Posts

Three Things: In the Debris Field After Health Care ‘Freedom’ Act

I still don’t have enough caffeine in my system and it’s nearly noon here. An entire pot of java may do the trick. As I rouse and read the hot takes after the failure of H.R. 1628 last night, a few thoughts stick with me.

~ 3 ~

All the think pieces — most written by white men lauding John McCain’s maverick move by departing from the party line — are evidence ‘the show’ worked.
McCain called it that when asked before the vote last night which way he was going. “Watch the show,” he said.

Meanwhile, the two women senators who have been firm all along they couldn’t vote for a bill causing damage to their constituents receive far fewer plaudits from the same mostly-white-male pundit class. Murkowski had been threatened by the Interior Secretary at Trump’s request. I haven’t heard for certain, but I’ll bet Collins received threats as well, probably from Trump-supporting constituents.

McCain won’t get those kinds of threats. He made his point last night about the power he wields within GOP Senate caucus as the final A/B switch on legislation. But the GOP Senate already knew this.

What McCain did was give the GOP a face-saving way to vote for a piece of shit they didn’t want to pass, without the repercussions Collins and Murkowski (and at varying times, Heller and Capito) have faced for rejecting a POS bill.

This is why they waited until the last goddamned minute to draft a meager eight-pages, slapping in some egregious stuff to ensure Collins and Murkowski couldn’t vote, adding the 20% annual premium increase as a coup de grace.

Because McCain would do the maverick kabuki for them, slap on his mask and robes, make big gestures and kill the bill for them.

And it worked not only because all the white male pundit class got suckered by their usual privileged blindness, but the white male Tweeter-in-Chief bought it, hook, line, sinker. He blamed all the Democrats and three GOP senators. All the other senators are off the hook.

Bonus: McCain’s legacy is salvaged with the patriarchal punditry.

Great ‘show’, maverick.

~ 2 ~

Scaramucci is nothing more than a highly-animated automaton on a stage; nothing he says is real. Why? Because the real communications are being run out of house by Steve Bannon, and likely in violation of federal law.

What is it and to whom is Bannon really communicating for the White House?
This operation may be in violation of the Antideficiency Act, but is it also in violation of the Presidential Records Act? What about any other regulations regarding FOIA?

Don’t believe me about Scaramucci’s role? Take a look at your news feed and point to any announcement about his firing or resignation. You know damned well had a communications director acted like he has under any other previous administration he’d have been walked out the White House’s fence.

p.s. Some say Scaramucci’s lowering discourse. Come the fuck on. He talks the way all of Wall Street’s white males do. The misogynist crack about Sarah Huckabee Sanders’ appearance? Par for the course.

~ 1 ~

Recommended lunch hour read for you: a book review by Andrew Bacevich in London Review of Books on The General v. the President: MacArthur and Truman at the Brink of Nuclear War by H.W. Brands. Bacevich’s background here.

Putting this book on my shopping list after this review, given how much power Trump has given and is likely to give to the military, breaking with civilian control.

~ 0 ~

That’s it for now. I’m stewing on something else but it’ll be dedicated and not an open thread like this one. Hasta pasta.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Democrats Should Propose Susan Collins Serve as Acting Chair for Russian Hack Investigation

As I’ve been saying, the Intelligence Committees are the sensible place for any investigation into the Russian hack, but the current investigation is hampered because both Chairs — Devin Nunes in the House and Richard Burr in the Senate — have conflicts that prevent them from being independent.

The WaPo has an absolutely masterful article exposing their conflicts.

Better still, it shows that Benghazi truther Mike Pompeo has already abused his position as CIA Director in the pursuit of politics.

The part that has gotten the most notice is WaPo’s report that — after Reince Priebus failed to get FBI to issue a rebuttal to this NYT article — which claims “Phone records and intercepted calls show that members of Donald J. Trump’s 2016 presidential campaign and other Trump associates had repeated contacts with senior Russian intelligence officials in the year before the election” — he then arranged calls with the press and Nunes and Burr, so they could rebut the claims. As the WaPo reports, the calls were not persuasive enough to get WaPo to report on them.

The officials broadly dismissed Trump associates’ contacts with Russia as infrequent and inconsequential. But the officials would not answer substantive questions about the issue, and their comments were not published by The Post and do not appear to have been reported elsewhere.

Nunes’ comments actually were picked up by WSJ (which has discouraged reporters from doing hard reporting on this issue). Burr’s were not. Here’s how Burr — who normally leaks far less than other Gang of Four members, and who was a national security advisor for Trump during the campaign — defended his comments.

Burr acknowledged that he “had conversations about” Russia-related news reports with the White House and engaged with news organizations to dispute articles by the New York Times and CNN that alleged “repeated” or “constant” contact between Trump campaign members and Russian intelligence operatives.

“I’ve had those conversations,” Burr said, adding that he regarded the contacts as appropriate provided that “I felt I had something to share that didn’t breach my responsibilities to the committee in an ongoing investigation.”

More delectably, the WaPo obliquely reveals that an intelligence official was involved in the calls, and then makes it very clear that Pompeo was the guy. As WaPo points out, this not only makes Pompeo a raging hypocrite, given the way he politicized Benghazi, but it also suggests Pompeo inquired into the FBI’s counterintelligence investigation for the purpose of leaking details of it to the press.

CIA Director Mike Pompeo is the senior-most intelligence official in the administration, with former senator Dan Coats (R-Ind.) still awaiting confirmation as director of national intelligence.

As a Republican member of Congress, Pompeo was among the most fiercely partisan figures in the House investigation of Benghazi, which centered on accusations that the Obama administration had twisted intelligence about the attacks for political purposes.

It is not unusual for CIA leaders to have contact with news organizations, particularly about global issues such as terrorism or to contest news accounts of CIA operations. But involving the agency on alleged Trump campaign ties to Russia could be problematic.

The CIA is not in charge of the investigation. Given the history of domestic espionage abuses in the United States, CIA officials are typically averse to being drawn into matters that involve U.S. citizens or might make the agency vulnerable to charges that it is politicizing intelligence.

This is actually fairly breathtaking. It’s one thing to inquire into a past event, because the inquiry can’t change it. But this is an ongoing counterintelligence investigation! Russians are dying left and right, and at least one of them looks like he was a likely source for the Trump dossier. Two Russians have already been charged with treason and a Ukranian may well be as well. There are reasons you keep counterintelligence investigations secret.

But the CIA Director is more interested in helping Trump out politically.

It turns out that Senate Intelligence Vice Chair Mark Warner, who thus far has defended Burr’s role in this investigation, is not all that happy about this. Here’s what he had to say in response to WaPo’s disclosures.

Mark Warner, the ranking Democrat on the Senate Intelligence Committee, said he called CIA Director Mike Pompeo and Burr to express his “grave concerns about what this means for the independence” of the investigation.

“I am consulting with members of the Intelligence Committee to determine an appropriate course of action so we can ensure that the American people get the thorough, impartial investigation that they deserve, free from White House interference,” Warner said in a statement Friday night.

So here’s my suggestion: tell Mitch McConnell and Richard Burr that Susan Collins should serve as acting Chair for this investigation, and if they don’t agree the Democrats will demand an independent inquiry.

Collins is a perfect choice even beyond her comments from the other day, which among other things entertained the possibility of subpoenaing Trump’s tax returns. She has voted against Trump more than any other Senator (which is not much, but still). As Chair of Homeland Security, she conducted a number of credible investigations, working closely with Joe Lieberman.

So she surely could credibly lead this report.

To be clear: I’m suggesting this as a negotiating strategy. This hasn’t been done before and I suspect it wouldn’t be done here. But it is clear that Collins is independent and qualified to lead this investigation. The alternatives all involve more potential exposure for Trump.

Democrats should propose this — so McConnell and Burr can shoot it down, making it clear that Republicans want people who’ve already compromised their independence to lead this investigation.

Update: Here’s Collins’ comment on the new disclosures.

The Senate Intelligence Committee has the expertise, the cleared staff, and the bipartisan determination to follow the evidence wherever it leads in this investigation into malicious Russian activities. For the public to have confidence in our findings, it is important that the Committee work in a completely bipartisan fashion and that we avoid any actions that might be perceived as compromising the integrity of our work. It is also important that the Committee ultimately issue a public report on our findings.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Susan Collins Implies She Could Be a Swing Vote in SSCI’s Investigation of the Russian Hack

The other day, I explained why we should remain skeptical of the congressional investigations into the Russian hack. Most importantly, I questioned Richard Burr’s seriousness. The investigation should be done by the House and/or Senate Intelligence Committee, and both Chairs of those committees have had Trump appointments in the last year.

That said, this Maine Public Radio interview with Susan Collins may provide reason for hope (see after 10 minutes and 39 minutes).

In it, she reiterated promises — made in the agreement on the inquiry — that the committee would do open hearings and release a public report.

I will encourage that there’ll be some public hearings as well as the closed hearings that we’re doing now and that we issue a report.

She also noted that she and others intend to call Mike Flynn to testify (though she didn’t say whether the interview would be open or not). Note, National Security Advisors cannot be subpoenaed (which is one basis why Devin Nunes said they couldn’t call Flynn).

I am going to request, many members are, that we call Steve Flynn–Mike Flynn, the former National Security Advisor to testify before us.

In addition, after 30 minutes, in response to a caller insisting that the inquiry be public, Collins noted that Republicans have just a one vote majority on the committee (though she didn’t point out that she could be the swing voter).

She was asked if she would subpoena Trump’s tax returns, and on that she said it would depend on Burr and Mark Warner. We shall see whether Warner has the chops to force that issue.

On both torture and drone memos, Collins has been willing to serve as a swing voter on SSCI before. If she does so here, it could make a difference.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Play on the Scalia Replacement: Remember the Lame Duck

Within minutes after the public announcement of Antonin Scalia’s death, Senator Mike Lee’s flack Conn Carroll started predicting Obama would have zero chance of successfully naming a successor. After Carroll, one after another actual Senator followed that sentiment, including Chuck Grassley and Mitch McConnell, both of whom would have the ability to stall any Obama nominee. From that point, the GOP was pretty much committed, they said, to preventing any Obama nominee from being confirmed.

That led to a bunch of bad comparisons — between judges like Robert Bork who was rejected and Miguel Estrada who never got a vote — and simply going a year without acting on a President’s nominee. Even the comparison with Anthony Kennedy (who was nominated in November after two other nominees, including Bork, failed) is inapt, as he was nominated earlier than any Obama pick would be (though in a sense that fetishizes the year that would pass without a nominee).

I, like bmaz, believe Obama will pick someone fairly centrist, probably someone who has been recently confirmed by big margins.  I agree the most likely nominee will be Sri Srinivasan, who in 2013 was confirmed to the DC Circuit with a 97-0 vote — though I’m also mindful of the wisdom (given the GOP unanimity about obstructing this nominee) of picking someone who drive Democratic turnout — an African-American woman, for example. Though I highly doubt Obama will nominate Loretta Lynch, as some have suggested, not least because the fight over releasing data on HSBC’s continued money laundering will draw more attention as it moves toward appeal, which might focus attention on her role in administering the wrist slap in the face of egregious drug cartel and terrorist supporting money laundering.

After some reflection, some conservatives have suggested that the GOP would have been better served if they had simply not managed to pass Obama’s nominee, rather than making such a big stink about it.

I think that ignores how much both parties look forward to using this nominee to drive turnout — and regardless of who the respective nominees are, the GOP have a much bigger challenge in getting enough voters to turn out to elect a GOP president in November, so I’m sure they’re quite happy to have an issue that (they presumably hope) might flip some conservative Latino votes — though one likely outcome of an extended 8-member court is that the Fifth Circuit’s ruling staying Obama’s immigration orders will be upheld after a 4-4 tie on the court, which might have the opposite effect.

Furthermore, I think it ignores one other factor. Srinivasan has been predicted to be Obama’s most likely SCOTUS appointment for almost 3 years (few people consider how such predictions might have influenced Ruth Bader Ginsburg’s decision not to retire). The Republicans probably presume he’s the most likely candidate as well.

The presumption Srinivasan — or someone similar — would be the nominee easily justifies the GOP’s immediate promise they won’t confirm a nominee. That’s because they need to explain why someone they just overwhelmingly confirmed, someone who faced more opposition from the left than the right, suddenly became unacceptable.

More importantly, I presume the GOP wants to keep open the possibility of confirming Srinivasan or whatever centrist Obama appoints during the Lame Duck. Here’s why:

Barring any replay of Bush v. Gore, both sides will know on November 9 who would get to pick Scalia’s replacement if Obama’s pick failed. Both sides will also know the makeup of the Senate. Because of the demographic issues I mentioned earlier, the likely Democratic nominee, Hillary Clinton, is most likely to win. That’s not to say I think she’s necessarily the strongest candidate — even ignoring the potential the email scandal will taint close advisors like Huma Abedin or Jake Sullivan, I think it likely the economy will be crashing by November in a way that would favor Trump if he were the GOP nominee facing Hillary. But I think electoral demographics suggest the GOP will have a harder time winning this year, particularly after a year of Trump branding the GOP with bigotry.

Plus (ignoring my suspicion the economy will be crashing by November), we’re likely to have a more Democratic Senate after November. Harry Reid is the only retiring Democrat where the replacement race is currently perceived to be toss-up, whereas Marco Rubio, Mark Kirk, Kelly Ayotte, and Ron Johnson are all deemed to be likely toss-ups, if not Dem-favorable. It’s still most likely the GOP will have a slight majority, but a smaller one, in the Senate, one where people like Susan Collins could make more of a difference. But it is likely to be more Democratic.

If Hillary wins (the most likely outcome) and Democrats win the Senate (unlikely, but feasible), then the Republicans will have good reason to want to confirm an Obama nominee perceived to be centrist. Whereas Srinivasan looks far worse than Scalia to the Republicans, he would all of a sudden look far preferable to a Hillary choice with the time to wait out the Senate. The GOP would have time between November 9 and the Christmas break to confirm whatever Obama nominee has been languishing.

In other words, I think the GOP have provided a way to stall someone (like Srinivasan) they have recently confirmed, while leaving the possibility of confirming that person if November makes it likely the next nominee will be more liberal.

One more thing: Commentary on this process has presumed that McConnell and Grassley (and Obama) learned of Scalia’s death when we all did. I would hope that Obama, at least, got word well before that, particularly given the involvement of at least the US Marshals and according to some reports the FBI. But I also wouldn’t leave out the possibility that one of the 39 other still unidentified guests at the ranch this weekend gave the Republican leadership a heads up as soon as a hearse showed up. So it’s possible that what looked like quick knee-jerk response on the part of Republican leadership was instead more considered, along the lines I’ve just laid out.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Financial Services Roundtable Wants to Terrify You into Giving Them More Immunity

The policy discussion about the many ways that the Cyber Information Sharing Act not only doesn’t do much to prevent the hacking of public and private networks, but in key ways will make it worse, must be making its mark. Because the Financial Services Roundtable, one of the key corporatist groups backing the bill, released this YouTube full of scary warnings but absolutely zero explanation about what CISA might do to increase cybersecurity.

Indeed, the YouTube is so context free, it doesn’t note that Susan Collins, the first person who appears in the video, has called for mandatory reporting from some sectors (notably, aviation), which is not covered in the bill and might be thwarted by the bill. Nor does it mention that the agency of the second person that appears in the video, Department of Homeland Security Secretary Jeh Johnson, has raised concerns about the complexity of the scheme set up in CISA, not to mention privacy concerns. It doesn’t note that the third person shown, House Homeland Security Chair Michael McCaul, favored an approach that more narrowly targeted the information being shared and reinforced the existing DHS structure with his committee’s bill.

Instead of that discussion … “Death, destruction, and devastation!” “Another organization being hacked!” “Costing jobs!” “One half of America affected!” “What is it going to take to do something?!?!?!”

All that fearmongering and only one mention of the phrase “information sharing,” much less a discussion of what the bill in question really does.

In August, the head of the FSR, Tim Pawlenty, was more honest about what this bill does and why his banks like it so much: because it would help to hide corporate negligence.

“If I think you’ve attacked me and I turn that information over to the government, is that going to be subject to the Freedom of Information Act?” he said, highlighting a major issue for senators concerned about privacy.

“If so, are the trial lawyers going to get it and sue my company for negligent maintenance of data or cyber defenses?” Pawlenty continued. “Are my regulators going to get it and come back and throw me in jail, or fine me or sanction me? Is the public going to have access to it? Are my competitors going to have access to it? Are they going to be able to see my proprietary cyber systems in a way that will give up competitive advantage?”

That is, the banks want to share information with the government so it can help those private corporations protect themselves (without paying for it, really, since banks do so well at dodging taxes), without any responsibility or consequences in return. “Are my regulators going to get [information about how banks got attacked] and come back and throw me in jail, or fine me, or sanction me?” the banks’ paid lobbyist worries. As the author of this bill confirmed last week, this bill will undercut regulators’ authority in case of corporate neglect.

The example of banks dodging responsibility in the past — possibly aided by a similar (albeit more rigorous) information sharing regime under the Bank Secrecy Act — provides all the evidence for how stupid this bill would be. We need corporations to start bearing liability for outright negligence. And this bill provides several ways for them to avoid such liability.

Don’t succumb to bankster inciting fear. America will be less safe if you do.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Several Supporters of CISA Admit Its Inadequacy

In recent days, there have been reports that the same (presumed Chinese) hackers who stole vast amounts of data from the Office of Personnel Management have also hacked at least United Airlines and American. (Presuming the Chinese attribution is correct — and I believe it — I would be surprised if Chinese hackers hadn’t also tried to hack Delta, given that it has a huge footprint in Asia, including China; if that’s right and Delta managed to withstand the attack, we should find out how and why.)

Those hacks — and the presumption that the Chinese are stealing the data to flesh out their already detailed map of the activities of US intelligence personnel — have led a bunch of Cyber Information Sharing Act supporters (Susan Collins and Barb Mikulski have already voted for it, and Bill Nelson almost surely will, because he loves surveillance) to admit its inadequacy.

In recent months, hackers have infiltrated the U.S. air traffic control system, forced airlines to ground planes and potentially stolen detailed travel records on millions of people.

Yet the industry lacks strict requirements to report these cyber incidents, or even adhere to specific cybersecurity standards.

“There should be a requirement for immediate reporting to the federal government,” Sen. Susan Collins (R-Maine), who chairs the Appropriations subcommittee that oversees the Federal Aviation Administration (FAA), told The Hill.

“We need to address that,” agreed Sen. Bill Nelson (D-Fla.), the top Democrat on the Senate Commerce Committee.

[snip]

“We need a two-way exchange of information so that when a threat is identified by the private sector, it’s shared with the government, and vice versa,” Collins added. “That’s the only way that we have any hope of stopping further breaches.”

[snip]

That’s why, Nelson said, the airline industry needs mandatory, immediate reporting requirements.

“All the more reason for a cybersecurity bill,” he said.

But for years, Congress has been unsuccessful in its efforts.

Sen. Barbara Mikulski (D-Md.), the Senate Appropriations Committee’s top Democrat, tried three years ago to move a cyber bill that would have included rigid breach reporting requirements for critical infrastructure sectors, including aviation.

“We were blocked,” she told The Hill recently. “So it’s time for not looking at an individual bill, but one that’s overall for critical infrastructure.”

So now we have some Senators calling for heightened cybersecurity standards for cars, and different, hawkish Senators calling for heightened cybersecurity sharing (though they don’t mention security standards) for airlines. Bank regulators are already demanding higher standards from them.

And someday soon someone will start talking about mandating response time for operating system fixes, given the problems with Android updates.

Maybe the recognition that one after another industry requires not immunity, but an approach to cybersecurity that actually requires some minimal actions from the companies in question, ought to lead Congress to halt before passing CISA and giving corporations immunity and think more seriously about what a serious approach to our cyber problems might look like.

That said, note that the hawks in this story are still adopting what is probably an approach of limited use here. Indeed, the story is notable in that it cites a cyber contractor, JAS Global Advisors Jeff Schmidt, actually raising questions whether mandated info-sharing (with the government, not the public) would be all that effective.

If OPM has finally demonstrated the real impact of cyberattacks, then maybe it’s time to have a real discussion of what might help to keep this country safe — because simply immunizing corporations is not going to do it.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Three Congressional Responses to the OPM Hack

After acknowledging that as more than 20 million people have been affected by the hack of the Office of Personnel Management, OPM head Katherine Archuleta “resigned” today.

In announcing that Office of Budget and Management Deputy Director of Management Beth Cobert would serve as acting Director, Josh Earnest played up her experience at McKinsey Consulting. So we may see the same kind of management claptrap as OPM PR in the coming days that we got from CIA’s reorganization when McKinsey took that project on. Over 20 minutes into his press conference, Earnest also revealed there was 90 day review of the security implications of the hack being led by OMB.

Happily, in spite of the easy way Archuleta’s firing has served as a proxy for real solutions to the government’s insecurity, at least some in Congress are pushing other “solutions.” Given Congress’ responsibility for failing to fund better IT purchasing, consider agency weaknesses during confirmation, and demand accountability from the intelligence community going back at least to the WikiLeaks leaks, these are worth examining.

Perhaps most predictably, Susan Collins called for passage of cybersecurity legislation.

It is time for Congress to pass a cybersecurity law that will strengthen our defenses and improve critical communication and cooperation between the private sector and government. We must do more to combat these dangerous threats in both government and the private sector.

Of course, nothing in CISA (or any other cybersecurity legislation being debated by Congress) would have done a damn thing to prevent the OPM hack. In other words, Collins’ response is just an example of Congress doing the wrong thing in response to a real need.

Giving corporations immunity is not the answer to most problems facing this country. And those who embrace it as a real solution should be held accountable for the next government hack.

Freshman Nebraska Senator Ben Sasse — both before and after Archuleta’s resignation — has appropriately laid out the implications of this hack (rebutting a comparison repeated by Earnest in his press conference, that this hack compares at all with the Target hack).

OPM’s announcement today gives the impression that these breaches are just like some of the losses by Target or Home Depot that we’ve seen in the news. The analogy is nonsense. This is quite different—this is much scarier than identity theft or ruined credit scores. Government and industry need to understand this and be ready. That’s not going to happen as long as Washington keeps treating this like just another routine PR crisis.

But one of his proposed responses is to turn this example of intelligence collection targeting legitimate targets into an act of war.

Some in the defense and intelligence communities think the attacks on OPM constitute an act of war. The rules of engagement in cyber warfare are still being written. And with them, we need to send a clear message: these types of intrusions will not be tolerated. We must ensure our attackers suffer the full consequences of their actions.

Starting now, government needs to stop the bleeding—every sensitive database in every government agency must be immediately secured or pulled offline. But playing defense is a losing game. Naming and shaming until the news cycle shifts is not enough.

Our government must completely reevaluate its cyber doctrine. We have to deter attacks from ever happening in the first place while also building resiliency.

We’re collecting the same kind of information as China — in methods that are both more efficient (because we have the luxury of being able to take off the Internet) but less so (because we are not, as far as we know, targeting China’s own records of its spooks). If this is an act of war than we gave reason for war well before China got into OPM’s servers.

Meanwhile, veterans Ted Lieu and Steve Russell (who, because they’ve had clearance, probably have been affected) are pushing reforms that will affect the kind of bureaucracy we should have to perform what is a core counterintelligence function.

Congressman Russell’s statement:

“It is bad enough that the dereliction displayed by OPM led to 25 million Americans’ records being compromised, but to continue to deflect responsibility and accountability is sad. In her testimony a few weeks ago, OPM Director Katherine Archuleta said that they did not encrypt their files for fear they could be decrypted. This is no excuse for a cyber-breach, and is akin to gross negligence. We have spent over a half a trillion dollars in information technology, and are effectively throwing it all away when we do not protect our assets. OPM has proven they are not up to the task of safeguarding our information, a responsibility that allows for no error. I look forward to working with Congressman Lieu on accountability and reform of this grave problem.”

Congressman Lieu’s statement:

“The failure by the Office of Personnel Management to prevent hackers from stealing security clearance forms containing the most private information of 25 million Americans significantly imperils our national security. Tragically, this cyber breach was likely preventable. The Inspector General identified multiple vulnerabilities in OPM’s security clearance system–year after year–that OPM failed to address. Even now, OPM still does not prioritize cybersecurity. The IG testified just yesterday that OPM ‘has not historically, and still does not, prioritize IT security.’ The IG further testified that there is a ‘high risk’ of failure on a going forward basis at OPM. The security clearance system was previously housed at the Department of Defense. In hindsight, it was a mistake to move the security clearance system to OPM in 2004. We need to correct that mistake. Congressman Steve Russell and I are working on bipartisan legislation to move the security clearance database out of OPM into another agency that has a better grasp of cyber threats. Steve and I have previously submitted SF-86 security clearance forms. We personally understand the national security crisis this cyber breach has caused. Every American affected by the OPM security clearance breach deserves and demands a new way forward in protecting their most private information and advancing the vital security interests of the United States.”

A number of people online have suggested that seeing Archuleta get ousted (whether she was forced or recognized she had lost Obama’s support) will lead other agency heads to take cybersecurity more seriously. I’m skeptical. In part, because some of the other key agencies — starting with DHS — have far to much work to do before the inevitable will happen and they’ll be hacked. But in part because the other agencies involved have long had impunity in the face of gross cyberintelligence inadequacies. No one at DOD or State got held responsible for Chelsea Manning’s leaks (even though they came 2 years after DOD had prohibited removable media on DOD computers), nor did anyone at DOD get held responsible for Edward Snowden’s leaks (which happened 5 years after the ban on removable media). Neither the President nor Congress has done anything but extend deadlines for these agencies to address CI vulnerabilities.

Perhaps this 90 day review of the NatSec implications of the hack is doing real work (though I worry it’ll produce McKinsey slop).  But this hack should be treated with the kind of seriousness as the 9/11 attack, with the consequent attention on real cybersecurity fixes, not the “do something” effort to give corporations immunity.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Mitch McConnell and Richard Burr’s Authoritarian Power Grab Fails

Last night, Mitch McConnell dealt himself a humiliating defeat. As I correctly predicted a month before events played out, McConnell tried to create a panic that would permit him and Richard Burr to demand changes — including iMessage retention, among other things — to USA F-ReDux. That is, in fact, what Mitch attempted to do, as is evident from the authoritarian power grab Burr released around 8:30 last night (that is, technically after the Administration had already missed the FISA Court deadline to renew the dragnet).

Contrary to a lot of absolutely horrible reporting on Burr’s bill, it does not actually resemble USA F-ReDux.

As I laid out here, it would start by gutting ECPA, such that the FBI could resume using NSLs to do the bulky Internet collection that moved to Section 215 production in 2009.

It also vastly expanded the application of the call record function (which it very explicitly applied to electronic communications providers, meaning it would include all Internet production, though that is probably what USA F-ReDux does implicitly), such that it could be used against Americans for any counterterrorism or counterintelligence (which includes leaks and cybersecurity) function, and for foreigners (which would chain onto Americans) for any foreign intelligence purpose. The chaining function includes the same vague language from USA F-ReDux which, in the absence of the limiting language in the House Judiciary Committee bill report, probably lets the government chain on session identifying information (like location and cookies, but possibly even things like address books) to do pattern analysis on providers’ data. Plus, the bill might even permit the government to do this chaining in provider data, because it doesn’t define a key “permit access” term.

Burr’s bill applies EO 12333 minimization procedures (and notice), not the stronger Section 215 ones Congress mandated in 2006; while USA F-ReDux data will already be shared far more widely than it is now, this would ensure that no defendant ever gets to challenge this collection. It imposes a 3-year data retention mandate (which would be a significant new burden on both Verizon and Apple). It appears to flip the amicus provision on its head, such that if Verizon or Apple challenged retention or any other part of the program, the FISC could provide a lawyer for the tech companies and tell that lawyer to fight for retention. And in the piece de la resistance, the bill creates its very own Espionage Act imposing 10 year prison terms for anyone who reveals precisely what’s happening in this expanded querying function at providers.

It is, in short, the forced-deputization of the nation’s communications providers to conduct EO 12333 spying on Americans within America.

Had Mitch had his way, after both USA F-ReDux and his 2-month straight reauthorization failed to get cloture, he would have asked for a week extension, during which the House would have been forced to come back to work and accept — under threat of “going dark” — some of the things demanded in Burr’s bill.

It didn’t work out.

Sure, both USA F-ReDux (57-42) and the short-term reauthorization (45-54) failed cloture votes.

But as it was, USA F-ReDux had far more support than the short-term reauthorization. Both McConnell and Rand Paul voted against both, for very different reasons. The difference in the vote results, however, was that Joe Donnelly (D), Jeff Flake (R), Ron Johnson (R), James Lankford (R), Bill Nelson (D), Tim Scott (R), and Dan Sullivan (R) voted yes to both. McConnell’s preferred option didn’t even get a majority of the vote, because he lost a chunk of his members.

Then McConnell played the hand he believed would give himself and Burr leverage. The plan — as I stated — was to get a very short term reauthorization passed and in that period force through changes with the House (never mind that permitting that to happen might have cost Boehner his Speakership, that’s what McConnell and Burr had in mind).

First, McConnell asked for unanimous consent to pass an extension to June 8. (h/t joanneleon for making the clip) But Paul, reminding that this country’s founders opposed General Warrants and demanding 2 majority vote amendments, objected. McConnell then asked for a June 5 extension, to which Ron Wyden objected. McConnell asked for an extension to June 3. Martin Heinrich objected. McConnell asked for an extension to June 2. Paul objected.

McConnell’s bid failed. And he ultimately scheduled the Senate to return on Sunday afternoon, May 31.

By far the most likely outcome at this point is that enough Senators — likely candidates are Mark Kirk, Angus King, John McCain, Joni Ernst, or Susan Collins — flip their vote on USA F-ReDux, which will then be rushed to President Obama just hours before Section 215 (and with it, Lone Wolf and Roving Wiretaps) expires on June 1. But even that (because of when McConnell scheduled it) probably requires Paul to agree to an immediate vote.

But if not, it won’t be the immediate end of the world.

On this issue, too, the reporting has been horrible, even to almost universal misrepresentation of what Jim Comey said about the importance of expiring provisions — I’ve laid out what he really said and what it means here. Comey cares first and foremost about the other Section 215 uses, almost surely the bulky Internet collection that moved there in 2009. But those orders, because they’re tied to existing investigations (of presumably more focused subject than the standing counterterrorism investigation to justify the phone dragnet), they will be grand-fathered at least until whatever expiration date they have hits, if not longer. So FBI will be anxious to restore that authority (or move it back to NSLs as Burr’s bill would do), especially since unlike the phone dragnet, there aren’t other ways to get the data. But there’s some time left to do that.

Comey also said the Roving Wiretap is critical. I’m guessing that’s because they use it to target things like Tor relays. But if that’s the primary secretly redefined function, they likely have learned enough about the Tor relays they’re parked on to get individual warrants. And here, too, the FBI likely won’t have to detask until expiration days on these FISA orders come due.

As for the phone dragnet and the Lone Wolf? Those are less urgent, according to Comey.

Now, that might help the Republicans who want to jam through some of Burr’s demands, since most moderate reformers assume the phone dragnet is the most important function that expires. Except that McConnell and others have spent so long pretending that this is about a phone dragnet that in truth doesn’t really work, that skittish Republicans are likely to want to appear to do all they can to keep the phone dragnet afloat.

As I said, the most likely outcome is that a number of people flip their vote and help pass USA F-ReDux.

But as with last night’s “debate,” no one really knows for sure.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

CIA’s Torture Pushback Gets More Artful

I well remember when Robert Grenier testified at Scooter Libby’s trial. His performance – like most of the witness testimony — was a performance. But I was more intrigued by the response. Even the cynical old DC journalists were impressed by the smoothness of the performance. “You can tell he was a great briefer,” one journalist who had written a book on the CIA said.

Today, he takes up the role of bogus pushback to the Senate torture report, complete with all the false claims about the report, including:

  • SSCI should not have relied exclusively on documents — which, if true, is an admission that millions of CIA’s cables are fraudulent and false
  • The claim that members of the Gang of Four were briefed earlier and more accurately than even CIA’s own documents show them to have been
  • SSCI — and not CIA — made the decision that CIA officers should not testify to the committee
  • That a report supported by John McCain and Susan Collins is a Democratic report (Grenier also claims all involved with it know history from history books, not — as McCain did — from torture chambers)
  • That the CIA cables exactly matched the torture depicted on the torture tapes (see bullet 1!), and that CIA’s IG reported that, both of which are false

But perhaps Grenier’s most cynical assertion is his claim — in a piece that falsely suggests (though does not claim outright) that Congress was adequately briefed that Congress’ job, their sole job, is to legislate, not oversee.

A second, related reason would be to build support for comprehensive legislation — that is what Congress is supposed to concern itself with, after all — to remove any of the interpretive legal ambiguity which permitted coercive interrogation to be considered in the first place, and ensure it never happens again.

It is a cynical move, but given the rest of his argument, the part that I find compelling, necessary.

Because Grenier warns Dianne Feinstein that her attack on the Presidentially authorized counterterrorism methods of the past will chill President Obama’s preferred presidentially authorized counterterrorism methods — drone strikes — going forward.

It is not just the past which is at stake, but the present and the future as well. Make no mistake — those currently serving in CIA are watching these developments closely.

Senator Feinstein, we are told, though having great moral qualms about vigorously interrogating terrorists, appears to have no particular compunction about killing them — so long as it is done remotely, with little direct contact with the gruesome details. As anyone reading the press will know, the current, Democratic administration has shown great enthusiasm for directed killings, employing drones in lethal operations around the world to an extent that might have shocked their Republican predecessors in the Bush administration. Death by video game has its attractions, particularly for those lacking intestinal fortitude. It enables them to avoid confronting the essential and unavoidable brutality of what they are doing.

Just as was the case with harsh interrogations during the last administration, the current resort to directed killings, including so-called “signature strikes,” in which the specific identities of those targeted are unknown, though remarkably uncontroversial at the outset of the current administration, has become anything but uncontroversial since. Should the perceived threat from various bits of ungoverned, terrorist-dominated geography around the globe diminish, the controversy involving drone strikes will only grow further. At some point soon, if they haven’t already, the tribunes of the people in the U.S. Congress will begin to wonder about the political wisdom of their association with directed killings.

They needn’t worry — they have already demonstrated their ability to avoid all responsibility — but those charged with carrying out such strikes should, and they know it. Those in both the White House and the Congress who have chosen to comfort themselves by propagating the myths associated with drone strikes — that they are universally “surgical,” always precisely targeted, and that any civilian casualties associated with them are rare — will inevitably find themselves shocked — perhaps “chilled” is the word — by reality when political calculation dictates that they examine it more closely. Drone strikes, like any other aspect of war, are far more messy and imprecise than advertised, involving subjective judgments easily vulnerable to second-guessing and ex-post-facto recrimination. They benefit only by comparison with more primitive methods, including ground attacks and conventional air strikes, but those comparisons will no longer matter when political interest moves in the other direction. Some successor to Dianne Feinstein may well soon find political cover or political advantage, as the case may be, in a thorough, negative investigation of the drone program — we can watch for it.

I told you CIA would invoke Obama’s drone strikes to limit the damage of the torture report.

To be sure, there is already evidence CIA is lying to Congress about drone strikes, just as it lied about torture, particularly about the numbers of civilians it has killed. Yet DiFi has willfully continued to believe those lies, to believe the CIA’s purportedly better record on drone strikes stems from some inherent skill and not the preference of foreign partners to work with a malleable CIA rather than DOD.

Grenier is absolutely right that Congress and the White House want to be lied to on this point.

Grenier then launches a more interesting implicit threat — that CIA will stop doing what the President demands under Article II.

In my own time in CIA, as perhaps in all times, there were those inside the organization who preached that the Agency should steadfastly avoid presidential directives to affect or shape events, rather than just report on them. “Stick to traditional intelligence collection,” they’d say. We hear similar voices now. But presidents always feel otherwise. Every president confronts foreign policy challenges for which a cheap, clandestine solution appears tempting. Given CIA’s unique capabilities, it’s often the right thing to do. But the opportunities to frustrate the president’s wishes and avoid such entanglements are rife for those who are so inclined. There is even a term for it: “slow rolling.” Current events, and the anticipated Senate report, will greatly strengthen the hand of the slow-rollers. It’s hard to disagree with them now.

[snip]

Rather than taking responsibility for changes in counterterrorism policy on itself, it is a far safer, if more insidious course — one instinctive to Congress — to abuse the CIA to the point where it self-regulates. But as noted above, there are serious downsides to that approach. U.S. national security will not be served by fostering a culture within CIA in which the organization decides for itself which of its lawful orders it will choose to follow, and makes those judgments based on what CIA officers consider best for themselves and their institution, rather than on what their elected masters deem best for the country. That is not the way the system is supposed to work. The federal bureaucracy is supposed to follow legal orders. That is what CIA has always done, frequently to its cost, and that is what the American people need it to do. If they don’t like what their elected leaders have done, they can throw them out. They shouldn’t look to CIA to make these decisions for them — on their own, and for their own purposes.

Ostensibly, this talk about slow rolling the President’s Findings is about drone strikes. Except that the President is re-launching the war in Iraq even as we speak, based solely on Article II authority (I presume JSOC features as prominently as CIA, but CIA clearly has been on the ground for some time).

The implicit threat: if SSCI continues to push, both the President and the Democrats who want to respond to ISIS without declaring war will regret it.

Even here, Grenier is full of shit. He makes no mention of the structure of the September 17, 2001 Gloves Come Off Finding, which itself outsourced most substantive decisions to CIA. It’s one thing to demand Congress do something about that — and they should — and yet another to suggest the rest of Obama’s covert operations employ such structure (though I wouldn’t put it beyond the National Security establishment). Moreover, the abundant evidence (in CIA’s own records, which Grenier treats both as accurate and as inaccurate!) that CIA ignored even the limits imposed by DOJ makes their actions illegal, regardless of what order Bush originally gave.

The problem is the orders — both to torture and to drone strike. But it is also the type of relationship Cofer Black and Dick Cheney embraced (and Obama has retained, at least with respect to the Gloves Come Off MON).

Which is why this is my favorite line from Grenier’s piece.

Goodness. If even a substantial portion of this were true, I would be among the first to advise that CIA be razed to the ground and begun all over again.

This is coming (as Grenier alludes to but doesn’t fully lay out, just as he lays out the suggestion that CIA resumed torture after he refused in early 2006) from a guy who tried to stay within the law, stopped torturing after the Detainee Treatment Act forbade it. It is, perhaps, the best line, given the impasse we’re at.

CIA has become the instrument of illegal actions, an arm of the Executive that evades all law, precisely because of its corrupted relationships with both the Executive and Legislative branch.

So, I take you up on the suggestion, Robert Grenier. Let’s raze the damn thing and — if a thorough assessment says a democracy really needs such an agency, which it may not — start over.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Say, Why Should Mikey Hayden Get a Say on Torture that Purportedly Preceded Him?

My favorite call for John Brennan’s head thus far comes from Fred Fleitz, who helped John Bolton sex up WMD claims leading into the Iraq War.  He says John Brennan has to resign not just to shore up CIA’s relations with Congress, but also NSA’s.

I believe CIA director John Brennan and agency officials involved in the monitoring of computers used by the SSCI staff must resign to help mend the CIA’s relationship with Congress. Such resignations would go a long way toward restoring the confidence of the SSCI in the CIA and, it is to be hoped, would win the agency and the National Security Agency some crucial allies in both houses of Congress to fend off several ill-advised intelligence-reform proposals currently under discussion there.

But that’s not my favorite part. Nor is where this “intelligence” professional says a report voted out with support from John McCain (in the first vote) and Susan Collins (in the second) is a Democratic vote. Nor is the bit where Fleitz claims the program was properly briefed, which it wasn’t.

My favorite part is Fleitz’ conflicting claims about Michael Hayden.

The main focus of the SSCI probe reportedly is to prove Democratic claims that the effectiveness of the enhanced-interrogation program has been exaggerated. Former CIA director Michael Hayden and other former senior CIA officials involved in the enhanced-interrogation program dispute this. According to Hayden, as late as 2006 fully half of the government’s knowledge about the structure and activities of al-Qaeda came from harsh interrogations.

Despite their firsthand knowledge of the enhanced-interrogation program, there is no input in the SSCI report from Hayden, former CIA general counsel John Rizzo, or other CIA officials, since the report is based solely on an examination of documents.

Assertion 1) Michael Hayden claims half of the government’s knowledge about al Qaeda came from torture, meaning no more than half came from the illegal torture he was conducting at the time over at NSA (and also meaning that relatively more intelligence has come in from SIGINT since Hayden left).

Assertion 2) Michael Hayden, whose entire CIA tenure post-dated the Detainee Treatment Act that made the torture program illegal, should have some say in a torture report.

Maybe Hayden was spying on the CIA while he was in charge of NSA. Or maybe (ok, in fact) Hayden continued torture after such time as Congress made it doubly illegal.

But in the same way that Cofer Black should not need to have a say in torture if the CIA’s false narrative were not false, Michael Hayden shouldn’t either.

Man, as much as this report is demonstrating how much CIA lies and how useless their torture program was, it also demonstrates the misnomer of the whole “intelligence” label.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.