Posts

Why Is HPSCI’s Snowden Report So Inexcusably Shitty?

/11 Comments/in , /by

There’s now a growing list of things in the HPSCI report on Snowden that are either factually wrong, misleading, or spin.

One part of the spin the report admits itself: the committee assessed damage based on the 1.5 million documents Snowden touched — an approach the now discredited General Michael Flynn presented in briefings to the committee — rather than the far more limited set the Intelligence Community included in its damage assessment.

Over the past three years, the IC and the Department of Defense (DOD) have carried out separate reviews with differing methodologies of the damage Snowden caused. Out of an abundance of caution, DOD reviewed all 1.5 million documents Snowden removed. The IC, by contrast, has carried out a damage assessment for only a small subset of the documents. The Committee is concerned that the IC does not plan to assess the damage of the vast majority of documents Snowden removed.

Clearly, the IC wants a real assessment of the damage Snowden caused. HPSCI, however, appears to be interested in the most damning, which makes sense given that members of Congress actively solicited information they could use to damage Snowden.

Here are other problems with the report.

From Bart Gellman’s rebuttal:

  • HPSCI claimed the “bilateral tibial stress fractures” that led to Snowden’s discharge were “shin splints.”
  • HPSCI claimed he never got a GED. According to official Maryland records, Snowden got his equivalent degree on June 2, 2004.
  • HPSCI claimed Snowden was a computer technician at CIA. At the end he served as a “solutions referent/cyber referent” working on cyber contracts.
  • HPSCI claimed Snowden’s effort to show a security hole in CIA’s human resources intranet was an effort to doctor his performance evaluations.

From me:

HPSCI claimed Snowden failed the Section 702 training. According to an email from the SIGINT Compliance Chief, Snowden did pass it (the Chief had not checked whether or not Snowden had really failed it).“He said he had failed it multiple times (I’d have to check with ADET on that). He did pass the course at some point.”

The claim Snowden didn’t pass the test stems from an email written a year after an exchange between him and a Compliance training person. The training person wrote the email in direct response to Snowden’s claims that he had “contacted N.S.A. oversight and compliance bodies.” While it may be true Snowden failed the test before he passed it, there are enough irregularities with the email claim and related story it should not be credited without backup. When we asked NSA for specific answers about that email in conjunction with this story, they flipped out and went nuclear and preemptively released all the emails rather than provide the very easy answers to validate the email story.

From Patrick Eddington:

HPSCI claimed Snowden could have reported complaints to the committee, but HPSCI killed an effort to extend whistleblower protections to intelligence contractors in 2012.

Eddington and Steven Aftergood both suggest the shitty HPSCI report is good reason to embrace a set of reforms to improve HPSCI oversight.

But depending on the reason for the utter shittiness of the report, I think it might just warrant shutting the entire committee down and devolving oversight to real committees, like Judiciary, Homeland Security, and Armed Services. Remember, every single member of the committee, Democrat or Republican, signed this report. Every single one. For some reason, even fairly smart people like Adam Schiff and Jackie Speier signed off on something with inexcusable errors.

So I wanted to point to this passage on methodology.

The Committee’s review was careful not to disturb any criminal investigation or future prosecution of Snowden, who has remained in Russia since he fled there on June 23, 2013. Accordingly, the Committee did not interview individuals whom the Department of Justice identified as possible witnesses at Snowden’s trial, including Snowden himself, nor did the Committee request any matters that may have occurred before a grand jury. Instead, the IC provided the Committee with access to other individuals who possessed substantively similar knowledge as the possible witnesses. Similarly, rather than interview Snowden’s NSA coworkers and supervisors directly, Committee staff interviewed IC personnel who had reviewed reports of interviews with Snowden’s co-workers and supervisors.

So for this inexcusably shitty report, HPSCI did not interview:

  • Direct witnesses (presumably including the Compliance training woman whose email on 702 training is dodgy and probably also Booz and Dell contractors who might risk losing contracts)
  • Snowden’s co-workers
  • Snowden’s supervisors

They did interview:

  • People who possessed “substantively similar knowledge” as the people DOJ think might be witnesses at trial
  • People who reviewed reports of interviews with Snowden’s co-workers and supervisors

HPSCI spent two years but didn’t interview any of the direct witnesses.

Now, as a threshold matter, the publicly released emails provide good reason to doubt the adequacy of this indirect reporting on Snowden’s colleagues. Here’s how the Chief of NSA’s CI Division backed the conclusion that Snowden never talked about concerns about NSA surveillance with his colleagues.

Our findings are that we have found no evidence in the interviews, email, or chats reviewed that support his claims. Some coworkers reported discussing the Constitution with Snowden, specifically his interpretation of the Constitution as black and white, and others reported discussing general privacy issues as it relates to the Internet. Not one mentioned that Snowden mentioned a specific NSA program that he had a problem with. Actually, many of the people interviewed affirmed that he never complained about any NSA program. We also did not have any reflection that he asked anyone how he should/could report perceived wrongdoing.

So colleagues — who would presumably be in great fear of association with Snowden, especially in interviews with NSA’s Counterintelligence people — nevertheless revealed that they discussed the Constitution (and Snowden’s black and white interpretation of it) and general privacy issues about the Internet. “Many” of the interviewees said he never complained about any NSA program, which raises questions about what those excluded from this “many” said.

But it appears that NSA’s CI investigators only considered mention of specific programs to be a complaint, not general discussions about privacy and the Constitution.

We should assume the interview reports back to HPSCI members and staffers were similarly scoped.

There’s another reason I’m interested in this methodology section. That’s the implication from Spencer Ackerman’s series on SSCI’s Torture Report that CIA successfully used the John Durham investigation to undermine the SSCI investigation.

In August 2009, US attorney general Eric Holder expanded the remit of the prosecutor looking at the tapes destruction, John Durham, to include the torture program, much as the Senate committee had. The justice department’s new mandate was not as broad as the Senate’s. It would only concern itself with torture that exceeded the boundaries set for the CIA by the Bush-era justice department. Still, for all of Obama’s emphasis on looking forward and not backward, now the CIA had to face its greatest fear since launching the torture program: possible prosecution.

Holder’s decision, ironically, would ultimately hinder the committee more than the CIA, and lead to a criticism that the agency would later use as a cudgel against the Senate.

Typically, when the justice department and congressional inquiries coincide, the two will communicate in order to deconflict their tasks and their access. In the case of the dual torture investigations, it should have been easy: Durham’s team accessed CIA documents in the exact same building that Jones’s team did.

But every effort Jones made to talk with Durham failed. “Even later, he refused to meet with us,” Jones said.

Through a spokesman, Durham, an assistant US attorney in Connecticut, declined to be interviewed for this story.

The lack of communication had serious consequences. Without Durham specifying who at CIA he did and did not need to interview, Jones could interview no one, as the CIA would not make available for congressional interview people potentially subject to criminal penalty. Jones could not even get Durham to confirm which agency officials prosecutors had no interest in interviewing. “Regrettably, that made it difficult for our committee to do interviews. So the judgment was, use the record,” said Wyden, the Oregon Democrat on the panel.

[snip]

The CIA stopped compiling the Panetta Review in 2010 after Durham told Preston that CIA risked complicating any prosecution if it “made different judgments than the prosecutors had reached”, Charlie Savage reported in his 2015 book Power Wars.

Not only did CIA’s General Counsel Stephen Preston (who later served as DOD General Counsel from October 2013 until June 2015) use the Durham investigation to halt the CIA’s own internal investigation into the worthlessness of their torture, but it served as the excuse to withhold cooperation from SSCI. That, in turn, gave Republicans an excuse to disavow the report.

With the HPSCI report, an FBI investigation has again been used as an excuse to limit congressional oversight.

HPSCI’s failure to interview any of the relevant people directly is all the weirder given that there should be no problem for a witness to appear before both the grand jury and the committee. Certainly, House Oversight had no problem interviewing some of the subjects of the Hillary email investigation! And unlike the email investigation, with the Snowden one, few if any of the people who might serve as witnesses at any Snowden trial would be subjects of the investigation; they’d have no legal risk in also testifying to the committee. Snowden is the one at legal risk, and he has already been charged. And curiously, we’re hearing no squawking from Republicans about the necessity of direct interviews for the integrity of an investigation, like we heard with the Senate Torture Report.

One thing is certain: the public is owed an explanation for how HPSCI came to report knowably false information. The public is owed an explanation for why HPSCI is effectively serving as NSA’s propaganda wing.

And if we don’t get one, we should shut down the entire charade of post-Church Committee oversight committee.

Share this entry

If Snowden Doesn’t Know Privacy Protections of 702, That’s a Problem with NSA Training

/5 Comments/in /by

The House Intelligence Committee just released a report — ostensibly done to insist President Obama not pardon Snowden — that is instead surely designed as a rebuttal to the Snowden movie coming out in general release tomorrow. Why HPSCI sees it as their job to refute Hollywood I don’t know, especially since they didn’t make the same effort when Zero Dark Thirty came out, which suggests they are serving as handmaidens of the Intelligence Community, not an oversight committee.

There will be lots of debates about the validity of the report. In some ways, HPSCI admits they’re being as inflammatory as possible, as when they note that the IC only did a damage assessment of what they think Snowden took, whereas DOD did a damage assessment of every single thing he touched. HPSCI’s claims are all based on the latter.

There are things that HPSCI apparently doesn’t realize makes them and the IC look bad — not Snowden — such as the claim that he never obtained a high school equivalent degree; apparently people can just fake basic credentials and the CIA and NSA are incapable of identifying that. The report even admits a previously unknown contact between Snowden and CIA’s IG, regarding the training of IT specialists. BREAKING: Snowden did try to report something through an official channel!

It concerns me the “Intelligence Committee” can’t distinguish between details that help and hurt their case.

Meanwhile, Snowden has a bunch of rebuttals here, which extends the game of he says they say, but doesn’t help clarity much.

On one issue, however, I’m particularly concerned: with the HPSCI claim that Snowden may not understand the privacy impact of the programs he leaked because he failed Section 702 training:

It is also not clear Snowden understood the numerous privacy protections that govern the activities of the IC. He failed basic annual training for NSA employees on Section 702 of the Foreign Intelligence Surveillance Act (FISA) and complained the training was rigged to be overly difficult. This training included explanations of the privacy protections related to the PRISM program that Snowden would later disclose.

There are several implications about this allegation. First, the passage suggests that Snowden never passed 702 training. But he did. The Chief of the SIGINT Compliance Division said this in an email written on the low side (and as such, probably written with knowledge it would be released publicly). “He said he had failed it multiple times (I’d have to check with ADET on that). He did pass the course at some point.” Even in the middle of a big to-do over this training, the NSA knew one thing for certain: Snowden did pass the test (even if they weren’t sure whether he had really failed it).

The passage also suggests the training program was really basic. But a Lieutenant Colonel who clearly worked with a lot of 702 analysts at some point had this to say about it: “It is not a gentleman’s course; *I* failed it once, the first time I had to renew.”

The passage also suggests that the training was worthwhile. Except days before the conflict, NSA’s IG reissued an IG Report that revealed problems with this and related training — including that NSA still had outdated materials pertaining to the Protect America Act available as the “current” standard operating procedures available online.

There’s evidence the NSA’s training materials and courses at the time had significant errors. A revised Inspector General report on Section 702 of FISA, reissued just days before Snowden returned to Maryland for training on the program in 2013, found that the Standard Operating Procedures (SOPs) posted on the NSA’s internal website, purportedly telling analysts how to operate under the FISA Amendments Act passed in 2008, actually referenced a temporary law passed a year earlier, the Protect America Act.

“It is unclear whether some of the guidance is current,” the report stated, “because it refers only to the PAA,” a law that had expired years before. A key difference between the two laws pertains to whether the NSA can wiretap an American overseas under EO 12333 with approval from the attorney general rather than a judge in a FISA Court. If the SOPs remained on the website when Snowden was training, it would present a clear case in which NSA guidance permitted actions under EO 12333 that were no longer permitted under the law that had been passed in 2008.

Similarly, a key FISA Amendments Act training course (not the one described in the face-to-face exchange, but another one that would become mandatory for analysts) didn’t explain “the reasonable belief standard,” which refers to how certain an analyst must be that their target was not an American or a foreigner in the US — a key theme of Snowden’s disclosures. While some work on both these problems had clearly been completed between the time of the report’s initial release and its reissue just days before Snowden showed up in Maryland, both these findings remained open and had been assigned revised target completion dates in the reissued report, suggesting the IG had not yet confirmed they had been fixed.

Perhaps most troubling, to me, is that HPSCI repeats as true a story that should not be treated as such by anyone — because the story has a number of problems, and the person who told it almost certainly didn’t write it down for a full year after it happened, and then, only in response to Snowden’s claims about the interaction. I don’t know whether she was telling the truth or Snowden (or, most likely, both were shading the truth), but given the circumstances of the evidence, neither one should be assumed to be credible. But this report treats it, perhaps unaware of the many problems and inconsistencies with the story, as credible.

Ultimately, though, if Snowden didn’t fully appreciate the privacy protections of PRISM, you can’t attribute that to the training program, because he took and passed it.

Remarkably, this dodgy claim is the only evidence HPSCI has to claim that Snowden didn’t understand the privacy implications of what he was looking at. I’m fully willing to admit that reporting (that is, second-hand from Snowden) has made errors. But if NSA’s overseers can’t assess Snowden’s public comments about the programs they allegedly oversee, then they’re not doing their job.

Unless their job extends only to running PR for the agencies they are supposed to oversee.

Share this entry

On Responsible Sourcing for DNC Hack Stories

/47 Comments/in , /by

For some reason Lawfare thinks it is interesting that the two Democratic members of the Gang of Four — who have apparently not figured out there’s a difference between the hack (allegedly done by Russia) and the dissemination (done by Wikileaks, which has different motivations) are calling for information on the DNC hack to be released.

The recent hack into the servers of the Democratic National Committee (DNC) and the subsequent release via WikiLeaks of a cache of 20,000 internal e-mails, demonstrated yet again the vulnerability of our institutions to cyber intrusion and exploitation.  In its timing, content, and manner of release, the email dissemination was clearly intended to undermine the Democratic Party and the presidential campaign of Secretary Hillary Clinton, and disrupt the Democratic Party’s convention in Philadelphia.

[snip]

Specifically, we ask that the Administration consider declassifying and releasing, subject to redactions to protect sources and methods, any Intelligence Community assessments regarding the incident, including any that might illuminate potential Russian motivations for what would be an unprecedented interference in a U.S. Presidential race, and why President Putin could potentially feel compelled to authorize such an operation, given the high likelihood of eventual attribution.

For some equally bizarre reason, WaPo thinks Devin Nunes’ claim — in the same breath as he claims Donald Trump’s repeated calls on Russia to release Hillary’s email were sarcastic — that there is “no evidence, absolutely no evidence” that Russia hacked the DNC to influence the election is credible.

Rep. Devin Nunes (R-Calif.), the chairman of the House Intelligence Committee, told The Washington Post in an interview Wednesday that speculation about Russian attempts to sway the presidential election is unfounded.

“There is no evidence, absolutely no evidence, that the Russians are trying to influence the U.S. election,” Nunes said, repeatedly swatting away the suggestion made by some Democrats that the Russians may be using their intelligence and hacking capabilities to boost Donald Trump’s chances.

“There is evidence that the Russians are actively trying to hack into the United States — but it’s not only the Russians doing that. The Russians and the Chinese have been all over our networks for many years.”

These are two obvious (because they’re on the record) examples of partisans using their access to classified information to try to boost or refute a narrative that the Hillary Clinton campaign has explicitly adopted: focusing on the alleged Russian source of the hack rather on the content of the things the hack shows.

Kudos to Richard Burr, who is facing a surprisingly tough reelection campaign, for being the one Gang of Four member not to get involved in the partisan bullshit on this.

There are plenty of people with no known interest in either seeing a Trump or a Clinton presidency that have some measure of expertise on this issue (this is the rare moment, for example, when I’m welcoming the fact that FBI agents are sieves for inappropriate leaks). So no outlet should be posting something that obviously primarily serves the narrative one or the other candidate wants to adopt on the DNC hack without a giant sign saying “look at what partisans have been instructed to say by the campaign.” That’s all the more true for positions, like the Gang of Four, that we’d prefer to be as little politicized as possible. Please don’t encourage those people to use their positions to serve a partisan narrative, I beg of you!

For the same reason I’m peeved that Harry Reid suggested the Intelligence Community give Trump fake intelligence briefings. Haven’t we learned our lesson about politicizing intelligence?

More generally, I think journalists should be especially careful at this point to make it clear whether their anonymous sources have a partisan dog in this fight, because zero of those people should be considered to be unbiased when they make claims about the DNC hack.

A very special case of that comes in stories like this, where Neocon ideologue Eliot Cohen, identified as Bush appointee, is quoted attacking Trump for suggesting Russia should leak anymore emails.

But now Republican-aligned foreign policy experts are also weighing in along similar lines.

“It’s appalling,” Dr. Eliot A. Cohen, who was counselor of the State Department during the second term of George W. Bush’s presidency, said to me today. “Calling on a foreign government to go after your opponent in an American election?”

Cohen recently organized an open letter from a range of GOP national security leaders that denounced Trump in harsh terms, arguing that Trump’s “own statements” indicate that “he would use the authority of his office to act in ways that make America less safe, and which would diminish our standing in the world.” The letter said: “As committed and loyal Republicans, we are unable to support a Party ticket with Mr. Trump at its head. We commit ourselves to working energetically to prevent the election of someone so utterly unfitted to the office.”

But this latest from Trump, by pushing the envelope once again, raises the question of whether other prominent Republicans are ever going to join in.

For instance, to my knowledge, top national security advisers to George W. Bush, such as Stephen Hadley and Condoleezza Rice (who was also secretary of state), have yet to comment on anything we’ve heard thus far from Trump. Also, there could theoretically come a point where figures like former Defense Secretary Donald Rumsfeld and possibly even Dubya and George H.W. Bush feel compelled to weigh in.

Meanwhile, senior Republican elected officials who have backed Trump continue to refrain from taking on his comments forcefully or directly. Some Republicans actually defended Trump’s comments today. Paul Ryan’s spokesman issued a statement saying this: “Russia is a global menace led by a devious thug. Putin should stay out of this election.”

I feel differently about Trump’s asinine comment than I do about attribution of the attack. I’m all in favor of Hillary’s campaign attacking Trump for it, and frankly Cohen is a far more credible person to do so than Jake Sullivan and Leon Panetta, who also launched such attacks yesterday, because as far as I know Cohen has not mishandled classified information like the other two have.

But I would prefer if, rather than IDing Cohen as one of the Republicans who signed a letter opposing Trump, Greg Sargent had IDed him as someone who has also spoken affirmatively for Hillary.

On foreign policy, Hillary Clinton is far better: She believes in the old consensus and will take tough lines on China and, increasingly, Russia. She does not hesitate to make the case for human rights as a key part of our foreign policy. True, under pressure from her own left wing, she has backtracked on the Trans-Pacific Partnership, a set of trade deals that supports American interests by creating a counterbalance to China and American values by protecting workers’ rights. But she might edge back toward supporting it, once in.

Admittedly, this was at a time when Cohen and others still hoped some Mike Bloomberg like savior would offer them a third choice; that was before Bloomberg gave a very prominent speech endorsing Hillary last night.

Here’s the thing. The Neocons (led by Robert Kagan, who’s wife got named as a target of Russian aggression in the Feinstein-Schiff letter) are functioning as surrogates for Hillary just like top Democrats are. They are, just like Democrats are, now scrambling to turn their endorsements into both policy and personnel wins. Therefore we should no more trust the independence of a pro-Hillary Neocon — even if he did work for George Bush — than we would trust the many Democrats who have used their power to help Hillary win this election. Progressives should be very wary about the promises Hillary has made to get the growing number of Neocons (and people like Bloomberg) to so aggressively endorse her. Because those endorsements will come with payback, just like union or superdelegate endorsements do.

In any case, it’s hard enough to tease out attribution for two separate hacks and the subsequent publication of the hacked data by Wikileaks. Relying on obviously self-interested people as sources only further obscures the process.

Update: The Grammar Police actually nagged me to fix “whose/who’s” error in the Kagan sentence. Fun!

Share this entry

On December 10, Intelligence Committees Not Told Any Encrypted Communications Used in San Bernardino

/1 Comment/in , /by

Here’s what Senate Intelligence Chair Richard Burr and House Intelligence Ranking Member Adam Schiff had to say about a briefing on the San Bernardino attack they attended on December 10.

Lawmakers on Thursday said there was no evidence yet that the two suspected shooters used encryption to hide from authorities in the lead-up to last week’s San Bernardino, Calif., terror attack that killed 14 people.

“We don’t know whether it played a part in this attack,” Senate Intelligence Committee Chairman Richard Burr (R-N.C.) told reporters following a closed-door briefing with federal officials on the shootings.

But that hasn’t ruled out the possibility, Burr and others cautioned.

“That’s obviously one issue were very interested in,” House Intelligence Committee ranking member Adam Schiff (D-Calif.) said. “To what degree were either encrypted devices or communications a part of the impediment of the investigation, either while the events were taking place or to our investigation now?”

The recent terror attacks in San Bernardino and Paris have shed an intense spotlight on encryption.

While no evidence has been uncovered that either plot was hatched via secure communications platforms, lawmakers and federal officials have used the incidents to resurface an argument that law enforcement should have guaranteed access to encrypted data.

On December 10, we should assume from these comments, the Congressmen privy to the country’s most secret intelligence and law enforcement information, were told nothing about a key source of evidence in the San Bernardino attack being encrypted. Schiff made it quite clear the members of Congress in the briefing were quite interested in that question, but nothing they heard in the briefing alerted them to a known trove of evidence being hidden by encryption.

That’s an important benchmark because of details the FBI provided in response to a questions from Ars Tecnica’s Cyrus Farivar. As had been made clear in the warrant, FBI seized the phone on December 3. But the statement also reveals that FBI asked the County to reset Farook’s Apple ID password on December 6. That means they were already working on that phone several days before the briefing to the Intelligence Committee members (it’s unclear whether that briefing was just for the Gang of Four or for both Intelligence Committees).

While, given what Tim Cook described last night, the FBI had not yet asked for Apple’s assistance by that point, the FBI had to have known what they were dealing with by December 6 — an iPhone 5C running iOS9. Therefore, they would have known the phone was encrypted by default (and couldn’t be open with a fingerprint).

Yet even four days later, they were not sufficiently interested in that phone they had to have known to be encrypted to tell Congress it held key data.

Update: Wow, this, from Apple’s motion to vacate the order, makes this all the more damning.

Screen Shot 2016-02-25 at 6.09.00 PM

Share this entry

Why Tell the Israeli Spying Story Now?

/19 Comments/in , , /by

“Intelligence professionals have a saying: There are no friendly intelligence services,” the WSJ describes former House Intelligence Chair Mike Rogers saying, on the record. While there’s no way of telling — particularly not with WSJ’s described “more than two dozen current and former U.S. intelligence and administration officials” sources behind it’s blockbuster story on US spying on Bibi Netanyahu and other Israelis, Rogers is a likely candidate for some of the other statements attributed to “former US officials,” a moniker that can include agency officials, consultants, and members of Congress.

Which is awfully funny, given that two of the people squealing most loudly in response to the story are Rogers’ immediate predecessor, Crazy Pete Hoekstra, who called it a “Maybe unprecedented abuse of power,” and successor, Devin Nunes, who has already started an investigation into the allegations in the story.

It is the height of hypocrisy for these men, who have been privy to and by their silence have assented to this and, in Crazy Pete’s case, far worse patently illegal spying, to wail about a story that shows the Administration abiding by NSA minimization procedures they’ve both celebrated as more than adequate to protect US person privacy. If NSA’s minimization procedures are inadequate to protect US persons, the first thing Nunes should do is repeal FISA Amendments Act, which can expose far more people than the tailored, presumably EO 12333 tap placed on Bibi, not to mention OmniCISA, which can be targeted at Americans and will have even fewer protections for US persons.

The immediate attempt by a bunch of surveillance maximalists to turn compliant spying into a big scandal raises the question of why this story is coming out now, not incidentally just after Iran turned over its uranium stockpile over to Russia and in the process achieved another big step of the Iran deal.

I’m not in any way meaning to slight the WSJ reporting. Indeed, the story seems to show a breadth of sources that reflect a broad range of interests, and as such is not — as would otherwise be possible — Mike Rogers attempting to leak something to the WSJ so his fellow Republicans can make a stink about things.

This story includes “current and former U.S. officials” providing a list of leaders they claim were detasked from spying in 2014 — François Hollande, Angela Merkel, and other NATO leaders — and those they claim were not — along with Bibi Netanyahu, Turkey’s leader Recep Tayyip Erdogan. Of course, like James Clapper’s claim that Edward Snowden’s leaks forced the NSA to shut down its full take spying on Afghanistan, this “confirmation” may instead have been an effort to cover for collection that has since been restarted, especially given the story’s even more revealing explanation that, “Instead of removing the [surveillance] implants, Mr. Obama decided to shut off the NSA’s monitoring of phone numbers and email addresses of certain allied leaders—a move that could be reversed by the president or his successor.” Obama did not eliminate the infrastructure that allows him to request surveillance (in actually, monitoring of surveillance going on in any case) to be turned on like a switch, and this WSJ article just conveyed that detail to Hollande and Merkel.

So the story could serve as disinformation to cover up restarted surveillance, and it could serve as a cue for the bogus, unbelievably hypocritical political scandal that Crazy Pete and Nunes appear to want to make it.

But I’m just as interested in the dick-waving in the story.

Some of the most interesting details in the story — once you get beyond the wailing of people like Crazy Pete and Devin Nunes probably swept up in intercepts described in the story — pertain to what NSA did and did not learn about Bibi’s efforts, largely executed through Israeli Ambassador to the US Ron Dermer, to thwart the Iran deal. A key detail here is that while (it is implied) NSA destroyed most or all of the intercepts involving members of Congress directly with Bibi, they passed on (with US person identities masked) the reports back through foreign ministry channels of discussions with or on behalf of Bibi.

The NSA has leeway to collect and disseminate intercepted communications involving U.S. lawmakers if, for example, foreign ambassadors send messages to their foreign ministries that recount their private meetings or phone calls with members of Congress, current and former officials said.

“Either way, we got the same information,” a former official said, citing detailed reports prepared by the Israelis after exchanges with lawmakers.

In other words, NSA might not pass on the intercepts of calls members of Congress had with Bibi directly, but they would pass on the reports that Dermer or Bibi’s aides would summarize of such discussions. And according to “a former official” (curiously not described as high ranking) by passing on the reports of such conversations, “we got the same information.”

Usually, but not always, according to the story.

It describes that “Obama administration officials” (which may but probably doesn’t include intelligence officials) didn’t learn about John Boehner’s invitation to Bibi to address Congress ahead of time, even though Boehner extended that invite through Dermer.

On Jan. 8, John Boehner, then the Republican House Speaker, and incoming Republican Senate Majority Leader Mitch McConnell agreed on a plan. They would invite Mr. Netanyahu to deliver a speech to a joint session of Congress. A day later, Mr. Boehner called Ron Dermer, the Israeli ambassador, to get Mr. Netanyahu’s agreement.

Despite NSA surveillance, Obama administration officials said they were caught off guard when Mr. Boehner announced the invitation on Jan. 21.

According to the description of the article, this call should have been fair game to be shared with the White House as a report through the foreign ministry, but either wasn’t reported through normal channels on the Israeli side or NSA didn’t pass it along.

But, according to the story, the White House did get many of the details about Dermer’s attempt to scotch the Iran deal.

The NSA reports allowed administration officials to peer inside Israeli efforts to turn Congress against the deal. Mr. Dermer was described as coaching unnamed U.S. organizations—which officials could tell from the context were Jewish-American groups—on lines of argument to use with lawmakers, and Israeli officials were reported pressing lawmakers to oppose the deal.

[snip]

A U.S. intelligence official familiar with the intercepts said Israel’s pitch to undecided lawmakers often included such questions as: “How can we get your vote? What’s it going to take?”

Let me interject and note that, if the people squealing about these intercepts weren’t such raging hypocrites, I might be very concerned about this.

Consider the Jane Harman case. In 2009 it got reported that NSA and FBI collected conversations Jane Harman had (probably on an individual FISA wiretap) with AIPAC suspects in which Harman allegedly agreed to help squelch the criminal investigation into the organization in exchange for help getting the Chairmanship of the House Intelligence Committee. The position, not incidentally, that all the people (save Mike Rogers, who seems to have had no problem with them) squealing about these intercepts have held or currently hold. At least according to 2009 reports on this, lawyers in then Attorney General Alberto Gonzales’ DOJ considered criminal charges against Harman, but chose not to pursue them, because Gonzales — who had criminally, personally authorized the Stellar Wind program in March 2004 — needed Harman’s support in advance of NYT breaking the Stellar Wind story at the end of 2005. That suggests (if these stories are to be believed) Gonzales used Harman’s purported criminal exposure to get protection against his own.

Now, Crazy Pete was out of power well before these particular intercepts were described (though may have his own reason to be concerned about what such intercepts revealed), but in the same period, Devin Nunes got himself appointed HPSCI Chair, just like AIPAC was allegedly brokering with Harman. He got himself appointed HPSCI Chair by the guy, Boehner, who invited Bibi to address Congress.

And what were AIPAC and other groups — who allegedly were offering congressional leadership posts back in 2005 — offering lawmakers last year to oppose the Iran deal? “What’s it going to take?” the intercepts apparently recorded.

What were they offering?

This is the reason permitting lawmakers’ communications to be incidentally collected is such a risk — because it collects the sausage-making behind legislative stances — but also defensible — because it might disclose untoward quid pro quo by foreign governments of members of Congress. It is a real concern that the Executive is collecting details of Congress’ doings. More protections, both for Members of Congress and for regular schlubs, are needed. But wiretapping the incidentally collected communications with foreign leaders is not only solidly within the parameters of Congressionally-approved NSA spying, but may sometimes be important to protect the US.

That’s the kind of the thing the White House may have seen outlines of in the reports it got on Darmer’s attempts — though the report indicates that Democratic lawmakers and Israelis who supported the Iranian deal (probably including former Mossad head Efraim Halevy, who was criticizing Bibi and Darmer’s efforts in real time) were sharing details of Darmer’s efforts directly with the White House.

In the final months of the campaign, NSA intercepts yielded few surprises. Officials said the information reaffirmed what they heard directly from lawmakers and Israeli officials opposed to Mr. Netanyahu’s campaign—that the prime minister was focused on building opposition among Democratic lawmakers.

Which brings me to the dick-waving part. Here’s the last line of the WSJ story.

The NSA intercepts, however, revealed one surprise. Mr. Netanyahu and some of his allies voiced confidence they could win enough votes.

Some of this story is likely to be disinformation for our allies, much of this story seems to be warning (both friendly and unfriendly) to those likely implicated by the intercepts. But this just seems like dick-waving, the spook-and-politician equivalent of spiking the football and doing a lewd dance in the end zone. The Israelis surely knew all the monitoring was going on (even if members of Congress may have been stupid about them), especially given the way John Kerry, as laid out in the story, raised concerns about Israeli spying during negotiations. But this line, the final reveal in the story, mocks the Israelis and their American interlocutors for assuming they had enough to offer — “What’s it going to take to get your vote?”– to kill the Iran deal.

This may, in part, be an effort to get those implicated in the intercepts to exercise some more caution. But it also seems to be a victory dance, just as Russia ships away Iran’s uranium stockpiles.

Share this entry

The Appropriations Battle over Funding “Moderate” Terrorists

/10 Comments/in /by

Two weeks ago, John Brennan admitted on a Sunday show that sometimes when we “push the envelope … to protect this country” it “stimulates and spurs additional threats to our national security interests.” In a post on his comments, I suggested he might be thinking specifically of Syria as much as generally of counterterrorism.

Today, the WaPo cites “U.S. officials” complaining that the House Intelligence Committee voted to cut 10% off CIA’s Syrian budget.

The measure has provoked concern among CIA and White House officials, who warned that pulling money out of the CIA effort could weaken U.S.-backed insurgents just as they have begun to emerge as effective fighters. The White House declined to comment.

Arrayed against those anonymous whiners, the WaPo cites Adam Schiff on the record and a senior aide anonymously, describing how the CIA effort isn’t tracked with real metrics and hasn’t done much to weaken Assad.

“There is a great deal of concern on a very bipartisan basis with our strategy in Syria,” said Rep. Adam B. Schiff (Calif.), the ranking Democrat on the intelligence panel. He declined to comment on specific provisions of the committee’s bill but cited growing pessimism that the United States will be in a position “to help shape the aftermath” of Syria’s civil war.

[snip]

“Assad is increasingly in danger, and people may be taking bets on how long he can last, but it’s largely not as a result of action by so-called moderates on the ground,” said a senior Republican aide in Congress, who spoke on the condition of anonymity, citing the sensitivity of the subject.

[snip]

“Unfortunately, I think that ISIS, al-Nusra and some of the other radical Islamic factions are the best positioned to capi­tal­ize on the chaos that might accompany a rapid decline of the regime,” Schiff said.

Underlying it all, though, appears to be yet another effort (one we’ve seen with propaganda in the press as well) to claim those linked to al Qaeda in Syria are “moderate,” which in turn permits insiders to believe they’ll have some control over Syria after our Sunni and Israeli allies pull off his defeat.

Remember: Devin Nunes has long shown skepticism about our efforts to use proxy terrorists to spread democracy. And Adam Schiff is simply smarter than the kind of person who typically gets to be a ranking member of an Intelligence Committee. Good for them for finally insisting on metrics and — absent that — reining in the CIA’s gravy train.

Share this entry

The Precedent for Using Presidential National Emergency Proclamations to Expand Surveillance

/6 Comments/in , , /by

On September 14, 2001 — 3 days before signing an expansive Memorandum of Notification that would authorize a suite of covert operations against al Qaeda, and 4 days before signing an AUMF that would give those operations the appearance of Congressional sanction — President Bush declared a National Emergency in response to the 9/11 attack.

The following day, according to a 2002 motion to the FISC to be able to share raw FISA-derived information with CIA and NSA (this was liberated by Charlie Savage), FISC suspended its rules on sharing intelligence derived under FBI-obtained FISA warrants with criminal investigations (see page 26 of this paper for background).

On September 15, 2001, upon motion of the Government, the [FISA] Court suspended the “Court wall,” certification, and caveat requirements that previously had applied to Court-authorized electronic surveillance and physical search of [redacted] related targets, while directing that the FBI continue to apply the standard minimization procedures applicable in each case. As stated in the order resulting from that motion, the Court took this action in light of inter alia:

“the President’s September 14, 2001, declaration of a national emergency and the near war conditions that currently exist;”

“the personal meeting the Court had with the Director of the FBI on September 12, 2001, in which he assured the Court of the collection authority requested from this Court in the face of the nature and scope of the multi-faced response of the United States to the above-referenced attacks;

“the need for the Government to rapidly disseminate pertinent foreign intelligence information to appropriate authorities.”

Ten days after FISC dismantled its role in “the wall” between intelligence and criminal investigations in response to the Executive’s invocation of a National Emergency, on September 25, 2001, John Yoo finished an OLC memo considering the constitutionality of dismantling the wall by replacing “the purpose” in FISA orders with “a purpose.”

A full month later, on October 25, 2001, Congress passed the PATRIOT Act. For over 13 years, analysis of the PATRIOT Act has explained that it eliminated “the wall” between intelligence and criminal investigations by replacing language requiring foreign intelligence be “the purpose” of FISA wiretaps with language requiring only that that be “a significant purpose” of the wiretap. But the FISC suspension had already removed the biggest legal barrier to eliminating that wall.

In other words, the story we’ve been telling about “the wall” for over 13 years is partly wrong. The PATRIOT Act didn’t eliminate “the wall.” “The wall” had already been suspended, by dint of Executive Proclamation and a secret application with the FISC, over a month before the PATRIOT Act was initially introduced as a bill.

FISC suspended it, without congressional sanction, based on the President’s invocation of a National Emergency.

That’s not the only case where the Executive invoked that National Emergency in self-authorizing or getting FISC to authorize expansive new surveillance authorities (or has hidden the authorities under which it makes such claims).

Perhaps most illustratively, on May 6, 2004, Jack Goldsmith pointed to the National Emergency when he reauthorized most aspects of Stellar Wind.

On September 14, 2001. the President declared a national emergency “by reason of the terrorist attacks at the World Trade Center, New York, New York, and the Pentagon, and the continuing and immediate threat of further attacks on the United States.” Proclamation No. 7463, 66 Fed. Reg. 43, !99 (Sept. 14, 2001). The United States also launched a massive military response, both at home and abroad. In the United States, combat air patrols were immediately established over major metropolitan areas and were maintained 24 hours a day until April 2002, The United States also immediately began plans for a military response directed at al Qaeda’s base of operations in Afghanistan.

Only after invoking both the Proclamation and the immediate military response that resulted did Goldsmith note that Congress supported such a move (note, he cited Congress’ September 14 passage of the AUMF, not Bush signing it into law on September 18, thought that may be in part because Michael Hayden authorized the first expansions of surveillance September 14; also remember there are several John Yoo memos that remain hidden) and then point to an article on the friendly-fire death of Pat Tillman as proof that combat operations continued.

On September 14, 2001, both houses of Congress passed a joint resolution authorizing the President “to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks” of September I I. Congressional Authorization § 2(a). Congress also expressly acknowledged that the attacks rendered it “necessary and appropriate” for the United States to exercise its right “to protect United States citizens both at home and abroad,” and acknowledged in particular that the “the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the United States.” id. pmbl. Acting under his constitutional authority as Commander in Chief, and with the support of Congress, the President dispatched forces to Afghanistan and, with the cooperation of the Northern Alliance, toppled the Taliban regime from power Military operations to seek out resurgent elements of the Taliban regime and al Qaeda fighters continue in Afghanistan to this day. See, e.g., Mike Wise and Josh White, Ex-NFL Player Tillman Killed in Combat, Wash. Post, Apr. 24, 2004, at AI (noting that “there are still more than 10,000 U.S. troops in the country and fighting continues against remains of the Taliban and al Qaeda”).

That is, even in an OLC memo relying on the AUMF to provide legal sanction for President Bush’s systematic flouting of FISA for 2.5 years, Goldsmith relied primarily on the National Emergency Proclamation, and only secondarily on Congress’ sanction of such invocation with the AUMF.

The White Paper released in 2006 largely regurgitating Goldsmith’s opinion for more palatable consumption mentions the AUMF first in its summary, but then repeats Goldsmith’s emphasis on the Proclamation in the background section (see pages 2 and 4).

Paragraphs that may discuss such authorizations get redacted in the 2006 application to move content collection under FISC (see page 6). The entire background section (starting at page 5) of the initial Internet dragnet application is also redacted. While we can’t be sure, given parallel claims made in the same 2004 to 2006 period, it seems likely those memoranda also repeated this formula.

Such a formula was definitely dropped. The 2006 memorandum in support of using Section 215 to create a phone dragnet included no mention of authorities. The 2007 memorandum to compel Yahoo to fulfill Protect American Act orders cites PAA, not Emergency Declarations.

But the formula was retained in all discussions of the Administration’s illegal wiretap program in secret declarations submitted in court in 2006, 2007, and 2009, being repeated again in an unclassified 2013 declaration. While these declarations likely all derive, at least in part, from Goldsmith’s memo, it’s worth noting that the government has consistently suggested it could conduct significant surveillance programs without Congressional sanction by pointing to the that National Emergency Proclamation.

This is the precedent I meant to invoke when I expressed concern about President Obama’s expansive Executive Order of the other day, declaring a National Emergency because of cybersecurity.

Ranking House Intelligence Member Adam Schiff’s comment that Obama’s EO is “a necessary part of responding to the proliferation of dangerous and economically devastating cyber attacks facing the United States,” but that it will be “coupled with cyber legislation moving forward in both houses of Congress” only adds to my alarm (particularly given Schiff’s parallel interest in giving Obama soft cover for his ISIL AUMF while having Congress still involved).  It sets up the same structure we saw with Stellar Wind, where the President declares an Emergency and only a month or so later gets sanction for and legislative authorization for actions taken in the name of that emergency.

And we know FISC has been amenable to that formula in the past.

We don’t know that the President has just rolled out a massive new surveillance program in the name of a cybersecurity Emergency (rooted in a hack of a serially negligent subsidiary of a foreign company, Sony Pictures, and a server JP Morgan Chase forgot to update).

We just know the Executive has broadly expanded surveillance, in secret, in the past and has never repudiated its authority to do so in the future based on the invocation of an Emergency (I think it likely that pre FISA Amendments Act authorization for the electronic surveillance of weapons proliferators, even including a likely proliferator certification under Protect America Act, similarly relied on Emergency Proclamations tied to all such sanctions).

I’m worried about the Cyber Intelligence Sharing Act, the Senate version of the bill that Schiff is championing. But I’m just as worried about surveillance done by the executive prior to and not bound by such laws.

Because it has happened in the past.

Update: In his October 23, 2001 OLC memo authorizing the President to suspend the Fourth Amendment (and with it the First), John Yoo said this but did not invoke the September 14, 2001 proclamation per se.

As applied to the present circumstances, the [War Powers Resolution] signifies Congress’ recognition that the President’s constitutional authority alone enables him to take military measures to combat the organizations or groups responsible for the September 11 incidents, together with any governments that may have harbored or supported them, if such actions are, in his judgment, a necessary and appropriate response to the national emergency created by those incidents.

Update: Thanks to Allen and Joanne Leon for the suspend/suspect correction.

Share this entry

PATRIOT Extension: Congress Can’t Just Extend PATRIOT

/1 Comment/in /by

I’ve been remiss in laying out what I think the real solution for Section 215 is; I hope to get to that later this week.

Meanwhile, in the House, the question of what to do about the phone dragnet is already heating up. Adam Schiff, newly appointed ranking member in the House Intelligence Committee, is trying to buck up reform advocates in the face of calls for MOAR HAYSTACKS following the HebdoCharlie attack.

Schiff told me that those who are hoping for reform of bulk metadata collection need to remain vigilant against the possibility that lawmakers will seize on the Paris horror to blunt the case for change.

“Some will argue that the events in Paris make it impossible to reform any of our intelligence gathering programs,” Schiff said. “But as long as we can accomplish these reforms bolstering our privacy, while maintaining our security, we should do so.”

Remember, Schiff was the first to call publicly to have the telecoms hold the phone records.

Newly appointed Chair Devin Nunes, however, not only wants to reauthorize PATRIOT but also FISA (which isn’t expiring).

Q: What do you think should be the path forward for reform of the Foreign Intelligence Surveillance Act Courts? Do you support consideration and passage of the FISA Court Reform Act of 2013? If not, do you have your own proposals for FISA reform?
A: I believe the FISA court system is working well and striking the right balance between protecting Americans’ constitutional rights and allowing for effective intelligence operations to catch terrorists. So I don’t think it needs reform at this time — we don’t want to further encumber intelligence and law enforcement communities who already have a difficult task in tracking those who wish to attack Americans at home and abroad.

[snip]

Our immediate priorities will be analyzing the president’s budget, crafting the intelligence authorization bill and working with other committees to reauthorize FISA and the Patriot Act.

I hope we can hold him to his observation that FISC is working great, because most “reform” efforts (especially the RuppRoge effort out of the House Intelligence Committee) took authority out of FISC’s hands and put it into the IC’s.

One thing is missing from this discussion, on all sides.

Congress needs to do more than just extend PATRIOT, if they want full dragnet. They need to extend it, probably by starting with immunity, and probably some other tweaks, to be able to access all the phone records they want. That’ll be harder to do if it’s not done under cover of “reform.”

 

Share this entry

5 Democrats Have Called on Obama Not to Reauthorize the Dragnet Tomorrow

/in /by

Tomorrow is dragnet day, the next 90-day reauthorization for the dragnet.

In advance of that date, Pat Leahy just called on President Obama to simply let the dragnet end.

The President can end the NSA’s dragnet collection of Americans’ phone records once and for all by not seeking reauthorization of this program by the FISA Court, and once again, I urge him to do just that.  Doing so would not be a substitute for comprehensive surveillance reform legislation – but it would be an important first step.

Leahy joins 4 other Democrats who have already called for the President to unilaterally stop the dragnet.

At a hearing last month, Adam Schiff suggested to DIRNSA Mike Rogers that they move forward without waiting for a new law.

“There’s nothing in statute that requires the government to gather bulk data, so you could move forward on your own with making the technological changes,” Schiff said. “You don’t have to wait for the USA Freedom Act.”

There’s no reason for the NSA to wait for congressional approval to put additional limits on the program “if you think this is the correct policy,” Schiff added. “Why continue to gather the bulk metadata if [Obama administration officials] don’t think this is the best approach?”

And back in June, Senators Wyden, Udall, and Heinrich not only made a similar suggestion in a letter to the President, but laid out how Obama could achieve what he says he wants to without waiting for legislation.

But the President is not going to end the dragnet. Heck, for all we know, FISC has already signed the reauthorization.

Mind you, it may be that President Obama can’t start the new-and-improved dragnet without offering providers immunity and compensation. But if Obama can’t simply end the dragnet without offering telecoms and second level contractors broad immunity, then he’s obviously planning on something more exotic than just regular phone contact chaining.

Share this entry

On USA Freedom: Heed Jan Schakowsky’s Warning

/3 Comments/in /by

There are two reviews of whether HR 3361 constitutes real reform today, one from McClatchy and one from National Journal, both written partly in response to privacy groups’ realization that Mike Rogers has been doing a circumspect victory lap over the shape of the bill.

While neither examines the flip side of the bill — what the intelligence community will gain from this — they both provide a useful caution about the potential pitfalls in the bill, many (but not all) I’ve examined at this site.

McClatchy is particularly useful, though, for the comments from Adam Schiff and Jan Schakowsky, two of the only people on the House Intelligence Committee who tend to balance the interests of civil liberties against the demands of the intelligence community. Here’s what they had to say about the legislative prospects.

Rep. Adam Schiff, D-Calif., an Intelligence Committee member who isn’t among the letter writers, said he hoped to offer an amendment that would seek to “introduce a greater adversarial process in the FISA court” by establishing a panel of attorneys from which counsel could be selected to participate in cases that involved novel legal and technical issues.

“I believe the civil liberties protections can be improved,” Schiff said.

[snip]

Rep. Jan Schakowsky, D-Ill., an Intelligence Committee member, praised the House bill. “If we could improve it,” she said, “I would go back to the original bill’s provisions that would implement stronger reporting regulations and create an office of the special advocate.”

Schakowsky added, though, “ I am most concerned at this point about preventing any efforts to weaken this bipartisan compromise.”

Remember, HPSCI held its markup behind closed doors, and there has been little leaking about went on there, aside from Rogers’ crowing. So this offers a bit of a read of what might have gone on.

Schiff, if you recall, was one of the very first people to get Keith Alexander to admit the government could conduct its contact-chaining program with the telecoms retaining the data. He is generally a pretty good read on the art of the possible. If he thinks this bill can be improved, perhaps he’s got reason for optimism.

But I find Schakowsky’s warning potentially more realistic.

Remember, one thing HPSCI considered was removing all definition of “specific selection term” (or “identifier,” which HPSCI also included). Without a definition, the bill might only prevent bulk collection of phone records, if that; I believe the government could come up with “selection terms” for everything else that would permit systematic programs. And I suspect something like dropping the definition would — will — happen if this ever gets to a conference (indeed, as Jim Sensenbrenner knows better than anyone, that’s how some of the existing loopholes got retained in PATRIOT in 2005-6, at a time when there was also bipartisan uproar over illegal spying). I think Schakowsky is realistic in worrying that, with the momentum it has picked up with unanimous passage in HJC and a voice vote passage in HPSCI, it could get worse just as easily as it could get better.

As I’ve said, this bill defuses the digital equivalent of a nuclear bomb by taking the phone-based relationship database out of the hands of the government. That’s important.

But from there, it’s unclear what effect this bill will have in practice, and could become far less clear if things like that definition disappear. So we’d be well to take Schakowsky’s warning seriously.

Share this entry