Posts

Wednesday: Get Bach

Summer bug laid me up. I’m indulging in the audio equivalent of tea with honey, lemon, and a shot of something to scare away the bug. A little cello playing by Yo-Yo Ma never fails to make me feel better.

This sweet video is enlightening, didn’t realize Ma had an older sister who was an accomplished musician at a tender age. Worthwhile to watch this week considering the blizzard of arguments about immigrants and refugees here and abroad.

And then for good measure, a second favorite added in the mix — Yo-Yo Ma and Itzhak Perlman together, performing Beethoven’s Triple Concerto Fantasy.

There. I feel a little better already.

Probably better than frustrated House Democrats led by Rep. John Lewis who are engaging in a sit-in protest on House floor demanding a vote on No-Fly-No-Buy gun control. If you want to watch the action, you’ll have to check social media. It’s said House GOP leadership ensured CSPAN cameras were shut off.

Diesel do you

  • Volkswagen streamlining offerings to cut costs, 40 makes on the chopping block (Bloomberg) — This is the old General Motors play that eventually killed Oldsmobile and Pontiac to reduce costs related to duplicative brands. Makes sense, especially if this hatchet job kills passenger diesels. Note the story says a fix may come later — uh-huh, like never? Because VW can’t handle the volume of required repairs OR the lack of actual clean diesel technology, OR both?
  • Testimony in S Korea: VW’s upper management may have ordered regulatory cheats (The Hankyoreh) — Story is focused on emissions controls defeat and approval process, but sound controls were also an issue in South Korea. Were those likewise suppressed by order of VW’s German head office?
  • Former CEO under investigation for securities fraud (Reuters) — Big investors want to know why it took a year for Winterkorn to act after the emissions controls defeat were made public by researchers. Bet there’s a link between Winterkorn’s notification of researchers’ findings and the destruction of emails.

Sigh, cyber, sigh

Wait, what?
Did you know Led Zeppelin is being sued over Stairway to Heaven? Allegedly a key riff in the famous 40-year-old tune was stolen, violating copyright. Forty years. ~smh~

Going back to a recumbent position. Stay braced for the outcome of the sit-in and Brexit vote tomorrow.

Between Two Ends of the WikiLeaks Investigation: Parallel Constructing the FBI’s Secret Authorities

Two pieces of news on the government’s investigation of WikIleaks came out yesterday.

At the Intercept, Glenn Greenwald reported:

  • In 2010, a “Manhunting Timeline” described efforts to get another country to prosecute what it called the “rogue” website
  • In a targeting scenario dating to July 25, 2011, the US’ Targeting and General Counsel personnel responded to a question about targeting WikiLeaks’ or Pirate Bay’s server by saying they’d have to get back to the questioner
  • In 2012, GCHQ monitored WikiLeaks — including its US readers — to demonstrate the power of its ANTICRISIS GIRL initiative

Screen Shot 2014-02-19 at 9.42.54 AM
Also yesterday, Alexa O’Brien reported (and contextualized with links back to her earlier extensive reporting):

  • The grand jury investigation of WikiLeaks started at least as early as September 23, 2010
  • On January 4, 2011 (21 days after the December 14, 201 administrative subpoena for Twitter records on Appelbaum and others), DOJ requested Jacob Appelbaum’s Gmail records
  • On April 15, 2011, DOJ requested Jacob Appelbaum’s Sonic records

Now, as O’Brien lays out in her post, at various times during the investigation of WikiLeaks, it has been called a Computer Fraud and Abuse investigation, an Espionage investigation, and a terrorism investigation.

Which raises the question why, long after DOJ had deemed the WikiLeaks case a national security case that under either the terrorism or Espionage designation would grant them authority to use tools like National Security Letters, they were still using subpoenas that were getting challenged and noticed to Appelbaum? Why, if they were conducting an investigation that afforded them all the gagged orders they might want, were they issuing subpoenas that ultimately got challenged and exposed?

Before you answer “parallel construction,” lets reconsider something I’ve been mulling since the very first Edward Snowden disclosure: the secret authority DOJ and FBI (and potentially other agencies) used to investigate not just WikiLeaks, but also WikiLeaks’ supporters.

Back in June 2011, EPIC FOIAed DOJ and FBI (but not NSA) for records relating to the government’s investigation of WikiLeaks supporters.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

In their motion for summary judgment last February, DOJ said a lot of interesting things about the records-but-not-lists they might or might not have and generally subsumed the entire request under an ongoing investigation FOIA exemption.

Most interesting, however, is in also claiming that some statute prevented them from turning these records over to EPIC, they refused to identify the statute they might have been using to investigate WikiLeaks’ supporters.

All three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham – claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

Invoking a statutory exemption but refusing to identify the statute was, as far as I’ve been able to learn, unprecedented in FOIA litigation.

The case is still languishing at the DC District.

I suggested at the time that the statute in question was likely Section 215; I suspected at the time they refused to identify Section 215 because they didn’t want to reveal what Edward Snowden revealed for them four months later: that the government uses Section 215 for bulk collection.

While they may well have used Section 215 (particularly to collect records, if they did collect them, from Visa, MasterCard, and PayPal — but note FBI, not NSA, would have wielded the Section 215 orders in that case), they couldn’t have used the NSA phone dragnet to identify supporters unless they got the FISC to approve WikiLeaks as an associate of al Qaeda (update: Or got someone at NSA’s OGC to claim there were reasons to believe WikiLeaks was associated with al Qaeda). They could, however, have used Section 215 to create their own little mini WikiLeaks dragnet.

Read more

How FISA Dockets (Appear To) Work and Why Snowden Likely Got Few or No PayPal Documents

Because Bill Binney made an observation about the high docket number of the phone dragnet order released this year, Sibel Edmonds has decided that Glenn Greenwald is hiding a bunch of Edward Snowden documents to protect Pierre Omidyar showing PayPal cooperated with NSA.

Here’s what Binney said, according to him.

Unfortunately, Sibel attributes some of her words to me. I do not know that PAYPAL is involved – only that financial data is being used by NSA. And, based on the “BR” number 13/80 on the Verizon court order to give records to NSA, I estimated that this program involved 78 companies. These would include: telecom’s, internet service providers, banks/finance/credit cards, travel, plus others. So, there’s a lot of business data being collected by NSA and the FBI. In the future, if I am to be quoted, I will have to I will have to insist on a pre-publication review. [my emphasis]

Now, like Peter Kofod, I don’t doubt that PayPal gives a ton of data to the national security state (more on what probably happens below).

But Binney’s comment appears to be based on a misunderstanding of how the FISA docket numbering works (though not one that changes his observation that “there’s a lot of business data being collected by NSA and the FBI”): that each docket pertains to a different company.

Given the filings we’ve seen from voluminous years — particularly 2009 — it is clear that DOJ uses one docket for all providers on a particular order. For example, 3 of the 4 docket numbers used for the phone dragnet in 2009 were 08-13, 09-06, and 09-13. For the entire 3 month period the primary order covers, all the orders and correspondence related to that primary order bears the original docket number. Even in the case where Judge Walton cut off and then resumed production (see 09-13 above) from just one provider got handled in that docketing system. The now public FISC docket appears to continue this practice, with BR 13-109 and BR 13-158 including all the correspondence on a particular order (in addition, there are the Misc dockets for lawsuits, and the 2007 docket tied to Protect America Act for the Yahoo challenge).

And over the years, the list of providers included on the dockets appears to have gotten much longer. Here’s the redacted list of providers from the original 2006 order:

Screen shot 2013-12-13 at 7.51.09 PM

Here’s the redacted list of providers from the most recent order:

Screen shot 2013-12-13 at 7.54.25 PM

 

The additional providers are probably smaller providers, as well as VOIP providers.

So just 4 and on rare occasions 5 of the Section 215 (“BR”) docket numbers in any given year (and, for the life of the program, just 4 of the PR/TT docket numbers) covered all the providers.

But that may, in fact, mean far more companies are getting Section 215 orders, even bulk orders. As I laid out in this post, the numbers of Section 215 orders have gone up in the last several years (Julian Sanchez has speculated that previously some of this collection was done via National Security Letter, which is a pretty good bet).

Section 215 orders

And as they’ve gone up, the FISA Court has been modifying far more orders — it modified 86% of the orders in 2011. It has been modifying orders to add minimization procedures (it modified 176 orders in 2011 to add minimization requirements). Given that you only need to have significant minimization procedures if you’re getting a lot of innocent people’s data, and given that these orders would also be on a 90-day cycle, that may mean there were 44 bulk collection programs in 2011.

But, as Binney said, that’s going to include a lot of different kinds of companies. We know they’ve used Section 215 to collect precursor chemical purchase records. They likely cover credit cards records, other financial records, gun purchases, health and medical records, and other computer records. There have even been questions about using Section 215 to collect URL search terms.

PayPal is one possible or even likely recipient of these, but only one out of a bunch. Read more

First They Came for WikiLeaks … Then They Came for Pot Dispensaries … Then Online Sharing

Remember when Visa and PayPal cut off services to WikiLeaks as a result of what was clearly Administration pressure? The Administration never explicitly revealed it had pressured the financial services companies to cut off WikiLeaks. It never offered any due process. Just–poof! WikiLeaks was no longer welcome to use a public service other corporate-people were able to.

And almost no one blinked at that abuse of due process.

Then Visa and MasterCard cut off pot dispensaries in California.

Your credit is no longer any good at California medical marijuana dispensaries, whose accounts with credit card processors have been canceled, thanks to pressure from the federal government.
Merchant services providers — the intermediaries between retailers and credit card companies who process customers’ payments — began informing their medical marijuana dealing clients that cannabis credit card transactions would not be processed after July 1, according to Stephen DeAngelo, Executive Director of Oakland’s Harborside Health Center.
No government agency is taking credit for making marijuana a cash-only business. But the “factual pattern” is as follows, DeAngelo said: Officials from the Treasury Department flexed on credit card companies, who then informed merchant services providers that they’d be “dropped from Visa and MasterCard forever” unless they stopped processing medical marijuana payments.

And PayPal has imposed new terms of services on file-sharing sites that will allow it to monitor sites for content.

According to TorrentFreak, PayPal has recently changed its terms of service, making requirements for file-sharing and newsgroup services far tighter than before.

The payment service, owned by eBay, now requires that “merchants must prohibit users from uploading files involving illegal content and indicate that users involved in such file transfers will be permanently removed from their service,” and that “merchants must provide PayPal with free access to their service, so PayPal’s Acceptable Use Policy department can monitor the content.”

The pot dispensary move is really heartless: as the article points out, it means customers have to walk around with wads of cash. And since a lot of medical marijuana customers are on disability, it means poor people can’t afford themselves the flexibility offered by credit cards.

And in addition to the specific injustice of undermining otherwise legal businesses, there’s the general issue. As it does with international financial exchange, so the Government is now doing with corporate entities in the US, picking and choosing which ones will have access to modern financial services and which won’t.

It’s an arbitrary exercise of power against entities the government can’t or won’t make a legal, due process entailing case against.

Maybe you’ll arbitrarily lose your credit card privileges next!

The Inevitable Collapse of Legitimacy Under Secret Law: WikiLeaks Hacks

DOJ indicted 16 alleged hackers today, 14 of whom were purportedly involved in hacking PayPal after it refused to accept payments for WikiLeaks.

According to the San Jose indictment, in late November 2010, WikiLeaks released a large amount of classified U.S. State Department cables on its website. Citing violations of the PayPal terms of service, and in response to WikiLeaks’ release of the classified cables, PayPal suspended WikiLeaks’ accounts so that WikiLeaks could no longer receive donations via PayPal. WikiLeaks’ website declared that PayPal’s action “tried to economically strangle WikiLeaks.”

The San Jose indictment alleges that in retribution for PayPal’s termination of WikiLeaks’ donation account, a group calling itself Anonymous coordinated and executed distributed denial of service (DDoS) attacks against PayPal’s computer servers using an open source computer program the group makes available for free download on the Internet. DDoS attacks are attempts to render computers unavailable to users through a variety of means, including saturating the target computers or networks with external communications requests, thereby denying service to legitimate users. According to the indictment, Anonymous referred to the DDoS attacks on PayPal as “Operation Avenge Assange.”

Now, I’m not surprised DOJ indicted these folks. I’m not arguing that, if they did what DOJ alleged they did, they didn’t commit a crime.

But I can’t help but notice that DOJ has not yet indicted anyone for the DDoS attacks–the very same crime–committed against WikiLeaks 8 days earlier than the crime alleged in this indictment.

I’m guessing DOJ has a very good idea who committed that crime. But for some reason (heh), they haven’t indicted those perpetrators.

In fact, I’ll bet you that DOJ also has a better explanation for why PayPal started refusing WikiLeaks donations on December 4, 2010–two days before this alleged crime–than they describe here.

But we mere citizens are privy to none of that. As far as we know–because of choices about secrecy the government has made–a crime was committed against a media outlet on November 28, 2010. That crime remains unsolved. Indeed, DOJ has never made a peep about solving that crime. Meanwhile, today, 14 people were indicted for allegedly committing the very same crime the government–inexplicably, at least according to its public statements–has not pursued.

According to the public story, at least, the rule of law died with this indictment today. The government has put itself–the hackers it likes, if not employs–above the law, while indicting 14 people for the very same crime committed just weeks before those 14 people allegedly committed their crime.

Of course, that’s probably not how the government views it. I presume they went to some judge–probably a FISA judge–in the days leading up to November 28 and told that judge they were pursuing a case of Espionage and couldn’t that judge please give the government permission to commit a crime against a media outlet.

Mind you, I’m not aware of the part of the PATRIOT Act (or other US Code) that permits the government to commit crimes against media outlets it claims are engaged in Espionage. But then I’m not aware of the part of the PATRIOT Act that permits the government to track geolocation of all of us in the name of hunting terrorists.

And we know they do that.

That’s one of the problems with secret law, you know. It’s never clear what basis the government has given a judge, in secret, for breaking the law.

Less perplexing than how the government explains why its hack of WikiLeaks is not a crime but the alleged hacking committed by these 14 people is a crime, is why PayPal and Visa and MasterCard all of a sudden, within days, decided to stop taking donations to WikiLeaks. Withdrawing funding for alleged terrorists and spies with no due process, at least, is at least provided for under the law.

Though, from the perspective of seeing that our government used it to persecute a media outlet, it doesn’t necessarily make it right.

The other interesting thing about how this secret law thing works is that around about the same time this uninvestigated hack against WikiLeaks occurred and around about the same time these alleged hackers hacked PayPal, the government anonymously leaked information about problems with the claim that WikiLeaks was, in fact, engaged in Espionage. Even at that point, the government admitted it didn’t have much of an Espionage case.

The Justice Department, in considering whether and how it might indict Julian Assange, is looking beyond the Espionage Act of 1917 to other possible offenses, including conspiracy or trafficking in stolen property, according to officials familiar with the investigation.

Attorney General Eric H. Holder Jr. acknowledged this week that there were problems with the Espionage Act, a World War I-era law that says the unauthorized possession and dissemination of information related to national defense is illegal. But he also hinted that prosecutors were looking at other statutes with regard to Mr. Assange, the founder of WikiLeaks.

[snip]

A government official familiar with the investigation said that treating WikiLeaks different from newspapers might be facilitated if investigators found any evidence that Mr. Assange aided the leaker, who is believed to be a low-level Army intelligence analyst — for example, by directing him to look for certain things and providing technological assistance.

If Mr. Assange did collaborate in the original disclosure, then prosecutors could charge him with conspiracy in the underlying leak, skirting the question of whether the subsequent publication of the documents constituted a separate criminal offense. But while investigators have looked for such evidence, there is no public sign suggesting that they have found any.

Did they tell a judge WikiLeaks was engaged in Espionage even while they were telling Charlie Savage it wasn’t?

Particularly from the perspective of today–as it has become clear that Rupert Murdoch has been trafficking in stolen property without his media properties mysteriously getting hacked by people we believe to be aligned with the government–the 7 month period in which DOJ has failed to find any grounds to indict WikiLeaks itself really raises questions about the justification DOJ presumably gave to a judge all those months ago to engage in illegal prior restraint.

I assume DOJ claimed WikiLeaks engaged in Espionage. I assume the government used that claim to hack WikiLeaks and engage in prior restraint. I assume the government used the same claim to cut off US-based donations to WikiLeaks. And if the government admitted that publicly, likely just a few crazy civil libertarians like me would object to the government’s violation of the First Amendment.

We’re so quaint, those of us who believe in rule of law!

DOJ could fix the crisis in legitimacy this indictment will bring about by simply explaining some detail about why they’re not pursuing the hackers that brought down a media outlet last year, but they have pursued hackers that brought down an online payment service (never mind questions about why they’re not pursuing banksters). They could simply explain what law they used–or abused–to be able to incapacitate a media outlet without violating the First Amendment.

That might give their actions today–and back in November–the patina of legitimacy.

But instead, they have apparently chosen to persist in applying their secret laws, such that they can violate the First Amendment of the Constitution, even while prosecuting others for crimes the government has presumably committed itself.

And that, my friends, is how secret law kills democracy and the rule of law.

So, Amazon, Visa, PayPal, Was It Worth Accepting Government Lies?

Mark Hosenball reports that aside from some pockets of short-term damage, the impact of the Wikileaks leak of diplomatic cables has been embarrassing, but not damaging.

Internal U.S. government reviews have determined that a mass leak of diplomatic cables caused only limited damage to U.S. interests abroad, despite the Obama administration’s public statements to the contrary.

A congressional official briefed on the reviews said the administration felt compelled to say publicly that the revelations had seriously damaged American interests in order to bolster legal efforts to shut down the WikiLeaks website and bring charges against the leakers.

“I think they just want to present the toughest front they can muster,” the official said.

But State Department officials have privately told Congress they expect overall damage to U.S. foreign policy to be containable, said the official, one of two congressional aides familiar with the briefings who spoke to Reuters on condition of anonymity.

“We were told (the impact of WikiLeaks revelations) was embarrassing but not damaging,” said the official, who attended a briefing given in late 2010 by State Department officials.

[snip]

National security officials familiar with the damage assessments being conducted by defense and intelligence agencies told Reuters the reviews so far have shown “pockets” of short-term damage, some of it potentially harmful. Long-term damage to U.S. intelligence and defense operations, however, is unlikely to be serious, they said. [my emphasis]

More important than yet another indication that the Obama Administration has oversold the damage done by Wikileaks is the reason given by Hosenball’s Congressional source as to why they oversold that damage: to bolster legal efforts to shut down Wikileaks’ website.

The Administration lied, says a congressional official, to make it easier to shut down Wikileaks.

Now that’s important for several reasons. First, all this time the government has been pretending that the series of decisions by private corporations to stop doing business with Wikileaks were made by the businesses on their own. Surprise surprise (not!), it seems that the government was affirmatively trying to shut down Wikileaks.

Just as importantly, Hosenball’s story seems to suggest, the government was going to service providers–the same service providers they routinely go to on terrorist investigations–and lying to get them to do the government’s bidding. The government was making claims about the damage of the leak to convince service providers to shut down Wikileaks.

And companies like Amazon, Visa, and PayPal complied.

So, to these companies, now tainted with cooperation in government censorship, was it worth it? Was it worth being branded as a collaborator, knowing you were lied to?

And to Philip Crowley, whom Hosenball quotes talking about “substantial” damage: given your critique of Tunisia’s suppression of social media, and given that we now know you lied in the service of similar repression, do you still want to claim there’s no disjunct between claiming to support free speech while squelching that of Wikileaks?