Posts

Why We Should Remain Skeptical of the Five (!!) Congressional Investigations into the Russian Hack

I was interviewed (on Thursday) about the Flynn resignation and larger investigation into the Russia hack for Saturday’s On the Media. In what made the edit, I made one error (which I’ll explain later), but a key point I made holds. The leaking about Flynn and other Russian events are hypocritical and out of control. But they may create pressure to fix two problems with the current investigations into the Russian hack: the role of Jeff Sessions overseeing the DOJ-led investigations, and the role of Trump advisory officials Devin Nunes and Richard Burr overseeing the most appropriate congressional investigations.

In this post I’ll look at the latter conflicts. In a follow-up I’ll look at what the FBI seems to be doing.

As I noted in the interview, contrary to what you might think from squawking Democrats, there are five congressional investigations pertaining to Russian hacks, though some will likely end up focusing on prospective review of Russian hacking (for comparison, there were seven congressional Benghazi investigations). They are:

  • Senate Intelligence Committee: After months of Richard Burr — who served on Trump’s campaign national security advisory council — saying an inquiry was not necessary and going so far as insisting any inquiry wouldn’t review the dossier leaked on Trump, SSCI finally agreed to do an inquiry on January 13. Jim Comey briefed that inquiry last Friday, February 17.
  • House Intelligence Committee: In December, James Clapper refused to brief the House Intelligence Committee on the latest intelligence concluding Russian hacked the DNC with the goal of electing Trump, noting that HPSCI had been briefed all along (as was clear from some of the leaks, which clearly came from HPSCI insiders). In January, they started their own investigation of the hack, having already started fighting about documents by late January. While Ranking Democratic Member Adam Schiff has long been among the most vocal people complaining about the treatment of the hack, Devin Nunes was not only a Trump transition official, but made some absolutely ridiculous complaints after Mike Flynn’s side of some conversations got legally collected in a counterintelligence wiretap. Nunes has since promised to investigate the leaks that led to Flynn’s forced resignation.
  • Senate Armed Services Committee: In early January, John McCain announced he’d form a new subcommittee on cybersecurity, with the understanding it would include the Russian hack in its focus. Although he originally said Lindsey Graham would lead that committee, within weeks (and after Richard Burr finally capitulated and agreed to do a SSCI inquiry), McCain instead announced Mike Rounds would lead it.
  • Senate Foreign Relations Committee: In December, Bob Corker announced the SFRC would conduct an inquiry, scheduled to start in January. At a hearing in February, the topic came up multiple times, and both Corker and Ben Cardin reiterated their plans to conduct such an inquiry.
  • Senate Judiciary Subcommittee on Crime and Terrorism: After Graham was denied control of the SASC panel, he and Sheldon Whitehouse announced they’d conduct their own inquiry, including a prospective review of “the American intelligence community’s assessment that Russia did take an active interest and play a role in the recent American elections.”

All the while, some Senators — McCain, Graham, Chuck Schumer, and Jack Reed — have called for a Select Committee to conduct the investigation, though in true McCainesque fashion, the maverick has at times flip-flopped on his support of such an inquiry.

Also, while not an investigation, on February 9, Jerry Nadler issued what I consider (strictly as it relates to the Russian hack, not the other conflicts) an ill-advised resolution of inquiry calling for the Administration to release materials relating to the hack, among other materials. Democrats in both the House and Senate have introduced legislation calling for an independent commission, but have gotten no support even from the mavericky Republicans.

As you can see from these descriptions, it took pressure from other committees, especially Lindsey Graham getting control of one of the inquiries, before Richard Burr let himself be convinced by SSCI Vice Chair Mark Warner to conduct an inquiry. Thus far, Mitch McConnell has staved off any Select Committee. As soon as SSCI did claim to be launching an investigation, a bunch of Republicans tried to shut down the others, claiming it was all simply too confusing.

Let me be clear: as I noted in the OTM interview, the intelligence committees are the appropriate place to conduct this investigation, as it concerns really sensitive counterintelligence matters — people who could be witnesses to it are getting killed! — and an ongoing investigation. The only way to conduct a responsible inquiry is to do so in secret, and unless a select committee with clearance is formed, that means doing so in the dysfunctional intelligence committees.

That’s made worse by Nunes and Burr’s obvious conflicts, having served on Trump’s pre-inauguration advisory teams (at a time when Mike Flynn was chatting about ongoing sanctions with Russia), and their equally obvious disinterest in conducting the investigation. Remember that the intelligence committees successfully bolloxed up the independent investigation into Iran-Contra. While neither Nunes nor Burr is as smart as Dick Cheney, who had a key role in that intentional bolloxing, Democrats should be cognizant of the ways that such bolloxing has happened in the past.

And now that SSCI has finally started its inquiry, Ali Watkins published an uncharacteristically credulous report on Burr’s role in the investigation, slathering on the colorful vocabulary — “brutally yanked;” “underground cohort;” “dark shadow of Langley;” “Wearily, they’re trudging forward on a probe littered with potential political landmines;” — before portraying the allegedly difficult position Burr is in:

That he’s now in charge of the sweeping Russia inquiry puts the North Carolina Republican in between a rock and a hard place. Since taking over the helm of the intelligence committee, Burr has pressed for more active and aggressive oversight, and has kept a rigorous travel schedule to match. But his decisive reelection victory in November came at a cost — throughout the contentious race, Burr towed Trump’s line, and hasn’t yet directly criticized the White House publicly.

But Burr has shown no indication that he’s ever angled for a Trump administration job, and says he’s not running for re-election. How seriously he takes his obligation to carry his president’s water remains to be seen.

Burr has been slammed by colleagues in recent days, who fear he’s slow-rolling an investigation into a fast-moving story. But much of the inquiry’s slow start was due to bureaucratic wrangling — some intelligence agencies insisted products be viewed on site rather than sent to the Hill, and some of the intelligence was so tightly controlled that it was unclear if staffers could even view it.

This is just spin. There is abundant public record that Burr has thwarted oversight generally (he has said things supporting that stance throughout his history on both the Senate and House Intelligence Committee, even ignoring his role in covering up torture, and Watkins’ earlier incorrect claims about Burr’s open hearings remain only partly corrected). There is no mention in this article that Burr was on Trump’s national security advisory committee. Nor that SSCI had reason to do hearings about this hack well before January 2017, back when it might have made a difference — at precisely the time when Burr apparently had time to advise Trump about national security issues as a candidate. Plus, it ignores all the things laid out here, Burr’s continued equivocation about whether there should even be a hearing.

There is no reason to believe Burr or Nunes intend to have a truly rigorous investigation (bizarrely, Warner seems to have had more success pushing the issue than Schiff — or Dianne Feinstein when she was Vice Chair — though that may be because the Ranking position is stronger in the Senate than in the House). And history tells us we should be wary that their investigations will be counterproductive.

As I noted, on Friday — the Friday before a recess — Jim Comey briefed the SSCI on the Russian hack. That briefing was unusual for the date (regular SSCI meetings happen on Tuesday and Thursday, and little business of any kinds happens right before a recess). Reporters have interpreted that, along with the presumed silence about the content of the briefing, as a sign that things are serious. That may be true — or it may be that that was the only time a 3-hour briefing could be scheduled. In the wake of the briefing, it was reported that the SSCI sent broad preservation requests tied to the inquiry (that is, they sent the request long after the inquiry was started). And while the press has assumed no one is talking, the day after the briefing, Reuters reported outlines of at least three parts of the FBI investigation into the Russian hack, attributed to former and current government officials.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

If Richard Burr Jokes about Assassination in Secret, What Else Does He Joke about in Secret?

A tracker caught Senate Intelligence Chair responding to a request for a picture with a guy with an NRA hat on by joking about “putting a bullseye” on Hillary Clinton at an event for volunteers this weekend (the quip is after 34:30).

Nothing made me feel any better than, uh, I walked into a gun shop I think yesterday in Oxford. And there was a copy of Rifleman on the, on the counter. It’s got a picture of Hillary Clinton on the front of it. I was a little bit shocked at that — it didn’t have a bullseye on it.

After the comments became public, Burr apologized for them.

Mind you, Burr has a history of making inappropriate jokes about violence, even about assassination, even in public. In 2013, Burr joked with Treasury Secretary Jack Lew that his relative Aaron Burr assassinated Treasury Secretaries. And in the same year, Burr joked with John Brennan that drinking four glasses of water

“I’ll be brief,” Burr told the nominee to lead the Central Intelligence Agency. “I see you’re on your fourth glass of water and I don’t want to be accused of waterboarding you.”

But this is different, because he laughed about violence from others against a public figure, rather than joking about his own hypothetical violence. And it did so in a fairly closed event.

Given that as SSCI Chair Burr spends so much time huddling in secret with the intelligence community, Burr’s persistent joking about assassination and related issues does raise questions about what else he jokes in his private sessions with spooks. That’s especially true given how far out of his way he has gone to protect CIA from any accountability for torture.

Burr is, to his credit, virtually alone among an recent Gang of Four members for actually keeping what he learns from briefings secret. That means that, unlike this meeting (hilariously, after 13:00 in the recording, Burr kicks out someone he believes to be a tracker, but the person recording the meeting remained inside recording), we would never learn about how funny Burr thinks assassination is when meeting with those who actually carry them out.

That sure makes him an inappropriate person to head oversight of the intelligence community.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Senate Narrowly Avoids Voting Themselves to Become “Typos”

The McCain (Cornyn) amendment to the Judiciary Appropriations bill that would let them get Electronic Communication Transaction Records with a National Security Letter just narrowly failed to get cloture, with Dan Sullivan flipping his vote to yes near the end but Mike Crapo, a likely no vote, not voting. The final vote was 59-37.

The floor debate leading up to the vote featured a few notable exchanges. Richard Burr was an absolutely douchebag, saying Ron “Wyden is consistently against providing LE the tools it needs to defend the American people.” He did so in a speech admitting that, “My colleague says this wouldn’t stop SB or Orlando. He’s 100% correct.”

Burr also insisted that we can’t let the Lone Wolf provision, which allegedly has never been used, expire. It was extended just last year and doesn’t expire until 2019.

More interesting though was the debate between Burr and Leahy over whether the FBI can’t obtain ECTRs because of a typo in the law as passed in 1993. Leahy basically described that Congress had affirmatively decided not to include ECTRs in NSLs (implicit in this, Congress also did not decide to include it in the 2001 expansion). Burr claimed that Congress meant to include it but didn’t in some kind of oversight.

Here’s how Mazie Hirono and Martin Heinrich described the debate in the report on the Intelligence Authorization, which has a version of the ECTR change.

The FBI has compared expanding these authorities to fixing a “typo” in the Electronic Communications Privacy Act (ECPA).

However, during consideration of ECPA reform legislation in 1993, the House Judiciary Committee said in its committee report that “Exempt from the judicial scrutiny normally
required for compulsory process, the national security letter is an extraordinary device. New applications are disfavored.”

The House Judiciary Committee report also makes clear that the bill’s changes to Section 2709(b) of ECPA were a “modification of the language originally proposed by the
FBI.”

This does not support claims that the removal of the ECTR language was a “typo.”

Burr effectively argued that because law enforcement wanted ECTRs to be included back in 1993, they were meant to be included, and Congress’ exclusion of them was just a typo.

In short, a member of the Senate just argued that if Congress affirmatively decides not to capitulate to every demand of law enforcement, it must be considered a “typo” and not legally binding law.

For the moment, the Senate voted down making itself a “typo,” but Mitch McConnell filed a motion to reconsider, meaning he can bring the vote back up as soon as he arm twists one more vote.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The SSCI Contemplates Splitting CyberCommand from DIRNSA

The Intercept’s Jenna McLaughlin liberated a copy of the Senate Intelligence Committee’s Intelligence Authorization for 2017 which was passed out of committee a few weeks back. There are two really shitty things — a move to enable FBI to get Electronic Communications Transaction Records with NSLs again (which I’ll return to) and a move to further muck up attempts to close Gitmo.

But there are a remarkable number of non-stupid things in the bill.

I’m particularly interested in this language.

Screen Shot 2016-06-10 at 9.01.03 AM

Unless I’m completely misreading it, this section would require the Director of NSA to be a separate person from the head of CyberCommand. It would require Admiral Mike Rogers’ current dual hat to be split.

Correction: DIRNSA and CyberCom would only need to be split if CyberCom gets elevated to be a full combatant command.

That’s a recommendation the President’s own Review Group made back in 2013, only to have the President pre-empt PRG’s recommendation before they could publicize it. It would also likely have some impact on NSA’s decision, earlier this year, to combine the Information Assurance Directorate — NSA’s defensive organization — in with its offensive mission.

Frankly, I think our entire cybersecurity approach deserves a more open debate. The IC has done a pretty crummy job at defending us from attacks, and it’s not clear what purpose their secrecy about that serves.

But I am intrigued that SSCI seems to think NSA should retain its defensive capability, independent of all its offensive ones.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

CIA Achieves a Whole New Scale of Torture Evidence Destruction

I once made a list of all the evidence of torture the CIA or others in the Executive Branch destroyed.

I thought it time to start cataloging them, to keep them all straight.

  • Before May 2003: 15 of 92 torture tapes erased or damaged
  • Early 2003: Dunlavey’s paper trail “lost”
  • Before August 2004: John Yoo and Patrick Philbin’s torture memo emails deleted
  • June 2005: most copies of Philip Zelikow’s dissent to the May 2005 CAT memo destroyed
  • November 8-9, 2005: 92 torture tapes destroyed
  • July 2007 (probably): 10 documents from OLC SCIF disappear
  • December 19, 2007: Fire breaks out in Cheney’s office

(I put in the Cheney fire because it happened right after DOJ started investigating the torture tape destruction.)

Since that time, there have been at least two more:

  • CIA stealing back copies of cables implicating the President from SSCI servers
  • Someone modifying one of the black sites at which the 9/11 defendants were tortured, with Gitmo approval

But apparently, last summer, CIA’s Inspector General destroyed something else: both his disk-based and server based copies of the Torture Report.

But last August, a chagrined Christopher R. Sharpley, the CIA’s acting inspector general, alerted the Senate intelligence panel that his office’s copy of the report had vanished. According to sources familiar with Sharpley’s account, he explained it this way: When it received its disk, the inspector general’s office uploaded the contents onto its internal classified computer system and destroyed the disk in what Sharpley described as “the normal course of business.” Meanwhile someone in the IG office interpreted the Justice Department’s instructions not to open the file to mean it should be deleted from the server — so that both the original and the copy were gone.

At some point, it is not clear when, after being informed by CIA general counsel Caroline Krass that the Justice Department wanted all copies of the document preserved, officials in the inspector general’s office undertook a search to find its copy of the report. They discovered, “S***, we don’t have one,” said one of the sources briefed on Sharpley’s account.

Sharpley was apologetic about the destruction and promised to ask CIA director Brennan for another copy. But as of last week, he seems not to have received it; after Yahoo News began asking about the matter, he called intelligence committee staffers to ask if he could get a new copy from them.

Sharpley also told Senate committee aides he had reported the destruction of the disk to the CIA’s general counsel’s office, and Krass passed that information along to the Justice Department. But there is no record in court filings that department lawyers ever informed the judge overseeing the case that the inspector general’s office had destroyed its copy of the report.

Two key parts of this story: Sharpley appears to have no idea who decided to nuke the report off the IG server. Hmmmm.

And DOJ has been suppressing this detail in filings in the FOIAs for the Torture Report itself (which may be what led Dianne Feinstein to make an issue of it last week).

Click through if you want a really depressing list of all the ways Richard Burr is trying to disappear the report.

I guess I shouldn’t be surprised that the entire report got disappeared. But destroying the whole thing is rather impressive.

Update: Katherine Hawkins reminds of of another one: the hood Manadel al-Jamadi wore when he suffocated to death while being tortured disappeared under circumstances the CIA IG considered non-credible.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Richard Burr’s Encryption (AKA Cuckoo) Bill, Working Thread

A version of Richard Burr and Dianne Feinstein’s ill-considered encryption bill has been released here. They’re calling it the “Compliance with Court Orders Act of 2016,” but I think I’ll refer to it as the Cuckoo bill. This will be a working thread.

(2) Note the bill starts by suggesting economic prosperity relies on breaking encryption. There are many reasons that’s not true, most obviously that it will put US products at a disadvantage in other countries.

(2) Note this only applies to “providers of communications services and products (including software).” Does it apply to financial companies? Because they’re encrypting data between themselves that should be accessible to law enforcement. Does it apply to car companies? IoT companies?

(2) Note they mention “judicial order” and “court order” here. It’s clear (and becomes clearer later) that this includes orders that aren’t warrants, so FISA orders. Which suggests they’re having a problem with encryption under FISA too.

(3) The Cuckoo Bill builds in compensation. That’s one way companies could fight this: to make sure it would take a lot to render data intelligible.

(4) I suspect this license language would expand to do scary things with other “licensing” products.

(4) Note that they’ve expanded the definition of metadata to include “switching, processing, and transmitting” data. I bet that has already been done in secret somewhere.

(5) The language on destination and switching suggests they’re trying to include location data in metadata.

(6) Note the “order or warrant” language.

(6) The covered entity might include banks and cars, though not obviously so.

(8) An odd use of “original form” in decrypted definition.

(9) Wow, they even want to require entities to have to provide decrypted data in motion.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

On December 10, Intelligence Committees Not Told Any Encrypted Communications Used in San Bernardino

Here’s what Senate Intelligence Chair Richard Burr and House Intelligence Ranking Member Adam Schiff had to say about a briefing on the San Bernardino attack they attended on December 10.

Lawmakers on Thursday said there was no evidence yet that the two suspected shooters used encryption to hide from authorities in the lead-up to last week’s San Bernardino, Calif., terror attack that killed 14 people.

“We don’t know whether it played a part in this attack,” Senate Intelligence Committee Chairman Richard Burr (R-N.C.) told reporters following a closed-door briefing with federal officials on the shootings.

But that hasn’t ruled out the possibility, Burr and others cautioned.

“That’s obviously one issue were very interested in,” House Intelligence Committee ranking member Adam Schiff (D-Calif.) said. “To what degree were either encrypted devices or communications a part of the impediment of the investigation, either while the events were taking place or to our investigation now?”

The recent terror attacks in San Bernardino and Paris have shed an intense spotlight on encryption.

While no evidence has been uncovered that either plot was hatched via secure communications platforms, lawmakers and federal officials have used the incidents to resurface an argument that law enforcement should have guaranteed access to encrypted data.

On December 10, we should assume from these comments, the Congressmen privy to the country’s most secret intelligence and law enforcement information, were told nothing about a key source of evidence in the San Bernardino attack being encrypted. Schiff made it quite clear the members of Congress in the briefing were quite interested in that question, but nothing they heard in the briefing alerted them to a known trove of evidence being hidden by encryption.

That’s an important benchmark because of details the FBI provided in response to a questions from Ars Tecnica’s Cyrus Farivar. As had been made clear in the warrant, FBI seized the phone on December 3. But the statement also reveals that FBI asked the County to reset Farook’s Apple ID password on December 6. That means they were already working on that phone several days before the briefing to the Intelligence Committee members (it’s unclear whether that briefing was just for the Gang of Four or for both Intelligence Committees).

While, given what Tim Cook described last night, the FBI had not yet asked for Apple’s assistance by that point, the FBI had to have known what they were dealing with by December 6 — an iPhone 5C running iOS9. Therefore, they would have known the phone was encrypted by default (and couldn’t be open with a fingerprint).

Yet even four days later, they were not sufficiently interested in that phone they had to have known to be encrypted to tell Congress it held key data.

Update: Wow, this, from Apple’s motion to vacate the order, makes this all the more damning.

Screen Shot 2016-02-25 at 6.09.00 PM

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

District Attorneys Use Spying as Cover To Demand a Law Enforcement Back Door

In response to a question Senate Intelligence Committee Chair Richard Burr posed during his committee’s Global Threat hearing yesterday, Jim Comey admitted that “going dark” is “overwhelmingly … a problem that local law enforcement sees” as they try to prosecute even things as mundane as a car accident.

Burr: Can you, for the American people, set a percentage of how much of that is terrorism and how much of that fear is law enforcement and prosecutions that take place in every town in America every day?

Comey: Yeah I’d say this problem we call going dark, which as Director Clapper mentioned, is the growing use of encryption, both to lock devices when they sit there and to cover communications as they move over fiber optic cables is actually overwhelmingly affecting law enforcement. Because it affects cops and prosecutors and sheriffs and detectives trying to make murder cases, car accident cases, kidnapping cases, drug cases. It has an impact on our national security work, but overwhelmingly this is a problem that local law enforcement sees.

Much later in the hearing Burr — whose committee oversees the intelligence but not the law enforcement function of FBI, which functions are overseen by the Senate Judiciary Committee — returned to the issue of encryption. Indeed, he seemed to back Comey’s point — that local law enforcement is facing a bigger problem with encryption than intelligence agencies — by describing District Attorneys from big cities and small towns complaining to him about encryption.

I’ve had more District Attorneys come to me that I have the individuals at this table. The District Attorneys have come to me because they’re beginning to get to a situation where they can’t prosecute cases. This is town by town, city by city, county by county, and state by state. And it ranges from Cy Vance in New York to a rural town of 2,000 in North Carolina.

Of course, the needs and concerns of these District Attorneys are the Senate Judiciary Committee’s job to oversee, not Burr’s. But he managed to make it his issue by calling those local law enforcement officials “those who complete the complement of our intelligence community” in promising to take up the issue (though he did make clear he was not speaking for the committee in his determination on the issue).

One of the responsibilities of this committee is to make sure that those of you at at the table and those that comp — complete the complement of our intelligence community have the tools through how we authorize that you need. [sic]

Burr raised ISIS wannabes and earlier in the hearing Comey revealed the FBI still hadn’t been able to crack one of a number of phones owned by the perpetrators of the San Bernardino attack. And it is important for the FBI to understand whether the San Bernardino attack was directed by people in Saudi Arabia or Pakistan that Tashfeen Malik associated with before coming to this country planning to engage in Jihad.

But only an hour before Jim Comey got done explaining that the real urgency here is to investigate drug cases and car accident cases, not that terrorist attack.

The balance between security, intelligence collection, and law enforcement is going to look different if you’re weighing drug investigations against the personal privacy of millions than if you’re discussing terrorist communications, largely behind closed doors.

Yet Richard Burr is not above pretending this about terrorism when it’s really about local law enforcement.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

More Evidence Secret “Tweaks” To Section 702 Coming

Way at the end of yesterday’s Senate Intelligence Committee Global Threats hearing, Tom Cotton asked his second leading question permitting an intelligence agency head to ask for surveillance, this time asking Admiral Mike Rogers whether he still wanted Section 702 (the first invited Jim Comey to ask for access to Electronic Communications Transactions Records with National Security Letters, as Chuck Grassley had asked before; Comey was just as disingenuous in his response as the last time he asked).

Curiously, Cotton offered Rogers the opportunity to ask for Section 702 to be passed unchanged. Cotton noted that in 2012, James Clapper had asked for a straight reauthorization of Section 702.

Do you believe that Congress should pass a straight reauthorization of Section 702?

But Rogers (as he often does) didn’t answer that question. Instead, he simply asserted that he needed it.

I do believe we need to continue 702.

At this point, SSCI Chair Richard Burr piped up and noted the committee would soon start the preparation process for passing Section 702, “from the standpoint of the education that we need to do in educating and having Admiral Rogers bring us up to speed on the usefulness and any tweaks that may have to be made.”

This seems to parallel what happened in the House Judiciary Committee, where it is clear some discussion about the certification process occurred (see this post and this post).

Note this discussion comes in the wake of a description of some of the changes made in last year’s certification in this year’s PCLOB status report. That report notes that last year’s certification process approved the following changes:

  • NSA added a requirement to explain a foreign intelligence justification in targeting decisions, without fully implementing a recommendation to adopt criteria “for determining the expected foreign intelligence value of a particular target.” NSA is also integrating reviewing written justifications in its auditing process.
  • FBI minimization procedures were revised to reflect how often non-national security investigators could search 702-collected data, and added new limits on how 702 data could be used.
  • NSA and CIA write justifications for conducting back door searches on US person data collected under Section 702, except for CIA’s still largely oversight free searches on 702-collected metadata.
  • NSA and CIA twice (in January and May) provided FISC with a random sampling of its tasking and US person searches, which the court deemed satisfactory in its certification approval.
  • The government submitted a “Summary of Notable Section 702 Requirements” covering the rules governing the program, though this summary was not comprehensive nor integrated into the FISC’s reauthorization.

As the status report implicitly notes, the government has released minimization procedures for all four agencies using Section 702 (in addition to NSA, CIA, and FBI, NCTC has minimization procedures), but it did so by releasing the now-outdated 2014 minimization procedures as the 2015 ones were being authorized. At some point, I expect we’ll see DEA minimization procedures, given that the shutdown of its own dragnet would lead it to rely more on NSA ones, but that’s just a wildarseguess.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Will James Clapper Be the First Known Victim of OmniCISA’s Regulatory Immunity?

According to Medium, Crackas With Attitude just hacked James Clapper and his wife.

One of the group’s hackers, who’s known as “Cracka,” contacted me on Monday, claiming to have broken into a series of accounts connected to Clapper, including his home telephone and internet, his personal email, and his wife’s Yahoo email. While in control of Clapper’s Verizon FiOS account, Cracka claimed to have changed the settings so that every call to his house number would get forwarded to the Free Palestine Movement.

[snip]

The hacker also sent me a list of call logs to Clapper’s home number. In the log, there was a number listed as belonging to Vonna Heaton, an executive at Ball Aerospace and a former senior executive at the National Geospatial-Intelligence Agency. When I called that number, the woman who picked up identified as Vonna Heaton. When I told her who I was, she declined to answer any questions.

Viscerally, I’m laughing my ass off that Verizon (among others) has shared Clapper’s metadata without his authority. “Not wittingly,” they might say if he asks them about that. But I recognize that it’s actually not a good thing for someone in such a sensitive position to have his metadata exposed (I mean, to the extent that it wasn’t already exposed in the OPM hack).

I would also find some amusement if Clapper ends up being the first public victim of OmniCISA’s regulatory immunity for corporations.

Yahoo and Verizon can self-report this cyber intrusion to DHS, and if they do then the government can’t initiate regulatory action against them for giving inadequate protection from hacking for the Director of National Intelligence’s data.

And whether or not Clapper is the first victim of OmniCISA’s regulatory immunity, he is among the first Americans that the passage of OmniCISA failed to protect from hacking.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.