Posts

Jim Comey’s Learned Helplessness about the Torture Report

/11 Comments/in /by

Screen Shot 2015-03-12 at 12.26.13 PM

Dianne Feinstein used the Federal Law Enforcement Appropriations hearing as an opportunity to implore Jim Comey to read the Torture Report.

I’m surprised neither by her request nor by her plaintive manner, given how most Federal Agencies have simply blown off the Report. But I am interested in the content of the exchange (my transcription).

Feinstein: One of my disappointments was to learn that the six year report of the Senate Intelligence Committee on Detention and Interrogation Program sat in a locker and no one looked at it. And let me tell you why I’m disappointed. The report — the 6,000 pages and the 38,000 footnotes — which has been compiled contains numerous examples of a learning experience, of cases, of interrogation, of where the Department could learn — perhaps — some new things from past mistakes. And the fact that it hasn’t been opened — at least that’s what’s been reported to me — is really a great disservice. It’s classified. It’s meant for the appropriate Department. You’re certainly one of them. I’d like to ask if you open that report and designate certain people to read it and maybe even have a discussion, how things might be improved by suggestions in the report.

Comey: And I will do that Senator. As you know, I have read the [makes a finger gesture showing how thick it was] Executive Summary. You asked me to do it during my confirmation hearing, I kept that promise and read it. There’s a small number of people at the FBI — as I understand it — who have read the entire thing. But what we have not done — and I think it’s a very good question, is have we thought about whether there are lessons learned for us? There’s a tendency for me to think “we don’t engage in interrogation like that, so what’s there to learn?”

Feinstein: You did. And Bob Mueller pulled your people out, which is a great tribute to him.

Comey: Yeah. So the answer is yes, I will think about it better and I will think about where we are in terms of looking at the entire thing. I don’t know enough about where the document sits at this point in time and you mentioned a lock box, I don’t know that well enough to comment on it at this point.

Feinstein and Comey appear to have differing understandings of whether anyone at FBI has actually read the report, with Comey believing someone has read it — and professing ignorance about a “lockbox” — and Feinstein referring to a report that no one has read it, a belief that may come in part from the responses the government is making to FOIA requests. Is FBI lying about whether anyone has opened this in its FOIA responses?

But I’m also interested both that Comey hasn’t read further and that he hasn’t considered whether FBI might have anything to learn from it.

Tellingly, Comey suggests FBI would have nothing to learn because “we don’t engage in interrogation like that, so what’s there to learn.” But as Feinstein corrects, FBI did engage in “interrogation like that,” but then Bob Mueller withdrew his interrogators. Remember that Ali Soufan was present at the Thai black site for Abu Zubaydah’s first extreme sleep deprivation and long enough to see the torturers bring out a coffin-like box. His partner, Steve Gaudin, stayed even longer. That stuff doesn’t appear in the summary (the report’s silence on this earlier phase of Abu Zubaydah’s torture is one of CIA’s legitimate complaints). Moreover, there are moments later in the torture program when one or another FBI Agent (including Soufan) were present for other detainees’ interrogation, particularly for isolation. Comey wanted to suggest FBI was never involved in torture, but Feinstein reminded him they were.

Still, Feinstein seems to believe that Mueller withdrew Agents out of some kind of squeamishness. I think the record (especially from FBI Agents in Iraq who declined to write certain things down) suggests, instead, that Mueller withdrew his Agents to ensure that the FBI would never be witness to crimes committed against detainees which might force them to investigate those crimes. Indeed, it seems that in summer 2002 — at a time when US Attorney Jim Comey was relying on Abu Zubaydah’s statements to detain Jose Padilla — DOJ found a way to bracket the treatment that had already occurred and remain mostly ignorant of that which would occur over the next several years. Feinstein should know that but seems not to; Comey almost certainly does.

Which makes Comey’s explanation all the more nonsensical. There’s stuff like the anal rape, even in the Executive Summary, that probably wasn’t investigated (though the statute of limitations probably has expired on it). There’s probably far, far more evidence of crimes that have never been investigated in the full report. And yet … the premier law enforcement agency may or may not have taken the report out of storage in a lock box?

Consider me unconvinced.

Besides, Comey’s claim that “we don’t engage in interrogation like that” ignores that FBI is supposed to be the lead agency in the High Value Interrogation Group, about which there have been numerous hints that things like food and sleep deprivation have been used. His explanation that “we don’t engage in interrogation like that,” is all the more curious given FBI’s announcement earlier this week that the guy in charge of one HIG section just got assigned to lead the Dallas Division.

Director James B. Comey has named Thomas M. Class, Sr. special agent in charge of the FBI’s Dallas Division. Mr. Class most recently served as section chief of the High Value Detainee Interrogation Group in the National Security Branch (NSB) at FBI Headquarters (FBIHQ). In this position, he led an FBI-lead interagency group that deploys worldwide the nation’s best interrogation resources against significant counterterrorism targets in custody.

Who’s in charge of HIG, then? And is it engaging in isolation?

Finally, I am specifically intrigued by Comey’s apparent lack of curiosity about the full report because of his actions in 2005.

As these posts lay out (one, two), Comey was involved in the drafting of 2 new OLC memos in May 2005 (though he may have been ignorant about the third). The lies CIA told OLC in 2004 and then told OLC again in 2005 covering the same torture were among the worst, according to Mark Udall. Comey even tried to hold up the memo long enough to do fact gathering that would allow them to tie the Combined memo more closely to the detainee whose treatment the memo was apparently supposed to retroactively reauthorize. But Alberto Gonzales’ Chief of Staff Ted Ullyot told him that would not be possible.

Pat [Philbin] explained to me (as he had to [Steven Bradbury and Ted Ullyot]) that we couldn’t make the change I thought necessary by Friday [April 29]. I told him to go back to them and reiterate that fact and the fact that I would oppose any opinion that was not significantly reshaped (which would involve fact gathering that we could not complete by Friday).

[snip]

[Ullyot] mentioned at one point that OLC didn’t feel like it would accede to my request to make the opinion focused on one person because they don’t give retrospective advice. I said I understood that, but that the treatment of that person had been the subject of oral advice, which OLC would simply be confirming in writing, something they do quite often.

At the end, he said that he just wanted me to know that it appeared the second opinion would go [Friday] and that he wanted to make sure I knew that and wanted to confirm that I felt I had been heard.

Presuming that memo really was meant to codify the oral authorization DOJ had given CIA (which might pertain to Hassan Ghul or another detainee tortured in 2004), then further details of the detainee’s torture would be available in the full report. Wouldn’t Comey be interested in those details now?

But then, so would details of Janat Gul’s torture, whose torture was retroactively authorized in an OLC memo Comey himself bought off on. Maybe Comey has good reason not to want to know what else is in the report.

Share this entry

The Privileges Waging a “War” on Terror Thereby Accords AQAP

/15 Comments/in /by


“Hey, William Shirer? It’s J. Edgar here. I think you’re disgusting for reporting from Nazi Germany.”

Actually, I have no idea what J. Edgar Hoover thought of William Shirer’s reporting from Nazi Germany. I don’t even know whether Hoover ever spoke to Shirer. But I’m trying to imagine what it would feel like for the FBI Director to publicly call out one of the most invaluable journalists — and after that, historians — during World War II and tell him his work was disgusting.

It’s an image conjured up by this Jack Goldsmith response to my earlier post on Jim Comey’s suggestion that the NYT was “disgusting” for giving an AQAP member anonymity to clarify which Parisian terrorists they have ties with and with they do not.

Marcy Wheeler implies that Comey here “bullies” the NYT.   No, he criticized it and “urge[d]” it to “reconsider.”  He made no threat whatsoever, and he had no basis to make one.  That is not bullying.   Wheeler is on stronger ground in pointing out that the USG speaks to the press through anonymous sources all the time, including in its claims about civilian casualties in drone strikes.  I don’t like press reliance on anonymous sources.  But I also don’t think that the U.S. government and its enemy in war, AQAP, are on the same footing, or should be treated the same way in NYT news coverage.  (Imagine if the NYT said: “A source in the child exploitation ring told the New York Times on condition of anonymity that his group was responsible for three of the child kidnappings but had nothing to with the fourth.”)  The NYT appears to think they are on the same footing and should be treated the same when it comes to anonymous sources.  Comey disagrees, and there is nothing wrong with him saying so publicly.  The press is immune from many things, but not from criticism, including by the government.

For what it’s worth, I actually can imagine it might be incredibly important for a newspaper to give criminals anonymity to say something like this, particularly if the newspaper could vet it. It might well save lives by alerting cops they were looking for two child exploitation rings, not one. As with the NYT quote, which alerts authorities that the threat is a lot more nebulous than declaring it AQAP might make it seem.

Yet Goldsmith is involved in a category error by comparing AQAP to a gang. Sure, they are thuggish and gang-like (albeit less powerful than some Mexican cartels).

But the US does not consider them a gang. It considers them, legally, an adversary in war (just ask Anwar al-Awlaki, who was killed based on such an assertion). And there is a very long and noble history of journalists reporting from both sides in time of war, through whatever means (though as with Shirer, the journalists ultimately need to judge whether they’re still able to do independent reporting). Indeed, having journalists who could make some claim to neutrality has been fundamentally important to get closer to real understanding. More recently, Peter Bergen’s reporting — including his secure meeting with Osama bin Laden — was crucially important to US understanding after 9/11, when few knew anything about bin Laden.

And the logic behind giving an AQAP source anonymity — and secure communications — is particularly powerful given that the US shows no respect for journalists’ (or human rights workers’ or lawyers’) communications in its spying. Nor does it consider anyone “in” a terrorist group, whether they be propagandists, cooks, or drivers, illegitimate for targeting purposes. Thus, any non-secure communication can easily lead immediately to drone killing. But killing this one guy talking to NYT, however much that might make Jim Comey feel good, is not going to solve the problem of Muslims in the west choosing to declare allegiance to one or another Islamic extremist group before they go on a killing spree. Hell, if some of the claims floating around are correct, killing Awlaki hasn’t even diminished his ability to inspire murder.

In the case of Yemen (or Pakistan, or Somalia, or Syria) in particular, just speaking to a journalist can put someone in grave danger. For example, I’ve long wondered whether problematizing the US government claims about Umar Farouk Abdulmutallab in Jeremy Scahill’s book made Mullah Zabara, who at least accepted AQAP’s role in his province, a target for assassination. Nevertheless, I’m grateful to him (and Scahill) for revealing Abdulmutallab was staying at Fahd al-Quso’s farm, which presented a critical counter detail to some of the government’s claims accepted credulously in the press.

The US government and the US public is far, far too ignorant about the people we’re fighting. A little better insight into their views would help us all. If journalists have to use secure communications and extend anonymity to get that — and ethically, there may be little else they can do — then they should do that.

We are not winning this conflict, and we won’t win it, so long as we try to criminalize the adversary’s propaganda rather than offer a more compelling ideology than they are to those they’re successfully recruiting. And this urge for someone as powerful as Jim Comey to get snitty when the NYT reports not ideology, but information, from AQAP reveals nothing more than an impotence to wage that ideological battle.

Share this entry

Jim Comey Bullies NYT to Stop Publishing Anonymous Claims about Drone Killings

/7 Comments/in , /by

Best as I can tell, the FBI Director has officially told the NYT to stop republishing anonymous government claims about drone strikes anymore.

“Your decision to grant anonymity to a spokesperson for [an organization] so he could clarify the role of his group in assassinating innocents, including a wounded police officer, and distinguish it from the assassination of other innocents in Paris in the name of another group of terrorists, is both mystifying and disgusting,” Mr. Comey said in a letter to The Times.

He added: “I fear you have lost your way and urge you to reconsider allowing your newspaper to be used by those who have murdered so many and work every day to murder more.”

Oh wait. That’s not what Comey was complaining about.

He’s complaining about this paragraph, which — in an article that also grants “American counterterrorism authorities” anonymity (with no explanation) — helps clarify the relationship between the perpetrators of the Hebdo Charlie attack.

A member of Al Qaeda in the Arabian Peninsula, who spoke to The New York Times on the condition of anonymity, said the joint timing of the two operations was a result of the friendship between Mr. Coulibaly and the Kouachi brothers, not of common planning between the Qaeda group and the Islamic State.

That is, Comey is complaining that the NYT is using the same methods — anonymous sourcing — to find more knowledgeable sources to explain the attacks that it uses to parrot official governmental sources. Only Comey and his colleagues’ claims about the attack may be laundered through anonymity under his approach. Not better positioned sources.

Which I guess means he’s happy that the NYT anonymously publishes the claims of US government officials clarifying that the civilians they kill in drone strikes are not civilians, or even clarifying whether the CIA or DOD killed a particular person. He just doesn’t want the NYT to anonymously quote other killers’ spokespersons trying to clarify what the killing is about.

Share this entry

If IPs Are So Solid, Why Won’t FBI Tell Us How Many Americans Get Sucked Up in Section 702?

/8 Comments/in , /by

By his own admission, James Clapper had dinner with the North Korean General who (again, according to Clapper) ordered the hack on Sony just weeks before the hack happened. That puts him at most two degrees away from the actual hackers, according to the evidence presented by Clapper and Jim Comey. According to the Intelligence Community’s at times naive analytical game of Three Degrees of Osama bin Laden — one which has repeatedly targeted negotiators like Clapper was in November, rather than culprits —  Clapper should be sanctioned along with all the others President Obama has targeted.

That is, of course, absurd. We know James Clapper. And while his word may have not much more credibility at this point than Kim Jong-Un’s, that doesn’t mean his effort to negotiate a hostage release (and whatever else he and North Korea believed was being discussed at the time) makes him a culprit in the hack.

But I think the thought experiment provides useful background to consideration of Comey’s further explanation — littered with infantilizing language about bad guys and the “very dark jobs” of FBI’s behavioral analysts who “profile bad actors” — of why he and the rest of the Intelligence Community is so certain North Korea, the country, did the Sony hack.

Comey says the data deletion used in the hack was used by “the North Koreans” in the past (his conflation of “North Koreans” and “North Korea” continues throughout).

You know the technical analysis of the data deletion malware from the attack shows clear links to other malware that we know the North Koreans previously developed. The tools in the Sony attack bore striking similarities to another cyber attack the North Koreans conducted against South Korean banks and media outlets. We’ve done a—I have, as you know from watching Silence of the Lambs—about people who sit at Quantico, very dark jobs. Their jobs are to try to understand the minds of bad actors. That’s our behavioral analysis unit. We put them to work studying the statement, the writings, the diction of the people involved claiming to be the so-called guardians of peace in this attack and compared it to other attacks we know the North Koreans have done. And they say, “Easy. For us it’s the same actors.”

(See Errata for some nuance about that claim.)

Comey then explained how the IC (but not outside skeptics) red teamed the IC’s own conclusions.

We brought in a red team from all across the intelligence community and said let’s hack at this. What else could be explaining this? What other explanations might there be? What might be missing? What competing hypotheses might there be? Evaluate possible alternatives—what might be missing? And we ended up in the same place.

Then, before Comey admitted that FBI still doesn’t know how “the North Koreans” hacked their way into Sony, Comey offered this detail to rebut the outside skeptics’ concerns.

Now I know because I’ve read in the newspaper—seen in the news—that some serious folks have suggested that we have it wrong. I would suggest—not suggesting, I’m saying—that they don’t have the facts that I have—don’t see what I see—but there are a couple things I have urged the intelligence community to declassify that I will tell you right now.

The Guardians of Peace would send e-mails threatening Sony employees and would post online various statements explaining their work. And in nearly every case they used proxy servers to disguise where they were coming from. And sending those e-mails and then sending and pasting and posting those statements.

And several times they got sloppy. Several times either because they forgot or because they had a technical problem they connected directly and we could see them. And we could see that the IP addresses being used to post and to send the e-mails were coming from IPs that were exclusively used by the North Koreans. It was a mistake by them that we haven’t told you about before that was a very clear indication of who was doing this. They shut it off very quickly once they realized the mistake. But not before we knew where it was coming from.

That is, Comey’s new tell — which has, with apparent other leaking about a Facebook account from Mandiant, gotten headlines — is that the FBI identified the hackers using “IPs that were exclusively used by the North Koreans.” [my emphasis]

Let me interject here and remind you that NSA and the FBI refuse to count how many US persons get sucked up in Section 702 upstream and PRISM collection because IPs aren’t a reliable indicator of the location of a person. The USA Freedom Act, by law, excluded any consideration of IP (frankly, any consideration of Internet location at all) from its obligation to report on the location of people sucked up in the dragnet. According to the FBI, tracking location based off anything but a (US based) phone number is too onerous for the Bureau.

IP is unreliable when it comes to transparency on the FBI, but rock solid when it comes to claims of attribution.

Now, I admit that’s a very different thing than spending months and years tracking one IP and attributing it to one particular actor.

But as Jeffrey Carr notes, even there the FBI’s claims have problems. He points out that the claims Comey made yesterday are remarkably similar to those used to attribute the Dark Seoul attack in 2013.

This sounded remarkably similar to the mistake made by the alleged North Korean hackers in the Dark Seoul attack of March 2013:

“SEOUL – A technical blunder by a hacker appears to have reinforced what South Korea has long suspected: North Korea has been behind several hacking attacks on South Korea in recent years…. The hacker exposed the IP address (175.45.178.xx) for up to several minutes due to technical problems in a communication network, giving South Korea a rare clue into tracing the origin of the hacking attack that took place on March 20, according to South Korean officials.”

The evidence that the FBI believes it has against the DPRK in the Sony attack stems from the data that it received on the Dark Seoul attack last year from the private sector.

He then notes North Korea’s Internet isn’t as locked down as it was just a few years ago — and one possible point of entry is geographically close to the St. Regis Hotel increasingly pinpointed in such attacks.

However the easiest way to compromise a node on North Korea’s Internet is to go through its ISP – Star Joint Venture. Star JV is a joint venture between North Korea Post and Telecommunications Corporation and another joint venture – Loxley Pacific (Loxpac). Loxpac is a joint venture with Charring Thai Wire Beta, Loxley, Teltech (Finland), and Jarungthai (Taiwan).

I explored the Loxley connection as soon as this story broke, knowing that the FBI and the NSA was most likely relying on the myth of a “closed” North Korean Internet to base their attribution findings upon. Loxley is owned by one of Thailand’s most well-connected families and just 4 kilometers away is the five star St. Regis hotel where one of the hackers first dumped Sony’s files over the hotel’s WiFi. It would be a simple matter to gain access to Loxley’s or Loxpac’s network via an insider or through a spear phishing attack and then browse through NK’s intranet with trusted Loxpac credentials.

Once there, how hard would it be to compromise a server? According to HP’s North Korea Security Briefing (August 2014) it would be like stealing candy from a baby. 

Now, none of that proves the FBI is wrong (just as none of it, without more proof, is enough to unquestioningly believe the FBI). I frankly am a lot more interested in what went on in Clapper’s meeting right now than I am in IP claims without more proof.

But if the FBI is going to claim that IP is a rock solid indicator of someone’s ID, then can it also tell us how many Americans it sucks up into the dragnet?

Share this entry

Jim Comey Scolds the Press for Reporting on a Court Filing

/8 Comments/in /by

Jim Comey, seemingly intent on squandering once limitless credibility in record time, has written a letter to the NYT to explain two of the FBI’s deceptive operations reported recently. The one that’s getting the attention — his admission that an agent posed as an AP reporter to catch a teenager making bomb threats — actually comes off as the less indefensible response.

Relying on an agency behavioral assessment that the anonymous suspect was a narcissist, the online undercover officer portrayed himself as an employee of The Associated Press, and asked if the suspect would be willing to review a draft article about the threats and attacks, to be sure that the anonymous suspect was portrayed fairly.

[snip]

That technique was proper and appropriate under Justice Department and F.B.I. guidelines at the time. Today, the use of such an unusual technique would probably require higher level approvals than in 2007, but it would still be lawful and, in a rare case, appropriate.

Sure, the FBI decided to dress up as the press to catch someone who hadn’t yet done real harm. Sure, they did it to deliver malware, basically a classic hack. Sure, it could have played to this kid’s narcissistic tendencies using any number of other fake identities. Sure, this was ultimately going to get made at least as public as a court docket, which does undermine the credibility of a brand name press outlet. But it was a fairly limited operation, that wouldn’t have generated this much attention if Chris Soghoian (in the process of writing a brief to prevent the FBI to hack with even fewer limits) weren’t such a meddling hippie.

Having insulted the press by asserting that the FBI playing dress up as the press is legal (though dodging somewhat on whether to do so to catch a teenager would be “proper” today), Comey then responded to the FBI’s other recent black eye — being accused of shutting off cable and then pretending to be cable repairmen to access hotel rooms without a warrant — this way.

The Las Vegas case is still in litigation, so there is little we can say, but it would have been better to wait for the government’s response and a court decision before concluding that the F.B.I. engaged in abusive conduct.

Every undercover operation involves “deception,” which has long been a critical tool in fighting crime. The F.B.I.’s use of such techniques is subject to close oversight, both internally and by the courts that review our work.

“It would have been better to wait for the government’s response and a court decision before concluding that the F.B.I. engaged in abusive conduct”???

Now, the reason the press picked up on this story is because the well-heeled defendants have superb lawyers who wrote a brief that is both engaging and chock full of evidence. The brief starts by laying out the stakes that matter for you and I, even if in this case they affect a bunch of Malaysian men who may have ties to Asian organized crime.

The next time you call for assistance because the internet service in your home is not working, the “technician” who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and–when he shows up at your door, impersonating a technician–let him in. He will walk through each room of your home, claiming to diagnose the problem. Actually, he will be videotaping everything (and everyone) inside. He will have no reason to suspect you have broken the law, much less probable cause to obtain a search warrant. But that makes no difference, because by letting him in, you will have “consented” to an intensive search of your home.

Jim Comey thinks the press shouldn’t report on this until after the government has had its shot at rebuttal? Does he feel the same about the army of FBI leakers who pre-empt defense cases all the time? Does Comey think it improper for his FBI to have released this press release, upon defendant Wei Seng Phua’s arrest, asserting that he is a member of organized crime as a fact and mentioning a prior arrest (not a conviction) that may or may not be deemed admissible to this case?

According to the criminal complaint, Wei Seng Phua, is known by law enforcement to be a high ranking member of the 14K Triad, an Asian organized crime group. On or about June 18, 2013, Phua was arrested in Macau, along with more than 20 other individuals, for operating an illegal sport book gambling business transacting illegal bets on the World Cup Soccer Tournament. Phua posted bail in Macau and was released. 

I didn’t see the FBI Director complaining about press stories, written in response to the press release, reported before the defense had been able to present their side.

The point is, one reason we have laws governing open access to court documents — which the government limits all the time (including with claims about a broad need to hide the methods of its deception) — is so both sides get a bid to make their case, both before judges and before the public. Another reason is so that the press can act as a check on something that may be legal, but probably shouldn’t be.

It may well be that FBI gets to use the evidence from their cable repairman scheme (given that superstar appellate lawyer Tom Goldstein is on the case, the defendants probably don’t think this is as big of a slam dunk as the press has, probably because Caesars, a competitor with the Asian mob in the gambling industry, was a willing participant in the scheme, including turning off the cable service). But that’s an entirely different question from whether they should, for precisely the reason the brief lays out: because if the FBI can turn off our cable to set up a cable repairman cover, then it undermines the principle of consensual searches.

These guys may or may not be douchebag Asian mobsters. But they are also being tried in the United States, which still subjects its criminal procedure to fairly broad but by no means unlimited press scrutiny.

Which means the press gets to weigh in. The defense gets to make their case, and if they make a compelling case, the press will report it, just as they almost always report FBI press releases on face value, as they did in this case (to say nothing of FBI’s leaks).

Jim Comey, himself a master at working the press, should expect that, and if he wants his FBI to remain credible, should ensure their undercover operations are not just “legal” and “proper” but also “wise.”

Share this entry

Classified Briefings: For When Your Public Claims Don’t Hold Up to Scrutiny

/2 Comments/in /by

As I laid out when he gave his speech at Brookings, Jim Comey’s public explanation for needing back doors to Apple and Android phones doesn’t hold up. He conflated stored communication with communication in transit, ignored the risk of a back door (which he called a front door), and the law enforcement successes he presented, across the board, do not support his claim to need a back door.

So yesterday Comey and others had a classified briefing, where no one would be able to shred his flawed case.

FBI and Justice Department officials met with House staffers this week for a classified briefing on how encryption is hurting police investigations, according to staffers familiar with the meeting.

The briefing included Democratic and Republican aides for the House Judiciary and Intelligence Committees, the staffers said. The meeting was held in a classified room, and aides are forbidden from revealing what was discussed.

[snip]

Comey called for Congress to revise the law to create a “level playing field” so that Google, Apple, and Facebook have the same obligation as AT&T and Verizon to help police.

National Journal listed out those companies, by the way — Facebook, for example, did not appear in Comey’s Brooking’s speech where he used the “level the playing field comment.”

I was puzzled by Comey’s inclusion of Facebook here until I saw this news.

To make their experience more consistent with our goals of accessibility and security, we have begun an experiment which makes Facebook available directly over Tor network at the following URL:

https://facebookcorewwwi.onion/

[ NOTE: link will only work in Tor-enabled browsers ]

Facebook Onion Address

Facebook’s onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud.

The idea is that the Facebook onion address connects you to Facebook’s Core WWW Infrastructure – check the URL again, you’ll see what we did there – and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre.

All that got me thinking about what Comey said in the classified briefing — in the real reason he wants to make us all less secure.

And I can’t help but wonder whether it’s metadata.

The government aspires to get universal potential coverage of telephony (at least) metadata under USA Freedom Act, with the ability to force cooperation. But I’m not sure that Apple, especially, would be able to provide iMessage metadata, meaning iPhone users can text without leaving metadata available to either AT&T (because it bypasses the telecom network) or Apple itself (because they no longer have guaranteed remote object).

And without metadata, FBI and NSA would be unable to demonstrate the need to do a wiretap of such content.

Ah well, once again I reflect on what a pity it is that FBI didn’t investigate the theft of data from these same companies, providing them a very good reason to lock it all up from sophisticated online criminals like GCHQ.

Share this entry

Why Isn’t FBI Investigating the Hackers Who Broke into Google’s Cables?

/12 Comments/in /by

At his Brookings event yesterday, Jim Comey claimed that there is a misperception, in the wake of the Snowden releases, about how much data the government obtains.

In the wake of the Snowden disclosures, the prevailing view is that the government is sweeping up all of our communications. That is not true. And unfortunately, the idea that the government has access to all communications at all times has extended—unfairly—to the investigations of law enforcement agencies that obtain individual warrants, approved by judges, to intercept the communications of suspected criminals.

[snip]

It frustrates me, because I want people to understand that law enforcement needs to be able to access communications and information to bring people to justice. We do so pursuant to the rule of law, with clear guidance and strict oversight. 

He goes onto pretend that Apple and Google are default encrypting their phone solely as a marketing gimmick, some arbitrary thing crazy users want.

Both companies are run by good people, responding to what they perceive is a market demand. But the place they are leading us is one we shouldn’t go to without careful thought and debate as a country.

[snip]

Encryption isn’t just a technical feature; it’s a marketing pitch. But it will have very serious consequences for law enforcement and national security agencies at all levels. Sophisticated criminals will come to count on these means of evading detection. It’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked. And my question is, at what cost?

He ends with a plea that “our private sector partners … consider changing course.”

But we have to find a way to help these companies understand what we need, why we need it, and how they can help, while still protecting privacy rights and providing network security and innovation. We need our private sector partners to take a step back, to pause, and to consider changing course.

There’s something missing from Comey’s tale.

An explanation of why the FBI has not pursued the sophisticated criminals who stole Google’s data overseas.

At a recent event with Ron Wyden, the Senator asked Schmidt to weigh in on the phone encryption “kerfuffle.” And Schmidt was quite clear: the reason Google and Apple are doing this is because the NSA’s partners in the UK stole their data, even while they had access to it via PRISM.

The people who are criticizing this should have expected this. After Google was attacked by the British version of the NSA, we were annoyed and so we put end-to-end encryption at rest, as well as through our systems, making it essentially impossible for interlopers — of any kind — to get that information.

Schmidt describes the default encryption on the iPhone, notes that it has been available for the last 3 years on Android phones, and will soon be standard, just like it is on iPhone.

Law enforcement has many many ways of getting information that they need to provide this without having to do it without court orders and with the possible snooping conversation. The problem when they do it randomly as opposed to through a judicial process is it erodes user trust.

If everything Comey said were true, if this were only about law enforcement getting data with warrants, Apple — and Google especially — might not have offered their customers the privacy they deserved. But it turns out Comey’s fellow intelligence agency decided to just go take what they wanted.

And FBI did nothing to solve that terrific hack and theft of data.

I guess FBI isn’t as interested in rule of law as Comey says.

Share this entry

Jim Comey’s Confused Defense of Front Door Back Doors and Storage Intercepts

/12 Comments/in /by

I said somewhere that those wailing about Apple’s new default crypto in its handsets are either lying or are confused about the difference between a phone service and a storage device.

For the moment, I’m going to put FBI Director Jim Comey in the latter category. I’m going to do so, first, because at his Brookings talk he corrected his false statement — which I had pointed out — on 60 Minutes (what he calls insufficiently lawyered) that the FBI cannot get content without an order. Though while Comey admitted that FBI can read content it has collected incidentally, he made another misleading statement. He said FBI does so during “investigations. They also do so during “assessments,” which don’t require anywhere near the same standard of evidence or oversight to do.

I’m also going to assume Comey is having service/device confusion because that kind of confusion permeated his presentation more generally.

There was the confusion exhibited when he tried to suggest a “back door” into a device wasn’t one if FBI simply called it a “front door.”

We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process—front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks.

And more specifically, when Comey called for rewriting CALEA, he called for something that would affect only a tiny bit of what Apple had made unavailable by encrypting its phones.

Current law governing the interception of communications requires telecommunication carriers and broadband providers to build interception capabilities into their networks for court-ordered surveillance. But that law, the Communications Assistance for Law Enforcement Act, or CALEA, was enacted 20 years ago—a lifetime in the Internet age. And it doesn’t cover new means of communication. Thousands of companies provide some form of communication service, and most are not required by statute to provide lawful intercept capabilities to law enforcement. [my emphasis]

As I have noted, the main thing that will become unavailable under Apple’s new operating system is iMessage chats if the users are not using default iCloud back-ups (which would otherwise keep a copy of the chat).

But the rest of it — all the data that will be stored only on an iPhone if people opt out of Apple’s default iCloud backups — will be unaffected if what Comey is planning to do is require intercept ability for every message sent.

Now consider the 5 examples Comey uses to claim FBI needs this. I’ll return to these later, but in almost all cases, Comey seems to be overselling his case.

First, there’s the case of two phones with content on them.

In Louisiana, a known sex offender posed as a teenage girl to entice a 12-year-old boy to sneak out of his house to meet the supposed young girl. This predator, posing as a taxi driver, murdered the young boy, and tried to alter and delete evidence on both his and the victim’s cell phones to cover up his crime. Both phones were instrumental in showing that the suspect enticed this child into his taxi. He was sentenced to death in April of this year.

On first glance this sounds like a case where the phones were needed. But assuming this is the case in question, it appears wrong. The culprit, Brian Horn, was IDed by multiple witnesses as being in the neighborhood, and evidence led to his cab. There was DNA evidence. And Horn and his victim had exchange texts. Presumably, records of those texts, and quite possibly the actual content, were available at the provider.

Then there’s another texting case.

In Los Angeles, police investigated the death of a 2-year-old girl from blunt force trauma to her head. There were no witnesses. Text messages from the parents’ cell phones to one another, and to their family members, proved the mother caused this young girl’s death, and that the father knew what was happening and failed to stop it.

Text messages also proved that the defendants failed to seek medical attention for hours while their daughter convulsed in her crib. They even went so far as to paint her tiny body with blue paint—to cover her bruises—before calling 911. Confronted with this evidence, both parents pled guilty.

This seems to be another case where the texts were probably available in other places, especially given how many people received them.

Then there’s another texting story — this is the only one where Comey mentioned warrants, and therefore the only real parallel to what he’s pitching.

In Kansas City, the DEA investigated a drug trafficking organization tied to heroin distribution, homicides, and robberies. The DEA obtained search warrants for several phones used by the group. Text messages found on the phones outlined the group’s distribution chain and tied the group to a supply of lethal heroin that had caused 12 overdoses—and five deaths—including several high school students.

Again, these texts were likely available with the providers.

Then Comey lists a case where the culprits were first found with a traffic camera.

In Sacramento, a young couple and their four dogs were walking down the street at night when a car ran a red light and struck them—killing their four dogs, severing the young man’s leg, and leaving the young woman in critical condition. The driver left the scene, and the young man died days later.

Using “red light cameras” near the scene of the accident, the California Highway Patrol identified and arrested a suspect and seized his smartphone. GPS data on his phone placed the suspect at the scene of the accident, and revealed that he had fled California shortly thereafter. He was convicted of second-degree murder and is serving a sentence of 25 years to life.

It uses GPS data, which would surely have been available from the provider. So traffic camera, GPS. Seriously, FBI, do you think this makes your case?

Perhaps Comey’s only convincing example involves exoneration involving a video — though that too would have been available elsewhere on Apple’s default settings.

The evidence we find also helps exonerate innocent people. In Kansas, data from a cell phone was used to prove the innocence of several teens accused of rape. Without access to this phone, or the ability to recover a deleted video, several innocent young men could have been wrongly convicted.

Again, given Apple’s default settings, this video would be available on iCloud. But if it was only available on the phone, and it was the only thing that exonerated the men, then it would count.

Update: I’m not sure, but this sounds like the Daisy Coleman case, which was outside Kansas City, MO, but did involve a phone video that (at least as far as I know) was never recovered. I don’t think the video ever was found. The guy she accused of raping her plead guilty to misdemeanor child endangerment — he dumped her unconscious in freezing weather outside her house.

I will keep checking into these, but none of these are definite cases. All of this evidence would normally, given default settings, be available from providers. Much of it would be available on phones of people besides the culprit. In the one easily identifiable case, there was a ton of other evidence. In two of these cases, the evidence was important in getting a guilty plea, not in solving the crime.

But underlying it all is the key point: Phones are storage devices, but they are primarily communication devices, and even as storage devices the default is that they’re just a localized copy of data also stored elsewhere. That means it is very rare that evidence is only available on a phone. Which means it is rare that such evidence will only be available in storage and not via intercept or remote storage.

Share this entry

60 Minutes Comey Refutes 60 Minutes Comey

/2 Comments/in /by

Jim ComeyToday, Jim Comey will give what will surely be an aggressively moderated (by Ben Wittes!) talk at Brookings, arguing that Apple should not offer its customers basic privacy tools (congratulations to NYT’s Michael Schmidt for beating the rush of publishing credulous reports on this speech).

Mr. Comey will say that encryption technologies used on these devices, like the new iPhone, have become so sophisticated that crimes will go unsolved because law enforcement officers will not be able to get information from them, according to a senior F.B.I. official who provided a preview of the speech.

Never mind the numbers, which I laid out here. While Apple doesn’t break out its device requests last year, it says the vast majority of the 3,431 device requests it responded to last year were in response to a lost or stolen phone request, not law enforcement seeking data on the holder. Given that iPhones represent the better part of the estimated 3.1 million phones that will be stolen this year, that’s a modest claim. Moreover, given that Apple only provided content off the cloud to law enforcement 155 times last year, it’s unlikely we’re talking a common law enforcement practice.

At least not with warrants. Warrantless fishing expeditions are another issue.

As far back as 2010, CBP was conducting 4,600 device searches at the border. Given that 20% of the country will be carrying iPhones this year, and a much higher number of the Americans who cross international borders will be carrying one, a reasonable guess would be that CBP searches 1,000 iPhones a year (and it could be several times that). Cops used to be able to do the same at traffic stops until this year’s Riley v, California decision; I’ve not seen numbers on how many searches they did, but given that most of those were (like the border searches) fishing expeditions, it’s not clear how many will be able to continue, because law enforcement won’t have probable cause to get a warrant.

So the claims law enforcement is making about needing to get content stored on and only on iPhones with a warrant doesn’t hold up, except for very narrow exceptions (cops may lose access to iMessage conversations if all users in question know not to store those conversations on iCloud, which is otherwise the default).

But that’s not the best argument I’ve seen for why Comey should back off this campaign.

As a number of people (including the credulous Schmidt) point out, Comey repeated his attack on Apple on the 60 Minutes show Sunday.

James Comey: The notion that we would market devices that would allow someone to place themselves beyond the law, troubles me a lot. As a country, I don’t know why we would want to put people beyond the law. That is, sell cars with trunks that couldn’t ever be opened by law enforcement with a court order, or sell an apartment that could never be entered even by law enforcement. Would you want to live in that neighborhood? This is a similar concern. The notion that people have devices, again, that with court orders, based on a showing of probable cause in a case involving kidnapping or child exploitation or terrorism, we could never open that phone? My sense is that we’ve gone too far when we’ve gone there

What no one I’ve seen points out is there was an equally charismatic FBI Director named Jim Comey on 60 Minutes a week ago Sunday (these are actually the same interview, or at least use the same clip to marvel that Comey is 6’8″, which raises interesting questions about why both these clips weren’t on the same show).

That Jim Comey made a really compelling argument about how most people don’t understand how vulnerable they are now that they live their lives online.

James Comey: I don’t think so. I think there’s something about sitting in front of your own computer working on your own banking, your own health care, your own social life that makes it hard to understand the danger. I mean, the Internet is the most dangerous parking lot imaginable. But if you were crossing a mall parking lot late at night, your entire sense of danger would be heightened. You would stand straight. You’d walk quickly. You’d know where you were going. You would look for light. Folks are wandering around that proverbial parking lot of the Internet all day long, without giving it a thought to whose attachments they’re opening, what sites they’re visiting. And that makes it easy for the bad guys.

Scott Pelley: So tell folks at home what they need to know.

James Comey: When someone sends you an email, they are knocking on your door. And when you open the attachment, without looking through the peephole to see who it is, you just opened the door and let a stranger into your life, where everything you care about is.

That Jim Comey — the guy worried about victims of computer crime — laid out the horrible things that can happen when criminals access all the data you’ve got on devices.

Scott Pelley: And what might that attachment do?

James Comey: Well, take over the computer, lock the computer, and then demand a ransom payment before it would unlock. Steal images from your system of your children or your, you know, or steal your banking information, take your entire life.

Now, victim-concerned Jim Comey seems to think we can avoid such vulnerability by educating people not to click on any attachment they might have. But of course, for the millions who have their cell phones stolen, they don’t even need to click on an attachment. The crooks will have all their victims’ data available in their hand.

Unless, of course, users have made that data inaccessible. One easy way to do that is by making easy encryption the default.

Victim-concerned Jim Comey might offer 60 Minute viewers two pieces of advice: be careful of what you click on, and encrypt those devices that you carry with you — at risk of being lost or stolen — all the time.

Of course, that would set off a pretty intense fight with fear-monger Comey, the guy showing up to Brookings today to argue Apple’s customers shouldn’t have this common sense protection.

That would be a debate I’d enjoy Ben Wittes trying to debate.

Share this entry

Jim Comey Lied When He Claimed FBI Needs a Judge to Read Your Email

/13 Comments/in /by

I believe that Americans should be deeply skeptical of government power. You cannot trust people in power. The founders knew that. That’s why they divided power among three branches, to set interest against interest. — FBI Director Jim Comey

As part of a piece on James Risen’s stories, 60 Minutes did an interview with Jim Comey. It rehearsed his role in running up hospital steps in 2004 to prevent Andy Card from getting an ill John Ashcroft to rubber stamp illegal surveillance — without mentioning that Comey and the other hospital heroes promptly got the same program authorized by bullying the FISA Court. Trevor Timm called out this aspect of 60 Minutes’ report here.

CBS also permitted Comey to engage in Apple encryption fear-mongering without challenge. CNN, to its credit, called Comey on his misrepresentations here.

But perhaps Comey’s biggest stretcher came when Scott Pelley asked him whether FBI engages in surveillance without a court order.

Scott Pelley: There is no surveillance without court order?

James Comey: By the FBI? No. We don’t do electronic surveillance without a court order.

Scott Pelley: You know that some people are going to roll their eyes when they hear that?

James Comey: Yeah, but we cannot read your emails or listen to your calls without going to a federal judge, making a showing of probable cause that you are a terrorist, an agent of a foreign power, or a serious criminal of some sort, and get permission for a limited period of time to intercept those communications. It is an extremely burdensome process. And I like it that way.

Comey was admittedly careful to caveat his answer, stating that FBI does not engage in “electronic surveillance” without a court order. That probably excludes FBI’s use of National Security Letters. Though as DOJ’s Inspector General has made clear, FBI uses NSLs for a number of things — including communities of interest, obtaining one or possibly two degree collection of phone records, as well as a bunch of other things that remain redacted — that the NSL law didn’t envision. Indeed, FBI’s NSL requests have gotten so exotic that some Internet companies started to refuse — successfully — in 2009 to comply with the requests, forcing FBI to use Section 215 orders instead.

But the second part of that exchange — Comey’s claim that “we cannot read your emails without going to a federal judge” is egregiously false.

As both ODNI and PCLOB have made clear, FBI can and does query incidentally collected data obtained under Section 702 (PRISM) — that is, it accesses email content — without a warrant. Alarmingly, it does so at the assessment level, before FBI even has any real evidence of wrong-doing.

Second, whenever the FBI opens a new national security investigation or assessment, FBI personnel will query previously acquired information from a variety of sources, including Section 702, for information relevant to the investigation or assessment. With some frequency, FBI personnel will also query this data, including Section 702–acquired information, in the course of criminal investigations and assessments that are unrelated to national security efforts.

That’s not conducting electronic surveillance — because FBI gets the email after the electronic surveillance has already occurred. But that does entail warrantless access of US person content, and does so without any review by a judge. Indeed, with Section 702 collection, a judge never even reviews the foreign targets, much less the US incidental collection accessed by the FBI.

Now I get that Jim Comey is a terrifically charismatic guy, with great PR instincts. But still, 60 Minutes is supposed to be a journalism show. Why, when Comey was telling 60 Minutes straight out they should not trust the government, did they let him make so many bogus claims?

Share this entry