1 2 3 24

Hacking John Brennan, Hacking OPM

In Salon, I’ve got my take on the hack of John Brennan’s AOL account by a 13-year old stoner.

While I think it sucks that WikiLeaks posted unredacted data on Brennan’s family, I’m not at all sympathetic to Brennan himself. After all he’s the guy who decided hacking his SSCI overseers would be appropriate. He’s one of the people who’ve been telling us we have no expectation of privacy in the kinds of data hackers obtained from Verizon — alternate phone number, account ID, password, and credit card information — for years.

But most of all, I think we should remember that Brennan left this data on an AOL server through his entire Obama Administration career, which includes 4 years of service as Homeland Security Czar, a position which bears key responsibility for cybersecurity.

Finally, this hack exposes the Director of the CIA exercising almost laughable operational security. The files appear to date from the period leading up to Brennan’s appointment as White House Homeland Security Czar, where a big part of Brennan’s job was to prevent hacks in this country. To think he was storing sensitive documents on an AOL server — AOL! — while in that role, really demonstrates how laughable are the practices of those who purport to be fighting hackers as the biggest threat to the country. For at least 6 years, the Homeland Security Czar, then the CIA Director — one of the key intelligence officials throughout the Obama Administration — left that stuff out there for some teenagers to steal.

Hacking is a serious problem in this country. Like Brennan, private individuals and corporations suffer serious damage when they get hacked (and the OPM hack of Brennan’s materials may be far more serious). Rather than really fixing the problem, the intelligence community is pushing to give corporations regulatory immunity in exchange for sharing information that won’t be all that useful.

A far more useful initial step in securing the country from really basic types of hacking would be for people like Brennan to stop acting in stupid ways, to stop leaving both their own and the public’s sensitive data in places where even stoned kids can obtain it, to provide a good object lesson in how to limit the data that might be available for malicious hackers to steal.

I would add, however, that there’s one more level of responsibility here.

As I noted in my piece, Brennan’s not the only one who got his security clearance application stolen recently. He is joined in that by 21 million other people, most of whom don’t have a key role in cybersecurity and counterintelligence. Most of those 21 million people haven’t even got official notice their very sensitive data got hacked by one of this country’s adversaries — not even those people who might be particularly targeted by China. Like Brennan, the families of those people have all been put at risk. Unlike Brennan, they didn’t get to choose to leave that data sitting on a server.

In fact, John Brennan and his colleagues have not yet put in place a counterintelligence plan to protect those 21 million people.

If it sucks that John Brennan’s kids got exposed by a hacker (and it does), then it sucks even more than people with far fewer protections and authority to fix things got exposed, as well.

John Brennan should focus on that, not on the 13 year old stoner who hacked his AOL account.

Transcribing James Clapper

Hamid Karzai refused to meet with Obama during a surprise visit just after MYSTIC disclosures, so Obama called from Air Force One instead.

Hamid Karzai refused to meet with Obama during a surprise visit just after MYSTIC disclosures, so Obama called from Air Force One instead.

Yesterday, during the Q&A to his speech at INSA (which is where defense and intelligence contractors huddle with government paymasters), James Clapper conceded that Edward Snowden brought needed transparency but had also damaged operations. Rather than obliquely pointing to the exposure that Skype was no longer safe from surveillance, as he and his ilk normally do, Clapper pointed to what he claimed was a concrete example: what journalists have reported as revelations about full take cell phone content (SOMALGET or MYSTIC) leading to loss of access in Afghanistan.

After Clapper made the claim, a lot of reporters did what reporters do: they transcribed his comments uncritically. Lots of journalists did this, but here’s WaPo’s version from Ellen Nakashima:

One of the disclosures based on documents leaked by Edward Snowden, the former National Security Agency contractor, prompted the shutdown of a key intelligence program in Afghanistan, the nation’s top spy said Wednesday.

“It was the single most important source of force protection and warning for our people in Afghanistan,” Director of National Intelligence James R. Clapper Jr. said at an intelligence conference.

He was addressing a question about the impact of revelations by Snowden, whose leaks led to a global debate about the proper scope of U.S. surveillance at home and abroad.

Nakashima and other reporters assumed Clapper meant the MYSTIC/SOMALGET program, which Nakashima noted the WaPo first described (on March 18, 2014), followed by The Intercept two months later (on May 19, 2014), followed by WikiLeaks revealing Afghanistan as the target country several days later (on May 23, 2014). [Update: Note Cryptome correctly determined Afghanistan was the country on May 19, the day the Intercept published.]

Having laid all that out, however, Nakashima doesn’t quote the part of Clapper’s answer that would either discredit his description or reveal it’s something else. Here’s Ars Technica’s transcription of that part of it.

And programs that had a real impact on the security of American forces overseas, including one program in Afghanistan, “which he exposed and Glenn Greenwald wrote about, and the day after he wrote about it, the program was shut down by the government of Afghanistan,” Clapper noted.

If it’s the MYSTIC/SOMALGET program Clapper was really talking about, then his claim is self-refuting. Because either folks in Afghanistan recognized the program themselves back when WaPo wrote about it in March 2014, or probably didn’t until WikiLeaks confirmed they were the target. It wouldn’t have been Greenwald’s story, in which he withheld the information the government requested in any case.

For the moment, I’m going to assume that was the program, but let’s remember it might not be.

If so, consider what Clapper has done. As I mentioned, normally when people want to beat up Snowden, they point to his disclosure NSA had compromised Skype. But they never confirm that — they just mention it obliquely. Here, Clapper has confirmed the thing (actually just one of the things) that NSA had asked Greenwald to withhold. Given how vague WikiLeaks was about how they knew (after all, they’re not known to have the Snowden documents themselves), if this is MYSTIC/SOMALGET it seems that Clapper has definitively confirmed something that was at least of unknown provenance before.

Although, for reasons of source protection we cannot disclose how, WikiLeaks has confirmed that the identity of victim state is Afghanistan.

In other words, Clapper has confirmed something that hadn’t been confirmed before, precisely because the journalists involved had deferred to the government’s request not to publish it.

Or did he?

Clapper claimed “the program was shut down by the government of Afghanistan.”

Admittedly, the MYSTIC/SOMALGET disclosures came at an awkward time for US-Afghan relations. Hamid Karzai had been pushing back against night raids, prisoner transfers, and CIA militias. In part because the US wouldn’t cede Afghan sovereignty on such issues, Karzai was refusing to sign the Bilateral Security Agreement (raising the same kind of SOFA negotiation problems that forced us to withdraw troops from Iraq). Throughout this two month period, the election and run-off were going on.

So the disclosure that the US had compromised Afghanistan’s entire cell phone system — and implicitly, had copies of every cell call that Karzai and his potential replacements might make — would surely anger the Afghans, especially Karzai. Notably, two days after the WikiLeaks disclosure, Karzai refused to meet when President Obama made a surprise visit to the country on May 25, so (as shown by the White House image above) Obama called him from Air Force One instead.

But if that’s the case — if Afghanistan forced the US to shut down the full-take collection of cell phone content even as Obama was making surprise last minute visits (which may even have been an attempt to convince Karzai to reverse that decision) — then the fault lies not just, or even primarily, with Snowden. It lies with a long history of US refusal to cede to Afghanistan’s demands for some kind of functional sovereignty. This telecom disclosure may have been one more in a series of aggravations, but it was by no means the only one. Moreover, given that President Ghani’s relationship with the US is, thus far at least, far better than Karzai’s was at the time, it’s quite possible he has permitted the US to resume full-take collection.

James Clapper would be a lot more likely to confirm that Afghanistan had shut down NSA’s full-take collection if it had been resumed again under Karzai’s successor. Not least, because it would provide adversaries with false confidence the NSA didn’t have full take coverage.

Now consider this description of the Bahamian fallout from the equivalent disclosure. It shows that two parties were involved — the country’s telecom as well as the government. Indeed, all stories on this make it clear telecom providers are centrally involved in the collection program.

Moreover, the Intercept version of the story makes it quite clear they withheld not just the target country, but also the provider at the center of it.

The NSA documents don’t specify who is providing access in the Bahamas. But they do describe SOMALGET as an “umbrella term” for systems provided by a private firm, which is described elsewhere in the documents as a “MYSTIC access provider.” (The documents don’t name the firm, but rather refer to a cover name that The Intercept has agreed not to publish in response to a specific, credible concern that doing so could lead to violence.) Communications experts consulted by The Intercept say the descriptions in the documents suggest a company able to install lawful intercept equipment on phone networks.

And they withheld it for the same reason, because revealing it would lead to violence. That provider name has not been made public (though for a variety of reasons I think that’s the key secret here). Shutting down the system would have to involve, at a minimum, the Afghan government, this provider, plus Afghanistan’s multiple cell providers.

There are more reasons to believe Clapper’s story is bullshit. From the 2005 STELLAR WIND disclosures, which revealed the US was collecting all US-Afghanistan calls, to reports as early as 2008 that the Taliban were targeting cell providers because they recognized the security risk the networks posed, there is zero chance our adversaries in Afghanistan were unaware that the US had close to full dominance over the communications lines. There were also earlier Snowden disclosures — including Tempora, XKeyscore, and what sounded like transcripts obtained using a Stingray from a Afghan raid — that would have confirmed that view. The US is collecting close to everything from most countries where it remains at war, via a variety of overlapping means. There’s little about this disclosure in particular that added to the risk — but then, our adversaries had long been learning of our tactics and adjusting accordingly.

There is, then, the possibility it was one of these other disclosures Clapper was whining about — such as the potential Stingray one.

But if Clapper was talking about SOMALGET, and if it is true that the full-take collection got shut down, it means he and the government are blaming Snowden for long-term mismanagement of the Afghan relationship. It also may well mean that Ghani has let the US resume collection and Clapper’s public “confirmation” was designed — in addition to launching some unwarranted shots at Edward Snowden — to create the false impression the collection remains inactive.

James Clapper is a confirmed liar. Even setting aside his lies to Congress, it is his job to lie to adversaries. While that doesn’t mean journalists shouldn’t report what he says, there’s a great deal of context that should accompany such transcriptions.

WikiLeaks Reveals Steinmeier Intercepts, 2 Years before Helping Condi Look Unconcerned by Kidnapping Liabilities

In its latest release on the individual intercepts the NSA collected on top German officials, WikiLeaks revealed that Foreign Minister Frank-Walter Steinmeier had been a priority 2 target in NSA’s monitoring of German political affairs.

Screen Shot 2015-07-20 at 12.19.41 PM

The actual intercept released with today’s list of targets pertains to Steinmeier’s first visit to DC as Foreign Minister in November 2005.

The intercept described how Steinmeier was pleased to have gotten a non-committal answer from Condi Rice when he asked her whether the CIA had run rendition flights through Germany.

(TS//SI//NF) New German Foreign Minister Pleased With First Official  Visit to Washington

(TS//SI//NF) Frank­-Walter Steinmeier seemed pleased on 29 November  with the results of his first visit to Washington as the new German Foreign Minister. Steinmeier described the mood during his talks with U.S. officials as very good, but feared that the most difficult part was still ahead. He seemed relieved that he had not received any  definitive response from the U.S. Secretary of State regarding press reports of CIA flights through Germany to secret prisons in eastern  Europe allegedly used for interrogating terrorism suspects. Steinmeier remarked that Washington is placing great hope in his  country’s new government. In this connection, he is looking for areas where bilateral cooperation can be strengthened and is considering  the southern Caucasus as one possible area.

This would have been of particular concern for Steinmeier as he was Chief of Staff in German’s Chancellery, in charge of intelligence. If German intelligence did know about the flights, he would be complicit. So he might be particularly happy to report that the US — that Condi Rice — was officially giving a non-answer to the question of whether or not the CIA was using Germany as a base for its kidnapping flights.

Better to officially not know.

Now, I actually am not at all troubled that NSA is wiretapping foreign officials. They’re surely doing the same to our equivalents. So while I’m interested in what these WikiLeak releases say about our NSA activities, I’m not critical of these activities.

But I am interested that Steinmeier was wiretapped for this reason.

As a State cable released by WikiLeaks back in 2010 showed, in 2007, Steinmeier and Condi met to discuss the recent arrest warrants issued by a German court. Steinmeier came out of the meeting and said publicly that Condi had told him she and the US would have no problem with the issue of arrest warrants for 13 US agents. After Steinmeier created that impression in the press, the Deputy Chief of the Mission to Germany corrected that impression, making it clear that the US had a very big problem with the planned arrest of its agents for kidnapping.

Just as the German prosecutor issued arrest warrants for 13 CIA personnel, Condi Rice and Germany’s Foreign Minister Frank-Walter Steinmeier met in DC for a discussion of Mideast peace efforts. After they met, Steinmeier told the German press that Condi had assured him that the arrest warrants wouldn’t affect German-US relations.

Steinmeier told the Welt am Sonntag newspaper that he had raised the issue with US Secretary of State Condoleezza Rice, who “assured me there would be no negative impact on German-American relations.”

Steinmeier, whose remarks were released a day ahead of publication on Sunday, said he told Rice the warrants could only be served in Germany at present, but the government expected the court to issue international warrants at some stage.

The cable describes a February 6, 2007 meeting in which the Deputy Chief of Mission of the US Embassy in Germany, John Koenig, “corrected” the impression that Steinmeier had gotten from his meeting with Condi the week before.

In a February 6 discussion with German Deputy National Security Adviser Rolf Nikel, the DCM reiterated our strong concerns about the possible issuance of international arrest warrants in the al-Masri case. The DCM noted that the reports in the German media of the discussion on the issue between the Secretary and FM Steinmeier in Washington were not accurate, in that the media reports suggest the USG was not troubled by developments in the al-Masri case. The DCM emphasized that this was not the case and that issuance of international arrest warrants would have a negative impact on our bilateral relationship. He reminded Nikel of the repercussions to U.S.-Italian bilateral relations in the wake of a similar move by Italian authorities last year.

Koenig goes on to note that the government would have political problems in the US if the Germans issued the international arrest warrants.

The DCM pointed out that the USG would likewise have a difficult time in managing domestic political implications if international arrest warrants are issued.


[T]his was obviously a hastily called meeting in response to Steinmeier’s quotation of Condi’s assurances the warrantswouldn’t cause a problem. Note the specific language Koenig uses:

The DCM noted that the reports in the German media of the discussion on the issue between the Secretary and FM Steinmeier in Washington were not accurate, in that the media reports suggest the USG was not troubled by developments in the al-Masri case.

He’s not telling the Germans that Steinmeier was wrong, that he mis-quoted Condi. Rather, Koenig’s simply saying that the content–what Condi had said–was wrong.

While the cable makes it clear that Koenig was emphasizing the stance of the USG, it’s still not clear whether Condi just lied to Steinmeier about USG concern, using that as cover for the kidnapping that she, who was National Security Advisor during the kidnapping, would have been implicated in, or whether Steinmeier knowingly put disinformation into the press that State subordinates could correct in secret. That is, it’s not clear how knowingly Steinmeier served as a stooge in US disinformation that ultimately protected Condi.

But I do find the continuity of Steinmeier’s happiness about pretending there was no kidnapping going on in Germany to be notable. I also find it notable that Condi and her friends would have had very detailed understanding of Steinmeier’s opinions and activities from the interim period.

President Obama Declares the Threat to Crappy Sony Movies a National Emergency

President Obama just issued an Executive Order that directs Department of Treasury to impose sanctions on people who engage in “significant malicious cyber-enabled activities.” The move has been reported as a means to use the same kind of sanctions against significant hackers as we currently used against terrorists, proliferators, drug cartels, and other organized crime.

Regardless of whether you think this will do any good to combat hacking, I have several concerns about this.

First, at one level, the EO targets those who “harm[], or otherwise significantly compromis[e] the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector.” But remember, our definition of critical infrastructure is absurdly broad, including things like a Commercial Facilities sector that includes things like motion picture studios — which is how Sony Pictures came to be regarded as critical infrastructure — and even things like campgrounds.

And it’s actually not just critical infrastructure. It also targets people who “caus[e] a significant disruption to the availability of a computer” and those who “caus[e] a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.” I can envision how this EO might be ripe for abuse.

But it gets worse. The EO targets not just the hackers themselves, but also those who benefit from or materially support hacks. The targeting of those who are “responsible for or complicit in … the receipt or use for commercial or competitive advantage … by a commercial entity, outside the United States of trade secrets misappropriated through cyber-enabled means, … where the misappropriation of such trade secrets is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States” could be used to target journalism abroad. Does WikiLeaks’ publication of secret Trans-Pacific Partnership negotiations qualify? Does Guardian’s publication of contractors’ involvement in NSA hacking?

And the EO creates a “material support” category similar to the one that, in the terrorism context, has been ripe for abuse. Its targets include those who have “provided … material, or technological support for, or goods or services in support of” such significant hacks. Does that include encryption providers? Does it include other privacy protections?

Finally, I’m generally concerned about this EO because of the way National Emergencies have served as the justification for a lot of secret spying decisions. Just about every application to the FISC for some crazy interpretation of surveillance laws in the name of counterterrorism founds their justification neither in the September 17, 2001 Finding authorizing covert actions against al Qaeda nor the September 18, 2001 AUMF, but instead in President Bush’s declaration of a National Emergency on September 14, 2001. I’m not sure precisely why, but that’s what the Executive has long used to convince FISC that it should rubber stamp expansive interpretations of surveillance law. So I assume this declaration could be too.

In other words, the sanctions regime may well be the least of this EO.

FBI Is Not “Surveilling” WikiLeaks Supporters in Its Never-Ending Investigation; Is It “Collecting” on Them?

The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)

In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.

2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.

I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.

In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.

First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.

Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.

I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.

Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.

All  of which brings me to the remaining interesting subtext of this ruling.

Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.

While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)

Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).

In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.

Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.

Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.


In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.

I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.

After Five Years, Saudis Will Finally Get Their Drones to Strike Houthis

Thanks to Chelsea Manning, we know that almost exactly five years ago, the US Ambassador to Saudi Arabia James Smith met with the then Assistant Minister for Defense Khalid bin Sultan about a disastrous Saudi air attack on a Houthi hospital on the Yemeni-Saudi border that killed a thousand people, many civilians. Prince Khalid used the American scolding not only to redouble his requests for US satellite assistance targeting Houthis — with more accuracy, Khalid suggested, the Saudis might kill fewer civilians — but also to ask for Predator drones.


¶3. (S/NF) Upon seeing the photograph, Prince Khalid remarked, “This looks familiar,” and added, “if we had the Predator, maybe we would not have this problem.” He noted that Saudi Air Force operations were necessarily being conducted without the desired degree of precision, and recalled that a clinic had been struck, based on information received from Yemen that it was being used as an operational base by the Houthis. Prince Khalid explained the Saudi approach to its fight with the Houthis, emphasizing that the Saudis had to hit the Houthis very hard in order to “bring them to their knees” and compel them to come to terms with the Yemeni government. “However,” he said, “we tried very hard not to hit civilian targets.” The Saudis had 130 deaths and the Yemenis lost as many as one thousand. “Obviously,” Prince Khaled observed, “some civilians died, though we wish that this did not happen.”

The attack on the hospital and the Saudi request for more war toys all took place amid assurances that the strikes on the Houthis would “bring them to their knees” which would in turn lead to a lasting ceasefire, which would free up Saudi attention to go after al Qaeda, the ostensible purpose for US intelligence cooperation in the first place.

In the interim five years, a few key developments have happened. Back in 2011, after JSOC couldn’t seem to get clean intelligence on Anwar al-Awlaki, the US built a drone base on the Saudi border that magically managed to find and kill the cleric within months.

More recently, Houthis have brought their fight to Sanaa and beyond, overthrowing the US and Gulf Cooperation Council selected President Abdo Rabi Mansour Hadi. In the wake of what the government has deemed (unlike Egypt) a coup, the US and most western governments have withdrawn embassy personnel, an action that will have little effect on their security but significant effect on the legitimacy of the Houthi-run government.

And now, just in time, the State Department has rolled out a framework under which the US will sell drones to our allies.

But don’t worry! State has included a bunch of rules that cover precisely the same concerns Ambassador Smith voiced 5 years ago in the face of evidence the Saudis were targeting civilians in an effort to “bring them to their knees.”

As the most active user of military UAS, and as an increasing number of nations are acquiring and employing UASs to support a range of missions, the United States has an interest in ensuring that these systems are used lawfully and responsibly. Accordingly, under the new UAS export policy, the United States will require recipients of U.S.-origin military UAS to agree to the following principles guiding proper use before the United States will authorize any sales or transfers of military UASs:

  • Recipients are to use these systems in accordance with international law, including international humanitarian law and international human rights law, as applicable;
  • Armed and other advanced UAS are to be used in operations involving the use of force only when there is a lawful basis for use of force under international law, such as national self-defense;
  • Recipients are not to use military UAS to conduct unlawful surveillance or use unlawful force against their domestic populations; and
  • As appropriate, recipients shall provide UAS operators technical and doctrinal training on the use of these systems to reduce the risk of unintended injury or damage.

Compare those guidelines with the assessment Ambassador Smith conducted 5 years ago to clear the Saudis for increased sharing of satellite data.

¶2. (S/NF) Ambassador Smith delivered points in reftel to Prince Khaled on February 6, 2010. The Ambassador highlighted USG concerns about providing Saudi Arabia with satellite imagery of the Yemen border area absent greater certainty that Saudi Arabia was and would remain fully in compliance with the laws of armed conflict during the conduct of military operations, particularly regarding attacks on civilian targets. The Ambassador noted the USG’s specific concern about an apparent Saudi air strike on a building that the U.S. believed to be a Yemeni medical clinic. The Ambassador showed Prince Khaled a satellite image of the bomb-damaged building in question.


¶6. (S/NF) Prince Khaled, in addressing the Ambassador’s concerns about possible targeting of civilian sites appeared neither defensive nor evasive. He was unequivocal in his assurance that Saudi military operations had been and would continue to be conducted with priority to avoiding civilian casualties. The Ambassador found this assurance credible, all the more so in light of Prince Khaled’s acknowledgment that mistakes likely happened during the strikes against Houthi targets, of the inability of the Saudi Air Force to operate with adequate precision, and the unreliability of Yemeni targeting recommendations. Based on these assurances, the Ambassador has approved, as authorized in reftel, the provision of USG imagery of the Yemeni border area to the Saudi Government. While the fighting with the Houthis appears to be drawing to a close, the imagery will be of continuing value to the Saudi military to monitor and prevent Houthi incursions across the border as well as enhancing Saudi capabilities against Al-Qaeda activities in this area.

Call me crazy, but given Prince Khalid’s determination to bring the Houthis to their knees, I’m unimpressed with Ambassador’s Smith assessment that the Saudis were adequately protecting civilians (indeed, some of our most catastrophic strikes in Yemen appear to have relied on Saudi intelligence).

Nothing has changed in the interim 5 years — beyond even more tolerance for Saudi repression amid the rise of an Islamic State for which KSA has been an ideological fount.

I assume the Saudis will be among the first that get approved for a set of drones. Hell, they’ve surely got practice in using them at the Saudi drone base, and they already have their base from which to target the Houthis.

The question is whether that will do anything for Yemen, or even for US interests.

Aside from the drone manufacturers, of course.

What if US Government Had Not Demanded We “Drop It” on Maliki’s Corruption in 2010?

The other day, Marc Lynch wrote a piece posing these questions about the ISIS advance in Iraq.

The more interesting questions are about Iraq itself. Why are these cities falling virtually without a fight? Why are so many Iraqi Sunnis seemingly pleased to welcome the takeover from the Iraqi government by a truly extremist group with which they have a long, violent history? Why are Iraqi Sunni political factions and armed groups, which previously fought against al-Qaeda in Iraq, now seemingly cooperating with ISIS? Why is the Iraqi military dissolving rather than fighting to hold its territory? How can the United States help the Iraqi government fight ISIS without simply enabling Prime Minister Nouri al-Maliki’s authoritarianism and sectarianism?

The most important answers lie inside Iraqi politics. Maliki lost Sunni Iraq through his sectarian and authoritarian policies. His repeated refusal over long years to strike an urgently needed political accord with the Sunni minority, his construction of corrupt, ineffective and sectarian state institutions, and his heavy-handed military repression in those areas are thekey factors in the long-developing disintegration of Iraq.

President Obama alluded similarly to Maliki’s failures in the comments he just made (will update when the transcript becomes available).

One challenge the US is facing as it tries to prevent the complete disintegration of the Middle East is that Nuri al-Maliki, long our (forced) partner in governing Iraq, has chosen the path of corruption and repression. Maliki largely enabled the assault in Iraq.

On February 28, 2013, Chelsea Manning made a statement before her providence inquiry. As part of that, she explained why she leaked details of the abusive crackdowns by the Iraqi Federal Police.

On 27 February 2010, a report was received from a subordinate battalion. The report described an event in which the FP detained fifteen (15) individuals for printing “anti-Iraqi literature.” By 2 March 2010, I received instructions from an S3 section officer in the 2-10BCT Tactical Operations Center to investigate the matter, and figure out who these “bad guys” were, and how significant this event was for the FP.

Over the course of my research, I found that none of the individuals had previous ties with anti-Iraqi actions or suspected terrorist or militia groups. A few hours later, I received several photos from the scene from the subordinate battalion.


I printed a blown up copy of the high-resolution photo, and laminated it for ease of storage and transfer. I then walked to the TOC and delivered the laminated copy to our category 2 interpreter. She reviewed the information and about a half-hour later delivered a rough written transcript in English to the S2 section.

I read the transcript, and followed up with her, asking for her take on its contents. She said it was easy for her to transcribe verbatim since I blew up the photograph and laminated it. She said the general nature of the document was benign. The documentation, as I assessed as well, was merely a scholarly critique of the then-current Iraqi Prime Minister, Nouri al-Maliki. It detailed corruption within the cabinet of al-Maliki’s government, and the financial impact of this corruption on the Iraqi people.

After discovering this discrepancy between FP’s report, and the interpreter’s transcript, I forwarded this discovery, in person to the TO OIC and Battle NCOIC.

The TOC OIC and, the overhearing Battlecaptain, informed me they didn’t need or want to know this information any more. They told me to “drop it” and to just assist them and the FP in finding out where more of these print shops creating “anti-Iraqi literature” might be. I couldn’t believe what I heard, (24-25)

Manning, we’ve been told over and over again, was not a whistleblower. Because, I guess, Maliki’s corruption and repression were not a problem in 2010?

Those Cable Landings Chelsea Manning Didn’t Leak

Oman Cable LandingsYesterday, The Register published what it claims is the story that led GCHQ to destroy the Guardian’s hard drives: the location of a key GCHQ base in the Middle East and its relationships with British Telecom and Vodaphone.

While the BT/Vodaphone details are worth clicking through to read, I’m particularly interested in the focus on the base in Oman. (See an interactive map of the cable landings here.)

The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen.

British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.

The Brits would have you believe — and I have no reason to doubt them — that this cable landing in Oman is one of the key points in their surveillance infrastructure.

I raise this because of a cable listing the globe’s critical infrastructure — and fearmongering surrounding it — that Chelsea Manning leaked to Wikileaks. As I noted at the time, while the cable lists a slew of cable landings as critical infrastructure sites — including the Hibernia Atlantic undersea cable landing in Dublin, which gets mentioned in the Register story — it does not list a single cable landing site in the Middle East.


Bab al-Mendeb: Shipping lane is a critical supply chain node

‘Ayn Sukhnah-SuMEd Receiving Import Terminal
‘Sidi Kurayr-SuMed Offloading Export Terminal
Suez Canal

Strait of Hormuz
Khark (Kharg) Island Sea Island Export Terminal
Khark Island T-Jetty

Al-Basrah Oil Terminal

Rafael Ordnance Systems Division, Haifa, Israel: Critical to Sensor Fused Weapons (SFW), Wind Corrected Munitions Dispensers (WCMD), Tail Kits, and batteries

Mina’ al Ahmadi Export Terminal

Strait of Gibraltar
Maghreb-Europe (GME) gas pipeline, Morocco

Strait of Hormuz

Ras Laffan Industrial Center: By 2012 Qatar will be the largest source of imported LNG to U.S.

Saudi Arabia:
Abqaiq Processing Center: Largest crude oil processing and stabilization plant in the world
Al Ju’aymah Export Terminal: Part of the Ras Tanura complex
As Saffaniyah Processing Center
Qatif Pipeline Junction
Ras at Tanaqib Processing Center
Ras Tanura Export Terminal
Shaybah Central Gas-oil Separation Plant

Trans-Med Gas Pipeline

United Arab Emirates (UAE):
Das Island Export Terminal
Jabal Zannah Export Terminal
Strait of Hormuz

Bab al-Mendeb: Shipping lane is a critical supply chain node

Note, Bahamas’ telecom, which recent reporting has also noted is critical to NSA’s spying, also gets no mention.

That’s not surprising in the least. The cable (and the list) is classified Secret. NSA and GCHQ’s prime collection points are (as the Register notes) classified several levels above Top Secret.

And while the list provided some indication of what sites were significant by their absence, it’s likely that the sites that were listed were the relatively unimportant sites.

At trial, Manning’s lawyers repeatedly point out that she had chosen not to leak stuff from JWICS, which would be classified at a higher level. The stuff she leaked, which she got on SIPRNET, was by definition less sensitive stuff.

I don’t mean to suggest this reflects on the relative value of what either Edward Snowden or Chelsea Manning leaked. I think it is a good indication, though, of how unfounded a lot of the fear mongering surrounding this particular leaked cable was.

Why Can’t Jason Leopold Have the Information Mike Rogers Already Leaked, and in Less Than Four Months?

131218 Snowden Report
Noted FOIA terrorist Jason Leopold liberated a copy of the Defense Intelligence Agency’s damage assessment about Edward Snowden’s leaks (story, document).

The report, as anticipated, doesn’t appear to talk about actual damage DOD has suffered. Instead, it appears to talk about the damage that might happen if the information that has been “compromised” (that is, accessed by Snowden’s scraper) actually gets released.

But we can’t really tell because the report is heavily redacted (the screen shot here and the top of the first page is the most intact section of the report).

Which is odd, given that — as Shane Harris reported in January (and I noted here) — the Administration declassified some of this report so it could be leaked to discredit Snowden.

A congressional staffer who is familiar with the report’s findings said that the lawmakers chose to make some of its contents public in order to counter what they see as a false impression of Snowden as a principled whistleblower who disclosed abuses of power.

“Snowden has been made out by some people to be a hero. What we need to do is really look at the effect of his leaks and see that what he’s done is really harm our country and put citizens at risk. The purpose [of releasing some findings] is to clear the record and show that he’s not a hero,” the staffer told Foreign Policy.

The staffer said that the administration approved the information that the lawmakers disclosed in advance.

Which makes the timing of this even weirder. It took the Administration no more than 23 days to provide the report to Mike Rogers and Dutch Ruppersberger and then approve the language they went on to blab.

But it has taken DOD around 4 months — and  a lawsuit — for Leopold to get what little he got.

And, as he mentions in his story, he hasn’t even gotten the information that must be among the information okayed for blabbing

Here’s the information (italicized) that must have been okayed for blabbing.

A Pentagon review has concluded that the disclosure of classified documents taken by former NSA contractor Edward Snowden could “gravely impact” America’s national security and risk the lives of U.S. military personnel, and that leaks to journalists have already revealed sources and methods of intelligence operations to America’s adversaries. At least, that’s how two members of Congress who have read the classified report are characterizing its findings. But the lawmakers — who are working in coordination with the Obama administration and are trying to counter the narrative that Snowden is a heroic whistleblower — offered no specific examples to substantiate their claims.

In harsh language that all but accused Snowden of treason, the top members of the House Intelligence Committee said the report shows that Snowden downloaded “1.7 million intelligence files,” which they described as “the single largest theft of secrets in the history of the United States.”

While the phrase “will have a GRAVE impact on U.S. national defense” [caps original] is unredacted in the report, neither the number — 1.7 million intelligence files” — nor the superlative claim — “the single largest theft of secrets in the history of the US” — appears unredacted in Leopold’s version of the report.

That is, either Rogers and Ruppersberger made that shit up. Or the Obama Administration is selectively declassifying again.

And taking their sweet time to do so.

DOJ Continues Its “Multi-Subject” Investigation of WikiLeaks

As I noted some weeks ago, the judge in EPIC’s FOIA for materials on the investigation into supporters of WikiLeaks asked for an update. The government provided that update last night.

It said it still must withhold all documents responsive to EPIC’s FOIA because two investigations pertaining to WikiLeaks are ongoing: Chelsea Manning’s appeal, and the investigation into WikiLeaks proper.

There are at least two separate categories of “enforcement proceedings” relevant to defendants’ Exemption 7(A) analysis, and those two separate categories of law enforcement proceedings are progressing on different tracks. One set consists of those enforcement proceedings directly related to the military prosecution of Army Pfc. Manning, which falls within the jurisdiction of the Department of Defense (“DoD”). Since this case was originally briefed, Manning was tried and convicted by a military court, as noted above. The court-martial remains ongoing, in the appellate phase.

The second type of enforcement proceeding, generally, is the DOJ’s civilian criminal/national security investigation(s) into the unauthorized disclosure of classified information that was published on the WikiLeaks website. The investigation of the unauthorized disclosure is a multi-subject investigation and is still active and ongoing. While there have been developments in the investigation over the last year, the investigation generally remains at the investigative stage. It is this second category of enforcement proceeding that is actually more central to defendants’ Exemption 7(A) withholdings in this case.

Note, DOJ says the investigation is “multi-subject.” Further, it describes it as an “civilian criminal/national security” investigation. It’s worth noting that the sealed declaration providing more detail on the investigation comes from Mark Bradley, in DOJ’s National Security Division, not from FBI. (I take my observation that the sealed declaration is from Bradley back: the motion is inconsistent on whom the sealed declaration is from. While the table on page 4 lists Bradley, it says the declaration is from FBI. The reference to a fourth declaration from David Hardy on page 9 suggests the declaration is from him.)

I’ll have a bit more to say about this later.

Update: One more observation: the description says there are “at least two” separate categories, suggesting there may be still another investigative matter.

1 2 3 24
Emptywheel Twitterverse
emptywheel Shedd's hysterical attack on PPD-28 would be more credible if ODNI were complying w/reporting reqts he complains abt
emptywheel @Kwesi_Booker Brievik was radicalized in part by reading propaganda produced here.
emptywheel RT @michaelwhitney: being exposed to DCCC emails makes democratic supporters less likely to support other organizations. that is fact.
emptywheel Just for kicks Norway should tell Americans they need a visa bc US is a safe haven for right wing terrorists.
emptywheel @dandrezner You're an academic, silly. You're supposed to write a 50 page article that is too dense to read.
emptywheel @mmasnick Nuh uh. Because DOJ never mixes up and/or loses track of its databases at all. @ryanjreilly
JimWhiteGNV Frustrated Gunman Can’t Believe How Far He Has To Drive To Find Nearest Planned Parenthood Clinic via @theonion
emptywheel RT @ryanjreilly: The FBI’s new eFOIA system, in beta, requires users to upload photo ID. #FOIA
emptywheel @theurbansherpa @BreeBartonYA Wouldn't that be a "backyard bonfire reading"?
emptywheel @theurbansherpa You're going to read your backyard? Is it interesting? @BreeBartonYA
emptywheel Reup: Among the things FBI has been hiding w/11-year gag order is that it requests home AND work numbers w/NSLs.
bmaz @_JGR first I heard of intent to GJ it.
November 2015
« Oct