Group items tagged

Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws. The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors' Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12. "The Justice Department is helping private companies evade federal wiretap laws," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. "Alarm bells should be going off." Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as "2511 letters," a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books. The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a "necessary incident" to providing the service or it takes place with a user's "lawful consent." An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It's not clear how many 2511 letters were issued by the Justice Department. In 2011, Deputy Secretary of Defense William Lynn publicly disclosed the existence of the original project, called the DIB Cyber Pilot, which used login banners to inform network users that monitoring was taking place. In May 2012, the pilot was turned into an ongoing program -- broader but still voluntary -- by the name of Joint Cybersecurity Services Pilot, with the Department of Homeland Security becoming involved for the first time. It was renamed again to Enhanced Cybersecurity Services program in January, and is currently being expanded to all types of companies operating critical infrastructure.

Another e-mail message from a Justice Department attorney wondered: "Will the program cover all parts of the company network -- including say day care centers (as mentioned as a question in a [deputies committee meeting]) and what are the policy implications of this?" The deputies committee includes the deputy secretary of defense, the deputy director of national intelligence, the deputy attorney general, and the vice chairman of the Joint Chiefs of Staff. "These agencies are clearly seeking authority to receive a large amount of information, including personal information, from private Internet networks," says EPIC staff attorney Amie Stepanovich, who filed a lawsuit against Homeland Security in March 2012 seeking documents relating to the program under the Freedom of Information Act. "If this program was broadly deployed, it would raise serious questions about government cybersecurity practices." In January, the Department of Homeland Security's privacy office published a privacy analysis (PDF) of the program saying that users of the networks of companies participating in the program will see "an electronic login banner [saying] information and data on the network may be monitored or disclosed to third parties, and/or that the network users' communications on the network are not private."

It was already being described as the worst hack of the U.S. government in history. And it just got much worse.A senior U.S. official has confirmed that foreign hackers compromised the intimate personal details of an untold number of government workers. Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.Those details, which are now presumed to be in the hands of Chinese spies, are found in the so-called “adjudication information” that U.S. investigators compile on government employees and contractors who are applying for security clearances. The exposure suggests that the massive computer breach at the Office of Personnel Management is more significant and potentially damaging to national security than officials have previously said.

Three former U.S. intelligence officials told The Daily Beast that the adjudication information would effectively provide dossiers on current and former government employees, as well as contractors. It gives foreign intelligence agencies a roadmap for finding people with access to the government’s most highly classified secrets.Obama administration officials had previously acknowledged the breach of information that applicants voluntarily disclose on a routine questionnaire, called Standard Form 86, but the theft of the more detailed and wide-ranging adjudication information appears to have gone overlooked.

“Whoever compromised the adjudication information is going to have clear knowledge, beyond what’s in the SF86, about who the best targets for espionage are in the United States,” Michael Adams, a computer security expert who served more than two decades in the U.S. Special Operations Command, told The Daily Beast. “This is the most successful cyber attack in the history of the United States,” owing to the amount and quality of the information that was stolen, Adams said. U.S. intelligence officers spend years trying to recruit foreign spies to gather the kinds of details and insights that are contained in adjudication information, one former senior U.S. official said. This official, who requested anonymity, added that adjudication information would give foreign intelligence services “enormous leverage” over U.S. personnel whom they might forcibly interrogate for information or try to recruit.

Last week, the Administrative Office (AO) of the US Courts published the 2014 Wiretap Report, an annual report to Congress concerning intercepted wire, oral, or electronic communications as required by Title III of the Omnibus Crime Control and Safe Streets Act of 1968. News headlines touted that the number of federal and state wiretaps for 2014 was down 1% for a total of 3,554. Of these, there were few involving encrypted communications; and for those, law enforcement agencies were in most cases able to overcome the encryption. But there is a bigger story that calls into question the accuracy of the all of the prior reports submitted to the AO and the overall data provided to Congress and the public in the Wiretap Reports. Since the Snowden revelations, more and more companies have started publishing “transparency reports” about the number and nature of government demands to access their users’ data. AT&T, Verizon, and Sprint published data for 2014 earlier this year and T-Mobile published its first transparency report on the same day the AO released the Wiretap Report. In aggregate, the four companies state that they implemented 10,712 wiretaps, a threefold difference over the total number reported by the AO. Note that the 10,712 number is only for the four companies listed above and does not reflect wiretap orders received by other telephone carriers or online providers, so the discrepancy actually is larger.

So what accounts for the huge gap in reporting? That is a question Congress and the AO should be asking prosecutors and judges who are required by law to make complete and accurate reports of the number of wiretaps conducted each year. Are wiretaps being consistently under­reported to Congress and the public? Based on the data reported by the four major carriers for 2013 and 2014, it certainly would appear to be the case.

a few years ago, Congress gave the Pentagon strict limits on its annual allowance, but the Department has struggled to stay within that budget. In advance of the Pentagon’s annual budget request, which usually is submitted during the spring, a senior defense official, Alan Estevez, confirmed that the Department plans on blowing through the budget caps next year. “We’re going to propose a budget next January and it’s going to be above sequestration levels.” Shocker!

When Estevez refers to “above sequestration levels,” he means above the legal spending limits that Congress has placed on the federal discretionary budget via legislation called the Budget Control Act (BCA). However, the Pentagon continues to propose funding levels that exceed the authorized amounts. Earlier this year, when the Pentagon first submitted its budget for Fiscal Year 2015, military planners proposed spending $115 billion more than is allowed by the spending caps over the next five years.

Now, Estevez is confirming that the Pentagon will indeed follow through on its pledge to blow through its allowance. “We’re obviously planning a budget above sequestration, similar to what we put forward in [Fiscal Year] ’15,” says Estevez. This coming year, in Fiscal Year 2016, the Pentagon will propose spending more than $60 billion above the amount authorized by Congress. CBO Assessment

Oceanfront views, 24-hour doorman, heated pool, and perhaps best of all, a “private tunnel to the beach.” This $3 million Palm Beach, Florida penthouse could be yours, but unfortunately it isn’t because this prize has already been claimed by a former high-level U.S. official who helped pave the way for the over decade-long “war on terror,” which has been a near complete catastrophe. Iraq is aflame, the Islamic State is on the rampage, the situation in Afghanistan worsens by the day, and thousands of Americans—and many more Iraqis and Afghans—have died during the post-9/11 conflicts. Meanwhile, the combined cost of the “war on terror” comes to an estimated $1.6 trillion. But if the American people got screwed on the deal, a lot of former senior government officials who played important roles in this debacle have done quite well for themselves. It’s New Year’s Eve and I need to write a final sendoff to 2014, so I thought I’d take a look at the fortunes (literally) of some of these figures: Former CIA director George Tenet and former FBI director Louis Freeh (I’ll cover former Department of Homeland Security chief Tom Ridge in a New Year’s post).

Freeh resigned from the FBI two months before 9/11. When he worked there he was making an annual salary of $145,000 and lived “in a heavily mortgaged house in Great Falls, a Virginia suburb,” according to an old and admiring New Yorker profile. He and his wife now own at least four lavish estates worth many millions of dollars, including a residence in Wilmington, Delaware, a six-bedroom summerhouse worth more than $3 million in Vermont, and a beachfront penthouse at 100 Worth Avenue in Palm Beach, Florida, which was bought for $1.4 million and now has an estimated value of $3 million. How’d that happen? Well, Freeh is one of many former U.S. officials who got paid big speaking fees (reportedly up to $50,000 a pop) by a creepy Iranian group called the People’s Mujahedin, also known as Mojahedin-e-Khalq, or MEK, to successfully advocate for its removal from the State Department’s list of Foreign Terrorist Organizations. He also opened up a consulting firm whose clients have included Saudi Arabia’s Prince Bandar, who the U.S. Department of Justice accused of taking massive bribes from a British defense contractor. That’s right, Freeh represented a prince from America’s old pal Saudi Arabia, home to fifteen of the nineteen 9/11 hijackers, and whose export of Wahhabism is credited with giving rising to the Islamic State.

Freeh is also hired to conduct investigations, like the controversial report he produced about Penn State’s football program. Nasser Kazeminy, a Minnesota businessman who in 2008 was accused of bribing former Senator Norm Coleman, also hired Freeh to conduct a “thorough investigation” of the allegations against him in the hopes of clearing his name.

Two years ago, Congress passed the United States-Israel Enhanced Security Cooperation Act (P.L. 112-150), which reiterated, as a matter of policy, the US commitment “to help the Government of Israel preserve its qualitative military edge amid rapid and uncertain regional political transformation.” It expressed the non-binding “sense of Congress” favoring various possible avenues of cooperation: providing Excess Defense Articles to Israel; enhanced operational, intelligence, and political-military coordination; expediting the sale of specific weaponry including F-35 joint strike fighter aircraft, refueling tankers, and “bunker buster” bombs; as well as an US-Israel cooperative missile defense program and additional aid for Israel’s Iron Dome anti-rocket system.

Iron Dome, a dual mission system built by Israeli defense contractor Rafael Advanced Defense Systems, which doubles as a very short range air defense system and an interceptor of incoming rockets, mortars and artillery, has received $720 million in American funding since the program’s inception in 2011. Israel currently has nine batteries, each costing about $100 million. The price tag for every Tamir missile fired by the Iron Dome system costs an estimated minimum of $50,000, with two missiles responding to every incoming rocket that is considered a threat to Israeli lives and property. US support for Iron Dome will soon surpass $1 billion. In March, the Pentagon asked for $176 million for the program for Fiscal Year 2015, which begins Oct. 1, but the Senate Appropriations defense subcommittee raised the Iron Dome appropriation to $351 million on July 15—more than half the $621.6 million it had appropriated for Israeli missile defense for the upcoming year. A week later, Defense Secretary Chuck Hagel sent a letter to Senate leaders and key committee chairpersons relaying the Israeli government’s request for an immediate $285 million of emergency allocation for Iron Dome. On Aug. 1—a Friday afternoon—the House (398-8) and Senate both approved adding an additional $285 million to Iron Dome’s funding, which was followed by President Obama’s signature the following Monday morning.

After Israel’s bombing of the UN school in Gaza, and more than 2,000 civilian Palestinian deaths since the war began on July 8, the Obama administration apparently became aware that it was uninformed about, and had very little control over US military assistance to Israel. Indeed, the Wall Street Journal reported Aug. 14 that President Obama had just discovered that the US military was authorizing and providing weapons shipments to Israel without his knowledge. Unknown to many policy makers, Israel was moving on a separate track to replenish supplies of lethal munitions being used in Gaza and to expedite the approval of the Iron Dome funds on Capitol Hill. On July 20, Israel’s defense ministry asked the US military for a range of munitions, including 120-mm mortar shells and 40-mm illuminating rounds, which were already stored at a pre-positioned weapons stockpile in Israel.

In an unusual gesture, the U.S. Government last week apologized to Abdullah al-Kidd, a U.S. citizen who was arrested in 2003 and detained as a material witness in connection with a terrorism-related case. Mr. Al-Kidd, represented by American Civil Liberties Union attorney Lee Gelernt, challenged his detention as unconstitutional and inhumane. Now the case has been settled, with an official apology and a payment of $385,000. “The government acknowledges that your arrest and detention as a witness was a difficult experience for you and regrets any hardship or disruption to your life that may have resulted from your arrest and detention,” wrote U.S. Attorney Wendy J. Olson in a January 15 letter. This sort of admission of regret is rare. The government apologizes much less frequently than it perpetrates injuries that are inappropriate or unwarranted. So, for example, the recent Senate report on post-9/11 CIA interrogation practices noted that at least 26 individuals had been “wrongfully detained.” But legal attempts to recover damages are typically foreclosed by courts based on “separation of powers, national security, and the risk of interfering with military decisions.”

Why not apologize and compensate those who have been abused and mistreated, starting with those individuals who by all accounts are innocent of any wrongdoing? It would be the just and honorable thing to do, both for the intelligence community and for the country. And it would be most powerful (and most “therapeutic”) if the IC undertook this step at its own initiative, rather than waiting to be compelled by others. “Personally I agree,” a senior U.S. intelligence community legal official said privately, “for the reasons you say and some others. [But] getting it done is a lot harder.” And so it is. Even as it apologized to Abdullah al-Kidd, the U.S. Government insisted on a stipulation that the settlement of the case “is not, is in no way intended to be, and should not be construed as, an admission of liability or fault on the part of the United States.”

The Department of Homeland Security aims to increase its domestic human intelligence collection activity this year, the Department recently told Congress. In a question for the record from a September 2014 congressional hearing, Rep. Paul C. Broun (R-GA) asked:  “Do we currently have enough human intelligence capacity–both here in the homeland and overseas–to counter the threats posed by state and non-state actors alike?” The Department replied, in a response published in the full hearing volume last month (at p. 64): “DHS is working on increasing its human intelligence-gathering capabilities at home and anticipates increasing its field collector/reporter personnel by 50 percent, from 19 to approximately 30, during the coming year.” “We are also training Intelligence Officers in State and major urban area fusion centers to do intelligence reporting. This will increase the human intelligence capability by additional 50–60 personnel.” The projected increase in DHS HUMINT collection activity was not specifically mentioned in the Department’s FY 2015 budget request.

Human intelligence collection in this context does not necessarily mean that the Department is running spies under cover. According to a 2009 report from the Congressional Research Service (footnote 38), “For purposes of DHS intelligence collection, HUMINT is used to refer to overt collection of information and intelligence from human sources. DHS does not, generally, engage in covert or clandestine HUMINT.” In any case, “The DHS Intelligence Enterprise has increased intelligence reporting, producing over 3,000 reports in fiscal year 2014,” DHS also told Rep. Broun. A June 2014 report from the Government Accountability Office found fault with some of that reporting, which is generated by the DHS Office of Intelligence and Analysis (I&A). “I&A customers had mixed views on the extent to which its analytic products and services are useful,” GAO found. See DHS Intelligence Analysis: Additional Actions Needed to Address Analytic Priorities and Workforce Challenges, GAO report GAO-14-397, June 2014. DHS concurred with the resulting GAO recommendations.

The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians. The source of the data is not named in the contract, but an ICE representative said the data came from Vigilant Solutions, the leading network for license plate recognition data. “Like most other law enforcement agencies, ICE uses information obtained from license plate readers as one tool in support of its investigations,” spokesperson Dani Bennett said in a statement. “ICE is not seeking to build a license plate reader database, and will not collect nor contribute any data to a national public or private database through this contract.”

While it collects few photos itself, Vigilant Solutions has amassed a database of more than 2 billion license plate photos by ingesting data from partners like vehicle repossession agencies and other private groups. Vigilant also partners with local law enforcement agencies, often collecting even more data from camera-equipped police cars. The result is a massive vehicle-tracking network generating as many as 100 million sightings per month, each tagged with a date, time, and GPS coordinates of the sighting.

ICE agents would be able to query that database in two ways. A historical search would turn up every place a given license plate has been spotted in the last five years, a detailed record of the target’s movements. That data could be used to find a given subject’s residence or even identify associates if a given car is regularly spotted in a specific parking lot. “Knowing the previous locations of a vehicle can help determine the whereabouts of subjects of criminal investigations or priority aliens to facilitate their interdiction and removal,” an official privacy assessment explains. “In some cases, when other leads have gone cold, the availability of commercial LPR data may be the only viable way to find a subject.” ICE agents can also receive instantaneous email alerts whenever a new record of a particular plate is found — a system known internally as a “hot list.” (The same alerts can also be funneled to the Vigilant’s iOS app.) According to the privacy assessment, as many as 2,500 license plates could be uploaded to the hot list in a single batch, although the assessment does not detail how often new batches can be added. With sightings flooding in from police dashcams and stationary readers on bridges and toll booths, it would be hard for anyone on the list to stay unnoticed for long. Those powers are particularly troubling given ICE’s recent move to expand deportations beyond criminal offenders, fueling concerns of politically motivated enforcement. In California, state officials have braced for rumored deportation sweeps targeted at sanctuary cities. In New York, community leaders say they’ve been specifically targeted for deportation as a result of their activism. With automated license plate recognition, that targeting would only grow more powerful. For civil liberties groups, the implications go far beyond immigration.

Editor’s note: The author is a former CIA agent who was the first to confirm the agency’s secret waterboarding program and publicly describe it as “torture.” The government responded by charging him with leaking classified information to a reporter after which he was convicted and spent 30 months in a high-security federal prison from 2013 to 2015.

That brings us back to Gina Haspel. I have no doubt that she considers herself to be a patriot, as her supporters do. But that’s not the issue here. The issue is respect for the rule of law. Since the end of World War II, we have had laws in this country that specifically ban exactly those torture techniques implemented and overseen by Gina Haspel at a secret prison overseas. And the United States is a signatory to the United Nations Convention Against Torture. Indeed, we were the primary drafters of that measure, which, having been ratified by the Senate, has the force of law in the United States. If Gina Haspel had any doubts about her “orders” from the CIA hierarchy, she had only to look at recent history. Just after the end of World War II, the United States executed Japanese soldiers who had waterboarded American prisoners of war. Similarly, in January 1968, the Washington Post published a front-page photo of an American soldier waterboarding a North Vietnamese prisoner. Secretary of Defense Robert McNamara ordered an investigation. The soldier was arrested, charged with torture, convicted, and sentenced to 20 years at Leavenworth. Torture was illegal in 1946. It was illegal in 1968. And it was illegal in 2002, no matter what Bush Justice Department officials John Yoo and Jay Bybee said. The law was clear.

More than a month after Sen. Ron Wyden (D-Ore.) requested information about US Customs and Border Protection's practice of searching cell phones at US borders and airports, he's still waiting for answers—but he's not waiting to introduce legislation to end the practice. "It's very concerning that [the Department of Homeland Security] hasn't managed to answer my questions about the number of digital searches at the border, five weeks after I requested that basic information," Wyden, a leading congressional advocate for civil liberties and privacy, told Mother Jones on Tuesday through a spokesman. "If CBP were to undertake a system of indiscriminate digital searches, that would distract CBP from its core mission, dragging time and attention away from catching the bad guys." Wyden's request to DHS and CBP came on the heels of a February 18 report from the Associated Press of a "fivefold increase" in electronic media searches in fiscal year 2016 over the previous year, from fewer than 5,000 to nearly 24,000. It also followed Homeland Security Secretary John Kelly's suggestion that visitors from a select group of countries, mainly Muslim, might be required to hand over passwords to their social media accounts as a condition of entry. (That comment came a week after President Donald Trump first unveiled his executive order⁠ banning travel from seven majority-Muslim countries.) The Knight First Amendment Institute, which advocates for freedom of speech, sued DHS on Monday for records relating to the seizure of electronic devices at border checkpoints. Wyden requested similar data on CBP device searches and demands for travelers' passwords. "There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers," Wyden wrote in the February 20 letter to DHS and CBP. "By requesting a traveler's credentials and then directly accessing their data, CBP would be short-circuiting the vital checks and balances that exist in our current system." The senator wrote that the searches not only violate civil liberties but could reduce international business travel or force companies to outfit employees with "burner" laptops and mobile devices, "which some firms already use when employees visit nations like China."

"Folks are going to be less likely to travel freely to the US with the devices they need if they don't feel their sensitive business information is going to be safe at the border," Wyden said Tuesday, noting that CBP can copy the information it views on a device. "Then they can store that information and search it without a warrant." Wyden will soon introduce legislation to force law enforcement to obtain warrants before searching devices at the border. His bill would also prevent CBP from compelling travelers to reveal passwords to their accounts. A DHS spokesman said in a statement that "all travelers arriving to the US are subject to CBP inspection," which includes inspection of any electronic devices they may be carrying. Access to these devices, the spokesman said, helps CBP agents ascertain the identity and admissibility of people from other countries and "deter the entry of possible terrorists, terrorist weapons, controlled substances," and other prohibited items. "CBP electronic media searches," the spokesman said, "have resulted in arrests for child pornography, evidence helpful in combating terrorist activity, violations of export controls, convictions for intellectual property rights violations, and visa fraud discoveries." In a March 27 USA Today op-ed, Joseph B. Maher, DHS acting general counsel, compared device searches to searching luggage. "Just as Customs is charged with inspecting luggage, vehicles and cargo containers upon arrival to the USA, there are circumstances in this digital age when we must inspect an electronic device for violations of the law," Maher wrote.

But in a unanimous 2014 ruling, the Supreme Court found that police need warrants to search cell phones. Chief Justice John Roberts wrote in the opinion that cell phones are "such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy." In response to a Justice Department argument that cell phones were akin to wallets, purses, and address books, Roberts wrote: "That is like saying a ride on horseback is materially indistinguishable from a flight to the moon." The law, however, applies differently at the border because of the "border search doctrine," which has traditionally given law enforcement wider latitude under the Fourth Amendment to perform searches at borders and international airports. CBP says it keeps tight controls on its searches and is sensitive to personal privacy. Wyden isn't convinced. "Given Trump's worrying track record so far, and the ease with which CBP could change its guidelines, it's important we create common-sense statutory protections for Americans' liberty and security," he says.