DEQ Employees Seem Unwilling to Take the Fall for Flint

During yesterday’s Congressional hearing — and really, since the Governor’s hand-picked Task Force first gave him an interim report in December — employees from Michigan’s Department of Environmental Quality have come in for most of the blame for poisoning Flint.

But today, Progress Michigan published some emails that suggest DEQ’s employees are unwilling to take the fall, at least not by themselves. They show that in March of last year, a supervisor in Gennesee County’s health department wrote people in Flint and at DEQ asking for help with data on water quality after getting no response to a FOIA in January 2015.

Screen Shot 2016-02-04 at 6.55.25 PM

In the email, the supervisor noted that a spike in Legionnaires coincided with the switch to Flint’s water. Jerry Ambrose was then the Emergency Manager of Flint; it’s unclear why he was using a GMail address as EM.

In the next few days, officials at DEQ exchanged some panicked emails, pretty much blaming Flint for the non-response, noting that DEQ “became peripherally aware” of the spike in Legionnaires, but also bitching about the Genesee County supervisor suggesting that it might be tied to the switch to Flint river water.

Screen Shot 2016-02-04 at 7.02.07 PM

It appears that panicked email was printed out by then DEQ Director Dan Wyant’s assistant, Mary Beth Thelen, then initialed by Wyant, presumably indicating he had read it.

Also included on that email, though, was Harvey Hollins.

As I noted here, in December, in response to a recommendation from Governor Snyder’s hand-picked Flint Task Force, the governor picked Hollins to be the single “independent” person overseeing response to the Flint crisis. It was absurd to pick him in the first place, because (as this shows) Hollins had been personally involved all along. But he is, at least on paper, in charge of response.

In other words, the email chain shows that both Snyder’s hand-picked EM and the guy in charge of liaising with Flint knew, over a year ago, that Legionnaires (which has since killed at least 9 people) might be tied to the water switchover.

Progress Michigan doesn’t note how they came by this email. But it’s pretty clear it was Wyant’s personal copy of it. In December — in response to another suggestion by the Task Force — Snyder had Wyant resign. Since then, Attorney General Bill Schuette pointed to Wyant’s resignation (which he originally expressed sadness about) to justify opening up his own investigation into the crisis.

All of which suggests to me that Wyant is unwilling to be the sole scapegoat for this crisis.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Data Mining Research Problem Book, Working Thread

Yesterday, Boing Boing liberated a fascinating 2011 GCHQ document from the Snowden collection on GCHQ’s partnership with Heilbronn Institute for Mathematical Research on datamining. It’s a fascinating overview of collection and usage. This will be a working thread with rolling updates.

In addition to BoingBoing’s article, I’ll update with links to other interesting analysis.

[1] The distribution list is interesting for the prioritization, with 4 NSA research divisions preceding GCHQ’s Information and Communications Technology Research unit. Note, too, the presence of Livermore Labs on the distribution list, along with an entirely redacted entry that could either be Sandia (mentioned in the body), a US university, or some corporation. Also note that originally only 18 copies of this were circulated, which raises real questions about how Snowden got to it.

[9] At this point, GCHQ was collecting primarily from three locations: Cheltenham, Bude, and Leckwith.

[9-10] Because of intake restrictions (which I believe other Snowden documents show were greatly expanded in the years after 2011), GCHQ can only have 200 “bearers” (intake points) on “sustained cover” (being tapped) at one time. Each collected at 10G a second. GCHQ cyclically turns on all bearers for 15 minutes at a time to see what traffic is passing that point (which is how they hack someone, among other things). Footnote 2 notes that analysts aren’t allowed to write up reports on this feed, which suggests research, like the US side, is a place where more dangerous access to raw data happens.

[10] Here’s the discussion of metadata and content; keep in mind that this was written within weeks of NSA shutting down its Internet dragnet, probably in part because it was getting some content.

Roughly, metadata comes from the part of the signal needed to set up the communication, and content is everything else. For telephony, this is simple: the originating and destination phone numbers are the metadata, and the voice cut is the content. Internet communications are more complicated, and we lean on legal and policy interpretations that are not always intuitive. For example, in an HTTP request, the destination server name is metadata (because it, or rather its IP address, is needed to transmit the packet), whereas the path-name part of the destination URI is considered content, as it is included inside the packet payload (usually after the string GET or POST). For an email, the to, from, cc and bcc headers are metadata (all used to address the communication), but other headers (in particular, the subject line) are content; of course, the body of the email is also content.

[10] This makes it clear how closely coming up as a selector ties to content collection. Remember, NSA was already relying on SPCMA at this point to collect US person Internet comms, which means their incidental communications would come up easily.

GCHQ’s targeting database is called BROAD OAK, and it provides selectors that the front-end processing systems can look for to decide when to process content. Examples of selectors might be telephone numbers, email addresses or IP ranges.

[11] At the Query-Focused Dataset level (a reference we’ve talked about in the past), they’re dealing with: “the 5-tuple (timestamp, source IP, source port, destination IP, destination port) plus some information on session length and size.”

[11] It’s clear when they say “federated” query they’re talking global collection (note that by this point, NSA would have a second party (5 Eyes) screen for metadata analysis, which would include the data discussed here.

[11] Note the reference to increased analysis on serious crime. In the UK there’s not the split between intel and crime that we have (which is anyway dissolving at FBI). But this was also a time when the Obama Admin’s focus on Transnational Crime Orgs increased our own intel focus on “crime.”

[12] This is why Marco Rubio and others were whining about losing bulk w/USAF: the claim that we are really finding that many unknown targets.

The main driver in target discovery has been to look for known modus operandi (MOs): if we have seen a group of targets behave in a deliberate and unusual way, we might want to look for other people doing the same thing.

Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Thursday Morning: Better than a Week

You know the joke: 4:30 p.m. is better than an hour away from 5:00 p.m., right? Thursday is better than a week away from the weekend. For folks traveling home for the Lunar New Year holiday in China, there are four days left to get home, and the train stations are crazy-full. But today is better than five days away from family and friends.

Goldman Sachs questions capitalism
YEAH. I KNOW. I did a double-take when I read the hed on this piece. In a GS analysts’ note they wrote, “There are broader questions to be asked about the efficacy of capitalism.” They’re freaking out because the market isn’t acting the way it’s supposed to, where new entrants respond to fat margins generated by first-to-market or mature producers.

I wonder how much longer it will take them to realize they killed the golden goose with their plutocratic rewards for oligopolies? How long before they realize this isn’t capitalism at all?

Whistleblower tells Swiss (and banks) to get over themselves on whistleblowing
Interviewed last week, former UBS banker Bradley Birkenfeld said, “We have to make some changes in Switzerland — it’s long overdue … The environment there is hostile toward people exposing corruption.” Birkenfeld’s remarks prod Swiss lawmakers currently at work on whistleblowing legislation. When passed, the law is not expected to offer protections employees have in the U.S. and the UK (and we know those are thin and constantly under attack). But perhaps the law will prevent cases like Nestle SA’s suit against a former executive who disclosed food safety risks. That suit and another alleging a former UBS employee libeled the bank may be affected assuming the EU adopts the same approach toward whistleblowing and corruption reduction.

“Computer failure” at IRS halts acceptance of tax return e-filings
No details about the nature of the “computer failure” apart from a “hardware problem” or “hardware failure” appeared in any reports yesterday afternoon and overnight. The IRS expects to have repairs completed today to allow e-filings once again; filings already submitted are not affected.

FBI agent on new car purchases: entering ‘wild, wild west’
Four cybersecurity experts spoke at a meeting of the Automotive Press Association in Detroit yesterday, one of whom was an FBI cyber squad agent. The feedback from the speakers wasn’t reassuring, apart from the observation by a specialist from a start-up automotive cyber security firm that they did not know of a “real world incident where someone’s vehicle was attacked and taken over remotely by someone hacking into the vehicle.” A lawyer whose firm handles automotive industry cyber threats undercut any feeling of relief with an observation that judges aren’t savvy about cyber crime on vehicles. I think I’ll stick with my old school car for a while longer.

The Repair Coalition formed to protect the ‘Right to Repair’
Speaking of old school car, I hope I can continue to get it repaired in the future without worrying about lawsuits for copyright violations. We’ve already seen tractor owners in conflict with John Deere over repairs, and exemptions to copyright for repair have been granted only after tedious and costly effort, and then to the farmer only, not to their mechanic. Hence the emergence of The Repair Coalition, which takes aim at repealing the DMCA’s Section 1201 — terms in it make it illegal to “circumvent a technological measure that effectively controls access to a work protected under [the DMCA].”

It’s long been an American ethic to “Use it up, wear it out, make do, or do without,” an ethic we need to restore to primacy if we are to reduce our CO2 footprint. Repairing rather than tossing goods is essential to our environmental health, let alone a necessity when wages for lower income workers remain stagnant.

That’s a wrap — I could go on but now we’re better than a day away from Friday. Whew.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

The Government’s Classified Briefing to HJC: A New Certificate?

As I noted, after years of legislating Section 702 of the FISA Amendments Act in public, yesterday the House Judiciary Committee had a closed hearing on it, which raises all sorts of questions about what has changed.

The agencies presenting to the committee did provide an unclassified statement for the record that is mostly stuff we know (one of the most interesting details is that it considers upstream telephony collection to be a different kind of collection than upstream Internet collection). But it does provide 3 examples of things that it would explain to the committee in classified session. One is utterly predictable: examples of counterterrorism intelligence obtained under Section 702.

Section 702 collection is a major contributor to NSA’s counterterrorism reporting and on other topics as well. Since its enactment in 2008, the number of signals intelligence reports issued by NSA based at least in part on Section 702 collection has grown exponentially. CIA and FBI state that they have acquired highly valuable and often unique intelligence through Section 702 collection. Numerous real-life examples that demonstrate the broad range of important information that the Intelligence Community has obtained can be provided to the Committee in a classified setting. While these examples which identify specific targets and operations must remain classified, the following declassified example provides just one instance of the many contributions Section 702 has made to our national security.

Of course, the IC shouldn’t be permitted to present such things in secret, as so many of their cases have been shown to be bogus (or not provided 702 notice) in the past. It is now down to one unclassified case — Najibullah Zazi — where they used 702, and that wasn’t even all that central (which may be why they never did get 702 notice).

The other two are more interesting. They include:

  • What certificates the government has approved: “The Government will describe in a classified setting the certification or certifications under which the Government is currently acquiring foreign intelligence information.”
  • The contributions of Section 702 data to other kinds of foreign intelligence collection: “The Board further acknowledged the Section 702 program’s value in acquiring other foreign intelligence information, examples of which can be provided in a classified setting.”

Recall, as late as 2011, the IC was known to have 3 certificates a counterterrorism certificate, a counterproliferation one, and a foreign government one, which serves as a grab bag. Because it was so obvious the IC was using Section 702 for cybersecurity, I mistakenly claimed they had a cyber certificate, but as late as 2012, they had not yet obtained one. Perhaps the IC needed classified session to explain all this.

But how weird would it be to brief HJC on a Section 702 cyber certificate while DHS and DOJ are implementing OmniCISA, which will enable upstream searches for cyber signatures within the US? Perhaps that’s what they were doing, but it would be interesting timing.

Which makes me wonder, again, about whether there’s another kind of certificate, perhaps one targeted at Tor?

In any case, there is something significant about the set of certificates the IC has or is asking for (probably the former, given that it makes a big show here of releasing the documents tied to the 2014 certification process, but not those tied to the 2015 certification process).

I’m sure that’s not the only thing the IC wanted to brief HJC on in secret. But it does appear to be one thing they did brief in secret. (Side note: I have reason to believe the IC did not tell the truth, even within the IC, about what certificates they got at the beginning of the PRISM process, so at least this would suggest they’re now being more forthcoming.)

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Wednesday Morning: Full of Whoa

CapagnoloFrontBrakes_BillGracey-FlickrWhoa. Halt. Stop. The brakes need firm application, even mid-week.

Zika virus infects media with crappy reporting
I can’t tell you how many times in the last 24 hours I yelled at my computer, “Are you f****** kidding me with this crap?” With so many news outlets focused on hot takes rather than getting the story right, stupidity reached pandemic levels faster than mosquito-borne viruses. And all because Dallas County health officials and the Center for Disease Control used the words “sexually transmitted” in reference to a new Zika case in the U.S.

The following sampling of heds, tweets, and reports? WRONG.

  • US reports first case of sexually transmitted Zika in Texas (Gizmodo, io9)
    [Not the first sexually transmitted case in the U.S., just the first in Texas]
  • First US case of the Zika virus infection was sexually transmitted, officials say (Verge)
    [Not the first U.S. case of Zika virus]
  • The first known case of the #ZikaVirus contracted within the US confirmed in Dallas (Newsweek)
    [Not the first known case of Zika contracted within the U.S.]
  • The first case of the #ZikaVirus contacted within the US was through sexual transmission (Newsweek)
    [Neither the first sexually transmitted case in the U.S. or the first contracted within the U.S.]
  • The First Sexually Transmitted Case of the Zika Virus Is Confirmed in Texas (Slate)
    [Not the first sexually transmitted case in the U.S.]

The first case in which Zika virus was contracted inside the continental U.S. occurred in 2008. This was the first sexual transmission of the virus in the continental U.S. as well. Scientist Brian Foy had been studying Zika in Senegal during an outbreak; he had been infected by the virus, became ill, and was still carrying the virus when he came home to Colorado. His wife became infected though she had not traveled abroad, had not been bitten by a mosquito, and children residing in their home did not contract the virus. More details on the case can be found here.

The first cases of Zika virus in the U.S. in this outbreak were not locally transmitted inside the U.S., but contracted outside the continental 48 states and diagnosed on return here. States in which cases have been reported include Hawaii, New York, Virginia, Arkansas, Florida, and now Texas — in the case of the traveler who brought the disease home and infected their partner through sex.

It’s incredible how very little effort many news outlets put into researching the virus’ history or the case in Texas. Bonus points to Newsweek for trying to get it wrong in multiple tweets for the same story.

Best reporting I’ve read so far has been WaPo’s piece on the new Dallas cases, and WIRED’s collection of Zika reports. The CDC’s site on the Zika virus can be found here.

Gonna’ be a massive Patch Day for F-35 sometime soon
Whether or not Monday’s earthshaking sonic booms over New Jersey were generated by F-35 test flights, there’s still a long and scary list of bugs to be fixed on the fighter jet before it is ready for primetime. Just read this; any pilot testing these now is either a stone-cold hero, or a crazed numbnuts, and they’d better weigh between 136 and 165 pounds to improve their odds of survival.

Oral Roberts University mandates students wear FitBits for tracking
Guess the old “Mark of the Beast” is interpreted loosely at ORU in Oklahoma. Fitness is measured on campus by more than theological benchmarks. Begs the question: who would Jesus monitor?

The last straw: Fisher Price Wi-Fi-enabled toys leave kids’ info out in the open
Fisher Price is the fourth known manufacturer of products aimed at children and their families in which the privacy and safety of children were compromised by poor information security. In this case, Smart Toy Bears are leaking information about their young owners. Maybe it’s about time that either the FCC or FTC or Congress looks into this trend and the possibility toy makers are not at all concerned with keeping their youngest customers safe.

EDIT: #FlintWaterCrisis
Forgot to note the House Oversight and Government Reform Committee will hold a hearing on lead contaminated drinking water in Flint, Michigan at 9:00 a.m. EST. C-SPAN3 will carry the hearing live.

Tap the brakes a few more times before you take off, eh? It’s all downhill from here.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Why Is the Postal Inspection Service Investigating the Flint Water Crisis?

I hope to have a further update about the ongoing effort to bury the Flint water crisis before the Oversight and Government Reform hearing on Wednesday morning.

But in the meantime I wanted to point to this passage, helpfully dropped out of the US Attorney’s investigation in Detroit:

The Federal Bureau of Investigation said on Tuesday it was joining a criminal investigation of lead-contaminated drinking water in Flint, Michigan, exploring whether laws were broken in a crisis that has captured international attention.

Federal prosecutors in Michigan were working with an investigative team that included the FBI, the U.S. Postal Inspection Service, the U.S. Environmental Protection Agency’s Office of Inspector General and the EPA’s Criminal Investigation Division, a spokeswoman for the U.S. Attorney’s Office in Detroit said.

An FBI spokeswoman said the agency was determining whether federal laws were broken, but declined further comment.

I’m actually not at all surprised FBI is involved in this investigation. That sort of comes with the territory of a US Attorney investigation, it seems.

But the US Postal Inspection Service? Here’s the kind of crime they investigate:

Report these issues to the U.S. Postal Inspection Service online:

  • Mail fraud May include scams or deceptive ads via the mail, or postage fraud.
  • Mail theft Under Inquiry Type, select Problem. Under Customer Service, select Support, and Mail Theft. Under Additional Information, explain why your complaint is mail theft-related.
  • Identity theft
  • Unsolicited Sexually Oriented Advertising

If you believe you’re a victim of fraud related to the U.S. Mail, including mailed sweepstakes, lotteries, on-line auctions, work-at-home scams or chain letters, report your concern to the U.S. Postal Inspection Service as mail fraud.

They often get brought in as an investigative partner if the government needs to track what has been mailed, and mail fraud charges can serve as hand add-on charges in cases where someone used the mail to help commit a crime.

I can imagine a lot of things the FBI might be investigating. But I know of no facts, thus far, that involve mail-related crimes.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

The Origins of Totalitarianism Part 5: Artistic and Intellectual Elites and the Rise of Fascism

Previous posts in this series:

The Origins of Totalitarianism Part 1: Introduction.

The Origins of Totalitarianism Part 2: Antisemitism

The Origins of Totalitarianism: Interlude on the Tea Party

The Origins of Totalitarianism Part 3: Superfluous Capital and Superfluous People

The Origins of Totalitarianism: Interlude on The Commons

Capitalism Versus The Social Commons (published at Naked Capitalism; discusses privatization using Rosa Luxemburg theory)

The Origins of Totalitarianism Part 4: Humanity under Totalitarianism

The Origins of Totalitarianism: Interlude on Right-Wing Authoritarianism

Arendt uses the term “elites” to mean the highly trained and educated intellectuals in Germany and Austria, and artists and composers and writers who together make up the intelligentsia. She begins by describing the breakdown of the class structure in those countries, “…when the smugness of spurious respectability gave way to anarchic despair….” The elites hated the pretensions of the bourgeoisie, hated the class structures they imposed to support their positions and oppress the rest of the people, and hated the bogus morality they proclaimed in public and ignored in private. For decades, they assaulted the bourgeoisie, sometimes with satire, sometimes more directly, with attacks against their conventional religion and philosophy. They welcomed the First World War, hoping that it would wipe out the existing culture. After the war they hrejected restoration of the prior structures.

Arendt attributes two desires to individual members of the post-war elites: the desire for anonymity, for losing themselves in the midst of the people; and a yearning for violence to wipe out any remaining influences of the old bourgeoisie morality and respectability.

These people felt attracted to the pronounced activism of totalitarian movements, to their curious and only seemingly contradictory insistence on both the primacy of sheer action and the overwhelming force of sheer necessity. This mixture corresponded precisely to the war experience of the “front generation,” to the experience of constant activity within the framework of overwhelming fatality. P. 331.

The violence of the totalitarian movements was attractive to these elites precisely because it seemed to be a “ …kind of philosophy through which to express frustration, resentment, and blind hatred, a kind of political expressionism which used bombs to express oneself, which watched delightedly the publicity given to resounding deeds and was absolutely willing to pay the price of life for having succeeded in forcing the recognition of one’s existence on the normal strata of society.” P. 332 Arendt refers to this as a temporary alliance between the mob and the elites. In Part 3, we saw the distinction between the mob and the masses. The former are the unemployable, who at least shared some of the morality and attitudes of the class to which they once belonged or aspired to. The elites were thrilled to see the mob attack respectability, for example, when the steel barons were forced to accept the housepainter Hitler.

Arendt claims that the elites believed that all of the theories they were raised to accept had failed utterly and spectacularly and had caused enormous damage. Even the bourgeoisie had only the public appearance of morality. In private their morals were those of the mob. It thrilled the elites to see the academic theories that had nurtured them, theories like dialectical materialism, replaced with crackpot ideas and conspiracy theories. In this atmosphere it was wonderful to shove the faces of the bourgeoisie in their hypocrisy, and to express the anger and cruelty hidden behind their public faces. There were no limits to this decadent idea, as the French writer Celine showed in his Notes for a Massacre, in which he proposed to kill all the Jews.

Andre Gide was publicly delighted in the pages of the Nouvelle Revue Frangaise, not of course because he wanted to kill the Jews of France, but because he rejoiced in the blunt admission of such a desire and in the fascinating contradiction between Celine’s bluntness and the hypocritical politeness which surrounded the Jewish question in all respectable quarters. How irresistible the desire for the unmasking of hypocrisy was among the elite can be gauged by the fact that such delight could not even be spoiled by Hitler’s very real persecution of the Jews, which at the time of Celine’s writing was already in full swing. P. 335.

The current form of this idiocy is the ranting from the Republicans about political correctness. We don’t have time for political correctness, says Trump, merely speaking more frankly than his dog-whistle competition, and handing out a license to his followers to express their misogynist, homophobic, racist and other irrational hatreds.

Arendt also tells us that the elites recognized that the bourgeoisie were deeply cynical about the government. They operated it for their benefit in secret, and publicly claimed that all of their policies would benefit the rest of society. This blatant hypocrisy added to the hatred of the elites for the rich. Once they were content with the teachings of Karl Marx, who thought that the state would wither away. After WWI, that wasn’t radical enough for the elites. They wanted action at the price of anarchy and violence. But when the leftists tried to overthrow the bourgeoisie and the post-WWI government, the Social Democrats sicced the right-wing Freikorps on them and killed them and their intellectual leaders, including Rosa Luxemburg.

Of course the project of dismantling the 19th Century morality and certainty of the middle classes continues today among some of our elites. Just look at the ideas about truth espoused by Richard Rorty (a follower of John Dewey), or the attacks on fundamentalist religion from Sam Harris and others, or this from the New York Times Magazine:

In person, [Rachel] Bloom comes across as someone who takes honesty to its natural conclusion. “I like deconstructing things, ….. I like cutting the legs out from under something that feels secret. Something that’s like — ‘Oh, breasts are sexy.’ They’re floppy, Jell-O-filled sacks! In high school, I was once watching the surgery channel and ended up watching a breast reduction. The inside of a breast is disgusting. It looks like the inside of a couch.”

Arendt’s elites have been playing this game of epater le bourgeoisie, shock the middle class, for decades, and there is no end in sight. It’s a fun game, with no physical violence, and no real effect on politics or public life. Today, it’s pretty much self-neutering. Elite discussions of performance art or post-structuralism are irrelevant to the lives of practically everyone.

There are many lessons in Arendt’s story for the Sanders wing of the Democratic Party and for Trump Republicans. Among them is the simple fact that the rich and powerful people will use every tool to preserve their power and wealth.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

NSA Reorganizing in Manner that Directly Conflicts with President’s Review Group Recommendation

Back in 2013, the President’s Review Group recommended that NSA’s defensive function — the Information Assurance Directorate — be removed from NSA. I’ve put the entirety of that recommendation below, but PRG recommended the change to:

  • Eliminate the conflict of interest between NSA’s offensive and defense functions
  • Eliminate the asymmetry between the two functions, which can lead the defensive function to be less visible
  • Rebuild trust with outside cybersecurity stakeholders

Not only didn’t President Obama accept that recommendation, but he pre-empted it in several ways, before the PRG could publicly release their findings.

[O]n Thursday night, the Wall Street Journal and New York Times published leaked details from the recommendations from the review group on intelligence and communications technologies, a panelPresident Obama set up in August to review the NSA’s activities in response to theEdward Snowden leaks.

The stories described what they said were recommendations in the report as presented in draft form to White House advisors; the final report was due to the White House on Sunday. There were discrepancies in the reporting, which may have signaled the leaks were a public airing of disputes surrounding the review group (both articles noted the results were “still being finalized”). The biggest news item were reports about a recommendation that the director of the NSA(Dirnsa) and Cyber Command positions be split, with a civilian leading the former agency.

Before the final report was even delivered, the White House struck. On Friday, while insisting that the commission report was not yet final, national security council spokesperson Caitlin Hayden announced the White House had already decided the position would not be split. A dual-hatted general would continue to lead both.

By all appearances, the White House moved to pre-empt the results of its own review group to squelch any recommendation that the position be split.

Today, Ellen Nakashima reports that NSA will go further still, and completely merge its offensive and defensive missions.

In place of the Signals Intelligence and Information Assurance directorates, the organizations that historically have spied on foreign targets and defended classified networks against spying, the NSA is creating a Directorate of Operations that combines the operational elements of each.

[snip]

Some lawmakers who have been briefed on the broad parameters consider restructuring a smart thing to do because an increasing amount of intelligence and threat activity is coursing through global computer networks.

“When it comes to cyber in particular, the line between collection capabilities and our own vulnerabilities — between the acquisition of signals intelligence and the assurance of our own information — is virtually nonexistent,” said Rep. Adam B. Schiff (Calif.), the ranking Democrat on the House Intelligence Committee. “What is a vulnerability to be patched at home is often a potential collection opportunity abroad and vice versa.”

But there have been rumblings of discontent within the NSA, which is based at Fort Meade, Md., as some fear a loss of influence or stature.

Some advocates for the comparatively small Information Assurance Directorate, which has about 3,000 people, fear that its ability to work with industry on cybersecurity issues will be undermined if it is viewed as part of the much larger “sigint” collection arm, which has about eight times as many personnel. The latter spies on overseas targets by hacking into computer networks, collecting satellite signals and capturing radio waves.

While Nakashima presents some conflicting views on whether IAD will be able to cooperate with industry, none of the comments she includes addresses the larger bureaucratic issue: that defense is already being shortchanged in favor of the glitzier offensive function.

But Edward Snowden did weigh in, in response to a comment I made on this onTwitter.

When defense is an afterthought, it’s not a National Security Agency. It’s a National Spying Agency.

It strikes me this NSA reorganization commits the country to a particular approach to cybersecurity that will have significant ramifications for some time. It probably shouldn’t be made with the exclusive review of the Intelligence Committees mostly in secret.


We recommend that the Information Assurance Directorate—a large component of the National Security Agency that is not engaged in activities related to foreign intelligence—should become a separate agency within the Department of Defense, reporting to the cyber policy element within the Office of the Secretary of Defense.

In keeping with the concept that NSA should be a foreign intelligence agency, the large and important Information Assurance Directorate (IAD) of NSA should be organizationally separate and have a different reporting structure. IAD’s primary mission is to ensure the security of the DOD’s communications systems. Over time, the importance has grown of its other missions and activities, such as providing support for the security of other US Government networks and making contributions to the overall field of cyber security, including for the vast bulk of US systems that are outside of the government. Those are not missions of a foreign intelligence agency. The historical mission of protecting the military’s communications is today a diminishing subset of overall cyber security efforts.

We are concerned that having IAD embedded in a foreign intelligence organization creates potential conflicts of interest. A chief goal of NSA is to access and decrypt SIGINT, an offensive capability. By contrast, IAD’s job is defense. When the offensive personnel find some way into a communications device, software system, or network, they may be reluctant to have a patch that blocks their own access. This conflict of interest has been a prominent feature of recent writings by technologists about surveillance issues.

A related concern about keeping IAD in NSA is that there can be an asymmetry within a bureaucracy between offense and defense—a successful offensive effort provides new intelligence that is visible to senior management, while the steady day-to-day efforts on defense offer fewer opportunities for dramatic success.

Another reason to separate IAD from NSA is to foster better relations with the private sector, academic experts, and other cyber security stakeholders. Precisely because so much of cyber security exists in the private sector, including for critical infrastructure, it is vital to maintain public trust. Our discussions with a range of experts have highlighted a current lack of trust that NSA is committed to the defensive mission. Creating a new organizational structure would help rebuild that trust going forward.

There are, of course, strong technical reasons for information-sharing between the offense and defense for cyber security. Individual experts learn by having experience both in penetrating systems and in seeking to  block penetration. Such collaboration could and must occur even if IAD is organizationally separate.

In an ideal world, IAD could form the core of the cyber capability of DHS. DHS has been designated as the lead cabinet department for cyber security defense. Any effort to transfer IAD out of the Defense Department budget, however, would likely meet with opposition in Congress. Thus, we suggest that IAD should become a Defense Agency, with status similar to that of the Defense Information Systems Agency (DISA) or the Defense Threat Reduction Agency (DTRA). Under this approach, the new and separate Defense Information Assurance Agency (DIAA) would no longer report through intelligence channels, but would be subject to oversight by the cyber security policy arm of the Office of the Secretary of Defense.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

What Secrets Are the Spooks Telling HJC about Section 702?

There’s a paper that has been making waves, claiming it has found a formula to debunk conspiracies based on the likelihood if they were real, they would have already been leaked. Never mind that people have already found fault with the math, the study has another glaring flaw. It treats the PRISM program — and not, say, the phone dragnet — as one of its “true” unknown conspiracies.

PRISM — one part of the surveillance program authorized by Section 702 of the FISA Amendments Act — was remarkable in that it was legislated in public. There are certainly parts of Section 702 that were not widely known, such as the details about the “upstream” collection from telecom switches, but even that got explained to us back in 2006 by Mark Klein. There are even details of how the PRISM collection worked — its reliance on network mapping, the full list of participants. There are details that were exposed, such as that the government was doing back door searches on content collected under it, but even those were logical guesses based on the public record of the legislative debates.

Which is why it is so remarkable that — as I noted here and here — House Judiciary Committee Chair Bob Goodlatte has scheduled a classified hearing to cover the program that has been the subject of open hearings going back to at least 2008.

The hearing is taking place as we speak with the following witnesses.

  • Mr. Robert S. Litt
    General Counsel
    Office of the Director of National Intelligence
  • Mr. Jon Darby
    Deputy Director for Analysis and Production, Signals Intelligence Directorate
    National Security Agency
  • Mr. Stuart J. Evans
    Deputy Assistant Attorney General for Intelligence, National Security Division
    U.S. Department of Justice
  • Mr. Michael B. Steinbach
    Assistant Director for Counterterrorism
    Federal Bureau of Investigation

This suggests there is either something about the program we don’t already know, or that the government is asking for changes to the program that would extend beyond the basic concept of spying on foreigners in the US using US provider help.

I guess we’re stuck wildarseguessing what those big new secrets are, given the Intelligence Community’s newfound secrecy about this program.

Some observations about the witnesses. First, between Litt and Evans, these are the lawyers that would oversee the yearly certification applications to FISC. That suggests the government may, in fact, be asking for new authorities or new interpretations of authorities.

Darby would be in charge of the technical side of this program. Since the PRISM as it currently exists is so (technologically) simple, that suggests the new secrets may involve a new application of what the government will request from providers. This might be an expansion of upstream, possibly to bring it closer to XKeyscore deployment overseas, possibly to better exploit Tor. Remember, too, that under USA Freedom Act, Congress authorized the use of data collected improperly, provided that it adheres to the new minimization procedures imposed by the FISC. This was almost certainly another upstream collection, which means there’s likely to be some exotic new upstream application that has caused the government some problems of late.

Note that the sole FBI witness oversees counterterrorism, not cybersecurity. That’s interesting because it would support my suspicions that the government is achieving its cybersecurity collection via other means now. But also that any new programs may be under the counterterrorism function. Remember, the NatSec bosses, including Jim Comey, just went to Silicon Valley to ask for help applying algorithms to identify terrorism content. Remember, too, that such applications would have been useless to prevent the San Bernardino attack if they were focused on the public social media content. So it may be that NSA and FBI want to apply algorithms identifying radicalizers to private content.

Finally, and critically, remember the Apple debate. In a public court case, Apple and the FBI are fighting over whether Apple can be required to decrypt its customers’ smart device communications. The government has argued this is within the legal notion of “assistance to law enforcement.” Apple disagrees. I think it quite possible that the FBI would try to ask for decryption help to be included under the definition of “assistance” under Section 702. Significantly, these witnesses are generally those (including Bob Litt and FBI counterterrorism) who would champion such an interpretation.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Tuesday Morning: Don’t Drive Angry

Okay, campers, rise and shine! It’s Groundhog Day! Like that genius film Groundhog Day we are stuck in an unending, repeating hell — like the dark circus that is our general election cycle in the U.S.

The lesson: it’s hell by choice. Let’s choose better. What’ll we choose today?

BPS, replacement for plastic additive BPA, not so safe after all
Here’s a questionable choice we could examine: using BPS in “BPA-free” plastics. A study by Geffen School of Medicine at UCLA found that BPS negatively affects reproductive organs and increased the likelihood of “premature birth” in zebrafish, accelerating development of the embryos. Relatively small amounts and short exposures produced effects.

As disturbing as this finding may be, the FDA’s approach to BPA is worrisome. Unchanged since 2014 in spite of the many studies on BPA, the FDA’s website says BPA is safe. Wonder how long it will be before the FDA’s site says BPS is likewise safe?

Exoskeleton assists paraplegic for only $40,000
Adjustable to its wearer’s body, SuitX’s exoskeleton helps paraplegic users to walk, though crutches are still needed. It’s not a perfect answer to mobility given the amount of time it takes to put on the gear, but it could help paraplegics avoid injuries due to sitting for too long in wheelchairs. It’s much less expensive than a competing exoskeleton at $70K; the price is expected to fall over time.

SuitX received an NSF grant of $750,000 last April for its exoskeleton work. Seems like a ridiculous bargain considering how much we’ve already invested in DARPA and other MIC-development of exoskeletons with nothing commercial to show for it. Perhaps we should choose to fund more NSF grants instead of DOD research?

Patches and more patches — Cisco, Android, Microsoft

Dudes behaving badly

  • Former Secret Service agent involved in the Silk Road investigation and later charged with theft of $800K in Bitcoins has been arrested just one day before he was to begin serving his sentence for theft. This Silk Road stuff is a movie or cable series waiting to happen.
  • Massachusett’s Rep. Katherine Clark, who proposed the Interstate Swatting Hoax Act last November, was swatted this weekend. Fortunately, the local police used a low-key approach to the hoax call. Way to make the case for the bill‘s passage, swatters, let alone increased law enforcement surveillance.

I know I’ve missed something I meant to post, but I’ll choose to post it tomorrow and crawl back into my nest this morning to avoid my shadow. In the meantime, don’t drive angry!

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Emptywheel Twitterverse

bmaz @OKnox Wait. What? Make a Wish Foundation made Chris Martin feel like he was actually a valuable and competent rock star??
37sreplyretweetfavorite
emptywheel RT @GabrielleWilson: BEYONCE IN THAT MICHAEL JACKSON SUPER BOWL FIT https://t.co/G919sWvPOq
1mreplyretweetfavorite
bmaz Another Laptop Of Death!! https://t.co/tyCIbrvHg2
1mreplyretweetfavorite
emptywheel Bring back Super Man!!! Now, with Left Shark!!!
2mreplyretweetfavorite
bmaz My wife got excited when saw Springsteen and Stones, thought might be present instead of videos of better days. Alas, no, just more Coldplay
2mreplyretweetfavorite
emptywheel All you really don't need to know during the actual Super Bowl. https://t.co/2B4fJL1tFN
3mreplyretweetfavorite
emptywheel Apparently 23 years, and now I know why I was missing Michael Jackson at the beginning... https://t.co/0dvVnj42o5
7mreplyretweetfavorite
emptywheel Halftimes only got big about 12 years ago, right? So that 50 year history was really just 12?
8mreplyretweetfavorite
bmaz I would have never guessed that Coldplay by itself would be the highlight of a cobbled together halftime show? Overproduced rubbish.
9mreplyretweetfavorite
JimWhiteGNV One of these things is not like the others.
10mreplyretweetfavorite
emptywheel If Beyonce and her dancers get off this crappy field w/o breaking an ankle I'll be impressed.
12mreplyretweetfavorite
bmaz Still don't get, at all, the appeal of Coldplay. But this is certainly their best, and far better than expected.
15mreplyretweetfavorite
February 2016
S M T W T F S
« Jan    
 123456
78910111213
14151617181920
21222324252627
2829