Posts

emptywheel

HPSCI: We Must Spy Like Snowden To Prevent Another Snowden

I was going to write about this funny part of the HPSCI report anyway, but it makes a nice follow-up to my post on Snowden and cosmopolitanism, on the importance of upholding American values to keeping the servants of hegemon working to serve it.

As part of its attack on Edward Snowden released yesterday, the House Intelligence Committee accused Snowden of attacking his colleagues’ privacy.

To gather the files he took with him when he left the country for Hong Kong, Snowden infringed on the privacy of thousands of government employees and contractors. He obtained his colleagues’ security credentials through misleading means, abused his access as a systems administrator to search his co-workers’ personal drives, and removed the personally identifiable information of thousands of IC employees and contractors.

I have no doubt that many — most, perhaps — of Snowden’s colleagues feel like he violated their privacy, especially as their identities are now in the possession of a number of journalists. So I don’t make light of that, or the earnestness with which HPSCI’s sources presumably made this complaint (though IC employee privacy is one of the things all journalists who have reported these stories have redacted, to the best of my knowledge).

But it’s a funny claim for several reasons. Even ignoring that what the NSA does day in and day out is search people’s personal communications (including millions of innocent people), this kind of broad access is the definition of a SysAdmin.

HPSCI apparently never had a problem with techs getting direct access to our dragnet metadata, as they had and (now working in pairs) still have, for those of us two degrees away from a suspect.

Plus, HPSCI has never done anything publicly to help the 21 million clearance holders whose PII China now holds. Is it possible they’re more angry at Snowden than they are at China’s hackers, who have more ill-intent than Snowden?

But here’s the other reason this complaint is laugh-out-loud funny. HPSCI closes its report this way:

Finally, the Committee remains concerned that more than three years after the start of the unauthorized disclosures, NSA and the IC as a whole, have not done enough to minimize the risk of another massive unauthorized disclosure. Although it is impossible to reduce the change of another Snowden to zero, more work can and should be done to improve the security of the people and the computer networks that keep America’s most closely held secrets. For instance, a recent DOD Inspector General report directed by the Committee had yet to effectively implement its post-Snowden security improvements. The Committee has taken actions to improve IC information security in the Intelligence Authorization Acts for Fiscal Years 2014, 2015, 2016, and 2017, and looks forward to working with the IC to continue to improve security.

First, that timeline — showing an effort to improve network security in each year following the Snowden leaks — is completely disingenuous. It neglects to mention that the Intel Committees have actually been trying for longer than that. In the wake of the Manning leaks, it became clear that DOD’s networks were sieve-like. Congress tried to require network monitoring in the 2012 Intelligence Authorization. But the Administration responded by insisting 2013 — 3 years after Manning’s leaks — was too soon to plug all the holes in DOD’s networks. One reason Snowden succeeded in downloading all those files is because the network monitoring hadn’t been rolled out in Hawaii yet.

So HPSCI is trying to pretend Intel Committee past efforts didn’t actually precede Snowden by several years, but those efforts failed to stop Snowden.

The other reason I find this paragraph — which appears just four paragraphs after it attacks Snowden for the invasion of his colleagues’ privacy — so funny is that in the 2014 Intelligence Authorization (that is, the first one after the Snowden leaks), HPSCI codified an insider threat program, requiring the Director of National Intelligence to,

ensure that the background of each employee or officer of an element of the intelligence community, each contractor to an element of the intelligence community, and each individual employee of such a contractor who has been determined to be eligible for access to classified information is monitored on a continual basis under standards developed by the Director, including with respect to the frequency of evaluation, during the period of eligibility of such employee or officer of an element of the intelligence community, such contractor, or such individual employee to such a contractor to determine whether such employee or officer of an element of the intelligence community, such contractor, and such individual employee of such a contractor continues to meet the requirements for eligibility for access to classified information;

This insider threat program searches IC employees hard drives (one of Snowden’s sins).

Then, the following year, HPSCI got even more serious, mandating that the Director of National Intelligence look into credit reports, commercially available data, and social media accounts to hunt down insider threats, including by watching for changes in ideology like those Snowden exhibited, developing an outspoken concern about the Fourth Amendment.

I mean, on one hand, this isn’t funny at all — and I imagine that Snowden’s former colleagues blame him that they have gone from having almost no privacy as cleared employees to having none. This is what people like Carrie Cordero mean when they regret the loss of trust at the agency.

But as I have pointed out in the past, if someone like Snowden — who at least claims to have had good intentions — can walk away with the crown jewels, we should presume some much more malicious and/or greedy people have as well.

But here’s the thing: you cannot, as Cordero does, say that the “foreign intelligence collection activities [are] done with detailed oversight and lots of accountability” if it is, at the same time, possible for a SysAdmin to walk away with the family jewels, including raw data on targets. If Snowden could take all this data, then so can someone maliciously spying on Americans — it’s just that that person wouldn’t go to the press to report on it and so it can continue unabated. In fact, in addition to rolling out more whistleblower protections in the wake of Snowden, NSA has made some necessary changes (such as not permitting individual techs to have unaudited access to raw data anymore, which appears to have been used, at times, as a workaround for data access limits under FISA), even while ratcheting up the insider threat program that will, as Cordero suggested, chill certain useful activities. One might ask why the IC moved so quickly to insider threat programs rather than just implementing sound technical controls.

The Intelligence world has gotten itself into a pickle, at once demanding that a great deal of information be shared broadly, while trying to hide what information that includes, even from American citizens. It aspires to be at once an enormous fire hose and a leak-proof faucet. That is the inherent impossibility of letting the secret world grow so far beyond management — trying to make a fire hose leak proof.

Some people in the IC get that — I believe this is one of the reasons James Clapper has pushed to rein in classification, for example.

But HPSCI, the folks overseeing the fire hose? They don’t appear to realize that they’re trying to replicate and expand Snowden’s privacy violations, even as they condemn them.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

emptywheel

A Cosmopolitan Defense of Snowden

A bunch of human rights groups have started a campaign calling on President Obama to pardon Edward Snowden, to coincide with the release of the Snowden movie today.

With regards to Snowden’s fate, I believe — as I have from the start — that US interest would have been and would be best served if a safe asylum for Snowden were arranged in a friendly country. I had said France at the time, but now Germany would be the obvious location. Obama is not going to pardon Snowden, and Presidents Hillary or Trump are far less likely to do so, not least because if a president pardoned Snowden it would be an invitation for a metaphorical or literal assassination attempt. But I also think it would have always served US interests to keep Snowden out of a place like Russia. That ship has already sailed, but I still think we insist on making it impossible for him to leave Russia (by pressuring allies like Germany that might otherwise have considered asylum) largely out of self-destructive motives, an urge to prove our power that often overrides our interests.

That’s all background to recommending you read this post from Jack Goldsmith arguing against pardon for Snowden. While I disagree with big parts of it, it is the most interesting piece I’ve seen on the Snowden pardon question, for or against.

Like me, Goldsmith believes there’s no chance Snowden will get a pardon, even while admitting that Snowden’s disclosures brought worthwhile transparency to the Intelligence Community. Unlike me, he opposes a pardon, in part, because of the damage Snowden did, a point I’ll bracket for the moment.

More interestingly, Goldsmith argues that a pardon should be judged on whether Snowden’s claimed justification matches what he actually did.

Another difficulty in determining whether a pardon is warranted for Snowden’s crimes is that the proper criteria for a pardon are elusive.  Oliver Wendell Holmes once declared that a pardon “is the determination of the ultimate authority that the public welfare will be better served by inflicting less” than what the criminal law specified.  But how to measure or assess the elusive public welfare?  The Constitution delegates that task exclusively to the President, who can use whatever criteria he chooses.  Many disagreements about whether a pardon is appropriate are at bottom disagreements about what these criteria should be.  Some will question whether Snowden should be pardoned even if his harms were trivial and the benefits he achieved were great.  Indeed, presidents don’t usually grant pardons because a crime brought benefits.  My own view is that in this unusual context, it is best to examine the appropriateness of a pardon in the first instance through an instrumental lens, and also to ask how well Snowden’s stated justification for his crimes matches up with the crimes he actually committed.

Goldsmith goes on to engage in what I consider a narrowly bracketed discussion of Snowden’s leaks about violations of US law (for example, he, as everyone always does, ignores NSA double dipping on Google and Yahoo servers overseas), claiming to assess whether they were violations of the Constitution, but in fact explicitly weighing whether they were a violation of the law.

His exposure of the 702 programs (PRISM and upstream collection) is harder to justify on these grounds, because these programs were clearly authorized by public law and have not sparked nearly the same criticism, pushback, or reform.

After substituting law for Constitution, the former OLC head (the guy who approved of much of Stellar Wind by claiming FISA exclusivity didn’t really mean FISA exclusivity) makes what is effectively an Article II argument — one nowhere nearly as breathtaking as Goldsmith’s Stellar Wind one. Most of Snowden’s leaks can’t be unconstitutional, Goldsmith argues, because they took place overseas and were targeted at non-US persons.

What I do not get, and what I have never seen Snowden or anyone explain, is how his oath to the U.S. Constitution justified the theft and disclosure of the vast number of documents that had nothing to do with operations inside the United States or U.S. persons.  (Every one of the arguments I read for Snowden’s pardon yesterday focused on his domestic U.S. revelations and ignored or downplayed that the vast majority of revelations that did not involve U.S. territory or citizens.)  To take just a few of hundreds of examples, why did his oath to the Constitution justify disclosure that NSA had developed MonsterMind, a program to respond to cyberattacks automatically; or that it had set up data centers in China to insert malware into Chinese computers and had penetrated Huawei in China; or that it was spying (with details about how) in many other foreign nations, on Bin Laden associate Hassam Ghul’s wife, on the UN Secretary General,  and on the Islamic State; or that it cooperates with intelligence services in Sweden and Norway to spy on Russia?; and so on, and so on.  These and other similar disclosures (see here for many more) concern standard intelligence operations in support of national security or foreign policy missions that do not violate the U.S. Constitution or laws, and that did extraordinary harm to those missions.  The losses of intelligence that resulted are not small things, since intelligence information, and especially SIGINT, is a core element of American strength and success (and not just, as many seem to think, related to counterterrorism).  It doesn’t matter that leaks in this context sparked modest reforms (e.g., PPD 28).  The Constitution clearly permits foreign intelligence surveillance, and our elected representatives wanted these obviously lawful practices to remain secret.

Having laid out a (compared to his Stellar Wind defense) fairly uncontroversial argument about the current interpretation of the Constitution reserving wiretapping of non-Americans to the President (though my understanding of the actual wiretapping in the Keith decision, of Americans in Africa, would say Presidents can’t wiretap Americans overseas without more process than Americans’ communications collected under bulk collection overseas currently get), Goldsmith goes onto make his most important point.

The real defense of Snowden stems not from our own Constitution, but from a moral and ethical defense of American values.

What might be the moral and ethical case for disclosing U.S. intelligence techniques against other countries and institutions?  (I will be ignore possible cosmopolitan impulses for Snowden’s theft and leaks, which I think damage the case for a pardon for violations of U.S. law.)  I think the most charitable moral/ethical case for leaking details of electronic intelligence operations abroad, including against our adversaries, is that these operations were harming the Internet, were hypocritical, were contrary to American values, and the like, and Snowden’s disclosures were designed to save the Internet and restore American values.  This is not a crazy view; I know many smart and admirable people who hold it, and I believe it is ethically and morally coherent.

This is a remarkable paragraph. First, it defines what is, I think, the best defense of Snowden. American values and public claims badly conflict with what we were and still are doing on the Internet. I’d add, that this argument also works to defend Chelsea Manning’s leaks: she decided to leak when she was asked to assist Iraqi torture in the name of Iraqi liberation, a dramatic conflict of US stated values with our ugly reality.

But the paragraph is also interesting for the way Goldsmith, almost as an aside, “ignore[s] possible cosmopolitan impulses for Snowden’s theft and leaks, which I think damage the case for a pardon for violations of U.S. law.” I take this to argue that if you’re leaking to serve some universal notion of greater good — some sense of world citizenship — then you can’t very well ask to be pardoned by US law. Perhaps, in that case, you can only ask to be pardoned by universal or at least international law. I’ll come back to this.

Goldsmith contrasts the moral and ethical case based on American values with his own, a moral and ethical one that justifies US spying to serve US interests in a complex and dangerous world.

But it is also not a crazy view, and it is also ethically and morally coherent, to think that U.S. electronic intelligence operations abroad were entirely lawful and legitimate efforts to serve U.S. interests in a complex and dangerous world, and that Snowden’s revelations violated his secrecy pledges and U.S. criminal law and did enormous harm to important American interests and values.

For the record, I think Snowden has said some of US spying does serve US interests in a complex and dangerous world. But from that view, the old defender of Article II argues that a President — the guy or gal who by definition is the only one can decide to pardon Snowden — must always adhere to the latter (Goldsmith’s) moral and ethical stance.

Unfortunately for Snowden’s pardon gambit,  President Obama, and any one who sits in the Oval Office charged with responsibility for American success around the globe, will (and should) embrace the second moral/ethical perspective, and will not (and should not) countenance the first moral/ethical perspective, which I take to be Snowden’s.

Goldsmith then ends where I began, with a more polite explanation that any president that pardoned Snowden would be inviting metaphorical or literal assassination. He also suggests the precedent would lead to more leaks. But that seems to ignore 1) that Snowden leaked even after seeing what they did to Manning (that is, deterrence doesn’t necessarily work) 2) the Petraeus precedent has already exposed the classification system as one giant load of poo.

Anyway, by my reading, Goldsmith argues that this debate pits those motivated out of American values versus those motivated out of perceived American interests, and that any President must necessarily operate from the latter.

I’m interested in that because I think the former motivation really does explain a goodly number of the leakers and whistleblowers I know. People a generation older than me, I think, may have been true believers in the fight against the Evil Empire during the Cold War, only to realize we risk becoming the Evil Empire they spent their life fighting. Every time I see Bill Binney, he makes morbid cracks about how he was the guy who invented “Collect it all,” back when he was fighting Russia. People a generation younger than me — Snowden, Manning, and likely a lot more — more often responded out of defense of all that is great in America after 9/11, only to find that that we have not adhered to that greatness in prosecuting the war on terror. These are gross generalizations. But I think the conflict is real among a lot of people, and it’s one that will always fight increasingly diligent efforts to tamp down dissent.

That said, I want to note something else Goldsmith did, while making his aside that anyone making a cosmopolitan defense of Snowden cannot ask for a pardon under US law (a view I find fairly persuasive, which may be why I think a reasonable outcome is for Snowden to live out his life in Germany). In making that aside, Goldsmith effectively dismissed the possibility that living US values rather than interests might be both cosmopolitan and in our national interest.

I’ve talked about this repeatedly — the degree to which Snowden’s disclosures (and, to a lesser extent, Manning’s) served to expose some lies that are critical to American hegemony. Our hegemonic position relies — according to people like Goldsmith and, perhaps in reality, though the evidence is mixed — on our global dragnet, which in turn serves our global military presence. But it has also relied on an ideology, every bit as important as ideology was during the Cold War, that espoused democracy and market capitalism and, underscoring both of those, a belief in the worth of every individual (and by extension, individual nation) to compete on equal terms. Without that ideology, we’re just a garden variety empire, which is a lot harder to sustain because it requires more costly (in terms of dollars and bodies) coercion rather than persuasion.

And Snowden’s leaks showed we used our preferential position astride the world’s telecommunications network and our claim to serve freedom of expression to serve as the hegemon. Hell, the aftermath of that shows it even more! Country after country has backed off giving Snowden asylum — the proper cosmopolitan resolution — because the US retains enough raw power and/or access to the fruits of the dragnet to persuade countries that’s not in their “interest.”

This is an issue that has gotten far too little attention in the wake of the Snowden leaks: to what degree is the cost of the Snowden leaks measured in terms of exposing to the subjects of our hegemon facts that their leaders already knew (either because they were and are willing co-participants in the spying or knowledgeable adversaries engaged in equally ambitious but less effective surveillance)? I don’t doubt there are individual programs that have been compromised, though thus far the IC has badly hurt its case by making claims (such as that Al Qaeda only adopted encryption in response to Snowden, or that Snowden taught terrorists how to use burner phones) that are easily falsifiable. But a big part of the leaks are about the degree to which the US can (and does passively in many cases via bulk collection) spy on everyone.

But to me, the big cost has been in terms of exposing America’s hegemonic ideology as the fiction that ideologies always become if they aren’t from the start.

Note, I fully accept that that may be an unacceptable cost. America’s hegemony was already weakening; I believe Snowden’s disclosures simply accelerated that. It is absolutely possible that the weakening of US hegemony will create a vacuum of power that will leave chaos. That chaos may, may have already, led to a desire for strongmen in response. There were outside factors playing into all of this. The Iraq War did far more to rot America’s hegemonic virtue than Edward Snowden’s leaks ever could have. And it’s not clear that an empire based on oil can provide the leadership we need to fight climate change, which will increasingly be the source of chaos. But I accept that it is possible Snowden accelerated a process that may lead to horrible outcomes.

Here’s the thing, though: this younger generation of leakers — of dissident servants of the hegemon — don’t need to be cured of a lifetime of ideology. It may take, as it did with Manning, no more than critical assessment of some flyers confiscated by our so-called partners in liberation for the ideology cementing our hegemonic authority to crumble.

Our hegemony depends on the ideology of our values. That seems to both have been the trigger for and may justify the cosmopolitan interest in exposing our hypocrisy. And whether or not Americans should give a shit about the freedom of non-American subjects of the hegemon, to the extent that servants of that ideology here find the hypocrisy unsustainable, we’re likely to have more Mannings and more Snowdens.

Our global dragnet may very well serve the ethics of those who serve presidentially-defined American interests. As such, Snowden’s leaks are surely seen as unforgivable damage.

But it is also possible that American hegemony is only — was only — sustainable to the degree that we made sure that global dragnet was limited by the values that have always been critical to the ideology underlying our hegemony.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Thursday: Hotter than Hell

Have a little indie synthpop if your day isn’t hot enough. The artist Dua Lipa lives in London; she originally moved to the United Kingdom in the 1990s with her parents who are Kosovar-Albanian. Imagine a UK to which artists like Lipa cannot easily immigrate.

Money, money, money

  • HSBC’s global head of Forex trading in London arrested at JFK on Tuesday (Bloomberg) — Mark Johnson was picked up before his flight by the feds; his counterpart, Stuart Scott, HSBC’s former head of currency trading in Europe, has also been charged with Johnson for conspiracy to manipulate currency based on insider information. The transaction on which the case is based took place in 2011, earning HSBC $8 million on a $3.1 billion deal. Gee, I wonder if these guys worked the pre- and post-Brexit fall of the pound.
  • Mastercard snaps up UK’s VocaLink for $920M (Businesswire) — Should probably keep a tally of UK businesses bought while pound is still down from pre-referendum highs. VocaLink gives Mastercard huge reach in payroll and household bill processing across UK and access to a substantive majority of UK consumer data.
  • Subzero bond yields: who’d have predicted this? (Bloomberg) — Analysis of overall trends this year, including flights to safety and their effect on the market. Still trying to wrap my head around subzero bond yields; does this make sense to pay for safekeeping without expectation of increase in value at the end? What might this do to consumption and growth?

Daily dose of cyber

  • Forbidden Research: fixing “leaky” cellphones (MIT Media Lab) — Electrical engineer/hacker Andrew “bunnie” Huang and NSA whistleblower Edward Snowden published a paper presented at today’s MIT’s Forbidden Research event, outlining their work countering surveillance abuse by law enforcement. Journalists in particular are targets for surveillance; their cellphones “leak” all kinds of information about them and their location which airplane mode does not shield. Huang and Snowden propose a method for monitoring radio transmissions by a cellphone, including GPS, and a means for killing the transmissions. Abstract here, and the paper itself here. Very straightforward reads even for the non- to low-tech audience.
  • Dead man’s prints brought back from the dead (Fusion) — Law enforcement approached a Michigan State University professor Anil Jain and his PhD student Sunpreet Arora and asked them to recreate a dead man’s fingerprints in order to unlock his phone. There are few details disclosed about the case — not even which law enforcement agency made the ask — but the phone belonged to a murder victim and may contain information about his murderer. Or so the story says.
  • UK’s largest internet provider suffers two days of massive outages (TechRadar) — Outages have been blamed on power failures, but no additional information offered on reasons for power loss. Coincidentally, a C1 solar flare which began on July 17 caused radio disruption and aurora over the last 15-24 hours — might have made the situation worse.
  • France’s National Data Protection Commission says Microsoft Windows 10 operating system gathers too much personal data (Libération + BetaNews) — Surprised La Commission nationale de l’informatique et des libertés (CNIL) haven’t cuffed up Microsoft sooner given every version of Windows “phoned home” within information about its users and devices when patching and updating. Why is it Windows 10 in particular doesn’t comply with their Data Protection Act — is it the sniffing of users’ navigation data? Microsoft responded to CNIL’s complaint, not denying the claim but only saying it will work with CNIL on a solution. Right, then.

Tonight’s dinner and a movie: Jujubes and Ghostbusters. Yum. Stay cool, look after elderly neighbors and pets who need a reprieve from the heat.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Shaping Traffic and Spying on Americans

Screen Shot 2016-06-29 at 8.07.56 AMAt the Intercept earlier this week, Peter Maass described an interview he had with a former NSA hacker he calls Lamb of God — this is the guy who did the presentation boasting “I hunt SysAdmins.” On the interview, I agree with Bruce Schneier that it would have been nice to hear more from Lamb of God’s side of things.

But the Intercept posted a number of documents that should have been posted long, long ago, covering how the NSA “shapes” Internet traffic and how it identifies those using Tor and other anonymizers.

I’m particularly interested in the presentations on shaping traffic — which is summarized in the hand-written document to the right and laid out in more detail in this presentation.

Both describe how the NSA will force Internet traffic to cross switches where it has collection capabilities. We’ve known they do this. Beyond just the logic of it, some descriptions of NSA’s hacking include descriptions of tracking traffic to places where a particular account can be hacked.

But the acknowledgement that they do this and discussions of how they do so is worth closer attention.

That’s true, first of all, because of wider discussions of cable maps. In discussing the various ways to make Internet traffic cross switches to which the NSA has access, Lamb of God facetiously (as is his style) suggests you could bomb or cut all the cable lines that feed links to which the NSA doesn’t have access.

Screen Shot 2016-07-01 at 9.13.22 AM

Lamb of God dismisses this possibility as “fun to think about, but not very reasonable.”

But we know that cable lines do get cut. Back in 2008, for example, there were a slew of cables coming into the Middle East that got cut at one time (though that may have been designed to cut Internet communication more generally). Then there’s the time in 2012 when NSA tried to insert an exploit into a Syrian route, only to knock out almost all of the country’s Internet traffic.

One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn’t know that the US government was responsible. (This is the first time the claim has been revealed.)

Inside the TAO operations center, the panicked government hackers had what Snowden calls an “oh shit” moment. They raced to remotely repair the router, desperate to cover their tracks and prevent the Syrians from discovering the sophisticated infiltration software used to access the network. But because the router was bricked, they were powerless to fix the problem.

Fortunately for the NSA, the Syrians were apparently more focused on restoring the nation’s Internet than on tracking down the cause of the outage. Back at TAO’s operations center, the tension was broken with a joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”

Again, we’ve known this happened, which is why it would have been nice to have this presentation three years ago, if only to explain the concept to those who don’t factor it into considerations of how the NSA works.

The other reason this is important is because of the possibility the NSA could deliberately shape traffic to take it out of FISA-controlled domestic space and into EO 12333-governed international space, a possibility envisioned in a 2015 paper. The slides from the paper present the same techniques laid out in the NSA presentation as hypothetical. And, as their more accessible write up explains, the NSA’s denials about this practice don’t actually address their underlying argument, which is that 1) the technology would make this easy, 2) the legal regime is outdated and thereby tolerates such loopholes, and 3) the parts of declassified versions of USSID-18 that might address it are all redacted.

In the paper, we reveal known and new legal and technical loopholes that enable internet traffic shaping by intelligence authorities to circumvent constitutional safeguards for Americans. The paper is in some ways a classic exercise in threat modeling, but what’s rather new is our combination of descriptive legal analysis with methods from computer science. Thus, we’re able to identify interdependent legal and technical loopholes, mostly in internet routing. We’ll definitely be pursuing similar projects in the future and hope we get other folks to adopt such multidisciplinary methods too.

As to the media coverage, the CBS News piece contains some outstanding reporting and an official NSA statement that seeks – but fails – to debunk our analysis:

However, an NSA spokesperson denied that either EO 12333 or USSID 18 “authorizes targeting of U.S. persons for electronic surveillance by routing their communications outside of the U.S.,” in an emailed statement to CBS News.

“Absent limited exception (for example, in an emergency), the Foreign Intelligence Surveillance Act requires that we get a court order to target any U.S. person anywhere in the world for electronic surveillance. In order to get such an order, we have to establish, to the satisfaction of a federal judge, probable cause to believe that the U.S. person is an agent of a foreign power,” the spokesperson said.

The NSA statement sidetracks our analysis by re-framing the issue to construct a legal situation that conveniently evades the main argument of our paper. Notice how the NSA concentrates on the legality of targeting U.S. persons, while we argue that these loopholes exist when i) surveillance is conducted abroad and ii) when the authorities do not “intentionally target a U.S. person.” The NSA statement, however, only talks about situations in which U.S. persons are “targeted” in the legal sense.

As we describe at length in our paper, there are several situations in which authorities don’t intentionally target a U.S. person according to the legal definition, but the internet traffic of many Americans can in fact be affected.

Once you’re collecting in bulk overseas, you have access to US person communications with a far lower bar than you do under the FISA regime (which is what John Napier Tye strongly suggested he had seen).

This is one of the reasons I think the NSA’s decision not to answer obvious questions about where FISA ends and EO 12333 begins, in the context of concerns Snowden raised at precisely the time he was learning about this traffic shaping, to be very newsworthy. Using traffic shaping to access US person content even if it’s only in bulk (in the same way that hacking Google cables overseas) clearly bypasses the FISA regime. We don’t know that they do this intentionally for US traffic. But we do know it would be technically trivial for the NSA to pull off, and we do know that multiple NSA documents make it clear they were playing in that gray area at least until 2013 (and probably 2014, when Tye came forward).

The traffic shaping paper ultimately tries to point out how our legal regime fails to account for obvious technical possibilities, technical possibilities we know NSA exploits, at least overseas. Particularly as ODNI threatens to permit the sharing EO 12333 data more broadly — along with access to back door searches — this possibility needs to be more broadly discussed.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

How Did Booz Employee Analyst-Trainee Edward Snowden Get the Verizon 215 Order?

One thing I’ve been pondering as I’ve been going through the Snowden emails liberated by Jason Leopold is the transition Snowden made just before he left. They show that in August 2012, Snowden was (as we’ve heard) a Dell contractor serving as a SysAdmin in Hawaii.

Screen Shot 2016-06-10 at 1.48.37 PM

The training he was taking (and complaining about) in around April 5 – 12, 2013 was in preparation to move into an analyst role with the National Threat Operations Center.

Screen Shot 2016-06-10 at 1.55.17 PM

That would mean Snowden would have been analyzing US vulnerabilities to cyberattack in what is a hybrid “best defense is a good offense” mode; given that he was in HI, these attacks would probably have been launched predominantly from, and countermeasures would be focused on, China. (Before Stewart Baker accuses me of showing no curiosity about this move, as Baker did about the Chinese invitation to Snowden’s girlfriend to a pole dancing competition, I did, but got remarkably little response from anyone on it.)

It’s not clear why Snowden made the switch, but we have certainly seen a number of cybersecurity related documents — see the packet published by Charlie Savage in conjunction with his upstream cyber article. Even the PRISM PowerPoint — the second thing released — actually has a cybersecurity focus (though I think there’s one detail that remains redacted). It’s about using upstream to track known cyberthreat actors.

Screen Shot 2016-06-10 at 2.09.14 PM

I suspect, given the inaccuracies and boosterism in this slide deck, that it was something Snowden picked up while at Booz training, when he was back in Maryland in April 2013. Which raises certain questions about what might have been available at Booz that wasn’t available at NSA itself, especially given the fact that all the PRISM providers’ names appear in uncoded fashion.

Incidentally, Snowden’s job changes at NSA also reveal that there are Booz analysts, not NSA direct employees, doing Section 702 analysis (though that is technically public). In case that makes you feel any better about the way the NSA runs it warrantless surveillance programs.

Anyway, thus far, all that makes sense: Snowden got into a cybersecurity role, and one of the latest documents he took was a document that included a cybersecurity function (though presumably he could have gotten most of the ones that had already been completed as a SysAdmin before that).

But one of the most sensitive documents he got — the Verizon Section 215 primary order — has nothing to do with cybersecurity. The Section 215 dragnet was supposed to be used exclusively for counterterrorism. (And as I understand it, there are almost no documents, of any type, listing provider names in the Snowden stash, and not all that many listing encoded provider names). But the Verizon dragnet order it is dated April 23, 2013, several weeks into the time Snowden had moved into a cybersecurity analytical role.

Screen Shot 2016-06-10 at 2.29.20 PM

There’s probably an easy explanation: That even though NSA is supposed to shift people’s credentials as they move from job to job, it hadn’t happened for Snowden yet. If that’s right, it would say whoever was responsible for downgrading Snowden’s access from SysAdmin to analyst was slow to make the change, resulting in one of the most significant disclosures Snowden made (there have been at least some cases of credentials not being adjusted since Snowden’s leaks, too, so they haven’t entirely addressed what would have to be regarded as a major fuck-up if that’s how this happened).

Interestingly, however, the declassification stamp on the document suggests it was classified on April 12, not April 23, which may mean they had wrapped up the authorization process, only to backdate it on the date it needed to be reauthorized. April 12, 2013 was, I believe, the last day Snowden was at Fort Meade.

Screen Shot 2016-06-10 at 2.34.33 PM

Whatever the underlying explanation, it should be noted that the most sensitive document Snowden leaked — the one that revealed that the government aspired to collect phone records from every single Verizon customer (and, significantly, the one that made court challenges possible) — had to have been obtained after Snowden formally left his SysAdmin, privileged user, position.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

NSA’s Curious Goal-Post Moving on Snowden’s Complaints

In our piece on NSA’s response to requests for records of Edward Snowden’s complaints, Jason Leopold and I reported that a senior NSA official apologized to Admiral Mike Rogers for providing insufficient context about Snowden’s contacts with oversight entities before Snowden’s email to OGC got released on May 29, 2014. (See PDF 6 for the email and response as they got publicly released.) More importantly, we reported that the apology — written after several days of fact-checking — included at least one clear error. After we pointed that out to the intelligence community and asked questions for clarification, the NSA significantly moved the goalposts on its claims about whether Snowden had raised concerns, denying that Snowden had talked to the top three NSA officials rather than lower level ones. Here’s why I think that’s significant.

Conflicting claims about what happened between compliance and Snowden

On April 8, 2014, NSA learned that an upcoming Vanity Fair piece would include a claim from Edward Snowden that “I contacted N.S.A. oversight and compliance bodies.” (PDF 13)

Apparently in response to that claim, on the following day a woman involved in training in Signals Intelligence Compliance and Oversight (what the NSA calls SV) wrote up an exchange she had with Snowden a year earlier. (PDF 147) Here’s how that email appeared on April 10, after at least one draft.

The individual appeared at the side of my desk in the SV training area during the timeframe between 5 – 12 April 2013, shortly after lunch time. He did not introduce himself and instead asked if he could talk to someone about the OVSC1203 [Section 702] course. I indicated that he could talk to me. He seemed upset and proceeded to say that he had tried to take OVSC1203 and that he had failed. He then commented that he felt we had trick questions throughout the course content that made him fail. SV Training has standard (canned) responses we use to respond to questions like this. I introduced myself and provided the information to him. My comments were standard and part of our “canned” responses, and informed him that the OVSC courses did not contain any trick questions and that all of the answers to the test questions could be located within the course content (our standard response when someone states they have failed any of our courses). Also, as part of our standard response with this type of question, we remind the student that the course is open book and not timed, also part of our routine canned response. I also reminded him that students receive multiple attempts to successfully pass the course and if they are not successful after multiple attempts he would need to contact us for further assistance. He seemed to have calmed down by then and said he still thought the questions tricked the students but he would try again.

Several pieces of evidence in the email collection suggest this email was the first time she wrote up the exchange (though I imagine there’s an FBI 302 of an interview with her). Not only did no other written version of it get turned over in Leopold’s FOIA, but when the Chief of SV explained the exchange to superiors, no claim of contemporaneous report was made. (PDF 255) Similarly, there’s no definitive written evidence of this report getting reported to the various investigators (though there is one piece of evidence it may have been orally described). In addition, the woman had to revise at least the dates during which she described the exchange taking place on April 10, suggesting she wasn’t working from an existing written document. (PDF 300)

On May 29, 2014, first Dianne Feinstein (there’s evidence she was prodded by someone at NSA or ODNI) released Snowden’s email exchange with OGC, then NSA formally released it.

Later the evening of May 29, Edward Snowden told WaPo the release did not include “correspondence” with SV in which he said they “believed that a classified executive order could take precedence over an act of Congress.”

Today’s release is incomplete, and does not include my correspondence with the Signals Intelligence Directorate’s Office of Compliance, which believed that a classified executive order could take precedence over an act of Congress, contradicting what was just published. It also did not include concerns about how indefensible collection activities – such as breaking into the back-haul communications of major US internet companies – are sometimes concealed under E.O. 12333 to avoid Congressional reporting requirements and regulations.

About an hour and a half after Feinstein had released Snowden’s email on May 29 but before WaPo published Snowden’s claim, the Media Leaks Task Force discovered the write-up of the SV exchange from April, but did not release it publicly (meaning when Snowden made his claim, he did not know they had written up the exchange). Around, or even before that, OGC realized that some of the discussions they were having would have to be turned over in response to this FOIA, and then-General Counsel Raj De “ask[ed] that no one else comment on the low-side [less secure] (or add additional folks to the e-mail exchange),” (PDF 148), so it’s not clear subsequent discussions about this exchange got released in the FOIA.

In response to conflicting claims, NSA does a fact check … and then an internal apology

In the days thereafter, NSA Chief of Staff Elizabeth Brooks got asked to fact check the claims that had been made so far, with the SV Chief and Deputy Chief providing more details on the exchange. It appears there was a senior meeting, probably including Admiral Rogers, at 10AM on June 3, at which someone (probably Brooks) wrote down (PDF 261) “conversation between Snowden & compliance officer where he complained / wants in writing exactly what Snowden has done in writing and verbally.”

Screen Shot 2016-06-08 at 2.28.12 AM

Later that day, “the accountable NSA official for Media Disclosures issues” wrote Admiral Rogers a pretty remarkable apology for not providing sufficient context about Snowden’s interactions. (PDF 96) It’s remarkable that it happened — kudos to Admiral Rogers for trying to get clarity on this issue. But it’s remarkable, too, because even after the two day fact-checking process, the apology endeavoring to keep NSA leadership fully informed did not do so.

The error in the apology email

For example, the apology does not tell Rogers that the face-to-face exchange could have happened on one of the same days as the OGC email (and definitely happened within the same week), making it more likely the OGC email and the SV face-to-face exchange were actually two parts of the same exchange (Snowden would have known SV had been involved in his OGC response from both the final response he got, as well as the email forwarding the question from OGC to SV, which got forwarded to him). The apology also, like NSA’s response to this FOIA, doesn’t disclose what got discussed between 7 people as they decided who and how to respond to Snowden’s email (the apology itself, because it gave Rogers the redacted version of Snowden’s email released to the public, would have obscured that 6 people were involved in this response, but he could have gotten that information in previous email threads had he read them closely). It also makes what — given the evidence in the emails, at least — appears to be a clear error by claiming that the SV woman wrote up her exchanges with Snowden in response to NSA’s request for information on contacts with him: “In response to the June 2013 Agency All (See Attachment B) [the SV training woman] provided in writing her account of these engagements.”

That claim appears to be erroneous on two counts.

Read more

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Lawyer Who Filed Crime Report against SSCI Staffer, Robert Eatinger, Complains about Lack of Trust

Robert Eatinger, whose name was redacted 1,600 times in the Senate Torture report, and who went on to file a crime report against Senate staffers for using materials provided to them by CIA, is complaining about lack of trust in this summary of Edward Snowden’s role in surveillance debates.

“The loss in trust with the U.S. public and businesses has a real operational effect. Despite Hollywood portrayals, U.S. intelligence has limited authorities, personnel, and resources,” Robert Eatinger, former senior deputy general counsel at the CIA, said. “Our intelligence agencies depend on the willingness of U.S. persons and companies to provide information and assistance, either voluntarily or through a contract mechanism. A loss in trust reduces the number of Americans willing to assist our intelligence agencies. It reduces not only voluntary assistance but also the number of companies willing to enter into contracts.”

“We have seen recent examples of major U.S. companies not only declining to help U.S. intelligence, but activity seeking to frustrate it. Perhaps the most obvious is Twitter, Inc.’s recent directive to the data analytics company Dataminr to cease selling data, not precisely defined in the press reporting, to U.S. intelligence agencies,” Eatinger added.

At least according to Twitter, this is a false representation of what has happened. Twitter says that its policy on Dataminr selling data to the intelligence community is longstanding, not a recent change.

Constitution Project’s Katherine Hawkins actually tried to have Eatinger’s name unredacted in the released summary via the formal process to do so, with no luck.

I can think of few things that have eroded trust in recent years than the serial coverups of CIA’s torture, in which Eatinger has had a central role.

So I guess they went to the expert in eroding trust.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Carrie Cordero’s Counterintelligence Complaints

I wasn’t going to respond to Carrie Cordero’s Lawfare piece on my and Jason Leopold’s story on NSA’s response to Edward Snowden’s claims he raised concerns at the agency, largely because I think her stance is fairly reasonable, particularly as compared to other Snowden critics who assume his leaks were, from start to finish, an FSB plot. But a number of people have asked me to do so, so here goes.

Let’s start with this:

As far as we know – even after this new reporting – Snowden didn’t lodge a complaint with the NSA Inspector General. Or the Department of Defense Inspector General. Or the Intelligence Community Inspector General. He didn’t follow up with the NSA Office of General Counsel. He didn’t make phone calls.  He didn’t write letters. He didn’t complain to Members of Congress who would have been willing to listen to his concerns.

Now here’s the rub: do I think that had he done all these things, the programs he questioned would have been shut down and there would have been the same effect as his unauthorized disclosures? No. He probably would have been told that more knowledgeable lawyers, leadership officials, congressmen and dozens of federal judges all assessed that the activities he questioned were legal.

Without noting the parts of the article that show that, nine months into the Snowden leaks and multiple hearings on the subject, Keith Alexander still didn’t know how contractors might raise complaints, and that the NSA editing of its Q&A on Snowden show real questions about the publicity and viability of reporting even to the IG, especially for legal violations, Cordero complains that he did not do so. Then she asserts that had Snowden gone to NSA’s IG (ignoring the record of what happened to Thomas Drake when he did the same), the programs would not have changed.

And yet, having taken a different approach, some of them have changed. Some of the programs — notably Section 215, but also tech companies’ relationship with the government, when exposed to democratic and non-FISA court review, and FISA court process itself — did get changed. I think all but the tech company changes have largely been cosmetic, Cordero has tended to think reforms would go too far. But the record shows that Snowden’s leaks, along with whatever else damage critics want to claim they caused, also led to a democratic decision to shift the US approach on surveillance somewhat. Cordero accuses Snowden of doing what he did because of ego — again, that’s her prerogative; I’m not going to persuade people who’ve already decided to think differently of Snowden — but she also argues that had Snowden followed the already problematic methods to officially report concerns, he would have had less effect raising concerns than he had in fact. Some of what he exposed may have been legally (when argued in secret) sustainable before Snowden, but they turned out not to be democratically sustainable.

Now let’s go back to how Cordero characterizes what the story showed:

Instead, the report reveals:

  • An NSA workforce conducting a huge after-action search for documents seeking to affirm or refute Snowden’s claim that he had raised red flags internally before resorting to leaking classified documents;
  • Numerous officials terrified that they would miss something in the search, knowing full-well how easily that could happen in NSA’s giant and complex enterprise; and
  • The NSA and ODNI General Counsels, and others in the interagency process –doing their job.

The emails in the report do reveal that government officials debated whether to release the one document that was evidence that Snowden did, in fact, communicate with the NSA Office of General Counsel. It’s hard to be surprised by this. On one hand, the one email in and of itself does not support Snowden’s public claim that he lodged numerous complaints; on the other hand, experienced senior government officials have been around the block enough times to know that as soon as you make a public statement that “there’s only one,” there is a very high likelihood that your door will soon be darkened by a staff member telling you, “wait, there’s more.” So it is no wonder that there was some interagency disagreement about what to do.

For what it’s worth, I think the emails show a mixed story about how well various participants did their job. They make Admiral Rogers look great (which probably would have been more prominently noted had the NSA not decided to screw us Friday night, leading to a very rushed edit job). They make Raj De, who appears to have started the push to release the email either during or just as Snowden’s interview with Brian Williams finished airing (it aired at 10:00 PM on May 28; though note the time stamps on this string of De emails are particularly suspect), look pretty crummy, and not only for that reactive response. (I emailed De for comment but got no response.)

Screen Shot 2016-06-05 at 12.57.44 PM

Later on, Cordero admits that, in addition to the OGC email, the story reported for the first time that there had also been a face-to-face conversation with one of the people involved in responding to that email.

The Vice report reveals that Snowden did do at least these things related to his interest in legal authorities and surveillance activities: (i) he clicked on a link to send a question to NSA OGC regarding USSID 18 training, which resulted in an emailed response from an NSA attorney; and (ii) he had a personal interaction (perhaps a short conversation) with a compliance official regarding questions in a training module. But according to the report, in his public statements, “Snowden insisted that he repeatedly raised concerns while at the NSA, and that his concerns were repeatedly ignored.”

(Note Cordero entirely ignores that interviews with Snowden’s colleagues — the same people whom she characterized as terrified they’d miss something in the media response but doesn’t consider whether they would be even more terrified conversations about privacy with Snowden might be deemed evidence of support for him — found a number of them having had conversations about privacy and the Constitution).

She doesn’t get into the chronology of the NSA’s treatment of the face-to-face conversation, though. What the story lays out is this:

  • Released emails show NSA now asserts that Snowden complained about two training programs within the span of a week, possibly even on the same day, with Compliance being involved in both complaints (Snowden would have known they were involved in the OGC response from forwarded emails)
  • Given the record thus far, it appears that there is no contemporaneous written record of the face-to-face complaint (we asked the NSA for any and that’s when they decided to just release the emails in the middle of the night instead of responding, though I assume there is an FBI 302 from an interview with the training woman)
  • Given the record thus far, NSA only wrote up that face-to-face complaint the day after and because NSA first saw teasers from the April 2014 Vanity Fair article revealing Snowden’s claim to have talked to “oversight and compliance”
  • In spite of what I agree was a very extensive (albeit frantic and limited in terms of the definition of “concern”) search, NSA did not — and had not, until our story — revealed that second contact, even though it was written up specifically in response to claims made in the press and well before the May 29 release of Snowden’s email
  • In the wake of NSA not having acknowledged that second contact, a senior NSA official wrote Admiral Rogers a fairly remarkable apology and (as I’ll show in a follow-up post) the NSA is now moving the goal posts on whom they claim Snowden may have talked to

Now, I actually don’t know what happened in that face-to-face contact. We asked both sides of the exchange very specific questions about it, and both sides then declined to do anything but release a canned statement (the NSA had said they would cooperate before they saw the questions). Some would say, so what? Snowden was complaining about training programs! Training programs, admittedly, that related to other documents Snowden leaked. And at least one training program, as it turns out, that the NSA IG had been pushing Compliance to fix for months, which might explain why they don’t want to answer any questions. But nevertheless “just” training programs.

I happen to care about the fact that NSA seems to have a pattern of providing, at best, very vague information about how seriously NSA has to take FISA (or, in the one program we have in its entirety, perfectly legal tips about how to bypass FISA rules), but I get that people see this as just a training issue.

I also happen to care about the fact that when Snowden asked what NSA would like to portray as a very simple question — does what would be FISA take precedence over what would be EO 12333 — it took 7 people who had been developing that training program to decide who and how to answer him. That question should be easier to answer than that (and the emailed discussion(s) about who and how to answer were among the things conspicuously withheld from this FOIA).

But yes, this is just two questions about training raised at a time (we noted in the story) when he was already on his way out the door with NSA’s secrets.

Which is, I guess, why the balance of Cordero’s post takes what I find a really curious turn.

If this is all there is – a conversation and a question  – then to believe that somehow NSA attorneys and compliance officials were supposed to divine that he was so distraught by his NSA training modules that he was going to steal the largest collection of classified documents in NSA history and facilitate their worldwide public release, is to live in a fantasy land.

No, what this new report reveals is that NSA lawyers and compliance personnel take questions, and answer them. Did they provide a simple bureaucratic response when they could or should have dug deeper? Maybe. Maybe not.

Because what they apparently do not do is go on a witch hunt of every employee who asks a couple legal questions. How effective do we think compliance and training would be, if every person who asks a question or two is then subject to intense follow-up and scrutiny? Would an atmosphere like that support a training environment, or chill it?

[snip]

NSA is an organization, and a workforce, doggedly devoted to mission, and to process. In the case of Snowden, there is an argument (one I’ve made before) that its technical security and counterintelligence function failed. But to allude – as today’s report does – that a couple questions from a low level staffer should have rung all sorts of warning bells in the compliance and legal offices, is to suggest that an organization like NSA can no longer place trust in its workforce. I’d wager that the reason the NSA lawyers and compliance officials didn’t respond more vigorously to his whispered inquiries, is because they never, in their wildest dreams, believed that a coworker would violate that trust.

Cordero turns a question about whether Snowden ever complained into a question about why the NSA didn’t notice he was about to walk off with the family jewels because he complained about two training programs.

There are two reasons I find this utterly bizarre. First, NSA’s training programs suck. It’s not just me, based on review of the few released training documents, saying it (though I did work for a number of years in training), it’s also NSA’s IG saying the 702 courses, and related materials, are factually wrong or don’t address critical concepts. Even the person who was most negative towards Snowden in all the emails, the Chief of SID Strategic Communications Team, revealed that lots of people complain about the 702 test (as is also evident from the training woman’s assertion they have canned answers for such complaints).

Complaints about fairness/trick questions are something that I saw junior analysts in NTOC … would pose — these were all his age and positional peers: young enlisted Troops, interns, and new hires. Nobody that has taken this test several times, or worked on things [redacted] for more than a couple of years would make such complaints. It is not a gentleman’s course. *I* failed it once, the first time I had to renew.

I’m all for rigorous testing, but all the anecdotes about complaints about this test may suggest the problem is in the test, not the test-takers. It’s not just that — as Cordero suggested — going on a witch hunt every time someone complains about training courses would chill the training environment (of a whole bunch of people, from the sounds of things). It’s that at precisely the moment Snowden took this training it was clear someone needed to fix NSA’s training, and Cordero’s response to learning that is to wonder why someone didn’t launch a CI investigation.

Which leads me to the other point. As Cordero notes, this is not the first time she has treated the Snowden story as one primarily about bad security. I happen to agree with her about NSA’s embarrassing security: the fact that Snowden could walk away with so much utterly damns NSA’s security practices (and with this article we learn that, contrary to repeated assertions by the government, he was in an analytical role, though we’ve already learned that techs are actually the ones with unaudited access to raw data).

But here’s the thing: you cannot, as Cordero does, say that the “foreign intelligence collection activities [are] done with detailed oversight and lots of accountability” if it is, at the same time, possible for a SysAdmin to walk away with the family jewels, including raw data on targets. If Snowden could take all this data, then so can someone maliciously spying on Americans — it’s just that that person wouldn’t go to the press to report on it and so it can continue unabated. In fact, in addition to rolling out more whistleblower protections in the wake of Snowden, NSA has made some necessary changes (such as not permitting individual techs to have unaudited access to raw data anymore, which appears to have been used, at times, as a workaround for data access limits under FISA), even while ratcheting up the insider threat program that will, as Cordero suggested, chill certain useful activities. One might ask why the IC moved so quickly to insider threat programs rather than just implementing sound technical controls.

Carrie Cordero’s lesson, aside from grading the participants in this email scrum with across-the-board As, is that Snowden complaining about the same training programs the IG was also complaining about should have been a counterintelligence issue but wasn’t because of the great trust at NSA. That argument, taken in tandem with Cordero’s vouching for NSA’s employees, should not, itself, inspire trust.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

James Clapper’s Latest Effort To Fearmonger about Snowden’s Damage

In addition to getting him to admit the US can’t fix the Middle East but we have to stay because our “leadership” is needed there, in this column David Ignatius asked James Clapper, again, about how much damage Edward Snowden has caused.

Clapper said the United States still can’t be certain how much harm was done to intelligence collection by the revelations of disaffected National Security Agency contractor Edward Snowden. “We’ve been very conservative in the damage assessment. Overall, there’s a lot,” Clapper said, noting that the Snowden disclosures made terrorist groups “very security-conscious” and speeded the move to unbreakable encryption of data. And he said the Snowden revelations may not have ended: “The assumption is that there are a lot more documents out there in escrow [to be revealed] at a time of his choosing.”

Let’s unpack this.

Clapper provides two pieces of evidence for damage:

  1. Snowden disclosures have made terrorist groups “very security-conscious”
  2. Snowden disclosures have “speeded the move” [by whom, it’s not entirely clear] to unbreakable encryption

That’s a bit funny, because what we saw from the terrorist cell that ravaged Paris and Belgium was — as The Grugq describes it — “drug dealer tradecraft writ large.” Stuff that they could have learned from watching the Wire a decade ago, with a good deal of sloppiness added in. With almost no hints of the use of encryption.

If the most dangerous terrorists today are using operational security that they could have learned years before Snowden, then his damage is not all that great.

Unless Clapper means, when he discusses the use of unbreakable encryption, us? Terrorists were already using encryption, but journalists and lawyers and US-based activists might not have been (activists in more dangerous places might have been using encryption that the State Department made available).

Neither of those developments should be that horrible. Which may be why Clapper says, “We’ve been very conservative in the damage assessment” even while insisting there’s a lot. Because this is not all that impressive, unless as Chief Spook you think you should have access to the communications of journalists and lawyers and activists.

I’m most interested, however, in this escrow idea.

“The assumption is that there are a lot more documents out there in escrow [to be revealed] at a time of his choosing.”

Snowden and Glenn Greenwald and Laura Poitras and Bart Gellman have said about a zillion times that Snowden handed everything off before he went to Russia. And everyone who knows anything about Russia would assume if he brought documents there, Putin has had them for almost 3 years.

Sure, there are surely documents that reporters have that, reviewed in the future by other people, may result in new disclosures. But the suggestion that Snowden himself is asking the journalists to hold back some of the documents “in escrow” is rather curious. Why would Snowden withhold documents until such time that the technology behind disclosures would be out of date.

I mean, it’s useful as a basis to claim that Snowden will continue to damage the IC when there’s actually not that much evidence he already has. But it doesn’t make much sense to me.

Ah well. In the article Clapper says he’ll be around for 265 days, which means around February 9 of next year, someone else will take up fearmongering about Edward Snowden.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The IC Can’t Even Decide What Is Classified in Hillary’s Emails But They’re Attempting To Do Same on the Internet

Yesterday, Steven Aftergood noted that, rather than prosecute leakers, the Intelligence Community is instead taking administrative measures against people who leak information. We’ve know they were moving in that direction for some time (largely through Aftergood’s efforts). But he posts now de-classified testimony obtained via FOIA that Bob Litt gave in 2012 explaining the change.

“This Administration has been historically active in pursuing prosecution of leakers, and the Intelligence Community fully supports this effort,” said ODNI General Counsel Robert S. Litt in testimony from a closed hearing of the Senate Intelligence Committee in 2012 that was released last week in response to a Freedom of Information Act request.

But, he said, “prosecution of unauthorized disclosure cases is often beset with complications, including difficult problems of identifying the leaker, the potential for confirming or revealing even more classified information in a public trial, and graymail by the defense.”

Therefore, Mr. Litt said, in 2011 Director of National Intelligence James Clapper ordered intelligence agencies “to pursue administrative investigations and sanctions against identified leakers wherever appropriate. Pursuant to this DNI directive, individual agencies are instructed to identify those leak incidents that are ripe for an administrative disposition….”

As Aftergood notes, such measures sure didn’t dissuade Edward Snowden.

There are two more interesting details of note in the testimony Aftergood liberated. First, Litt provides a somewhat redacted assessment of whether IC elements have the ability to audit employee activities on their networks. Most members of the IC has some audit and monitoring in place. Whereas some are what Litt describes as “robust,” he admitted that “other agencies have less mature programs, but some ability to track employee online activity.”

I do hope for Litt’s sake he didn’t tell SSCI, a year before Snowden’s leaks, that the NSA was among the agencies with robust systems, because they ended up having no ability to track what he took, much less see him taking huge amounts of data in real time.

Perhaps most interesting, though, is Litt’s reference to the development of “automated systems … that will assist in identifying classified information published on the Internet.” By Litt’s testimony on February 9, 2012, an IC study had “concluded that it would be beneficial and feasible for ONCIX/S to implement a centralized and automated capability to identify potential unauthorized disclosures of classified information published electronically on the Internet.” The IC was looking for funding to develop a pilot program to do just that in 2012.

The example of Hillary’s email is testament to one of many problems with such a plan. Various intelligence agencies accused her aides of sharing classified information. But in at least some cases, the same information was available via open source (not to mention that it’s easy to suss out what the IC thinks its biggest secrets are).

So the IC will be scanning the Internet for stuff they think is theirs. But short of tracking classification markings, this will necessarily involved scanning for either known leaked information (so imagine them currently tracking everyone discussing a document Snowden leaked, anywhere in the world), or scanning for information that looks to have the particular syntax (heh) of an intelligence report.

There are a range of problems I can imagine that would result.

But that likely won’t stop the IC from trying to hold their glut of classified information inside their fences, or to hunt down people who seem to understand the same things the IC knows, in case that person can be caught talking to some person the IC would also like to enclose behind that fence.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.