Informants

1 2 3 9

NSA’s Dragnet Failed to “Correlate” David Headley’s Identity, One of Its Core Functions

In a piece on the GCHQ and NSA failure to identify David Headley’s role in the Mumbai terrorist attack, ProPublica quotes former CIA officer Charles Faddis on the value of bulk surveillance.

“I’m not saying that the capacity to intercept the communications is not valuable,” said Charles (Sam) Faddis, a former C.I.A. counterterror chief. “Clearly that’s valuable.” Nonetheless, he added, it is a mistake to rely heavily on bulk surveillance programs in isolation.

“You’re going to waste a lot of money, you’re going to waste a lot of time,” Faddis said. “At the end, you’re going have very little to show for it.”

The article as a whole demonstrates that in a manner I’m fairly shocked about. The NSA failed to recognize what it had in intelligence collected on Headley’s role in the attack even after the attack because they hadn’t correlated his known birth name with the name he adopted in the US.

Headley represents another potential stream of intelligence that could have made a difference before Mumbai. He is serving 35 years in prison for his role. He was a Pakistani-American son of privilege who became a heroin addict, drug smuggler and DEA informant, then an Islamic terrorist and Pakistani spy, and finally, a prize witness for U.S. prosecutors.

In recounting that odyssey, we previously explored half a dozen missed opportunities by U.S. law enforcement to pursue tips from Headley’s associates about his terrorist activity. New reporting and analysis traces Headley’s trail of suspicious electronic communications as he did reconnaissance missions under the direction of Lashkar and Pakistan’s Inter-Services Intelligence Directorate (ISI).

Headley discussed targets, expressed extremist sentiments and raised other red flags in often brazen emails, texts and phone calls to his handlers, one of whom worked closely on the plot with Shah, the Lashkar communications chief targeted by the British.

U.S. intelligence officials disclosed to me for the first time that, after the attacks, intensified N.S.A. monitoring of Pakistan did scoop up some of Headley’s suspicious emails. But analysts did not realize he was a U.S.-based terrorist involved in the Mumbai attacks who was at work on a new plot against Denmark, officials admitted.

The sheer volume of data and his use of multiple email addresses and his original name, Daood Gilani, posed obstacles, U.S. intelligence officials said. To perfect his cover as an American businessman, Headley had legally changed his name in 2006.

“They detected a guy named ‘Gilani’ writing to bad guys in Pakistan, communicating with terror and ISI nodes,” a senior U.S. intelligence official said. “He wrote also in fluent Urdu, which drew interest. Linking ‘Gilani’ to ‘Headley’ took a long time. The N.S.A. was looking at those emails post-Mumbai. It was not clear to them who he was.”

As I’ve explained, one of the things NSA does with all its data is to “correlate” selectors, so that it maps a picture of all the Internet and telecom (and brick and mortar, where they have HUMINT) activities of a person using the multiple identities that have become common in this day and age. This is a core function of the NSA’s dragnets, and it works automatically on EO 12333 data (and worked automatically on domestically-collected phone and — probably — Internet metadata until 2009).

When you think about it, there are some easy ways of matching online identities (going to a provider, mapping some IP addresses). And even the matching of “burner” IDs can be done with 94% accuracy, at least within AT&T’s system, according to AT&T’s own claims.

The NSA says they didn’t do so here because Headley had changed his name.

Headley, recall, was a DEA informant. Which means, unless these intelligence agencies are far more incompetent than I believe they are, this information was sitting in a government file somewhere: “Daood Gilani, the name of a known Urdu-fluent informant DEA sent off to Pakistan to hang out with baddies  = David Headley.” Unless Headley adopted the new name precisely because he knew it would serve to throw the IC off his trail.

And yet … NSA claims it could not, and did not, correlate those two identities and as a result didn’t even realize Headley was involved in the Mumbai bombing even after the attack.

Notably, they claim they did not do so because of the “sheer volume of data.”

In short, according to the NSA’s now operative story (you should click through to read the flaccid apologies the IC offered up for lying about the value of Sections 215 and 702 in catching Headley), the NSA’s dragnet failed at one of its core functions because it is drowning in data.

 

FBI’s Preventative Role: Hygiene for Corporations, Spies for Muslims

I’m still deep in this 9/11 Follow-up Report FBI, which Jim Comey and now-retired Congressman Frank Wolf had done last year and which released the unsurprising topline conclusion that Jim Comey needs to have more power, released earlier this week.

About the only conclusion in the report that Comey disagreed with — per this Josh Gerstein report — is that it should get out of the business of Countering Violent Extremism.

Comey said he agreed with many of the report’s recommendations, but he challenged the proposal that the FBI leave counter-extremism work to other agencies.

“I respectfully disagree with the review commission,” the director said. “It should not be focused on messages about faith it should not be socially focused, but we have an expertise … I have these people who spend all day long thinking dark thoughts and doing research at Quantico, my Behavioral Analysis Unit. They have an incredibly important role to play in countering violent extremism.”

Here’s what the report had to say about FBI and CVE (note, this is a profoundly ahistorical take on the serial efforts to CVE, but that’s just one of many analytical problems with this report).

The FBI, like DHS, NCTC, and other agencies, has made an admirable effort to counter violent extremism (CVE) as mandated in the White House’s December 2011 strategy, Empowering Local Partners to Prevent Violent Extremism in the United States. In January 2012, the FBI established the Countering Violent Extremism Office (CVEO) under the National Security Branch.322 The CVEO was re-aligned in January 2013 to CTD’s Domestic Terrorism Operations Section, under the National JTTF, to better leverage the collaborative participation of the dozens of participating agencies in FBI’s CVE efforts.323 Yet, even within FBI, there is a misperception by some that CVE efforts are the same as FBI’s community outreach efforts. Many field offices remain unaware of the CVE resources available through the CVEO.324 Because the field offices have to own and integrate the CVE portfolio without the benefit of additional resources from FBI Headquarters, there is understandably inconsistent implementation. The Review Commission, through interviews and meetings, heard doubts expressed by FBI personnel and its partners regarding the FBI’s central role in the CVE program. The implementation had been inconsistent and confusing within the FBI, to outside partners, and to local communities.325 The CVEO’s current limited budget and fundamental law enforcement and intelligence responsibilities do not make it an appropriate vehicle for the social and prevention role in the CVE mission. Such initiatives are best undertaken by other government agencies. The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

[snip]

(U) Recommendation 6: The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

For what it’s worth, Muslim communities increasingly agree that the FBI — and the federal government generally — should not be in the business of CVE. But that’s largely because the government approaches it with the same view Comey does: by thinking immediately of his analysts thinking dark thoughts at Quantico. So if some agency that had credibility — if some agency had credibility — at diverting youth (of all faiths) who might otherwise get caught in an FBI sting, I could support it moving someplace else, but I’m skeptical DHS or any other existing federal agency is that agency right now.

While the Review doesn’t say explicitly in this section what it wants the FBI to be doing instead of CVE, elsewhere it emphasizes that it wants the FBI to do more racial profiling (AKA “domain awareness”) and run more informants. Thus, I think it fair to argue that the Ed Meese-led panel thinks the FBI should spy on Muslims, not reach out to them. Occupation-style federal intelligence gathering, not community based.

Which is why I think this approach to Muslim communities should be compared directly with the Review’s approach with corporations. The same report that says FBI should not be in the business of CVE — which done properly is outreach to at-risk communities — says that it should accelerate and increase its funding for its outreach to the private sector.

(U) Recommendation 5: The Review Commission recommends that the FBI enhance and accelerate its outreach to the private sector.

  • (U) The FBI should work with Congress to develop legislation that facilitates private companies’ communication and collaboration and work with the US Government in countering cyber threats.
  • (U) The FBI should play a prominent role in coordinating with the private sector, which the Review Commission believes will require a full-time position for a qualified special agent in the relevant field offices, as well as existing oversight at Headquarters.

Indeed, in a paragraph explaining why the FBI should add more private sector liaisons (and give them the same credit they’d get if they recruited corporations as narcs, only corporations shouldn’t be called “sources” because it would carry the stigma of being a narc), the Review approvingly describes the FBI liaison officers working with corporations to promote better Internet hygiene.

The Review Commission learned that the FBI liaison positions have traditionally been undervalued but that has begun to change as more experienced special agents take on the role, although this has not yet resulted in adequate numbers of assigned special agents or adequate training for those in the position. One field office noted that it had 400 cleared defense contractors (CDCs) in its AOR—ranging from large well known names to far smaller enterprises—with only one liaison officer handling hundreds of CDCs. This field office emphasized the critical need for more liaison officers to conduct outreach to these companies to promote better internet hygiene, reduce the number of breaches, and promote long-term cooperation with the FBI.319 Another field office noted, however, some sensitivity in these liaison relationships because labeling private sector contacts as sources could create a stigma. The field office argued that liaison contacts should be considered valuable and special agents should receive credit for the quality of liaison relationships the same way they do for CHSs.320

Ed Meese’s panel wants the FBI to do the digital equivalent of teaching corporations to blow their nose and wash their hands after peeing, but it doesn’t think the FBI should spend time reaching out to Muslim communities but should instead spy on them via paid informants.

Maybe there are good reasons for the panel’s disparate recommended treatment of corporations and Muslim communities. If so, the Review doesn’t explain it anywhere (though the approach is solidly in line with the Intelligence Committees’ rush to give corporations immunity to cyber share information with the federal government).

But it does seem worth noting that this panel has advocated the nanny state for one stakeholder and STASI state for another.

What an XKeyscore Fingerprint Looks Like

As part of its cooperation with New Zealand’s best journalist on that country’s SIGINT activities, Nicky Hager, the Intercept has published a story on the targets of a particular XKeyscore query (note: these stories say the outlets obtained this document; they don’t actually say they obtained it from Edward Snowden): top officials in the Solomon Islands and an anti-corruption activist there.

Aside from the targets, which I’ll get to, the story is interesting because it shows in greater detail than we’ve seen what an XKS query looks like. It’s a fairly standard computer query, though initiated by the word “fingerprint.” Some of it is consistent with what Snowden has described fingerprints to include: all the correlated identities that might be associated with a search. The query searches on jremobatu — presumably an email unique name — and James Remobatu, for example. As I have noted, if they wanted to target all the online activities of one particularly person — say, me! — they would add on all the known identifiers, so emptywheel, @emptywheel, Marcy Wheeler, and all the cookies they knew to be associated with me.

What’s interesting, though, is this query is not seeking email or other Internet communication per se. It appears to be seeking documents, right out of a file labeled Solomon government documents. Those may have been pulled and stored as attachments on emails. But the query highlights the degree to which XKS sucks up everything, including documents.

Finally, consider the target of the query. As both articles admit, the reason behind some of the surveillance is understandable, if sustained. Australia and New Zealand had peacekeepers in the Solomons to deal with ethnic tensions there, though were withdrawing by January 2013 when the query was done. The query included related keywords.

In the late 1990s and early 2000s the islands suffered from ethnic violence known as “The Tensions.” This led to the 2003 deployment to the Solomons of New Zealand, Australian and Pacific Island police and military peacekeepers. By January 2013, the date of the target list, both New Zealand and Australia were focused on withdrawing their forces from the island country and by the end of that year they were gone.

The XKEYSCORE list shows New Zealand was carrying out surveillance of several terms associated with militant groups on the island, such as “former tension militants,” and “malaita eagle force.” But with the security situation stabilized by 2013, it is unclear why New Zealand spies appear to have continued an expansive surveillance operation across the government, even tailoring XKEYSCORE to intercept information about an anti-corruption campaigner.

More specifically, however, the query was targeting not the militants, but the Truth and Reconciliation process in the wake of the violence.

I would go further than these articles, however, and say I’m not surprised the Five Eyes spied on a Truth and Reconciliation process. I would fully expect NSA’s “customer” CIA to ask it to track the South African and Colombian Truth and Reconciliation processes, because the CIA collaborated in the suppression of the opposition in both cases (going so far as providing the intelligence behind Nelson Mandela’s arrest in the former case). While I have no reason to expect CIA was involved in the Solomons, I would expect one or more of the myriad intelligence agencies in the Five Eyes country was, particularly given the presence of Aussie and Kiwi peacekeepers there. And they would want to know how their role were being exposed as part of the Truth and Reconciliation process. This query would likely show that.

Which brings me to the point the activist in question, Benjamin Afuga (who sometimes publishes leaked documents) made: this spying, which would definitely detail all cooperation between him and the government, might also reveal his sources.

Benjamin Afuga, the anti-corruption campaigner, said he was concerned the surveillance may have exposed some of the sources of the leaks he publishes online.

“I’m an open person – just like an open book,” Afuga said. “I don’t have anything else other than what I’m doing as a whistleblower and someone who exposes corruption. I don’t really understand what they are looking for. I have nothing to hide.”

Ah, but Afuga does have things to hide: his sources. And again, if one or another Five Eyes country had intelligence operatives involved both during the tensions and in the peace keeping process, they would definitely want to know them.

Again, this is all standard spying stuff. I expect CIA (or any other HUMINT agency) would want to know if they’re being talked about and if so by whom — I even expect CIA does a more crude version of this within the US about some of its most sensitive topics, not least because of the way they went after the SSCI Torture investigators.

But this query does provide a sense of just how powerful this spying is in a world when our communications aren’t encrypted.

Minh Quang Pham Gets His Day in Supreme Court

I’ve long been tracking the case of Minh Quang Pham, whom I call the “graphic artist of mass destruction” because he is accused of helping Samir Khan on Inspire.

He was detained in the UK back in July 2011 (see the timeline). That December, the UK government tried to strip him of citizenship, but failed because that would have left him stateless (he’s originally from Vietnam but the government doesn’t treat him as a citizen). He was quickly charged here when efforts to strip him of UK citizenship failed. But since then, his citizenship case has been wending its way through the British courts.

Throughout this period, it was not officially recognized that Pham was the guy fighting for his citizenship.

Today and yesterday, his case was finally heard before UK’s Supreme Court, and his name made public. Here’s the Open Society report on his case (which also has a timeline!).

I suppose, if Pham loses, he will be sent to NY for trial. If he wins, he will force the UK to charge him there, which for a variety of reasons may get interesting. Remember: Pham should know the informant behind the UndieBomb 2.0 attack. Which may be why everyone wants to try him over here.

Under Cover: The Targets of Stings

The NYT brought in Will Arkin (partnering with Eric Lichtblau) to talk about the proliferation of the use of undercover officials in government agencies. The Supreme Court, IRS, the Smithsonian, and DOD are all playing dress up to spy on Americans (and the IRS permits agents to pretend to be lawyers, doctors, clergy, and journalists).

The article makes it clear that — as might be imagined — the drug war is the most common focus of these undercover officers.

More than half of all the work they described is in pursuit of the illicit drug trade. Money laundering, gangs and organized crime investigations make up the second-largest group of operations.

But it doesn’t really step back and look at who else is getting targeted, which I’ve tried to lay on in this stable.

Screen shot 2014-11-16 at 12.07.12 PM

There are several concerning aspects of this list. I’m hoping the Smithsonian is using under cover officers solely to police the Holocaust and similar museums; the Holocaust museum, after all, has been targeted by a right wing terrorist recently. I might see the point on the Washington Memorial. But I do hope they’re no patrolling the Air and Space Museum because they might catch people who, like I did when I was in fifth grade, use the museum as a playground for stupid pre-teen drama while on a field trip.

DOD’s expanded use of undercover officers to target Americans is very troubling. The 9th Circuit recently threw out a conviction because the Navy had initiated the case searching data in the guise of protecting Spokane’s bases. I suspect, in response, the government will just get more assiduous at laundering such investigations. And it would be highly improper for them to do so clandestinely.

That said, this table is just as telling for what it doesn’t include as what it does.

If USDA is going undercover, why not send undercover inspectors to work in food processing plants, as a great way to not only show the food safety violations, but also the labor violations? Why not go undercover to investigate CAFOs?

The big silence, however, is about bank crime. While I’m sure SEC uses some undercover officers to investigate financial crime, you don’t hear of it anymore, since the failed Goldman prosecution. And we know FBI gave up efforts to use undercover officers to investigate (penny ante) mortgage fraud crime because, well, it just forgot.

But when DOJ’s Inspector General investigated what FBI did when it was given $196 million between 2009 and 2011 to investigate (penny ante) mortgage fraud, FBI’s focus on the issue actually decreased (and DOJ lied about its results). When FBI decided to try to investigate mortgage fraud proactively by using undercover operations, like it does terrorism and drugs, its agents just couldn’t figure out how to do so (in many cases Agents were never told of the effort), so the effort was dropped.

So it’s not just that Agencies are using undercover officers to investigate every little thing, including legitimate dissent, with too little oversight.

Its also that the government, as a whole, is using this increasingly to investigate those penny ante crimes, but not the biggest criminals, like the banksters. So long as the choice of these undercover operations reflects inherent bias (and it always has, especially in the war on drugs), then the underlying structure is illegitimate.

Jim Comey Scolds the Press for Reporting on a Court Filing

Jim Comey, seemingly intent on squandering once limitless credibility in record time, has written a letter to the NYT to explain two of the FBI’s deceptive operations reported recently. The one that’s getting the attention — his admission that an agent posed as an AP reporter to catch a teenager making bomb threats — actually comes off as the less indefensible response.

Relying on an agency behavioral assessment that the anonymous suspect was a narcissist, the online undercover officer portrayed himself as an employee of The Associated Press, and asked if the suspect would be willing to review a draft article about the threats and attacks, to be sure that the anonymous suspect was portrayed fairly.

[snip]

That technique was proper and appropriate under Justice Department and F.B.I. guidelines at the time. Today, the use of such an unusual technique would probably require higher level approvals than in 2007, but it would still be lawful and, in a rare case, appropriate.

Sure, the FBI decided to dress up as the press to catch someone who hadn’t yet done real harm. Sure, they did it to deliver malware, basically a classic hack. Sure, it could have played to this kid’s narcissistic tendencies using any number of other fake identities. Sure, this was ultimately going to get made at least as public as a court docket, which does undermine the credibility of a brand name press outlet. But it was a fairly limited operation, that wouldn’t have generated this much attention if Chris Soghoian (in the process of writing a brief to prevent the FBI to hack with even fewer limits) weren’t such a meddling hippie.

Having insulted the press by asserting that the FBI playing dress up as the press is legal (though dodging somewhat on whether to do so to catch a teenager would be “proper” today), Comey then responded to the FBI’s other recent black eye — being accused of shutting off cable and then pretending to be cable repairmen to access hotel rooms without a warrant — this way.

The Las Vegas case is still in litigation, so there is little we can say, but it would have been better to wait for the government’s response and a court decision before concluding that the F.B.I. engaged in abusive conduct.

Every undercover operation involves “deception,” which has long been a critical tool in fighting crime. The F.B.I.’s use of such techniques is subject to close oversight, both internally and by the courts that review our work.

“It would have been better to wait for the government’s response and a court decision before concluding that the F.B.I. engaged in abusive conduct”???

Now, the reason the press picked up on this story is because the well-heeled defendants have superb lawyers who wrote a brief that is both engaging and chock full of evidence. The brief starts by laying out the stakes that matter for you and I, even if in this case they affect a bunch of Malaysian men who may have ties to Asian organized crime.

The next time you call for assistance because the internet service in your home is not working, the “technician” who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and–when he shows up at your door, impersonating a technician–let him in. He will walk through each room of your home, claiming to diagnose the problem. Actually, he will be videotaping everything (and everyone) inside. He will have no reason to suspect you have broken the law, much less probable cause to obtain a search warrant. But that makes no difference, because by letting him in, you will have “consented” to an intensive search of your home.

Jim Comey thinks the press shouldn’t report on this until after the government has had its shot at rebuttal? Does he feel the same about the army of FBI leakers who pre-empt defense cases all the time? Does Comey think it improper for his FBI to have released this press release, upon defendant Wei Seng Phua’s arrest, asserting that he is a member of organized crime as a fact and mentioning a prior arrest (not a conviction) that may or may not be deemed admissible to this case?

According to the criminal complaint, Wei Seng Phua, is known by law enforcement to be a high ranking member of the 14K Triad, an Asian organized crime group. On or about June 18, 2013, Phua was arrested in Macau, along with more than 20 other individuals, for operating an illegal sport book gambling business transacting illegal bets on the World Cup Soccer Tournament. Phua posted bail in Macau and was released. 

I didn’t see the FBI Director complaining about press stories, written in response to the press release, reported before the defense had been able to present their side.

The point is, one reason we have laws governing open access to court documents — which the government limits all the time (including with claims about a broad need to hide the methods of its deception) — is so both sides get a bid to make their case, both before judges and before the public. Another reason is so that the press can act as a check on something that may be legal, but probably shouldn’t be.

It may well be that FBI gets to use the evidence from their cable repairman scheme (given that superstar appellate lawyer Tom Goldstein is on the case, the defendants probably don’t think this is as big of a slam dunk as the press has, probably because Caesars, a competitor with the Asian mob in the gambling industry, was a willing participant in the scheme, including turning off the cable service). But that’s an entirely different question from whether they should, for precisely the reason the brief lays out: because if the FBI can turn off our cable to set up a cable repairman cover, then it undermines the principle of consensual searches.

These guys may or may not be douchebag Asian mobsters. But they are also being tried in the United States, which still subjects its criminal procedure to fairly broad but by no means unlimited press scrutiny.

Which means the press gets to weigh in. The defense gets to make their case, and if they make a compelling case, the press will report it, just as they almost always report FBI press releases on face value, as they did in this case (to say nothing of FBI’s leaks).

Jim Comey, himself a master at working the press, should expect that, and if he wants his FBI to remain credible, should ensure their undercover operations are not just “legal” and “proper” but also “wise.”

A Good Reason to Encrypt Your iPhone: To Prevent DEA from Creating a Fake Facebook Account

At Salon yesterday, I pushed back against the Apple hysteria again. In it, I look at the numbers that suggest far more Apple handsets are searched under the border exception than using warrants.

Encrypting iPhones might have the biggest impact on law enforcement searches that don’t involve warrants, contrary to law enforcement claims this is about warranted searches. As early as 2010, Customs and Border Patrol was searching around 4,600 devices a year and seizing up to 300 using what is called a “border exception.” That is when CBP takes and searches devices from people it is questioning at the border. Just searching such devices does not even require probable cause (though seizing them requires some rationale). These searches increasingly involve smart phones like the iPhone.

These numbers suggest border searches of iPhones may be as common as warranted searches of the devices. Apple provided account content to U.S. law enforcement 155 times last year. It responded to 3,431 device requests, but the “vast majority” of those device requests involved customers seeking help with a lost or stolen phone, not law enforcement trying to get contents off a cell phone (Consumer Reports estimates that 3.1 million Americans will have their smart phones stolen this year). Given that Apple has by far the largest share of the smart phone market in the U.S., a significant number of border device searches involving a smart phone will be an iPhone. Apple’s default encryption will make it far harder for the government to do such searches without obtaining a warrant, which they often don’t have evidence to get.

Almost 20% of Americans this year will have an iPhone, and that number will be far higher among those who fly internationally. If only 20% of 5,000 border searches involve iPhones, then there are clearly more border iPhone searches than warranted ones.

Meanwhile, we have an appalling new look at what law enforcement does once it gets inside your smart phone. A woman in Albany is suing DEA because — after she permitted DEA to conduct a consensual search of her phone — DEA then took photos obtained during the search, including one of her wearing only underwear, and made a fake Facebook page for her with them. They even sent a friend request to a fugitive and accepted other friend requests. They also posted pictures of her son and niece, on a site intended to lure those involved in the drug trade.

And they consider this a legitimate law enforcement activity!

In a court filing, a U.S. attorney acknowledges that, unbeknownst to Arquiett, Sinnigen created the fake Facebook account, posed as her, posted photos, sent a friend request to a fugitive, accepted other friend requests, and used the account “for a legitimate law enforcement purpose.”

The government’s response lays out an argument justifying Sinnigen’s actions: “Defendants admit that Plaintiff did not give express permission for the use of photographs contained on her phone on an undercover Facebook page, but state the Plaintiff implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic].”

To be sure, DEA and FBI would still be able to obtain consensual access to phones, as they did in this case, by threatening people with harsher charges if they don’t cooperate (which appears to be how they got her to cooperate).

But this demonstrates just how twisted is the government’s view of legitimate use of phone data. The next time you hear a top officer wail about pedophiles, you might ask whether they’re actually the one planning to post sexy pictures.

Unit 8200 Refuseniks Make Visible for Israel What Remains Invisible in the US

Last week, 43 reserve members of Israel’s equivalent to the NSA, Unit 8200, released a letter announcing they would refuse to take actions against Palestinians because the spying done on them amounts to persecution of innocent people. The IDF has responded the same way government agencies here would — scolding the whistleblowers for not raising concerns in official channels. But the letter has elicited rare public discussion about the ethics and morality of spying.

One of the allegations made by the refuseniks highlighted in the English press is that Israel used SIGINT to recruit collaborators, which in turn divides the Palestinian community.

The Palestinian population under military rule is completely exposed to espionage and surveillance by Israeli intelligence. While there are severe limitations on the surveillance of Israeli citizens, the Palestinians are not afforded this protection. There’s no distinction between Palestinians who are, and are not, involved in violence. Information that is collected and stored harms innocent people. It is used for political persecution and to create divisions within Palestinian society by recruiting collaborators and driving parts of Palestinian society against itself. In many cases, intelligence prevents defendants from receiving a fair trial in military courts, as the evidence against them is not revealed. Intelligence allows for the continued control over millions of people through thorough and intrusive supervision and invasion of most areas of life. This does not allow for people to lead normal lives, and fuels more violence further distancing us from the end of the conflict. [my emphasis]

These refuseniks, apparently, have access both to the intelligence they collect and how it is used. That means they’re in a position to talk about the effects of Unit 8200’s spying. And press coverage has made it sound like something that would uniquely happen to occupied Palestinians.

It’s not.

We know of one way that the NSA’s dragnet is definitely being used to recruit informants (aka collaborators), and another whether it it permissible to use.

The first way is via the phone dragnet. As I have noted, the government has twice told the FISA Court — once in 2006 and once in 2009 — that FBI uses dragnet derived information to identify people who might cooperate (aka inform or collaborate) in investigations. Once people come up on a 2-degree search, they are dumped into the corporate store indefinitely, data mined with sufficient information to find embarrassing and illegal things. Apparently, FBI uses such data to coerce cooperation, though we have no details on the process.

All the revealing things metadata shows? The government uses that information to obtain informants.

One way the government probably does this is by using the connections identified by metadata analysis (remember, this is not just phone and Internet data, but also includes financial and travel data, at a minimum) to put people on the No Fly list, regardless of whether they are a real threat to this country. Then, No Fly listees have alleged, FBI promises help getting them off that life-altering status if they inform on their community.

More troubling still is FBI’s uncounted use of warrantless back door searches of US person content when conducting assessments. As I noted, in addition to doing assessments in response to “tips,” the FBI will use them to profile communities or identify potential informants.

As the FBI’s Domestic Investigations and Operations Guide describes, assessments are used for “prompt and extremely limited checking out of initial leads.” No factual predicate (that is, no real evidence of wrong-doing) is required before the FBI starts an assessment. While FBI cannot use First Amendment activities as the sole reason for assessments, they can be considered. In addition to looking into leads about individual people, FBI uses assessments as part of the process for Domain Assessments (what FBI calls their profiling of Muslim communities) and the selection of informants to try to recruit. In some cases, an Agent doesn’t need prior approval to open an assessment; in others, they may get oral approval (though for several kinds, an Agent must get a formal memo approved before opening an assessment). And while Agents are supposed to record all assessments, for some assessments, they’re very cursory reports — basically complaint forms. That is, for certain types of assessments, FBI is not generating its most formal paperwork to track the process.

So while I can’t point to a DOJ claim to FISC that these back door searches are useful because they help find informants, it appears to be possible. Plus, as early as 2002, Ted Olson said they would use evidence of rape collected using traditional FISA to talk someone into cooperating (aka inform or collaborate); that was the reason he gave for blowing the wall between intelligence and criminal investigations to smithereens.

Indeed, knowing the way the government uses phone dragnet information as an index to collected content, the government may well use phone dragnet metadata to pick which Americans to subject to warrantless back door searches.

It sounds really awful when we hear about Israel using SIGINT — including information we provide without minimizing it — to spy on Palestinians.

But we have a good deal of reason to believe the US intelligence community — in collaboration — does similar things, spying on Muslim communities and using SIGINT to recruit collaborators that end up sowing paranoia and distrust in the communities.

Not only don’t we have a group of refuseniks who, among themselves, can explain how all of this works. But how the FBI uses all this data is precisely what the government intends to keep secret under the so-called “transparency” provisions of USA Freedom Act. While I will provide more detail in a follow-up post, remember that the FBI refuses to count its back door searches, which means it would be almost impossible for anyone to get a real sense of how these warrantless back door searches on US persons are used. It also has asserted it does not need to disclose evidence derived from Section 215 to criminal defendants, which is another way the evidence against defendants gets hidden.

It’s awful that Israel is doing it. But it’s even worse that we’re almost certainly doing the same, but that we can only find hints of how it is being done.

Pablo Escobar on a Train Using Data for Other Purposes

Yesterday, AP reported that the DEA paid an Amtrak secretary $854,460 over 20 years to hand over train passenger lists.

According to a report released Monday by Amtrak’s inspector general, the DEA paid an Amtrak secretary $854,460 to be an informant. The employee was not publicly identified except as a “secretary to a train and engine crew.”

Amtrak’s own police agency is already in a joint drug enforcement task force that includes the DEA. According to the inspector general, that task force can obtain Amtrak confidential passenger reservation information at no cost.

There’s a lot that’s weird about this story. That Amtrak’s IG, and not DEA’s IG (that is, DOJ’s) IG found this problem. That the secretary was permitted to just fade into retirement.

But I’m most intrigued that DEA treated the secretary taking these bribes as an informant — with an anonymous federal law enforcement official justifying such an approach by pointing to the chemical company informant that helped bust Pablo Escobar.

It’s not unprecedented for law enforcement to have professional people who are informants employed in transportation and other industries, said a federal law enforcement official who is familiar with the incident involving Amtrak. The official spoke on condition of anonymity because the person was not authorized to speak on the record.

The official said that years ago during the investigation of drug lord Pablo Escobar, an informant at a U.S. chemical company provided a major assist to law enforcement by informing authorities that thousands of gallons of acetone were being shipped to Colombia. Acetone is used to manufacture cocaine.

DEA could have gotten this information for free, but it instead chose to dump 850K into getting it via other means, and the law enforcement side of this picture (DOJ) has not checked to see what DEA did with this data.

I can imagine why DEA would want to work via “informant” rather than regular law enforcement information sharing venues (and Amtrak is definitely part of that network). At the very least, it would permit them to shield the source of their data (as they shield the source of their data in the AT&T Hemisphere program). But it would also permit them to use the information for other off-book purposes.

But that appears not to be the concern of the IGs involved.

In a Nation Ravaged by Banksters, FBI Can’t Afford the “Luxury” of Frivolous Counterterrorism Stings

In a JustSecurity post reviewing the same speech that I observed ignored US failures to prevent violent extremism, NYU Professor Samuel Rascoff defends the US use of counterterrorism stings, even in spite of the details revealed by HRW’s report on all the problems related to them. David Cole has an excellent response, which deals with many of the problems with Rascoff’s argument.

I’d like to dispute a more narrow point Rascoff made when he suggested that, because we have so many fewer trained militants than the Europeans, we “can[] afford” the “luxury” of stings.

There are now approximately 3,000 European passport holders fighting in Syria and Iraq. In the time that it took Najibullah Zazi to drive from Denver to New York, a fighter could drive from Aleppo to Budapest. What that means is that European officials are relatively more consumed than American counterparts in keeping up with, and tabs on, trained militants.   Orchestrating American-style sting operations is, in a sense, a luxury they cannot afford.

The claim is astonishing on its face, in that it suggests that, because we don’t have real militants like Europe does, we should engage in the “luxury” of entrapping confused young Muslim men and sending them to expensive decades-long prison terms.

Think a bit more about that notion of “luxury” and the financial choices we make on law enforcement. Here are some numbers taken from two sources: the HRW report (I basically searched on the dollar sign, though this doesn’t include every mention of dollars) and today’s Treasury settlement with Bank of America for helping 10 drug kingpins launder their money over a four year period, three years of which constituted “egregious” behavior.

First, HRW reports that FBI spends over $1.3 billion a year on counterterrorism, much of it stings, leaving less than $2 billion for all other investigations.

More than 40 percent of the FBI’s operating budget of $3.3 billion is now devoted to counterterrorism.

That allows the FBI to pay some of its informants and experts hefty sums.

Beginning in August 2006, the FBI paid Omar $1,500 per week during the investigation. Omar received a total of $240,000 from the FBI. This included: $183,500 in payment unrelated to expenses, and $54,000 for expenses incurred during the investigation including car repair and rent.

[snip]

“Kohlmann is an expert in how to use the Internet, like my 12-year-old. He has found all the bad [stuff] about Islam, and testifies as if what he is reading on the Internet is fact. He was paid around $30,000 to look at websites, documents, and testify.”

These informants sometimes promise — but don’t deliver — similar hefty sums to the guys they’re trying to entrap.

Forty-five-year-old James Cromitie was struggling to make ends meet when, in 2009, FBI informant Hussain offered him as much as $250,000 to carry out a plot which Hussain—who also went by “Maqsood”—had constructed on his own.

[snip]

The informant proposed to lend Hossain $50,000 in cash so long as he paid  him back $2,000 monthly until he had paid back $45,000.

Which is particularly important because many of these guys are quite poor (and couldn’t even afford to commit the crimes they’re accused of).

At the time he was in contact with the informant and the undercover [agent] he was living at home with his parents in Ashland and he didn’t have a car, he didn’t have any money and he didn’t have a driver’s license because he owed $100 and he didn’t have $100 to pay off the fine. In various parts of the investigation he didn’t have a laptop and he didn’t have a cellphone. At one point the informant gave him a cell phone.

And some of these crimes (the very notable exceptions in the HRW report include two material support cases, both of which are close calls on charity designations, but which involved very large sums, $13 million a year in the case of Holy Land Foundation) involve relatively minscule sums.

According to the prosecution, Mirza was the ringleader in collecting around $1,000—provided by the FBI agents and co-defendant Williams—that he handed to a middleman with the intent that it go to families of Taliban fighters.

So one theme of the HRW report is we’re spending huge amounts entrapping what are often poor young men in miniscule crimes so taxpayers can pay $29,000 a year to keep them incarcerated for decades.

These are the stakes for what Rascoff calls a “luxury.” At a time of self-imposed austerity, these stings are, indeed, a luxury.

Compare that to what happens to Bank of America, which engaged in “egregious” violations of bank reporting requirements for three years (and non-egregious ones for a fourth), thereby helping 10 drug kingpins launder their money. No one will go to jail. Bank of America doesn’t even have to admit wrong-doing. Instead, it will have to pay a $16.5 million fine, or just 0.14% of its net income last year.

This settlement came out of a Treasury investigation, not an FBI one.

But when DOJ’s Inspector General investigated what FBI did when it was given $196 million between 2009 and 2011 to investigate (penny ante) mortgage fraud, FBI’s focus on the issue actually decreased (and DOJ lied about its results). When FBI decided to try to investigate mortgage fraud proactively by using undercover operations, like it does terrorism and drugs, its agents just couldn’t figure out how to do so (in many cases Agents were never told of the effort), so the effort was dropped.

Banks commits crimes on a far grander scale than most of these sting targets. But FBI throws the big money at its counterterrorism stings, and not the banks leaching our economy of its vitality.

Rascoff accuses HRW’s and similar interventions of being one-dimensional.

[F]or all the important questions about official practices that critics raise, they have tended to ignore some hard questions about the use of stings and the tradeoffs they entail.Instead, their interventions have an exaggerated, one-dimensional quality to them.

But he himself is guilty of his own crime. Because every kid the FBI entraps in a $240,000 sting may represent an actual completed bank crime that will never be investigated. It represents an opportunity cost. The choice is not just sting or no sting or (more accurately, as David Cole points out) sting or community outreach and cooperation.

Rather, the choice is also between manufacturing crimes to achieve counterterrorism numbers or investigating real financial crimes that are devastating communities.

So long as we fail to see that tradeoff, we fail to address one major source of the economic malaise that fuels other crimes.

Ignoring bank crimes is, truly, something we don’t have the luxury of doing. Nevertheless, we continue to choose to go on doing so, even while engaging in these “luxurious” counterterrorism stings that accomplish so little.

1 2 3 9
Emptywheel Twitterverse
emptywheel @herrdoktorjay If you can't assume all whose visa expired malicious overstays (you can't bc DHS sucks) you can't track malicious overstays
3mreplyretweetfavorite
emptywheel @herrdoktorjay See, that's my point. DHS now starts process by saying, "Oh, we'll miss our own deadline by 3 months."
4mreplyretweetfavorite
emptywheel @herrdoktorjay Even routine green card renewals for non-risk people STILL assume 3 months longer than DHS's own deadlines.
8mreplyretweetfavorite
emptywheel @herrdoktorjay You're lucky! I know abt 50 people who went thru. I think I know one who didn't either technically fall or come damn close.
9mreplyretweetfavorite
emptywheel @bsdtectr Their passports ARE RFIDed (as are ours).
9mreplyretweetfavorite
emptywheel Don't think solution to visa overstays is bar coding students (Fedex). It would take bureaucracy that works, also for immigrants w/status.
13mreplyretweetfavorite
JimWhiteGNV RT @lrozen: Heard interesting tneory, Sen. Barbara Mikulski (D-Md), who is retiring, may be pre-set to be #34 so no one who has to run burd…
14mreplyretweetfavorite
emptywheel If you fixed immigration system for those (almost every single person I've known) who technically fall out of status you might fix overstays
16mreplyretweetfavorite
emptywheel Yes, it sounds horrible. & one inherent problem w/visa overstays is immigration bureaucracy fails even for immigrants who SHOULD have status
17mreplyretweetfavorite
emptywheel Christie's talking visa overstays (eg, both immigration that wall won't affect and which had role in 9/11). It's actually a real problem.
18mreplyretweetfavorite
emptywheel I loathe Christie but think his Fedex comment has been generally horribly reported. He couldn't be talking ALL undocs bc most AREN'T tracked
19mreplyretweetfavorite
emptywheel @pastordan In fact I can think of no more appropriate way for Walker to end his career than in presiding over ALEC's downfall.
33mreplyretweetfavorite
August 2015
S M T W T F S
« Jul    
 1
2345678
9101112131415
16171819202122
23242526272829
3031