In Salon, I’ve got my take on the hack of John Brennan’s AOL account by a 13-year old stoner.
While I think it sucks that WikiLeaks posted unredacted data on Brennan’s family, I’m not at all sympathetic to Brennan himself. After all he’s the guy who decided hacking his SSCI overseers would be appropriate. He’s one of the people who’ve been telling us we have no expectation of privacy in the kinds of data hackers obtained from Verizon — alternate phone number, account ID, password, and credit card information — for years.
But most of all, I think we should remember that Brennan left this data on an AOL server through his entire Obama Administration career, which includes 4 years of service as Homeland Security Czar, a position which bears key responsibility for cybersecurity.
Finally, this hack exposes the Director of the CIA exercising almost laughable operational security. The files appear to date from the period leading up to Brennan’s appointment as White House Homeland Security Czar, where a big part of Brennan’s job was to prevent hacks in this country. To think he was storing sensitive documents on an AOL server — AOL! — while in that role, really demonstrates how laughable are the practices of those who purport to be fighting hackers as the biggest threat to the country. For at least 6 years, the Homeland Security Czar, then the CIA Director — one of the key intelligence officials throughout the Obama Administration — left that stuff out there for some teenagers to steal.
Hacking is a serious problem in this country. Like Brennan, private individuals and corporations suffer serious damage when they get hacked (and the OPM hack of Brennan’s materials may be far more serious). Rather than really fixing the problem, the intelligence community is pushing to give corporations regulatory immunity in exchange for sharing information that won’t be all that useful.
A far more useful initial step in securing the country from really basic types of hacking would be for people like Brennan to stop acting in stupid ways, to stop leaving both their own and the public’s sensitive data in places where even stoned kids can obtain it, to provide a good object lesson in how to limit the data that might be available for malicious hackers to steal.
I would add, however, that there’s one more level of responsibility here.
As I noted in my piece, Brennan’s not the only one who got his security clearance application stolen recently. He is joined in that by 21 million other people, most of whom don’t have a key role in cybersecurity and counterintelligence. Most of those 21 million people haven’t even got official notice their very sensitive data got hacked by one of this country’s adversaries — not even those people who might be particularly targeted by China. Like Brennan, the families of those people have all been put at risk. Unlike Brennan, they didn’t get to choose to leave that data sitting on a server.
In fact, John Brennan and his colleagues have not yet put in place a counterintelligence plan to protect those 21 million people.
If it sucks that John Brennan’s kids got exposed by a hacker (and it does), then it sucks even more than people with far fewer protections and authority to fix things got exposed, as well.
John Brennan should focus on that, not on the 13 year old stoner who hacked his AOL account.
Buzzfeed today revealed a key detail behind in the Matthew DeHart case: the content of the file which DeHart believes explains the government’s pursuit of him. In addition to details of CIA’s role in drone-targeting and some ag company’s role in killing 13,000 people, DeHart claims a document dropped onto his Tor server included details of FBI’s investigation into CIA’s possible role in the anthrax attack.
According to Matt, he was sitting at his computer at home in September 2009 when he received an urgent message from a friend. A suspicious unencrypted folder of files had just been uploaded anonymously to the Shell. When Matt opened the folder, he was startled to find documents detailing the CIA’s role in assigning strike targets for drones at the 181st.
Matt says he thought of his fellow airmen, some of whom knew about the Shell. “I’m not going to say who I think it was, but there was a lot of dissatisfaction in my unit about cooperating with the CIA,” he says. Intelligence analysts with the proper clearance (such as Manning and others) had access to a deep trove of sensitive data on the Secret Internet Protocol Router Network, or SIPRNet, the classified computer network used by both the Defense and State departments.
As Matt read through the file, he says, he discovered even more incendiary material among the 300-odd pages of slides, documents, and handwritten notes. One folder contained what appeared to be internal documents from an agrochemical company expressing culpability for more than 13,000 deaths related to genetically modified organisms. There was also what appeared to be internal documents from the FBI, field notes on the bureau’s investigation into the worst biological attack in U.S. history: the anthrax-laced letters that killed five Americans and sickened 17 others shortly after Sept. 11.
Though the attacks were officially blamed on a government scientist who committed suicide after he was identified as a suspect, Matt says the documents on the Shell tell a far different story. It had already been revealed that the U.S. Army produced the Ames strain of anthrax — the same strain used in the Amerithrax attacks — at the Dugway Proving Ground in Utah. But the report built the case that the CIA was behind the attacks as part of an operation to fuel public terror and build support for the Iraq War.
Despite his intelligence training, Matt was no expert in government files, but this one, he insists, featured all the hallmarks of a legitimate document: the ponderous length, the bureaucratic nomenclature, the monotonous accumulation of detail. If it wasn’t the real thing, Matt thought, it was a remarkably sophisticated hoax. (The FBI declined requests for comment.)
Afraid of the repercussions of having seen the folder of files, Matt panicked, he claims, and deleted it from the server. But he says he kept screenshots of the dozen or so pages of the document that specifically related to the FBI investigation and the agrochemical matter, along with chat logs and passwords for the Shell, on two IronKey thumb drives, which he hid inside his gun case for safekeeping.
Is it possible DOJ would really go after DeHart for having seen and retaining part of that FBI file?
For what it’s worth, I think Bruce Ivins could not have been the sole culprit and it’s unlikely he was the culprit at all. I believe the possibility that a CIA-related entity, especially a contractor or an alumni, had a role in the anthrax attack to be possible. In my opinion, Batelle Labs in Ohio are the most likely source of the anthrax, not least because they’re close enough to New Jersey to have launched the attacks, but because — in addition to dismissing potential matches to the actual anthrax through a bunch of smoke (only looking for lone wolves) and mirrors (ignoring four of the potentially responsive samples) — Batelle did have a responsive sample of the anthrax. Though as a recently GAO report made clear, FBI didn’t even sample all the labs that had potentially responsive samples, so perhaps one of those labs should be considered a more likely source. Batelle does work for the CIA and just about everyone else, so if Batelle were involved, CIA involvement couldn’t be ruled out.
So I think it quite possible that FBI was investigating CIA or someone related to CIA in the attack. It’s quite possible, too, that someone might want to leak that information, as it has been clear for years that at least some in FBI were not really all that interested in solving the crime. Even the timing would make sense, coming as it would have in the wake of the FBI’s use of the Ivins suicide to stop looking for a culprit and even as the Obama Administration was beginning to hint it wasn’t all that interested in reviewing FBI’s investigation.
But there’s something odd about how this was allegedly leaked.
According to Buzzfeed, the anthrax investigation came in one unencrypted folder with the ag document and a document on drone targeting the source of which he thinks he knows (it would like have been a former colleague from the ANG).
How would it ever be possible that the same person would have access to all three of those things? While it’s possible the ag admission ended up in the government, even a DOJ investigation into such an admission would be in a different place than the FBI anthrax investigation, and both should be inaccessible to the ANG people working on SIPRNet.
That is, this feels like the Laptop of Death, which included all the documents you’d want to argue that Iran had an active and advanced nuclear weapons program, but which almost certainly would never all end up on the same laptop at the same time.
And, given DeHart’s belief reported elsewhere this was destined for WikiLeaks, I can’t help but remember the Defense Intelligence Agency report which noted that WikiLeaks might be susceptible to disinformation (not to mention the HB Gary plot to discredit WikiLeaks, but that came later).
This raises the possibility that the Wikileaks.org Web site could be used to post fabricated information; to post misinformation, disinformation, and propaganda; or to conduct perception management and influence operations designed to convey a negative message to those who view or retrieve information from the Web site
That is, given how unlikely it would be to find these juicy subjects all together in one folder, I do wonder whether they’re all authentic (though DeHart would presumably be able to assess the authenticity of the drone targeting documents).
And DeHart no longer has the documents in question — Canada hasn’t given them back.
Paul told the agents that his family had evidence to back up their account: court documents, medical records, and affidavits — along with the leaked FBI document Matt had found that exposed an explosive secret. It was all on two encrypted thumb drives, which Matt later pulled off a lanyard around his neck and handed to the guards.
If Matt is, in fact, wrongly accused, answers could be on the thumb drives taken by the Canada Border Services Agency, which have yet to be returned to the DeHarts. But without access to the leaked files Matt claims to have seen, there is no way to verify whether he was actually in possession of them, and, if he was, whether they’re authentic.
Though at least one person (a friend in London? Any association with WikiLeaks?) may have a copy.
Inside a hotel room in Monterrey, Mexico, Matt says he copied the Shell files onto a handful of thumb drives. He mailed one to a friend outside London, and several others to locations he refuses to disclose. He also says he sent one to himself in care of his grandmother, which he later retrieved for himself. When the subject of the drives comes up, Matt acts circumspect because, he says, he knows that our communications are being monitored.
There’s definitely something funky about this story. Importantly, it’s not just DeHart and his family that are acting like something’s funky — the government is too.
But that doesn’t necessarily mean the FBI thinks CIA did the anthrax attack.
The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)
In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.
2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.
I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.
In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.
First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:
As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.
Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.
I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.
Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.
All of which brings me to the remaining interesting subtext of this ruling.
Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.
While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)
Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).
In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.
Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.
Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.
In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.
I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.
Yesterday, WikiLeaks revealed it had just been notified by Google that DOJ subpoenaed all the records of 3 staffers 2 years ago. Today, WaPo provides some details on Google’s efforts to fight the gag orders that have prevented them from informing customers about such subpoenas.
It reveals that EDVA imposed a gag for WikiLeaks subpoenas after the Twitter one that caused such a stink years ago because “the resulting publicity” from that Twitter subpoena “was a disaster for them.”
“The U.S. attorney’s office thought the notice and the resulting publicity was a disaster for them,” Gidari said. “They were very upset” about the prosecutor’s name and phone number being disclosed, he said. “They went through the roof.”
About the same time that the Twitter story broke, Google was served with a separate order for the data of Jacob Appelbaum, a WikiLeaks volunteer and security researcher. Google wanted to inform him, but prosecutors balked.
“There was a lot of pushback from the government because they also were getting pressure from the people who got served from Twitter,” Gidari said. “The U.S. attorney’s office is like, ‘Hell no, we’ll fight you forever.’ ”
For the next four years, “Google litigated up and down through the courts trying to get the orders modified so that notice could be given,” he said.
As EFF’s Hanni Fakhoury noted on Twitter, this basically means the government is arguing that some harassment and popular criticism about the decision to subpoena WikiLeaks amounts to an adverse result:
(2) An adverse result for the purposes of paragraph (1) of this subsection is—
(A) endangering the life or physical safety of an individual;
(B) flight from prosecution;
(C) destruction of or tampering with evidence;
(D) intimidation of potential witnesses; or
(E) otherwise seriously jeopardizing an investigation or unduly delaying a trial.
I’m not excusing harassment, but DOJ is effectively prioritizing avoiding criticism over rights to notice, including (especially in the case of Jacob Appelbaum) to an American citizen.
On Monday I laid out the dynamics that would be in play for the court in considering what sentence to give Bradley Manning in light of both the trial evidence and testimony, and that presented during the sentencing phase after the guilty verdict was rendered. Judge Lind has entered her decision, and Bradley Manning has been sentenced to a term of 35 years, had his rank reduced to E-1, had all pay & allowances forfeited, and been ordered dishonorably discharged. This post will describe the parole, appeal and incarceration implications of the sentence just imposed.
Initially, as previously stated, Pvt. Manning was credited with the 112 days of compensatory time awarded due to the finding that he was subjected to inappropriate pre-trial detention conditions while at Quantico. Pvt. Manning was credited with a total 1294 days of pre-trial incarceration credit for the compensatory time and time he has already served since the date of his arrest.
Most importantly at this point, Manning was sentenced today to a prison term of 35 years and the issue of what that sentence means – above and beyond the credit he was given both for compensatory time and time served – is what is critical going forward. The following is a look at the process, step by step, Bradley Manning will face.
The first thing that will happen now that Judge Lind has gaveled her proceedings to a close is the court will start assembling the record, in terms of complete transcript, exhibits and full docket, for transmission to the convening authority for review. It is not an understatement to say that this a huge task, as the Manning record may well be the largest ever produced in a military court martial. It will be a massive undertaking and transmission.
At the same time, the defense will start preparing their path forward in terms of issues they wish to argue. It is my understanding that Pvt. Manning has determined to continue with David Coombs as lead counsel for review and appeal, which makes sense as Coombs is fully up to speed and, at least in my opinion, has done a fantastic job. For both skill and continuity, this is a smart move.
The next step will be designation of issues to raise for review by the “convening authority”. In this case, the convening authority is Major General Jeffrey Buchanan, who heads, as Commanding General, the US Army’s Military District of Washington. This step is quite different than civilian courts, where a defendant proceeds directly to an appellate court.
The accused first has the opportunity to submit matters to the convening authority before the convening authority takes action – it’s not characterized as an “appeal,” but it’s an accused’s first opportunity to seek relief on the findings and/or the sentence. According to the Manual for Courts-Martial, Rule for Court-Martial 1105:
(a) In general. After a sentence is adjudged in any court-martial, the accused may submit matters to the convening authority in accordance with this rule.
(b) Matters which may be submitted.
(1) The accused may submit to the convening au thority any matters that may reasonably tend to af fect the convening authority’s decision whether to disapprove any findings of guilty or to approve the sentence. The convening authority is only required to consider written submissions.
(2) Submissions are not subject to the Military Rules of Evidence and may include:
(A) Allegations of errors affecting the legality of the findings or sentence;
(B) Portions or summaries of the record and copies of documentary evidence offered or intro duced at trial;
(C) Matters in mitigation which were not avail able for consideration at the court-martial; and
(D) Clemency recommendations by any member, the military judge, or any other person. The defense may ask any person for such a recommendation.
Once the convening authority has the full record and the defense has designated its matters for review, Buchanan will perform his review and determine whether any adjustments to the sentence are appropriate, and that will be considered the final sentence. At this point, the only further review is by a traditional appeal process.
Generally, the level of appellate review a case receives depends on the sentence as approved by the Continue reading
U.S. Army Private First Class Bradley Manning stands convicted of crimes under the Uniform Code of Military Justice (UCMJ). The convictions result from two events. The first was a voluntary plea of guilty by Pvt. Manning to ten lesser included charges in February, and the remainder from a verdict of guilty after trial entered by Judge Denise Lind on July 30.
The maximum possible combined sentence originally stood at 136 years for the guilty counts, but that was reduced to a maximum possible sentence of 90 years after the court entered findings of merger for several of the offenses on August 6. The “merger” resulted from the partial granting of a motion by Mr. Manning’s attorney arguing some of the offenses were effectively the same conduct and were therefore multiplicitous. The original verdict status, as well as the revised verdict status after the partial merger of offenses by the court, is contained in a very useful spreadsheet created by Alexa O’Brien (whose tireless coverage of the Manning trial has been nothing short of incredible).
Since the verdict and merger ruling, there have been two weeks of sentencing witnesses, testimony and evidence presented by both the government and defense to the court. It is not the purpose of this post to detail the testimony and evidence per se, but rather the mechanics of the sentencing process and how it will likely be carried out. For detailed coverage of the testimony and evidence, in addition to Alexa O’Brien, the reportage of Kevin Gosztola at FDL Dissenter, Julie Tate at Washington Post, Charlie Savage at New York Times and Nathan Fuller at the Bradley Manning Support Network has been outstanding.
All that is left are closing arguments and deliberation by Judge Lind on the final sentence she will hand down. So, what exactly does that portend for Bradley Manning, and how will it play out? Only Judge Lind can say what the actual sentence will be, but there is much guidance and procedural framework that is known and codified in rules, practice and procedure under the UCMJ.
Little more than few hours ago, a critical ruling was handed down by Judge Denise Lind in the Bradley Manning UCMJ prosecution ongoing at Fort Meade. The decision was on based on this motion by the defense seeking dismissal of the “Aiding the Enemy” charge, among others in the prosecution.
To make a long, even if sadly predictable, story short, the motion was denied by Judge Lind and the charge will proceed to determination on the merits. This is, to be sure, a nod to the prosecution (which is actually the standard in such motions for directed verdicts during trials; that is the facts are taken in the light most favorable to the non-moving party, the government). It is also, obviously, a blow to the defense, although undoubtedly an expected one for defense attorney David Coombs. There is a very outside chance of a silver lining I will discuss below.
Julie Tate at the Washington Post sets the table:
The motion to dismiss the charge was filed July 4 by Manning’s civilian defense attorney. He argued that the government had failed to show that Manning “had ‘actual knowledge’ that by giving information to WikiLeaks, he was giving information to an enemy of the United States.” He said the government did introduce evidence “which might establish that PFC Manning ‘inadvertently, accidentally, or negligently’ gave intelligence to the enemy,” but that this was not enough to prove the most serious charge against him, known as an Article 104 offense.
On two separate occasions, Lind, an Army colonel, had questioned military prosecutors about whether they would be pursuing the charge if the information had been leaked directly to The Washington Post or the New York Times. Each time, the prosecution said it would. That troubles advocates for whistleblowers, who fear that the leaking of national defense information that appears online, as it inevitably does, can be construed as assisting the enemy.
If convicted of aiding the enemy, Manning, an intelligence analyst who served in Iraq, could face life in prison.
That describes the motion and the stakes as to Manning. Julie’s article also gives more particulars on the denial this morning, and is worth a read. For a tick tock, please see the continuously good coverage by Kevin Gosztola of Firedoglake.
But as enormous as the stakes are for Bradley Manning, the enterprise of investigative journalism is also on trial, even if in an indirect manner.
Yet another journalist who has tirelessly, and superbly, covered the Manning prosecution, Alexis O’Brien, has written at the Daily Beast, the stakes for investigative journalism are also life and/or death in the face of the security/surveillance state. Citing the in court, and on the trial record, compelling testimony of Professor Yochai Benkler of Harvard Law School, Alexis related:
In a historic elocution in court last week, Prof. Yochai Benkler, co-director of the Berkman Center for Internet and Society at Harvard Law School, told Lind that “the cost of finding Pfc. Manning guilty of aiding the enemy would impose” too great a burden on the “willingness of people of good conscience but not infinite courage to come forward,” and “would severely undermine the way in which leak-based investigative journalism has worked in the tradition of [the] free press in the United States.”
“[I]f handing materials over to an organization that can be read by anyone with an internet connection, means that you are handing [it] over to the enemy—that essentially means that any leak to a media organization that can be read by any enemy anywhere in the world, becomes automatically aiding the enemy,” said Benkler. “[T]hat can’t possibly be the claim,” he added.
Benkler testified that WikiLeaks was a new mode of digital journalism that fit into a distributed model of emergent newsgathering and dissemination in the Internet age, what he termed the “networked Fourth Estate.” When asked by the prosecution if “mass document leaking is somewhat inconsistent with journalism,” Benkler responded that analysis of large data sets like the Iraq War Logs provides insight not found in one or two documents containing a “smoking gun.” The Iraq War Logs, he said, provided an alternative, independent count of casualties “based on formal documents that allowed for an analysis that was uncorrelated with the analysis that already came with an understanding of its political consequences.”
Those really are the stakes in the, now, not all that new age of digital journalism. When the prosecutors in the Manning trial, upon direct questioning by Judge Lind as to whether they would still prosecute Manning if his leaks had been delivered straight to the New York Times or Washington Post, it had to be a wake up call for traditional media. Or so you would think. But, really, the outrage has been far greater over the James Rosen/Fox subpoena that could, and arguably should, be considered relative peanuts.
But, Yochai Benkler is right as to the import of the consideration as to Wikileaks in the Manning case.
In closing, the one slim and thin ray of limited hope from today’s ruling by Denise Lind: If I were Lind and cared at all about the ultimate verdict on Pvt. Bradley Manning, I too would have made this ruling. Why, you ask? Well, because a dismissal on the motion would have been the equivalent of a directed verdict on the law and would be far easier to overturn on appeal than a decision on the merits that the government has not met its burden of proof. Is this possible; sure, it certainly is. Is this likely; no, I would not make any substantial bets on it.
As I noted in this piece, the new policies DOJ rolled out in the wake of the AP and James Rosen revelations applies explicitly to “members of the news media,” not journalists per se. The definition might permit the exclusion of bloggers and book writers, not to mention publishers like WikiLeaks.
I’ve been asked what I think a better solution is. My answer is to define — and then protect — the act of journalism, not the news media per se.
That approach would have several advantages over protecting “the news media.” First, by protecting the act of journalism, you include those independent reporters who are unquestioningly engaging in journalism (overcoming the blogger question I laid out, but also those working independently on book projects, and potentially — though this would be a contentious though much needed debate — publishers like WikiLeaks), but also exclude those news personalities who are engaging in entertainment, corporate propaganda, or government disinformation.
But protecting the act of journalism rather than “news media” would also serve to exclude another group that should have limited protection. Included within DOJ’s definition of those it is protecting here are not just the reporters who work for the news media, but also the managers.
“News media” includes persons and organizations that gather, report or publish news, whether through traditional means (e.g., newspapers, radio, magazines, news service) or the on-line or wireless equivalent. A “member of the media” is a person who gathers, reports, or publishes news through the news media.
While I absolutely agree that, say, AP’s editors should have had their phone records protected as they contemplated withholding the UndieBomb 2.0 story after the White House request (those records were included in the subpoena) — that is, as they engaged in a journalistic role. That would protect any discussions they had with sources or other experts to challenge the government’s claim about damage, for example. But the communications of a Tim Russert being pressured after the fact about a critical story by the Vice President’s Chief of Staff should not be protected. Nor should WaPo CEO Katharine Weymouth’s discussions with huge donors like Pete Peterson or potential salon sponsors. While I suspect DOJ sees real benefit in protecting these cocktail weenie means of pressure on news media (as do, undoubtedly, some of the executives involved), I see no journalistic reason to do so.
Moreover, in an era where WaPo is really a testing firm with a journalistic rump and NBC is really the TV content wing of a cable supplier, should we really be protecting the “news media” with no limits? (Bloomberg, I think, presents the most fascinating question here, particularly given their recent spying on users of Bloomberg terminals; where does the journalistic protection for companies that primarily provide privatized information begin and end?)
But even within the scope of Friday’s guidelines, there’s a reason the members of the news media should favor protecting the act of journalism rather than membership in news media.
That’s because two of the most important passages in the new News Media Policies refer to newsgathering activities as a further modification to its otherwise consistent discussion of members of the news media. The phrase appears in what amounts to a mission statement describing why this issue is important.
As an initial matter, it bears emphasis that it has been and remains the Department’s policy that members of the news media will not be subject to prosecution based solely on newsgathering activities. Furthermore, in light of the importance of the constitutionally protected newsgathering process, the Department views the use of tools to seek evidence from or involving the news media as an extraordinary measure. The Department’s policy is to utilize such tools only as a last resort, after all reasonable alternative investigative steps have been taken, and when the information sought is essential to a successful investigation or prosecution.
This is a weird passage, in that it both admits the “newsgathering process” is constitutionally protected, presumably for all, but then suggests the protections within this policy will only apply to members of the news media (one limitation) who cannot be prosecuted exclusively for their newsgathering activities (a second limitation).
Note the parallel limitation in a number of DOJ’s surveillance and investigative guidelines — which say people cannot be investigated solely for their First Amendment protected activities — has not provided adequate protection to Muslims engaging in speech and religion.
The policies again invoke “newsgathering activities” in the passage describing the news media protections in DOJ’s treatment of the Privacy Protection Act.
First, the Department will modify its policy concerning search warrants covered by the PPA involving members of the news media to provide that work product materials and other documents may be sought under the “suspect exception” of the PPA only when the member of the news media is the focus of a criminal investigation for conduct not connected to ordinary newsgathering activities. Under the reviews policy, the Department would not seek search warrants under the PPA’s suspect exception if the sole purpose is the investigation of a person other than the member of the news media.
By limiting protections offered to members of the news media to “ordinary newsgathering activities,” DOJ has just punted one of the crucial issues underlying the James Rosen affidavit (and, along with it, DOJ’s efforts to prosecute WikiLeaks). Because it still permits DOJ to decide, potentially in secret (though, as a laudable part of the new policy, with the input of the Public Affairs Director and the Privacy and Civil Liberties Officer), what constitutes “ordinary newsgathering activities.” And some of the things the FBI officer apparently decided in that case did not constitute ordinary newsgathering activities, but instead provided evidence that Rosen was part of a conspiracy to commit espionage, include:
While there are other protections for news media in these new policies (including protections from non-NSL Administrative orders, review before using such investigative methods, reporting on how much investigation of news media occurs, and what amount to increased minimization procedures for news media contact information), this is one of the critical new protections in this policy.
If DOJ decides that protecting sources and methods, soliciting information, and sucking up to sources do not constitute “ordinary newsgathering activities,” then how useful are the protections?
DOJ has announced its intention to respect ordinary newsgathering activities and even recognized constitutional protections for them, sort of (I look forward to the legal cases that cite that language, anyway). But until there’s a common understanding about when such activities constitute journalism and when they constitute spying, the protection has limited value.
If the ultimate idea is to protect newsgathering activities, then why not establish what those activities are and then actually protect them, regardless of whether they are tied to a certain kind of institution?
Kevin Gosztola reports that the government plans to use a document Bradley Manning is alleged to have accessed as part of its proof that he knew he’d be leaking any further information to al Qaeda and other enemies by leaking it to WikiLeaks.
Morrow revealed a new aspect of the case against Manning, namely that they believed because Manning had accessed an Army intelligence report on the “threat” posed by WikiLeaks he would have known that WikiLeaks was valuable to the nation’s enemies. It is an argument that essentially uses his decision to access the report against him.(Keep in mind the government maintains he should never have read this report.)
The report itself is actually ambiguous about whether or not our adversaries were using WikiLeaked data. It both presents it as a possibility that we didn’t currently have intelligence on, then presumes it.
(S//NF) Will the Wikileaks.org Web site be used by FISS, foreign military services, foreign insurgents, or terrorist groups to collect sensitive or classified US Army information posted to the Wikileaks.org Web site?
(S//NF) Will the Wikileaks.org Web site be used by FISS, foreign military services, or foreign terrorist groups to spread propaganda, misinformation, or disinformation or to conduct perception or influence operations to discredit the US Army?
(S//NF) It must be presumed that Wikileaks.org has or will receive sensitive or classified DoD documents in the future. This information will be published and analyzed over time by a variety of personnel and organizations with the goal of influencing US policy. In addition, it must also be presumed that foreign adversaries will review and assess any DoD sensitive or classified information posted to the Wikileaks.org Web site. [my emphasis]
But I’m more interested in three other things Manning would have learned from that document. First, he’d have learned from this paragraph that the way to make sure someone didn’t fulfill his “obligation to expose alleged wrongdoing within DoD through inappropriate venues” is not training about the appropriate venues to expose DOD wrongdoing, but via better info security — that is, by ensuring that alleged wrongdoing remains secret.
(U//FOUO) The unauthorized release of DoD information to Wikileaks.org highlights the need for strong counterintelligence, antiterrorism, force protection, information assurance, INFOSEC, and OPSEC programs to train Army personnel on the proper procedures for protecting sensitive or classified information, to understand the insider threat, and to report suspicious activities. In addition, personnel need to know proper procedures for reporting the loss, theft, or comprise of hard or soft copy documents with sensitive information or classified information to the appropriate unit, law enforcement, or counterintelligence personnel. Unfortunately, such programs will not deter insiders from following what they believe is their obligation to expose alleged wrongdoing within DoD through inappropriate venues. Persons engaged in such activity already know how to properly handle and secure sensitive or classified information from these various security and education programs and has chosen to flout them.
And of course, the INFOSEC DIA believed was the answer to potential exposure of alleged wrongdoing is precisely the INFOSEC that the Army had failed to achieve 18-24 months later, when Manning was leaking this material, the INFOSEC DOD refused to implement even after a real adversary had inserted malware into our computers in Iraq via use of removable media, the same means Manning used to get this information.
If this document is proof Manning should have known (the conflicting statements notwithstanding) that leaking to WikiLeaks would amount to leaking to our adversaries, it’s also proof that DOD knew they had an INFOSEC problem that might lead to leaked information, one they pointedly didn’t address.
But I’m also amused by one of the case studies in the danger of leaked WikiLeaks information: that it might be used to suggest DOD is getting gouged by our contractors working on JIEDDO, our counter-IED program.
(S//NF) The author of the above-mentioned article incorrectly interprets the leaked data regarding the components and fielding of the Warlock system, resulting in unsupportable and faulty conclusions to allege war profiteering, price gouging and increased revenues by DoD contractors involved in counter-IED development efforts.
Mind you, the claim that JIEDDO contractors were robbing us blind is a conclusion shared by some very respected defense reporters.
Launched in February 2006 with an urgent goal — to save U.S. soldiers from being killed by roadside bombs in Iraq — a small Pentagon agency ballooned into a bureaucratic giant fueled by that flourishing arm of the defense establishment: private contractors.
An examination by the Center for Public Integrity and McClatchy of the Joint Improvised Explosive Device Defeat Organization revealed an agency so dominated by contractors that the ratio of contractors to government employees has reached six to one.
As well as by GAO itself.
In other words, while this internal report claimed WikiLeaks inaccurately concluded that JIEDDO was a boondoggle, in fact WikiLeaks’ conclusion might have been one of the earliest indications of a problem later confirmed by other outlets, that JIEDDO was a boondoggle.
Even by 2009, Manning might have read this document and concluded that WikiLeaks had served precisely the outcome it claimed, exposing wrongdoing.
Finally, check out some of these classification marks, including the questions about whether or not our adversaries might exploit publicly available information bolded above. Not conclusions, mind you, but questions (intelligence gaps, really).
That’s a secret we have to keep from our allies? Really?
No. It’s not. It’s an example of rampant overclassification.
To sum up: not only doesn’t this report assert that leaking to WikiLeaks amounts to leaking to our adversaries; on the contrary, the report identifies that possibility as a data gap. But it also provides several pieces of support for the necessity of something like WikiLeaks to report government wrongdoing.
Update: Swapped in Gosztola’s corrected post on CIA/Army Intel document.
Remember when Visa and PayPal cut off services to WikiLeaks as a result of what was clearly Administration pressure? The Administration never explicitly revealed it had pressured the financial services companies to cut off WikiLeaks. It never offered any due process. Just–poof! WikiLeaks was no longer welcome to use a public service other corporate-people were able to.
And almost no one blinked at that abuse of due process.
Then Visa and MasterCard cut off pot dispensaries in California.
Your credit is no longer any good at California medical marijuana dispensaries, whose accounts with credit card processors have been canceled, thanks to pressure from the federal government.
Merchant services providers — the intermediaries between retailers and credit card companies who process customers’ payments — began informing their medical marijuana dealing clients that cannabis credit card transactions would not be processed after July 1, according to Stephen DeAngelo, Executive Director of Oakland’s Harborside Health Center.
No government agency is taking credit for making marijuana a cash-only business. But the “factual pattern” is as follows, DeAngelo said: Officials from the Treasury Department flexed on credit card companies, who then informed merchant services providers that they’d be “dropped from Visa and MasterCard forever” unless they stopped processing medical marijuana payments.
And PayPal has imposed new terms of services on file-sharing sites that will allow it to monitor sites for content.
According to TorrentFreak, PayPal has recently changed its terms of service, making requirements for file-sharing and newsgroup services far tighter than before.
The payment service, owned by eBay, now requires that “merchants must prohibit users from uploading files involving illegal content and indicate that users involved in such file transfers will be permanently removed from their service,” and that “merchants must provide PayPal with free access to their service, so PayPal’s Acceptable Use Policy department can monitor the content.”
The pot dispensary move is really heartless: as the article points out, it means customers have to walk around with wads of cash. And since a lot of medical marijuana customers are on disability, it means poor people can’t afford themselves the flexibility offered by credit cards.
And in addition to the specific injustice of undermining otherwise legal businesses, there’s the general issue. As it does with international financial exchange, so the Government is now doing with corporate entities in the US, picking and choosing which ones will have access to modern financial services and which won’t.
It’s an arbitrary exercise of power against entities the government can’t or won’t make a legal, due process entailing case against.
Maybe you’ll arbitrarily lose your credit card privileges next!