Sadly, even in discussions of the potential that the DNC hack-plus-publication amounts to tampering with US elections, few seem to understand that evidence at least suggests that Wikileaks — not its allegedly Russian source — determined the timing of the release to coincide with the Democratic National Convention. Guccifer 2, at least, was aiming to get files out earlier than Wikileaks dumped them. So if someone is tampering, it is Julian Assange who, I’ve noted, has his own long-standing gripes with Hillary Clinton (though he disclaims any interest in doing her harm). If his source is Russia, that may just mean they had mutual interest in the publication of the files; but Assange claims to have determined the timing.
Since Wikileak’s role in the leak has been downplayed even as Assange has made the media rounds, since the nation’s spooks claim that publishing these documents is what makes it different, I want to consider this exchange Assange had with Chuck Todd:
All right. Let me ask you this. Do you, without revealing your source on this, do you accept information and leaked documents from foreign governments?
Well, our publishing model means that what we publish is guaranteed to be true. That’s what we’re concerned about. That’s what our readers are concerned about. That’s the right of the general public, to not–
Does that not trouble you at all, if a foreign government is trying to meddle in the affairs of another foreign government?
Well, it’s an interesting speculative question that’s for the press and others to perhaps–
That doesn’t bother you? That is not part of the WikiLeaks credo?
Well, it’s a meta story. If you’re asking would we accept information from U.S. intelligence that we had verified to be completely accurate, and would we publish that, and would we protect our sources in U.S. intelligence, the answer is yes, of course we would. [my emphasis]
Sure, at one level this is typical Assange redirection. When Todd asked if he’d accept files from Russia, Assange instead answered that he would accept them from the United States.
But it may not be so farcical as it seems. Consider the case of the Syria Files Wikileaks posted in spring 2012, at the beginning of the time the US was engaging in covert operations in Syria. They contained embarrassing information on Bashar al-Assad, his wife, and close associates, as well as documents implicating western companies that had facilitated Assad’s repression. Even at the time, people asked if the files were a western intelligence pys-op, though they were explicitly sourced to various factions of Anonymous. Then, between Jeremy Hammond and Sabu’s sentencing processes, it became clear that in January 2012, the latter identified targets for Anonymous hackers, targets that include the Syrian government.
An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.
Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.
The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.
What’s not known (as multiple reports say is still not known about the DNC hack) is whether the specific files the Sabu-directed Anonymous hackers obtained were the same ones that Wikileaks came to publish, though the timing certainly works out. It’s a very distinct possibility. In which case Assange’s comment may be more than redirection, but instead a reminder that Wikileaks has played the analogous role in US-directed hack-and-publish operation, one designed to damage Assad and his western allies. If those documents did ultimately come via FBI direction of Sabu, then Assange might be warning US spooks that their own similar actions could be exposed if he were asked to reveal more about any Russian role in the DNC hack.
Actually, let me make that three data points. Or maybe four.
First, Reuters has reported that the DCCC has also been hacked, with the hacker apparently believed to be the same entity (APT28, also believed to be GRU). The hackers created a spoof version of ActBlue, which donors use to give money to campaigns.
The intrusion at the group could have begun as recently as June, two of the sources told Reuters.
That was when a bogus website was registered with a name closely resembling that of a main donation site connected to the DCCC. For some time, internet traffic associated with donations that was supposed to go to a company that processes campaign donations instead went to the bogus site, two sources said.
The sources said the Internet Protocol address of the spurious site resembled one used by Russian government-linked hackers suspected in the breach of the DNC, the body that sets strategy and raises money for the Democratic Party nationwide.
That would mean hackers were after either the donations themselves, the information donors have to provide (personal details including employer and credit card or other payment information), or possibly the bundling information tied to ActBlue.
Second, Joe Uchill, who wrote one of the stories — on two corrupt donors to the Democratic Party — that preceded both publication at the Guccifer 2 site and Wikileaks, said Guccifer gave him the files for the story because Wikileaks was dawdling in publishing what they had.
Guccifer posted some of the documents Uchill used here.
This detail is important because it says Julian Assange is setting the agenda (and possibly, the decision to fully dox DNC donors) for the Wikileaks release, and that agenda does not perfectly coincide with Guccifer’s (which is presumed to be a cut-out for GRU).
As I’ve noted, Wikileaks has its own beef with Hillary Clinton, independent of whom Vladimir Putin might prefer as President or any other possible motive for Russia to do this hack.
Now consider this bizarre feature of several high level leak based stories on the hack: the claim of uncertainty about how the files got from the hackers to Wikileaks. This claim, from NYT, seems bizarrely stupid, as Guccifer and Wikileaks have both said the former gave the latter the files.
The emails were released by WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service
The claim seems less stupid when you consider these two cryptic comments from two equally high level sourced piece from WaPo. In a story on FBI’s certainty Russia did the hack(s), Ellen Nakashima describes that the FBI is less certain that Russia passed the files to Wikileaks.
What is at issue now is whether Russian officials directed the leak of DNC material to the anti-secrecy group WikiLeaks — a possibility that burst to the fore on the eve of the Democratic National Convention with the release of 20,000 DNC emails, many of them deeply embarrassing for party leaders.
The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.
“We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none,” said one U.S. official. Doing so will be a challenge, in part because the material may not have been passed electronically. [my emphasis]
The claim appears this way in a more recent report.
The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.
The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.
Now, the doubts about whether the files were passed electronically is thoroughly fascinating. I assume the NSA has Assange — and potentially even the Wikileaks drop — wired up about 100 different ways, so the questions about whether the files were passed electronically may indicate that they didn’t see them get passed in such a fashion.
Add in the question of whether they’re even the same emails! We know the DCCC hack is targeting donor information. The Wikileaks release included far more than that. Which raises the possibility GRU is only after donor information (which is part of, but just one part of, what Guccifer has released).
But then there’s this detail. On June 17, Wikileaks released an insurance file — a file that will be automatically decrypted if Wikileaks is somehow impeded from releasing the rest of the files. It has been assumed that the contents of that file are just the emails that were already released, but that is almost certainly not the case. After all, Wikileaks has already released further documents (some thoroughly uninteresting voice mails that nevertheless further impinge on the privacy of DNC staffers). They have promised still more, files they claim will be more damaging.
Indeed, Wikileaks claims there’s enough in what they have to indict Hillary, though such claims should always be taken with a grain of salt. Correction: That appears to have been a misunderstanding about what Assange said about the previously released State emails.
But here’s the other question.
There’s no public discussion of Ecuador booting Assange from their Embassy closet (though I’m sure they’re pretty tired of hosting him). His position — and even that of Wikileaks generally — seems pretty stable.
So why does Assange believe they need an insurance file? I don’t even remember the last time they issued an insurance file (update: I think it was when they released an insurance file of Chelsea Manning’s documents). So is there someone else in the process that needs an insurance file? Is there someone else in the process that would use the threat of full publication of the files (which presumably is going to happen anyway) to ensure safety?
I’ll leave that question there.
That said, these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers. But the FBI isn’t even certain whether the files the Russians took are the same that Wikileaks released, which might suggest a third party.
Meanwhile, James Clapper (who thankfully is willing to poo poo claims that hacks that we ourselves do are unique) seems very interested in limiting the panic about this hack.
Update: Oh! I forgot this fifth data point. This absolutely delightful take-down of Debbie Wasserman Schultz includes this claim that Wikileaks has malware in its site, which I’ve asked around and doesn’t seem to be true.
Staff members were briefed in a Tuesday afternoon meeting in Washington that their personal data was part of the hack, as were Social Security numbers and other information for donors, according to people who attended. Don’t search WikiLeaks, they were told — malware is embedded throughout the site, and they’re looking for more data.
Who told the DNC Wikileaks is releasing malware, and why?
Update: here’s what the malware claim is about: When it posted the “AKP emails,” WL either added or did not remove a bunch of malware included in those emails, and as a result, that malware is still posted at the site. That is, the malware is associated with a separate set of documents available at the site.
Since yesterday, both Jack Goldsmith and Peter Singer have had offered some interesting perspective on the alleged Russian hack of the DNC.
Singer had a bit of a Twitter rant.
His linked (recent) Oversight testimony which discussed how much more complex cyber deterrence is than Cold War nuclear deterrence is.
For his part, Goldsmith first considered what was old and new in the hack, finding the only real new thing was releasing the emails.
While there is nothing new in one nation using its intelligence services to try to influence an election in another, doing so by hacking into a political party’s computers and releasing their emails does seem somewhat new.
He then dismissed the notion — floated elsewhere — that this amounts to cyberwar while implying that the US has to get far better at defending our own networks and systems.
How seriously do you think the government takes issues of cyberwarfare? Do you feel confident about our defensive capabilities and competence?
“Cyberwar” is a misleading term—the Russian hack, if it is that, is not an act of war, at least not by traditional standards. It is closer to an intelligence operation with the twist of a damaging publication of the stolen information. That said, the U.S. government takes all major cyberoperations against it and its major public and private institutions very seriously. My confidence about our defensive capabilities and competence depends on what institutions you are talking about. Today, some components of the government (e.g. the Defense Department) do better than others (e.g. the Office of Personnel Management, which recently suffered an very damaging hack). And private sector defenses, even of important critical infrastructure networks, are a very mixed bag. The scale of the challenge is enormous, and offense has many advantages over defense. I don’t know anyone who is sanguine about our defensive capabilities overall.
Then he went on a Twitter rant directed at the hand-wringing about how unusual this is.
1/ In assessing the DNC hack, remember that USG is no innocent when it comes to infiltrating foreign computer networks.
2/ The cyber-attack on Iranian nuclear centrifuges was one of the most consequential in history.
3/ USG openly & aggressively supports technologies that weaken foreign gov’t control over networks.
6/ It’s also well known that US has in past used covert ops to influence foreign elections.
7/ Current U.S. cyber-espionage almost certainly extends to political organizations in adversary states.
11/ The point is that USG plays rough in cyberspace, and should expect others to do so as well.
12/ And yet USG seems perpetually unprepared. DNC hack is tiny tip of iceberg of possible electoral disruptions via cyber.
In short, both think this is something other than cyberwar, but view the importance of it differently (even while both provide suggestions for a policy framework to respond), particularly the uniqueness of the perceived sabotage of the election. But their discussion (along with virtually everyone else’s) has pitched this as a two-front question, us against Russia, though Singer’s testimony has a lot of discussion about how much more complexity there is to this issue, including the non-state actors who might be involved.
After having dismissed the unthinking equation of 2 intelligence hacks = Guccifer = Russia = WikiLeaks = Russia story, I want to return to it to complicate matters somewhat, to talk about Wikileaks role whether or not it cooperated with Russia on this. First, what follows is in no way meant to be a defense of Wikileaks’ action here, which included the inclusion of credit card and social security information in the dump.
Particularly against the background of what it recently did with Turkish documents: in the guise of releasing a bunch of Erdogan documents, it also dumped voting information on most women in Turkey, including whether or not they were members of Erdogan’s AKP.
WikiLeaks also posted links on social media to its millions of followers via multiple channels to a set of leaked massive databases containing sensitive and private information of millions of ordinary people, including a special database of almost all adult women in Turkey.
Yes — this “leak” actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers. If these women are members of Erdogan’s ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practicing a range of basic rights and accessing services. The Istanbul file alone contains more than a million women’s private information, and there are 79 files, with most including information of many hundreds of thousands of women.
[snip] Another file appears to contain sensitive information, including Turkish citizenship IDs of what appears to be millions of AKP members, listed as active or deceased. Yet another file contains the full names, citizenship IDs and cellphone numbers of hundreds of thousands of AKP election monitors — the most active members of the party. As Zeynep Tufekci points out, in the wake of the failed coup and Erdogan’s retaliation, this has the possibility of endangering a great number of people. She blames the dump on Wikileaks’ failure to work with locals, who could have explained that the emails themselves were virtually worthless. Perhaps. Perhaps Wikileaks served as someone else’s useful idiots — or even, if you believe there’s something more deliberate behind the coup and counter-coup, perhaps Wikileaks played a more active role. So Wikileaks has done two things that were egregious and damaging. I do not defend that. I condemn it (and the sloppy journalism that enabled it).
Update: see this post on where the Turkey files came from, which came from Phineas Fisher; it wasn’t Wikileaks.
But I want to consider how different its role is with the target of this leak — Hillary Clinton (and Democrats more generally) — and Turkey.
Most of the discussion about the where and whyfor of the leak assumes it is all about Russia’s interest (assuming, of course, that this was a Russian state hack). But consider why Wikileaks might want to leak in this way and at this time.
Hillary was, of course, Secretary of State when Wikileaks leaked the State department cables and pushed aggressively for Chelsea Manning’s prosecution (as Charlie Savage wrote in a piece published just before I finished this, this is a point Assange made when he discussed the emails 6 weeks ago). She has, since then, been found to treat information claimed to be far more sensitive in careless fashion (as has the State Department generally).
Very importantly, State worked closely with DOJ as it investigated Wikileaks. There is very good reason to believe that as part of that investigation, DOJ mapped out Wikileaks’ supporters and, possibly, financial contributors — that is, precisely the kind of people, to the DNC, that Wikileaks just doxxed. That’s arguably a violation of Section 215, which includes First Amendment protections.
We also know that GCHQ was (at least as a SIGDEV research project, but those often serve to conduct surveillance that wouldn’t really fly within other legal guidelines) collecting log files of people who visit Wikileaks.
We know that under pressure from the US government, traditional funding sources stopped taking donations for Wikileaks. I’ve seen hints of some legally dubious action that may be worse, as well. In addition, in 2012, the FBI considered Bitcoin donations to Wikileaks among the many nefarious things one could do with Bitcoin.
Love or hate Wikileaks, but it — and its political and financial supporters — were tracked. Its sources of funding were cut off. And then the government realized that Wikileaks (at that point, at least) was engaging in what a lot of media outlets also do and conceded it couldn’t charge Assange for those activities.
Now I’m not trying to say two wrongs make a right — that because FBI collected data implicating innocent supporters of Wikileaks, it is okay for Julian Assange to dox all the DNC’s supporters.
Rather, I’m trying to raise this in the context of the issues that Singer and Goldsmith lay out. Whether Wikileaks cooperated with Russia (if Russia did the hack) or not, it is a key player in this leak. Even if Russia did this to help Trump, Assange executed the leaks to maximal damage to Hillary (and I suspect Wikileaks will continue to do more damage with further leaks). What does this say about issues of retaliation against non-state actors working with the sphere of state actors, as people consider information war in the era of cyber?
I don’t know the answer to that, but as we raise the question, those issues need to be addressed as readily as the state actor question. The way this rolls out may be as much a question of a non-state actor retaliating against a political figure as it is a state actor trying to elect its preferred candidate.
In Salon, I’ve got my take on the hack of John Brennan’s AOL account by a 13-year old stoner.
While I think it sucks that WikiLeaks posted unredacted data on Brennan’s family, I’m not at all sympathetic to Brennan himself. After all he’s the guy who decided hacking his SSCI overseers would be appropriate. He’s one of the people who’ve been telling us we have no expectation of privacy in the kinds of data hackers obtained from Verizon — alternate phone number, account ID, password, and credit card information — for years.
But most of all, I think we should remember that Brennan left this data on an AOL server through his entire Obama Administration career, which includes 4 years of service as Homeland Security Czar, a position which bears key responsibility for cybersecurity.
Finally, this hack exposes the Director of the CIA exercising almost laughable operational security. The files appear to date from the period leading up to Brennan’s appointment as White House Homeland Security Czar, where a big part of Brennan’s job was to prevent hacks in this country. To think he was storing sensitive documents on an AOL server — AOL! — while in that role, really demonstrates how laughable are the practices of those who purport to be fighting hackers as the biggest threat to the country. For at least 6 years, the Homeland Security Czar, then the CIA Director — one of the key intelligence officials throughout the Obama Administration — left that stuff out there for some teenagers to steal.
Hacking is a serious problem in this country. Like Brennan, private individuals and corporations suffer serious damage when they get hacked (and the OPM hack of Brennan’s materials may be far more serious). Rather than really fixing the problem, the intelligence community is pushing to give corporations regulatory immunity in exchange for sharing information that won’t be all that useful.
A far more useful initial step in securing the country from really basic types of hacking would be for people like Brennan to stop acting in stupid ways, to stop leaving both their own and the public’s sensitive data in places where even stoned kids can obtain it, to provide a good object lesson in how to limit the data that might be available for malicious hackers to steal.
I would add, however, that there’s one more level of responsibility here.
As I noted in my piece, Brennan’s not the only one who got his security clearance application stolen recently. He is joined in that by 21 million other people, most of whom don’t have a key role in cybersecurity and counterintelligence. Most of those 21 million people haven’t even got official notice their very sensitive data got hacked by one of this country’s adversaries — not even those people who might be particularly targeted by China. Like Brennan, the families of those people have all been put at risk. Unlike Brennan, they didn’t get to choose to leave that data sitting on a server.
In fact, John Brennan and his colleagues have not yet put in place a counterintelligence plan to protect those 21 million people.
If it sucks that John Brennan’s kids got exposed by a hacker (and it does), then it sucks even more than people with far fewer protections and authority to fix things got exposed, as well.
John Brennan should focus on that, not on the 13 year old stoner who hacked his AOL account.
Yesterday, during the Q&A to his speech at INSA (which is where defense and intelligence contractors huddle with government paymasters), James Clapper conceded that Edward Snowden brought needed transparency but had also damaged operations. Rather than obliquely pointing to the exposure that Skype was no longer safe from surveillance, as he and his ilk normally do, Clapper pointed to what he claimed was a concrete example: what journalists have reported as revelations about full take cell phone content (SOMALGET or MYSTIC) leading to loss of access in Afghanistan.
After Clapper made the claim, a lot of reporters did what reporters do: they transcribed his comments uncritically. Lots of journalists did this, but here’s WaPo’s version from Ellen Nakashima:
One of the disclosures based on documents leaked by Edward Snowden, the former National Security Agency contractor, prompted the shutdown of a key intelligence program in Afghanistan, the nation’s top spy said Wednesday.
“It was the single most important source of force protection and warning for our people in Afghanistan,” Director of National Intelligence James R. Clapper Jr. said at an intelligence conference.
He was addressing a question about the impact of revelations by Snowden, whose leaks led to a global debate about the proper scope of U.S. surveillance at home and abroad.
Nakashima and other reporters assumed Clapper meant the MYSTIC/SOMALGET program, which Nakashima noted the WaPo first described (on March 18, 2014), followed by The Intercept two months later (on May 19, 2014), followed by WikiLeaks revealing Afghanistan as the target country several days later (on May 23, 2014). [Update: Note Cryptome correctly determined Afghanistan was the country on May 19, the day the Intercept published.]
Having laid all that out, however, Nakashima doesn’t quote the part of Clapper’s answer that would either discredit his description or reveal it’s something else. Here’s Ars Technica’s transcription of that part of it.
And programs that had a real impact on the security of American forces overseas, including one program in Afghanistan, “which he exposed and Glenn Greenwald wrote about, and the day after he wrote about it, the program was shut down by the government of Afghanistan,” Clapper noted.
If it’s the MYSTIC/SOMALGET program Clapper was really talking about, then his claim is self-refuting. Because either folks in Afghanistan recognized the program themselves back when WaPo wrote about it in March 2014, or probably didn’t until WikiLeaks confirmed they were the target. It wouldn’t have been Greenwald’s story, in which he withheld the information the government requested in any case.
For the moment, I’m going to assume that was the program, but let’s remember it might not be.
If so, consider what Clapper has done. As I mentioned, normally when people want to beat up Snowden, they point to his disclosure NSA had compromised Skype. But they never confirm that — they just mention it obliquely. Here, Clapper has confirmed the thing (actually just one of the things) that NSA had asked Greenwald to withhold. Given how vague WikiLeaks was about how they knew (after all, they’re not known to have the Snowden documents themselves), if this is MYSTIC/SOMALGET it seems that Clapper has definitively confirmed something that was at least of unknown provenance before.
Although, for reasons of source protection we cannot disclose how, WikiLeaks has confirmed that the identity of victim state is Afghanistan.
In other words, Clapper has confirmed something that hadn’t been confirmed before, precisely because the journalists involved had deferred to the government’s request not to publish it.
Or did he?
Clapper claimed “the program was shut down by the government of Afghanistan.”
Admittedly, the MYSTIC/SOMALGET disclosures came at an awkward time for US-Afghan relations. Hamid Karzai had been pushing back against night raids, prisoner transfers, and CIA militias. In part because the US wouldn’t cede Afghan sovereignty on such issues, Karzai was refusing to sign the Bilateral Security Agreement (raising the same kind of SOFA negotiation problems that forced us to withdraw troops from Iraq). Throughout this two month period, the election and run-off were going on.
So the disclosure that the US had compromised Afghanistan’s entire cell phone system — and implicitly, had copies of every cell call that Karzai and his potential replacements might make — would surely anger the Afghans, especially Karzai. Notably, two days after the WikiLeaks disclosure, Karzai refused to meet when President Obama made a surprise visit to the country on May 25, so (as shown by the White House image above) Obama called him from Air Force One instead.
But if that’s the case — if Afghanistan forced the US to shut down the full-take collection of cell phone content even as Obama was making surprise last minute visits (which may even have been an attempt to convince Karzai to reverse that decision) — then the fault lies not just, or even primarily, with Snowden. It lies with a long history of US refusal to cede to Afghanistan’s demands for some kind of functional sovereignty. This telecom disclosure may have been one more in a series of aggravations, but it was by no means the only one. Moreover, given that President Ghani’s relationship with the US is, thus far at least, far better than Karzai’s was at the time, it’s quite possible he has permitted the US to resume full-take collection.
James Clapper would be a lot more likely to confirm that Afghanistan had shut down NSA’s full-take collection if it had been resumed again under Karzai’s successor. Not least, because it would provide adversaries with false confidence the NSA didn’t have full take coverage.
Now consider this description of the Bahamian fallout from the equivalent disclosure. It shows that two parties were involved — the country’s telecom as well as the government. Indeed, all stories on this make it clear telecom providers are centrally involved in the collection program.
Moreover, the Intercept version of the story makes it quite clear they withheld not just the target country, but also the provider at the center of it.
The NSA documents don’t specify who is providing access in the Bahamas. But they do describe SOMALGET as an “umbrella term” for systems provided by a private firm, which is described elsewhere in the documents as a “MYSTIC access provider.” (The documents don’t name the firm, but rather refer to a cover name that The Intercept has agreed not to publish in response to a specific, credible concern that doing so could lead to violence.) Communications experts consulted by The Intercept say the descriptions in the documents suggest a company able to install lawful intercept equipment on phone networks.
And they withheld it for the same reason, because revealing it would lead to violence. That provider name has not been made public (though for a variety of reasons I think that’s the key secret here). Shutting down the system would have to involve, at a minimum, the Afghan government, this provider, plus Afghanistan’s multiple cell providers.
There are more reasons to believe Clapper’s story is bullshit. From the 2005 STELLAR WIND disclosures, which revealed the US was collecting all US-Afghanistan calls, to reports as early as 2008 that the Taliban were targeting cell providers because they recognized the security risk the networks posed, there is zero chance our adversaries in Afghanistan were unaware that the US had close to full dominance over the communications lines. There were also earlier Snowden disclosures — including Tempora, XKeyscore, and what sounded like transcripts obtained using a Stingray from a Afghan raid — that would have confirmed that view. The US is collecting close to everything from most countries where it remains at war, via a variety of overlapping means. There’s little about this disclosure in particular that added to the risk — but then, our adversaries had long been learning of our tactics and adjusting accordingly.
There is, then, the possibility it was one of these other disclosures Clapper was whining about — such as the potential Stingray one.
But if Clapper was talking about SOMALGET, and if it is true that the full-take collection got shut down, it means he and the government are blaming Snowden for long-term mismanagement of the Afghan relationship. It also may well mean that Ghani has let the US resume collection and Clapper’s public “confirmation” was designed — in addition to launching some unwarranted shots at Edward Snowden — to create the false impression the collection remains inactive.
James Clapper is a confirmed liar. Even setting aside his lies to Congress, it is his job to lie to adversaries. While that doesn’t mean journalists shouldn’t report what he says, there’s a great deal of context that should accompany such transcriptions.
In its latest release on the individual intercepts the NSA collected on top German officials, WikiLeaks revealed that Foreign Minister Frank-Walter Steinmeier had been a priority 2 target in NSA’s monitoring of German political affairs.
The actual intercept released with today’s list of targets pertains to Steinmeier’s first visit to DC as Foreign Minister in November 2005.
The intercept described how Steinmeier was pleased to have gotten a non-committal answer from Condi Rice when he asked her whether the CIA had run rendition flights through Germany.
(TS//SI//NF) New German Foreign Minister Pleased With First Official Visit to Washington
(TS//SI//NF) Frank-Walter Steinmeier seemed pleased on 29 November with the results of his first visit to Washington as the new German Foreign Minister. Steinmeier described the mood during his talks with U.S. officials as very good, but feared that the most difficult part was still ahead. He seemed relieved that he had not received any definitive response from the U.S. Secretary of State regarding press reports of CIA flights through Germany to secret prisons in eastern Europe allegedly used for interrogating terrorism suspects. Steinmeier remarked that Washington is placing great hope in his country’s new government. In this connection, he is looking for areas where bilateral cooperation can be strengthened and is considering the southern Caucasus as one possible area.
This would have been of particular concern for Steinmeier as he was Chief of Staff in German’s Chancellery, in charge of intelligence. If German intelligence did know about the flights, he would be complicit. So he might be particularly happy to report that the US — that Condi Rice — was officially giving a non-answer to the question of whether or not the CIA was using Germany as a base for its kidnapping flights.
Better to officially not know.
Now, I actually am not at all troubled that NSA is wiretapping foreign officials. They’re surely doing the same to our equivalents. So while I’m interested in what these WikiLeak releases say about our NSA activities, I’m not critical of these activities.
But I am interested that Steinmeier was wiretapped for this reason.
As a State cable released by WikiLeaks back in 2010 showed, in 2007, Steinmeier and Condi met to discuss the recent arrest warrants issued by a German court. Steinmeier came out of the meeting and said publicly that Condi had told him she and the US would have no problem with the issue of arrest warrants for 13 US agents. After Steinmeier created that impression in the press, the Deputy Chief of the Mission to Germany corrected that impression, making it clear that the US had a very big problem with the planned arrest of its agents for kidnapping.
Just as the German prosecutor issued arrest warrants for 13 CIA personnel, Condi Rice and Germany’s Foreign Minister Frank-Walter Steinmeier met in DC for a discussion of Mideast peace efforts. After they met, Steinmeier told the German press that Condi had assured him that the arrest warrants wouldn’t affect German-US relations.
Steinmeier told the Welt am Sonntag newspaper that he had raised the issue with US Secretary of State Condoleezza Rice, who “assured me there would be no negative impact on German-American relations.”
Steinmeier, whose remarks were released a day ahead of publication on Sunday, said he told Rice the warrants could only be served in Germany at present, but the government expected the court to issue international warrants at some stage.
The cable describes a February 6, 2007 meeting in which the Deputy Chief of Mission of the US Embassy in Germany, John Koenig, “corrected” the impression that Steinmeier had gotten from his meeting with Condi the week before.
In a February 6 discussion with German Deputy National Security Adviser Rolf Nikel, the DCM reiterated our strong concerns about the possible issuance of international arrest warrants in the al-Masri case. The DCM noted that the reports in the German media of the discussion on the issue between the Secretary and FM Steinmeier in Washington were not accurate, in that the media reports suggest the USG was not troubled by developments in the al-Masri case. The DCM emphasized that this was not the case and that issuance of international arrest warrants would have a negative impact on our bilateral relationship. He reminded Nikel of the repercussions to U.S.-Italian bilateral relations in the wake of a similar move by Italian authorities last year.
Koenig goes on to note that the government would have political problems in the US if the Germans issued the international arrest warrants.
The DCM pointed out that the USG would likewise have a difficult time in managing domestic political implications if international arrest warrants are issued.
[T]his was obviously a hastily called meeting in response to Steinmeier’s quotation of Condi’s assurances the warrantswouldn’t cause a problem. Note the specific language Koenig uses:
The DCM noted that the reports in the German media of the discussion on the issue between the Secretary and FM Steinmeier in Washington were not accurate, in that the media reports suggest the USG was not troubled by developments in the al-Masri case.
He’s not telling the Germans that Steinmeier was wrong, that he mis-quoted Condi. Rather, Koenig’s simply saying that the content–what Condi had said–was wrong.
While the cable makes it clear that Koenig was emphasizing the stance of the USG, it’s still not clear whether Condi just lied to Steinmeier about USG concern, using that as cover for the kidnapping that she, who was National Security Advisor during the kidnapping, would have been implicated in, or whether Steinmeier knowingly put disinformation into the press that State subordinates could correct in secret. That is, it’s not clear how knowingly Steinmeier served as a stooge in US disinformation that ultimately protected Condi.
But I do find the continuity of Steinmeier’s happiness about pretending there was no kidnapping going on in Germany to be notable. I also find it notable that Condi and her friends would have had very detailed understanding of Steinmeier’s opinions and activities from the interim period.
President Obama just issued an Executive Order that directs Department of Treasury to impose sanctions on people who engage in “significant malicious cyber-enabled activities.” The move has been reported as a means to use the same kind of sanctions against significant hackers as we currently used against terrorists, proliferators, drug cartels, and other organized crime.
Regardless of whether you think this will do any good to combat hacking, I have several concerns about this.
First, at one level, the EO targets those who “harm, or otherwise significantly compromis[e] the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector.” But remember, our definition of critical infrastructure is absurdly broad, including things like a Commercial Facilities sector that includes things like motion picture studios — which is how Sony Pictures came to be regarded as critical infrastructure — and even things like campgrounds.
And it’s actually not just critical infrastructure. It also targets people who “caus[e] a significant disruption to the availability of a computer” and those who “caus[e] a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.” I can envision how this EO might be ripe for abuse.
But it gets worse. The EO targets not just the hackers themselves, but also those who benefit from or materially support hacks. The targeting of those who are “responsible for or complicit in … the receipt or use for commercial or competitive advantage … by a commercial entity, outside the United States of trade secrets misappropriated through cyber-enabled means, … where the misappropriation of such trade secrets is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States” could be used to target journalism abroad. Does WikiLeaks’ publication of secret Trans-Pacific Partnership negotiations qualify? Does Guardian’s publication of contractors’ involvement in NSA hacking?
And the EO creates a “material support” category similar to the one that, in the terrorism context, has been ripe for abuse. Its targets include those who have “provided … material, or technological support for, or goods or services in support of” such significant hacks. Does that include encryption providers? Does it include other privacy protections?
Finally, I’m generally concerned about this EO because of the way National Emergencies have served as the justification for a lot of secret spying decisions. Just about every application to the FISC for some crazy interpretation of surveillance laws in the name of counterterrorism founds their justification neither in the September 17, 2001 Finding authorizing covert actions against al Qaeda nor the September 18, 2001 AUMF, but instead in President Bush’s declaration of a National Emergency on September 14, 2001. I’m not sure precisely why, but that’s what the Executive has long used to convince FISC that it should rubber stamp expansive interpretations of surveillance law. So I assume this declaration could be too.
In other words, the sanctions regime may well be the least of this EO.
The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)
In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.
2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.
I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.
In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.
First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:
As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.
Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.
I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.
Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.
All of which brings me to the remaining interesting subtext of this ruling.
Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.
While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)
Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).
In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.
Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.
Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.
In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.
I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.
Thanks to Chelsea Manning, we know that almost exactly five years ago, the US Ambassador to Saudi Arabia James Smith met with the then Assistant Minister for Defense Khalid bin Sultan about a disastrous Saudi air attack on a Houthi hospital on the Yemeni-Saudi border that killed a thousand people, many civilians. Prince Khalid used the American scolding not only to redouble his requests for US satellite assistance targeting Houthis — with more accuracy, Khalid suggested, the Saudis might kill fewer civilians — but also to ask for Predator drones.
IF WE HAD THE PREDATOR, THIS MIGHT NOT HAVE HAPPENED
¶3. (S/NF) Upon seeing the photograph, Prince Khalid remarked, “This looks familiar,” and added, “if we had the Predator, maybe we would not have this problem.” He noted that Saudi Air Force operations were necessarily being conducted without the desired degree of precision, and recalled that a clinic had been struck, based on information received from Yemen that it was being used as an operational base by the Houthis. Prince Khalid explained the Saudi approach to its fight with the Houthis, emphasizing that the Saudis had to hit the Houthis very hard in order to “bring them to their knees” and compel them to come to terms with the Yemeni government. “However,” he said, “we tried very hard not to hit civilian targets.” The Saudis had 130 deaths and the Yemenis lost as many as one thousand. “Obviously,” Prince Khaled observed, “some civilians died, though we wish that this did not happen.”
The attack on the hospital and the Saudi request for more war toys all took place amid assurances that the strikes on the Houthis would “bring them to their knees” which would in turn lead to a lasting ceasefire, which would free up Saudi attention to go after al Qaeda, the ostensible purpose for US intelligence cooperation in the first place.
In the interim five years, a few key developments have happened. Back in 2011, after JSOC couldn’t seem to get clean intelligence on Anwar al-Awlaki, the US built a drone base on the Saudi border that magically managed to find and kill the cleric within months.
More recently, Houthis have brought their fight to Sanaa and beyond, overthrowing the US and Gulf Cooperation Council selected President Abdo Rabi Mansour Hadi. In the wake of what the government has deemed (unlike Egypt) a coup, the US and most western governments have withdrawn embassy personnel, an action that will have little effect on their security but significant effect on the legitimacy of the Houthi-run government.
And now, just in time, the State Department has rolled out a framework under which the US will sell drones to our allies.
But don’t worry! State has included a bunch of rules that cover precisely the same concerns Ambassador Smith voiced 5 years ago in the face of evidence the Saudis were targeting civilians in an effort to “bring them to their knees.”
As the most active user of military UAS, and as an increasing number of nations are acquiring and employing UASs to support a range of missions, the United States has an interest in ensuring that these systems are used lawfully and responsibly. Accordingly, under the new UAS export policy, the United States will require recipients of U.S.-origin military UAS to agree to the following principles guiding proper use before the United States will authorize any sales or transfers of military UASs:
- Recipients are to use these systems in accordance with international law, including international humanitarian law and international human rights law, as applicable;
- Armed and other advanced UAS are to be used in operations involving the use of force only when there is a lawful basis for use of force under international law, such as national self-defense;
- Recipients are not to use military UAS to conduct unlawful surveillance or use unlawful force against their domestic populations; and
- As appropriate, recipients shall provide UAS operators technical and doctrinal training on the use of these systems to reduce the risk of unintended injury or damage.
Compare those guidelines with the assessment Ambassador Smith conducted 5 years ago to clear the Saudis for increased sharing of satellite data.
¶2. (S/NF) Ambassador Smith delivered points in reftel to Prince Khaled on February 6, 2010. The Ambassador highlighted USG concerns about providing Saudi Arabia with satellite imagery of the Yemen border area absent greater certainty that Saudi Arabia was and would remain fully in compliance with the laws of armed conflict during the conduct of military operations, particularly regarding attacks on civilian targets. The Ambassador noted the USG’s specific concern about an apparent Saudi air strike on a building that the U.S. believed to be a Yemeni medical clinic. The Ambassador showed Prince Khaled a satellite image of the bomb-damaged building in question.
¶6. (S/NF) Prince Khaled, in addressing the Ambassador’s concerns about possible targeting of civilian sites appeared neither defensive nor evasive. He was unequivocal in his assurance that Saudi military operations had been and would continue to be conducted with priority to avoiding civilian casualties. The Ambassador found this assurance credible, all the more so in light of Prince Khaled’s acknowledgment that mistakes likely happened during the strikes against Houthi targets, of the inability of the Saudi Air Force to operate with adequate precision, and the unreliability of Yemeni targeting recommendations. Based on these assurances, the Ambassador has approved, as authorized in reftel, the provision of USG imagery of the Yemeni border area to the Saudi Government. While the fighting with the Houthis appears to be drawing to a close, the imagery will be of continuing value to the Saudi military to monitor and prevent Houthi incursions across the border as well as enhancing Saudi capabilities against Al-Qaeda activities in this area.
Call me crazy, but given Prince Khalid’s determination to bring the Houthis to their knees, I’m unimpressed with Ambassador’s Smith assessment that the Saudis were adequately protecting civilians (indeed, some of our most catastrophic strikes in Yemen appear to have relied on Saudi intelligence).
Nothing has changed in the interim 5 years — beyond even more tolerance for Saudi repression amid the rise of an Islamic State for which KSA has been an ideological fount.
I assume the Saudis will be among the first that get approved for a set of drones. Hell, they’ve surely got practice in using them at the Saudi drone base, and they already have their base from which to target the Houthis.
The question is whether that will do anything for Yemen, or even for US interests.
Aside from the drone manufacturers, of course.
The other day, Marc Lynch wrote a piece posing these questions about the ISIS advance in Iraq.
The more interesting questions are about Iraq itself. Why are these cities falling virtually without a fight? Why are so many Iraqi Sunnis seemingly pleased to welcome the takeover from the Iraqi government by a truly extremist group with which they have a long, violent history? Why are Iraqi Sunni political factions and armed groups, which previously fought against al-Qaeda in Iraq, now seemingly cooperating with ISIS? Why is the Iraqi military dissolving rather than fighting to hold its territory? How can the United States help the Iraqi government fight ISIS without simply enabling Prime Minister Nouri al-Maliki’s authoritarianism and sectarianism?
The most important answers lie inside Iraqi politics. Maliki lost Sunni Iraq through his sectarian and authoritarian policies. His repeated refusal over long years to strike an urgently needed political accord with the Sunni minority, his construction of corrupt, ineffective and sectarian state institutions, and his heavy-handed military repression in those areas are thekey factors in the long-developing disintegration of Iraq.
President Obama alluded similarly to Maliki’s failures in the comments he just made (will update when the transcript becomes available).
One challenge the US is facing as it tries to prevent the complete disintegration of the Middle East is that Nuri al-Maliki, long our (forced) partner in governing Iraq, has chosen the path of corruption and repression. Maliki largely enabled the assault in Iraq.
On February 28, 2013, Chelsea Manning made a statement before her providence inquiry. As part of that, she explained why she leaked details of the abusive crackdowns by the Iraqi Federal Police.
On 27 February 2010, a report was received from a subordinate battalion. The report described an event in which the FP detained fifteen (15) individuals for printing “anti-Iraqi literature.” By 2 March 2010, I received instructions from an S3 section officer in the 2-10BCT Tactical Operations Center to investigate the matter, and figure out who these “bad guys” were, and how significant this event was for the FP.
Over the course of my research, I found that none of the individuals had previous ties with anti-Iraqi actions or suspected terrorist or militia groups. A few hours later, I received several photos from the scene from the subordinate battalion.
I printed a blown up copy of the high-resolution photo, and laminated it for ease of storage and transfer. I then walked to the TOC and delivered the laminated copy to our category 2 interpreter. She reviewed the information and about a half-hour later delivered a rough written transcript in English to the S2 section.
I read the transcript, and followed up with her, asking for her take on its contents. She said it was easy for her to transcribe verbatim since I blew up the photograph and laminated it. She said the general nature of the document was benign. The documentation, as I assessed as well, was merely a scholarly critique of the then-current Iraqi Prime Minister, Nouri al-Maliki. It detailed corruption within the cabinet of al-Maliki’s government, and the financial impact of this corruption on the Iraqi people.
After discovering this discrepancy between FP’s report, and the interpreter’s transcript, I forwarded this discovery, in person to the TO OIC and Battle NCOIC.
The TOC OIC and, the overhearing Battlecaptain, informed me they didn’t need or want to know this information any more. They told me to “drop it” and to just assist them and the FP in finding out where more of these print shops creating “anti-Iraqi literature” might be. I couldn’t believe what I heard, (24-25)
Manning, we’ve been told over and over again, was not a whistleblower. Because, I guess, Maliki’s corruption and repression were not a problem in 2010?