. In all of this, we will–we have and will continue to abide by the Fourth Amendment. [my emphasis]

Unsurprisingly, as far as I know, Clapper never gave Wyden an unclassified answer.

Nevertheless, since then the government has come to believe it cannot accept cell data under Section 215. Perhaps in 2012 as part of the review Clapper said was ongoing, the government decided the Jones decision made their collection of the cell location of every cell phone in the US illegal or at least problematic. Maybe, in one of the 7 Primary orders DOJ is still withholding from 2011 to 2013, the FISC decided Jones made it illegal to accept data that included cell location. It may be that a February 24, 2013 FISC opinion — not a primary order but one that significantly reinterpreted Section 215 — did so. Certainly, by July 19, 2013, when Claire Eagan prohibited it explicitly in a primary order, it became illegal for the government to accept cell location data.

That much is clear, though: until at least 2011, DOJ believed accepting cell location under Section 215 was legal. At least by July 19, 2013, FISC made it clear that would not be legal.

That, I believe, is where the problems accepting cell phone data as part of Section 215 come from (though this doesn’t affect EO 12333 data at all, and NSA surely still gets much of what it wants via EO 12333). Theresa Shea has explicitly said in sworn declarations that the NSA only gets existing business records. As William Ockham and Mindrayge have helped me understand, unless a telecom makes it own daily record of all the calls carried on its network — which we know AT&T does in the Hemisphere program, funded by the White House Drug Czar — then the business ecords the phone company will have are its SS7 routing records. And that’s going to include cell phone records. And those include location data for cell phones.

Now, it may be that the telecoms chose not to scan out this information for the government. It may be that after the program got exposed they chose to do the bare minimum, and the cell restrictions allowed them to limit what they turned over (something similar may have happened with VOIP calls carried across their networks). It may be that Verizon and even AT&T chose to only provide that kind of data via EO 12333 program that, because they are voluntary, get paid at a much higher rate. In any case, I have very little doubt that NSA got the phone records from Verizon, just not via Section 215.

But I’m increasingly sure the conflict between Section 215’s limit to existing business record and the limits imposed on Section 215 via whatever means was the source of the “problem” that led NSA to only get 30% of phone records [via the Section 215 program, which is different than saying they only got 30% of all records from US calls].

And a key feature of both the President’s sketchy program…

  • the companies would be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.

And the RuppRoge Fake Fix…

(h)(1)(A) immediately provide the Government with records, whether existing or created in the future, in the format specified by the Government

[snip]

(h)(2) The Government may provide any information, facilities, or assistance necessary to aid an electronic communications service provider in complying with a directive issued pursuant to paragraph (1).

Is that the government gets to dictate what format they get records in here, which they couldn’t do under Section 215. That means, among other things, they can dictate that the telecoms strip out any location data before it gets to NSA, meaning NSA would remain compliant with whatever secret orders have made the collection of cell location in bulk illegal.

Remember, too, that both of these programs will have an alert feature. In spite of getting an alert system to replace the one deemed illegal in 2009 approved on November 8 2012, the government has not yet gotten that alert function working for what are described as technical reasons.

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

It’s possible that, simply doing the alert on exclusively legally authorized data (as opposed to data mixing EO 12333 and FISC data) solves the technical problems that had stymied NSA from rolling out the alert system they have been trying to replace for 5 years. It’s possible that because NSA was getting its comprehensive coverage of US calls via different authorities, it could not comply with the FISC’s legal limits on the alert system. But we know there will be an alert function if either of these bills are passed.

The point is, here, too, outsourcing the initial query process solves a legal-technical problem the government has been struggling with for years.

The Obama plan is an improvement over the status quo (though I do have grave concerns about its applicability in non-terrorist contexts, and my concerns about what the government does with the data of tens to hundreds of thousands of innocent Americans remain).

But don’t be fooled. Obama’s doing this as much because it’s the easiest way to solve legal and technical problems that have long existed because the government chose to apply a law that was entirely inapt to the function they wanted to use it for.

Shockers! A more privacy protective solution also happens to provide the best technical and legal solution to the problem at hand.

Update: Forgot to add that, assuming I’m right, this will be a pressure point that Members of Congress will know about but we won’t get to talk about. That is, a significant subset of Congress will know that unless they do something drastic, like threatening legal penalties or specifically defunding any dragnetting, the Executive will continue to do this one way or another, whether it’s under a hybrid of Section 215 and EO 12333 collection, or under this new program. That is, it will be a selling point to people like Adam Schiff (who advocated taking the call records out of government hands but who has also backed these proposals) that this could bring all US intelligence collection under the oversight of the FISC (it won’t, really, especially without a very strong exclusivity provision that prohibits using other means, which the Administration will refuse because it would make a lot of what it does overseas illegal). This is the same tension that won the support of moderates during the FISA Amendments Act, a hope to resolve real separation of powers concerns with an imperfect law. So long as the Leahy-Sensenbrenner supporters remain firm on their demands for more reforms, we may be able to make this a less imperfect law. But understand that some members of Congress will view passing this law as a way to impose oversight over a practice (the EO 12333 collection of US phone records) that has none.

Update: Verizon has released this telling statement.

This week Congressmen Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) released the “End Bulk Collection Act of 2014”, which would end bulk collection of data related to electronic communications. The White House also announced that it is proposing an approach to end bulk collection. We applaud these proposals to end Section 215 bulk collection, but feel that it is critical to get the details of this important effort right. So at this early point in the process, we propose this basic principle that should guide the effort: the reformed collection process should not require companies to store data for longer than, or in formats that differ from, what they already do for business purposes. If Verizon receives a valid request for business records, we will respond in a timely way, but companies should not be required to create, analyze or retain records for reasons other than business purposes. [my emphasis]

It’s telling, first of all, because Verizon still doesn’t want to have to fuss with anything but their business records. That says it has been unwilling to do so, in the past, which, in my schema, totally explains why the government couldn’t get Verizon cell records using Section 215. (I have wondered whether this was a newfound complaint, since they got exposed whereas AT&T did not; and even in spite of Randal Milch’s denial, I still do wonder whether the Verizon-Vodaphone split hasn’t freed them of some data compliance obligations.)

Just as importantly, Verizon doesn’t want to analyze any of this data. As I have pointed out, someone is going to have to do high volume number analysis, because otherwise the number of US person records turned over will be inappropriately large but small enough it will be a significant privacy violation to do it at that point (for some things, it requires access to the raw data).

I’m unclear whether the RuppRuge Fake Fix plan of offering assistance (that is, having NSA onsite) fixes this, because NSA could do this analysis at Verizon.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The White House — Lisa Monaco? — “Cutting Off the Intelligence Community”

Too bad for Obama he has decided the great new way to aggressively prosecute leaks without the bad PR of doing it through the Courts is to have James Clapper’s Inspector General investigate them. Because I’m betting the IC IG will be unenthusiastic about hunting down this admitted leaker.

Some U.S. intelligence officials said they were being blamed by the White House for conducting surveillance that was authorized under the law and utilized at the White House.

“People are furious,” said a senior intelligence official who would not be identified discussing classified information. “This is officially the White House cutting off the intelligence community.”

But I’m a bit more interested in this barb, putting Homeland Security Advisor Lisa Monaco solidly in the line of communication receiving intelligence from wiretaps on foreign leaders.

Any decision to spy on friendly foreign leaders is made with input from the State Department, which considers the political risk, the official said. Any useful intelligence is then given to the president’s counter-terrorism advisor, Lisa Monaco, among other White House officials.

As I have twice noted, Monaco brings dramatically different experience to the position than her predecessor, John Brennan. Rather than being implicated in the illegal program that was the root of many of the problems as the program moved under FISA Court review, she had had to try to clean them up while Assistant Attorney General for National Security, including at least the upstream violations. She also participated in the decision to shut down the Internet dragnet collection program.

After prior bitching about her silence during this scandal, she penned an op-ed last week laying out the evolving White House position.

Today’s world is highly interconnected, and the flow of large amounts of data is unprecedented. That’s why the president has directed us to review our surveillance capabilities, including with respect to our foreign partners. We want to ensure we are collecting information because we need it and not just because we can.

[snip]

Going forward, we will continue to gather the information we need to keep ourselves and our allies safe, while giving even greater focus to ensuring that we are balancing our security needs with the privacy concerns all people share.

The implication, of course, is that the same person voicing this “because we need it and not just because we can” has been implicated by receiving intelligence with Merkel’s and other leaders names on it, and may be responsible for not alerting the President to it. The accuracy of the claim, of course, depends on whether the White House really shut down the collection on Merkel earlier this summer or only in the last week or so; remember tasking priorities are reassessed biannually. Moreover, it’s not like wiretaps on allied leaders would be the primary focus of someone whose job centers on counterterrorism.

The thing is, this attack can backfire, as having received this information puts Monaco in an appropriate position to know whether we were collecting it because we could, not because we need to.

Monaco has, in the past, been part of a team that deemed a program not valuable enough to sustain. Which means she has a little experience for the pushback the IC may be throwing at her in coming days.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The NSA Hides Its Domestic Collection by Refusing to Count It

In his speech at Cato last week Ron Wyden made it clear that when he asked Keith Alexander and James Clapper in advance of the reauthorization of the FISA Amendments Act for the number of Americans’ communications that had been collected under Section 702, he meant to elicit the estimates John Bates made in his October 3, 2011 opinion.

I spent much of 2012 asking the NSA and the DNI [Director of National Intelligence] whether anyone had done an estimate of how many American communications had been collected under section 702. The ODNI and the NSA insisted that such an estimate was impossible, but what they failed to tell the public was that the Fisa court had already done one.

Bates had the NSA conduct a manual review of a statistical subsection of 50,440 transactions collected via upstream collection between January and June 2011. (Note, it appears Bates may have had to raise dire warnings with “top DOJ officials” on July 8, 2011 before he got such a review.) He then annualized the results and estimated that the NSA was collecting up to 56,000 communications of Americans each year, made up of 46,000 communications consisting entirely of an American’s communication (Single Communication Transactions), and 10,000 in which their communication got included in a Multiple Communication Transaction swept up in the search.

Given what we’ve learned about the 2011 confrontation, Wyden’s serial requests for this information take on added importance for two reasons.

Administration never disclosed its domestic collection to the most Members of Congress

First, because the Administration very pointedly did not inform the bulk of Congress that NSA had been — and had been allowed to continue — collecting purely domestic communications from telecom switches. Neither the February 9, 2012 statement to the Senate Intelligence Committee nor the May 4, 2012 notice to Congress provided any indication that this violation involved collecting domestic communications (the December 8, 2011 statement to the House Intelligence Committee did, and both Committees, presumably as well as the Judiciary Committees, received the opinion itself, which makes that clear). It’s also not clear whether any of these notices included any mention of the SCTs, those single communication transactions involving just a US person communication.

Read more

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The 2011 Disclosures

This post simply breaks out the dates in the October 3, 2011 John Bates opinion, adding the claims the government made at the time. It provides a somewhat better idea of the circumstances surrounding the manual review of upstream collection NSA did.

Read more

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.