From the start of the Hillary Clinton email scandal, I’ve maintained that there are real reasons to be critical of her use of a private email.
There are big governance reasons to be concerned that Clinton has been in control of all her official emails, including that the emails will get destroyed or hidden from FOIA and Congressional requests.
But there’s also the question of whether whatever sensitive communications she had — potentially including classified information — were safe on a server run out of her Chappaqua home. While the State Department’s own emails have been notoriously unreliable — they have been compromised both in the WikiLeaks leak and in persistent hacks in recent years– if foreign adversaries learned of her private server (and remember, it’s very hard to hide metadata from someone who is looking), her communications would be even easier to compromise.
[T]he system is also broken because it has been permitted to become a tool the powerful use to control their own image (and thereby accrue more power). After the years-long witch hunts under her spouse’s Presidency, Clinton might be forgiven for wanting to maintain complete control over her own communications (except for that whole bit about democratic accountability). But she is of course doing it to serve her own Presidential aspirations.
Not only are there real governance reasons it was wrong, but it was an own-goal given that she knew Republicans would pounce on anything that hints of corruption (even though most GOP presidential candidates have done the same thing). In the grand scheme of things, however, I’m most interested in fixing the email and accountability problem, because it has been a recurrent problem since Poppy Bush tried to destroy some PROFs notes to cover up the Iran-Contra scandal.
That said, much — though not all — of the reporting on it took a decidedly irresponsible turn when Intelligence Community Inspector General Charles McCullough revealed that two emails from the emails on Hillary’s server had been determined to contain Top Secret information. Such reporting was led by former NSA official John Schindler whose piece in the Daily Beast bore this headline.
Schindler might be excused for a headline editors gave his piece to drive clicks and scandal — and indeed, in some parts of his article he was more disciplined in specifying whose emails these were — but he nevertheless used the formulation “Clinton’s emails” when claiming she had satellite-derived information on her servers.
Most seriously, the Inspector General assessed that Clinton’s emails included information that was highly classified—yet mislabeled as unclassified. Worse, the information in question should have been classified up to the level of “TOP SECRET//SI//TK//NOFORN,” according to the Inspector General’s report.
This left the suggestion that as Secretary of State Hillary Clinton sat down with some SIGINT reporting, transcribed it, and then sent it off to her staffers. That, in spite of repeated clarifications from official sources that Hillary was in no way a target of the FBI inquiry into this.
Dianne Feinstein clarified the point yesterday: the issue is that Hillary received emails that had information claimed to be classified, not that she sent them.
There has been a lot of press coverage recently of allegations regarding Secretary Clinton’s email. Unfortunately, much of the coverage has missed key points.
First, none of the emails alleged to contain classified information were written by Secretary Clinton.
The questions are whether she received emails with classified information in them, and if so, whether information in those emails should have been classified in the first place. Those questions have yet to be answered. However, it is clear that Secretary Clinton did not write emails containing classified information.
Again, nothing obviates all the blame that Hillary chose to rely on an unclassified email system, but it’s one thing if Hillary were sending Top Secret information across an unprotected server, and yet another thing if she received emails that might have been derived from Top Secret information, but were not marked as such or even evidently sourced from Top Secret information. Or even — given that some of the people and agencies in question aren’t entirely trustworthy when they make claims of secrecy — that publicly available information was deemed Top Secret.
At least according to the AP (in a story sourced to US officials, so potentially some people in DiFi’s immediate vicinity), that’s what happened.
The two emails on Hillary Rodham Clinton’s private server that an auditor deemed “top secret” include a discussion of a news article detailing a U.S. drone operation and a separate conversation that could point back to highly classified material in an improper manner or merely reflect information collected independently, U.S. officials who have reviewed the correspondence told The Associated Press.
The drone exchange, the officials said, begins with a copy of a news article that discusses the CIA drone program that targets terrorists in Pakistan and elsewhere. While a secret program, it is well-known and often reported on. The copy makes reference to classified information, and a Clinton adviser follows up by dancing around a top secret in a way that could possibly be inferred as confirmation, they said. Several officials, however, described this claim as tenuous.
But a second email reviewed by Charles McCullough, the intelligence community inspector general, appears more suspect. Nothing in the message is “lifted” from classified documents, the officials said, though they differed on where the information in it was sourced. Some said it improperly points back to highly classified material, while others countered that it was a classic case of what the government calls “parallel reporting” — different people knowing the same thing through different means.
This is CIA claiming secrecy for its drone operations!!! The ongoing FOIAs about CIA’s acknowledged role in the drone war are evidence that even independent appellate judges don’t buy CIA’s claims that their drone activities are secret. Just yesterday, in fact, DC Judge Amit Mehta ordered DOJ to provide Jason Leopold more information about its legal analysis on CIA drone-killing Anwar al-Awlaki, information the CIA had claimed was classified. Indeed, Martha Lutz, the woman who likely reviewed the emails turned over, is fairly notorious for claiming things are classified that pretty obviously aren’t. It’s her job!
I’m all in favor of doing something to ensure all people in power don’t hide their official business on hidden email servers — right now, almost all people in power do do that.
But those who take CIA’s claims of drone secrecy seriously should be mocked, as should those who deliberately obscure the difference between receiving an unmarked email with information claimed to be classified and those who transcribe information from a properly marked classified document.
Steven Aftergood catches Charles McCullough, the Intelligence Community Inspector General who has resisted exercising oversight over spying, doing his job.
“A civilian employee with the Army Intelligence and Security Command made an IC IG Hotline complaint alleging an interagency data repository, believed to be comprised of numerous intelligence and non-intelligence sources, improperly included U.S. person data,” the IC IG wrote. “The complainant also reported he conducted potentially improper searches of the data repository to verify the presence of U.S. persons data. We are researching this claim.”
Given prior reports about ICREACH — which purportedly focuses on foreign collected data but therefore would include US person data collected overseas — this is not that surprising. (I don’t think this should be ICREACH, however, because that’s not explained as a repository.)
But I find it particularly interesting that this complaint comes from someone at INSCOM, the Army intelligence outfit where Keith Alexander tried to ingest US person data in 2001, only to have Mikey Hayden refuse (!).
The heartburn first flared up not long after the 2001 terrorist attacks. Alexander was the general in charge of the Army’s Intelligence and Security Command (INSCOM) at Fort Belvoir, Virginia. He began insisting that the NSA give him raw, unanalyzed data about suspected terrorists from the agency’s massive digital cache, according to three former intelligence officials. Alexander had been building advanced data-mining software and analytic tools, and now he wanted to run them against the NSA’s intelligence caches to try to find terrorists who were in the United States or planning attacks on the homeland.
By law, the NSA had to scrub intercepted communications of most references to U.S. citizens before those communications can be shared with other agencies. But Alexander wanted the NSA “to bend the pipe towards him,” says one of the former officials, so that he could siphon off metadata, the digital records of phone calls and email traffic that can be used to map out a terrorist organization based on its members’ communications patterns.
“Keith wanted his hands on the raw data. And he bridled at the fact that NSA didn’t want to release the information until it was properly reviewed and in a report,” says a former national security official. “He felt that from a tactical point of view, that was often too late to be useful.”
Hayden thought Alexander was out of bounds. INSCOM was supposed to provide battlefield intelligence for troops and special operations forces overseas, not use raw intelligence to find terrorists within U.S. borders. But Alexander had a more expansive view of what military intelligence agencies could do under the law.
“He said at one point that a lot of things aren’t clearly legal, but that doesn’t make them illegal,” says a former military intelligence officer who served under Alexander at INSCOM.
In November 2001, the general in charge of all Army intelligence had informed his personnel, including Alexander, that the military had broad authority to collect and share information about Americans, so long as they were “reasonably believed to be engaged” in terrorist activities, the general wrote in a widely distributed memo.
Indeed, given the timing (IC IG’s report describes this as happening in the fourth quarter of calendar year 2013, so in the months after this Shane Harris report), it’s possible this report is what led the tipster to check whether US person data was available in repositories available to INSCOM.
While INSCOM focuses on battlefield intelligence, it also does cybersecurity and force protection, the kind of thing that has, in the past, targeted Americans (even Americans peddling porn!). So while this might just reflect oversharing, it also might reflect a return to the mentality of Keith Alexander.
I’m still working on understanding all the crud that is included in the USA Freedumber Act. And for the first time, I have looked really closely at the language on Inspector General Reports, which effectively modifies Section 106 of the 2005 PATRIOT Act Reauthorization. Not only does the language add a DOJ IG Report roughly parallel to the ones mandated for the years through 2006 for 2012 through 2014, but it adds an Intelligence Community IG Report for those 3 years.
I’ve long noted that that seems to leave 2010 and 2011 unexamined. That might be covered in the IG report Pat Leahy requested of the Intelligence Committee IG, Charles McCullough, though the dates are different and McCullough said he didn’t really have the time. So 2010 and 2011 may or may not currently being reviewed; they’re not required to be by the bill, however.
But upon closer review I’m just as interested in some holes the two reports will likely have, in combination.
What I realized when I reviewed the actual language, below, is that USA Freedumber is exploiting the fact that Section 215 was originally written exclusively for the FBI, even if the NSA and CIA and probably a bunch of other agencies are using it too (they’re doing this with minimization procedures elsewhere in the bill, too). Thus, they can leave language that applies specifically to FBI, and pretend that it applies to other agencies.
In practice, that leaves the DOJ IG to investigate general things about Section 215 use, including:
any noteworthy facts or circumstances relating to orders under such section, including any improper or illegal use of the authority provided under such section; and
So long as FBI retains a role in the application process, it will have access to and can review the categories of records obtained, which is critical because this is one of the ways Congress will learn what those categories are.
But only the DOJ IG assesses whether Section 215 is adhering to law (as opposed to protecting Americanas’ constitutional rights). At one level, I’d much rather have DOJ IG perform this review, because we’ve never seen anything out of the IC IG resembling real oversight. Plus, under Glenn Fine, DOJ’s IG did point to real legal problems with the dragnet (which DOJ largely refused to fix, but which may have led to addition FISC opinions on those subjects). But I have questions whether DOJ’s IG would get enough visibility into what NSA and CIA and other agencies are doing with this data to perform a real review of the legality of it.
Then there are some somewhat parallel things both DOJ’s and IC’s IG would review, including:
the importance (IC IG) or effectiveness (DOJ IG) of Section 215
the manner in which that information was collected, retained, analyzed, and disseminated by the intelligence community;
the minimization procedures used by elements of the intelligence community under such title and whether the minimization procedures adequately protect the constitutional rights of United States persons; and
any minimization procedures proposed by an element of the intelligence community under such title that were modified or denied by the FISC
These are all well and good, and there’s the possibility that an IC IG review of how NSA analyzes and disseminates Section 215 data would find any of the most concerning potential practices.
I find the last two things DOJ’s IG would review at FBI but not even at DEA (if DEA uses Section 215), and which the IC IG would not review at all, the most telling.
That is, the DOJ IG reports on how often the FBI uses Section 215 for finished intelligence products and how often it serves supports criminal proceedings. But it doesn’t track how often NSA uses Section 215 for finished intelligence products, nor does it track how often NSA uses Section 215 to investigate an American further.
The latter fact — that NSA isn’t counting how many Americans its targets because of Section 215 derived information — is not all that surprising. NSA has worked hard to obscure how many Americans have been sucked up in its analytical maw. Still, if we were serious about providing some transparency to the corporate store — where anyone 2 or 3 degrees from a RAS approved selector can get dumped and subjected to all of NSA’s analytical tradecraft forever — we’d require the IC IG to count this number, too.
And the fact that no one asks NSA and CIA how many finished intelligence reports they’re generating out of Section 215 is problematic both because it doesn’t identify how often NSA and CIA are sharing intelligence with FBI or National Counterterrorism Center or other agencies like DEA (which was one of the big problems with both the phone and Internet dragnet in 2009-10). But it also makes it harder for Congress to get a real understanding of how effective these tools are.
You can’t judge the efficacy of something you don’t measure.
To understand how important this is, consider the discussions about the phone dragnet we’ve had since last year. Everything has been measured in terms of reporting to FBI, which not only doesn’t disclose how many people are stuck in NSA’s maw, but to outsiders made the program look totally useless. We still don’t know precisely how the government is using the phone dragnet, because the data they’ve shared to describe its efficacy is probably not the most significant way it is used.
It seems the intelligence community would like to keep it that way. Continue reading
In the days after the Boston Marathon attack last year, NSA made some noise about expanding its domestic surveillance so as to prevent a similar attack.
But in recent days, we’ve gotten a lot of hints that NSA may have just missed Tamerlan Tsarnaev.
Consider the following data points.
First, in a hearing on Wednesday, Intelligence Community Inspector General Charles McCullough suggested that the forensic evidence found after the bombing might have alerted authorities to Tamerlan Tsarnaev’s radicalization.
Senator Tom Carper: If the Russians had not shared their initial tip, would we have had any way to detect Tamerlan’s radicalization?
[McCullough looks lost.]
Carper: If they had not shared their original tip to us, would we have had any way to have detected Tamerlan’s radicalization? What I’m getting at here is just homegrown terrorists and our ability to ferret them out, to understand what’s going on if someone’s being radicalized and what its implications might be for us.
McCullough: Well, the Bureau’s actions stemmed from the memo from the FSB, so that led to everything else in this chain of events here. You’re saying if that memo didn’t exist, would he have turned up some other way? I don’t know. I think, in the classified session, we can talk about some of the post-bombing forensics. What was found, and that sort of thing. And you can see when that radicalization was happening. So I would think that this would have come up, yes, at some point, it would have presented itself to law enforcement and the intelligence community. Possibly not as early as the FSB memo. It didn’t. But I think it would have come up at some point noting what we found post-bombing.
Earlier in the hearing (around 11:50), McCullough described reviewing evidence “that was within the US government’s reach before the bombing, but had not been obtained, accessed, or reviewed until after the bombing” as part of the IG Report on the attack. So some of this evidence was already in government hands (or accessible to it as, for example, GCHQ data might be).
We know some of this evidence not accessed until after the bombing was at NSA, because the IG Report says so. (See page 20)
That may or may not be the same as the jihadist material Tamerlan posted to YouTube in 2012, which some agency claims could have been identified as Tamerlan even though he used a pseudonym for some of the time he had the account.
The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.” After reviewing a draft of this report, the FBI commented that Tsarnaev’s YouTube display name changed from “muazseyfullah” to “Tamerlan Tsarnaev” on or about February 12, 2013, and suggested that therefore Tsarnaev’s YouTube account could not be located using the search term “Tamerlan Tsarnaaev” before that date.20 The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.
20 In response to a DOJ OIG request for information supporting this statement, the FBI produced a heavily redacted 3-page excerpt from an unclassified March 19, 2014, EC analyzing information that included information about Tsarnaev’s YouTube account. The unredacted portion of the EC stated that YouTube e-mail messages sent to Tsarnaev’s Google e-mail account were addressed to “muazseyfullah” prior to February 12, 2013, and to “Tamerlan Tsarnaev” beginning on February 14, 2013. The FBI redacted other information in the EC about Tsarnaev’s YouTube and Google e-mail accounts.
The FBI may not have been able to connect “muazseyfullah” with Tamerlan, but that’s precisely what the NSA does with its correlations process; it has a database that does just that (though it’s unclear whether it would have collected this information, especially given that it postdated the domestic Internet dragnet being shut down).
Finally, there’s the matter of the Anwar al-Awlaki propaganda.
An FBI analysis of electronic media showed that the computers used by Tsarnaev contained a substantial amount of jihadist articles and videos, including material written by or associated with U.S.-born radical Islamic cleric Anwar al-Aulaqi. On one such computer, the FBI found at least seven issues of Inspire, an on-line English language magazine created by al-Aulaqi. One issue of this magazine contained an article entitled, “Make a Bomb in the Kitchen of your Mom,” which included instructions for building the explosive devices used in the Boston Marathon bombings.
Information learned through the exploitation of the Tsarnaev’s computers was obtained through a method that may only be used in the course of a full investigation, which the FBI did not open until after the bombings.
The FBI claims they could only find the stuff on Tamerlan’s computer using methods available in full investigations (this makes me wonder whether the FBI uses FISA physical search warrants to remotely search computer hard drives).
But that says nothing about what NSA (or even FBI, back in the day when they had the full time tap on Awlaki, though it’s unclear what kind of monitoring of his content they’ve done since the government killed him) might have gotten via a range of means, including, potentially, upstream searches on the encryption code for Inspire.
In other words, there’s good reason to believe — and the IC IG seems to claim — that the government had the evidence to know that Tamerlan was engaging in a bunch of reprehensible speech before he attacked the Boston Marathon, but they may not have reviewed it.
Let me be clear: it’s one thing to know a young man is engaging in reprehensible but purportedly protected speech, and another to know he’s going to attack a sporting event.
Except that this purportedly protected speech is precisely — almost exactly — the kind of behavior that has led FBI to sic multiple informants and/or undercover officers on other young men, including Adel Daoud and Mohamed Osman Mohamud, even in the absence of a warning from a foreign government.
And they didn’t here.
Part of the issue likely stems from communication failures between FBI and NSA. The IG report notes that “the relationship between the FBI and the NSA” was one of the most relevant relationships for this investigation. Did FBI (and CIA) never tell the NSA of the Russian warning? And clearly they never told NSA of his travel to Russia.
But part of the problem likely stems from the way NSA identifies leads — precisely the triaging process I examined here. That is, NSA is going to do more analysis on someone who communicates with people who are already targeted. Obviously, the ghost of Anwar al-Awlaki is one of the people targeted (though the numbers of young men who have Awlaki’s propaganda is likely huge, making that a rather weak identifier). The more interesting potential target would be William Plotnikov, the Canadian-Russian boxer turned extremist whom Tamerlan allegedly contacted in 2012 (and it may be this communication attempt is what NSA had in its possession but did not access until after the attacks). But I do wonder whether the NSA didn’t prioritize similar targets in countries of greater focus, like Yemen and Somalia.
It’d be nice to know the answer to these questions. It ought to be a central part of the debate over the NSA and its efficacy or lack thereof. But remember, in this case, the NSA was specifically scoped out of the heightened review (as happened after 9/11, which ended up hiding the good deal of warning the NSA had before the attack).
We’ve got a system that triggers on precisely the same kind of speech that Tamerlan Tsarnaev engaged in before he attacked the Marathon. But it didn’t trigger here.
As longtime readers know, I have long tracked a DOJ Inspector General investigation into FBI’s use of Section 215 and other PATRIOT Act authorities.
A good healthy obsession!
Since it’s been a while — the investigation is now 1,403 days old — yesterday I decided to nag the IG office.
They were mum on when we might finally see the report. Instead of offering details, they directed me to their new (apparently brand spanking new) “in the interest of transparency” page on their ongoing work.
It shows the long-promised report, still focusing on Section 215 use through 2009, as well as NSLs and pen register.
Use of National Security Letters, Section 215 Orders, and Pen Register and Trap-and-Trace Authorities under FISA from 2007 through 2009
The OIG is again examining the FBI’s use of NSLs and Section 215 orders for business records. This review is assessing the FBI’s progress in responding to the OIG’s recommendations in its first and second reports on the FBI’s use of NSLs and its report on the FBI’s improper use of exigent letters and other informal means to obtain telephone records. A focus of this review is the NSL subsystem, an automated workflow system for NSLs that all FBI field offices and headquarters divisions have been required to use since January 1, 2008, and the effectiveness of the subsystem in reducing or eliminating noncompliance with applicable authorities. The current review is also examining the number of NSLs issued and Section 215 applications filed by the FBI between 2007 and 2009, and any improper or illegal uses of these authorities. In addition, the review is examining the FBI’s use of its pen register and trap-and-trace authority under FISA.
But it also shows a report not mentioned in Michael Horowitz’ last report.
A report on the dragnet.
Bulk Telephony Review
The OIG is reviewing the FBI’s use of information derived from the National Security Agency’s (NSA) collection of telephony metadata obtained from certain telecommunications service providers under Section 215 of the Patriot Act. The review will examine the FBI’s procedures for receiving, processing, and disseminating leads the NSA develops from the metadata, and any changes that have been made to these procedures over time. The review will also examine how FBI field offices respond to leads, and the scope and type of information field offices collect as a result of any investigative activity that is initiated. In addition, the review will examine the role the leads have had in FBI counterterrorism efforts.
In truth, this investigation may not be all that distinct from the known PATRIOT authorities investigation. The minimization procedures for both — and therefore the way the information gets used, an issue central to both investigations — appear to be the same. And to the extent that the number of 215 orders with minimization procedures has been growing since 2010 indicates the FBI is collecting other information in bulk, the programs may well interrelate.
At first, I thought that this investigation, with the very significant exception of the way the dragnet serves to identify informants, might not reveal anything that problematic. Upon review, I’m not so sure. I’ll explain why in a follow-up report.
The one big difference between the two investigations, however (and I’ll discuss this at more length in the follow-up), is that dragnet investigation, unlike the PATRIOT Authority one, appears not to be time delimited. Whereas the older investigation only looks at practices through 2009, the dragnet investigation appears to be examining on-going practices. It seems to be investigating all the 215-related issues identified by Pat Leahy that the IC IG should investigate that come under DOJ’s jurisdiction.
So bad news good news! DOJ is still, 1,403 days later, investigating how the FBI used PATRIOT Act authorities 5 years ago, meaning more recent developments are not getting much attention.
But there is a potentially related investigation looking at what the FBI ingests from the phone dragnet (at least the small part relating to Section 215) right now.
On Thursday, the Inspectors General of the Intelligence Community, DOJ, CIA, and DHS (but not NSA) released their report on the Marathon Bombing. While the public release was just a very condensed summary, included the redaction of both classified and “sensitive” information, and made no attempt to reconstruct data government agencies had or could have had on Dzhokhar Tsarnaev, the report did show that the NSA had data on Tamerlan Tsarnaev and that the FBI found information on his computers that NSA might have gotten via other means.
On Friday, prosecutors in the case against Dzhokhar refused to tell him what they collected under FISA.
Before I get into the government’s refusal on FISA notice — some of which has repercussions for other cases — let’s go over what electronic communications the government did have or could have had.
First, the IG Report (which did not specifically involve NSA’s IG and did not include Dzhokhar in its scope) nevertheless points to information NSA collected in 2012 that was not turned over to FBI until after the attack.
The report also points to communications dating to January 2011, which is entirely redacted. This probably refers to communications the Russians intercepted, not the NSA (indeed, the report discusses NSA data, above, later in the same section, which indicates the earlier redaction doesn’t pertain to NSA). Though there’s no indication whether the NSA received notice of these communications, including the non-US person interlocutor located overseas involved in them, who would have been a legal NSA target.
I started reading the Combined IG Report on the Marathon attack (including the DOJ, CIA, DHS, and Intelligence Community IGs, but not NSA). And the whole thing looked so bogus from the start, I figured a working thread was in order.
One thing to remember here: we’ve only got a 32-page summary that includes 5 pages of agency (but not CIA) response and a title page. We’re getting a mere fraction of the 168-page report.
To make things worse, some things are redacted that aren’t even classified, they’re just sensitive.
Redactions in this document are the result of classification and sensitivity designations we received from agencies and departments that provided information to the OIGs for this review. As to several of these classification and sensitivity designations, the OIGs disagreed with the bases asserted. We are requesting that the relevant entities reconsider those designations so that we can unredact those portions and make this information available to the public.
(PDF 2) Several things in this passage:
Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter.
First, they don’t say what law enforcement officials IDed the brothers. That sentence precedes one which claims there were “unidentified suspects,” which suggests they had suspicions before they were “IDed.” The word “encountered” is awfully suspicious, given that explanations of how the shootout in Watertown happened have been contradictory. And note they don’t say whether Tamerlan died immediately or not–again, an issue about which there’s some contention.
(PDF 2) Note they tell us Anzor’s ethnicity, but not his wife’s (who is more central to this narrative)?
(PDF 2) The report dodges legitimate questions about why the family got refugee status by referring only to “an immigration benefit.” Given reports the uncle had ties to the CIA, that benefit may be more than a simple asylum request.
Note that, after having previously said the brothers were ID’ed by LE, they now specify FBI [Actually, I think that’s wrong: this is still ambiguous about who IDed them]. But the timing is crazy: it says FBI reviewed its records by April 19, but never says when they were IDed, and doesn’t say whether they were reviewed during a period of suspicion.
By April 19, 2013, after the Tsarnaev brothers were identified as suspects in the bombings, the FBI reviewed its records and determined that in early 2011 it had received lead information from the FSB about Tamerlan Tsarnaev, had conducted an assessment of him, and had closed the assessment after finding no link or “nexus” to terrorism.
(PDF 4) This seems very broad. I wonder what they’re including? Online communications?
As a result, the scope of this review included not only information that was in the possession of the U.S. government prior to the bombings, but also information that existed during that time and that the federal government reasonably could have been expected to have known before the bombings.
(PDF 4) This passage and footnote are huge dodges, making the entire report meaningless.
We carefully tailored our requests for information and interviews to focus on information available before the bombings and, where appropriate, coordinated with the U.S. Attorney’s Office conducting the prosecution of alleged bomber Dzhokhar Tsarnaev.1
1 The initial lead information from the FSB in March 2011 focused on Tamerlan Tsarnaev, and to a lesser extent his mother Zubeidat Tsarnaeva. Accordingly, the FBI and other agencies did not investigate Dzhokhar Tsarnaev’s possible nexus to terrorism before the bombings, and the OIGs did not review what if any investigative steps could have been taken with respect to Dzhokhar Tsarnaev.
I’ll come back to this. But the indictment lists a number of things that the FBI, in their stings, have found and used to identify easy marks. They did not do so here, with Dzhokhar. Which raises real questions about why they chose not to pursue him when they’ve pursued so many other young men like Dzhokhar?
(PDF 4) Here’s who was included in this review:
We also requested other federal agencies to identify relevant information they may have had prior to the bombings. These agencies included the Department of Defense (including the National Security Agency (NSA)), Department of State, Department of the Treasury, Department of Energy, and the Drug Enforcement Administration.
There has been little discussion of DEA’s likely awareness of the brothers, but it is likely, given that they were dealing drugs with potential ties to organized crime. And NSA, but I harp on that too much. I’m curious what role DOE might have.
(PDF 4) Again, they specify they’re only looking at pre-attack data. Which dodges what they could have collected but didn’t.
Additionally, each OIG conducted or directed its component agencies to conduct database searches to identify relevant pre-bombing information.
(PDF 4-5) As with HHSC’s report, the FBI stalled here.
As described in more detail in the classified report, the DOJ OIG’s access to certain information was significantly delayed at the outset of the review by disagreements with FBI officials over whether certain requests fell outside the scope of the review or could cause harm to the criminal investigation. Only after many months of discussions were these issues resolved, and time that otherwise could have been devoted to completing this review was instead spent on resolving these matters.
(PDF 5) The 12333 passage makes it clear NSA had a big role here. But, again, its IG did not conduct an investigation.
(PDF 6-7) The CIA section is very thin. I assume some stuff is missing.
(PDF 8) Note the importance of NSA’s sharing with FBI here?
Of particular relevance to this review are the relationships between the FBI, CIA, and DHS, as well as the relationship between the FBI and the NSA, and the NCTC’s relationships throughout the Intelligence Community.
(PDF 8) This makes clear that the transcription and birthdate errors were in both FSB warnings; it’s just that CIA didn’t fix the second one.
Importantly, the memorandum included two incorrect dates of birth (October 21, 1987 or 1988) for Tamerlan Tsarnaev, and the English translation used by the FBI transliterated their last names as Tsarnayev and Tsarnayeva, respectively.
(PDF 10) This passage seems to admit that FBI could have, but did not, search FISA related databases. It also suggests there was a “certain telephone database,” which might include the Hemisphere database, which performs the same function as the NSA claims (falsely) the phone dragnet does. Note, too, that they’ve only checked for the Tsarnaevs in FBI databases. I’ll come back to these databases in a later post.
Additionally, the DOJ OIG determined that the CT Agent did not use every relevant search term known or available at the time to query the FBI systems, including certain telephone databases and databases that include information collected under authority of the Foreign Intelligence Surveillance Act (FISA). However, searches of FBI databases conducted at the direction of the DOJ OIG during this review produced little information beyond that identified by the CT Agent during the assessment, with the exception of additional travel-related data for Zubeidat Tsarnaeva.
(PDF 11) Note that the second FBI letter to FSB, dated October 7, 2011, postdated the FSB notice to CIA. But it also comes at a time when Boston area law enforcement were conducting an investigation into the murder of Tamerlan’s best friend. The Waltham murders are not mentioned at all in the unclassified report.
(PDF 12) The IG Report does not tell us the date in September when FSB provided notice to CIA. Given that Tamerlan may have just been or was about to be involved in a grisly murder, I find that omission very notable.
(PDF 12) Note you can be watchlisted without derogatory information. This seems to be because of the exception mentioned in FN 10. But fat lot of good it did in this case. Per the footnote, that exception subsequently got disqualified, though I bet it has been qualified again.
(PDF 12) The IG Report doesn’t even acknowledge there was some other kind of difference between the first and the later watchlist entries as indicated on pp 33-4 of the HHSAC Committee report, which suggests that discussion may be redacted entirely.
(PDF 16) Note that, as happens with all Legal Permanent Residents, Tamerlan was photographed (and fingerprinted) during immigration. I’m surprised there isn’t more discussion of this (though it may be classified). But one big point of this relatively new border protocol is to have recent pictures on hand in case, say, you need to do facial recognition on pictures from a terrorist attack. Were they used?
(PDF 19) Note the big redaction describing intercepted communications. This may simply describe what the Russians had collected, which led to their tip. But I do wonder whether NSA collected its own version, not least because details of the Russian intercept has been widely reported.
(PDF 20) Note that the discussion of Tamerlan’s (remember, Dzhokhar is not included here) computer materials is described solely in terms of what FBI could do. That’s different from what both DHS does (they track public online speech) and NSA. It’s unclear whether they could have found some of this using methods available to them, but the report’s silence on that point is notable.
The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.”
The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.
The passage goes on to report the 7 copies of Inspire on one of the computers used by Tamerlan (again, there’s no mention of Dzhokhar here).
Something they’re not saying, but we know to be true. Had they picked up Inspire either through a 702 upstream search or XKeyscore, they would have had identifiers that could have pegged Tsarnaev’s identity and tied it to all his other identities, regardless of the fact Tamerlan used an alias until February 2013.
And note the big redaction: NSA had information that dated to 2012, which may well have been the intercepts with Plotnikov.
Finally, note that FBI never turned over most of the information about Tamerlan’s Google accounts. The excuse (as noted above) was the ongoing investigation. But I wonder whether that’s ongoing investigation into the Waltham murder or the Marathon attack.
(PDF 25) Note the discussion of enhancement in the 2nd-to-last bullet. I believe this suggests that transliteration questions are only addressed with this enhancement.
(PDF 25) Note that they at least used to delete US person travel info after 6 months unless it represents terrorism information. This would arise from NCTC’s minimization procedures.
(PDF 32) As noted above, we don’t get John Brennan’s response to this, though he presumably sent one. I suspect that means there are classified recommendations for the Agency and that his response reflects that. While it’s not clear what the foreign target would be in this context (perhaps an investigation of the person to whom Zubeidat was speaking about Tamerlan wanting to join jihad?) but there seems to have been some.
As I noted back in September, Patrick Leahy and a bunch of other Senators asked the Intelligence Community Inspector General Charles McCullough to investigate the dragnet.
In particular, we urge you to review for calendar years 2010 through 2013:
- the use and implementation of Section 215 and Section 702 authorities, including the manner in which information – and in particular, information about U.S. persons – is collected, retained, analyzed and disseminated;
- applicable minimization procedures and other relevant procedures and guidelines, including whether they are consistent across agencies and the extent to which they protect the privacy rights of U.S. persons;
- any improper or illegal use of the authorities or information collected pursuant to them; and
- an examination of the effectiveness of the authorities as investigative and intelligence tools.
McCullough just answered.
“At present, we are not resourced to conduct the requested review within the requested timeframe,” wrote McCullough, before adding he and other agency inspectors general are weighing now whether they can combine forces on a larger probe.
Leahy had asked McCullough to finish in what was then 15 months, December 2014, which would make it available for the PATRIOT Reauthorization due the next year.
Note, McCullough gave the same answer he and NSA’s IG gave when Ron Wyden asked how many Americans get caught up in the dragnet.
Not enough resources.
Mind you, he apparently has enough resources to do this:
Finally, we began to implement a program to lead IC-wide administrative investigations into unauthorized disclosures of classified information (i.e., “leak”) matters.
The Investigations Division reviewed hundreds of closed cases from across the IC. Going forward, the division will engage in gap mitigation for those cases where an agency does not have the authority to investigate (multiple agencies or programs) or where DOJ declined criminal prosecution. The division will conduct administrative investigations with IG Investigators from affected IC elements to maximize efficiencies, expedite investigations, and enhance partnerships.
The Investigations Division is reviewing 375 unauthorized disclosure case files.
But not enough resources to review a massive dragnet affecting every American in time to have results before the dragnet gets reauthorized.
Update: And apparently the Senate Intelligence Committee just told ODNI to investigate more leaks and pre-leaks.
- Empowering the Director of National Intelligence to improve the government’s process to investigate (and reinvestigate) individuals with security clearances to access classified information;
Let’s take the narrative the Federal Government wants to tell us about the Boston Marathon attack.
Both FBI and CIA got tips from Russia in early- and mid-2011 implicating Tamerlan Tsarnaev in extremism which FBI, which appropriately has jurisdiction, investigated and entered into the relevant databases accessible to Joint Terrorism Task Force partners.
Later that year, the government alleges (based on the word of a guy they killed immediately thereafter), Tamerlan and Ibragim Todashev — and possibly Tamerlan’s brother Dzhokhar — knifed three friends and associates to death on 9/11 while they waited for pizza from a place the brothers may have once worked; while several of the people on both sides of that killing were involved in selling drugs, the presumed motive for that killing (especially given the date) pertains to Islamic extremism, not a drug and money dispute, in spite of or perhaps because of the pot and money left at the scene. After the killing, Tamerlan disappeared from the scene in Cambridge and was never interviewed by the cops. Senate Intelligence Committee members allege Russia passed on another warning about Tamerlan after October 2011, though the FBI insists it kept asking for more information to no avail.
The next year, Tamerlan left for Russia and Chechnya and Dagestan, but the Homeland Security dragnet missed him because Aeroflot misspelled his name (an issue that contributed to their missing the UndieBomb, too; Russia’s original tip to the FBI had gotten his birthdate wrong). While in Russia, Tamerlan met a bunch of Chechen extremists, several of whom were killed shortly after he met them. Then, Tamerlan returned to Boston, and he and his brother made some bombs out of pressure cookers and fireworks in his Cambridge flat (testimony of their cab driver notwithstanding), and then set them off near the finish line of the Boston Marathon, killing 3 and maiming hundreds.
In spite of the thousands of videos of the event, FBI’s prior investigation, and immigration records on the brothers including pictures, the government’s facial recognition software proved unable to find them (in spite of claims “FBI” officials were asking around Cambridge already), so the government released their pictures and set off a manhunt that resulted in Tamerlan’s death and the arrest of Dzhokhar.
That’s the story, right?
Two weeks after the attack, James Clapper tasked the Intelligence Community Inspector General, Charles McCullough, with investigating the attack to see if it could have been prevented (note, after the 2009 UndieBomb attack, the Senate Intelligence Committee conducted such an investigation but I’ve heard no peep of them doing so here). Also involved in that investigation are DOJ, DHS, and CIA’s IG, but not NSA’s IG, in spite of the fact that the Russians, at least, reportedly intercepted international texts implicating Tamerlan in planning jihad (though there’s no reason to believe the non-US side of those texts — a family member of the brothers’ mother — would have been a known CT target). (Note that, even as McCullough has been conducting this investigation, which ultimately involves information that has been leaked to the press, James Clapper has him conducting investigations into unauthorized leaks — does anyone else see the huge conflict here???)
Back on September 19 (perhaps not coincidentally the day after Ibragim Todashev’s friend Ashurmamad Miraliev was arrested in FL and questioned for 6 hours without a lawyer), McCullough wrote Congress to tell them that because “information relevant to the review is still being provided to the review team,” the review would be indefinitely delayed.
According to the BoGlo, McCullough is offering a new excuse for further delay: the shutdown.
Officials said the shutdown has hampered various agencies’ ability to conduct interviews, undertake research, or pay support personnel who are responsible for reviewing the operations of the government’s terrorism databases before the Marathon attack and determining whether information on the bombing suspects was properly handled.
Last month congressional oversight communities were informed that while officials were “working diligently” to complete the review, the process of interviewing counter-terrorism officials and reviewing computer files had turned out to be more challenging than expected. McCullough, the intelligence community’s inspector general, said at the time that “information relevant to the review is still being provided to the review teams.”
A senior Senate staffer, who was not authorized to speak publicly, said briefings recently scheduled for intelligence officials to brief key congressional committees on the progress of the review were canceled.
So here we are over 6 months after the attack, and an inquiry purportedly reviewing whether our CT information sharing (led by the National Counterterrorism Center, which reports to Clapper, to whom McCullough also reports as a non-independent IG) did what it was supposed to, is still having trouble reviewing the actual databases (!?!?), ostensibly because they had to furlough the support people doing that rather than allow them to figure out how to fix problems to prevent the next terrorist attack. (Remember, James Clapper testified he had furloughed 70% of civilian IC staff, to the shock of Chuck Grassley and others.)
Perhaps that’s the problem. Perhaps it is the case that in 6 months time, IC support personnel had not yet been able to access and assess the database counterterrorism professionals are expected to monitor and respond to almost instantaneously. If that is the case, it, by itself, ought to be huge news.
Or perhaps there’s something about the Waltham investigation that has made it newly embarrassing that warnings before and — if blathery Senators are to be believed — after the murders didn’t focus more attention on Tamerlan Tsarnaev.
But, as bmaz emphasized in his post on Donald Sachtleben’s plea agreement, there’s no hint of prosecuting Brennan, who leaked Top Secret details about the British/Saudi double agent into AQAP, even while they’re imprisoning Donald Sachtleben, who is only accused of leaking details he knew to be Secret.
A law enforcement official indicated that the case has not been officially closed but the charges against Sachtleben are the only ones expected.
(Sure, the evidence that Sachtleben was involved with kiddie porn seems solid, but then Brennan drone-killed children, so he’s not above reproach for his treatment of children either.)
But that is by no means the weirdest thing about the government’s treatment of the UndieBomb 2.0 leak investigation.
The entire premise of the FBI narrative is that they exercised greater care with a kiddie porn accusee they had dead to rights than they did the 100 or so AP reporters who got sucked up in their overbroad dragnet. They would have you believe that, even after seizing a CD holding a November 2, 2006 SECRET CIA intelligence report at Sachtleben’s house in May 2012 pursuant to a kiddie porn warrant (which they have not produced in the docket), they just sat on his devices for almost a year until they obtained the phone records for 20 AP phone lines, in a seizure far more intrusive into journalism than any recent known subpoena.
Sachtleben was identified as a suspect in the case of this unauthorized disclosure only after toll records for phone numbers related to the reporter were obtained through a subpoena and compared to other evidence collected during the leak investigation. This allowed investigators to obtain a search warrant authorizing a more exhaustive search of Sachtleben’s cell phone, computer, and other electronic media, which were in the possession of federal investigators due to the child pornography investigation.
(I may be mistaken, but I don’t think the FBI made this claim in any court document, so I assume it is bullshit, especially since they had had to do extensive forensic searches of Sachtleben’s computer and he had already signed a plea deal forfeiting it.)
They would also have you believe the AP had no inkling of the UndieBomb plot until ABC reported inflammatory claims about cavity bombs on April 30, 2012, even in spite of ABC’s reference to TSA head John Pistole’s earlier fear-mongering about it and in spite of additional reporting about broad Air Marshall mobilization. DOJ goes to great lengths to make you believe AP first texted Sachtleben on April 30 and not, say, on April 28 (which would mean the kiddie porn investigation accelerated after such contact), though there’s no reason to believe that’s true and the AP call records DOJ obtained apparently go back to well before April 30. They also suggest AP was asking Sachtleben about an Asiri bomb, though the first text they include is an assertion — not a question — that Asiri has been busy.
They would have you believe that two Pulitzer Prize winners would defy White House and CIA wishes with a story sourced to a single source who, just a day earlier, had provided a mistaken guess about the excitement. Continue reading