In Which the National Security Council Discovers the Grand Jury Subpoena

Back when Jim Comey ate 20 journalists for lunch, he said that if Congress imposed more controls on National Security Letters, FBI would just get more grand jury subpoenas, which require fewer approvals than NSLs anyway.

Which is one reason I find National Security Council spokesperson Ned Price’s promise that if Section 215 lapses, “a critical national security tool” used in other contexts would be lost to be so interesting.

NSC spokesman Ned Price told Reuters the administration had decided to stop bulk collection of domestic call metadata unless Congress re-authorizes it.

Some legal experts have suggested that even if Congress does not extend the law the administration might be able to convince the Foreign Intelligence Surveillance Court to authorize collection under other authorities.

Price made clear the administration does not intend to do so. The administration is encouraging Congress to enact legislation in the coming weeks that would allow collection to continue.

“If Section 215 (of the law which covers the collection) sunsets, we will not continue the bulk telephony metadata program,” he said.

“Allowing Section 215 to sunset would result in the loss, going forward, of a critical national security tool that is used in a variety of additional contexts that do not involve the collection of bulk data.”

This reaffirms what Bob Litt said last month at Brookings, that the government claims it won’t continue the phone dragnet under Section 215 under a grandfather approach. But it also emphasizes the stuff journalists often ignore or don’t understand: that most Section 215 orders are for other things, and the government may or may not find those sufficiently important to panic over.

Still, at least some of what the government is doing with those other Section 215 orders could be done with grand jury subpoenas.

Or maybe it couldn’t. Maybe they’re collecting this stuff without the underlying predicate for an investigation, and therefore need to do it via Section 215?? Maybe the collection is so Constitutionally problematic that data collected using a subpoena — with the greater chance it would be reviewed by a judge in an adversarial proceeding — would get thrown out?

But if so, perhaps we should revisit the collection?

Or, just as provocatively, if this other collection is so important and cannot be done with a grand jury subpoena, then maybe the government should ditch the phone dragnet — it could do it instead in limited form with NSLs — so it can save the other programs it doesn’t want to talk about?

Would the government be willing to trade the phone dragnet — which has never IDed any plot — for the other programs Section 215 supports?

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Correlations and FBI Claims in the Marathon Trial

Kevin Swindon, the FBI Supervisory Special Agent in charge of computer forensics for the Boston Marathon attack just finished testimony. His testimony raised more questions than it answered. That’s true, in part, because the government had him testify rather than some of the Agents who report to him who did the actual analysis on the many devices related to the investigation. So for key questions, he had to answer he didn’t know. He also dodged explaining who cherry picked the files to present to the jury that made Dzhokhar Tsarnaev look singularly focused on jihad when his computer showed he was more interested in pop music and something else — probably sexual? — that young men are often interested in.

On cross, Dzhokhar’s attorney William Fick tried to direct Swindon to describe more about a laptop found at Watertown that apparently belonged to Tamerlan. Swindon admitted the laptop — unlike all the computers Dzhokhar used — used strong encryption and also had a goodly number of Russian language documents on explosives. But over and over Swindon claimed he had only taken a “cursory” look at that computer.

I’m betting the person who did the more than cursory analysis of it would be a far more interesting witness and that’s why we didn’t hear from him or her. Not only will we not get to hear from that witness, apparently, but Judge George O’Toole upheld a prosecution objection to ask further questions about it.

Before that, prosecutor Aloke Chakravarty led Swindon through a very bizarre exercise. He had Swindon show how the same songs that were one one of Dzhokhar’s devices showed up on another. He showed continuity between an iPod, a Samsung phone, and the Sony found at his dorm room. In other words, the government used common songs as a means to correlate these computers, rather than actual forensic evidence that Swindon surely could have presented. I find that really problematic. Sure, the government probably wants to pretend it doesn’t do such correlations forensically, but to suggest that someone’s musical downloads shows common ownership seems really problematic.

All the more so given that for another of the computers (I’m not sure if this is Dzhokhar’s college computer or the HP at Tsarnaev house in Cambridge, but it may not matter as Dzhokhar’s computer dated to when he still lived at home) there was evidence of multiple Skype users, though Swindon claimed to be unaware of that fact. We know the government correlates using such things, and the fact that evidence of others users was deliberately not presented (probably through choice of witness more than through deceit) is really problematic.

The defense also showed that the thumb drive found in the computer that Dzhokhar’s buddies had thrown out had a rental application from his sister-in-law, showing that whether or not he used these devices in common, plenty of other people were using them as well.

In short, the government wanted to use really problematic correlations mapping to prove that Dzhokhar was accessing jihadist material (even though a question about whether one of the computers had ever searched on the term was not permitted), but they can’t even prove who was using any of the computers when, and pointedly avoided using real forensics means to do so.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Washington Post Fails to Disclose Heinonen’s UANI Connection in Anti-Iran Op/Ed

We are now in the “final” week of negotiations to set the framework for the P5+1 long-term agreement on Iran’s nuclear technology. With so much in the balance, voices are popping up from every direction to offer their opinions on what constitutes a good or bad deal. While Netanyahu’s address to Congress dominated the headlines in that regard, other sources also have not held back on offering opinions. In the case of Netanyahu, informed observers considering his remarks knew in advance that Netanyahu considers Iran an “existential threat” to Israel and that violent regime change in Iran is his preferred mode of addressing Iran’s nuclear technology. When it comes to other opinions being offered, it is important to also have a clear view of the backgrounds of those offering opinions so that any biases they have can be brought into consideration.

With that in mind, the Washington Post has committed a gross violation of the concept of full disclosure in an Iran op/ed they published yesterday. I won’t go into the “substance” of this hit piece on Iran, suffice it note that the sensationalist headline (The Iran time bomb) warns us that the piece will come from an assumption that Iran seeks and will continue to seek a nuclear weapon regardless of what they agree to with P5+1.

The list of authors for this op/ed is an anti-Iran neocon’s wet dream. First up is Michael Hayden. The Post notes that Hayden led the CIA from 2006-2009 and the NSA from 1999 to 2005. I guess they don’t think it’s important to note that he now is a principal with the Chertoff Group and so stands to profit from situations in world politics that appear headed toward violence.

The third of the three authors is perhaps the least known, but he’s a very active fellow. Here is how Nima Shirazi describes Ray Takeyh:

Takeyh is a mainstay of the Washington establishment – a Council on Foreign Relations Senior Fellow before and after a stint in the Obama State Department and a founding member of the neoconservative-created Iran Strategy Task Force who has become a tireless advocate for the collective punishment of the Iranian population in a futile attempt to inspire homegrown regime change (if not, at times, all-out war against a third Middle Eastern nation in just over a decade). Unsurprisingly, he dismisses out of hand the notion that “the principal cause of disorder in the Middle East today is a hegemonic America seeking to impose its imperial template on the region.”

The Post, of course, doesn’t mention Takeyh’s association with the group Shirazi describes, nor his membership in another Iran Task Force organized by the Jewish Institute for National Security Affairs.

Sandwiched between Hayden and Takeyh, though, is the Post’s biggest failure on disclosure. Olli Heinonen is described by the Post simply as “a senior fellow at Harvard’s Belfer Center for Science and International Affairs and a former deputy director general of the International Atomic Energy Agency”. As such, uninformed readers are likely to conclude that Heinonen is present among the authors to serve as a hefty dose of neutrality,given his background in the IAEA. Nothing could be further from the truth. What the Post fails to disclose is that Heinonen is also a prominent member of the Advisory Board of United Against Nuclear Iran.

Not only is UANI an advocacy group working against Iran, but they are currently embroiled in litigation in which it has been learned that UANI has come into possession of state secrets from the United States. The Department of Justice has weighed in on the UANI case, urging the judge to throw the case out on the grounds that continuing to litigate it will disclose the US state secrets that UANI has obtained. Since the litigation involves UANI actions to “name and shame” companies it accuses of violating US sanctions against Iran, one can only assume that the state secrets leaked to UANI involve Iran.

How in the world could the Washington Post conclude that Heinonen’s role on the Advisory Board for United Against Nuclear Iran would not be something they should disclose in publishing his opinion piece entitled “The Iran time bomb”?

Oh, and lest we come to the conclusion that failing to note Heinonen’s UANI connection is a one-off thing in which Heinonen himself is innocent, noted AP transcriptionist of neocon anti-Iran rhetoric George Jahn used Heinonen in exactly the same way a month ago.

We can only conclude that Heinonen is happily doing the neocons’ bidding in their push for war with Iran.

Update from emptywheel: The judge in Victor Restis’ lawsuit just dismissed the suit on state secrets grounds. Here’s the opinion, h/t Mike Scarcella.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

CISA’s Terrorists Are Not Just Foreign Terrorists

In addition to hunting hackers, the Cybersecurity Information Security Act — the bill that just passed the Senate Intelligence Committee — collects information domestically to target terrorists if those so-called terrorists can be said to be hacking or otherwise doing damage to property.

Significantly, as written, the bill doesn’t limit itself to targeting terrorists with an international tie. That’s important, because it essentially authorizes intelligence collection domestically with no court review. Thus, the bill seems to be — at least in part — a way around Keith, the 1971 ruling that prohibited domestic security spying without a warrant.

It takes reading the bill closely to understand that, though.

The surveillance or counterhacking of a “terrorist” is permitted in three places in the bill. In the first of those, one might interpret the bill to associate the word “foreign” used earlier in the clause with the word terrorist. That clause authorizes the disclosure of cyber threat indicators for “(iii) the purpose of identifying a cybersecurity threat involving the use of an information system by a foreign adversary or terrorist.”

But the very next clause authorizes information sharing to mitigate “a terrorist act,” with no modifier “foreign” in sight. It authorizes information sharing for “(iv) the purpose of responding to, or otherwise preventing or mitigating, an imminent threat of death, serious bodily harm, or serious economic harm, including a terrorist act or a use of a weapon of mass destruction;”

And the last mention of terrorists — reserving the authority of the Secretary of Defense to conduct cyberattacks in response to malicious cyber activity — includes the article “a” that makes it clear the earlier use of “foreign” doesn’t apply to “terrorist organization” in this usage.

(m) AUTHORITY OF SECRETARY OF DEFENSE TO RESPOND TO CYBER ATTACKS.—Nothing in this Act shall be construed to limit the authority of the Secretary of Defense to develop, prepare, coordinate, or, when authorized by the President to do so, conduct a military cyber operation in response to a malicious cyber activity carried out against the United States or a United States person by a foreign government or an organization sponsored by a foreign government or a terrorist organization.

Frankly, I’m of the belief that the distinction that has by and large applied for the last 14 years of spying betrays the problem with our dragnet targeted on Muslims. America in general seems perfectly willing to treat some deaths — even 168 deaths — perpetrated by terrorists as criminal attacks so long as they are white Christian terrorists. If white Christian terrorists can be managed as the significant law enforcement problem they are without a dragnet, then so, probably, can FBI handle the losers it entraps in dragnets and then stings.

But here, that distinction has either apparently been scrapped or Richard Burr’s staffers are just bad at drafting surveillance bills. It appears that whatever anyone wants to call a terrorist — whether it be Animal Rights activists, Occupy Wall Street members, Sovereign Citizen members, or losers who started following ISIL on Twitter — appears to be fair game. Which is particularly troubling given that CISA makes explicit what NSA used to accomplish only in secret — the expansion of “imminent threat of death or serious bodily harm” to incorporate harm to property. How much harm to a movie studio or some other IP owner does it take before someone is branded a “terrorist” engaged in the “act” of doing “serious economic harm,” I wonder?

Note, too, that according to OTI’s redlined version of this bill, most of the application of this surveillance to foreign and domestic terrorists is new, added even as SSCI dawdles in the face of imminent Section 215 sunset.

As I’ll show in a later post, one function of this bill may be to move production that currently undergoes or might undergo FISC  or other court scrutiny out from under a second branch of government, making a mockery out of what used to be called minimization procedures. If that’s right, it would also have the effect of avoiding court scrutiny on just whether this surveillance — renamed “information sharing” — complies with Supreme Court prohibition on warrantless spying on those considered domestic security threats.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Have the Banks Escaped Criminal Prosecution because They’re Spying Surrogates?

I’m preparing to do a series of posts on CISA, the bill passed out of SSCI this week that, unlike most of the previous attempts to use cybersecurity to justify domestic spying, may well succeed (I’ve been using OTI’s redline version which shows how SSCI simply renamed things to be able to claim they’re addressing privacy concerns).

But — particularly given Richard Burr’s office’s assurances this bill is great because “business groups like the Financial Services Roundtable and the National Cable & Telecommunications Association have already expressed their support for the bill” — I wanted to raise a question I’ve been pondering.

To what extent have banks won themselves immunity by serving as intelligence partners for the federal government?

I ask for two reasons.

First, when asked why she, along with Main Justice’s Lanny Breuer, authorized the sweetheart deal for recidivist transnational crime organization HSBC, Attorney General nominee Loretta Lynch implied that there was insufficient admissible evidence to try any individuals associated with this recidivism.

I and the dedicated career prosecutors handling the investigation carefully considered whether there was sufficient admissible evidence to prosecute an individual and whether such a prosecution otherwise would have been consistent with the principles of federal prosecution contained in the United States Attorney’s Manual.

That’s surprising given that Carl Levin managed to come up with 300-some pages of evidence. Obviously, there are several explanations for this response: she’s lying, the evidence is inadmissible because HSBC provided it willingly thereby making it unusable for prosecution, or the evidence was collected in ways that makes it inadmissible.

It’s the last one I’ve been thinking about: is it remotely conceivable that all the abundant evidence against banksters their regulators have used to obtain serial handslaps is for some reason inadmissible in a criminal proceeding?

I started thinking about that as a real possibility when PCLOB revealed that Treasury’s Office of Intelligence and Analysis has never once — not in the 30-plus years since Ronnie Reagan told them they had to — come up with minimization procedures to protect US person privacy with data collected under EO 12333. Maybe that didn’t matter so much in 1981, but since 2004, Treasury has had an ever-increasing role in using intelligence (collected from where?) to impose judgments against people with almost no due process. And those judgements are, in turn, used to impose other judgments on Americans with almost no due process.

The thing is, you’d think banks might care that Treasury wasn’t complying with Executive Branch requirements on privacy protection. Not only because they care (ha!) about their customers, whether American or not, but because many of them are, themselves, US persons. US bank US person status should limit how much Treasury diddles with bank-related intelligence, but Treasury doesn’t appear bound by that.

Which leads me to suspect, at least, that there’s something in it for the banks, something that more than makes up for the serial handslaps for sanctions violations.

And one possibility is that because of the way this data is collected and shared, it can’t be used in a trial. Voila! Bank immunity.

All that’s just a wildarsed guess.

But one made all the more pressing given that Treasury is among the Appropriate Federal Entities that will be default intelligence recipients for cyber information under CISA.

(3) APPROPRIATE FEDERAL ENTITIES.—

The term ‘‘appropriate Federal entities’’ means the following:

(A) The Department of Commerce.

(B) The Department of Defense.

(C) The Department of Energy.

(D) The Department of Homeland Security.

(E) The Department of Justice.

(F) The Department of the Treasury.

(G) The Office of the Director of National Intelligence.

To some degree, this is not in the least bit surprising. After all, financial regulators have increasingly made cybersecurity a key regulatory concern of late, so it makes sense for Treasury to be in the loop.

But banksters rarely — never! — add regulatory exposure for themselves without a fight and, as Burr’s office has made clear, the banks love this bill.

One more datapoint, back to HSBC. As I noted when Lanny Breuer and Loretta Lynch announced that handslap, Breuer neglected to mention that HSBC was getting a handslap not just for helping cartels profit off drugs, but also helping terrorists fund their activities (at the time Pete Seda was being held without bail on charges the government insisted amounted to material support for terrorists for handing a check to Chechens using cash that had come indirectly from HSBC). The actual settlement, however, made mention of it by explaining that HSBC had “assisted the Government in investigations of certain individuals suspected of money laundering and terrorist financing.” By dint of that cooperation, in other words, HSBC went from being a material supporter of terrorism to being a deputy financial cop. And Breuer expanded that notion of banks serving as deputized financial cops thereafter.

Are the methods and terms by which we’re collecting all this financial intelligence to use against some bad guys precisely what prevents us from holding the even bigger bad guys — the ones affecting far more of us directly, in the form of the houses we own, the towns we live in, the opportunity costs paid to financial crime — accountable?

And will this system now be replicated under CISA (or has it, already) as banks turn into cyber crime deputized cops?

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Is Matt DeHart Being Prosecuted Because FBI Investigated CIA for the Anthrax Leak?

Buzzfeed today revealed a key detail behind in the Matthew DeHart case: the content of the file which DeHart believes explains the government’s pursuit of him.  In addition to details of CIA’s role in drone-targeting and some ag company’s role in killing 13,000 people, DeHart claims a document dropped onto his Tor server included details of FBI’s investigation into CIA’s possible role in the anthrax attack.

According to Matt, he was sitting at his computer at home in September 2009 when he received an urgent message from a friend. A suspicious unencrypted folder of files had just been uploaded anonymously to the Shell. When Matt opened the folder, he was startled to find documents detailing the CIA’s role in assigning strike targets for drones at the 181st.

Matt says he thought of his fellow airmen, some of whom knew about the Shell. “I’m not going to say who I think it was, but there was a lot of dissatisfaction in my unit about cooperating with the CIA,” he says. Intelligence analysts with the proper clearance (such as Manning and others) had access to a deep trove of sensitive data on the Secret Internet Protocol Router Network, or SIPRNet, the classified computer network used by both the Defense and State departments.

As Matt read through the file, he says, he discovered even more incendiary material among the 300-odd pages of slides, documents, and handwritten notes. One folder contained what appeared to be internal documents from an agrochemical company expressing culpability for more than 13,000 deaths related to genetically modified organisms. There was also what appeared to be internal documents from the FBI, field notes on the bureau’s investigation into the worst biological attack in U.S. history: the anthrax-laced letters that killed five Americans and sickened 17 others shortly after Sept. 11.

Though the attacks were officially blamed on a government scientist who committed suicide after he was identified as a suspect, Matt says the documents on the Shell tell a far different story. It had already been revealed that the U.S. Army produced the Ames strain of anthrax — the same strain used in the Amerithrax attacks — at the Dugway Proving Ground in Utah. But the report built the case that the CIA was behind the attacks as part of an operation to fuel public terror and build support for the Iraq War.

Despite his intelligence training, Matt was no expert in government files, but this one, he insists, featured all the hallmarks of a legitimate document: the ponderous length, the bureaucratic nomenclature, the monotonous accumulation of detail. If it wasn’t the real thing, Matt thought, it was a remarkably sophisticated hoax. (The FBI declined requests for comment.)

Afraid of the repercussions of having seen the folder of files, Matt panicked, he claims, and deleted it from the server. But he says he kept screenshots of the dozen or so pages of the document that specifically related to the FBI investigation and the agrochemical matter, along with chat logs and passwords for the Shell, on two IronKey thumb drives, which he hid inside his gun case for safekeeping.

Is it possible DOJ would really go after DeHart for having seen and retaining part of that FBI file?

For what it’s worth, I think Bruce Ivins could not have been the sole culprit and it’s unlikely he was the culprit at all. I believe the possibility that a CIA-related entity, especially a contractor or an alumni, had a role in the anthrax attack to be possible. In my opinion, Batelle Labs in Ohio are the most likely source of the anthrax, not least because they’re close enough to New Jersey to have launched the attacks, but because — in addition to dismissing potential matches to the actual anthrax through a bunch of smoke (only looking for lone wolves) and mirrors (ignoring four of the potentially responsive samples) — Batelle did have a responsive sample of the anthrax. Though as a recently GAO report made clear, FBI didn’t even sample all the labs that had potentially responsive samples, so perhaps one of those labs should be considered a more likely source. Batelle does work for the CIA and just about everyone else, so if Batelle were involved, CIA involvement couldn’t be ruled out.

So I think it quite possible that FBI was investigating CIA or someone related to CIA in the attack. It’s quite possible, too, that someone might want to leak that information, as it has been clear for years that at least some in FBI were not really all that interested in solving the crime. Even the timing would make sense, coming as it would have in the wake of the FBI’s use of the Ivins suicide to stop looking for a culprit and even as the Obama Administration was beginning to hint it wasn’t all that interested in reviewing FBI’s investigation.

But there’s something odd about how this was allegedly leaked.

According to Buzzfeed, the anthrax investigation came in one unencrypted folder with the ag document and a document on drone targeting the source of which he thinks he knows (it would like have been a former colleague from the ANG).

How would it ever be possible that the same person would have access to all three of those things? While it’s possible the ag admission ended up in the government, even a DOJ investigation into such an admission would be in a different place than the FBI anthrax investigation, and both should be inaccessible to the ANG people working on SIPRNet.

That is, this feels like the Laptop of Death, which included all the documents you’d want to argue that Iran had an active and advanced nuclear weapons program, but which almost certainly would never all end up on the same laptop at the same time.

And, given DeHart’s belief reported elsewhere this was destined for WikiLeaks, I can’t help but remember the Defense Intelligence Agency report which noted that WikiLeaks might be susceptible to disinformation (not to mention the HB Gary plot to discredit WikiLeaks, but that came later).

This raises the possibility that the Wikileaks.org Web site could be used to post fabricated information; to post misinformation, disinformation, and propaganda; or to conduct perception management and influence operations designed to convey a negative message to those who view or retrieve information from the Web site

That is, given how unlikely it would be to find these juicy subjects all together in one folder, I do wonder whether they’re all authentic (though DeHart would presumably be able to assess the authenticity of the drone targeting documents).

And DeHart no longer has the documents in question — Canada hasn’t given them back.

Paul told the agents that his family had evidence to back up their account: court documents, medical records, and affidavits — along with the leaked FBI document Matt had found that exposed an explosive secret. It was all on two encrypted thumb drives, which Matt later pulled off a lanyard around his neck and handed to the guards.

[snip]

If Matt is, in fact, wrongly accused, answers could be on the thumb drives taken by the Canada Border Services Agency, which have yet to be returned to the DeHarts. But without access to the leaked files Matt claims to have seen, there is no way to verify whether he was actually in possession of them, and, if he was, whether they’re authentic.

Though at least one person (a friend in London? Any association with WikiLeaks?) may have a copy.

Inside a hotel room in Monterrey, Mexico, Matt says he copied the Shell files onto a handful of thumb drives. He mailed one to a friend outside London, and several others to locations he refuses to disclose. He also says he sent one to himself in care of his grandmother, which he later retrieved for himself. When the subject of the drives comes up, Matt acts circumspect because, he says, he knows that our communications are being monitored.

There’s definitely something funky about this story. Importantly, it’s not just DeHart and his family that are acting like something’s funky — the government is too.

But that doesn’t necessarily mean the FBI thinks CIA did the anthrax attack.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

David Petraeus’ Defense Attorney Argues Mistress-Biographers Have More Legal Privilege than Defense Attorneys

In a letter to the NYT complaining that the paper compared his client, David Petraeus, with Stephen Kim and John Kiriakou, defense attorney David Kendall implicitly makes the argument that mistress-biographers have a better recognized privilege to access classified information than defense attorneys. (h/t Steven Aftergood via Josh Gerstein)

Now, far be it for me to criticize Kendall’s lawyering ability. After all, his firm, Williams & Connolly, has developed quite the expertise for getting well-connected Republicans off for leaking covert officers’ identities, having done so for Ari Fleischer, Dick Cheney, and now David Petraeus.

But his letter is ridiculous on both the facts and his rebuttal of the comparison, at least as it pertains to John Kiriakou.

First, Kendall omits key facts in his depiction of Petraeus’ crimes.

General Petraeus’s case is about the unlawful removal and improper storage of classified materials, not the dissemination of such materials to the public. Indeed, a statement of facts filed with the plea agreement and signed by both General Petraeus and the Justice Department makes clear that “no classified information” from his “black books” (personal notebooks) that were given to his biographer, Paula Broadwell, appeared in the biography.

He notes the plea deal “makes clear that ‘no classified information’ from his ‘black books’ … appeared in the biography.” That’s a very different thing than claiming that no classified information Petraeus shared with Broadwell appeared in her fawning biography of his client — and the record seems to suggest that it does.

Kendall also neglects to mention that this case is also about his client, just days after applauding Kiriakou’s plea, lying to the FBI. While, through the good grace of Kendall’s lawyering, Petraeus has gotten off scot free for a crime that others do years of prison time for, Petraeus nevertheless admitted that he committed that crime.

Indeed, as Abbe Lowell has made clear, that’s what prevented Kim from getting precisely the sweet deal that Petraeus has gotten, his alleged lies to the FBI.

But I’m even more disgusted by Kendall’s cynical treatment of Kiriakou’s crime.

By contrast, Stephen J. Kim arranged for the publication of highly sensitive classified information from an intelligence report on North Korea’s military capabilities, and John C. Kiriakou revealed the identities of covert C.I.A. agents, a betrayal of colleagues “whose secrecy is their only safety,” in the words of a government attorney.

[snip]

Reporters, like biographers, are frequently given access to sensitive information on the understanding that they will not publicize it, and it is hypocritical for The Times to argue for leniency for Mr. Kim and Mr. Kiriakou and harshness for General Petraeus.

Note how Kendall doesn’t describe to whom Kiriakou “revealed the identities of covert C.I.A. agents” [a factual error — Kiriakou was only accused of leaking one covert officer’s identity]? The answer is he revealed the identity of a torturer to a journalist who was working for defense attorneys defending people that torturer had tortured.

Now, clearly, Kendall does defend the right of journalists to receive such classified information if they don’t publicly disclose it. That’s what he argues Petraeus’ mistress has done (the evidence notwithstanding). So according to Kendall’s lawyering, providing that covert officer’s identity to a reporter who didn’t disclose it publicly — which is what happened in Kiriakou’s case —  should have gotten Kiriakou probation.

Ultimately though, Kendall doesn’t even deal with the fact that, whatever scant privilege journalists and mistress-biographers have been granted in this country, defense attorneys have generally been granted more, for good reason. Thus, by all measures, Kiriakou made no worse, and arguably a much more legally defensible disclosure of a CIA officer’s identity than the multiple covert officers’ identities Petraeus exposed to his mistress and anyone else who decided to peruse his unlocked desk drawer.

I mean, I never really expect people in Petraeus’ vicinity to do anything but fluff his reputation; Petraeus has an infallible ability in eliciting that from people he permits to get close (or closer, in the case of Broadwell).

But I am rather surprised that a defense attorney is arguing he should have fewer privileges than a mistress-biographer.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Chelsea Manning Warned of Nuri al-Maliki’s Corruption in 2010. David Petraeus’ Subordinates Silenced Her.

In early 2010, Chelsea Manning discovered that a group of people Iraq’s Federal Police were treating as insurgents were instead trying to call attention to Nuri al-Malki’s corruption. When she alerted her supervisors to that fact, they told her to “drop it,” and instead find more people who were publishing “anti-Iraqi literature” calling out Maliki’s corruption.

On 27 February 2010, a report was received from a subordinate battalion. The report described an event in which the FP detained fifteen (15) individuals for printing “anti-Iraqi literature.” By 2 March 2010, I received instructions from an S3 section officer in the 2-10BCT Tactical Operations Center to investigate the matter, and figure out who these “bad guys” were, and how significant this event was for the FP.

Over the course of my research, I found that none of the individuals had previous ties with anti-Iraqi actions or suspected terrorist or militia groups. A few hours later, I received several photos from the scene from the subordinate battalion.

[snip]

I printed a blown up copy of the high-resolution photo, and laminated it for ease of storage and transfer. I then walked to the TOC and delivered the laminated copy to our category 2 interpreter. She reviewed the information and about a half-hour later delivered a rough written transcript in English to the S2 section.

I read the transcript, and followed up with her, asking for her take on its contents. She said it was easy for her to transcribe verbatim since I blew up the photograph and laminated it. She said the general nature of the document was benign. The documentation, as I assessed as well, was merely a scholarly critique of the then-current Iraqi Prime Minister, Nouri al-Maliki. It detailed corruption within the cabinet of al-Maliki’s government, and the financial impact of this corruption on the Iraqi people.

After discovering this discrepancy between FP’s report, and the interpreter’s transcript, I forwarded this discovery, in person to the TO OIC and Battle NCOIC.

The TOC OIC and, the overhearing Battlecaptain, informed me they didn’t need or want to know this information any more. They told me to “drop it” and to just assist them and the FP in finding out where more of these print shops creating “anti-Iraqi literature” might be. I couldn’t believe what I heard, (24-25)

At the time, David Petraeus was the head of CENTCOM, the very top of the chain of command that had ordered Manning to “drop” concerns about Iraqis being detained for legitimate opposition to Maliki’s corruption.

Manning would go on to leak more documents showing US complicity in Iraqi abuses, going back to 2004. None of those documents were classified more than Secret. Her efforts (in part) to alert Americans to the abuse the military chain of command in Iraq was ignoring won her a 35-year sentence in Leavenworth.

Compare that to David Petraeus who pretends, to this day, Maliki’s corruption was not known and not knowable before the US withdrew troops in 2011, who pretends the US troops under his command did not ignore, even facilitate, Maliki’s corruption.

What went wrong?

The proximate cause of Iraq’s unraveling was the increasing authoritarian, sectarian and corrupt conduct of the Iraqi government and its leader after the departure of the last U.S. combat forces in 2011.  The actions of the Iraqi prime minister undid the major accomplishment of the Surge. (They) alienated the Iraqi Sunnis and once again created in the Sunni areas fertile fields for the planting of the seeds of extremism, essentially opening the door to the takeover of the Islamic State. Some may contend that all of this was inevitable. Iraq was bound to fail, they will argue, because of the inherently sectarian character of the Iraqi people. I don’t agree with that assessment.

The tragedy is that political leaders failed so badly at delivering what Iraqis clearly wanted — and for that, a great deal of responsibility lies with Prime Minister Maliki.

Unlike Manning, Petraeus adheres to a myth, the myth that this war was not lost 12 years ago, when George Bush ordered us to invade based on a pack of lies, when Petraeus and his fellow commanders failed to bring security after the invasion (largely through the priorities of their superiors), when Paul Bremer decided to criminalize the bureaucracy that might have restored stability — and a secular character — to Iraq.

Of course, Petraeus’ service to that myth is no doubt a big part of the reason he can continue to influence public opinion from the comfort of his own home as he prepares to serve his 2 years of probation for leaking code word documents, documents far more sensitive than those Manning leaked, as opposed to the 35 years in Leavenworth Manning received.

Which is, of course, a pretty potent symbol of our own corruption.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

If FISC Consults Technical Experts and Nobody Sees It, Does It Really Happen?

Back in January, PCLOB released a progress report on the reports it released, describing whether the government has taken up its recommendations. There’s a detail in it I’ve been meaning to call attention to:

Recommendation 5: Take Full Advantage of Existing Opportunities for Outside Legal and Technical Input in FISC Matters

[snip]

The FISC should take full advantage of existing authorities to obtain technical assistance and expand opportunities for legal input from outside parties.

[snip]

Discussion of Status: As noted in the Board’s report, prior to the issuance of the Board’s recommendation the FISC had on one occasion accepted an amicus brief from an outside party (relating to the legality of a publicly known FISA surveillance program), and the PCLOB is aware of specific instances in classified matters in which the FISC has since taken action consistent with this recommendation.

It was always clear (as the amicus permitted under In re Sealed Case showed) that FISC could ask for help. Apparently, having been called out for never seeking out opinions outside of the government (which repeatedly got caught being less than forthcoming), FISC has now sought help.

It might be additional legal views. It might be technical help. Who knows?

If I had to wildarseguess, I’d imagine FISC has considered what to do about location tracking programs in light of various circuit decisions over the last year. If that’s right (and it just a wildarseguess), it might be technical assistance.

But given the kind of people — like Michael Hayden — pitched as technical experts in DC, what good does that do? Unless the community can vet the technical expertise the FISC calls on for help, it doesn’t add to the Court’ legitimacy. Nor does it help FISC ensure it’s really getting what it needs when it seeks outside advice.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

If Section 215 Lapsed, Would the Government Finally Accede to ECPA Reform?

Now that the Section 215 Sunset draws nearer, the debate over what reformers should do has shifted away from whether USA Freedom Act is adequate reform to whether it is wise to push for Section 215 to sunset.

That debate, repeatedly, has focused almost entirely on the phone dragnet that Section 215 authorizes. It seems most of the people engaging in this debate or reporting on it are unaware or uninterested in what the other roughly 175 Section 215 orders authorized last year did (just 5 orders authorized the phone dragnet).

But if Section 215 sunsets in June, those other 175 orders will be affected too (though thus far it looks like FISC is approving fewer 215 orders than they did last year). Yet the government won’t tell us what those 175 orders do.

We know — or suspect — some of what these other orders do. NYT and WSJ reported on a Western Union dragnet that would probably amount to 4-5 orders a year (and would have been unaffected and hidden in transparency reporting under USA Freedom Act).

The FBI has previously confirmed that it used Section 215 to collect records of explosives precursors — things like large quantities of acetone, hydrogen peroxide, fertilizer, and (probably now) pressure cookers; given that the Presidential Review Group consulted with ATF on its review of Section 215, it’s likely these are programmatic collection. (If the government told us it was, we might then be able to ask why these materials couldn’t be handled the same way Sudafed is handled, too, which might force the government to tie it more closely to actual threats.) This too would have been unaffected by USAF.

The government also probably uses Section 215 to collect hotel records (which is what it was originally designed for, though not in the bulk it is probably accomplished). This use of Section 215 will likely be reinforced if and when SCOTUS affirms the collection of hotel records in Los Angeles v. Patel.

But the majority of those 175 Section 215 orders, we now know, are for some kind of Internet records that may or may not relate to cyber investigations, depending on whether you think FBI talks out of its arse when trying to keep authorities, but which they almost certainly collect in sufficient bulk that FISC imposed minimization procedures on FBI.

Which brings me to my argument that reauthorizing Section 215 will forestall any ECPA reform.

We know most Section 215 orders are for Internet records because someone reliable — DOJ’s Inspector General in last year’s report on National Security Letters — told us that a collection of Internet companies successfully challenged FBI’s use of NSLs to collect this stuff after DOJ published an opinion on ECPA in 2008.

The decision of these [redacted] Internet companies to discontinue producing electronic communication transactional records in response to NSLs followed public release of a legal opinion issued by the Department’s Office of Legal Counsel (OLC) regarding the application of ECPA Section 2709 to various types of information. The FBI General Counsel sought guidance from the OLC on, among other things, whether the four types of information listed in subsection (b) of Section 2709 — the subscriber’s name, address, length of service, and local and long distance toll billing records — are exhaustive or merely illustrative of the information that the FBI may request in an NSL. In a November 2008 opinion, the OLC concluded that the records identified in Section 2709(b) constitute the exclusive list of records that may be obtained through an ECPA NSL.

Although the OLC opinion did not focus on electronic communication transaction records specifically, according to the FBI, [redacted] took a legal position based on the opinion that if the records identified in Section 2709(b) constitute the exclusive list of records that may be obtained through an ECPA NSL, then the FBI does not have the authority to compel the production of electronic communication transactional records because that term does not appear in subsection (b).

That report went on to explain that FBI considered fixing this problem by amending the definition for toll records in Section 2709, but then bagged that plan and just moved all this collection to Section 215, which takes longer.

In the absence of a legislative amendment to Section 2709, [2.5 lines redacted]. [Deputy General Counsel of FBI’s National Security Law Branch] Siegel told us that the process of generating and approving a Section 215 application is similar to the NSL process for the agents and supervisors in the field, but then the applications undergo a review process in NSLB and the Department’s National Security Division, which submits the application to the Foreign Intelligence Surveillance Court (FISA Court). According to Siegel, a request that at one time could be accomplished with an NSL in a matter of hours if necessary, now takes about 30-40 days to accomplish with a standard Section 215 application.

In addition to increasing the time it takes to obtain transactional records, Section 215 requests, unlike NSL requests, require the involvement of FBI Headquarters, NSD, and the FISA Court. Supervisors in the Operations Section of NSD, which submits Section 215 applications to the FISA Court, told us that the majority of Section 215 applications submitted to the FISA Court [redacted] in 2010 and [redacted] in 2011 — concerned requests for electronic communication transaction records.

The NSD supervisors told us that at first they intended the [3.5 lines redacted] They told us that when a legislative change no longer appeared imminent and [3 lines redacted] and by taking steps to better streamline the application process.

The government is, according to the report, going through all sorts of hoop-jumping on these records rather than working with Congress to pass ECPA reform.

Why?

That’s not all the Report told us. Even earlier than that problem, in 2007, the IG identified other uncertainties about what the FBI should be obtaining with an NSL, and FBI actually put together a proposal to Congress. The proposed definition included both financial information and what could be construed as location data in toll records. That bill has never been passed.

But while Internet companies have shown reluctance to let the FBI secretly expand the meaning of toll record, two telecoms have not (a third, which I suspect is Verizon, backed out of closer cooperation on NSLs in 2009, and presumably a fourth, which probably is T-Mobile, was never a part of it).

And here’s what happened to the kinds of records FBI has been obtaining (almost certainly from AT&T) in the interim:

Screen Shot 2015-03-19 at 5.15.23 PM

 

FBI is collecting 7 kinds of things from (probably) AT&T that the Inspector General doesn’t think fits under ECPA.

Now, I’m not sure precisely why ECPA reform has gone nowhere in the last 8 years, but all this redaction suggests one reason is the government doesn’t want to be bound by a traditional definition of toll record, so much so it’s willing to put up with the aggravation of getting Section 215 orders for (what may be the same kind of) information from Internet companies in order to not be bound by limits on its telecom (or at least AT&T) NSLs.

Don’t get me wrong. I’d rather have the Internet stuff be under Section 215 orders, where it will be treated with some kind of minimization (the FBI is still completely ignoring the 2006 language in Section 215 requiring it to adopt minimization procedures for that section, but FISC has stepped into the void and imposed some itself).

But ultimately what’s going on — in addition to the adoption of a dragnet approach for phone records (that might have been deemed a violation of 18 USC 2302-3 if litigated with an adversary) and financial records (that might have been deemed a violation of 12 USC 3401-3422 if litigated with an adversary), is that the government is also, apparently, far exceeding the common understanding of NSLs without going back to Congress to get them to amend the law (and this goes well beyond communities of interest — two or maybe three hop collection under an NSL — which isn’t entirely redacted in this report).

It may be moot anyway. I actually wonder whether Internet companies will use the immunity of CISA, if and when it passes, to turn whatever they’re turning over without a Section 215 order.

And it’s not like Pat Leahy and Mike Lee have been successful in their efforts to get ECPA reform that protects electronic communications passed. ECPA isn’t happening anyway.

But maybe it might, if Section 215 were to lapse and the government were forced to stop kluging all the programs that have never really been approved by Congress in the first place into Section 215.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Emptywheel Twitterverse

emptywheel @nickmanes1 Grapefruit. It's the New Harbinger of Spring. (Steal that!)
11mreplyretweetfavorite
emptywheel @nickmanes1 Grapefruit fragranced $$ changed hands. It's sunny (and warm, if you're from either CO or MI). Of course they're boozing.
11mreplyretweetfavorite
emptywheel @granick FYI, also related. https://t.co/JBHbcqHjzt Taking Minimization Procedures out of FISC hands. BC FISC is too strict.
12mreplyretweetfavorite
emptywheel @nickmanes1 Then about the Deviant Dales, then... It could be your special take on the story...
15mreplyretweetfavorite
emptywheel @nickmanes1 If you're working on THAT can you figure out how much more Deviant Dales we get in the deal?
16mreplyretweetfavorite
emptywheel @nickmanes1 Perrin? The one I was wondering why you hadn't already reported on?!?!
17mreplyretweetfavorite
emptywheel @granick But James Clapper assured me something like that could never ever happen. Surely you're not sugges-- wait.
21mreplyretweetfavorite
emptywheel @sbagen Hey, you're on a win streak. Run with it.
23mreplyretweetfavorite
emptywheel @sbagen Also, how could MI voters agree w/petitioners "experts" if the "experts" didn't testify until 9 years after the vote?
23mreplyretweetfavorite
emptywheel @MazMHussain So you're assuring us that the Paul Wolfowitzes of the world have finally gotten the distinction straight? You sure?
24mreplyretweetfavorite
emptywheel @MiekeEoyang Really? That's nutty. Not vegan either tho occasionally choose it. Just wonder why vegans don't just eat like most of world
26mreplyretweetfavorite
emptywheel @granick It can't look at phone dragnet--no CT purpose. It CAN however be handed info abt leaks under CISA.
27mreplyretweetfavorite
March 2015
S M T W T F S
« Feb    
1234567
891011121314
15161718192021
22232425262728
293031