Former Deputy DIRNSA Chris Inglis Goes to Private Equity Firm, Paladin

I’ve been tracking how former DIRNSA Keith Alexander has shacked up with shadow bank regulator Promontory Financial Group to scare banks into making him rich.

Today, we learned where his Deputy, Chris Inglis, will spend his sinecure: at Paladin private equity firm. In their release announcing the hire, Paladin’s Managing Director and former DIRNSA from the Clinton years, Kenneth Minihan, hailed Inglis’ role in cybersecurity.

“Having worked at the highest levels of the NSA, Chris has incredible insight and a great sense of the current and ever evolving cyber threat,” said Lt. General (Ret.) Kenneth Minihan, Managing Director at Paladin Capital Group.  “We are delighted to have Chris join as a Venture Partner, Chris will play a key role in further developing our cyber knowledge base.”


“Chris brings almost 40 years of experience in the government to the Paladin team” said Mike Steed, Founder and Managing Partner at Paladin. “His broad experience in government and with cyber products and services will be a valuable asset to the company.”

Many of the companies in Paladin’s cyber portfolio are key partners with the government or big contractors like SAIC. So Inglis’ background will be very useful to Paladin indeed.

Let’s Prosecute Treasury, State, and Drone Misses for Illegal Leaking

Some crisis communications moron apparently advised John Inglis to repeat “unauthorized disclosure” over and over in his interview with Steve Inskeep (he does so 7 times).

Because Inglis implicitly accuses Treasury, the State Department, and failed drone operators for illegal leaks.

In response to Inskeep’s question whether the NSA conducts 44 million queries a year (which actually means the NSA is passively querying targets an order of magnitude more often, as Inglis’ response makes clear), Inglis tries to suggest that the only way a target would learn we were tracking him would be if someone leaked that information.

INGLIS: That’s what that math would lead you to but actually, it’s not that simple. So let’s say I’m interested in a particular terrorist, that individual might have dozens, might have across a given year hundreds of selectors. I’d kind of pick up and drop telephones on, you know, like it’s fast food. They might form, discard email addresses at a rapid rate. Why? Because we told them that they’re of interest to us. We’ve been telling them that for years through these unauthorized disclosures. So one individual might have attributable to them hundreds of these things. At the same time, we don’t query one time a year. We might try to find out every few hours. We might try to find out every once in a while, you know, where this thing is. It might be that geo-location is of interest to us. And so all of that then constitutes a broad number of inquiries.

Of course, the other way targets learn we are tracking them is if Treasury and State designate their organization a terror affiliate (or they themselves a designated target), or if they escape a near miss, perhaps by drone.

Seriously, Inglis would have to be a moron if he really believes many — if not most — of our top targets don’t know we’re tracking them. But he’s not a moron. Which presents the more logical conclusion that he has cynically started chanting leak leak leak when describing something that is a normal aspect of spying, all to suggest what Snowden has done devastated their work.

John Inglis Explains Why (US-Based Collection of) Internet Metadata Doesn’t Work

Steve Inskeep got a very long interview with NSA Deputy Director John Inglis. It suffers from the same problem that just about every interview the NSA has done since the Snowden leaks started has — because the NSA will only allow friendlies or non-beat writers to do interviews, NSA can avoid many real questions and falsely represent the facts (such as, just one example, what the Review Group really said about the legality of NSA’s programs).

But Inskeep did a good job, and succeeded in doing something that no one else has: get a real explanation for why the NSA gave up its (US-based collection of) Internet “metadata.”

Inskeep starts by suggesting NSA was unable to meet the requirements of the program. But Inglis insists that wasn’t the problem. Rather, it was that Internet companies keep no billing records for individual emails.

INSKEEP: And it was abandoned because it was too hard to comply with the safeguards and because it was judged not to be practical, it wasn’t worth the cost.

INGLIS: It was abandoned principally for the latter reason, which is it was just too hard to make operationally workable. In theory, and especially given that people move more and more to emails, right, that kind of communication, in theory it would be even more valuable to try to detect a plot that moves from a foreign domain to a domestic domain using email metadata. The challenge is, is that the business model within the private sector doesn’t support that. You and I grew up in an America where there were local calls, long distance calls, and the telephone company made their money by charging you for the number of local calls or the number of long distance calls for some duration. And for that reason they tracked that information. You could go to the telephone company and say, how many calls and what number called what number.

And they would actually track that with great precision. Email didn’t get its start that way. The first email account I had from a company with three letters said, for $6.95 a month you can write a million emails or one email, we don’t care. We’re going to send you, sell you a bandwidth. And so there was no material business interest on their part to track the metadata. They just wanted to sell you access to the pipe. Given that that information it doesn’t exist, it’s hard to recreate it. It became operationally very difficult to do that. It is theoretically possible, but very expensive. And we’ve decided in late 2011 that while we thought we could meet the requirements of the court, we were quite confident that we could, the only way we could proceed was in so doing, that it was operationally too difficult to do that because the business model was so different.

Ultimately, of course, Inglis is confirming Inskeep’s first assertion: that the NSA couldn’t meet the Court’s requirements that it not collect content that is also routing information, because the telecoms, from which NSA collected this data, only had access to the data the NSA wanted at a content level.

NSA could meet FISC’s requirements. But to do so gave them little meaningful data, because the telecom level of content isn’t all that useful.

Of course, they can collect that data elsewhere, in places where such content-based restrictions aren’t in place.

Former Top NSA Officials Insist Employees Are Leaving Because Obama Is Mean, Not Because They Object To NSA’s Current Activities

Ellen Nakashima has a story that purports to show 1) significant morale problems at the NSA and 2) proof that the morale stems from Obama’s failure to more aggressively support the NSA in the wake of the Edward Snowden revelations.

The story relies in significant part on former NSA IG Joel Brenner and two other former officials who insisted on remaining anonymous because “they still have dealings” with the NSA.

“The agency, from top to bottom, leadership to rank and file, feels that it is had no support from the White House even though it’s been carrying out publicly approved intelligence missions,” said Joel Brenner, NSA inspector general from 2002 to 2006. “They feel they’ve been hung out to dry, and they’re right.”

A former U.S. official — who like several other former officials interviewed for this story requested anonymity because he still has dealings with the agency — said: “The president has multiple constituencies — I get it. But he must agree that the signals intelligence NSA is providing is one of the most important sources of intelligence today.

“So if that’s the case, why isn’t the president taking care of one of the most important elements of the national security apparatus?”


A second former official said NSA workers are polishing up their résumés and asking that they be cleared — removing any material linked to classified programs — so they can be sent out to potential employers. He noted that one employee who processes the résumés said, “I’ve never seen so many résumés that people want to have cleared in my life.”

Morale is “bad overall,” a third former official said. “The news — the Snowden disclosures — it questions the integrity of the NSA workforce,” he said. “It’s become very public and very personal. Literally, neighbors are asking people, ‘Why are you spying on Grandma?’ And we aren’t. People are feeling bad, beaten down.”

Does “still have dealings with the agency” mean these people still contract to it, indirectly or directly? If it does, how much of this contracting works through The Chertoff Group, where a slew of former officials seem to have had remarkably consistent interests in spreading this line for months? Nakashima might want to provide more details about this in any future of these stories, as it may tell us far more about how much these men are profiting for espousing such views.

After all, while they do provide evidence that NSA employees are leaving, they provide only second-hand evidence — evidence that is probably impossible for any of these figures to gain in depth personally — that the issue pertains to Obama’s response.

And there are at least hints that NSA employees might be leaving for another reason: they don’t want to be a part of programs they’re only now — thanks to compartmentalization — learning about

We can look to the two letters the NSA has sent to “families” of workers for such hints.

The first, sent in September (page one, page two, h/t Kevin Gosztola), got sent just 3 days after the release of documents showing NSA had been violating just about every rule imposed on the phone dragnet for the first three years it operated (partly, it should be said, because of Joel Brenner’s inadequate oversight at its inception). In the guise of providing more context to NSA employee family members about that and recent disclosures, Keith Alexander and John Inglis wrote,

We want to put the information you are reading and hearing about in the press into context and reassure you that this Agency and its workforce are deserving and appreciative of your support. Read more

The James Clapper Plan to “Change” NSA by Keeping John Inglis in Charge

Yesterday, Ellen Nakashima reported that James Clapper supports splitting CyberCommand off of NSA. To understand whether this would represent real change or not, consider that they’re considering John Inglis — currently Keith Alexander’s Deputy — to lead NSA.

At a White House meeting of senior national security officials last week, Director of National Intelligence James R. Clapper Jr. said he was in favor of ending the current policy of having one official in charge of both the National Security Agency and U.S. Cyber Command, said the individuals, who spoke on the condition of anonymity.

Also, officials appear inclined to install a civilian as director of the NSA for the first time in the agency’s 61-year history. Among those said to be potential successors to the current director, Gen. Keith B. Alexander, is his deputy, John C. “Chris” Inglis.

Frankly, I think splitting off Cyber is the wrong solution in any case. The problem, as I see it, is that both the cyberoffensive and the information collecting missions favor a policy of creating vulnerabilities that both US hackers and collectors can exploit in the future. That leaves the third NSA mission — protecting US networks — stuck with an approach of finding those entities that are exploiting vulnerabilities, rather than working on a resilience strategy that not only might work better, but also would provide Americans greater privacy. I think splitting off the defensive side, potentially creating a champion for real security, would do more than splitting off Cyber, which probably only leaves two competing champions for creating and exploiting vulnerabilities.

In any case, though, if John Inglis is in charge of one of those champions of creating vulnerabilities, chances are negligible the NSA will change its approach.


Not Breaking: Keith Alexander to Be Allowed to Retire Unscathed; Breaking: NSA

We’ve actually known for some time that Keith Alexander was retiring shortly. So Reuters’ headline reporting it (and the departure of Alexander’s Deputy John Inglis) is not news.

Screen shot 2013-10-16 at 5.38.14 PM

But mega kudos to the person who dubbed Alexander the “eavesdropping agency chief.”

One important implication of this headline though is,

Alexander will not be fired, much less criminally charged, for serial lies to Congress

Not to mention the fact that James Clapper will, as far as we know, remain employed and free.

All that said, the overall point of Reuters’ story is important. This presents Obama with an opportunity to set a new direction for NSA.

While both men are leaving voluntarily, the dual vacancies give Obama an opportunity both to install new leadership following Snowden’s revelations and to decide whether the NSA and Cyber Command should have separate leaders.

Cyber Command, which has grown significantly in recent years, has the authority to engage in both defensive and offensive operations in cyberspace. Many NSA veterans argue that having the same person lead the spy agency and Cyber Command diminishes the emphasis on the NSA’s work and its unique capabilities.

I say go even bigger than this: break up this Frankenstein contraption and split NSA’s defensive function from its offensive ones entirely. And while we’re at it, let’s move it out of DOD.

Noah Shachtman wrote a piece describing how to do this so long ago he actually referred to “the agency that tapped AT&T switching stations (OK, OK, allegedly)” instead of “the agency FISC deemed in violation of the Fourth Amendment for collecting US person data at AT&T’s switches.”

NSA headquarters — the “Puzzle Palace” — in Fort Meade, Maryland, is actually home to two different agencies under one roof. There’s the signals-intelligence directorate, the Big Brothers who, it is said, can tap into any electronic communication. And there’s the information-assurance directorate, the cybersecurity nerds who make sure our government’s computers and telecommunications systems are hacker- and eavesdropper-free. In other words, there’s a locked-down spy division and a relatively open geek division. The problem is, their goals are often in opposition. One team wants to exploit software holes; the other wants to repair them.


A broken-out bureau — call it the Cyber Security Agency, or CSA — that didn’t include the spooks would obviate this conflict. Read more

NSA Caught Illegally Spying on Americans and Keith Alexander’s Answer Is a Group Hug

Kevin Gosztola had a superb post yesterday on a letter NSA Deputy Director John Inglis and DIRNSA Keith Alexander sent to family members of NSA employees to make them feel better about the dragnet. It’s a two page letter attempting to convince the family members of our SIGINT spies that their mission is noble and their actions within the scope of the law.

I’m particularly interested in the timing of it. As Kevin notes, the letter cites a typically obsequious post from Ben Wittes on how the Administration should have responded to WaPo’s disclosure of an internal review (just as one example, Ben claims to have read the report closely but somehow misses that 9 to 20% of violations consist of analysts breaking rules they know).

Inglis and Alexander write,

There are some in the media who are taking the time to actually study the leaked material, and they have drawn conclusions that are very different from those who are in it for a quick headline. One such legal scholar wrote that we should have made our case more forcefully by responding,

Shameful as it is that these documents were leaked, they actually should give the public great confidence both in NSA’s internal oversight mechanisms and in the executive and judicial oversight mechanisms outside the agency. They show no evidence of any intentional spying on Americans or abuse of civil liberties. They show a low rate of the sort of errors any complex system of technical collection will inevitably yield. They show robust compliance procedures on the part of the NSA.

We couldn’t agree more.

I wonder if NSA would like to send family members my way, given that I have taken even more time than Ben studying these revelations and find he’s frequently engaging in spin?

Hmm. Probably not.

But what’s most fascinating by this citation is the timing.

Ben wrote that post on August 18, in the midst of a slew of disclosures by WaPo and the Guardian.

But Inglis and Alexander wrote this letter on September 13 — last Friday — at the end of a month when all of the major US-based disclosures (save that NSA has deliberately made all of us more vulnerable to hackers) have come from the government. In the month leading up to this letter, we learned the NSA:

At the end of 2008, the NSA had authorized contact chaining off of 27,090 identifiers and analysts could go four hops deep into the data, which effectively would allow them to create a relationship map of the entire country. And they used it not just to find “terrorists,” but also people they could coerce to inform on targets.

A system the Stasi would envy!

And FISA Court judges had deemed some of the first and third practices illegal. One threatened criminal referral and the other even shut down at least part the program for a period.

Read more

If By “Plots on the Homeland” You Mean “Defense against US-Backed Invaders”

Yesterday’s declassified documents on the Section 215 (and Internet Trap and Trace) dragnets repeat something I observed about a James Clapper declaration submitted in several FOIA cases related to the program: they all redact parts of the description of what allows the government to search on an identifier. While the government is happy to tell us searches are limited to counterterrorism (and Iran), they’re still hiding some aspect of what constitutes an appropriate search.

Which is just one of the reasons I’m interested in something NSA Deputy Director John Inglis said in yesterday’s Senate Judiciary Committee hearing on the NSA’s programs. At about 1:22, he described the selector they used to find Basaaly Moalin this way:

We knew a number that we had reasonable suspicion was affiliated with a terrorist group plotting against the homeland.

This claim — that the number was not just connected to a terrorist group, but a group “plotting against the homeland” — is new, as far as I’m aware.

Remember, the terrorist group in question is al-Shabaab. Other officials have said they got this number in October 2007 and court documents show the wiretap of Moalin began in December 2007. Yet al-Shabaab wasn’t listed as a Foreign Terrorist Organization until February 2008. If they were plotting against the US in October 2007, why weren’t they listed at that point?

I’ve long assumed (though it is just an assumption) that the number in question was that of Aden Hashi Ayro, a Somali warlord whose calls with Moalin were submitted as evidence in his case. Ayro was killed by a US missile on May 1, 2008. And it’s possible the claim that the pre-FTO al-Shabaab was plotting against our “homeland” pertains to him and his alleged ties to al Qaeda.

Here’s how a June 2008 WikiLeaks cable celebrating Ayro’s death described him.

(S/NF) Senior Al-Shabaab leader and al-Qaida associate Aden Hashi Ayrow was killed May 1 during a U.S. strike. In the early 1990s, Ayrow joined the military wing of Al-Ittihad Al-Islamiya (AIAI) and traveled to Afghanistan in 1997 for unspecified training. Ayrow remained in Afghanistan for a year before returning to Somalia to participate in Jihadist activities, and returned to Afghanistan in 2001, reportedly meeting with Osama bin Laden. Ayrow emerged in the 2002/2003 timeframe as a firebrand extremist and he quickly became a rising figure in what eventually became the Shabaab. Mercurial and largely uncontrollable, he was feared for his ruthlessness and unpredictability.

(S/NF) Ayrow has been violently opposed to U.S. and western interests in East Africa. The Shabaab’s emergence as a terrorist threat in Somalia is closely linked to Ayrow’s rise to power. During the course of 2005, Ayrow’s jihadist group emerged in Mogadishu as a violent destabilizing force. He has been linked to the killing of foreign aid workers, dozens of Somalis, and BBC journalist Kate Peyton. He also was the figure largely responsible for the desecration of the Italian cemetery in Mogadishu. Ayrow’s al-Shabaab faction has also conducted suicide bombings and anti-aircraft attacks targeting Ethiopian and Somali forces in Somalia. Ayrow was closely associated with East Africa Al-Qaida (EAAQ) operatives Harun Fazul and Saleh Nabhan, and now-deceased EAAQ cell leader Abu Talha Al-Sudani. [my emphasis]

The label “al Qaeda associate” and the visit to Osama bin Laden may have qualified Ayro (as ties to Al Qaeda in the Arabian Peninsula did Ahmed Warsame) as something beyond al-Shabaab warlord in the US book. And Toronto Star’s Michele Shephard told me on Twitter that Ayro had global ambitions. Certainly, some of Ayro’s associates had ties to al Qaeda’s past and planned attacks on US embassies in Africa.

But Shephard and the WikiLeaks cable also both say that the immediate focus in 2007 was on Ethiopian troops who had invaded Somalia in 2006 with US backing. Read more