Posts

Why Do They Call It Panama Papers, Anyway?

Over the weekend, a bunch of media outlets let loose shock and awe in bulk leak documents, PanamaPapers, with project leaders ICIJ and Sueddeutsche Zeitung — as well as enthusiastic partner, Guardian — rolling out bring spreads on a massive trove of data from the shell company law firm Mossack Fonseca.

If all goes well, the leak showing what MF has been doing for the last four decades will lead us to have a better understanding of how money gets stripped from average people and then hidden in places where it will be safe from prying eyes.

Before I raise some questions about the project, I wanted to point to one of the best pieces of journalism I’ve seen from the project so far: this Miami Herald piece showing how its high end real estate boom has been facilitated by the money laundering facilitated by MF.

At the end of 2011, a company called Isaias 21 Property paid nearly $3 million — in cash — for an oceanfront Bal Harbour condo.

But it wasn’t clear who really owned the three-bedroom unit at the newly built St. Regis, an ultra-luxury high-rise that pampers residents with 24-hour room service and a private butler.

In public records, Isaias 21 listed its headquarters as a Miami Beach law office and its manager as Mateus 5 International Holding, an offshore company registered in the British Virgins Islands, where company owners don’t have to reveal their names.

[snip]

Buried in the 11.5 million documents? A registry revealing Mateus 5’s true owner: Paulo Octávio Alves Pereira, a Brazilian developer and politician now under indictment for corruption in his home country.

A Miami Herald analysis of the never-before-seen records found 19 foreign nationals creating offshore companies and buying Miami real estate. Of them, eight have been linked to bribery, corruption, embezzlement, tax evasion or other misdeeds in their home countries.

That’s a drop in the ocean of Miami’s luxury market. But Mossack Fonseca is one of many firms that set up offshore companies. And experts say a lack of controls on cash real-estate deals has made Miami a magnet for questionable currency.

The story is deeply contextualized with localized reporting that goes beyond the leaked documents. And it can lead to policy changes — restrictions on cash real estate transactions — that can help to stem (or at least redirect) the flow of this corrupt money. You could tell similar stories from big cities around North America (this has been a particular focus in NYC and Vancouver). And with effort, cities could crack down on such cash transactions, with all the negative effects they bring to localities.

But much of the other reporting so far remains at the level of shock and awe. Biggest leak ever! Putin Putin Putin! And much of the reporting reflects not just editorial bias, but some apparent innumeracy (though no one has yet released the real numbers) to claim that people from evil countries are proportionally more corrupt than people from good countries like the UK.

Where did these documents come from?

Screen Shot 2016-04-04 at 10.00.01 AM

Here’s how SZ describes how they got these documents.

Over a year ago, an anonymous source contacted the Süddeutsche Zeitung (SZ) and submitted encrypted internal documents from Mossack Fonseca, a Panamanian law firm that sells anonymous offshore companies around the world. These shell companies enable their owners to cover up their business dealings, no matter how shady.

In the months that followed, the number of documents continued to grow far beyond the original leak. Ultimately, SZ acquired about 2.6 terabytes of data, making the leak the biggest that journalists had ever worked with. The source wanted neither financial compensation nor anything else in return, apart from a few security measures.

Nowhere I’ve seen explains where this source got the documents.

For almost three years, we have openly debated what I consider a fair question: what was Edward Snowden’s motivation for stealing the NSA’s crown jewels and was any foreign country involved? People have also asked questions about how he accessed so much: Did he steal colleagues’ passwords? Did he join Booz Allen solely to be able to steal documents? I think the evidence supports an understanding that his motives were good and his current domicile an unfortunate outcome. And we know some details about how he managed to get what he did — but the key detail is that he was a Sysadmin in a location where insider detection systems were not yet implemented and credentials to have unaudited access to many of the documents he obtained. Those details are a key part of understanding some of the story behind his leaks (and how NSA and GCHQ are organized).

Somehow, journalists aren’t asking such questions when it comes to this leak, the Unaoil leak that broke last week, or the leak of files on British Virgin Isles have activity a few years back (which, like this project, ICIJ also had a central role in). I’m sympathetic to the argument that IDing who stole these documents would put her or him in terrible danger (depending on who it is). But I also think this level of description the Intercept gave — in the first paragraph of a story about stolen recordings of jailhouse phone calls that revealed improper retention of attorney client conversations — would be useful.

The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. [my emphasis]

The Intercept’s source, knowing of the problem, hacked recordings from an inadequately protected server.

As the Guardian’s own graphic makes clear, this leak dwarfs the leaks by Chelsea Manning and Hervé Falciani (the security engineer behind the HSBC leak). It probably dwarfs the Snowden leak (though oddly the Guardian, which had fingers in both, doesn’t include Snowden in its graphic). That ought to raise real questions about how someone could access so much more information than tech experts with key credentials working at the core of security in the targeted organizations could. And those questions are worth asking because if these files come from an external hacker — a definite possibility — than it ought to raise questions about how they were able to get so much undetected and even — as everyone felt appropriate to ask with Snowden — whether an intelligence agency was involved.

Where are the corrupt Americans?

As with the BVI leak before it, thus far this leak has included no details on any Americans. Some have suggested that’s because the Panama trade deal already brought transparency on US persons’ activities through the haven of Panama, except these files go back four decades and. Americans not only used Panama as a haven before that, but the CIA used it as a key laundering vehicle for decades, as Manuel Noriega would be all too happy to explain if western countries would let him out of prison long enough to do so.  Moreover, the files are in no way restricted to Panama (indeed, some of the stories already released describe the establishment of shell companies within the US).

Screen Shot 2016-04-04 at 10.17.39 AMNot only haven’t we heard about any Americans, but even for the close American friends identified so far — starting with Saudi Crown Prince and close CIA buddy Mohammed bin Nayef — the details provided to date are scanty, simply the name of the shell he was using.

Craig Murray has already been asking similar questions.

Russian wealth is only a tiny minority of the money hidden away with the aid of Mossack Fonseca. In fact, it soon becomes obvious that the selective reporting is going to stink.

The Suddeutsche Zeitung, which received the leak, gives a detailed explanation of the methodology the corporate media used to search the files. The main search they have done is for names associated with breaking UN sanctions regimes. The Guardian reports this too and helpfully lists those countries as Zimbabwe, North Korea, Russia and Syria. The filtering of this Mossack Fonseca information by the corporate media follows a direct western governmental agenda. There is no mention at all of use of Mossack Fonseca by massive western corporations or western billionaires – the main customers. And the Guardian is quick to reassure that “much of the leaked material will remain private.”

What do you expect? The leak is being managed by the grandly but laughably named “International Consortium of Investigative Journalists”, which is funded and organised entirely by the USA’s Center for Public Integrity. Their funders include

Ford Foundation
Carnegie Endowment
Rockefeller Family Fund
W K Kellogg Foundation
Open Society Foundation (Soros)

among many others. Do not expect a genuine expose of western capitalism. The dirty secrets of western corporations will remain unpublished.

Expect hits at Russia, Iran and Syria and some tiny “balancing” western country like Iceland. A superannuated UK peer or two will be sacrificed – someone already with dementia.

Now, in response to people like me and Murray and Moon of Alabama asking those questions, the SZ editor in charge of their side of the project promises dirt on Americans will be coming. Let’s hope so, because this is a worthwhile leak of data, and it would be unfortunate for Americans and Brits to be deprived of learning more about the corruption among their elite.

Does this project follow up on Ken Silverstein’s earlier reporting?

Back in December 2014, Ken Silverstein did a fairly thorough review of MF at Vice (though he worked at the Intercept at the time).

[A] yearlong investigation reveals that Mossack Fonseca—which theEconomist has described as a remarkably “tight-lipped” industry leader in offshore finance—has served as the registered agent for front companies tied to an array of notorious gangsters and thieves that, in addition to Makhlouf, includes associates of Muammar Gaddafi and Robert Mugabe, as well as an Israeli billionaire who has plundered one of Africa’s poorest countries, and a business oligarch named Lázaro Báez, who, according to US court records and reports by a federal prosecutor in Argentina, allegedly laundered tens of millions of dollars through a network of shell firms, some which Mossack Fonseca had helped register in Las Vegas.

Documents and interviews I’ve conducted also show that Mossack Fonseca is happy to help clients set up so-called shelf companies—which are the vintage wines of the money-laundering business, hated by law enforcement and beloved by crooks because they are “aged” for years before being sold, so that they appear to be established corporations with solid track records—including in Las Vegas. One international asset manager who talked to Mossack Fonseca about doing business with them told me that the firm offered to sell a 50-year-old shelf company for $100,000.

If shell companies are getaway cars for bank robbers, then Mossack Fonseca may be the world’s shadiest car dealership.

Silverstein clearly had some documents, though there’s no indication he had the trove that started getting leaked to SZ and ICIJ in early 2015, just weeks after Silverstein’s story.

On Twitter, Silverstein suggested his story never got published because this was the period when the Intercept wasn’t publishing (I had something similar happen to me while there).

But given the close continuity between Silverstein’s story and SZ receipt of the first documents, are they part of the same effort?

Why do they call it the Panama Papers?

These aren’t papers showing the corruption that flows through Panama (for that matter, neither did the BVI leaks show all the corruption that flows through BVI, and there’s a significant BVI aspect to this leak). Rather, they show the corruption flowing through a Panamian-based but global firm, Mossack Fonseca. Reporting on this tells us MF is only the fourth largest of these laundering specialists.

So, aside from the fact that few people have heard of MF, why are we calling this the Panama Papers and not “Here’s what the fourth largest of these companies is involved with”?

All of which is to say as huge as this leak is — which is good! — it’s still just a tiny fraction of what’s out there.

Let the resignations begin

None of this is meant to undermine the importance of this leak or the reporting the team of journalists covering it. Indeed, the story already threatens to take down the Prime Minister of Iceland whose conflict of interest the files revealed. We should have more of these leaks, covering all the havens and shell-creators.

Just remember, as you’re watching the coverage, that we’re getting selective coverage of one particular corner of that industry (ICIJ has said something about releasing files in several months). By all means let’s go after the crooks this story exposes, but let’s remember the crooks who, for whatever reason, aren’t included in this one.

Update: Fusion, which is part of the data sharing, admits there are only 211 Americans identified in the stash, though thus far this is just from recent years (that is, the years that might be affected by the trade agreement).

International Consortium of Investigative Journalists (ICIJ) has only been able to identify 211 people with U.S. addresses who own companies in the data (not all of whom we’ve been able to investigate yet). We don’t know if those 211 people are necessarily U.S. citizens.

All that said, the very good experts (including Jack Blum, who’s as good on these issues as anyone) don’t have very compelling explanations why there aren’t Americans in the stash.

Update: McClatchy describes some of the 200-some Americans whose passports show up in the files. All the ones it describes have been prosecuted (though several got light punishments).

The Leak Hypocrisy of the Hillary Shadow Cabinet

In what has become a serial event, the State Department and Intelligence Community people handling Jason Leopold’s FOIA of Hillary Clinton emails have declared yet more emails to be Top Secret.

The furor over Hillary Clinton’s use of a private email account grew more serious for the Democratic presidential front-runner Friday as the State Department designated 22 of the messages from her account “top secret.”

It was the first time State has formally deemed any of Clinton’s emails classified at that level, reserved for information that can cause “exceptionally grave” damage to national security if disclosed.

State did not provide details on the subject of the messages, which represent seven email chains and a total of 37 pages. However, State spokesman John Kirby said they are part of a set the intelligence community inspector general told Congress contained information classified for discussing “Special Access Programs.”

Now, as I have said before, one thing that is going on here is that CIA is acting just like CIA always does when it declares publicly known things, including torture and drones, to be highly secret. It appears likely that these Top Secret emails are yet another set of emails about the worst kept secret in the history of covert programs, CIA’s drone killing in Pakistan. And so I am sympathetic, in principle, to Hillary’s campaign claims that this is much ado about nothing.

But they might do well to find some other spokesperson to claim that this is just overclassification run amok.

“This is overclassification run amok. We adamantly oppose the complete blocking of the release of these emails,” campaign spokesman Brian Fallon said on Twitter. Appearing on MSNBC after the news broke, Fallon vowed to fight the decision.

“You have the intelligence community, including an Intelligence Community Inspector General, as well as the inspector general at the State Department, that have been insisting on certain ways of deciding what is classified and what’s not,” he said. “We know that there has been disagreement on these points, and it has spilled out into public view at various points over the last several months. It now appears that some of the loudest voices in this interagency review that had some of the strongest straightjacket-type opinions on what should count as classified, have prevailed. That’s unfortunate. We strongly disagree with the finding that has been reached today, and we are going to be contesting it and seeking to have these emails released.”

Alternately Hillary can declare that if she is elected, she’ll pardon both Jeffrey Sterling and Chelsea Manning.

Sterling’s prosecution for, in part, having 3 documents about dialing a rotary phone in his home that were retroactively classified Secret, happened while Brian Fallon presided over DOJ’s Office of Public Affairs; Fallon sat by as James Risen got questioned about his refusal to testify. Sterling’s retention of documents that weren’t marked Secret is surely the same kind of “overclassification run amok,” and by the same agency at fault here, that Fallon is now complaining about. So shouldn’t Fallon and Clinton be discussing a pardon for Sterling?

Then there’s Manning. As Glenn Greenwald noted, in that case Clinton had a different attitude about the sensitivity of documents classified Secret or less.

Manning was convicted and sentenced to 35 years in prison. At the time, the only thing Hillary Clinton had to say about that was to issue a sermon about how classified information “deserves to be protected and we will continue to take necessary steps to do so” because it “affect[s] the security of individuals and relationships.”

So if the nation’s secrets aren’t really as secret as DOJ and State and DOD have claimed, shouldn’t these two, along with people like Stephen Jin-Woo Kim, be pardoned?

Amid Fallon and Clinton’s prior support for this level of classification, there’s something else odd about the response to this scandal (which I have said is largely misplaced from the stupid decision to run her own server to the issue of classified information).

First, the response from many supporters — and it’s a point I’ve made too — is that this doesn’t reflect on Hillary because she mostly just received these emails, she didn’t send them. That’s true. And it largely limits any legal liability Hillary herself would have.

But this particular response comes against the backdrop of Hillary attacking Bernie for not giving a foreign policy speech before Iowa (a critique I’m somewhat sympathetic with, although debates have been focused on it), and against this approving story in the Neocon press on Hillary forming a shadow cabinet.

Team Hillary is in the process of setting up formal advisory teams and working groups divided into regional and thematic subjects, similar to the structure of the National Security Council, several participants in the project told me. Unlike in 2008, when Clinton and Barack Obama competed for advisers, this time around all the Democratic foreign-policy types are flocking to her team because Clinton is the only game in town.

The groups report up to the campaign’s senior foreign policy adviser, Jake Sullivan, who was Clinton’s deputy chief of staff and director of policy planning when she was secretary of state.

As it notes, this shadow cabinet reports to Jake Sullivan. Sullivan is, according to one report, the staffer who sent the most emails that have since been declared classified.

Nearly a third of the classified messages released so far from former Secretary of State Hillary Rodham Clinton’s emails came from one man: Jake Sullivan, who served as her deputy chief of staff in the department, and is now the top foreign policy adviser to her presidential campaign.

If Hillary’s supporters argue that she can’t be held responsible because she didn’t send these, does that mean they would hold Sullivan, Hillary’s presumptive National Security Advisor, responsible instead?

Then there’s this detail about outside advisors to this shadow cabinet: it includes Leon Panetta, who not only leaked highly classified information in his memoir, but also would have been busted for exposing the Navy SEALs who offed Osama bin Laden if the game weren’t so rigged to excuse senior leakers.

In addition to the working groups, Sullivan relies on a somewhat separate group of senior former officials who have more frequent interaction with the campaign leadership and Clinton herself. Many of these advisers aren’t publicly affiliated with the campaign because they have leadership roles with organizations that have not endorsed any candidate for president.

But sources close to the campaign told me that Clinton, Sullivan and campaign chairman John Podesta are in regular contact with former National Security Advisor Tom Donilon, former Defense Secretary Leon Panetta and former Secretary of State Madeleine Albright.

Is the effort to keep the identities of the men who killed OBL secret also, “overclassification run amok”? Or does Panetta’s role in Hillary’s foreign policy team suggest her crowd really is that hypocritical about who can leak classified information?

I’d really love it if Hillary came out strongly against the paranoid secrecy that stifles our foreign policy (and just yesterday led to Ashkan Soltani losing a position as a technical advisor for the White House, presumably because of his role in reporting the Snowden documents).

But thus far that’s not what she’s doing: her campaign is making a limited critique of this paranoid secrecy, only applicable when it impacts those close to her.

It’s Not Just the FISA Court, It’s the Game of Surveillance Whack-a-Mole

In response to this post from Chelsea Manning, the other day I did the first in what seems to have become a series of posts arguing that we should eliminate the FISA Court, but that the question is not simple. In that post, I laid out the tools the FISC has used, with varying degrees of success, in reining in Executive branch spying, especially in times of abuse.

In this post, I want to lay out how reining in surveillance isn’t just about whether the secret approval of warrants and orders would be better done by the FISC or a district court. It’s about whack-a-mole.

That’s because, right now, there are four ways the government gives itself legal cover for expansive surveillance:

  • FISC, increasingly including programs
  • EO 12333, including SPCMA
  • Magistrate warrants and orders without proper briefing
  • Administrative orders and/or voluntary cooperation

FISA Court

The government uses the FISA court to get individualized orders for surveillance in this country and, to a less clear extent, surveillance of Americans overseas. That’s the old-fashioned stuff that could be done by a district court. But it’s also one point where egregious source information — be it a foreign partner using dubious spying techniques, or, as John Brennan admitted in his confirmation hearing, torture — gets hidden. No defendant has ever been able to challenge the basis for the FISA warrant used against them, which is clearly not what Congress said it intended in passing FISA. But given that’s the case, it means a lot of prosecutions that might not pass constitutional muster, because of that egregious source information, get a virgin rebirth in the FISC.

In addition, starting 2004, the government started using the FISA Court to coerce corporations to continue domestic collection programs they had previously done voluntarily. As I noted, while I think the FISC’s oversight of these programs has been mixed, the FISC has forced the government to hew closer (though not at) the law.

EO 12333, including SPCMA

The executive branch considers FISA just a subset of EO 12333, the Reagan Executive Order governing the intelligence community — a carve out of collection requiring more stringent rules. At times, the Intelligence Community have operated as if EO 12333 is the only set of rules they need to follow — and they’ve even secretly rewritten it at least once to change the rules. The government will always assert the right to conduct spying under EO 12333 if it has a technical means to bypass that carve out. That’s what the Bush Administration claimed Stellar Wind operated under. And at precisely the time the FISC was imposing limits on the Internet dragnet, the Executive Brach was authorizing analysis of Americans’ Internet metadata collected overseas under SPCMA.

EO 12333 derived data does get used against defendants in the US, though it appears to be laundered through the FISC and/or parallel constructed, so defendants never get the opportunity to challenge this collection.

Magistrate warrants and orders

Even when the government goes to a Title III court — usually a magistrate judge — to get an order or warrant for surveillance, that surveillance often escapes real scrutiny. We’ve seen this happen with Stingrays and other location collection, as well as FBI hacking; in those cases, the government often didn’t fully brief magistrates about what they’re approving, so the judges didn’t consider the constitutional implications of it. There are exceptions, however (James Orenstein, the judge letting Apple challenge the use of an All Writs Act to force it to unlock a phone, is a notable one), and that has provided periodic checks on collection that should require more scrutiny, as well as public notice of those methods. That’s how, a decade after magistrates first started to question the collection of location data using orders, we’re finally getting circuit courts to review the issue. Significantly, these more exotic spying techniques are often repurposed foreign intelligence methods, meaning you’ll have magistrates and other TIII judges weighing in on surveillance techniques being used in parallel programs under FISA. At least in the case of Internet data, that may even result in a higher standard of scrutiny and minimization being applied to the FISA collection than the criminal investigation collection.

Administrative orders and/or voluntary cooperation

Up until 2006, telecoms willing turned over metadata on Americans’ calls to the government under Stellar Wind. Under Hemisphere, AT&T provides the government call record information — including results of location-based analysis, on all the calls that used its networks, not just AT&T customers — sometimes without an order. For months after Congress was starting to find a way to rein in the NSA phone dragnet with USA Freedom Act, the DEA continued to operate its own dragnet of international calls that operated entirely on administrative orders. Under CISA, the government will obtain and disseminate information on cybersecurity threats that it wouldn’t be able to do under upstream 702 collection; no judge will review that collection. Until 2009, the government was using NSLs to get all the information an ISP had on a user or website, including traffic information. AT&T still provides enhanced information, including the call records of friends and family co-subscribers and (less often than in the past) communities of interest.

These six examples make it clear that, even with Americans, even entirely within the US, the government conducts a lot of spying via administrative orders and/or voluntary cooperation. It’s not clear this surveillance had any but internal agency oversight, and what is known about these programs (the onsite collaboration that was probably one precursor to Hemisphere, the early NSL usage) makes it clear there have been significant abuses. Moreover, a number of these programs represent individual (the times when FBI used an NSL to get something the FISC had repeatedly refused to authorize under a Section 215 order) or programmatic collection (I suspect, CISA) that couldn’t be approved under the auspices of the FISC.

All of which is to say the question of what to do to bring better oversight over expansive surveillance is not limited to the short-comings of the FISC.  It also must contend with the way the government tends to move collection programs when one method proves less than optimal. Where technologically possible, it has moved spying offshore and conducted it under EO 12333. Where it could pay or otherwise bribe and legally shield providers, it moved to voluntary collection. Where it needed to use traditional courts, it often just obfuscated about what it was doing. The primary limits here are not legal, except insofar as legal niceties and the very remote possibility of transparency raise corporate partner concerns.

We need to fix or eliminate the FISC. But we need to do so while staying ahead of the game of whack-a-mole.

The FISA Court’s Uncelebrated Good Points

I’m working on a post responding to this post from Chelsea Manning calling to abolish the FISA Court. Spoiler alert: I largely agree with her, but I think the question is not that simple.

As background to that post, I wanted to shift the focus from a common perception of the FISC — that it is a rubber stamp that approves all requests — to a better measure of the FISC — the multiple ways it has tried to rein in the Executive. I think the FISC has, at times, been better at doing so than often given credit for. But as I’ll show in my larger post, those efforts have had limited success.

Minimization procedures

The primary tool the FISC uses is in policing the Executive is minimization procedures approved by the court. Royce Lamberth unsuccessfully tried to use minimization procedures to limit the use of FISA-collected data in prosecutions (and also, tools for investigation, such as informants). Reggie Walton was far more successful at using and expanding very detailed limits on the phone — and later, the Internet — dragnet to force the government to stop treating domestically collected dragnet data under its own EO 12333 rules and start treating it under the more stringent FISC-imposed rules. He even shut down the Internet dragnet in fall (probably October 30) 2009 because it did not abide by limits imposed 5 years earlier by Colleen Kollar-Kotelly.

There was also a long-running discussion (that involved several briefs in 2006 and 2009, and a change in FISC procedure in 2010) about what to do with Post Cut Through Dialed Digits (those things you type in after a call or Internet session has been connected) collected under pen registers. It appears that FISC permitted (and probably still permits) the collection of that data under FISA (that was not permitted under Title III pen registers), but required the data get minimized afterwards, and for a period over collected data got sequestered.

Perhaps the most important use of minimization procedures, however, came when Internet companies stopped complying with NSLs requiring data in 2009, forcing the government to use Section 215 orders to obtain the data. By all appearances, the FISC imposed and reviewed compliance of minimization procedures until FBI, more than 7 years after being required to, finally adopted minimization procedures for Section 215. This surely resulted in a lot less innocent person data being collected and retained than under NSL collection. Note that this probably imposed a higher standard of review on this bulky collection of data than what existed at magistrate courts, though some magistrates started trying to impose what are probably similar requirements in 2014.

Such oversight provides one place where USA Freedom Act is a clear regression from what is (today, anyway) in place. Under current rules, when the government submits an application retroactively for an emergency search of the dragnet, the court can require the government to destroy any data that should not have been collected. Under USAF, the Attorney General will police such things under a scheme that does not envision destroying improperly collected data at all, and even invites the parallel construction of it.

First Amendment review

The FISC has also had some amount — perhaps significant — success in making the Executive use a more restrictive First Amendment review than it otherwise would have. Kollar-Kotelly independently imposed a First Amendment review on the Internet dragnet in 2004. First Amendment reviews were implicated in the phone dragnet changes Walton pushed in 2009. And it appears that in the government’s first uses of the emergency provision for the phone dragnet, it may have bypassed First Amendment review — at least, that’s the most logical explanation for why FISC explicitly added a First Amendment review to the emergency provision last year. While I can’t prove this with available data, I strongly suspect more stringent First Amendment reviews explain the drop in dragnet searches every time the FISC increased its scrutiny of selectors.

In most FISA surveillance, there is supposed to be a prohibition on targeting someone for their First Amendment protected activities. Yet given the number of times FISC has had to police that, it seems that the Executive uses a much weaker standard of First Amendment review than the FISC. Which should be a particularly big concern for National Security Letters, as they ordinarily get no court review (one of the NSL challenges that has been dismissed seemed to raise First Amendment concerns).

Notice of magistrate decisions

On at least two occasions, the FISC has taken notice of and required briefing after magistrate judges found a practice also used under FISA to require a higher standard of evidence. One was the 2009 PCTDD discussion mentioned above. The other was the use of combined orders to get phone records and location data. And while the latter probably resulted in other ways the Executive could use FISA to obtain location data, it suggests the FISC has paid close attention to issues being debated in magistrate courts (though that may have more to do with the integrity of then National Security Assistant Attorney General David Kris than the FISC itself; I don’t have high confidence it is still happening). To the extent this occurs, it is more likely that FISA practices will all adjust to new standards of technology than traditional courts, given that other magistrates will continue to approve questionable orders and warrants long after a few individually object, and given that an individual objection isn’t always made public.

Dissemination limits

Finally, the FISC has limited Executive action by limiting the use and dissemination of certain kinds of information. During Stellar Wind, Lamberth and Kollar-Kotelly attempted to limit or at least know which data came from Stellar Wind, thereby limiting its use for further FISA warrants (though it’s not clear how successful that was). The known details of dragnet minimization procedures included limits on dissemination (which were routinely violated until the FISC expanded them).

More recently John Bates twice pointed to FISA Section 1809(a)(2) to limit the government’s use of data collected outside of legal guidelines. He did so first in 2010 when he limited the government’s use of illegally collected Internet metadata. He used it again in 2011 when he used it to limit the government’s access to illegally collected upstream content. However, I think it likely that after both instances, the NSA took its toys and went elsewhere for part of the relevant collection, in the first case to SPCMA analysis on EO 12333 collected Internet metadata, and in the second to CISA (though just for cyber applications). So long as the FISC unquestioningly accepts EO 12333 evidence to support individual warrants and programmatic certificates, the government can always move collection away from FISC review.

Moreover, with USAF, Congress partly eliminated this tool as a retroactive control on upstream collection; it authorized the use of data collected improperly if the FISC subsequently approved retention of it under new minimization procedures.

These tools have been of varying degrees of usefulness. But FISC has tried to wield them, often in places where all but a few Title III courts were not making similar efforts. Indeed, there are a few collection practices where the FISC probably imposed a higher standard than TIII courts, and probably many more where FISC review reined in collection that didn’t have such review.

What’s So Tricky about DOD’s PKI That It Needs to Expose Thousands of Service Members?

Motherboard decided to call out DOD for not using STARTTLS to encrypt the transiting email of much of DOD’s emails.

[A]s encryption spreads to government sites, it hasn’t reached government emails yet. Most of the military as well as the intelligence community do not use encryption to protect emails travelling across the internet.

[snip]

In fact, according to an online testing tool, among the military only the Air Force encrypts emails in transit using a technology called STARTTLS, which has existed since 2002. Other branches of the Pentagon, including the Army, the Navy, the Defense Security Service, and DARPA, don’t use it. Even the standard military email provider mail.mil, doesn’t support STARTTLS.

[snip]

In a statement emailed to Motherboard, a spokesperson for the Defense Information Systems Agency (DISA), the Pentagon’s branch that oversees email and other technologies, said the DISA’s DOD Enterprise Email (DEE) does not support STARTTLS.

This part of the story is bad enough. I take it to mean that as people stationed overseas email home, their email — and therefore significant hints about deployment — would be accessible to anyone who wanted to steal them in transit. While more sensitive discussions would be secure, there would be plenty accessible to Russia or China or technically savvy terrorists to make stealing the email worthwhile.

But I’m just as struck by DOD’s excuse.

“STARTTLS is an extension for the Post Office Protocol 3 and Internet Message Access protocols, which rely on username and password for system access,” the spokesperson wrote. “To remain compliant with DOD PKI policy, DEE does not support the use of username and password to grant access, and does not leverage either protocol.”

First of all, this doesn’t make any sense. The Public Key Infrastructure system, which controls access to DOD networks, should be totally separate from the email system.

Worse still: we know a little bit about what — and when — DOD implemented its PKI, because it came up in Congressional hearings in the wake of the Chelsea Manning leaks. Here’s what DOD’s witnesses explained back in 2011.

One of the major contributing factors in the WikiLeaks incident was the large amount of data that was accessible with little or no access controls. Broad access to information can be combined with access controls in order to mitigate this vulnerability. While there are many sites on SIPRNet that do have access controls, these are mostly password-based and therefore do not scale well. The administration of thousands of passwords is labor intensive and it is difficult to determine who should (and should not) have access.

DoD has begun to issue a Public Key Infrastructure (PKI)-based identity credential on a hardened smart card. This is very similar to the Common Access Card (CAC) we use on our unclassified network. We will complete issuing 500,000 cards to our SIPRNet users, along with card readers and software, by the end of 2012. This will provide very strong identification of the person accessing the network and requesting data. It will both deter bad behavior and require absolute identification of who is accessing data and managing that access.

In conjunction with this, all DoD organizations will configure their SIPRNetbased systems to use the PKI credentials to strongly authenticate end-users who are accessing information in the system. This provides the link between end users and the specific data they can access – not just network access. This should, based on our experience on the unclassified networks, be straightforward.

DoD’s goal is that by 2013, following completion of credential issuance, all SIPRNet users will log into their local computers with their SIPRNet PKI/smart card credential. This will mirror what we already do on the unclassified networks with CACs.

Remember, this describes the log-in process to DOD’s classified network, generally, not to email.

The point is, though, that in response to an internal leaker, DOD only rolled out the kind of network controls most businesses have on its Secret (not Top Secret) network in 2011. Even if there were something about that roll-out that did impact email, what DOD would have you believe that as late as 2011, they made decisions that resulted in keeping email insecure in transit.

Along with Outdated Toothpaste and Caitlin Jenner Covers, Manning in Trouble for Reading Torture Report

As you’ve likely heard the authorities at Leavenworth have put Chelsea Manning in indefinite solitary confinement for — among other things — having an expired tube of toothpaste (and also sweeping some crumbs onto the floor).

She just posted the list of materials the authorities confiscated from her. They include the Caitlyn Jenner Vanity Fair issue and what I assume is the Cosmopolitan issue on Jenner.

But in addition, the government also confiscated Manning’s copy of the SSCI torture report.

Screen Shot 2015-08-14 at 1.50.50 PM

Because it is the American way to subject someone to torturous solitary confinement because she tried to read about the torture done to others before she was subjected to the same kind of forced nudity described in the report?

 

Department of Energy: CyberSprinting Backwards

Earlier this week, I noted that of the seven agencies that would automatically get cybersecurity data shared under the Cyber Information Sharing Act, several had similar or even worse cyberpreparedness than the Office of Personnel Management, from which China stole entire databases of information on our cleared personnel.

To make that argument, I used data from the FISMA report released in February. Since then — or rather, since the revelation of the OPM hack — the Administration has been pushing a “30 day sprint” to try to close the gaping holes in our security.

Yesterday, the government’s Chief Information Officer, Tony Scott, released a blog post and the actual results, bragging about significant improvement.

And there have been significant results (though note, the 30 day sprint turned into a 60 day middle distance run), particularly from OPM, Interior (which hosted OPM’s databases), and — two of those CISA data sharing agencies — DHS and Treasury.

Screen Shot 2015-08-01 at 9.19.01 AM

 

Whoa! Check out that spike! Congratulations to those who worked hard to make this improvement.

But when you look at the underlying data, things aren’t so rosy.

Screen Shot 2015-08-01 at 9.10.51 AM

 

We are apparently supposed to be thrilled that DOD now requires strong authentication for 58% of its privileged users (people like Edward Snowden), up 20% from the earlier 38%. Far more of DOD’s unprivileged users (people like Chelsea Manning?) — 83% — are required to use strong authentication, but that number declined from a previous 88%.

More remarkable, however, is that during a 30 day 60 day sprint to plug major holes, the Department of Energy also backslid, with strong authentication going from 34% to 11%. Admittedly, more of DoE’s privileged users must use strong authentication, but only 13% total.

DOJ (at least FBI and probably through them other parts of DOJ will receive this CISA information), too, backslid overall, though with a huge improvement for privileged users. And Commerce (another CISA recipient agency) also had a small regression for privileged users.

There may be explanations for this, such as that someone is being moved from a less effective two-factor program to a better one.

But it does trouble me that an agency as central to our national security as Department of Energy is regressing even during a period of concerted focus.

Chelsea Manning Warned of Nuri al-Maliki’s Corruption in 2010. David Petraeus’ Subordinates Silenced Her.

In early 2010, Chelsea Manning discovered that a group of people Iraq’s Federal Police were treating as insurgents were instead trying to call attention to Nuri al-Malki’s corruption. When she alerted her supervisors to that fact, they told her to “drop it,” and instead find more people who were publishing “anti-Iraqi literature” calling out Maliki’s corruption.

On 27 February 2010, a report was received from a subordinate battalion. The report described an event in which the FP detained fifteen (15) individuals for printing “anti-Iraqi literature.” By 2 March 2010, I received instructions from an S3 section officer in the 2-10BCT Tactical Operations Center to investigate the matter, and figure out who these “bad guys” were, and how significant this event was for the FP.

Over the course of my research, I found that none of the individuals had previous ties with anti-Iraqi actions or suspected terrorist or militia groups. A few hours later, I received several photos from the scene from the subordinate battalion.

[snip]

I printed a blown up copy of the high-resolution photo, and laminated it for ease of storage and transfer. I then walked to the TOC and delivered the laminated copy to our category 2 interpreter. She reviewed the information and about a half-hour later delivered a rough written transcript in English to the S2 section.

I read the transcript, and followed up with her, asking for her take on its contents. She said it was easy for her to transcribe verbatim since I blew up the photograph and laminated it. She said the general nature of the document was benign. The documentation, as I assessed as well, was merely a scholarly critique of the then-current Iraqi Prime Minister, Nouri al-Maliki. It detailed corruption within the cabinet of al-Maliki’s government, and the financial impact of this corruption on the Iraqi people.

After discovering this discrepancy between FP’s report, and the interpreter’s transcript, I forwarded this discovery, in person to the TO OIC and Battle NCOIC.

The TOC OIC and, the overhearing Battlecaptain, informed me they didn’t need or want to know this information any more. They told me to “drop it” and to just assist them and the FP in finding out where more of these print shops creating “anti-Iraqi literature” might be. I couldn’t believe what I heard, (24-25)

At the time, David Petraeus was the head of CENTCOM, the very top of the chain of command that had ordered Manning to “drop” concerns about Iraqis being detained for legitimate opposition to Maliki’s corruption.

Manning would go on to leak more documents showing US complicity in Iraqi abuses, going back to 2004. None of those documents were classified more than Secret. Her efforts (in part) to alert Americans to the abuse the military chain of command in Iraq was ignoring won her a 35-year sentence in Leavenworth.

Compare that to David Petraeus who pretends, to this day, Maliki’s corruption was not known and not knowable before the US withdrew troops in 2011, who pretends the US troops under his command did not ignore, even facilitate, Maliki’s corruption.

What went wrong?

The proximate cause of Iraq’s unraveling was the increasing authoritarian, sectarian and corrupt conduct of the Iraqi government and its leader after the departure of the last U.S. combat forces in 2011.  The actions of the Iraqi prime minister undid the major accomplishment of the Surge. (They) alienated the Iraqi Sunnis and once again created in the Sunni areas fertile fields for the planting of the seeds of extremism, essentially opening the door to the takeover of the Islamic State. Some may contend that all of this was inevitable. Iraq was bound to fail, they will argue, because of the inherently sectarian character of the Iraqi people. I don’t agree with that assessment.

The tragedy is that political leaders failed so badly at delivering what Iraqis clearly wanted — and for that, a great deal of responsibility lies with Prime Minister Maliki.

Unlike Manning, Petraeus adheres to a myth, the myth that this war was not lost 12 years ago, when George Bush ordered us to invade based on a pack of lies, when Petraeus and his fellow commanders failed to bring security after the invasion (largely through the priorities of their superiors), when Paul Bremer decided to criminalize the bureaucracy that might have restored stability — and a secular character — to Iraq.

Of course, Petraeus’ service to that myth is no doubt a big part of the reason he can continue to influence public opinion from the comfort of his own home as he prepares to serve his 2 years of probation for leaking code word documents, documents far more sensitive than those Manning leaked, as opposed to the 35 years in Leavenworth Manning received.

Which is, of course, a pretty potent symbol of our own corruption.

FBI Is Not “Surveilling” WikiLeaks Supporters in Its Never-Ending Investigation; Is It “Collecting” on Them?

The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)

In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.

2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.

I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.

In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.

First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.

Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.

I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.

Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.

All  of which brings me to the remaining interesting subtext of this ruling.

Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.

While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)

Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).

In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.

Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.

Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.

[snip]

In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.

I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.

After Five Years, Saudis Will Finally Get Their Drones to Strike Houthis

Thanks to Chelsea Manning, we know that almost exactly five years ago, the US Ambassador to Saudi Arabia James Smith met with the then Assistant Minister for Defense Khalid bin Sultan about a disastrous Saudi air attack on a Houthi hospital on the Yemeni-Saudi border that killed a thousand people, many civilians. Prince Khalid used the American scolding not only to redouble his requests for US satellite assistance targeting Houthis — with more accuracy, Khalid suggested, the Saudis might kill fewer civilians — but also to ask for Predator drones.

IF WE HAD THE PREDATOR, THIS MIGHT NOT HAVE HAPPENED
—————————————————-

¶3. (S/NF) Upon seeing the photograph, Prince Khalid remarked, “This looks familiar,” and added, “if we had the Predator, maybe we would not have this problem.” He noted that Saudi Air Force operations were necessarily being conducted without the desired degree of precision, and recalled that a clinic had been struck, based on information received from Yemen that it was being used as an operational base by the Houthis. Prince Khalid explained the Saudi approach to its fight with the Houthis, emphasizing that the Saudis had to hit the Houthis very hard in order to “bring them to their knees” and compel them to come to terms with the Yemeni government. “However,” he said, “we tried very hard not to hit civilian targets.” The Saudis had 130 deaths and the Yemenis lost as many as one thousand. “Obviously,” Prince Khaled observed, “some civilians died, though we wish that this did not happen.”

The attack on the hospital and the Saudi request for more war toys all took place amid assurances that the strikes on the Houthis would “bring them to their knees” which would in turn lead to a lasting ceasefire, which would free up Saudi attention to go after al Qaeda, the ostensible purpose for US intelligence cooperation in the first place.

In the interim five years, a few key developments have happened. Back in 2011, after JSOC couldn’t seem to get clean intelligence on Anwar al-Awlaki, the US built a drone base on the Saudi border that magically managed to find and kill the cleric within months.

More recently, Houthis have brought their fight to Sanaa and beyond, overthrowing the US and Gulf Cooperation Council selected President Abdo Rabi Mansour Hadi. In the wake of what the government has deemed (unlike Egypt) a coup, the US and most western governments have withdrawn embassy personnel, an action that will have little effect on their security but significant effect on the legitimacy of the Houthi-run government.

And now, just in time, the State Department has rolled out a framework under which the US will sell drones to our allies.

But don’t worry! State has included a bunch of rules that cover precisely the same concerns Ambassador Smith voiced 5 years ago in the face of evidence the Saudis were targeting civilians in an effort to “bring them to their knees.”

As the most active user of military UAS, and as an increasing number of nations are acquiring and employing UASs to support a range of missions, the United States has an interest in ensuring that these systems are used lawfully and responsibly. Accordingly, under the new UAS export policy, the United States will require recipients of U.S.-origin military UAS to agree to the following principles guiding proper use before the United States will authorize any sales or transfers of military UASs:

  • Recipients are to use these systems in accordance with international law, including international humanitarian law and international human rights law, as applicable;
  • Armed and other advanced UAS are to be used in operations involving the use of force only when there is a lawful basis for use of force under international law, such as national self-defense;
  • Recipients are not to use military UAS to conduct unlawful surveillance or use unlawful force against their domestic populations; and
  • As appropriate, recipients shall provide UAS operators technical and doctrinal training on the use of these systems to reduce the risk of unintended injury or damage.

Compare those guidelines with the assessment Ambassador Smith conducted 5 years ago to clear the Saudis for increased sharing of satellite data.

¶2. (S/NF) Ambassador Smith delivered points in reftel to Prince Khaled on February 6, 2010. The Ambassador highlighted USG concerns about providing Saudi Arabia with satellite imagery of the Yemen border area absent greater certainty that Saudi Arabia was and would remain fully in compliance with the laws of armed conflict during the conduct of military operations, particularly regarding attacks on civilian targets. The Ambassador noted the USG’s specific concern about an apparent Saudi air strike on a building that the U.S. believed to be a Yemeni medical clinic. The Ambassador showed Prince Khaled a satellite image of the bomb-damaged building in question.

[snip]

¶6. (S/NF) Prince Khaled, in addressing the Ambassador’s concerns about possible targeting of civilian sites appeared neither defensive nor evasive. He was unequivocal in his assurance that Saudi military operations had been and would continue to be conducted with priority to avoiding civilian casualties. The Ambassador found this assurance credible, all the more so in light of Prince Khaled’s acknowledgment that mistakes likely happened during the strikes against Houthi targets, of the inability of the Saudi Air Force to operate with adequate precision, and the unreliability of Yemeni targeting recommendations. Based on these assurances, the Ambassador has approved, as authorized in reftel, the provision of USG imagery of the Yemeni border area to the Saudi Government. While the fighting with the Houthis appears to be drawing to a close, the imagery will be of continuing value to the Saudi military to monitor and prevent Houthi incursions across the border as well as enhancing Saudi capabilities against Al-Qaeda activities in this area.

Call me crazy, but given Prince Khalid’s determination to bring the Houthis to their knees, I’m unimpressed with Ambassador’s Smith assessment that the Saudis were adequately protecting civilians (indeed, some of our most catastrophic strikes in Yemen appear to have relied on Saudi intelligence).

Nothing has changed in the interim 5 years — beyond even more tolerance for Saudi repression amid the rise of an Islamic State for which KSA has been an ideological fount.

I assume the Saudis will be among the first that get approved for a set of drones. Hell, they’ve surely got practice in using them at the Saudi drone base, and they already have their base from which to target the Houthis.

The question is whether that will do anything for Yemen, or even for US interests.

Aside from the drone manufacturers, of course.