Posts

NSA’s Dragnet Failed to “Correlate” David Headley’s Identity, One of Its Core Functions

In a piece on the GCHQ and NSA failure to identify David Headley’s role in the Mumbai terrorist attack, ProPublica quotes former CIA officer Charles Faddis on the value of bulk surveillance.

“I’m not saying that the capacity to intercept the communications is not valuable,” said Charles (Sam) Faddis, a former C.I.A. counterterror chief. “Clearly that’s valuable.” Nonetheless, he added, it is a mistake to rely heavily on bulk surveillance programs in isolation.

“You’re going to waste a lot of money, you’re going to waste a lot of time,” Faddis said. “At the end, you’re going have very little to show for it.”

The article as a whole demonstrates that in a manner I’m fairly shocked about. The NSA failed to recognize what it had in intelligence collected on Headley’s role in the attack even after the attack because they hadn’t correlated his known birth name with the name he adopted in the US.

Headley represents another potential stream of intelligence that could have made a difference before Mumbai. He is serving 35 years in prison for his role. He was a Pakistani-American son of privilege who became a heroin addict, drug smuggler and DEA informant, then an Islamic terrorist and Pakistani spy, and finally, a prize witness for U.S. prosecutors.

In recounting that odyssey, we previously explored half a dozen missed opportunities by U.S. law enforcement to pursue tips from Headley’s associates about his terrorist activity. New reporting and analysis traces Headley’s trail of suspicious electronic communications as he did reconnaissance missions under the direction of Lashkar and Pakistan’s Inter-Services Intelligence Directorate (ISI).

Headley discussed targets, expressed extremist sentiments and raised other red flags in often brazen emails, texts and phone calls to his handlers, one of whom worked closely on the plot with Shah, the Lashkar communications chief targeted by the British.

U.S. intelligence officials disclosed to me for the first time that, after the attacks, intensified N.S.A. monitoring of Pakistan did scoop up some of Headley’s suspicious emails. But analysts did not realize he was a U.S.-based terrorist involved in the Mumbai attacks who was at work on a new plot against Denmark, officials admitted.

The sheer volume of data and his use of multiple email addresses and his original name, Daood Gilani, posed obstacles, U.S. intelligence officials said. To perfect his cover as an American businessman, Headley had legally changed his name in 2006.

“They detected a guy named ‘Gilani’ writing to bad guys in Pakistan, communicating with terror and ISI nodes,” a senior U.S. intelligence official said. “He wrote also in fluent Urdu, which drew interest. Linking ‘Gilani’ to ‘Headley’ took a long time. The N.S.A. was looking at those emails post-Mumbai. It was not clear to them who he was.”

As I’ve explained, one of the things NSA does with all its data is to “correlate” selectors, so that it maps a picture of all the Internet and telecom (and brick and mortar, where they have HUMINT) activities of a person using the multiple identities that have become common in this day and age. This is a core function of the NSA’s dragnets, and it works automatically on EO 12333 data (and worked automatically on domestically-collected phone and — probably — Internet metadata until 2009).

When you think about it, there are some easy ways of matching online identities (going to a provider, mapping some IP addresses). And even the matching of “burner” IDs can be done with 94% accuracy, at least within AT&T’s system, according to AT&T’s own claims.

The NSA says they didn’t do so here because Headley had changed his name.

Headley, recall, was a DEA informant. Which means, unless these intelligence agencies are far more incompetent than I believe they are, this information was sitting in a government file somewhere: “Daood Gilani, the name of a known Urdu-fluent informant DEA sent off to Pakistan to hang out with baddies  = David Headley.” Unless Headley adopted the new name precisely because he knew it would serve to throw the IC off his trail.

And yet … NSA claims it could not, and did not, correlate those two identities and as a result didn’t even realize Headley was involved in the Mumbai bombing even after the attack.

Notably, they claim they did not do so because of the “sheer volume of data.”

In short, according to the NSA’s now operative story (you should click through to read the flaccid apologies the IC offered up for lying about the value of Sections 215 and 702 in catching Headley), the NSA’s dragnet failed at one of its core functions because it is drowning in data.

 

DEA’s Dragnet and David Headley

In a piece on the DEA dragnet the other day, Julian Sanchez made an important point. The existence of the DEA dragnet — and FBI’s use of it in previous terrorist attacks — destroys what little validity was left of the claim that NSA needed the Section 215 dragnet after 9/11 to close a so-called “gap” they had between a safe house phone in Yemen and plotters in the US (though an international EO 12333 database would have already proven that wrong).

First, the program’s defenders often suggest that had we only had some kind of bulk telephone database, the perpetrators of the 9/11 attacks could have been identified via their calls to a known safehouse in Yemen.  Now, of course, we know that there was such a database—and indeed, a database that had already been employed in other counterterror investigations, including the 1995 Oklahoma City bombing. It does not appear to have helped.

But the DEA dragnet is even more damning for another set of claims, and for another terrorist attack such dragnets failed to prevent: former DEA informant David Headley, one of the key planners of the 2008 Mumbai attack.

Headley provided DEA the phone data they would have needed to track him via their dragnet

As ProPublica extensively reported in 2013, Headley first got involved in Lashkar-e-Taiba while he remained on the DEA’s payroll, at a time when he was targeting Pakistani traffickers. Indeed, after 9/11, his DEA handler called him for information on al Qaeda. All this time, Headley was working phone based sources.

Headley returned to New York and resumed work for the DEA in early 2000. That April, he went undercover in an operation against Pakistani traffickers that resulted in the seizure of a kilo of heroin, according to the senior DEA official.

At the same time, Headley immersed himself in the ideology of Lashkar-i-Taiba. He took trips to Pakistan without permission of the U.S. authorities. And in the winter of 2000, he met Hafiz Saeed, the spiritual leader of Lashkar.

Saeed had built his group into a proxy army of the Pakistani security forces, which cultivated militant groups in the struggle against India. Lashkar was an ally of al Qaeda, but it was not illegal in Pakistan or the United States at the time.

[snip]

Headley later testified that he told his DEA handler about his views about the disputed territory of Kashmir, Lashkar’s main battleground. But the senior DEA official insisted that agents did not know about his travel to Pakistan or notice his radicalization.

On Sept. 6, 2001, Headley signed up to work another year as a DEA informant, according to the senior DEA official.

On Sept. 12, Headley’s DEA handler called him.

Agents were canvassing sources for information on the al Qaeda attacks of the day before. Headley angrily said he was an American and would have told the agent if he knew anything, according to the senior DEA official.

Headley began collecting counterterror intelligence, according to his testimony and the senior DEA official. He worked sources in Pakistan by phone, getting numbers for drug traffickers and Islamic extremists, according to his testimony and U.S. officials.

Even at this early stage, the FBI had a warning about Headley, via his then girlfriend who warned a bartender Headley had cheered the 9/11 attack; the bartender passed on the tip. And Headley was providing the DEA — which already had a dragnet in place — phone data on his contacts, including Islamic extremists, in Pakistan.

ProPublica’s sources provide good reason to believe DEA, possibly with the FBI, sent Headley to Pakistan even after that tip, and remained an informant until at least 2005.

So the DEA (or whatever agency had sent him) not only should have been able to track Headley and those he was talking to using their dragnet, but they were using him to get phone contacts they could track (and my understanding is that agreeing to be an informant amounts to consent to have your calls monitored, though see this post on the possible “defeat” of informant identifiers).

Did Headley’s knowledge of DEA’s phone tracking help the Mumbai plotters avoid detection?

Maybe. And/or maybe Headley taught his co-conspirators how to avoid detection.

Of course, Headley could have just protected some of the most interesting phone contacts of his associates (but again, DEA should have tracked who he was talking to if they were using him to collect telephony intelligence).

More importantly, he may have alerted Laskar-e-Taiba to phone-based surveillance.

In a December joint article with the NYT, ProPublica provided details on how one of Headley’s co-conspirators, Zarrar Shah, set up a New Jersey-based VOIP service so it would appear that their calls were originating in New Jersey.

Not long after the British gained access to his communications, Mr. Shah contacted a New Jersey company, posing online as an Indian reseller of telephone services named Kharak Singh, purporting to be based in Mumbai. His Indian persona started haggling over the price of a voice-over-Internet phone service — also known as VoIP — that had been chosen because it would make calls between Pakistan and the terrorists in Mumbai appear as if they were originating in Austria and New Jersey.

“its not first time in my life i am perchasing in this VOIP business,” Mr. Shah wrote in shaky English, to an official with the New Jersey-based company when he thought the asking price was too high, the GCHQ documents show. “i am using these services from 2 years.”

Mr. Shah had begun researching the VoIP systems, online security, and ways to hide his communications as early as mid-September, according to the documents.

[snip]

Eventually Mr. Shah did set up the VoIP service through the New Jersey company, ensuring that many of his calls to the terrorists would bear the area code 201, concealing their actual origin.

We have reason to believe that VOIP is one of the gaps in all domestic-international dragnets that agencies are just now beginning to close. And by proxying through the US, those calls would have been treated as US person calls (though given the clear foreign intelligence purpose, they would have met any retention guidelines, though may have been partly blocked in CIA’s dragnet). While there’s no reason to believe that Headley knew that, he likely knew what kind of phone records his handlers had been most interested in.

But it shouldn’t have mattered. As the article makes clear, GCHQ not only collected the VOIP communications, but Shah’s communications as he set them up.

Did FBI claim it tracked Headley using the NSA dragnet when it had actually used the DEA one?

I’ve been arguing for years that if dragnet champions want to claim they work, they need to explain why they point to Headley as a success story because they prevented his planned attack on a Danish newspaper, when they failed to prevent the even more complex Mumbai attack. Nevertheless, they did claim it — or at least strongly suggest it — as a success, as in FBI Acting Assistant Director Robert Holley’s sworn declaration in Klayman v. Obama.

In October 2009, David Coleman Headley, a Chicago businessman and dual U.S. and Pakistani citizen, was arrested by the FBI as he tried to depart from Chicago O’Hare airport on a trip to Pakistan. At the time of his arrest, Headley and his colleagues, at the behest of al-Qa’ida, were plotting to attack the Danish newspaper that published cartoons depicting the Prophet Mohammed. Headley was later charged with support for terrorism based on his involvement in the planning and reconnaissance for the 2008 hotel attack in Mumbai. Collection against foreign terrorists and telephony metadata analysis were utilized in tandem with FBI law enforcement authorities to establish Headley’s foreign ties and put them in context with his U.S. based planning efforts.

That said, note how Holley doesn’t specifically invoke Section 215 (or, for that matter, Section 702, which the FBI had earlier claimed they used against Headley)?

Now compare that to what the Privacy and Civil Liberties Oversight Board said about the use of Section 215 against Headley.

In October 2009, Chicago resident David Coleman Headley was arrested and charged for his role in plotting to attack the Danish newspaper that published inflammatory cartoons of the Prophet Mohammed. He was later charged with helping orchestrate the 2008 Mumbai hotel attack, in collaboration with the Pakistan-based militant group Lashkar-e-Taiba. He pled guilty and began cooperating with authorities.

Headley, who had previously served as an informant for the Drug Enforcement Agency, was identified by law enforcement as involved in terrorism through means that did not involve Section 215. Further investigation, also not involving Section 215, provided insight into the activities of his overseas associates. In addition, Section 215 records were queried by the NSA, which passed on telephone numbers to the FBI as leads. Those numbers, however, only corroborated data about telephone calls that the FBI obtained independently through other authorities.

Thus, we are aware of no indication that bulk collection of telephone records through Section 215 made any significant contribution to the David Coleman Headley investigation.

First, by invoking Headley’s role as an informant, PCLOB found reason to focus on DEA right before they repeatedly point to other authorities: Headley was IDed by “law enforcement” via means that did not involve 215, his collaborators were identified via means that did not involve 215, and when they finally did query 215, they only “corroborated data about telephone calls that the FBI had obtained independently through other authorities.”

While PCLOB doesn’t say any of these other authorities are DEA’s dragnet, all of them could be (though some of them could also be NSA’s EO 12333 dragnet, or whatever dragnet CIA runs, or GCHQ collection, or Section 702, or — some of them — FBI NSL-based collection, or tips). What does seem even more clear now than when PCLOB released this is that NSA was trying to claim credit for someone else’s dragnet, so much so that even the FBI itself was hedging claims when making sworn declarations.

Of course, whatever dragnet it was that identified Headley’s role in Laskar-e-Taiba, even the DEA’s own dragnet failed to identify him in the planning stage for the larger of the attacks.

If the DEA’s own dragnet can’t find its own informant plotting with people he’s identified in intelligence reports, how successful is any dragnet going to be?

 

Deconfliction in Dragnet Databases

Hemisphere Deconfliction

I want to return to something that appears in both of the Hemisphere slide decks we’ve seen: Deconfliction.

In addition to helping law enforcement find burner phones and contact chains, using connections that include location, Hemisphere helps deconflict between multiple investigative teams.

When multiple teams are working the same targets — in war or criminal investigations — you need to be aware of what other teams are doing. In war, this helps to ensure you don’t shoot a friendly. In investigations, it helps to protect turf and combine efforts.

In investigations — especially drug or terrorism ones that rely on informants — it also helps to distinguish legally sanctioned crime — that of informants — from that which no law enforcement agency is directing. And, as the Declaration deck explains, Hemisphere checks new queries against previous ones, and emails requestors if someone has already chained on that contact.

  • Target numbers, as well as every number they call and that call them will be cross checked against other Hemisphere results
  • Notification will be by email if applicable
  • The email provides contact information for all requestors

In other words, in addition to the way it serves as a quick investigative tool, Hemisphere also helps drug investigators to avoid stepping on each others’ toes (or at least communicate better).

Then there’s this:

  • Sensitive case information is masked

This seems to suggest Hemisphere doesn’t, presumably, provide any hints about how the original investigator is conducting their investigation, whether suspected traffickers are bring run or not. That’s the kind of thing that would be “masked.” (Note, this suggests that whoever is running this database would have access to that masked information.)

I raise all this because it poses questions for other databases involving informants. As I have noted, FBI uses the phone dragnet (and therefore presumably the Internet dragnet in whatever form and geographic locale it still exists) to identify potential informants. And one thing FBI does with its back door searches during assessments assessments is review actual content collected under traditional FISA and FAA in its quest for informants.

These dragnet databases play a key role in the selection and recruitment of informants to use in terrorism investigations.

But then what happens?

The example of David Headley — who played a crucial role in one of the most lethal terrorist attacks since 9/11, the Mumbai attack, the early period of which while he served as an informant for the DEA — is instructive. The FBI likes to boast that Section 702 helped stop Headley’s plot against Danish cartoonists. But Headley’s case should, instead, raise real questions about how it is a terrorist can plan a complicated terrorist attack while his known terrorist colleagues, presumably, are being surveilled without detection by the people supposedly handling him.

We know that the metadata dragnets, at least, put some identifiers on a “defeat list.” There’s reason to suspect (in part from the syntax of redacted references to the defeat list) they do so not just for high volume numbers, but for sensitive numbers (perhaps Congress, for example). But I also think they may put informants on a defeat list too. That’s, in part, because if you didn’t do so their handlers would become two degrees from terrorist suspects, which might have all sorts of unintended consequences. That’s just an educated guess, mind you, but if I’m right it would have some interesting implications.

That doesn’t appear to have prevented DEA from tracking Manssor Arbabsiar, the Scary Iran Plotter (I assume he at least used to be an informant, because there’s little else that would explain why the cousin of a top Quds Force Member busted for drug possession would nevertheless get citizenship, and deconfliction discussions show up in what was probably his immigration file).

But it would raise really big questions in other cases.

One way or another they need to give informants special treatment in databases — as they apparently do in Hemisphere. How they do so, however, may have real consequences for the efficacy of the entire dragnet.

PCLOB Ignores Glaring Section 702 Non-Compliance: Notice to Defendants

I will have far more to say about PCLOB once I finish my working thread. But there’s one glaring flaw in the report’s claim that the government complies with the statute.

Based on the information that the Board has reviewed, the government’s PRISM collection complies with the structural requirements of the statute.

But here’s the report’s discussion of what happens with aggrieved persons — those prosecuted based in information derived from Section 702 information.

Further, FISA provides special protections in connection with legal proceedings, under which an aggrieved person — a term that includes non-U.S. persons — is required to be notified prior to the disclosure or use of any Section 702–related information in any federal or state court.447 The aggrieved person may then move to suppress the evidence on the grounds that it was unlawfully acquired and/or was not in conformity with the authorizing Section 702 certification.448 Determinations regarding whether the Section 702 acquisition was lawful and authorized are made by a United States District Court, which has the authority to suppress any evidence that was unlawfully obtained or derived.449 

But for 5 years after the passage of the law, the government never once gave defendants notice they were aggrieved under Section 702. It lied to the Supreme Court about not having done so. And even while it has since given a limited number of defendants — like Mohamed Osman Mohamud — notice, there are others — David Headley, Najibullah Zazi and Adis Medunjanin, and Khalid Ouazzani — who are known to be aggrieved under Section 702 who have never received notice. Finally, there is the case of the Qazi brothers, which seems to be a case where the government is parallel constructing right in the face of the magistrate.

PCLOB said that the government is generally in compliance with the statute. And yet, it made no mention of known, fairly egregious violations of the statute.

That suggests the report as a whole may be flawed.

NSA’s Latest Claim: It Only Gets 30% of “Substantially All” the Hay in the Haystack

SIGINT and 215In December 2007, the FBI began intercepting MOALIN’s cell phone.

FBI search warrant affidavit seeking (among other things) additional cell phones, October 29, 2010

Yesterday, Siobhan Gorman reported that NSA’s “phone-data program” collects 20% or less of the phone data in the US. She explains that the program doesn’t collect cell phone data, and so has covered a decreasing percentage of US calls over the last several years.

The National Security Agency’s phone-data program, which has been at the center of controversy over the NSA’s surveillance operations, collects information from about 20% or less of all U.S. calls—much less than previously described by lawmakers.

The program had been described as collecting records on virtually every phone call placed in the U.S., but in fact, it doesn’t cover records for most cellphones, the fastest-growing sector in telephony and an area where the agency has struggled to keep pace, according to several people familiar with the program.

Ellen Nakashima’s report places the percentage between 20 and 30%, echoing Gorman’s claim about limits on cell data.

The actual percentage of records gathered is somewhere between 20 and 30 percent and reflects Americans’ increasing turn away from the use of land lines to cellphones. Officials also have faced technical challenges in preparing the NSA database to handle large amounts of new records without taking in data such as cell tower locations that are not authorized for collection.

[snip]

The bulk collection began largely as a land-line program, focusing on carriers such as AT&T and Verizon Business Network Services. At least two large wireless companies are not covered — Verizon Wireless and T-Mobile U.S., which was first reported by the Wall Street Journal.

Industry officials have speculated that partial foreign ownership has made the NSA reluctant to issue orders to those carriers. But U.S. officials said that was not a reason.

“They’re doing business in the United States; they’re required to comply with U.S. law,” said one senior U.S. official. “A court order is a court order.”

Rather, the official said, the drop in collection stems from several factors.

Apart from the decline in land-line use, the agency has struggled to prepare its database to handle vast amounts of cellphone data, current and former officials say. For instance, cellphone records may contain geolocation data, which the NSA is not permitted to receive.

These reports offer a more credible explanation than Geoffrey Stone’s multiple claims to this effect about why the program misses data. So they may be true.

But I think they instead point to the legal range of authorities NSA uses to collect phone records, not to what records they actually have in their possession.

These reports are commenting (though without specifying, or even seeming to be aware they need to specify) on what the government claims it collects under Section 215. These reports are not commenting on what NSA collects under all authorities.

In this post I will show why I believe these reports to be credible only in a very narrow sense. In a follow-up post I will point to the legal issues that underlie the Administration’s conflicting claims about what it collects.

Read more

Jim Comey: For FBI, Section 215 Only Provides Agility

In yesterday’s Threat Hearing, James Clapper and John Brennan provided so much news early, I suspect many didn’t stick around to hear the question Angus King posed to Jim Comey. He asked about the significance of the phone dragnet.

SEN. KING: Director Comey, do you have views on the significance of 215? You understand this is not easy for this committee. The public is very skeptical and in order for us to continue to maintain it, we have to be convinced that it is in fact effective and not just something that the intelligence community thinks is something nice to have in their toolkit.

DIR. COMEY: Yeah, I totally understand people’s concerns and questions about them. They’re reasonable questions. I believe it’s a useful tool. For the FBI, its primary value is agility. That is, it allows us to do in minutes what would otherwise take us in hours. And I’ll explain what I mean by that. If a terrorist is identified in the United States or something blows up in the United States, we want to understand, OK, is there a network that we’re facing here?

And we take any telephone numbers connected to that terrorist, to that attack. And what I would do in the absence of 215 is use the legal process that we use every day, either grand jury subpoenas or national security letters, and by subpoenaing each of the telephone companies I would assemble a picture of whether there’s a network connected to that terrorist. That would take hours.

What this tool allows us to do is do that in minutes. Now, in most circumstances, the difference between hours and minutes isn’t going to be material except when it matters most. And so it’s a useful tool to me because of the agility it offers. [my emphasis]

Comey prefaced his entire answer by making it clear he was only addressing the way the FBI uses the dragnet. That suggests he was bracketing off his answer from possible other uses, notably by NSA.

If the FBI Director brackets off such an answer after 7 months of NSA pointing to FBI’s efforts to thwart plots, to suggest his Agency’s use may not be the most important use of the dragnet, can we stop talking about plots thwarted and get an explanation what role the dragnet really plays?

That said, it’s worth comparing Comey’s answer to what the PCLOB said about FBI’s use of the dragnet. Because in the 5 cases the government cited claiming the dragnet found particular leads (the exception is Basaaly Moalin, which PCLOB said might have been found via active investigations FBI already had going), FBI found the same leads via other means (and the implication for some of these is that FBI found those other leads first).

Operation WiFi: Those numbers simply mirrored information about telephone connections that the FBI developed independently using other authorities.

[snip]

David Headley: Those numbers, however, only corroborated data about telephone calls that the FBI obtained independently through other authorities.

[snip]

3 other cases: But in all three cases, that information simply mirrored or corroborated intelligence that the FBI obtained independently through other means.

That is, usually the dragnet isn’t even a matter of agility. It’s a matter of redundancy.

It seems Jim Comey, sharing the dais with several colleagues who’ve already torched their credibility, had no interest in pretending the dragnet is primarily about the investigations of his Agency.

Perhaps the rest of the us can dispense with that myth too now?

The Purpose(s) of the Dragnet, Revisited

As I noted the other day, one basis Judge Richard Leon used to find that the dragnet was likely unconstitutional was that it wasn’t all that useful. But I was particularly interested in the evidence he points to to establish that (see page 61 of his ruling), because it and the underlying basis for it reveal far more about how the government uses the dragnet than we’ve seen.

Leon points to the three cases in which the phone dragnet was supposed to be useful, which he gets from the declaration of FBI Acting Assistant Director Robert Holley. Holley claims the dragnet was useful in the Khalid Ouazzani, David Headley, and Najibullah Zazi cases (though Holley does not mention Ouazzani by name), using the following language.

In January 2009, using authorized collection under Section 702 of the Foreign Intelligence Surveillance Act to monitor the communications of an extremist overseas with ties to al-Qa’ida, NSA discovered a connection with an individual based in Kansas City. NSA tipped the information to the FBI, which during the course of its investigation discovered that there had been a plot in its early stages to attack the New York Stock Exchange. After further investigation, NSA queried the telephony metadata to ensure that all potential connections were identified, which assisted the FBI in running down leads.

[snip]

At the time of his arrest, Headley and his colleagues, at the behest of al-Qa’ida, were plotting to attack the Danish newspaper that published cartoons depicting the Prophet Mohammed. Headley was later charged with support for terrorism based on his involvement in the planning and reconnaissance for the 2008 hotel attack in Mumbai. Collection against foreign terrorists and telephony metadata analysis were utilized in tandem with FBI law enforcement authorities to establish Headley’s foreign ties and them in context with his U.S. based planning efforts.

[snip]

NSA received Zazi’s telephone number from the FBI and ran it against the Section 215 telephony metadata, identifying and passing additional leads back to the FBI for investigation. One of these leads revealed a previously unknown number  for co-conspirator Adis Medunjanin and corroborated his connection to Zazi as well as to other U.S.-based extremists.

First, note what’s missing? Any mention of Basaaly Moalin, the only defendant for which the government claims the phone dragnet was critical to his identification. Holley may have left Moalin out because of the timing: DOJ submitted his declaration on November 12, the day before the hearing on Moalin’s bid for a new trial and two days before Jeffrey Miller’s ruling rejecting that. Did DOJ think they might lose that argument, and so left it out out of fear it would make them more likely to lose this one (Leon does acknowledge Miller’s ruling in his own). Or was the case just so dated they chose not to mention it?

Whatever the reason, they’re left describing three cases in which even Keith Alexander admits the dragnet was at best only helpful.

But note the other thing: Up until now, the government has only described how the dragnet was useful in the Zazi case. While in its propaganda about 54 plots or maybe just terrorist events thwarted, it has implicitly suggested that only those with a US-nexus could involve the dragnet, I know of no other instance where they made it clear that they sort of used it in the Headley and Ouazzani cases (I’m going to check the declarations in the parallel suits later).

In both cases, it appears, the government only used it after the fact (which is how they used it in the Boston Marathon attack, which bizarrely also goes unmentioned).

Read more

In These Times We Can’t Blindly Trust Government to Respect Freedom of Association

One of my friends, who works in a strategic role at American Federation of Teachers, is Iranian-American. I asked him a few weeks ago whom he called in Iran; if I remember correctly (I’ve been asking a lot of Iranian-Americans whom they call in Iran) he said it was mostly his grandmother, who’s not a member of the Republican Guard or even close. Still, according to the statement that Dianne Feinstein had confirmed by NSA Director Keith Alexander, calls “related to Iran” are fair game for queries of the dragnet database of all Americans’ phone metadata.

Chances are slim that my friend’s calls to his grandmother are among the 300 identifiers the NSA queried last year, unless (as is possible) they monitored all calls to Iran. But nothing in the program seems to prohibit it, particularly given the government’s absurdly broad definitions of “related to” for issues of surveillance and its bizarre adoption of a terrorist program to surveil another nation-state. And if someone chose to query on my friend’s calls to his grandmother, using the two-degrees-of-separation query they have used in the past would give the government — not always the best friend of teachers unions — a pretty interesting picture of whom the AFT was partnering with and what it had planned.

In other words, nothing in the law or the known minimization rules of the Business Records provision would seem to protect some of the AFT’s organizational secrets just because they happen to employ someone whose grandmother is in Iran. That’s not the only obvious way labor discussions might come under scrutiny; Colombian human rights organizers with tangential ties to FARC is just one other one.

When I read labor organizer Louis Nayman’s “defense of PRISM,” it became clear he’s not aware of many details of the programs he defended. Just as an example, Nayman misstated this claim:

According to NSA officials, the surveillance in question has prevented at least 50 planned terror attacks against Americans, including bombings of the New York City subway system and the New York Stock Exchange. While such assertions from government officials are difficult to verify independently, the lack of attacks during the long stretch between 9/11 and the Boston Marathon bombings speaks for itself.

Keith Alexander didn’t say NSA’s use of Section 702 and Section 215 have thwarted 50 planned attacks against Americans; those 50 were in the US and overseas. He said only around 10 of those plots were in the United States. That works out to be less than 20% of the attacks thwarted in the US just between January 2009 and October 2012 (though these programs have existed for a much longer period of time, so the percentage must be even lower). And there are problems with three of the four cases publicly claimed by the government — from false positives and more important tips in the Najibullah Zazi case, missing details of the belated arrest of David Headley, to bogus claims that Khalid Ouazzan ever planned to attack NYSE. The sole story that has stood up to scrutiny is some guys who tried to send less than $10,000 to al-Shabaab.

While that doesn’t mean the NSA surveillance programs played no role, it does mean that the government’s assertions of efficacy (at least as it pertains to terrorism) have proven to be overblown.

Yet from that, Nayman concludes these programs have “been effective in keeping us safe” (given Nayman’s conflation of US and overseas, I wonder how families of the 166 Indians Headley had a hand in killing feel about that) and defends giving the government legal access (whether they’ve used it or not) to — among other things — metadata identifying the strategic partners of labor unions with little question.

And details about the success of the program are not the only statements made by top National Security officials that have proven inaccurate or overblown. That’s why Nayman would be far better off relying on Mark Udall and Ron Wyden as sources for whether or not the government can read US person emails without probable cause than misstating what HBO Director David Simon has said (Simon said that entirely domestic communications require probable cause, which is generally but not always true). And not just because the Senators are actually read into these programs. After the Senators noted that Keith Alexander had “portray[ed] protections for Americans’ privacy as being significantly stronger than they actually are” — specifically as it relates to what the government can do with US person communications collected “incidentally” to a target — Alexander withdrew his claims.

Nayman says, “As people who believe in government, we cannot simply assume that officials are abusing their lawfully granted responsibility and authority to defend our people from violence and harm.” I would respond that neither should we simply assume they’re not abusing their authority, particularly given evidence those officials have repeatedly misled us in the past.

Nayman then admits, “We should do all we can to assure proper oversight any time a surveillance program of any size and scope is launched.” But a big part of the problem with these programs is that the government has either not implemented or refused such oversight. Some holes in the oversight of the program are:

  • NSA has not said whether queries of the metadata dragnet database are electronically  recorded; both SWIFT and a similar phone metadata program queries have been either sometimes or always oral, making them impossible to audit
  • Read more

Terrorist Hobgoblins Bite the Intelligence Community in Its Efficacy Ass

I just finished watching the House Intelligence Committee hearing on the NSA programs revealed by Edward Snowden. I’ll have a lot more to say about the content of the revelations in the next few days. But first, a general observation.

Since the initial Snowden revelations, the Intelligence Community and other Administration surrogates have been trying to minimize our understanding of the scope of their surveillance and use traditional fearmongering to justify the programs by focusing on the importance of the Section 702 collection to stopping terrorism. While James Clapper’s office has made it clear that Section 702 goes beyond counterterrorism by revealing that its  successes include counterproliferation and cybersecurity successes, as well as counterterrorism ones, the focus has nevertheless been on TERROR TERROR TERROR.

Today’s hearing was really the culmination of that process, when Keith Alexander boasted up upwards of 50 terrorist plots — about 40 of which were overseas — that Section 702 has prevented.

Of the four plots the government has revealed — David Headley, Najibullah Zazi, as well as these two today

Mr. Joyce described a plot to blow up the New York Stock Exchange by a Kansas City man, whom the agency was able to identify because he was in contact with “an extremist” in Yemen who was under surveillance. Mr. Joyce also talked about a San Diego man who planned to send financial support to a terrorist group in Somalia, and who was identified because the N.S.A. flagged his phone number as suspicious through its database of all domestic phone call logs, which was brought to light by Mr. Snowden’s disclosures.

… the government has either overblown the importance of these programs and their success or are fairly minor plots.

None of the four may be as uniquely worthwhile as the cyberattack described by Clapper’s office a week ago, which it has not, however, fleshed out.

Communications collected under Section 702 have provided significant and unique intelligence regarding potential cyber threats to the United States, including specific potential network computer attacks. This insight has led to successful efforts to mitigate these threats.

That is, the government might–might!–be able to make a far better case for the value of these programs in discussing their role in preventing cyberattacks rather than preventing terrorist plots.

And yet it hasn’t done so, even as it pushes one after another attempt to legislate internet access in the name of protecting Intellectual Property and critical infrastructure.

Given the increasing focus on cybersecurity — and the already dishonest claims people like Mike Rogers have made about the means to accomplish that focus — this is the discussion we need to be having, rather than digging up terror plots first developed in 2004 that never happened. But in the same way the government shied away from conducting an honest discussion with us in 2001 and again in 2006 about these programs, it is refusing to conduct an honest discussion about cybersecurity today.

And, ironically, that refusal is preventing them from describing the value of a program that surely contributes more to countering cyberattacks than terror attacks at this point.

Dianne Feinstein: We Need to Collect Data on Every Single American Because We Can’t Control Our Informants

I will have far, far more to say about the claims about the various surveillance programs aired on the Sunday shows today.

But this is absolutely batshit crazy.

FEINSTEIN: Well, of course, balance is a difficult thing to actually identify what it is, but I can tell you this: These programs are within the law. The [Section 215] business records section is reviewed by a federal judge every 90 days. It should be noted that the document that was released that was under seal, which reauthorized the program for another 90 days, came along with a second document that placed and discussed the strictures on the program. That document was not released.

So here’s what happens with that program. The program is essentially walled off within the NSA. There are limited numbers of people who have access to it. The only thing taken, as has been correctly expressed, is not content of a conversation, but the information that is generally on your telephone bill, which has been held not to be private personal property by the Supreme Court.

If there is strong suspicion that a terrorist outside of the country is trying to reach someone on the inside of the country, those numbers then can be obtained. If you want to collect content on the American, then a court order is issued.

So, the program has been used. Two cases have been declassified. One of them is the case of David Headley, who went to Mumbai, to the Taj hotel, and scoped it out for the terrorist attack. [my emphasis]

Dianne Feinstein says that one of the two plots where Section 215 prevented an attack was used (the other, about Najibullah Zazi, is equally batshit crazy, but I’ll return to that) is the Mumbai attack.

What’s she referring to is tracking our own informant, David Headley.

And it didn’t prevent any attack. The Mumbai attack was successful.

Our own informant. A successful attack. That’s her celebration of success 215’s use.

So her assertion is we need to collect metadata on every single American because DEA can’t keep control of its informants.

Update: Technically DiFi didn’t say this was a success, just that it had been used. I’ve edited the post accordingly.