Posts

The Other Servers and Laptops FBI Never Investigated: VR Systems and North Carolina Polling Books

Ron Wyden had a lot to say in his minority views to the SSCI Report on election security released yesterday, mostly arguing that there need to be national standards and assistance and that no one can make any conclusions about the effects of Russia’s efforts in 2016 because no one collected the data to make such conclusions.

But there’s one line in his section raising questions about the 2016 conclusions I find particularly interesting, pertaining to VR Systems (which he doesn’t name).

Assessments about Russian attacks on the administration of elections are also complicated by newly public information about the infiltration of an election technology company.

Since the Mueller Report came out, Wyden has been trying to chase down this reference in the report to the VR Systems hack.

Unit 74455 also sent spear-phishing emails to public officials involved in election administration and personnel a~ involved in voting technology. In August 2016, GRU officers targeted employees of [redacted; VR Systems], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.

In May, he sent a letter to VR Systems President Mindy Perkins, asking how the company could claim, in March 2018, that it had not experienced a security breach when the report said it had been infected with malware in August 2016. In response, the company told Wyden (according to a letter he and Amy Klobuchar sent FBI Director Chris Wray) that they had alerted the FBI that they found suspicious IPs in their logs in real time, but that FBI had never explained the significance of that.

In a May 16, 2019, letter to Senator Wyden, VR Systems described how it participated in an August 2016 conference call with law enforcement. Participants in that call were apparently asked by the FBI to “be on the lookout for certain suspicious IP addresses.” According to VR Systems, the company examined its website logs, “found that several of the IP addresses had, in fact, visited our website” and as a result, the company “notified the FBI as we had been directed to do.” VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced.

The implication from Wyden’s letters is that VR Systems only hired FireEye to conduct an assessment of what happened after Reality Winner leaked an NSA document making it clear they had been targeted by GRU in 2017. [Update: Kim Zetter actually reported this here.]

In their June 12 letter, Wyden and Klobuchar asked Wray whether the FBI followed up on VR Systems’ report.

  1. What steps, if any, did the FBI take to examine VR Systems’ servers for evidence of a successful cyber breach after the company alerted the FBI, in August of 2016, to the presence of suspicious IP addresses in its website logs? If the FBI did not examine VR Systems’ servers or request access to those servers, please explain why.
  2. Several months after VR Systems first contacted the FBI, electronic pollbooks made by the company malfunctioned during the November 8 general election in Durham County, North Carolina. In the two and a half years since that incident in Durham County, has the FBI requested access to the pollbooks that malfunctioned, and the computers used to configure them, in order to examine them for evidence of hacking? If not, please explain why.
  3. VR Systems contracted FireEye to perform a forensic examination of its systems in the summer of 2017. Has the FBI reviewed FireEye’s conclusions? If so, what were its key findings?

It’s unclear how Wray answered (or didn’t). But just before Wyden sent this letter, the WaPo reported that no one had yet conducted a forensic examination of the laptops used in the VR Systems polling books in North Carolina. After Democrats took over control, they finally persisted in getting DHS to agree to check the laptops.

On Tuesday, the Department of Homeland Security told The Washington Post it will conduct a forensic analysis of the laptops used in Durham County elections in 2016. Lawson said North Carolina first asked the department to conduct such a review more than 18 months ago, though he added that DHS has generally been a “good partner” on election security.

“We appreciate the Department of Homeland Security’s willingness to make this a priority so the lingering questions from 2016 can be addressed in advance of 2020,” said Karen Brinson Bell, the newly appointed executive director of the State Board of Elections.

After the election, Durham County hired a firm called Protus3 to dig into what happened. The security consultant said it appeared the problems were caused by user error but ended its 12-page report with a list of recommendations that included examining computers in a lab setting and interviewing more election workers.

Durham County elections director Derek Bowens said he is comfortable with the report’s conclusions. Even so, in 2017, the county switched to electronic poll books created by the state. Bowens said in an interview that the state’s software would save money and is, in his view, better.

But for North Carolina officials, concerns resurfaced in June 2017 when the website Intercept posted a leaked National Security Agency report referencing “cyber espionage operations against a . . . U.S. company in August 2016.” The NSA report said that “it was likely that at least one account was compromised.”

VR Systems soon acknowledged that hackers had targeted the company but insisted that its network had not been breached.

North Carolina officials weren’t so sure.

“This was the first leak that indicated anything like a nation-state actor targeting a voting systems vendor,” Lawson said.

The state elections board soon launched its own investigation, seizing 40 laptops from Durham in July. And it suspended the certification that allowed more than 20 North Carolina counties to use VR Systems’ poll books during elections, an action that would later land in court. “Over the past few months there has been a considerable change in the election security landscape and the level of scrutiny we receive,” the board wrote in a letter explaining its decision to VR Systems.

No one working for the board had the technical expertise to do a forensic examination of the machines for signs of intrusion. Staffers asked DHS for technical help but did not get a substantive answer for a year and a half, Lawson said.

As noted, FireEye appears to have done an assessment at VR Systems itself in the wake of the Winner disclosure. The WaPo reports that FireEye declared VR Systems hadn’t been hacked, but wouldn’t share any information with Wyden or–apparently–DHS.

VR Systems said a cybersecurity firm it hired to review its computer network in 2017 found no evidence of a hack. A subsequent review by DHS also found no issues, the company said. VR Systems declined to give Wyden documentation of those reviews, citing the need to protect proprietary information.

Wyden in a statement to The Post accused VR Systems of “stonewalling congressional oversight.”

A senior U.S. official confirmed DHS’s review of VR Systems’s network to The Post and noted that by the time agency investigators arrived, a commercial vendor had already “swept” the networks. “I can’t tell you what happened before the commercial vendor came in there,” the official said, speaking on the condition of anonymity to discuss a sensitive matter.

The same day as the WaPo report, Kim Zetter reported that VR Systems used remote updates for their software, opening up a possible point of compromise for hackers.

For two years, GRU hack denialists have thought it was the most important thing that the DNC provided FBI Crowdstrike’s forensic images of the hacked laptops, rather than providing the servers themselves.

But that step has, apparently, not been done yet with VR Systems. And the laptops that failed on election day are only now being forensically examined.  Which is why, I presume, that Wyden believes it’s premature to claim no vote totals were affected on election day 2016.

Sergey Kislyak, Guccifer 2.0, and Maria Butina Walk into an Election Precinct

The Senate Intelligence Committee released a highly redacted version of their election security report. Much of it focuses on coded descriptions cataloging what happened in different states and what has happened as some states try to prepare better for that kind of election interference in the future; this discussion will be far more useful once reporters have carried out the fairly trivial work of identifying which states are referred to in the discussions.

That discussion also reflects a great deal of underlying tension not at all reflected in some of the early stories on the report. State officials bitched, justifiably, at coverage that doesn’t distinguish between scans and hacks, which fosters the panic that Russia probably hoped to create.

Many state election officials emphasized their concern that press coverage of, and increased attention to, election security could create the very impression the Russians were seeking to foster, namely undermining voters’ confidence in election integrity. Several insisted that whenever any official speaks publicly on this issue, they should state clearly the difference between a “scan” and a “hack,” and a few even went as far as to suggest that U.S. officials stop talking about the issue altogether. One state official said, “Wc need to walk a fine line between being forthcoming to the public and protecting voter confidence.

But Ron Wyden raised concerns that all these state level assessments rely on the states’ own data collection, meaning reports that no vote tallies were changed are probably not as reliable as people claim.

DHS’s prepared testimony at that hearing included the statement that it is “likely that cyber manipulation of U.S. election systems intended to change the outcome of a national election would be detected.” The language of this assessment raises questions, however, about DHS’s ability to identify cyber manipulation that could have affected a very close national election, particularly given DHS’s acknowledgment of the “possibility that individual or isolated cyber intrusions into U.S. election infrastructure could go undetected, especially at local levels.”‘^ Moreover, DHS has acknowledged that its assessment with regard to the detection of outcome-changing cyber manipulation did not apply to state-wide or local elections.

(U) Assessments about manipulations of voter registration databases are equally hampered by the absence of data. As the Committee acknowledges, it “has limited information on the extent to which state and local election authorities carried out forensic evaluation of registration databases.”

That is, we don’t actually know what happened in 2016, because so few states were collecting that data, and it remains true that few states are auditing their elections.

Perhaps one of the most interesting details about 2016, however, involves the Russian government’s efforts to get permission to act as election observers, something that shows up two times in the report. It appears that Russia went first to State, and then to localities.

The Russian Embassy placed a formal request to observe the elections with the Department of State, but also reached outside diplomatic channels in an attempt to secure permission directly from state and local election officials. ” 37 In objecting to these tactics, then-Assistant Secretary of State for European and Eurasian Affairs Victoria Nuland reminded the Russian Ambassador that Russia had refused invitations to participate in the official OSCE mission that was to observe the U.S. elections.38

There’s another, heavily redacted discussion of this later in the report, but that unredacted discussion does say that Russia was seeking access to voting sites in September, and that no one ever figured out what Russia planned to do.

Department of State were aware that Russia was attempting to send election observers to polling places in 2016. The true intention of these efforts is unknown.

[snip]

The Russian Embassy placed a formal request lo observe the elections with the Department of State, but also reached outside diplomatic channels in an attempt to secure permission directly from state and local election officials.”‘ For example, in September 2016, the State 5 Secretary of State denied a request by the Russian Consul General to allow a Russian government official inside a polling station on Election Day to study the U.S. election process, according to State 5 officials.

But the footnotes make it clear that Ambassador Sergey Kislyak was bitching about the response all the way up to November 7.

That section immediately precedes a partly redacted discussion of a possible Russian effort to sow misinformation about voter fraud.

What the report does not say, in unredacted form, is how Kislyak’s formal efforts overlap with two other Russian efforts. First, there’s the discussion Maria Butina and Aleksandr Torshin had about whether she should serve as an election observer.

Following this October 5, 2016 Twitter conversation, BUTINA and [Aleksandr Torshin] discussed whether BUTINA should volunteer to serve as a U.S. election observer from Russia and agreed that the risk was too high. [Torshin] expressed the opinion that the “risk of provocation is too high and the ‘media hype’ which comes after it,” and BUTINA agreed by responding, “Only incognito! Right now everything has to be quiet and careful.”

Then there’s Guccifer 2.0’s announcement, at a time when Kislyak was bitching that Russia had been denied access to election sites, that he was going to serve as a (nonsensical) FEC election observer, watching the vulnerabilities in

SSCI doesn’t go there, but at a minimum, Guccifer 2.0’s disinformation paralleled an overt effort by the Russian state, one that Butina considered, but decided against, joining.

Of course, as I’ve noted before, it wasn’t just Russian entities volunteering to act as election observers so as to sow chaos. Where Russia threatened to do so, Roger Stone succeeded.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Gina Haspel Honorary 2020 Intelligence Authorization Might Criminalize Linked In Resumes

The Intelligence Authorization for 2018-2020 is actually not named after CIA Director Gina Haspel. But it might as well be for the way it bears the marks of the first female head of an Intelligence Agency. It offers 12 weeks of paid parental leave for Intelligence personnel (a good thing!) and it also imposes a new rule prohibiting someone nominated to a Senate-confirmed position from making classification determinations about information needed to assess the nominees record, as Haspel did when she hid information on her role in the torture program during her own confirmation process.

But the Haspel related part of the authorization that has (rightly) gotten the most attention — such as in this NYT piece — is a move designed to dramatically expand the types of people covered under the Intelligence Identities Protection Act, which currently prohibits sharing the identities of classified intelligence officers who’ve spent time overseas in the last five years, to cover everyone — past or present — whose relationship with US intelligence is classified.

Most of the concern about the measure focuses — as highlighted in Ron Wyden’s concerns laid out in the bill report — on avoiding accountability for torture (his comment implicitly applies to both Haspel and torture architects Mitchell and Jessen).

I am concerned about a new provision related to the Intelligence Identities Protection Act (IIPA). In 2010, I
worked to pass legislation to increase the penalties for violations of the IIPA. This bill, however, expands the bill so that it applies indefinitely, including to individuals who have been in the United States for decades and have become senior management or have retired. I am not yet convinced this expansion is necessary and am concerned that it will be employed to avoid accountability. The CIA’s request that the Committee include this provision, which invoked “incidents related to past Agency programs, such as the RDI [Rendition, Detention and Interrogation] investigation,” underscores my concerns.

While I agree with Wyden that the intent of this measure is about shielding the CIA from accountability, I think the measure would have two other unintended consequences.

First, I think it more likely that Julian Assange will beat some of the charges against him. (Let me be very clear, for the charges this would affect — which I lay out under Theory Three here — I think this is a good thing.) The justification for the change liberated by Charlie Savage actually mentions WikiLeaks by name.

Undercover Agency officers face ever-evolving threats, including cyber threats. Particularly with the lengths organizations such as WikiLeaksare willing to go to obtain and release sensitive national security information, as well as incidents related to past Agency programs, such as the RDI investigation, the original congressional reasoning mentioned above for a narrow definition of “covert agent” no longer remains valid.

This language raises real questions for me about whether CIA really understands WikiLeaks, not least because WikiLeaks is not going to greater lengths than other media outlets to facilitate the sharing of information (what happens before and after that is another issue).

But one way or another, if this bill were to pass, it would pass after Assange got charged with disclosing databases of sensitive identities. (The timing on this is rather suspect: SSCI passed the authorization on May 14, Burr reported it to the full Senate on May 22, and Assange’s superseding indictment was approved by the grand jury on May 23.) It would be child’s play for Assange’s attorneys (and he has very good attorneys) to argue that the timing is proof that disclosing the identities of most of the people in those databases — who were sources rather than CIA officers — was not illegal at either the time he did it or the time he was charged for it. In addition, passing this bill would reiterate Congress’ belief, now in 2019, that it believes only US citizens should be protected in this way; Assange is accused of disclosing the identities of foreigners, not Americans.

So this law, if it passes, would likely make it easier for Assange to beat these charges, but make anyone else doing it — even if for good reasons and after considering the risk — a criminal.

It’s the other presumably unintended consequence of this bill that I think is even more problematic. It would criminalize all sorts of ways that former intelligence officials publicly identify themselves. The current law includes an exception for those who identify themselves as covert agents, meaning the expanded definition should not be used to prevent people from disclosing their own past affiliation with the agency (to the extent their Non-Disclosure Agreements don’t prohibit it).

It shall not be an offense under section 601 for an individual to disclose information that solely identifies himself as a covert agent.

It also generally requires malice on the part of the person releasing identities. Nevertheless, given the way that the government already uses past classified work to restrict people for the rest of their life, it is not inconceivable that the government would come to use this law to punish others who provide platforms for former intelligence personnel to talk about that openly, like Linked In. Imagine a situation, for example, where the IC deems making it easier for former intelligence professionals to find better paying jobs in the private sector to be, “a pattern of activities intended to identify and expose covert agents and with reason to believe that such activities would impair or impede the foreign intelligence
activities of the United States.” In such a situation, Linked In might be charged under a newly expanded IIPA.

Given the vast number of former intelligence personnel who move into the private sector and the degree to which it has become commonplace to discuss those past affiliations openly, the criminalization of sharing of those identities poses a particular risk. That’s definitely not the point of this bill. But by lowering the bar for who counts as covert and making covert status permanent, it certainly could be used for such ends in the future.

Trump Administration Still Gaming Intelligence on Election Interference

Last month, I tracked a disturbing exchange between Dan Coats and Martin Heinrich regarding whether any of the efforts to tamper with this year’s election succeeded.

At the Global Threats hearing on January 29, Heinrich asked Coats whether the committee was going to get the results of the assessment of whether any of the tampering had had an effect. A week later, DOJ and DHS issued a report saying “no harm no foul.” Then 10 days later, the entire Senate Intelligence Committee wrote Coats a letter asking for DNI’s findings.

That troubling exchange took place against another one, revealed in a letter sent yesterday from Heinrich, Ron Wyden, and Kamala Harris.

On September 26, 2018, Trump mucked up a UN meeting by claiming, without evidence, that China was tampering in the 2018 midterms. The Democratic Senators apparently asked Dan Coats about it, and he issued a classified response on October 31. During the same Global Threat Hearing where Heinrich raised the general assessment in open session, the Senators raised the China accusation in the closed session. In response, Coats sent a letter on February 8, basically covering for Trump.

As early as August, during a press conference, I stated that Russia was not the only country that had an interest in trying to influence our domestic political environment and that we knew others had the capability and may be considering influence activities. On October 19, 2018 and again on November 5, 2018 my office, in conjunction with the Federal Bureau of Investigation, Department of Justice, and Department of Homeland Security, released public statements detailing ongoing campaigns by Russia, China, and other foreign actors, including Iran, to influence public sentiment and government policies and undermine democratic institutions.

But that’s not what the Senators were getting at in their request. In yesterday’s letter, they noted,

The October 31, 2018, letter includes important information about the 2018 elections, as well as the 2016 elections, which your February 8, 2019 letter did not address.

That is, there’s something — apparently about both the 2018 and the 2016 elections — that Coats is hiding, information that surely would embarrass Trump.

And Coats isn’t giving it to us.

Given that just Democratic Senators are on the request (unlike the earlier request), this one seems to amount to Coats running partisan interference to prevent Trump from being embarrassed. Which, if true, would mean that the head of the Intelligence Community is using classification to hide the fact that the President is making bullshit claims about our elections.

Journalist Records from the “Last Five Years”

Some weeks ago, there was some concern raised by DOJ’s response to an October 10, 2017 letter from Ron Wyden, written in the wake of an August Jeff Sessions press conference asking how many times DOJ has seized journalists’ records.

  1. For each of the past five years, how many times has DOJ used subpoenas, search warrants, national security letters, or any other form of legal process authorized by a court to target members of the news media in the United States and American journalists abroad to seek their (a) communications records, (b) geo-location information, or (c) the content of their communications? Please provide statistics for each form of legal process.
  2. Has DOJ revised the 2015 regulations, or made any other changes to internal procedures governing investigations of journalists since January 20, 2017? If yes, please provide me with a copy.

In response, in a letter claiming to provide all the “requests for information from January 2012 to the present,” DOJ pointed to the 2013 collection of AP records and the 2014 subpoena of James Risen. It also claimed,

The Federal Bureau of Investigation does not currently use national security letters to advance media leak investigations.

DOJ’s letter was written after Ali Watkins received notice, on February 13, that her phone and email records had been seized in the investigation of James Wolfe. It also comes after DOJ subpoenaed the Twitter information of Dissent Doe and Popehat last spring in conjunction with DOJ’s dumb persecution of Justin Shafer, both of whom have websites providing original content.

Whether DOJ has gotten more aggressive about seizing reporters’ phone records or content is a question I’m unsurprisingly very interested in.

All that said, DOJ may simply be playing word games, at least thus far.

Note, first of all, that Wyden only asked for the “past five years.” While DOJ claimed to present records spanning into the present, had DOJ responded to the actual request, it might have only presented past requests. Additionally, if Watkins got 90 day notice of her records being seized, the request itself would have taken place after the Wyden request.

While more specious, the May 2017 Twitter subpoena may have been deemed to be the same year as Wyden’s request.

Note three other details. First, Wyden’s letter (though not DOJ’s response) describes “targeting” journalists. Obviously, that word has a specific meaning in the context of surveillance, and I could see DOJ claiming that the Shafer investigation, for example, targeted Shafer, not his Tweeps.

Additionally, Wyden only asks about US news media and US journalists overseas. That’s not going to include an obvious target (whether or not DOJ still considers him a publisher): Julian Assange, an Australian publisher living in what counts as Ecuadoran territory.

Finally, note that DOJ specifies they don’t use NSLs for “media leak investigations.” That, too, has a specific meaning, one that probably doesn’t include the Shafer investigation on trumped up cyberstalking charges.

The Watkins case, especially, demands explanation. But finding it might just require rewording the questions.

Did Trump Modify PPD-28 Last Year before Retaining It?

In a series of questions for the record about whether CIA will continue to publicly post its surveillance procedures, CIA Director nominee Gina Haspel suggested she wouldn’t note changes if doing so would expose sources and methods.

Yes, subject only to my duty to protect classified information and intelligence sources and methods.

One question to which she gave that answer pertained to PPD-28, the Obama directive that provided some protections to foreign citizens.

The CIA’s PPD-28 Section 4 policies and procedures are publicly available. Will you ensure that the CIA continues to post these procedures as well as any modifications, superseding policies and procedures, or significant interpretations?

When Wyden asked about the importance of PPD-28 to bilateral relationships, Haspel explained that the Trump Administration had reviewed and retained it last year (Mike Pompeo had floated ditching it in his confirmation hearing). But in discussions about modifications, she envisioned only substantial modifications might interest allies.

PPD-28 underlies the US commitment to the EU/US Privacy Shield. This administration reviewed PPD-28 last year and decided to retain it. If PPD-28 were substantially modified or eliminated, our European partners might re-evaluate their commitment to the Privacy Shield that support trans-Atlantic commercial data flows.

The answers certainly leave the possibility that, in reviewing PPD-28 last year, the Trump Administration did make classified modifications, but did not consider them major enough to tell our European friends about.

Ron Wyden Makes It Clear Gina Haspel Pushed for Torture to Continue in 2005

Among the many, many damning details of Gina Haspel’s confirmation hearing, one sticks out. Ron Wyden asked her whether, during the 2005 to 2007 period, whether she ever asked for the torture program to be continued or expanded. She didn’t answer. Instead, she dodged:

Haspel: Like all of us who were in the counterterrorism center and working at CIA in those years after 9/11, we all believed in our work, we were committed, we had been charged with making sure the country wasn’t attacked again. And we had been informed that the techniques in CIA’s program were legal and authorized by the highest legal authority in our country and also the President. So I believe, I and my colleagues in the counterterrorism center were working as hard as we could with the tools that we were given to make sure that we were successful in our mission.

Wyden: My time is short and that, respectfully, is not responsive to the question. That was a period where the agency was capturing fewer detainees, waterboarding was no longer approved, and especially in light of that Washington Post story, I would really like to have on the record whether you ever called for the program to be continued, which it sure sounds to me like your answer suggested. You said, well we were doing our job it ought to be continued.

This makes it clear that Haspel was involved in reauthorizing torture in 2005, in a process that was as rife with lies to DOJ as the original authorization process had been.

It also makes Haspel directly responsible for the torture of people like Abu Farj al-Lbi, which the torture report describes this way.

On May 2005, one day after al-Libi’s arrival at DETENTION SITE BLACK, CIA interrogators received CIA Headquarters approval for the use of the CIA’s enhanced interrogation techniques on Abu Faraj al-Libi. CIA interrogators began using the CIA’s enhanced interrogation techniques on Abu Faraj al-Libi on May 28, 2005, two days before the OLC issued its memorandum analyzing whether the techniques violated U.S. obligations under the Convention Against Torture.891

The CIA interrogated Abu Faraj al-Libi for more than a month using tlie CIA’s enhanced interrogation techniques. On a number of occasions, CIA interrogators applied the CIA’s enhanced interrogation techniques to Abu Faraj al-Libi when he complained of a loss of hearing,repeatedly telling him to stop pretending he could not hear well.892 Although the interrogators indicated that they believed al-Libi’s complaint was an interrogation resistance technique, Abu Faraj al-Libi was fitted for a hearing aid after his transfer to U.S. military custody at Guantanamo Bay in 2006.893 Despite the repeated and extensive use of the CIA’s enhanced interrogation techniques on AbuFaraj al-Libi, CIA Headquarters continued to insist throughout the summer and fall of 2005 that Abu Faraj al-Libi was withholding information and pressed for the renewed use of the techniques. The use of the CIA’s enhanced interrogation techniques against Abu Faraj al-Libi was eventually discontinued because CIA officers stated that they had no intelligence to demonstrate that Abu Faraj al-Libi continued to withhold information, and because CIA medical officers expressed concern that additional use of the CIA’s enhanced interrogation techniques “may come with unacceptable medical or psychological risks.894 After the discontinuation of the CIA’s enhanced interrogation techniques, the CIA asked Abu Faraj al-Libi about UBL facilitator Abu Ahmad al-Kuwaiti for the first time.895 Abu Faraj al-Libi denied knowledge of al-Kuwaiti.896

That Haspel appears to have pushed to use torture with al-Libi is significant for multiple reasons. First, as noted, the CIA tortured al-Libi immediately after taking him into custody. There was no show of seeing whether he would cooperate. The CIA used his claim of hearing problems — a claim that turned out to be true — as an excuse to do more torture. CIA apparently kept asking to resume torture with him, even though it didn’t work.

Really importantly for the legacy of the torture program, al-Libi not only didn’t reveal the identity of Abu Ahmad al-Kuwaiti while he was being tortured, he continued to lie about it after he was tortured.

But Haspel’s involvement in this might be most problematic given the timing of it. As noted, the CIA asked for custody of al-Libi while they were still getting torture reauthorized; the first two Bradbury memos, authorizing torture and then their use of them in combination, were approved on May 10. As further noted, however, CIA started torturing al-Libi before the last Bradbury memo was signed on May 30. We know from Jim Comey’s memos about that process that DOJ was pushed very hard to approve them. Critically important, however, is that Alberto Gonzales made a case against reapproving torture at the May 31 principals meeting. In spite of DOJ concerns, the principals committee reapproved all the techniques.

That’s because CIA had already started torturing al-Libi. Effectively, CIA (so, presumably, Haspel, among others), rushed to torture al-Libi so that the government would have no choice but to reauthorize it.

In 2017, the Government Withdrew Three FISA Collection Requests Rather than Face an Amicus Review

Last year’s Section 702 Reauthorization law included a bunch of technical fix language describing how appeals of FISA Court of Review decisions should work.

In this post on that technical language, I speculated that Congress may have added the language in response to a denial of a request by the FISCR, about the only thing that would have identified the need for such language.

As one piece of evidence to support that hypothesis, I noted that one of the times the FISC consulted with an amicus (probably Amy Jeffress), it did not make the topic or the result public.

There’s one other reason to think there must have been a significant denial: The report, in the 2015 FISC report, that an amicus curiae had been appointed four times.

During the reporting period, on four occasions individuals were appointed to serve as amicus curiae under 50 U.S.C. § 1803(i). The names of the three individuals appointed to serve as amicus curiae are as follows:  Preston Burton, Kenneth T. Cuccinelli II  (with Freedom Works), and Amy Jeffress. All four appointments in 2015 were made pursuant to § 1803(i)(2)(B). Five findings were made that an amicus curiae appointment was not appropriate under 50 U.S.C. § 1803(i)(2)(A) (however, in three of those five instances, the court appointed an amicus curiae under 50 U.S.C. § 1803(i)(2)(B) in the same matter).

We know of three of those in 2015: Ken Cuccinelli serving as amicus for FreedomWorks’ challenge to the restarted dragnet in June 2015, Preston Burton serving as amicus for the determination of what to do with existing Section 215 data, and Amy Jeffress for the review of the Section 702 certifications in 2015. (We also know of the consultation with Mark Zwillinger in 2016 and Rosemary Collyer’s refusal to abide by USA Freedom Act’s intent on amici on this year’s reauthorization.) I’m not aware of another, fourth consultation that has been made public, but according to this there was one more. I say Jeffress was almost certainly the amicus used in that case because she was one of the people chosen to be a formal amicus in November 2015, meaning she would have been called on twice. If it was Jeffress, then it likely happened in the last months of the year.

I raise that background because of a detail in the FISC report released yesterday, showing its approvals for 2017. It revealed that FISC told the government on three occasions it might appoint an amicus. On all three occasions, the government withdrew the request rather than undergo a FISC review with even a limited adversary.

During the reporting period, no individual was appointed to serve as amicus curiae by the FISA courts. No findings were made in 2017, pursuant to 50 U.S.C. § 1803(i)(2)(A), that an amicus curiae appointment was not appropriate. There were three matters in which the Court advised the government that it was considering appointment of an amicus curiae to address a novel or significant question of law raised in proposed applications, but the government ultimately did not proceed with the proposed applications at issue, or modified the final applications such that they did not present a novel or significant question of law, thereby obviating a requirement for consideration as to the appropriateness of appointment of amicus. These matters are reflected in the table above as, respectively, a modification to a proposed order, an application denied in full, and an application denied in part. This is the first report including information about such occurrences. A similarly small number of such events occurred during prior reporting periods but were not discussed in the reports for those years.

In one case, the government withdrew an entire application after learning the FISC might appoint an amicus to review the proposed technique. In two others, the final order in one or another way did not include the requested practice.

These three instances are not the first time the government has withdrawn a request after learning FISC would invite adversarial review. While the court doesn’t reveal how many or in what years, it does say that a “similarly small number of such events occurred during prior reporting periods.” Given that there have been just two other reporting periods (the report for part of 2015 and the report covering all of 2016), the language seems to suggest it happened in both years.

That the government has been withdrawing requests rather than submitting them to the scrutiny of an amicus suggests several things.

First, it may be withdrawing such applications out of reluctance to share details of such techniques even with a cleared amicus, not even one of the three who served as very senior DOJ officials in the past. If that’s right, that would reflect some pretty exotic requests, because some of the available amici (most notably former Assistant Attorney General David Kris) have seen all that DOJ was approving with NatSec collection.

Second, remember that for at least one practice (the collection of location information), the government has admitted to opting to using criminal process rather than FISA where more lenient precedents exist in particular jurisdictions. That might happen, for example, if a target could be targeted in a state that didn’t require a warrant for some kinds of location data whereas FISC does.

Starting in 2017, the government would have the ability to share raw EO 12333 with the FBI, which might provide another alternative means to collect the desired data.

All of which is to say these withdrawals don’t necessarily mean the government gave up. Rather, past history has shown that the government often finds another way to get information denied by the FISC, and that may have happened with these three requests.

Finally, remember that as part of 702 reauthorization last year, Ron Wyden warned that reauthorization should include language preventing the government from demanding that companies provide technical assistance (which obviously includes, but is probably not limited to, bypassing or weakening encryption) as part of 702 directives. The threat the government might do so under 702 is particularly acute, because unlike with individual orders (which is what the withdrawn requests here are), the FISC doesn’t review the directives submitted under 702. Some of these withdrawn requests — which may number as many as nine — may reflect such onerous technical requests.

Importantly, one reason the government might withdraw such requests is to avoid any denials that would serve as FISC precedent for individualized  and 702 requests. That is, if the government believed the court might deny an individual request, it might withdraw it and preserve its ability to make the very same demand in a 702 context, where the FISC doesn’t get to review the techniques use.

Whatever the case, the government has clearly been bumping up against the limits of what it believes FISC will approve in individualized requests. But that doesn’t mean it hasn’t been surpassing those limits via one or another technical or legal means.

Cambridge Analytica Uncovered and More to Come

A little recap of events overnight while we wait for Channel 4’s next video. Channel 4 had already posted a video on March 17 which you can see here:

Very much worth watching — listen carefully to whistleblower Chris Wylie explain what data was used and how it was used. I can’t emphasize enough the problem of non-consensual use; if you didn’t explicitly consent but a friend did, they still swept up your data

David Carroll of Parsons School of Design (@profcarroll) offered a short and sweet synopsis last evening of the fallout after UK’s Channel 4 aired the first video of Cambridge Analytica Uncovered.

Facebook CTO Alex Stamos had a disagreement with management about the company’s handling of crisis; first reports said he had resigned. Stamos tweeted later, explaining:

“Despite the rumors, I’m still fully engaged with my work at Facebook. It’s true that my role did change. I’m currently spending more time exploring emerging security risks and working on election security.”

Other reports say Stamos is leaving in August. Both could be true: his job has changed and he’s eventually leaving.

I’m betting we will hear from him before Congress soon, whatever the truth.

Speaking of Congress, Sen. Ron Wyden has asked Mark Zuckerberg to provide a lot of information pronto to staffer Chris Sogohian. This ought to be a lot of fun.

A Facebook whistleblower has now come forward; Sandy Parkilas said covert harvesting of users’ data happened frequently, and Facebook could have done something about it.

Perhaps we ought to talk about nationalization of a citizens’ database?

2018 Senate Intelligence Global Threat Hearing Takeaways

Today was the annual Senate Intelligence Committee Global Threat Hearing, traditionally the hearing where Ron Wyden gets an Agency head to lie on the record.

That didn’t happen this time.

Instead, Wyden gave FBI Director Christopher Wray the opportunity to lay out the warnings the FBI had given the White House about Rob Porter’s spousal abuse problems, which should have led to Porter’s termination or at least loss of access to classified information.

The FBI submitted a partial report on the investigation in question in March. And then a completed background investigation in late July. That, soon thereafter, we received request for follow-up inquiry. And we did that follow-up and provided that information in November. Then we administratively closed the file in January. And then earlier this month we received some additional information and we passed that on as well.

That, of course, is the big takeaway the press got from the hearing.

A follow-up from Martin Heinrich shortly after Wyden’s question suggested he had reason to know of similar “areas of concern” involving Jared Kushner (which, considering the President’s son-in-law is under investigation in the Russian investigation, is not that surprising). Wray deferred that answer to closed session, so the committee will presumably learn some details of Kushner’s clearance woes by the end of the day.

Wray twice described the increasing reliance on “non-traditional collectors” in spying against the US, the second time in response to a Marco Rubio question about the role of Chinese graduate students in universities. Rubio thought the risk was from the Confucius centers that China uses to spin Chinese culture in universities. But not only did Wray say universities are showing less enthusiasm for Confucius centers of late, but made it clear he was talking about “professors, scientists, and students.” This is one of the reasons I keep pointing to the disproportionate impact of Section 702 on Chinese-Americans, because of this focus on academics from the FBI.

Susan Collins asked Mike Pompeo about the reports in The Intercept and NYT on CIA’s attempts to buy back Shadow Brokers tools. Pompeo claimed that James Risen and Matt Rosenberg were “swindled” when they got proffered the story, but along the way confirmed that the CIA was trying to buy stuff that “might have been stolen from the US government,” but that “it was unrelated to this idea of kompromat that appears in each of those two articles.” That’s actually a confirmation of the stories, not a refutation of them.

There was a fascinating exchange between Pompeo and Angus King, after the latter complained that, “until we have some deterrent capacity we are going to continue to be attacked” and then said right now there are now repercussions for Russia’s attack on the US.

Pompeo: I can’t say much in this setting I would argue that your statement that we have done nothing does not reflect the responses that, frankly, some of us at this table have engaged in or that this government has been engaged in both before and after, excuse me, both during and before this Administration.

King: But deterrence doesn’t work unless the other side knows it. The Doomsday Machine in Dr. Strangelove didn’t work because the Russians hadn’t told us about it.

Pompeo: It’s true. It’s important that the adversary know. It is not a requirement that the whole world know it.

King: And the adversary does know it, in your view?

Pompeo: I’d prefer to save that for another forum.

Pompeo later interjected himself into a Kamala Harris discussion about the Trump Administration’s refusal to impose sanctions by suggesting that the issue is Russia’s response to cumulative responses. He definitely went to some effort to spin the Administration’s response to Russia as more credible than it looks.

Tom Cotton made two comments about the dossier that Director Wray deferred answering to closed session.

First, he asked about Christopher Steele’s ties to Oleg Deripaska, something I first raised here and laid out in more detail in this Chuck Grassley letter to Deripaska’s British lawyer Paul Hauser. When Cotton asked if Steele worked for Deripaska, Wray said, “that’s not something I can answer.” When asked if they could discuss it in a classified setting, Wray said, “there might be more we could say there.”

Cotton then asked if the FBI position on the Steele dossier remains that it is “salacious and unverified” as he (misleadingly) quoted Comey as saying last year. Wray responded, “I think there’s maybe more we can talk about this afternoon on that.” It’s an interesting answer given that, in Chuck Grassley’s January 4 referral, he describes a “lack of corroboration for [Steele’s dossier] claims, at least at the time they were included in the FISA applications,” suggesting that Grassley might know of corroboration since. Yet in an interview by the even better informed Mark Warner published 25 days later, Warner mused that “so little of that dossier has either been fully proven or conversely, disproven.” Yesterday, FP reported that BuzzFeed had hired a former FBI cybersecurity official Anthony Ferrante to try to chase down the dossier in support of the Webzilla and Alfa bank suits against the outlet, so it’s possible that focused attention (and subpoena power tied to the lawsuit) may have netted some confirmation.

Finally, Richard Burr ended the hearing by describing what the committee was doing with regards to the Russian investigation. He (and Warner) described an effort to bring out an overview on ways to make elections more secure. But Burr also explained that SSCI will release a review of the ICA report on the 2016 hacks.

In addition to that, our review of the ICA, the Intel Committee Assessment, which was done in the F–December of 06, 16–we have reviewed in great detail, and we hope to report on what we found to support the findings where it’s appropriate, to be critical if in fact we found areas where we found came up short. We intend to make that public. Overview to begin with, none of this would be without a declassification process but we will have a public version as quickly as we can.

Finally, in the last dregs of the hearing, Burr suggested they would report on who colluded during the election.

We will continue to work towards conclusions  on any cooperation or collusion by any individual, campaign, or company with efforts to influence elections or create societal chaos in the United States.

My impression during the hearing was that this might refer to Cambridge Analytica, which tried to help Wikileaks organize hacked emails — and it might well refer to that. But I wonder if there’s not another company he has in mind.