With the lights out, it’s less dangerous
Here we are now, entertain us
I feel stupid and contagious
Here we are now, entertain us
A mulatto, an Albino
A mosquito, my libido, yeah
— excerpt, Smells Like Teen Spirit by Nirvana
Been a rough week so I’m indulging myself with some double bass — and because it’s Friday, it’s jazz. This is 2009 Thelonious Monk Competition winner Ben Williams whose ‘Teen Spirit’ is both spirited and minimalist. Check out this set with Home and Dawn Of A New Day, the first embued with a hip-hoppy beatmaking rhythm.
More Shadows on the wall
While Marcy has some questions about the recent alleged Shadow Brokers’ hack of NSA-front Equation Group and malware staging servers, I have a different one.
Why is Cisco, a network equipment company whose equipment appears to have been backdoored by the NSA, laying off 20% of its workforce right now? Yeah, yeah, I hear there’s a downturn in networking hardware sales due to Brexit and the Chinese are fierce competitors and businesses are moving from back-end IT to the cloud, but I see other data that says 50-60% of ALL internet traffic flows through Cisco equipment and there are other forecasts anticipating internet traffic growth to double between now and 2020, thanks in part to more video streaming and mobile telecom growth replacing PCs. Sure, software improvements will mediate some of that traffic’s pressure on hardware, but still…there’s got to be both ongoing replacement of aging equipment and upgrades (ex: Southwest Airlines’ router-fail outage), let alone new sales, and moving the cloud only means network equipment is consolidated, not distributed. Speaking of new sales and that internet traffic growth, there must be some anticipation related to increased use of WiFi-enabled Internet of Things stuff (technical term, that — you know, like Philips’ Hue lighting and Google Nest thermostats and Amazon Echo/Alexa-driven services).
Something doesn’t add up. Or maybe something rolls up. I dunno’. There are comments out on the internet suggesting competitor Huawei is hiring — that’s convenient, huh?
AI and Spy
Late adder: Travel Advisory issued for pregnant women to avoid Miami Beach area according to CDC — Five more cases of Zika have been identified and appeared to have originated in the newly identified second Zika zone, this one east of Biscayne Bay in the Miami Beach area. The initial Zika zone was on the west side of Biscayne Bay. The CDC also discouraged pregnant women and their sex partners from traveling to Miami-Dade County as a whole; the county has now had a total of 36 cases of Zika.
In the video in the report linked above, FL Gov. Rick Scott pokes at the White House about additional Zika assistance, but Scott previously reduced spending on mosquito control by 40%. Now he’s ready to pay private firms to tackle mosquito spraying. Way to go, Republican dirtbag. Penny wise, pound foolish, and now it’s somebody else’s job to bat cleanup.
Longread: Stampede at JFK
A firsthand account of the public’s stampede-like reaction to a non-shooting at New York’s JFK International Airport. To paraphrase an old adage, if all you have is a gun, everything looks and sounds like a shooting.
Let go of your fear and let the weekend begin.
Covers are often treated like poor relations in hand-me-downs. It’s not the performer’s own work, how can they possibly do the original justice?
Yeah…and then this. I think it’s an example of an exceptional cover. It’s one of my favorites. There are a number of other fine covers of this same piece — some are sweet, some have better production values, and some are very close to Radiohead’s original recording. But this one has something extra. Carrie Manolakos, a Broadway performer known for her role as Elphaba in Wicked, takes a breath at 2:19 and watch out. Her second album will release next month if you enjoy her work.
In Sickness and Health
Here, read these two stories and compare them:
Leaving you with the actual heds on these articles. How isn’t this simple extortion? You know, like, “Nice national health care system you’ve got there. It’d be a shame if anything happened to it.”
Cry me a river about corporate losses. Last I checked Aetna’s been paying out dividends regularly, which means they still have beaucoup cash.
If only we’d had a debate about offering single payer health care for everyone back in 2009 so we could say Fuck You to these vampiric corporate blackmailers.
Still in Shadow
A timeline of articles, analysis, commentary on the hacking of NSA malware staging servers by Shadow Brokers — no window dressing, just links:
15-AUG-2016 8:48 AM — https://twitter.com/mikko/status/765168232454037504 (Mikko Hypponen–Kaspersky tweeting discovery of Shadow Brokers’ auction of Equation Group code)
16-AUG-2016 7:22 AM — http://cybersecpolitics.blogspot.com/2016/08/why-eqgrp-leak-is-russia.html (Info sec expert Dave Aitel’s assessment on hackers responsible)
16-AUG-2016 7:40 AM — https://twitter.com/Snowden/status/765513662597623808 (Edward Snowden’s tweet thread [NB: don’t be an idiot and click on any other links in that thread])
16-AUG-2016 7:22 PM — https://securelist.com/blog/incidents/75812/the-equation-giveaway/ (time zone unclear)
16-AUG-2016 ?:?? — http://xorcat.net/2016/08/16/equationgroup-tool-leak-extrabacon-demo/
17-AUG-2016 8:05 AM EST — https://motherboard.vice.com/read/what-we-know-about-the-exploits-dumped-in-nsa-linked-shadow-brokers-hack
17-AUG-2016 ?:?? — https://www.cs.uic.edu/~s/musings/equation-group/ (University of Illinois’ Stephen Checkoway’s initial impressions)
17-AUG-2016 7:23 PM EST — https://www.washingtonpost.com/world/national-security/nsas-use-of-software-flaws-to-hack-foreign-targets-posed-risks-to-cybersecurity/2016/08/17/657d837a-6487-11e6-96c0-37533479f3f5_story.html
18-AUG-2016 6:59 AM EST — https://twitter.com/RidT/status/766228082160242688 (Thomas Rid suggests Shadow Brokers’ auction may be “retaliation” — note at this embedded tweet the use of “retaliation” and the embedded, highlighted image in which the words “Panama Papers” appear in red. Make of that what you will.)
18-AUG-2016 2:35 PM EST — https://motherboard.vice.com/read/the-shadow-brokers-nsa-leakers-linguistic-analysis (Two linguists suggest Shadow Brokers’ primary language is English distorted to mimic Russian ESL)
You know what this reminds me of? Sony Pictures’ email hacking. Back and forth with Russia-did-it-maybe-not-probably, not unlike the blame game pointing to North Korea in Sony’s case. And the linguistic analysis then suggesting something doesn’t quite fit.American Refugees
Except there really is a problem. The embedded image here is the front page of each of the four largest newspapers in the U.S. based on circulation, total combined circulation roughly six million readers. NONE OF THEM have a story on the front page about the flooding in Louisiana, though three of them covered the California Blue Cut Fire. Naturally, one would expect the Los Angeles Times to cover a fire in their own backyard, and they do have a nice photo-dense piece online. But nothing on the front page about flooding.
The Livingston Parish, Louisiana sheriff noted more than 100,000 parish residents had lost everything in the flood. There are only 137,000 total residents in that parish.
Between the +80,000 Blue Cut Fire evacuees and more than 100,000 left temporarily homeless in Louisiana, the U.S. now has more than a couple hundred thousand climate change refugees for which we are utterly unprepared. The weather forecast this week is not good for the Gulf Coast as unusually warm Gulf water continues to pump moisture into the atmosphere. We are so not ready.
Longread: The last really big American flood
Seven Scribes’ Vann R. Newkirk II looks at the last time a long bout of flooding inundated low-lying areas in the south, setting in motion the Great Migration. This is the history lesson we’ve forgotten. We need to prepare for even worse because like the Blue Cut Fire in California and Hurricane Sandy in New Jersey and New York, disaster won’t be confined to a place too easily written off the front page.
One more day. Hope to make it through.
 Edited for clarity. Kind of.
Volkswagen’s bad news, good news as Detroit’s auto show opens
Bad news first: In news dump zone on Friday afternoon, we heard Volkswagen wasn’t going to release documents pertaining to the emissions control defeat scandal to several U.S. states’ attorneys. VW said it couldn’t due to privacy laws, which sounds dicey; why do corporations have privacy rights? You’d think only U.S. businesses would attempt such excuses.
The good news was held until VW’s CEO Matthias Mueller arrived in U.S. for the soft opening of the North American International Auto Show in Detroit. VW is working on a catalytic converter it believes will resolved the emissions problem for roughly 2/3 of the affected vehicles. I’m guessing this is fix is intended for the oldest vehicles, and that the newest ones are likely to be swapped with a new vehicle, or a sizeable discount on a replacement will be offered. Color me skeptical about the effectiveness of this fix; if this was such an obvious and easy solution, it would already appear on VW’s diesel-powered passenger vehicles. Fuel economy will likely diminish due to increased back pressure — but that’s why I think this fix is for the oldest cars. It would encourage VW loyalists to buy a new one.
Juniper Network shuts the (a?) backdoor
The network equipment company says it’s “dropping” NSA-developed code after the revelation of a backdoor into their network device software. Does anyone believe all covert access by NSA has now been eliminated, though, if Juniper’s source code isn’t open?
Apple’s devices monitoring your emotions soon?
Ridiculously cash-rich Apple snapped up artificial intelligence company Emotient, which makes an application to interpret users’ emotions based on their facial expressions — sentiment analysis, they call it. I call it creepy as hell, especially since smartphone users can’t be absolutely certain their cameras aren’t in use unless they physically cover the apertures.
And yes, I do cover apertures on my devices with low-tack adhesive tape. It’s the first thing I do after opening the box on any new camera-enabled device, even before charging the battery.
That’s enough to get your cart moving. I hope to have a post up later, on the recent power outage in Ukraine.
7:03 am – Popular Security Software Came Under Relentless NSA and GCHQ Attacks (The Intercept)
7:12 am – US and British Spies Targeted Antivirus Companies (WIRED)
9:48 am – Spies are cracking into antivirus software, Snowden files reveal (The Hill)
12:18 pm – GCHQ has legal immunity to reverse-engineer Kaspersky antivirus, crypto (Ars Technica-UK)
12:57 pm* – US, UK Intel agencies worked to subvert antivirus tools to aid hacking [Updated] (Ars Technica)(*unclear if this is original post time or time update posted))
~3:00 pm – NSA Has Reverse-Engineered Popular Consumer Anti-Virus Software In Order To Track Users (TechCrunch)
(post time is approximate as site only indicates rounded time since posting)
The question I don’t think anyone can answer yet is whether the hack of Kaspersky Lab using Duqu 2.0 was part of the effort by NSA or GCHQ, versus another nation-state. I would not be surprised if the cover over this operation was as thin as letting the blame fall on another entity. We’ve seen this tissue paper-thin cover before with Stuxnet.
For the general public, it’s important to note two things:
— Which firms were not targeted (that we know of);
— Understand the use of viruses and other malware that already threaten and damage civilian computing systems only creates a bigger future threat to civilian systems.
Once a repurposed and re-engineered exploit has been discovered, the changes to it are quickly shared, whether to those with good intentions or criminal intent. Simply put, criminals are benefiting from our tax dollars used to help develop their future attacks against us.
There’s a gross insufficiency of words to describe the level of shallow thinking and foresight employed in protecting our interests.
And unfortunately, the private sector cannot move fast enough to get out in front of this massive snowball of shite rolling towards it and us.
EDIT — 5:55 pm EDT —
And yes, I heard about the Polish airline LOT getting hit with a DDoS, grounding their flights. If as the airline’s spokesman is correct and LOT has recent, state-of-the-art systems, this is only the first such attack.
But if I were to hear about electrical problems on airlines over the next 24-48 hours, I wouldn’t automatically attribute it to hacking. We’re experiencing effects of a large solar storm which may have caused/will cause problems over the last few hours for GPS, communications, electricals systems, especially in North America.
EDIT — 1:15 am EDT 23JUN2015 —
At 2:48 pm local time Christchurch, New Zealand’s radar system experienced a “fault” — whatever that means. The entire radar system for the country was down, grounding all commercial flights. The system was back up at 4:10 pm local time, but no explanation has yet been offered as to the cause of the outage. There were remarks in both social media and in news reports indicating this is not the first such outage; however, it’s not clear when the last fault was, or what the cause may have been at that time.
It’s worth pointing out the solar storm strengthened over the course of the last seven hours since the last edit to this post. Aurora had been seen before dawn in the southern hemisphere, and from northern Europe to the U.S. Tuesday evening into Wednesday morning. It’s possible the storm affected the radar system — but other causes like malware, hacking, equipment and human failure are also possibilities.
The use of stolen Foxconn digital certificates in Duqu 2.0 gnaws at me, but I can’t put my finger on what exactly disturbs me. As detailed as reporting has been, there’s not enough information about this malware’s creation. Nor is there enough detail about its targeting of Kaspersky Lab and the P5+1 talks with Iran.
Kaspersky Lab carefully managed release of Duqu 2.0 news — from information security firm’s initial post and an op-ed, through the first wave of media reports. There’s surely information withheld from the public, about which no other entities know besides Kaspersky Lab and the hackers.
Is it withheld information that nags, leaving vaporous voids in the story’s context? Possibly.
But there are other puzzle pieces floating around without a home, parts that fit into a multi-dimensional image. They may fit into this story if enough information emerges.
Putting aside how much Duqu 2.0 hurts trust in certificates, how did hackers steal any from Foxconn? Did the hackers break into Foxconn’s network? Did they intercept communications to/from Foxconn? Did they hack another certificate authority?
If they broke into Foxconn, did they use the same approach the NSA used to hack Syria — with success this time? You may recall the NSA try to hack Syria’s communications in 2012, by inserting an exploit into a router. But in doing so, the NSA bricked the router. Because the device was DOA, the NSA could not undo its work and left evidence of hacking behind. The router’s crash took out Syria’s internet. Rapid recovery of service preoccupied the Syrians so much that they didn’t investigate the cause of the crash.
The NSA was ready to deny the operation, though, should the Syrians discover the hack:
…Back at TAO’s operations center, the tension was broken with a joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”
Did the NSA’s attempted hack of Syria in 2012 provide direction along with added incentive for Duqu 2.0? The failed Syria hack demonstrated evidence must disappear with loss of power should an attempt crash a device — but the malware must have adequate persistence in targeted network. NSA’s readiness to blame Israel for the failed Syria hack may also have encouraged a fuck-you approach to hacking the P5+1 Iran talks. Continue reading
The NYT has a report on an IG Report from May that reveals the Postal Service has been doing a lot more “mail covers” (that is, tracking the metadata from letters) than it had previously revealed.
In a rare public accounting of its mass surveillance program, the United States Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations.
The number of requests, contained in a little-noticed 2014 audit of the surveillance program by the Postal Service’s inspector general, shows that the surveillance program is more extensive than previously disclosed and that oversight protecting Americans from potential abuses is lax.
Among the most interesting revelations is that USPS previously lowballed the number of covers it does in response to a NYT FOIA by simply not counting most of the searches.
In information provided to The Times earlier this year under the Freedom of Information Act, the Postal Service said that from 2001 through 2012, local, state and federal law enforcement agencies made more than 100,000 requests to monitor the mail of Americans. That would amount to an average of some 8,000 requests a year — far fewer than the nearly 50,000 requests in 2013 that the Postal Service reported in the audit.
The difference is that the Postal Service apparently did not provide to The Times the number of surveillance requests made for national security investigations or those requested by its own investigation and law enforcement arm, the Postal Inspection Service. Typically, the inspection service works hand in hand with outside law enforcement agencies that have come to the Postal Service asking for investigations into fraud, pornography, terrorism or other potential criminal activity.
The report led Ben Wittes to engage in a thought experience, predicting the response to this revelation will be muted compared to that of the phone dragnet.
All of this raises the question: Will this program generate the sort of outrage, legal challenge, and feverish energy for legislative reform that the NSA program has? Or will it fall flat?
I have this feeling that the answer is the latter: The Postal Service’s looking at the outside of letters at the request of law enforcement just won’t have the same legs as does the big bad NSA looking at the routing information for telephone calls. The reason, I suspect, is not that there are profound legal differences between the two programs. Yes, one can certainly argue that the difference between a program that aspires to be totalizing and one that is notionally targeted, even if very large, is fundamental enough to justify regarding the former with great skepticism and tolerating the latter with a shrug. On the other hand, one could just as easily argue that a program that involves the active perusal of tens of thousands of people’s metadata without strict controls is far more threatening than one that involves tight procedures under judicial oversight and involves initial queries of only a few hundred people’s data.
The reason, I suspect, that this program will not excite the same sorts of passions as does the NSA’s program is that it involves old technology—paper—and it’s been going on for a long time.
I agree with Wittes that this won’t generate the same kind of outrage.
The fact that few noticed when Josh Gerstein reported on this very same report (and revealed that the USPS was trying to prevent the report’s release) back in June (I noticed, but did not write on it) supports Wittes’ point.
All that said, Wittes’ piece serves as an interesting example. Partly because he overstates the oversight of the phone dragnet program. Somehow Wittes doesn’t think the watchlisting of 3,000 presumed American persons with no First Amendment review until 2009 is not an example of abuse. Nor the preservation of 3,000 files worth of phone dragnet data on a research server, mixed in with Stellar Wind data, followed by its destruction before NSA had to explain what it was doing there (which is a more recent abuse than Joe Arpaio’s use of the mail dragnet to target a critic, reported in the NYT).
But also because Wittes misconstrues what a true comparison would entail.
To compare phone dragnet, generally, with the mail dragnet described by the NYT (now including both its national security and Postal Inspection searches), you’d have to compare Title III and local law enforcement phone metadata searches (which number in the hundreds of thousands and include the use of Stingrays to track phone location), Hemisphere (which must number in the 10s of thousands and not only undergo no court review, but are explicitly parallel constructed), the use of NSLs to obtain phone metadata (which number in the 10s of thousands, and which are not overseen by a court, have been subject to abuse, also miscount the most important requests, and access new kinds of data that probably aren’t really covered under the law), the Section 215 dragnet, the FBI bulk PRTT program, as well as the far far bigger EO 12333 phone dragnet.
That is, Wittes wants to compare the totality of the mail dragnet with a teeny segment of even the NSA phone dragnet, all while ignoring the state, local, and other federal agency (including at least FBI, USMS, and DEA) phone dragnets entirely, and declare the former roughly equivalent to the latter (better in some ways, worse in others). If you were to compare the totality of the mail dragnet (admittedly, you’d have to add Fedex and other courier dragnets) with the totality of the phone dragnet, the latter would vastly exceed the former in every way: in abuse, in lack of oversight, and in scale.
And to measure the “passions” mobilized against the phone dragnet, you’d have to measure it all. Attention to the various parts has been fleeting: today there’s more focus on Stingrays, for example, with comparatively less attention to the Section 215 phone dragnet, along with a focus on Hemisphere. There’s so much phone dragnet to go around, it’s like a never-ending game of whack-a-mole.
Or perhaps more appropriately, of that old fable of the 6 blind men and the elephant, where each of a series of blind men describe an elephant. These men each feel one part of the elephant and see a pillar, a rope, a tree branch, a hand fan, a wall, and a solid pipe. Together, they fail to conceive of the elephant in its entirety.
Wittes’ partial view of the phone dragnet describes just one part of one part of the dragnet elephant. At both the NSA, the FBI, and local JTTFs (at a minimum) you’re not conceiving the dragnet unless you understand the implications of matching your phone records and email records to your financial purchases and Internet search cookies — and, your snail mail, which is ultimately just a part of the larger dragnet. Each of those dragnets has several interlocking forms, too. More Title III orders, more NSLs, more Section 215 orders, and more EO 12333 collection. All dumped into a black box that — even for the Section 215 phone dragnet — undergoes no apparent oversight.
But Wittes is by no means alone in his partial view of the dragnet elephant. We all suffer from it. Since the very start of the Snowden leaks, I have been trying hard to track how NSA data gets shared with other agencies (see, for example, NCTC, FBI and CIA, “Team Sport,” ATF). I suspect I’ve got as good an understanding of how this data worms its way through the government as anyone outside of some corners of government, but it still looks like an elephant trunk to me.
That, to me, is the real lesson from the focus on yet another dragnet available to yet more intelligence and law enforcement agencies. None of us yet have a good sense of the scope of the dragnet. It is, quite literally, inconceivable. And we have even less of an idea of what happens after the dragnet feeds all that data into a series of black boxes, most subject to very little oversight.
With each new elephant body part identified, we’d do well to remember, it’s just one more body part.
The most chilling part of this reporting is a network engineer’s reaction (see here on video) when he realizes he is marked or targeted as a subject of observation. He’s assured it’s not personal, it’s about the work he does – but his reaction still telegraphs stress. An intelligence agency can get to him, has gotten to him; he’s touchable.
The truth is that almost any of us who follow national security, cyber warfare, or information technology are potential subjects depending on our work or play.
The metadata we generate is only part of the observation process; it provides information about our individual patterns of behavior, but may not actually disclose where we are.
TREASURE MAP goes further, by providing the layout of the network on which any of us are generating metadata. But there is some other component either within TREASURE MAP, or within a complementary tool, that provides the physical address of any networked electronic device.
The NSA has the ability to track individuals not only by Internet Protocol addresses (IP addresses), but by media access control addresses (MAC addresses), according a recent interview with Snowden by James Bamford in Wired. This little nugget was a throwaway; perhaps readers already assumed this capability has existed, or didn’t understand the implications:
…But Snowden’s disenchantment would only grow. It was bad enough when spies were getting bankers drunk to recruit them; now he was learning about targeted killings and mass surveillance, all piped into monitors at the NSA facilities around the world. Snowden would watch as military and CIA drones silently turned people into body parts. And he would also begin to appreciate the enormous scope of the NSA’s surveillance capabilities, an ability to map the movement of everyone in a city by monitoring their MAC address, a unique identifier emitted by every cell phone, computer, and other electronic device.
In simple terms, IP addresses are like phone numbers — they are assigned. They can be static; a printer on a business network, for example, may be assigned a static address to assure it is always available to accept print orders at a stationary location. IP addresses may also be dynamic; if there’s an ongoing change in users on a network, allowing them to use a temporary address works best. Think of visits to your local coffee shop where customers use WiFi as an example. When they leave the premise, their IP address will soon revert to the pool available on the WiFi router. Continue reading
It is looking more and more likely that Abdullah Abdullah will continue his boycott of the vote-counting process in Afghanistan. As I noted Friday, thousands of his supporters took to the streets to protest the expected outcome and to call for fraudulent votes to be discarded. Abdullah’s camp released even more evidence Saturday, consisting of two audiotapes of conversations among officials in Paktika province regarding 20 ballot boxes which were found to be already stuffed with ballots on the night before the election. ToloNews informs us that one of the tapes was a conversation between the Paktika provincial Independent Election Commission (IEC) head and the executive assistant of Zia-ul-Haq Amarkhail (the head of the IEC, who resigned after Abdullah released the first set of tapes). The second tape purports to be yet another recording of Amarkhail himself, this time participating in a discussion (again with the provincial IEC head) of how to deflect blame for the stuffed ballot boxes found in Paktika:
Amarkhail begins by stressing his frustration about the situation with the ANA commander revealing information to the media about the ballot stuffing. The provincial IEC head told Amarkhail that a video was made of the men stuffing 20 ballot boxes with 12,000 votes and in each box exactly 600 votes were stuffed and that the ANA wants to “broadcast this through TOLO TV.”
Concerned and upset about their position, the provincial IEC head suggests to Amarkhail that they hold a press conference defaming the ANA commander by stating that these frauds were conducted by the commander and his men.
After proposing the idea, the Gov. of Paktika, Muhebullah Samim, takes the phone approving the idea of holding a press conference expressing to Amarkhail that this is their only way out is by blaming the commander that he forced the “boys to do this and the boys will admit to it. The boys are willing to say that the ANA commander has forced them to stuff boxes.”
Content with the idea, Amarkhail agrees to the plan and begins to tell the men what needs to be done and how.
In a followup article, ToloNews provides the most incriminating part of the discussion and notes that they had reported the discovery of the stuffed ballot boxes before the election on the day they were found by the army: Continue reading
Ken Dilanian has a very interesting article in the Los Angeles Times outlining the latest failure in Congress’ attempts to exert oversight over drones. Senator Carl Levin had the reasonable idea of calling a joint closed session of the Senate Armed Services and Intelligence Committees so that the details of consolidating drone functions under the Pentagon (and helping the CIA to lose at least one of its paramilitary functions) could be smoothed out. In the end, “smooth” didn’t happen:
An effort by a powerful U.S. senator to broaden congressional oversight of lethal drone strikes overseas fell apart last week after the White House refused to expand the number of lawmakers briefed on covert CIA operations, according to senior U.S. officials.
Sen. Carl Levin (D-Mich.), who chairs the Armed Services Committee, held a joint classified hearing Thursday with the Senate Intelligence Committee on CIA and military drone strikes against suspected terrorists.
But the White House did not allow CIA officials to attend, so military counter-terrorism commanders testified on their own.
But perhaps the White House was merely retaliating for an earlier slight from Congress:
In May, the White House said it would seek to gradually move armed drone operations to the Pentagon. But lawmakers added a provision to the defense spending bill in December that cut off funds for that purpose, although it allows planning to continue.
Dilanian parrots the usual framing of CIA vs JSOC on drone targeting:
Levin thought it made sense for both committees to share a briefing from generals and CIA officials, officials said. He was eager to dispel the notion, they said, that CIA drone operators were more precise and less prone to error than those in the military.
The reality is that targeting in both the CIA and JSOC drone programs is deeply flawed, and the flaws lead directly to civilian deaths. I have noted many times (for example see here and here and here) when John Brennan-directed drone strikes (either when he had control of strike targeting as Obama’s assassination czar at the White House or after taking over the CIA and taking drone responsibility with him) reeked of political retaliation rather than being logically aimed at high value targets. But those examples pale in comparison to Brennan’s “not a bake sale” strike that killed 40 civilians immediately after Raymond Davis’ release or his personal intervention in the peace talks between Pakistan and the TTP. JSOC, on the other hand, has input from the Defense Intelligence Agency, which, as Marcy has noted, has its own style when it comes to “facts”. On top of that, we have the disclosure from Jeremy Scahill and Glenn Greenwald earlier this week that JSOC will target individual mobile phone SIM cards rather than people for strikes, without confirming that the phone is in possession of the target at the time of the strike. The flaws inherent in both of these approaches lead to civilian deaths that fuel creation of even more terrorists among the survivors.
Dilanian doesn’t note that the current move by the White House to consolidate drones at the Pentagon is the opposite of what took place about a year before Brennan took over the CIA, when his group at the White House took over some control of JSOC targeting decisions, at least with regard to signature strikes in Yemen.
In the end, though, it’s hard to see how getting all drone functions within the Pentagon and under Senate Armed Services Committee oversight will improve anything. Admittedly, the Senate Intelligence Committee is responsible for the spectacular failure of NSA oversight and has lacked the courage to release its thorough torture investigation report, but Armed Services oversees a bloated Pentagon that can’t even pass an audit (pdf). In the end, it seems to me that this entire pissing match between Congress and the White House is over which committee(s) will ultimately be blamed for failing oversight of drones.
I confess, I don’t really know what Angry Birds is, except that my tweener niece was hot on the game a year ago.
But apparently it must be a key part of terrorist training (which makes me worried about my niece), because the NSA gathers up cell phone data the Angry Birds app leaks.
The National Security Agency and its UK counterpart GCHQ have been developing capabilities to take advantage of “leaky” smartphone apps, such as the wildly popular Angry Birds game, that transmit users’ private information across the internet, according to top secret documents.
From some app platforms, relatively limited, but identifying, information such as exact handset model, the unique ID of the handset, software version, and similar details are all that are transmitted.
Other apps choose to transmit much more data, meaning the agency could potentially net far more. One mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media’s website states it has partnered with Rovio on a special edition of Angry Birds; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.
Rovio, the maker of Angry Birds, said it had no knowledge of any NSA or GCHQ programs looking to extract data from its apps users.
“Rovio doesn’t have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks,” said Saara Bergström, Rovio’s VP of marketing and communications. “Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ].”
Millennial Media did not respond to a request for comment.
This is all very predictable (and will undoubtedly finally launch a conversation about data spillage on mobile apps).
But seriously. How many Angry Bird players does NSA really claim it has a valid foreign intelligence purpose to target?