computing_markusspiske-unsplash_16sep2016_1500w

Wednesday: Time Travel

In this roundup: A short film about a mother’s time travel adventure, the Internet of Stupid Things, and more..

Read more

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.
emptywheel

Yahoo’s Three Hacks

As a number of outlets have reported, Yahoo has announced that 500 million of its users’ accounts got hacked in 2014 by a suspected state actor.

But that massive hack is actually one of three interesting hacks of Yahoo in recent years.

2012 alleged Peace affiliated hack

In August, Motherboard reported — and reported to Yahoo — that the hacker known as Peace, who may have ties to Ukrainian and/or organized crime and also sold the MySpace and Linked In credentials, was selling credentials from what he said were 200 million accounts hacked in 2012. But when Motherboard tried to verify the data, some of it came back as out of date or invalid.

According to a sample of the data, it contains usernames, hashed passwords (created with md5 algorithm), dates of birth, and in some cases back-up email addresses. The data is being sold for 3 bitcoins, or around $1,860, and supposedly contains 200 million records from “2012 most likely,” according to Peace. Until Yahoo confirms a breach, however, or the full dataset is released for verification, it is possible that the data is collated and repackaged from other major data leaks.

[snip]

Motherboard obtained a very small sample of the data—only 5000 records—before it was publicly listed, and found that most of the two dozen Yahoo usernames tested by Motherboard did correspond to actual accounts on the service. (This was done by going to the login section of Yahoo, entering the email address, and clicking next; when the email address wasn’t recognised, it was not possible to continue.)

However, when Motherboard attempted to contact over 100 of the addresses in the sample set, many returned as undeliverable. “This account has been disabled or discontinued,” read one autoresponse to many of the emails that failed to deliver properly, while others read “This user doesn’t have a yahoo.com account.”

2014 state actor hack

Yahoo claims it discovered the 500 million user hack in its investigation of the Peace allegations in August. The details being released now, in particular the encryption used with the account, vary from what Peace claimed in August.

A source familiar with the investigation told Motherboard on Thursday that, although no direct evidence was found to support Peace’s claims, Yahoo conducted a broader investigation, and during that time, they found the attack from what they described as a state-sponsored actor in 2014. The source declined to provide any evidence that the attack was state-sponsored, but said that the company strongly believed it to be the case.

According to Yahoo’s announcement, the majority of passwords were hashed with the strong hashing function bcrypt, meaning that hackers will have a much harder time at obtaining many users’ real passwords. The source claimed that only a very small percentage of password hashes were not bcrypt.

Note, while Yahoo is claiming this was a hack done by a state actor, it has not said what state actor.

Also, Yahoo appears to be suggesting that Peace’s claim he had Yahoo credentials was not true. Though, given that Yahoo is being acquired by Verizon at the moment, they would have an incentive to claim they didn’t know about this massive hack earlier.

2016 individual hack tied to DNC

Finally, an individualized hack of a Yahoo user — DNC consultant Alexandra Chalupa — was an independent source of the claim that DNC hackers might have ties to Russia or Ukraine. While the hack was evident from emails released by WikiLeaks, Chalupa had worked with Yahoo’s Michael Isikoff previously and he added details explaining her suspicions about the timing.

“I was freaked out,” Chalupa, who serves as director of “ethnic engagement” for the DNC, told Yahoo News in an interview, noting that she had been in close touch with sources in Kiev, Ukraine, including a number of investigative journalists, who had been providing her with information about Manafort’s political and business dealings in that country and Russia.

“This is really scary,” she said.

[snip]

Chalupa’s message, which had not been previously reported, stands out: It is the first indication that the reach of the hackers who penetrated the DNC has extended beyond the official email accounts of committee officials to include their private email and potentially the content on their smartphones. After Chalupa sent the email to Miranda (which mentions that she had invited this reporter to a meeting with Ukrainian journalists in Washington), it triggered high-level concerns within the DNC, given the sensitive nature of her work. “That’s when we knew it was the Russians,” said a Democratic Party source who has knowledge of the internal probe into the hacked emails. In order to stem the damage, the source said, “we told her to stop her research.”

A Yahoo spokesman said the pop-up warning to Chalupa “appears to be one of our notifications” and said it was consistent with a new policy announced by Yahoo on its Tumblr page last December to notify customers when it has strong evidence of “state sponsored” cyberattacks.

Significantly, this story, at least, claims this (and not cyber consultant CrowdStrike) is where DNC certainty that the hack was perpetrated by Russians came from.

Note that Chalupa’s Yahoo address was also affected in the Linked In hack, which exposed a simple password.

For now, I’m just presenting these three separate hacks as data points of interest.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

ai-wheels_jannikselz-unsplash_1000x1500h

Wednesday: Big Wheels Turning

Hard to believe this was made in 1982. Yeah, the production quality doesn’t match today’s digital capabilities, but the story itself seems really prescient. How can an ethically-compromised bloviating bigot manage to fumble his way into office?

Now you know. Bet you can even offer constructive feedback on how director Danny DeVito could update this script for today’s social media-enhanced election cycle.

Self-Driving Vehicles

  • NHTSA issues guidelines for self-driving cars (Detroit Free Press) — FINALLY. But is it a bit too late now that Uber already has a fleet on the streets of Pittsburgh and Tesla has been running beta cars? Let’s face it: the federal government has been very slow to acknowledge the rise of artificial intelligence in any field, let alone the risks inherent in computer programming used in vehicles. We’re literally at the end of a two-term presidency, on the cusp of entirely new policies toward transportation, and NOW the NHTSA steps in? We need to demand better and faster rather than this future-shocked laggy response from government — and that goes for Congress as well as the White House. Congress fails to see the importance of early regulation in spite of adequate warning:

    Legislators warned automakers at the 15 March Senate hearing that the governing body took a dim view of the industry’s ability to self-regulate. “Someone is going to die in this technology,” Duke University roboticist Missy Cummings told the US Senate during a tense hearing where she testified alongside representatives from General Motors and Delphi Automotive, among others.

    Senators Ed Markey and Richard Blumenthal, who questioned car executives at the hearing, had cosponsored a 2015 bill to regulate self-driving automobiles. The bill was referred to committee and never returned to the floor. [source: Guardian]

    In the mean time, we have an initial 15-point guideline the NHTSA wants to address; are they enough? Is a guideline enough? Witness Volkswagen’s years-long fraud, flouting laws; without more serious consequences, would a company with Volkswagen’s ethics pay any heed at all to mere guidelines? Are you ready to drive on the road with nothing but non-binding guidelines to hold makers of autonomous cars accountable?

  • Multiple Tesla car models hackable (Keen Security Lab) — Check this video on YouTube. At first this seems like an innocuous problem, just lights, mirrors, door locks…and then * boom * the brakes while driving. These same functions would also be controlled by AI in a self-driving car, by the way, and they’re already on the road. This is exactly what I mean by the feds being slow to acknowledge AI’s rise.
  • ‘OMG COOL’-like impressions from early self-driving Uber passengers (Pittsburgh Post-Gazette) — Criminy. The naïveté is astonishing. Of course this technology seems so safe and techno-cool when you have an Uber engineer and programmer along for the ride, offering the illusion of safety. Like having a seasoned, licensed taxi driver. Why not just pay for an actual human to drive?
  • Tesla caught in back-and-forth with Mobileye (multiple sources) — After analyzing the May 2016 fatal accident in Florida involving Tesla’s semi-autonomous driving system, Tesla tweaked the system. The gist of the fatal accident appears to have been a false-positive misinterpretation of the semi-trailer as an overhead road sign, for which a vehicle would not slow down. But this particular accident alone didn’t set off a dispute between Tesla and the vendor for its Autopilot system, Mobileye. Another fatal accident in China which occurred in January was blamed on Tesla’s Autopilot — but that, too, was not the point of conflict between Tesla and its vendor. Mobileye apparently took issue with Tesla over “hands on” versus “hands-free” operation; the computer vision manufacturer’s 16-SEP press release claims Tesla said the Autopilot system would be hands on but was rolled out in 2015 as hands-free. Mobileye may also have taken issue with how aggressively Tesla was pursuing its own computer vision technology even before the two companies agreed to end their relationship this past July.  A volley of news stories over the last two weeks suggest there’s more going on than the hands on versus hands-free issue. Interestingly enough, the burst of stories began just after a hacker discovered there’s a previously undisclosed dash cam capturing shots of Tesla vehicle operations — and yet only a very small number of the flurry of stories mentioned this development. Hmm. Unfortunately, the dash cam feature would not have captured snaps for the two known fatal accidents because the nature of the accidents prevented the camera from sending images to Tesla servers.

Artificial Intelligence

  • The fall of humans is upon us with our help (Forbes) — this article asks what happens when white collar jobs are replaced by artificial intelligence. Oh, how nice, Forbes, that you worry about the white collar dudes like yourselves but not the blue collar workers already being replaced.How about discussing alternative employment for 3.5 million truck drivers?
    Or the approximately 230,000 taxi drivers?
    How about subway, streetcar, and tram operators (number of which I don’t currently have a number)?
    How about the administrative jobs supporting these workers?This is just a portion of transportation alone which will be affected by the introduction of AI in self-driving/autonomous vehicles. What about other blue collar jobs at risk — like fast food workers, of which there are 3.5 million? And we wonder why Trump appeals to a certain portion of the working class. He won’t be informed at all about this, will not have a solution except to remove persons of color as competition for employment. But the left must develop a cogent response to this risk immediately. It’s already here, the rise of machines as AI and algorithmic replacements for humans. Let’s not wait for the next Luddite rebellion V.2.0 — or is Trump’s current support the rebellion’s inception?
  • But every business needs AI! (Forbes) — Uh…no conflict here at all with the previous article. Nope. Just playing the refs. Save America, people, just keep buying!(By the way, note how this contributor touts Hello Barbie chatbot as a positive sign, though Mattel’s internet-enabled Barbie products have had some serious problems with security.)
  • The meta-threat of artificial intelligence (MIT Technology Review) — Doubt my opinion? Don’t take it from me, then, take it from experts including one who plans to make a fortune from AI — like Elon Musk.

Longread: Academia becomes the new white collar underclass
You may have noted Long Island University-Brooklyn’s 12-day lockout which was not really resolved last week but deferred by a contract extension. The dispute originated over a pay gap between Brooklyn and two other better paid LIU campuses. Ridiculous sticking point, given the small distance between these campuses LIU barred instructors from campus and halted their benefits during the lockout. Students walked out, infuriated by the temps who subbed in for the locked-out instructors — a cafeteria worker in one case filled in for an English instructor. LIU’s walkout won’t be the only such conflict over academic wages. To understand the scale of the problem, you’ll want to read this piece at Guernica, which explains how academia is being shaken down across the U.S., not just in Brooklyn. I remember asking an academic administrator back in 2006 what would happen when secondary education was commodified; they couldn’t imagine it ever happening. And now the future has arrived. What are we going to do about this while retaining U.S. standard in education?

Hope you’re liking the site revamp! Do leave a comment if you find anything isn’t working up to snuff.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.
emptywheel

A Cosmopolitan Defense of Snowden

A bunch of human rights groups have started a campaign calling on President Obama to pardon Edward Snowden, to coincide with the release of the Snowden movie today.

With regards to Snowden’s fate, I believe — as I have from the start — that US interest would have been and would be best served if a safe asylum for Snowden were arranged in a friendly country. I had said France at the time, but now Germany would be the obvious location. Obama is not going to pardon Snowden, and Presidents Hillary or Trump are far less likely to do so, not least because if a president pardoned Snowden it would be an invitation for a metaphorical or literal assassination attempt. But I also think it would have always served US interests to keep Snowden out of a place like Russia. That ship has already sailed, but I still think we insist on making it impossible for him to leave Russia (by pressuring allies like Germany that might otherwise have considered asylum) largely out of self-destructive motives, an urge to prove our power that often overrides our interests.

That’s all background to recommending you read this post from Jack Goldsmith arguing against pardon for Snowden. While I disagree with big parts of it, it is the most interesting piece I’ve seen on the Snowden pardon question, for or against.

Like me, Goldsmith believes there’s no chance Snowden will get a pardon, even while admitting that Snowden’s disclosures brought worthwhile transparency to the Intelligence Community. Unlike me, he opposes a pardon, in part, because of the damage Snowden did, a point I’ll bracket for the moment.

More interestingly, Goldsmith argues that a pardon should be judged on whether Snowden’s claimed justification matches what he actually did.

Another difficulty in determining whether a pardon is warranted for Snowden’s crimes is that the proper criteria for a pardon are elusive.  Oliver Wendell Holmes once declared that a pardon “is the determination of the ultimate authority that the public welfare will be better served by inflicting less” than what the criminal law specified.  But how to measure or assess the elusive public welfare?  The Constitution delegates that task exclusively to the President, who can use whatever criteria he chooses.  Many disagreements about whether a pardon is appropriate are at bottom disagreements about what these criteria should be.  Some will question whether Snowden should be pardoned even if his harms were trivial and the benefits he achieved were great.  Indeed, presidents don’t usually grant pardons because a crime brought benefits.  My own view is that in this unusual context, it is best to examine the appropriateness of a pardon in the first instance through an instrumental lens, and also to ask how well Snowden’s stated justification for his crimes matches up with the crimes he actually committed.

Goldsmith goes on to engage in what I consider a narrowly bracketed discussion of Snowden’s leaks about violations of US law (for example, he, as everyone always does, ignores NSA double dipping on Google and Yahoo servers overseas), claiming to assess whether they were violations of the Constitution, but in fact explicitly weighing whether they were a violation of the law.

His exposure of the 702 programs (PRISM and upstream collection) is harder to justify on these grounds, because these programs were clearly authorized by public law and have not sparked nearly the same criticism, pushback, or reform.

After substituting law for Constitution, the former OLC head (the guy who approved of much of Stellar Wind by claiming FISA exclusivity didn’t really mean FISA exclusivity) makes what is effectively an Article II argument — one nowhere nearly as breathtaking as Goldsmith’s Stellar Wind one. Most of Snowden’s leaks can’t be unconstitutional, Goldsmith argues, because they took place overseas and were targeted at non-US persons.

What I do not get, and what I have never seen Snowden or anyone explain, is how his oath to the U.S. Constitution justified the theft and disclosure of the vast number of documents that had nothing to do with operations inside the United States or U.S. persons.  (Every one of the arguments I read for Snowden’s pardon yesterday focused on his domestic U.S. revelations and ignored or downplayed that the vast majority of revelations that did not involve U.S. territory or citizens.)  To take just a few of hundreds of examples, why did his oath to the Constitution justify disclosure that NSA had developed MonsterMind, a program to respond to cyberattacks automatically; or that it had set up data centers in China to insert malware into Chinese computers and had penetrated Huawei in China; or that it was spying (with details about how) in many other foreign nations, on Bin Laden associate Hassam Ghul’s wife, on the UN Secretary General,  and on the Islamic State; or that it cooperates with intelligence services in Sweden and Norway to spy on Russia?; and so on, and so on.  These and other similar disclosures (see here for many more) concern standard intelligence operations in support of national security or foreign policy missions that do not violate the U.S. Constitution or laws, and that did extraordinary harm to those missions.  The losses of intelligence that resulted are not small things, since intelligence information, and especially SIGINT, is a core element of American strength and success (and not just, as many seem to think, related to counterterrorism).  It doesn’t matter that leaks in this context sparked modest reforms (e.g., PPD 28).  The Constitution clearly permits foreign intelligence surveillance, and our elected representatives wanted these obviously lawful practices to remain secret.

Having laid out a (compared to his Stellar Wind defense) fairly uncontroversial argument about the current interpretation of the Constitution reserving wiretapping of non-Americans to the President (though my understanding of the actual wiretapping in the Keith decision, of Americans in Africa, would say Presidents can’t wiretap Americans overseas without more process than Americans’ communications collected under bulk collection overseas currently get), Goldsmith goes onto make his most important point.

The real defense of Snowden stems not from our own Constitution, but from a moral and ethical defense of American values.

What might be the moral and ethical case for disclosing U.S. intelligence techniques against other countries and institutions?  (I will be ignore possible cosmopolitan impulses for Snowden’s theft and leaks, which I think damage the case for a pardon for violations of U.S. law.)  I think the most charitable moral/ethical case for leaking details of electronic intelligence operations abroad, including against our adversaries, is that these operations were harming the Internet, were hypocritical, were contrary to American values, and the like, and Snowden’s disclosures were designed to save the Internet and restore American values.  This is not a crazy view; I know many smart and admirable people who hold it, and I believe it is ethically and morally coherent.

This is a remarkable paragraph. First, it defines what is, I think, the best defense of Snowden. American values and public claims badly conflict with what we were and still are doing on the Internet. I’d add, that this argument also works to defend Chelsea Manning’s leaks: she decided to leak when she was asked to assist Iraqi torture in the name of Iraqi liberation, a dramatic conflict of US stated values with our ugly reality.

But the paragraph is also interesting for the way Goldsmith, almost as an aside, “ignore[s] possible cosmopolitan impulses for Snowden’s theft and leaks, which I think damage the case for a pardon for violations of U.S. law.” I take this to argue that if you’re leaking to serve some universal notion of greater good — some sense of world citizenship — then you can’t very well ask to be pardoned by US law. Perhaps, in that case, you can only ask to be pardoned by universal or at least international law. I’ll come back to this.

Goldsmith contrasts the moral and ethical case based on American values with his own, a moral and ethical one that justifies US spying to serve US interests in a complex and dangerous world.

But it is also not a crazy view, and it is also ethically and morally coherent, to think that U.S. electronic intelligence operations abroad were entirely lawful and legitimate efforts to serve U.S. interests in a complex and dangerous world, and that Snowden’s revelations violated his secrecy pledges and U.S. criminal law and did enormous harm to important American interests and values.

For the record, I think Snowden has said some of US spying does serve US interests in a complex and dangerous world. But from that view, the old defender of Article II argues that a President — the guy or gal who by definition is the only one can decide to pardon Snowden — must always adhere to the latter (Goldsmith’s) moral and ethical stance.

Unfortunately for Snowden’s pardon gambit,  President Obama, and any one who sits in the Oval Office charged with responsibility for American success around the globe, will (and should) embrace the second moral/ethical perspective, and will not (and should not) countenance the first moral/ethical perspective, which I take to be Snowden’s.

Goldsmith then ends where I began, with a more polite explanation that any president that pardoned Snowden would be inviting metaphorical or literal assassination. He also suggests the precedent would lead to more leaks. But that seems to ignore 1) that Snowden leaked even after seeing what they did to Manning (that is, deterrence doesn’t necessarily work) 2) the Petraeus precedent has already exposed the classification system as one giant load of poo.

Anyway, by my reading, Goldsmith argues that this debate pits those motivated out of American values versus those motivated out of perceived American interests, and that any President must necessarily operate from the latter.

I’m interested in that because I think the former motivation really does explain a goodly number of the leakers and whistleblowers I know. People a generation older than me, I think, may have been true believers in the fight against the Evil Empire during the Cold War, only to realize we risk becoming the Evil Empire they spent their life fighting. Every time I see Bill Binney, he makes morbid cracks about how he was the guy who invented “Collect it all,” back when he was fighting Russia. People a generation younger than me — Snowden, Manning, and likely a lot more — more often responded out of defense of all that is great in America after 9/11, only to find that that we have not adhered to that greatness in prosecuting the war on terror. These are gross generalizations. But I think the conflict is real among a lot of people, and it’s one that will always fight increasingly diligent efforts to tamp down dissent.

That said, I want to note something else Goldsmith did, while making his aside that anyone making a cosmopolitan defense of Snowden cannot ask for a pardon under US law (a view I find fairly persuasive, which may be why I think a reasonable outcome is for Snowden to live out his life in Germany). In making that aside, Goldsmith effectively dismissed the possibility that living US values rather than interests might be both cosmopolitan and in our national interest.

I’ve talked about this repeatedly — the degree to which Snowden’s disclosures (and, to a lesser extent, Manning’s) served to expose some lies that are critical to American hegemony. Our hegemonic position relies — according to people like Goldsmith and, perhaps in reality, though the evidence is mixed — on our global dragnet, which in turn serves our global military presence. But it has also relied on an ideology, every bit as important as ideology was during the Cold War, that espoused democracy and market capitalism and, underscoring both of those, a belief in the worth of every individual (and by extension, individual nation) to compete on equal terms. Without that ideology, we’re just a garden variety empire, which is a lot harder to sustain because it requires more costly (in terms of dollars and bodies) coercion rather than persuasion.

And Snowden’s leaks showed we used our preferential position astride the world’s telecommunications network and our claim to serve freedom of expression to serve as the hegemon. Hell, the aftermath of that shows it even more! Country after country has backed off giving Snowden asylum — the proper cosmopolitan resolution — because the US retains enough raw power and/or access to the fruits of the dragnet to persuade countries that’s not in their “interest.”

This is an issue that has gotten far too little attention in the wake of the Snowden leaks: to what degree is the cost of the Snowden leaks measured in terms of exposing to the subjects of our hegemon facts that their leaders already knew (either because they were and are willing co-participants in the spying or knowledgeable adversaries engaged in equally ambitious but less effective surveillance)? I don’t doubt there are individual programs that have been compromised, though thus far the IC has badly hurt its case by making claims (such as that Al Qaeda only adopted encryption in response to Snowden, or that Snowden taught terrorists how to use burner phones) that are easily falsifiable. But a big part of the leaks are about the degree to which the US can (and does passively in many cases via bulk collection) spy on everyone.

But to me, the big cost has been in terms of exposing America’s hegemonic ideology as the fiction that ideologies always become if they aren’t from the start.

Note, I fully accept that that may be an unacceptable cost. America’s hegemony was already weakening; I believe Snowden’s disclosures simply accelerated that. It is absolutely possible that the weakening of US hegemony will create a vacuum of power that will leave chaos. That chaos may, may have already, led to a desire for strongmen in response. There were outside factors playing into all of this. The Iraq War did far more to rot America’s hegemonic virtue than Edward Snowden’s leaks ever could have. And it’s not clear that an empire based on oil can provide the leadership we need to fight climate change, which will increasingly be the source of chaos. But I accept that it is possible Snowden accelerated a process that may lead to horrible outcomes.

Here’s the thing, though: this younger generation of leakers — of dissident servants of the hegemon — don’t need to be cured of a lifetime of ideology. It may take, as it did with Manning, no more than critical assessment of some flyers confiscated by our so-called partners in liberation for the ideology cementing our hegemonic authority to crumble.

Our hegemony depends on the ideology of our values. That seems to both have been the trigger for and may justify the cosmopolitan interest in exposing our hypocrisy. And whether or not Americans should give a shit about the freedom of non-American subjects of the hegemon, to the extent that servants of that ideology here find the hypocrisy unsustainable, we’re likely to have more Mannings and more Snowdens.

Our global dragnet may very well serve the ethics of those who serve presidentially-defined American interests. As such, Snowden’s leaks are surely seen as unforgivable damage.

But it is also possible that American hegemony is only — was only — sustainable to the degree that we made sure that global dragnet was limited by the values that have always been critical to the ideology underlying our hegemony.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

emptywheel

FBI can’t pretend to be the AP without special approval. They can pretend to be Apple.

As a number of outlets have reported, the DOJ IG just released a report on FBI’s impersonation of a journalist in 2007. The FBI pretended to be the AP to catch a high school student making bomb threats.

As I will explain in more detail in a follow-up post, the IG report somewhat exonerated the Agents who engaged in that effort. It also gives reserved approval of an interim policy FBI adopted this June (that is, well after the press complained, and just as the IG was finishing this report) that would prevent the FBI from pulling a similar stunt without higher level approval.

But some of the details in the report — as well as one of its recommendations — suggests that the FBI would still be able to pretend to be a software company making a software update. Here’s the recommendation.

Recommendation 2: The FBI should consider the appropriate level of review required before FBI employees in a criminal investigation use the name of third party organizations or businesses without their knowledge or consent.

As the report explains, this concern arises because FBI policies on undercover activities distinguishes between impersonating a biological person and a corporate one.

Finally, as we described in Section III of this report, we learned during the course of this review that while FBIHQ approval is required to use a third person’s “online identity” in undercover online communications or to make “untrue representations . . . concerning the activities or involvement of any third person” without that person’s knowledge or consent, special approval was not required to use the identity of an organization or business in undercover online communications or in other undercover activities. The new interim policy changes that policy as it relates to news organizations, but does not address this issue with regard to non-news organizations or businesses. We think the Department should consider the appropriate level of review necessary before agents in a criminal investigation are allowed to use the name of a third-party organization or business without its knowledge or consent, in light of the potential impact that use might have on the third party’s reputation.30

30 After reviewing a draft of this report, the FBI provided comments explaining that the heightened level of review and approval required for FBI employees to pose as members of the news media was introduced because such activity potentially could “impair news-gathering activities” under the First Amendment, but that such constitutional considerations do not apply to businesses and other third parties. Our recommendation, however, does not rely on equating the reputational interests of some third party organizations and businesses with the constitutional interests of others. We believe that reputational interests, and the potential impact FBI investigations can have on those interests, are themselves sufficiently important to merit some level of review before FBI employees use the names of third party organizations or businesses without their knowledge or consent. [my emphasis]

The new policy requires additional approvals before the FBI can pretend to be a news-gathering organization, but only requires that higher approval for news-gathering organizations, not other corporate entities.

In other words, FBI is only imposing these new restrictions because by pretending to be a journalist, it might impair the news-gathering activities under the First Amendment. But the FBI doesn’t care about the reputational harm that its undercover activities might do to non news media corporations.

And there’s nothing here that would prohibit the FBI to engage in the most obvious undercover activity to accomplish the same objective they had in the bomb threat case: to get someone to click a link that would, unbeknownst to the target, infect their computer with malware.

In other words, by all appearances, the FBI can’t infect you with malware by pretending they want to interview you, but they could infect you with malware by pretending they want to update your software.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

emptywheel

A Busy Day for the Bears

Yesterday, there were three arguably big events associated with stolen records alleged to have ties to Russia’s GRU.

Simon Biles treats her ADHD

The first is the leak, by a group explicitly calling itself Fancy Bear (though the hack was once tied to Polish Anonymous), of anti-doping agency records showing the Williams sisters and Simone Biles all got approval for and took drugs on a list of otherwise banned substances. While there are no allegations of impropriety — indeed, Biles explained that in her case the exception involved treating ADHD — the story got covered by the major international press, including the Beeb, NBC, and NYT.

Colin Powell rants

The second alleged-Bear event is the release of Colin Powell emails, obtained by DC Leaks, to The Intercept, BuzzFeed, and Politico. The emails include quite recent ones, including one from August 26. Powell now uses GMail, suggesting his emails should be harder to hack than (for example) his State emails on AOL or emails run on a private server. Whether you worry about Russian influence or not, this hack is quite newsworthy.

There are embarrassing emails with Powell asserting that “Everything HRC touches she kind of screws up with hubris,” as well as emails with Powell complaining about Trump’s racism and the press’ stoking of it.

The emails are not limited to election-related ones, either. They also include correspondence between Powell and Jack Straw and how the Chilcot report got buried in all the Brexit news.

Guccifer 2 goes mainstream

dncarchitecture_mc

Finally, there was the “appearance” at a security conference by Guccifer 2.0, the guy who has released the DNC emails that gave the Democrats an excuse to force Debbie Wasserman Schultz’s to resign, though they had been looking for an excuse for some time.

In point of fact, Guccifer 2.0 didn’t appear in person at the conference. Rather, he sent a speech which got read at the conference, with the transcript released to journalists. The speech focused on the negligence of software companies in security. Guccifer went on for several paragraphs about the power and sloppiness of tech companies, arguing they were to blame for hacks.

The next reason, and the crucial one, is software vulnerability. Tech companies hurry to finish the work and earn money. So they break development cycle very often omitting the stage of testing. As a result, clients have raw products installed on their systems and networks with a great number of bugs and holes.

Fourth. It’s well known that all large companies look forward to receiving governmental contracts. They develop governmental websites, communication systems, electronic voting systems, and so on and have their products installed to critical infrastructure objects on the national level.

They are aggressively lobbying their interests. You can see it at the diagram that they spent millions of dollars for lobbying. That doesn’t mean they will produce better software. That means they will get even more money in return.

Then he returned to a claim he has made on two earlier occasions: that he hacked DNC via a vulnerability in VAN.

So, what’s the right question we should ask about cyber crime?

Who hacked a system?

Wrong. The right question is: who made it possible that a system was hacked? In this regard, what question should you ask me?

How I hacked the DNC???

Now you know this is a wrong question. Who made it possible, that I hacked into the DNC? This is the question. And I suppose, you already know the answer. This is NGP VAN Company that operates the DNC network. And this is its CEO Stu Trevelyan who is really responsible for the breach.

Their software is full of holes. And you knew about it even before I came on stage.

You may remember Josh Uretsky, the national data director for Sander’s presidential campaign. He was fired in December, 2015 after improperly accessing proprietary data in the DNC system. As it was agreed, he was intentionally searching for voter information belonging to other campaigns.

However, he is not to blame. The real reason voter information became available for non-authorized users was NGP VAN’s raw software which had holes and errors in the code. And this is the same reason I managed to get access to the DNC network. Vulnerabilities in the NGP VAN software installed on its server which they have plenty of. Shit! Yeah?

This scheme shows how NGP VAN is incorporated in the DNC infrastructure.

One of two schemes released with the speech appears above.

Now, Guccifer’s allegation — tying vulnerabilities in the VAN software to his own hack — could be newsworthy. Recall, after all, that one excuse the Bernie staffer gave for nosing around Hillary’s side of VAN was that Sanders’ own data had been compromised earlier that year. Importantly, Guccifer’s persistent focus on VAN, which was a signature moment in Sanders’ voters disillusionment with the DNC conduct in the election, would provide an alternative motive for this hack rather than just a Putinesque plot to tamper with Hillary’s election.

Thing is, there’s nothing in the materials released on VAN that indicates any particular vulnerability (though the dump does include some dated information on DNC’s computer security): effectively Guccifer makes an allegation but — at least from what I’ve seen and heard from a few people who know security better — doesn’t deliver the goods.

Indeed, while there are documents acknowledging the kind of pay-to-play appointments for big donors that both parties practice, and some other financial data that I suspect may prove more interesting with further scrutiny, there’s nothing really newsworthy in this dump. It seems to be interesting primarily to Bernie diehards, not the press generally, which is rightly more interested by the Powell emails.

Which, again, emphasizes how much Guccifer has been feeding Bernie diehards, either out of his own motivation or his handler’s. It is worth noting that while Guccifer claims to oppose Trump’s policies, he did say this about Sanders: “I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!”

Why stomp on the Bears other big blasts?

Which has me wondering about yesterday generally. If someone is orchestrating all these leaks, why have Guccifer “give a speech” on the same day as two highly managed releases, especially given that Guccifer failed to deliver the goods? Indeed, why invite Guccifer to, or have him accept an invitation from, a pretty staid security conference at all?

And what is the role of Darren Martyn, a LulzSec Irish hacker who was indicted along with Jeremy Hammond but apparently never extradited. He’s apparently the one who read Guccifer’s speech. Which raises all sorts of questions about Guccifer’s ties to the Anon group of hackers, or maybe also to what Martyn has been doing since he was indicted in the US.

Let me just close with an observation.

The Democrats have, rightly, been worried about what Guccifer will release closer to the election; I’ve heard specific concerns from connected Dems that he will release far more damning financial documents. The FBI, too, appears uncertain whether the set of documents Guccifer has is the same that the GRU-related hackers are believed to have spied on at the DNC. Thus, both the DNC and FBI would love to do something to make Guccifer show more of his hand.

Before this hack, we were all just waiting to see what Julian Assange, who is clearly maximizing damage to Hillary, will drop next.

And instead, by inviting Guccifer to appear at a conference, someone got Guccifer to drop an additional 700 MB of files while everyone is busy looking at the Powell emails.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Misunderstandings of the Anti-Transparency Hillary-Exonerating Left

It wasn’t enough for Matt Yglesias to write a widely mocked piece calling for less transparency, now Kevin Drum has too. It all makes you wonder whether there’s some LISTERV somewhere — the successor to JOURNOLIST, from which leaked emails revealed embarrassing discussions of putting politics above principle, perhaps — where a bunch of center-left men are plotting about how to finally end the email scandal that Hillary herself instigated with a stupid decision to host her own email. Especially given this eye-popping paragraph in Drum’s piece:

Part of the reason is that Hillary Clinton is a real object lesson in how FOIA can go wrong when it’s weaponized. Another part is that liberals are the biggest fans of transparency, and seeing one of their own pilloried by it might make them take a second look at whether it’s gone off the rails. What we’ve seen with Hillary Clinton is not that she’s done anything especially wrong, but that a story can last forever if there’s a constant stream of new revelations. That’s what’s happened over the past four years. Between Benghazi committees and Judicial Watch’s anti-Hillary jihad, Clinton’s emails have been steadily dripped out practically monthly, even though there’s never been any compelling reason for it. It’s been done solely to keep her alleged corruption in the public eye.

Even setting aside that his piece generally ignores (perhaps, betrays no knowledge of) the widely-abused b5 exemption that already lets people withhold precisely the kinds of deliberations that Drum wants to kill FOIA over (and is used to withhold a lot more than that), this paragraph betrays stunning misunderstanding about the Clinton email scandal. Not least, the degree to which many of the delays have arisen from Clinton’s own actions.

It led me to go back to read this post, which engages in some cute spin and selective editing, but really gives up the game in this passage.

Oddly, the FBI never really addresses the issue of whether Hillary violated federal record retention rules. They obviously believe that she should have used a State email account for work-related business, but that’s about it. I suppose they decided it was a non-issue because Hillary did, in fact, retain all her emails and did, in fact, turn them over quickly when State requested them.

There’s also virtually no discussion of FOIA. What little there is suggests that Hillary’s only concern was that her personal emails not be subjected to FOIA simply because they were held on the same server as her work emails.

Of course the FBI never really addresses how Hillary violated the Federal Records Act. Of course the FBI never really addresses how Hillary tried to avoid FOIA. (Note too that Drum ignores that some of those “personal” emails have been found to be subject to FOIA and FRA and Congressional requests; they weren’t actually personal.)

That’s because this wasn’t an investigation into violating the Federal Records Act. As I wrote in this post summarizing Jim Comey’s testimony to Oversight and Government Reform:

The FBI investigation that ended yesterday only pertained to that referral about classified information. Indeed, over the course of the hearing, Comey revealed that it was narrowly focused, examining the behavior of only Clinton and four or five of her close aides. And it only pertained to that question about mishandling classified information. That’s what the declination was based on: Comey and others’ determination that when Hillary set up her home-brew server, she did not intend to mishandle classified information.

This caused some consternation, early on in the hearing, because Republicans familiar with Clinton aides’ sworn testimony to the committee investigating the email server and Benghazi were confused how Comey could say that Hillary was not cleared to have her own server, but aides had testified to the contrary. But Comey explained it very clearly, and repeatedly. While FBI considered the statements of Clinton aides, they did not review their sworn statements to Congress for truth.

That’s important because the committee was largely asking a different question: whether Clinton used her server to avoid oversight, Federal Record Act requirements, the Benghazi investigation, and FOIA. That’s a question the FBI did not review at all. This all became crystal clear in the last minutes of the Comey testimony.

Chaffetz: Was there any evidence of Hillary Clinton attempting to avoid compliance with the Freedom of Information Act?

Comey: That was not the subject of our criminal investigation so I can’t answer that sitting here.

Chaffetz: It’s a violation of law, is it not?

Comey: Yes, my understanding is there are civil statutes that apply to that. I don’t know of a crimin–

Chaffetz: Let’s put some boundaries on this a little bit — what you didn’t look at. You didn’t look at whether or not there was an intention or reality of non-compliance with the Freedom of Information Act.

Comey: Correct.

Having started down this path, Chaffetz basically confirms what Comey had said a number of times throughout the hearing, that FBI didn’t scrutinize the veracity of testimony to the committee because the committee did not make a perjury referral.

Chaffetz: You did not look at testimony that Hillary Clinton gave in the United States Congress, both the House and the Senate?

Comey: To see whether it was perjurious in some respect?

Chaffetz: Yes.

Comey: No we did not.

[snip]

Comey: Again, I can confirm this but I don’t think we got a referral from Congressional committees, a perjury referral.

Chaffetz: No. It was the Inspector General that initiated this.

Now, let me jump to the punch and predict that OGR will refer at least Hillary’s aides, and maybe Hillary herself, to FBI for lying to Congress. They might even have merit in doing so, as Comey has already said her public claims about being permitted to have her own email (which she repeated to the committee) were not true. Plus, there’s further evidence that Hillary used her own server precisely to maintain control over them (that is, to avoid FOIA).

As I said in my earlier post, I’m loathe to admit this, because I’d really like to be done with this scandal (I’d like, even more, to come up with sensible policy proposals like fixing email and text archiving to prevent this from happening in every presidential administration). All the questions about whether Hillary chose to keep her own server to avoid oversight (or, as Chaffetz asked today, to obstruct OGR’s investigation) has never been investigated by FBI. Those requests even have more merit than Democrats are making out — in part for precisely this reason, FBI has never considered at least some evidence to support the case Hillary deliberately avoided FRA, including a string of really suspicious timing. As I wrote in my other post, I also think they won’t amount to anything, in part because these laws (including laws prohibiting lying to Congress) are so toothless. But they are a fair question.

All that said, it is incorrect to take a report showing the FBI not charging Hillary for intentionally mishandling classified information and conclude from that that hers is an example of FRA and FOIA gone amuck. On the contrary. Hillary has never been exonerated for trying to avoid FOIA and FRA. The evidence suggests it would be hard to do that.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Guccifer 1’s Potentially Russian IP Address

I’m a bit late to the FBI report on Hillary’s emails. I’m reading it now for all the details that don’t serve to reinforce one’s assumptions about Hillary’s email scandal (as the report honestly can do for all sides).

But I wanted to point to this detail. In the report’s short discussion of Guccifer 1’s hack of Sidney Blumenthal, the report suggests that Guccifer may have tried to hack Hillary in the days after hacking Blumenthal.

screen-shot-2016-09-07-at-3-05-04-pm

The passage is appropriately ambiguous. Guccifer (Lazar) successfully hacked Blumenthal on March 14, 2013. The next day — and again on March 19 and 21 — there were unsuccessful probes on Hillary’s server. The FBI suggests those may have been Guccifer, though states it doesn’t know whether it is or not (which is weird, because Guccifer has been in US custody for some time, though I suppose his lawyer advised him against admitting he tried to hack Hillary).

I find all this interesting because those probes were made from Russian and Ukrainian IPs. That’s not surprising. Lots of hackers use Russian and Ukrainian IPs. What’s surprising is there has been no peep about this from the Russian fear industry.

That may be because the FBI isn’t leaking wildly about this. Or maybe FBI has less interest to pretend that all IPs in Russia are used exclusively by state agents of Vlad Putin (not least because then they should have been looking for Russians hacking the DNC?).

It’s just an example of what an attempted hack might look like without that Russian fear industry.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Jim Comey Impugns Pot Smokers Again

Reason reports that the American Legion just passed a resolution calling on Congress to reclassify cannabis.

One of the potential medical values of medical marijuana is as a treatment for Post-Traumatic Stress Disorder (PTSD). And in what must certainly at this point make it abundantly clear where the majority of Americans stand on marijuana use, the American Legion has just voted at its national convention to support a resolution calling on Congress to legislatively reclassify cannabis and place it in a category that recognizes its potential value.

The resolution, readable here at marijuana.com, highlights a number of important statistics that have helped push the Legion to support it. Across two years, the Department of Veterans Affairs have diagnosed thousands of Afghanistan and Iraq War veterans as having PTSD or Traumatic Brain Injuries (TBI). More than 1,300 veterans in fiscal year 2009 were hospitalized for brain injuries. And the resolution notes that systems in the brain can respond to 60 different chemicals found in cannabis.

Therefore, the American Legion wants the DEA to license privately-funded medical marijuana and research facilities and to reclassify marijuana away from being lumped in with drugs like cocaine and meth.

If veterans suffering from PTSD were able to use cannabis as treatment, we would have to add them to the list of people — like Malia Obama — whom Jim Comey thinks don’t have integrity.

For the second time in as many months, Comey last week used the example of people who smoke pot (on their way to an interview, at least) to describe a lack of integrity.

To have a cyber special agent, you need three buckets of attributes. You need integrity, which is non-negotiable. You need physicality. We’re going to give you a gun on behalf of the United States of America, you need to be able to run, fight, and shoot. So there’s a physicality required. And obviously there’s an intelligence we need for any special agent, but to be a cyber special agent, we need a highly sophisticated, specialized technical expertise.

Those three buckets are rare to find in the same human being in nature. We will find people of great integrity, who have technical talent, and can’t squeeze out more than two or three push-ups. We may find people of great technical talent who want to smoke weed on the way to the interview. So we’re staring at that, asking ourselves, “Are there other ways to find this talent, to equip this talent, to grow this talent?” One of the things we’re looking at is, if we find people of integrity and physicality and high intelligence, can we grow our own cyber expertise inside the organization? Or can we change the mix in cyber squads? A cyber squad today is normally eight special agents—gun-carrying people with integrity, physicality, high intelligence, and technical expertise. Ought the mix to be something else? A smaller group of this, and a group of high-integrity people with technical expertise who are called cyber investigators?

I get that this cute labeling of pot smokers as lacking integrity is part of his script (he used almost the same lines in both speeches), perhaps to avoid thinking about what it means that our nation can’t best fight the alleged biggest threat to it because of outdated laws. But either he has given no thought about the words that are falling out of his mouth (indeed, he also seems to have no understanding of the the words “adult” and “mature” mean, which are other words he tends to wield in profoundly troublesome fashion), or the nation’s top cop really can’t distinguish between law — and that, not even in all states anymore — and ethics.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

FBI’s Fancy Bear Cyber Structure

Back in July, I noted this passage in the latest DOJ IG report on FBI’s cyber prioritization.

According to the FBI, computer intrusion matters Involving national security are the highest priority matters investigated by the FBI Cyber Division. National security computer intrusion matters are intrusions or attempted intrusions into any computer or information system that may compromise the confidentiality, integrity, or availability of critical infrastructure data, components, or systems (e.g., cyber national security incidents or threats to the national Information infrastructure) by or on behalf of a foreign power, or an agent of a to include designated international terrorist groups. [half paragraph redacted]

In FY 2015, to ensure t hat the highest ranked threats are efficiently investigated, the Cyber Division implemented its Cyber Threat Team (CIT) model. A CTT focuses on the investigation of and operations against a specific national security threat. Each CTT is comprised of lead field office, called a Strategic Threat Execution office, up to five field offices assisting in specific aspects of the threat called Tactical Threat Execution offices, and a Cyber Division headquarters threat manager. The CTT bears the responsibility for managing the strategy, operations, and intelligence for its assigned threat. [half paragraph redacted]

The intention of the Cyber Division’s err model is to facilitate the allocation of resources to cyber national security threats, increase efficiency in addressing those threats, and facilitate the development of subject matter expertise within various field offices. Additionally, the CTT model is intended to enable each field office to focus on specific, assigned threats, helping to prevent the previous diffusion of efforts wherein multiple field offices were working the same cyber threat and not coordinating efforts. Prior to the implementation of the err, such overlapping investigations were a great challenge for the FBI. While its field offices each have a territory for which they are responsible, cyber threats are not restricted by geographical boundaries, so a territorial model proved ineffective. Lastly, the err model is intended to assist the FBI in prioritizing and properly allocating resources to each field office based on the threats on which they are assigned to work.

The Cyber Division organizes its headquarters national security intrusion threat operational units geographically, including sections responsible for identifying, pursuing, and defeating cyber adversaries emanating from Asia, Eurasia, and Middle East/Africa. Such geographic delineations of responsibility do not present the same problems at Cyber Division Headquarters, since responsibility for the threats is based on their point or area of origin, and not the multiple U.S. jurisdictions where they might have an impact. The threat operational units coordinate with the errs and with units of the Cyber Intelligence Section, which also are geographically organized and provide actionable intelligence information.

In other words, at both the field office level and at the national level, the FBI’s cyber agents have reorganized around the geography of the threat rather than the geography of the target.

Jim Comey elaborated on this reorganization in a speech on cyber (and back dooring encryption) last week.

The challenge we face today, with a threat that comes at us at the speed of light from anywhere in the world, is that physical place isn’t such a meaningful way to assign work any longer. Where did “it” happen when you’re talking about an intrusion that’s coming out of the other side of the globe, aimed at multiple enterprises either simultaneously or in sequence? That “it” is different than it ever was before.

So we’ve changed the way we’re assigning work. We have now created a Cyber Threat Team model, where we assign the work in the FBI based on ability. Which field office has shown the chops to go after which slice of the threat we face—that stack? And then assign it there.

This does two things for us. It allows us to put the work where the expertise is, and it creates a healthy competition inside the FBI. Everybody wants to be at the front of the list to own important threats that come at us. We assign, in the Cyber Threat Team model, a particular threat. Let’s imagine it’s a particular threat that comes at us from a certain nation-state actor set. We assign that to the Little Rock Division because the Little Rock Division has demonstrated tremendous ability against that threat.

But we’re not fools about important physical manifestations, because that threat is going to touch particular enterprises around the country. And the CEOs of those enterprises and their boards are going to want to know, “Has the FBI been here to talk to us? And what’s the nature of the investigation? And how is it going?” To make sure we accommodate that need, we’re going to allow up to four other offices to help the team that is assigned the threat in Little Rock. If a company is hit in Indianapolis, and one is hit in Seattle, and one is hit in Miami, those field offices will also be able to assist in the investigation, but the lead will be in Little Rock. Then, the air traffic control for all of that to make sure we are not duplicating effort, or sending confusing messages, will come from the Cyber Division at Headquarters.

We’re trying this. We’ve been doing it now for about a year in a half. Seems to be working pretty well. It has set very, very healthy competition inside the FBI, which is good for us. But we’re confronting a challenge and a way of doing work that we’ve never seen before, so we’re eager to get feedback and then iterate as make sense. We want to be humble enough to understand that just as our world has been transformed in our lifetimes, the way in which we do our work is being transformed. We have to be open to changing when it makes sense.

So the Cyber Threat Team model is at the core of our response. Also at the core of our response is a “fly team” of experts that we’ve put together that we call the CAT team—the Cyber Action Team. Just as in terrorism, we have pre-assigned pools of expertise that can jump on an airplane and go anywhere in the world in response to a terrorism threat, we’re building that, and have built, that same capability in respect to cyber, so that, if there is a particular intrusion—let’s say Sony in Los Angeles—we have the talent, the agent talent, the analyst talent, the technical talent, that’s already assigned to the Cyber Action Team that’s ready to deploy at a moment’s notice to literally fly to Los Angeles to support the investigation.

Comey had just defined “the stack” he refers to here as the priority of threats the FBI faces; nation-states, with China, Russia, Iran, and North Korea named, followed by multinational criminal syndicate, followed by “purveyors of ransomware,” followed by hactivists, with terrorists (who Comey says aren’t yet developing a hacking capability) last. This would suggest that this means no ransomware is perpetrated by multinational crime organizations, which would surprise me.

Now, I get the logic of such organization. Not only can network intrusions be launched from anywhere, but they usually hide where they’re launched from. So geographical location, in this scheme, appears to be about holding corporate CEO hands (I guess they get different victim service from the FBI than the rest of us), not investigative venue.

But it also raises a few concerns for me.

Will devolution of cyber lead to more abuse of venue?

First, questions of venue for prosecution. We’ve already seen, with Weev, DOJ prosecuting a hacker (I’m not sure where Weev would be defined in this stack, because he wasn’t doing it for political reasons) in an improper venue because of the nifty precedents there. With Playpen, we’ve got DOJ — before Rule 41 gets rewritten — hacking thousands based off one Eastern District of Virginia magistrate’s warrant.

This dispersed focus would seem to encourage such legally problematic moves.

To the Fancy Bear watchers everything looks like a Fancy Bear

In addition, there’s a potential problem with assigning cases by perceived perpetrator, one that replicates a problem in the private contracting world, where contractors routinely hype the threat of the day (which today is Russia, but which a few years ago was China) because it drove sales.

That is, at some level, FBI appears to be assigning cases based on preliminary evidence to specific CTTs. This seems potentially very problematic from an investigative standpoint, as it answers the question, “whodunnit,” at the beginning of the process, not the end. And that particular CTT has an incentive to keep any big flashy case in its own hands, meaning they’re going to be disinclined to see any other potential actors out there.

Moreover, if a case — say the DNC hack –that could involve multiple intrusions or actors with competing interests gets assigned to the group whose bureaucratic imperative requires it to be just one actor, it is far less likely they’re even going to see the evidence that something more may be going on.

Again, this is just a potential problem, but it could be a very serious one, as it could reverse the investigative model that FBI has traditionally used.

FBI’s 702 activities have been devolved as well and with that devolution undergo less oversight

Finally, this potentially exacerbates a concern I have with how FBI manages Section 702. The most recent batch of Semiannual reports that came out show that more 702-related functions are devolving to FBI Field offices, with one redaction (see italics) suggesting there might be some role involving tasking going on at Field offices. And as this passage from the October 2014 report suggests, ODNI is not monitoring things as closely.

During this reporting period, NSD continued to conduct minimization reviews at FBI field offices in order to review the retention and dissemination decisions made by FBI field office personnel with respect to Section 702-acquired data. As detailed in the attachments to the Attorney General’s Section 707 Report, NSD conducted minimization reviews at sixteen FBI field offices between June 1, 2013, through November 30, 2013 and reviewed [redacted] involving Section 702-tasked facilities.

ODNI participated in one of these reviews,10 and received written summaries regarding any issues discovered in the other reviews. (U//FOUO) NSD’s review of field offices coincided with FBI’s broadening of the use of Section 702-acquired data at these field offices. Although there were isolated instances of noncompliance with the FBI minimization procedures and/or FBI policy, NSD and ODNI found that overall agents understood and were properly applying the requirements of FBI policy and the minimization procedures.11

10 (U) ODNI joins NSD on these reviews when the FBI field offices are located in or within reasonable driving distance of the Washington, D.C. area (e.g., the Washington Field Office and the Baltimore Field Office). During this reporting period, ODNI joined NSD for the Baltimore Field Office review. ODNI plans to continue to accompany NSD during the minimization reviews of the FBI Washington and Baltimore field offices and is continuing to explore the feasibility of joining NSD on reviews of other FBI field offices.

11 (S//NF) NSD’s review found only one instance where U.S. person information was not properly handled as required by the minimization procedures. Specifically, the agent improperly disseminated U.S. person information that did not meet the standard minimization procedures requirement. Although the information reasonably appeared to be foreign intelligence information, it did not seem to have met the requirement that such information shall not be disseminated in a manner that identifies a United States person unless such person’s identity is necessary to understand foreign intelligence information or to assess its importance. In this case, upon NSD’s review, the agent agreed that the disseminated U.S. person identity did not meet the above standard. NSD confirmed that the agent recalled the dissemination and re-issued the dissemination without identifying the U.S. person.

Along with some interesting new redactions in the boilerplate about FBI’s roles in 702, the October 2014 and June 2015 report both include this paragraph:

While prior Joint Assessments provided figures regarding the number of reports FBI had identified as containing minimized Section 702-acquired United States person information, in 2013 FBI transitioned much of its dissemination from FBI Headquarters to FBI field offices. NSD is conducting oversight reviews of FBI field offices use of these disseminations, but because every field office is not reviewed every six months, NSD no longer has comprehensive numbers on the number of disseminations of United States person information made by FBI. FBI does, however, report comparable information on an annual basis to Congress and the FISC pursuant to 50 U.S.C. §1881a(l)(3)(i).

Ummm. We know that the FBI’s numbers on NSLs are bullshit — and FBI doesn’t much care. And when asked about those inaccuracies, FBI told DOJ’s IG,

[T]he FBI told the OIG that while 100 percent accuracy can be a helpful goal, attempting to obtain 100 percent accuracy in the NSL subsystem would create an undue burden without providing corresponding benefits. The FBI also stated that it has taken steps to minimize error to the greatest extent possible.

I’ve even asked ODNI about FBI’s funny NSL numbers, twice, and gotten this response:

¯\_(ツ)_/¯

So we already know that the FBI’s legally mandated reports to Congress on NSL numbers are bogus. Now we learn that FBI has devolved its 702 work to field offices which has led to the discontinuation of one of the key oversight mechanisms on their counting process: an outside check.

That seems like a potentially big oversight loophole.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.