Terrorism

1 2 3 88

Ten Goodies USA F-ReDux Gives the Intelligence Community

Amid renewed tactical leveraging from Mitch McConnell, USA F-ReDux boosters continue to remain silent (or worse, in denial) about the many advantages USA F-ReDux offers the Intelligence Community over the status quo.

But there are many reasons — aside from the general uselessness of the phone dragnet in its existing form — why USA F-ReDux is an improvement for the Intelligence Community. That doesn’t mean it doesn’t also have benefits for reformers (though we can respectfully disagree about how real those benefits are). It just means it also has at least as many benefits for the IC. Some of these are:

1. Inclusion of Internet calls, along with phone calls, in chaining system

Up until 2009, and then again from 2010 to 2011, NSA had two interlocking systems of domestic metadata tracking: the phone dragnet under Section 215 and the Internet dragnet under PRTT. Since the government shut down the latter, however, it has likely lost access to some purely domestic links that can’t be collected (and chained under SPCMA) overseas.

Update, May 7: According to Richard Burr, the government has been collecting IP “addresses,” so I guess they already include Internet access in their dragnet.

USA F-ReDux is technology neutral; unlike phone dragnet orders, it does not limit collection to telephony calls. This probably means the government will fill the gap in calls that has been growing of late (which anonymous sources have dubiously claimed to make up 70% of all calls). While it’s unlikely the NSA is really missing 70% of all domestic calls of interest, closing a significant gap of any kind will be a huge benefit for the IC.

2. Addition of emergency provision for all Section 215 applications

Currently, there is a FISC-authorized emergency provision for the phone dragnet, but not the rest of Section 215 production. That’s a problem, because the most common use of Section 215 is for more targeted (though it is unclear how targeted it really is) Internet production, and the application process for Section 215 can be slow. USA F-ReDux makes emergency application procedures available for all kinds of Section 215 applications.

3. Creation of giant parallel construction loophole under emergency provision

Not only does USA F-ReDux extend emergency provision authority to all Section 215 applications, but it changes the status quo FISC created in a way that invites abuse. That’s because, even if the FISC finds an agency collected records improperly under the emergency provision, the government doesn’t have to destroy those records. Indeed, the only restriction on those records is that they cannot be entered into any official proceeding. The Attorney General polices this, not the FISC. Moreover, the bill says nothing about derivative records. This is tantamount to saying that the government can do whatever it wants using the emergency provisions, so long as it promises to parallel construct improperly collected records if they want to use them against an American. The risk that the government will do this is not illusory; in the year since FISC created this emergency provision, they’ve already had reason to explicitly remind the government that even under emergency collection, the government still can’t collect on Americans solely for First Amendment protected activities.

4. Provision for a super-hop that might be used to access unavailable smart phone data

As happened last year, no one seems to understand the chaining procedure that is the heart of this bill. What’s clear is that, as written, it does not do what every news article (save mine) say it does; it does not simply provide an extra “hop” of call data. The language appears to permit the government to ask providers to use session-identifying information that cannot be collected (which might include things like location or super-cookies) to provide additional data that does fit the definition of Call Detail Record. As an example, the government might be able to ask providers to use location data to find co-located phones, which is a service AT&T already offers under Hemisphere; the government would only get the device identifiers for the phones, not the location itself, but would benefit from that location data. Another possible application would be to ask providers to use supercookie data to track online behavior. While there are likely good reasons for permitting the government to ask providers to conduct analysis on non CDR session identifying information — such as it provides a way for providers to help the government find burner phones or accounts — without more oversight or limiting language it might be very badly abused.

5. Elimination of pushback from providers

USA F-ReDux gives providers two things they don’t get under existing Section 215: immunity and compensation. This will make it far less likely that providers will push back against even unreasonable requests. Given the big parallel construction loophole in the emergency provisions and the super-hop in the chaining provision, this is particularly worrisome.

6. Expansion of data sharing

Currently, chaining data obtained under the phone dragnet is fairly closely held. Only specially trained analysts at NSA may access the data returned from phone dragnet queries, and analysts must get a named manager to certify that the data is for a counterterrorism purpose to share outside that group of trained analysts. Under this bill, all the returned data will be shared — in full, apparently — with the NSA, CIA, and FBI. And while the bill would require the government to report how often NSA and CIA does back door searches of the data, the FBI would be exempted from that reporting requirement.

Thus, this data, which would ostensibly be collected for a counterterrorism purpose, will apparently be available to FBI every time it does an assessment or opens up certain kinds of intelligence, even for non-counterterrorism purposes. Furthermore, because FBI’s data sharing rules are much more permissive than NSA’s, this data will be able to be shared more widely outside the federal government, including to localities. Thus, not only will it draw from far more data, but it will also share the data it obtains far more broadly.

7. Mooting of court challenges

Passage of USA F-ReDux would also likely moot at least the challenges to the phone dragnet (there are cases before the 2nd, 9th, and DC Circuits right now, as well as a slightly different challenge from EFF in Northern California). That’s important because these challenges — particularly as argued in the 2nd Circuit — might get to the underlying “relevant to” decision issued by the FISC back in 2004, as well as the abuse of the 3rd party doctrine that both bulk and bulky collection rely on. That’s important because USA F-ReDux not only does nothing about that “relevant to” decision, it relies on the language anew in the new chaining provision.

The bill would probably also moot a challenge to National Security Letter gag orders EFF has.

Update, May 7. Oops! I guess Congress didn’t move quickly enough to moot the 2nd Circuit.

8. Addition of 72-hour spying provisions

In addition to the additional things the IC gets related to its Section 215 spying, there are three unrelated things the House added. First, the bill authorizes the “emergency roamer” authority the IC has been asking for since 2013. It permits the government to continue spying on a legitimate non-US target if he enters the US for a 72-hour period, with Attorney General authorization. While in practice, the IC often misses these roamers until after this window, this will save the IC a lot of paperwork and bring down their violation numbers.

9. Expansion of proliferation-related spying

USA F-ReDux also expands the definition of “foreign power” under FISA to include not just those proliferating in weapons of mass destruction, but also those who “knowingly aid or abet” or “conspire” with those doing so. This will make it easier for the government to spy on more Iran-related targets (and similar such targets) in the US.

10. Lengthening of Material Support punishments

In perhaps the most gratuitous change, USA F-ReDux lengthens the potential sentence for someone convicted of material support for terrorism — which, remember, may be no more than speech! — from 15 years to 20. I’m aware of no real need to do this (except, perhaps, to more easily coerce people to inform for the government). But it is clearly something someone in the IC wanted.

Let me be clear: some of these provisions (like permission to chain on Internet calls) will likely make the chaining function more useful and therefore more likely to prevent attacks, even if it will also expose more innocent people to expanded spying. Some of these provisions (like the roamer provision) are fairly reasonably written. Some (like the changes from status quo in the emergency provision) are hard to understand as anything but clear intent to break the law, particularly given IC intransigence about fixing obvious problems with the provision as written. I’m not claiming that all of these provisions are bad for civil liberties (though a number are very bad).

But to pretend these don’t exist — to pretend the IC isn’t getting a whole lot that it has been asking for, sometimes for as long as 6 years — is either bad faith or evidence of ignorance about what the existing dragnet does and what this bill would do. It’s also bad negotiating strategy.

America’s Intelligence Empire

I’ve been reading Empire of Secrets, a book about the role of MI5 as the British spun off their empire. It describes how, in country after country, the government that took over from the British — even including people who had been surveilled and jailed by the British regime — retained the British intelligence apparatus and crafted a strong intelligence sharing relationship with their former colonizers. As an example, it describes how Indian Interior Minister, Sardr Patel, decided to keep the Intelligence Bureau rather than shut it down.

Like Nehru, Patel realised that the IB had probably compiled records on himself and most of the leaders of Congress. However, unlike Nehru, he did not allow this to colour his judgment about the crucial role that intelligence would play for the young Indian nation.

[snip]

Patel not only allowed the continued existence of the IB, but amazingly, also sanctioned the continued surveillance of extremist elements within this own Congress Party. As Smith’s report of the meeting reveals, Patel was adamant that the IB should ‘discontinue the collection of intelligence on orthodox Congress and Muslim League activity’, but at the same time he authorised it to continue observing ‘extremist organisations’. Patel was particularly concerned about the Congress Socialist Party, many of whose members were communist sympathisers.

[snip]

The reason Patel was so amenable to continued surveillance of some of his fellow Indian politicians (keeping tabs on his own supporters, as one IPI report put it) was his fear of communism.

And the same remarkable process, by which the colonized enthusiastically partnered with their former colonizers to spy on their own, happened in similar fashion in most of Britain’s former colonies.

That’s what I was thinking of on March 13, when John Brennan gave a speech to the Council on Foreign Relations. While it started by invoking an attack in Copenhagen and Charlie Hebdo, a huge chunk of the speech talked about the value of partnering with our intelligence allies.

Last month an extremist gunned down a film director at a cafe in Copenhagen, made his way across town and then shot and killed a security guard at a synagogue. Later the same day the terrorist group ISIL released a video showing the horrific execution of Coptic Christians on a beach in Libya.

The previous month, in a span of less than 24 hours, we saw a savage attack on the staff of the satirical newspaper Charlie Hebdo in France. We saw a car bomb kill dozens at a police academy in Yemen.

[snip]

As CIA tackles these challenges, we benefit greatly from the network of relationships we maintain with intelligence services throughout the world. This is a critically important and lesser known aspect of our efforts. I cannot overstate the value of these relationships to CIA’s mission and to our national security. Indeed, to the collective security of America and its allies.

By sharing intelligence, analysis, and know-how with these partner services, we open windows on regions and issues that might otherwise be closed to us. And when necessary, we set in concert to mitigate a common threat.

By collaborating with our partners we are much better able to close key intelligence gaps on our toughest targets, as well as fulfill CIA’s mission to provide global coverage and prevent surprises for our nation’s leaders. There is no way we could be successful in carrying out our mission of such scope and complexity on our own.

Naturally these are sensitive relationships built on mutual trust and confidentiality. Unauthorized disclosures in recent years by individuals who betrayed our country have created difficulties with these partner services that we have had to overcome.

But it is a testament to the strength and effectiveness of these relationships that our partners remain eager to work with us. With the stakes so high for our people’s safety, these alliances are simply too crucial to be allowed to fail.

From the largest services with global reach to those of smaller nations focused on local and regional issues, CIA has developed a range of working and productive relationships with our counterparts overseas. No issue highlights the importance of our international partnerships more right now than the challenge of foreign fighters entering and leaving the conflict in Syria and Iraq.

We roughly estimate that at least 20,000 fighters from more than 90 countries have gone to fight, several thousand of them from Western nations, including the United States. One thing that dangers these fighters pose upon their return is a top priority for the United States intelligence community, as well as our liaison partners.

We exchange information with our counterparts around the world to identify and track down men and women believed to be violent extremists. And because we have the wherewithal to maintain ties with so many national services, we act as a central repository of data and trends to advance the overall effort.

On this and in innumerable other challenges, our cooperation with foreign liaison quietly achieves significant results. Working together, we have disrupted terrorist attacks and rolled back groups that plot them, intercepted transfers of dangerous weapons and technology, brought international criminals to justice and shared vital intelligence and expertise on everything from the use of chemical armaments in Syria to the downing of the Malaysian airliner over Ukraine.

These relationships are an essential adjunct to diplomacy. And by working with some of these services in building their capabilities we have helped them become better prepared to tackled the challenges that threaten us all.

[snip]

With CIA’s support, I have seen counterparts develop into sophisticated and effective partners. Over time our engagement with partner services fosters a deeper, more candid give and take, a more robust exchange of information and assessments, and a better understanding of the world that often ultimately encourages better alignment on policy.

Another advantage of building and maintaining strong bilateral and multilateral intelligence relationships is that they can remain, albeit not entirely, insulated from the ups and downs of diplomatic ties. These lengths can provide an important conduit for a dispassionate dialogue during periods of tension, and for conveying the U.S. perspective on contentious issues.

In recognition of the importance of our liaison relationships, I recently reestablished a senior position at the CIA dedicated to ensuring that we are managing relationships in an integrated fashion. To developing a strategic vision and corporate goals for our key partnerships and to helping me carryout my statutory responsibility to coordinate the intelligence communities’ foreign intelligence relationships. [my emphasis]

We are and still remain in the same position as MI5, Brennan seems to want to assure the CFR types, in spite of the embarrassment experienced by our intelligence partners due to leaks by Chelsea Manning and Edward Snowden. Information sharing remains the cement of much of our relationships with allies; our ability to let them suck off our dragnet keeps them in line.

And of particular note, Brennan described these “strong bilateral and multilateral intelligence relationships …remain[ing], albeit not entirely, insulated from the ups and downs of diplomatic ties.”

The spooks keep working together regardless of what the political appointees do, Brennan suggested.

But that speech is all the more notable given the revelations in this Der Spiegel story. It describes how, because of the Snowden leaks, the Germans slowly started responding to something they had originally discovered in 2008. The US had been having BND spy on selectors well outside the Memorandum of Understanding governing the countries’ intelligence sharing, even including economic targets. At first, BND thought this was just 2,000 targets, but as the investigation grew more pointed, 40,000 suspicious selectors were found. Only on March 12 — the day before Brennan gave this remarkable speech — did Merkel’s office officially find out.

But in October 2013, not even the BND leadership was apparently informed of the violations that had been made. The Chancellery, which is charged with monitoring the BND, was also left in the dark. Instead, the agents turned to the Americans and asked them to cease and desist.

In spring 2014, the NSA investigative committee in German parliament, the Bundestag, began its work. When reports emerged that EADS and Eurocopter had been surveillance targets, the Left Party and the Greens filed an official request to obtain evidence of the violations.

At the BND, the project group charged with supporting the parliamentary investigative committee once again looked at the NSA selectors. In the end, they discovered fully 40,000 suspicious search parameters, including espionage targets in Western European governments and numerous companies. It was this number that SPIEGEL ONLINE reported on Thursday. The BND project group was also able to confirm suspicions that the NSA had systematically violated German interests. They concluded that the Americans could have perpetrated economic espionage directly under the Germans’ noses.

Only on March 12 of this year did the information end up in the Chancellery.

This has led to parliamentary accusations that BND lied in earlier testimony. The lies are notable, given how they echo the same kind of sentiment John Brennan expressed in his speech.

According to a classified memo, the agency told parliamentarians in 2013 that the cooperation with the US in Bad Aibling was consistent with the law and with the strict guidelines that had been established.

The memo notes: “The value for the BND (lies) in know-how benefits and in a closer partnership with the NSA relative to other partners.” The data provided by the US, the memo continued, “is checked for its conformance with the agreed guidelines before it is inputted” into the BND system.

Now, we know better. It remains to be determined whether the BND really was unaware at the time, or whether it simply did not want to be aware.

The NSA investigative committee has also questioned former and active BND agents regarding “selectors” and “search criteria” on several occasions. Prior to the beginning of each session, the agents were informed that providing false testimony to the body was unlawful. The BND agents repeatedly insisted that the selectors provided by the US were precisely checked.

As almost a snide aside, Der Spiegel notes that in spite of these lies, the public prosecutor has not yet been informed of these lies.

That is, the spooks have been lying — at least purportedly including up to and including Merkel’s office. But the government seems to be uninterested in pursuing those lies.

As Brennan said as this was just breaking out, the spooks retain their “strong bilateral and multilateral intelligence relationships …remain[ing], albeit not entirely, insulated from the ups and downs of diplomatic ties.”

And as with Brennan — who, as Gregory Johnsen chronicles in this long profile of the CIA Director published yesterday — the spooks always evade accountability.

Brennan’s Addiction to Signature Strikes Killed Weinstein

The US insists that the deaths of hostages Warren Weinstein and Giovanni Lo Porto were a “mistake”. Both the New York Times and Washington Post open their articles about the drone strike that killed them with descriptions couched in the language of error. The Times:

The first sign that something had gone terribly wrong was when officers from the C.I.A. saw that six bodies had been pulled from the rubble instead of four.

And in the Post:

After weeks of aerial surveillance, CIA analysts reached two conclusions about a compound to be targeted in a January drone strike: that it was used by al-Qaeda militants and that, in the moment before it was hit, it had exactly four occupants.

But as six bodies were removed from the rubble, the drone feeds that continued streaming back to CIA headquarters carried with them a new set of troubling questions, including who the two other victims were and how the agency’s pre-strike assessments could have been so flawed.

Consider that for a moment. Despite all the blathering from John Brennan about “near certainty” in his infamous drone rules (whose legal basis the government still steadfastly refuses to release), we are dealing yet again with deaths of innocents from a signature strike. In those strikes, the US kills without knowing precisely who the targets are. Instead, the US claims that the pattern of activities by those targeted match those of terrorists intent on striking out against the US. The more cynical among us note that there is hubbub over this strike merely because the innocents who were killed happen to be white instead of brown. But the outcome is the same: making the decision to kill based on incomplete evidence that doesn’t even include the actual identities of those in the crosshairs is bound to result in the collateral deaths of many who are not enemies of the US.

Recall that John Brennan made a power grab in the spring of 2012 to take charge of ordering signature strikes when JSOC told the White House that such strikes were not needed in Yemen. And, of course, Brennan immediately started using this tool as a political cudgel as well as the strategic weapon it was believed to represent. But let’s go for a moment to a part of Greg Miller’s Washington Post article linked above:

The deaths of the hostages follow other recent developments that have revealed divisions among the CIA and other agencies over whether to capture or kill a U.S. citizen.

Muhanad Mahmoud al Farekh was recently arraigned in a U.S. court on federal terrorism charges after he was captured by Pakistan and secretly flown to New York. His arrest raised questions about the frequency with which the U.S. government asserts that capturing terrorism suspects is not feasible. The CIA had been pushing to kill Farekh for more than a year before his arrest, current and former U.S. officials said.

Isn’t that interesting? It appears that Farekh was on CIA’s list of targets it would like to have killed in a targeted strike, with part of the justification for killing him being that it wouldn’t be feasible to capture him. And yet the Pakistanis did capture him. And that development points out an even bigger problem with the decision to hit the compound where Weinstein was killed: that compound is in the southern part of North Waziristan. Recall that Pakistan’s offensive to clear the tribal areas of terrorists began last June. See the map embedded in this post where I discussed the beginning of the offensive. Weinstein and Lo Porto were being held in the Shawal Valley, which is at the very southern end of North Waziristan. Miram Shah and Mir Ali, two of the hottest targets for US drone strikes sit in the central part.

Just a little more patience on the part of Brennan and his signature strike shop might have led to a very different outcome. In November, Pakistan’s military claimed that 90% of North Waziristan had been cleared of terrorists. And in the very same week of the strike that killed the hostages, Pakistan noted that the Shawal area was slated for clearing:

During a journalists briefing here, about the current visit of Chief of Army Staff General Raheel Sharif to Britain, he said operation Zarb-e-Azb was continuing successfully in North Waziristan and many areas including Mir Ali, Mirshah and Dattakhel were cleared of terrorists, many of whom were killed and arrested and their infrastructure was destroyed.

In these troubled areas, militants had set up infrastructure, training and call centres and they were making phone calls to people in other parts of the country for ransom, he added. Before start of the North Waziristan operation, Pakistan informed Afghanistan and International Security Assistance Force (ISAF), so that they could take action against terrorists who cross over the border.

Operations were continuing along the border areas with Afghanistan, with whom Pakistan had improved its relations and both countries were sharing intelligence, he added. He said in the next few months the remaining areas including Shawal would be cleared.

Although Pakistan’s military is not particularly noted for protecting citizens during these clearing actions in the tribal areas, it still stands out that Weinstein and Lo Porto were killed in Shawal on January 15 and Pakistan announced on the 18th that Shawal was next up for clearing. Would Pakistani forces have rescued the hostages? We will never know.

Even worse, Brennan was supposed to have stopped signature strikes in Pakistan. Returning to the Times article:

The strike was conducted despite Mr. Obama’s indication in a speech in 2013 that the C.I.A. would no longer conduct such signature strikes after 2014, when American “combat operations” in Afghanistan were scheduled to end. Several American officials said Thursday that the deadline had not been enforced.

Brennan will never give up his prized signature strikes. Greg Miller does note, though, that this strike was one of the last ones for “Roger”, who headed the counterterrorism center and was Brennan’s right hand man for signature strikes. But I’m pretty sure that we can count on Brennan to get Roger’s replacement up to speed on his prized tool very quickly.

“Security is a most seductive thing” and the Single Bus Line that Shut Down Boston

The WSJ has a fascinating story this morning about 3 pages cut from an early draft of the kids book, A Wrinkle in Time. It includes a discussion between the heroine and her father, in which the latter describes the dangers of valuing security over all else. He starts by talking about totalitarian governments, but when Meg asks about their own country, he responds,

“It’s an equally logical outcome of too much prosperity. Or you could put it that it’s the result of too strong a desire for security.”

[snip]

I’ve come to the conclusion,” Mr. Murry said slowly, “that it’s the greatest evil there is. Suppose your great great grandmother, and all those like her, had worried about security? They’d never have gone across the land in flimsy covered wagons. Our country has been greatest when it has been most insecure. This sick longing for security is a dangerous thing, Meg,”

As it happens, immediately after I learned one of the signature American kids book originally compared US paranoia (during the height of the Cold War) with totalitarianism, I read this summary of an interview Juliette Kayyem did with former Boston Police Chief Ed Davis. In addition to confirming that the authorities immediately assumed this was an Al Qaeda attack (which fed some false assumptions about the attack) and providing background to the decision to release pictures of the brothers, Davis explained that then Massachusetts Secretary of Transportation successfully pushed to shut down the entire city because a single bus line crossed close to where Dzhokhar was believed to be hiding.

Davis gets into detail on another major debate: whether to issue a “shelter in place” order while law enforcement tracked down Dzhokhar Tsarnaev. Davis points to Richard Davey, then the state’s secretary of transportation (and now the CEO of the Boston 2024 Partnership) as having particular influence. Authorities were focused on an MBTA bus that passed through the area where they believed Dzhokhar was hiding. They didn’t want Tsarnaev to have access to the entire transit system, but Davey argued that it’s difficult to shut down just that bus route—just one piece of the system. It strands those who expect it to be up and running. Because of that perspective, the debate became more “all or nothing.” Shut nothing down or shut the city down. In the end, Governor Deval Patrick made the call, in part because the city had shut down for a snow storm the week before and, as Davis puts it, “This is at least as dangerous as a snow storm.”

This is craziness! They shut down an entire city rather than shutting down a single bus line (or, better, putting a cop on every bus on that line rather than having hundreds of cops shooting like drunken cowboys a few blocks away in Watertown). And the guy who made the decision is now heading Boston’s Olympics bid.

Madeleine L’Engle was onto something.

Davis also suggests that the FBI admitted knowing the brothers before they now claim to have confirmed that ID.

Citing Confidential Information Carmen Ortiz Appears to Recommit to Seeking Dzhokhar’s Execution

Bill and Denise Richard, parents of one child killed and one maimed in the Boston Marathon attack, have a BoGlo op-ed calling for Dzhokhar Tsarnaev to receive life without parole. They specifically cite the importance of letting survivors set the narrative of the attack, not Dzhokhar, who will have the opportunity to expose some of his motivations in the sentencing phase due to start next week.

For us, the story of Marathon Monday 2013 should not be defined by the actions or beliefs of the defendant, but by the resiliency of the human spirit and the rallying cries of this great city. We can never replace what was taken from us, but we can continue to get up every morning and fight another day. As long as the defendant is in the spotlight, we have no choice but to live a story told on his terms, not ours. The minute the defendant fades from our newspapers and TV screens is the minute we begin the process of rebuilding our lives and our family.

Carmen Ortiz responded, citing the need to keep secrets in her explanation for why the government would still — seemingly — continue its pursuit of a death sentence for Dzhokhar Tsarnaev.

The attorneys in a criminal case are legally bound to keep many matters relating to the case confidential, even from the people most affected by the crimes.

I therefore cannot comment on the specifics of the statement.

A cynic might think Ortiz was unswayed by the Richards’ plea because she judges an execution will help her own career, even if polls show Massachusetts residents oppose the death penalty for Tsarnaev.

Still, I couldn’t help but wonder why she’s citing confidentiality when the next phase of the trial will presumably expose more of the details on the case the government would prefer to keep secret? What confidential reason does Ortiz — or the government more generally — have to want those details to come out?

Mike Rogers Wanted to Drone Kill an American Citizen for Training with al Qaeda?

There has been some good commentary on NYT’s story on Administration debates over killing Mohanad Mahmoud al-Farekh, the American citizen who was captured and charged in federal court on April 2, after the Administration considered but then decided against drone-killing him. Both David Cole and Brett Max Kaufman ask raise some important points and questions. Of particular note, they ask what the fuck Mike Rogers was doing pushing DOD and CIA to kill a US citizen.

Yet neither of those pieces gets to something I’m puzzling over. Al-Farekh was charged in EDNY (Loretta Lynch’s district), but he was only charged with conspiracy to commit material support for terrorism, a charge that carries a 15 year maximum sentence. Basically, he is accused of conspiring with Ferid Imam who in turn trained Najibullah Zazi and his co-conspirators for their planned 2009 attack on the NY Subway system.

In approximately 2007, Farekh, an individual named Ferid Imam and a third co-conspirator departed Canada for Pakistan with the intention of fighting against American forces.  They did not inform their families of their plan before departing, but called a friend in Canada upon arrival to let him know that he should not expect to hear from them again because they intended to become martyrs.  According to public testimony in previous criminal trials in the Eastern District of New York, in approximately September 2008, Ferid Imam provided weapons and other military-type training at an al-Qaeda training camp in Pakistan to three individuals – Najibullah Zazi, Zarein Ahmedzay and Adis Medunjanin – who intended to return to the United States to conduct a suicide attack on the New York City subway system.  Zazi and Ahmedzay pleaded guilty pursuant to cooperation agreements and have yet to be sentenced; Medunjanin was convicted after trial and sentenced to life imprisonment.  Ferid Imam has also been indicted for his role in the plot.

But the evidence laid out in the complaint is rather thin, basically amounting to the second-hand reports that al-Farekh, like Zazi and his friends, traveled to Pakistan for terrorist training.

Were we really going to kill this dude with a drone because he got terrorist training in Pakistan? That’s it?

Now, it’s quite possible the government is just charging him with the crimes the evidence for which they can introduce in a trial — though note that the government got a FISC warrant to collect on him (though it’s possible this is drone-based collection, and so sensitive enough they wouldn’t want to use it at trial).

Drones spotted him several times in the early months of 2013, and spy agencies used a warrant issued by the Federal Intelligence Surveillance Court to monitor his communications.

It’s equally possible that al-Farekh will be indicted on further charges, a more central role in plotting attacks out of the tribal lands of Pakistan. Similarly, it’s possible that al-Farekh’s High Value Interrogation Group interrogation — reported as well in this WaPo story — provided valuable intelligence on other militants that will have nothing to do with his own trial.

Still, both the earlier WaPo story (written in part by Adam Goldman, who wrote the book on the Zazi case) and the NYT story hint that the claims made about al-Farekh’s activities in 2013 have proven to be overblown. The WaPo doesn’t provide much detail.

Officials said there were questions about how prominent a role Farekh played in al-Qaeda.

The NYT provides more.

But the Justice Department, particularly Attorney General Eric H. Holder Jr., was skeptical of the intelligence dossier on Mr. Farekh, questioning whether he posed an imminent threat to the United States and whether he was as significant a player in Al Qaeda as the Pentagon and the C.I.A. described.

[snip]

Once in Pakistan, Mr. Farekh appears to have worked his way up the ranks of Al Qaeda, his ascent aided by marrying the daughter of a top Qaeda leader.

American officials said he became one of the terrorist network’s planners for operations outside Pakistan, a position that included work on the production and distribution of roadside bombs used against American troops in Afghanistan.

Some published reports have said that Mr. Farekh held the third-highest position in Al Qaeda, but Americans officials said the reports were exaggerated.

His level in the Qaeda hierarchy remains a matter of some dispute. Several American officials said that the criminal complaint against him underplayed his significance inside the terrorist group, but that the complaint — based on the testimony of several cooperating witnesses — was based only on what federal prosecutors believed they could prove during a trial.

This, then — along with the explicit connection with the Awlaki case, based as it was, at least at first, on Umar Farouk Abdulmutallab’s interrogation and all the reasons to doubt it — seems the big takeaway. We almost killed this dude, but now all we can prove is that he trained in Pakistan.

Ironically, Philip Mudd argues for the NYT that we can’t capture these people because we’d have to rely on our intelligence partners.

But many counterterrorism specialists say capturing terrorism suspects often hinges on unreliable allies. “It’s a gamble to rely on a partner service to pick up the target,” said Philip Mudd, a former senior F.B.I. and C.I.A. official.

Of course, these are often the same people we rely on for targeting intelligence, including against both Awlaki and al-Farekh. What does it say that we’d believe targeting information from allies, but not trust them to help us arrest the guys they apparently implicate?

Whatever that says, the story thus far (it could change) is that al-Farekh was almost killed on inadequate evidence because CIA and DOD were champing at the bit. That ought to be the big takeaway.

 

DEA’s Dragnet and David Headley

In a piece on the DEA dragnet the other day, Julian Sanchez made an important point. The existence of the DEA dragnet — and FBI’s use of it in previous terrorist attacks — destroys what little validity was left of the claim that NSA needed the Section 215 dragnet after 9/11 to close a so-called “gap” they had between a safe house phone in Yemen and plotters in the US (though an international EO 12333 database would have already proven that wrong).

First, the program’s defenders often suggest that had we only had some kind of bulk telephone database, the perpetrators of the 9/11 attacks could have been identified via their calls to a known safehouse in Yemen.  Now, of course, we know that there was such a database—and indeed, a database that had already been employed in other counterterror investigations, including the 1995 Oklahoma City bombing. It does not appear to have helped.

But the DEA dragnet is even more damning for another set of claims, and for another terrorist attack such dragnets failed to prevent: former DEA informant David Headley, one of the key planners of the 2008 Mumbai attack.

Headley provided DEA the phone data they would have needed to track him via their dragnet

As ProPublica extensively reported in 2013, Headley first got involved in Lashkar-e-Taiba while he remained on the DEA’s payroll, at a time when he was targeting Pakistani traffickers. Indeed, after 9/11, his DEA handler called him for information on al Qaeda. All this time, Headley was working phone based sources.

Headley returned to New York and resumed work for the DEA in early 2000. That April, he went undercover in an operation against Pakistani traffickers that resulted in the seizure of a kilo of heroin, according to the senior DEA official.

At the same time, Headley immersed himself in the ideology of Lashkar-i-Taiba. He took trips to Pakistan without permission of the U.S. authorities. And in the winter of 2000, he met Hafiz Saeed, the spiritual leader of Lashkar.

Saeed had built his group into a proxy army of the Pakistani security forces, which cultivated militant groups in the struggle against India. Lashkar was an ally of al Qaeda, but it was not illegal in Pakistan or the United States at the time.

[snip]

Headley later testified that he told his DEA handler about his views about the disputed territory of Kashmir, Lashkar’s main battleground. But the senior DEA official insisted that agents did not know about his travel to Pakistan or notice his radicalization.

On Sept. 6, 2001, Headley signed up to work another year as a DEA informant, according to the senior DEA official.

On Sept. 12, Headley’s DEA handler called him.

Agents were canvassing sources for information on the al Qaeda attacks of the day before. Headley angrily said he was an American and would have told the agent if he knew anything, according to the senior DEA official.

Headley began collecting counterterror intelligence, according to his testimony and the senior DEA official. He worked sources in Pakistan by phone, getting numbers for drug traffickers and Islamic extremists, according to his testimony and U.S. officials.

Even at this early stage, the FBI had a warning about Headley, via his then girlfriend who warned a bartender Headley had cheered the 9/11 attack; the bartender passed on the tip. And Headley was providing the DEA — which already had a dragnet in place — phone data on his contacts, including Islamic extremists, in Pakistan.

ProPublica’s sources provide good reason to believe DEA, possibly with the FBI, sent Headley to Pakistan even after that tip, and remained an informant until at least 2005.

So the DEA (or whatever agency had sent him) not only should have been able to track Headley and those he was talking to using their dragnet, but they were using him to get phone contacts they could track (and my understanding is that agreeing to be an informant amounts to consent to have your calls monitored, though see this post on the possible “defeat” of informant identifiers).

Did Headley’s knowledge of DEA’s phone tracking help the Mumbai plotters avoid detection?

Maybe. And/or maybe Headley taught his co-conspirators how to avoid detection.

Of course, Headley could have just protected some of the most interesting phone contacts of his associates (but again, DEA should have tracked who he was talking to if they were using him to collect telephony intelligence).

More importantly, he may have alerted Laskar-e-Taiba to phone-based surveillance.

In a December joint article with the NYT, ProPublica provided details on how one of Headley’s co-conspirators, Zarrar Shah, set up a New Jersey-based VOIP service so it would appear that their calls were originating in New Jersey.

Not long after the British gained access to his communications, Mr. Shah contacted a New Jersey company, posing online as an Indian reseller of telephone services named Kharak Singh, purporting to be based in Mumbai. His Indian persona started haggling over the price of a voice-over-Internet phone service — also known as VoIP — that had been chosen because it would make calls between Pakistan and the terrorists in Mumbai appear as if they were originating in Austria and New Jersey.

“its not first time in my life i am perchasing in this VOIP business,” Mr. Shah wrote in shaky English, to an official with the New Jersey-based company when he thought the asking price was too high, the GCHQ documents show. “i am using these services from 2 years.”

Mr. Shah had begun researching the VoIP systems, online security, and ways to hide his communications as early as mid-September, according to the documents.

[snip]

Eventually Mr. Shah did set up the VoIP service through the New Jersey company, ensuring that many of his calls to the terrorists would bear the area code 201, concealing their actual origin.

We have reason to believe that VOIP is one of the gaps in all domestic-international dragnets that agencies are just now beginning to close. And by proxying through the US, those calls would have been treated as US person calls (though given the clear foreign intelligence purpose, they would have met any retention guidelines, though may have been partly blocked in CIA’s dragnet). While there’s no reason to believe that Headley knew that, he likely knew what kind of phone records his handlers had been most interested in.

But it shouldn’t have mattered. As the article makes clear, GCHQ not only collected the VOIP communications, but Shah’s communications as he set them up.

Did FBI claim it tracked Headley using the NSA dragnet when it had actually used the DEA one?

I’ve been arguing for years that if dragnet champions want to claim they work, they need to explain why they point to Headley as a success story because they prevented his planned attack on a Danish newspaper, when they failed to prevent the even more complex Mumbai attack. Nevertheless, they did claim it — or at least strongly suggest it — as a success, as in FBI Acting Assistant Director Robert Holley’s sworn declaration in Klayman v. Obama.

In October 2009, David Coleman Headley, a Chicago businessman and dual U.S. and Pakistani citizen, was arrested by the FBI as he tried to depart from Chicago O’Hare airport on a trip to Pakistan. At the time of his arrest, Headley and his colleagues, at the behest of al-Qa’ida, were plotting to attack the Danish newspaper that published cartoons depicting the Prophet Mohammed. Headley was later charged with support for terrorism based on his involvement in the planning and reconnaissance for the 2008 hotel attack in Mumbai. Collection against foreign terrorists and telephony metadata analysis were utilized in tandem with FBI law enforcement authorities to establish Headley’s foreign ties and put them in context with his U.S. based planning efforts.

That said, note how Holley doesn’t specifically invoke Section 215 (or, for that matter, Section 702, which the FBI had earlier claimed they used against Headley)?

Now compare that to what the Privacy and Civil Liberties Oversight Board said about the use of Section 215 against Headley.

In October 2009, Chicago resident David Coleman Headley was arrested and charged for his role in plotting to attack the Danish newspaper that published inflammatory cartoons of the Prophet Mohammed. He was later charged with helping orchestrate the 2008 Mumbai hotel attack, in collaboration with the Pakistan-based militant group Lashkar-e-Taiba. He pled guilty and began cooperating with authorities.

Headley, who had previously served as an informant for the Drug Enforcement Agency, was identified by law enforcement as involved in terrorism through means that did not involve Section 215. Further investigation, also not involving Section 215, provided insight into the activities of his overseas associates. In addition, Section 215 records were queried by the NSA, which passed on telephone numbers to the FBI as leads. Those numbers, however, only corroborated data about telephone calls that the FBI obtained independently through other authorities.

Thus, we are aware of no indication that bulk collection of telephone records through Section 215 made any significant contribution to the David Coleman Headley investigation.

First, by invoking Headley’s role as an informant, PCLOB found reason to focus on DEA right before they repeatedly point to other authorities: Headley was IDed by “law enforcement” via means that did not involve 215, his collaborators were identified via means that did not involve 215, and when they finally did query 215, they only “corroborated data about telephone calls that the FBI had obtained independently through other authorities.”

While PCLOB doesn’t say any of these other authorities are DEA’s dragnet, all of them could be (though some of them could also be NSA’s EO 12333 dragnet, or whatever dragnet CIA runs, or GCHQ collection, or Section 702, or — some of them — FBI NSL-based collection, or tips). What does seem even more clear now than when PCLOB released this is that NSA was trying to claim credit for someone else’s dragnet, so much so that even the FBI itself was hedging claims when making sworn declarations.

Of course, whatever dragnet it was that identified Headley’s role in Laskar-e-Taiba, even the DEA’s own dragnet failed to identify him in the planning stage for the larger of the attacks.

If the DEA’s own dragnet can’t find its own informant plotting with people he’s identified in intelligence reports, how successful is any dragnet going to be?

 

The Other Possible Whys behind the Boston Marathon Attack

As the Dzhokhar Tsarnaev trial pauses for the Marathon and the attack anniversary (and, ostensibly, to give the defense time to line up their witnesses), some competing sides have aired their views about the story not being told at the trial.

An odd piece from BoGlo’s Kevin Cullen quotes a cop asking why the FBI Agents who interviewed Tamerlan Tsarnaev in 2011 did not recognize him from surveillance videos.

“Who were the FBI agents who interviewed Tamerlan Tsarnaev after the Russians raised questions about him two years before the bombings, and why didn’t they recognize Tamerlan from the photos the FBI released?” he asked.

That’s actually a great question. But then Cullen goes onto make some assertions that — if true — should themselves elicit questions, questions he doesn’t ask. He marvels at the video analysis after the event, but doesn’t mention that the FBI claims the facial recognition software it has spent decades developing didn’t work to identify the brothers. He lauds the FBI for finding Dzhokhar’s backpack in a dumpster, but far overstates the value of the evidence found inside (remember, among other things found on a thumb drive in it was a rental application for Tamerlan’s wife). Cullen also overstates the FBI’s evidence that the bombs were made in Tamerlan’s Cambridge apartment, and so sees that as a question about why Tamerlan’s wife, Katherine, wasn’t charged (forgetting, I guess, that she was routinely gone from the apartment 70 hours a week), rather than a question about all the holes in FBI’s pressure cooker story: Why did Tamerlan pay cash for pressure cookers — as FBI suggests he did — all while carrying a mobile GPS device that he brought with him when trying to make his escape? Where did the other two pressure cookers (the third pressure cooker used as a bomb, and the one found at the apartment) come from?

Masha Gessen — who just wrote a book about the case that I have not yet read — asks some of the same questions in a NYT op-ed in a piece that also highlights the government’s flawed claims about radicalization at the core of this case.

Even worse, two critical questions have not been answered. Where were the bombs built? Investigators have testified that they were not built at the older brother’s apartment or in the younger brother’s dorm room. Were they built in someone else’s apartment, house or garage? If so, who, and was he a knowing accomplice? Did he help in any other way?

The other big question is: Why did the F.B.I. fail to identify Tamerlan Tsarnaev, the older brother, who had been fingered as a potential terrorist risk two years before the bombing and interviewed by field agents? Within 24 hours of the bombing, on April 15, 2013, investigators focused on images of the brothers in surveillance tapes recovered from the scene. Yet they had no names — and more than two days later they released the photos to the public, asking for help with identifying the suspects. How is it possible that someone who had been interviewed by a member of the local Joint Terrorism Task Force could not be identified from the pictures?

Note, I think Gessen overstates how strongly the government has said the bombs weren’t made at the Cambridge apartment, but it is consistent with the evidence presented that they weren’t.

Compare these decent questions with Janet Napolitano’s take — not so much on the trial, but on Gessen’s book.

Before I get into the key graph of her review, consider Napolitano’s role here. Her agency — especially Customs and Border Patrol — came in for some criticism in the Joint IG Report on the attack, because they may not have alerted the FBI to Tamerlan Tsarnaev’s travel to and from Russia in 2012, because they treated Tamerlan as a low priority and therefore didn’t question him on his border crossings (the trial record may indicate Tamerlan had Inspire on his computer when he traveled to Russia), and because the CBP record on Tamerlan went into a less visible status while he was out of the country, meaning he evaded secondary inspection on the way back into the country as well. Yet she mentions none of those crucial details about DHS’s role in missing Tamerlan’s travel and increasing extremism in her review.

Rather, she describes her agency as a valiant part of the combined effort to hunt down the attackers.

As secretary of homeland security, I immediately mobilized the department to assist Boston emergency responders and to work with the F.B.I. to identify the perpetrators. Because the Boston Marathon is an iconic American event, we suspected terrorism, but no group stepped forward to claim credit. Massive law enforcement resources — local, state and federal — had to be organized and deployed so that, within just a few days, we had narrowed the inquiry from the thousands of spectators who had come to cheer on the runners to two, who had come to plant bombs.

Only much later in her review does Napolitano makes a defense of the government failure to prevent this attack, though once again she makes no mention of her own agency’s role in failing to stop the attack. As Napolitano tells it, this is about the FBI and it’s just “armchair quaterbacking.”

In the course of armchair quarterbacking that followed the bombing, it was revealed that the Russian Federal Security Service, known as the F.S.B., had notified the F.B.I. in 2011 about Tamerlan’s presence in the United States. Although criticized for inadequate follow-up, the F.B.I. actually interviewed Tamerlan and other household members at least three times in 2011. Further requests to the F.S.B. for details went unanswered. Other than putting Tamerlan under 24-hour surveillance, it is difficult to ascertain what more the F.B.I. could have done — according to Gessen, Russia routinely presumes all young urban Muslim men to be radical.

Much of the rest of Napolitano’s review focuses on the government’s theory of radicalization and the Tsarnaev family’s collective failure to achieve the American Dream (which, I guess, is what Gessen was debunking in her op-ed the next day), returning the story insistently to one about radicalization. Except then, having emphasized how many times the FBI had contact with Tamerlan in 2011, she scoffs at the questions that might raise and Gessen’s reliance on evidence the government itself has introduced into the public record.

In the final chapters, however, the book becomes curiouser and curiouser; Gessen seems to become a conspiracy theorist. She postulates that the F.B.I. recruited Tamerlan as an informant during their visits to the Tsarnaev home in 2011. She then surmises that Tamerlan went rogue and participated in the killing of three friends with whom he dealt marijuana. She goes further, and suggests that after the bombings, the F.B.I. delayed telling Boston law enforcement about Tamerlan’s identity because they wanted to reach him first, kill him and hide his presence as an informant. Gessen likens this alleged behavior to the F.B.I.’s use of sting operations, and she implies that the bureau has been entrapping defendants as opposed to finding real terrorists. And, finally, relying on the words of “several” unnamed explosives experts, she asserts that the Tsarnaevs must have had help constructing the bombs, despite the presence of explicit instructions on the Internet and in Inspire, a jihadist magazine.

How is Gessen a conspiracy theorist because she “surmises that Tamerlan … participated” in the 2011 Waltham killings? That claim came from the FBI itself! The FBI says Ibragim Todashev was confessing to that fact when they killed him. And how is suggesting the bombs used at the Marathon (as distinct from those thrown in Watertown) could not have come directly from Inspire be a conspiracy theory when that is the testimony the defense elicited from FBI’s own bomb expert on cross examination?

Effectively, Janet Napolitano, whose agency rightly or wrongly received some of the criticism for failing to prevent this attack, completely ignores the questions about prevention and then dismisses questions that arise out of the government’s failure to prevent the attack as a conspiracy theory.

Napolitano’s choice to write (and NYT’s choice to publish) a critical review of a book pointing out problems with the narrative of the attack she herself has been pitching actually got me thinking: Imagine Robert Mueller writing such a review? Had he done so, the inappropriateness of it, the absurdity of deeming claims made by the FBI a conspiracy theory, and his own agency’s role in failing to prevent the attack would have been heightened. Not to mention, he likely would have had a hard time dismissing the real questions about the provenance of the bombs, given that his former agency claims not to know the answers to them. And that made me realize that having Napolitano write this review worked similarly to the way the prosecution’s parade of witnesses who hadn’t done the primary analysis on the evidence in the case did. It gave official voice to the chosen narrative, without ever exposing those who might be able to answer the still outstanding questions to question.

For what it’s worth, I have a few more questions about the attack that — like Cullen and Gessen — I regret will likely go unanswered. Or rather, perhaps another theory about the government’s implausible claim not to have IDed the brothers until they got DNA from Tamerlan on April 19th.

As I mentioned, no one wants to talk about why facial recognition didn’t work which — if true — ought to have led to congressional hearings and the defunding of the technology. The FBI wants you to believe that they couldn’t ID a guy they had had in a terrorist watchlist and extended immigration records on and Congress wants you to believe that would be acceptable performance for an expensive surveillance system.

I’ve also tracked the government’s odd use of GPS data in the trial. They used cell tower information based off the brothers’ known handsets (which they only got in smashed condition days later) to track their movement at the race. They used a series of GPS devices to track the purchases of the materials used in the attack and to track the brothers in the stolen Mercedes (though their claims about how they tracked the Mercedes still don’t add up). There’s something missing from this story, and I increasingly wonder whether it’s the use of a Stingray or similar device, which we know even local authorities use in the case of public events like protests or sporting events, which might have been able to pinpoint calls made between phones using the same “cell” at the race, and with it, pinpoint the phones we know were registered under the brothers’ real names.

So here’s my conspiracy theory, Janet Napolitano: Not only do I think claims Tamerlan was an informant ought to be at least assessed seriously (though I also think the Russians clearly are not telling us what they believed him to be, either), which might be one explanation for FBI’s dubious claims not to have IDed the brothers for over 3 days. But I also think the government pursued this case with an eye towards what intelligence they were willing to admit at trial — and we know they refuse to admit how sophisticated their use of Stingrays is, and we should assume they refuse to admit how well facial recognition technology works, either.

That is, in addition to the other real questions and possible explanations for the delay, I think it possible that the FBI had to create a manhunt so as to hide the tools that IDed the brothers far earlier than they let on.

Update: I meant to add that I think the timing of the recent Stingray releases to be curious. Basically, the dam holding back disclosures of the FBI’s secrecy on Stingrays burst on Wednesday, April 8, as the ACLU, Baltimore, and two other jurisdictions got Non-Disclosure Agreements on the same day, after the Tsarnaev case had gone to the jury. That’s as conveniently timed, it seems, as the April 3 release of the After Action report, which Massachusetts had held since December. Also remember that the government doesn’t have to disclose PRTT data to defendants unless it uses that evidence at trial (and has suggested it has PRTT data on other terrorist defendants that it doesn’t have to turn over). So if they did use a Stingray to ID the brothers at all, they would claim they didn’t have to disclose it, but wouldn’t want to make the capability too obvious until after the defense lost any opportunity to make a constitutional claim.

Dzhokhar’s Phones

According to an exhibit introduced in the Dzhokhar Tsarnaev trial, the government subpoenaed T-Mobile on April 19, 2013  for the subscriber information from the two pre-paid phones used by the brothers during the attack. T-Mobile (unsurprisingly) replied that same day. The government appears to have redacted the fax time stamp to hide what time that occurred. But at that point, they were only getting subscriber information based off the phone numbers from phones they may or may not have had in custody.

Tamerlan had gotten his phone immediately after returning from Russia, but Dzhokhar got his just the day before the attack. Presumably, Tamerlan’s phone would have been used regularly (though we don’t know that — unless I’m mistaken, the government never submitted a summary of his calls). In addition to three calls with his brother during the actual attack and one between the time Sean Collier was killed and the time Tamerlan hijacked the Mercedes (Dzhokhar also communicated with Tamerlan via Skype during this period), Dzhokhar contacted several other people using his phone.

The government claims (dubiously) that it did not identify the brothers until after Tamerlan was fingerprinted at the hospital, which would have happened sometime around 1:06AM on April 19.

In a hearing against Dzhokhar’s buddies from summer 2014, a prosecutor questioning FBI Agent John Walker tried to place this time closer to 6:50AM, though I think this is based on the public release of Dzhokar’s ID, not the identification of Tamerlan’s.

Q. And by 6:50 a.m. Friday morning, April 19th, had the suspected bombers in those photographs been identified?

Walker. By 6:50 a.m. the FBI was certainly aware of the identity of one of those persons, then deceased, and the FBI publicized the name of the second person in the photograph, colloquially referred to as “White Hat” or “Bomber Number Two.” But, yes, we had.

Q. And how was it that the FBI was able to identify the individuals in those photographs?

Walker. We identified the first individual based on a positive comparison of his known fingerprints. A fingerprint from the decedent was transmitted to our facility in West Virginia, the repository for fingerprints, and within moments we had a positive identification on that person.

From Walker’s description, though, it should have taken place “just moments” after they got his fingerprints, so closer to 1:06 AM than 6:50 AM.

I’m interested in this because of Walker’s description of how they obtained and responded to information on Dzhokhar’s previous phone, one of four phones tied to an AT&T Friends and Family account under his name but billed to the buddies’ address.

Walker seems to suggest that they found these phones by Dzhokhar’s name, not by phone number, and only then discovered that Azamat Tazhayakov had been in contact with Dzhokhar (though I don’t see that in the phone records submitted at trial). This means that by 10, they were doing significant call record analysis on the AT&T phones, regardless of what they were doing on the T-Mobile phones.

Q: On the morning of April 19th, had the FBI received any information about telephones subscribed to Tsarnaev?

Walker: We had. We knew that Tsarnaev, Dzhokhar Tsarnaev, subscribed to four telephones with AT&T, and that the address that he provided and the address to which his telephone bills were sent was 69 Carriage Drive, New Bedford, Massachusetts.

One of those phones was significant to us immediately, because the telephone showed enormous and continuing and temporally significant connectivity with the late Tamrelan Tsarnaev, including around the time of the bombings.

Almost as importantly for my work there that day, a second of the telephones again subscribed by Tsarnaev happened to show connectivity with Dzhokhar Tsarnaev a few hours before the bombings that Monday, April 15th. The other two phones showed little, if any, recent connectivity to either of the Tsarnaev brothers.

Q: Was there a belief at the FBI at the time that telephones, mobile phones, were used during the execution of the bombing attack?

Walker: Yes.

Q: So, based on that information, this telephone information that you had received, subscriber information, what did the FBI do next?

Walker: Well, we were naturally all week long very concerned with regard to phones, because, as I have mentioned, we suspected that phones were used in the general commission of the act of terrorism on the Monday. We were also interested in potentially exploiting intelligence from the phones to locate the fugitive Tsarnaev.

[snip]

I received a call from the FBI Command Post in Boston that about 20 minutes earlier — and the time I received it I thought about 10:40 a.m. — but about 20 minutes earlier that the second phone in question that I just mentioned had transmitted a message to Russia, and that message had bounced off a tower located about a mile from the campus at UMass Dartmouth.

So, I believed at the time that there was a stronger possibility that Tsarnaev may have actually eluded capture in Watertown and might be transmitting communications from down in the New Bedford/North Dartmouth area.

Q: Now, talking about this phone, were the last four digits 9049?

Walker: Yes.

Q: And did you subsequently learn that the phone was used by one of the defendants?

Walker: I did.

Q: And which defendant was that?

Walker: Mr. Tazhayahkov. [sic]

Q: And a moment ago you said approximately shortly after 10:00 a.m. that one of the phones had sent a text message or had some activity with Russia?

Walker: Yes.

Q: How far was that tower that it bounced off from the defendants’ apartment?

Walker. From the defendants’ apartment it was — and I know this because I mapped it out after the fact — but it’s approximately 900 meters.

Q: Now, what, if any, belief — sorry. Strike that. During the afternoon of April 19th, 2013, was the FBI able to determine the location of any of Tsarnaev’s phones, Dzhokhar Tsarnaev’s phones?

Walker: Yes.

Q: And can you tell us what was learned that afternoon about where that phone was located?

Walker: We learned that the phone ending or having the suffix 9049 was physically present within, because we could not see it on the outside, but within 69 Carriage Drive in New Bedford. It’s a two-story, four-apartment building amidst a larger complex of similarly constructed buildings.

Q: So, based on that information, the FBI believed that one of Tsarnaev’s phones was located in 69 Carriage Drive; is that what you said?

Walker: Yes.

I’m still trying to make sense of this — I have no conclusions about it. I’m mostly trying to understand whether discovery of these phones followed one from another or not, and what database they used to do the analysis. I think it most likely they used AT&T’s onsite response, which should have had both AT&T and T-Mobile records, probably without a formal subpoena. You would think they would have formally served a subpoena before using the AT&T account to raid the New Bedford apartment, but they certainly didn’t get a warrant.

Update: There’s one more detail I can’t make sense of. Walker said that Dzhokhar logged into UMass Dartmouth’s system at 6:19 AM.

I learned later, but not too much later, we received a report on campus from the campus technology infrastructure that at 6:19 a.m. on the morning of Friday, April 19, that Tsarnaev had logged onto the system on campus. While I was determining whether that logon was remote or was — would suggest that he was physically present on campus, I received a second report from campus authorities that he logged on and was thought to be physically present on campus at 6:21 a.m. that Friday.

He would have been hiding in the Slip Away by this point.

Tamerlan Tsarnaev Moved Inspire onto Dzhokhar’s Computer the Day He Left for Russia

Yesterday, the defense in the Dzhokhar Tsarnaev trial rested; closing arguments will be Monday. Dzhokhar’s defense consisted of just four witnesses, undermining the suggestions by the prosecution that he was just as steeped in jihadist propaganda as Tamerlan (see this post for part of a description).

As part of their efforts to do that, the defense showed, in far more detail, what the brothers had been doing online, and how the complete copies of Inspire magazine had gotten onto all their computers and when. (The defense exhibits are here, though this site is apparently being flagged as itself suspicious, at least by Twitter.) This document, for example, shows that Dzhokhar spent more time on Pornhub than he did on anything explicitly jihadist (though who knows what we was doing on Facebook and VKontakte, his most commonly accessed sites, by a very large margin). Several of the others show that the searches for explosives related materials took place on Tamerlan’s computer (though oddly, he already had some of those materials by that point).

And while I don’t think the defense laid this case out yesterday, it appears that Tamerlan loaded Inspire onto a thumb drive and then onto Dzhokhar’s computer the morning of January 21, 2012, just before he left for Russia.

This document shows that the Sony Vaio, which ultimately became Dzhokhar’s computer, was loaded with Windows in early 2011. Then came the HP that was in a room in Cambridge that fall. And finally came the Samsung loaded with Windows December 21, 2011, not long before Tamerlan would go to Russia. This document shows CompleteInspire being created on the Samsung that day, December 21, 2011. This document appears to show someone inserting a thumb drive into the Samsung at 6:22 AM on January 21, 2012, moving a copy of Inspire onto it, and then moving copies of those onto the Sony.

This CBP record shows his departure that day on Aeroflot flight 316, which at least currently departs at 8:05PM.

It’s not clear what to make of this — though it does make clear that Dzhokhar, at least, would have avoided any upstream searches on Inspire because it got placed on his computer view thumb drive, not download. It also doesn’t prove that Dzhokhar wasn’t reading Inspire by that point — as far as I understand it, the Sony was his computer by that point. But I find the timing — that the first thing Tamerlan did the morning he left for Russia was to make sure all the laptops had a copy of Inspire on them — rather curious.

One more note: something else introduced in the last days also showed a Russian version of Inspire.

Also, from the exhibits, it’s not really clear whether these files were found on the computer or deleted in unallocated space. There was a second copy of CompleteInspire loaded onto the Samsung in August 2012, after Tamerlan returned from Russia. So it’s possible that what we’re seeing is Tamerlan moving Inspire onto his brother’s computer, deleting it on his own for border crossings, and then reloading it on his own after his return.

That said, if he didn’t delete that copy of Inspire the morning he left for Russia, if CBP done a perfectly legal device search on Tamerlan’s computer at JFK that evening, they might have seen that he was flying with a full copy of Inspire on his device (though remember, this computer, unlike the Sony, was encrypted). Which, if it were the case, would make CBP’s failure to do so all the more damning.

1 2 3 88
Emptywheel Twitterverse
bmaz RT @AP_NFL: AP sources: Tom Brady's appeal won't be heard by Wednesday deadline (@ap_robmaaddi) #NFL http://t.co/zpPZFHO5P5
12mreplyretweetfavorite
bmaz @BradMossEsq @AdamSerwer Well, you are a competent attorney, so, no, probably not.
15mreplyretweetfavorite
bmaz @quinnnorton @MonaHol No, on the whole, I think juries do MUCH better than many people think.
17mreplyretweetfavorite
bmaz @JeffreyToobin @fedcourts Nope. That hope appears to have vanished when more were not nominated and pushed previously.
22mreplyretweetfavorite
emptywheel @DanielLarison We have a lot of democracy to share.
23mreplyretweetfavorite
bmaz @quinnnorton @MonaHol I have done an awful lot of jury trials, and I think you are selling juries short as a whole. They work.
35mreplyretweetfavorite
emptywheel @DanaHoule On the second one, which is quite lovely.
42mreplyretweetfavorite
emptywheel Phone dragnet is most important thing ever. Unless Mitch McConnell might suffer embarrassment for his hubris. In which case it's "trivial"
44mreplyretweetfavorite
emptywheel Devin Nunes, of fight to continue the little-used but "important" phone dragnet: "really trivial" http://t.co/qwG5rYyIVV
46mreplyretweetfavorite
bmaz @quinnnorton @MonaHol The courtroom is a different place, I can understand the frustration though.
50mreplyretweetfavorite
JimWhiteGNV A little overcast this evening, but quite a nice view for next six days. http://t.co/8kIES8JqOq
52mreplyretweetfavorite
May 2015
S M T W T F S
« Apr    
 12
3456789
10111213141516
17181920212223
24252627282930
31