Posts

Journalist Records from the “Last Five Years”

Some weeks ago, there was some concern raised by DOJ’s response to an October 10, 2017 letter from Ron Wyden, written in the wake of an August Jeff Sessions press conference asking how many times DOJ has seized journalists’ records.

  1. For each of the past five years, how many times has DOJ used subpoenas, search warrants, national security letters, or any other form of legal process authorized by a court to target members of the news media in the United States and American journalists abroad to seek their (a) communications records, (b) geo-location information, or (c) the content of their communications? Please provide statistics for each form of legal process.
  2. Has DOJ revised the 2015 regulations, or made any other changes to internal procedures governing investigations of journalists since January 20, 2017? If yes, please provide me with a copy.

In response, in a letter claiming to provide all the “requests for information from January 2012 to the present,” DOJ pointed to the 2013 collection of AP records and the 2014 subpoena of James Risen. It also claimed,

The Federal Bureau of Investigation does not currently use national security letters to advance media leak investigations.

DOJ’s letter was written after Ali Watkins received notice, on February 13, that her phone and email records had been seized in the investigation of James Wolfe. It also comes after DOJ subpoenaed the Twitter information of Dissent Doe and Popehat last spring in conjunction with DOJ’s dumb persecution of Justin Shafer, both of whom have websites providing original content.

Whether DOJ has gotten more aggressive about seizing reporters’ phone records or content is a question I’m unsurprisingly very interested in.

All that said, DOJ may simply be playing word games, at least thus far.

Note, first of all, that Wyden only asked for the “past five years.” While DOJ claimed to present records spanning into the present, had DOJ responded to the actual request, it might have only presented past requests. Additionally, if Watkins got 90 day notice of her records being seized, the request itself would have taken place after the Wyden request.

While more specious, the May 2017 Twitter subpoena may have been deemed to be the same year as Wyden’s request.

Note three other details. First, Wyden’s letter (though not DOJ’s response) describes “targeting” journalists. Obviously, that word has a specific meaning in the context of surveillance, and I could see DOJ claiming that the Shafer investigation, for example, targeted Shafer, not his Tweeps.

Additionally, Wyden only asks about US news media and US journalists overseas. That’s not going to include an obvious target (whether or not DOJ still considers him a publisher): Julian Assange, an Australian publisher living in what counts as Ecuadoran territory.

Finally, note that DOJ specifies they don’t use NSLs for “media leak investigations.” That, too, has a specific meaning, one that probably doesn’t include the Shafer investigation on trumped up cyberstalking charges.

The Watkins case, especially, demands explanation. But finding it might just require rewording the questions.

Nick Rasmussen’s Leak Interviews

This is a detail I’ve meant to post on for some time, but the discussion of ODNI’s latest on leaks has finally prompted me to point to this detail.

As part of the standard questionnaire for Intelligence Committee nominees, Rasmussen was asked if he had been interviewed in the last 10 years in a leak investigation (question 42). He responded that he had been interviewed in two investigations:

  • In 2013, for a FBI investigation concerning compromise/leak of classified information related to a disrupted terrorism plot in 2010
  • In 2014, in connection with an FBI counterintelligence investigation.

The latter one is likely to be the 2014 investigation into who leaked a terrorist watch list document to the Intercept. Rasmussen would clearly be among the (as he describes it “large number of people who had access by virtue of position to the information that was reportedly compromised.”

It’s the other investigation I’m interested in. The best known “disrupted” terrorist plot in 2010 was the AQAP toner cartridge plot. And while it could be a different thwarted plot (like Faisal Shahzad’s attack, though not much got leaked about it except from Pakistan), no one has ever reported an investigation into that, even though aspects of that leak largely resembled the UndieBomb 2.0 leak that DOJ subpoenaed the AP over.

But I’m just as struck by Rasmussen’s silence about the UndieBomb 2.0 leak investigation. Rasmussen remained at the same counterterrorism position in the White House  until June 2012, through the UndieBomb 2.0 leak. Unless those investigations merged (which might explain why they were investigating a 2010 leak in 2013), it would seem to suggest that Rasmussen was not read into the UndieBomb 2.0 infiltration, in spite of its significant similarities to the Toner Cartridge infiltration.

By way of comparison, here’s how John Brennan answered the same question (he was going to be interviewed on the UndieBomb 2.0 leak during his confirmation process).

  • MD USA: Possible unauthorized disclosures of information to reporters about cyberattacks against Iran.
  • DC USA: Possible unauthorized disclosures of information to reporters about a foiled bomb plot tied to Al Qaeda in the Arabian Peninsula (scheduled for February 1, 2013)

The comparison raises the same questions: There’s no way Brennan wasn’t read into whatever 2010 thwarted attack got compromised, because he would have been read into everything (he was a key point person on both the Faisal Shahzad attack, and did a big dog-and-pony show around the Toner Cartridge plot).

Were Rasmussen and Brennan just discussing the same investigation, into how details of double agents in AQAP kept getting exposed (in large part, by our Saudi and AQAP allies). In any case, was Rasmussen not interviewed in the latter part, in which case it would suggest the compartment for the latter was much more closely held?

The (Other Possibility) Inert UndieBomb 2.0

I’m cleaning up my desk so I wanted to return to something in this transcript from John Brennan’s May 7, 2012 conference call with his predecessors at White House czar in attempt to pre-empt the AP’s reporting on UndieBomb 2.0.

Fran Fragos Townsend suggested something that was clear at the time: the Saudis were leaking about the “thwarted plot.”

TOWNSEND: John, we’ve got a source telling us that the tip, like sort of with the cartridge plot, came from the Saudis. All the statements reference international partners in cooperation. You obviously may not want to confirm that, but it would be an opportunity, if it absolutely wrong, to wave us off it.

Brennan doesn’t so much wave her off it — indeed, he admits that some of our friends watch AQAP very closely — but he emphasizes international partners and services enough that, in retrospect, looks like a possible hint of British involvement too.

BRENNAN: What I will say is that we have nested this within the international cooperation among intelligence and security services, and I’m not going to get more specific than that. But as you can imagine, there are certain services that are involved in watching very carefully what AQAP is doing. This was close cooperation with them. But some of the operational sensitivities are of an international dimension. And so, therefore, I really cannot go into anything specific about which country or which service was involved.

Townsend then presses on why the Administration claimed this was not a threat.

TOWNSEND: Very early stages, which is why you’re all saying that it was never a threat to the United States?

This is where Brennan uses his inside control line, while trying to strike back against the legitimate questions why the Administration mobilized the Air Marshals if the bomb was never a threat.

BRENNAN: The device itself, as I think the FBI statement said quite clearly, never posed a threat to the American public or to the public. And again, this is sort of wrapped up in the way that we became aware of this device, and the way it was managed, so that it was, again, as far as this device was concerned, it was not a threat. As you all know, one of the real struggles we have is what we don’t know, and so, I see that there was, you know, a press piece that just took issue with, well, if this device was never a threat, why did the President direct, you know, Department of Homeland Security and others to take appropriate measures Well, as we well know, al-Qaeda has tried to carry out simultaneous types of attacks, and so we were confident that we had inside control over the — any plot that might have been associated with this device. But again, you don’t know what you don’t know.

Then Townsend floated something remarkable — and it appears she was doing no more than floating it and didn’t really want an answer: the notion that the bomb was inert.

TOWNSEND: I say this not for a response. I mean, look, the other possibility is that you’re confident because it was inert. So I mean, I’m not looking for you to confirm it but I understand what you’re saying about it was not a threat to the U.S. Thanks. Thanks for your help.

Kind of a notable suggestion from the former Homeland Security Czar.

DOJ’s Reaffirmation of Journalist NSLs and the Undiebomb 2.0 and StuxNet Investigations

Given Friday’s news that DOJ’s “new” media guidelines continue to permit FBI to use National Security Letters to obtain journalists’ contact information, I’d like to return to the apparent results of two major leak investigations, those into the UndieBomb 2.0 and StuxNet leaks.

In the former case, the DOJ claims it had no idea that Donald Sachtleben served as a source for Matt Apuzzo and Adam Goldman’s story on UndieBomb 2.0 and no means to get a warrant for a computer they already had in their possession until — months into the investigation — they subpoenaed the phone records for 20 AP lines.

The entire premise of the FBI narrative is that they exercised greater care with a kiddie porn accusee they had dead to rights than they did the 100 or so AP reporters who got sucked up in their overbroad dragnet. They would have you believe that, even after seizing a CD holding a November 2, 2006 SECRET CIA intelligence report at Sachtleben’s house in May 2012 pursuant to a kiddie porn warrant (which they have not produced in the docket), they just sat on his devicesfor almost a year until they obtained the phone records for 20 AP phone lines, in a seizure far more intrusive into journalism than any recent known subpoena.

Sachtleben was identified as a suspect in the case of this unauthorized disclosure only after toll records for phone numbers related to the reporter were obtained through a subpoena and compared to other evidence collected during the leak investigation. This allowed investigators to obtain a search warrant authorizing a more exhaustive search of Sachtleben’s cell phone, computer, and other electronic media, which were in the possession of federal investigators due to the child pornography investigation.

(I may be mistaken, but I don’t think the FBI made this claim in any court document, so I assume it is bullshit, especially since they had had to do extensive forensic searches of Sachtleben’s computer and he had already signed a plea deal forfeiting it.)

In addition, DOJ would have you believe that Sachtleben, who could not have been the most important source for this leak, was the AP’s only source. At his sentencing, he pointed out correctly that’s not true.

“I was neither the sole nor the original source of information to ‘Reporter A’ about the suicide bomb,” Sachtleben said in a statement sent by his law firm. “The information I shared with Reporter A merely confirmed what he already believed to be true. Any implication that I was the direct source of a serious leak is an exaggeration.”

And the transcript of John Brennan’s teleconference to guide this leak makes it clear that the AP had far more information than they published, Sachtleben leaks all appeared in the story. So there obviously were far more sensitive sources DOJ chose not to prosecute.

They got their kiddie porn scapegoat, and their public explanation of how and why they obtained the phone records implicating 100 AP journalists. Which presumably had the additional advantage of making it clear to all Apuzzo and Goldman’s potential sources that DOJ is willing to go after them.

Compare all that to the StuxNet investigation. Reports last year identified Retired General James Cartwright as the suspect in the case.

But, said legal sources, while the probe that Attorney General Eric Holder ordered initially focused on whether the information came from inside the White House, by late last year FBI agents were zeroing in on Cartwright, who had served as one of the president’s “inner circle” of national security advisors.

The investigation focused on Cartwright in spite of evidence the White House was closely involved in the book (though not necessarily involved in leaking the details that particularly angered DC insiders, which may have been the that Israel permitted the virus to escape).

And all this happened — FBI was able to rule out the White House’s sources but still confirm Cartwright’s role — without subpoenaing NYT phone records.

Two sources said prosecutors were able to identify Cartwright as a suspected leaker without resorting to a secret subpoena of the phone records of New York Times reporters.

As it happens, Cartwright was only stripped of his clearance, not charged; there will be no court case in which the government has to show how it collected its evidence against Cartwright.

Of course, it would be a lot easier to pick and choose which sources to prosecute if you can secretly identify, using National Security Letters, those sources before actually obtaining journalist records in a way that requires public notice, as the AP subpoena eventually did. And then, at such time as you do want to make that public, you can get the subpoena showing the evidence you’ve already obtained via NSL.

In addition to being a threat to press freedoms, the explicit use of NSLs to obtain journalist contacts permits the government even more arbitrary power than the record of these two cases show it exercises.

Using NSLs allows DOJ to engage in selective leak prosecutions without that being immediately obvious.

Handy things, these NSLs.

DHS Fear-Mongers Off Apparent Diminishment in Ibrahim al-Asiri’s Skills

The Department of Homeland Security wants you to be afraid of the latest handiwork of AQAP’s bomb-maker, Ibrahim al-Asiri. They’ve issued a warning (and leaked that warning) about new-and-improved shoe bombs.

Senior U.S. officials say that Wednesday’s terror warning about international air travel, first reported by NBC News, is the result of recent chatter about Ibrahim al-Asiri, the al Qaeda bombmaker from Yemen responsible for several high-profile bombing attempts against U.S. targets.

On Wednesday, the Department of Homeland Security warned airlines of new information related to the possibility of bombs or bomb material hidden in shoes, like the device that shoe bomber Richard Reid used to try to take down a plane over the Atlantic in December 2001.

Now, perhaps this is a grave new worry.

But the first thing I thought of when I heard about this warning was the warning DHS issued two years ago, 10 days after they had flown the Saudi-British infiltrator into AQAP out of Yemen with the undiebomb he was allegedly given to use against a US-bound flight.

DIANE SAWYER (ABC NEWS)

(Off-camera) Good evening. As we come on the air, ABC News has learned that US authorities are studying a new terror threat tonight, members of al Qaeda using body bombs, explosives that have been surgically implanted in their bodies to evade security. Tomorrow, it will be the one-year anniversary of Osama bin Laden’s death, making this week a time of heightened concern on the ground and in the sky. And ABC’s chief investigative correspondent Brian Ross is here with these new details. Brian?

BRIAN ROSS (ABC NEWS)

(Off-camera) Diane, well, tonight American and European authorities tell ABC News, they fear al Qaeda will use these so-called body bombs to target Americans overseas and US flights coming in from overseas.

GRAPHICS: SECURITY WATCH

BRIAN ROSS (ABC NEWS)

(Voiceover) As a result, security at several airports in the United Kingdom and elsewhere in Europe and the middle ease has been substantially stepped up, with a focus on US carriers. And additional federal air marshals have been shifted overseas in advance of this week’s anniversary of the bin Laden raid. The plot is not so far fetched. Medical experts say there is plenty of room in the stomach area for surgically implanted explosives.

After that bit of propaganda, I fully expect the White House will roll out a thwarted plot in approximately 8 days. And then, after the initial excitement, we’ll learn the plot (if it was indeed a plot and not a sting) was actually thwarted (if it was indeed a plot and not a sting) back on February 14.

Bonus points: this plot will have been foiled using the phone dragnet.

And aside from the skepticism I have given DHS’ past manipulation of Asiri warnings, there’s one more problem with DHS crying wolf like this.

Two years ago, anonymous leakers from the very same vicinity as this week’s leakers assured us that Asiri had mastered the process of surgically placing operational bombs inside a person’s stomach cavity Virtually undetectable, even with Michael Chertoff’s best boondoggle machines!

And now, with two more years to perfect his craft, DHS claims that Asiri is making … shoe bombs?

Really? Shoe bombs?

We’re supposed to be panicked that Asiri’s skill has apparently regressed from where — these same anonymous leakers claimed — it was two years ago, that Asiri can no longer make undetectable cavity bombs but has instead returned to a ploy Al Qaeda used 12 years ago?

Again, maybe this threat is real. If it is, it’s too damn bad DHS has already squandered its credibility with past inflammatory warnings about Asiri’s skill.

Dianne Feinstein’s Pre-UndieBomb Thinking

A whole bunch of people have pilloried Dianne Feinstein’s defense of the phone dragnet and related programs.

But one bizarre argument I haven’t seen challenged is the underlying logic of this passage.

The U.S. must remain vigilant against terrorist attacks against the homeland. Al Qaeda in the Arabian Peninsula (AQAP), considered the world’s most capable and dangerous terrorist organization, is determined to attack the United States. As we have seen since the “underwear bomber” attempted to blow up an airliner over Detroit on Christmas Day 2009, AQAP has developed nonmetallic bombs that can elude airport screeners, and the organization’s expert bomb maker, Ibrahim al-Asiri, remains at large.

Asiri is believed to be behind the October 2010 plot to place bombs disguised as printer cartridges onto cargo planes headed for the U.S. He is also a suspect in the May 2012 suicide-bomber plot against an airliner headed for the U.S. that was foiled when U.S. authorities obtained the planned explosive device through good intelligence work.

Earlier this month, Director of National Intelligence James Clapper testified that in the case of the AQAP threat this summer, there were a number of phone numbers or emails “that emerged from our collection overseas that pointed to the United States.” Fortunately, the NSA call-records program was used to check those leads and determined that there was no domestic aspect to the plotting. [my emphasis]

So here’s the logic.

UndieBomb 1.0 proves AQAP wants to attack the US.

UndieBomb 2.0 is further proof of that, although DiFi doesn’t mention that it was a US-Saudi-Brit sting, meaning the intent came from us.

As part of the Legion of Doom investigation, NSA found phone numbers tied to the US that have, on investigation, proved to be unrelated to the actual alleged plot.

It’s that same theory that 36,000 innocent people must be investigated every time a terrorist plots something to keep us “safe.”

But let’s take a step back. UndieBomb 1.0 … UndieBomb 1.0 …

Yes.

I remember now.

UndieBomb 1.0 was the guy who was allegedly plotting out Jihad with Anwar al-Awlaki — whose communications the FBI had two guys reading — over things like chats and calls. That is, Umar Farouk Abdulmutallab was a guy whose plot the NSA and FBI should have thwarted before he got on a plane. (To say nothing of the CIA and NCTC’s fuck-ups.)

And yet, he got on that plane. His own incompetence and the quick work of passengers prevented that explosion, while a number of needles went unnoticed in the NSA’s most closely watched haystacks.

Nevertheless, the lesson DiFi takes is that we need more haystacks.

Shouldn’t the lessons of UndieBomb 1.0 be just as important to this debate as the partial, distorted, lessons of 9/11?

The Kiddie Porn and the UndieBomb

Screen shot 2013-09-26 at 1.22.11 PMI was at a funeral Monday and Tuesday. So when I heard the FBI had busted the guy who leaked the UndieBomb 2.0 story, I assumed they had finally arrested John Brennan.

But, as bmaz emphasized in his post on Donald Sachtleben’s plea agreement, there’s no hint of prosecuting Brennan, who leaked Top Secret details about the British/Saudi double agent into AQAP, even while they’re imprisoning Donald Sachtleben, who is only accused of leaking details he knew to be Secret.

A law enforcement official indicated that the case has not been officially closed but the charges against Sachtleben are the only ones expected.

(Sure, the evidence that Sachtleben was involved with kiddie porn seems solid, but then Brennan drone-killed children, so he’s not above reproach for his treatment of children either.)

But that is by no means the weirdest thing about the government’s treatment of the UndieBomb 2.0 leak investigation.

The entire premise of the FBI narrative is that they exercised greater care with a kiddie porn accusee they had dead to rights than they did the 100 or so AP reporters who got sucked up in their overbroad dragnet. They would have you believe that, even after seizing a CD holding a November 2, 2006 SECRET CIA intelligence report at Sachtleben’s house in May 2012 pursuant to a kiddie porn warrant (which they have not produced in the docket), they just sat on his devices for almost a year until they obtained the phone records for 20 AP phone lines, in a seizure far more intrusive into journalism than any recent known subpoena.

Sachtleben was identified as a suspect in the case of this unauthorized disclosure only after toll records for phone numbers related to the reporter were obtained through a subpoena and compared to other evidence collected during the leak investigation. This allowed investigators to obtain a search warrant authorizing a more exhaustive search of Sachtleben’s cell phone, computer, and other electronic media, which were in the possession of federal investigators due to the child pornography investigation.

(I may be mistaken, but I don’t think the FBI made this claim in any court document, so I assume it is bullshit, especially since they had had to do extensive forensic searches of Sachtleben’s computer and he had already signed a plea deal forfeiting it.)

They would also have you believe the AP had no inkling of the UndieBomb plot until ABC reported inflammatory claims about cavity bombs on April 30, 2012, even in spite of ABC’s reference to TSA head John Pistole’s earlier fear-mongering about it and in spite of additional reporting about broad Air Marshall mobilization. DOJ goes to great lengths to make you believe AP first texted Sachtleben on April 30 and not, say, on April 28 (which would mean the kiddie porn investigation accelerated after such contact), though there’s no reason to believe that’s true and the AP call records DOJ obtained apparently go back to well before April 30. They also suggest AP was asking Sachtleben about an Asiri bomb, though the first text they include is an assertion — not a question — that Asiri has been busy.

They would have you believe that two Pulitzer Prize winners would defy White House and CIA wishes with a story sourced to a single source who, just a day earlier, had provided a mistaken guess about the excitement. Read more

If Only DOJ Hadn’t Burned AP’s Sources …

The State Department announced a broad but vague warning today.

The Department of State alerts U.S. citizens to the continued potential for terrorist attacks, particularly in the Middle East and North Africa, and possibly occurring in or emanating from the Arabian Peninsula.  Current information suggests that al-Qa’ida and affiliated organizations continue to plan terrorist attacks both in the region and beyond, and that they may focus efforts to conduct attacks in the period between now and the end of August.  This Travel Alert expires on August 31, 2013.

Terrorists may elect to use a variety of means and weapons and target both official and private interests. U.S. citizens are reminded of the potential for terrorists to attack public transportation systems and other tourist infrastructure.  Terrorists have targeted and attacked subway and rail systems, as well as aviation and maritime services.  U.S. citizens should take every precaution to be aware of their surroundings and to adopt appropriate safety measures to protect themselves when traveling.

We continue to work closely with other nations on the threat from international terrorism, including from al-Qa’ida.  Information is routinely shared between the U.S. and our key partners in order to disrupt terrorist plotting, identify and take action against potential operatives, and strengthen our defenses against potential threats.

There’s a part of me that thinks this might be credible and serious.

After all, between Iraq, Pakistan, and Libya, up to 1,750 men have just escaped prison, and extremists claim responsibility for the first two prison breaks. That’s a lot of men running around who might make mischief (though you’d think it would take a bit of time to organize after the breaks).

That said, there are aspects of this that remind me of the politicized alert surrounding the April 2012 thwarting of our own plot in Yemen (which was rolled out in May 2012, well after any threat had subsided). There’s John Pistole’s ostentatious boosting of AQAP bomb-maker Ibrahim al-Asiri as “our greatest threat.”

The use of a new explosive has been previously reported, but Pistole continued with less familiar details about Underwear 2 that reflect the growing sophistication of Asiri’s sinister craftsmanship. He said the device included redundancy, by mean of two different syringes to mix liquid explosive compounds–”a double initiation system,” apparently a response to a failure of Abdulmutallab’s initiation process. In essence, Pistole said, “they made two devices.”

Finally, Pistole said, the new bomb was encased in simple household caulk in an effort to trap vapors that might alert any bomb-sniffing machines or dogs that did happen to be capable of identifying the explosive.

“So you really have a twisted genius in Yemen,” Ross observed. “That is our greatest threat,” Pistole replied. “All the intel folks here [at the forum] know that is a clear and present danger.”

Similar sensationalized reporting preceded and followed the exposure of the UndieBomb 2.0 plot last year.

There’s the increased drone activity in Yemen. Who knows! Maybe, like last year, the plot has already been rolled up and we’re just waiting to confirm one of the several recent drone strikes have taken out our target?

And there’s the apparent disparate treatment of the threat, with the US issuing a broad alert across the Middle East but with the Brits focusing thus far only on their Yemeni Embassy.

The State Department just happened to announce its support for Yemen in conjunction with President Hadi’s visit this morning, of which security aid remains the largest part, not long before this alert went out. Last year the thwarted plot was designed to coincide with the approval of signature strikes in Yemen.

Last year, the many people the US deployed to prevent a threat that had already been rolled up may have been one of the sources that revealed the threat had already been rolled up. If this is kabuki, then perhaps the same thing would happen again: some guy sent to protect flights in the Middle East might complain that it’s just show. Perhaps someone like the AP could report that the threat has been thwarted and we can go back to worrying about climate change as the most urgent threat to “the homeland.”

Except for one thing. Since last year, DOJ went positively nuclear on the AP, which exposed the kabuki last year. Without warning, DOJ obtained records of 20 AP phone lines, identifying the sources of up to 100 journalists, for at least a 2 week period. We’ve heard not one peep about DOJ prosecuting anyone in the UndieBomb 2.0 leak (especially not CIA Director John Brennan, who made the leak far worse). But DOJ did make sure sources are going to be far warier about speaking with the guys who undermined the White House kabuki last year.

So as you wonder about the seriousness of a plot that feels like a lot of the vague warnings the Bush White House used to release, remember how useful it was back when reporters were allowed to do their jobs.

Well, at Least DOJ Promised Not to Mine Journalists’ Metadata Going Forward

When I read this passage from DOJ’s new News Media Policy, it caused me as much concern as relief.

The Department’s policies will be revised to provide formal safeguards regarding the proper use and handling of communications records of members of the news media. Among other things, the revisions will provide that with respect to information obtained pursuant to the Department’s news media policy: (i) access to records will be limited to Department personnel who are working on the investigation and have a need to know the information; (ii) the records will be used solely in connection with the investigation and related judicial proceedings; (iii) the records will not be shared with any other organization or individual inside or outside of the government, except as part of the investigation or as required in the course of judicial proceedings; and(iv) at the conclusion of all proceedings related to or arising from the investigation, other than information disclosed in the course of judicial proceedings or as required by law, only one copy of records will be maintained in a secure, segregated repository that is not searchable.

It is nice for the subset of journalists treated as members of news media whose calls get treated under these new policies and not — as still seems possible — under the apparently more permissive guidelines in the FBI’s Domestic Investigations and Operations Guide that when their call and other business records are collected, some of that information will ultimately be segregated in a non-searchable collection. Though why not destroy it entirely, given that the information used for the investigation and court proceedings will not be segregated?

Moreover, this passage represents a revision of previous existing policy.

Which means data from members of the news media may not have been segregated in the past.

When you consider that one of the abuses that led to these new policies included the collection of 20 phone lines worth of data from the AP — far, far more than would be warranted by the investigation at hand — it raises the possibility that DOJ used to do more with the data it had grabbed from journalists than just try to find isolated sources.

Like the two to three hop analysis they conduct on the Section 215 dragnet data.

It’s with that in mind that I’ve been reading the reports that Kiwi troops were wandering around Kabul with records of McClatchy freelancer Jon Stephenson’s phone metadata.

The Sunday Star-Times has learned that New Zealand Defence Force personnel had copies of intercepted phone “metadata” for Stephenson, the type of intelligence publicised by US intelligence whistleblower Edward Snowden. The intelligence reports showed who Stephenson had phoned and then who those people had phoned, creating what the sources called a “tree” of the journalist’s associates.

New Zealand SAS troops in Kabul had access to the reports and were using them in active investigations into Stephenson.

The sources believed the phone monitoring was being done to try to identify Stephenson’s journalistic contacts and sources. They drew a picture of a metadata tree the Defence Force had obtained, which included Stephenson and named contacts in the Afghan government and military.

The sources who described the monitoring of Stephenson’s phone calls in Afghanistan said that the NZSIS has an officer based in Kabul who was known to be involved in the Stephenson investigations.

Last year, when this happened, Stephenson was on the Green-on-Blue beat, He published a story that a massacre in Pashtun lands had been retaliation for the killing of Taliban. He reported on another NATO massacre of civilians. He reported that a minister accused of torture and other abuses would be named Hamid Karzai’s intelligence chief. Earlier last year he had reported on the negotiations over prisoner transfers from the US to Afghan custody.

Now, the original report made a both a credibility and factual error when it said Stephenson’s metadata had been “intercepted.” That has provided the Kiwi military with a talking point on which to hang a non-denial denial — a point Jonathan Landay notes in his coverage of the claims.

Maj. Gen. Tim Keating, the acting chief of New Zealand’s military, said in a statement that no military personnel had undertaken “unlawful interception of private communications.”

“I have asked the officers responsible for our operations in Afghanistan whether they have conducted monitoring of Mr Stephenson . . . and they have assured me that they have not.”

The statement, however, did not address whether metadata, which includes the location from where a call is made, the number and location of the person who is being called and the duration of the call, was collected for Stephenson’s phones. Such data are generally considered business records of a cell phone provider and are obtained without intercepting or real-time monitoring of calls. In the United States, for example, the Foreign Intelligence Surveillance Court has ordered Verizon to deliver such records of all its customers to the National Security Agency on a daily basis.

While under contract to McClatchy, Stephenson used McClatchy cell phones and was in frequent contact with McClatchy editors and other reporters and correspondents. [my emphasis]

Indeed, higher ranking New Zealand politicians are trying to insinuate that Stephenson’s call records would only be collected if he was communicating with terrorists — even while admitting the government did have a document treating investigative journalists like terrorists.

Prime Minister John Key said it’s theoretically possible that reporters could get caught in surveillance nets when the U.S. spies on enemy combatants.

[snip]

Also Monday, New Zealand Defense Minister Jonathan Coleman acknowledged the existence of an embarrassing confidential order that lists investigative journalists alongside spies and terrorists as potential threats to New Zealand’s military. That document was leaked to Hager, who provided a copy to The Associated Press. Coleman said the order will be modified to remove references to journalists.

Finally, New Zealand officials seem to be getting close to blaming this on the US.

“The collection of metadata on behalf of the NZDF by the U.S. would not be a legitimate practice, when practiced on a New Zealand citizen,” Coleman said. “It wouldn’t be something I would support as the minister, and I’d be very concerned if that had actually been the case.”

Thus far, the coverage of the Stephenson tracking has focused on the Kiwi role in all of it. But as Landay notes, Stephenson would have been using McClatchy-provided cell phones at the time, suggesting the US got the records themselves, not by intercepting anything, but simply by asking the carrier, as they did with the AP.

Ultimately, no one is issuing a direct denial that some entity tied to ISAF — whether that be American or New Zealand forces — collected the phone records of a journalist reporting for a US-based outlet to try to identify his non-friendly sources.

So what other journalists have US allies likened to terrorists because they actually reported using both friendly and unfriendly sources?

Was Inspire a British-Made Product?

Amid a longer story about one-time Brits stripped of their citizenship and handled according to the Administration Disposition Matrix, Ian Cobain fills out the story of Minh Quang Pham (whose identity in the UK is protected under a legal gag and so is referred to as B2). Among other things, Cobain answers the question I raised here: how Pham materially supported Al Qaeda in the Arabian Peninsula by (we infer) helping to produce Inspire between the time he was arrested upon returning from Yemen in July 2011 and the time the British Home Secretary Theresa May tried to strip him of citizenship in December of that year (see my timelines here): he was out on bail.

On arrival back at Heathrow airport, the Vietnamese-born man was searched by police and arrested when a live bullet was found in his rucksack. A few months later, while he was free on bail, May signed an order revoking his British citizenship.

But that would mean Pham was materially contributing to Inspire at a time when he was in the UK. The Brits have much stronger laws against even possessing Inspire. If we (and by association they) had evidence he was producing Inspire while out on bail, it should be easy to try him there.

Which is part of Pham’s current complaint, as he tries to avoid extradition to the US: he could have and should have been charged in the UK.

Within minutes of SIAC announcing its decision and granting B2 unconditional bail, he was rearrested while sitting in the cells at the SIAC building. The warrant had been issued by magistrates five weeks earlier, at the request of the US Justice Department. Moments after that, the FBI announced that B2 had been charged with five terrorism offences and faced up to 40 years in jail. He was driven straight from SIAC to Westminster magistrates’ court, where he faced extradition proceedings.

B2 continues to resist his removal to the US, with his lawyers arguing that he could have been charged in the UK. Indeed, the allegations made by the US authorities, if true, would appear to represent multiple breaches of several UK laws: the Terrorism Act 2000, the Terrorism Act 2006 and the Firearms Act 1968. Asked why B2 was not being prosecuted in the English courts – why, in other words, the Americans were having this particular headache, and not the British – a Crown Prosecution Service spokesperson said: “As this is a live case and the issue of forum may be raised by the defence in court, it would be inappropriate for us to discuss this in advance of the extradition hearing.”

One of the charges against Pham is that he conspired to obtain military training. Which would seem to rely on Ahmed Warsame’s testimony. But it’s not clear how much of the material support charges Warsame could support, given that Pham’s material support period extends a number of months beyond Warsame’s arrest.

Note, however, that there may be overlap between the UndieBomb 2.0 mole working with AQAP (who may have arrived in AQAP 2 months before Pham left) and the tail end of the charge. In which case they may be shipping Pham to the US to better hide the mole’s role in all this.

Of course, all these charges may primarily be about protecting the mole.