Is Trump’s Revelation the Same as Craig Murray’s Revelation: An American Cut-Out?

Because security professionals are so confident in the Russian attribution of the DNC hack, they have largely ignored alternative theories from the likes of Wikileaks and Bill Binney. That’s unfortunate, because Craig Murray, in his description of his own role in getting the Podesta files to Wikileaks, at least, revealed a detail that needs greater attention. He believes he received something (perhaps the documents themselves, perhaps something else) from a person with ties to US national security.

[I]f we believe that Murray believes this, we know that the intermediary can credibly claim to have ties to American national security.

So on September 25, Murray met a presumed American in DC for a hand-off related to the Podesta hack.

I raise that because Trump is now promising we’ll learn something this week about the hack that may cast doubt on the claims Russia was behind it.

He added: “And I know a lot about hacking. And hacking is a very hard thing to prove. So it could be somebody else. And I also know things that other people don’t know, and so they cannot be sure of the situation.”

When asked what he knew that others did not, Mr. Trump demurred, saying only, “You’ll find out on Tuesday or Wednesday.”

If Murray met an American claiming to have done the hack, then Trump may have too. That doesn’t mean the Russians didn’t do the hack (though it could mean an American borrowed GRU’s tools to do it). It could just as easily mean the Russians have an American cut-out, and that while the security community has been looking for Russian-speaking proxies, they’ve ignored the possibility of American ones.

I have a suspicion that Trump’s campaign did meet with such a person (I even have a guess about when it would have happened).

I guess we’ll learn more this week.

The Conspiracy Theory in YouGov’s Conspiracy Theory Poll

YouGov has a poll showing that “belief in conspiracy theories largely depends on political identity.” For example, it shows that Republicans believe Obama is Kenyan.

It focuses on several things it considers conspiracy theories tied to this election, including pizzagate, millions of alleged illegal votes, and claims about the Russian hack.

Interestingly, it shows that half of Clinton voters believe that Russia tampered with vote tallies to get Trump elected, in spite of the White House’s assurances that did not happen.

It’s the other tested question about Russian hacking that strikes me as more curious. 87% of Clinton voters believe Russia hacked Democratic emails “in order to help Donald Trump,” whereas only 20% of Trump voters believe that.

That’s about the result I’d expect. But to explain why this is a conspiracy theory, YouGov writes,

Similarly, even after the Central Intelligence Agency and the Federal Bureau of Investigation reported that Russia was responsible for the leaks of damaging information from the Democratic National Committee and the Clinton campaign and that the hacking was done to help Donald Trump win the Presidency, only one in five say that is definitely true, about the same percentage as believe it is definitely not true.

So YouGov bases this “truth” on a claim that the CIA and FBI “reported that Russia was responsible for the leaks … and that the hacking was done to help Donald Trump win the Presidency.”

Except there has been no such report, not from CIA and FBI, anyway.

There was an official report finding that,

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. … These thefts and disclosures are intended to interfere with the US election process.

That is, the official report stated that the hack was “intended to interfere with the US election process;” it did not say the hack was done to help Trump.

Moreover, while the report speaks for the entire IC (including the FBI), the report itself came from DHS and ODNI, not FBI or CIA.

It is absolutely true that anonymous leakers — at least some of whom appear to be Democratic Senate sources — claim that CIA said the hack happened to get Trump elected. It is also true that anonymous sources passed on the substance of a John Brennan letter that said in separate conversations with Jim Comey and James Clapper, each agreed with Brennan about the purpose of the hack, which WaPo edited its previous reporting to say included electing Trump as one of a number of purposes, but that’s a third-hand report about what Jim Comey believes.

But that was not an official report, not even from CIA. Here’s what John Brennan said when interviewed about this topic by NPR’s Mary Louise Kelly:

You mentioned the FBI director and the director of national intelligence. And NPR confirmed with three sources that after the three of you meeting last week, you sent a memo to your workforce and that the memo read: There is strong consensus among us on the scope, nature and intent of Russian interference in our presidential elections. Is that an accurate quote from your memo?

I certainly believe that, that there is strong consensus.

Was there ever not?

Well, sometimes in the media, there is claims, allegations, speculation about differences of view. Sometimes I think that just feeds concerns about, you know, the strength of that intelligence and …

And in this case it was reports of tension between FBI and CIA …

… and differences of view. And I want to make sure that our workforce is kept as fully informed as possible so that they understand that what we’re doing, we’re doing in close coordination with our partners in the intelligence community. And so I try to keep my workforce informed on a periodic basis. But aside from whatever message I might have sent out to the workforce, there is, I strongly believe, very strong consensus among the key players — but not just the leaders of these organizations, but also the institutions themselves. And that’s why we’re going through this review. We want to make sure that we scrub this data, scrub the information and make sure that the assessment and analysis is as strong and as grounded as it needs to be.

That quote I read you about the memo that you sent mentioned that there is agreement on scope, nature and intent of Russian interference. And intent is the one that’s been controversial recently, the question of motive. How confident are you in the intelligence on that? It seems like proving motive is an infinitely harder thing than proving that somebody did something. The “why” is tough.

I will not disagree with you that the why is tough. And that’s why there needs to be very careful consideration of what it is that we know, what it is that we have insight into and what our analysis needs to be. But even back in early October when Jim Clapper and Jeh Johnson put out this statement, it said “the intent to interfere in the election.” Now, there are different elements that could be addressed in terms of how it wanted to interfere. And so that’s why this review is being done to make sure that there is going to be a thorough look at the nature, scope and intent of what transpired.

What’s been reported is that the CIA has concluded the intent was to interfere with the election with the purpose of swinging at Donald Trump. Is that an accurate characterization?

That’s an accurate characterization of what’s been appearing in the media. Yes.

Is it an accurate characterization of where the CIA is on this?

Well, that’s what the review is going to do. And we will be as forward-leaning as the intelligence and analysis allows us to be, and we will make sure that, again, President Obama and the incoming administration understands what the intelligence community has assessed and determined to have happened during the run-up to this election.

Why not confirm that that’s where the CIA is on this? Why not confirm if you have the evidence that you believe is …

Because I don’t work for NPR, Mary Louise. I work for the president, I work for the administration, and it is my responsibility to give them the best information and judgment possible.

That is, the CIA Director specifically avoided stating what he or his agency believes the motive to be, deferring to the ongoing review of the evidence, something that Obama also did in his press conference earlier this month.

Q Mr. President, I want to talk about Vladimir Putin again. Just to be clear, do you believe Vladimir Putin himself authorized the hack? And do you believe he authorized that to help Donald Trump? And on the intelligence, one of the things Donald Trump cites is Saddam Hussein and the weapons of mass destruction, and that they were never found. Can you say, unequivocally, that this was not China, that this was not a 400-pound guy sitting on his bed, as Donald Trump says? And do these types of tweets and kinds of statements from Donald Trump embolden the Russians?

THE PRESIDENT: When the report comes out, before I leave office, that will have drawn together all the threads. And so I don’t want to step on their work ahead of time.

What I can tell you is that the intelligence that I have seen gives me great confidence in their assessment that the Russians carried out this hack.

None of that is to say that CIA and (perhaps to a lesser extent) FBI don’t think Russia hacked Democrats to help Trump, as one of several — probably evolving over the course of the election — reasons. CIA surely does (but then it has a big incentive to downplay the most obvious motivation, that Russia was retaliating for perceived and real CIA covert actions against it). FBI probably does.

But there has been no “report” that they believe that, just anonymous reports of reports. The official stance of the Executive Branch is that they’re conducting a review of the evidence on this point.

Perhaps if YouGov wants to test conspiracy theories, it should start by sticking to topics about which there aren’t a slew of anonymous leaks and counter-leaks contravened by public deferral?

Now the Spooks Are Leaking Criticism of Obama’s Sole Use of the “Red Phone”

NBC, which seems to be sharing the role of spook leak central with WaPo, has upped the ante on previous leaks. Last night, it revealed that on October 31, Obama used the “Red Phone” (which is in reality an email system) designed to avert disasters with Russia for the first time in his Administration to warn Vladimir Putin not to fuck with our election process.

A month later, the U.S. used the vestige of an old Cold War communications system — the so-called “Red Phone” that connects Moscow to Washington — to reinforce Obama’s September warning that the U.S. would consider any interference on Election Day a grave matter.

This time Obama used the phrase “armed conflict.”

The reason we’re getting this leak seems fairly clear. Not only are Democrats peeved that Obama didn’t manage to recall or suppress documents already leaked to WikiLeaks, but one “senior intelligence official” is angry that Obama laid down no bright line.

A senior intelligence official told NBC News the message ultimately sent to the Russians was “muddled” — with no bright line laid down and no clear warning given about the consequences. The Russian response, said the official, was non-committal.

I’m pretty favorable to leaks (though not their use to preempt deliberative assessment of intelligence). They serve an important check on government, even on the President.

But it alarms me that someone decided it was a good idea to go leak criticisms of a Red Phone exchange. It would seem that such an instrument depends on some foundation of trust that, no matter how bad things have gotten, two leaders of nuclear armed states can speak frankly and directly.

Without that conversation being broadcast to the entire world via leaks.

It would seem such a leak might lead Putin to take such exchanges less seriously in the future knowing that the spooks reviewing the exchange don’t take the gravity of it all that seriously.

Ah well. Good things these spooks are so successfully combatting the inappropriate leak of information by leaking more information.

Matt Olsen Admits He Didn’t Bargain on a President Trump

Something predictable, but infuriating, happened at least week’s Cato conference on surveillance.

A bunch of spook lawyers did a panel, at which they considered the state of surveillance under Trump. Former White House Director of Privacy and Civil Liberties Tim Edgar asked whether adhering to basic norms, which he suggested would otherwise be an adequate on surveillance, works in a Trump Administration.

In response, former NSA General Counsel Matt Olsen provided an innocuous description of the things he had done to expand the dragnet.

I fought hard … in the last 10 [years] when I worked in national security, for increasing information sharing, breaking down barriers for sharing information, foreign-domestic, within domestic agencies, and for the modernization of FISA, so we could have a better approach to surveillance.

Then, Olsen admitted that he (who for three years after he left NSA headed up the National Counterterrorism Center managing a ton of analysts paid to imagine the unimaginable) did not imagine someone like Trump might come along.

As I fought for these changes, I did not bargain on a President Trump. That was beyond my ability to imagine as a leader of the country in thinking about how these policies would actually be implemented by the Chief Executive.

It was beyond his ability [breathe, Marcy, breathe] to imagine someone who might abuse power to come along!!!

What makes Olsen’s comment even more infuriating that I called out Olsen’s problematic efforts to “modernize” FISA and sustain the phone dragnet even in spite of abuse in September, in arguing that Hillary could not, in fact, be supporting a balanced approach on intelligence if she planned on hiring him, as seemed likely.

Olsen was the DOJ lawyer who oversaw the Yahoo challenge to PRISM in 2007 and 2008. He did two things of note. First, he withheld information from the FISC until forced to turn it over, not even offering up details about how the government had completely restructured PRISM during the course of Yahoo’s challenge, and underplaying details of how US person metadata is used to select foreign targets. He’s also the guy who threatened Yahoo with $250,000 a day fines for appealing the FISC decision.

Olsen was a key player in filings on the NSA violations in early 2009, presiding over what I believe to be grossly misleading claims about the intent and knowledge NSA had about the phone and Internet dragnets. Basically, working closely with Keith Alexander, he hid the fact that NSA had basically willfully treated FISA-collected data under the more lenient protection regime of EO 12333.

These comments were used, in this post by former NSA Compliance chief John DeLong and former NSA lawyer Susan Hennessey (the latter of whom was on this panel) to unbelievably dishonestly suggest that surveillance skeptics, embodied by me and EFF’s Nate Cardozo (who has been litigating some of these issues for years), took our understanding of NSA excesses from one footnote in a FISA Court opinion, rather than from years of reading underlying documents.

Readers are likely aware of the incident, which has become a persistent reference point for NSA’s most ardent critics. One such critic recently pointed to a FISC memorandum referencing the episode as evidence that “NSA lawyers routinely lie, even to the secret rubber stamp FISA court”; another cited it in claiming DOJ’s attorneys made “misleading claims about the intent and knowledge NSA had about the phone and Internet dragnets” and that “NSA had basically willfully treated FISA-collected data under the more lenient protection regime of EO 12333.”

These allegations are false. And by insisting that government officials routinely mislead and lie, these critics are missing one of the most important stories in the history of modern intelligence oversight.

Never mind that I actually hadn’t cited the footnote. Never mind that then FISA Judge Reggie Walton was the first to espouse my “false” view, even before seven more months of evidence came out providing further support for it.

The underlying point is that these two NSA people were so angry that I called out Matt Olsen for documented actions he had taken that they used it as a foil to make some pretty problematic claims about the oversight over NSA spying. But before they did so, they assured us of the integrity of the people involved (that is, Olsen and others).

It’s tempting to respond to these accusations by defending the integrity of the individuals involved. After all, we know from firsthand experience that our former colleagues—both within the NSA and across the Department of Justice, the Office of the Director of National Intelligence, and the Department of Defense—serve the public with a high degree of integrity. But we think it is important to move beyond the focus on who is good and who is bad, and instead explore the history behind that footnote and the many lessons learned and incorporated into practice. After all, we are ultimately a “government of laws,” not of people.

 

 

We are a government of laws, not people, they said in October, before laying out oversight that (they don’t tell you, but I will once I finally get back to responding to this post) has already proven to be inadequate. I mean, I agree with their intent — that we need(ed) to build a bureaucracy that could withstand the craziest of Executives. But contrary to what they claim in their piece and the presumably best intent of DeLong, they didn’t do that.

They now seem to realize that.

In the wake of the Trump victory, a number of these people are now admitting that maybe their reassurances about the bureaucracy they contributed to — which were in reality based on faith in the good intentions and honesty and competence of their colleagues — were overstated. Maybe these tools are too dangerous for an unhinged man to wield.

And, it turns out, one of the people largely responsible for expanding the dragnet that its former defenders now worry might be dangerous for Donald Trump to control never even imagined that someone like Trump might come along.

Lefties Learn to Love Leaks Again

Throughout the presidential campaign, observers have noted with irony that many on the right discovered a new-found love for WikiLeaks. Some of the same people who had earlier decried leaks, even called Chelsea Manning a traitor, were lapping up what Julian Assange was dealing on a daily basis.

There was a similar, though less marked, shift on the left. While many on the left had criticized — or at least cautioned about — WikiLeaks from the start, once Assange started targeting their presidential candidate, such leaks became an unprecedented, unparalleled assault on decency, which no one seemed to say when similar leaks targeted Bashar al-Assad.

Which is why I was so amused by the reception of this story yesterday.

After revealing that Donald Trump’s Secretary of State nominee “was the long-time director of a US-Russian oil firm based in the tax haven of the Bahamas, leaked documents show” in the first paragraph, the article admits, in the fourth paragraph that,

Though there is nothing untoward about this directorship, it has not been reported before and is likely to raise fresh questions over Tillerson’s relationship with Russia ahead of a potentially stormy confirmation hearing by the US senate foreign relations committee. Exxon said on Sunday that Tillerson was no longer a director after becoming the company’s CEO in 2006.

The people sharing it on Twitter didn’t seem to notice that (nor did the people RTing my ironic tweet about leaks seem to notice). Effectively, the headline “leaks reveal details I have sensationalized” served its purpose, with few people reading far enough to the caveats that admit this is fairly standard international business practice (indeed, it’s how Trump’s businesses work too). This is a more sober assessment of the import of the document detailing Tillerson’s ties with the Exxon subsidiary doing business in Russia.

This Guardian article worked just like all the articles about DNC and Podesta emails worked, even with — especially with — the people decrying the press for the way it irresponsibly sensationalized those leaks.

The response to this Tillerson document is all the more remarkable given the source of this leak. The Guardian reveals it came from an anonymous source for Süddeutsche Zeitung, which in turn shared the document with the Guardian and the International Consortium of Investigative Journalists.

The leaked 2001 document comes from the corporate registry in the Bahamas. It was one of 1.3m files given to the Germany newspaper Süddeutsche Zeitung by an anonymous source.

[snip]

The documents from the Bahamas corporate registry were shared by Süddeutsche Zeitung with the Guardian and the International Consortium of Investigative Journalists in Washington DC.

That is, this document implicating Vladimir Putin’s buddy Rex Tillerson came via the very same channel that the Panama Papers had, which Putin claimed, back in the time Russia was rifling around the DNC server, was a US intelligence community effort to discredit him and his kleptocratic cronies, largely because that was the initial focus of the US-NGO based consortium that managed the documents adopted, a focus replicated at outlets participating.

See this column for a worthwhile argument that Putin hacked the US as retaliation for the Panama Papers, which makes worthwhile points but would only work chronologically if Putin had advance notice of the Panama Papers (because John Podesta got hacked on March 19, before the first releases from the Panama Papers on April 3).

There really has been a remarkable lack of curiosity about where these files came from. That’s all the more striking in this case, given that the document (barely) implicating Tillerson comes from the Bahamas, where the US at least was collecting every single phone call made.

That’s all the more true given the almost non-existent focus on the Bahamas leaks before — from what I can tell just one story has been done on this stash, though the documents are available in the ICIJ database. Indeed, if the source for the leaks was the same, it would seem to point to an outside hacker rather than an inside leaker. That doesn’t mean the leak was done just to hurt Tillerson. The leak, which became public on September 21, precedes the election of Trump, much less the naming of Tillerson. But it deserves at least some notice.

For what it’s worth, I think it quite possible the US has been involved in such leaks — particularly given how few Americans get named in them. But I don’t think the Panama Papers, which implicated plenty of American friends and even the Saudis, actually did target Putin.

Still, people are going to start believing Putin’s claims that this effort is primarily targeted at him if documents conveniently appear from the leak as if on command.

I am highly interested in who handed off documents allegedly stolen by Russia’s GRU to Wikileaks. But I’m also interested in who the source enabling asymmetric corruption claims, as if on demand, is.

Obama’s Response to Russia’s Hack: An Emphasis on America’s More Generalized Vulnerability

President Obama’s comments Friday about the Russian hack of the DNC were a rare occasion where I liked one of his speeches far more than more partisan Democrats.

I think Democrats were disappointed because Obama declined to promise escalation. The press set Obama up, twice (first Josh Lederman and then Martha Raddatz), with questions inviting him to attack Putin directly. Similarly, a number of reporters asked questions that betrayed an expectation for a big showy response. Rather than providing that, Obama did several things:

  • Distinguish the integrity of the process of voting from our larger political discourse
  • Blame our political discourse (and the press) as much as Putin
  • Insist on a measured response to Putin

Distinguish the integrity of the process of voting from our larger political discourse

From the very start, Obama distinguished between politics and the integrity of our election system.

I think it is very important for us to distinguish between the politics of the election and the need for us, as a country, both from a national security perspective but also in terms of the integrity of our election system and our democracy, to make sure that we don’t create a political football here.

This gets to a point that most people are very sloppy about when they claim Putin “tampered” with the election. Throughout this election, the press has at times either deliberately or incompetently conflated the theft and release of emails (which the intelligence community unanimously agrees was done by Putin) with the hacking of voting-related servers (reportedly done by “Russians,” but not necessarily the Russian state, which is probably why the October 7 IC statement pointedly declined to attribute those hacks to Russia).

Obama, after having laid out how the IC provided the press and voters with a way to account for the importance of the Russian hack on the election, then returns to what he says was a successful effort to ensure Russia didn’t hack the actual vote counting.

What I was concerned about, in particular, was making sure that that wasn’t compounded by potential hacking that could hamper vote counting, affect the actual election process itself.

And so in early September, when I saw President Putin in China, I felt that the most effective way to ensure that that didn’t happen was to talk to him directly and tell him to cut it out, and there were going to be some serious consequences if he didn’t. And, in fact, we did not see further tampering of the election process.

This is consistent with the anonymous statement the White House released over Thanksgiving weekend, which the press seems unaware of. In it, the White House emphasized that it was aware of no malicious election-related tampering, while admitting they had no idea whether Russia had ever planned any in the first place.

Blame our political discourse (and the press) as much as Putin

By far the most important part of Obama’s comments, I think, were his comments about why he believed this to be the right approach.

Obama described the October 7 DHS/ODNI statement as an effort to inform all voters of the hack and leak (and high level involvement in it), without trying to tip the scale politically.

And at that time, we did not attribute motives or any interpretations of why they had done so. We didn’t discuss what the effects of it might be. We simply let people know — the public know, just as we had let members of Congress know — that this had happened.

And as a consequence, all of you wrote a lot of stories about both what had happened, and then you interpreted why that might have happened and what effect it was going to have on the election outcomes. We did not. And the reason we did not was because in this hyper-partisan atmosphere, at a time when my primary concern was making sure that the integrity of the election process was not in any way damaged, at a time when anything that was said by me or anybody in the White House would immediately be seen through a partisan lens, I wanted to make sure that everybody understood we were playing this thing straight — that we weren’t trying to advantage one side or another, but what we were trying to do was let people know that this had taken place, and so if you started seeing effects on the election, if you were trying to measure why this was happening and how you should consume the information that was being leaked, that you might want to take this into account.

And that’s exactly how we should have handled it.

Again, I get why Democrats are furious about this passage: they wanted and still want the IC to attack Trump for benefitting from the Russian hack. Or at the very least, they want to legitimize their plan to delegitimize Trump by using his Russian ties with Obama endorsement. From a partisan view, I get that. But I also very much agree with Obama’s larger point: if Russia’s simple hack decided the election, it’s as much a statement about how sick our democracy is, across the board, as it is a big win for Putin.

To lead into that point, Obama points out how many of the people in the room — how the press — obsessed about every single new leak, rather than focusing on the issues that mattered to the election.

[W]e allowed you and the American public to make an assessment as to how to weigh that going into the election.

And the truth is, is that there was nobody here who didn’t have some sense of what kind of effect it might have. I’m finding it a little curious that everybody is suddenly acting surprised that this looked like it was disadvantaging Hillary Clinton because you guys wrote about it every day. Every single leak. About every little juicy tidbit of political gossip — including John Podesta’s risotto recipe. This was an obsession that dominated the news coverage.

So I do think it’s worth us reflecting how it is that a presidential election of such importance, of such moment, with so many big issues at stake and such a contrast between the candidates, came to be dominated by a bunch of these leaks. What is it about our political system that made us vulnerable to these kinds of potential manipulations — which, as I’ve said publicly before, were not particularly sophisticated.

This was not some elaborate, complicated espionage scheme. They hacked into some Democratic Party emails that contained pretty routine stuff, some of it embarrassing or uncomfortable, because I suspect that if any of us got our emails hacked into, there might be some things that we wouldn’t want suddenly appearing on the front page of a newspaper or a telecast, even if there wasn’t anything particularly illegal or controversial about it. And then it just took off.

And that concerns me.

He returns to that more generally, with one of the most important lines of the presser. “Our vulnerability to Russia or any other foreign power is directly related to how divided, partisan, dysfunctional our political process is.”

The more [the review of the hack] can be nonpartisan, the better served the American people are going to be, which is why I made the point earlier — and I’m going to keep on repeating this point: Our vulnerability to Russia or any other foreign power is directly related to how divided, partisan, dysfunctional our political process is. That’s the thing that makes us vulnerable.

If fake news that’s being released by some foreign government is almost identical to reports that are being issued through partisan news venues, then it’s not surprising that that foreign propaganda will have a greater effect, because it doesn’t seem that far-fetched compared to some of the other stuff that folks are hearing from domestic propagandists.

To the extent that our political dialogue is such where everything is under suspicion, everybody is corrupt and everybody is doing things for partisan reasons, and all of our institutions are full of malevolent actors — if that’s the storyline that’s being put out there by whatever party is out of power, then when a foreign government introduces that same argument with facts that are made up, voters who have been listening to that stuff for years, who have been getting that stuff every day from talk radio or other venues, they’re going to believe it.

So if we want to really reduce foreign influence on our elections, then we better think about how to make sure that our political process, our political dialogue is stronger than it’s been.

Now, the Democrats who have celebrated hopey changey Obama have, over the years, recognized that his effort to be bipartisan squandered his opportunity, in 2009, to really set up a structure that would make us more resilient. It is, admittedly, infuriating that in his last presser Obama still endorses bipartisanship when the last 8 years (and events rolling out in North Carolina even as he was speaking) prove that the GOP will not play that game unless forced to.

So I get the anger here.

But, it is also true that our democracy was fragile well before Vladimir Putin decided he was going to fuck around. Even if Putin hadn’t hacked John Podesta, the way in which the email investigation rolled out accomplished the same objective. (Indeed, at one point I wondered whether Putin wasn’t jealous of Comey for having a much bigger effect on the election). Even if some Russians didn’t put out fake news, others were still going to do that, playing to the algorithmically enhanced biases of Trump voters. Even without Putin hacking voting machines, we can be certain that in places like Wisconsin and North Carolina the vote had already been hacked by Republicans suppressing Democratic vote.

The effect Putin was seeking was happening, happened, anyway, even without his involvement. That doesn’t excuse his involvement, but it does say that if we nuked Putin off the face of this earth tomorrow, our democracy would remain just as fragile as it was with Putin playing in it during this election.

So Obama is right about our vulnerability, though I think he really hasn’t offered a way to fix it. That’s what we all need to figure out going forward. But I can assure you: focusing exclusively on Russia, as if that is the problem and not the underlying fragility, is not going to fix it.

Insist on a measured response to Putin

Which leads us to his comments on a response. In spite of repeated efforts to get him to say “Vlad Putin is a big fat dick who personally elected Donald Trump,” Obama refused (though that didn’t stop some papers from adopting headings suggesting he had). Rather, Obama used the language used in the October 7 statement, saying the hacks were approved by the highest levels of the Russian government, which necessarily means Putin authorized them.

We have said, and I will confirm, that this happened at the highest levels of the Russian government. And I will let you make that determination as to whether there are high-level Russian officials who go off rogue and decide to tamper with the U.S. election process without Vladimir Putin knowing about it.

Q So I wouldn’t be wrong in saying the President thinks Vladimir Putin authorized the hack?

THE PRESIDENT: Martha, I’ve given you what I’m going to give you.

Similarly, Obama refused to respond to journalists’ invitation to announce some big retaliation.

I know that there have been folks out there who suggest somehow that if we went out there and made big announcements, and thumped our chests about a bunch of stuff, that somehow that would potentially spook the Russians. But keep in mind that we already have enormous numbers of sanctions against the Russians. The relationship between us and Russia has deteriorated, sadly, significantly over the last several years. And so how we approach an appropriate response that increases costs for them for behavior like this in the future, but does not create problems for us, is something that’s worth taking the time to think through and figure out.

I’m going to return to this to discuss a detail no one seems to get about Obama’s choices right now. But for the moment, note his emphasis on a response that increases costs for such hacks that do “not create problems for us.”

Unsurprisingly (and, given America’s own aggressive cyberattacks, possibly unrealistically), Obama says he is most seeking norm-setting.

What we’ve also tried to do is to start creating some international norms about this to prevent some sort of cyber arms race, because we obviously have offensive capabilities as well as defensive capabilities. And my approach is not a situation in which everybody is worse off because folks are constantly attacking each other back and forth, but putting some guardrails around the behavior of nation-states, including our adversaries, just so that they understand that whatever they do to us we can potentially do to them.

Obama’s approach is “not a situation in which everybody is worse off because folks are constantly attacking each other back and forth.” Does that suggest the US has already been hacking Russia? Why do we never consider whether Putin was retaliating against us? Who started this cyberwar, anyway?

Funny how Americans assume the answer must be Putin.

In any case, we do need norms about this stuff, but that likely would require some honestly about what, if anything, is different about cyber election tampering than all the election tampering Russia and the US have engaged in for decades — which is a point Chilean Ariel Dorfman makes after pointing out the irony of CIA “crying foul because its tactics have been imitated by a powerful international rival.”

Even assuming we’ll never learn the full extent of America’s own recent tampering, that’s likely to be something that Obama is thinking about as journalists and Democrats wail that he isn’t taking a more aggressive stance.

Russian Hack-Related Excerpts from President Obama’s Press Conference

Just to have all this in one place, I’ve pulled all the comments from President Obama’s December 16 press conference.


Josh Lederman, of AP.

Q Thank you, Mr. President. There’s a perception that you’re letting President Putin get away with interfering in the U.S. election, and that a response that nobody knows about or a lookback review just won’t cut it. Are you prepared to call out President Putin by name for ordering this hacking? And do you agree with what Hillary Clinton now says, that the hacking was actually partly responsible for her loss? And is your administration’s open quarreling with Trump and his team on this issue tarnishing the smooth transition of power that you have promised?

THE PRESIDENT: Well, first of all, with respect to the transition, I think they would be the first to acknowledge that we have done everything we can to make sure that they are successful as I promised. And that will continue. And it’s just been a few days since I last talked to the President-elect about a whole range of transition issues. That cooperation is going to continue.

There hasn’t been a lot of squabbling. What we’ve simply said is the facts, which are that, based on uniform intelligence assessments, the Russians were responsible for hacking the DNC, and that, as a consequence, it is important for us to review all elements of that and make sure that we are preventing that kind of interference through cyberattacks in the future.

That should be a bipartisan issue; that shouldn’t be a partisan issue. And my hope is that the President-elect is going to similarly be concerned with making sure that we don’t have potential foreign influence in our election process. I don’t think any American wants that. And that shouldn’t be a source of an argument.

I think that part of the challenge is that it gets caught up in the carryover from election season. And I think it is very important for us to distinguish between the politics of the election and the need for us, as a country, both from a national security perspective but also in terms of the integrity of our election system and our democracy, to make sure that we don’t create a political football here.

Now, with respect to how this thing unfolded last year, let’s just go through the facts pretty quickly. At the beginning of the summer, we’re alerted to the possibility that the DNC has been hacked, and I immediately order law enforcement as well as our intelligence teams to find out everything about it, investigate it thoroughly, to brief the potential victims of this hacking, to brief on a bipartisan basis the leaders of both the House and the Senate and the relevant intelligence committees. And once we had clarity and certainty around what, in fact, had happened, we publicly announced that, in fact, Russia had hacked into the DNC.

And at that time, we did not attribute motives or any interpretations of why they had done so. We didn’t discuss what the effects of it might be. We simply let people know — the public know, just as we had let members of Congress know — that this had happened.

And as a consequence, all of you wrote a lot of stories about both what had happened, and then you interpreted why that might have happened and what effect it was going to have on the election outcomes. We did not. And the reason we did not was because in this hyper-partisan atmosphere, at a time when my primary concern was making sure that the integrity of the election process was not in any way damaged, at a time when anything that was said by me or anybody in the White House would immediately be seen through a partisan lens, I wanted to make sure that everybody understood we were playing this thing straight — that we weren’t trying to advantage one side or another, but what we were trying to do was let people know that this had taken place, and so if you started seeing effects on the election, if you were trying to measure why this was happening and how you should consume the information that was being leaked, that you might want to take this into account.

And that’s exactly how we should have handled it. Imagine if we had done the opposite. It would have become immediately just one more political scrum. And part of the goal here was to make sure that we did not do the work of the leakers for them by raising more and more questions about the integrity of the election right before the election was taking place — at a time, by the way, when the President-elect himself was raising questions about the integrity of the election.

And, finally, I think it’s worth pointing out that the information was already out. It was in the hands of WikiLeaks, so that was going to come out no matter what. What I was concerned about, in particular, was making sure that that wasn’t compounded by potential hacking that could hamper vote counting, affect the actual election process itself.

And so in early September, when I saw President Putin in China, I felt that the most effective way to ensure that that didn’t happen was to talk to him directly and tell him to cut it out, and there were going to be some serious consequences if he didn’t. And, in fact, we did not see further tampering of the election process. But the leaks through WikiLeaks had already occurred.

So when I look back in terms of how we handled it, I think we handled it the way it should have been handled. We allowed law enforcement and the intelligence community to do its job without political influence. We briefed all relevant parties involved in terms of what was taking place. When we had a consensus around what had happened, we announced it — not through the White House, not through me, but rather through the intelligence communities that had actually carried out these investigations. And then we allowed you and the American public to make an assessment as to how to weigh that going into the election.

And the truth is, is that there was nobody here who didn’t have some sense of what kind of effect it might have. I’m finding it a little curious that everybody is suddenly acting surprised that this looked like it was disadvantaging Hillary Clinton because you guys wrote about it every day. Every single leak. About every little juicy tidbit of political gossip — including John Podesta’s risotto recipe. This was an obsession that dominated the news coverage.

So I do think it’s worth us reflecting how it is that a presidential election of such importance, of such moment, with so many big issues at stake and such a contrast between the candidates, came to be dominated by a bunch of these leaks. What is it about our political system that made us vulnerable to these kinds of potential manipulations — which, as I’ve said publicly before, were not particularly sophisticated.

This was not some elaborate, complicated espionage scheme. They hacked into some Democratic Party emails that contained pretty routine stuff, some of it embarrassing or uncomfortable, because I suspect that if any of us got our emails hacked into, there might be some things that we wouldn’t want suddenly appearing on the front page of a newspaper or a telecast, even if there wasn’t anything particularly illegal or controversial about it. And then it just took off.

And that concerns me. And it should concern all of us. But the truth of the matter is, is that everybody had the information. It was out there. And we handled it the way we should have.

Now, moving forward, I think there are a couple of issues that this raises. Number one is just the constant challenge that we are going to have with cybersecurity throughout our economy and throughout our society. We are a digitalized culture, and there is hacking going on every single day. There’s not a company, there’s not a major organization, there’s not a financial institution, there’s not a branch of our government where somebody is not going to be phishing for something or trying to penetrate, or put in a virus or malware. And this is why for the last eight years, I’ve been obsessed with how do we continually upgrade our cybersecurity systems.

And this particular concern around Russian hacking is part of a broader set of concerns about how do we deal with cyber issues being used in ways that can affect our infrastructure, affect the stability of our financial systems, and affect the integrity of our institutions, like our election process.

I just received a couple weeks back — it wasn’t widely reported on — a report from our cybersecurity commission that outlines a whole range of strategies to do a better job on this. But it’s difficult, because it’s not all housed — the target of cyberattacks is not one entity but it’s widely dispersed, and a lot of it is private, like the DNC. It’s not a branch of government. We can’t tell people what to do. What we can do is inform them, get best practices.

What we can also do is to, on a bilateral basis, warn other countries against these kinds of attacks. And we’ve done that in the past. So just as I told Russia to stop it, and indicated there will be consequences when they do it, the Chinese have, in the past, engaged in cyberattacks directed at our companies to steal trade secrets and proprietary technology. And I had to have the same conversation with Prime Minister — or with President Xi, and what we’ve seen is some evidence that they have reduced — but not completely eliminated — these activities, partly because they can use cutouts.

One of the problems with the Internet and cyber issues is that there’s not always a return address, and by the time you catch up to it, attributing what happened to a particular government can be difficult, not always provable in court even though our intelligence communities can make an assessment.

What we’ve also tried to do is to start creating some international norms about this to prevent some sort of cyber arms race, because we obviously have offensive capabilities as well as defensive capabilities. And my approach is not a situation in which everybody is worse off because folks are constantly attacking each other back and forth, but putting some guardrails around the behavior of nation-states, including our adversaries, just so that they understand that whatever they do to us we can potentially do to them.

We do have some special challenges, because oftentimes our economy is more digitalized, it is more vulnerable, partly because we’re a wealthier nation and we’re more wired than some of these other countries. And we have a more open society, and engage in less control and censorship over what happens over the Internet, which is also part of what makes us special.

Last point — and the reason I’m going on here is because I know that you guys have a lot of questions about this, and I haven’t addressed all of you directly about it. With respect to response, my principal goal leading up to the election was making sure that the election itself went off without a hitch, that it was not tarnished, and that it did not feed any sense in the public that somehow tampering had taken place with the actual process of voting. And we accomplished that.

That does not mean that we are not going to respond. It simply meant that we had a set of priorities leading up to the election that were of the utmost importance. Our goal continues to be to send a clear message to Russia or others not to do this to us, because we can do stuff to you.

But it is also important for us to do that in a thoughtful, methodical way. Some of it we do publicly. Some of it we will do in a way that they know, but not everybody will. And I know that there have been folks out there who suggest somehow that if we went out there and made big announcements, and thumped our chests about a bunch of stuff, that somehow that would potentially spook the Russians. But keep in mind that we already have enormous numbers of sanctions against the Russians. The relationship between us and Russia has deteriorated, sadly, significantly over the last several years. And so how we approach an appropriate response that increases costs for them for behavior like this in the future, but does not create problems for us, is something that’s worth taking the time to think through and figure out. And that’s exactly what we’ve done.

So at a point in time where we’ve taken certain actions that we can divulge publically, we will do so. There are times where the message will go — will be directly received by the Russians and not publicized. And I should point out, by the way, part of why the Russians have been effective on this is because they don’t go around announcing what they’re doing. It’s not like Putin is going around the world publically saying, look what we did, wasn’t that clever? He denies it. So the idea that somehow public shaming is going to be effective I think doesn’t read the thought process in Russia very well.

Okay?


Q Did Clinton lose because of the hacking?

THE PRESIDENT: I’m going to let all the political pundits in this town have a long discussion about what happened in the election. It was a fascinating election, so I’m sure there are going to be a lot of books written about it.


Peter Alexander.

Q Mr. President, thank you very much. Can you, given all the intelligence that we have now heard, assure the public that this was, once and for all, a free and fair election? And specifically on Russia, do you feel any obligation now, as they’ve been insisting that this isn’t the case, to show the proof, as it were — they say put your money where your mouth is and declassify some of the intelligence, some of the evidence that exists? And more broadly, as it relates to Donald Trump on this very topic, are you concerned about his relationship with Vladimir Putin, especially given some of the recent Cabinet picks, including his selection for Secretary of State, Rex Tillerson, who toasted Putin with champagne over oil deals together? Thank you.

THE PRESIDENT: I may be getting older, because these multipart questions, I start losing track. (Laughter.)

I can assure the public that there was not the kind of tampering with the voting process that was of concern and will continue to be of concern going forward; that the votes that were cast were counted, they were counted appropriately. We have not seen evidence of machines being tampered with. So that assurance I can provide.

That doesn’t mean that we find every single potential probe of every single voting machine all across the country, but we paid a lot of attention to it. We worked with state officials, et cetera, and we feel confident that that didn’t occur and that the votes were cast and they were counted.

So that’s on that point. What was the second one?

Q The second one was about declassification.

THE PRESIDENT: Declassification. Look, we will provide evidence that we can safely provide that does not compromise sources and methods. But I’ll be honest with you, when you’re talking about cybersecurity, a lot of it is classified. And we’re not going to provide it because the way we catch folks is by knowing certain things about them that they may not want us to know, and if we’re going to monitor this stuff effectively going forward, we don’t want them to know that we know.

So this is one of those situations where unless the American people genuinely think that the professionals in the CIA, the FBI, our entire intelligence infrastructure — many of whom, by the way, served in previous administrations and who are Republicans — are less trustworthy than the Russians, then people should pay attention to what our intelligence agencies have to say.

This is part of what I meant when I said that we’ve got to think about what’s happening to our political culture here. The Russians can’t change us or significantly weaken us. They are a smaller country. They are a weaker country. Their economy doesn’t produce anything that anybody wants to buy, except oil and gas and arms. They don’t innovate.

But they can impact us if we lose track of who we are. They can impact us if we abandon our values. Mr. Putin can weaken us, just like he’s trying to weaken Europe, if we start buying into notions that it’s okay to intimidate the press, or lock up dissidents, or discriminate against people because of their faith or what they look like.

And what I worry about more than anything is the degree to which, because of the fierceness of the partisan battle, you start to see certain folks in the Republican Party and Republican voters suddenly finding a government and individuals who stand contrary to everything that we stand for as being okay because that’s how much we dislike Democrats.

I mean, think about it. Some of the people who historically have been very critical of me for engaging with the Russians and having conversations with them also endorsed the President-elect, even as he was saying that we should stop sanctioning Russia and being tough on them, and work together with them against our common enemies. He was very complimentary of Mr. Putin personally.

That wasn’t news. The President-elect during the campaign said so. And some folks who had made a career out of being anti-Russian didn’t say anything about it. And then after the election, suddenly they’re asking, well, why didn’t you tell us that maybe the Russians were trying to help our candidate? Well, come on. There was a survey, some of you saw, where — now, this is just one poll, but a pretty credible source — 37 percent of Republican voters approve of Putin. Over a third of Republican voters approve of Vladimir Putin, the former head of the KGB. Ronald Reagan would roll over in his grave.

And how did that happen? It happened in part because, for too long, everything that happens in this town, everything that’s said is seen through the lens of “does this help or hurt us relative to Democrats, or relative to President Obama?” And unless that changes, we’re going to continue to be vulnerable to foreign influence, because we’ve lost track of what it is that we’re about and what we stand for.


Martha Raddatz.

Q Mr. President, I want to talk about Vladimir Putin again. Just to be clear, do you believe Vladimir Putin himself authorized the hack? And do you believe he authorized that to help Donald Trump? And on the intelligence, one of the things Donald Trump cites is Saddam Hussein and the weapons of mass destruction, and that they were never found. Can you say, unequivocally, that this was not China, that this was not a 400-pound guy sitting on his bed, as Donald Trump says? And do these types of tweets and kinds of statements from Donald Trump embolden the Russians?

THE PRESIDENT: When the report comes out, before I leave office, that will have drawn together all the threads. And so I don’t want to step on their work ahead of time.

What I can tell you is that the intelligence that I have seen gives me great confidence in their assessment that the Russians carried out this hack.

Q Which hack?

THE PRESIDENT: The hack of the DNC and the hack of John Podesta.

Now, the — but again, I think this is exactly why I want the report out, so that everybody can review it. And this has been briefed, and the evidence in closed session has been provided on a bipartisan basis — not just to me, it’s been provided to the leaders of the House and the Senate, and the chairman and ranking members of the relevant committees. And I think that what you’ve already seen is, at least some of the folks who have seen the evidence don’t dispute, I think, the basic assessment that the Russians carried this out.

Q But specifically, can you not say that —

THE PRESIDENT: Well, Martha, I think what I want to make sure of is that I give the intelligence community the chance to gather all the information. But I’d make a larger point, which is, not much happens in Russia without Vladimir Putin. This is a pretty hierarchical operation. Last I checked, there’s not a lot of debate and democratic deliberation, particularly when it comes to policies directed at the United States.

We have said, and I will confirm, that this happened at the highest levels of the Russian government. And I will let you make that determination as to whether there are high-level Russian officials who go off rogue and decide to tamper with the U.S. election process without Vladimir Putin knowing about it.

Q So I wouldn’t be wrong in saying the President thinks Vladimir Putin authorized the hack?

THE PRESIDENT: Martha, I’ve given you what I’m going to give you.

What was your second question?

Q Do the tweets and do the statements by Donald Trump embolden Russia?

THE PRESIDENT: As I said before, I think that the President-elect is still in transition mode from campaign to governance. I think he hasn’t gotten his whole team together yet. He still has campaign spokespersons sort of filling in and appearing on cable shows. And there’s just a whole different attitude and vibe when you’re not in power as when you’re in power.

So rather than me sort of characterize the appropriateness or inappropriateness of what he’s doing at the moment, I think what we have to see is how will the President-elect operate, and how will his team operate, when they’ve been fully briefed on all these issues, they have their hands on all the levers of government, and they’ve got to start making decisions.

One way I do believe that the President-elect can approach this that would be unifying is to say that we welcome a bipartisan, independent process that gives the American people an assurance not only that votes are counted properly, that the elections are fair and free, but that we have learned lessons about how Internet propaganda from foreign countries can be released into the political bloodstream and that we’ve got strategies to deal with it for the future.

The more this can be nonpartisan, the better served the American people are going to be, which is why I made the point earlier — and I’m going to keep on repeating this point: Our vulnerability to Russia or any other foreign power is directly related to how divided, partisan, dysfunctional our political process is. That’s the thing that makes us vulnerable.

If fake news that’s being released by some foreign government is almost identical to reports that are being issued through partisan news venues, then it’s not surprising that that foreign propaganda will have a greater effect, because it doesn’t seem that far-fetched compared to some of the other stuff that folks are hearing from domestic propagandists.

To the extent that our political dialogue is such where everything is under suspicion, everybody is corrupt and everybody is doing things for partisan reasons, and all of our institutions are full of malevolent actors — if that’s the storyline that’s being put out there by whatever party is out of power, then when a foreign government introduces that same argument with facts that are made up, voters who have been listening to that stuff for years, who have been getting that stuff every day from talk radio or other venues, they’re going to believe it.

So if we want to really reduce foreign influence on our elections, then we better think about how to make sure that our political process, our political dialogue is stronger than it’s been.


Isaac Dovere of Politico.

[snip]

Q    Well, what do you say to the electors who are going to meet on Monday and are thinking of changing their votes?  Do you think that they should be given an intelligence briefing about the Russian activity?  Or should they bear in mind everything you’ve said and is out already?  Should they — should votes be bound by the state votes as they’ve gone?  And long term, do you think that there is a need for Electoral College reform that would tie it to the popular vote?

[snip]

So with respect to the electors, I’m not going to wade into that issue because, again, it’s the American people’s job, and now the electors’ job to decide my successor. It is not my job to decide my successor. And I have provided people with a lot of information about what happened during the course of the election. But more importantly, the candidates themselves, I think, talked about their beliefs and their vision for America. The President-elect, I think, has been very explicit about what he cares about and what he believes in. So it’s not in my hands now; it’s up to them.

Just Before Obama Weighs in on the Russian Hack, John Brennan Tells Everyone What He Says Others Said

At 2:20, WaPo published a story basically saying, “Anonymous source says CIA Director Wrote a Letter Claiming FBI Director and Director of National Intelligence Agree with Him,” but you wouldn’t know that from the headline.

At 2:40, President Obama entered the White House briefing room to give his last press conference of the year, which was scheduled to start at 2:15. Everyone anticipated, correctly, the presser would be dominated by questions about Russia’s role in the election.

So:

2:15: scheduled start for the President to comment on Russia’s hacking and what the intelligence says.

2:20: WaPo tells you what an anonymous leaker says CIA’s Director says FBI’s Director and Director of National Intelligence say, which differs somewhat from what Obama says.

2:40: Obama walks to the podium as, presumably, everyone waiting is reading WaPo’s scoop.

Who says only Vladimir Putin is good at information ops?

Mind you, once you get into the body of the article, there’s a significant difference between what WaPo says CIA says today and what its anonymous sources said CIA said a week ago, the last time it stomped on Obama’s efforts to introduce some deliberation into the claims about Russia’s hacks. Last week, WaPo said the CIA view was this:

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

[snip]

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill last week, in which agency officials cited a growing body of intelligence from multiple sources. Agency briefers told the senators it was now “quite clear” that electing Trump was Russia’s goal, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters. [my emphasis]

Goal, singular.

Here’s what the lead says in today’s article.

FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the presidency, according to U.S. officials.

With this further elaboration below.

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill about two weeks ago in which agency officials cited a growing body of intelligence from multiple sources. Specifically, CIA briefers told the senators it was now “quite clear” that electing Trump was one of Russia’s goals, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters.

CIA and FBI officials do not think Russia had a “single purpose” by intervening during the presidential campaign. In addition to helping Trump, intelligence officials have told lawmakers that Moscow’s other goal included undermining confidence in the U.S. electoral system. [my emphasis]

WaPo still makes no mention of the most obvious goal, that Russia hacked Hillary to retaliate for real and perceived slights covertly carried out by Hillary and CIA, something that Hillary claimed just before the WaPo story and the Obama presser.

In any case, if you look at CNN’s far more sober version of this, it appears that there is still some difference in emphasis about whether Russia was trying to elect Trump (and Brennan’s statement appears not to lay out what the consensus view is).

The nuance lay in a stronger view by the CIA that the hacking was intended to help elect Trump, and the CIA leans more strongly in that view than the FBI does.

Ah well, in the waning days of a great empire, who cares about deference to the outgoing President?

Update: This exchange between Obama and Martha Raddatz most directly addresses what Obama wants to say about the hack (elsewhere he says there was no evidence Russia hacked any polls).

Q Mr. President, I want to talk about Vladimir Putin again. Just to be clear, do you believe Vladimir Putin himself authorized the hack? And do you believe he authorized that to help Donald Trump? And on the intelligence, one of the things Donald Trump cites is Saddam Hussein and the weapons of mass destruction, and that they were never found. Can you say, unequivocally, that this was not China, that this was not a 400-pound guy sitting on his bed, as Donald Trump says? And do these types of tweets and kinds of statements from Donald Trump embolden the Russians?

THE PRESIDENT: When the report comes out, before I leave office, that will have drawn together all the threads. And so I don’t want to step on their work ahead of time.

What I can tell you is that the intelligence that I have seen gives me great confidence in their assessment that the Russians carried out this hack.

Q Which hack?

THE PRESIDENT: The hack of the DNC and the hack of John Podesta.

Now, the — but again, I think this is exactly why I want the report out, so that everybody can review it. And this has been briefed, and the evidence in closed session has been provided on a bipartisan basis — not just to me, it’s been provided to the leaders of the House and the Senate, and the chairman and ranking members of the relevant committees. And I think that what you’ve already seen is, at least some of the folks who have seen the evidence don’t dispute, I think, the basic assessment that the Russians carried this out.

Q But specifically, can you not say that —

THE PRESIDENT: Well, Martha, I think what I want to make sure of is that I give the intelligence community the chance to gather all the information. But I’d make a larger point, which is, not much happens in Russia without Vladimir Putin. This is a pretty hierarchical operation. Last I checked, there’s not a lot of debate and democratic deliberation, particularly when it comes to policies directed at the United States.

We have said, and I will confirm, that this happened at the highest levels of the Russian government. And I will let you make that determination as to whether there are high-level Russian officials who go off rogue and decide to tamper with the U.S. election process without Vladimir Putin knowing about it.

Q So I wouldn’t be wrong in saying the President thinks Vladimir Putin authorized the hack?

THE PRESIDENT: Martha, I’ve given you what I’m going to give you.

The DNC’s Evolving Story about When They Knew They Were Targeted by Russia

This week’s front page story about the Democrats getting hacked by Russia starts with a Keystone Kops anecdote explaining why the DNC didn’t respond more aggressively when FBI first warned them about being targeted in September. The explanation, per the contractor presumably covering his rear-end months later, was that the FBI Special Agent didn’t adequately identify himself.

When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

This has led to (partially justified) complaints from John Podesta about why the FBI didn’t make the effort of driving over to the DNC to warn the higher-ups (who, the article admitted, had decided not to spend much money on cybersecurity).

This NYT version of the FBI Agent story comes from a memo that DNC’s contractor, Yared Tamene, wrote at some point after the fact. The NYT describes the memo repeatedly, though it never describes the recipients of the memo nor reveals precisely when it was written (it is clear it had to have been written after April 2016).

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

[snip]

“The F.B.I. thinks the D.N.C. has at least one compromised computer on its network and the F.B.I. wanted to know if the D.N.C. is aware, and if so, what the D.N.C. is doing about it,” Mr. Tamene wrote in an internal memo about his contacts with the F.B.I. He added that “the Special Agent told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.”

[snip]

In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”

[DNC technology director Andrew] Brown knew that Mr. Tamene, who declined to comment, was fielding calls from the F.B.I. But he was tied up on a different problem: evidence suggesting that the campaign of Senator Bernie Sanders of Vermont, Mrs. Clinton’s main Democratic opponent, had improperly gained access to her campaign data.

[snip]

One bit of progress had finally been made by the middle of April: The D.N.C., seven months after it had first been warned, finally installed a “robust set of monitoring tools,” Mr. Tamene’s internal memo says. [my emphasis]

The NYT includes a screen cap of part of that memo (which reveals that the DNC had already been exposed to ransomware attacks by September 2015), but not the other metadata or a link to the full memo.

One reason I raise all this is because the evidence laid out in the story contradicts, in several ways, this August report, relying on three anonymous sources (at least some of whom are probably members of Congress, but then so was the DNC Chair at the time).

The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

[snip]

In its initial contact with the DNC last fall, the FBI instructed DNC personnel to look for signs of unusual activity on the group’s computer network, one person familiar with the matter said. DNC staff examined their logs and files without finding anything suspicious, that person said.

When DNC staffers requested further information from the FBI to help them track the incursion, they said the agency declined to provide it. In the months that followed, FBI officials spoke with DNC staffers on several other occasions but did not mention the suspicion of Russian involvement in an attack, sources said.

The DNC’s information technology team did not realize the seriousness of the incursion until late March, the sources said. It was unclear what prompted the IT team’s realization.

In August, anonymous sources told Reuters that FBI never told DNC they were being attacked by Russians until … well, Reuters doesn’t actually tell us when the FBI told DNC the Russians were behind the attack, just that Democrats started taking it seriously in March.

But in the pre-Trump Russian hack bonanza, the NYT has now revealed that an internal memo says that the DNC had been informed in November, not March.

And even that part of the explanation doesn’t make sense. As a number of people have noted, Brown is basically saying he didn’t respond to a warning — given in November — that a DNC server was calling home to Russia because he was dealing with a NGP-VAN breach that happened on December 18. He would have had over two weeks to respond to Russia hacking the DNC before the NGP-VAN issue, and that would have been significantly handled by NGP.

Moreover, even the September narrative invites some skepticism. Tamene admits the FBI Special Agent, “told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.” And he describes “His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion.” Had Tamene Googled for “dukes malware” any time after September 17, 2015, this is what he would have found.

Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making. [my emphasis]

So had this initial report taken place after September 17, Tamene would have learned, thanks to the second sentence of a top Google return, that he was facing a “highly dedicated, and organized cyber-espionage group that has been working for the Russian government. ” Had he done the Google search he said he did, that is, he would almost certainly have learned he was facing down Russian hackers.

Had he clicked through to the report — which is where he would have gone to find the malware signatures to look for — he would have seen a big pink graphic tying the Dukes to Russia.

It’s certainly possible the alert came before the white paper was released (though if it came after, it explains why the FBI would have thought simply mentioning the Dukes would be sufficient). But that would suggest Tamene remembered the call and his Google search for the Dukes in detail sometime in April but not in September when this report got a fair amount of attention.

None of this is to excuse the FBI (I’ve already started a post on that part of this). But it’s clear that Democrats have been — at a minimum — inconsistent in their story to the press about why they didn’t respond to warnings sooner. And given the multiple problems with their explanation about what happened last fall, it’s likely they did get some warning, but just didn’t heed it.

Update: When I wrote this this morning, I had read this tweet stream and this story but not the underlying Shadow Brokers related post, by someone writing under the pseudonym Boceffus Cleetus it relates to, which is basically a Medium post introducing the latest sale of Shadow Broker tools. It wasn’t until I read this post — and then the second Boceffus Cleetus post that I realized Boceffus Cleetus posted (his) original post — along with a reference to the name magnified back when this hack started — the day after the NYT wrote a story of the hack from DNC’s perspective.

As the tweet stream lays out, Boceffus Cleetus is a play on ventriloquism, (duh, speaking for others) and the Dukes of Hazard. Both analyses of this argue that the reference to “Dukes of Hazard” is, in turn, a reference to the name given to the FSB hacking efforts (the other I’ve used is “Cozy Bear”) in the report I linked above — that is, to the name F-Secure had given the FSB hackers, most notably in the report I linked above. I didn’t make too much of it until I read this second Boceffus Cleetus post, which in seemingly one sentence lays out Bill Binney’s theory of the DNC hack (that is, that NSA handed it on) with a country drawl and a lot of conspiracy theory added.

After my shadow brokers tweet I was contacted by an anonymous source claiming to be FBI. Yep I know prove it? I wasn’t able to get’em to verify their identity. But y’all don’t be runnin away yet, suspend yer disbelief and check out their claims. What if the Russian’s ain’t hacking nothin? What if the shadow brokers ain’t Russian? Whatcha got as the next best theory? What if its a deep state civil war tween CIA and ole NSA? A deep state civil war to see who really runs things. NSA is Department of Defense, military. The majority of the military are high school grads, coming from rural “Red States”, conservatives. The NSA has the global surveillance capabilities to intercept all the DNC and Podesta emails. CIA is college grads only and has the traditions of the urban yankee northeastern and east coast ivy leaguers, “Blue State”, liberals.

It’s all mostly gratuitous — an attempt to feed (as explicitly named “fake news”) some of the alternate explanations out there right now.

But I find the portrayal of an NSA-CIA feud notable, in part, because the mostly likely reason FBI (which is where Boceffus Cleetus’ fictional source came from) didn’t tell the DNC who was hacking them back in September 2015 is because the actual tip — that Russia was hacking the DNC — came from the NSA. But FBI had to hide that. So instead, they used the name for FSB that was current at the time.

I’ll add, too, that this plays on Craig Murray’s claim that a national security person leaked him the Podesta documents.

So what’s the point? Dunno. I defer to theGrugq’s third post, in which he argues this post is signaling to show NSA the Russian hackers must have access to NSA’s classified networks, because they’ve accessed a map of everything.

This dump has a bit of everything. In fact, it has too much of everything. The first drop was a firewall ops kit. It had everything that was supposed to be used against firewalls. This dump, on the other hand, has too much diversity and each tool is comprehensive.

The depth and breadth of the tooling they reveal can only possibly be explained by:

  1. an improbable sequence of hack backs which got, in sequence, massive depth of codenamed implants, exploits, manuals,
  2. access to high side data

[snip]

It is obvious that this data would never leave NSA classified networks except by some serious operator error (as I believe was the case with the first ShadowBrokers leak.) For this dump though, it is simply not plausible. There is no way that such diverse and comprehensive ops tooling was accidentally exposed. It beggars belief to think that any operator could be so careless that they’d expose this much tooling, on multiple diverse operations.

There are, based on my count, twenty one (21) scripts/manuals for operations contained in this dump. They cover too many operations for a mistake, and they are too comprehensive for a mistake.

Remember, Obama has been stating assuredly that the US has far more defensive and offensive capability than Russia. The latter might well be true. But the latter is nuts, if for no other reason than we have so much more to secure. The former might be true. But not if hackers can log into NSA’s fridge and steal their beer.

I’m not entirely sure what to make of this. But against the background of increasing dick-wagging, it’ll be interesting to see how it plays out.

Democrats Can Do Better than “Wonk Harder” on ObamaCare Going Forward

Sarah Kliff has finally done what left wonk journalists should have done years ago: go interview people from Kentucky about their understanding of and feelings about ObamaCare. KY is, with WV, the state in which ACA achieved its best results, with the number of uninsured going from 25% to 10% of the state. And yet Democrats in KY have been utterly hammered since ACA passed.

Kliff spent a lot of time actually listening to voters to understand why they voted overwhelmingly for a guy who promises to scrap ACA in its existing form (though he always promised to replace it with something better).

Definitely go read the whole thing, because the degree to which Kliff let these voters speak for themselves (and the degree to which they appear like real and often thoughtful people) is admirable.

Here’s how she summarizes what she heard.

Many expressed frustration that Obamacare plans cost way too much, that premiums and deductibles had spiraled out of control. And part of their anger was wrapped up in the idea that other people were getting even better, even cheaper benefits — and those other people did not deserve the help

There was a persistent belief that Trump would fix these problems and make Obamacare work better. I kept hearing informed voters, who had watched the election closely, say they did hear the promise of repeal but simply felt Trump couldn’t repeal a law that had done so much good for them. In fact, some of the people I talked to hope that one of the more divisive pieces of the law — Medicaid expansion — might become even more robust, offering more of the working poor a chance at the same coverage the very poor receive.

Significantly, Kliff dispels one explanation always given for why Kentuckians hate ObamaCare so much: purportedly because the state had hidden that the state’s program was actually ObamaCare. All but one of the people she talked with knew they were getting ObamaCare.

All but one knew full well that the coverage was part of Obamacare. They voted for Trump because they were concerned about other issues — and just couldn’t fathom the idea that this new coverage would be taken away from them.

Which leaves the two major complaints with the law: expense and the divisiveness associated with two-tiered benefit programs.

We’ve known since before the bill passed that it was too expensive, such that middle class families would still go into debt even with fairly normal life medical care, including normal childbirth. At the time, the wonk boys were talking among themselves about how they needed to push back against such claims.

But Kliff puts a face to the consequences of that expense, where people use precious disposable income for insurance they know they won’t use.

The deductible left Atkins exasperated. “I am totally afraid to be sick,” she says. “I don’t have [that money] to pay upfront if I go to the hospital tomorrow.”

Atkins’s plan offers free preventive care, an Obamacare mandate. But she skips mammograms and colonoscopies because she doesn’t think she’d have the money to pay for any follow-up care if the doctors did detect something.

Atkins says she only buys insurance as financial protection — “to keep from losing my house if something major happened,” she says. “But I’m not using it to go to the doctor. I’ve not used anything.”

She also focuses on something that got discussed during passage, but not in as much detail: the degree to which the two-tiered method of expansion, with some getting Medicaid and some getting subsidized shitty insurance, would poison the perception of the law, because the working poor would get fewer benefits than people who were or believed to be not working.

“I really think Medicaid is good, but I’m really having a problem with the people that don’t want to work,” she said. “Us middle-class people are really, really upset about having to work constantly, and then these people are not responsible.”

This has long been the basis for (often GOP-stoked) opposition to government support in the US, the resentment that others are getting more, a resentment that often gets racialized via stereotypes about welfare queens.

Importantly, Kliff also dismisses those who complain these rube voters should have known the stakes of voting in Donald Trump, because she didn’t know either.

I spent election night frantically reporting and calling sources, trying to understand what parts of Obamacare Republicans could and couldn’t dismantle. I didn’t know at the time, nor had I devoted the necessary time to learn, until election night.

Mills was wrong about what Republicans would do to Obamacare. But then again, I write about it for a living. And I was wrong too.

In any case, it was a sobering, humanizing report. I hope Kliff follows up on as Governor Matt Bevin makes KY’s ACA worse this year.

Democrats need to learn this lesson because, even if they can’t impose a penalty on Bevin and other KY Republicans for taking away benefits that people currently have, the same process is bound to roll out in states across the country. That is, liberals need to understand this dynamic if they want to reverse the policy changes the GOP are about to roll out.

Unsurprisingly, Democrats are taking away the wrong lesson about ObamaCare from the election. Markos Moulitsas rather notoriously offered this lesson (though not in the context of Kliff’s report).

But even Kevin Drum, after reading Kliff’s report, seems to have come up with the wrong lesson.

Obamacare has several smallish problems, but its only big problem is that it’s underfunded. The subsidies should be bigger, the policies should be more generous, and the individual mandate penalty should be heftier. Done right, maybe it would cost $2 trillion over ten years instead of $1 trillion.

Republicans wouldn’t have cared. If this were a real goal—like, say, cutting taxes on the rich—they’d just go ahead and do it. If the taxes didn’t pay for it all, they’d make up a story about how it would pay for itself. And if you’re Donald Trump, you just loudly insist that,somehow, you’re going to cover everybody and it’s going to be great.

But Democrats didn’t do that. They didn’t oversell Obamacare and they didn’t bust the budget with it. They could have. It would have added to the deficit, but that wouldn’t have hurt them much. Politically, the far better option was to go ahead and run up the deficit in order to create a program of truly affordable care that people really liked.

Even setting side whether the problem of providers exiting the marketplace is “smallish” or actually quite big, the one takeaway Drum takes from this article about how a technocratic solution sows hatred for that technocratic solution is just to wonk harder. That is, he wants to keep the existing program, and just throw more money at the providers via subsidies and more penalties at people who are literally choosing between paying for insurance they won’t use or making other choices with limited disposable income.

He ignores entirely how the two-tier system of benefits feeds resentments (not to mention all the unnecessary complexity it entails).

Luckily, being completely out of power, Democrats have another alternative besides just “wonk harder.” Since Republicans will already in in the difficult position of taking away benefits, Democrats can make that much harder — and play to what we’ve learned from the roll out of ObamaCare — by calling for what they should have called for in the first place: something that moves us towards true universal care, rather than just aspirationally universal insurance coverage. Not only is that what KY voters appear to want, but it is a more efficient way of providing health care. Implement it via subsidized Medicare (well-loved because it is universal) buy-in, I don’t care. But this is the opportunity for Democrats to turn the Republicans’ attacks on ObamaCare on their head, and make the policy much smarter at the same time.

image_print