Posts

Why We Should Remain Skeptical of the Five (!!) Congressional Investigations into the Russian Hack

I was interviewed (on Thursday) about the Flynn resignation and larger investigation into the Russia hack for Saturday’s On the Media. In what made the edit, I made one error (which I’ll explain later), but a key point I made holds. The leaking about Flynn and other Russian events are hypocritical and out of control. But they may create pressure to fix two problems with the current investigations into the Russian hack: the role of Jeff Sessions overseeing the DOJ-led investigations, and the role of Trump advisory officials Devin Nunes and Richard Burr overseeing the most appropriate congressional investigations.

In this post I’ll look at the latter conflicts. In a follow-up I’ll look at what the FBI seems to be doing.

As I noted in the interview, contrary to what you might think from squawking Democrats, there are five congressional investigations pertaining to Russian hacks, though some will likely end up focusing on prospective review of Russian hacking (for comparison, there were seven congressional Benghazi investigations). They are:

  • Senate Intelligence Committee: After months of Richard Burr — who served on Trump’s campaign national security advisory council — saying an inquiry was not necessary and going so far as insisting any inquiry wouldn’t review the dossier leaked on Trump, SSCI finally agreed to do an inquiry on January 13. Jim Comey briefed that inquiry last Friday, February 17.
  • House Intelligence Committee: In December, James Clapper refused to brief the House Intelligence Committee on the latest intelligence concluding Russian hacked the DNC with the goal of electing Trump, noting that HPSCI had been briefed all along (as was clear from some of the leaks, which clearly came from HPSCI insiders). In January, they started their own investigation of the hack, having already started fighting about documents by late January. While Ranking Democratic Member Adam Schiff has long been among the most vocal people complaining about the treatment of the hack, Devin Nunes was not only a Trump transition official, but made some absolutely ridiculous complaints after Mike Flynn’s side of some conversations got legally collected in a counterintelligence wiretap. Nunes has since promised to investigate the leaks that led to Flynn’s forced resignation.
  • Senate Armed Services Committee: In early January, John McCain announced he’d form a new subcommittee on cybersecurity, with the understanding it would include the Russian hack in its focus. Although he originally said Lindsey Graham would lead that committee, within weeks (and after Richard Burr finally capitulated and agreed to do a SSCI inquiry), McCain instead announced Mike Rounds would lead it.
  • Senate Foreign Relations Committee: In December, Bob Corker announced the SFRC would conduct an inquiry, scheduled to start in January. At a hearing in February, the topic came up multiple times, and both Corker and Ben Cardin reiterated their plans to conduct such an inquiry.
  • Senate Judiciary Subcommittee on Crime and Terrorism: After Graham was denied control of the SASC panel, he and Sheldon Whitehouse announced they’d conduct their own inquiry, including a prospective review of “the American intelligence community’s assessment that Russia did take an active interest and play a role in the recent American elections.”

All the while, some Senators — McCain, Graham, Chuck Schumer, and Jack Reed — have called for a Select Committee to conduct the investigation, though in true McCainesque fashion, the maverick has at times flip-flopped on his support of such an inquiry.

Also, while not an investigation, on February 9, Jerry Nadler issued what I consider (strictly as it relates to the Russian hack, not the other conflicts) an ill-advised resolution of inquiry calling for the Administration to release materials relating to the hack, among other materials. Democrats in both the House and Senate have introduced legislation calling for an independent commission, but have gotten no support even from the mavericky Republicans.

As you can see from these descriptions, it took pressure from other committees, especially Lindsey Graham getting control of one of the inquiries, before Richard Burr let himself be convinced by SSCI Vice Chair Mark Warner to conduct an inquiry. Thus far, Mitch McConnell has staved off any Select Committee. As soon as SSCI did claim to be launching an investigation, a bunch of Republicans tried to shut down the others, claiming it was all simply too confusing.

Let me be clear: as I noted in the OTM interview, the intelligence committees are the appropriate place to conduct this investigation, as it concerns really sensitive counterintelligence matters — people who could be witnesses to it are getting killed! — and an ongoing investigation. The only way to conduct a responsible inquiry is to do so in secret, and unless a select committee with clearance is formed, that means doing so in the dysfunctional intelligence committees.

That’s made worse by Nunes and Burr’s obvious conflicts, having served on Trump’s pre-inauguration advisory teams (at a time when Mike Flynn was chatting about ongoing sanctions with Russia), and their equally obvious disinterest in conducting the investigation. Remember that the intelligence committees successfully bolloxed up the independent investigation into Iran-Contra. While neither Nunes nor Burr is as smart as Dick Cheney, who had a key role in that intentional bolloxing, Democrats should be cognizant of the ways that such bolloxing has happened in the past.

And now that SSCI has finally started its inquiry, Ali Watkins published an uncharacteristically credulous report on Burr’s role in the investigation, slathering on the colorful vocabulary — “brutally yanked;” “underground cohort;” “dark shadow of Langley;” “Wearily, they’re trudging forward on a probe littered with potential political landmines;” — before portraying the allegedly difficult position Burr is in:

That he’s now in charge of the sweeping Russia inquiry puts the North Carolina Republican in between a rock and a hard place. Since taking over the helm of the intelligence committee, Burr has pressed for more active and aggressive oversight, and has kept a rigorous travel schedule to match. But his decisive reelection victory in November came at a cost — throughout the contentious race, Burr towed Trump’s line, and hasn’t yet directly criticized the White House publicly.

But Burr has shown no indication that he’s ever angled for a Trump administration job, and says he’s not running for re-election. How seriously he takes his obligation to carry his president’s water remains to be seen.

Burr has been slammed by colleagues in recent days, who fear he’s slow-rolling an investigation into a fast-moving story. But much of the inquiry’s slow start was due to bureaucratic wrangling — some intelligence agencies insisted products be viewed on site rather than sent to the Hill, and some of the intelligence was so tightly controlled that it was unclear if staffers could even view it.

This is just spin. There is abundant public record that Burr has thwarted oversight generally (he has said things supporting that stance throughout his history on both the Senate and House Intelligence Committee, even ignoring his role in covering up torture, and Watkins’ earlier incorrect claims about Burr’s open hearings remain only partly corrected). There is no mention in this article that Burr was on Trump’s national security advisory committee. Nor that SSCI had reason to do hearings about this hack well before January 2017, back when it might have made a difference — at precisely the time when Burr apparently had time to advise Trump about national security issues as a candidate. Plus, it ignores all the things laid out here, Burr’s continued equivocation about whether there should even be a hearing.

There is no reason to believe Burr or Nunes intend to have a truly rigorous investigation (bizarrely, Warner seems to have had more success pushing the issue than Schiff — or Dianne Feinstein when she was Vice Chair — though that may be because the Ranking position is stronger in the Senate than in the House). And history tells us we should be wary that their investigations will be counterproductive.

As I noted, on Friday — the Friday before a recess — Jim Comey briefed the SSCI on the Russian hack. That briefing was unusual for the date (regular SSCI meetings happen on Tuesday and Thursday, and little business of any kinds happens right before a recess). Reporters have interpreted that, along with the presumed silence about the content of the briefing, as a sign that things are serious. That may be true — or it may be that that was the only time a 3-hour briefing could be scheduled. In the wake of the briefing, it was reported that the SSCI sent broad preservation requests tied to the inquiry (that is, they sent the request long after the inquiry was started). And while the press has assumed no one is talking, the day after the briefing, Reuters reported outlines of at least three parts of the FBI investigation into the Russian hack, attributed to former and current government officials.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Stephen Miller’s and Trump’s Gross Re-Politicization of DOJ

There was some legitimate concern about inappropriate machination of the Department of Justice when Trump named and confirmed Jeff Sessions as his Attorney General. Typical discussion followed this by Isaac Arnsdorf at Politico:

Donald Trump suggested on the campaign trail that he could use the Justice Department to fulfill his political agenda, taunting Hillary Clinton by threatening to throw her in jail over her email scandal.

Now, Sen. Jeff Sessions, Trump’s pick for attorney general, will have to decide whether to follow his predecessors by vowing to not let politics drive the DOJ’s decision-making.

That was one, and a serious, level of concern. Today we find said concern not close to being deep enough as to how the Trump White House would try to run Justice as merely a lever of their extreme politics.

But, via the New York Daily News, comes a little noticed, and truly frightening report of just how renegade and ridiculous the “fine tuned machine” the Trump White House is determined to be in politicizing the DOJ. In an article captioned “Stephen Miller called Brooklyn U.S. Attorney at home and told him how to defend travel ban in court”, comes the stunning news that:

In the chaotic hours after President Trump signed on a Friday afternoon the sloppily written executive order meant to fulfill his Muslim ban campaign promise, Stephen Miller called the home of Robert Capers to dictate to the U.S. Attorney for the Eastern District how he should defend that order at a Saturday emergency federal court hearing.

That’s according to a federal law enforcement official with knowledge of the call, which happened as Department of Justice attorneys cancelled plans, found babysitters and rushed back to their Brooklyn office to try and find out what exactly it was they were defending and who was being affected by it — how many people were already being held in America, how many were being barred from arriving here and the exact status of each person.

The full article at the NYDN is mandatory reading, but let that sink in for a second. 31 year old Stephen Miller, a wet behind the ears extreme right wing ideologue with white nationalist leanings and NO, repeat NO legal training, much less law degree, called up a United States Attorney – at home! – to “dictate” how the DOJ would operate in an emergency litigation situation in an United States District Court.

Stunning is too weak of a response. Shocking is insufficient. It is actually hard to know what the proper words for this are.

I asked Matthew A. Miller, former OPA head under the Obama DOJ for a thought on the implications of Stephen Miller’s hubris in this instance. His reply was:

The last time a White House started dictating demands to U.S. attorneys, the sitting Attorney General had to resign in disgrace. This raises yet another in a series of questions about whether the Sessions Justice Department will be independent from the Trump White House.

Exactly. I would have said “unprecedented” above along with “stunning” and “shocking”, but for what occurred during a period of the Bush/Cheney regime when the interaction and control of the DOJ from the White House was extreme. And, ultimately, blown up as beyond unacceptable and appropriate by more reasoned minds and authorities. And, I might add, substantially due to the Fourth Estate of the press, that Trump blithely and ignorantly describes as “enemies of the American people”.

Yes, it is really that important of a moment now with Stephen Miller (note: NO relation to Matthew A. Miller) and the extreme hubris and lack of institutional awareness, competence or control, and obvious disdain for any, by the Trump Administration.

Back in 2007 Senator Sheldon Whitehouse created, and displayed at a Senate hearing, a stunning graphic displaying the shocking difference between communication between the Clinton White House and DOJ, and the ridiculous political input that the Bush Cheney White House had to DOJ.

With the grossly inappropriate statements of President Donald Trump as to how “he” will direct prosecutions of political enemies and other criminal and military defendants, leakers and others, to the literally insane conduct of Stephen Miller here, it is time to remember Senator Whitehouse’s chart.

It is also time to wonder if Sheldon Whitehouse and other members of the Senate Judiciary Committee have the cojones to take the fight for the Constitution and integrity of the justice system once again to a renegade White House. And the Trump White House has quickly made the Bush/Cheney White house look better in the rear view mirror, as truly craven as they were.

And, yes, the situation is exactly that dire if you recall the same Stephen Miller, being sent out and directed to all the Sunday political shows to declare and mandate that:

“…our opponents, the media and the whole world will soon see as we begin to take further actions, that the powers of the president to protect our country are very substantial and will not be questioned.”

This is straight up an Article II Branch declaration of pure tyranny by Stephen Miller and Trump. This is a serious problem, and this is an Administration making good on its promise and determination in that regard.

Bmaz is a rather large saguaro cactus in the Southwestern Sonoran desert. A lover of the Constitution, law, family, sports, food and spirits. As you might imagine, a bit prickly occasionally. Bmaz has attended all three state universities in Arizona, with both undergraduate and graduate degrees from Arizona State University, and with significant post-graduate work (in physics and organic chemistry, go figure) at both the University of Colorado in Boulder and the University of Arizona. Married, with both a lovely child and a giant Sasquatch dog. Bmaz has been a participant on the internet since the early 2000’s, including active participation in the precursor to Emptywheel, The Next Hurrah. Formally joined the Emptywheel blog as an original contributing member at its founding in 2007. Bmaz grew up around politics, education, sports and, most significantly, cars; notably around Formula One racing and Concours de Elegance automobile restoration and showing. Currently lives in the Cactus Patch with his lovely wife and beast of a dog, and practices both criminal and civil trial law.

CISA Update: Cloture Passed, Masters of the Universe and Sheldon Whitehouse Agree on Compromise

This morning, the Senate voted in favor of cloture on the new (this morning) manager’s amendment on CISA.

Here’s the roll call, which was a blowout. Votes against cloture were:

  • Baldwin (WI)
  • Booker (NJ)
  • Brown (OH)
  • Coons (DE)
  • Franken (MN)
  • Leahy (VT)
  • Markey (MA)
  • Menendez (NJ)
  • Merkley (OR)
  • Paul (KY)
  • Sanders (VT)
  • Udall (NM)
  • Warren (MA)
  • Wyden (OR)

Rand Paul’s amendment — requiring companies to adhere to their contract with customers — failed by a two-thirds margin (I will update with roll call when it’s posted).

One significant change in today’s manager’s amendment was that Sheldon Whitehouse’s crappy CFAA amendment got replaced in its entirety with this language:

SEC. 408. STOPPING THE FRAUDULENT SALE OF FINANCIAL INFORMATION OF PEOPLE OF THE UNITED STATES.

Section 1029(h) of title 18, United States Code, is amended by striking ‘‘title if—’’ and all that follows through ‘‘therefrom.’’ and inserting ‘‘title if the offense involves an access device issued, owned, managed, or controlled by a financial institution, account issuer, credit card system member, or other entity organized under the laws of the United States, or any State, the District of Columbia, or other Territory of the United States.’’

This basically protects Americans’ data if the data is owned by a US entity, regardless of where the attack on it was launched from (which was the unoffensive part of Whitehouse’s CFAA amendment). Given what Tom Carper said yesterday, we still need to be vigilant against it returning in conference, but for now this is a solid compromise.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Sheldon Whitehouse’s Horrible CFAA Amendment Gets Pulled — But Will Be Back in Conference

As I noted yesterday, Ron Wyden objected to unanimous consent on CISA yesterday because Sheldon Whitehouse’s crappy amendment, which makes the horrible CFAA worse, was going to get a vote. Yesterday, it got amended, but as CDT analyzed, it remains problematic and overbroad.

This afternoon, Whitehouse took to the Senate floor to complain mightily that his amendment had been pulled — presumably it was pulled to get Wyden to withdraw his objections. Whitehouse complained as if this were the first time amendments had not gotten a vote, though that happens all the time with amendments that support civil liberties. He raged about the Masters of the Universe who had pulled his amendment, and suggested a pro-botnet conference had forced the amendment to be pulled, rather than people who have very sound reasons to believe the amendment was badly drafted and dangerously expanded DOJ’s authority.

For all Whitehouse’s complaining, though, it’s likely the amendment is not dead. Tom Carper, who as Ranking Member of the Senate Homeland Security Committee would almost certainly be included in any conference on the bill, rose just after Whitehouse. He said if the provision ends up in the bill, “we will conference, I’m sure, with the House and we will have an opportunity to revisit this, so I just hope you’ll stay in touch with those of us who might be fortunate enough to be a conferee.”

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

CISA Moves: A Summary

This afternoon, Aaron Richard Burr moved the Cyber Intelligence Sharing Act forward by introducing a manager’s amendment that has limited privacy tweaks (permitting a scrub at DHS and limiting the use of CISA information to cyber crimes that nevertheless include to prevent threat to property), with a bunch of bigger privacy fix amendments, plus a Tom Cotton one and a horrible Sheldon Whitehouse one called as non-germane amendments requiring 60 votes.

Other than that, Burr, Dianne Feinstein, and Ron Wyden spoke on the bill.

Burr did some significant goalpost moving. Whereas in the past, he had suggested that CISA might have prevented the Office of Public Management hack, today he suggested CISA would limit how much data got stolen in a series of hacks. His claim is still false (in almost all the hacks he discussed, the attack vector was already known, but knowing it did nothing to prevent the continued hack).

Burr also likened this bill to a neighborhood watch, where everyone in the neighborhood looks out for the entire neighborhood. He neglected to mention that that neighborhood watch would also include that nosy granny type who reports every brown person in the neighborhood, and features self-defense just like George Zimmerman’s neighborhood watch concept does. Worse, Burr suggested that those not participating in his neighborhood watch were had no protection, effectively suggesting that some of the best companies on securing themselves — like Google — were not protecting customers. Burr even suggested he didn’t know anything about the companies that oppose the bill, which is funny, because Twitter opposes the bill, and Burr has a Twitter account.

Feinstein was worse. She mentioned the OPM hack and then really suggested that a series of other hacks — including both the Sony hack and the DDOS attacks on online banking sites that stole no data! — were worse than the OPM hack.

Yes, the Vice Chair of SSCI really did say that the OPM hack was less serious than a bunch of other other hacks that didn’t affect the national security of this country. Which, if I were one of the 21 million people whose security clearance data had been compromised, would make me very very furious.

DiFi also used language that made it clear she doesn’t really understand how the information sharing portal works. She said something like, “Once cyber information enters the portal it will move at machine speed to other federal agencies,” as if a conveyor belt will carry information from DHS to FBI.

Wyden mostly pointed out that this bill doesn’t protect privacy. But he did call out Burr on his goalpost moving on whether the bill would prevent (his old claim) or just limit the damage 0f (his new one) attacks that it wouldn’t affect at all.

Wyden did, however, object to unanimous consent because Whitehouse’s crappy amendment was being given a vote, which led Burr to complain that Wyden wasn’t going to hold this up.

Finally, Burr came back on the floor, not only to bad mouth companies that oppose this bill again (and insist it was voluntary so they shouldn’t care) but also to do what I thought even he wouldn’t do: suggest we need to pass CISA because a 13 year old stoner hacked the CIA Director.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Costs of Politically Free Cybersecurity Failures

Ben Wittes looks at the WaPo article and accompanying National Security Council Draft Options paper on how the White House should respond to FBI’s campaign against encryption and declares that “Industry has already won.”

[T]he document lays out three options for the administration—three options that notably do not include seeking legislation on encryption.

They are:

  • “Option 1: Disavow Legislation and Other Compulsory Actions”;
  • “Option 2: Defer on Legislation and Other Compulsory Actions”; and
  • “Option 3: Remain Undecided on Legislation or Other Compulsory Actions.”

In all honesty, it probably doesn’t matter all that much which of these options Obama chooses. If these are the choices on the table, industry has already won.

What’s most fascinating about the white paper is that it lays bare how the NSC itself sees this issue — and they don’t see it like Wittes does, nor in the way the majority of people clamoring for back doors have presented it. As the NSC defines the issue, this is not “industry” versus law enforcement. For each assessed scenario, NSC measures the impact on:

  • Public safety and national security
  • Cybersecurity
  • Economic competitiveness
  • Civil liberties and human rights

Arguably, there’s a fifth category for each scenario — foreign relations — that shows up in analysis of reaction by stakeholders that weighs the interests of foreign governments, including allies that want back doors (UK, France, Netherlands), allies that don’t (Germany and Estonia), and adversaries like Russia and China that want back doors to enable repression (and, surely, law enforcement, but the analysis doesn’t consider this).

That, then, is the real network of interests on this issue and not — as Wittes, Sheldon Whitehouse, and many though not all defenders of back doors have caricatured — simply hippies and Apple versus Those Who Keep Us Safe.

NSC not only judges the market demand for encryption — and foreign insistence that US products not appear to be captive to America’s national security state — to be real, but recognizes that those demands underlie US economic competitiveness generally.

And, as a number of people point out, the NSC readily admits that encryption helps cybersecurity. As the white paper explains,

Pro-encryption statements from the government could also encourage broader use of encryption, which would also benefit global cybersecurity. Further, because any new access point to encrypted data increases risk, eschewing mandated technical changes ensures the greatest technical security. At the same time, the increased use of encryption could stymie law enforcement’s ability to investigate and prosecute cybercriminals, though the extent of this threat over any other option is unclear as sophisticated criminals will use inaccessible encryption.

Shorter the NSC: If encryption is outlawed, only the sophisticated cyber-outlaws will have encryption.

This is the discussion we have not been having, as Jim Comey repeatedly talks in terms of Bad Guys and Good Guys, the complex trade-offs that are far more than “safety versus privacy.”

What’s stunning, however, is that NSC — an NSC that was already in the thick of responding to the OPM hack when this paper was drafted in July — sees cybersecurity as a separate category from public safety and national security. Since 2013, the Intelligence Community has judged that cybersecurity is a bigger threat than terrorism (though I’m not sure if the IC has revised that priority given ISIS’ rise). Yet the NSC still thinks of this as a separate issue from public safety and national security (to say nothing of the fact that NSC doesn’t consider the crime that encryption would prevent, such as smart phone theft).

I’m not surprised that NSC considers these different categories, mind you. Cybersecurity failures are still considered (with the sole exception of Katherine Archuleta, who was forced to resign as OPM head after the hack) politically free, such that men like John Brennan (when he was Homeland Security Czar on NSC) and Keith Alexander can have, by their own admission, completely failed to keep us safe from cyberattack without being considered failures themselves (and without it impacting Brennan’s perceived fitness to be CIA Director).

The political free ride cybersecurity failures get is a problem given the other reason that Wittes’ claim that “industry has already won” is wrong. WaPo reports that NSC still hasn’t come up with a preferred plan, ostensibly because it is so busy with other things.

Some White House aides had hoped to have a report on the issue to give to the president months ago. But “the complexity of this issue really makes it a very challenging area to arrive at any sort of policy on,” the senior official said. A Cabinet meeting to be chaired by National Security Adviser Susan Rice, ostensibly to make a decision, initially was scheduled for Wednesday, but it has been postponed.

The senior official said that the delays are due primarily to scheduling issues — “there are a lot of other things going on in the world” — that are pressing on officials’ time.

But WaPo also presents evidence that those who want back doors are just playing for time, until some kidnapping or terrorist attack investigation gets thwarted by encryption.

Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”

There is value, he said, in “keeping our options open for such a situation.”

So long as the final decision never gets made, those who want back doors will be waiting for the moment when some event changes the calculus that currently weighs in favor of encryption. And, of course, we’ll all be relying on people like Jim Comey to explain why encryption made it impossible to catch a “bad guy,” which means the measure will probably ignore the other ways law enforcement can get information.

We are still living in Dick Cheney’s world, where missing a terrorist attack (other than the big one or the anthrax attack) is assumed to be career ending, even while failing to address other threats to the US (climate change and increasingly cybersecurity) are not. So long as that’s true, those waiting to use the next spectacular failure to make ill-considered decisions about back doors will await their day, putting some kinds of national security above others.

Update: Like me, Susan Landau thinks Wittes misunderstood what the White Paper said about who “won” this fight.

But the National Security Council draft options paper never mentions national-security threats as a concern in the option of disavowing legislation controlling encryption (it does acknowledge potential problems for law enforcement). The draft says that no-legislation approach would help foster “the greatest technical security.” That broad encryption use is in our national security interest is why the administration is heading to support the technology’s broad use. That’s the story here — and not the one about Silicon Valley.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The US Chamber of Commerce Is Pre-Clearing What It Is Willing to Do for Our National Security on CISA

Screen Shot 2015-08-04 at 4.11.21 PMSheldon Whitehouse just attempted (after 1:44) to rebut an epic rant from John McCain (at 1:14) in which the Arizona Senator suggested anyone who wanted to amend the flawed Cyber Intelligence Sharing Act wasn’t serious about national security.

Whitehouse defended his two amendments first by pointing out that McCain likes and respects the national security credentials of both his co-sponsors (Lindsey Graham and Max Blunt).

Then Whitehouse said,  “I believe both of the bills [sic] have now been cleared by the US Chamber of Commerce, so they don’t have a business community objection.”

Perhaps John McCain would be better served turning himself purple (really! watch his rant!) attacking the very notion that the Chamber of Commerce gets pre-veto power over a bill that (according to John McCain) is utterly vital for national security.

Even better, maybe John McCain could turn himself purple suggesting that the Chamber needs to step up to the plate and accept real responsibility for making this country’s networks safer, rather than just using our cybersecurity problems as an opportunity to demand immunity for yet more business conduct.

If this thing is vital for national security — this particular bill is not, but McCain turned himself awfully purple — then the Chamber should just suck it up and meet the requirements to protect the country decided on by the elected representatives of this country.

Yet instead, the Chamber apparently gets to pre-clear a bill designed to spy on the Chamber’s customers.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Sheldon Whitehouse’s Hot and Cold Corporate Cybersecurity Liability

Ben Wittes has a summary of last Wednesday’s “Going Dark” hearings. He engages in a really amusing straw man — comparing a hypothetically perfectly secure Internet with ungoverned Somalia.

Consider the conceptual question first. Would it be a good idea to have a world-wide communications infrastructure that is, as Bruce Schneier has aptly put it, secure from all attackers? That is, if we could snap our fingers and make all device-to-device communications perfectly secure against interception from the Chinese, from hackers, from the FSB but also from the FBI even wielding lawful process, would that be desireable? Or, in the alternative, do we want to create an internet as secure as possible from everyone except government investigators exercising their legal authorities with the understanding that other countries may do the same?

Conceptually speaking, I am with Comey on this question—and the matter does not seem to me an especially close call. The belief in principle in creating a giant world-wide network on which surveillance is technically impossible is really an argument for the creation of the world’s largest ungoverned space. I understand why techno-anarchists find this idea so appealing. I can’t imagine for moment, however, why anyone else would.

Consider the comparable argument in physical space: the creation of a city in which authorities are entirely dependent on citizen reporting of bad conduct but have no direct visibility onto what happens on the streets and no ability to conduct search warrants (even with court orders) or to patrol parks or street corners. Would you want to live in that city? The idea that ungoverned spaces really suck is not controversial when you’re talking about Yemen or Somalia. I see nothing more attractive about the creation of a worldwide architecture in which it is technically impossible to intercept and read ISIS communications with followers or to follow child predators into chatrooms where they go after kids.

This gets the issue precisely backwards, attributing all possible security and governance to policing alone, and none to prevention, and as a result envisioning chaos in a possibility that would, in fact, have less or at least different kinds chaos. Wittes simply dismisses the benefits of a perfectly secure Internet (which is what all the pro-backdoor witnesses at the hearings did too, ignoring, for example, the effect that encrypting phones would have on a really terrible iPhone theft problem). But Wittes’ straw man isn’t central to his argument, just a tell about his biases.

Wittes, like Comey, also suggests the technologists are wrong when they say back doors will be bad.

There is some reason, in my view, to suspect that the picture may not be quite as stark as the computer scientists make it seem. After all, the big tech companies increase the complexity of their software products all the time, and they generally regard the increased attack surface of the software they create as a result as a mitigatable problem. Similarly, there are lots of high-value intelligence targets that we have to secure and would have big security implications if we could not do so successfully. And when it really counts, that task is not hopeless. Google and Apple and Facebook are not without tools in the cybersecurity department.

Wittes appears unaware that the US has failed miserably at securing its high value intelligence targets, so it’s not a great counterexample.

But I’m primarily interested in Wittes’ fondness for an idea floated by Sheldon Whitehouse: that the government force providers to better weigh the risk of security by ensuring it bears liability if the cops can’t access communications.

Another, perhaps softer, possibility is to rely on the possibility of civil liability to incentivize companies to focus on these issues. At the Senate Judiciary Committee hearing this past week, the always interesting Senator Sheldon Whitehouse posed a question to Deputy Attorney General Sally Yates about which I’ve been thinking as well: “A girl goes missing. A neighbor reports that they saw her being taken into a van out in front of the house. The police are called. They come to the home. The parents are frantic. The girl’s phone is still at home.” The phone, however, is encrypted:

WHITEHOUSE: It strikes me that one of the balances that we have in these circumstances where a company may wish to privatize value by saying, “Gosh, we’re secure now. We got a really good product. You’re going to love it.” That’s to their benefit. But for the family of the girl that disappeared in the van, that’s a pretty big cost. And when we see corporations privatizing value and socializing cost so that other people have to bear the cost, one of the ways that we get back to that and try to put some balance into it, is through the civil courts, through a liability system.

If you’re a polluter and you’re dumping poisonous waste into the water rather than treating it properly, somebody downstream can bring an action and can get damages for the harm that they sustain, can get an order telling you to knock it off. I’d be interested in whether or not the Department of Justice has done any analysis as to what role the civil-liability system might be playing now to support these companies in drawing the correct balance, or if they’ve immunized themselves from the cost entirely and are enjoying the benefits. I think in terms of our determination as to what, if anything, we should do, knowing where the Department of Justice believes the civil liability system leaves us might be a helpful piece of information. So I don’t know if you’ve undertaken that, but if you have, I’d appreciate it if you’d share that with us, and if you’d consider doing it, I think that might be helpful to us.

YATES: We would be glad to look at that. It’s not something that we have done any kind of detailed analysis. We’ve been working hard on trying to figure out what the solution on the front end might be so that we’re not in a situation where there could potentially be corporate liability or the inability to be able to access the device.

WHITEHOUSE: But in terms of just looking at this situation, does it not appear that it looks like a situation where value is being privatized and costs are being socialized onto the rest of us?

YATES: That’s certainly one way to look at it. And perhaps the companies have done greater analysis on that than we have. But it’s certainly something we can look at.

I’m not sure what that lawsuit looks like under current law. I, like the Justice Department, have not done the analysis, and I would be very interested in hearing from anyone who has. Whitehouse, however, seems to me to be onto something here. Might a victim of an ISIS attack domestically committed by someone who communicated and plotted using communications architecture specifically designed to be immune, and specifically marketed as immune, from law enforcement surveillance have a claim against the provider who offered that service even after the director of the FBI began specifically warning that ISIS was using such infrastructure to plan attacks? To the extent such companies have no liability in such circumstances, is that the distribution of risk that we as a society want? And might the possibility of civil liability, either under current law or under some hypothetical change to current law, incentivize the development of secure systems that are nonetheless subject to surveillance under limited circumstances?

Why don’t we make the corporations liable, these two security hawks ask!!!

This, at a time when the cybersecurity solution on the table (CISA and other cybersecurity bills) gives corporations overly broad immunity from liability.

Think about that.

While Wittes hasn’t said whether he supports the immunity bills on the table, Paul Rosenzweig and other Lawfare writers are loudly in favor of expansive immunity. And Sheldon Whitehouse, whose idea this is, has been talking about building in immunity for corporations in cybersecurity plans since 2010.

I get there is a need for limited protection for corporations that help the Federal government spy (especially if they’re required to help), which is what liability is always about. I also get that every time we award it, it keeps getting bigger, and years later we discover that immunity covers fairly audacious spying far beyond the ostensible intent of the bill. Though CISA doesn’t even hide that this data will be used for purposes far beyond cybersecurity.

Far, far more importantly, however, one of the problems with the cyber bills on the table is by awarding this immunity, they’re creating a risk calculation for corporations to be sloppy. Sure, there will still be reputational damage every time a corporation exposes its customers’ data to hackers. But we’ve seen in the financial sector — where at least bank regulators require certain levels of hygiene and reporting — bank immunity tied to these reporting requirements appears to have made it impossible to prosecute egregious bank crime.

The banks have learned (and they will be key participants in CISA) that they can obtain impunity by sharing promiscuously (or even not so promiscuously) with the government.

And unlike those bank reporting laws, CISA doesn’t require hygiene. It doesn’t require that corporations deploy basic defenses before obtaining their immunity for information sharing.

If liability is such a great idea, then why aren’t these men pushing the use of liability as a tool to improve our cyberdefenses, rather than (on Whitehouse’s part, at least) calling for the opposite?

Indeed, if this is about appropriately balancing risk, there is no way you can use liability to get corporations to weigh the value of back doors for law enforcement, without at the same time ensuring all corporations also bear full liability for any insecurity in their system, because otherwise corporations won’t be weighing the two sides.

Using liability as a tool might be a clever idea. But using it only for law enforcement back doors does nothing to identify the appropriate balance.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

FISCR Used an Outdated Version of EO 12333 to Rule Protect America Act Legal

If the documents relating to Yahoo’s challenge of Protect America Act released last month are accurate reflections of the documents actually submitted to the FISC and FISCR, then the government submitted a misleading document on June 5, 2008 that was central to FISCR’s ultimate ruling.

As I laid out here in 2009, FISCR relied on the the requirement  in EO 12333 that the Attorney General determine there is probable cause a wiretapping technique used in the US is directed against a foreign power to judge the Protect America Act met probable cause requirements.

The procedures incorporated through section 2.5 of Executive Order 12333, made applicable to the surveillances through the certifications and directives, serve to allay the probable cause concern.

The Attorney General hereby is delegated the power to approve the use for intelligence purposes, within the United States or against a United States person abroad, of any technique for which a warrant would be required if undertaken for law enforcement purposes, provided that such techniques shall not be undertaken unless the Attorney General has determined in each case that there is probable cause to believe that the technique is directed against a foreign power or an agent of a foreign power.

44 Fed. Reg. at 59,951 (emphasis supplied). Thus, in order for the government to act upon the certifications, the AG first had to make a determination that probable cause existed to believe that the targeted person is a foreign power or an agent of a foreign power. Moreover, this determination was not made in a vacuum. The AG’s decision was informed by the contents of an application made pursuant to Department of Defense (DOD) regulations. See DOD, Procedures Governing the Activities of DOD Intelligence Components that Affect United States Persons, DOD 5240.1-R, Proc. 5, Pt. 2.C.  (Dec. 1982).

Yahoo didn’t buy this argument. It had a number of problems with it, notably that nothing prevented the government from changing Executive Orders.

While Executive Order 12333 (if not repealed), provides some additional protections, it is still not enough.

[snip]

Thus, to the extent that it is even appropriate to examine the protections in the Executive Order that are not statutorily required, the scales of the reasonableness determination sway but do not tip towards reasonableness.

Yahoo made that argument on May 29, 2008.

Sadly, Yahoo appears not to have noticed the best argument that Courts shouldn’t rely on EO 12333 because the President could always change it: Sheldon Whitehouse’s revelation on December 7, 2007 (right in the middle of this litigation) that OLC had ruled the President could change it in secret and not note the change publicly. Whitehouse strongly suggested that the Executive in fact had changed EO 12333 without notice to accommodate its illegal wiretap program.

But the government appears to have intentionally withheld further evidence about how easily it could change EO 12333 — and in fact had, right in the middle of the litigation.

This is the copy of the Classified Annex to EO 12333 that (at least according to the ODNI release) the government submitted to FISCR in a classified appendix on June 5, 2008 (that is, after Yahoo had already argued that an EO, and the protections it affords, might change). It is a copy of the original Classified Appendix signed by Ed Meese in 1988.

As I have shown, Michael Hayden modified NSA/CSS Policy 1-23 on March 11, 2004, which includes and incorporates EO 12333, the day after the hospital confrontation. The content of the Classified Annex released in 2013 appears to be identical, in its unredacted bits, to the original as released in 1988 (see below for a list of the different things redacted in each version). So the actual content of what the government presented may (or may not be) a faithful representation of the Classified Appendix as it currently existed.

But the version of NSA/CSS Policy 1-23 released last year (starting at page 110) provides this modification history:

This Policy 1-23 supersedes Directive 10-30, dated 20 September 1990, and Change One thereto, dated June 1998. The Associate Director for Policy endorsed an administrative update, effective 27 December 2007 to make minor adjustments to this policy. This 29 May 2009 administrative update includes changes due to the FISA Amendments Act of 2008 and in core training requirements.

That is, Michael Hayden’s March 11, 2004 modification of the Policy changed to the Directive as existed before 2 changes made under Clinton.

Just as importantly, the modification history reflects “an administrative update” making “minor adjustments to this policy” effective December 27, 2007 — a month and a half after this challenge started.

By presenting the original Classified Appendix — to which Hayden had apparently reverted in 2004 — rather than the up-to-date Policy, the government was presenting what they were currently using. But they hid the fact that they had made changes to it right in the middle of this litigation. A fact that would have made it clear that Courts can’t rely on Executive Orders to protect the rights of Americans, especially when they include Classified Annexes hidden within Procedures.

In its language relying on EO 12333, FISCR specifically pointed to DOD 5240.1-R. The Classified Annex to EO 12333 is required under compliance with part of that that complies with the August 27, 2007 PAA compliance.

That is, this Classified Annex is a part of the Russian dolls of interlocking directives and orders that implement EO 12333.

And they were changing, even as this litigation was moving forward.

Only, the government appears to have hidden that information from the FISCR.

Update: Clarified that NSA/CSS Policy 1-23 is what got changed.

Update: Hahaha. The copy of DOD 5240.1 R which the government submitted on December 11, 2007, still bears the cover sheet labeling it as an Annex to NSA/CSS Directive 10-30. Which of course had been superseded in 2004.

Note how they cut off the date to hide that it was 1990?

Note how they cut off the date to hide that it was 1990?

Read more

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Every Senator Who Supports USA Freedom May Be Affirmatively Ratifying a Financial Dragnet

Now that I’ve finally got around to reading the so-called transparency provisions in Patrick Leahy’s USA Freedom Act, I understand that one purpose of the bill, from James Clapper’s perspective, is to get Congress to ratify some kind of financial dragnet conducted under Section 215.

As I’ve laid out in detail before, there’s absolutely no reason to believe USA Freedom Act does anything to affect non-communications collection programs.

That’s because the definition of “specific selection term” permits (corporate) persons to be used as a selector, so long as they aren’t communications companies. So Visa, Western Union, and Bank of America could all be used as the selector; Amazon could be for anything not cloud or communications-related. Even if the government obtained all the records from these companies — as reports say it does with Western Union, at least — that would not be considered “bulk” because the government defines “bulk” as collection without a selector. Here, the selector would be the company.

And as I just figured out yesterday, the bill requires absolutely no individualized reporting on traditional Section 215 orders that don’t obtain communications. Here’s what the bill requires DNI to report on traditional 215 collection.

(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders; and
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

The bill defines “individuals whose communications were collected” this way:

(3) INDIVIDUAL WHOSE COMMUNICATIONS WERE COLLECTED.—The term ‘individual whose communications were collected’ means any individual—
(A) who was a party to an electronic communication or a wire communication the contents or noncontents of which was collected; or
(B)(i) who was a subscriber or customer of an electronic communication service or remote computing service; and
(ii) whose records, as described in subparagraph (A), (B), (D), (E), or (F) of section 2703(c)(2) of title 18, United States Code, were collected.

Thus, the 215 reporting only requires the DNI to provide individualized reporting on communications related orders. It requires no individualized reporting at all on actual tangible things (in the tangible things provision!). A dragnet order collecting every American’s Visa bill would be reported as 1 order targeting the 4 or so terrorist groups specifically named in the primary order. It would not show that the order produced the records of 310 million Americans.

I’m guessing this is not a mistake, which is why I’m so certain there’s a financial dragnet the government is trying to hide.

Under the bill, of course, Visa and Western Union could decide they wanted to issue a privacy report. But I’m guessing if it would show 310 million to 310,000,500 of its customers’ privacy was being compromised, they would be unlikely to do that.

So the bill would permit the collection of all of Visa’s records (assuming the government could or has convinced the FISC to rubber stamp that, of course), and it would hide the extent of that collection because DNI is not required to report individualized collection numbers.

But it’s not just the language in the bill that amounts to ratification of such a dragnet.

As the government has argued over and over and over, every time Congress passes Section 215’s “relevant to” language unchanged, it serves as a ratification of the FISA Court’s crazy interpretation of it to mean “all.” That argument was pretty dodgy for reauthorizations that happened before Edward Snowden came along (though its dodginess did not prevent Clare Eagan, Mary McLaughlin, and William Pauley from buying it). But it is not dodgy now: Senators need to know that after they pass this bill, the government will argue to courts that it ratifies the legal interpretations publicly known about the program.

While the bill changes a great deal of language in Section 215, it still includes the “relevant to” language that now means “all.” So every Senator who votes for USAF will make it clear to judges that it is the intent of Congress for “relevant to” to mean “all.”

And it’s not just that! In voting for USAF, Senators would be ratifying all the other legal interpretations about dragnets that have been publicly released since Snowden’s leaks started.

That includes the horrible John Bates opinion from February 19, 2013 that authorized the government to use Section 215 to investigate Americans for their First Amendment protected activities so long as the larger investigation is targeted at people whose activities aren’t protected under the First Amendment. So Senators would be making it clear to judges their intent is to allow the government to conduct investigations into Americans for their speech or politics or religion in some cases (which cases those are is not entirely clear).

That also includes the John Bates opinion from November 23, 2010 that concluded that, “the Right to Financial Privacy Act, … does not preclude the issuance of an order requiring the production of financial records to the Federal Bureau of Investigation (FBI) pursuant to the FISA business records provision.” Given that Senators know (or should — and certainly have the ability to — know) about this before they support USAF, judges would be correct in concluding that it was the intent of Congress to permit the government to collect financial records under Section 215.

So Senators supporting this bill must realize that supporting the bill means they are supporting the following:

  • The interpretation of “relevant to” to permit the government to collect all of a given kind of record in the name of a standing FBI terrorism investigation.
  • The use of non-communication company corporate person names, like Visa or Western Union, as the selector “limiting” collection.
  • The use of Section 215 to collect financial records.
  • Not requiring the government to report how many Americans get sucked up in any financial (or any non-communications) dragnet.

That is, Senators supporting this bill are not only supporting a possible financial dragnet, but they are helping the government hide the existence of it.

I can’t tell you what the dragnet entails. Perhaps it’s “only” the Western Union tracking reported by both the NYT and WSJ. Perhaps James Cole’s two discussions of being able to collect credit card records under this provision means they are. Though when Leahy asked him if they could collect credit card records to track fertilizer purchases, Cole suggested they might not need everyone’s credit cards to do that.

Leahy: But if our phone records are relevant, why wouldn’t our credit card records? Wouldn’t you like to know if somebody’s buying, um, what is the fertilizer used in bombs?

Cole: I may not need to collect everybody’s credit card records in order to do that.

[snip]

If somebody’s buying things that could be used to make bombs of course we would like to know that but we may not need to do it in this fashion.

We don’t know what the financial dragnet is. But we know that it is permitted — and deliberately hidden — under this bill.

Below the rule I’ve put the names of the 18 Senators who have thus far co-sponsored this bill. If one happens to be your Senator, it might be a good time to urge them to reconsider that support.


Patrick Leahy (202) 224-4242

Mike Lee (202) 224-5444

Dick Durbin (202) 224-2152

Dean Heller (202) 224-6244

Al Franken (202) 224-5641

Ted Cruz (202) 224-5922

Richard Blumenthal (202) 224-2823

Tom Udall (202) 224-6621

Chris Coons (202) 224-5042

Martin Heinrich (202) 224-5521

Ed Markey (202) 224-2742

Mazie Hirono (202) 224-6361

Amy Klobuchar (202) 224-3244

Sheldon Whitehouse (202) 224-2921

Chuck Schumer (202) 224-6542

Bernie Sanders (202) 224-5141

Cory Booker (202) 224-3224

Bob Menendez (202) 224-4744

Sherrod Brown (202) 224-2315

 

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.