Intelligence Community Will Close Gaping Hole that Allegedly Led to WikiLeaks Disclosure … in 2013

/in , /by

I did a long post yesterday describing how embarrassingly, pathetically bad DOD’s information security was and remains 3 years after a malware attack and a full year after the alleged WikiLeaks leak. Along with DOD’s gaping security problems, I noted that some entities in the intelligence community are still in the process of implementing user authentication which would have exposed someone taking entire databases off of their networks.

While the two DIA witnesses mostly blew smoke rather than provide a real sense of where security is at (both blamed WikiLeaks on a “bad apple” rather than shockingly bad information security), the testimony of DNI’s Intelligence Community Intelligence Sharing Executive Corin Stone seems to suggest other parts of the IC area also still implementing the kind of authentication most medium sized corporations employ.

To enable strong network authentication and ensure that networks and systems can authoritatively identify who is accessing classified information, the IC CIO is implementing user authentication technologies and is working with the IC elements to achieve certificate issuance to eligible IC personnel in the first quarter of fiscal year 2012.

Just in case the intelligence community can’t get around to providing this fairly common security on our intelligence community networks by their planned timeframe of the first quarter of FY 2012 (which would mean the last quarter of calendar year 2011), the Senate Intelligence Committee is requiring the IC to have a fully operational ability to audit online access by October 2013.

Section 402 requires the Director of National Intelligence, not later than October 1, 2012, to establish an initial operating capability for an effective automated insider threat detection program for the information resources in each element of the Intelligence Community in order to detect unauthorized access to, or use or transmission of, classified information. Section 402 requires that the program be at full operating capability by October 1, 2013.

Not later than December 1, 2011, the Director of National Intelligence shall submit to the congressional intelligence committees a report on the resources required to implement the program and any other issues the Director considers appropriate to include in the report.

In other words, if closing this security gap a year and a half after the leaks are alleged to have occurred is too tough, then they can go ahead and take another year or so to close the barn door.

Though to be fair, this deadline may come directly from the lackadaisical DOD, as the deadlines given here seem to match those DOD aspires to hit.

Now, maybe it’s considered unpatriotic to note that our intelligence community–and its congressional overseers–are tolerating pretty shoddy levels of security all while insisting that they takes leaks seriously.

But seriously: if our government is going to claim that leaks are as urgent as it does, if it’s going to continue to pretend that secrets are, you know, really secret, then it really ought to at least pretend to show urgency on responding to the gaping technical issues that will not only protect against leakers, but also provide better cybersecurity and protect against spies. Aspiring to fix those issues years after the fact really doesn’t cut it.

Share this entry

How Many Other Journalists Does the FBI Consider Informants?

/in , , /by

Yesterday, the Center for Public Integrity revealed the contents of a secret FBI memo treating a top ABC journalist–who turned out to be Christopher Isham (currently CBS’ DC bureau chief)–as a confidential source for a claim that Iraq’s intelligence service had helped Timothy McVeigh bomb the Murrah Federal Building.

Isham claims he alerted the FBI about the story because there were indications there might be follow-on attacks.

Christopher Isham, a vice president at CBS News and chief of its Washington bureau, later issued a statement denouncing the claims, revealing himself as the subject of the report. Mr. Isham, who worked for ABC News at the time of the bombing, said he would have passed information to the F.B.I. only to try to verify it or to alert the bureau to word of a possible terrorist attack.

“Like every investigative reporter, my job for 25 years has been to check out information and tips from sources,” Mr. Isham said in a statement released through a CBS spokeswoman. “In the heat of the Oklahoma City bombing, it would not be unusual for me or any journalist to run information by a source within the F.B.I. for confirmation or to notify authorities about a pending terrorist attack.”

Only, it turns out that Vince Cannistraro–who had told ABC the story while serving as a consultant for them and had, in turn, been told the tale by a Saudi General–had already told the FBI himself.

That source, Vincent Cannistraro, a former Central Intelligence Agency official who was a consultant for ABC News at the time, said in an interview that Mr. Isham had done something discourteous, perhaps, but not improper.

“I was working for ABC as a consultant,” he said. “I was not a confidential source.”

Mr. Cannistraro added, however, that he would have preferred it if Mr. Isham had told him that he had passed along the tip. “I was not told that Chris was also going to talk to them. And he certainly didn’t tell me.”

Now, aside from Isham ultimately revealing that his story came from Cannistraro, it seems to me the ethical questions on the part of ABC and Isham are misplaced. Isham’s call to the FBI to confirm or deny a tip really can’t be faulted.

The problem seems to lie in two issues: how ABC treated Cannistraro, and how the FBI treated Isham.

First, Cannistraro fed ABC an inflammatory tip, apparently without confirming it. Given that he was a consultant to ABC, was it his job to second source that material? As it happens, since both Cannistraro and Isham reported the tip to the FBI, it worked like a stove pipe, giving the FBI the appearance of two sources when the story derived from the same Saudi General. And how much other bullshit did Cannistraro feed ABC over the years? It’s not even necessary that Cannistraro do this deliberately–if sources knew he was an ABC consultant, particularly if they knew the information would be treated this way, it’d be easy to stovepipe further inflammatory information right to the screens of the TV. And who owns the source relationship, then, the understanding that the source can be burned for planting deliberate, inflammatory misinformation designed to stoke an illegal war?

In other words, the way ABC treated Cannistraro as a consultant muddled journalistic lines in ways that may have led to less than responsible journalism.

It wouldn’t be the first time networks’ relationships with “consultants” had compromised their reporting.

And then there’s the FBI. Anonymous sources are reassuring the NYT that Isham wasn’t really treated as a snitch, even though the report that CPI has seems to treat him as such. This seems more like FBI trying to cover its tracks–reassure other journalists the FBI isn’t typing up source reports every time a journalist calls the FBI for confirmation of a tip–than anything else. So how often does the FBI, having been asked to confirm information by a journalist, start an informant file on that tip?

And what is the relationship that evolves between the FBI and that source over the years? That is, if the FBI treats journalists who confirm information with them as sources, filing reports like this one that, if revealed, would reflect badly on the journalist, then what will the journalist do in the future when the FBI feeds him shit?

Share this entry

One Year After Collateral Murder Release, DOD’s Networks Are Still Glaring Security Problem

/in , /by

As I have posted several times, the response to WikiLeaks has ignored one entity that bears some responsibility for the leaks: DOD’s IT.

Back in 2008, someone introduced malware to DOD’s computer systems. In response, DOD announced it would no longer allow the use of removable media in DOD networks. Yet that is precisely how Bradley Manning is reported to have gotten the databases allegedly leaked. In other words, had DOD had very basic security measures in place they had already been warned they needed, it would have been a lot harder for anyone to access and leak these documents.

Often, when I have raised this issue, people are simply incredulous that DOD’s classified network would be accessible to removable media (and would have remained so two years after malware was introduced via such means). But it’s even worse than that.

A little-noticed Senate Homeland Security hearing last month (Steven Aftergood is one of the few people who noticed) provided more details about the status of DOD’s networks when the leaks took place and what DOD and the rest of government have done since. The short version is this: for over two months after DOD arrested Bradley Manning for allegedly leaking a bunch of material by downloading information onto a Lady Gaga CD, DOD and the State Department did nothing. In August, only after WikiLeaks published the Afghan War Logs, they started to assess what had gone wrong. And their description of what went wrong reveals not only how exposed DOD was, but how exposed it remains.

Two months to respond

Bradley Manning was arrested on or before May 29. Yet in spite of claims he is alleged to have made in chat logs about downloading three major databases, neither DOD or State started responding to the leak until after the Afghan War Logs were published on July 25, 2010.

The joint testimony of DOD’s Chief Information Officer Teresa Takai and Principal Deputy Under Secretary for Intelligence Thomas Ferguson explains,

On August 12, 2010, immediately following the first release of documents, the Secretary of Defense commissioned two internal DoD studies. The first study, led by the Under Secretary of Defense for Intelligence (USD(I)), directed a review of DoD information security policy. The second study, led by the Joint Staff, focused on procedures for handling classified information in forward deployed areas.

In other words, “immediately” (as in, more than two weeks) after the publication of material that chat logs (published two months earlier) had clearly explained that Manning had allegedly downloaded via Lady Gaga CD months earlier, DOD commissioned two studies.

As State Department Under Secretary of Management Patrick Kennedy explained, their response was no quicker.

When DoD material was leaked in July 2010, we worked with DoD to identify any alleged State Department material that was in WikiLeaks’ possession.

It wasn’t until November–at around the time when NYT was telling State precisely what they were going to publish–that State started responding in earnest. At that time–over four months after chat logs showed Manning claiming to have downloaded 250,000 State cables–State moved its Net Centric Diplomacy database from SIPRNet (that is, the classified network) to JWICS (the Top Secret network).

DOD’s exposed IT networks

Now, frankly, State deserves almost none of the blame here. Kennedy’s testimony made it clear that, while the WikiLeaks leak has led State to enhance their limits on the use of removable media access, they have systems in place to track precisely who is accessing data where.

DOD won’t have that across their system for another year, at least.

There are three big problems with DOD’s information security. First, as the Takai/Ferguson testimony summarized,

Forward deployed units maintained an over-reliance on removable electronic storage media.

It explains further that to make sure people in the field can share information with coalition partners, they have to keep a certain number of computers accessible to removable media.

The most expedient remedy for the vulnerability that led to the WikiLeaks disclosure was to prevent the ability to remove large amounts of data from the classified network. This recommendation, forwarded in both the USD(I) and Joint Staff assessments, considered the operational impact of severely limiting users’ ability to move data from SIPRNet to other networks (such as coalition networks) or to weapons platforms. The impact was determined to be acceptable if a small number of computers retained the ability to write to removable media for operational reasons and under strict controls.

As they did in 2008 after malware was introduced via thumb drive, DOD has promised to shut off access to removable media (note, Ferguson testified thumb drives, but not CDs, have been shut down for “some time”). But 12% of the computers on SIPRNet will still be accessed by removable media, though they are in the process of implementing real-time Host Based Security System tracking of authorized and unauthorized attempts to save information on removable media for those computers.

In response to a very frustrated question from Senator Collins, Ferguson explained that DOD started implementing a Host Based Security System in 2008 (the year DOD got infected with malware). But at the time of the leak, just 40% of the systems in the continental US had that system in place; it was not implemented outside of the US, though. They weren’t implemented overseas, he explained, because a lot of the systems in the field “are cobbled together.”

In any case, HBSS software will be in place by June. (Tech folks: Does this means those computers are still vulnerable to malware introduced by removable media? What about unauthorized software uploads?)

Then there’s data access control. DOD says it can’t (won’t) password protect access to information because managing passwords to control the access of 500,000 people is too onerous for an agency with a budget larger than Australia’s gross national product. Frankly, that may well be a fair approach given the importance of sharing information.

But what is astounding is that DOD is only now implementing public key infrastructure that will, first of all, make it possible to track what people access and–some time after DOD collects that data–to start fine tuning what they can access.

DoD has begun to issue a Public Key Infrastructure (PKI)-based identity credential on a hardened smart card. This is very similar to the Common Access Card (CAC) we use on our unclassified network. We will complete issuing 500,000 cards to our SIPRNet users, along with card readers and software, by the end of 2012. This will provide very strong identification of the person accessing the network and requesting data. It will both deter bad behavior and require absolute identification of who is accessing data and managing that access.

In conjunction with this, all DoD organizations will configure their SIPRNet-based systems to use the PKI credentials to strongly authenticate end-users who are accessing information in the system. This provides the link between end users and the specific data they can access – not just network access. This should, based on our experience on the unclassified networks, be straightforward.

DoD’s goal is that by 2013, following completion of credential issuance, all SIPRNet users will log into their local computers with their SIPRNet PKI/smart card credential. This will mirror what we already do on the unclassified networks with CACs.

[Takai defines what they’re doing somewhat just before 88:00]

Note what this says: DOD is only now beginning to issue the kind of user-based access keys to protect its classified network that medium-sized private companies use. And unless I’m misunderstanding this, it means DOD is only now upgrading the security on its classified system to match what already exists on its unclassified system.

Let’s hope nothing happens between now and that day in 2013 when all this is done.

And this particular problem appears to exist beyond DOD. While the two DIA witnesses mostly blew smoke rather than provide a real sense of where security is at (both blamed WikiLeaks on a “bad apple” rather than shockingly bad information security), the testimony of DNI’s Intelligence Community Intelligence Sharing Executive Corin Stone seems to suggest other parts of the IC area also still implementing the kind of authentication most medium sized corporations employ.

To enable strong network authentication and ensure that networks and systems can authoritatively identify who is accessing classified information, the IC CIO is implementing user authentication technologies and is working with the IC elements to achieve certificate issuance to eligible IC personnel in the first quarter of fiscal year 2012.

So that’s the issue of removable media and individualized access tracking.

Which leaves one more big security hole. According to Takai/Ferguson, DOD didn’t–still didn’t, as of mid-March–have the resources in place to detect anomalous behavior on its networks.

Limited capability currently exists to detect and monitor anomalous behavior on classified computer networks.

This confirms something Manning said in chat logs: no one is following the activity occurring on our networks in Iraq (or anywhere else on SIPRNet, from the sounds of things), and flagging activities that might be an intrusion.

The part of the Takai/Ferguson testimony that details very hazy plans to think about maybe implementing such a system (pages 6-7) is worth a gander just for the number of acronyms of titles of people who are considering maybe what to implement some time in the future. It’s all a bunch of bureaucratic camouflage, IMO, to avoid saying clearly, “we haven’t got it and we haven’t yet figured out how we’re going to get it.” But here are the two most concrete descriptions of what the Department of Defense plans to do to make sure no one is fiddling in their classified networks. First, once they get HBSS completely installed, then they will install an NSA audit program on top of that.

One very promising capability is the Audit Extraction Module (AEM) developed by the National Security Agency (NSA). This software leverages already existing audit capabilities and reports to the network operators on selected audit events that indicate questionable behavior. A great advantage is that it can be integrated into the HBSS we have already installed on the network, and so deployment should be relatively inexpensive and timely. AEM is being integrated into HBSS now and will be operationally piloted this summer.

But in the very next paragraph, Takai/Ferguson admit there are better solutions out there. But DOD (again, with its budget larger than the GNP of most medium sized countries) can’t implement those options.

Commercial counterintelligence and law enforcement tools – mostly used by the intelligence community – are also being examined and will be a part of the overall DoD insider threat program. These tools provide much more capability than the AEM. However, while currently in use in some agencies, they are expensive to deploy and sustain even when used in small, homogeneous networks. Widespread deployment in DoD will be a challenge.

In other words, DOD wants to be the biggest part of the intelligence community. But it and its budget bigger than Brazil’s GNP won’t implement the kind of solutions the rest of the intelligence community use.

Department. Of. Defense.

Now, let me be clear: DOD’s embarrassingly bad information security does not, in any way, excuse Bradley Manning or the other “bad apples” we don’t know about from their oath to protect this information. (Note, there was also testimony that showed DOD’s policies on information sharing were not uniformly accessible, but that’s minor compared to these big vulnerabilities.)

But in a world with even minimal accountability, we’d be talking about fixing this yesterday, not in 2013 (five years, after all, after the malware intrusion). We’d have fired the people who let this vulnerability remain after the malware intrusion. We’d aspire to the best kind of security, rather than declaring helplessness because our very expensive DOD systems were kluged together. And we’d be grateful, to a degree, that this was exposed with as little reported damage as it has caused.

If this information is really classified for good reason, as all the hand-wringers claim, then we ought to be using at least the kind of information security implemented by the private sector a decade ago. But we’re not. And we don’t plan on doing so anytime in the near future.

Share this entry

Darrell Issa Complains that Janet Napolitano Took a Whole Year to Change Michael Chertoff’s Inefficient FOIA Process

/in /by

Darrell Issa has no credibility when it comes to matters of transparency. We’ve seen Issa’s rank hypocrisy in the past. He dismissed concerns about Karl Rove doing business on RNC emails as a political stunt. And he suggested that apparently deliberate attempts to dismantle email archives at the White House was all about technology.

So I’m not surprised his loud complaints that Department of Homeland Security politicized the FOIA process turned out to be oversold.

As it happens, both Issa’s and Elijah Cummings’ reports on this seem to miss the forest for the trees.

At issue is the process by which top DHS officials review–and are alerted to–sensitive FOIA releases. The policy in place up until July 2010 was put in place in 2006. That is, under Michael Chertoff. As I understand it, when certain high level issues were due to be released, the Secretary’s office (whether it be Chertoff or Janet Napolitano) would be emailed the materials for review. In some cases, that review identified additional information that, for legal FOIA reasons, needed to be redacted. In other case, this review process simply alerted the Secretary to something he or she would be asked about in the press.

In other words, Darrell Issa is complaining about a process–and a burdensome email review process–inherited from Michael Chertoff. Since then, DHS has introduced an intranet system that has gotten the Secretarial review time to one day.

In addition, Issa appears to ignore how DHS has gotten rid of the largest FOIA backlog in history. In 2006, according to Mary Ellen Callahan’s testimony, DHS had a backlog of 98,000 requests. When Napolitano took over, that backlog was 74,000 requests. The backlog is now 11,000.

This is the kind of thing Darrell Issa is bitching about.

Now I do have certain questions about what sparked all of this. Issa first latched onto the issue after this AP report–the most serious allegations of which the AP subsequently admitted they could not confirm. Call me crazy, but given the centrality of bad blood between a few career staffers here, I’d suggest the original article came right out of that bad blood. (And perhaps not coincidentally, the article came out in the same month as DHS switched to the more efficient Intranet process.)

But it also sounds like the Napolitano was particularly concerned about being alerted to sensitive requests in the early years of the Administration.

Unless I missed it, no one mentioned this debacle, Napolitano’s embarrassment with the release of a Bush-initiated report on right wing domestic extremism. Mind you, witnesses admitted that part of the concern arose from the release of information that had been generated under the Bush Administration, so it’s possible that this report was the reason for the sensitivity.

But I wonder whether part of the problem here all stems from the fact that the Bush DHS initiated a study on right wing extremists that was subsequently spun as a Napolitano project.

Share this entry

US Intelligence Operatives in Libya, Before a Finding, Sounds Like JSOC

/in , /by

Mark Hosenball, who yesterday broke the news that Obama had issued a Finding authorizing the CIA to operate covertly in Libya in the last 2-3 weeks, today says “intelligence operatives” were on the ground before Obama signed that Finding.

U.S. intelligence operatives were on the ground in Libya before President Barack Obama signed a secret order authorizing covert support for anti-Gaddafi rebels, U.S. government sources told Reuters.The CIA personnel were sent in to contact opponents of Libyan leader Muammar Gaddafi and assess their capabilities, two U.S. officials said.

[snip]

The president — who said in a speech on Monday “that we would not put ground troops into Libya” — has legal authority to send U.S. intelligence personnel without having to sign a covert action order, current and former U.S. officials said.

Within the last two or three weeks, Obama did sign a secret “finding” authorizing the CIA to pursue a broad range of covert activities in support of the rebels.

Congressional intelligence committees would have been informed of the order, which the officials said came after some CIA personnel were already inside Libya.

Now, one explanation for this is simply that Obama sent JSOC–under the guise of preparing the battlefield–rather than CIA. It sounds like the practice–first exploited by Cheney–that the government has used frequently in the last decade of ever-expanding Presidential authority.

Indeed, House Intelligence Chair Mike Rogers’ claims he must authorize covert action, but hasn’t, sounds like the kind of complaint we’ve frequently gotten when the President bypassed the intelligence committees by claiming DOD was simply preparing the battlefield.

And Hosenball’s nuanced language about “boots,” that is, military, on the ground, may support that view.

Furthermore, we know there are a slew of British Special Forces on the ground in Libya. So why not Americans, too?

Hosenball is not saying this explicitly, yet. And he does refer to “CIA operatives” (who could be in Libya to simply collect information). But all the subtext of this article suggests that our special forces have been on the ground since before any Finding, which in turn suggests they may have been there longer than 2-3 weeks (the timeframe given for the Finding).

This is all a wildarsed overreading of Hosenball at this point. But if I’m right, then it would mean Obama would be using the shell game he adopted from Cheney to engage in war without Congressional oversight.

Share this entry

Finally! Our Declining Manufacturing Base Becomes a National Security Issue

/in , , /by

I have long argued that the way to address the big problems our government is currently all-but-ignoring, not least jobs and climate change, is to talk about how our current policies put us at significant national security risk. If nothing else, by demonstrating how these are national security issues, it’ll provide a way to reverse fear-monger against the Republicans trying to gut our country for profit.

Which is why I’m happy to learn that the intelligence community is assessing whether the decline in manufacturing in the US represents a national security threat.

The U.S. intelligence community will prepare a National Intelligence Estimate on the implications of the continuing decline in U.S. manufacturing capacity, said Rep. Jan Schakowsky (D-IL) citing recent news reports.

Our growing reliance on imports and lack of industrial infrastructure has become a national security concern,” said Rep. Schakowsky.  She spoke at a March 16 news conference (at 28:10) in opposition to the pending U.S.-Korea Free Trade Agreement.The Forbes report referenced by Rep. Schakowsky was “Intelligence Community Fears U.S. Manufacturing Decline,” by Loren Thompson, February 14. The decision to prepare an intelligence estimate was first reported by Richard McCormack in “Intelligence Director Will Look at National Security Implications of U.S. Manufacturing Decline,” Manufacturing & Technology News, February 3.

Note that Schakowsky is a member of (and until January, was a Subcommittee Chair on) the House Intelligence Committee. It’s possible her own requests generated this concern.

But the concern is real. As our manufacturing moves to places like China and (significantly for this context), Korea, we’ve lost certain capabilities. Indeed, when Bush slapped tariffs on steel in 2002, a number of tool and die factories moved to Korea where they could still access cheap steel while still supplying the US market. And in recent years, the loss of highly-skilled manufacturing process capabilities has meant we face challenges in sourcing some of our key military toys.

While it shouldn’t be the primary reason to invest in manufacturing in this country, ultimately if we keep losing it we’re going to have problems sustaining our military machine.

Most of the folks running DC may not much care that our middle class has disappeared along with our manufacturing base. But convince them that our declining manufacturing base might imperil their cherished military might, and they might finally wake up.

Share this entry

Will the US Share Intelligence with Israel’s New Left Wing Intelligence Initiative?

/in , , /by

Ha’aretz reports that Israel’s Military Intelligence set up a group several months ago dedicated to collecting intelligence on non-Israeli leftist organizations that criticize Israel.

Military Intelligence is collecting information about left-wing organizations abroad that the army sees as aiming to delegitimize Israel, according to senior Israeli officials and Israel Defense Forces officers.

The sources said MI’s research division created a department several months ago that is dedicated to monitoring left-wing groups and will work closely with government ministries.

[snip]

Military Intelligence officials said the initiative reflects an upsurge in worldwide efforts to delegitimize Israel and question its right to exist.

“The enemy changes, as does the nature of the struggle, and we have to boost activity in this sphere,” an MI official said. “Work on this topic proceeds on the basis of a clear distinction between legitimate criticism of the State of Israel on the one hand, and efforts to harm it and undermine its right to exist on the other.”

The new MI unit will monitor Western groups involved in boycotting Israel, divesting from it or imposing sanctions on it. The unit will also collect information about groups that attempt to bring war crime or other charges against high-ranking Israeli officials, and examine possible links between such organizations and terror groups.

Now aside from thinking generally that this is a bad idea, I’m particularly concerned about whether or not the US will share intelligence with Israel on such issues.

For example, the initiative says it will look for ties between groups critical of Israel and terrorist groups. How is that different from the investigation of a bunch of peace activists’ ties with humanitarian organizations which has suggested the peace activists have ties to Hezbollah? And since we know OLC gave the President and certain Federal Officials the green light to ignore privacy protections on the sharing of grand jury information in the PATRIOT Act, does that mean our government will readily share the information they’re collecting in that grand jury with the Israelis?

And to some degree, the Israelis wouldn’t even have to rely on intelligence sharing, per se. In his book The Shadow Factory, James Bamford spent some time detailing the Israeli ties to key companies in our electronic surveillance, companies like Verint, which intercepts and stores communication, PerSay, which does voice mining, NICE, which does voice content analysis, and Narus, which enables real-time surveillance on telecom lines. Between Verint and Narus, Bamford writes,

Thus, virtually the entire American telecommunications system is bugged by two Israeli-formed companies with possible ties to Israel’s eavesdropping agency–with no oversight by Congress.

And we can find such ties closer to home, too. The company that had been paid by Pennsylvania to track potential threats to critical infrastructure which ended up tracking First Amendment protected speech, the Institute of Terrorism Research and Response, is an Israeli company. Among other groups it tracked (one key focus was anti-fracking groups) were peace organizations–precisely the kind of group that might oppose Israel’s actions in Gaza.

The concern that federal and state entities have been paying companies with Israeli ties to collect information on groups that might include the same peace groups targeted by this new initiative in Israel is one thing.

But think of the other logical possibility. Our federal and state governments usually show some embarrassment when they get caught collecting intelligence on peace groups (though that doesn’t seem to stop it from happening over and over again). What will stop those same government entities from asking Israel to collect such information?

Share this entry

Apparently, “Blood Money” Now Includes “Green Cards”

/in /by

Last we heard about the families of Raymond Davis’ victims, they were held in custody until they agreed to accept the blood money Pakistan offered on our behalf.

Things are looking up for the family members, though. Eighteen of them have been flown to UAE to be resettled.

A chartered plane carrying 18 family members of Faizan Haider and Faheem Shamshad, the two men killed by Davis, left the Chaklala air base on Friday at 4:30 pm for the United Arab Emirates (UAE), sources said.

The plane landed at the Dubai airport from where the 18 people proceeded to Abu Dhabi where two houses have been rented for them.

In addition, four family members will be granted green cards for the US, with the possibility that the rest of the family will later be sponsored in.

Four American Green Cards and two residences in the US have also been arranged for the two families.

[snip]

According to the deal, four persons from the two families would first go to the US after completing visa formalities. Later, other family members would be considered for permanent residence in the US, the sources said.

Click through for the names of the (?) consular employees who negotiated the blood money.

It appears the court in question may be a bit suspicious about the inclusion of resettlement and green cards in sharia, because it is now demanding an explanation.

The Lahore High Court (LHC) on Monday directed CCPO Lahore Aslam Tareen to appear in court on March 22 and present a report on the disappearance of the families of Faizan Haider and Faheem, the two young men who were shot dead by CIA contractor Raymond Davis on January 27, DawnNews reported.

Now, I’m all in favor of the families getting some kind of due compensation for the killing of their family member; and they may indeed be at some physical risk themselves at this point.

But I am a little bit worried about what all the American haters are going to say when they learn blood money payments under sharia law now also come with US green cards.

Share this entry

US Cheating on European SWIFT Agreement Reveals Safeguards Were Oversold

/in , /by

As I noted last night, the US has been violating the spirit of its agreement with the EU on access to the SWIFT database–the database tracking international financial transfers. Rather than giving Europol specific, written requests for data, it has been giving it generic requests backed by oral requests the Europol staffers are not supposed to record. That arrangement makes it impossible to audit the requests the US is making, as required by the agreement between the US and EU.

But not only does our cheating make us an arrogant data octopus, it may suggest we’re violating our own internal safeguards on the program.

Back when Lichtblau and Risen first exposed the SWIFT program, they described how it initially operated under emergency powers. On such terms, SWIFT turned over its entire database.

Indeed, the cooperative’s executives voiced early concerns about legal and corporate liability, officials said, and the Treasury Department’s Office of Foreign Asset Control began issuing broad subpoenas for the cooperative’s records related to terrorism. One official said the subpoenas were intended to give Swift some legal protection.

Underlying the government’s legal analysis was the International Emergency Economic Powers Act, which Mr. Bush invoked after the 9/11 attacks. The law gives the president what legal experts say is broad authority to “investigate, regulate or prohibit” foreign transactions in responding to “an unusual and extraordinary threat.”

[snip]

Within weeks of 9/11, Swift began turning over records that allowed American analysts to look for evidence of terrorist financing. Initially, there appear to have been few formal limits on the searches.

“At first, they got everything — the entire Swift database,” one person close to the operation said.

But then they put in more safeguards. One of those safeguards was to have an outside auditing firm review the requests to make sure they were based on actual leads about actual suspected terrorists.

Officials realized the potential for abuse, and narrowed the program’s targets and put in more safeguards. Among them were the auditing firm, an electronic record of every search and a requirement that analysts involved in the operation document the intelligence that justified each data search. Mr. Levey said the program was used only to examine records of individuals or entities, not for broader data searches.

[snip]

Swift executives have been uneasy at times about their secret role, the government and industry officials said. By 2003, the executives told American officials they were considering pulling out of the arrangement, which began as an emergency response to the Sept. 11 attacks, the officials said. Worried about potential legal liability, the Swift executives agreed to continue providing the data only after top officials, including Alan Greenspan, then chairman of the Federal Reserve, intervened. At that time, new controls were introduced.

Among the safeguards, government officials said, is an outside auditing firm that verifies that the data searches are based on intelligence leads about suspected terrorists. “We are not on a fishing expedition,” Mr. Levey said. “We’re not just turning on a vacuum cleaner and sucking in all the information that we can.”

Read more

Share this entry

Pakistan Pays Blood Money So We Don’t Have To

/in /by

As Jim White reported this morning, Raymond Davis has been released after the families of his victims were paid blood money per Sharia law.

We’ve really gotten to bizarro-land when a possible Blackwater contractor has been saved by Sharia law.

But wait! Hillary says we didn’t pay the blood money ourselves.

QUESTION: Okay, we’ll jump right into it. Again, I’ll try not to take up too much of your time. Before I ask about Egypt, I’m obliged to ask you about one other thing – Raymond Davis. Can you explain why, in your view, it was a wise idea in the long term to pay blood money for Davis’s release?

SECRETARY CLINTON: Well, first of all, the United States did not pay any compensation. The families of the victims of the incident on January 27th decided to pardon Mr. Davis. And we are very grateful for their decision. And we are very grateful to the people and Government of Pakistan, who have a very strong relationship with us that we are committed to strengthening.

QUESTION: According to wire reports out of Pakistan, the law minister of the Punjab Province, which is where this took place, says the blood money was paid. Is he mistaken?

SECRETARY CLINTON: Well, you’ll have to ask him what he means by that.

QUESTION: And a lawyer involved in the case said it was 2.34 million. There is no money that came from anywhere?

SECRETARY CLINTON: The United States did not pay any compensation.

QUESTION: Did someone else, to your knowledge?

SECRETARY CLINTON: You will have to ask whoever you are interested in asking about that.

Josh Rogin explains what really happened: Pakistan paid our blood money. And we’ll make it up to them … somehow.

The truth is that the Pakistani government paid the victims’ families the $2.3 million and the U.S. promised to reimburse them in the future, according to a senior Pakistani official.

[snip]

“The understanding is the Pakistani government settled with the family and the U.S. will compensate the Pakistanis one way or the other,” the senior Pakistani official told The Cable.

The U.S. government didn’t want to set a precedent of paying blood money to victims’ families in exchange for the release of U.S. government personnel, the source said, adding that the deal also successfully avoided a ruling on Davis’s claim of diplomatic immunity — an issue that had become a political firestorm in Pakistan.

Now, this is weird on several fronts. The people in the US who would be really opposed to a blood money payment under Sharia law are the same nutcases who have managed to roll back funding of reproductive health using the argument that all money is fungible. If they’re going to argue that money reimbursed by the government (via a health insurance subsidy) is equivalent to a direct payment by the government, then won’t they argue that money reimbursed to Pakistan by the US is equivalent to a Sharia payment directly?

But I’m also fascinated about this given the government’s success at getting the NYT and others to spike reporting on Davis’ CIA ties. The argument then was that “authoritative” reporting on Davis’ CIA ties would put him at risk. But as I pointed out repeatedly, the people who might put him at risk–Pakistani people–already knew this detail.

Well, if our government is so worried about these threats, then isn’t the revelation that the Pakistanis paid the blood money going to endanger the already fragile Asif Zardari government? Or is this just confirmation that the government was worried about Americans finding out about Davis, not Pakistanis?

In news that is probably unrelated (but who knows!?!?!), Hillary has told Wolf Blitzer she’s not coming back for a possible second Obama term (as also reported by Rogin).

Share this entry