Posts

Choking the Security State with Its Own Bottleneck

One former and one current high-ranking intelligence official (is that you Keith?) have gone to CNBC to complain that tech firms are showing reluctance to get more of their people security clearances.

U.S. government officials say privately they are frustrated that Silicon Valley technology firms are not obtaining U.S. security clearances for enough of their top executives, according to interviews with officials and executives in Washington and California. Those clearances would allow the government to talk freely with executives in a timely manner about intelligence they receive, hopefully helping to thwart the spread of a hack, or other security issues.

The lack of cooperation from Silicon Valley, Washington officials complain, injects friction into a process that everyone agrees is central to the fight to protect critical U.S. cyberinfrastructure: Real-time threat information sharing between government and the private sector.

[snip]

The former intelligence official said dealing with Silicon Valley firms is much different than his experience in other industries—or with all American companies a generation ago. “It used to be, during World War II or the Cold War, that getting cooperation from boards of directors was pretty straightforward. That’s not true today, particularly at these huge start-ups that went from nothing to billions.”

It’s interesting that this complainer went to CNBC’s Eamon Javers, who covers the overlap between corporations and intelligence, rather than someone like Kim Zetter or Shane Harris, who just finished interesting books on cybersecurity. Because the only challenge to those DC insiders’ claims about the importance of information sharing comes from this anonymous executive’s suggestion that the intelligence they’d get from the government isn’t all that useful.

In Silicon Valley, however, cybersecurity executives have a different perspective on the tension. “I believe that this is more about the overclassification of information and the relatively low value that government cyberintel has for tech firms,” said one Silicon Valley executive. “Clearances are a pain to get, despite what government people think. Filling out the paper work … is a nightmare, and the investigation takes a ridiculous amount of time.”

More generally (including in each of their books), I think people are raising more questions about the value of information sharing. At a recent panel on cybersecurity (starting at 12:20) for example, a bunch of security experts seemed to agree that information sharing shouldn’t be the priority it is. Yahoo CISO Alex Stamos (who at the same conference had this awesome exchange with NSA Director Mike Rogers) argued that the government emphasizes information sharing because it’s easy — he’d rather see the government cancel just one F-35 and put the money into bug bounties for open source software.

Nevertheless, these sources have been granted anonymity to suggest tech companies are un-American because they’re not rushing to share more data with the federal government.

Not to mention, not rushing to sign up to have their lives regulated by the McCarthyite system of security clearances.

Because it’s not just that the security clearance application that is unwieldy. It’s that clearance comes with a gag order about certain issues, backed by the threat of prison (I forget whether it was Harris’ or Zetter’s book, but one describes a tech expert talking about that aspect of clearance).

Why would anyone sign up for that if the tech companies have more that the government wants than the government has that the tech companies need?

So it will be interesting to see how the security establishment respond to this. It would be a wonderful way to force the government fix some of the problems with overclassification to be able to obtain the cooperation of what are supposed to be private corporations.

Maybe Petraeus’ Plea Deal Is More Interesting to the Benghazi Report than Hillary’s Emails?

There is an exception to every rule, standard operating procedure, and poli­cy; it is up to leaders to determine when exceptions should be made and to ex­plain why they made them.

David Petraeus’ Rules for Living, as presented by Paula Broadwell as they were being caught in an FBI investigation

Predictably, Trey Gowdy has subpoenaed more information about Hillary Clinton’s email personal email revealed this week.

But it seems he also ought to call David Petraeus in for another chat about Benghazi in light of details in the former CIA Director’s plea deal.

That’s because the Plea Documents show that the investigation into Petraeus and Paula Broadwell intersects with the Benghazi investigation in ways that are even more interesting than was already clear. Consider what those two timelines look like when you add in the fact that Petraeus lied to the FBI about leaking information to his mistress on October 26, 2012, which has been updated from this post (note that contemporaneous reporting dated Petraeus’ FBI interview to October 29).

From the sex and leaking standpoint, the revised timeline is interesting because it shows Petraeus and Broadwell together at — of all places! — the annual celebration for old-style subterfuge, the OSS dinner, between the time Petraeus lied to the FBI and the time Broadwell was interviewed a second time.

But from a Benghazi perspective, it shows that on the same day Petraeus lied to the FBI, Paula Broadwell made the accusation that the attack was really about freeing militia members held at the CIA annex. The next day Petraeus and Broadwell hobnobbed together among the old style spooks. and then days later — even as an FBI whistleblower was forcing the investigation into the public, without which it might have been dropped — Petraeus went on a “fact-finding” mission to Cairo, in part to consult with some of the people involved in the Benghazi response.

Petraeus did a report on that trip, but Dianne Feinstein was complaining that her committee had not received a copy of it on November 12 (Petraeus was resisting, in part, because he no longer worked at CIA).

There’s no evidence that the House Intelligence Committee consulted Petraeus’ trip report when they did their report on the attack. (Indeed, the report shows remarkable lack of interest in Petraeus’ role altogether, in spite of the fact that he watched the later parts of the attack develop via the drone surveillance camera feed piped to the SCIF at his home.)

Did either of the Intelligence Committees ever get the report on the trip Petraeus did after he knew he was in trouble with the FBI, at a time when his ex-girlfriend was claiming the reason behind the attack was entirely different from what we’ve been told?

As I’ve noted, more than anyone else, current HPSCI Chair Devin Nunes showed significant interest in that claim about detainees, as reflected in the backup to a report that Mike Rogers made sure to get done before he left Nunes in charge. In response to his question (as well as some questions about arms-running) Nunes got non-denials denials.

In a related detail, in the earlier session Nunes also elicited a non-denial denial about detainees (and accusation first leveled by David Petraeus’ mistress Paula Broadwell), the other alleged reason for the attack on US entities in Benghazi.

Mr. Nunes: Okay. To the detainees, were there ever any detainees at either of these locations in the last year of any kind?

Mr. Morell: Not with regard to the CIA facility, sir.

Mr. Kennedy: And the State Department does not engage in detentions overseas.

Rather than just answering no, between them Morell and Kennedy carved out a space where it might be possible the CIA (or someone else, possibly JSOC) were holding detainees at the TMF or elsewhere in Benghazi.

Maybe Petraeus’ last minute trip to do a personal investigation of the aftermath of Benghazi — the results of which Petraeus resisted sharing with the Committees investigating the attack — is just a coinkydink.

But given the timing — and Petraeus’ sweetheart plea deal — it’d be nice if the Benghazi Committee asked a few more questions about that coinkydink. Read more

Benghazi: A Poster Child for Covert Ops Blowback

You’ve no doubt heard that, last Friday (a pre-holiday Friday, as some people are already on their way to Thanksgiving), the Benghazi scandal ended with a fizzle.

The House Intelligence Committee released its report on the Benghazi attack, which basically says all the scandal mongering has been wrong, that Susan Rice’s talking points came from the CIA, that no one held up any rescue attempts, and so on and so on. This post will attempt to lay out why that might have happened. The short version, however, is that the report reveals (but does not dwell on) a number of failures on the part of the CIA that should raise real concerns about Syria.

Note that not all Republicans were as polite as the ultimate report. Mike Rogers, Jeff Miller, Jack Conaway, and Peter King released an additional views report, making precisely the points you’d expect them to — though it takes them until the 4th summary bullet to claim that Administration officials “perpetuated an inaccurate story that matched the Administration’s misguided view that the United States was nearing victory over al-Qa’ida.” Democrats released their own report noting that “there was no AQ mastermind” and that “extremists who were already well-armed and well-trained took advantage of regional violence” to launch the attack. Among the Republicans who presumably supported the middle ground were firebrands like Michele Bachmann and Mike Pompeo, as well as rising Chair Devin Nunes (as you’ll see, Nunes was a lot more interested in what the hell CIA was doing in Benghazi than Rogers). The day after the initial release Rogers released a second statement defending — and pointing to the limits of and Additional Views on — his report.

Now consider what this report is and is not.

The report boasts about the 1000s of hours of work and 1000s of pages of intelligence review, as well as 20 committee events, interviews with “senior intelligence officials” and 8 security personnel (whom elsewhere the report calls “the eight surviving U.S. personnel”) who were among the eyewitnesses in Benghazi. But the bulk of the report is sourced to 10 interviews (the 8 security guys, plus the Benghazi and Tripoli CIA Chiefs), and a November 15, 2012 presentation by James Clapper, Mike Morell, Matt Olsen, and Patrick Kennedy. (Here are  the slides from that briefing: part onepart two.) As I’ll show, this means some of the claims in this report are not sourced to the people who directly witnessed the events. And the reports sources almost nothing to David Petraeus, who was CIA Director at the time.

The FBI analyzed the intelligence better than CIA did

One of the best explanations for why this is such a tempered report may be that FBI performed better analysis of the cause of the attack than CIA did. This is somewhat clear from the summary (though buried as the 4th bullet):

There was no protest. The CIA only changed its initial assessment about a protest on September 24, 2012, when closed caption television footage became available on September 18, 2012 (two days after Ambassador Susan Rice spoke), and after the FBI began publishing its interviews with U.S. officials on the ground on September 22, 2012.

That is, one reason Susan Rice’s talking points said what they did is because CIA’s analytical reports still backed the claim there had been a protest outside State’s Temporary Mission Facility.

Moreover, in sustaining its judgment there had been a protest as long as it did, CIA was actually ignoring both a report from Tripoli dated September 14, and the assessment of the Chief of Station in Tripoli, who wrote the following to Mike Morell on September 15.

We lack any ground-truth information that protest actually occurred, specifically in the vicinity of the consulate and leading up to the attack. We therefore judge events unfolded in a much different manner than in Tunis, Cairo, Khartoum, and Sanaa, which appear to the the result of escalating mob violence.

In a statement for the record issued in April 2014, Mike Morell explained that Chiefs of Station “do not/not make analytic calls for the Agency.” But it’s not clear whether Morell explained why CIA appears to have ignored their own officer.

While the report doesn’t dwell on this fact, the implication is that the FBI was more successful at interviewing people on the ground — including CIA officers!! — to rebut a common assumption arising from public reporting. That’s a condemnation of CIA’s analytical process, not to mention a suggestion FBI is better at collecting information from humans than CIA is. But HPSCI doesn’t seem all that worried about these CIA failures in its core missions.

Or maybe CIA failed for some other reason. Read more

Lying Keith the Kapitalist

On Sunday I asked who was crying wolf — JP Morgan itself, or Mike Rogers — about the claimed JP Morgan attack that might not be a serious attack at all and had been attributed to Russia without yet proof of that.

So who should crawl out of his sinecure but Keith Alexander?

Keith Alexander, the NSA director from 2005 until last March, said he had no direct knowledge of the attack though it could have been backed by the Russian government in response to sanctions imposed by the U.S. and EU over the crisis in Ukraine.

“How would you shake the United States back? Attack a bank in cyberspace,” said Alexander, a retired U.S. Army general who has started his own cybersecurity company to sell services to U.S. banks. “If it was them, they just sent a real message: ‘You’re vulnerable.’”

[snip]

The hackers who attacked JPMorgan, the biggest U.S. bank, were “a group with exceptional skills or a nation-state backed group,” Alexander said in an interview yesterday at Bloomberg’s Washington bureau.

[snip]

“If you wanted to send a message, do you think that was significant enough for the U.S. government to say one of the best banks that we have from a cybersecurity perspective was infiltrated by somebody?” Alexander asked. “And if they could get in to do that, even if they never use it, they could get in and collapse it. Does that cause you concern?”

Note how Alexander admits he has no personal knowledge of the attack but then opines about the skills of the hackers and goes from there to hypothesize how this was a response from Russia?

So maybe it wasn’t JP Morgan or Mike Rogers crying wolf. It sure looks like Alexander is willingly feeding the poorly evidenced claims about this hack.

But don’t worry, Keith Alexander doesn’t have a conflict of interest at all.

PCLOB Member Rachel Brand Asked NSA General Counsel to Help Her Dissent from PCLOB

Let me say straight out: Privacy and Civil Liberties Oversight Board member Rachel Brand is no slouch. She’s very smart and very accomplished.

All that said, I am rather intrigued by the way she consulted NSA General Counsel Raj De several times — as illustrated by these emails Jason Leopold liberated from PCLOB —  as she worked on her dissent to the Democratic PCLOB members’ conclusion that the Section 215 dragnet is illegal.

On January 6, Brand emailed De. “Do you have a couple minutes to talk about a PCLOB matter today or tomorrow?” They scheduled some time to talk at midday the next day — though a request from Keith Alexander appears to have forced De to delay. Nevertheless, by 1:30 on January 7, it appears De and Brand spoke, because De forwarded two things: I Con the Record’s press release announcing the FISA Court had reauthorized the dragnet even after Judge Richard Leon ruled it unconstitutional (De makes no mention in his email, but the order had considered Leon’s ruling before reauthorizing the program), and the GPO transcript of Robert Mueller’s claim in a June 2013 House Judiciary Committee hearing that the dragnet would have prevented 9/11.

Ten days later, on January 17, Brand was emailing De again, after having seen each other that morning (that was the morning President Obama announced his own reforms to the dragnet, so it may have been in that context). She sent NSA’s General Counsel a paragraph, with one sentence highlighted, asking if it was accurate. He responded with “some suggestions for accuracy for your consideration … Feel free to give a call if you want to discuss, or would like more detail.”

Then, over that weekend, Brand and De exchanged the following emails:

Saturday, January 18, 12:31: Brand sends “the current draft of my separate statement” stating she wants “to be sure there is nothing factually or legally inaccurate in it;” she says it is currently 5 pages and tells De she needs to give PCLOB Chair David Medine the final by Sunday night

Saturday, January 18, 2:11: De responds, “happy to”

Sunday, January 19, 10:51: De responds, saying, “not that you need or want my validation, but for what’s [sic] it is worth it really reads quite well.” De then provides 3 “additional factual details” which “might fit in if you wanted to use them;” those bullets are redacted

Sunday, January 19, 3:47: Brand replies, stating that Beth (Elisebeth Collins Cook, the other Republican on PCLOB) “explicitly makes the first two in her separate statement” and that she’s “trying to keep this short, so have to forego making every available point”

Read more

The Pearl-Clutchers Normalizing Inflammatory Dog Whistles


As expected, last night Justin Amash held off a challenge from a corporatist Republican, Brian Ellis (though the margin was closer than polls predicted). What has the local punditry surprised, however, is Amash’s victory speech, where he attacked Ellis and former Congressman Crazy Pete Hoekstra, who endorsed Ellis.

AMASH VICTORY SPEECH: U.S. Rep. Justin Amash’s win over 3rd District GOP primary challenger Brian Ellis wasn’t too surprising, but his victory speech was. Rather than simply celebrate, Amash reportedly refused to answer a concession phone call from Ellis and then unloaded on the businessman, who had run a TV ad calling him “Al Qaeda’s best friend” in Congress. “I ran for office to stop people like you,” Amash said to Ellis, who was not present. He also ripped former U.S. Rep. Pete Hoekstra, who backed Ellis in a separate commercial. “I’m glad we can hand you one more loss before you fade into total obscurity and irrelevance,” he said of Hoekstra. (more >>)

I get that you’re supposed to give a happy unity speech after you win (though I personally don’t much care if MI Republicans rip themselves apart, and MI’s Republican Congressmen already broke protocol by offering no support to Amash and in Mike Rogers’ case giving big support for Ellis). But not only is Crazy Pete a disgrace, Ellis did try to gain traction by smearing Amash.

From the coverage, I think Amash was most pissed that Ellis and Hoekstra treated a vote Amash refused to cast to defund Planned Parenthood on constitutional grounds as a pro-choice vote.

But in an interview with Fox, Amash also called Ellis’ ad rather famously repeating a claim he’s al Qaeda’s best friend in Congress disgusting.

“I’m an Arab-American, and he has the audacity to say I’m Al-Queda’s best friend in congress. That’s pretty disgusting.”

This ad, which played (among other prominent ad buys) during the World Cup, really pissed me off.

Not only for the treatment of Gitmo as anything but a terrible moneypit, all in the hopes of maintaining some extra-legal space to sustain the notion of war rather than law. But especially for the notion that anything but lock-step support for counterproductive counterterrorism policies makes you a friend of al Qaeda.

And yes, especially the suggestion that one of Congress’ only Arab-American members (Amash’s parents are Palestinian and Syrian Christians) might therefore be an Islamic terrorist.

For 12 years — ever since Saxby Chambliss used a similar technique to take out Max Cleland — our political culture has tolerated ads that invoke terror to short-circuit any real political debate about how we fight it. Those ads get treated as business as usual. Win or lose the race and then make nice with your opponent.

That such ads are still (were ever!) considered acceptable political discourse — that Amash, and not Ellis, is getting the scolds — damns our political system. By treating any debate over the efficacy of counterterrorism policy as terrorism itself, we foreclose potentially far more effective ways of keeping the country safe and potentially far smarter ways to spend limited resources. (Crazy Pete, for example, fear-mongered about moving Gitmo detainees to a prison threatened with closure in Michigan, thereby losing Michigan jobs, but also committing the US to continue to spend exorbitant amounts to keep our gulag open.)

At some point, it needs to be okay to call out such bullshit. Because until then, we’ll never be able to actually debate the best way to keep the country safe.

Did ACLU and EFF Just Help the NSA Get Inside Your Smart Phone?

EFF ACLUThe ACLU and EFF normally do great work defending the Fourth Amendment. Both have fought the government’s expansive spying for years. Both have fought hard to require the government obtain a warrant before accessing your computer, cell phone, and location data.

But earlier this week, they may have taken action that directly undermines that good work.

On Wednesday, both civil liberties organizations joined in a letter supporting Patrick Leahy’s version of USA Freedom Act, calling it a necessary first step.

We support S. 2685 as an important first step toward necessary comprehensive surveillance reform. We urge the Senate and the House to pass it quickly, and without
making any amendments that would weaken the important changes described above.

ACLU’s Laura Murphy explained why ACLU signed onto the bill in a column at Politico, analogizing it to when, in 2010, ACLU signed onto a bill that lowered, but did not eliminate,  disparities in crack sentencing.

Reform advocates were at a crossroads. Maximalists urged opposition despite the fact the bill would, in a very real way, make life better for thousands of people and begin to reduce the severe racial and ethnic inequality in our prison system. Pragmatists, fearing that opposition to the bill would preclude any reform at all, urged support.

It was a painful compromise, but the ACLU ultimately supported the bill. It passed, astoundingly, with overwhelming support in both chambers.

And then something amazing happened. Conservative lawmakers, concerned about government waste, increasingly came to the table to support criminal justice reform. Liberals realized they could vote their conscience on criminal justice without accusations of being “soft on crime.” It has not been easy and there have been many steps backward, but in recent years, we’ve seen greater public opposition to mandatory minimum sentences and real movement on things like reducing penalties for low-level drug offenses.

The analogy is inapt. You don’t end crack disparities by increasing the number of coke dealers in jail. But Leahy’s USA Freedom Act almost certainly will increase the number of totally innocent Americans who will be subjected to the full brunt of NSA’s analytical authorities indefinitely.

That’s because by outsourcing to telecoms, NSA will actually increase the total percentage of Americans’ telephone records that get chained on; sources say it will be more “comprehensive” than the current dragnet and Deputy NSA Director Richard Ledgett agrees the “the actual universe of potential calls that could be queried against is [potentially] dramatically larger.” In addition, the telecoms are unlikely to be able to remove all the noisy numbers like pizza joints — as NSA currently claims to — meaning more people with completely accidental phone ties to suspects will get sucked in. And USA Freedom adopts a standard for data retention — foreign intelligence purpose — that has proven meaningless in the past, so once a person’s phone number gets turned over to the NSA, they’ll be fair game for further NSA spying, the really invasive stuff, indefinitely.

But that’s not the reason I find ACLU and EFF’s early support for USA Freedom so astounding.

I’m shocked ACLU and EFF are supporting this bill because they don’t know what the NSA will be permitted to do at the immunized telecoms. They have blindly signed onto a bill permitting “connection chaining” without first understanding what connection chaining entails.

As I have reported extensively, while every witness who has talked about the phone dragnet has talked about chaining on phone calls made — all the calls Anwar al-Awlaki made, all the calls those people made — the language describing this chaining process has actually been evolving. Dianne Feinstein’s Fake FISA Fix last fall allowed the NSA to chain on actual calls — as witnesses had described — but also on communications (not just calls) “to or from any selector reasonably linked to the selector.” A February modification and the last two dragnet orders permitted NSA to chain on identifiers “with a contact and/or connection” with the seed, making it clear that a “connection” is something different than a “contact.” The House bill USA Freedumber adopted the same language in a legislative report. Leahy’s bill adopts largely the same language for chaining.

(iii) provide that the Government may require the prompt production of call detail records—

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;

Now, it’s possible that this language does nothing more than what NSA illegally did until 2009: chain on both the identifier itself, but also on identifiers it has determined to be the same person. Back in 2009, NSA referred to a separate database to determine these other identifiers. Though that’s unlikely, because the bill language suggests the telecoms will be identifying these direct connections.

It’s possible, too, that this language only permits the telecoms to find “burner” phones — a new phone someone adopts after having disposed of an earlier one — and chain on that too.

But it’s also possible that this language would permit precisely what AT&T does for DEA in its directly analogous Hemisphere program: conduct analysis using cell site data. The bill does not permit NSA to receive cell site data, but it does nothing to prohibit NSA from receiving phone numbers identified using cell site data. When Mark Warner asked about this, Ledgett did not answer, and James Cole admitted they could use these orders (with FISC approval) to get access to cell location.

It’s possible, too, that the telecoms will identify direct connections using other data we know NSA uses to identify connections in EO 12333 data, including phone book and calendar data.

The point is, nobody in the public knows what “connections” NSA will be asking its immunized telecom partners to make. And nothing in the bill or even the public record prohibits NSA from asking telecoms to use a range of smart phone information to conduct their analysis, so long as they only give NSA phone identifiers as a result.

In response to questions from Senators about what this means, Leahy’s office promised a letter from James Clapper’s office clarifying what “connections” means (No, I don’t remember the part of Schoolhouse Rock where those regulated by laws get to provide “clarifications” that don’t make it into the laws themselves). That letter was reported to be due on Tuesday, by close of business — several days ago. It hasn’t appeared yet.

I asked people at both EFF and ACLU about this problem. EFF admitted they don’t know what this language means. ACLU calls the language “ambiguous,” but based on nothing they were able to convey to me, insists getting smart phone data under the guise of connection chaining would be an abuse. ACLU also pointed to transparency provisions in the bill, claiming that would alert us if the NSA starting doing something funky with its connection language; that of course ignores that “connection chaining” is an already-approved process, meaning that existing processes won’t ever be need to be released. It also ignores that the Administration has withheld what is probably a directly relevant phone dragnet opinion from both ACLU and EFF in their dragnet FOIA.

I get Laura Murphy’s point about using USA Freedom to start the process of reform. But what I don’t understand is why you’d do that having absolutely no idea whether that “reform” codifies the kind of warrantless probable cause-free access to device data that ACLU and EFF have fought so hard to prevent elsewhere.

ACLU and EFF are supposed to be leaders in protecting the privacy of our devices, including smart phones. I worry with their embrace of this bill, they’re leading NSA right into our smart phones.

Mike Rogers Says Google Must Lose Its Quarter to Save a Rickety Bank

Screen shot 2014-06-12 at 10.03.25 PMJosh Gerstein already wrote about some of this Mike Rogers blather. But I wanted to transcribe the whole thing to display how utterly full of shit he is.

At a conference at Georgetown the other day, (see video 3), Rogers laid into the tech companies for opposing USA Freedumber, which he badly misrepresented just before this. The context of European opportunism beings at 1:06, the quote begins after 1:08.

We should be very mad at Google, and Microsoft, and Facebook, because they’re doing a very interesting, and I think, very dangerous thing. They’ve come out and said, “well, we oppose this new FISA bill because it doesn’t go far enough.” When you peel that onion back a little bit, and why are you doing this, this is a good bill, it’s safe, bipartisan, it’s rational, it meets all the requirements for Fourth Amendment protection, privacy protection, and allowing the system to work,

Rogers claims they’re doing so solely because they’re afraid to lose European business. And Rogers — a Republican! — is furious that corporations prioritize their profits (note, Rogers has never complained that some of these same companies use European tax shelters to cheat the tax man).

And they say, “well, we have to do this because we have to make sure we don’t lose our European business.” I don’t know about the rest of you, that offends me from the word, “European business.” Think about what they’re doing. They’re willing, in their minds, to justify the importance of their next quarter’s earnings in Europe, versus the National Security of the United States. Everybody on those boards should be embarrassed, and their CEOs should be embarrassed, and their stockholders should be embarrassed.That one quarter cannot be worth the National Security of the United States for the next 10 generations. And if we don’t get this part turned around very quickly, it will likely get a little ugly, and that emotional piece that we got by is going to be right back in the center of the room to no good advantage to our ability to protect the United States.

Mostly, he seems pissed because he knows the collective weight of the tech companies may give those of us trying to defeat USA Freedumber a fighting chance, which is what Rogers considers an emotional place because Democracy.

But Rogers’ rant gets truly bizarre later in the same video (after 1:23) where he explains what the security interest is:

We have one particular financial institution that clears, somewhere about $7 trillion dollars in global financial transactions every single day. Imagine if tomorrow that place gets in there and through an attack of which we know does exist, the potential does exist where the information is destroyed and manipulated, now you don’t know who owes what money, some of that may have lost transactions completely forever, imagine what that does to the economy, $7 trillion. Gone — right? Gone. It’s that serious.

Mind you, Rogers appears unaware that a banks shuffling of money — while an incredibly ripe target for hackers — does not really contribute to the American economy. This kind of daily volume is churn that only the very very rich benefit from. And one big reason it’s a target is because it is an inherently fragile thing.

To make all this even more hysterical, Rogers talks about risk driving insurance driving proper defensive measures from the target companies … yet he seems not to apply those rules to banks.

Mike Rogers, it seems, would rather kill Google’s business than permit this rickety vitality killing bank to feel the full brunt of the risk of its own business model.

The Law and EO-Breaking Report

One of the things I was most surprised about in the House Intelligence Authorization was a requirement that the Director of National Intelligence report violations of law or EO 12333 to the Intelligence Committees.

SEC. 510. ANNUAL REPORT ON VIOLATIONS OF LAW OR EXECUTIVE ORDER.

(a) Annual Reports Required.–The Director of National Intelligence shall annually submit to the congressional intelligence committees a report on violations of law or executive order by personnel of an element of the intelligence community that were identified during the previous calendar year.
(b) Elements.–Each report required under subsection (a) shall include a description of, and any action taken in response to, any violation of law or executive order (including Executive Order 12333 (50 U.S.C. 3001 note)) by personnel of an element of the intelligence community in the course of such employment that, during the previous calendar year, was determined by the director, head, general counsel, or inspector general of any element of the intelligence community to have occurred.
(b) Initial Report.–The first report required under section 510 of the National Security Act of 1947, as added by subsection (a), shall be submitted not later than one year after the date of the enactment of this Act.

The language was inserted into the bill by Jim Himes (who also added very laudable language requiring Senate approval for the NSA’s Inspector General).

The language appeared in the RuppRoge NSA “reform” bill; I presumed then that it was meant as false transparency — an effort to show off that just one NSA cleared individual  a year gets caught stalking an ex-girlfriend using its authorities.

And it may well be.

But I’m intrigued that Mike Rogers dedicated most of a Manager’s Amendment to the bill to tighten language from that section (in part limiting the reporting to actions “relating to intelligence activities”). And the hackish Ted Yoho submitted an amendment requiring a version of the report be shared with the House Oversight and Senate Homeland Security and Government Affairs Committees. I can’t imagine Yoho asking for it unless there were partisan hay to make out of it.

Now I want that report!

Mike Rogers’ Senior NSA Retiree Working For Foreign Government Cooling Off

I’m still working through the Intelligence Authorization and proposed amendments, which have been posted but which may or may not get a vote.

I’m particularly puzzled by an Amendment Mike Rogers submitted at the last minute, after having proposed it in committee but withdrawn it. The description of what he proposed reads,

Chairman Rogers offered an amendment to the amendment in the nature of a substitute to require a “cooling off” period before former Intelligence Community senior employees could work for a foreign government or a company controlled by a foreign government. The amendment would also establish notification and reporting requirements for former IC senior employees. He subsequently withdrew the amendment.

After having withdrawn that he submitted this amendment, but did not list it as a Manager’s Amendment (see below for the text).

Effectively, the Amendment seems to do two things. First, it requires high ranking intelligence community personnel (and this includes Congress, presumably up to and including Rogers himself) to tell their Agency when they start negotiating a new job with a company with foreign ties.

It would also prohibit those high ranking people from working for a company with foreign ties for a year — or two, if it pertains to something they worked on. It also requires former employees to disclose any payment they get from a foreign country or foreign owned company.

Now, this Amendment seems like a total no-brainer (indeed, the reporting requirements should be in place for all employers). It’s a measure to prevent top IC officials to go work for foreign governments.

So why didn’t this pass through committee? And why is Rogers submitting it now? What former high ranking official went to work for a foreign entity, raising the need for such a no-brainer law?

One more question: I wonder whether Israel will be included among the covered countries. Sure, it’s a close ally — precisely the kind that might hire away top IC talent. But it’s also an aggressive spy targeting the US. Precisely the kind of country that would make this kind of amendment even remotely controversial.

Update: Via Matt Stoller and billmon, this is presumably what this about:

A longtime adviser to the U.S. Director of National Intelligence has resigned after the government learned he has worked since 2010 as a paid consultant for Huawei Technologies Ltd., the Chinese technology company the U.S. has condemned as an espionage threat, The Associated Press has learned.

Theodore H. Moran, a respected expert on China’s international investment and professor at Georgetown University, had served since 2007 as adviser to the intelligence director’s advisory panel on foreign investment in the United States. Moran also was an adviser to the National Intelligence Council, a group of 18 senior analysts and policy experts who provide U.S. spy agencies with judgments on important international issues.

Though I’m not convinced Moran would be covered under this law. Plus, he disclosed his tie to Huawei.

Read more