1 2 3 92

Both Iran and the US Have Their Scary Monsters

“Cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber cyber…”

That’s my best summary of the intended jist of this NYT story (I’ll return to the real news in it in a big), reporting that Iran is trying to acquire influence with what it variously calls “cyberattacks” and “cyberespionage,” having now been dissuaded from acquiring influence with a nuclear weapons program. It quite literally uses the word “cyber” 19 times.

But what it really means is that Iran is spying, like all other nations do.

But last year, private security researchers say, Iranians began using cyberattacks for espionage, rather than for destruction and disruption.

Interestingly, it says this WSJ story reported bits of it first; that story clearly insinuates Iran used contacts found on the computer of an Iranian-American businessman they arrested to find other contacts, which is not something NYT mentions at all.

Friends and business associates of Mr. Namazi said the intelligence arm of the IRGC confiscated his computer after ransacking his family’s home in Tehran.

In any case, NYT has put two reporters in charge of wielding that scary word “cyber” over and over to make Iran’s actions, acting like any other country, more scary.

That story appeared yesterday.

Today, the AP has this story.

Iran’s top leader says the United States is using “money and sex” to try to infiltrate the Islamic Republic and warns Iranians not to fall into the “enemy’s trap.”

In remarks to commanders of the elite Revolutionary Guard Wednesday, Ayatollah Ali Khamenei says authorities should take concerns about “infiltration” seriously and that political factions should not use the issue against each other.

Khamenei’s warning is just as ridiculous as the NYT’s. Breaking: The US is using the kinds of carrots and sticks used for millennia to recruit spies!

I just find it funny that each sees their scary monster — cyber, in the case of the US, and sex, in the case of Iran — as the means to fear-monger about everyday spying.

Defining Stingray Emergencies … or Not

A couple of weeks ago, ACLU NoCal released more documents on the use of Stingray. While much of the attention focused on the admission that innocent people get sucked up in Stingray usage, I was at least as interested in the definition of an emergency during which a Stingray could be used with retroactive authorization:
Screen Shot 2015-11-08 at 9.27.59 AM

I was interested both in the invocation of organized crime (which would implicate drug dealing), but also the suggestion the government would get a Stingray to pursue a hacker under the CFAA. Equally curiously, the definition here leaves out part of the definition of “protected computer” under CFAA, one used in interstate communication.

(2) the term “protected computer” means a computer—
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

Does the existing definition of an emergency describe how DOJ has most often used Stingrays to pursue CFAA violations (which of course, as far as we know, have never been noticed to defendants).

Now compare the definition Jason Chaffetz used in his Stingray Privacy Act, a worthwhile bill limiting the use of Stingrays, though this emergency section is the one I and others have most concerns about. Chaffetz doesn’t have anything that explicitly invokes the CFAA definition, and collapses the “threat to national security” and, potentially, the CFAA one into “conspiratorial activities threatening the national security interest.”

(A) such governmental entity reasonably determines an emergency exists that—

(i) involves—

(I) immediate danger of death or serious physical injury to any person;

(II) conspiratorial activities threatening the national security interest; or

(III) conspiratorial activities characteristic of organized crime;

Presumably, requiring conspiratorial activities threatening the national security interest might raise the bar — but would still permit — the use of Stingrays against low level terrorism wannabes. Likewise, while it would likely permit the use of Stingrays against hackers (who are generally treated as counterinteligence threats among NatSec investigators), it might require some conspiracy between hackers.

All that said, there’s a whole lot of flux in what even someone who is often decent on civil liberties like Chaffetz considers a national security threat.

And, of course, in the FISA context, the notion of what might be regarded as an immediate danger of physical injury continues to grow.

These definitions are both far too broad, and far too vague.

Response to Snooper’s Charter: URL Searches Are Broadly Available in the US

In an unsuccessful effort to beat ACLU in a lawsuit over the constitutionality of the Child Online Protection Act, in 2005 DOJ sent a subpoena to Google asking for “all URL’s that are available to be located to a query on your company’s search engine as of July 31, 2005” and “all queries that have been entered on your company’s search engine between June 1, 2005 and July 31, 2005.” By challenging the order, Google was able to get the request significantly reduced. But it is understood that DOJ sent the same request to Yahoo, Microsoft, and AOL, and those providers substantially complied (it’s possible they negotiated what DOJ claimed was a more reasonable production of 1 million randomly-selected URLs and one week of actual searches with Personally Identifiable Information removed, but they are presumed to have done at least that much).

That’s a demonstration of the fact that the Federal government can and has gotten massive amounts of URL data from search engine operators with only a subpoena. The government can and does get such information in criminal investigations with a subpoena as well. The government probably faces more scrutiny when using FISA to get such information, as since 2009 it has likely falled under Section 215 and the minimization procedures finally adopted in 2013, but that would still represent access to URLs with a relevance standard.

Which means the primary limit on the government’s access to URL searches with a subpoena in the US is providers’ data retention policy. And that means URL searches are, in general, readily available. Neither Google nor Microsoft state in their privacy policy how long they retain this stuff — though in response to European pressure and to stave off regulation on the issue, in 2010 Google stated it would “only” retain and associate URLs with individual users for 18-24 months, and Microsoft claimed it would only associate Bing records with IPs for 6 months (though that claim is no longer available on its site). Yahoo keeps search data tracked to user for 18 months, with some law enforcement exceptions. All would keep the searches, but de-identify from individual users, thereafter.

Google now permits users to delete past searches (though again, it keeps the searches themselves).

That means for 97% of US users, URL searches will be available to law enforcement with a subpoena for at least 6 months and more often 18 months, unless opting out in Google makes such things genuinely unavailable to law enforcement requests.

On the ISP side, Comcast — which serves half of America’s broadband users — in the recent past has said it keeps IP records for 6 months (though I’m not sure if that’s still in their privacy policy). Time Warner, which has a 13% market sharedoesn’t appear to say, though it has said 6 months in the past. So for the overwhelming majority of broadband subscribers in the US, that information will be available for at least 6 months and possibly far longer. That information, too, is available with a subpoena.

I raise this because one of the things in the British Snooper’s Charter — a scary, comprehensive new surveillance bill designed, for the most part, to provide legal basis for the existing practice — rolled out earlier this week that people have reacted against is the proposed mandate in the bill that would require all providers to keep records of internet activity for a year. That is a problem. But not only does the proposal appear to be intended for more targeted use (that is, data retention requests that would override all of the above retention deadlines), it also is explicitly intended for more limited use. Unlike in the US, investigators are not supposed to be able to find out details of what people were doing online. Such information commonly appears in terrorist (especially) criminal cases.

That is, in most areas (not all; location data is one area where UK practice is clearly worse) where the Snooper’s Charter seems extreme, the reality for the overwhelming majority of Americans rivals what will be mandated under the UK bill. What the UK bill may do is eliminate the safety of services like DuckDuckGo (which doesn’t keep records of your searches), as well as the value of opt-out policies to the extent they really protect a user from law enforcement.

But if people think what’s in the Snooper’s Charter is bad, then you also need to be worried about the reality in the US for most users.

I will have far more to say about the Snooper’s Charter going forward. But one reason why people seem more worried about the Snooper’s Charter than similar permissions here in the US is that we have not had a Snowden for the FBI. That is, much of what is described in the Snooper’s Charter involves domestic intelligence. And the FBI has never been asked to provide a comprehensive view of all the kinds of surveillance it uses (indeed, it has succeeded in evading legal oversight in a number of ways), and very very little of it got included in Snowden’s leaks.

For all the problems of the policies laid out in the Snooper’s Charter, at least the UK’s spooks and cops have had to reveal what they’re actually doing. It’s high time for FBI (and DEA and all the other surveillance-crazy domestic law enforcement agencies in the US) to do the same.

Updated: Corrected an error in DOJ’s “reasonable” request to Google and tweaked for clarity.

Who Was Actually Doing “FBI’s” Aerial Surveillance of Black Lives Matter in Baltimore?

FBI's Critical Incident Response Group does surveillance but do not appear in unredacted parts of the documents.

BPD said they would call in FBI’s Critical Incident Response Group, which does aerial surveillance, but CIRG does not appear in unredacted parts of the documents.

The ACLU just released a series of documents about the FBI’s aerial surveillance of Black Lives Matter protests after Baltimore cops killed Freddie Gray. As they note, the documents show two different parts of FBI, the Washington Field Office and Special Flight Operations Unit, conducting electronic surveillance of protestors, using night vision and other technology. At least two of the flights were claimed to be “consensual,” which ACLU’s Nate Wessler thinks might just reflect public monitoring. Both of those consensual flights appear to have been “collected from” a third party.

Because I’m interested in what happened to one set of video cards, I’m going to do a timeline based on the flight logs and the evidence log.

The timeline shows several things:

FBI did surveillance before Baltimore asked for it

The FBI conducted at least 5 surveillance flights, including several by the Washington Field Office, before a May 1 memo reflecting Baltimore Police Department (BPD) requesting help, prospectively, from Washington Field Office, though a BPD passenger had been on two Special Flights Operations Unit (SFOU) flights before then.

Of signifiant note, the memo said it would ask for help from FBI’s Critical Incident Response Group.

The potential for large scale violence and riots throughout the week presents a significant challenge for the Baltimore Police Department for airborne surveillance and observation. Baltimore will request the assistance of CIRG and WFO in the matter of airborne surveillance to assist the Baltimore Police Department.

CIRG is an elite group within FBI, and includes a Surveillance and Aviation Section, which would (presumably) have far more sophisticated aerial surveillance technology than your typical field office. Correction: It is that, but SAS also manages FBI’s airplanes generally.

CIRG’s Surveillance and Aviation Section (SAS) provides modern jets and other aircraft that respond to crisis situations domestically and around the world. SAS can deploy aviation assets worldwide, including assignments in combat theaters.

CIRG does not appear, unredacted, in any of the flight or evidence logs turned over to ACLU, but if they were involved with this surveillance it might explain some of the other odd details in these documents. As noted below, there are some other interesting redactions that might indicate CIRG involvement.

One more detail about the memo. It used looting to justify the request for help. But it also invoked online discussions among people alleged to be sovereign citizens. So they used a number of different claimed threats to justify the request for help.

FBI changed its case number after conducting the first flights

In many cases, the flight logs show changes made in the notes associated with each flight; in such cases, the log will show both the old set of notes and the new one. For the SFOU flights logged before that memo showing BPD asking for FBI help, someone updated the flight logs with the case number that FBI has left unredacted for this release (the original case number is redacted) after that memo got written. For example, this shows SFOU updating the log from their 4/30 flight on 5/2, replacing a redacted case number with case number “343A-BA-6337966” which is the case file that all these documents are associated with.

Screen Shot 2015-10-30 at 2.15.01 PM

This means SFOU originally conducted the earlier flights under a different FBI case number. This could either be another specific case, or a general number they use for standing investigations, as the FBI does both.

The Washington Field Office flights didn’t get logged until after that memo got written (they appear to all have been logged in one sitting on 5/4), so they always used the same case number.

You have to wonder how often the FBI delays doing flight logs until they have a case number to do the flight under–that likely violates protocols tying surveillance to a specific investigation.

ACLU didn’t get the flight logs for at least one flight

ACLU received flight logs for flights occurring between 4/29 and 5/3. But this document shows a flight occurring (or at least starting) on 4/28.

Screen Shot 2015-10-30 at 2.23.07 PM

This might just reflect an overnight flight the night of 4/28-29 (most of these flights occurred at night), except that there are two other evidence log files for flights on 4/29 that would correlate with the two flight logs from that date. I think it’s possible this is a BPD or a different federal agency’s flight — either Secret Service or Homeland Security, which the memo says BPD was working with — though the evidence appears to have come through FBI.

One flight reflects an FBI passenger

There are, in general, one flight a day for the days logged from each part of FBI, the SFOU and WF. The exception is 4/30, when what appears to be the Baltimore office flew an FBI passenger (whose identity was redacted under a 7E, law enforcement technique, FOIA exemption). Curiously, this flight wasn’t logged until well after the actual flight, on 5/21. Note, since this is a Baltimore flight, it’s unlikely it’s someone flying in from DC to see events.

Two consensual flights appear to have come from a third party

As ACLU itself noted, some (two) of these evidence logs claim the surveillance was consensual.  The two have something else in common. The entry for “collected from” (which elsewhere has unredacted descriptions where it is used, often “Aerial Surveillance Washington” or “…Baltimore”) is redacted, but it clearly shows the file is collected from a third party via an interim one.

Screen Shot 2015-10-30 at 2.31.14 PM

This would seem to suggest the entity that did the surveillance is being hidden. Note, it is being hidden with a 7E law enforcement technique.

Much of this evidence didn’t get logged until a delayed evidence turnover

As I said, the reason I decided to map out this timeline is because there was a delay in some of the SD cards arriving, presumably in Baltimore, to be logged. Even the description, written on 6/1, offered to justify the delay raises questions.

The purpose of this communication is to explain the late submission of Bureau aircraft[redacted] video to the Baltimore ELSUR unit. For background, Washington Field Office (WFO) and Special Flight Operations provided airborne support for the Baltimore Division during the week of April 27, 2015. Missions were flown from April 29 through May 2. The [redacted] SD cards were shipped to the Baltimore Division via FEDEX and arrived on May 5. The FEDEX package arrived at [redacted] approximately May 8. Due to operational missions on May 9 and May 10, the [redacted] SD cards were submitted to the ELSUR unit on May 11.

For example, where were the cards that they needed to be FedExed to (presumably) Baltimore, given that WFO was supposed to be involved in this? Why is FBI redacting the receiving office? Did these SD cards need to be reviewed for sources and methods? And what explains the uncertainty — we’re talking chain of evidence, after all — about when precisely they were received?

As the timeline notes, 4 of the evidence disks were not logged until after this justification got written. This includes the 3 instances where the file was collected via a third party, as well as a Washington Surveillance video attributed to 5/2 but actually taken on 5/1. Two of these are the “consensual” videos.

4/28: Aerial surveillance Serial 4 collected, collected from Washington, WF holding, logged 5/5

4/29: Aerial surveillance Serial 5 collected, collected from “Aerial Surveillance Video, Baltimore,” logged 5/6

4/29: Aerial surveillance Serial 9 collected, collected from indicates third party, holding office Baltimore, logged 6/2

4/29: 2.6 hour night SFOU flight with 3 crew members, 1 BPD passenger, originally logged at 7:52PM on 4/30, then updated with new case number on 5/2 at 2:01AM, Risk = 0

4/29: 4.5 hour WF flight (1.5 of which were at night), 2 crew members, no passengers, originally logged at 5/4 at 2:28 PM, then updated with virtually same information (without decimals) 5/4 at 2:35PM, Risk = 18

4/30: 4.9 hour SFOU night flight with 3 crew members, 1 BPD passenger, first logged at 4/30 at 7:46 PM, then updated with new case number at 5/02 at 2:02 AM, Risk = 0

4/30: Aerial surveillance Serial 2 collected, “collected from” redacted name [a category not always used elsewhere], Washington holding, logged 5/4

4/30: 3.4 hour WF night flight with 2 crew members, first logged at 5/4 at 1:38PM, then updated with virtually same information (without decimals) 5/4 at 1:38 PM, Risk = 20

4/30: 2 hour Baltimore night flight with 1 crew member, 1 FBI passenger (hidden, in part, for b7E), first logged 5/21 at 3:23PM, Risk = 18

5/1: Aerial surveillance Serial 11 collected (surveillance start 4/30, but end 5/1), collected from redacted but via third party, Baltimore holding, logged 6/2, surveillance listed as consensual

5/1: Memo, titled to include 4/27 date but reflecting events back to 4/25, stating, “Baltimore will request the assistance of CIRG and WFO in the matter of airborne surveillance to assist the Baltimore Police Department.”

5/1: 1.4 hour SFOU night flight, with 3 crew members, 1 BPD passenger, first logged 5/1 at 1:15 AM, updated without decimals 5/1 at 1:32 AM, then updated with new case number at 5/2 at 2:02 AM Risk =0

5/2: Aerial surveillance Serial 10 collected (though surveillance start and end listed as 5/1), collected from redacted, but via third party, Baltimore holding, logged 6/2, surveillance described as consensual

5/1: 5 hour WF flight (spanning night and day), with 2 crew members, first logged 5/4 at 1:58 PM then updated without decimals 5/4 at 2:00 PM Risk = 24

5/1: Aerial surveillance Serial 3 collected, collected from WF, holding Washington, logged 5/4

5/2: 3.9 hour SFOU night flight, with 3 crew members, 1 BPD passenger, first logged 5/2 at 2:03AM then updated 5/2 at , 2:04AM and 2:05AM, adding decimals, possibly changed flight ID? without Risk = 0

5/2: 4.3 hour WF flight — including training — spanning night and day, first logged 5/4 at 2:08 PM then logged 5/4 at 2:09 PM Risk = 20

5/2: Aerial surveillance Serial 8 collected, collected from Aerial Surveillance, Washington, logged 6/1

5/3: 4.2 hour SFOU flight, with 3 crew members, 1 BPD passenger, first logged 5/4 2:44 PM, then 2:45PM, then updated 5/4 4:42PM, Risk = 0

5/3: Aerial surveillance Serial 6 collected, no details on receipt from (but Baltimore, not WF, is holding office), logged 5/12

5/4: Serials 2, 3 logged

5/4?: SD cards shipped, unknown date

5/5: Serial 4 logged

5/5: SD cards shipped by FedEx arrive in Baltimore

5/6: Serial 5 logged

5/8, approximate: SD cards arrive at [location redacted]

5/9, 5/10: Operational missions disrupt logging

5/12: Serial 6 logged

6/1: Explanation for late turnover of one video, claiming missions were flown from 4/29 to 5/2

6/1: Serial 8 logged

6/2: Serial 9, 10, 11 logged


As One of First Acts as Speaker, Paul Ryan Retains Devin Nunes on HPSCI

A few weeks ago, I noted that the new Speaker — officially yesterday, Paul Ryan — had an opportunity to name Chairmen of Select committees, most notably Devin Nunes on the House Intelligence Chair. I argued the new Speaker should do just that, with the aim of having more rigorous oversight of the nation’s Intelligence Community.

[I]t seems fair to suggest that Nunes should go too. While Nunes was actually better on Benghazi than his predecessor (raising questions about the CIA’s involvement in gun-running), he has otherwise been a typical rubber stamp for the intelligence community, rushing to pass info-sharing with Department of Energy even while commenting on their shitty security practices, and pitching partisan briefings to give the IC one more opportunity to explain why the phone dragnet was more useful than all the independent reviews say it was.
The Intelligence Community has lost credibility since 9/11, and having a series of rubber stamp oversight Chairs (excepting Silvestre Reyes, who was actually reasonably good) has only exacerbated that credibility problem. So why not call for the appointment of someone like former state judge Ted Poe, who has experience with intelligence related issues on both the Judiciary and Foreign Relations Committees, but who has also been a staunch defender of the Constitution.


[N]o place in Congress needs to be reformed more than our intelligence oversight. And while picking a more independent Chair won’t revamp the legal structure of intelligence oversight, it might initiate a process of bringing more rigorous oversight to our nation’s intelligence agencies.

Apparently, Speaker Ryan disagrees. He issued this statement today (I guess Ryan is just a few years too young to remember that the world actually used to be a more dangerous place, but whatev).

The world has gotten only more dangerous, and serious times call for serious leaders. That’s why I’ve asked Rep. Devin Nunes to stay on as chairman of the House Intelligence Committee. Devin and Armed Services Committee Chairman Mac Thornberry have done great work holding the administration accountable for its national-security failures, and I want them to continue their strong partnership. Though Congressman Nunes has been a terrific ally and staunch defender of conservative principles on the Ways and Means Committee, I am grateful for his continued leadership of the Intelligence Committee.

It’s unclear whether this was an affirmative choice, or a bid to make the contest to replace Ryan as Chair of Ways and Means easier.

In accepting Ryan’s request, however, Nunes — apparently also too young to remember the Cold War in his assessment of global threats — pointed to cybersecurity (AKA domestic Internet spying) legislation as one of his priorities.

I am honored to have been asked by the new Speaker of the House, Paul Ryan, to continue serving as Chairman of the House Intelligence Committee. Our nation faces unprecedented global threats ranging from the growing risk of deadly terrorism to debilitating cyber-attacks, and the Intelligence Community’s response to these threats requires diligent Congressional oversight. After careful reflection and in light of the Speaker’s wish for me to continue this important role, I have decided to remain Chairman of the House Intelligence Committee. As we move forward under the leadership of Speaker Ryan, it will be important to complete the good work we have done on an intelligence authorization bill and to get cybersecurity legislation passed to the President’s desk.

Ah well. When Ryan runs for President I guess we can point to this as an indication of his desire to let the intelligence community continue to run roughshod.

Congratulations to James Clapper and the rest of the lot. You still run the joint!

The Wayne Simmons Operation

In August 2008, in the waning days of Bush Administration, GOP hack Wayne Simmons got a job with a Defense Contractor (I’m not sure, but it may be BAE Systems) to serve as a Human Terrain System team Leader. He told the contractor he had worked for CIA for decades, and as such was eligible for security clearance. He got an interim security clearance for the role. He completed training for the role, but never deployed, and appears to have ended that relationship in March 2009, after President Obama’s election and inauguration.

From April 2010 through August 2010, presumably relying on the representation a security clearance was already in the works with the earlier Human Terrain contract and relying on a second interim security clearance, Simmons contracted with the subcontractor to another company and deployed to Afghanistan to serve as a senior counterinsurgency consultant to ISAF. This would have put him in the vicinity of Stanley McChrystal and — after McChrystal’s Rolling Stone related downfall — David Petraeus during the early days of the surge.

These details from the Simmons indictment released yesterday make me wonder whether there’s not something more to this case.

The case ties its jurisdiction to Eastern District of Virginia — where local spooks and the Pentagon can bury really inconvenient facts — through three different charges. The first is a scheme, dating from 2011 to 2013, to get Virginia bank account holder E.L. to send him $125,000 for some kind of land deal, which seems like an add on to the indictment that otherwise ties to fraudulently getting clearance. There’s a separate part, tied to the invoices from the ISAF subcontractor in MD to its prime in VA, that ties it to VA, as well, but that’s an attenuated basis (not that that ever stopped EDVA).

And then there’s the false statement Simmons made in 2009 to State (but in a letter sent to Arlington, VA) to support his security clearance application. As part of his false statements, Simmons hid a felony weapons possession conviction that dates to 1984, which in turn dates back to a 1980ish Maryland conviction.

The indictment is silent about how Simmons’ lies were discovered. It is also silent on whether he ever actually received a full clearance. (I wondered, when I first heard of this, if his lies were discovered in the aftermath of the OPM hack, since his attempts to get clearance, and potentially any record of the 1984 felony, would have shown up there; remember that records dating back to 1984 were stolen.)

In his online bio (which is presumably facetious as well), Simmons claims to have done the following:

1973: Join the Navy

1973: Recruited by the CIA where he joined the “Outside Paramilitary Special Operations Group,” working in Central and South America and the Middle East

[1984: Possession of a firearm with prior felony]

2002: Joins Fox

2004: Joins Donald Rumsfeld’s Pentagon Outreach Program for Military and Intelligence Analysts propaganda program (which would probably not be unrelated to his ties to Fox)

July 2005: First trip to Gitmo as an “outside Intelligence officer”

July 2006: Second trip to Gitmo [see below for update]

July 2006: Consultant to write Military Commissions Act of 2006

March 2008: Third trip to Gitmo

2014: Citizens Commission for Benghazi serves to drive “demand” for Benghazi committee (though curiously, the report tied to this actually offers more serious critiques of our engagement in Libya than any other right wing attack, which is rather interesting given Simmons’ past association with Petraeus)

Media Matters has a summary of the stances he has taken on Fox, which are core anti-Democratic attacks and Islamophobia.

All of which is to say that Simmons seems to be a long time conservative covert operative and propagandist, with (if his claims about Gitmo are true) ties to torture and similar. Which would make his deceitful efforts to get himself stationed in ISAF at a key time of particular interest.

Update: Thanks to Konrad Roeder for the link to Simmons’ firearms charge, which notes he was convicted of something else in Maryland in 1980.

Update: I asked Joseph Hickman, author of the (highly recommended) Murder at Camp Delta whether he had ever run into Simmons. Hickman was at Gitmo from March 2006 through March 2007. He responded,

One of my responsibilities at GTMO was to keep track of every person coming in and out of Camp America (Camp America housed all of the DOD detention facilities at the time: Camp Delta, Camp 5, Camp Echo, and Camp Iguana). I had several soldiers under my command for this task. I can tell you Wayne Simmons Never went to any of those facilities. I never saw him. I contacted two of my soldiers after you raised the question to me, and asked them as well. Neither of them ever saw him at GTMO.

That doesn’t mean Simmons wasn’t at Gitmo, but if he was, he was somewhere else, such as at the Camp No facility where three detainees died in June 2006.

Update: I pinged Cannonfire, who’s great at digging into these half-live frauds. He’s got a post on what he found on Simmons here.

While They’re Replacing John Boehner, the GOP Should Replace Devin Nunes, Too

In a profile in Politico, Justin Amash* makes the case that the Freedom Caucus’ rebellion against John Boehner isn’t so much about ideology, it is about process.

Republican leaders see Freedom Caucus members as a bunch of bomb-throwing ideologues with little interest in finding solutions that can pass a divided government.

But that’s a false reading of the group, Amash told his constituents. Their mission isn’t to drag Republican leadership to the right, though many of them would certainly favor more conservative outcomes. It’s simply to force them to follow the institution’s procedures, Amash argued.

That means allowing legislation and amendments to flow through committees in a deliberative way, and giving individual members a chance to offer amendments and to have their ideas voted on on the House floor. Instead of waiting until right before the latest legislative crisis erupts, then twisting members’ arms for votes, they argue, leadership must empower the rank and file on the front end and let the process work its will.

“In some cases, conservative outcomes will succeed. In other cases, liberal outcomes will succeed. And that’s OK,” said Amash, who was reelected overwhelmingly last year after the U.S. Chamber of Commerce backed his Republican primary rival. “We can have a House where different coalitions get together on different bills and pass legislation. And then we present that to the Senate and we present it to the White House.

The truth lies somewhere in-between. After all, 8 of the 21 questions the FC posed to potential Speaker candidates are ideological in nature, hitting on the following issues:

  • Obamacare
  • Budget and appropriation resolution reform
  • Ex-Im bank
  • Highway Trust Fund
  • Impeaching the IRS Commissioner
  • First Amendment Defense Act

Admittedly, even some of those — the financial ones — are procedural, but there are some key ideological litmus tests there.

Of the remaining 21 questions, 3 pertain to use of NRCC resources, 4 pertain to conference make-up, and 6 have to do with process. In other words, this block of members wants to end the systematic exclusion of their members from leadership and other positions and the systematic suppression of legislation that might win a majority vote without leadership sanction.

And while I certainly recognize that some of these process reforms — again, especially the financial ones — would likely lead to more hostage taking, I also think such reforms would also make (as one example) stupid wars and surveillance less likely, because a transpartisan majority of the House opposes many such things while GOP leadership does not (Nancy Pelosi generally opposes stupid surveillance and wars but also usually, though not always, does the bidding of the President).

The Yoder-Polis Act, an ECPA reform bill supported by 300 co-sponsors, is an example of worthy legislation that has long been held up because of leadership opposition.

While making the case for reform, though, I’d like to make the suggestion for another: to boot Devin Nunes, the current Chair of the House Intelligence Committee. According to the House Republican rules, the only positions picked by the Speaker are Select Committee Chairs, which would include Nunes and Benghazi Committee Chair Trey Gowdy (the latter of whom seems to be taken care of with Republican after Republican now admitting the committee is just a hack job, though if the FC wants to call for Richard Hanna to take over as Chair to shut down this government waste, I’d be cool with that too).

But with Boehner on his way out, it seems fair to suggest that Nunes should go too. While Nunes was actually better on Benghazi than his predecessor (raising questions about the CIA’s involvement in gun-running), he has otherwise been a typical rubber stamp for the intelligence community, rushing to pass info-sharing with Department of Energy even while commenting on their shitty security practices, and pitching partisan briefings to give the IC one more opportunity to explain why the phone dragnet was more useful than all the independent reviews say it was.

The Intelligence Community has lost credibility since 9/11, and having a series of rubber stamp oversight Chairs (excepting Silvestre Reyes, who was actually reasonably good) has only exacerbated that credibility problem. So why not call for the appointment of someone like former state judge Ted Poe, who has experience with intelligence related issues on both the Judiciary and Foreign Relations Committees, but who has also been a staunch defender of the Constitution.

Hostage taking aside, I’m sympathetic to the argument that the House should adopt more inclusive rules, in part because it would undercut the problems of a two party duopoly serving DC conventional wisdom.

But no place in Congress needs to be reformed more than our intelligence oversight. And while picking a more independent Chair won’t revamp the legal structure of intelligence oversight, it might initiate a process of bringing more rigorous oversight to our nation’s intelligence agencies.

Of course, who am I kidding?!?! It’s not even clear that the GOP will succeed in finding a palatable Speaker candidate before Boehner retires. Throwing HPSCI Chair into the mix would likely be too much to ask. Nevertheless, as we discuss change and process, HPSCI is definitely one area where we could improve process to benefit the country.

*Amash is my congressperson, but I have not spoken to him or anyone else associated with him for this post and don’t even know if he’d support this suggestion.

James Orenstein Calls Out Jim Comey on His Prevarications about Democracy

At a 10 AM Senate Homeland Security hearing on October 8, Jim Comey read prepared testimony that reiterated his claim that encrypted devices are causing FBI problems, but stated that the Administration is not seeking legislation to do anything about it.

Unfortunately, changing forms of Internet communication and the use of encryption are posing real challenges to the FBI’s ability to fulfill its public safety and national security missions.. This real and growing gap, to which the FBI refers as “Going Dark,” is an area of continuing focus for the FBI; we believe it must be addressed given the resulting risks are grave both in both traditional criminal matters as well as in national security matters. The United States Government is actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services. However, the Administration is not seeking legislation at this time.

That statement got the Administration a lot of good press, with the WaPo declaring “Obama administration opts not to force firms to decrypt data — for now” and the NYT, even after this ruling had been unsealed, reporting, “Obama Won’t Seek Access to Encrypted User Data.” In the actual hearing, Comey was more clear that he did intend to keep asking providers for data and that the government was having “increasingly productive conversations with industry” to get them to do so, inspired in part by government claims about the ISIS threat. Part of that cooperation, per Comey, was “how can we get you to comply with a court order.”

Sometime that same day, on October 8, government lawyers submitted a request to a federal magistrate in Brooklyn to obligate Apple to help unlock a device law enforcement had been unable to unlock on their own.

In a sealed application filed on October 8, 2015, the government asks the court to issue an order pursuant to the All Writs Act, 28 U.S.C. § 1651, directing Apple, Inc. (“Apple”) to assist in the execution of a federal search warrant by disabling the security of an Apple device that the government has lawfully seized pursuant to a warrant issued by this court. Law enforcement agents have discovered the device to be locked, and have tried and failed to bypass that lock. As a result, they cannot gain access to any data stored on the device notwithstanding the authority to do so conferred by this court’s warrant.

The next day the judge, James Orenstein, deferred ruling on whether the All Writs Act is applicable in this case (though he did suggest it probably wasn’t) pending briefing from Apple on how burdensome it would find the request. Orenstein released his memo after giving the government opportunity to review his order.

This is not the first time the government has tried to use the All Writs Act to force providers (Apple, in at least one of the known cases) to help unlock a phone. EFF described two instances from last year in a December post. It also reviewed a 2005 ruling where Orenstein refused to allow the government to use All Writs Act to force telecoms to provide cell site location in real time.

Of course, as Lawfare seems to suggest, it has taken a decade for the decision Orenstein made in that earlier ruling — that the government needs a warrant to get cell tracking from a phone — to finally get fully developed into a debate and some Supreme Court (US v. Jones) and circuit rulings. That’s because in the interim, plenty of magistrates continued to compel providers to give such information to the government.

It’s quite possible the same is true here: that this is not just the third attempt to get a court to issue an All Writs Act to get Apple to provide data, but that instead, a number of magistrates who are more compliant with government wishes have agreed to do so as well. Indeed, as Orenstein noted, that’s a suggestion the government made in its application when it claimed “in other cases, courts have ordered Apple to assist in effectuating search warrants under the authority of the All Writs Act [and that] Apple has complied with such orders.”

What Orenstein did, then, was to make it clear this continues to go on, that even as Jim Comey and others were making public claims (and getting public acclaim) for not seeking legislation that would compel production of encrypted data the government — including, presumably, the FBI — was seeking court orders that would compel production secretly. The key rhetorical move in Orenstein’s order came when Orenstein compared Comey’s public statements claiming to support debate on this issue to the attempt to claim the government had to rely on the All Writs Act because no law existed. In a long footnote, Orenstein quoted from Comey’s Lawfare post,

Democracies resolve such tensions through robust debate …. It may be that, as a people, we decide the benefits here outweigh the costs and that there is no sensible, technically feasible way to optimize privacy and safety in this particular context, or that public safety folks will be able to do their job well enough in a world of universal strong encryption. Those are decisions Americans should make, but I think part of my job is [to] make sure the debate is informed by a reasonable understanding of the costs.

Then Orenstein pointed out that relying on the All Writs Act would undercut precisely the democratic debate Comey claimed to want to have.

Director Comey’s view about how such policy matters should be resolved is in tension, if not entirely at odds, with the robust application of the All Writs Act the government now advocates. Even if CALEA and the Congressional determination not to mandate “back door” access for law enforcement to encrypted devices does not foreclose reliance on the All Writs Act to grant the instant motion, using an aggressive interpretation of that statute’s scope to short-circuit public debate on this controversy seems fundamentally inconsistent with the proposition that such important policy issues should be determined in the first instance by the legislative branch after public debate – as opposed to having them decided by the judiciary in sealed, ex parte proceedings.

To be fair, even as the government was submitting its secret request to Orenstein, Comey was disavowing his former pro-democratic stance, and instead making it clear the government would try to find some other way to get orders forcing providers to comply.

But, given Orenstein’s invitation for Apple to lay out how onerous this is on it, Comey might get the democratic debate he once embraced.

Update: When I wrote this in the middle of the night I misspelled Judge Orenstein’s name. My apologies!


Loretta Lynch’s Hot and Cold Running Data-Sharing

[See update below: Lynch says she didn’t mean how these statements came out.]

It’s bad enough that Attorney General Loretta Lynch refuses to force police to keep records on how many people they kill.

In a conversation with NBC journalist Chuck Todd on a range of criminal justice issues, Lynch said on Thursday that she does not support a federal mandate to report people killed by police.

“One of the things we are focusing on at the Department of Justice is not trying to reach down from Washington and dictate to every local department how they should handle the minutia of record keeping, but we are stressing to them that these records must be kept,” she said at the Washington Ideas Forum, hosted by AtlanticLIVE and the Aspen Institute.

It’s her reasoning I find really troubling.

Lynch said the Justice Department does “encourage” local departments to maintain records on police shootings but that improving police-community relations is more important. She noted that the small size of the average police department could make record-keeping difficult.

“The statistics are important, but the real issues are: ‘what steps are we all taking to connect communities … with police and back with government?’” she said.

It’s all well and good to say communities and their cops just need to get along.

But cops are claiming a Ferguson Effect that statistically doesn’t exist and the NYT is reprinting the claim only because the cops say so.

Here’s what the crime story said: “Among some experts and rank-and-file officers, the notion that less aggressive policing has emboldened criminals — known as the “Ferguson effect” in some circles — is a popular theory for the uptick in violence.” A paragraph later, the story continues: “Others doubt the theory or say data has not emerged to prove it.” Two experts are quoted, and the story moves on from there.

Bill Michtom of Portland, Ore., wrote to me about it, calling it a “classic example of false equivalence.” Ta-Nehisi Coates called the suggestion of a Ferguson effect “utterly baseless” in a piece for The Atlantic, noting that one of the experts quoted said that the rise in violent crime in St. Louis had begun before the large protests last year over a white police officer’s fatal shooting of an unarmed black teenager.

One of the story’s reporters, Monica Davey, and the national editor, Alison Mitchell, strongly disagree that this is false equivalence or that it was misleading to readers. In fact, they told me, it would be wrong of The Times not to report something that some police officers are identifying as part of their mind-set.

Ms. Davey, who agrees that false balance is infuriating and must be avoided, said in an email that this example simply doesn’t fit the description. For one thing, she said, there is no established truth here: “The question about the validity of this theory simply has not been definitively answered in the way that the earth’s shape has.” And, she said, “police officers must be given some credence in assessing whether they themselves feel that they are behaving differently now — the essence of what some of them have called the ‘Ferguson effect.’ ”

Or, as Ms. Mitchell puts it: “We have the police suggesting that police are pulling back — should we not report that?”

My view is that the introduction of this explosive idea didn’t serve readers well because, in this context, it was mentioned briefly, sourced vaguely, and then countered by disagreement. If police officers are indeed pulling back from their duties, and are willing to be identified and quoted, and if there’s evidence to back it up, that would be worth a full exploration in a separate article. But this glancing treatment could easily have left readers baffled, at the very least.

Things aren’t going to improve so long as cops can just make shit up, in spite of data to the contrary.

Just as importantly, since 9/11, the mandate throughout the Federal government — and especially for FBI — has been to share information promiscuously, including down to local police departments. Some of that information includes untested leads; some of it includes cyber and terrorist threat assessments.

If Lynch is telling us these local police departments don’t have the ability to handle reporting back and forth from the federal government, than the rest of the info sharing should stop too, because it could violate Americans’ privacy and/or expose intelligence streams.

But we all know that’s not going to happen.

Which means Lynch is supporting an asymmetrical reporting system that can’t be used for oversight of the larger system.

Update: Lynch says her statements last week weren’t what she was trying to say.

The point I was trying to make at that conference related to our overall view of how we deal with police departments as part of our practice of enforcing consent decrees, or working with them and I was trying to make the point that we also have to focus on building community trust which is a very individual – very local – practice.  Unfortunately, my comments gave the misperception that we were changing our view in some way about the importance of this data – nothing could be further from the truth.  This data is not only vital – we are working closely with law enforcement to develop national consistent standards for collecting this kind of information.

More from her statement:

“The department’s position and the administration’s position has consistently been that we need to have national, consistent data,” said Attorney General Lynch.  “This information is useful because it helps us see trends, it helps us promote accountability and transparency,” said Attorney General Lynch.  “We’re also going further in developing standards for publishing information about deaths in custody as well, because transparency and accountability are helped by this kind of national data.”

Apple’s Transparency Numbers Suggest Claims of Going Dark Overblown

Apple recently released its latest transparency report for the period ending June 30, 2015. By comparing the numbers for two categories with previous reports (2H 2013, 1H 2014, 2H 2014)  we can get some sense of how badly Apple’s move to encrypt data has really thwarted law enforcement.

Thus far, the numbers show that “going dark” may be a problem, but nowhere near as big of one as, say, NY’s DA Cy Vance claims.

The easier numbers to understand are the national security orders, presented in the mandated bands.

Screen Shot 2015-09-30 at 4.34.08 PM

Since the iPhone 6 was introduced in September 2014, the numbers for orders received have gone up — one band in the second half of 2014, and two more bands in the first half of this year. Curiously, the number of accounts affected haven’t gone up that much, possibly only tens or a hundred more accounts. And Apple still gets nowhere near the magnitude of requests Yahoo does, which number over 42,000.

Equally curiously, in the last period, Apple clearly received more NatSec orders than accounts affected, which is the reverse of what other companies show (before Apple had appeared close to one-to-one). One thing that might explain this is the quarterly renewal of Pen Register orders for metadata of US persons (which might be counted as 4 requests for each account affected).

In other words, clearly NatSec requests have gone up, proportionally significantly, though Apple remains a tiny target for NatSec requests compared to the bigger PRISM participants.

The law enforcement account requests are harder to understand.

Screen Shot 2015-09-30 at 1.51.47 PM

Note, Apple distinguishes between device requests, which are often users seeking help with a stolen iPhone, and account requests, which are requests for either metadata or content associated with an account (and could even include purchase records). The latter are the ones that represent law enforcement trying to get data to investigate a user, and that what I’ve laid out the latter data here [note, I fully expect to have made some data errors here, and apologize in advance — please let me know what you see!!].

Here, too, Apple has seen a significant increase, of 23%, over the requests it got in the second half of last year. Though, note, the iPhone 6 introduction would not be the only thing that would affect this: so would, probably, the June 2014 Riley Supreme Court decision, which required law enforcement to get a warrant to access cell phones, would also lead law enforcement to ask Apple for data more often.

Interestingly, however, there were fewer accounts implicated in the requests in the last half of the year, suggesting that for some reason law enforcement was submitting requests with a slew of accounts listed for each request. Whereas last year, LE submitted an average of over 6.5 accounts per request, this year they have submitted fewer than 3 accounts per request. This may reflect LE was submitting more identifiers from the same account — who knows?

The percentage of requests where content was obtained has gone up too, from 16% in 2013 to 24% in the first period including the iPhone 6 to 30% last quarter. Indeed, over half the period-on-period increase this period may stem from an increase in content requests (that is, the 107 more requests where content was obtained in the first half of the year, which was a period in which Apple got 183 more requests overall). Still, that number, 107 more successful requests for content this year than the second half of last year, seems totally disproportionate to NYC DA Cy Vance’s claim that the NYPD was unable to access the content in 74 iPhones since the iPhone 6 was established (though note, that might represent 1 request for content from 74 iPhones).

Perhaps the most interesting numbers to compare are the number of times Apple objected (because the agency didn’t have the right kind of legal process or a signed document) and the number of times Apple disclosed no data (which would include all those times Apple successfully objected — which appears to include all those in the first number — as well as those times Apple didn’t have the account, as well as times Apple was unable to hand over the data because a user hadn’t used default iCloud storage for messages. [Update, to put this more simply, the way to find the possible number of requests where encryption prevented Apple from sharing information is to subtract the Apple objected number from the no data number.] In the second half of 2013, Apple did not disclose any data 28.5% of the time. In the first half of this year, Apple did not disclose any data in just 18.6% of requests. Again, there are a lot of reasons why Apple would not turn over any data at all. But in general, cops are getting data more of the time when they give Apple requests than they were a few years ago.

More importantly, for just 65 cases in the first half of this year and 80 cases in the second half of last year did Apple not turn over any data for a request for reasons other than some kind of legal objection — and those numbers are both lower than the two half years preceding them. Each of those requests might represent hundreds of phones, but overall it’s a tiny number. So tiny it’s tough to understand where the NYPD’s 74 locked iPhones (unless they did request data and Apple actually had it).

There’s one more place where unavailable encrypted data might show up in these numbers: in the number of specific accounts for which data was disclosed. But as a percentage, what happened this year is not that different from what happened in 2013. In the second half of 2013, Apple provided some data (and this can be content or metadata) for 57.6% of the accounts specified in requests. In the first half of this year, Apple provided some data for 51.6% of the accounts specified in requests — not that huge a difference. And of course, the second half of last year, which may be an outlier, but during much of which the iPhone 6 was out, Apple provided data for 88.5% of the accounts for which LE asked for data.

Overall, it’s very hard to see where the FBI and other law enforcement agencies are going dark — though they are having to ask Apple for content more  often (which I consider a good thing).

Update: In talking to EFF’s Nate Cardozo about Apple’s most recent report, we agreed that Apple’s new category for Emergency Requests may be one other place where iPhone data is handed over (it doesn’t exist in the reports for previous half year periods). Apple defines emergency content this way:

Table 3 shows all the emergency and/or exigent requests that we have received globally. Pursuant to 18 U.S.C. §§ 2702(b)(8) and 2702(c)(4) Apple may voluntarily disclose information, including contents of communications and customer records, to a federal, state, or local governmental entity if Apple believes in good faith that an emergency involving imminent danger of death or serious physical injury to any person requires such disclosure without delay. The number of emergency requests that Apple deemed to be exigent and responded to is detailed in Table 3.

Given the scale of Apple’s other requests, though not in the scale of cloud requests comparatively, these are significant numbers, especially for the US (107) and UK (98).

Of significant note, Apple may give out content under emergency requests.

This is more likely to be a post-Riley response than an encryption response, but still notable given the number.

1 2 3 92
Emptywheel Twitterverse
emptywheel Don't actually think they should be but it's a crappy football year. Go Carolina!
emptywheel RT @NEPD_Loyko: I've missed furious Belichick. He is disgusted by your questions!
emptywheel Also who injured BillBel in his center forehead?
emptywheel WTF BillBel gives a presser in a jacket? Writing off the season.
emptywheel @weems Chipotle makes enormous burritoes. @sarahjeong @TyreJim
emptywheel RT @SharkStopper: @Siborg6 @emptywheel I am a NY Giant fan who have the Patriots # but the Patriots were robbed tonight!!!
emptywheel Brady notes that low hits (AKA knees!) where people are allowed to hit now.
emptywheel 2nd week in a row the knee gods have blessed the Pats, w/Amendola last week. You haters take note.
emptywheel @RifeJim Reality. Check my last. which is that 1) I expected that 2) I hope this doesn't mean we don't see Peyton again.
emptywheel @JJGomez127 Right. May not be season ending.
November 2015
« Oct