Posts

Whither Shadow Brokers in Discussions of Foreign Hacks of America?

Since Shadow Brokers first started leaking apparent NSA tools in August, there have been very few mentions of the compromise from Congress. Adam Schiff expressed some concern about the compromise at the time (though not about the failures of the Vulnerabilities Equities Process the leaks appeared to indicate). And the HPSCI report on Edward Snowden had a sentence stating, “Recent security breaches at NSA underscore the necessity for the agency to improve its security posture,” though that reference doesn’t name Hal Martin, the still unnamed NSA TAO employee who stole some hacking tools in 2015 referred to in a November WaPo article, or Shadow Brokers (which may or may not have relied on Martin as a source).

That silence continued today in the Senate Armed Services Committee on Foreign Cyber Threats to the US. Even if Shadow Brokers is not a Russian group, as many people speculated back in August, or even foreign, wouldn’t the exposure of NSA’s (dated) hacking tools pose a cyber threat by itself?

But there were two exchanges in the hearing that may have pointed to Shadow Brokers. Even if they did not, both are worth bookmarking for the assertions made. In the first exchange, Tom Cotton (who, in addition to SASC, is also on SSCI, so would be privy to any Shadow Brokers information shared with the full intelligence committees) tried to narrowly bracket what the IC means when it refers to Russia hacking the US (after 1:24).

Cotton: We’ve heard a lot of imprecise language here today and it’s been in the media here as well. Phrases like “hacked the election,” “undermine democracy,” “intervened in election.” So I want to be more precise here. Director Clapper let’s go to the October 7 statement. That says, quote, “the recent compromises of emails from US persons and institutions including from US political organizations” was directed by the Russian government.” Are we talking there specifically about the hack of the DNC and the hack of John Podesta’s emails?

Clapper: Yes.

Cotton: Are we talking about anything else?

Clapper: That was, essentially at the time, what we were talking about.

Cotton: At the time then — it says that “recent disclosures through websites like DC Leaks and Wikileaks … are consistent with the methods and motivations of Russian directed efforts.” DNC emails were leaked first, I believe, in July.  Is that what the statement is talking about there?

Clapper: I believe so.

Cotton: Mr. Podesta’s emails were not leaked I believe until that very day on October 7, so was the statement referring to that, yet, or was that not intending to be included?

Clapper: I’d have to research the exact chronology of when John Podesta’s emails were compromised. But I think though that that bears on my statement that our assessment now is even more resolute than it was with that statement on the 7th of October. [my emphasis]

Cotton’s statement is odd in any case. He makes no mention of the DCCC, which of course had also been hacked by October 7. Moreover, in his second citation from the DHS/ODNI statement, he omits the reference to the Guccifer 2 persona, who leaked the DCCC documents as well as some DNC files and — according to him, at least — handed those over to Wikileaks. So in his effort to inject precision into this discussion, he’s either introducing imprecision, or he’s revealing details from classified briefings.

In any case, in response to Cotton’s questions, Clapper admits that the only hack referenced in the October 7 statement (though it’s clear he doesn’t have these facts ready at hand). But then he suggests — without much emotion — that what the IC was talking about on October 7 is different from what the IC might include now, which is one reason the IC is more “resolute” about its assessment of Russian attribution.

There are many things Clapper might include in additional entities, not least GOP targets, including Colin Powell (whose emails, after all, had already been released on DC Leaks). One of those is Shadow Brokers.

Fifteen minutes later (after 1:41), Joe Donnelly ask a question that Clapper justifiably can’t make sense of.

The government has named those responsible for the DNC hack as APT 28 and APT 29, part of the Russian intelligence services: the GRU and the FSB. Are all the actors targeted by these two entities known to the public, sir?

Clapper: I’m sorry sir, the question again, are all what?

Donnelly: All the actors targeted by these two entities, GRU, FSB, APT 28, 29, do we know everybody, have you told us who’s involved or are there more that you can’t discuss at this time?

Clapper: Right. I don’t think I can discuss that in this forum.

It appears Donnelly is asking about whether APT 28 and 29 hacked other victims (though when I heard this in real time it sounded like Donnelly was asking about other Russian participants in the hacking). We know they have (indeed, the Joint Analysis Report released the other day discusses those other targets, so they can’t be classified at all). But whatever Clapper took from Donnelly’s question, he took the answer to be too sensitive to respond to in open session. Furthermore, he said he could not discuss it in this forum, not that Donnelly should wait until next week’s report.

The Shadow Brokers is still out on Twitter, bitching (as recently as January 1) they didn’t get included in the JAR report or sanctions list, suggesting they at least want you to believe they’re part of the larger Russian hack.

So why was there no mention of them in the SASC hearing?

Update, 1/10: Embarrassing whither/wither typo fixed. H/t Christopher.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Thom Tillis Reminds James Clapper that the US Tampers in Elections, Too

Several times in today’s hearing on foreign cyberattacks on the US, James Clapper explained why he never favored big retaliation for China’s hack of OPM: because he considers it the kind of espionage we engage in too. “People who live in glass houses shouldn’t throw rocks.”

When North Carolina Republican Thom Tillis got his turn, he addressed Clapper’s comment, pointing out that on election-tampering, as with espionage, the US lives in a big glass house.

The glass house comment is something that I think is very important. There’s been research done by a professor up at Carnegie Mulligan that um Mellon that estimated that the United States has been involved in one way or another in 81 different elections since World War II. That doesn’t include coups or regime changes. Tangible evidence where we’ve tried to affect an outcome to our purpose. Russia’s done it some 36 times. In fact, when Russia apparently was trying to influence our election, we had the Israelis accusing us of trying to influence their election.

So I’m not here to talk about that. But I am here to say we live in a big glass house and there are a lot of rocks to throw and I think that that’s consistent with what you said on other matters.

With regards to comparative numbers on US and Russian intervention in elections, Tillis is discussing research published by Dov Levin last year (see WaPo version), who found that either the US or Russia intervened in 11.3% of all elections since World War II, with the US — indeed — intervening far more often (and more broadly) than Russia.

Overall, 117 partisan electoral interventions were made by the US and the USSR/Russia between 1 January 1946 and 31 December 2000. Eighty-one (or 69%) of these interventions were done by the US while the other 36 cases (or 31%) were conducted by the USSR/ Russia. To put this number in the proper perspective, during the same period 937 competitive national-level executive elections, or plausible targets for an electoral intervention, were conducted within independent countries.20 Accordingly, 11.3% of these elections, or about one of every nine competitive elections since the end of the Second World War, have been the targets of an electoral intervention.

With regards to tampering in the Israeli election, Tillis is probably referring to State Department support for an NGO that worked to oust Bibi Netanyahu.

Curiously, Tillis made no mention of his own state party’s rather spectacular tampering to suppress the votes of African Americans, though perhaps his local experience explains why he presents all this data about American hypocrisy on election tampering as a reality about elections rather than a cautionary tale to be avoided.

Still, even if he’s trying to whitewash Russia’s involvement to help Trump get elected, he does have a point: the US has done this to a lot of other countries.

As Chilean-American Ariel Dorfman put it in an op-ed last year, America’s own election-tampering doesn’t make Russia’s this year’s right, but it should elicit a determination that the US will never again do unto others what we have just had done to us.

The United States cannot in good faith decry what has been done to its decent citizens until it is ready to face what it did so often to the equally decent citizens of other nations. And it must firmly resolve never to engage in such imperious activities again.

If ever there was a time for America to look at itself in the mirror, if ever there was a time of reckoning and accountability, it is now.

By all means, let’s pursue Russia for its intervention in this year’s election. But let’s, at the same time, engage in some accountability for what the US has itself done.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

In His Last Words Before Senate Armed Services, Clapper Warns against Congressional “Micromanagement”

This morning, the Senate Armed Services Committee held a hearing today on foreign cyberthreats, which mostly (though not entirely) focused on the Russian hack of the DNC.

At the very end of the hearing, John McCain decided to let James Clapper — who will retire in 15 days (as he reminded several times during the hearing) — offer a few reflections on his service.

In response, Clapper acknowledged the important role Congress plays in overseeing the secret activities of the intelligence community. But he ended the statement by warning of the difference between “oversight” and “micromanagement.”

I was around in the intelligence community were first established and have watched them and experienced them ever since. Congress does have, clearly, a extremely important role to play when it comes to oversight of intelligence activities and unlike many other endeavors of the government, much of what we do — virtually all of what we do — is done in secrecy. So the Congress has a very important — a crucial responsibility — on behalf of the American people for overseeing what we do particularly in terms of legality and protection of civil liberties and privacy.

At risk of delving into a sensitive area though, I do think there is a difference between oversight and micromanagement.

This may well reflect his views. But at a time when Trump is threatening to rearrange the IC to retaliate against its reporting on the Russian DNC hack (not to mention for Clapper’s own firing of Trump National Security Advisor Michael Flynn), Clapper might have have been well-advised to avoid suggestion that Congress should not exercise its oversight role over Congress very vigorously.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Trump Raises the Axe over the Intelligence Community, Again

The Intelligence Community is finishing its report on the intelligence regarding Russia’s influence in our elections. The report is expected to be delivered to President Obama tomorrow and briefed to President Elect Trump on Friday.

That’s the context for — and surely at least part of the explanation for — this WSJ story reporting that Trump plans to reorganize the intelligence community.

[A]dvisers also are working on a plan to restructure the Central Intelligence Agency, cutting back on staffing at its Virginia headquarters and pushing more people out into field posts around the world. The CIA declined to comment on the plan.

“The view from the Trump team is the intelligence world [is] becoming completely politicized,” said the individual, who is close to the Trump transition operation. “They all need to be slimmed down. The focus will be on restructuring the agencies and how they interact.”

[snip]

The Office of the Director of National Intelligence was established in 2004 in large part to boost coordination between intelligence agencies following the Sept. 11, 2001 terror attacks.

Many Republicans have proposed cutting the ODNI before, but this has proven hard to do in part because its mission centers are focused on core national security issues, such as counterterrorism, nuclear proliferation, and counterintelligence.

“The management and integration that DNI focuses on allows agencies like the CIA to better hone in on its own important work,” said Rep. Adam Schiff (D., Calif.), the ranking Democrat on the House Intelligence Committee, who believes dismantling the ODNI could lead to national security problems.

Mr. Trump’s advisers say he has long been skeptical of the CIA’s accuracy, and the president-elect often mentions faulty intelligence in 2002 and 2003 concerning Iraq’s weapons programs. But he has focused his skepticism of the agencies squarely on their Russia assessments, which has jarred analysts who are accustomed to more cohesion with the White House.

The report repeats earlier reporting — in part from some of the same WSJ reporters — that Trump planned this briefing. Back then, in mid-November, Trump was merely disdainful of the IC and much of the reorganization appeared to be a mix of vengeance on the part of Mike Flynn and, frankly, some reasonable ideas (things like splitting NSA and reversing some of the questionable changes John Brennan made). At the center of it all was a plan to make Admiral Mike Rogers Director of National Intelligence.

The day after that reporting, however, outlets reported that Ash Carter and James Clapper had been planning to fire Rogers, partly because the NSA had remained a leaky sieve under his tenure and partly because he had delayed cyber-bombing ISIS (perhaps to preserve intelligence collection). And that’s before it became public that the NSA hadn’t adopted four security measures recommended after the Snowden leaks.

After that, of course, Democrats and the CIA started leaking that Russia hacked the DNC with the purpose of electing Trump, which gave Trump the entrée to suggest this discussion is all politicized, which has escalated to this week. Trump seems to have orchestrated the Sean Hannity interview at which Julian Assange said what he has long said — that he didn’t get the DNC files from Russia.

Reuters is now reporting that after the election the IC determined that third parties had gotten the files from Russian entities to Wikileaks, which means Assange likely has no idea where the files came from.

But the timing of this story, sourced significantly to the Trump camp, seems to be a warning to those who will brief Trump on Friday. While Clapper and Brennan are on their way out (the fate of Comey and Rogers is still undecided), they certainly will want to protect their agencies.

Which should make for an interesting briefing Friday.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Conspiracy Theory in YouGov’s Conspiracy Theory Poll

YouGov has a poll showing that “belief in conspiracy theories largely depends on political identity.” For example, it shows that Republicans believe Obama is Kenyan.

It focuses on several things it considers conspiracy theories tied to this election, including pizzagate, millions of alleged illegal votes, and claims about the Russian hack.

Interestingly, it shows that half of Clinton voters believe that Russia tampered with vote tallies to get Trump elected, in spite of the White House’s assurances that did not happen.

It’s the other tested question about Russian hacking that strikes me as more curious. 87% of Clinton voters believe Russia hacked Democratic emails “in order to help Donald Trump,” whereas only 20% of Trump voters believe that.

That’s about the result I’d expect. But to explain why this is a conspiracy theory, YouGov writes,

Similarly, even after the Central Intelligence Agency and the Federal Bureau of Investigation reported that Russia was responsible for the leaks of damaging information from the Democratic National Committee and the Clinton campaign and that the hacking was done to help Donald Trump win the Presidency, only one in five say that is definitely true, about the same percentage as believe it is definitely not true.

So YouGov bases this “truth” on a claim that the CIA and FBI “reported that Russia was responsible for the leaks … and that the hacking was done to help Donald Trump win the Presidency.”

Except there has been no such report, not from CIA and FBI, anyway.

There was an official report finding that,

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. … These thefts and disclosures are intended to interfere with the US election process.

That is, the official report stated that the hack was “intended to interfere with the US election process;” it did not say the hack was done to help Trump.

Moreover, while the report speaks for the entire IC (including the FBI), the report itself came from DHS and ODNI, not FBI or CIA.

It is absolutely true that anonymous leakers — at least some of whom appear to be Democratic Senate sources — claim that CIA said the hack happened to get Trump elected. It is also true that anonymous sources passed on the substance of a John Brennan letter that said in separate conversations with Jim Comey and James Clapper, each agreed with Brennan about the purpose of the hack, which WaPo edited its previous reporting to say included electing Trump as one of a number of purposes, but that’s a third-hand report about what Jim Comey believes.

But that was not an official report, not even from CIA. Here’s what John Brennan said when interviewed about this topic by NPR’s Mary Louise Kelly:

You mentioned the FBI director and the director of national intelligence. And NPR confirmed with three sources that after the three of you meeting last week, you sent a memo to your workforce and that the memo read: There is strong consensus among us on the scope, nature and intent of Russian interference in our presidential elections. Is that an accurate quote from your memo?

I certainly believe that, that there is strong consensus.

Was there ever not?

Well, sometimes in the media, there is claims, allegations, speculation about differences of view. Sometimes I think that just feeds concerns about, you know, the strength of that intelligence and …

And in this case it was reports of tension between FBI and CIA …

… and differences of view. And I want to make sure that our workforce is kept as fully informed as possible so that they understand that what we’re doing, we’re doing in close coordination with our partners in the intelligence community. And so I try to keep my workforce informed on a periodic basis. But aside from whatever message I might have sent out to the workforce, there is, I strongly believe, very strong consensus among the key players — but not just the leaders of these organizations, but also the institutions themselves. And that’s why we’re going through this review. We want to make sure that we scrub this data, scrub the information and make sure that the assessment and analysis is as strong and as grounded as it needs to be.

That quote I read you about the memo that you sent mentioned that there is agreement on scope, nature and intent of Russian interference. And intent is the one that’s been controversial recently, the question of motive. How confident are you in the intelligence on that? It seems like proving motive is an infinitely harder thing than proving that somebody did something. The “why” is tough.

I will not disagree with you that the why is tough. And that’s why there needs to be very careful consideration of what it is that we know, what it is that we have insight into and what our analysis needs to be. But even back in early October when Jim Clapper and Jeh Johnson put out this statement, it said “the intent to interfere in the election.” Now, there are different elements that could be addressed in terms of how it wanted to interfere. And so that’s why this review is being done to make sure that there is going to be a thorough look at the nature, scope and intent of what transpired.

What’s been reported is that the CIA has concluded the intent was to interfere with the election with the purpose of swinging at Donald Trump. Is that an accurate characterization?

That’s an accurate characterization of what’s been appearing in the media. Yes.

Is it an accurate characterization of where the CIA is on this?

Well, that’s what the review is going to do. And we will be as forward-leaning as the intelligence and analysis allows us to be, and we will make sure that, again, President Obama and the incoming administration understands what the intelligence community has assessed and determined to have happened during the run-up to this election.

Why not confirm that that’s where the CIA is on this? Why not confirm if you have the evidence that you believe is …

Because I don’t work for NPR, Mary Louise. I work for the president, I work for the administration, and it is my responsibility to give them the best information and judgment possible.

That is, the CIA Director specifically avoided stating what he or his agency believes the motive to be, deferring to the ongoing review of the evidence, something that Obama also did in his press conference earlier this month.

Q Mr. President, I want to talk about Vladimir Putin again. Just to be clear, do you believe Vladimir Putin himself authorized the hack? And do you believe he authorized that to help Donald Trump? And on the intelligence, one of the things Donald Trump cites is Saddam Hussein and the weapons of mass destruction, and that they were never found. Can you say, unequivocally, that this was not China, that this was not a 400-pound guy sitting on his bed, as Donald Trump says? And do these types of tweets and kinds of statements from Donald Trump embolden the Russians?

THE PRESIDENT: When the report comes out, before I leave office, that will have drawn together all the threads. And so I don’t want to step on their work ahead of time.

What I can tell you is that the intelligence that I have seen gives me great confidence in their assessment that the Russians carried out this hack.

None of that is to say that CIA and (perhaps to a lesser extent) FBI don’t think Russia hacked Democrats to help Trump, as one of several — probably evolving over the course of the election — reasons. CIA surely does (but then it has a big incentive to downplay the most obvious motivation, that Russia was retaliating for perceived and real CIA covert actions against it). FBI probably does.

But there has been no “report” that they believe that, just anonymous reports of reports. The official stance of the Executive Branch is that they’re conducting a review of the evidence on this point.

Perhaps if YouGov wants to test conspiracy theories, it should start by sticking to topics about which there aren’t a slew of anonymous leaks and counter-leaks contravened by public deferral?

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

As of August 29, 2016, Not All High Risk Users at NSA Had Two-Factor Authentication

For the last several weeks, all of DC has been wailing that Russia hacked the election, in part because John Podesta didn’t have two-factor authentication on his Gmail account.

So it should scare all of you shitless that, as of August 29, 2016, not all high risk users at NSA had 2FA.

That revelation comes 35 pages  into the 38 page HPSCI report on Edward Snowden. It describes how an IG Report finished on August 29 found that NSA still had not closed the Privileged Access-Related holes in the NSA’s network.

That’s not the only gaping hole: apparently even server racks in data centers were not secure.

And note that date: August 29? Congress would have heard about these glaring problems just two weeks after the first Shadow Brokers leak, and days after Hal Martin got arrested with terabytes of NSA data in his backyard shed.

I think I can understand why James Clapper and Ash Carter want to fire Mike Rogers.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

CYBERCOM versus NSA: On Fighting Isis or Spying on Them

I keep thinking back to this story, in which people in the immediate vicinity of Ash Carter and James Clapper told Ellen Nakashima that they had wanted to fire Admiral Mike Rogers, the dual hatted head of CyberCommand and NSA, in October. The sexy reason given for firing Rogers — one apparently driven by Clapper — is that NSA continued to leak critical documents after Rogers was brought in in the wake of the Snowden leaks.

But further down in the story, a description of why Carter wanted him fired appears. Carter’s angry because Rogers’ offensive hackers had not, up until around the period he recommended to Obama Rogers be fired, succeeded in sabotaging ISIS’ networks.

Rogers has not impressed Carter with his handling of U.S. Cyber Command’s cyberoffensive against the Islamic State. Over the past year or so, the command’s operations against the terrorist group’s networks in Syria and Iraq have not borne much fruit, officials said. In the past month, military hackers have been successful at disrupting some Islamic State networks, but it was the first time they had done that, the officials said.

Nakashima presents this in the context of the decision to split CYBERCOM from NSA and — click through to read that part further down in the piece — with Rogers’ decision to merge NSA’s Information Assurance Directorate (its defensive wing) with the offensive spying unit.

The expectation had been that Rogers would be replaced before the Nov. 8 election, but as part of an announcement about the change in leadership structure at the NSA and Cyber Command, a second administration official said.

“It was going to be part of a full package,” the official said. “The idea was not for any kind of public firing.” In any case, Rogers’s term at the NSA and Cyber Command is due to end in the spring, officials said.

The president would then appoint an acting NSA director, enabling his successor to nominate their own person. But a key lawmaker, Sen. John McCain (R-Ariz.), the chairman of the Senate Armed Services Committee, threatened to block any such nominee if the White House proceeded with the plan to split the leadership at the NSA and Cyber Command.

I was always in favor of splitting these entities — CYBERCOM, NSA, and IAD — into three, because I believed that was one of the only ways we’d get a robust defense. Until then, everything will be subordinated to offensive interests. But Nakashima’s article focuses on the other split, CYBERCOM and NSA, describing them as fundamentally different missions.

The rationale for splitting what is called the “dual-hat” arrangement is that the agencies’ missions are fundamentally different, that the nation’s cyberspies and military hackers should not be competing to use the same networks, and that the job of leading both organizations is too big for one person.

They are separate missions: CYBERCOM’s job is to sabotage things, NSA’s job is to collect information. That is made clear by the example that apparently irks Carter: CYBERCOM wasn’t sabotaging ISIS like he wanted.

It is not explicit here, but the suggestion is that CYBERCOM was not sabotaging ISIS because someone decided it was more important to collect information on it. That sounds like an innocent enough trade-off until you consider CIA’s prioritization for overthrowing Assad over eliminating ISIS, and its long willingness to overlook that its trained fighters were fighting with al Qaeda and sometimes even ISIS. Add in DOD’s abject failure at training their own rebels, such that the job reverted to CIA along with all the questionably loyalties in that agency.

There was a similar debate way back in 2010, when NSA and CIA and GCHQ were fighting about what to do with Inspire magazine: sabotage it (DOD’s preference, based on the understanding it might get people killed), tamper with it (GCHQ’s cupcake recipe), or use it to information gather (almost certainly with the help of NSA, tracking the metadata associated with the magazine). At the time, that was a relatively minor turf battle (though perhaps hinting at a bigger betrayed by DOD’s inability to kill Anwar al-Alwaki and CIA’s subsequent success as soon as it had built its own drone targeting base in Saudi Arabia).

This one, however, is bigger. Syria is a clusterfuck, and different people in different corners of the government have different priorities about whether Assad needs to go before we can get rid of ISIS. McCain is clearly on the side of ousting Assad, which may be another reason — beyond just turf battles — why he opposed the CYBERCOM/NSA split.

Add in the quickness with which Devin Nunes, Donald Trump transition team member, accused Nakashima’s sources of leaking classified information. The stuff about Rogers probably wasn’t classified (in any case, Carter and Clapper would have been the original classification authorities on that information). But the fact that we only just moved from collecting intelligence on ISIS to sabotaging them likely is.

CYBERCOM and NSA do have potentially conflicting missions. And it sounds like that was made abundantly clear as Rogers chose to prioritize intelligence gathering on ISIS over doing things that might help to kill them.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Trump Versus the [Dead-Ender] Spooks

The big news from yesterday — aside from the blizzard of Mike Pence at Hamilton stories that drowned out news of Trump’s $25 million settlement for defrauding a bunch of Trump University students — is that NSA Director Mike Rogers had a meeting.

As the WaPo reported, Rogers met with Trump on Thursday morning without telling his bosses — Secretary of Defense Ash Carter and Director of National Intelligence James Clapper.

In a move apparently unprecedented for a military officer, Rogers, without notifying superiors, traveled to New York to meet with Trump on Thursday at Trump Tower. That caused consternation at senior levels of the administration, according to the officials, who spoke on the condition of anonymity to discuss internal personnel matters.

Actually, that’s not the lead of the story. This is:

The heads of the Pentagon and the nation’s intelligence community have recommended to President Obama that the director of the National Security Agency, Adm. Michael S. Rogers, be removed.

Which suggests that, in retaliation for having a meeting without their approval, people close to Carter and Clapper decided to reveal that they had been planning on firing Rogers, but simply haven’t gotten around to it.

The reason for firing Rogers is more obscure.

Carter has concerns with Rogers’s performance, officials said. The driving force for Clapper, meanwhile, was the separation of leadership roles at the NSA and U.S. Cyber Command, and his stance that the NSA should be headed by a civilian.

[snip]

Rogers was charged with making sure another insider breach never happened again.

Instead, in the past year and a half, officials have discovered two major compromises of sensitive hacking tools by personnel working at the NSA’s premier hacking unit: the Tailored Access Operations. One involved a Booz Allen Hamilton contractor, Harold T. Martin III, who is accused of carrying out the largest theft of classified government material. Although some of his activity took place before Rogers arrived and at other agencies, some of it — including the breach of some of the most sensitive tools — continued on Rogers’s watch, the officials said.

[snip]

But there was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee, one official said. That individual also has been arrested, but his case has not been made public. The individual is not believed to have shared the material with another country, the official said.

Rogers was put on notice by his two bosses — Clapper and Carter — that he had to get control of internal security and improve his leadership style. There have been persistent complaints from NSA personnel that Rogers is aloof, frequently absent and does not listen to staff input.

The NYT version of this story makes it sound like Rogers was supposed to be relieved of duty when the CYBERCOM/NSA split was announced but that got delayed because John McCain complained.

But the WaPo’s sources piled on, blaming Rogers for the Martin theft that started even before his tenure, another still unrevealed one, and (later in the article) for another hack during his tenure as head of the Navy’s CyberCommand.

Which has Devin Nunes — ostensibly in his role as House Intelligence Chair, and not his role on Trump’s transition team — calling an immediate hearing (perhaps before Obama can fire Rogers?).

Ostensibly, this is a hearing scheduling meeting.

Accordingly, I will convene an open-session hearing at the earliest possible opportunity so the
Committee may understand the veracity of the Post article and fully understand the impact of the
proposed separation of NSA and USCYBERCOM on the IC. Please provide, no later than November
21, 2016, at 5:00pm, a list of dates and times you are available to appear before the Committee between
now and the end of December 2016.

Of course, usually such discussions take place between aides. But by including that language in his letter, Nunes invented an opportunity to issue an implicit threat — that something in the WaPo story (perhaps the detail that another person had been arrested for stealing TAO files) remained classified.

I am also concerned that the article may contain unauthorized disclosures of classified
information.

And to provide a vote of confidence for Rogers.

Since Admiral Rogers was appointed as NSA Director in April 2014, I have been consistently
impressed with his leadership and accomplishments. His professionalism, expertise, and deckplate
leadership have been remarkable during an extremely challenging period for NSA. I know other
members of Congress hold him in similarly high esteem.
Given the Committee’s constitutional responsibility to conduct oversight of the Intelligence
Community (IC), I am asking you to provide a full explanation of the allegations contained in the Post
article.

Nunes went on to demand briefing on the planned split (he is supposed to be on the opposite side as McCain, hoping for CYBERCOM to remain under DOD and the House Armed Service Committee, but NSA to become entirely a House Intelligence Committee issue, but I wonder whether Trump has something else entirely in mind).

Consider: A big part of this presidential campaign involved weekly leaks about an FBI investigation into a national security issue (Hillary’s potential mishandling of classified information). All through that, Nunes was at best silent, if not a willing participant. But here he is insinuating that the WaPo leak (presumably from two Original Classification Authorities) was improper?

And consider this detail: Trump has already picked Mike Flynn to be his National Security Adviser, whom Clapper and Mike Vickers got fired in 2014. The Thursday meeting between Rogers and Trump was reportedly a meeting about whether Rogers should become Director of National Intelligence. Yesterday, Trump interviewed General James Mattis to be Secretary of Defense; Obama fired Mattis from CENTCOM in 2013 for opposition to Obama’s Iran deal. There are also rumors that Trump is considering Stanley McChrystal for some role.

In other words, Trump seems to be going out of his way to select military officers who have a grudge against the Obama Administration (which goes along perfectly with his policy of hiring people like Jared Kushner and Jeff Sessions, white men who harbor grudges against some past perceived wrong).

But if Trump creates a NatSec team entirely of generals who’ve been fired for cause or dissent, what will that do for a Commander in Chief’s ability to assert civilian control by firing generals going forward? What kind of incentive will that give top officers to intervene in the political process?

Stay tuned.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Europe Gets Impatient for Yahoo Answers

As I’ve noted, James Clapper’s office has been irresponsibly silent about what kind of scan FBI asked Yahoo to subject all of its email users to in 2015. And those in Congress who haven’t been briefed on it are demanding information.

But they’re not the only ones. Europe is too (as Yahoo seemed all too aware when it wrote Clapper asking him to clarify the scan).

And they’ve got a bit more leverage over the Intelligence Community than non-intelligence committee members of Congress do, because the EU prohibits data collected in Europe from being used for mass surveillance.

Dutch MEP Sophia In t’Veld asked the European Commission questions but has thus far gotten no answer.

Yahoo has allegedly scanned customer emails for US intelligence purposes at the request of US intelligence agencies. According to reports, in 2015 Yahoo secretly built a custom software program allowing it to search all of its customers’ incoming emails for specific information requested by US intelligence officials. In the Schrems judgment, the Safe Harbour programme allowing EU personal data to be transferred to the US was declared invalid, among other reasons because of the mass surveillance protocols used by US intelligence services.

Will the Commission investigate these reports and ask clarification from the US administration?

Was the Commission aware of these alleged activities by Yahoo at the time it adopted the Privacy Shield decision? If not, do these revelations prompt the Commission to reconsider its decision on Privacy Shield?

Does the Commission consider Yahoo to have violated the terms of Safe Harbour, does the Commission consider that these practices would be allowed under Privacy Shield, and how will the Commission verify that violations in this regard do not take place?

And the Article 29 Working Party — the data protection authorities — last week asked Yahoo directly.

In addition, the WP29 was also informed that Yahoo has scanned customer emails for US
intelligence purposes at the request of US intelligence agencies. According to reports, in
2015 Yahoo searched all of its customers’ incoming emails for specific information
requested by US intelligence officials.

The reports are concerning to WP29 and it will be important to understand the legal
basis and justification for any such surveillance activity, including an explanation of how
this is compatible with EU law and protection for EU citizens.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Yahoo to Clapper: Global, Global, Beyond our Borders, Global

I joked when Yahoo first released its letter to James Clapper the other day, asking that he release details about the 2015 scan first revealed by Reuters. It has the tone of a young woman who is justifiably upset because, after sleeping with her, some jerk is pretending he doesn’t even know her.

But as it happens, I’m in Europe, trying to learn more about Privacy Shield and related issues. So I thought I would call attention to the emphasis Yahoo lawyer Ronald Bell (who was the guy who decided not to challenge this) puts on the international impact of Clapper’s decision, thus far, to remain silent.

As you know, Yahoo consistently campaigns for government transparency about national security requests and for the right to share the number and nature of the requests we receive from all governments. We apply a principled approach to handling government requests for user data, including in the national security context, articulated in our publicly-available Global Principles for Responding to Government Requests and regular transparency reports. Our company not only embraces its privacy and human rights responsibilities, we do so enthusiastically, passionately, and with a deep sense of global and moral responsibility. But transparency is not merely a Yahoo issue: Transparency underpins the ability of any company in the information and communications technology sector to earn and preserve the trust of its customers. Erosion of that trust online implicates the safety and security of people around the world and diminishes confidence and trust in U.S. businesses at home and beyond our borders.

Recent new stories have provoked broad speculation about Yahoo’s approach and about the activities and representations of the U.S. government, including those made by the Government in connection with negotiating Privacy Shield with the European Union. That speculation results in part from lack of transparency and because U.S. law significantly constrain–and severely punish–companies’ ability to speak for themselves about national security related orders even in ways that do not compromise U.S. government investigations.

We trust that the U.S. government recognizes the importance of clarifying the record in this case. On behalf of Yahoo and our global community of users, I respectfully request that the Office of the Director of National Intelligence expeditiously clarify this matter. [bold emphasis mine]

Folks here definitely followed the Yahoo story. Their understanding of what happened leads them to believe the scan violates European prohibitions on mass surveillance. Importantly, they’re not aware that this was done with an “individual” FISA order rather than under Section 702. As I’ve written, “individual” orders have been used for bulk scans since 2007, but in this case, an “individual” order would also mean that a judge had reviewed the scan and found it proportional, which would make a big difference here (at least to authorities; a number of other people are raring to challenge such judgements on whether it is an adequate court or not).

So yeah, by disclosing details of this scan, Yahoo may be in much better position vis a vis European authorities, if not consumers.

But there’s another reason why Clapper’s office — or rather ODNI General Counsel Bob Litt — may be so quiet.

Litt is the one who made many of the representations about US spying to authorities here. Someone — Litt, if he’s still around for a hearing that may take place under President Hillary — may also need to go testify under oath in an Irish court in conjunction with a lawsuit there. Whoever testifies will be asked about the kinds of surveillance implicating European users the government makes US companies do.

In other words, Bob Litt is the one who made certain representations to the European authorities. And now some of those same people are asking questions about how this scan complies with the terms Litt laid out.

Which makes his silence all the more instructive.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.