The Senate Judiciary Committee hearing with the NSA Review Group just finished. There was no earth-shattering news. Perhaps the best one-liner from the hearing came when former CIA Deputy Director Mike Morell said that metadata is content (and I’m grateful he said it early in the hearing so it will make the evening news). Bizarrely, he claimed he just learned that while working on this report which is rather … unconvincing.
At the very end of the hearing, however, Senator Richard Blumenthal said something equally as important, which went something like,
Smith v. Maryland is about as outdated as any Supreme Court [sic] can be. Congress has an equal responsibility to protect the Constitution as the Supreme Court. There is no need to wait for the Supreme Court.
It’s a great idea, for the legislature to end Smith v. Maryland’s encroachment on the Constitution, and he’s right, Congress does have the authority to act.
But as far as I know, Blumenthal has yet to introduce a bill doing that.
The assessments of the phone dragnet suck.
I don’t mean the assessments of the phone dragnet show the program sucks, though that may well be the case. I mean the assessments of the phone dragnet I’ve seen do a very poor job of assessing the value of it. Which serves to show how much of the larger dragnet remains, if not secret, still largely undiscussed.
To see what I mean, consider this post, from Just Security’s Ryan Goodman.
Insiders disagree about the phone dragnet value with outsiders
The strongest part of his post compares the seemingly contradictory assessments of the phone dragnet by two different members of the NSA Review Group. University of Chicago Professor Geoffrey Stone and Deputy Director of CIA Mike Morell.
Stone, based on what he learned from public sources and from the briefings the Group received, believes the program did not prevent any terrorist attacks. Morell, whose former agency receives Tippers from the program and even had direct access to query results until 2009 just like the FBI does and did (though no one talks about that) insists it has helped prevent terrorist attacks.
Goodman also notes that the Gang of Four immediately defended the phone dragnet after the Review Group released its results (actually, they object to more than the phone dragnet recommendation but don’t say what other recommendations they object to), but doesn’t note the terms they use to do so:
However, a number of recommendations in the report should not be adopted by Congress, starting with those based on the misleading conclusion that the NSA’s metadata program is ‘not essential to preventing attacks.’ Intelligence programs do not operate in isolation and terrorist attacks are not disrupted by the work of any one person or program. The NSA’s metadata program is a valuable analytical tool that assists intelligence personnel in their efforts to efficiently ‘connect the dots’ on emerging or current terrorist threats directed against Americans in the United States. The necessity of this program cannot be measured merely by the number of terrorist attacks disrupted, but must also take into account the extent to which it contributes to the overall efforts of intelligence professionals to quickly respond to, and prevent, rapidly emerging terrorist threats. [my emphasis]
In other words, Goodman presents evidence that the Gang of Four and a former top CIA official believe there are other reasons the phone dragnet is valuable, while someone relying on limited briefings evaluates the program based on its failure to stop any attack.
That ought to make Goodman ask what Morell and Dianne Feinstein know (or think they know) that Stone does not. It ought to make him engage seriously with their claim that the phone dragnet is doing something else beyond providing the single clues to prevent terrorist attacks.
One they’re not willing to talk about explicitly.
Assessments and the terrorist attack thwarted metric
Instead, Goodman assesses the phone dragnet solely on the basis of the public excuse offered over and over and over since the Guardian first published the Verizon order in June: to see which Americans are in contact with (alleged) terrorist associates so as to prevent an attack.
Goodman lectures program critics that identifying funders or members of terrorist groups might help find terrorists, too, and “peace of mind” might help dedicate resources most productively.
The key objective of course is to stop terrorist attacks against the US homeland and vital US interests abroad. An important distinction, however, is whether the intelligence generated by the program is:
(a) “direct”: timely information to foil a specific attack; or
(b) “indirect”: information that enables the government to degrade a terrorist group or decrease the general likelihood of attacks
Examples of the latter might include information on individuals who have joined or are funding a terrorist organization. Intelligence could help to identify and successfully prosecute such individuals, and hence disable them and deter others. The important point is that both types of information aid the overall goal of stopping terrorist attacks. That point appears to have been lost on some critics of the program. When the government cites the latter information yields, critics often consider such situations irrelevant or little to do with stopping attacks.
But Goodman imagines only those affirmatively supporting terrorism would help the government prevent terrorism, which is not necessarily the case.
Does the NSA’s network analysis even pick the right calls?
One thing missing from such assessments are the failures. Why didn’t, for example, Faisal Shahzad’s planning with the Pakistani Taliban identify him and his hawala before the attack? There are plausible explanations: he used good enough operational security such that he had no communications that could have included in the dragnets, his TTP phone and Internet contacts were not among the services sucked up, the turmoil in the phone and (especially) Internet dragnet in 2009 and 2010 led to gaps in the collection. Then there’s a far more serious one: that the methods NSA use to identify numbers of interest may not work, and may instead only be identifying those whose doings with terror affiliates are relatively innocent, meaning they don’t use operational security (though note the US-based phone dragnets would use more sophisticated analysis only after data gets put in the corporate store, whereas data collected overseas might be immediately subject to it).
And for those who, like Goodman, place great stock in the dragnet’s “peace of mind” metric, they need to assess not just the privacy invasion that might result, but the resources required to investigate all possible leads — which could have been upwards of 36,000 people in the Boston Marathon case.
That is, unless we have evidence that NSA’s means of picking the interesting phone contacts from the uninteresting ones works (and given the numbers involved, we probably don’t have that), then the dragnet may be as much a time suck as it is a key tool.
What about the other purposes the Intelligence Community has (quietly) admitted?
The other problem with assessments of the phone dragnet is they don’t even take the IC at its word in its other, quieter admissions of how it uses the dragnet (notably, in none of Stone’s five posts on the dragnet does he mention any of these — one, two, three, four, five — raising questions whether he ever learned or considered them). These uses include:
Corporate store: As the minimization procedures and a few FISC documents make clear, once the NSA has run a query, the results of that query are placed in a “corporate store,” a database of all previous query results. Continue reading
Sy Hersh has a long piece in the London Review of Books accusing the Obama Administration of cherry-picking intelligence to present its case that Bashar al-Assad launched the chemical weapons attack on August 21.
To be clear, Hersh does not say that Assad did not launch the attack. Nor does he say al-Nusra carried out the attack. Rather, he shows that:
A lot of the story serves to establish that two days after the attack, the US had yet to respond to it, presumably because it did not have any intelligence Syria had launched the attack, in part because nothing had triggered the sensors that had worked in the past. To develop its intelligence on the attack days afterwards, the NSA performed key word searches on already-collected radio communications of lower level Syrian military figures.
‘There are literally thousands of tactical radio frequencies used by field units in Syria for mundane routine communications,’ he said, ‘and it would take a huge number of NSA cryptological technicians to listen in – and the useful return would be zilch.’ But the ‘chatter’ is routinely stored on computers. Once the scale of events on 21 August was understood, the NSA mounted a comprehensive effort to search for any links to the attack, sorting through the full archive of stored communications. A keyword or two would be selected and a filter would be employed to find relevant conversations. ‘What happened here is that the NSA intelligence weenies started with an event – the use of sarin – and reached to find chatter that might relate,’ the former official said. ‘This does not lead to a high confidence assessment, unless you start with high confidence that Bashar Assad ordered it, and began looking for anything that supports that belief.’ The cherry-picking was similar to the process used to justify the Iraq war.
Ultimately, according to one of Hersh’s sources, they used intelligence collected in response to last December’s Syrian exercise on CW as the basis for what the Syrians would have been doing in case of an attack.
The former senior intelligence official explained that the hunt for relevant chatter went back to the exercise detected the previous December, in which, as Obama later said to the public, the Syrian army mobilised chemical weapons personnel and distributed gas masks to its troops. The White House’s government assessment and Obama’s speech were not descriptions of the specific events leading up to the 21 August attack, but an account of the sequence the Syrian military would have followed for any chemical attack. ‘They put together a back story,’ the former official said, ‘and there are lots of different pieces and parts. The template they used was the template that goes back to December.’
The White House presented this cherry-picked intelligence 9 days after the attack to a group of uncritical journalists (Hersh notes Jonathan Landay was excluded).
That’s the damning part of Hersh’s story on the intelligence used to support the Syrian warmongering (it is largely consistent with observations made at the time).
Hersh also describes how the NYT ignored the conclusions of MIT professor Theodore Postol, who determined at least some of the shells used in the attack were locally manufactured and had a much shorter range than publicly described.
Ultimately, though, Hersh’s biggest piece of news describes how someone — he doesn’t say who, but this part of his story relies on a senior intelligence consultant of unidentified nationality — sent Deputy DIA Director David Shedd a report on June 20 concluding that a former Iraqi CW expert with the capability of manufacturing sarin was operating in Eastern Ghouta.
An intelligence document issued in mid-summer dealt extensively with Ziyaad Tariq Ahmed, a chemical weapons expert formerly of the Iraqi military, who was said to have moved into Syria and to be operating in Eastern Ghouta. Continue reading
Spencer Ackerman has a review of how the first two meetings of Obama’s Non-Tech Tech Review panel have gone. And while they went about as horribly as I suspected — certainly there was no talk of actually fixing obvious problems with the dragnet — there are a few details that show how “most exceptional” this effort is.
The White House, having taken pains to pretend James Clapper is not in charge of the Director of National Intelligence Review Group on Intelligence and Communications Technologies, referred comment to James Clapper.
The White House deferred comment to the Office of the Director of National Intelligence, which did not respond.
The Non-Tech Tech Review Panel comes with a kiddie table — or rather, a conference room almost two miles away from the White House, where the tech giants got to eat.
During its first round of meetings, the panel, known as the Review Group on Intelligence and Communications Technology, separated two groups of outside advisers. One group included civil libertarian organizations such as the ACLU and the Electronic Privacy Information Center. It met in a conference room on K and 20th Streets. Morrell and Clarke did not attend.
The other, which met in the White House Conference Center, included technology companies that have participated – sometimes uneasily and at court behest – in NSA surveillance. All five panel members participated.
I’m not surprised the CIA’s representative on the Committee to Make You Love the Dragnet refused to be seen at the kiddie table with civil libertarians. But Richard Clarke?
Finally, the tech companies appear not to have sent tech experts.
The meeting itself struck [New America Foundation VP Sascha] Meinrath as bizarre. Representatives from the technology firms were identified around the table not by their names, but by placards listing their employers. There was minimal technical discussion of surveillance mechanisms despite the presence of technology companies; Meinrath took the representatives to be lawyers, not technologists.
When it appeared like the meeting would discuss a surveillance issue in a sophisticated way, participants and commissioners suggested it be done in a classified meeting.
Apparently, Cass Sunstein didn’t even have to get caught proposing weird conspiracy theories to make this thing a laughingstock.
In addition to the four people ABC earlier reported would be part of Obama’s Committee to Learn to Trust the Dragnet, Obama added … another law professor, Geoffrey Stone. (Stone is [see update], along with Swire, a worthwhile member. But not a technologist.)
What’s fucking crazy about the committee is it has zero technologists to review a topic that is highly technical. Obama implicitly admits as much! He sells this committee for their “immense experience in national security, intelligence, oversight, privacy and civil liberties.” National security, intelligence, oversight, privacy, civil liberties. No technology.
On August 9, President Obama called for a high-level group of experts to review our intelligence and communications technologies. Today the President met with the members of this group: Richard Clarke, Michael Morell, Geoffrey Stone, Cass Sunstein and Peter Swire.
These individuals bring to the task immense experience in national security, intelligence, oversight, privacy and civil liberties. The Review Group will bring a range of experience and perspectives to bear to advise the President on how, in light of advancements in technology, the United States can employ its technical collection capabilities in a way that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure.
The President thanked the Members of the Group for taking on this important task and looks forward to hearing from them as their work proceeds. Within 60 days of beginning their work, the Review Group will brief their interim findings to the President through the Director of National Intelligence, and the Review Group will provide a final report and recommendations to the President. [my emphasis]
So in spite of the fact that the White House highlights technology in its mandate, that didn’t lead them to find even a single technologist.
Also: Cass Sunstein.
Also: the Committee does, in fact, report its findings through James Clapper, the guy whose programs they will review, they guy who lied to Congress.
At least the White House isn’t promising — as Obama originally did — that it will be an “outside” “independent” committee.
Update: Egads. I take back what I said about Stone, who said this in June.
[W]hat should Edward Snowden have done? Probably, he should have presented his concerns to senior, responsible members of Congress. But the one thing he most certainly should not have done is to decide on the basis of his own ill-informed, arrogant and amateurish judgment that he knows better than everyone else in government how best to serve the national interest. The rule of law matters, and no one gave Edward Snowden the authority to make that decision for the nation. His conduct was more than unacceptable; it was criminal.
The day after the stench of torture ruined Zero Dark Thirty’s Oscar hopes, Reuters reports that the Senate Intelligence Committee has dropped its probe of the movie.
One day after “Zero Dark Thirty” failed to win major awards at the Oscars, a congressional aide said on Monday the Senate Intelligence Committee has closed its inquiry into the filmmakers’ contacts with the Central Intelligence Agency.
The intelligence committee gathered more information from the CIA, film director Kathryn Bigelow, and screenwriter Mark Boal and will not take further action, according to the aide, who requested anonymity.
And that may be all there is to the story.
Or maybe not.
As was made clear by the correspondence between Dianne Feinstein and Mike Morell in December, what DiFi wanted was to make sure CIA was not making official claims that torture worked.
In addition to ZD30′s failures last night, something else has happened — or was scheduled to happen — since that time. The CIA was supposed to provide its response to SSCI’s Torture Report on February 15. And of course, because of the delay of Brennan’s confirmation, Morell remains the Acting Director at CIA.
While I’ve seen no reporting on what they said, I presume if they were at least open to the conclusions of the report, DiFi would have less reason to continue correcting the record on ZD30 publicly.
Who knows? Maybe she achieved two objectives with her public pressure? Sinking the chances of the movie, and pushing against any rejection of the report.