1 2 3 899

The Government Wants You To Forget It Will Still Collect Your Phone Records in Bulk

I Con the Record released two statements to mark the end of the Section 215 phone dragnet (which will take place at midnight tomorrow night): a statement and a “fact” sheet. They’re a curious mix of true statements, false statements, and probably false statements.

Here’s the true statement that USAF boosters aren’t retweeting (but which Jim Comey recently mentioned in congressional testimony):

Moreover, the overall volume of call detail records subject to query pursuant to court order is greater under USA FREEDOM Act.

Right now, the Section 215 phone dragnet is not getting some cell records, probably not getting all VOIP, and probably not getting non-telephony messaging. Even just the cell records creates holes in the dragnet, and to the extent it doesn’t collect Internet based calls and messaging, those holes would be especially problematic.

Which is why I’m struck by this language.

adopted the new legal mechanism proposed by the President regarding the targeted production of telephony metadata


With respect to the new mechanism for the targeted production of telephony metadata,


When will NSA implement the new, selected telephony metadata process required by the USA FREEDOM Act?

As I’ve noted, USA Freedom Act is technology neutral — the language of the law itself would permit collection of these other kinds of metadata. And while the House report says it applies to “phone companies,” it would be hard to argue that the maker of the most popular phone handset, Apple, is not a phone company, or handset/software manufacturers Google or Microsoft. So I suspect this is technically inaccurate.

Then there’s the deliberately misleading language, which is most notable in these passages but appears throughout.

On November 29, the transition period ends. Beginning Sunday, November 29, the government is prohibited from collecting telephone metadata records in bulk under Section 215, including of both U.S. and non-U.S. persons.


That approach was enshrined in the USA FREEDOM Act of 2015, which directs that the United States Government will no longer collect telephony metadata records in bulk under Section 215 of the USA PATRIOT Act, including records of both U.S. and non-U.S. persons.

I’m sure the government would like terrorists and the  press to believe that it “will no longer collect telephony metadata records in bulk … including records of both U.S. and non-U.S. persons.” In which case, this construction should be regarded as a huge success, because some in the press are reporting that the phone dragnet will shut down tomorrow night.


Just a tiny corner of the phone dragnet will shut down, and the government will continue to collect “telephony metadata records in bulk … including records of both U.S. and non-U.S. persons” under EO 12333. Hypothetically, for every single international call that had been picked up under the Section 215 dragnet and more (at a minimum, because NSA collects phone records overseas with location information), a matching record has been and will continue to be collected overseas, under EO 12333.

They’re still collecting your phone records in bulk, not to mention collecting a great deal of your Internet records in bulk as well. BREAKING.

There’s one more misleading passage.

The legal framework permits providers to return call detail records which are either one or two “hops” away from a FISC-approved, terrorist-associated selection term. First hop selection terms (e.g., those that are in direct contact with a FISC-approved selection term) may be obtained from providers as well as from information identified independently by the government. These first hop selection terms may then be sent by NSA as query requests to the providers to obtain second hop records.

I Con the Record offers “those [call detail records] that are in direct contact with a FISC-approved, terrorist approved selection term” as an example of what it gets at each hop. But the language no longer requires that a “contact” be made — only that a connection be made. So it’s quite possible NSA will collect call detail records (which only need be a session identifier, so it doesn’t require any call actually be placed) of people who have never technically “contacted” the target.

There’s a reason they call this “I Con the Record,” you know.


NYT Should Explain How It Selects Which Articles Get Translated into Mandarin

Screen Shot 2015-11-27 at 10.26.59 AMThe front page of the NYT today features the story of Anastasia Lin, Chinese-born and Canadian-raised Miss Canada, who was denied entry to China for the Miss World contest.

Clasping hands with youngsters in red Communist Youth League scarves, contestants from more than 110 nations descended on the southern Chinese island of Hainan this week for the 65th annual Miss World contest.

But one contestant was absent from the opening ceremony: Miss Canada, otherwise known as Anastasia Lin, a 25-year-old actress and classically trained pianist who has been denied a Chinese visa to attend the monthlong pageant, apparently because of her outspoken advocacy for human rights and religious freedom in China.

After waiting in vain for weeks, Ms. Lin packed up her Canadian-designed eveningwear on Wednesday and quietly boarded a Hong Kong-bound flight with the hope she might obtain an on-demand visa at the border and perhaps slip unnoticed into mainland China.

It was not to be.

The Chinese authorities, tipped off to her arrival, barred her from flying onward to Hainan.

You can read the story in English or–on the web–in Mandarin.

You can also read this story, on opposition to a new cloning technology center opening in China, in Mandarin.

But Mr. Xu must contend with skeptical consumers in China, where food safety is a near obsession after scandals like melamine-tainted baby formula and recycled industrial “gutter oil.” Online reaction to the project has been overwhelmingly negative.

“Crazily evil!!!” commented the user No-Music-No-Life on Weibo.

You can’t read this story, on Xi Jinping’s efforts to revamp the military, in Mandarin (though as the article notes, it was available in and almost entirely derived from China’s official news service, Xinhua).

President Xi Jinping of China has announced a major reorganization of the nation’s military, state-backed news media reported on Thursday, laying out plans to create new command systems intended to integrate and rebalance land, air and sea forces into a more nimble People’s Liberation Army.

You also can’t read this story, on the sentencing of human rights activist Guo Feixiong, at which he was sentenced with an extra charge on top of those he was tried on.

Yang Maodong [Guo Feixiong], a hardened veteran of political protest in southern China, knew he had virtually no hope of winning his freedom on Friday when he was brought into a courtroom to face a judge’s verdict on charges that he had disturbed public order.

Chinese judges, after all, convict and imprison indicted dissidents with metronomic consistency, reflecting the ruling Communist Party’s control of the courts. Mr. Yang — a human rights campaigner better known by his pen name, Guo Feixiong — had already prepared a statement denouncing his imprisonment.

But the Tianhe District People’s Court in Guangzhou, the capital of Guangdong Province, erupted in denunciations from Mr. Yang and his lawyers when the presiding judge revealed that he had added a new charge against the defendant — one that his lawyers had been given no chance to defend him against.
The new charge, “picking quarrels and provoking trouble,” meant that Mr. Yang would spend an additional two years in prison, according to his lawyers. Mr. Yang, who stood trial almost exactly a year ago, was convicted Friday on that charge and the original one and was sentenced to a total of six years.


Chinese law allows judges to add new charges to convictions at their own discretion. But the lawyers said that the power was rarely used, and they denounced the judge’s refusal to grant them time to prepare a considered response.

Asked by telephone Friday about the addition of the new charge, an official at the court in Guangzhou who deals with news media inquiries said, “I don’t know, and even if I did, I couldn’t tell you.” She would not give her name.

This is not the first time I’ve been struck by NYT’s selection of articles to translate into Mandarin; it did so as well with a curiously incomplete story about US expelling its Operation Fox Hound agents. I’ve noticed a few others in passing without recording what they are (but will now do so).

It really is time for NYT to explain the process by which it selects stories for translation into Mandarin. In general, it seems as if the stories that would have good propaganda value get translated — though that doesn’t explain why the Guo Feixiong story did not get translated.

But if it is basing these decisions off of propaganda value, it should also explain how it selects them. Does the State Department get a vote?

It is great for NYT to translate articles. But if it’s only doing so for those that serve US interests (and pointedly not doing so for articles that serve Chinese interests) it is really serving as a propaganda organ, not a news site.

Thanksgiving Blessings


I’ve already conceded defeat and the Detroit Lions don’t start playing for another hour.

Happy Thanksgiving all! It’s been a busy morning here at Chez Emptywheel, in part because our awesome meat farmers can’t seem to raise turkeys that, after slaughter, weigh under 20 pounds. (The pic from the right is from 2011; I visited our turkey when it was growing this year when our farmers married each other after Love Won this year, but I didn’t take pictures of things like growing turkeys…)

So I conceded to cooking the stuffing outside the bird, something I rarely do. I just wasn’t sure I could get the whole damn thing cooked any other way.

Hopefully the Lions will prove better able to face adversity today than I was.

Please provide your favorite leftover turkey recipe in comments!

As old-timers likely know, my schtick at Thanksgiving is to try, as much as possible, to serve only MI products, which is surprisingly easy to do. Our turkey and bacon (for more on that read this post) comes from Crane Dance. Our sugar comes from MI beet farmers. Our veggies come from the Hams and about 4 other farmers who are regularly at the Farmer’s Market. Our milk comes from Hillhof (though I also already lost out on the weekly scramble for their all-too-rare cream). Our wine comes from 2 Lads and other Northern Michigan wineries (though several years of weird weather is making things really tough up there).

But I was at a bit of a loss loss on flour for my pumpkin pie crust. I might have just used the organic all purpose flour (from MN) I normally use for pies and all else, but I’m overdue a trip to Ann Arbor to get a 50 pound bag and even that’s running low. I kept thinking longingly of the stone ground wheat pastry flour I bought years ago from Nashville, MI, but I had looked months ago and they seemed to be defunct. So boy was I pleased when, a week ago, the Jennings Bros showed back up at the Market out of the blue, with meat, but also with that stone ground organic flour I used years ago. Only it’s no longer the “Jennings Brothers,” but in fact a daughter, taking over the flour business. She told me she and her parents had had a long discussion about how much to charge because they didn’t remember; when asked I wasn’t sure either (but she gave me a deal for being a return customer!) The flour is a bit tough to work with (yes, stone ground pastry flour is almost a contradiction of terms). But it all worked out, and if past pies are any indication, the whole wheat of the crust will add a wonderful nuttiness to the pumpkin.

It’s been an increasingly crazy time in the scary wide world. So today is a great time to relax with family and remember what matters.

Thanks to you all for joining in the emptywheel community. And may you have a wonderful Thanksgiving.


New Problems with DOD’s Médecins Sans Frontières Story

Count me as thoroughly unimpressed by DOD’s explanation of what its almost two month long investigation into the attack on Médecins Sans Frontières’ hospital in Kunduz showed.

Don’t get me wrong: I still think this explanation — that the Afghans did knowingly attack the hospital, but that we didn’t follow procedure and so became willing dupes in that attack — remains most likely. But DOD’s explanation raises new questions for me (and clearly for some of the journalists at the briefing). Here’s the video and transcript of today’s press conference.

What do the Afghans say happened?

Back on October 5, General John Campbell said there would be three investigations: DOD’s, NATO’s, and an Afghan one.

I’ve got both U.S. 15-6 investigation, I’ve got a NATO investigation and the Afghans will be conducting an investigation.

Today, he suggested there were just two: his, and a joint NATO-Afghan one.

In addition to the U.S. national investigation, a NATO and Afghan partner combined civilian casualty assessment team, or CCAT, also conducted an investigation.

Campbell says these two investigations came to “generally consistent” conclusions, which is funny because in the days after the attack the Afghans were perfectly willing to say they targeted the hospital intentionally.

What the Afghans say, or would say, if they were conducting their own investigation, is key, given some of the ambiguity in this description Campbell gave.

During the evening of October 2nd, Afghan SOF advised the U.S. SOF commander that they intended to conduct a clearing operation that night. This included a former national director of security, or NDS, headquarters building they believed was occupied by insurgents. The Afghans requested U.S. close air support as they conducted their clearing operation. The U.S. SOF commander agreed to have the support on standby. He remained at the PCOP compound during the operation and was beyond the visual range of either the [National Director of Security] headquarters or the MSF trauma center as he monitored the progress of his Afghan counterparts.

If the operation only “included” NDS, did it also “include” MSF? As the WaPo pointed out at the presser, DOD had already hit NDS.

Q: Yes. (inaudible) — Washington Post. A few hours before the MSF strike, an NDS building and buildings surrounding were actually struck by U.S. airstrikes. So the location was totally known. How do you — how do you account for this discrepancy a few hours later? The coordinate shift, and as you say, the MSF hospital was mistaken for the NDS building when just a few hours earlier, there had been an attack, had been — (inaudible) — there and had a strike in that area.

GEN. SHOFFNER: The investigation found that the U.S. special operations forces commander did rely on information provided by the Afghan partners on the location of the NDS compound. However, the investigation determined that those grid coordinates given by the Afghan forces to that NDS compound were correct.

And per Campbell’s statement, the Afghan description of the target matched the MSF hospital.

The physical description of the NDS headquarters building provided by the Afghan SOF to the U.S. SOF commander roughly matched the description of the MSF trauma center as seen by the aircrew.

And SOF relied on their description.

The investigation also found that the U.S. SOF commander relied primarily upon information provided by Afghan partners and was unable to adequately distinguish between the NDS headquarters building at the MSF Trauma Center.

Reporter Lynn O’Donnell asked about earlier Afghan admissions they had targeted MSF.

The other thing that interests me about this is that Afghan officials have said all along that the hospital — they specifically referred to the hospital as they command and control center for the insurgents. So you know, when did the NDS come into this? In the process of making the decision whether or not to continue with the attack, when does the NDS come into this?

In response, flack Brigadier General Wilson Shoffner (Campbell didn’t respond to the questions from the press) gave a bullshit answer, one relying on what appears to be a substitution of two separate Afghan and NATO investigations into one.

To the second part of your question, I won’t speak for Minister (Stanikzine ?), but I will point out that on the civilian casualty assessment team investigation that was done, that wasn’t just a U.S. investigation. It was a NATO investigation. The members of the team consisted of coalition partners, U.S. and non-U.S. It consisted of seven Afghans that were appointed by President Ghani.

On the civilian casualty assessment team, and I need to point out the purpose of that was different from the 15-6. It was intentionally narrow in purpose. It was designed to determine the basic facts and then to validate whether or not these civilian casualties had occurred. It did that. And the results of the civilian casualty assessment team report informed the 15-6 investigation.

It seems very likely DOD reframed the investigations such that what the Afghans admitted, by themselves, back in October, would not make it into any official investigation.

What happened to the US TAA role?

On October 5, Campbell insisted US SOF was only involved in a Train, Advise, and Assist role (which is what the Administration has said they were doing).

GEN. CAMPBELL: What I said was that the Afghans asked for air support from a special forces team that we have on the ground providing train, advise and assist in Kunduz.

He said that in spite of contemporary, DOD-sourced reporting making it clear it wasn’t the case.

Today, he not only admitted US forces were fighting but offered the extent of their fighting as part of an explanation.

By October 3rd, U.S. SOF had remained at the PCOP compound longer than intended in continued support of Afghan forces. As a result, by the early morning hours of October 3rd, U.S. SOF at the PCOP compound had been engaged in heavy fighting for nearly five consecutive days and nights.

I’m sure they were toast, don’t get me wrong. But why did Campbell try to hide this detail back in October, when he was walking back Secretary Ash Carter’s claim that US forces ordered the strike?

How did all the recording devices on the plane misfunction?

It’s remarkable that all the recording devices on the plane “misfunctioned.” [See below for clarification.]

During the flight, the electronic systems onboard the aircraft malfunctioned, preventing the operation of an essential command and control capability and eliminating the ability of aircraft to transmit video, send and receive e-mail or send and receive electronic messages. This is an example of technical failure.

As well as its sensors.

U.S. SOF commander provided the aircraft with the correct coordinates to the NDS headquarters building, the intended target of the Afghan SOF. The green 1 depicts the location of the NDS compound. Again, this was the building that the U.S. SOF commander intended to strike. But when the aircrew entered the coordinates into their fire control systems, the coordinates correlated to an open field over 300 meters from the NDS headquarters. The yellow 2 on the chart depicts the location of the open field.

This mistake happened because the aircraft was several miles beyond its normal orbit and its sensors were degraded at that distance.

Pretty remarkable that DOD has such a clear idea of what happened when, even though all the equipment they would use to determine that failed.

The question is all the more important given a discrepancy between the DOD narrative and MSF’s: Timing.

Campbell said the attack lasted only 29 minutes, and ended as soon as SOF’s commander realized his mistake (how did the pilots find out without fully functioning communications equipment?).

The strike began at 2:08 a.m. At 2:20 a.m., a SOF officer at Bagram received a call from MSF, advising that their facility was under attack. It took the headquarters and the U.S. special operations commander until 2:37 a.m. to realize the fatal mistake. At that time, the AC-130 had already ceased firing. The strike lasted for approximately 29 minutes.

MSF said the attack lasted an hour.

According to all accounts the US airstrikes started between 2.00am and 2.08am on 3 October.


It is estimated that the airstrikes lasted approximately one hour, with some accounts saying the strikes continued for one hour and fifteen minutes, ending approximately 3am–3.15am.

Admittedly, MSF’s far more detailed timeline did not describe calls from Kunduz to DOD, but from Kabul.

– At 2.19am, a call was made from MSF representative in Kabul to Resolute Support in Afghanistan informing them that the hospital had been hit in an airstrike

– At 2.20am, a call was made from MSF representative in Kabul to ICRC informing them that the hospital had been hit in an airstrike

– At 2.32am a call was made from MSF Kabul to OCHA Civil Military (CivMil) liaison in Afghanistan to inform of the ongoing strikes

– At 2.32am a call was made by MSF in New York to US Department of Defense contact in Washington informing of the airstrikes

– At 2.45am an SMS was received from OCHA CivMil in Afghanistan to MSF in Kabul confirming that the information had been passed through “several channels”

– At 2.47am, an SMS was sent from MSF in Kabul to Resolute Support in Afghanistan informing that one staff was confirmed dead and many were unaccounted for

– At 2.50am MSF in Kabul informed Afghan Ministry of Interior at Kabul level of the airstrikes. Afghan Ministry of Interior replied that he would contact ground forces

– At 2.52am a reply was received by MSF in Kabul from Resolute Support stating “I’m sorry to hear that, I still do not know what happened”

– At 2.56am an SMS was sent from MSF in Kabul to Resolute Support insisting that the airstrikes stop and informing that we suspected heavy casualties

– At 2.59am an SMS reply was received by MSF in Kabul from Resolute Support saying ”I’ll do my best, praying for you all”

– At 3.04am an SMS was sent to Resolute Support from MSF in Kabul that the hospital was on fire

– At 3.07am an SMS was sent from MSF in Kabul to OCHA CivMil that the hospital was on fire

– At 3.09am an SMS was received by MSF in Kabul from OCHA CivMil asking if the incoming had stopped

– At 3.10am and again at 3.14am, follow up calls were made from MSF New York to the US Department of Defense contact in Washington regarding the ongoing airstrikes

– At 3.13am an SMS was sent from MSF in Kabul to OCHA CivMil saying that incoming had stopped

Note the call between MSF and SOF mentioned by DOD does not appear on MSF’s log, nor does DOD say where it came from. That is, both timelines are inconsistent. DOD’s timeline should fairly raise questions about MSF’s timeline.

But DOD sure doesn’t want to answer questions about this apparent inconsistency when called on it.

Q: Jim Miklaszewski from NBC News. General, Doctors Without Borders, which has proven to be a pretty reliable source in regard to what happened there in Kunduz, said that they made at least two phone calls, one just prior to and one during the airstrike, to the Pentagon. And we’ve been told that that information was relayed from Joint Staff to the NMCC that they were under attack.

Did that information ever reach the operators there in the battlefield?

GEN. SHOFFNER: What I’d like to do is, to better answer that question, just briefly review the sequence of events leading up to the issue at hand. Approximately 12 minutes after the firing commenced, Doctors Without Borders called to report the attack. Unfortunately, by the time U.S. forces realized the mistake, the aircraft had stopped firing.

What DOD is not telling us is who communicated the troops on the ground and in the plane when. Would that focus too much attention on the rather incredible claim that all the plane’s recording equipment failed?

Or rather, malfunctioned. While Campbell says this was a technical failure, he doesn’t really explain that part of it.

[Clarification: As Lemon Slayer notes, this is probably not all communications but instead just the plane’s data link. They still should have had voice communication. I agree, though I also think DOD wanted to leave the impression there were no comms because the likelihood there were voice comms raises more questions, from the claim the plane left on an emergency deployment then got rerouted without any vetting of its mission, such as the fact that it didn’t ask questions about why it was attacking a field, such as the likelihood (which Lemon Slayer notes) that there should be voice recording then. In other words, if they have voice comms–and they probably do–then they have more information then they let on and less excuse for the purported confusion here.]

Again, it’s not just me not buying this–it’s the beat journalists too, many of whom asked precisely the right questions. And all the flacks did in response was to say some involved didn’t abide by rules of engagement and that the US would never attack a hospital intentionally.

Would the US playing willing dupe for allies doing just that?

Update: They decided they had to hide Afghan side of investigation after first one was done.

Yesterday, DOD said it took three weeks to conduct an investigation.

They spent a full three weeks completing their report

Three weeks from when Campbell announced the investigation on October 5 would have been October 26 — a month before the report was released. But remember that Campbell brought in a two-star General on October 24, when the first three week period was coming to a close.

With an initial military assessment confirming civilian casualties in the bombing of a Doctors Without Borders hospital in Kunduz by an American warplane, Gen. John F. Campbell, the American commander in Afghanistan, has appointed a two-star general from another command to conduct an independent investigation, his office said in a statement on Saturday.


A spokesman for General Campbell, Brig. Gen. Wilson Shoffner, said an assessment team had “determined that the reports of civilian casualties were credible.” The investigation, which will be conducted by three senior officers outside General Campbell’s command, will be led by Maj. Gen. William B. Hickman and supported by two brigadier generals.

General Campbell, also the commander of NATO forces in Afghanistan, said: “My intent is to disclose the findings of the investigation once it is complete. We will be forthright and transparent and we will hold ourselves accountable for any mistakes made.”

Which came — now that I re-read the report of this — at the same moment when the Afghans made it clear their investigation into how they lost Kunduz would not cover how they asked the Americans to bomb a hospital.

The comments from Afghan officials came without a clear investigation on their side. While they have said a nongovernmental fact-finding mission set up to investigate the fall of Kunduz to the Taliban on Sept. 28 would also look into the hospital bombing, it is now clear that the mandate does not extend that far.

“The mandate of the Kunduz fact-finding mission doesn’t cover events beyond Sept. 28,” said Amrullah Saleh, a former intelligence chief who is a leader of the mission. “The team focuses on finding reasons for failure in leadership, structures and resources management.”

So if it takes three weeks to investigate an attack on a hospital, did the Brigadier General who first investigated it discover after three weeks that they needed to stop the Afghans from telling their own side of the story, after which a higher ranking general conducted a new investigation without that information?

Normally, when you bring in higher ranking generals, it’s because the scope of the investigation newly includes people who rank at the same level as the original investigating officer; but here, the guy who got disciplined is a captain [one report says he is a major], so not high ranking enough to require a two-star.

And if that investigation too three weeks, it would have ended November 14, 11 days before they released the report. Which if you hadn’t already figured out was a deliberate attempt to bury the report in the pre-holiday rush, should now.

FISC Makes Far Better Amicus Choices Than I Expected

I’ve long been skeptical about the potential efficacy of the amicus provision in USA Freedom Act, especially because the government can always withhold information.

But the FISC (and FISCR’s, they make clear) choices for potential amici is far better than I expected.

Screen Shot 2015-11-25 at 2.09.12 PM

Laura Donohue, besides being an important voice on surveillance reform, is one of the few people who has as weedy an understanding of the details of the surveillance programs as I do. Plus, unlike me, she can argue the legal aspects of it with authority.

Marc Zwillinger has represented at least one corporation — Yahoo, in its 2007-8 challenge to Protect American Act — before FISC already (as well as an industry push for the right to provide more transparency numbers), and is currently representing Apple in an EDNY discussion about back doors. He even has experience not receiving notice of unclassified details necessary to his arguments before FISC!! At a PCLOB hearing on this topic, he and others predicted he’d likely be among those picked. Voila!

John Cline is probably best known to readers of this blog for the representation he gave Scooter Libby. But he did so because he has represented a wide range of defendants dealing with classified information — he’s one of the best on such issues. That perspective is one that even most (though not all) judges on the FISC lack, and I’m impressed they would let someone have vision on both processes.

Jonathan Cedarbaum was acting head at OLC for a while, though mostly worked on domestic policy issues. Though I think he did work on some cybersecurity issues. The closest tie I know of to counterterrorism came in his role on the Boumedienne case, for which he was targeted by right wingers while at DOJ.

I’m perhaps least thrilled about Amy Jeffress (whose father also represented Scooter Libby) on the panel. She has a ton of experience on all kinds of national security cases — but overwhelmingly as a prosecutor. She almost got the Assistant Attorney for National Security job until it was given to John Carlin. While a top advisor to Eric Holder, she likely saw some things that might get debated at FISC (in the same way Rachel Brand and Elisabeth Collins Cook were involved in things at DOJ during the Bush Administration that PCLOB has reviewed), which might lead her to be more invested in the government outcome than I’d like. But from everything I know she’s a very good lawyer.

All in all, a far better collection of lawyers than I expected, and any of them is a better choice than Preston Burton.


Both Iran and the US Have Their Scary Monsters

“Cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber…”

That’s my best summary of the intended jist of this NYT story (I’ll return to the real news in it in a big), reporting that Iran is trying to acquire influence with what it variously calls “cyberattacks” and “cyberespionage,” having now been dissuaded from acquiring influence with a nuclear weapons program. It quite literally uses the word “cyber” 19 times.

But what it really means is that Iran is spying, like all other nations do.

But last year, private security researchers say, Iranians began using cyberattacks for espionage, rather than for destruction and disruption.

Interestingly, it says this WSJ story reported bits of it first; that story clearly insinuates Iran used contacts found on the computer of an Iranian-American businessman they arrested to find other contacts, which is not something NYT mentions at all.

Friends and business associates of Mr. Namazi said the intelligence arm of the IRGC confiscated his computer after ransacking his family’s home in Tehran.

In any case, NYT has put two reporters in charge of wielding that scary word “cyber” over and over to make Iran’s actions, acting like any other country, more scary.

That story appeared yesterday.

Today, the AP has this story.

Iran’s top leader says the United States is using “money and sex” to try to infiltrate the Islamic Republic and warns Iranians not to fall into the “enemy’s trap.”

In remarks to commanders of the elite Revolutionary Guard Wednesday, Ayatollah Ali Khamenei says authorities should take concerns about “infiltration” seriously and that political factions should not use the issue against each other.

Khamenei’s warning is just as ridiculous as the NYT’s. Breaking: The US is using the kinds of carrots and sticks used for millennia to recruit spies!

I just find it funny that each sees their scary monster — cyber, in the case of the US, and sex, in the case of Iran — as the means to fear-monger about everyday spying.

Obama Administration Changed the Rationale for Why Assassinations Don’t Violate the Assassination Prohibition

As a number of outlets have reported, the Second Circuit last month upheld the government’s effort to keep a March 29, 2002 OLC memo pertaining to targeted killing secret; the opinion was unsealed yesterday. The government is probably doing so to keep changes in their rationale for why assassinations don’t violate the prohibition on assassination in EO 12333 secret.

The judges on the panel — especially Judge Jon Normand, who wrote the opinion — had pushed during an ex parte hearing in June to release language in that earlier memo because the dog & pony show around drone strikes in 2012 to 2013 had used closely related language. But after some more secret briefing, the court decided the application of EO 12333 was different enough such that it remained properly protected.

It seems highly likely the specific part of EO 12333 under discussion pertains to the assassination ban. Between the earlier hearing and the opinion, the court pointed to language in the March 25, 2010 Harold Koh speech, the March 5, 2012 Eric Holder speech, and the April 30, 2012 John Brennan speech on targeted killing (they also pointed to two Panetta comments). Each of the cited speeches discusses the assassination ban — and little else that might directly pertain to EO 12333, besides just generally covert operations authorized under Article II. There’s this language in Koh’s speech.

Fourth and finally, some have argued that our targeting practices violate domestic law, in particular, the long-standing domestic ban on assassinations. But under domestic law, the use of lawful weapons systems—consistent with the applicable laws of war—for precision targeting of specific high-level belligerent leaders when acting in self-defense or during an armed conflict is not unlawful, and hence does not constitute “assassination.”

This language in Holder’s speech,

Some have called such operations “assassinations.” They are not, and the use of that loaded term is misplaced. Assassinations are unlawful killings. Here, for the reasons I have given, the U.S. government’s use of lethal force in self defense against a leader of al Qaeda or an associated force who presents an imminent threat of violent attack would not be unlawful — and therefore would not violate the Executive Order banning assassination or criminal statutes.

And this language in Brennan’s speech.

In this armed conflict, individuals who are part of al-Qa’ida or its associated forces are legitimate military targets.  We have the authority to target them with lethal force just as we targeted enemy leaders in past conflicts, such as German and Japanese commanders during World War II.

But even though all these public speeches commented on this interpretation of the assassination ban, the 2nd Circuit still permitted the government to shield the earlier memo.

The transcript of the June ex parte hearing reveals one explanation for that: the earlier memo was a “far broader interpretation” of the issue.

Screen Shot 2015-11-24 at 1.51.21 PM

That’s consistent with the government’s earlier claim (which I wrote about here).

Although the district court noted that the OLC-DOD Memorandum released by this Court contained a “brief mention” of Executive Order 12,333, the district court concluded that the analysis in the March 2002 Memorandum is significantly different from any legal analysis that this Court held has been officially disclosed and for which privilege has been waived.

In other words, while the earlier memo discusses the same aspect of EO 12333 as these public speeches (again, the assassination ban is by far the most likely thing), the earlier memo uses significantly different analysis, and so it may be hidden.

The June transcript also reveals that OLC lawyers reviewed and wrote on the 2002 memo at a later time — the implication being that someone in OLC reviewed the earlier memo in 2010 when writing the Awlaki one (and curiously, that hard copy with handwritten notes is the only one DOJ claims it can find).

Screen Shot 2015-11-24 at 4.32.17 PM

There are two things I find increasingly interesting about this earlier memo about EO 12333 — including at least one part presumably about the assassination ban. First, the implication that one of the lawyers reviewing it in 2010 saw the need to write a new memo (perhaps seeing the need to clean up yet more crazy John Yoo language? who knows). As I repeat endlessly, we know there’s a memo of uncertain date in which Yoo said the President could pixie dust the plain language of EO 12333 without changing the public language of it, and it’s possible this is what that memo did (though the President was clearly pixie dusting surveillance rules).

But I’m also interested in the date: March 29, 2002. The day after we captured Abu Zubaydah (who, at the time, top officials at least claimed to believe was a top leader of al Qaeda). The SSCI Torture Report made it clear the CIA originally intended to disappear detainees. Were they planning to execute them? If so, what stopped things?

In any case, CIA won its battle to hide this earlier discussion so we may never know. But it appears that DOJ may have felt the need to think thing through more seriously before drone assassinating a US citizen. So there is that.


Guy Who Worked at White House When It Self-Authorized Dragnet Thinks Dragnets Are Cool

Eleven judges from the DC Circuit denied Larry Klayman’s request to overturn the stay that a panel put on Richard Leon’s injunction against the dragnet today.

Of those 11 judges, just one decided to weigh in on the legality of the dragnet Leon had ruled unconstitutional: Brett Kavanaugh. In doing so, he laid out a condensed version of the Special Needs search used by dragnet boosters.

I vote to deny plaintiffs’ emergency petition for rehearing en banc. I do so because, in my view, the Government’s metadata collection program is entirely consistent with the Fourth Amendment. Therefore, plaintiffs cannot show a likelihood of success on the merits of their claim, and this Court was right to stay the District Court’s injunction against the Government’s program.


Even if the bulk collection of telephony metadata constitutes a search, cf. United States v. Jones, 132 S. Ct. 945, 954-57 (2012) (Sotomayor, J., concurring), the Fourth Amendment does not bar all searches and seizures. It bars only unreasonable searches and seizures. And the Government’s metadata collection program readily qualifies as reasonable under the Supreme Court’s case law. The Fourth Amendment allows governmental searches and seizures without individualized suspicion when the Government demonstrates a sufficient “special need” – that is, a need beyond the normal need for law enforcement – that outweighs the intrusion on individual liberty.


The Government’s program for bulk collection of telephony metadata serves a critically important special need – preventing terrorist attacks on the United States. See THE 9/11 COMMISSION REPORT (2004). In my view, that critical national security need outweighs the impact on privacy occasioned by this program.

Kavanaugh, of course, served as a White House lawyer and as Staff Secretary during the period when George Bush kept self-authorizing such a dragnet. While there’s no reason to believe he was involved in the dubious theories used to justify Stellar Wind (which were largely a version of this Special Needs argument), he may well have been consulted — as he apparently was on detainee treatment, though he claimed not to have been during his confirmation. He may also have seen the paperwork authorizing the program.

No doubt Kavanaugh would espouse this view whether or not he had worked for a guy who might face real legal trouble if this theory didn’t hold sway. But as people cite from this language in the future, they should remember that of all the judges who reviewed this decision, only Kavanaugh had this kind of personal tie to the dragnet. And only Kavanaugh saw fit to weigh in.

An Important Battlefield after Paris: US Counterterrorism Hegemony

Last week, I suggested that most commentators were misinterpreting a speech John Brennan made, assuming he intended to implicate just encryption and Edward Snowden in the Paris attack. Given that he repeatedly invoked changes the Europeans have to make, I think he was also complaining about European efforts to reclaim some data (or Internet software) sovereignty, with the effect that US counterterrorism programs are not as comprehensive. For example, to the extent terrorists use non-US based Internet services, they will elude PRISM, with its easy access to metadata and often content. In the wake of the Paris attack, Berlin-based Telegram shut down a bunch of channels ISIS was using, which suggests that may have been what Brennan was complaining about.

Yet that highlights a key issue: before the Snowden revelations, the US (with the UK and other Five Eyes members) largely could claim to exercise counterterrorism hegemony, in part because of our preferential position on the global telecommunications fiber network, in part because our tech companies served much of the world, and in part because many of our allies preferred to have us do the job. Some of the Snowden revelations — and the German investigation into BND’s partnership with NSA — have shown the cost of that: that the US gets European spooks’ help to spy on European targets of interest solely to the US.

It’s probably most effective to have one hegemonic dragnet, but it’s not clear whether it’s healthy (and now that US hegemony is beginning to crack, the dragnet will likely become less effective).

Given the comments of French Finance Minister Sapin today, US dragnet hegemony will continue to crumble. Along with a call to change certain laws on asset seizures and pre-paid bank cards, Sapin called for Europe to develop its own capability to access and analyze SWIFT data.

Sapin said that the SWIFT system had two computer servers, one in Europe and one in the United States, but that Europe currently relied on U.S. authorities to collect and analyze the vast amounts of data flowing through it to detect security issues.

“We Europeans don’t have the capacity to exploit our own data. I don’t think this can carry on this way,” Sapin told a news conference. “Since we do not have the means to analyze the data located in Europe, we transfer all of this data to the Americans, who have the capacity to analyze it.”

As a reminder, access to SWIFT — Society for Worldwide Interbank Financial Telecommunication, the international bank transfer system through which most international transactions take place — has been a contentious issue for some time. Europe tried to demand more equitable access in 2009-2010 when one of the servers for the system got moved to Brussels, only to find the US was cheating on the spirit of the agreement in 2011. What Sapin describes — Europe just sending all its data to the US in bulk — is what came out of that effort to reclaim some control over the data. In the last few years, it has become clear how US control of SWIFT makes it easier to dictate policy, especially regarding sanctions, to allies (I suspect, too, it has been used to collect embarrassing details about EU elite ties to unsavory characters, like Qaddafi). Obviously, having exclusive access to records of who is transferring money to whom can be incredibly valuable for the US, in ways that go well beyond terrorism.

From his comments, it’s unclear whether Sapin says Europe doesn’t have the technical capability or bureaucratic/legal authority to access and analyze this data. Given his explicit comment that the Paris terrorists used pre-paid bank cards to plan their attack (which would probably be adequate to transfer money between Belgium and France), it’s also not clear that the attackers used international transfers that would have shown up on SWIFT. But he’s going to use this opportunity to demand equitable access to the data.

The US would surely love to maintain a monopoly on omniscience. In the name of counterterrorism efficacy, they might be able to make an argument to do so. But either because they’ve already lost that omniscience — or because their dragnet failed to keep France safe — they’re likely to continue to lose that monopoly. It’s not clear that has any benefit for privacy (redundant dragnets are more invasive than single ones). It will likely have consequences for US hegemony more generally.

The Internet Dragnet Was a Clusterfuck … and NSA Didn’t Care

Here’s my best description from last year of the mind-boggling fact that NSA conducted 25 spot checks between 2004 and 2009 and then did a several months’ long end-to-end review of the Internet dragnet in 2009 and found it to be in pretty good shape, only then to have someone discover that every single record received under the program had violated rules set in 2004.

Exhibit A is a comprehensive end-to-end report that the NSA conducted in late summer or early fall of 2009, which focused on the work the agency did in metadata collection and analysis to try and identify people emailing terrorist suspects.

The report described a number of violations that the NSA had cleaned up since the beginning of that year — including using automatic alerts that had not been authorized and giving the FBI and CIA direct access to a database of query results. It concluded the internet dragnet was in pretty good shape. “NSA has taken significant steps designed to eliminate the possibility of any future compliance issues,” the last line of the report read, “and to ensure that mechanisms are in place to detect and respond quickly if any were to occur.”

But just weeks later, the Department of Justice informed the FISA Court, which oversees the NSA program, that the NSA had been collecting impermissible categories of data — potentially including content — for all five years of the program’s existence.

The Justice Department said the violation had been discovered by NSA’s general counsel, which since a previous violation in 2004 had been required to do two spot checks of the data quarterly to make sure NSA had complied with FISC orders. But the general counsel had found the problem only after years of not finding it. The Justice Department later told the court that “virtually every” internet dragnet record “contains some metadata that was authorized for collection and some metadata that was not authorized for collection.” In other words, in the more than 25 checks the NSA’s general counsel should have done from 2004 to 2009, it never once found this unauthorized data.

The following year, Judge John Bates, then head of FISC, emphasized that the NSA had missed the unauthorized data in its comprehensive report. He noted “the extraordinary fact that NSA’s end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired.” Bates went on, “[I]t must be added that those responsible for conducting oversight at NSA failed to do so effectively.”

Even after these details became public in 2014 (or perhaps because the intelligence community buried such disclosures in documents with dates obscured), commentators have generally given the NSA the benefit of the doubt in its good faith to operate its dragnet(s) under the rules set by the FISA Court.

But an IG Report from 2007 (PDF 24-56) released in Charlie Savage’s latest FOIA return should disabuse commentators of that opinion.

This is a report from early 2007, almost 3 years after the Stellar Wind Internet dragnet moved under FISA authority and close to 30 months after Judge Colleen Kollar-Kotelly ordered NSA to implement more oversight measures, including those spot checks. We know that rough date because the IG Report post-dates the January 8, 2007 initiation of the FISC-spying compartment and it reflects 10 dragnet order periods of up to 90 days apiece (see page 21). So the investigation in it should date to no later than February 8, 2007, with the final report finished somewhat later. It was completed by Brian McAndrew, who served as Acting Inspector General from the time Joel Brenner left in 2006 until George Ellard started in 2007 (but who also got asked to sign at least one document he couldn’t vouch for in 2002, again as Acting IG).

The IG Report is bizarre. It gives the NSA a passing grade on what it assessed.

The management controls designed by the Agency to govern the collection, dissemination, and data security of electronic communications metadata and U.S. person information obtained under the Order are adequate and in several aspects exceed the terms of the Order.

I believe that by giving a passing grade, the IG made it less likely his results would have to get reported (for example, to the Intelligence Oversight Board, which still wasn’t getting reporting on this program, and probably also to the Intelligence Committees, which didn’t start getting most documentation on this stuff until late 2008) in any but a routine manner, if even that. But the report also admits it did not assess “the effectiveness of management controls[, which] will be addressed in a subsequent report.” (The 2011 report examined here identified previous PRTT reports, including this one, and that subsequent report doesn’t appear in any obvious form.) Then, having given the NSA a passing grade but deferring the most important part of the review, the IG notes “additional controls are needed.”

And how.

As to the issue of the spot checks, mandated by the FISA Court and intended to prevent years of ongoing violations, the IG deems such checks “largely ineffective” because management hadn’t adopted a methodology for those spot checks. They appear to have just swooped in and checked queries already approved by an analyst’s supervisor, in what they called a superaudit.

Worse still, they didn’t write anything down.

As mandated by the Order, OGC periodically conducts random spot checks of the data collected [redaction] and monitors the audit log function. OGC does not, however document the data, scope, or results of the reviews. The purpose of the spot checks is to ensure that filters and other controls in place on the [redaction] are functioning as described by the Order and that only court authorized data is retained. [snip] Currently, an OGC attorney meets with the individuals responsible [redaction] and audit log functions, and reviews samples of the data to determine compliance with the Order. The attorney stated that she would formally document the reviews only if there were violations or other discrepancies of note. To date, OGC has found no violations or discrepancies.

So this IG review was done more than two years after Kollar-Kotelly had ordered these spot checks, during which period 18 spot checks should have been done. Yet at that point, NSA had no documentary evidence a single spot check had been done, just the say-so of the lawyer who claimed to have done them.

Keep in mind, too, that Oversight and Control were, at this point, implementing a new-and-improved spot-check process. That’s what the IG reviewed, the new-and-improved process, because (of course) reviewers couldn’t review the past process because there was no documentation of it. It’s the new-and-improved process that was inadequate to the task.

But that’s not the only problem the IG found in 2007. For example, the logs used in auditing did not accurately document what seed had been used for queries, which means you couldn’t review whether those queries really met the incredibly low bar of Reasonable Articulable Suspicion or that they were pre-approved.  Nor did they document how many hops out analysts chained, which means any given query could have sucked in a great deal of Americans (which might happen by the third or fourth hop) and thrown them into the corporate store for far more intrusive anlaysis. While the IG didn’t point this out directly, the management response made clear log files also didn’t document whether a seed was a US person and therefore entitled to a First Amendment review. In short, NSA didn’t capture any — any!!! — of the data that would have been necessary to assess minimal compliance with FISC orders.

NSA’s lawyers also didn’t have a solid list of everyone who had access to the databases (and therefore who needed to be trained or informed of changes to the FISC order). The Program Management Office had a list that it periodically compared to who was actually accessing the data (though as made clear later in the report, that included just the analysts). And NSA’s Office of General Counsel would also periodically review to ensure those accessing the data had the information they needed to do so legally. But “the attorney conducting the review relie[d] on memory to verify the accuracy and completeness of the list.” DOD in general is wonderfully neurotic about documenting any bit of training a given person has undergone, but with the people who had access to the Internet metadata documenting a great deal of Americans’ communication in the country, NSA chose just to work from memory.

And this non-existent manner of tracking those with database access extended to auditing as well. The IG reported that NSA also didn’t track all queries made, such as those made by “those that have the ability to query the PRTT data but are not on the PMO list or who are not analysts.” While the IG includes people who’ve been given new authorization to query the data in this discussion, it’s also talking about techs who access the data. It notes, for example, “two systems administrators, who have the ability to query PRTT data, were also omitted from the audit report logs.” The thing is, as part of the 2009 “reforms,” NSA got approval to exempt techs from audits. I’ve written a lot about this but will return to it, as there is increasing evidence that the techs have always had the ability — and continue to have the ability — to bypass limits on the program.

There are actually far more problems reported in this short report, including details proving that — as I’ve pointed out before — NSA’s training sucks.

But equally disturbing is the evidence that NSA really didn’t give a fuck about the fact they’d left a database of a significant amount of Americans’ communications metadata exposed to all sorts of control problems. The disinterest in fixing this problem dates back to 2004, when NSA first admitted to Kollar-Kotelly they were violating her orders. They did an IG report at the time (under the guidance of Joel Brenner), but it did “not make formal recommendations to management. Rather, the report summarize[d] key facts and evaluate[d] responsibility for the violation.” That’s unusual by itself: for audits to improve processes, they are supposed to provide recommendations and track whether those are implemented. Moreover, while the IG (who also claimed the clusterfuck in place in 2007 merited a passing grade) assessed that “management has taken steps to prevent recurrence of the violation,” it also noted that NSA never really fixed the monitoring and change control process identified as problems back in 2004. In other words, it found that NSA hadn’t fixed key problems IDed back in 2004.

As to this report? It did make recommendations and management even concurred with some of them, going so far as to agree to document (!!) their spot checks in the future. With others — such as the recommendation that shift supervisors should not be able to make their own RAS determinations — management didn’t concur, they just said they’d monitor those queries more closely in the future. As to the report as a whole, here’s what McAndrew had to say about management’s response to the report showing the PRTT program was a clusterfuck of vulnerabilities: “Because of extenuating circumstances, management was unable to provide complete responses to the draft report.”

So in 2007, NSA’s IG demonstrated that the oversight over a program giving NSA access to the Internet metadata of a good chunk of all Americans was laughably inadequate.

And NSA’s management didn’t even bother to give the report a full response.

1 2 3 899
Emptywheel Twitterverse
bmaz @DougHaller Fine, let's go with the "get someone else" option. Graham is a terrible game coach.
bmaz @jujueyeball @mattfwood @dangillmor Also, you understand FBI is part of DOJ+what you are referring to is definitional, not operative, right?
bmaz @jujueyeball @mattfwood @dangillmor Oh, you graduated now huh. Well you keep at it. And dissent all you want, that is the correct reading.
bmaz @jujueyeball @mattfwood @dangillmor But, hey, you are a law student, I am sure you have it all covered.
bmaz @jujueyeball @mattfwood @dangillmor Well, except every professional in criminal law, including the DOJ disagree with that proposition.
bmaz @jujueyeball @mattfwood @dangillmor There are certain specified instances it covers. A man with a gun is not one of them, see e.g. Roof case
bmaz @jujueyeball @mattfwood @dangillmor Um, the pertinent statute is 18 USC §2331. It does NOT provide for domestic terrorism. Even DOJ says so.
JimWhiteGNV @emptywheel Returning to reality sucks.
emptywheel @JimWhiteGNV Whatup, dude? Our overperforming teams flopped on the same day?
bmaz @emptywheel @MasaccioEW @laRosalind But the Pac is so stupid this year, I seriously think USC may beat the Tree in Conf Champ game.
bmaz @emptywheel @MasaccioEW @laRosalind Probably not, but hope is still alive! It ain't over till it's over.
November 2015
« Oct