[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Hal Martin Sentencing Leaves All Questions Unanswered

Hal Martin was sentenced Friday. He received the nine years agreed upon as part of his plea agreement. But — as the many reports of his sentencing emphasize — closure on this case still doesn’t offer closure on the Shadow Brokers case. Of course the sentencing hasn’t solved the Shadow Brokers case, which has been true since Martin was charged in 2018 but was recently reiterated by AP.

But it also hasn’t provided much clarity on some of the other issues about this case. For example, his lawyer Jim Wyda seems to have confirmed that the cryptic DMs sent to some Kaspersky researchers in advance of the original Shadow Brokers release were his, denying that Martin intended the “Shelf life, three weeks,” DM to be an offer to sell the NSA’s exploits that would be offered for sale less than an hour later. [Note: this sentencing was difficult to cover remotely because the filings weren’t released in PACER, so I’m particularly grateful for other’s coverage, especiall this excellent CyberScoop story on it.]

Jim Wyda, Martin’s public defender, said Friday there was no indication Martin intended for any transaction to take place by that tweet.

I had noted that, given the lack of 2FA at the time of the DMs, hacking Martin’s Twitter account to send the DMs would have been child’s play, something an account claiming to be Shadow Brokers responded to fairly aggressively.

The government, however, offered no comment on those DMs. In response to Judge Richard Bennett’s reminder that the Tweets had been the subject of a Martin challenge to the warrants searching his house, prosecutor Zachary Myers refused to comment, even though classification wouldn’t prevent comment.

Bennett reminded U.S. attorneys of the tweet and the timeline on Friday in court. Assistant U.S. Attorney Zachary Myers said the U.S. government would not be commenting further than noting that the timeline is, indeed, in the facts of the case.

Then there’s the question of whether Martin was a hoarder or a thief. His attorneys insisted his collection of documents was an expression of mental health issues. But the government pointed to how organized it all was (which is hard to square with the descriptions of the chaos of his house from the time of the arrest).

“This is not a case of hoarding, this is stealing,” Myers said Friday at a federal court house in Baltimore. The stolen information “was not in a disorganized manner,” he said, adding what the government found was “logical” and “repetitive.”

Bennett noted Friday he had concerns about the case regarding whether Martin’s alleged hoarding problem, noting that for someone who is a hoarder, he seemed well organized.

Martin’s wife described to CBS how he had recognized his illness before his arrest, but was afraid that if he sought treatment, he would lose clearance and his job.

Mental illness may explain why parts of Martin’s statement expressing remorse make no sense. WaPo:

Martin spoke for about 20 minutes, his voice calm, soft and sometimes difficult to hear as he read nearly verbatim from a letter he’d written earlier this month to the judge.

He made clear that what he’d done was wrong.

“The manner and method of my approach was unorthodox, unconventional, uncanny,” he wrote. “But also unauthorized, illegal and just plain wrong. One step beyond black. Please do not copy this. It is not the easy or correct path. I took shortcuts, went backwards, sideways and around things, crossing major borders and boundaries. It is not good, it’s very, very BAD.”

NYT:

He stood in a striped jersey labeled “Inmate” and read for nearly 30 minutes a rambling statement apologizing to family, friends and his former colleagues at the N.S.A.

“I have been called a walking encyclopedia,” he said, describing himself at another point as “an intellectually curious adventurer.” His words were often cryptic, at one point addressed to “that cool dude in a loose mood” and at another citing the N.S.A. motto, “They serve in silence.”

All that said, one of the most telling details from coverage of yesterday’s sentencing is in the the government’s press release on the sentencing. It emphasizes the resources diverted to investigating Martin’s activities, which sure makes it sound like they don’t think he’s the culprit behind the Shadow Brokers leak.

In court documents and at today’s sentencing hearing, the government noted that crimes such as Martin’s not only create a risk of unauthorized disclosure of, or access to, highly classified information, but often require the government to treat the stolen material as compromised, resulting in the government having to take remedial actions including changing or abandoning national security programs.  In addition, Martin’s criminal conduct caused the government to expend substantial investigative and analytical resources.  The diversion of those resources resulted in significant costs.

Bennett believes the nine year sentence will serve as deterrent for other intelligence personnel. But it’s not clear whether those are the people who need to be deterred.

On the Curious Timing of Daniel Everette Hale’s Arrest

By all appearances, the FBI executed a search on the home of Daniel Everette Hale, an intelligence analyst the government has accused of being Jeremy Scahill’s source for his Drone Papers reporting, on August 8, 2014. In the search, they found a thumb drive with a PowerPoint on drone operations that he had printed off at work over five months earlier.

By that time, Hale had already printed out all 23 documents, unrelated to his work at Leidos, that are charged in his indictment. He also had an unclassified document he printed off at work on his home computer. He had a separate thumb drive with Tails on it, the operating system that the Intercept recommended users use to share files. Somewhere along the way, the government obtained Hale’s location data.

The August 2014 search was done a month after the Intercept published — in July 2014 — the first of the documents Hale printed out, and fourteen months before the Intercept first published that drone war PowerPoint, in October 2015. So the entire time the Intercept was publishing these documents, the government had solid evidence on who their suspected source was.

By the time FBI did that search, Hale had been in contact with Scahill — in largely unsecure form — for fifteen months. Even before Hale left the Air Force in July 2013, Hale had done a Google search on the NSA unclassified computer assigned to him for details on Scahill’s Dirty Wars book tour. He attended an event at Politics and Prose that month, and told a “confidant” he had met Scahill, who wanted to tell his story. Hale played a public role in some of Scahill’s events about the US war on terror. They emailed (including about Edward Snowden) through the summer and spoke at least once on the phone.

It wasn’t until September 2013 that Scahill and Hale switched to Jabber (but even there, the government has evidence of at least three of their Jabber chats before Hale started printing off files from work), perhaps because Hale at least once texted Scahill about getting on Jabber, apparently the day before he printed out a bunch of drone war documents.

All that suggests that, as soon as a month after the Intercept first published documents from Hale, the government had all the same evidence they’ve shown in this indictment substantiating the very strong case that Hale was Scahill’s source.

That was almost five years ago (the statute of limitations for the 793 Espionage Act crimes with which they’ve charged Hale is 10 years).

Just as curious, the government indicted Hale (in EDVA, based off work Maryland FBI Agents did) on March 7, apparently with a newly installed grand jury. The indictment has been sealed since then, waiting for Hale’s arrest in Nashville.

It is not at all surprising that the government indicted Hale. Even under the Obama Administration’s aggressive prosecutions of whistleblowing leakers, the case would be among the type they prosecuted (even though the drone documents he allegedly leaked exposed really damning details about a dysfunctional side of our war on terror, so the prosecution might have embarrassed Obama). The Trump Administration has gotten even more aggressive with journalists.

According to his criminal cover sheet, Hale is represented by Abbe Lowell who, along with being Jared Kushner’s lawyer, is also one of the best lawyers in the country on defending leak cases.

Confirmed: Listening to Whistleblower John Reidy Could Have Saved the Lives of Numerous CIA Assets

Back in 2015, I looked at the whistleblower case of John Reidy, a former CIA contractor who had warned of catastrophic failures in a communications system.

Reidy describes playing three roles in 2005: facilitating the dissemination of intelligence reporting to the Intelligence Community, identifying Human Intelligence (HUMINT) targets of interest for exploitation, and (because of resource shortages) handling the daily administrative functions of running a human asset. In the second of those three roles, he was “assigned the telecommunications and information operations account” (which is not surprising, because that’s the kind of service SAIC provides to the intelligence community). In other words, he seems to have worked at the intersection of human assets and electronic reporting on those assets.

Whatever role he played, he described what by 2010 had become a “catastrophic intelligence failure[]” in which “upwards of 70% of our operations had been compromised.” The problem appears to have arisen because “the US communications infrastructure was under siege,” which sounds like CIA may have gotten hacked. At least by 2007, he had warned that several of the CIA’s operations had been compromised, with some sources stopping all communications suddenly and others providing reports that were clearly false, or “atmospherics” submitted as solid reporting to fluff reporting numbers. By 2011 the government had appointed a Task Force to deal with the problem he had identified years earlier, though some on that Task Force didn’t even know how long the problem had existed or that Reidy had tried to alert the CIA and Congress to the problem.

All that seems to point to the possibility that tech contractors had set up a reporting system that had been compromised by adversaries,

When news of CIA’s loss of numerous Chinese assets came out, I again pointed back to Reidy’s warnings.

Today, Yahoo confirms that the communications system weakness first identified by Reidy 11 years ago was indeed exploited first by Iran (where, Yahoo says, Reidy was stationed), then by China, and to a lesser degree, Russia.

Iran was able to use the vulnerability to unwind the US’ network of spies by using Google to identify signatures of the system.

This hunt for CIA sources eventually bore fruit — including the identification of the covert communications system.

A 2011 Iranian television broadcast that touted the government’s destruction of the CIA network said U.S. intelligence operatives had created websites for fake companies to recruit agents in Iran by promising them jobs, visas and education abroad. Iranians who initially thought they were responding to legitimate opportunities would end up meeting with CIA officers in places like Dubai or Istanbul for recruitment, according to the broadcast.

Though the Iranians didn’t say precisely how they infiltrated the network, two former U.S. intelligence officials said that the Iranians cultivated a double agent who led them to the secret CIA communications system. This online system allowed CIA officers and their sources to communicate remotely in difficult operational environments like China and Iran, where in-person meetings are often dangerous.

A lack of proper vetting of sources may have led to the CIA inadvertently running a double agent, said one former senior official — a consequence of the CIA’s pressing need at the time to develop highly placed agents inside the Islamic Republic. After this betrayal, Israeli intelligence tipped off the CIA that Iran had likely identified some of its assets, said the same former official.

The losses could have stopped there. But U.S. officials believe Iranian intelligence was then able to compromise the covert communications system. At the CIA, there was “shock and awe” about the simplicity of the technique the Iranians used to successfully compromise the system, said one former official.

In fact, the Iranians used Google to identify the website the CIA was were using to communicate with agents. Because Google is continuously scraping the internet for information about all the world’s websites, it can function as a tremendous investigative tool — even for counter-espionage purposes. And Google’s search functions allow users to employ advanced operators — like “AND,” “OR,” and other, much more sophisticated ones — that weed out and isolate websites and online data with extreme specificity.

According to the former intelligence official, once the Iranian double agent showed Iranian intelligence the website used to communicate with his or her CIA handlers, they began to scour the internet for websites with similar digital signifiers or components — eventually hitting on the right string of advanced search terms to locate other secret CIA websites. From there, Iranian intelligence tracked who was visiting these sites, and from where, and began to unravel the wider CIA network.

Yahoo describes that Iran and China likely traded technology, which is how China proceeded to use the same technique to target CIA assets.

While Yahoo doesn’t emphasize it, it seems likely that if SAIC and Raytheon hadn’t had so much power when Reidy first started warning of this compromise, it would have been addressed far more quickly. Instead, he lost clearance and was fired.

Which, on top of a lot of other lessons, seems to be a superb example of how ignoring a whistleblower can have catastrophic consequences.

Senate Intelligence Committee Doesn’t Think the Intelligence Community Inspector General Does Enough All-IC Oversight

The Intelligence Community Inspector General receives just two mentions in the Intelligence Authorization released earlier this month. First, in a standalone section that will permit it to hire expert auditors, as other Inspectors General can. The bill report explains that section this way.

Section 307. Inspector General of the Intelligence Community auditing authority

Section 307 permits the IC IG to hire contractor or expert auditors to meet audit requirements, similar to other Federal IGs. Section 307 responds to the Committee’s concerns that the IC Inspector General (IC IG) is at risk of failing to meet its legislative requirements due to its inability to hire qualified auditors by granting the IC IG independent hiring practices identical to other IGs.

Good to see that eight years after it was created, the ICIG will be able to start doing competent financial audits.

In addition, the unclassified portion of the Intel Authorization includes the ICIG among those Inspectors General that must see whether its agencies are classifying and declassifying things properly.

Which suggests this passage — which goes far beyond those two passages — may correspond to some language within the classified portion of the bill.

Inspector General of the Intelligence Community role and responsibilities

The Inspector General of the Intelligence Community (IC IG) was established by the Intelligence Authorization Act for Fiscal Year 2010 to initiate and “conduct independent reviews investigations, inspections, audits, and reviews on programs and activities within the responsibility and authority of the Director of National Intelligence” and to lead the IG community in its activities. The Committee is concerned that this intent is not fully exercised by the IC IG and reiterates the Congress’s intent that it consider its role as an IG over all IC-wide activities in addition to the ODNI. To support this intent, the Committee has directed a number of requirements to strengthen the IC IG’s role and expects full cooperation from all Offices of Inspector General across the IC.

The Committee remains concerned about the level of protection afforded to whistleblowers within the IC and the level of insight congressional committees have into their disclosures. It is the Committee’s expectation that all Offices of Inspector General across the IC will fully cooperate with the direction provided elsewhere in the bill to ensure both the Director of National Intelligence and the congressional committees have more complete awareness of the disclosures made to any IG about any National Intelligence Program funded activity.

Ron Wyden submitted — but then withdrew — language extending whistleblower protection to contractors. Instead there’s just this language nodding, yet again, to protecting those who whistleblow.

But I’m as interested in SSCI “reiterate[d] the Congress’s intent that [ICIG] consider its role as an IG over all IC-wide activities in addition to the ODNI.”

Going back to 2011, the ICIG refused to do a community-wide review of the way Section 702 works (or count how many Americans get sucked up). With EO 12333 sharing raw data with other agencies, it behooves the ICIG to review how that process works.

The Intel Authorization also requires a review to make sure all the agencies shared the data they should have on Russian tampering with the election. It turns out the interagency “Task Force” John Brennan set up in the summer was a CIA-led task force. It wasn’t until December that a broader set of analysts were permitted to review the intelligence, leading to new discoveries (including, it seems, new conversations between Trump officials and Russians of interest). And it seems highly likely that DHS was left out of the loop, which would be especially problematic given that that’s the agency that talks to state electoral officials.

As Mike Pompeo seems intent on politicizing Iran intelligence and killing diversity at CIA, I hope ICIG gets directed to review CIA’s approach to both of those issues.

There are likely more items of interest addressed in the “requirements to strengthen the IC IG’s role.” Which is a good thing.

Three Things: Bad, Worse, and Just Deal Already

I’ve got to run some errands, only have time for a very quick three things post.

~ 3 ~

Because Trump wants a cheaper Air Force One, the Air Force bought a bankrupt Russian company’s canceled Boeing 747s.

Why does this sound like 1) a crap deal which doesn’t solve the need for an attack-resistant AF1, 2) a bail-out for some entity, whether Boeing or whoever in Russia is holding the bag on the down payment?

~ 2 ~

A few days ago I read yet another right-wing character assassination attempt aimed at Robert Mueller, distributing disinformation related to Russia and radioactive materials. Real story completely stretched beyond recognition to attack the special counsel looking into Trump-Russia.

Meanwhile, the Los Alamos National Laboratory has improperly MAILED radioactive materials repeatedly.

This highlights our long-term problems with outsourcing nuclear sites’ management to private contractors.

Please let’s not allow Trump cut a deal on this matter. It’s bad enough we have Dancing With The Stars’ Rick Perry involved in any way. And watch for more disinfo about Robert Mueller as the Trump-Russia investigation heats up.

~ 1 ~

Baltimore Ravens need to get off it and hire Colin Kaepernick. Baltimore the city needs him. Not only is Kaepernick a good Plan B because of Joe Flacco’s back, the Ravens need a reset on their image — many women still don’t have a high opinion of the Ravens (or the NFL) after the Ray Rice scandal. And Kaepernick is a solid player worth watching; he doesn’t deserve the racist bullshit he’s received from the NFL, quietly blacklisted for exercising his First Amendment rights. Football isn’t slavery demanding forfeit of human rights, after all — or is it?

~ 0 ~

Off to run the roads. This is an open thread. Behave.

Did China and Russia Really Need Our Help Targeting Spook Techies?

LAT has a story describing what a slew of others — including me — have already laid out. The OPM hack will enable China to cross-reference a bunch of databases to target our spooks. Aside from laying all that out again (which is worthwhile, because not a lot of people are still not publicly discussing that), LAT notes Russia is doing the same.

But other than that (and some false claims the US doesn’t do the same, including working with contractors and “criminal” hackers) and a review of the dubiously legal Junaid Hussain drone killing, LAT includes one piece of actual news.

At least one clandestine network of American engineers and scientists who provide technical assistance to U.S. undercover operatives and agents overseas has been compromised as a result, according to two U.S. officials.

I would be unsurprised that China was rolling up actual HUMINT spies in China as a result of the OPM breach (which would explain why we’d be doing the same in response, if that’s what we’re doing). But the LAT says China (and/or Russia) is targeting “engineers and scientists who provide technical assistance” to spooks — one step removed from the people recruiting Chinese (or Russian) nationals to share its country’s secrets.

I find that description rather curious because of the way it resembles the complaint by CIA contractor whistleblower John Reidy in an appeal of a denial of a whistleblower complaint by CIA’s Inspector General. (Marisa Taylor first reported on Reidy’s case.) As I extrapolated from redactions some weeks ago, it looks like Reidy reported CIA’s reporting system getting hacked at least as early as 2007, but the contractors whose system got (apparently) hacked got him fired and CIA suppressed his complaints, only to have the problem get worse in the following years until CIA finally started doing something about it — with incomplete information — starting in 2010.

Reidy describes playing three roles in 2005: facilitating the dissemination of intelligence reporting to the Intelligence Community, identifying Human Intelligence (HUMINT) targets of interest for exploitation, and (because of resource shortages) handling the daily administrative functions of running a human asset. In the second of those three roles, he was “assigned the telecommunications and information operations account” (which is not surprising, because that’s the kind of service SAIC provides to the intelligence community). In other words, he seems to have worked at the intersection of human assets and electronic reporting on those assets.

Whatever role he played, he described what by 2010 had become a “catastrophic intelligence failure[]” in which “upwards of 70% of our operations had been compromised.” The problem appears to have arisen because “the US communications infrastructure was under siege,” which sounds like CIA may have gotten hacked. At least by 2007, he had warned that several of the CIA’s operations had been compromised, with some sources stopping all communications suddenly and others providing reports that were clearly false, or “atmospherics” submitted as solid reporting to fluff reporting numbers. By 2011 the government had appointed a Task Force to deal with the problem he had identified years earlier, though some on that Task Force didn’t even know how long the problem had existed or that Reidy had tried to alert the CIA and Congress to the problem.

All that seems to point to the possibility that tech contractors had set up a reporting system that had been compromised by adversaries, a guess that is reinforced by his stated desire to bring a “qui tam lawsuit brought against CIA contractors for providing products whose maintenance and design are inherently flawed and yet they are still charging the government for the products.” In his complaint, he describes Raytheon employees being reassigned, suggesting that contracting giant may be one of the culprits, but all three named contractors (SAIC, Raytheon, and Mantech) have had their lapses; remember that SAIC was the lead contractor that Thomas Drake and friends exposed.

Reidy’s appeal makes it clear that one of the things that exacerbated this problem was overlapping jurisdiction, with a functional unit apparently taking over control from a geographic unit. While that in no way rules out China, it sounded as much like the conflict between CIA’s Middle East and Counterterrorism groups that has surfaced in other areas as anything else.

The reason I raise Reidy is because — whether or not the engineers targeted as described in the LAT story are the same as the ones Reidy seems to describe — Reidy’s appeal suggests the problem he described arose from contractor incompetence and cover-ups.

I guess you could say the same about the OPM hack (though it was also OPM’s incompetence). Except in the earlier case, you’re talking far more significant intelligence contractors — including SAIC and Raytheon, who both do a lot of cybersecurity contracting on top of their intelligence contracting — and a years-long cover up with the assistance of the agency in question.

All while assets were being exposed, apparently because of insecure computer systems.

China’s hacking is a real threat to the identities of those who recruit human sources (and therefore of the human sources themselves).

But if Reidy’s complaint is true, then it’s not clear how much work China really needs to do to compromise these identities.

The Danger of Someone Criticizing Political Pork Landing on the Capitol Lawn

The WaPo has a good review of how postal service worker Doug Hughes managed to fly his gyrocopter onto the Capitol lawn without being spotted by the Secret Service or other security forces.

But the best part of the story cites corporate sucklings Chuck Schumer and Ron Johnson expressing dismay that the security theater draping DC didn’t prevent Hughes from landing a harmless aircraft on their lawn.

On Capitol Hill, there was less concern Thursday about Hughes’s message than how he delivered it — flying into the heart of the nation’s capital and alighting on the Capitol lawn about 1:30 p.m. in what amounts to an airborne go-cart, powered by something like a lawn mower engine, and kept aloft by an overhead rotor and a small propeller.

“How did it happen?” Sen. Charles E. Schumer (D-N.Y.) wondered aloud. “How did the helicopter get through? Why weren’t there alarm bells that went off? Why wasn’t it intercepted? Did we know about it? How far from the Capitol grounds did we know?”

Schumer, the Senate’s third-ranking Democrat, added: “Just saying it’s a little helicopter, or it’s one person, or it was harmless, does not answer these questions. And we need to know what happened.”

Sen. Ron Johnson (R-Wis.), chairman of the Homeland Security and Governmental Affairs Committee, said in a statement: “I am deeply concerned that someone has the ability to fly for over an hour through the most restricted airspace in our country, past the White House, and land on the lawn of the Capitol.”

He added that he wants “a full accounting by all federal organizations entrusted with securing the United States from this and similar events.” That Hughes was able to pull off the stunt, Johnson said, is “a reminder that the risk to America and Americans is ever present.”

As Nancy Pelosi noted in comments yesterday (which were almost, but not quite, this shrill), there are reasons to want the Capitol to remain fairly open. And it is fairly open — easier to get into than an airport, for example. That makes it accessible to the thousands of local lobbying and school groups who want to see their Representatives’ office.

But it also makes it permeable by lobbyists.

The big money lobbyists, of course, do far more damage to this country than a gyrocopter ever could, damage that Schumer and Johnson are enthusiastic participants in.

Which is sort of Hughes’ point.

I expect more ironic symbolism from this event going forward, as a bunch of security-industry intoxicated Congressmen take as a lesson from this that they need to insulate themselves even more from the people warning about them insulating themselves form their constituents.

Internet Cats, Weaponized: US Defense Contractor Consulted on Targeted Network Injection Surveillance for Commercial Sales Abroad

[photo: liebeslakritze via Flickr]

[photo: liebeslakritze via Flickr]

First, a caveat: I would not click on the links embedded in the story I’m recommending (I’m this || close to swearing off embedded links forever). I don’t trust traffic to them not to be monitored or exploited.

But as Jeremy Scahill tweeted last evening, read this piece by WaPo’s Barton Gellman on malicious code insertion. This news explains recent changes by Google to YouTube once it had been disclosed to the company that exploits could be embedded in video content as CitizenLab.org explains:

“… the appliance exploits YouTube users by injecting malicious HTML-FLASH into the video stream. …”
“… the user (watching a cute cat video) is represented by the laptop, and YouTube is represented by the server farm full of digital cats. You can observe our attacker using a network injection appliance and subverting the beloved pastime of watching cute animal videos on YouTube. …”

The questions this piece shake loose are Legion, but as just as numerous are the holes. Why holes? Because the answers are ugly and complex enough that one might struggle with them. Gellman’s done the best he can with nebulous material.

An interesting datapoint in the first graf of the story is timing — fall 2009.

You’ll recall that Google revealed the existence of a cyber attack code named Operation Aurora in January 2010, which Google said began in mid-December 2009.

You may also recall news of a large batch of cyber attacks in July of 2009 on South Korean targets.

The U.S. military had already experienced a massive uptick in cyber attacks in 1H2009, more than double the rate of the entire previous year.

And neatly sandwiched between these waves and events is a visit by a defense contractor CloudShield Technologies engineer from California, to Munich, Germany with British-owned Gamma Group. Read more

Bengh– Blackwater!

You should definitely read the James Risen story describing how the head of Blackwater’s operations in Iraq threatened to kill an investigator into the company’s practices in the period before the Nisour Square. It definitely confirms every concern that has been raised about mercenaries generally and Blackwater specifically.

But I want to look at the frame Risen gave the story, which I suspect few will read closely.

His memo and other newly disclosed State Department documents make clear that the department was alerted to serious problems involving Blackwater and its government overseers before the Nisour Square shooting, which outraged Iraqis and deepened resentment over the United States’ presence in the country.

[snip]

Condoleezza Rice, then the secretary of state, named a special panel to examine the Nisour Square episode and recommend reforms, but the panel never interviewed Mr. Richter or Mr. Thomas.

Patrick Kennedy, the State Department official who led the special panel, told reporters on Oct. 23, 2007, that the panel had not found any communications from the embassy in Baghdad before the Nisour Square shooting that raised concerns about contractor conduct.

“We interviewed a large number of individuals,” Mr. Kennedy said. “We did not find any, I think, significant pattern of incidents that had not — that the embassy had suppressed in any way.”

The reason this is coming out — aside from the fact the government is trying to try the Nisour Square killers again — is to show that contrary to what Patrick Kennedy said after having done a review of security practices in 2007, there had been a pattern of incidents, and they had been suppressed by the Embassy.

Now consider how that reflects on the GOP’s second favorite scandal, Benghazi. Not only was Kennedy the key judge about the events leading up to that event (which is normal — he’s been a key player in State for a very long time; I’m beginning to believe he’s State’s institutional defender in the same way David Margolis was at DOJ), but the question of security oversight is important there: Blue Mountain Group appears to have done its job inadequately (and there are some sketchy things about its contract and contractors).

Benghazi is actually not a bigger scandal than that State suppressed knowledge of Blackwater’s problems. But there does seem to be continuity.

New & Improved USA Freedumb Act, with Twice the Contractors Compensated

Somewhere Booz Allen Hamilton Vice Chairman (and former NSA Director) Mike McConnell just said, “Ka-Ching.”

As I noted, the initial manager’s amendment of HR 3361 (AKA USA Freedumb Act) added compensation language to Section 215 that didn’t originally exist.

(j) COMPENSATION.—The Government shall compensate, at the prevailing rate, a person for producing tangible things or providing information, facilities, or assistance in accordance with an order issued or an emergency production required under this section.

In this latest iteration, the compensation has been expanded beyond just the telecoms to anyone else who assists.

(j) COMPENSATION.—The Government shall compensate a person for reasonable expenses incurred for—

(1) producing tangible things or providing information, facilities, or assistance in accordance with an order issued with respect to an application described in subsection (b)(2)(C) or an emergency production under subsection (i) that, to comply with subsection (i)(1)(D), requires an application described in subsection (b)(2)(C); or

(2) otherwise providing technical assistance to the Government under this section or to implement the amendments made to this section by the USA FREEDOM Act.

There’s reason to believe that contractors (AKA Booz!) does some of the triage work on the data currently. So one solution to that problem might be to move those Booz contractors — with their access directly to the raw data of Americans — over to Verizon and AT&T.

Because why shouldn’t NSA contractors be in bed together, wallowing in all your raw data.

Glad to see this bill is improving Intelligence Contractors bottom line, even if it doesn’t improve the dragnet.

image_print