The Timing of Mark Warner’s PseudoScandal Texts

By now, you’ve heard about Fox News’ scoop that Mark Warner made efforts last year to obtain testimony from two key figures in the Senate Intelligence Committee investigation into Russia’s involvement in the 2016 election via DC fixer Adam Waldman: Christopher Steele and Oleg Deripaska. (In my opinion, the news buried at the bottom of the story that Deripaska agreed to provide testimony if he could get immunity, but did not get it, is far more interesting than the rest of this, but I’m not a Fox News editor.)

“We have so much to discuss u need to be careful but we can help our country,” Warner texted the lobbyist, Adam Waldman, on March 22, 2017.

“I’m in,” Waldman, whose firm has ties to Hillary Clinton, texted back to Warner.

The story also includes this paragraph, which also has gotten less attention.

Warner began texting with Waldman in February 2017 about the possibility of helping to broker a deal with the Justice Department to get the WikiLeaks founder Julian Assange to the United States to potentially face criminal charges. That went nowhere, though a Warner aide told Fox News that the senator shared his previously undisclosed private conversations about WikiLeaks with the FBI.

Interestingly, the Fox story relies on texts that Warner and Richard Burr jointly requested in June (targeting Waldman’s phone, not Warner’s, apparently), and then turned over to the committee in October. I look forward to seeing how the notoriously anti-leak Burr deals with the apparent leak of committee sensitive materials to the right wing press.

Even while the story links to texts from SSCI, it comes a week after a woman duped the famously paranoid Julian Assange into exchanging texts with her fake Sean Hannity account promising news on Mark Warner.

[Dell] Gilliam, a technical writer from Texas, was bored with the flu when she created @SeanHannity__ early Saturday morning. The Fox News host’s real account was temporarily deleted after cryptically tweeting the phrase “Form Submission 1649 | #Hannity” on Friday night. Twitter said the account had been “briefly compromised,” according to a statement provided to The Daily Beast, and was back up on Sunday morning.


Just minutes after @SeanHannity disappeared, several accounts quickly sprung up posing as the real Hannity, shouting from Twitter exile. None were as successful as Gilliam’s @SeanHannity__ account, which has since amassed over 24,000 followers.

Gilliam then used her newfound prominence to direct message Assange as Hannity within hours.

“I can’t believe this is happening. I mean… I can. It’s crazy. Nothing can be put past people,” Gilliam, posing as Hannity, wrote to Assange. “I’m exhausted from the whole night. What about you, though? You doing ok?”

“I’m happy as long as there is a fight!” Assange responded.

Gilliam reassured Assange that she, or Hannity, was also “definitely up for a fight” and set up a call for 9:30 a.m. Eastern, about six hours later.

“You can send me messages on other channels,” said Assange, the second reference to “other channels” he made since their conversation began.

“Have some news about Warner.”

With that in mind, I want to look at the timing of some security issues last year.

While the texts turned over to Congress date to February 14, the conversation pertaining to Steele started around March 22. That puts it not long after news of a massive hack involving T-Mobile, first reported March 16.

An unusual amount of highly suspicious cellphone activity in the Washington, D.C., region is fueling concerns that a rogue entity is surveying the communications of numerous individuals, likely including U.S. government officials and foreign diplomats, according to documents viewed by the Washington Free Beacon and conversations with security insiders.

A large spike in suspicious activity on a major U.S. cellular carrier has raised red flags in the Department of Homeland Security and prompted concerns that cellphones in the region are being tracked. Such activity could allow pernicious actors to clone devices and other mobile equipment used by civilians and government insiders, according to information obtained by the Free Beacon.

It remains unclear who is behind the attacks, but the sophistication and amount of time indicates it could be a foreign nation, sources said.

I would hope to hell that former cell company mogul and current Ranking Member on the Senate Intelligence Committee running an important counterintelligence investigation Mark Warner would be aware of the security problems with mobile phones. But what do I know? [Update: Not much. Looking more closely it looks like he was using Signal.] In the last several months we’ve learned that FBI’s investigators discuss the even more sensitive aspects of the more important side of counterintelligence investigation on SMS texts on their Samsung cell phones.


But who knows what Waldman (who apparently chats a lot with spies, mobbed up Russian oligarchs, and — as Mike Pompeo deemed Wikileaks — non-state hostile intelligence services) knows about cell phone security?

In any case, the day before that was reported publicly, Ron Wyden and Ted Lieu sent a letter to John Kelly (who, as a reminder, in spite of or because he ran DHS for a while, had his own cell phone compromised), stating in part,

We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.


What resources has DHS allocated to identifying and addressing SS7-related threats? Are these resources sufficient to protect U.S. government officials and the private sector.

If the government started considering such issues in March, they might have gotten around to discovering what kinds of problems were created by the T-Mobile hack in June, when Warner and Burr moved to get the texts for SSCI.

In any case, at around that point in time, APT 28 (one of the entities blamed for hacking the DNC the previous year) started a phishing campaign targeting the Senate’s email server.

Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017. The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.

Reporting at the time suggested this was an effort in advance of the 2018 election (which aside from minimizing the damage Russia might do in the interim, ignores the fact that staffers are ostensibly prohibited from using Senate resources for election related activities). But it always seemed to me it would more profitably target policy.

Or, maybe the only reasonable work Congress is doing to investigate the Russians?

Whether there’s a connection between these two compromises last year or not, and Julian Assange, and this Mark Warner story, it’s clear that DC remains ill-prepared to address the counterintelligence problems they’re faced with.

T-Mobile’s Transparency: “Other,” and Granularity to Come on National Security Reports

I think CNet is correct to point out the most amazing thing from T-Mobile’s transparency report released yesterday: somehow, T-Mobile is getting a lot more legal requests than its bigger rivals — though I suspect that’s because pre-paid/contract-less cell phones are a much larger part of its business, and therefore it probably does more business with potential law enforcement targets (for example, both Tsarnaev brothers were using T-Mobile pre-paid phones the day of the attack, and Tamerlan had been since his return from Russia, and the taxi driver busted via the phone dragnet also used T-Mobile).

But I’m interested in three more things about this report. First, as with Amazon, I’m interested that this report comes just after USA F-ReDux rolled out new ways for providers to report national security requests. That offers one possible explanation for why these two companies waited to release their reports.

On a very related note, T-Mobile not only chose to use one of the newfangled reporting options, but it suggested it might be able to do more granular reporting in the future.

Providers are authorized by statute to report the national security requests in one of three ways. T-Mobile has chosen to report a combined total of national security requests for this reporting period, and may be able to report more granular information in the future. To the extent we are permitted to report this information in the aggregate, it must be in bands of 250 increments.

I’ll have to think about why this might be (but remember the initial agreement required a 2-year wait before reporting new requests, so that may be part of it). But I find T-Mobile’s optimism they’ll be able to report more in the future curious.

Then, finally, there is T-Mobile’s “other” category, for which they had 11,105 requests in 2013 and only 8,760 last year (every other category, except national security reporting, has been growing at an alarming clip). T-Mobile explains this category this way:

This may include requests to preserve information pursuant to 18 USC § 2704, requests for T-Mobile information (not customer information), requests pursuant to The Fair and Accurate Credit Transactions Act of 2003, and any other request that does not match a category above.

Given that T-Mobile uses AT&T’s backbone, I think it quite likely it gets a lot of preservation orders, because the FBI will frequently know immediately about T-Mobile traffic, but take some time for legal process on the actual account (indeed, I think that may have happened with the Tsarnaevs, given the way DOJ obscured whether it got T-Mobile information or AT&T information first). It’s also possible other providers don’t distinguish here, and only report the ultimate order or warrant that the information gets preserved for.

That said, there’s a lot of these requests (and the decline is rather curious, given how quickly everything else has gone up).

One more thing. Remember that the current dragnet order may have added another provider. If so, T-Mobile is one of the most likely candidates.

Dianne Feinstein Describes the Data Handshake

I’m going to transcribe some comments Dianne Feinstein made Tuesday night about how proponents of USA Freedom Act got around a data mandate requiring telecoms to keep data longer than they otherwise would. The short version? Rather than a data mandate, USA Freedom Act would have relied on a data handshake.

I’m prepared to make the compromise, which is that the metadata will be kept by the telecoms.  Senator Chambliss and I wrote a letter to the four big telecoms, and we asked them if they would hold the data. The answer came back from two, yes. And the answer came back from two, no. Since that time, the situation has changed — not in writing — but by personal testament from two of the companies, that they will hold the data for at least two years for business reasons. Now here’s the problem. The mandate that was inherent in the 215 Act is gone. But the fact is that the telecoms have agreed to hold the data. The President himself has assured me of this.

I’ll write more on this, which is legally unbelievably fascinating. But for now, I just wanted to post it.

Will the Dragnet Reform Criminalize Ordering Pizza?

There are two major problems with the phone dragnet, as it currently exists.

First, the government has a database of all the phone-based relationships in the United States, one they currently (as far as we know) do not abuse, but one that is ripe for unbelievable abuse.

But there is current abuse going on. The dragnet takes completely innocent people who are three (now two) degrees of separation from someone subjected to a digital stop-and-frisk, a very low standard, and puts them (by dint of at least one communication with someone who communicated with someone who might be suspicious) into the NSA’s analytical maw. Permanently. Those people can have their multiple IDs connected, including any online searches NSA happened to injest, they can be subjected to data mining, by dint of those conversations, they apparently can even have the content of their communications accessed without a warrant, they might even be targeted to become informants using the data available to NSA.

This may well be the digital equivalent of J Edgar Hoover’s subversives list, a collection of people who will always be subject to heightened scrutiny, including unbelievably invasive digital analysis, because of a three degree association years in the past.

According to PCLOB’s estimate, as many as 120 million people may have been — may still be! — subjected for this treatment.

Discussions of whether the House Judiciary and Intelligence Committee bills “reforming” the dragnet really fix it have almost entirely ignored this second abuse, the innocent people who will be subjected to the “full range of NSA’s analytical tradecraft” merely because of a potentially completely innocent association.

There are things that should be done — whether in the current dragnet or the “reformed” one — to mitigate this abuse. Those data ought to age off, which they currently don’t (and won’t, under the new program, as currently described). That analysis ought to be subject to audits, which they’re not currently. The FISC ought to get some sense of what happens in this corporate store, which it’s not clear it currently has. Criminal defendants ought to have some visibility into whether their prosecutions stemmed from such analysis.

But there are also things — as Congress crafts a dragnet replacement — that can affect the sheer number of new people who will be thrown into the corporate store, into NSA’s analytical pool. And those things have a lot to do with how this new scheme deals with what is called “data integrity.”

As I have written repeatedly, the number of results NSA (or the telecoms, under the new system) will get under a particular query depends on how many noisy numbers — things like telemarketers, voice mail numbers, and pizza joints — remain in the collection. As Jonathan Mayer showed, even in his 300 person dataset that included just 2 people who had ever called each other, 17% were connected at the second hop through T-Mobile’s voice mail number.

In spite of the fact that just 2 of its participants had called each other, the fact that so many people had called T-Mobile’s voicemail number connected 17% of participants at two hops.

Already 17.5% of participants are linked. That makes intuitive sense—many Americans use T-Mobile for mobile phone service, and many call into voicemail. Now think through the magnitude of the privacy impact: T-Mobile has over 45 million subscribers in the United States. That’s potentially tens of millions of Americans connected by just two phone hops, solely because of how their carrier happens to configure voicemail.

And from this, the piece concludes that NSA could get access to a huge number of numbers with just one seed.

But our measurements are highly suggestive that many previous estimates of the NSA’s three-hop authority were conservative. Under current FISA Court orders, the NSA may be able to analyze the phone records of a sizable proportion of the United States population with just one seed number.

We know NSA currently does significant work to pull those noisy numbers via a “data integrity” process both before new data is used for contact chaining and as new numbers are identified as “high volume numbers.” While we don’t get to assess the efficacy of that process, it can make the difference between hundreds of millions of Americans getting thrown into the NSA’s analytical pool, or just tens of thousands. But as the contact-chaining process gets outsourced to the telecoms, the question becomes more pressing.

As I see it, there are three possible ways this function might be done going forward:

  1. The telecoms do an initial sort of high volume numbers, taking out voice mail box and telemarketer calls, then pass the data onto NSA, which does a secondary sort to pull out things like pizza joints (which NSA might want to keep in the data set, but suppress in contact chaining until they have evidence a pizza joint might be a key hub in a terrorist attack). This plays to existing telecom strengths (most likely do similar analysis on their own use of the data now), but doesn’t require they make what are analytical intelligence decisions. Even though this is likely the best solution, it still means many completely innocent Americans may be subject to NSA’s analysis because they ordered pizza.
  2. The telecom does all the data integrity analysis, identifying all the high volume numbers. This would result in the fewest number (but still intolerably too many) of innocent Americans being dumped into NSA’s pot. But it would also turn the telecoms into an arm of US intelligence (well, even more than they already are!), because they’d be in the position of making analytical judgments about what data is useful for NSA’s intelligence purposes. Which may be one of the reasons the telecoms seem to be demanding immunity, again.
  3. NSA does the data integrity analysis at the telecoms, as seems to be envisioned by the HPSCI bill. This might achieve the current status quo, borrowing on 8 years of experience to strike the right balance. But it would also present the intolerable condition of NSA employees or contractors accessing and analyzing the raw data of private communications providers at the providers’ locales.

Read more

At What Point Does T-Mobile CEO Get Dinged for False Advertising?


The CEO of T-Mobile thinks the government, in suing to stop its merger with AT&T, simply didn’t understand how merging with AT&T would benefit customers. (h/t mistermix)

By now you have heard the news that the Department of Justice (DOJ) has filed a lawsuit to block the AT&T and T-Mobile merger in U.S. District Court. We were surprised by this sudden announcement, and DT will join AT&T in challenging the DOJ’s case in court.

DT and AT&T believe the DOJ has failed to acknowledge the significant consumer benefits of this deal. DT remains convinced that bringing together these two world-class businesses would create significant benefits for customers and the country.

I’d really like someone to sue T-Mobile for false statements. Either the filings they have and will submit are false, or this ad campaign is (my vote). But somebody’s not telling the truth.

DOJ Sues to Stop AT&T/T-Mobile Merger

Finally, the Department of Justice did something (aside from its good work on Civil Rights) worthy of its name: it sued to prevent the AT&T/T-Mobile merger.

The Department of Justice today filed a civil antitrust lawsuit to block AT&T Inc.’s proposed acquisition of T-Mobile USA Inc.   The department said that the proposed $39 billion transaction would substantially lessen competition for mobile wireless telecommunications services across the United States, resulting in higher prices, poorer quality services, fewer choices and fewer innovative products for the millions of American consumers who rely on mobile wireless services in their everyday lives.

The department’s lawsuit, filed in U.S. District Court for the District of Columbia, seeks to prevent AT&T from acquiring T-Mobile from Deutsche Telekom AG.

“The combination of AT&T and T-Mobile would result in tens of millions of consumers all across the United States facing higher prices, fewer choices and lower quality products for mobile wireless services,” said Deputy Attorney General James M. Cole.   “Consumers across the country, including those in rural areas and those with lower incomes, benefit from competition among the nation’s wireless carriers, particularly the four remaining national carriers.   This lawsuit seeks to ensure that everyone can continue to receive the benefits of that competition.”

“T-Mobile has been an important source of competition among the national carriers, including through innovation and quality enhancements such as the roll-out of the first nationwide high-speed data network,” said Sharis A. Pozen, Acting Assistant Attorney General in charge of the Department of Justice’s Antitrust Division.   “Unless this merger is blocked, competition and innovation will be reduced, and consumers will suffer.”

The press release, at least, cites a lot of T-Mobile documents to argue for T-Mobile’s key role in keeping the cell phone industry competitive, not an AT&T document that was recently leaked showing that AT&T pursued the merger for anti-competitive reasons.

The complaint cites a T-Mobile document in which T-Mobile explains that it has been responsible for a number of significant “firsts” in the U.S. mobile wireless industry, including the first handset using the Android operating system, Blackberry wireless email, the Sidekick, national Wi-Fi “hotspot” access, and a variety of unlimited service plans.   T-Mobile was also the first company to roll out a nationwide high-speed data network based on advanced HSPA+ (High-Speed Packet Access) technology.  The complaint states that by January 2011, an AT&T employee was observing that “[T-Mobile] was first to have HSPA+ devices in their portfolio…we added them in reaction to potential loss of speed claims.”

The complaint details other ways that AT&T felt competitive pressure from T-Mobile.   The complaint quotes T-Mobile documents describing the company’s important role in the market:

  • T-Mobile sees itself as “the No. 1 value challenger of the established big guys in the market and as well positioned in a consolidated 4-player national market”; and
  • T-Mobile’s strategy is to “attack incumbents and find innovative ways to overcome scale disadvantages.   [T-Mobile] will be faster, more agile, and scrappy, with diligence on decisions and costs both big and small.   Our approach to market will not be conventional, and we will push to the boundaries where possible. . . . [T-Mobile] will champion the customer and break down industry barriers with innovations. . . .”

Still, I would bet this suit became a lot easier to file now that AT&T’s lies about the merger have been exposed.

Update: The complaint references just two AT&T documents (see paragraph 30). Neither is the leaked document, but they deal with fundamentally the same issue, how AT&T responded to T-Mobile on upgrading its network.

AT&T Confident Its Partner in Crime Will Let It Take Over T-Mobile

Here’s the last paragraph of a Politico article describing the considerable extent of AT&T’s paid influence in DC.

AT&T said Monday that it is “confident” it can secure federal approval as it presents its case for T-Mobile, and both companies signaled Monday that they hoped to wrap everything up in about a year. AT&T declined to comment on its lobbying and PAC efforts and whether those efforts would be stepped up as it pushes for merger approval.

Now, the Politico piece is worth reading just for a sense of how corrupt the upcoming approval of the merger will no doubt be.

But somehow Politico forgot to mention the other reason AT&T will be granted the right to buy T-Mobile in spite of its clear assault on key principles of competitive capitalism: because the government owes AT&T.

Or, to put it another way, AT&T and the government have become so closely entwined in their joint program spying on Americans that the government cannot be said to be an independent reviewer of AT&T’s business.

Not only that, but by having AT&T take over T-Mobile, the government will get more unfettered access to Americans’ phone records. As Chris Soghoian explains:

While it is little known to most consumers, T-Mobile is actually the most privacy preserving of the major wireless carriers. As I described in a blog post earlier this year, T-Mobile does not have or keep IP address logs for its mobile users. What this means is that if the FBI, police or a civil litigant wish to later learn which user was using a particular IP address at a given date and time, T-Mobile is unable to provide the information.

In comparison, Verizon, AT&T and Sprint all keep logs regarding the IP addresses they issue to their customers, and in some cases, even the individual URLs of the pages viewed from handsets.

While privacy advocates encourage companies to retain as little data about their customers as possible, the Department of Justice wants them to retain identifying IP data for long periods of time. Enough so that T-Mobile was called out (albeit not by name) by a senior DOJ official at a data retention hearing at the House Judiciary Committee back in January:

“One mid-size cell phone company does not retain any records, and others are moving in that direction.”

If and when the Federal government approves this deal, T-Mobile’s customers and infrastructure will likely be folded into the AT&T mothership. As a result, T-Mobile’s customers will lose their privacy preserving ISP, and instead have their online activities tracked by AT&T.

So no wonder AT&T is so confident they’ll get to do what they want, and to hell with the interests of consumers. While this deal offers zero benefit for consumers, it does give the government just what it wants.