Intelligence

1 2 3 91

David Petraeus, Whose Greatest Aptitude Lies in Rewriting History

As always in stories involving David Petraeus, this story about his plan to work with al Qaeda to defeat ISIS involves some rewriting or forgetting of history. There’s the fiction that what is usually called the surge but here is at least called co-opting members of al Qaeda “worked.”

The former commander of U.S. forces in Iraq and Afghanistan has been quietly urging U.S. officials to consider using so-called moderate members of al Qaeda’s Nusra Front to fight ISIS in Syria, four sources familiar with the conversations, including one person who spoke to Petraeus directly, told The Daily Beast.

The heart of the idea stems from Petraeus’ experience in Iraq in 2007, when as part of a broader strategy to defeat an Islamist insurgency the U.S. persuaded Sunni militias to stop fighting with al Qaeda and to work with the American military.

The tactic worked, at least temporarily. But al Qaeda in Iraq was later reborn as ISIS, and has become the sworn enemy of its parent organization. Now, Petraeus is returning to his old play, advocating a strategy of co-opting rank-and-file members of al Nusra, particularly those who don’t necessarily share all of core al Qaeda’s Islamist philosophy. [my emphasis]

To be fair to the Daily Beast, they call it a “tactic,” not a strategy, which is correct and part of the problem with it — it provides no path to lasting peace and can easily lead to the metastasis of new violent groups — as DB makes clear happened with the rise of al Qaeda in Iraq. The description of how Petraeus engaged the Sons of Iraq also neglects to mention the financial payoff, which seems important both to understand the play but also its limitations. Thus far, though, DB at least hints as why Petraeus’ plan is so batshit crazy.

Then there’s the silence in the story about how every attempt to train allied troops that Petraeus has been involved with has turned to shit: Iraq, Afghanistan, Libya. That seems worth mentioning.

But I’m most interested in this claim:

Petraeus was the CIA director in early 2011 when the Syrian civil war erupted. At the time, he along with then Secretary of State Hillary Clinton and Defense Secretary Leon Panetta reportedly urged the Obama administration to work with moderate opposition forces. The U.S. didn’t, and many of those groups have since steered toward jihadist groups like the Nusra Front, which are better equipped and have had more success on the battlefield.

While it is true that Obama did not systematically arm rebels in Syria in 2011, it is also a public fact that the CIA was watching (and at least once doing more than that) Qatar and Saudi Arabia move arms from Libya before Petraeus’ departure in 2012, and Obama approved a covert finding to arm “moderate” rebels in April 2013, with CIA implementing that plan in June.

That’s all public and confirmed.

So how is it that we once again are pretending that the CIA — the agency Petraeus led as it oversaw a disastrous intervention in Libya that contributed to radicalization both there and in Syria — didn’t arm purported moderates who turned out not to be?

In other words, the story here should be, “David Petraeus, after overseeing a series of failed training efforts and covert efforts that led to increased radicalization, wants to try again.”

Which would make it even more clear how crazy this idea is.

John Yoo’s Assistance in Starting Iraq War Might Help Obama Avoid an Iran War

Last week, Steven Aftergood released a January 27, 2003 OLC memo, signed by John Yoo, ruling that the Executive Branch could withhold WMD information from Congress even though 22 USC § 3282 requires the Executive to brief the Foreign Relations committees on such information. I had first noted the existence of the memo in this post (though I guessed wrong as to when it was written).

The memo is, even by Yoo’s standards, inadequate and poorly argued. As Aftergood notes, Yoo relies on a Bill Clinton signing statement that doesn’t say what he says it says. And he treats briefing Congress as equivalent to public disclosure.

Critically, a key part of the Yoo’s argument relies on an OLC memo the Reagan Administration used to excuse its failure to tell Congress that it was selling arms to Iran.

Fourth, despite Congress’s extensive powers under the Constitution, Its authorities to legislative and appropriate cannot constitutionally be exercised in a manner that would usurp the President’s authority over foreign affairs and national security. In our 1986 opinion, we reasoned that this principle had three important corollaries: a) Congress cannot directly review the President’s foreign policy decisions; b) Congress cannot condition an appropriation to require the President to relinquish his discretion in foreign affairs; and c) any statute that touches on the President’s foreign affairs power must be interpreted, so as to avoid constitutional questions, to leave the President as much discretion as possible. 10 Op. O.L.C. at 169-70.

That’s one of the things — a pretty central thing — Yoo relies on to say that, in spite of whatever law Congress passes, the Executive still doesn’t have to share matters relating to WMD proliferation if it doesn’t want to.

Thus far, I don’t think anyone has understood the delicious (if inexcusable) irony of the memo — or the likely reasons why the Obama Administration has deviated from its normal secrecy in releasing the memo now.

This memo authorized the Executive to withhold WMD information in Bush’s 2003 State of the Union address

First, consider the timing. I noted above I was wrong about the timing — I speculated the memo would have been written as part of the Bush Administration’s tweaks of Executive Orders governing classification updated in March 2003.

Boy how wrong was I. Boy how inadequately cynical was I.

Nope. The memo — 7 shoddily written pages — was dated January 27, 2003.The day the White House sent a review copy of the State of the Union to CIA, which somehow didn’t get closely vetted. The day before Bush would go before Congress and deliver his constitutionally mandated State of the Union message. The day before Bush would lay out the case for the Iraq War to Congress — relying on certain claims about WMD — including 16 famous words that turned out to be a lie.

The British government has learned that Saddam Hussein recently sought significant quantities of uranium from Africa.

This memo was written during the drafting of the 2003 State of the Union to pre-approve not sharing WMD information known by the Executive Branch with Congress even in spite of laws requiring the Executive share that information.

Now, we don’t know — because Alberto Gonzales apparently didn’t tell Yoo — what thing he was getting pre-authorization not to tell Congress about. Here’s what the memo says:

It has been obtained through sensitive intelligence sources and methods and concerns proliferation activities that, depending upon information not yet available, may be attributable to one or more foreign nations. Due to your judgment of the extreme sensitivity of the information and the means by which it was obtained, you have not informed us about the nature of the information, what nation is involved, or what activities are implicated. We understand, however, that the information is of the utmost sensitivity and that it directly affects the national security and foreign policy interests of the United States. You have also told us that the unauthorized disclosure of the information could directly injure the national security, compromise intelligence sources and methods, and potentially frustrate sensitive U.S. diplomatic, military, and intelligence activities.

Something about WMD that another nation told us that is too sensitive to share with Congress — like maybe the Brits didn’t buy the Niger forgery documents anymore?

In any case, we do know from the SSCI Report on Iraq Intelligence that an INR analyst had already determined the Niger document was a forgery.

On January 13, 2003, the INR Iraq nuclear analyst sent an e-mail to several IC analysts outlining his reasoning why, “the uranium purchase agreement probably is a hoax.” He indicated that one of the documents that purported to be an agreement for a joint military campaign, including both Iraq and Iran, was so ridiculous that it was “clearly a forgery.” Because this document had the same alleged stamps for the Nigerien Embassy in Rome as the uranium documents, the analyst concluded “that the uranium purchase agreement probably is a forgery.” When the CIA analyst received the e-mail, he realized that WINP AC did not have copies of the documents and requested copies from INR. CIA received copies of the foreign language documents on January 16, 2003.

Who knows? Maybe the thing Bush wanted to hide from Congress, the day before his discredited 2003 State of the Union, didn’t even have to do with Iraq. But we know there has been good reason to question whether Bush’s aides deliberately misinformed Congress in that address, and now we know John Yoo pre-approved doing so.

This memo means Obama doesn’t have to share anything about the Iran deal it doesn’t want to

Here’s the ironic part — and one I only approve of for the irony involved, not for the underlying expansive interpretation of Executive authority.

By releasing this memo just a week before the Iran deal debate heats up, the Obama Administration has given public (and Congressional, to the extent they’re paying attention) notice that it doesn’t believe it has to inform Congress of anything having to do with WMD it deems too sensitive. John Yoo says so. Reagan’s OLC said so, in large part to ensure that no one would go to prison for disobeying Congressional notice requirements pertaining to Iran-Contra.

If you think that’s wrong, you have to argue the Bush Administration improperly politicized intelligence behind the Iraq War. You have to agree that the heroes of Iran-Contra — people like John Poindexter, who signed onto a letter opposing the Iran deal — should be rotting in prison. That is, the opponents of the Iran deal — most of whom supported both the Iraq War and Iran-Contra — have to argue Republican Presidents acted illegally in those past actions.

Me? I do argue Bush improperly withheld information from Congress leading up to the Iraq War. I agree that Poindexter and others should have gone to prison in Iran-Contra.

I also agree that Obama should be forthcoming about whatever his Administration knows about the terms of the Iran deal, even while I believe the deal will prevent war (and not passing the deal will basically irretrievably fuck the US with the international community).

A key thing that will be debated extensively in coming days — largely because the AP, relying on an echo chamber of sources that has proven wrong in the past, published an underreported article on it — is whether the inspection of Parchin is adequate. Maybe that echo chamber is correct, and the inspection is inadequate. More importantly, maybe it is the case that people within the Administration — in spite of IAEA claims that it has treated that deal with the same confidentiality it gives to other inspection protocols made with inspected nations  — know the content of the Parchin side agreement. Maybe the Administration knows about it, and believes it to be perfectly adequate, because it was spying on the IAEA, like it long has, but doesn’t want the fact that it was spying on IAEA to leak out. Maybe the Administration knows about the Parchin deal but has other reasons not to worry about what Iran was allegedly (largely alleged by AP’s sources on this current story) doing at Parchin.

The point is, whether you’re pro-Iran deal or anti-Iran deal, whether you’re worried about the Parchin side agreement or not, John Yoo gave Barack Obama permission to withhold it from Congress, in part because Reagan’s OLC head gave him permission to withhold Iran-Contra details from Congress.

I believe this document Yoo wrote to help Bush get us into the Iraq War may help Obama stay out of an Iran war.

The Things Our Allies Tell Us — Or Don’t

On Friday, the NYT reported that the US was surprised that the Nusra Front attacked Division 30, which is what they’re now calling the group of US-trained “moderate rebels” who’ve only recently been inserted in Syria.

In Washington, several current and former senior administration officials acknowledged that the attack and the abductions by the Nusra Front took American officials by surprise and amounted to a significant intelligence failure.

While American military trainers had gone to great lengths to protect the initial group of trainees from attacks by Islamic State or Syrian Army forces, they did not anticipate an assault from the Nusra Front. In fact, officials said on Friday, they expected the Nusra Front to welcome Division 30 as an ally in its fight against the Islamic State.

“This wasn’t supposed to happen like this,” said one former senior American official, who was working closely on Syria issues until recently, and who spoke on the condition of anonymity to discuss confidential intelligence assessments.

As Moon of Alabama snarked, this would mean the entire national security elite is shocked, shocked that people we’ve been bombing might not welcome us afterwards.

Given how quickly the US responded to the kidnapping by promising air cover for the Division — which is all but guaranteed to suck the US far more deeply into Syria’s civil war — I don’t rule out the very cynical possibility that some within the US recognized the likelihood our rebels would be attacked, but took that as acceptable price to force the US to engage more directly.

If that’s not the case, given how unlikely it is that the entirely intelligence establishment is so stupid so as to have missed the very obvious risk to our rebels, I think it’s quite likely that the US got affirmative HUMINT from one of our partners in the region that Nusra Front would not attack. Both the Saudis and Israelis are real possibilities to have provided this intelligence, given that we rely on the Saudis for a lot of our intelligence on Sunni terrorist groups and the Israelis have been cozying up to the group. And I’m frankly agnostic whether that intelligence would have been offered cynically — again, as a ploy to suck the US further into Syria — or in good faith.

But I do think one possible explanation for the seemingly impossible claim that this attack took the US by surprise to be that we had intelligence telling us this wouldn’t happen.

Meanwhile, in another corner of the Middle East, consider the first line of this FP story revealing the intelligence community learned the Houthis were launching scud missiles into the Saudi Arabia via Twitter.

The U.S. intelligence community first learned that Yemen’s Houthi rebels had launched a Scud missile toward Saudi Arabia on June 30 not from spies on the ground or satellites in the skies, but instead from a more modern form of information gathering: Twitter.

“The first warning of that event: ‘hashtag scudlaunch,’” Marine Lt. Gen. Vincent Stewart, the head of the Pentagon’s Defense Intelligence Agency (DIA), said at a gathering of intelligence contractors just outside Washington on Thursday night. “Someone tweeted that a Scud had been launched, and that’s how we started to search for this activity.”

This also means that the intelligence community — including the CIA led by the former Station Chief to Riyadh — did not learn the Houthis were mounting a counterstrike into KSA from our close allies the Saudis. Yet the likelihood of that was readily available, even to me, via Twitter.

Again, this suggests that the intelligence we may be getting from one of our most trusted allies on the ground may not be all that useful, though in this case I think it possible the Saudis themselves have been delusional about any risk the Houthis might pose.

Whether these two incidents stem from intelligence sharing with our allies, the effect of our ignorance on both counts is that we’re going to be sucked more deeply into the region.

Evan Kohlmann: Garbage In, Garbage Out

Trevor Aaronson has an important piece on one of DOJ’s several “terrorism experts,” Evan Kohlmann. He has long been mocked, to no avail, by defense attorneys working terrorism cases for his lack of credentials and his hack theories about “radicalization;” Aaronson replays some of Kohlmann’s most embarrassing moments on the stand. Even in spite of that, judges keep accepting him as an expert witness. But Aaronson describes how Josh Dratel obtained discovery about another role Kohlmann plays with the FBI.

While representing at trial Mustafa Kamel Mustafa, of the Finsbury Park Mosque in London, New York lawyer Joshua Dratel, who has security clearances, was given classified materials about Kohlmann, a witness in the Mustafa prosecution. “It was the integrity of a prosecutor who learned of [the materials] some way,” Dratel said, crediting a single Justice Department employee for providing a rare full disclosure about Kohlmann.

Dratel has reviewed the classified materials in full, but he is prohibited from discussing their contents publicly. “It’s hard to talk about it without talkingabout it,” he said.

However, the judge in the Mustafa case allowed very limited references to the contents of the classified materials during Dratel’s cross-examination of Kohlmann — providing a clue to what the government is hiding about its star terrorism expert.

“You have done more than consulting for the FBI, correct?” Dratel asked Kohlmann.

“Correct,” Kohlmann said from the witness stand.

“You have done more than act as an expert for the government, correct?” Dratel followed.

“That’s correct, yes,” Kohlmann admitted.

That’s as far as the judge would allow.

Dratel asked Kohlmann whether he had told Tarek Mehanna prosecutors (Carmen Ortiz’ office) of his “precise” relationship with the FBI, but the judge prevented Dratel from obtaining a specific answer.

“In that case, in preparing for that case, or at any time during that case, did you inform the prosecutors in that case of your precise relationship with the FBI?” Dratel continued.

“I don’t know what you mean by ‘precise,’ but the prosecutors in that case I had worked with on a previous case, and they were fully aware of the nature of my work with the FBI,” Kohlmann answered.

“No, the precise nature of your relationship with the FBI,” Dratel said, speaking cryptically due to the classified material and the limits the judge had placed on his questions.

“Objection, your Honor,” the prosecutor interrupted.

“Did you inform them?” Dratel asked Kohlmann

Aaronson doesn’t guess, but I would guess that Kohlmann gets paid by the FBI to troll jihadist forums and identify potential sting targets.

A lot of counterterrorism cases include some evidence about online discussions (sometimes in forums, sometimes on more public sites), which gets turned over as an “unsolicited tip” to FBI officers, who then engage, and — on seemingly thin evidence — obtain a FISA warrant, which then leads to further evidence to support the sting. The judge in the case may never learn the details of this unsolicited tip, particularly if she is never asked to review a FISA warrant.

Defense attorneys never learn the details of those unsolicited tips — that’s part of what the whole FISA process hides — but they would be used in the materials to the FISC.

In other words, I’m guessing that Dratel got evidence that Kohlmann is providing the raw material for FBI’s stings, based on his whackjob theory of radicalization (the reference to Mehanna’s case may mean — and this is purely speculation — Kohlmann took part in some of the same kinds of online discussions that were used to incriminate Mehanna.

If I’m right, though, it would confirm what observers — starting with former FBI Agent Mike German — have long talked about: that the government is funding an echo chamber of “experts” who create the approach to terrorism we use, then reinforce it with their purported expertise.

This insight is crucial to understanding the government’s continuing embrace of radicalization theories. Simply put, the government continues to be the primary sponsor of radicalization studies because they justify counterterrorism policies that maximize its policing powers. As Kundnani has written, “[s]cholarship that associates a particular kind of ‘disposition’, be it ‘cultural,’ ‘psychological’…, with terrorist violence enables intelligence gatherers to use that disposition as a proxy for terrorist risk and to structure their surveillance accordingly.”

Treating terrorism as the spread of an ideological infection within a vulnerable community also allows the government to put aside difficult questions about the role U.S. foreign and national security policies play in generating anti-American grievances, which the Defense Department raised in this 2004 report. Studies supporting government radicalization theories rarely mention U.S. military actions in Muslim countries, lethal drone strikes, torture, or theGuantanamo Bay prison as radicalizing influences, though many terrorist reference them in attempting to justify their actions.

The reliance on radicalization theory also provides benefits to those who support the current political, social, and financial status quo, particularly in regard to U.S. foreign policy. The support for these theories comes from a broad array of organizations.

[snip]

Neo-conservativethink-tanks, private terrorism investigators, and cyber vigilantes that typically support the maintenance of interventionist Middle East policies and aggressive counterterrorism measures also stand to benefit from the government’s reliance on radicalization theory. These self-styled experts have the appearance of independent researchers, but often serve as echo-chambers for government theories of extremist organizations and behavior. As a defense attorney explained to The Nation, “[t]hey all work for the government or they work for government-funded agencies or government-contracted projects… [a]nd so when the government calls them, they are ready sources of government-approved information.”

If Kohlmann is one of the “private terrorism investigators” German mentions — and he certainly fits the bill — then he very likely is dumping garbage of whackjob theory picked targets into the system, and then validating the same whackjob theories on the stand.

I don’t know the precise specifics of what Dratel has been alerted to, but it sure does seem like we’re closer to proving that Kohlmann and his ilk are providing Garbage In Garbage Out that drives the war on terror.

CryptoWars, the Obfuscation

The US Courts released its semiannual Wiretap Report the other day, which reported that very few of the attempted wiretaps last year were encrypted, with even fewer thwarting law enforcement.

The number of state wiretaps in which encryption was encountered decreased from 41 in 2013 to 22 in 2014. In two of these wiretaps, officials were unable to decipher the plain text of the messages. Three federal wiretaps were reported as being encrypted in 2014, of which two could not be decrypted. Encryption was also reported for five federal wiretaps that were conducted during previous years, but reported to the AO for the first time in 2014. Officials were able to decipher the plain text of the communications in four of the five intercepts.

Motherboard has taken this data and concluded it means the Feds have been overstating their claim they’re “going dark.”

[N]ew numbers released by the US government seem to contradict this doomsday scenario.

[snip]

“They’re blowing it out of proportion,” Hanni Fahkoury, an attorney at the digital rights group Electronic Frontier Foundation (EFF), told Motherboard. “[Encryption] was only a problem in five cases of the more than 3,500 wiretaps they had up. Second, the presence of encryption was down by almost 50 percent from the previous year.

“So this is on a downward trend, not upward,” he wrote in an email.

Much as I’d like to, I’m not sure I agree with Motherboard’s (or Hanni Fahkoury’s) conclusion.

Here’s what the data show since 2012, which was the first year jurisdictions reported being unable to break encryption (2012; 2013):

Screen Shot 2015-07-02 at 11.07.09 AM

You’ll see lots of parenthetical entries and NRs. That’s because this data is not being reported systematically. Parenthetical references are to encrypted feeds not reported until years after they get set, and usually those have been decrypted by the time they’re reported. NRs show that we have not getting these numbers, if they exist, from federal law enforcement (and the numbers can’t be zero, as reported here, because FBI has been taking down targets like Silk Road). The reporting on this ought to raise real questions about the quality of the data being reported and perhaps might spark some interest in mandating better reporting of this data so it can be tracked. But it also suggests that — at a time when law enforcement are just beginning to find encryption they can’t break (immediately) — there’s a lot of noise in the data. Does 2013’s 2% of encrypted targets and half-percent that couldn’t be broken represent a big problem? It depends on who the target is — a point I’ll come back to.

Congress will soon have that opportunity (but won’t avail themselves of it).

Even as US Courts were reporting still very low levels of encryption challenges faced by law enforcement, both the Senate Judiciary Committee and the Senate Intelligence Committee announced hearings next Wednesday where Jim Comey will have yet another opportunity to try to present a compelling argument that he should have back doors into our communication. SJC even saw fit to invite witnesses with opposing viewpoints, which the “intelligence” committee saw no need to do.

In an apparent attempt to regain some credibility before these hearings (Jim Comey is nothing if not superb at working the media), Comey went to Ben Wittes to suggest his claimed concern with increasing use of encryption has to do with ISIS’ increasing use of encryption. Ben quotes from Comey’s earlier comments to CNN then riffs on that in light of what Comey just told him in a conversation.

“Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption,” Comey said. “This is the ‘going dark’ problem in high definition.”

Comey said ISIS is increasingly communicating with Americans via mobile apps that are difficult for the FBI to decrypt. He also explained that he had to balance the desire to intercept the communication with broader privacy concerns.

“It is a really, really hard problem, but the collision that’s going on between important privacy concerns and public safety is significant enough that we have to figure out a way to solve it,” Comey said.

Let’s unpack this.

As has been widely reported, the FBI has been busy recently dealing with ISIS threats. There have been a bunch of arrests, both because ISIS has gotten extremely good at the inducing self-radicalization in disaffected souls worldwide using Twitter and because of the convergence of Ramadan and the run-up to the July 4 holiday.

As has also been widely reported, the FBI is concerned about the effect of end-to-end encryption on its ability to conduct counterterrorism operations and other law enforcement functions. The concern is two-fold: It’s about data at rest on devices, data that is now being encrypted in a fashion that can’t easily be cracked when those devices are lawfully seized. And it’s also about data in transit between devices, data encrypted such that when captured with a lawful court-ordered wiretap, the signal intercepted is undecipherable.

[snip]

What was not clear to me until today, however, was the extent to which the ISIS concerns and the “going dark” concerns have converged. In his Brookings speech, Comey did not focus on counterterrorism in the examples he gave of the going dark problem. In the remarks quoted by CNN, and in his conversation with me today, however, he made clear that the landscape is changing fast. Initial recruitment may take place on Twitter, but the promising ISIS candidate quickly gets moved onto messaging platforms that are encrypted end to end. As a practical matter, that means there are people in the United States whom authorities reasonably believe to be in contact with ISIS for whom surveillance is lawful and appropriate but for whom useful signals interception is not technically feasible.

Now, Ben incorrectly blurs the several roles of FBI here. FBI’s interception of ISIS communiques may be both intelligence and law enforcement. To the extent they’re the former — to the extent they’re conducted under FISA — they won’t show up in US Courts’ annual report.

But they probably should, if Comey is to have any credibility on this front.

Moreover, Ben simply states that “there are people in the United States whom authorities reasonably believe to be in contact with ISIS for whom surveillance is lawful and appropriate.” But there’s no evidence presented to support this. Indeed, most of the so-called ISIS prosecutions have shown 1) where probable cause existed, it largely existed in the clear, in Twitter conversations and other online postings and 2) there may not have been probable cause before FBI ginned it up.

It ought to raise real questions about whether Comey’s going dark problem is a law enforcement one — with FBI being unable to to access evidence on real criminals — or is an intelligence one — with FBI being unable to access First Amendment protected speech that nevertheless may be important for an understanding of the threat ISIS poses domestically. Again, the data is not there, one way or another, but given the law enforcement data, we ought to demand real numbers for intelligence intercepts. Another pertinent question is whether this encrypted data is easily accessible to NSA (ISIS recruiters are almost entirely going to be legitimate NSA targets located overseas), but not to FBI?

And all this presumes that Comey is telling the truth about ISIS and not — as he and just about every member of the Intelligence Community has done routinely — used terror threats to be able to get authorities to wield against other kinds of threats, especially hackers (which is not to say hackers aren’t a target, just that the IC likes to pretend its authorities serve an exclusively CT purpose when they clearly do not). The law enforcement data, at least, show that even members of very sophisticated drug distribution networks are using encryption at a really low level. Is ISIS’ ability to coach potential recruits into using encrypted products on Twitter really that much better, or is Comey really talking about hackers who more obviously have the technical skills to encrypt their communications?

Thus far, Comey would have you believe that intelligence — counterterrorism — targets encrypt at a much higher rate than even drug targets. But the data also suggest even federal law enforcement (that is, Comey’s agency, among others) aren’t tracking this very effectively, and so can’t present reliable numbers.

Before we go any further in this cryptowar debate, we ought to be able to get real numbers on how serious the problem is.

Floating Security

Screen Shot 2015-06-29 at 11.25.57 AMGreetings! I’m back, just in time to refill the liquor cabinet. Thanks to Rayne, Jim, bmaz, and Ed for their fascinating posts while I was gone (and if you haven’t read it, I especially recommend Ed’s series on paradigms in economics).

As I mentioned before I left, I just took a vacation with my mom, who turned 75 during our trip. Because seeing Russia and Scandinavia were on her bucket list but she has mobility limitations, we decided to go on a Baltic cruise for the trip (it was my first cruise). Which meant, among other things, we we sailing from Germany past Poland and Kaliningrad to Lithuania on the last days of a NATO war game involving the Baltics, and we were docked in St. Petersburg for 3 days.

While I don’t know whether it was related to the war games, on the night of June 17-18, the ship took what a long-time sailor told us the next day seemed like an evasive maneuver at 2 AM that woke everyone I spoke to up. The following day, at around 6 (almost no one was awake because it was our one sailing day), the crew noted a ship tracking us on our starboard side that seemed very unusual to them. It pulled up ahead of the cruise ship far enough I couldn’t get a good picture or binocular check (it had a mostly red flag) when I returned, but was there for about 6 hours. I suck ass at military ship identification but it might have been a frigate. In any case, the New Cold War™ has not yet heated up sufficiently to turn our cruise ship into the Lusitania, so you’re all stuck with me.

I was just as interested in the security procedures for the ship. There are obvious measures (as those of you who have taken cruises surely know): a card check as you get on and off the boat every time, with metal detectors every time you get back on the boat. What I found interesting, though, were the less obvious measures, something you’d need to have for something that would otherwise be such an easy target but for which you wouldn’t want passengers to realize it. For example, there were undercarriage checks (the kind that are meant to be obvious in places like Brazil) that were not obviously visible. There were deck guards (one of whom got sheepish when I got into a conversation about the sunset he was taking a picture of), which are probably intended to minimize teenage pregnancies as much as anything else, but which keep a low profile on outer decks late at night. You couldn’t see security cameras anywhere, but I’m sure they were omnipresent. I’m really interested in the security checks employees undergo, as there can be up to 1,000 tip-dependent employees from developing nations on board. In any case, I imagine the cruise ship tracks everyone’s movement on board through use of key cards.

I was also interested in how cruise ship security intersected with Russian security (Russia has a 3-day exception to its visa requirement for cruise ship passengers who use a tour guide in Russia and return to their ship every night, but it requires going through customs every time you leave the ship and there is fine print that got a few people in trouble). Every time you left the ship, you’d first be scanned off the ship, then interact with a surly Russian border guard (I tried to little avail to butter them up with my very rudimentary Russian). On return, you’d go through a Russian metal detector to get into the port facility — but the guards only made you put bags through their x-ray machine, not all metal, and they pretty much ignored when you set off the metal detector. In other words, while Russia made a show of preventing weapons or bombs from entering the cruise ship terminal, it was pretty ineffective (there was a toll entry to get to the port itself by car, bus, or truck, though, which may limit what kinds of people could even get to the port). Then, you’d be checked out of Russia by the same surly border guards. Next you’d be checked into the boat and put through another metal detector upon entering the ship (though there were a few weak points to this process that I won’t mention). Though admittedly, the ship security was probably also designed as much to find booze and food that passengers were taking onto the ship, both of which had ostensible security purposes, but also served the cruise’s business model of ensuring captive consumption of booze on board.

In any case, the cruise ship obviously didn’t trust Russia’s security measures, but the latter probably rely much more on their own intelligence and policing.

All of which is to say the cruise ship is an exercise in a mix between security theater (the not entirely perfect metal detector on board) and more obscure but presumably more effective measures. Given the volume of passengers that have to be processed in quick order, it would seem to be proof that such an approach is possible in other areas (including aviation), but we choose not to use it. Or maybe cruise ships are 1) better able to do a cost-benefit analysis and 2) subject to fewer US laws. I’m now interested in more about how cruise ships carry out their security, though expect much of it is secret.

One final observation. I found Lithuania (Klaipeda, right on the border with Kaliningrad) to be the most fascinating stop, in part because it has been a cruise destination for a shorter period of time than, say, Tallinn, and so has not been transformed as much. Mom and I took a ferry to the Curonian Spit, then took a taxi down the spit and then back to Klaipeda; our taxi drivers were a son and then his father in succession. That’s where my (as I noted, very rudimentary) Russian was most interesting. At the ferry, I was told clearly not to use it at all by a maybe 55-year old woman. The son, who had excellent Hollywood English, was more measured. His father, who reminded that he had had to use Russia all through school and military service, was very happy to have a quasi conversation in Russian with me (we occasionally resorted to Polish and Czech at times, as better mutually comprehensible languages). I found the mixed feelings about Russian, in a place with a very audible Russian minority, to be fascinating. But then, Lithuania is ground zero for the New Cold War™ and I can understand how rising tensions exacerbate underlying divisions.

Anyway, that’s the sum of my impressions from being unable to entirely turn off the security side of my brain.

Cyber-spawn Duqu 2.0: Was Malware Infection ‘Patient Zero’ Mapped?

Cybersecurity_MerrillCollegeofJournalismKaspersky Lab reported this morning a next-generation version of Duqu malware infected the information security company’s network.

Duqu is a known reconnaissance malware. Its complexity suggests it was written by a nation-state. The malware appears closely affiliated with the cyber weapon malware Stuxnet.

WSJ reported this particular version may have been used to spy on the P5+1 talks with Iran on nuclear development. Dubbed ‘Duqu 2.0,’ the malware may have gathered audio, video, documents and communications from computers used by talk participants.

Ars Technica reported in depth on Kaspersky’s discovery of the malware and its attributes. What’s really remarkable in this iteration is its residence in memory. It only exists as a copy on a drive at the first point of infection in a network, and can be wiped remotely to destroy evidence of its occupation.

The infosec firm killed the malware in their networked devices by mimicking a power outage. They detached from their network suspect devices believed to contain an infecting copy.

Kaspersky’s Patient Zero was a non-technical employee in Asia. Duqu 2.0 wiped traces of its own insertion from the PC’s drive.

Neither WSJ or Ars Technica noted Kaspersky’s network must have been subject to a program like TREASUREMAP.

…Because the rest of the data remained intact on the PC and its security patches were fully up to date, researchers suspect the employee received a highly targeted spear phishing e-mail that led to a website containing a zero-day exploit. … (bold mine – source: Ars Technica)

How was a single non-technical point of contact in Asia identified as a target for an infected email? Continue reading

Intelligence Committees Still Trying to Force Agencies to Follow Reagan’s Rules

34 years ago Ronald Reagan issued the Executive Order that still governs most of our country’s intelligence activities, EO 12333.

As part of it, the EO required any agency using information concerning US persons to have a set of procedures laying out how it obtains, handles, and disseminates information (see the language of 2.3 below).

Only — as the Privacy and Civil Liberties Oversight Board started pointing out in August 2013 — some agencies have never complied. In February, PCLOB revealed the 4 agencies that are still flouting Reagan’s rules, along with what they have been using:

The Department of Homeland Security’s notoriously shoddy Office of Intelligence and Analysis: Pending issuance of final procedures, I&A is operating pursuant to Interim Intelligence Oversight Procedures, issued jointly by the Under Secretary for Intelligence and Analysis and the Associate General Counsel for Intelligence (April 3, 2008).

United States Coast Guard (USCG)- Intelligence and counterintelligence elements: Pending issuance of final procedures, operating pursuant to Commandant Instruction – COMDINST 3820.12, Coast Guard Intelligence Activities (August 28, 2003).

Department of Treasury Office of Intelligence and Analysis (OIA): Pending issuance of final procedures. While draft guidelines are being reviewed in the interagency approval process, the Office of Intelligence and Analysis conducts intelligence operations pursuant to EO 12333 and statutory responsibilities of the IC element, as advised by supporting legal counsel.

Drug Enforcement Administration, Office of National Security Intelligence (ONSI): Pending issuance of final procedures, operates pursuant to guidance of the Office of Chief Counsel, other guidance, and: Attorney General approved “Guidelines for Disclosure of Grand Jury and Electronic, Wire, and Oral Interception Information Identifying United States Persons” (September 23, 2002); Attorney General approved “Guidelines Regarding Disclosure to the Director of Central Intelligence and Homeland Security Officials of Foreign Intelligence Acquired in the Course of a Criminal Investigation” (September 23, 2002).

Last year’s House Intelligence Committee version of NSA reform (the one I called RuppRoge) would have included language requiring agencies to finish these procedures — mandated 34 years ago — within 6 months. And now, over a year later, Dianne Feinstein’s latest attempt at reform echoed that language.

Which strongly suggests these agencies are still deadbeats.

As I said in February, I’m most concerned about DEA (because DEA is out of control) and, especially, Treasury (because Treasury’s intelligence activities are a black box with little court review). Treasury is making judgements that can blacklist someone financially, but it has thus far refused to institute procedures to protect Americans’ privacy while it does so.

And no one seems to be rushing to require them to do so.


2.3 Collection of Information. Agencies within the Intelligence Community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned and approved by the Attorney General, consistent with the authorities provided by Part 1 of this Order. Those procedures shall permit collection, retention and dissemination of the following types of information:
(a) Information that is publicly available or collected with the consent of the person concerned;
(b) Information constituting foreign intelligence or counterintelligence, including such information concerning corporations or other commercial organizations. Collection within the United States of foreign intelligence not otherwise obtainable shall be undertaken by the FBI or, when significant foreign intelligence is sought, by other authorized agencies of the Intelligence Community, provided that no foreign intelligence collection by such agencies may be undertaken for the purpose of acquiring information concerning the domestic activities of United States persons;
(c) Information obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics or international terrorism investigation;
(d) Information needed to protect the safety of any persons or organizations, including those who are targets, victims or hostages of international terrorist organizations;
(e) Information needed to protect foreign intelligence or counterintelligence sources or methods from unauthorized disclosure. Collection within the United States shall be undertaken by the FBI except that other agencies of the Intelligence Community may also collect such information concerning present or former employees, present or former intelligence agency contractors or their present or former employees, or applicants for any such employment or contracting;
(f) Information concerning persons who are reasonably believed to be potential sources or contacts for the purpose of determining their suitability or credibility;
(g) Information arising out of a lawful personnel, physical or communications security investigation;
(h) Information acquired by overhead reconnaissance not directed at specific United States persons;
(i) Incidentally obtained information that may indicate involvement in activities that may violate federal, state, local or foreign laws; and
(j) Information necessary for administrative purposes.
In addition, agencies within the Intelligence Community may disseminate information, other than information derived from signals intelligence, to each appropriate agency within the Intelligence Community for purposes of allowing the recipient agency to determine whether the information is relevant to its responsibilities and can be retained by it.

Mike Morell’s Performance of “Intelligence”

Given that Bill Harlow co-wrote George Tenet and Jose Rodriguez’ autobiographical novels, it’s fairly clear he continues to propagandize for the CIA years after he left the Agency as Public Affairs officer. Still, his past autobiographical novels were perhaps more convincing than the roll out of Mike Morell’s autobiographical novel, The Great War of Our Time, which Harlow also co-wrote. That’s pretty remarkable given that Morell had more retained credibility than either of the other two. This propaganda tour actually seems to be eroding Morell’s credibility.

Part of the problem is interviews like this, where Morell says both that we should be “all in” with Saudi Arabia (an asinine judgement, in my opinion, perhaps betraying CIA’s close ties to the Saudis) and that we should support secular Bashar al-Assad, which is totally inconsistent with his first stance.

And he makes those two claims in an interview where he also claims that numbers on collateral damage tied to drone strikes are “propaganda.”

“The other thing I’ll say is that this is the most precise weapon in the U.S. arsenal.  Collateral damage is not zero — and gosh, I wish it were zero, but it’s not — but it’s very close to zero.

“Number three, the numbers that you see about huge numbers of collateral damage just aren’t true.  They are put out there as propaganda by people who want this program to go away, and al-Qaida is one of those groups.”

It’s a great display of Morell’s approach to lying.

First, most people don’t claim there are huge numbers of collateral damage. TBIJ — which is both one of the more partisan voices against drone strikes but which also does some of the most meticulous work tracking drone killing over years — shows that civilians amount for around 14%  of those killed (a lower number than some more hawkish counts). The number itself is not, as Morell depicts it, “huge.” But it is, nevertheless, a relatively large amount, one what brings with it a lot of blowback. And the numbers — which again, are similar to those tracked my multiple independent sources — are much higher than CIA publicly claims.

It is CIA, and not drone killing trackers, engaged in propaganda here.

Yet by refuting something his opponents hadn’t asserted, Morell gets to claim to have debunked it.

While I have no idea what part of Sy Hersh’s story on Osama bin Laden are true, Morell’s use of the same method to debunk Hersh suggests he’s engaged — at least partly — in non-denial denial.

Jeff Stein deals with one problem with Morell’s debunking. CIA’s former Deputy Director claims that if we had tipped the Pakistanis (who are dealt with as a monolith in Morell’s story) they would have told Osama bin Laden. Wouldn’t that require knowledge of where he was, and some ongoing interest in protecting him? If so, that actually confirms a key premise of Hersh’s (and other reporters’) stories.

Then there’s Morell’s debunking of the walk-in story.

He claims that we learned of bin Laden’s location not from following the courier and from excellent intelligence analysis, but from a Pakistani intelligence officer who walked into the U.S. Embassy and gave us bin Laden’s whereabouts in exchange for “much of the $25 million reward offered by the U.S.” The truth is that while walk-ins have long been useful in providing intelligence to us world-wide, none of the information that led to finding the location where bin Laden was came from walk-ins.

NBC has already confirmed that there was a walk-in — just that he wasn’t key to identifying OBL’s location.

Editor’s Note: This story has been updated since it was first published. The original version of this story said that a Pakistani asset told the U.S. where bin Laden was hiding. Sources say that while the asset provided information vital to the hunt for bin Laden, he was not the source of his whereabouts.

Morell’s statement is utterly consistent with NBC’s reporting.

Morell claims to debunk Hersh’s claim that CIA obtained DNA from OBL.

bin Laden was very ill, and that early on in his confinement at Abbottabad, the ISI had ordered Amir Aziz, a doctor and a major in the Pakistani army, to move nearby to provide treatment.

[snip]

The planners turned for help to Kayani and Pasha, who asked Aziz to obtain the specimens. Soon after the raid the press found out that Aziz had been living in a house near the bin Laden compound: local reporters discovered his name in Urdu on a plate on the door. Pakistani officials denied that Aziz had any connection to bin Laden, but the retired official told me that Aziz had been rewarded with a share of the $25 million reward the US had put up because the DNA sample had showed conclusively that it was bin Laden in Abbottabad.

But Morell focuses on obtaining DNA from the compound and from OBL’s children, not from OBL himself.

Mr. Hersh says we obtained DNA samples from people in the bin Laden compound before the assault was launched. Wrong again. We would have liked to have obtained samples from the children in the compound to confirm that they were bin Laden’s children, but we did not. [my emphasis]

And Morell claims Hersh’s claim that SEALs couldn’t have thrown OBL body parts out the helicopter over the Hindu Kush …

The remains, including his head, which had only a few bullet holes in it, were thrown into a body bag and, during the helicopter flight back to Jalalabad, some body parts were tossed out over the Hindu Kush mountains – or so the Seals claimed.

… Because he received a burial at sea.

Finally—and most absurdly perhaps—Mr. Hersh cites his sources as telling him that SEALs threw bin Laden body parts off their helicopter over the Hindu Kush and suggests that the burial at sea from the USS Carl Vinson never happened. Bin Laden’s body received a proper Muslim burial at sea. How do I know? I heard the president give the order, and I saw photographs and video of the burial at sea.

Now, to be fair, this is one claim from Hersh I’m most skeptical of (though I realize now the SEALs might have thrown some body parts out the helicopter to leave DNA evidence that OBL was killed there, which was the purported cover story). But Morell’s debunking is no such thing, because it is perfectly possible a shrouded corpse could be buried at sea even if it were missing some body parts. (I’ll also note that JSOC hid what I believe to be trophy photos after this story started breaking, which suggests the SEALs did something with the corpse that would cause problems if it were publicized, though I always assumed they just hammed it up.)

In other words, as Morell does for his drone propaganda, he usually doesn’t debunk what Hersh wrote, but instead something else.

Which is a suggestion that he’s engaged in another cover story.

As FBI Considers Declaring State Secrets over Its Religion Training, ICE Releases Its Martyrdom Border Entry Questions

Three years ago, CAIR-MI sued the Department of Homeland Security and FBI because Muslims crossing the US-Canadian border keep getting asked questions about their religion. The suit has proceeded with CAIR getting discovery that largely remains secret.

But in a cross-motion filed last week, the government got really squirrelly relating to some information on how it deals with border questioning. It’s worried about three things: two FBI training documents and the redacted parts of a Sample Questionnaire ICE uses at the border.

At least one of the FBI training documents provides guidance on how the Bureau investigates certain things (likely Sensitive investigative subjects), including religion. The second is a training program attended by an Agent who had asked sensitive questions to one of the plaintiffs.

As set forth in Defendants’ Privilege Log of FBI Documents, FBI #2 is an “FBI operational training providing guidance on certain categories of investigations, one portion of which included questions related to religion.” See Pl. Mot. Exh. E. The Log further explains that the document “contains law enforcement sensitive information, the disclosure of which would impede or impair the effectiveness of an investigation and/or an investigative technique, method or procedure; and national security information.” The Log described FBI #4 as “Training attended by CBP Officer Janos during his affiliation with the FBI Task Force (described in response to Interrogatory 9),” and explained that it is a law enforcement sensitive document, the disclosure of which could harm the effectiveness of an investigation or an investigative technique, and “contains personally identifying information about individuals not party to this action.”

The government says that if the judge rules the first training program relevant to this suit, they may claim state secrets over it.

Therefore, if the Court determines thatthe national security information included in this document is both relevant toPlaintiffs’ equal protection claim and not protected from disclosure by the lawenforcement privilege, then Defendants request at least 60 days to considerwhether that information is subject to an assertion of the state secrets privilege,

Since 2008, when DOJ made it okay to use religion as one factor in investigations, there have been questions about how it might play into those investigations. But apparently, DOJ would rather invoke state secrets than tell us.

Then there’s the other thing the government doesn’t want to reveal: its list of questions it asks (under what circumstances, it won’t say) at the border. Some of those got released in a redacted list to the plaintiffs, released last week as part of a declaration explaining why the questions that get asked of selected people crossing the border can’t be released altogether.

But along with asking questions about who the interviewee’s faith leader is (these questions lay at the heart of the suit), they also ask about martyrdom (though one question remains redacted).

Screen Shot 2015-05-04 at 3.38.25 PM

 

It’s hard to imagine how such questions would ever elicit a useful response — unless the desired response is just to make people nervous. Someone ideological enough to have lost associates as suicide bombers would respond affirmatively rather than hiding their own associations?

But particularly given DHS’ excuse that because, as written, this questionnaire’s religious questions are religion neutral, the questions on martyrdom are absurd. Not because just Jihadists foster the claim of suicide bombing (though I think even that claim could be true), but also because so many completely innocent Muslims have been killed in recent years for living in the wrong place at the wrong time. Do those people count as martyrs? Or is this another attempt to instill an odd multileveled evaluation of deaths, in which the only dead Muslims are those extremists who’ve deliberately killed themselves, and not the million who create the animus?

Or does DHS just plan on deporting someone years from now because someone didn’t identify a relative killed in an asymmetric war as a “martyr,” the word DHS itself picked?

It’s clear DHS is asking religious questions (though it’s not clear whether CAIR will have the ability to show that, because only Muslims get pulled into secondary, the questions end up getting posed only to Muslims). But with this odd martyrdom question, it’s also hard to see how these are effective questions.

1 2 3 91
Emptywheel Twitterverse
bmaz RT @djsziff: Then referred to the President who saved the Union as a "McConaughey-shilled pseudo-luxury sedan." https://t.co/riWwXlkmwt
8hreplyretweetfavorite
emptywheel @ColMorrisDavis Martinis?!?!?! Have you ever even BEEN to Ann Arbor!?!?! Think I saw about 7 martinis in 15 years there. @JohnDingell
8hreplyretweetfavorite
emptywheel @ThusBloggedA See?!?! Also you're prolly a bacon loyalist. @JasnTru
8hreplyretweetfavorite
emptywheel @ThusBloggedA You don't know that. I liked dirtbags for my first ~5 boyfriends. Changed my taste after a while. @JasnTru
8hreplyretweetfavorite
emptywheel .@JasnTru What I'm struck by is I had remembered Miss Piggy to be buxom. But she's not, really. Maybe Kermit likes flat-chested women?
8hreplyretweetfavorite
emptywheel Kermit the Frog girlfriend cleavage is a weird thing.
8hreplyretweetfavorite
emptywheel @PhilPerspective No no no no. When a Wolverine Jet gets treated better than a Wolvering Pat you KNOW something's up.
8hreplyretweetfavorite
emptywheel RT @ProFootballTalk: Jay Feely told Judge Berman about the 2009 Jets K ball incident, which resulted in no investigation of the kicker http…
8hreplyretweetfavorite
bmaz No no, Khan was just collateral damage. Really, that's what my government told me. https://t.co/Bwu8CFx97h
8hreplyretweetfavorite
JimWhiteGNV When will the #Rays ever learn that Kirby Yates has no business in #MLB?
8hreplyretweetfavorite
emptywheel @Green_Footballs @nytimes @SusieMadrak Maybe @Sulliview has an answer for why NYT can't report this as critically as others?
8hreplyretweetfavorite
September 2015
S M T W T F S
« Aug    
 12345
6789101112
13141516171819
20212223242526
27282930