Group items tagged

A month after former CIA officer Jeffrey Sterling was convicted on nine felony counts with circumstantial metadata, the zealous prosecution is now having potentially major consequences — casting doubt on the credibility of claims by the U.S. government that Iran has work on a nuclear weapons program.With negotiations between Iran and the United States at a pivotal stage, fallout from the trial’s revelations about the CIA’s Operation Merlin is likely to cause the International Atomic Energy Agency to re-examine U.S. assertions that Iran has pursued nuclear weapons.

In its zeal to prosecute Sterling for allegedly leaking classified information about Operation Merlin — which provided flawed nuclear weapon design information to Iran in 2000 — the U.S. government has damaged its own standing with the IAEA. The trial made public a treasure trove of information about the Merlin operation.Last week Bloomberg News reported from Vienna, where IAEA is headquartered, that the agency “will probably review intelligence they received about Iran as a result of the revelations, said the two diplomats who are familiar with the IAEA’s Iran file and asked not to be named because the details are confidential.”The Bloomberg dispatch, which matter-of-factly referred to Merlin as a “sting” operation, quoted a former British envoy to the IAEA, Peter Jenkins, saying: “This story suggests a possibility that hostile intelligence agencies could decide to plant a ‘smoking gun’ in Iran for the IAEA to find. That looks like a big problem.”

Investigative journalist Marcy Wheeler, my colleague at ExposeFacts, has written an extensive analysis of the latest developments. The article on her EmptyWheel blog raises key questions beginning with the headline “What Was the CIA Really Doing with Merlin by 2003?”An emerging big irony of United States of America v. Jeffrey Alexander Sterling is that the government has harmed itself in the process of gunning for the defendant. While the prosecution used innuendos and weak circumstantial evidence to obtain guilty verdicts on multiple felonies, the trial produced no actual evidence that Sterling leaked classified information. But the trial did provide abundant evidence that the U.S. government’s nuclear-related claims about Iran should not be trusted.In the courtroom, one CIA witness after another described Operation Merlin as a vitally important program requiring strict secrecy. Yet the government revealed a great deal of information about Operation Merlin during the trial — including CIA documents that showed the U.S. government to be committed to deception about the Iranian nuclear program.

FSB source to "Komsomolskaya Pravda": "the customer of Nemtsov's murder was preparing an assassination of Vladimir Putin" The main suspect in the organization of the high-profile crime - is a commander of the Ukrainian battalion in the name of Dzhokhar Dudayev, Adam Osmayev. The correspondent of "Komsomolskaya Pravda" met with the FSB agent, who is part of the team investigating the murder of Boris Nemtsov. In an exclusive interview he spoke about the new details of the crime and named the most likely customer of the murder.

Today the investigators have irrefutable proof that all persons detained on suspicion of murder of the politician are the perpetrators, - said our source in the FSB. First of all, billing (data about calls and movements of the subscriber. - Ed.) from their mobile phones showed that they conducted surveillance of Nemtsov before the murder, following him closely. The suspects were tracked with their phones at the location where Nemtsov was present with his phone. During the murder all the detainees "were in the area": some under the bridge, some in a car, some nearby. Zaur Dadaev pulled the trigger. He first made a confession, and then, on the advice of his lawyers, took it back. But it changes nothing, the investigation has already collected compelling evidence of his guilt. I will not give details of how this was done. The pistol was thrown into the river after the crime, it was later recovered by divers. That Zaur Dadaev immediately said to the TV cameras: "I love prophet Muhammad" - is just a cover. There was no religious motive for the killings. They cynically carried out an order. They are far from devout Muslims. In fact, just real gangsters. And the most important thing. The executor of the murder was in close contact with Adam Osmaev, who recently became the commander of the Ukrainian battalion in the name of Dzhokhar Dudayev. They met, talked a lot on the phone. Zaur Dadaev and his cronies worked with Osmaev on Ukrainian affairs. And also with Chechens, who fought on the territory of Ukraine for the new regime. Zaur Dadaev was listed in the battalion "North" ("Sever") of the Chechen Interior Ministry, but while serving in it, in fact, was engaged in activities against Russia. He was associated with Osmaev by a certain relationship and mutual obligations.

The evidence is still being gathered. But I can say that today the main suspected customer of Nemtsov's murder is Adam Osmayev.

Uncle Sam’s Databases of Suspicion A Shadow Form of National ID

We do know that the nation’s domestic-intelligence network is massive, including at least 59 federal agencies, over 300 Defense Department units, and approximately 78 state-based fusion centers, as well as the multitude of law enforcement agencies they serve. We also know that local law enforcement agencies have themselves raised concerns about the system’s lack of privacy protections.

The SAR database is part of an ever-expanding domestic surveillance system established after 9/11 to gather intelligence on potential terrorism threats. At an abstract level, such a system may seem sensible: far better to prevent terrorism before it happens than to investigate and prosecute after a tragedy. Based on that reasoning, the government exhorts Americans to “see something, say something” -- the SAR program’s slogan. Indeed, just this week at a conference in New York City, FBI Director James Comey asked the public to report any suspicions they have to authorities. “When the hair on the back of your neck stands, listen to that instinct and just tell somebody,” said Comey. And seeking to reassure those who do not want to get their fellow Americans in trouble based on instinct alone, the FBI director added, “We investigate in secret for a very good reason, we don't want to smear innocent people.”

Micah Lee: What are some operational security practices you think everyone should adopt? Just useful stuff for average people. Edward Snowden: [Opsec] is important even if you’re not worried about the NSA. Because when you think about who the victims of surveillance are, on a day-to-day basis, you’re thinking about people who are in abusive spousal relationships, you’re thinking about people who are concerned about stalkers, you’re thinking about children who are concerned about their parents overhearing things. It’s to reclaim a level of privacy. The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS and Android, and, unlike a lot of security tools, is very easy to use.] You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [I’ve written a guide to encrypting your disk on Windows, Mac, and Linux.] Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]

The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that. [If you enable two-factor authentication, an attacker needs both your password as the first factor and a physical device, like your phone, as your second factor, to login to your account. Gmail, Facebook, Twitter, Dropbox, GitHub, Battle.net, and tons of other services all support two-factor authentication.]

We should armor ourselves using systems we can rely on every day. This doesn’t need to be an extraordinary lifestyle change. It doesn’t have to be something that is disruptive. It should be invisible, it should be atmospheric, it should be something that happens painlessly, effortlessly. This is why I like apps like Signal, because they’re low friction. It doesn’t require you to re-order your life. It doesn’t require you to change your method of communications. You can use it right now to talk to your friends.

Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.

Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.

Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.

Much Needed New Scrutiny of the Clinton Foundation   Will there ever be a serious investigation and prosecution of the Clinton cash machine? Maybe. Micah Morrison, our chief investigative reporter, has an important update in his latest Investigative Bulletin:   Rumors have been floating up from Little Rock for months now of a new investigation into the Clinton Foundation. John Solomon advanced the story recently in a January report for The Hill. FBI agents in the Arkansas capital, he wrote, “have taken the lead” in a new Justice Department inquiry “into whether the Clinton Foundation engaged in any pay-to-play politics or other illegal activities while Hillary Clinton served as secretary of state.” Solomon reports that the probe “may also examine whether any tax-exempt assets were converted for personal or political use and whether the foundation complied with applicable tax laws.”   Main Justice also is “re-examining whether there are any unresolved issues from the closed case into Clinton’s transmission of classified information through her personal email server,” Solomon notes.   Solomon is not alone. The Wall Street Journal is tracking the story. And earlier this month, investigative journalist Peter Schweizer cryptically told SiriusXM radio that federal authorities should “convene a grand jury” in Little Rock “and let the American people look at the evidence” about the Clinton Foundation.   Judicial Watch continues to turn up new evidence of Clinton pay-to-play and mishandling of classified information. In recent months, through FOIA litigation, Judicial Watch has forced the release of more than 2,600 emails and documents from Mrs. Clinton and her associates, with more to come. The emails include evidence of Clinton Foundation donors such XL Keystone lobbyist Gordon Griffin, futures brokerage firm CME Group chairman Terrence Duffy, and an associate of Shangri La Entertainment mogul Steve Bing seeking special favors from the State Department. Read more about Judicial Watch’s pay-to-play disclosures here.   Judicial Watch also revealed many previously unreported incidents of mishandling of classified information. Mrs. Clinton and her former State Department deputy chief of staff, Huma Abedin, sent and received classified information through unsecure channels. The emails and documents involved sensitive information about President Obama, the Middle East, Africa, Afghanistan, Mexico, Burma, India, intelligence-related operations and world leaders. For documents and details from Judicial Watch on the mishandling of classified information, see here, here, here and here.   Smelling a rat in Arkansas when it comes to the Clintons of course is nothing new, and the former First Couple are masters of the gray areas around pay-to-play. But mishandling of classified information is a serious matter. And the tax angle is intriguing, even if you’re not Al Capone. The tenacious financial expert Charles Ortel, who has been digging deep into Clinton finances for years, told us back in 2015 that there are “epic problems” with the entire Clinton Foundation edifice, which traces its origins back to Arkansas. He noted that independent accounting firms may have been “duped by false and materially misleading representations” made by Clinton charitable entities. Down in Arkansas, law enforcement may be finally catching up with Ortel’s insights.

More than a month after Sen. Ron Wyden (D-Ore.) requested information about US Customs and Border Protection's practice of searching cell phones at US borders and airports, he's still waiting for answers—but he's not waiting to introduce legislation to end the practice. "It's very concerning that [the Department of Homeland Security] hasn't managed to answer my questions about the number of digital searches at the border, five weeks after I requested that basic information," Wyden, a leading congressional advocate for civil liberties and privacy, told Mother Jones on Tuesday through a spokesman. "If CBP were to undertake a system of indiscriminate digital searches, that would distract CBP from its core mission, dragging time and attention away from catching the bad guys." Wyden's request to DHS and CBP came on the heels of a February 18 report from the Associated Press of a "fivefold increase" in electronic media searches in fiscal year 2016 over the previous year, from fewer than 5,000 to nearly 24,000. It also followed Homeland Security Secretary John Kelly's suggestion that visitors from a select group of countries, mainly Muslim, might be required to hand over passwords to their social media accounts as a condition of entry. (That comment came a week after President Donald Trump first unveiled his executive order⁠ banning travel from seven majority-Muslim countries.) The Knight First Amendment Institute, which advocates for freedom of speech, sued DHS on Monday for records relating to the seizure of electronic devices at border checkpoints. Wyden requested similar data on CBP device searches and demands for travelers' passwords. "There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers," Wyden wrote in the February 20 letter to DHS and CBP. "By requesting a traveler's credentials and then directly accessing their data, CBP would be short-circuiting the vital checks and balances that exist in our current system." The senator wrote that the searches not only violate civil liberties but could reduce international business travel or force companies to outfit employees with "burner" laptops and mobile devices, "which some firms already use when employees visit nations like China."

"Folks are going to be less likely to travel freely to the US with the devices they need if they don't feel their sensitive business information is going to be safe at the border," Wyden said Tuesday, noting that CBP can copy the information it views on a device. "Then they can store that information and search it without a warrant." Wyden will soon introduce legislation to force law enforcement to obtain warrants before searching devices at the border. His bill would also prevent CBP from compelling travelers to reveal passwords to their accounts. A DHS spokesman said in a statement that "all travelers arriving to the US are subject to CBP inspection," which includes inspection of any electronic devices they may be carrying. Access to these devices, the spokesman said, helps CBP agents ascertain the identity and admissibility of people from other countries and "deter the entry of possible terrorists, terrorist weapons, controlled substances," and other prohibited items. "CBP electronic media searches," the spokesman said, "have resulted in arrests for child pornography, evidence helpful in combating terrorist activity, violations of export controls, convictions for intellectual property rights violations, and visa fraud discoveries." In a March 27 USA Today op-ed, Joseph B. Maher, DHS acting general counsel, compared device searches to searching luggage. "Just as Customs is charged with inspecting luggage, vehicles and cargo containers upon arrival to the USA, there are circumstances in this digital age when we must inspect an electronic device for violations of the law," Maher wrote.

But in a unanimous 2014 ruling, the Supreme Court found that police need warrants to search cell phones. Chief Justice John Roberts wrote in the opinion that cell phones are "such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy." In response to a Justice Department argument that cell phones were akin to wallets, purses, and address books, Roberts wrote: "That is like saying a ride on horseback is materially indistinguishable from a flight to the moon." The law, however, applies differently at the border because of the "border search doctrine," which has traditionally given law enforcement wider latitude under the Fourth Amendment to perform searches at borders and international airports. CBP says it keeps tight controls on its searches and is sensitive to personal privacy. Wyden isn't convinced. "Given Trump's worrying track record so far, and the ease with which CBP could change its guidelines, it's important we create common-sense statutory protections for Americans' liberty and security," he says.