Posts

NSA Propagandist John Schindler Suggests Boston Marathon Terrorist Attack Not “Major Jihadist Attack”

NSA propagandist John Schindler has used the San Bernardino attack as an opportunity to blame Edward Snowden for the spy world’s diminished effectiveness, again.

Perhaps the most interesting detail in his column is his claim that 80% of thwarted attacks come from an NSA SIGINT hit.

Something like eighty percent of disrupted terrorism cases in the United States begin with a SIGINT “hit” by NSA.

That’s mighty curious, given that defendants in these cases aren’t getting notice of such SIGINT hits, as required by law, as ACLU’s Patrick Toomey reminded just last week. Indeed, the claim is wholly inconsistent with the claims FBI made when it tried to claim the dragnet was effective after the Snowden leaks, and inconsistent with PCLOB’s findings that the FBI generally finds such intelligence on its own. Whatever. I’m sure the discrepancy is one Schindler will be able to explain to defense attorneys when they subpoena him to explain the claim.

Then there’s Schindler’s entirely illogical claim that the shut-down of the phone dragnet just days before the attack might have helped to prevent it.

The recent Congressionally-mandated halt on NSA holding phone call information, so-called metadata, has harmed counterterrorism, though to what extent remains unclear. FBI Director James Comey has stated, “We don’t know yet” whether the curtailing of NSA’s metadata program, which went into effect just days before the San Bernardino attack, would have made a difference. Anti-intelligence activists have predictably said it’s irrelevant, while some on the Right have made opposite claims. The latter have overstated their case but are closer to the truth.

As Mike Lee patiently got Jim Comey to admit last week, if the Section 215 phone dragnet (as opposed to the EO 12333 phone dragnet, which remains in place) was going to prevent this attack, it would have.

Schindler then made an error that obscures one of the many ways the new phone dragnet will be better suited to counterterrorism. Echoing a right wing complaint that the government doesn’t currently review social media accounts as part of the visa process, he claimed “Tashfeen Malik’s social media writings [supporting jihad] could have been easily found.” Yet at least according to ABC, it would not have been so easy. “Officials said that because Malik used a pseudonym in her online messages, it is not clear that her support for terror groups would have become known even if the U.S. conducted a full review of her online traffic.” [See update.] Indeed, authorities found the Facebook post where Malik claimed allegiance to ISIS by correlating her known email with her then unknown alias on Facebook. NSA’s new phone program, because it asks providers for “connections” as well as “contacts,” is far more likely to identify multiple identities that get linked by providers than the old program (though it is less likely to correlate burner identities via bulk analysis).

Really, though, whether or not the dragnet could have prevented San Bernardino which, as far as is evident, was carried out with no international coordination, is sort of a meaningless measure of NSA’s spying. To suggest you’re going to get useful SIGINT about a couple who, after all lived together and therefore didn’t need to use electronic communications devices to plot, is silliness. A number of recent terrorist attacks have been planned by family members, including one cell of the Paris attack and the Charlie Hebdo attack, and you’re far less likely to get SIGINT from people who live together.

Which brings me to the most amazing part of Schindler’s piece. He argues that Americans have developed a sense of security in recent years (he of course ignores right wing terrorism and other gun violence) because “the NSA-FBI combination had a near-perfect track record of cutting short major jihadist attacks on Americans at home since late 2001.” Here’s how he makes that claim.

Making matters worse, most Americans felt reasonably safe from the threat of domestic jihadism in recent years, despite repeated warnings about the rise of the Islamic State and terrible attacks like the recent mass-casualty atrocity in Paris. Although the November 2009 Fort Hood massacre, perpetrated by Army Major Nidal Hasan, killed thirteen, it happened within the confines of a military base and did not involve the general public.

Two months before that, authorities rolled up a major jihadist cell in the New York City area that was plotting complex attacks that would have rivalled the 2005 London 7/7 atrocity in scope and lethality. That plot was backed by Al-Qa’ida Central in Pakistan and might have changed the debate on terrorism in the United States, but it was happily halted before execution – “left of boom” as counterterrorism professionals put it.

Jumping from the 2009 attacks (and skipping the 2009 Undiebomb and 2010 Faisal Shahzad attempts) to the Paris attack allows him to suggest any failure to find recent plots derives from Snowden’s leaks, which first started in June 2013.

However, the effectiveness of the NSA-FBI counterterrorism team has begun to erode in the last couple years, thanks in no small part to the work of such journalists-cum-activists. Since June 2013, when the former NSA IT contactor [sic] Edward Snowden defected to Moscow, leaking the biggest trove of classified material in all intelligence history, American SIGINT has been subjected to unprecedented criticism and scrutiny.

There is, of course, one enormous thing missing from Schindler’s narrative of NSA perfection: the Boston Marathon attack, committed months before the first Snowden disclosures became public. Indeed, even though the NSA was bizarrely not included in a post-Marathon Inspector General review of how the brothers got missed, it turns out NSA did have intelligence on them (Tamerlan Tsarnaev was in international contact with known extremists and also downloaded AQAP’s Inspire magazine repeatedly). Only, that intelligence got missed, even with the multiple warnings from FSB about Tamerlan.

Perhaps Schindler thinks that Snowden retroactively caused the NSA to overlook the intelligence on Tamerlan Tsarnaev? Perhaps Schindler doesn’t consider an attack that killed 3 and injured 260 people a “major jihadist attack”?

It’s very confusing, because I thought the Boston attack was a major terrorist attack, but I guess right wing propagandists trying to score points out of tragedy can ignore such things if it will spoil their tale of perfection.

Update: LAT reports that Malik’s Facebook posts were also private, on top of being written under a pseudonym. Oh, and also in Urdu, a language the NSA has too few translators in. The NSA (but definitely not the State Department) does have the ability to 1) correlate IDs to identify pseudonyms, 2) require providers to turn over private messages — they could use PRISM and 3) translate Urdu to English. But this would be very resources intensive and as soon as State made it a visa requirement, anyone trying to could probably thwart the correlation process.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Other Possible Whys behind the Boston Marathon Attack

As the Dzhokhar Tsarnaev trial pauses for the Marathon and the attack anniversary (and, ostensibly, to give the defense time to line up their witnesses), some competing sides have aired their views about the story not being told at the trial.

An odd piece from BoGlo’s Kevin Cullen quotes a cop asking why the FBI Agents who interviewed Tamerlan Tsarnaev in 2011 did not recognize him from surveillance videos.

“Who were the FBI agents who interviewed Tamerlan Tsarnaev after the Russians raised questions about him two years before the bombings, and why didn’t they recognize Tamerlan from the photos the FBI released?” he asked.

That’s actually a great question. But then Cullen goes onto make some assertions that — if true — should themselves elicit questions, questions he doesn’t ask. He marvels at the video analysis after the event, but doesn’t mention that the FBI claims the facial recognition software it has spent decades developing didn’t work to identify the brothers. He lauds the FBI for finding Dzhokhar’s backpack in a dumpster, but far overstates the value of the evidence found inside (remember, among other things found on a thumb drive in it was a rental application for Tamerlan’s wife). Cullen also overstates the FBI’s evidence that the bombs were made in Tamerlan’s Cambridge apartment, and so sees that as a question about why Tamerlan’s wife, Katherine, wasn’t charged (forgetting, I guess, that she was routinely gone from the apartment 70 hours a week), rather than a question about all the holes in FBI’s pressure cooker story: Why did Tamerlan pay cash for pressure cookers — as FBI suggests he did — all while carrying a mobile GPS device that he brought with him when trying to make his escape? Where did the other two pressure cookers (the third pressure cooker used as a bomb, and the one found at the apartment) come from?

Masha Gessen — who just wrote a book about the case that I have not yet read — asks some of the same questions in a NYT op-ed in a piece that also highlights the government’s flawed claims about radicalization at the core of this case.

Even worse, two critical questions have not been answered. Where were the bombs built? Investigators have testified that they were not built at the older brother’s apartment or in the younger brother’s dorm room. Were they built in someone else’s apartment, house or garage? If so, who, and was he a knowing accomplice? Did he help in any other way?

The other big question is: Why did the F.B.I. fail to identify Tamerlan Tsarnaev, the older brother, who had been fingered as a potential terrorist risk two years before the bombing and interviewed by field agents? Within 24 hours of the bombing, on April 15, 2013, investigators focused on images of the brothers in surveillance tapes recovered from the scene. Yet they had no names — and more than two days later they released the photos to the public, asking for help with identifying the suspects. How is it possible that someone who had been interviewed by a member of the local Joint Terrorism Task Force could not be identified from the pictures?

Note, I think Gessen overstates how strongly the government has said the bombs weren’t made at the Cambridge apartment, but it is consistent with the evidence presented that they weren’t.

Compare these decent questions with Janet Napolitano’s take — not so much on the trial, but on Gessen’s book.

Before I get into the key graph of her review, consider Napolitano’s role here. Her agency — especially Customs and Border Patrol — came in for some criticism in the Joint IG Report on the attack, because they may not have alerted the FBI to Tamerlan Tsarnaev’s travel to and from Russia in 2012, because they treated Tamerlan as a low priority and therefore didn’t question him on his border crossings (the trial record may indicate Tamerlan had Inspire on his computer when he traveled to Russia), and because the CBP record on Tamerlan went into a less visible status while he was out of the country, meaning he evaded secondary inspection on the way back into the country as well. Yet she mentions none of those crucial details about DHS’s role in missing Tamerlan’s travel and increasing extremism in her review.

Rather, she describes her agency as a valiant part of the combined effort to hunt down the attackers.

As secretary of homeland security, I immediately mobilized the department to assist Boston emergency responders and to work with the F.B.I. to identify the perpetrators. Because the Boston Marathon is an iconic American event, we suspected terrorism, but no group stepped forward to claim credit. Massive law enforcement resources — local, state and federal — had to be organized and deployed so that, within just a few days, we had narrowed the inquiry from the thousands of spectators who had come to cheer on the runners to two, who had come to plant bombs.

Only much later in her review does Napolitano makes a defense of the government failure to prevent this attack, though once again she makes no mention of her own agency’s role in failing to stop the attack. As Napolitano tells it, this is about the FBI and it’s just “armchair quaterbacking.”

In the course of armchair quarterbacking that followed the bombing, it was revealed that the Russian Federal Security Service, known as the F.S.B., had notified the F.B.I. in 2011 about Tamerlan’s presence in the United States. Although criticized for inadequate follow-up, the F.B.I. actually interviewed Tamerlan and other household members at least three times in 2011. Further requests to the F.S.B. for details went unanswered. Other than putting Tamerlan under 24-hour surveillance, it is difficult to ascertain what more the F.B.I. could have done — according to Gessen, Russia routinely presumes all young urban Muslim men to be radical.

Much of the rest of Napolitano’s review focuses on the government’s theory of radicalization and the Tsarnaev family’s collective failure to achieve the American Dream (which, I guess, is what Gessen was debunking in her op-ed the next day), returning the story insistently to one about radicalization. Except then, having emphasized how many times the FBI had contact with Tamerlan in 2011, she scoffs at the questions that might raise and Gessen’s reliance on evidence the government itself has introduced into the public record.

In the final chapters, however, the book becomes curiouser and curiouser; Gessen seems to become a conspiracy theorist. She postulates that the F.B.I. recruited Tamerlan as an informant during their visits to the Tsarnaev home in 2011. She then surmises that Tamerlan went rogue and participated in the killing of three friends with whom he dealt marijuana. She goes further, and suggests that after the bombings, the F.B.I. delayed telling Boston law enforcement about Tamerlan’s identity because they wanted to reach him first, kill him and hide his presence as an informant. Gessen likens this alleged behavior to the F.B.I.’s use of sting operations, and she implies that the bureau has been entrapping defendants as opposed to finding real terrorists. And, finally, relying on the words of “several” unnamed explosives experts, she asserts that the Tsarnaevs must have had help constructing the bombs, despite the presence of explicit instructions on the Internet and in Inspire, a jihadist magazine.

How is Gessen a conspiracy theorist because she “surmises that Tamerlan … participated” in the 2011 Waltham killings? That claim came from the FBI itself! The FBI says Ibragim Todashev was confessing to that fact when they killed him. And how is suggesting the bombs used at the Marathon (as distinct from those thrown in Watertown) could not have come directly from Inspire be a conspiracy theory when that is the testimony the defense elicited from FBI’s own bomb expert on cross examination?

Effectively, Janet Napolitano, whose agency rightly or wrongly received some of the criticism for failing to prevent this attack, completely ignores the questions about prevention and then dismisses questions that arise out of the government’s failure to prevent the attack as a conspiracy theory.

Napolitano’s choice to write (and NYT’s choice to publish) a critical review of a book pointing out problems with the narrative of the attack she herself has been pitching actually got me thinking: Imagine Robert Mueller writing such a review? Had he done so, the inappropriateness of it, the absurdity of deeming claims made by the FBI a conspiracy theory, and his own agency’s role in failing to prevent the attack would have been heightened. Not to mention, he likely would have had a hard time dismissing the real questions about the provenance of the bombs, given that his former agency claims not to know the answers to them. And that made me realize that having Napolitano write this review worked similarly to the way the prosecution’s parade of witnesses who hadn’t done the primary analysis on the evidence in the case did. It gave official voice to the chosen narrative, without ever exposing those who might be able to answer the still outstanding questions to question.

For what it’s worth, I have a few more questions about the attack that — like Cullen and Gessen — I regret will likely go unanswered. Or rather, perhaps another theory about the government’s implausible claim not to have IDed the brothers until they got DNA from Tamerlan on April 19th.

As I mentioned, no one wants to talk about why facial recognition didn’t work which — if true — ought to have led to congressional hearings and the defunding of the technology. The FBI wants you to believe that they couldn’t ID a guy they had had in a terrorist watchlist and extended immigration records on and Congress wants you to believe that would be acceptable performance for an expensive surveillance system.

I’ve also tracked the government’s odd use of GPS data in the trial. They used cell tower information based off the brothers’ known handsets (which they only got in smashed condition days later) to track their movement at the race. They used a series of GPS devices to track the purchases of the materials used in the attack and to track the brothers in the stolen Mercedes (though their claims about how they tracked the Mercedes still don’t add up). There’s something missing from this story, and I increasingly wonder whether it’s the use of a Stingray or similar device, which we know even local authorities use in the case of public events like protests or sporting events, which might have been able to pinpoint calls made between phones using the same “cell” at the race, and with it, pinpoint the phones we know were registered under the brothers’ real names.

So here’s my conspiracy theory, Janet Napolitano: Not only do I think claims Tamerlan was an informant ought to be at least assessed seriously (though I also think the Russians clearly are not telling us what they believed him to be, either), which might be one explanation for FBI’s dubious claims not to have IDed the brothers for over 3 days. But I also think the government pursued this case with an eye towards what intelligence they were willing to admit at trial — and we know they refuse to admit how sophisticated their use of Stingrays is, and we should assume they refuse to admit how well facial recognition technology works, either.

That is, in addition to the other real questions and possible explanations for the delay, I think it possible that the FBI had to create a manhunt so as to hide the tools that IDed the brothers far earlier than they let on.

Update: I meant to add that I think the timing of the recent Stingray releases to be curious. Basically, the dam holding back disclosures of the FBI’s secrecy on Stingrays burst on Wednesday, April 8, as the ACLU, Baltimore, and two other jurisdictions got Non-Disclosure Agreements on the same day, after the Tsarnaev case had gone to the jury. That’s as conveniently timed, it seems, as the April 3 release of the After Action report, which Massachusetts had held since December. Also remember that the government doesn’t have to disclose PRTT data to defendants unless it uses that evidence at trial (and has suggested it has PRTT data on other terrorist defendants that it doesn’t have to turn over). So if they did use a Stingray to ID the brothers at all, they would claim they didn’t have to disclose it, but wouldn’t want to make the capability too obvious until after the defense lost any opportunity to make a constitutional claim.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Tamerlan Tsarnaev Moved Inspire onto Dzhokhar’s Computer the Day He Left for Russia

Yesterday, the defense in the Dzhokhar Tsarnaev trial rested; closing arguments will be Monday. Dzhokhar’s defense consisted of just four witnesses, undermining the suggestions by the prosecution that he was just as steeped in jihadist propaganda as Tamerlan (see this post for part of a description).

As part of their efforts to do that, the defense showed, in far more detail, what the brothers had been doing online, and how the complete copies of Inspire magazine had gotten onto all their computers and when. (The defense exhibits are here, though this site is apparently being flagged as itself suspicious, at least by Twitter.) This document, for example, shows that Dzhokhar spent more time on Pornhub than he did on anything explicitly jihadist (though who knows what we was doing on Facebook and VKontakte, his most commonly accessed sites, by a very large margin). Several of the others show that the searches for explosives related materials took place on Tamerlan’s computer (though oddly, he already had some of those materials by that point).

And while I don’t think the defense laid this case out yesterday, it appears that Tamerlan loaded Inspire onto a thumb drive and then onto Dzhokhar’s computer the morning of January 21, 2012, just before he left for Russia.

This document shows that the Sony Vaio, which ultimately became Dzhokhar’s computer, was loaded with Windows in early 2011. Then came the HP that was in a room in Cambridge that fall. And finally came the Samsung loaded with Windows December 21, 2011, not long before Tamerlan would go to Russia. This document shows CompleteInspire being created on the Samsung that day, December 21, 2011. This document appears to show someone inserting a thumb drive into the Samsung at 6:22 AM on January 21, 2012, moving a copy of Inspire onto it, and then moving copies of those onto the Sony.

This CBP record shows his departure that day on Aeroflot flight 316, which at least currently departs at 8:05PM.

It’s not clear what to make of this — though it does make clear that Dzhokhar, at least, would have avoided any upstream searches on Inspire because it got placed on his computer view thumb drive, not download. It also doesn’t prove that Dzhokhar wasn’t reading Inspire by that point — as far as I understand it, the Sony was his computer by that point. But I find the timing — that the first thing Tamerlan did the morning he left for Russia was to make sure all the laptops had a copy of Inspire on them — rather curious.

One more note: something else introduced in the last days also showed a Russian version of Inspire.

Also, from the exhibits, it’s not really clear whether these files were found on the computer or deleted in unallocated space. There was a second copy of CompleteInspire loaded onto the Samsung in August 2012, after Tamerlan returned from Russia. So it’s possible that what we’re seeing is Tamerlan moving Inspire onto his brother’s computer, deleting it on his own for border crossings, and then reloading it on his own after his return.

That said, if he didn’t delete that copy of Inspire the morning he left for Russia, if CBP done a perfectly legal device search on Tamerlan’s computer at JFK that evening, they might have seen that he was flying with a full copy of Inspire on his device (though remember, this computer, unlike the Sony, was encrypted). Which, if it were the case, would make CBP’s failure to do so all the more damning.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Tamerlan’s Search on Remote Control Car Info

I want to do a quick post about details defense attorney Timothy Watkins snuck into today’s testimony at the Dzhokhar Tsarnaev trial. FBI Supervisory Special Agent Edward Knapp testified at length about how he investigated the bombs used in the attacks. At the end of direct, the government had him show how closely the bombs — both the elbow pipe bombs used at Watertown and the pressure cooker bombs — resembled bomb instructions included in Inspire Magazine.

The effort was, as so much of this trial has been, a carefully scripted effort to tell a narrative that probably doesn’t reflect the full truth of how the brothers got or made the bombs using what propaganda. Judge George O’Toole had, earlier in the trial, prevented the defense from entering evidence about the Russian bomb making materials on Tamerlan’s hard drive. Knapp focused on the bombs that most closely resembled Inspire bombs (focusing on the elbow pipe bomb, for example, and not the straight one also used in Watertown). He didn’t get into really big detail about the trigger used for the bombs used at the race. Knapp even focused on a green Christmas light in one of the bombs to show it was just like the green Christmas light in the Inspire recipe.

Ultimately, it was about how the bombs could have been made from the recipes in Inspire magazine.

In addition to trying, unsuccessfully, to get Knapp to reveal what fingerprint evidence had shown about the bomb materials (they almost certainly show that Tamerlan handled the bombs, not Dzhokhar), Watkins asked,

Watkins: Inspire Magazine doesn’t mention RC cars as a bomb component, does it? Knapp: I don’t think so.

In the midst of an objection, Watkins sneaks in question…did u know Tamerlan searched internet for RC car info? Objection, sustained.

The question, if permitted as evidence, would have shown several things: that Tamerlan didn’t follow Inspire exactly for the bombs used at the race, that Tamerlan was the one putting them together, and — possibly — that Tamerlan was at least partly using a Russian model for the bomb, not Inspire’s model. (One detail defense revealed yesterday is that there was nitroglycerine at the Cambridge apartment which was stronger than the firecrackers used in the pressure cookers.)

That, by itself is notable: once again, the government’s pat narrative is almost certainly not a description of what actually happened.

But the detail also raised questions about why Tamerlan’s searches for what ultimately were bomb parts were not found by the FBI or NSA.

There are several answers.

1) These were searches for toy parts, not bomb parts. While FBI might now trigger on remote controllers, they probably didn’t then, even if they had a dragnet. FBI appears to keep expanding its dragnets as terrorists use certain tools.

2) While FBI should have done a back door search on Tamerlan when they did the assessment of him in 2011, nothing we know of would have triggered a new assessment in the interim, even if they did dragnet on remote controllers which I doubt.

3) I do strongly suspect that NSA had picked up the brothers’ downloads of Inspire, which I suspect is triggered to the encryption codes included in the magazine and not to any key word content of the magazines or even the URL. If I’m right (and that’s just a guess), then the NSA would have had data on the brothers. In fact, we know the NSA did have data on one or both of the brothers that didn’t get read until after the attack. If it was Inspire, I think they probably didn’t attract attention because they weren’t 2-degrees of someone interesting or hadn’t been found in one of the more targeted chat rooms. It would also mean that FBI didn’t then share Tamerlan’s identifiers they identified during their 2011 assessment of him with NSA for future mapping (I don’t necessarily think they should, but if they had, then NSA might have paid more attention to whatever data they did have on the brothers, potentially eliciting a second look once they collected it). Also remember, the brother may not even have been downloading Inspire until after the FBI stopped investigating Tamerlan.

4) While XKeyscore certainly has the ability to do searches on “remote car controllers” it’s not clear that would pull off content collected in the US, so it would only show up if the server Tamerlan went to was overseas; they were probably local and Amazon. Who knows? Maybe now FBI has also started an Amazon dragnet on remote controllers. But again, you’d need something else to trigger interest in Tamerlan’s identifier doing the search.

5) I suspect that what Watkins was referring to came from a subpoena to Tamerlan’s ISP for all his web searches. So that they had the searches are themselves unsurprising.

Update: Here’s the shipping bill for some of the remote control supplies he bought, from a site called NitroRCX which appears to be in the metro Los Angeles area. I believe the other one was from Amazon.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Details on the Pressure Cooker Dragnet

Screen Shot 2015-03-25 at 4.14.58 PM

Tamerlan walking out of Target after having purchased the backpacks used in attack.

In this morning’s Tsarnaev trial testimony, FBI’s Christian Fierabend testified to the evidence about purchases leading up to the attack (h/t to CBS’s Jim Armstrong among others for the live-tweeting). As much as possible, he tried to show both GPS coordinates from one of the Tsarnaevs’ cars and some kind of purchase record for the the attack equipment (things like BBs, backpacks, and the remote car detonator).

Some of this was easy because a number of the receipts (such as for the backpacks used to carry the bombs) were sitting in Tamerlan’s wallet, which the government retrieved from Dzhokhar’s Civic at the Watertown scene. Some, such as remote controlled cars, were online purchases involving credit cards.

But in spite of the fact that Tamerlan Tsarnaev purchased some of his supplies using a credit card, according to Fierabend, the pressure cookers, Fagor Elites sold exclusively at Macys, which currently sell for $50 to $60 apiece, were purchased with cash. According to Fieraband, the government obtained records of all the Fagor Elites purchased in the US between August 2012 and April 2013. Of the 74 pressure cookers sold in the Northwest in that period, just 5 pressure cookers were purchased in cash, just 3 in MA.

According to rather remarkable testimony, Macys has no  surveillance video of those purchases.

The government did, however, cross-reference the purchases to the Tsarnaevs through use of a portable GPS that was ultimately apparently retrieved from the Mercedes the brothers hijacked.

In other words, the implication is one of the Tsarnaevs or someone else used cash to purchase pressure cookers, which you would thing would be an attempt to hide the identity of the purchaser, but not only do it while running a portable GPS that tracked back to their Cambridge home, but then bring that portable GPS into the getaway car they hijacked.

That’s all the more crazy given that the last pressure cooker wasn’t purchased until March, and Tamerlan appeared to be prepping to die, given that he sent his mother $900 the day before the attack (unless she had funded the attack specifically). If you’re going to ID yourself with a GPS, then pay with a credit card and get it for free.

All that said, I’m cognizant Tamerlan left his wallet, with receipts, in the Civic, along with some other identifying documents, and also by carrying that GPS at least made himself appear to be the purchaser of the pressure cooker, whether or not he was. Tamerlan wasn’t hiding his identity.

And yet someone paid cash for the pressure cookers.

The one other nifty detail in all this is that if you also bought a Fagor Elite pressure cooker in this period, you’re likely to be in an FBI database until 2043.

Update: One more thing about the pressure cookers. There was part of a lid and a gasket from a pressure cooker at the apartment, which means there must be one more pressure cooker. That one, then, might be unaccounted by the purchase records evidence.

Update: Here are the exhibits from today’s testimony. Unless I’m mistaken, the government only entered purchase records from one of the pressure cooker purchases, the purchase of two from the Boston store on January 31, 2013 (this is the one they tied to the portable GPS device). So there should be two more pressure cookers — the second 6 quart one used in the race attack, and the one from which the lid and the gasket were taken in the Cambridge apartment.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The 4-Year Old Pizza Conversations

Because I harp endlessly about the need to defeat pizza joints in the NSA’s contact chaining, which might affect the process’ utility for the Tsarnaev brothers, both of whom worked at pizza joints who had weird ties to another pizza joint, I wanted to point to this piece describing the deportation proceedings of Mustafa Ozseferoglu.

Ozseferoglu came to the US from Turkey illegally in 2000 when he was 16, across the Mexican border. He was married to an American and has a son born in this country, Osman, whose health concerns Ozseferoglu has cited in his bid to stay in the country.

Ozseferoglu was interviewed by the FBI in July 2013 and then arrested on immigration charges in September 2013 (at the same time the FBI was going after a bunch of other immigrants with ties to the Tsarnaevs).

Ozseferoglu met Tamerlan through his father, but then worked with him briefly in 2009, during which point they exchanged some number of phone calls — for work purposes, according to Ozseferoglu.

Ozseferoglu came to Anzor for repairs regularly. When Anzor asked him why his cars were so rundown, he told him that he delivers pizza for Boston Pizza Express. Pretty soon after that, Tamerlan applied for the job too.

Boston Pizza Express, has since gone out of business, but in 2009 it was located at 1026 Commonwealth Avenue, near Boston University. Ozseferoglu and Tamerlan worked together for between three weeks and three months, a rough estimate that was scrutinized heavily by the prosecution.

[snip]

In Ozseferoglu’s immigration hearing, the number of phone calls between him and Tamerlan during this period of time were called into question. Kelly says the two contacted each other about 100 times. Ozseferoglu says these calls weren’t illicit, or even personal. The two, he says, were just coordinating pizza deliveries.

“When we’re going on delivery, we take some of the deliveries and we call the other driver,” he explains.

Read more

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Levitation: Inspire-Ing Work from CSE

Screen shot 2015-01-29 at 11.33.43 AMThe Intercept and CBC have a joint story on a Canadian Security Establishment project called Levitation that seems to confirm suspicions I’ve had since before the Snowden leaks. It targets people based on their web behavior (the story focuses on downloads from free file upload sites, but one page of the PPT makes it clear they’re also tracking web search terms and other behaviors), and once it finds behavior of suspicion (such as accessing bomb-making instructions; it calls these “events”) it uses SIGINT tools, including NSA’s MARINA, to work backwards off those accessing those materials to get IPs, cookies, facebook IDs, and the like to identify a suspect.

The PPT is the most detailed explanation that I’ve seen of how the SIGINT agencies do “correlations” — a function about which I believe ODNI continues to hide an August 20, 2008 FISC opinion. It appears to do so in two ways: first, by tracking known correlations. But also, by analyzing similar activities from around the same time from the same IP, then coming up with other identifiers that, with varying degrees of probability, are probably the same user. This serves, in part, to come up with new identifiers to track.

I’ve argued the NSA does similar analysis using known codes tied to Inspire (not the URL, necessarily, but possibly the encryption code included in each Inspire edition) on upstream collection, which would basically identify the people within the US who had downloaded AQAP’s propaganda magazine. One reason I’m so confident NSA does this is because of the high number of FBI sting operations that seem to arise from some 20-year old downloading Inspire, which them appears to get sent out to a local FBI office for further research into online activities and ultimately approaches by a paid informant or undercover officer.

Screen shot 2015-01-29 at 11.46.15 AMIn other words, this kind of analysis seems to lie at the heart of a lot of the stings FBI initiates.

But as the “Scoreboard” slide in this presentation makes clear, what this process gives you is not validated IDs, but rather probabilistic matches (which FISC appears to deal with using minimization procedures, suggesting they let NSA collect on these probabilistic matches with the understanding they have to treat the data in some certain way if it ends up being a false positive).

That’s important not just for the young men whom FBI decides might make worthwhile targets (even if they’re being targeted, largely, on their First Amendment activities).

It’s important, too, for the false negatives, by far the most important of which I believe to be the Tsarnaev brothers, both of whom reportedly had downloaded multiple episodes of Inspire, as well as other similar jihadist material, and on whom NSA had collected data it never accessed until after the attack, but neither of whom got targeted off this correlation process before they attacked the Boston Marathon.

That is, this really important possible false negative, just as much as the dubious positives that end up getting unbalanced young men targeted by the FBI, may say as much about the reliability of this process as anything else.

This CSE PPT is not yet proof that my suspicions are entirely accurate (though my claims here about correlations are based on officially released documents). But they strongly suggest my suspicions have been correct.

And — particularly given ODNI’s refusal to release what appears to be a key opinion describing the terms on which FISC permits the use of these correlations — this ought to elicit far more conversations about how NSA and its Five Eye partners “correlate” identities and how those correlations get used.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Deconfliction in Dragnet Databases

Hemisphere Deconfliction

I want to return to something that appears in both of the Hemisphere slide decks we’ve seen: Deconfliction.

In addition to helping law enforcement find burner phones and contact chains, using connections that include location, Hemisphere helps deconflict between multiple investigative teams.

When multiple teams are working the same targets — in war or criminal investigations — you need to be aware of what other teams are doing. In war, this helps to ensure you don’t shoot a friendly. In investigations, it helps to protect turf and combine efforts.

In investigations — especially drug or terrorism ones that rely on informants — it also helps to distinguish legally sanctioned crime — that of informants — from that which no law enforcement agency is directing. And, as the Declaration deck explains, Hemisphere checks new queries against previous ones, and emails requestors if someone has already chained on that contact.

  • Target numbers, as well as every number they call and that call them will be cross checked against other Hemisphere results
  • Notification will be by email if applicable
  • The email provides contact information for all requestors

In other words, in addition to the way it serves as a quick investigative tool, Hemisphere also helps drug investigators to avoid stepping on each others’ toes (or at least communicate better).

Then there’s this:

  • Sensitive case information is masked

This seems to suggest Hemisphere doesn’t, presumably, provide any hints about how the original investigator is conducting their investigation, whether suspected traffickers are bring run or not. That’s the kind of thing that would be “masked.” (Note, this suggests that whoever is running this database would have access to that masked information.)

I raise all this because it poses questions for other databases involving informants. As I have noted, FBI uses the phone dragnet (and therefore presumably the Internet dragnet in whatever form and geographic locale it still exists) to identify potential informants. And one thing FBI does with its back door searches during assessments assessments is review actual content collected under traditional FISA and FAA in its quest for informants.

These dragnet databases play a key role in the selection and recruitment of informants to use in terrorism investigations.

But then what happens?

The example of David Headley — who played a crucial role in one of the most lethal terrorist attacks since 9/11, the Mumbai attack, the early period of which while he served as an informant for the DEA — is instructive. The FBI likes to boast that Section 702 helped stop Headley’s plot against Danish cartoonists. But Headley’s case should, instead, raise real questions about how it is a terrorist can plan a complicated terrorist attack while his known terrorist colleagues, presumably, are being surveilled without detection by the people supposedly handling him.

We know that the metadata dragnets, at least, put some identifiers on a “defeat list.” There’s reason to suspect (in part from the syntax of redacted references to the defeat list) they do so not just for high volume numbers, but for sensitive numbers (perhaps Congress, for example). But I also think they may put informants on a defeat list too. That’s, in part, because if you didn’t do so their handlers would become two degrees from terrorist suspects, which might have all sorts of unintended consequences. That’s just an educated guess, mind you, but if I’m right it would have some interesting implications.

That doesn’t appear to have prevented DEA from tracking Manssor Arbabsiar, the Scary Iran Plotter (I assume he at least used to be an informant, because there’s little else that would explain why the cousin of a top Quds Force Member busted for drug possession would nevertheless get citizenship, and deconfliction discussions show up in what was probably his immigration file).

But it would raise really big questions in other cases.

One way or another they need to give informants special treatment in databases — as they apparently do in Hemisphere. How they do so, however, may have real consequences for the efficacy of the entire dragnet.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Fact-Checking 9/11 Anniversary Report on Info and Dragnets with 9/11 Report

In Salon, I point out something funny about the report released on Tuesday to mark the 10 year anniversary of the release of the 9/11 Commission report. The report says we must fight the “creeping tide of complacency.” But then it says the government has done almost everything the 9/11 Commission said it should do.

There is a “creeping tide of complacency,” the members of the 9/11 Commission warned in a report released on Tuesday, the 10-year anniversary of the release of their original report. That complacency extends not just to terrorism. “On issue after issue — the resurgence and transformation of al Qaeda, Syria, the cyber threat — public awareness lags behind official Washington’s.” To combat that “creeping tide of complacency,” the report argues, the government must explain “the evil that [is] stalking us.”

Meanwhile, the commissioners appear unconcerned about complacency with climate change or economic decline.

All that fear-mongering is odd, given the report’s general assessment of counterterrorism efforts made in the last decade. “The government’s record in counterterrorism is good,” the report judged, and “our capabilities are much improved.”

If the government has done a good job of implementing the 9/11 Commission recommendations but the terror threat is an order of magnitude worse now, as the report claims, then those recommendations were not sufficient to addressing the problem. Or perhaps the 13 top security officials whom the Commission interviewed did a slew of other things — like destabilizing Syria and Libya — that have undermined the apparatus of counterterrorism recommended by the original 9/11 Commission?

Which is a polite way of saying the 10-year report is unsatisfying on many fronts, opting for fear-mongering than another measured assessment about what we need to do to protect against terrorism.

Perhaps that’s because, rather than conduct the public hearings with middle-level experts, as it boasted it had done in the original report, it instead privately interviewed just the people who’ve been in charge for the last 10 years, all of whom have a stake in fear and budgets and several of whom now have a stake in profiting off fear-mongering?

Suffice it to say I’m unimpressed with the report.

Which brings me to this really odd detail about it.

The report takes a squishy approach to Edward Snowden’s leaks. It condemns his and Chelsea Manning’s leaks and suggests they may hinder information sharing. It also suggests Snowden’s leaks may be impeding recruiting for cybersecurity positions.

But it also acknowledges that Snowden’s leaks have been important to raising concerns about civil liberties — resulting in President Obama’s decision to impose limits on the Section 215 phone dragnet.

Since 2004, when we issued the report, the public has become markedly more engaged in the debate over the balance between civil liberties and national security. In the mid-2000s, news reports about the National Security Agency’s surveillance programs caused only a slight public stir. That changed with last year’s leaks by Edward Snowden, an NSA contractor who stole 1.7 million pages of classified material. Documents taken by Snowden and given to the media revealed NSA data collection far more widespread than had been popularly understood. Some reports exaggerated the scale of the programs. While the government explained that the NSA’s programs were overseen by Congress and the courts, the scale of the data collection has alarmed the public.

[snip]

[I]n March, the President announced plans to replace the NSA telephone metadata program with a more limited program of specific court-approved searches of call records held by private carriers. This remains a matter of contention with some intelligence professionals, who expressed to us a fear that these restrictions might hinder U.S. counterterrorism efforts in urgent situations where speedy investigation is critical.

Having just raised the phone dragnet changes, the report goes on to argue “these programs” — which in context would include the phone dragnet — should be preserved.

We believe these programs are worth preserving, albeit with additional oversight. Every current or former senior official with whom we spoke told us that the terrorist and cyber threats to the United States are more dangerous today than they were a few years ago. And senior officials explained to us, in clear terms, what authorities they would need to address those threats. Their case is persuasive, and we encountered general agreement about what needs to be done.

Senior leaders must now make this case to the public. The President must lead the government in an ongoing effort to explain to the American people—in specific terms, not generalities—why these programs are critical to the nation’s security. If the American people hear what we have heard in recent months, about the urgent threat and the ways in which data collection is used to counter it, we believe that they will be supportive. If these programs are as important as we believe they are, it is worth making the effort to build a more solid foundation in public opinion to ensure their preservation.

This discussion directly introduces a bizarre rewriting of the original 9/11 Report.

Given how often the government has falsely claimed that we need the phone dragnet because it closes a gap that let Khalid al-Midhar escape you’d think the 9/11 Commission might use this moment to reiterate the record, which shows that the government had the information it needed to discover the hijacker was in the US.

Nope.

It does, however, raise a very closely related issue: the FBI’s failure to discover Nawaf al Hazmi’s identity. Read more

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The NSA’s Retroactive Discovery of Tamerlan Tsarnaev

In the days after the Boston Marathon attack last year, NSA made some noise about expanding its domestic surveillance so as to prevent a similar attack.

But in recent days, we’ve gotten a lot of hints that NSA may have just missed Tamerlan Tsarnaev.

Consider the following data points.

First, in a hearing on Wednesday, Intelligence Community Inspector General Charles McCullough suggested that the forensic evidence found after the bombing might have alerted authorities to Tamerlan Tsarnaev’s radicalization.

Senator Tom Carper: If the Russians had not shared their initial tip, would we have had any way to detect Tamerlan’s radicalization?

[McCullough looks lost.]

Carper: If they had not shared their original tip to us, would we have had any way to have detected Tamerlan’s radicalization? What I’m getting at here is just homegrown terrorists and our ability to ferret them out, to understand what’s going on if someone’s being radicalized and what its implications might be for us.

McCullough: Well, the Bureau’s actions stemmed from the memo from the FSB, so that led to everything else in this chain of events here. You’re saying if that memo didn’t exist, would he have turned up some other way? I don’t know. I think, in the classified session, we can talk about some of the post-bombing forensics. What was found, and that sort of thing. And you can see when that radicalization was happening. So I would think that this would have come up, yes, at some point, it would have presented itself to law enforcement and the intelligence community. Possibly not as early as the FSB memo. It didn’t. But I think it would have come up at some point noting what we found post-bombing.

Earlier in the hearing (around 11:50), McCullough described reviewing evidence “that was within the US government’s reach before the bombing, but had not been obtained, accessed, or reviewed until after the bombing” as part of the IG Report on the attack. So some of this evidence was already in government hands (or accessible to it as, for example, GCHQ data might be).

We know some of this evidence not accessed until after the bombing was at NSA, because the IG Report says so. (See page 20)

Screen Shot 2014-04-12 at 12.37.13 PM

That may or may not be the same as the jihadist material Tamerlan posted to YouTube in 2012, which some agency claims could have been identified as Tamerlan even though he used a pseudonym for some of the time he had the account.

The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.” After reviewing a draft of this report, the FBI commented that Tsarnaev’s YouTube display name changed from “muazseyfullah” to “Tamerlan Tsarnaev” on or about February 12, 2013, and suggested that therefore Tsarnaev’s YouTube account could not be located using the search term “Tamerlan Tsarnaaev” before that date.20 The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.

20 In response to a DOJ OIG request for information supporting this statement, the FBI produced a heavily redacted 3-page excerpt from an unclassified March 19, 2014, EC analyzing information that included information about Tsarnaev’s YouTube account. The unredacted portion of the EC stated that YouTube e-mail messages sent to Tsarnaev’s Google e-mail account were addressed to “muazseyfullah” prior to February 12, 2013, and to “Tamerlan Tsarnaev” beginning on February 14, 2013. The FBI redacted other information in the EC about Tsarnaev’s YouTube and Google e-mail accounts.

The FBI may not have been able to connect “muazseyfullah” with Tamerlan, but that’s precisely what the NSA does with its correlations process; it has a database that does just that (though it’s unclear whether it would have collected this information, especially given that it postdated the domestic Internet dragnet being shut down).

Finally, there’s the matter of the Anwar al-Awlaki propaganda.

An FBI analysis of electronic media showed that the computers used by Tsarnaev contained a substantial amount of jihadist articles and videos, including material written by or associated with U.S.-born radical Islamic cleric Anwar al-Aulaqi. On one such computer, the FBI found at least seven issues of Inspire, an on-line English language magazine created by al-Aulaqi. One issue of this magazine contained an article entitled, “Make a Bomb in the Kitchen of your Mom,” which included instructions for building the explosive devices used in the Boston Marathon bombings.

Information learned through the exploitation of the Tsarnaev’s computers was obtained through a method that may only be used in the course of a full investigation, which the FBI did not open until after the bombings.

The FBI claims they could only find the stuff on Tamerlan’s computer using methods available in full investigations (this makes me wonder whether the FBI uses FISA physical search warrants to remotely search computer hard drives).

But that says nothing about what NSA (or even FBI, back in the day when they had the full time tap on Awlaki, though it’s unclear what kind of monitoring of his content they’ve done since the government killed him) might have gotten via a range of means, including, potentially, upstream searches on the encryption code for Inspire.

In other words, there’s good reason to believe — and the IC IG seems to claim — that the government had the evidence to know that Tamerlan was engaging in a bunch of reprehensible speech before he attacked the Boston Marathon, but they may not have reviewed it.

Let me be clear: it’s one thing to know a young man is engaging in reprehensible but purportedly protected speech, and another to know he’s going to attack a sporting event.

Except that this purportedly protected speech is precisely — almost exactly — the kind of behavior that has led FBI to sic multiple informants and/or undercover officers on other young men, including Adel Daoud and Mohamed Osman Mohamud, even in the absence of a warning from a foreign government.

And they didn’t here.

Part of the issue likely stems from communication failures between FBI and NSA. The IG report notes that “the relationship between the FBI and the NSA” was one of the most relevant relationships for this investigation. Did FBI (and CIA) never tell the NSA of the Russian warning? And clearly they never told NSA of his travel to Russia.

But part of the problem likely stems from the way NSA identifies leads — precisely the triaging process I examined here. That is, NSA is going to do more analysis on someone who communicates with people who are already targeted. Obviously, the ghost of Anwar al-Awlaki is one of the people targeted (though the numbers of young men who have Awlaki’s propaganda is likely huge, making that a rather weak identifier). The more interesting potential target would be William Plotnikov, the Canadian-Russian boxer turned extremist whom Tamerlan allegedly contacted in 2012 (and it may be this communication attempt is what NSA had in its possession but did not access until after the attacks). But I do wonder whether the NSA didn’t prioritize similar targets in countries of greater focus, like Yemen and Somalia.

It’d be nice to know the answer to these questions. It ought to be a central part of the debate over the NSA and its efficacy or lack thereof. But remember, in this case, the NSA was specifically scoped out of the heightened review (as happened after 9/11, which ended up hiding the good deal of warning the NSA had before the attack).

We’ve got a system that triggers on precisely the same kind of speech that Tamerlan Tsarnaev engaged in before he attacked the Marathon. But it didn’t trigger here.

Why not?

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.