emptywheel

HPSCI: We Must Spy Like Snowden To Prevent Another Snowden

I was going to write about this funny part of the HPSCI report anyway, but it makes a nice follow-up to my post on Snowden and cosmopolitanism, on the importance of upholding American values to keeping the servants of hegemon working to serve it.

As part of its attack on Edward Snowden released yesterday, the House Intelligence Committee accused Snowden of attacking his colleagues’ privacy.

To gather the files he took with him when he left the country for Hong Kong, Snowden infringed on the privacy of thousands of government employees and contractors. He obtained his colleagues’ security credentials through misleading means, abused his access as a systems administrator to search his co-workers’ personal drives, and removed the personally identifiable information of thousands of IC employees and contractors.

I have no doubt that many — most, perhaps — of Snowden’s colleagues feel like he violated their privacy, especially as their identities are now in the possession of a number of journalists. So I don’t make light of that, or the earnestness with which HPSCI’s sources presumably made this complaint (though IC employee privacy is one of the things all journalists who have reported these stories have redacted, to the best of my knowledge).

But it’s a funny claim for several reasons. Even ignoring that what the NSA does day in and day out is search people’s personal communications (including millions of innocent people), this kind of broad access is the definition of a SysAdmin.

HPSCI apparently never had a problem with techs getting direct access to our dragnet metadata, as they had and (now working in pairs) still have, for those of us two degrees away from a suspect.

Plus, HPSCI has never done anything publicly to help the 21 million clearance holders whose PII China now holds. Is it possible they’re more angry at Snowden than they are at China’s hackers, who have more ill-intent than Snowden?

But here’s the other reason this complaint is laugh-out-loud funny. HPSCI closes its report this way:

Finally, the Committee remains concerned that more than three years after the start of the unauthorized disclosures, NSA and the IC as a whole, have not done enough to minimize the risk of another massive unauthorized disclosure. Although it is impossible to reduce the change of another Snowden to zero, more work can and should be done to improve the security of the people and the computer networks that keep America’s most closely held secrets. For instance, a recent DOD Inspector General report directed by the Committee had yet to effectively implement its post-Snowden security improvements. The Committee has taken actions to improve IC information security in the Intelligence Authorization Acts for Fiscal Years 2014, 2015, 2016, and 2017, and looks forward to working with the IC to continue to improve security.

First, that timeline — showing an effort to improve network security in each year following the Snowden leaks — is completely disingenuous. It neglects to mention that the Intel Committees have actually been trying for longer than that. In the wake of the Manning leaks, it became clear that DOD’s networks were sieve-like. Congress tried to require network monitoring in the 2012 Intelligence Authorization. But the Administration responded by insisting 2013 — 3 years after Manning’s leaks — was too soon to plug all the holes in DOD’s networks. One reason Snowden succeeded in downloading all those files is because the network monitoring hadn’t been rolled out in Hawaii yet.

So HPSCI is trying to pretend Intel Committee past efforts didn’t actually precede Snowden by several years, but those efforts failed to stop Snowden.

The other reason I find this paragraph — which appears just four paragraphs after it attacks Snowden for the invasion of his colleagues’ privacy — so funny is that in the 2014 Intelligence Authorization (that is, the first one after the Snowden leaks), HPSCI codified an insider threat program, requiring the Director of National Intelligence to,

ensure that the background of each employee or officer of an element of the intelligence community, each contractor to an element of the intelligence community, and each individual employee of such a contractor who has been determined to be eligible for access to classified information is monitored on a continual basis under standards developed by the Director, including with respect to the frequency of evaluation, during the period of eligibility of such employee or officer of an element of the intelligence community, such contractor, or such individual employee to such a contractor to determine whether such employee or officer of an element of the intelligence community, such contractor, and such individual employee of such a contractor continues to meet the requirements for eligibility for access to classified information;

This insider threat program searches IC employees hard drives (one of Snowden’s sins).

Then, the following year, HPSCI got even more serious, mandating that the Director of National Intelligence look into credit reports, commercially available data, and social media accounts to hunt down insider threats, including by watching for changes in ideology like those Snowden exhibited, developing an outspoken concern about the Fourth Amendment.

I mean, on one hand, this isn’t funny at all — and I imagine that Snowden’s former colleagues blame him that they have gone from having almost no privacy as cleared employees to having none. This is what people like Carrie Cordero mean when they regret the loss of trust at the agency.

But as I have pointed out in the past, if someone like Snowden — who at least claims to have had good intentions — can walk away with the crown jewels, we should presume some much more malicious and/or greedy people have as well.

But here’s the thing: you cannot, as Cordero does, say that the “foreign intelligence collection activities [are] done with detailed oversight and lots of accountability” if it is, at the same time, possible for a SysAdmin to walk away with the family jewels, including raw data on targets. If Snowden could take all this data, then so can someone maliciously spying on Americans — it’s just that that person wouldn’t go to the press to report on it and so it can continue unabated. In fact, in addition to rolling out more whistleblower protections in the wake of Snowden, NSA has made some necessary changes (such as not permitting individual techs to have unaudited access to raw data anymore, which appears to have been used, at times, as a workaround for data access limits under FISA), even while ratcheting up the insider threat program that will, as Cordero suggested, chill certain useful activities. One might ask why the IC moved so quickly to insider threat programs rather than just implementing sound technical controls.

The Intelligence world has gotten itself into a pickle, at once demanding that a great deal of information be shared broadly, while trying to hide what information that includes, even from American citizens. It aspires to be at once an enormous fire hose and a leak-proof faucet. That is the inherent impossibility of letting the secret world grow so far beyond management — trying to make a fire hose leak proof.

Some people in the IC get that — I believe this is one of the reasons James Clapper has pushed to rein in classification, for example.

But HPSCI, the folks overseeing the fire hose? They don’t appear to realize that they’re trying to replicate and expand Snowden’s privacy violations, even as they condemn them.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

10 replies
  1. TomVet says:

    I believe it would greatly benefit all these “overseers” in both committees if they had some first hand knowledge of intelligence field work in real time in the real world. So I propose that they, along with the Directors of all the acronym agencies be sent to get us some high quality, useful info from the areas where it has been significantly lacking; they should be sent for the duration to, say, Syria, Lebanon, Iraq, AfPak, etc.
    .
    This will not only get them out of our affairs for a while, but may also let the agencies actually get some productive work done in their absence. Perhaps Congress might even work smoother for a while.

  2. Evangelista says:

    Marcy,
    The not ha-ha, or laugh-out-loud funny part of the government statement that you quote: “”Snowden infringed on the privacy of thousands of government employees and contractors.”” is being ‘perfected’, or ‘brought on line’ in a Federal Court in Portland, Oregon now, in the month of September, in 2016, in a case being carried by U.S. Attorney Prosecutors against a group of rural Occupy protestors who occupied a wildlife (migratory birds sanctuary in the winter, when the migratory birds the facility is ostensibly maintained for by U.S. government funds and employees were away south.

    The Rural Occupy protestors, who appear to have gathered peaceably, carrying weapons no evidences indicate they used, wherefore they appear to have been carried symbolically, as police in the United States used to carry weapons, before they militarized and began using weapons as offensive and control-exertion tools, instead of defensively, transforming themselves from police to occupation army forces (I have heard of no instances where any occupiers intimidated with, threatened with, or discharged a firearm in the course of their Occupation action), who have been, and are, designated “right-wing”, “militants” and “extremists” by government and media, are being charged with a variety of ‘conspiracy’ allegations based on interpretations of various of their Occupy actions. Chief amongst these is conspiring to interfere with government employees in carrying out the duties of their employments.

    What the government is attempting to do is establish a precedent. The precedent will be for charging members of the public who gather to exercise their Constitutionally guaranteed rights to peaceably assemble and petition the government (which requires getting the govbernment’s attention, the purpose of the Occupy Movement occupying activities).

    Rural members of the United States Public are, for being rural, thin on the ground. Their concerns tend to be rural concerns, which are not well understood, or, often, sympathized with by non-rural persons, whose life-styles and livelihoods do not depend on the conditions persons living rurally depend on. Rural people have been successfully demonized by the government and press. Part of the demonization has stigmatized rural persons as “right-wing” “red-neck”, ignorant, if not intellectually challenged, and “militants” (whatever the term might mean).

    The combination of fewness of numbers and demonization (along with a more meagre financial base) makes rural protestors who engage in activities essentially those urban protestors engage in, desirable targets for legal actions intended to create precedents that may, upon being established, become applicable to all persons who may be defined in a class, or who may, in future, be raked into such a class.

    The demonization is a particularly advantageous component, since it may be used, or counted on, to preclude sympathies that could draw attention that could create difficulties for the “legal” “professionals” attempting to establish the prosecutoral precedent. This is seen in the case of the “Malheur Militants”, currently on trial, and in the contrast perceptible between perceptions of them and perceptions of the Standing Rock Indigenous Protestors currently in the protesting and being arrested stages. Note that it was not many decades ago that indigenous people (“Redskinned Savages”) in the United States were demonized and in similar to, and often worse than, situation than the “militants” currently demonized.

    Note, too, that none of the pantheon of “Civil Rights” and “Civil Liberties” organizations have undertaken any significant actions, or engaged in any supportive activities in the “militants” cases. The indication that appears is that the memberships of these groups are not intelligent enough, or are too blindered by their own elected prejudices, to care, or notice, that liberties and rights are not parochial, and that they interstice.

    This blindering, or stupidity, is, of course a component the government prosecutors are counting on. They intend to obtain their precedent for being allowed to in their prosecution of an unpopular, or under-representational, minority group.

    The precedent, once established, will not be parochial. It will apply, and be applied, to any and all the government wishes to prosecute for “conspiring to interfere with government employees” by disrupting their activities, requiring additional hiring, overtime, etc., all of which are intrinsic products in any assembling and petitioning activity.

    Future Snowdens (and the current Snowden, since ex post facto has been incorporated into the current United States’ systems of law) will, upon perfection of the precedent so that it may be cited, be subject to prosecution for “”…infring[ing] on the privacy of thousands of government employees and contractors”” in events of their blowing whistles, letting cats out of bags, etc. It is how it works in nations whose governments are unchecked and unbalanced…

    • P J Evans says:

      Um, not a truthful comment. Those weren’t peaceful protesters, and their claims that the bird refuges was illegally taken are bullshit.

      • Evangelista says:

        P J Evans,

        Your wrote, “Those weren’t peaceful protesters”.

        What acts of violence did THEY (the protesters) initiate? What violent/non-peaceful acts did the protesters undertake, or were they engaged in (except as recipients, targets, victims, assaulted parties, etc., in the courses of the violent activities they were in the middle of?

        Also, though not specifically germane to “violence” per se, what actions did the protesters engage in in the course of their Occupation of the refuge that are not standard practice in police “peace-keeping” procedures? And if you believe members of the public, who are Constitutionally the owners of the United States, and so the employers of those who work in the Public’s government as public employees, aka public servants, should be more restricted by law and held to tighter standards for polite behavior and reasonableness, how do you justify your belief in that regard? Do you ascribe public servants to be servants to a higher order, an aristocracy defined by some standard, wealth, commercial power, some defined, or definable, (or indefinable) elitism?

        Do you ‘recognize’ the Constitutionally constituted United States to no longer exist, except as an imaginary, perhaps “golden age” construction in the mythology of the current nation called “The United States”?

    • bmaz says:

      “Rural Occupy Protesters”???
      .
      You gotta be fucking kidding me. Those hick gun nut asshats deserve the prison they are going to get.

      • martin says:

        Of course, bmaz, in his self righteous lawyerly stand on a subject he knows DIDDLY SQUAT about, fails to mention, the USG/OSP murders one of the protesters in a setup, while lying through their fucking teeth after the fact. The victim still remains killed. Regardless of the lies and deceit of the authoritys. I’d bet $1k, his daughters would SPIT IN YOUR PATHETIC FACE.

      • Evangelista says:

        bmaz,

        You gotta admit that the demonization of ‘others’ as lower orders and ‘less’ human really takes with some people. It is why the word “nigger” can’t be retired: Different bigots just make different divisions of the people “niggers”, things that look sorta like people, but (in the prejudice eyes of the bigoted) qualify as lesser, sub-human ‘things’, that don’t qualify for the rights and privileges the bigoted reserve themselves to deserve.

  3. Frank Cuffman says:

    This is from the Wiki:

    On December 30, 2015, USFWS staff members at Malheur National Wildlife Refuge were dismissed early from work. With tensions rising in nearby Burns, supervisors left staff with the final instruction not to return to the refuge unless explicitly instructed.[62] Meanwhile, some residents of Burns reported harassment and intimidation by militia members. According to the spouses and children of several federal employees and local police, they had been followed home or to school by vehicles with out-of-state license plates.[65]

  4. tofubo says:

    I said a long time ago regarding the NSA and what they did domestically, what was to stop someone from profiting off of otherwise unknown to the public information? Makes decisions on when to buy or sell a little easier on the stock market for instance.

Comments are closed.