emptywheel

1 2 3 861

FBI’s Preventative Role: Hygiene for Corporations, Spies for Muslims

I’m still deep in this 9/11 Follow-up Report FBI, which Jim Comey and now-retired Congressman Frank Wolf had done last year and which released the unsurprising topline conclusion that Jim Comey needs to have more power, released earlier this week.

About the only conclusion in the report that Comey disagreed with — per this Josh Gerstein report — is that it should get out of the business of Countering Violent Extremism.

Comey said he agreed with many of the report’s recommendations, but he challenged the proposal that the FBI leave counter-extremism work to other agencies.

“I respectfully disagree with the review commission,” the director said. “It should not be focused on messages about faith it should not be socially focused, but we have an expertise … I have these people who spend all day long thinking dark thoughts and doing research at Quantico, my Behavioral Analysis Unit. They have an incredibly important role to play in countering violent extremism.”

Here’s what the report had to say about FBI and CVE (note, this is a profoundly ahistorical take on the serial efforts to CVE, but that’s just one of many analytical problems with this report).

The FBI, like DHS, NCTC, and other agencies, has made an admirable effort to counter violent extremism (CVE) as mandated in the White House’s December 2011 strategy, Empowering Local Partners to Prevent Violent Extremism in the United States. In January 2012, the FBI established the Countering Violent Extremism Office (CVEO) under the National Security Branch.322 The CVEO was re-aligned in January 2013 to CTD’s Domestic Terrorism Operations Section, under the National JTTF, to better leverage the collaborative participation of the dozens of participating agencies in FBI’s CVE efforts.323 Yet, even within FBI, there is a misperception by some that CVE efforts are the same as FBI’s community outreach efforts. Many field offices remain unaware of the CVE resources available through the CVEO.324 Because the field offices have to own and integrate the CVE portfolio without the benefit of additional resources from FBI Headquarters, there is understandably inconsistent implementation. The Review Commission, through interviews and meetings, heard doubts expressed by FBI personnel and its partners regarding the FBI’s central role in the CVE program. The implementation had been inconsistent and confusing within the FBI, to outside partners, and to local communities.325 The CVEO’s current limited budget and fundamental law enforcement and intelligence responsibilities do not make it an appropriate vehicle for the social and prevention role in the CVE mission. Such initiatives are best undertaken by other government agencies. The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

[snip]

(U) Recommendation 6: The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

For what it’s worth, Muslim communities increasingly agree that the FBI — and the federal government generally — should not be in the business of CVE. But that’s largely because the government approaches it with the same view Comey does: by thinking immediately of his analysts thinking dark thoughts at Quantico. So if some agency that had credibility — if some agency had credibility — at diverting youth (of all faiths) who might otherwise get caught in an FBI sting, I could support it moving someplace else, but I’m skeptical DHS or any other existing federal agency is that agency right now.

While the Review doesn’t say explicitly in this section what it wants the FBI to be doing instead of CVE, elsewhere it emphasizes that it wants the FBI to do more racial profiling (AKA “domain awareness”) and run more informants. Thus, I think it fair to argue that the Ed Meese-led panel thinks the FBI should spy on Muslims, not reach out to them. Occupation-style federal intelligence gathering, not community based.

Which is why I think this approach to Muslim communities should be compared directly with the Review’s approach with corporations. The same report that says FBI should not be in the business of CVE — which done properly is outreach to at-risk communities — says that it should accelerate and increase its funding for its outreach to the private sector.

(U) Recommendation 5: The Review Commission recommends that the FBI enhance and accelerate its outreach to the private sector.

  • (U) The FBI should work with Congress to develop legislation that facilitates private companies’ communication and collaboration and work with the US Government in countering cyber threats.
  • (U) The FBI should play a prominent role in coordinating with the private sector, which the Review Commission believes will require a full-time position for a qualified special agent in the relevant field offices, as well as existing oversight at Headquarters.

Indeed, in a paragraph explaining why the FBI should add more private sector liaisons (and give them the same credit they’d get if they recruited corporations as narcs, only corporations shouldn’t be called “sources” because it would carry the stigma of being a narc), the Review approvingly describes the FBI liaison officers working with corporations to promote better Internet hygiene.

The Review Commission learned that the FBI liaison positions have traditionally been undervalued but that has begun to change as more experienced special agents take on the role, although this has not yet resulted in adequate numbers of assigned special agents or adequate training for those in the position. One field office noted that it had 400 cleared defense contractors (CDCs) in its AOR—ranging from large well known names to far smaller enterprises—with only one liaison officer handling hundreds of CDCs. This field office emphasized the critical need for more liaison officers to conduct outreach to these companies to promote better internet hygiene, reduce the number of breaches, and promote long-term cooperation with the FBI.319 Another field office noted, however, some sensitivity in these liaison relationships because labeling private sector contacts as sources could create a stigma. The field office argued that liaison contacts should be considered valuable and special agents should receive credit for the quality of liaison relationships the same way they do for CHSs.320

Ed Meese’s panel wants the FBI to do the digital equivalent of teaching corporations to blow their nose and wash their hands after peeing, but it doesn’t think the FBI should spend time reaching out to Muslim communities but should instead spy on them via paid informants.

Maybe there are good reasons for the panel’s disparate recommended treatment of corporations and Muslim communities. If so, the Review doesn’t explain it anywhere (though the approach is solidly in line with the Intelligence Committees’ rush to give corporations immunity to cyber share information with the federal government).

But it does seem worth noting that this panel has advocated the nanny state for one stakeholder and STASI state for another.

FBI Field Offices Don’t See the Point in Racial Profiling

As I noted earlier, I’m reading the 9/11 Follow-Up Report just completed for FBI. And while there are some interesting insights in it, in general I think the analysis of the report itself is pretty horrible (which is funny because the report says FBI needs more analysts). I’ll have more specific details on that later, but I wanted to point to what the report says about FBI not adopting “Central Strategic Coordinating Components” or CSCCs, which are basically analysts in each Field Office that are supposed to do “domain awareness” for the Field Office. That means they’re supposed to get to know the neighborhood to anticipate any problems that might come up. (As far as I know, no one has ever thought of doing a domain awareness for Wall Street, in spite of all the new threats that pop up there over and over.)

As the report makes clear, every Field Office is supposed to have someone doing this. But, as documents obtained by ACLU under FOIA have shown, it often amounts to racial profiling, whether that be Muslims or Latinos or something else. And, at least given the NYPD example, where their domain awareness program never found any plot (and didn’t find two plots covered by this FBI report, notably the Najibullah Zazi attack), there’s no evidence I know of that they actually help to prevent crimes.

Yet rather than analyzing whether this concept serves any purpose whatsoever, it instead says, “it’s corporate policy, no one is doing it well, so it needs to improve.” (Note, most of the named people interviewed for the report are not FBI agents, and many come from CIA or another intelligence agency; John Brennan, who almost certainly had a role in setting up NYPD on the Hudson, for example, was interviewed.)

What I find particularly remarkable is what the report found in the field.

According to one anecdote, 20% of analysts (not even Field Agents!) understand the point of this. And even in offices where they do understand, the Field Agents won’t do their part by going and filling in the blanks analysts identify.

Call me crazy. But maybe the people responding to actual crimes believe they learn enough in that process — and are plenty busy enough trying to catch criminals — that they don’t see the point of racially profiling people like NYPD does? Maybe they believe the ongoing threats are where the past ones of have been, and there’s no need to spend their time investigating where there aren’t crimes in case there ever are in the future?

I don’t know. But I think the Field Agents might be onto something.

Update, 3/27: Adding, there seems to be a logic problem with this too. Another big push for the FBI — a more understandable one, but not without risks of its own — is that FBI partner much more closely with local cops. If the local cops are doing their job well, wouldn’t they provide the “domain awareness” FBI needs? This is actually a point a senior FBI manager noted in discussing its relationship with ODNI (see page 92). Admittedly, a lot of cops are occupiers rather than local stewards of safety, but that’s a separate problem.

Update, 3/27: The report returns to domain awareness again, pointing to that as the one thing that can differentiate between a domestic security agency and an intelligence agency.

As the FBI began its transformation into a national security organization, at the heart of that transformation was the concept of domain awareness. Domain awareness reflected the realization that the FBI could not be reactive and wait for cases to develop, it had to proactively seek to understand its environment. From the Review Commission’s perspective, that means that domain analysis, which attempts to capture what is known and identify gaps for further collection, is at the heart of the FBI’s transformation into a domestic intelligence agency, and it needs to be a process informed by everything the USIC has to offer. This includes all information from local sources—law enforcement, colleges and universities, and prisons—to which other parts of the USIC do not have access. Robust domain analysis will allow the FBI to harness its considerable skill at collection and source development in support of identifying new threats in addition to collecting against known threats. A failure to achieve that goal will leave the US with a domestic security service rather than a domestic intelligence agency, and with a vulnerability to homegrown threats that fall outside the purview of our foreign intelligence establishment.316


(U) CSCCs are responsible for the FBI’s domain awareness and analysis. Each field office is required to establish a CSCC. The groups are comprised of small groups of intelligence analysts who are tasked to produce foundational documents such as Domain Intelligence Notes (DINs) and Threat Mitigation Strategies (TMSs). They also expose information gaps and guide special agents’ planned or incidental collection efforts. Effective CSCCs are critical to ensuring that field office efforts are threat-based and intelligence-driven.

(U) But during its field office visits, the Review Commission observed an uneven application of the CSCC concept and that many field offices struggled with effectively operating its CSCC. In the majority of the field offices the Review Commission visited, the CSCCs were not performing their intended functions. 215 Many of the intelligence analysts who were initially assigned to the CSCC had been moved to operational squads to provide tactical support to case agents, leaving the CSCC understaffed and unable to fulfill its primary mission.216 In some field offices, CSCC analysts were so involved in tactical support that their DINs and TMSs languished until the SAC accounted for them in the office’s mid and year-end reviews.217

(U) A centerpiece of the FBI’s intelligence framework is domain analysis, which entails the ability to understand what is happening in a given area of operations using all available sources of data. Accordingly, domain management is the FBI’s systematic process to develop strategic awareness in order to: identify and prioritize threats, vulnerabilities, and intelligence gaps; contribute to the efficient allocation of resources and operational decisions; discover new opportunities for collection; and set tripwires to provide advance warning.218 The Review Commission strongly believes that the field offices must prioritize collection opportunities to identify, develop, and pursue new intelligence leads in concert with their ongoing investigations.

(U) In many field offices we visited there was only one intelligence analyst left on the CSCC to conduct domain analysis for the field office and even then they spent much of their time mapping existing incidents and/or efforts. There was no observable forward looking aspect to the work. From the Review Commission’s observations, even when the DINs and TMSs are produced they are not generally valued at the field office-level as parts of a comprehensive intelligence collection plan (e.g., the plan that establishes the field’s baseline knowledge, identifies intelligence gaps, and informs the field’s strategy to mitigate new threats).219 In one field office we were told that an analyst had produced a comprehensive collection plan but it was ignored by the special agents who would have to implement it.220 We attribute this to a special agent-driven culture that still does not necessarily understand the value of filling intelligence collection requirements and, therefore, renders this overall mission a lower priority than it should be. It can also be attributed to the lack of sufficient leadership to hold field office personnel accountable for intelligence as well as criminal responsibilities.

 

215 (U) Some offices demonstrated a much higher comprehension of the CSCC concept and value and consequently provided higher levels of resources to facilitate mission success. The Review Commission would like to commend, however, the one field office that acknowledged that it was struggling with creating an effective CSCC and planned to visit another field office that is believed to be doing a better job so as to learn how others are operating a CSCC and perhaps identify best practices to bring back and implement. Memorandum for the Record, July 28, 2014.

216 (U) One intelligence analyst speculated the CSCC concept was widely misunderstood across the FBI because the benefit to special agents is unclear. The intelligence analyst also estimated that approximately 20 percent of analysts understood the meaning and purpose of the CSCC. Memorandum for the Record, September 17, 2014.

217 (U) Memorandum for the Record, August 14, 2014.

218 (U) Federal Bureau of Intelligence, Directorate of Intelligence, Intelligence Program Corporate Policy Directive and Policy Implementation Guide, May 2, 2013: 62.

219 (U) Memorandum for the Record, September 19, 2014.

220 (U) Memorandum for the Record, July 29, 2014.

Tamerlan’s Search on Remote Control Car Info

I want to do a quick post about details defense attorney Timothy Watkins snuck into today’s testimony at the Dzhokhar Tsarnaev trial. FBI Supervisory Special Agent Edward Knapp testified at length about how he investigated the bombs used in the attacks. At the end of direct, the government had him show how closely the bombs — both the elbow pipe bombs used at Watertown and the pressure cooker bombs — resembled bomb instructions included in Inspire Magazine.

The effort was, as so much of this trial has been, a carefully scripted effort to tell a narrative that probably doesn’t reflect the full truth of how the brothers got or made the bombs using what propaganda. Judge George O’Toole had, earlier in the trial, prevented the defense from entering evidence about the Russian bomb making materials on Tamerlan’s hard drive. Knapp focused on the bombs that most closely resembled Inspire bombs (focusing on the elbow pipe bomb, for example, and not the straight one also used in Watertown). He didn’t get into really big detail about the trigger used for the bombs used at the race. Knapp even focused on a green Christmas light in one of the bombs to show it was just like the green Christmas light in the Inspire recipe.

Ultimately, it was about how the bombs could have been made from the recipes in Inspire magazine.

In addition to trying, unsuccessfully, to get Knapp to reveal what fingerprint evidence had shown about the bomb materials (they almost certainly show that Tamerlan handled the bombs, not Dzhokhar), Watkins asked,

Watkins: Inspire Magazine doesn’t mention RC cars as a bomb component, does it? Knapp: I don’t think so.

In the midst of an objection, Watkins sneaks in question…did u know Tamerlan searched internet for RC car info? Objection, sustained.

The question, if permitted as evidence, would have shown several things: that Tamerlan didn’t follow Inspire exactly for the bombs used at the race, that Tamerlan was the one putting them together, and — possibly — that Tamerlan was at least partly using a Russian model for the bomb, not Inspire’s model. (One detail defense revealed yesterday is that there was nitroglycerine at the Cambridge apartment which was stronger than the firecrackers used in the pressure cookers.)

That, by itself is notable: once again, the government’s pat narrative is almost certainly not a description of what actually happened.

But the detail also raised questions about why Tamerlan’s searches for what ultimately were bomb parts were not found by the FBI or NSA.

There are several answers.

1) These were searches for toy parts, not bomb parts. While FBI might now trigger on remote controllers, they probably didn’t then, even if they had a dragnet. FBI appears to keep expanding its dragnets as terrorists use certain tools.

2) While FBI should have done a back door search on Tamerlan when they did the assessment of him in 2011, nothing we know of would have triggered a new assessment in the interim, even if they did dragnet on remote controllers which I doubt.

3) I do strongly suspect that NSA had picked up the brothers’ downloads of Inspire, which I suspect is triggered to the encryption codes included in the magazine and not to any key word content of the magazines or even the URL. If I’m right (and that’s just a guess), then the NSA would have had data on the brothers. In fact, we know the NSA did have data on one or both of the brothers that didn’t get read until after the attack. If it was Inspire, I think they probably didn’t attract attention because they weren’t 2-degrees of someone interesting or hadn’t been found in one of the more targeted chat rooms. It would also mean that FBI didn’t then share Tamerlan’s identifiers they identified during their 2011 assessment of him with NSA for future mapping (I don’t necessarily think they should, but if they had, then NSA might have paid more attention to whatever data they did have on the brothers, potentially eliciting a second look once they collected it). Also remember, the brother may not even have been downloading Inspire until after the FBI stopped investigating Tamerlan.

4) While XKeyscore certainly has the ability to do searches on “remote car controllers” it’s not clear that would pull off content collected in the US, so it would only show up if the server Tamerlan went to was overseas; they were probably local and Amazon. Who knows? Maybe now FBI has also started an Amazon dragnet on remote controllers. But again, you’d need something else to trigger interest in Tamerlan’s identifier doing the search.

5) I suspect that what Watkins was referring to came from a subpoena to Tamerlan’s ISP for all his web searches. So that they had the searches are themselves unsurprising.

Update: Here’s the shipping bill for some of the remote control supplies he bought, from a site called NitroRCX which appears to be in the metro Los Angeles area. I believe the other one was from Amazon.

Report: FBI Needs to Hunt “Space-System Intruders” Better

I’m reading through the report released yesterday that basically says FBI needs to do more spying and analysis.

On top of some observations on the substance of the report (to come), I think it was poorly edited, with some fairly humorous results.

Which is what I attribute the mention of “space-system intruders” in the following passage to:

The Review Commission recognizes that national security threats to the United States have multiplied, and become increasingly complex and more globally dispersed in the past decade. Hostile states and transnational networks—including cyber hackers and organized syndicates, space-system intruders, WMD proliferators, narcotics and human traffickers, and other organized criminals—are operating against American interests across national borders, and within the United States. [my emphasis]

I have no clue what FBI actually meant by this transnational threat, the “space-system intruder.” Maybe we really are, still, fighting UFOs, only this time launched by al Qaeda? Maybe we’re having a fight over the satellite-sphere, and not just with other nation-states? Maybe this is just an awkward phrase for territorial insurgents?

Whatever it is, I hope this incautious mention elicits some good conspiracy sci-fi.

Update: Charlie Savage tweets that it is “threat of hacking satellites with systemic consequences (GPS, communications).”

Details on the Pressure Cooker Dragnet

Screen Shot 2015-03-25 at 4.14.58 PM

Tamerlan walking out of Target after having purchased the backpacks used in attack.

In this morning’s Tsarnaev trial testimony, FBI’s Christian Fierabend testified to the evidence about purchases leading up to the attack (h/t to CBS’s Jim Armstrong among others for the live-tweeting). As much as possible, he tried to show both GPS coordinates from one of the Tsarnaevs’ cars and some kind of purchase record for the the attack equipment (things like BBs, backpacks, and the remote car detonator).

Some of this was easy because a number of the receipts (such as for the backpacks used to carry the bombs) were sitting in Tamerlan’s wallet, which the government retrieved from Dzhokhar’s Civic at the Watertown scene. Some, such as remote controlled cars, were online purchases involving credit cards.

But in spite of the fact that Tamerlan Tsarnaev purchased some of his supplies using a credit card, according to Fierabend, the pressure cookers, Fagor Elites sold exclusively at Macys, which currently sell for $50 to $60 apiece, were purchased with cash. According to Fieraband, the government obtained records of all the Fagor Elites purchased in the US between August 2012 and April 2013. Of the 74 pressure cookers sold in the Northwest in that period, just 5 pressure cookers were purchased in cash, just 3 in MA.

According to rather remarkable testimony, Macys has no  surveillance video of those purchases.

The government did, however, cross-reference the purchases to the Tsarnaevs through use of a portable GPS that was ultimately apparently retrieved from the Mercedes the brothers hijacked.

In other words, the implication is one of the Tsarnaevs or someone else used cash to purchase pressure cookers, which you would thing would be an attempt to hide the identity of the purchaser, but not only do it while running a portable GPS that tracked back to their Cambridge home, but then bring that portable GPS into the getaway car they hijacked.

That’s all the more crazy given that the last pressure cooker wasn’t purchased until March, and Tamerlan appeared to be prepping to die, given that he sent his mother $900 the day before the attack (unless she had funded the attack specifically). If you’re going to ID yourself with a GPS, then pay with a credit card and get it for free.

All that said, I’m cognizant Tamerlan left his wallet, with receipts, in the Civic, along with some other identifying documents, and also by carrying that GPS at least made himself appear to be the purchaser of the pressure cooker, whether or not he was. Tamerlan wasn’t hiding his identity.

And yet someone paid cash for the pressure cookers.

The one other nifty detail in all this is that if you also bought a Fagor Elite pressure cooker in this period, you’re likely to be in an FBI database until 2043.

Update: One more thing about the pressure cookers. There was part of a lid and a gasket from a pressure cooker at the apartment, which means there must be one more pressure cooker. That one, then, might be unaccounted by the purchase records evidence.

Update: Here are the exhibits from today’s testimony. Unless I’m mistaken, the government only entered purchase records from one of the pressure cooker purchases, the purchase of two from the Boston store on January 31, 2013 (this is the one they tied to the portable GPS device). So there should be two more pressure cookers — the second 6 quart one used in the race attack, and the one from which the lid and the gasket were taken in the Cambridge apartment.

DOJ Pissed Away $2.1 Million on Drones that Don’t Work

DOJ’s IG just released a report on the Department’s drone use. Its overall recommendation is that FBI get more drones, so it has them in locations around the country for quick use if they’re needed (sigh). It also found that FBI doesn’t have good records of how it partners with other agencies (notably, Customs and Border Patrol) to use their drones, which seems like it might present discovery problems.

But I’m most struck by how much money DOJ is blowing on drones that don’t work.

The IG reports — but seems unconcerned — that half of the drones FBI has bought are not operational.

Our September 2013 interim report found that between 2004 and 2013, the FBI spent approximately $3 million to acquire small UAS it deployed to support its investigations. As of August 2014, the FBI had acquired 34 UAS vehicles and associated control stations, of which it considered 17 vehicles and a smaller number of control stations to be operational.

I find this more troubling given that FBI claims only to have used drones in 13 investigations between September 2006 and August 2014. So are they losing more than one drone every time they use one for an investigation?

The IG is far more concerned about ATF’s sunk drone costs.

Our September 2013 interim report found that ATF possessed UAS and planned to deploy them operationally. Specifically, between September 2011 and September 2012, ATF’s UAS program spent approximately $600,000 to purchase three different types of rotary-wing UAS with a total of six UAS vehicles.

[snip]

ATF officials reported that ATF never flew its UAS in support its operations because TOB testing and pilot training revealed a series of technological limitations with the UAS models it had acquired. In particular, ATF determined the real-time battery capability for one UAS model lasted for only about 20 minutes even though the manufacturer specified its flight time was 45 minutes. ATF determined that the other two models of UAS acquired also were unreliable or unsuitable for surveillance. One UAS program manager told us ATF found that one of its smaller UAS models, which cost nearly $90,000, was too difficult to use reliably in operations. Furthermore, the TOB discovered that a gas-powered UAS model, which cost approximately $315,000 and was specified to fly for up to 2 hours, was never operable due to multiple technical defects.

In June 2014, the Special Operations Division concluded that ATF’s UAS were unsuitable for operational use, suspended all ATF UAS-related activities, and reassigned all UAS staff until after DOJ issues and ATF reviews new UAS policy recommendations. In September 2014, the TOB transferred its six UAS vehicles and other related equipment purchased prior to June 2014 to the Naval Criminal Investigative Service at no cost.

Although the OIG did not specifically audit ATF’s UAS contracts, we are troubled that the process ATF used to purchase these UAS resulted in ATF spending approximately $600,000 on UAS models it ultimately determined to have significant mechanical and technical problems that rendered them unsuitable to deploy in support of ATF operations.

By my calculation, all of ATF’s investments in drones ($600,000) and half of FBI’s investments in drones (half of $3 million) have been lost to drones that either never did or no longer work. $2.1 million on drones that don’t fly.

Don’t get me wrong. I’m not crazy about DOJ buying up a fleet of small drones for investigative uses they’re keeping inadequate paperwork on in the first place.

But neither am I happy about DOJ pissing away all this money on drones that don’t work.

Devin Nunes Thinks Congress Needs More Classified Briefings to Understand Phone Dragnet

In an article describing the current state of play on the Section 215 sunset, WaPo quotes Devin Nunes claiming that the poor maligned phone dragnet is just misunderstood. So he plans on having more briefings (curiously, just for the Republican caucus).

“NSA programs, including the bulk telephone metadata program, are crucial anti-terror and foreign intelligence tools that should be reauthorized,” said Rep. Devin Nunes (R-Calif.), chairman of the House Intelligence Committee.

He told reporters on Tuesday that he felt the program has been misunderstood and that he would hold classified briefings for the GOP caucus.

I don’t mean to mock Nunes. After all, I’ve been saying for well over a year that the public assessments of the phone dragnet don’t actually measure how the government really uses it (below the rule I’ve copied the part of this post that describes other ways we know they use it). And that was before the phone dragnet orders replaced “contact chaining” with “connection chaining” over a year ago, which presumably adds a correlating function to the mix (that is, the government also uses the phone dragnet to identify a person’s multiple phone-based identities, potentially including smart phone identities).

But I do think it worth noting two things.

First, Nunes’ decision to tell Republicans more, coming relatively soon after he took over the House Intelligence Chair from Mike Rogers, suggests that Mike Rogers was never fully forthcoming — not even in the secret briefings he gave in lieu of passing on Executive Branch explanations of the phone dragnet — about what it did.

But Nunes’ response is not to require the government to itself explain publicly what it’s really doing with the phone dragnet. But instead to hold classified briefings that often serve as a means to buy silence from those who attend.

In any case, that story you’ve been told for almost two years about how the phone dragnet identifies who is two degrees away from Osama bin Laden? Unsurprisingly, it’s nowhere near the full story.


[A]ssessments of the phone dragnet […] don’t even take the IC at its word in its other, quieter admissions of how it uses the dragnet (notably, in none of Stone’s five posts on the dragnet does he mention any of these — one, two, three, four,five — raising questions whether he ever learned or considered them). These uses include:

  • Corporate store
  • “Data integrity” analysis
  • Informants
  • Index

Corporate store: As the minimization procedures and a few FISC documents make clear, once the NSA has run a query, the results of that query are placed in a “corporate store,” a database of all previous query results.

ACLU’s Patrick Toomey has described this in depth, but the key takeaways are once data gets into the corporate store, NSA can use “the full range of SIGINT analytic tradecraft” on it, and none of that activity is audited.

NSA would have you believe very few Americans’ data gets into that corporate store, but even if the NSA treats queries it says it does, it could well be in the millions. Worse, if NSA doesn’t do what they say they do in removing high volume numbers like telemarketers, pizza joints, and cell voice mail numbers, literally everyone could be in the corporate store. As far as I’ve seen, the metrics measuring the phone dragnet only involve tips going out to FBI and not the gross number of Americans’ data going into the corporate store and therefore subject to “the full range of analytic tradecraft,” so we (and probably even the FISC) don’t know how many Americans get sucked into it. Worse, we don’t know what’s included in “the full range of SIGINT analytic tradecraft” (see this post for some of what they do with Internet metadata), but we should assume it includes the data mining the government says it’s not doing on the database itself.

The government doesn’t datamine phone records in the main dragnet database, but they’re legally permitted to datamine anyone’s phone records who has come within 3 degrees of separation from someone suspected of having ties to terrorism.

“Data integrity” analysis: As noted, the NSA claims that before analysts start doing more formal queries of the phone dragnet data, “data integrity” analysts standardize it and do something (it’s unclear whether they delete or just suppress) “high volume numbers.” They also — and the details on this are even sketchier — use this live data to develop algorithms. This has the possibility of significantly changing the dragnet and what it does; at the very least, it risks eliminating precisely the numbers that might be most valuable (as in the Boston Marathon case, where a pizza joint plays a central role in the Tsarnaev brothers’ activities). The auditing on this activity has varied over time, but Dianne Feinstein’s bill would eliminate it by statute. Without such oversight, data integrity analysts have in the past, moved chunks of data, disaggregated them from any identifying (collection date and source) information, and done … we don’t know what with it. So one question about the data integrity analyst position is how narrowly scoped the high volume numbers are (if it’s not narrow, then everyone’s in the corporate store); an even bigger is what they do with the data in often unaudited behavior before it’s place into the main database.

Informants: Then there’s the very specific, admitted use of the dragnet that no one besides me (as far as I know) has spoken about: to find potential informants. From thevery start of the FISC-approved program, the government maintained the dragnet “may help to discover individuals willing to become FBI assets,” and given that the government repeated that claim 3 years later, it does seem to have been used to find informants.

This is an example of a use that would support “connecting the dots” (as the program’s defenders all claim it does) but that could ruin the lives of people who have no tie to actual terrorists (aside from speaking on the phone to someone one or two degrees away from a suspected terror affiliate). The government has in the past told FISCR it might use FISA data to find evidence of other crimes — even rape — to coerce people to become informants, and in some cases, metadata (especially that in the corporate store, enhanced by “the full range of analytic tradecraft”) could pinpoint not just potential criminals, but people whose visa violations and extramarital affairs might make them amenable to narcing on the people in their mosque (with the additional side effect of building distrust within a worship community). There’s not all that much oversight over FBI’s use of informants in any case (aside from permitting us to learn that they’re letting their informants commit more and more crimes), so it’s pretty safe to assume no one is tracking the efficacy of the informants recruited using the powerful tools of the phone dragnet.

Index: Finally, there’s the NSA’s use of this metadata as a Dewey Decimal System (to useJames Clapper’s description) to pull already-collected content off the shelf to listen to — a use even alluded to in the NSA’s declarations in suits trying to shut down the dragnet.

Section 215 bulk telephony metadata complements other counterterrorist-related collection sources by serving as a significant enabler for NSA intelligence analysis. It assists the NSA in applying limited linguistic resources available to the counterterrorism mission against links that have the highest probability of connection to terrorist targets. Put another way, while Section 215 does not contain content, analysis of the Section 215 metadata can help the NSA prioritize for content analysis communications of non-U.S. persons which it acquires under other authorities. Such persons are of heightened interest if they are in a communication network with persons located in the U.S. Thus, Section 215 metadata can provide the means for steering and applying content analysis so that the U.S. Government gains the best possible understanding of terrorist target actions and intentions. [my emphasis]

Don’t get me wrong. Given how poorly the NSA has addressed its longterm failure to hire enough translators in target languages, I can understand how much easier it must be to pick what to read based on metadata analysis (though see my concerns, above, about whether the NSA’s assessment techniques are valid). But when the NSA says, “non-US persons” here, what they mean is “content collected by targeting non-US persons,” which includes a great deal of content of US persons.

Which is another way of saying the dragnet serves as an excuse to read US person content.

Does Mossad Take Requests?

Yesterday, WSJ caused a stink by reporting that the Obama Administration was pissed because Israel had shared intelligence it gathered about the Iran negotiations and shared it with Congress.

Soon after the U.S. and other major powers entered negotiations last year to curtail Iran’s nuclear program, senior White House officials learned Israel was spying on the closed-door talks.

The spying operation was part of a broader campaign by Israeli Prime Minister Benjamin Netanyahu’s government to penetrate the negotiations and then help build a case against the emerging terms of the deal, current and former U.S. officials said. In addition to eavesdropping, Israel acquired information from confidential U.S. briefings, informants and diplomatic contacts in Europe, the officials said.

The espionage didn’t upset the White House as much as Israel’s sharing of inside information with U.S. lawmakers and others to drain support from a high-stakes deal intended to limit Iran’s nuclear program, current and former officials said.

“It is one thing for the U.S. and Israel to spy on each other. It is another thing for Israel to steal U.S. secrets and play them back to U.S. legislators to undermine U.S. diplomacy,” said a senior U.S. official briefed on the matter.

The story is not new. Earlier in the month, there were complaints in the conservative press the US had cut intelligence sharing with Israel because of its cherry picking of intelligence. And Bibi himself got caught trying to withhold an intelligence briefing from Senators on a codel.

Obviously, I’m not the least bit sympathetic to Bibi’s disinformation campaign.

But the Administration has brought this on itself. As I noted last year, the Committees have had to go begging for the intelligence they need to do their job (in this case, to craft an AUMF to fight ISIL).

As I noted in my Salon piece last week, former Associate Counsel to the White House Andy Wright noted, and today Jack Goldsmith and Marty Lederman note, Tom Udall suggested before Congress funds overt training of Syrian opposition groups, maybe they should learn details about how the covert funding of Syrian opposition groups worked out.

Everybody’s well aware there’s been a covert operation, operating in the region to train forces, moderate forces, to go into Syria and to be out there, that we’ve been doing this the last two years. And probably the most true measure of the effectiveness of moderate forces would be, what has been the effectiveness over that last two years of this covert operation, of training 2,000 to 3,000 of these moderates? Are they a growing force? Have they gained ground? How effective are they? What can you tell us about this effort that’s gone on, and has it been a part of the success that you see that you’re presenting this new plan on?

Kerry, who had been sitting right next to Hagel when the Defense Secretary confirmed this covert op a year ago, said he couldn’t provide any details.

I know it’s been written about, in the public domain that there is, quote, a covert operation. But I can’t confirm, deny, whatever.

(At the end of the hearing he suggested he has been pushing to share more information, and that he might be able to arrange for the Chair and Ranking Member to be briefed.)

Shortly thereafter, SFRC Bob Menendez confirmed that his committee was being asked to legislate about a war with no details about the covert op that had laid the groundwork for — and created the urgency behind — that war.

To the core question that you raise, this is a problem that both the Administration, as well as the Senate leadership must be willing to deal with. Because when it comes to questions of being briefed on covert operations this committee does not have access to that information. Yet it is charged with a responsibility of determining whether or not the people of the United States should — through their Representatives — support an Authorization for the Use of Military Force. It is unfathomable to me to understand how this committee is going to get to those conclusions without understanding all of the elements of military engagement both overtly and covertly. … I’ll call it, for lack of a better term, a procedural hurdle we’re going to have to overcome if we want the information to make an informed judgment and get members on board.

That’s only going to increase the thirst for intelligence wherever members of Congress can get it (though interestingly, Bob Corker, currently the Senate Foreign Relations Chair, says he hasn’t been getting Bibi’s special briefings).

Information may be power, and the Obama Administration may like hoarding that power. But the vacuum that it leaves can itself exert a lot of power.

Update: I hadn’t seen this Yahoo interview with Bob Corker. But he complains that he’s not getting intelligence. Instead, they bring Senators to a SCIF so we citizens can’t hear the questions.

Yahoo News: A bombshell Wall Street Journal story says the Israelis penetrated the Iranian talks and shared the information with Congress. Are you in a position to confirm any of that? And if the Israelis did what the Journal says they did, did they act appropriately?

Bob Corker: I have never found them actually to be sharing anything different than was in public sources. As I met with Netanyahu the last time, he said, ”You know, all this is Google-able — Yahoo-able!” For what it’s worth, I get more information about what’s happening from foreign ministers than I do from anyone. Not from Israel — foreign ministers that are part of the negotiating teams.

The White House is upset that foreign governments may be giving information to senators because they’re not? Every time they meet with us and give us information down in the classified SCIF (Sensitive Compartmented Information Facility) — they really do that so that none of you can hear questions that are asked — I never learn anything that I haven’t read about on Yahoo or New York Times or some other place.

On CISA the Surveillance Bill

After the Senate Intelligence Committee passed CISA, its sole opponent, Ron Wyden, said, “If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill – it’s a surveillance bill by another name.” Robert Graham, an expert on intrusion-prevention, argues, “This is a bad police-state thing. It will do little to prevent attacks, but do a lot to increase mass surveillance.”

Clearly, some people who have reason to know think this bill doesn’t do what it says, but instead does a lot of what it isn’t admitting.

I want to look at several aspects of the bill from that perspective (this post primarily deals with the SSCI version but the HPSCI version is very similar).

Can our ISPs take countermeasures against us?

First, whom it affects. Ron Wyden has been warning about the common commercial service OLC memo and its impact on the cybersecurity debate for years, suggesting that still secret memo conflicted public’s understanding of “the law” (though he doesn’t say what law that is). While it’s unclear what that OLC memo says, Wyden seems to suggest that Americans have been subject to cybersecurity surveillance that they didn’t know about (perhaps because OLC had interpreted consent where it didn’t exist).

So I think it’s important that at the center of a series of definitions of “entities” in CISA is a definition that would include us, as private entities.

IN GENERAL.—Except as otherwise provided in this paragraph, the term ‘‘private entity’’ means any person or private group, organization, proprietorship, partnership, trust, cooperative, corporation, or other commercial or nonprofit entity, including an officer, employee, or agent thereof.

That’s important because the law permits both monitoring…

(1) IN GENERAL.—Notwithstanding any other provision of law, a private entity may, for cybersecurity purposes, monitor—

(A) an information system of such private entity;

(B) an information system of another entity, upon the authorization and written consent of such other entity;

And defensive measures (what the bill has renamed the largely otherwise indistinguishable “countermeasures”) against a private entity that has provided consent to another private entity.

(B) EXCLUSION.—The term ‘‘defensive measure’’ does not include a measure that destroys, renders unusable, or substantially harms an information system or data on an information system not belonging to—

(i) the private entity operating the measure; or

(ii) another entity or Federal entity that is authorized to provide consent and has provided consent to that private entity for operation of such measure.

At a minimum, I think this should raise questions about whether Terms of Service of cable companies and Internet Service Providers and banks and telecoms amount to consent for this kind of monitoring and — in the name of cybersecurity — countermeasures.

Researching more crimes in name of cybersecurity than in name of terror

This is important, because CISA actually permits the use of information collected in the name of “cybersecurity” to be used for more uses than the NSA is permitted to refer it under foreign intelligence collection (though once FBI is permitted to back door search everything, that distinction admittedly disappears). In addition to its use for cybersecurity — which is itself defined broadly enough to mean, in addition, leak and Intellectual Property policing — this “cybersecurity” information can be used for a variety of other crimes.

(iv) the purpose of responding to, or otherwise preventing or mitigating, an imminent threat of death, serious bodily harm, or serious economic harm, including a terrorist act or a use of a weapon of mass destruction;

(v) the purpose of responding to, or otherwise preventing or mitigating, a serious threat to a minor, including sexual exploitation and threats to physical safety; or

(vi) the purpose of preventing, investigating, disrupting, or prosecuting an offense arising out of a threat described in clause (iv) or any of the offenses listed in— (I) section 3559(c)(2)(F) of title 18, United States Code (relating to serious violent felonies); (II) sections 1028 through 1030 of such title (relating to fraud and identity theft); (III) chapter 37 of such title (relating to espionage and censorship); and (IV) chapter 90 of such title (relating to protection of trade secrets).

As a number of people have noted, for CISA data to be used for the purposes suggest both private entities — upon sharing — and the government — on intake —  actually will be leaving a fair amount of data in place.

Why does domestic spying have less stringent minimization than foreign spying?

Which brings me to the purported “privacy and civil liberties guidelines” the bill has. The bill mandates that the Attorney General come up with guidelines to protect privacy that will,

(A) limit the impact on privacy and civil liberties of activities by the Federal Government under this Act;

(B) limit the receipt, retention, use, and dissemination of cyber threat indicators containing personal information of or identifying specific persons, including by establishing—

(i) a process for the timely destruction of such information that is known not to be directly related to uses authorized under this Act; and

(ii) specific limitations on the length of any period in which a cyber threat indicator may be retained;

(C) include requirements to safeguard cyber threat indicators containing personal information of or identifying specific persons from unauthorized access or acquisition, including appropriate sanctions for activities by officers, employees, or agents of the Federal Government in contravention of such guidelines;

(D) include procedures for notifying entities and Federal entities if information received pursuant to this section is known or determined by a Federal entity receiving such information not to constitute a cyber threat indicator;

(E) protect the confidentiality of cyberthreat indicators containing personal information of or identifying specific persons to the greatest extent practicable and require recipients to be informed that such indicators may only be used for purposes authorized under this Act; and

(F) include steps that may be needed so that dissemination of cyber threat indicators is consistent with the protection of classified and other sensitive national security information.

It’s worth comparing what would happen here to what happens under both Section 215 (which FBI claims to use for cybersecurity) and FAA (which ODNI has admitted to using for cybersecurity — and indeed, which uses upstream searches to find the very same kind of signatures).

With the former, the FISC had imposed minimization procedures and required the government report on compliance with them. The FISC, not the AG, has set retention periods. And at least for the NSA’s use of Section 215 (which should be the comparison here, since NSA will be one of the agencies getting the data), data must be presumptively minimized. Also, unlikely the phone dragnet data, at least, where data must be certified according to a counterterrorism use, here, data is shared across multiple agencies in real time.

FAA’s minimization procedures also get reviewed by the FISC (though reports back are probably not as stringent, though they are checked yearly). And there’s a whole slew of reporting.

While there is some reporting here, it is bifurcated so that PCLOB, which has no subpoena power, does the actual privacy assessment, whereas the Inspectors General, which are assured they can get information they need (even if DOJ’s Inspector General keeps getting denied data they should get), report solely on numbers and types of usage, without a privacy or even compliance assessment.

One of my favorite parts of CISA (this is true of both bills) is that while the bills mandate an auditing ability, they don’t actual mandate audits (the word appears exactly once in both bills).

In other words, Congress is about to adopt a more permissive collection of data for domestic spying than it does for foreign spying. Or, in the context of Section 215, it may be adopting more permissive treatment of data voluntarily turned over to the government than that data turned over in response to an order.

And all that’s before you consider data flowing in the reverse direction. While the bills do require penalties if a government employee or agent (which hopefully includes the contractors this bill will spawn) abuses this data sharing, it does not for private entities. (The House version also has a 2 year statute of limitations for this provision, which all but guarantees it will never be used, given that it would never be discovered in that period, particularly given the way FOIA and Trade Secret exemptions make this data sharing less accessible even than spying data.)

Perhaps my very favorite part of this bill appears only in the House version (which of course came after the Senate version elicited pretty universal complaints that it was a surveillance bill from civil libertarians). It has several versions of this clause.

(a) PROHIBITION OF SURVEILLANCE.—Nothing in this Act or the amendments made by this Act shall be construed to authorize the Department of Defense or the National Security Agency or any other element of the intelligence community to target a person for surveillance.

The word “surveillance,” divorced from the modifier “electronic” is pretty meaningless in this context. And it’s not defined here.

So basically HPSCI, having seen how many people correctly ID this as a surveillance bill, has just taken a completely undefined term “surveillance” and prohibited that under this bill. So you can collect all the content you want under this bill with no warrant, to you can supersede ECPA all you want too, but just don’t call it surveillance.

The $450 an Hour Terror Industry Echo Chamber

Screen Shot 2015-03-24 at 10.00.22 AMMatthew Levitt, a prominent figure in the Terror Industry, has been testifying in the Dzhokhar Tsarnaev trial. He’s one of a number of noted figures who gets presented as experts at trials who doesn’t speak Arabic, who hasn’t bothered to learn Arabic over the course of years of this work.

Yesterday, Levitt spent several hours explaining how the explanation Dzhokhar wrote on a boat in Watertown had to have come from Anwar al-Awlaki’s propaganda.

Just before Levitt testified yesterday, he RTed an article describing him as the expert that would testify at Dzhokhar’s trial. As soon as he got done, he RTed several more articles about his own testimony, describing himself as an “expert” “decoding” the boat. And then, for good measure, he RTed a livetweet from his own testimony.

Today, on cross, it became clear the Awlaki propaganda on Dzhokhar’s computer was all Levitt got from prosectors. He didn’t know how long it had been on Dzhokhar’s computer. Nor did he know what else Dzhokhar has read. He also doesn’t know much about Chechnya, except in the context of Jihad. And though Levitt testified yesterday that there always must be a “radicalizer,” he did not know, nor was he asked, to identify the “radicalizer” in Dzhokhar’s life.

Levitt also did not, apparently, recognize some of what Dzhokhar had written as the boat as having come from the Quran.

He did, however, reveal that he gets paid $450 an hour to do this work.

When called on his RTing of his own testimony by the defense, Levitt admitted he “should have been wiser” about having done so.

I wonder, though, if Levitt was worried that the mystique of his expertise might not hold up if he didn’t constantly reinforce it with his own echo chamber?

1 2 3 861
Emptywheel Twitterverse
emptywheel RT @nickconfessore: 1st donor-sensitive ideological fracas for not Common Core or immigration--but Israel. http://t.co/7IOQAabTRy
1mreplyretweetfavorite
bmaz RT @JamesRisen: Metal detectors at baseball games are pointless security theater http://t.co/tajz7GtXGV
3mreplyretweetfavorite
emptywheel It's practically my birthday which will make me OLD. Can we PLEASE start one of these awesome hoops--boys and girls--games before bedtime?
3mreplyretweetfavorite
emptywheel RT @MichiganHist: Moore Brothers Meat Shop, Ironwood - 1901 or earlier http://t.co/NRQaC7NWmV #Ironwood http://t.co/vT8jiumrRP
7mreplyretweetfavorite
bmaz @Gaius_Publius Nope, Cats won last night; play Wisconsin late tomorrow afternoon.
8mreplyretweetfavorite
bmaz @Gaius_Publius What schedule?
12mreplyretweetfavorite
emptywheel @michaelwhitney She doesn't look stinky.
12mreplyretweetfavorite
emptywheel RT @GardnerPrint: can you get your followers to vote? Ends at midnight. Help out Beer City by voting @foundersbrewing http://t.co/EyQg1rxHdl
22mreplyretweetfavorite
emptywheel @LOLGOP Tho to be fair, he reupped for a second Ivy League degree after 9/11.
32mreplyretweetfavorite
emptywheel @LOLGOP He stopped listening to the Ivy in his brain.
34mreplyretweetfavorite
emptywheel @LOLGOP "I'm not a scientist, but I have benefitted from one of the best $200,000 higher educations money can buy."
36mreplyretweetfavorite
emptywheel @_muhkuh I'm betting ND takes it. Stanford has just barely been hanging in so many games this year.
37mreplyretweetfavorite
March 2015
S M T W T F S
« Feb    
1234567
891011121314
15161718192021
22232425262728
293031