Posts

FBI’s Cell Phone Investigative Kiosk Would Allow Fourth Amendment Violations

/2 Comments/in /by

Jim Comey wants to sacrifice individual security to ensure the FBI can access cell phones easily.

But in an audit of a forensic lab in Philadelphia, DOJ’s Inspector General found that the FBI is not keeping adequate control of the kiosks that FBI uses to do initial reviews of data on cell phones.

As the report describes, cell phone kiosks serve as a “preview” tool of the contents of the data stored on a phone.

Cell Phone Investigative Kiosks (Kiosks) are available at select FBI field offices and RCFLs. A Kiosk is a preview tool that allows users to quickly and easily view data stored on a cell phone, extract the data to use as evidence, put it into a report, and copy the report to an electronic storage device such as a compact disk. Kiosks are not designed to take the place of full-scale cell phone examinations performed by certified Forensic Examiners; however, the evidence produced by a Kiosk is admissible in a court of law. Kiosk users are required to take a one-time hour-long training course and be familiar with computers. In addition, FBI policy requires Kiosk users to confirm they possess the proper legal authority for the search of data on cell phones or loose media.

The FBI only recently started tracking who had access to these kiosks. And when DOJ IG audited this office’s use of the kiosk, it found that 27% of the people who were accessing it hadn’t filled out the requisite paperwork to ensure only appropriate people used it.

We found that the PHRCFL did not have adequate controls over the access and use of its Kiosks. FBI policy requires Kiosk users to confirm they possess the proper legal authority for the search of data on cell phones or loose media. During our fieldwork, the FBI did not provide any information to show that PHRCFL Kiosk users were required to sign-in, identify the case related to the evidence being examined, or, as required by FBI policy, confirm that they possessed the proper legal authority to search for evidence on the cell phone. In addition, the FBI did not provide us with any information regarding controls in place at the PHRCFL to ensure that users do not use the Kiosks for non-law enforcement matters.

[snip]

we conducted limited testing of 25 visits during FYs 2012 through 2014 to verify compliance with the procedures in place. When the PHRCFL began using the Acknowledgment Form in May 2012, its visitor’s log contained a field for the purpose of each visitor’s visit. We selected names from the visitor’s log whose stated purpose for the visit was Kiosk usage and compared those names and dates to the corresponding Acknowledgment Forms. For the 17 visits we selected between May 2012 and January 2013, we found that approximately 24 percent of the PHRCFL Kiosk-related visitor log entries did not have corresponding Acknowledgment Forms.

[snip]

We believe that although the Kiosks are an efficient tool for law enforcement officers to use to examine digital evidence that may not require the extensive examination of a certified Forensic Examiner, Kiosks are vulnerable to potentially serious abuse. For example, without proper controls, it is possible that a Kiosk user could use this tool to view private cell phone information for non-law enforcement purposes. It also is possible for a user to use a Kiosk without proper legal authority, thereby engaging in a Fourth Amendment violation.

Later in the report, the IG noted that none of the centralized databases tracking other uses of the forensic office track use of the kiosk. That, combined with the paperwork failures, would sure permit FBI to do a whole lot of illegal cell phone searching that would not be tracked.

Which might explain why the numbers FBI shows for searching cell phones don’t actually match Director Comey’s stated concerns about iPhone encrypting its phone.

Section 215’s Multiple Programs and Where They Might Hide after June 1

/6 Comments/in , /by

In an column explicitly limited to the phone dragnet, Conor Friedersdorf pointed to a post I wrote about Section 215 generally and suggested I thought the phone dragnet was about to get hidden under a new authority.

Marcy Wheeler is suspicious that the Obama Administration is planning to continue the dragnet under different authorities.

But my post was about more that just the phone dragnet. It was about two things: First, the way that, rather than go “cold turkey” after it ended the Internet dragnet in 2011 as the AP had claimed, NSA had instead already started doing the same kind of collection using other authorities that — while they didn’t collect all US traffic — had more permissive rules for the tracking they were doing. That’s an instructive narrative for the phone dragnet amid discussions it might lapse, because it’s quite possible that the Intelligence Community will move to doing far less controlled tracking, albeit on fewer Americans, under a new approach.

In addition, I noted that there are already signs that the IC is doing what Keith Alexander said he could live with a year ago: ending the phone dragnet in exchange for cybersecurity information sharing. I raised that in light of increasing evidence that the majority of Section 215 orders are used for things related to cybersecurity (though possibly obtained by FBI, not NSA). If that’s correct, Alexander’s comment would make sense, because it would reflect that it is working cybersecurity investigations under protections — most notably, FISC-supervised minimization — all involved would rather get rid of.

Those two strands are important, taken together, for the debate about Section 215 expiration, because Section 215 is far more than the dragnet. And the singular focus of everyone — from the press to activists and definitely fostered by NatSec types leaking — on the phone dragnet as Section 215 sunset approaches makes it more likely the government will pull off some kind of shell game, moving the surveillances they care most about (that is, not the phone dragnet) under some new shell while using other authorities to accomplish what they need to sustain some kind of  phone contact and connection chaining.

So in an effort to bring more nuance to the debate about Section 215 sunset, here is my best guess — and it is a guess — about what they’re doing with Section 215 and what other authorities they might be able to use to do the same collection.

Here are the known numbers on how Section 215 orders break out based on annual reports and this timeline.

215 Tracker

The Phone Dragnet

Since its transfer under Section 215 in 2006, the phone dragnet has generally made up 4 or 5 orders a year (Reggie Walton imposed shorter renewal periods in 2009 as he was working through the problems in the program). 2009 is the one known year where many of the modified orders — which generally involve imposed minimization procedures — were phone dragnet orders.

We  know that the government believes that if Section 215 were to sunset, it would still have authority to do the dragnet. Indeed, it not only has a still-active Jack Goldsmith memo from 2004 saying it can do the dragnet without any law, it sort of waved it around just before the USA Freedom  Act debate last year as if to remind those paying attention that they didn’t necessarily think they needed USAF (in spite of comments from people like Bob Litt that they do need a new law to do what they’d like to do).

But that depends on telecoms being willing to turn over the dragnet data voluntarily. While we have every reason to believe AT&T does that, the government’s inability to obligate Verizon to turn over phone records in the form it wants them is probably part of the explanation for claims the current dragnet is not getting all the cell records of Americans.

A number of people — including, in part, Ron Wyden and other SSCI skeptics in a letter written last June — think the government could use FISA’s PRTT authority (which does not sunset) to replace Section 215, and while they certainly could get phone records using it, if they could use PRTT to get what it wants, they probably would have been doing so going back to 2006 (the difference in authority is that PRTT gets actual activity placed, whereas 215 can only get records maintained (and Verizon isn’t maintaining the records the government would like it to, and PRTT could not get 2 hops).

For calls based off a foreign RAS, the government could use PRISM to obtain the data, with the added benefit that using PRISM would include all the smart phone data — things like address books, video messaging, and location — that the government surely increasingly relies on. Using PRISM to collect Internet metadata is one of two ways the government replaced the PRTT Internet dragnet. The government couldn’t get 2 hops and couldn’t chain off of Americans, however.

I also suspect that telecoms’ embrace of supercookies may provide other options to get the smart phone data they’re probably increasingly interested in.

For data collected offshore, the government could use SPCMA, the other authority the government appears to have replaced the PRTT Internet dragnet with. We know that at least one of the location data programs NSA has tested out works with SPCMA, so that would offer the benefit of including location data in the dragnet. If cell phone location data is what has prevented the government from doing what they want to do with the existing phone dragnet, SPCMA’s ability to incorporate location would be a real plus for NSA, to the extent that this data is available (and cell phone likely has more offshore availability than land line).

The government could obtain individualized data using NSLs — and it continues to get not just “community of interest” (that is, at least one hop) from AT&T, but also 7 other things that go beyond ECPA that FBI doesn’t want us to know about. But using NSLs may suffer from a similar problem to the current dragnet, that providers only have to provide as much as ECPA requires. Thus, there, too, other providers are probably unwilling to provide as much data as AT&T.

Telecoms might be willing to provide data the government is currently getting under 215 under CISA and CISA collection won’t be tied in any way to ECPA definitions, though its application is a different topic, cybersecurity (plus leaks and IP theft) rather than terrorism. So one question I have is whether, because of the immunity and extended secrecy provisions of CISA, telecoms would be willing to stretch that?

Other Dragnets

In addition to the phone dragnet, FBI and other IC agencies seem to operate other dragnets under Section 215. It’s probably a decent guess that the 8-13 other 215 orders prior to 2009 were for such things. NYT and WSJ reported on a Western Union dragnet that would probably amount to 4-5 orders a year. Other items discussed involve hotel dragnets and explosives precursor dragnets, the latter of which would have been expanded after the 2009 Najibullah Zazi investigation. In other words, there might be up to 5 dragnets, each representing 4-5 orders a year (assuming they work on the same 90-day renewal cycle), so a total of around 22 of the roughly 175 orders a year that aren’t the phone dragnet (the higher numbers for 2006 are known to be combination orders both obtaining subscription data for PRTT orders and location data with a PRTT order; those uses stopped in part with the passage of PATRIOT reauthorization in 2006 and in part with FISC’s response to magistrate rulings on location data from that year).

Some of these dragnets could be obtained, in more limited fashion, with NSLs (NSLs currently require reporting on how many US persons are targeted, so we will know if they move larger dragnets to NSLs). Alternately, the FBI may be willing to do these under grand jury subpoenas or other orders, given the way they admitted they had done a Macy’s Frago Elite pressure cooker dragnet after the Boston Marathon attack. The three biggest restrictions on this usage would be timeliness (some NSLs might not be quick enough), the need to have a grand jury involved for some subpoenas, and data retention, but those are all probably manageable hurdles.

The Internet content

Finally, there is the Internet content — which we know makes up for a majority of Section 215 orders — that moved to that production from NSLs starting in 2009. It’s probably a conservative bet that over 100 of current dragnet orders are for this kind of content. And we know the modification numbers for 2009 through 2011 — and therefore, probably still — are tied to minimization procedure requirements imposed by the FISC.

A recent court document from a Nicholas Merrill lawsuit suggests this production likely includes URL and data flow requests. And the FBI has recently claimed –for what that’s worth — that they rely on Section 215 for cybersecurity investigations.

Now, for some reason, the government has always declined to revise ECPA to restore their ability to use NSLs to obtain this collection, which I suspect is because they don’t want the public to know how extensive the collection is (which is why they’re still gagging Merrill, 11 years after he got an NSL).

But the data here strongly suggests that going from NSL production to Section 215 production has not only involved more cumbersome application processes, but also added a minimization requirement.

And I guarantee you, FBI or NSA or whoever is doing this must hate that new requirement. Under NSLs, they could just horde data, as we know both love to do, the FBI even more so than the NSA. Under 215s, judges made them minimize it.

As I noted above, this is why I think Keith Alexander was willing to do a CISA for 215 swap. While CISA would require weak sauce Attorney General derived “privacy guidelines,” those would almost certainly be more lenient than what FISC orders, and wouldn’t come with a reporting requirement. Moreover, whereas at least for the phone dragnet, FISC has imposed very strict usage requirements (demanding that a counterterrorism dragnet be used only for counterterrorism purposes), CISA has unbelievably broad application once that data gets collected — not even requiring that terrorist usages be tied to international terrorism, which would seem to be a violation of the Keith Supreme Court precedent).

All of this is to suggest that for cybersecurity, IP theft, and leak investigations, CISA would offer FBI their ideal collection approach. It would certainly make sense that Alexander (or now, Admiral Mike Rogers and Jim Comey) would be willing to swap a phone dragnet they could largely achieve the same paltry results for using other authorities if they in exchange got to access cybersecurity data in a far, far more permissive way. That’d be a no-brainer.

There’s just one limitation on this formula, potentially a big one. CISA does not include any obligation. Providers may share data, but there is nothing in the bill to obligate them to do so. And to the extent that providers no longer provide this data under NSLs, it suggests they may have fought such permissive obligation in the past. It would seem that those same providers would be unwilling to share it willingly.

But my thoughts on CISA’s voluntary nature are for another post.

One final thought. If the government is contemplating some or all of this, then it represents an effort — one we saw in all versions of dragnet reform to greater (RuppRoge) or lesser degrees (USAF) — to bypass FISC. The government and its overseers clearly seem to think FISC-ordered minimization procedures are too restrictive, and so are increasingly (and have been, since 2009) attempting to replace the role played by an utterly dysfunctional secret court with one entirely within the Executive.

This is the reason why Section 215 sunset can’t be treated in a vacuum: because, to the extent that the government could do this in other authorities, it would largely involve bypassing what few restrictions exist on this spying. Sunsetting Section 215 would be great, but only if we could at the same time prevent the government from doing similar work with even fewer controls.

FBI’s Preventative Role: Hygiene for Corporations, Spies for Muslims

/7 Comments/in , , /by

I’m still deep in this 9/11 Follow-up Report FBI, which Jim Comey and now-retired Congressman Frank Wolf had done last year and which released the unsurprising topline conclusion that Jim Comey needs to have more power, released earlier this week.

About the only conclusion in the report that Comey disagreed with — per this Josh Gerstein report — is that it should get out of the business of Countering Violent Extremism.

Comey said he agreed with many of the report’s recommendations, but he challenged the proposal that the FBI leave counter-extremism work to other agencies.

“I respectfully disagree with the review commission,” the director said. “It should not be focused on messages about faith it should not be socially focused, but we have an expertise … I have these people who spend all day long thinking dark thoughts and doing research at Quantico, my Behavioral Analysis Unit. They have an incredibly important role to play in countering violent extremism.”

Here’s what the report had to say about FBI and CVE (note, this is a profoundly ahistorical take on the serial efforts to CVE, but that’s just one of many analytical problems with this report).

The FBI, like DHS, NCTC, and other agencies, has made an admirable effort to counter violent extremism (CVE) as mandated in the White House’s December 2011 strategy, Empowering Local Partners to Prevent Violent Extremism in the United States. In January 2012, the FBI established the Countering Violent Extremism Office (CVEO) under the National Security Branch.322 The CVEO was re-aligned in January 2013 to CTD’s Domestic Terrorism Operations Section, under the National JTTF, to better leverage the collaborative participation of the dozens of participating agencies in FBI’s CVE efforts.323 Yet, even within FBI, there is a misperception by some that CVE efforts are the same as FBI’s community outreach efforts. Many field offices remain unaware of the CVE resources available through the CVEO.324 Because the field offices have to own and integrate the CVE portfolio without the benefit of additional resources from FBI Headquarters, there is understandably inconsistent implementation. The Review Commission, through interviews and meetings, heard doubts expressed by FBI personnel and its partners regarding the FBI’s central role in the CVE program. The implementation had been inconsistent and confusing within the FBI, to outside partners, and to local communities.325 The CVEO’s current limited budget and fundamental law enforcement and intelligence responsibilities do not make it an appropriate vehicle for the social and prevention role in the CVE mission. Such initiatives are best undertaken by other government agencies. The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

[snip]

(U) Recommendation 6: The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

For what it’s worth, Muslim communities increasingly agree that the FBI — and the federal government generally — should not be in the business of CVE. But that’s largely because the government approaches it with the same view Comey does: by thinking immediately of his analysts thinking dark thoughts at Quantico. So if some agency that had credibility — if some agency had credibility — at diverting youth (of all faiths) who might otherwise get caught in an FBI sting, I could support it moving someplace else, but I’m skeptical DHS or any other existing federal agency is that agency right now.

While the Review doesn’t say explicitly in this section what it wants the FBI to be doing instead of CVE, elsewhere it emphasizes that it wants the FBI to do more racial profiling (AKA “domain awareness”) and run more informants. Thus, I think it fair to argue that the Ed Meese-led panel thinks the FBI should spy on Muslims, not reach out to them. Occupation-style federal intelligence gathering, not community based.

Which is why I think this approach to Muslim communities should be compared directly with the Review’s approach with corporations. The same report that says FBI should not be in the business of CVE — which done properly is outreach to at-risk communities — says that it should accelerate and increase its funding for its outreach to the private sector.

(U) Recommendation 5: The Review Commission recommends that the FBI enhance and accelerate its outreach to the private sector.

  • (U) The FBI should work with Congress to develop legislation that facilitates private companies’ communication and collaboration and work with the US Government in countering cyber threats.
  • (U) The FBI should play a prominent role in coordinating with the private sector, which the Review Commission believes will require a full-time position for a qualified special agent in the relevant field offices, as well as existing oversight at Headquarters.

Indeed, in a paragraph explaining why the FBI should add more private sector liaisons (and give them the same credit they’d get if they recruited corporations as narcs, only corporations shouldn’t be called “sources” because it would carry the stigma of being a narc), the Review approvingly describes the FBI liaison officers working with corporations to promote better Internet hygiene.

The Review Commission learned that the FBI liaison positions have traditionally been undervalued but that has begun to change as more experienced special agents take on the role, although this has not yet resulted in adequate numbers of assigned special agents or adequate training for those in the position. One field office noted that it had 400 cleared defense contractors (CDCs) in its AOR—ranging from large well known names to far smaller enterprises—with only one liaison officer handling hundreds of CDCs. This field office emphasized the critical need for more liaison officers to conduct outreach to these companies to promote better internet hygiene, reduce the number of breaches, and promote long-term cooperation with the FBI.319 Another field office noted, however, some sensitivity in these liaison relationships because labeling private sector contacts as sources could create a stigma. The field office argued that liaison contacts should be considered valuable and special agents should receive credit for the quality of liaison relationships the same way they do for CHSs.320

Ed Meese’s panel wants the FBI to do the digital equivalent of teaching corporations to blow their nose and wash their hands after peeing, but it doesn’t think the FBI should spend time reaching out to Muslim communities but should instead spy on them via paid informants.

Maybe there are good reasons for the panel’s disparate recommended treatment of corporations and Muslim communities. If so, the Review doesn’t explain it anywhere (though the approach is solidly in line with the Intelligence Committees’ rush to give corporations immunity to cyber share information with the federal government).

But it does seem worth noting that this panel has advocated the nanny state for one stakeholder and STASI state for another.

The Unopened Torture Report and Trusting CIA on Other Covert Operations

/8 Comments/in , , /by

Yesterday, Pat Leahy issued a Sunshine Week statement criticizing Richard Burr for attempting to reclaim all copies of the Torture Report, but also complaining that State and DOJ haven’t opened their copy of the Torture Report.

I also was appalled to learn that several of the agencies that received the full report in December have not yet opened it.  In a Freedom of Information Act (FOIA) lawsuit seeking release of the full report, Justice Department and State Department officials submitted declarations stating that their copies remain locked away in unopened, sealed envelopes.  I do not know if this was done to attempt to bolster the government’s position in the FOIA lawsuit, or to otherwise avoid Federal records laws.  I certainly hope not.  Regardless of the motivation, it was a mistake and needs to be rectified.

The executive summary of the torture report makes clear that both the State Department and the Justice Department have much to learn from the history of the CIA’s torture program.  Both agencies were misled by the CIA about the program.  Both should consider systemic changes in how they deal with covert actions.  Yet neither agency has bothered to open the final, full version of the report, or apparently even those sections most relevant to them.

Today, Ron Wyden issued a Sunshine Week release linking back to a February 3 letter Eric Holder is still ignoring.  The letter — which I wrote about here — addresses 4 things: 1) the unclear limits on the President’s ability to kill Americans outside of war zones 2) the common commercial service agreement OLC opinion that should be withdrawn 3) some action the Executive took that Wyden and Russ Feingold wrote Holder and Hillary about in late 2010 and 4) DOJ’s failure to even open the Torture Report. Wyden’s statement, lumps all these under “secret law.”

U.S. Senator Ron Wyden, D-Ore., renewed his call for Attorney General Eric Holder to answer crucial questions on everything from when the government believes it has the right to kill an American to secret interpretations of law. The Justice Department has ignored these questions or declined to answer them, in some cases for years.

[snip]

“It is never acceptable to keep the basic interpretations of U.S. law secret from the American people. It doesn’t make our country safer, and erodes the public’s confidence in the government and intelligence agencies in particular,” Wyden said. “While it is appropriate to keep sources, methods and operations secret, the law should never be a mystery. Sunshine Week is the perfect time for the Justice Department to pull back the curtains and let the light in on how our government interprets the law.”

This may be secret law.

But I find it interesting that both Wyden’s letter and Leahy’s statement tie covert operations to the lessons from the Torture Report.

There are many reasons DOJ (and FBI) are probably refusing to open the Torture Report. The most obvious — the one everyone is pointing to — is that by not opening it, these Agencies keep it safe from the snooping FOIAs of the ACLU and Jason Leopold.

But the other reason DOJ and FBI might want to keep this report sealed is what it says about the reliability of the CIA.

The CIA lied repeatedly to DOJ, FBI, and FBI Director Jim Comey (when he was Deputy Attorney General) specifically. Specifically, they lied to protect the conduct of what was structured as a covert operation, CIA breaking the law at the behest of the President.

Of course, both DOJ generally and FBI specifically continue to partner with CIA as if nothing has gone on, as if the spooks retain the credibility they had back in 2001, as if they should retain that credibility. (I’m particularly interested in the way FBI participated in the killing of Anwar al-Awlaki, perhaps relying on CIA’s claims there, too, but it goes well beyond that.)

That’s understandable, to a point. If DOJ and the FBI are going to continue pursuing (especially) terrorists with CIA, they need to be able to trust them, to trust they’re not being lied to about, potentially, everything.

Except that ignores the lesson of the Torture Report, which is that CIA will lie about anything to get DOJ to rubber stamp criminal behavior.

No wonder DOJ and FBI aren’t opening that report.

Jim Comey’s Consistent Dodges on Torture

/4 Comments/in /by

On March 12 of this year, Dianne Feinstein plaintively asked Jim Comey to read the full SSCI Torture Report. Before giving a really lame answer about how FBI doesn’t torture to excuse why he (and his staffers) hadn’t read, perhaps even opened, the report, he asserted he had read the Executive Summary. “You asked me to do it during my confirmation hearing, I kept that promise and read it.”

Particularly given what we now know — specifically, that Comey concurred in an opinion retroactively authorizing the torture of Janat Gul, whom the Torture Report shows was tortured largely to get torture approved again — that led me to review precisely what transpired between Comey and Feinstein during his 2013 confirmation process. Granted, the report was not yet public, so no one could ask Comey directly whether he knew that’s what CIA was scheming — to torture Janat Gul largely to get torture approved again — at least not publicly.

But what kind of commitment did they get?

First of all, at least in the public hearing, Comey did not promise to fulfill Feinstein’s request. Moreover, she requested that he do more than read the Summary — she said he should read all 6,000 pages, emphasizing the importance of the case studies (which would show far more specifics about what was done to Janat Gul than the Summary does).

I’d like to ask you to personally review our report. It’s a big deal to review it — it’s 6,000  pages. But I think it’s very important. You have that background. And I think it’s important to read the actual case studies.

During his turn, after pointing to how shoddy the memo Comey did concur in was, Sheldon Whitehouse reiterated Feinstein’s request that Comey read the entire report, noting that the specific details of the torture cases showed how much CIA lied about what went on. (It’s not clear whether the details surrounding the Janat Gul case would have been clear before Whitehouse left SSCI, so it’s not clear whether he knew those specific details — the ones most pertinent to Comey’s role on concurring in torture — during this hearing.)

In any case, after recommending he read the full report, Feinstein then went on to the memo Comey did concur in, asking him to explain why he had said in an email that the Principals were “unaware” or “willfully blind” when they reapproved torture.

Feinstein: You described telling Attorney General Gonzales that CIA interrogation techniques were, quote, simply awful, end quote. That quote, there needed to be a detailed factual discussion, end quote of how they were used before approving them and that, quote, it simply could not be that the Principals would be willfully blind.

Here’s the question: Why did you believe that there was a danger that the Principals on the National Security Council were unaware, or willfully blind to the details of the CIA program?

Comey: Thank you Senator. Because I heard … I heard no one asking that third critical question. As you recall I said [in response to a Pat Leahy question] I think there are 3 critical questions with any counterterrorism technique, but especially with the interrogations. Is it effective — something the CIA was talking about. Is it legal under the — Title 18 Section 2340, the legal question. And then this last question, is this what we should be doing. And instead, I heard nothing, and in fact it was reported to me that the White House’s view was only the first two questions matter. If the CIA says it works and DOJ will issue a legal opinion that it doesn’t violate the statute, that’s the end of the inquiry. And, as you said, Senator, I thought that was simply unacceptable.

The answer is interesting given that — earlier in the hearing — he had confirmed (or at least claimed) to Pat Leahy what I believed to be true, that he was out of the loop on the Article 16 CAT memo. I’ve believed that because on May 31, 2005, Comey was still trying (futilely) to influence the Principals through Alberto Gonzales, while still framing the discussion in terms of the earlier May 10 memo, not the May 30 one that got finalized the day before.

He also seemed unaware in his email that (as reported by the Torture Report) CIA had started torturing Abu Faraj al-Libi 3 days earlier, based on the May 10 memos and anticipating the May 30 one.

But he should have known — because he was in the loop on some discussions going back to the previous summer — that CIA felt it needed a memo addressing whether torture complied with the Constitution and therefore the Convention on Torture. Indeed, that’s what CIA had demanded in a July 29, 2003 hearing Comey attended part of; is he now claiming (which would be possible but notable) that they only addressed that demand after he and Bellinger left the meeting? That claim, given Comey’s emphasis on 18 USC 2340 rather than legal questions more generally, is rather curious.

In any case, Comey’s answer last week now appears all the more lame, given that Feinstein had in fact asked him to read the full report, not just the summary.

In any case, having gotten Comey to agree during his confirmation hearing to the notion that there are things the US shouldn’t do, even if they’re legal, Feinstein took this principle, and tried to get Comey to apply it to force feeding at Gitmo.

Feinstein: You have looked at the Combination of EITs, the manner in which they are administered, and you have come to the conclusion that they form torture. These are people, now, 86 of them, who are no threat to this country. They’ve been cleared for transfer, many of whom are being force fed to keep them alive. In my view, this is inhumane, and I am very curious what you would say about this.

Comey refused to do so, at first making the same argument he is now: force-feeding at Gitmo is not part of the FBI’s job, then pleading ignorance about the practice (and, seemingly, protecting the use of force-feeding in an area where it’d be more pertinent to FBI use, especially given its use to get informants on gangs in California’s Pelican Bay, in US prisons).

Comey: If I were FBI Director, I don’t think it’s an area that would be within my job scope. But I don’t know more about what you’re describing than what you’re describ–

Feinstein: Well, let me just say it’s within all of our job scopes to care about how the United States of America acts.

Comey: I agree very much with that Senator. And I do also know that there are times in the Bureau of Prisons when the Federal authorities have had to force feed someone who’s refusing to eat and they try to do it in the least invasive way. What you’re describing I frankly wouldn’t want done to me but I don’t know the circumstances well enough to offer an opinion. I don’t think it would be worth much at this point.

Ultimately, though, Comey didn’t really fulfill his standard of reviewing to make sure counterterrorism techniques are effective and legal as well as reasonable. But that’s not surprising, because he didn’t exercise that standard in defending the phone dragnet either.

That’s not the end of the public exchange between Feinstein and Comey during his confirmation process, however. She asked him one more question on torture while invoking the report in her Questions for the Record.

In December 2012 the Senate Intelligence Committee adopted a bipartisan 6,300-page Study of the CIA’s former detention and interrogation program. The review is by far the most comprehensive intelligence oversight activity ever conducted by the Committee. The Study— which builds a factual record based on more than 6 million pages of intelligence community records—uncovers startling new details about the management, operation, and representations made to the Department of Justice, Congress, and the White House. I believe the Study will provide an important lessons learned opportunity for Congress, the executive branch, and the American people. You have testified that you raised objections about the CIA interrogation program with Attorney General Gonzales in May 2005 before departing the Department of Justice. In one of your emails that was made public in 2009, you described telling the Attorney General that the CIA interrogation techniques were “simply awful,” that “there needed to be a detailed factual discussion” of how they were used before approving them, and that “it simply could not be that the Principles would be willfully blind.” In your confirmation hearing you expressed frustration that there was not a wider policy discussion on this matter, which you believed—rightfully so—was of great importance and contrary to our values and ideals as a nation.

Should you be confirmed, how will your experience raising concerns about CIA’s so-called “Enhanced Interrogation Techniques” behind closed doors influence your approach and leadership at the Federal Bureau of Investigation, your interactions with Congress, and your communications with the American people?

RESPONSE: My experience as Deputy Attorney General reinforced my long-standing view about the importance of fostering a culture of transparency, which I will bring to the FBI if I am confirmed as its new Director. I believe, as I did when I served as Deputy Attorney General, that if there are questions about whether proposed conduct is appropriate—consistent with our values —we should seek a vigorous debate about that conduct before going forward. In those circumstances, I am prepared to detail my concerns and reasoning to the relevant stakeholders, as I have done in the past. If confirmed, I intend to foster a culture at the Bureau that encourages subordinates to provide their candid advice to me and transparency with Congress and the American people, consistent with the Bureau’s law enforcement and national security responsibilities, and long-standing Executive Branch confidentiality interests.

Comey’s tribute to transparency is pretty absurd, given that under him his Agency has stalled on IG reports and redacted things from Congress that were shared in the previous IG Report.

But it’s also a throwaway question. I think Feinstein wanted Comey to reveal that he would share things he discovered with Congress. Given his nod to “Executive Branch confidentiality interests,” there’s no reason to believe he would.

Still, this question was even further away from the question of, “did you know, when you concurred in torture you now claim to recognize as torture, that the victim was someone tortured in part because CIA didn’t vet a fabricator (again) and in part because CIA was so anxious to win torture approval’?

It still doesn’t ask the question Comey should now be asked: when you concurred in retroactively authorizing the torture of Janat Gul, did you know CIA had been lying about him for the better part of a year? Did you know you were concurring in the torture of a man largely torture for legal cover?

I asked both Senator Feinstein’s office and the FBI whether any more specific question got asked in classified fashion but I got a No Comment and a non-answer.

My guess is that Feinstein didn’t come to a realistic understanding of just how cynical the CIA is and was until they started spying on her earlier this year, and so didn’t ask the questions during confirmation that might have made Comey’s willingness to — again — play useful idiot to the CIA’s crimes (including in investigating their spying on Congress).

But it deserves to be noted, even then, Comey was claiming that it is not the FBI Director to investigate the crimes committed by agents of the government.

 

CIA Headquarters Ordered Janat Gul’s Torture to Keep Going for an OLC Approval

/4 Comments/in /by

I’m working on a longer post on how the torture of Hassan Ghul and Janat Gul relate to the three May 2005 OLC memos, which — as Mark Udall has pointed out — were based on a series of lies from CIA.

But for the moment, I want to point to a narrower point.

As I have explained, CIA got the White House and DOJ to approve the resumption of torture in 2004 by claiming that Janat Gul had information on a pre-election threat. By October 2004, CIA confirmed that claim was based on a fabrication by a CIA source.

But even before CIA’s source admitted to fabricating that claim, on August 19, 2004, CIA’s torturers had come to the conclusion that Gul didn’t have any information on an imminent threat. The “team does not believe [Gul] is withholding imminent threat information,” they wrote in a cable that day. Two days later, folks at CIA headquarters wrote back and told the torturers to keep torturing. The cable “stated that Janat Gul ‘is believed’ to possess threat information, and that the ‘use of enhanced techniques is appropriate in order to obtain that information.'”

So, as had happened in the past, the torturers had decided the detainee had given up all the information he had, but HQ ordered them to keep torturing.

But that’s not all HQ did.

As I sort of lay out here (and will lay out at more length in my new post), we know from the May 30, 2005 CAT memo that several of the August 2004 OLC letters authorizing torture pertained to Janat Gul. At a minimum, that includes a request in response to which John Ashcroft authorized the use of most torture techniques approved in 2002 on July 22, 2004, and a series of requests in response to which Daniel Levin authorized the use of the remaining technique — the waterboard — on August 6, 2004.

And an August 25, 2004 letter in response to which Daniel Levin authorized four new techniques: dietary manipulation, nudity, water dousing, and abdominal slaps. [Update: The May 10, 2005 Techniques memo — which Comey described as “ready to go out and I concurred” in an April 27, 2005 email — served to retroactively approve all these memos and Gul’s treatment.]

That August 25, 2004 letter had to have made the claim (because Levin repeated the judgment in his letter) — 6 days after the torturers had told HQ Gul was not withholding any imminent threat information and 4 days after HQ had said, no, Gul “is believed” to have threat information — that Gul “is believed to possess information concerning an imminent terrorist threat to the United States.”

That is, CIA’s HQ made the torturers resume torturing a guy who had already asked to be killed so as to sustain the claim he had imminent threat information so as to be able to get OLC to cough up another memo.

Significantly, there’s no indication all of those four new techniques — or waterboarding — were ever used on Gul. Indeed, here’s what the torture report describes in its last description of the specific torture used on Gul.

On August 25, 2004, CIA interrogators sent a cable to CIA Headquarters stating that Janat Gul “may not possess all that [the CIA] believes him to know.”824 The interrogators added that “many issues linking [Gul] to al-Qaida are derived from single source reporting” (the CIA source).825 Nonetheless, CIA interrogators continued to question Gul on the pre-election threat. According to an August 26, 2004, cable, after a 47-hour session of standing sleep deprivation, Janat Gul was returned to his cell, allowed to remove his diaper, given a towel and a meal, and permitted to sleep.826

They got their memo, authorizing techniques that had been used without any official authorization from OLC on detainees in the years before (including on Gul Rahman before he died). And then they finally let the suicidal Janat Gul sleep.

And only months later did they get around to checking (perhaps using a polygraph?) whether their original source had been bullshitting them, as at least one CIA officer had surmised back in March.

I reported in December that they used Gul and the threat of an election year threat to get OLC to reauthorize torture generally. But this sequence makes it clear that they continued to torture Gul, all in the name of getting OLC to approve torture techniques they had already used without approval, even after the torturers were convinced he was not withholding any information.

No wonder Jim Comey doesn’t want to read any more details about Gul’s torture, which he retroactively signed off on.

Jim Comey’s Learned Helplessness about the Torture Report

/11 Comments/in /by

Screen Shot 2015-03-12 at 12.26.13 PM

Dianne Feinstein used the Federal Law Enforcement Appropriations hearing as an opportunity to implore Jim Comey to read the Torture Report.

I’m surprised neither by her request nor by her plaintive manner, given how most Federal Agencies have simply blown off the Report. But I am interested in the content of the exchange (my transcription).

Feinstein: One of my disappointments was to learn that the six year report of the Senate Intelligence Committee on Detention and Interrogation Program sat in a locker and no one looked at it. And let me tell you why I’m disappointed. The report — the 6,000 pages and the 38,000 footnotes — which has been compiled contains numerous examples of a learning experience, of cases, of interrogation, of where the Department could learn — perhaps — some new things from past mistakes. And the fact that it hasn’t been opened — at least that’s what’s been reported to me — is really a great disservice. It’s classified. It’s meant for the appropriate Department. You’re certainly one of them. I’d like to ask if you open that report and designate certain people to read it and maybe even have a discussion, how things might be improved by suggestions in the report.

Comey: And I will do that Senator. As you know, I have read the [makes a finger gesture showing how thick it was] Executive Summary. You asked me to do it during my confirmation hearing, I kept that promise and read it. There’s a small number of people at the FBI — as I understand it — who have read the entire thing. But what we have not done — and I think it’s a very good question, is have we thought about whether there are lessons learned for us? There’s a tendency for me to think “we don’t engage in interrogation like that, so what’s there to learn?”

Feinstein: You did. And Bob Mueller pulled your people out, which is a great tribute to him.

Comey: Yeah. So the answer is yes, I will think about it better and I will think about where we are in terms of looking at the entire thing. I don’t know enough about where the document sits at this point in time and you mentioned a lock box, I don’t know that well enough to comment on it at this point.

Feinstein and Comey appear to have differing understandings of whether anyone at FBI has actually read the report, with Comey believing someone has read it — and professing ignorance about a “lockbox” — and Feinstein referring to a report that no one has read it, a belief that may come in part from the responses the government is making to FOIA requests. Is FBI lying about whether anyone has opened this in its FOIA responses?

But I’m also interested both that Comey hasn’t read further and that he hasn’t considered whether FBI might have anything to learn from it.

Tellingly, Comey suggests FBI would have nothing to learn because “we don’t engage in interrogation like that, so what’s there to learn.” But as Feinstein corrects, FBI did engage in “interrogation like that,” but then Bob Mueller withdrew his interrogators. Remember that Ali Soufan was present at the Thai black site for Abu Zubaydah’s first extreme sleep deprivation and long enough to see the torturers bring out a coffin-like box. His partner, Steve Gaudin, stayed even longer. That stuff doesn’t appear in the summary (the report’s silence on this earlier phase of Abu Zubaydah’s torture is one of CIA’s legitimate complaints). Moreover, there are moments later in the torture program when one or another FBI Agent (including Soufan) were present for other detainees’ interrogation, particularly for isolation. Comey wanted to suggest FBI was never involved in torture, but Feinstein reminded him they were.

Still, Feinstein seems to believe that Mueller withdrew Agents out of some kind of squeamishness. I think the record (especially from FBI Agents in Iraq who declined to write certain things down) suggests, instead, that Mueller withdrew his Agents to ensure that the FBI would never be witness to crimes committed against detainees which might force them to investigate those crimes. Indeed, it seems that in summer 2002 — at a time when US Attorney Jim Comey was relying on Abu Zubaydah’s statements to detain Jose Padilla — DOJ found a way to bracket the treatment that had already occurred and remain mostly ignorant of that which would occur over the next several years. Feinstein should know that but seems not to; Comey almost certainly does.

Which makes Comey’s explanation all the more nonsensical. There’s stuff like the anal rape, even in the Executive Summary, that probably wasn’t investigated (though the statute of limitations probably has expired on it). There’s probably far, far more evidence of crimes that have never been investigated in the full report. And yet … the premier law enforcement agency may or may not have taken the report out of storage in a lock box?

Consider me unconvinced.

Besides, Comey’s claim that “we don’t engage in interrogation like that” ignores that FBI is supposed to be the lead agency in the High Value Interrogation Group, about which there have been numerous hints that things like food and sleep deprivation have been used. His explanation that “we don’t engage in interrogation like that,” is all the more curious given FBI’s announcement earlier this week that the guy in charge of one HIG section just got assigned to lead the Dallas Division.

Director James B. Comey has named Thomas M. Class, Sr. special agent in charge of the FBI’s Dallas Division. Mr. Class most recently served as section chief of the High Value Detainee Interrogation Group in the National Security Branch (NSB) at FBI Headquarters (FBIHQ). In this position, he led an FBI-lead interagency group that deploys worldwide the nation’s best interrogation resources against significant counterterrorism targets in custody.

Who’s in charge of HIG, then? And is it engaging in isolation?

Finally, I am specifically intrigued by Comey’s apparent lack of curiosity about the full report because of his actions in 2005.

As these posts lay out (one, two), Comey was involved in the drafting of 2 new OLC memos in May 2005 (though he may have been ignorant about the third). The lies CIA told OLC in 2004 and then told OLC again in 2005 covering the same torture were among the worst, according to Mark Udall. Comey even tried to hold up the memo long enough to do fact gathering that would allow them to tie the Combined memo more closely to the detainee whose treatment the memo was apparently supposed to retroactively reauthorize. But Alberto Gonzales’ Chief of Staff Ted Ullyot told him that would not be possible.

Pat [Philbin] explained to me (as he had to [Steven Bradbury and Ted Ullyot]) that we couldn’t make the change I thought necessary by Friday [April 29]. I told him to go back to them and reiterate that fact and the fact that I would oppose any opinion that was not significantly reshaped (which would involve fact gathering that we could not complete by Friday).

[snip]

[Ullyot] mentioned at one point that OLC didn’t feel like it would accede to my request to make the opinion focused on one person because they don’t give retrospective advice. I said I understood that, but that the treatment of that person had been the subject of oral advice, which OLC would simply be confirming in writing, something they do quite often.

At the end, he said that he just wanted me to know that it appeared the second opinion would go [Friday] and that he wanted to make sure I knew that and wanted to confirm that I felt I had been heard.

Presuming that memo really was meant to codify the oral authorization DOJ had given CIA (which might pertain to Hassan Ghul or another detainee tortured in 2004), then further details of the detainee’s torture would be available in the full report. Wouldn’t Comey be interested in those details now?

But then, so would details of Janat Gul’s torture, whose torture was retroactively authorized in an OLC memo Comey himself bought off on. Maybe Comey has good reason not to want to know what else is in the report.

The Privileges Waging a “War” on Terror Thereby Accords AQAP

/15 Comments/in /by


“Hey, William Shirer? It’s J. Edgar here. I think you’re disgusting for reporting from Nazi Germany.”

Actually, I have no idea what J. Edgar Hoover thought of William Shirer’s reporting from Nazi Germany. I don’t even know whether Hoover ever spoke to Shirer. But I’m trying to imagine what it would feel like for the FBI Director to publicly call out one of the most invaluable journalists — and after that, historians — during World War II and tell him his work was disgusting.

It’s an image conjured up by this Jack Goldsmith response to my earlier post on Jim Comey’s suggestion that the NYT was “disgusting” for giving an AQAP member anonymity to clarify which Parisian terrorists they have ties with and with they do not.

Marcy Wheeler implies that Comey here “bullies” the NYT.   No, he criticized it and “urge[d]” it to “reconsider.”  He made no threat whatsoever, and he had no basis to make one.  That is not bullying.   Wheeler is on stronger ground in pointing out that the USG speaks to the press through anonymous sources all the time, including in its claims about civilian casualties in drone strikes.  I don’t like press reliance on anonymous sources.  But I also don’t think that the U.S. government and its enemy in war, AQAP, are on the same footing, or should be treated the same way in NYT news coverage.  (Imagine if the NYT said: “A source in the child exploitation ring told the New York Times on condition of anonymity that his group was responsible for three of the child kidnappings but had nothing to with the fourth.”)  The NYT appears to think they are on the same footing and should be treated the same when it comes to anonymous sources.  Comey disagrees, and there is nothing wrong with him saying so publicly.  The press is immune from many things, but not from criticism, including by the government.

For what it’s worth, I actually can imagine it might be incredibly important for a newspaper to give criminals anonymity to say something like this, particularly if the newspaper could vet it. It might well save lives by alerting cops they were looking for two child exploitation rings, not one. As with the NYT quote, which alerts authorities that the threat is a lot more nebulous than declaring it AQAP might make it seem.

Yet Goldsmith is involved in a category error by comparing AQAP to a gang. Sure, they are thuggish and gang-like (albeit less powerful than some Mexican cartels).

But the US does not consider them a gang. It considers them, legally, an adversary in war (just ask Anwar al-Awlaki, who was killed based on such an assertion). And there is a very long and noble history of journalists reporting from both sides in time of war, through whatever means (though as with Shirer, the journalists ultimately need to judge whether they’re still able to do independent reporting). Indeed, having journalists who could make some claim to neutrality has been fundamentally important to get closer to real understanding. More recently, Peter Bergen’s reporting — including his secure meeting with Osama bin Laden — was crucially important to US understanding after 9/11, when few knew anything about bin Laden.

And the logic behind giving an AQAP source anonymity — and secure communications — is particularly powerful given that the US shows no respect for journalists’ (or human rights workers’ or lawyers’) communications in its spying. Nor does it consider anyone “in” a terrorist group, whether they be propagandists, cooks, or drivers, illegitimate for targeting purposes. Thus, any non-secure communication can easily lead immediately to drone killing. But killing this one guy talking to NYT, however much that might make Jim Comey feel good, is not going to solve the problem of Muslims in the west choosing to declare allegiance to one or another Islamic extremist group before they go on a killing spree. Hell, if some of the claims floating around are correct, killing Awlaki hasn’t even diminished his ability to inspire murder.

In the case of Yemen (or Pakistan, or Somalia, or Syria) in particular, just speaking to a journalist can put someone in grave danger. For example, I’ve long wondered whether problematizing the US government claims about Umar Farouk Abdulmutallab in Jeremy Scahill’s book made Mullah Zabara, who at least accepted AQAP’s role in his province, a target for assassination. Nevertheless, I’m grateful to him (and Scahill) for revealing Abdulmutallab was staying at Fahd al-Quso’s farm, which presented a critical counter detail to some of the government’s claims accepted credulously in the press.

The US government and the US public is far, far too ignorant about the people we’re fighting. A little better insight into their views would help us all. If journalists have to use secure communications and extend anonymity to get that — and ethically, there may be little else they can do — then they should do that.

We are not winning this conflict, and we won’t win it, so long as we try to criminalize the adversary’s propaganda rather than offer a more compelling ideology than they are to those they’re successfully recruiting. And this urge for someone as powerful as Jim Comey to get snitty when the NYT reports not ideology, but information, from AQAP reveals nothing more than an impotence to wage that ideological battle.

Jim Comey Bullies NYT to Stop Publishing Anonymous Claims about Drone Killings

/7 Comments/in , /by

Best as I can tell, the FBI Director has officially told the NYT to stop republishing anonymous government claims about drone strikes anymore.

“Your decision to grant anonymity to a spokesperson for [an organization] so he could clarify the role of his group in assassinating innocents, including a wounded police officer, and distinguish it from the assassination of other innocents in Paris in the name of another group of terrorists, is both mystifying and disgusting,” Mr. Comey said in a letter to The Times.

He added: “I fear you have lost your way and urge you to reconsider allowing your newspaper to be used by those who have murdered so many and work every day to murder more.”

Oh wait. That’s not what Comey was complaining about.

He’s complaining about this paragraph, which — in an article that also grants “American counterterrorism authorities” anonymity (with no explanation) — helps clarify the relationship between the perpetrators of the Hebdo Charlie attack.

A member of Al Qaeda in the Arabian Peninsula, who spoke to The New York Times on the condition of anonymity, said the joint timing of the two operations was a result of the friendship between Mr. Coulibaly and the Kouachi brothers, not of common planning between the Qaeda group and the Islamic State.

That is, Comey is complaining that the NYT is using the same methods — anonymous sourcing — to find more knowledgeable sources to explain the attacks that it uses to parrot official governmental sources. Only Comey and his colleagues’ claims about the attack may be laundered through anonymity under his approach. Not better positioned sources.

Which I guess means he’s happy that the NYT anonymously publishes the claims of US government officials clarifying that the civilians they kill in drone strikes are not civilians, or even clarifying whether the CIA or DOD killed a particular person. He just doesn’t want the NYT to anonymously quote other killers’ spokespersons trying to clarify what the killing is about.

If IPs Are So Solid, Why Won’t FBI Tell Us How Many Americans Get Sucked Up in Section 702?

/8 Comments/in , /by

By his own admission, James Clapper had dinner with the North Korean General who (again, according to Clapper) ordered the hack on Sony just weeks before the hack happened. That puts him at most two degrees away from the actual hackers, according to the evidence presented by Clapper and Jim Comey. According to the Intelligence Community’s at times naive analytical game of Three Degrees of Osama bin Laden — one which has repeatedly targeted negotiators like Clapper was in November, rather than culprits —  Clapper should be sanctioned along with all the others President Obama has targeted.

That is, of course, absurd. We know James Clapper. And while his word may have not much more credibility at this point than Kim Jong-Un’s, that doesn’t mean his effort to negotiate a hostage release (and whatever else he and North Korea believed was being discussed at the time) makes him a culprit in the hack.

But I think the thought experiment provides useful background to consideration of Comey’s further explanation — littered with infantilizing language about bad guys and the “very dark jobs” of FBI’s behavioral analysts who “profile bad actors” — of why he and the rest of the Intelligence Community is so certain North Korea, the country, did the Sony hack.

Comey says the data deletion used in the hack was used by “the North Koreans” in the past (his conflation of “North Koreans” and “North Korea” continues throughout).

You know the technical analysis of the data deletion malware from the attack shows clear links to other malware that we know the North Koreans previously developed. The tools in the Sony attack bore striking similarities to another cyber attack the North Koreans conducted against South Korean banks and media outlets. We’ve done a—I have, as you know from watching Silence of the Lambs—about people who sit at Quantico, very dark jobs. Their jobs are to try to understand the minds of bad actors. That’s our behavioral analysis unit. We put them to work studying the statement, the writings, the diction of the people involved claiming to be the so-called guardians of peace in this attack and compared it to other attacks we know the North Koreans have done. And they say, “Easy. For us it’s the same actors.”

(See Errata for some nuance about that claim.)

Comey then explained how the IC (but not outside skeptics) red teamed the IC’s own conclusions.

We brought in a red team from all across the intelligence community and said let’s hack at this. What else could be explaining this? What other explanations might there be? What might be missing? What competing hypotheses might there be? Evaluate possible alternatives—what might be missing? And we ended up in the same place.

Then, before Comey admitted that FBI still doesn’t know how “the North Koreans” hacked their way into Sony, Comey offered this detail to rebut the outside skeptics’ concerns.

Now I know because I’ve read in the newspaper—seen in the news—that some serious folks have suggested that we have it wrong. I would suggest—not suggesting, I’m saying—that they don’t have the facts that I have—don’t see what I see—but there are a couple things I have urged the intelligence community to declassify that I will tell you right now.

The Guardians of Peace would send e-mails threatening Sony employees and would post online various statements explaining their work. And in nearly every case they used proxy servers to disguise where they were coming from. And sending those e-mails and then sending and pasting and posting those statements.

And several times they got sloppy. Several times either because they forgot or because they had a technical problem they connected directly and we could see them. And we could see that the IP addresses being used to post and to send the e-mails were coming from IPs that were exclusively used by the North Koreans. It was a mistake by them that we haven’t told you about before that was a very clear indication of who was doing this. They shut it off very quickly once they realized the mistake. But not before we knew where it was coming from.

That is, Comey’s new tell — which has, with apparent other leaking about a Facebook account from Mandiant, gotten headlines — is that the FBI identified the hackers using “IPs that were exclusively used by the North Koreans.” [my emphasis]

Let me interject here and remind you that NSA and the FBI refuse to count how many US persons get sucked up in Section 702 upstream and PRISM collection because IPs aren’t a reliable indicator of the location of a person. The USA Freedom Act, by law, excluded any consideration of IP (frankly, any consideration of Internet location at all) from its obligation to report on the location of people sucked up in the dragnet. According to the FBI, tracking location based off anything but a (US based) phone number is too onerous for the Bureau.

IP is unreliable when it comes to transparency on the FBI, but rock solid when it comes to claims of attribution.

Now, I admit that’s a very different thing than spending months and years tracking one IP and attributing it to one particular actor.

But as Jeffrey Carr notes, even there the FBI’s claims have problems. He points out that the claims Comey made yesterday are remarkably similar to those used to attribute the Dark Seoul attack in 2013.

This sounded remarkably similar to the mistake made by the alleged North Korean hackers in the Dark Seoul attack of March 2013:

“SEOUL – A technical blunder by a hacker appears to have reinforced what South Korea has long suspected: North Korea has been behind several hacking attacks on South Korea in recent years…. The hacker exposed the IP address (175.45.178.xx) for up to several minutes due to technical problems in a communication network, giving South Korea a rare clue into tracing the origin of the hacking attack that took place on March 20, according to South Korean officials.”

The evidence that the FBI believes it has against the DPRK in the Sony attack stems from the data that it received on the Dark Seoul attack last year from the private sector.

He then notes North Korea’s Internet isn’t as locked down as it was just a few years ago — and one possible point of entry is geographically close to the St. Regis Hotel increasingly pinpointed in such attacks.

However the easiest way to compromise a node on North Korea’s Internet is to go through its ISP – Star Joint Venture. Star JV is a joint venture between North Korea Post and Telecommunications Corporation and another joint venture – Loxley Pacific (Loxpac). Loxpac is a joint venture with Charring Thai Wire Beta, Loxley, Teltech (Finland), and Jarungthai (Taiwan).

I explored the Loxley connection as soon as this story broke, knowing that the FBI and the NSA was most likely relying on the myth of a “closed” North Korean Internet to base their attribution findings upon. Loxley is owned by one of Thailand’s most well-connected families and just 4 kilometers away is the five star St. Regis hotel where one of the hackers first dumped Sony’s files over the hotel’s WiFi. It would be a simple matter to gain access to Loxley’s or Loxpac’s network via an insider or through a spear phishing attack and then browse through NK’s intranet with trusted Loxpac credentials.

Once there, how hard would it be to compromise a server? According to HP’s North Korea Security Briefing (August 2014) it would be like stealing candy from a baby. 

Now, none of that proves the FBI is wrong (just as none of it, without more proof, is enough to unquestioningly believe the FBI). I frankly am a lot more interested in what went on in Clapper’s meeting right now than I am in IP claims without more proof.

But if the FBI is going to claim that IP is a rock solid indicator of someone’s ID, then can it also tell us how many Americans it sucks up into the dragnet?