Thursday Morning: Taboo You

Still on spring break around here. If I was legit on a road trip some place warm right now, you’d find me lounging in the sun, sipping fruity cocktails at all hours, listening to some cheesy exotica like this Arthur Lyman piece I’ve shared here.

Though horribly appropriative and colonialist, it’s hard not to like exotica for its in-your-face corniness. I think my favorite remains Martin Denny’s Quiet Village. It brings back memories from the early 1960s, when life was pretty simple.

Let’s have a mai tai for breakfast and get on with our day.

Urgent: Increasing number of hospitals held ransom
Last month it was just one hospital — Hollywood Presbyterian Medical Center paid out bitcoin ransom.

Last week it was three — two Prime Healthcare Management hospitals in California and a Methodist Hospital in Kentucky held hostage.

Now, an entire chain of hospitals has been attacked by ransomware, this time affecting the servers of 10 related facilities in Maryland and Washington DC. The FBI is involved in the case. Is this simple extortion or terrorism? The patients diverted from the facilities to other hospitals’ emergency rooms probably don’t care which it is — this latest attack interfered with getting care as quickly as possible. Let’s hope none of the diverted patients, or those already admitted into the MedStar Union Memorial Hospital chain, have been directly injured by ransomware’s impact on the system.

The MedStar cases spawns many questions:

• Was any patient’s physical health care negatively affected by the ransomware attack?
• Given the risks to human health, why aren’t hospitals better prepared against ransomware?
• Have hospitals across the country treated ransomware as a potential HIPAA violation?
• Was MedStar targeted because of its proximity to Washington DC?
• Was Hollywood Presbyterian Medical Center targeted because its owner, CHA Medical Center, is South Korean?
• Were any patients being treated at MedStar also affected by the OPM data breach, or other health insurance data breaches?
• How much will ransomware affect U.S. healthcare costs this year and next?

Bet you can think of a couple more questions, too, maybe more than a couple after reading this:

Hospitals are considered critical infrastructure, but unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted.

Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. The agency said Monday it was aware of the MedStar incident.

Apple iPhone cases emerge
After the San Bernardino #AppleVsFBI case, more law enforcement investigations relying on iPhones are surfacing in the media.

• L.A. police crack open iPhone with fingerprints obtained under warrant (Forbes);
• FBI will assist county prosecutor in Arkansas with iPhone belonging to alleged teen killer (Los Angeles Times); the method may be the same hack used on the San Bernardino phone, which was supposed to be a one-off (Network World);
• ACLU found 63 other cases in which FBI used All Writs Act to obtain iPhone/Android smartphone data from Apple and Google (The Register).

Stupid stuff

• In spite of screwing up not once but twice by releasing its racist, obnoxious Tay AI chatbot, Microsoft tripled down on a future full of chatbots you can build yourself with their tools. (Ars Technica) — Ugh. The stupid…
• UK’s Ministry of Defense awarded funding to Massive Analytics for work on “Artificial precognition and decision-making support for persistent surveillance-based tactical support” (Gov.UK) — OMG Precog in warfare. Human-free drone attacks. What could go wrong?
• Rich white guys queue up outside Tesla dealerships for days waiting to pre-order the new Tesla 3 (Vancity Buzz) — Vancouver, Sydney, probably other places I’m too arsed to bother with, because rich white guys.

That’s quite enough. Back to pretending I’m lying under a cerulean sky, baking my tuchis, cold drink in hand.

Bob Litt Spins Sharing NSA-Collected Comms with DEA and FBI as Harmless

ODNI General Counsel Bob Litt has a pretty amusing post attempting to reassure us about the imminent change permitting the NSA to share intelligence it collects under EO 12333 more broadly. As part of it, he suggests that EO 12333 “imposes additional restrictions” (which amount to the procedures he is currently developing in secret) on the sharing of SIGINT.

Executive Order 12333 generally allows intelligence information to be shared within the Intelligence Community, in order to allow agencies to determine whether that information is relevant to their mission, but imposes additional restrictions on the sharing of signals intelligence, requiring that that be done only in accord with procedures established by the Director of National Intelligence in coordination with the Secretary of Defense, and approved by the Attorney General.

What Litt neglects to say is this was actually a change that the Bush Administration implemented in 2008, without fully consulting Congress. It likely wasn’t a change at all but instead a belated effort to change EO 12333 to reflect that the Executive really had secretly been doing since 2002 (the timing of the change is notable, given that it came . But it’s not something that even Saint Ronny thought necessary when he first implemented EO 12333.

Litt goes on to insist that we don’t need to worry our pretty little heads about this because the NSA will only [emphasis Litt’s] be sharing with elements of the intelligence community and only for foreign intelligence and CI purposes.

These procedures will thus not authorize any additional collection of anyone’s communications, but will only provide a framework for the sharing of lawfully collected signals intelligence information between elements of the Intelligence Community. Critically, they will authorize sharing only with elements of the Intelligence Community, and only for authorized foreign intelligence and counterintelligence purposes; they willnot authorize sharing for law enforcement purposes. They will require individual elements of the Intelligence Community to establish a justification for access to signals intelligence consistent with the foreign intelligence or counterintelligence mission of the element. And finally, they will require Intelligence Community elements, as a condition of receiving signals intelligence, to apply to signals intelligence information the kind of strong protections for privacy and civil liberties, and the kind of oversight, that the National Security Agency currently has.

As a threshold matter, both FBI and DEA are elements of the intelligence community. Counterterrorism is considered part of FBI’s foreign intelligence function, and cyber investigations can be considered counterintelligence and foreign intelligence (the latter if done by a foreigner). International narcotics investigations have been considered a foreign intelligence purpose since EO 12333 was written.

In other words, this sharing would fall squarely in the area where eliminating the wall between intelligence and law enforcement in 2001-2002 also happened to erode fourth amendment protections for alleged Muslim (but not white supremacist) terrorists, drug dealers, and hackers.

So make no mistake, this will degrade the constitutional protections of a lot of people, who happen to be disproportionately communities of color.

And without more details, you should be very skeptical of Litt’s assurances that the FBI and DEA and other receiving IC elements will have to, “apply to signals intelligence information the kind of strong protections for privacy and civil liberties, and the kind of oversight, that the National Security Agency currently has.” While both CIA and FBI had to adopt minimization procedures before receiving raw 702 data (the equivalent of what is being done here), those minimization procedures are actually more permissive than NSA’s. Significantly, both agencies are permitted to copy the metadata they receive in bulk, basically so they can dump that data into their own metadata databases. And, barring the publication of the newly more restrictive guidelines on FBI’s back door searches, we should assume EO 12333 back door searches, like FBI’s 702 back door searches at least until recently, aren’t even tracked closely, much less noticed to defendants.

I also suspect that Treasury will be a likely recipient of this data; as of February 10, Treasury still did not have written EO 12333 protections that were mandated 35 years ago (and DEA’s were still pending at that point).

All of which is to say Litt’s reassurances shouldn’t reassure you at all.

 

Wednesday Morning: Breaking Spring

In the Spring a livelier iris changes on the burnish’d dove;
In the Spring a young man’s fancy lightly turns to thoughts of love.

— excerpt, Locksley Hall by Alfred, Lord Tennyson

Welcome to spring break. And by break, I mean schedules are broken around here. Nothing like waiting up until the wee hours for a young man whose fancy not-so-lightly turned to love, because spring.

~yawn~

While the teenager lies abed yet, mom here will caffeinate and scratch out a post. It may be early afternoon by the time I get over this spring-induced sleep deprivation and hit the publish button.

Apple blossoms — iPhones and iPads, that is
Not much blooming on the #AppleVsFBI front, where Apple now seeks information about the FBI’s method for breaking into the San Bernardino shooter’s iPhone 5C. The chances are slim to none that the FBI will tell Apple anything. Hackday offers a snappy postmortem about this case with an appropriate amount of skepticism.

I wonder what Apple’s disclosure will look like about this entire situation in its next mandatory filing with the SEC? Will iPhone 5C users upgrade to ditch the undisclosed vulnerability?

What if any effect will the iPhone 5C case have on other criminal cases where iPhones are involved — like the drug case Brooklyn? Apple asked for a delay in that case, to assess its position after the iPhone 5C case. We’ll have to wait until April 11 for the next move in this unfolding crypto-chess match.

In the meantime, spring also means baseball, where new business blossoms for Apple. Major League Baseball has now signed with Apple for iPads in the dugout. Did the snafu with Microsoft’s Surface tablets during the NFL’s AFC championship game persuade the MLB to go with Apple?

Volkswagen coasting
It’s downhill all the way for VW, which missed last week its court-imposed 30-day deadline to offer a technical solution on its emissions standards cheating “clean diesel” passenger vehicles. If there was such a thing as “clean diesel,” VW would have met the deadline; as I said before, there’s no such thing as “clean diesel” technology. The judge allowed a 30-day extension to April 24, but my money is on another missed deadline. Too bad there’s not a diesel engine equivalent of Cellebrite, willing to offer a quick fix to VW or the court, huh?

Of note: former FBI director Robert Mueller has been named “special master” on this case by Judge Charles Breyer; Mueller has been meeting with all the parties involved. What the heck is a “special master”? We may not have a ready answer, but at least there’s a special website set up for this case, In re: Volkswagen “Clean Diesel” MDL.

The cherry on top of this merde sundae is the Federal Trade Commission’s lawsuit filed yesterday against VW for false advertising promoting its “clean diesel” passenger cars.

With no bottom yet in sight, some are wondering if VW will simply exit the U.S. market.

Automotive odd lot

• Jury says GM’s ignition switch was bad, but not at fault in a 2014 accident in New Orleans (Reuters) — Keep an eye on media representation of this case. Headline on this one focused on the switch, not the jury’s decision.
• Car-to-car communications will be road tested soon (MIT Technology Review) — This technology might have prevented Google’s self-driving car from getting crunched by a bus recently.
• Dude demonstrates his hack of Alexa + Raspberry Pi + OBDLink to remote start his car (Gizmodo) — What. even.

• Did Tennyson write anything about spring spawning naps? Because I feel like I need one. Hope we’re back in the groove soon. See you in the morning.

  

The Origins of Totalitarianism Part 7: Superfluous People

The last chapter of Hannah Arendt’s The Origins of Totalitarianism is devoted to discussion of the totalitarian regime, which comes when the totalitarian movement has taken power. Arendt says that totalitarian movements don’t offer a specific program for government. Instead, they propose to operate under a “scientific” program. For the Nazis, this was the law of nature with its eternal progress towards perfection, which Arendt thinks arises from a skewed form of Darwinism. For the Communists it was the laws of history as supposedly discovered by Marx. Once in power, the totalitarian regime becomes an instrument for the will of the leader, who in turn is an instrument for imposing and acting out those laws. It is here that Arendt takes up the issue of concentration camps. She says that they are instruments for studying ways to reduce individuals to oblivion, to being superfluous, which is the goal of totalitarianism.

Men insofar as they are more than animal reaction and fulfillment of functions are entirely superfluous to totalitarian regimes. Totalitarianism strives not toward despotic rule over men, but toward a system in which men are superfluous. Total power can be achieved and safeguarded only in a world of conditioned reflexes, of marionettes without the slightest trace of spontaneity. Precisely because man’s resources are so great, he can be fully dominated only when he becomes a specimen of the animal-species man.

…

The totalitarian attempt to make men superfluous reflects ihe experience of modern masses of their superfluity on an overcrowded earth. The world of the dying, in which men are taught they are superfluous through a way of life in which punishment is meted out without connection with crime, in which exploitation is practiced without profit, and where work is performed without product, is a place where senselessness is daily produced anew. Yet, within the framework of the totalitarian ideology, nothing could be more sensible and logical; if the inmates are vermin, it is logical that they should be killed by poison gas; if they are degenerate, they should not be allowed to contaminate the population; if they have “slave-like souls” (Himmler), no one should waste his time trying to re-educate them. … P. 457.

Why is it necessary that people become superfluous? The answer appears in the final chapter, Ideology and Terror: A Novel Form of Government. Ideologies are “… isms which to the satisfaction of their adherents can explain everything and every occurrence by deducing it from a single premise…”. P.468. They are the scientific programs offered by totalitarian movements as the organizing principles of societies. For Arendt, the Nazi ideology revolves around the idea of the laws of nature, of blood, while the Communist ideology revolves around the historical laws of Marxism. In both cases, human beings are in the way of the historical forces, and must be forcibly denied the ability to interfere with the primal force.

Terror is the realization of the law of movement; its chief aim is to make it possible for the force of nature or of history to race freely through mankind, unhindered by any spontaneous human action. As such, terror seeks to “stabilize” men in order to liberate the forces of nature or history. It is this movement which singles out the foes of mankind against whom terror is let loose, and no free action of either opposition or sympathy can be permitted to interfere with the elimination of the “objective enemy” of History or Nature, of the class or the race. Guilt and innocence become senseless notions; “guilty” is he who stands in the way of the natural or historical process which has passed judgment over “inferior races,”, over individuals “unfit to live,” over “dying classes and decadent peoples.” Terror executes these judgments, and before its court, all concerned are subjectively innocent: the murdered because they did nothing against the system, and the murderers because they do not really murder but execute a death sentence pronounced by some higher tribunal. The rulers themselves do not claim to be just or wise, but only to execute historical or natural laws; they do not apply laws, but execute a movement in accordance with its inherent law. Terror is lawfulness, if law is the law of the movement of some supra-human force, Nature or History. P. 465.

That idea, the idea of the unrestrained movement of supra-human forces, should sound familiar. That’s how Arendt described Imperialism, the early form of unrestrained capitalism. It also describes today’s world as seen by the architects of neoliberalism. They warn that everyone loses if The Market is subjected to even the slightest restraint, whether to movement of jobs and capital overseas or to prohibit dumping toxins into earth, air and water. They insist that foreign limitations on patents and copyrights are impossible restraints. They preach that the only legitimate goal of government is to enforce property rights to the utter maximum. For them, the restless movement of money in the hands of the rich and powerful operates in accordance with its own internal logic, logic which cannot be questioned by quasi-humans not gifted with the power to control vast sums of wealth. They tell us that The Market knows all and fixes everything as long as we mere humans do not interfere with its workings. Neoliberal capitalism is a form of supra-human force that Arendt warned us about.

Neoliberalism forms world view of movement conservatives. Here’s an article in the National Review on this issue by one Kevin Williamson. :

The truth about these dysfunctional, downscale communities is that they deserve to die. Economically, they are negative assets. Morally, they are indefensible. Forget all your cheap theatrical Bruce Springsteen crap. Forget your sanctimony about struggling Rust Belt factory towns and your conspiracy theories about the wily Orientals stealing our jobs. Forget your goddamned gypsum, and, if he has a problem with that, forget Ed[mund] Burke, too. The white American underclass is in thrall to a vicious, selfish culture whose main products are misery and used heroin needles. Donald Trump’s speeches make them feel good. So does OxyContin. What they need isn’t analgesics, literal or political. They need real opportunity, which means that they need real change, which means that they need U-Haul.

Williamson’s NRO colleague David French agrees:

My childhood was different from Kevin’s, but I grew up in Kentucky, live in a rural county in Tennessee, and have seen the challenges of the white working-class first-hand. Simply put, Americans are killing themselves and destroying their families at an alarming rate. No one is making them do it. The economy isn’t putting a bottle in their hand. Immigrants aren’t making them cheat on their wives or snort OxyContin. Obama isn’t walking them into the lawyer’s office to force them to file a bogus disability claim.

For generations, conservatives have rightly railed against deterministic progressive notions that put human choices at the mercy of race, class, history, or economics. Those factors can create additional challenges, but they do not relieve any human being of the moral obligation to do their best.

Williamson and French agree that the white working-class people are superfluous, and so are their communities and their way of life. Millions of them should just hire U-Hauls and move to the blessed land of plentiful jobs. They must all lose themselves and their way of life to the inexorable laws of movement, only this time, it’s the inexorable laws of neoliberalism, of rampant unrestrained capitalism. By those rules, individuals cannot act collectively, through unions or through active government. They are permitted to act collectively in their Churches, which emphasize their helplessness in this world except through the will of the Almighty, and therefore pose no real threat to the interests of the rich and powerful.

These white working-class people and their communities aren’t economically viable, and nothing can or should be done to make things different. They should surrender to the external and ungovernable force of hyper-capitalism. They are superfluous, and if they die in misery, leaving their families in poverty, it’s just the natural law of economic freedom working itself out in the passive voice, with the invisible hand of the rich and powerful hidden in a fog of words.

Index to prior posts in this series

With Upcoming David Medine Departure, Will PCLOB Slip Back into Meaninglessness?

The Chair of the Privacy and Civil Liberties Oversight Board, David Medine, has announced he will resign effective  July 1 to work with a development organization “advising on data privacy and consumer protection for lower-income financial consumers.”

The move comes not long after Congress has, in several ways, affirmatively weakened or unexpectedly stopped short of expanding PCLOB’s mandate, by ensuring it could not review any covert programs, and by eliminating a PCLOB oversight role under OmniCISA.

In Medine’s statement, he promised the board would continue to work on their examination of CT activities relating to EO 12333.

I look forward to continuing to work on PCLOB’s current projects until my departure. I am pleased to know that, even after my departure, the Board Members and our dedicated staff remain committed to carrying forward the Board’s critical work, including its ongoing examination of counterterrorism activities under Executive Order 12333.

The EO 12333 approach (and the two CIA programs to examine) was formally approved July 1, a year to the day before Medine’s departure. It was initially scheduled to be done by the end of last year. But in their most recent semi-annual report (released at the end of December), PCLOB noted they were just starting on their public report.

In July, the Board voted to approve two in-depth examinations of CIA activities conducted under E.O. 12333. Board staff has subsequently attended briefings and demonstrations, as well as obtained relevant documents, related to the examinations. The Board also received a series of briefings from the NSA on its E.O. 12333 activities. Board staff held follow-up sessions with NSA personnel on the topics covered and on the agency’s E.O. 12333 implementing procedures. Just after the conclusion of the Reporting Period, the Board voted to approve one in-depth examination of an NSA activity conducted under E.O. 12333. Board staff are currently engaging with NSA staff to gather additional information and documents in support of this examination. Board staff also began work developing the Board’s public report on E.O. 12333, described above.

So while Medine promises PCLOB will continue to work on the EO 12333 stuff, I do worry that it will stall after his departure. I’m concerned, as well, about the makeup of the board. Board member Jim Dempsey’s term officially ended on January 29, though President Obama nominated him for another term on March 17, which means he will serve out 2016 (I believe as a temporary appointment until the end of the congressional term, but am trying to confirm), and longer if and when the Senate confirms him. But Medine’s departure will leave 2 members (counting Dempsey) who have been firmly committed to conducting this review, Rachel Brand, who has been lukewarm but positive, and Elisabeth Collins Cook who was originally opposed. That is, unless Medine is replaced in timely fashion (and given that this is a multiple year appointment, Republicans would have incentive to stall to get a GOP Chair), the board may be split on its commitment to investigating these issues.

There are a few other things happening on the EO 12333 front. Most urgently, the Intelligence Community is as we speak implementing new procedures for the sharing of EO 12333 with law enforcement agencies. PCLOB was involved in a review of those procedures, and had successfully pressed for more controls on the FBI’s back door access to 702 data (which is one reason I find the timing of Medine’s departure of particular concern). Two years after PCLOB first outed Treasury as having no EO 12333 implementing guidelines, they still have none.

That is, particularly after Congress’ successful attempts at undercutting PCLOB’s power, Medine’s departure has me seriously worried about whether the Intelligence Committee is willing to undergo any scrutiny of its EO 12333 activities.

The StuxNet Team Reunion

On Thursday, DOJ had a big dog and pony show over the indictment of 7 Iranians in connection with cyberattacks on US banks and a small dam in suburban NY.

A grand jury in the Southern District of New York indicted seven Iranian individuals who were employed by two Iran-based computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD), that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps, on computer hacking charges related to their involvement in an extensive campaign of over 176 days of distributed denial of service (DDoS) attacks.

Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan, aka Nitr0jen26, 23; Omid Ghaffarinia, aka PLuS, 25; Sina Keissar, 25; and Nader Saedi, aka Turk Server, 26, launched DDoS attacks against 46 victims, primarily in the U.S financial sector, between late 2011 and mid-2013.  The attacks disabled victim bank websites, prevented customers from accessing their accounts online and collectively cost the victims tens of millions of dollars in remediation costs as they worked to neutralize and mitigate the attacks on their servers.  In addition, Firoozi is charged with obtaining unauthorized access into the Supervisory Control and Data Acquisition (SCADA) systems of the Bowman Dam, located in Rye, New York, in August and September of 2013.

I agree with Jack Goldsmith about this: It's pretty comical that the country that disrupted major installments in Iran is now indicting Iranians for DDOS attacks on instruments of power that the US used to attack Iran, the nation's banks. It invites a similarly theatrical indictment of Keith Alexander.

The U.S. indictment is not premised on an international law violation. It is based on violation of U.S. law for harm the Iranians caused inside the United States. The Iranians could invoke precisely the same principle: An Iran indictment for the U.S. cyberattacks would be based on a violation of Iranian domestic law for harm caused in Iran by U.S. officers. In short, the cyberattacks from each nation violated the criminal laws of the other nation.

The United States is likely less concerned with charges of hypocrisy than with deterring attacks on its financial infrastructure. Attorney General Lynch said yesterday that the indictment sends “a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market.” FBI Director James B. Comey added: “By calling out the individuals and nations who use cyber-attacks to threaten American enterprise, as we have done in this indictment, we will change behavior.”

But will the indictments change behavior? The Iranians will almost certainly never appear in the United States and thus never go to trial. John Carlin, the Justice Department’s top national security lawyer, argued late last year that indictments for cybercrimes can contribute to deterrence even if the defendants are never prosecuted because they expose the responsible actors and demonstrate more broadly that the United States has powerful tools to discover and identify those behind cyberattacks. “The world is small, and our memories are long,” Director Comey said yesterday, explaining the government’s deterrence logic. “People often like to travel for vacation or education, and we want them looking over their shoulder.”

It is hard to assess whether the deterrence effect of the indictments will be large enough to stop further attacks on financial infrastructure or so small that they invite more attacks. Moreover, any deterrence achieved by the indictments comes at the cost of exposing U.S. intelligence capabilities and inviting similarly theatric retaliatory indictments.

The timing of this particular theatrical indictment is all the more interesting given that -- as Josh Gerstein points out -- the actual indictment was handed up in January, just after the nuclear deal and prisoner swap with Iran was finalized.

The indictment, handed up by a grand jury in Manhattan on Jan. 21 and unsealed Thursday, charges seven Iranian nationals with launching a cyber assault that impaired the computer systems of major U.S. financial institutions in 2012. One of the defendants is also charged with attempting to take over the controls of a dam in Rye, N.Y.

On the weekend of Jan. 16, the U.S. and Iran implemented the intensely negotiated nuclear deal and carried out a prisoner swap. Under the pact, at least four Americans were released from Iranian prisons, including Washington Post reporter Jason Rezaian. President Barack Obama signed pardons or commutations for seven Iranian nationals who were the subject of U.S. criminal cases alleging export violations. Cases were dropped against 14 other Iranians U.S. officials said were unlikely ever to be brought to justice in American courts.

All the more so given this news: last week (apparently after Thursday), Admiral Mike Rogers had a "secret" meeting with Israel's Intelligence Corps Unit 8200, the unit CyberCom partnered with on the StuxNet attack.

The senior Israeli official noted that one of the subjects that Rogers discussed in Israel was cooperation in the field of cyber defense, particularly in the face of attacks from Iran and Hezbollah. A few days before Rogers’ arrival in Israel, the U.S. Justice Department filed indictments for the first time against a group of Iranian hackers on charges of carrying out cyber attacks on banks and essential infrastructure in the U.S. three years ago at the behest of the Iranian Revolutionary Guards. Israel has also faced cyber attacks from Iran and Hezbollah, which according to senior IDF officers were prominent during the fighting with Hamas and its allies in Gaza in the summer of 2014, but have risen in intensity in recent months.

It seems, then, unsealing the indictment is not so much about deterrence, as it is a show (though I'm unclear on the audience -- the international public? or the Israelis themselves?) as Israel and the US prepare to ratchet up the cyberwar against Iran.

Reminder: We shut down some functionality in an attempt to isolate the issues that crashed the site last Thursday. We're getting closer but still have comments shut down. Bear with us!

DOJ Claims the Cybersecurity Related OLC Memo Is Also A Stellar Wind Memo

I've written a bunch of times about an OLC memo Ron Wyden keeps pointing to, suggesting it should be declassified so we all can know what outrageous claims DOJ made about common commercial service agreements. Here's my most complete summary from Caroline Krass' confirmation process:

Ron Wyden raised a problematic OLC opinion he has mentioned in unclassified settings at least twice in the last year (he also wrote a letter to Eric Holder about it in summer 2012): once in a letter to John Brennan, where he described it as “an opinion that interprets common commercial service agreements [that] has direct relevance to ongoing congressional debates regarding cybersecurity legislation.” And then again in Questions for the Record in September.

Having been ignored by Eric Holder for at least a year and a half (probably closer to 3 years) on this front and apparently concerned about the memo as we continue to discuss legislation that pertains to cybersecurity, he used Krass’ confirmation hearing to get more details on why DOJ won’t withdraw the memo and what it would take to be withdrawn.

Wyden: The other matter I want to ask you about dealt with this matter of the OLC opinion, and we talked about this in the office as well. This is a particularly opinion in the Office of Legal Counsel I’ve been concerned about — I think the reasoning is inconsistent with the public’s understanding of the law and as I indicated I believe it needs to be withdrawn. As we talked about, you were familiar with it. And my first question — as I indicated I would ask — as a senior government attorney, would you rely on the legal reasoning contained in this opinion?

Krass: Senator, at your request I did review that opinion from 2003, and based on the age of the opinion and the fact that it addressed at the time what it described as an issue of first impression, as well as the evolving technology that that opinion was discussing, as well as the evolution of case law, I would not rely on that opinion if I were–

Wyden: I appreciate that, and again your candor is helpful, because we talked about this. So that’s encouraging. But I want to make sure nobody else ever relies on that particular opinion and I’m concerned that a different attorney could take a different view and argue that the opinion is still legally valid because it’s not been withdrawn. Now, we have tried to get Attorney General Holder to withdraw it, and I’m trying to figure out — he has not answered our letters — who at the Justice Department has the authority to withdraw the opinion. Do you currently have the authority to withdraw the opinion?

Krass: No I do not currently have that authority.

Wyden: Okay. Who does, at the Justice Department?

Krass: Well, for an OLC opinion to be withdrawn, on OLC’s own initiative or on the initiative of the Attorney General would be extremely unusual. That happens only in extraordinary circumstances. Normally what happens is if there is an opinion which has been given to a particular agency for example, if that agency would like OLC to reconsider the opinion or if another component of the executive branch who has been affected by the advice would like OLC to reconsider the opinion they will come to OLC and say, look, this is why we think you were wrong and why we believe the opinion should be corrected. And they will be doing that when they have a practical need for the opinion because of particular operational activities that they would like to conduct. I have been thinking about your question because I understand your serious concerns about this opinion, and one approach that seems possible to me is that you could ask for an assurance from the relevant elements of the Intelligence Community that they would not rely on the opinion. I can give you my assurance that if I were confirmed I would not rely on the opinion at the CIA.

Wyden: I appreciate that and you were very straightforward in saying that. What concerns me is unless the opinion is withdrawn, at some point somebody else might be tempted to reach the opposite conclusion. So, again, I appreciate the way you’ve handled a sensitive matter and I’m going to continue to prosecute the case for getting this opinion withdrawn.

The big piece of news here — from Krass, not Wyden — is that the opinion dates to 2003, which dates it to the transition period bridging Jay Bybee/John Yoo and Jack Goldsmith’s tenure at OLC, and also the period when the Bush Administration was running its illegal wiretap program under a series of dodgy OLC opinions. She also notes that it was a memo on first impression — something there was purportedly no law or prior opinion on — on new technology.

Back in November, ACLU sued to get that memo. The government recently moved for summary judgment based on the claim that a judge in DC rejected another ACLU effort to FOIA the document, which is a referral to ACLU's 2006 FOIA lawsuit for documents underlying what was then called the "Terrorist Surveillance Program" and which we now know as Stellar Wind. Here's the key passage of that argument.

The judgment in EPIC precludes the ACLU’s claim here. First, EPIC was an adjudication on the merits that involved the district court’s reviewing in camera the same document that is at issue in this litigation, and granting summary judgment to the government after finding that the government had properly asserted Exemptions One, Three, and Five – the same exemptions asserted here – to withhold the document. See Colborn Decl. ¶ 13; EPIC, 2014 WL 1279280, at *1. Second, the ACLU was a plaintiff in EPIC. Id. Finally, the claims asserted in this action were, or could have been, asserted in EPIC. The FOIA claim at issue in EPIC arose from a series of requests that effectively sought all OLC memoranda concerning surveillance by Executive Branch agencies directed at communications to or from U.S. citizens.2at See id. Even if the ACLU did not know that this specific memorandum was included among the documents reviewed in camera by the EPIC court, the ACLU had a full and fair opportunity to make any and all arguments in seeking disclosure of that document. Indeed, in EPIC, the government’s assertion of exemptions received the highest level of scrutiny available to a plaintiff in FOIA litigation—the district court issued its decision after reviewing the document in camera and determining that the government’s assertions of Exemptions One, Three, and Five were proper. Colborn Decl. ¶ 13. The ACLU’s claim in this lawsuit is therefore barred by claim preclusion.

2 One of the FOIA requests at issue in EPIC sought “[a]ll memoranda, legal opinions, directives or instructions from [DOJ departments] issued between September 11, 2001, and December 21, 2005, regarding the government’s legal authority for surveillance activity, wiretapping, eavesdropping, and other signals intelligence operations directed communications to or from U.S. citizens.” Elec. Privacy Information Ctr. v. Dep’t of Justice, 511 F. Supp. 2d 56, 63 (D.D.C. 2007).

Wyden just sent a letter to Loretta Lynch disputing some claim made in DOJ's memorandum of law.

I encourage you to direct DOJ officials to comply with the pending FOIA request.

Additionally, I am greatly concerned that the DOJ's March 7, 2016 memorandum of law contains a key assertion which is inaccurate. This assertion appears to be central to the DOJ's legal arguments, and I would urge you to take action to ensure that this error is corrected.

I am enclosing a classified attachment which discusses this inaccurate assertion in more detail.

Here are some thoughts about what the key inaccurate assertion might be:

ACLU never had a chance to argue for this document as a cybersecurity document

Even the section I've included here pulls a bit of a fast one. It points to EPIC's FOIA request (these requests got consolidated), which asked for OLC memos in generalized fashion, as proof that the plaintiffs in the earlier suit had had a chance to argue for this document.

But ACLU did not. Theyasked for "legal reviews of [TSP] and its legal rationale." In other words, back in 2006 and back in 2014, ACLU was focused on Stellar Wind, not on cybersecurity spying (which Wyden has strongly suggested this memo implicates). So they should be able to make a bid for this OLC memo as something affecting domestic spying for a cybersecurity purpose.

DOJ claimed only Wyden had commented publicly about the document, not Caroline Krass

DOJ makes a preemptive effort to discount the possibility that Ron Wyden's repeated efforts to draw attention to this document might constitute new facts for the ACLU to point to to claim they should get the document.

Nor is there any evidence the memorandum has been expressly adopted as agency policy or publicly disclosed. Colborn Decl. ¶¶ 23-24. Although the ACLU’s complaint points to statements about the document by Senator Wyden, he is not an Executive Branch official, and his statements cannot effect any adoption or waiver

[snip]

The ACLU may argue that statements made by Senator Ron Wyden regarding the document, including in letters to the Attorney General, constitute new facts or changed circumstances. See Compl. ¶ 2 (“In letters sent to then–Attorney General Eric Holder, Senator Wyden suggested that the executive branch has relied on the Opinion in the past and cautioned that the OLC’s secret interpretation could be relied on in the future as a basis for policy.”). But such statements do not constitute new facts or changed circumstances material to the ACLU’s FOIA claim because they do not evince any change of the Executive Branch’s position vis-à-vis the document or otherwise affect its status under FOIA. See Drake, 291 F.3d at 66; Am. Civil Liberties Union, 321 F. Supp. 2d at 34. As the Senator is not an Executive Branch official, his statements about the document do not reflect the policy or position of any Executive Branch agency. See Brennan Center v. DOJ, 697 F.3d 184, 195, 206 (2d Cir. 2012); Nat’l Council of La Raza v. DOJ, 411 F.3d 350, 356-59 (2d Cir. 2005); infra at 11-12. Senator Wyden’s statements are simply not relevant to whether the document has been properly withheld under Exemptions One, Three, and Five, and do not undermine the applicability of any of those exemptions. Additionally, the Senator has made similar statements regarding the document at issue in letters sent during at least the last four years. Compl. ¶ 2. Thus, the Senator’s statements regarding the document are not new facts since they were available to Plaintiffs well before the district court ruled in EPIC.

That's all well and good. But the entire discussion ignores that then Acting OLC head and current CIA General Counsel Caroline Krass commented more extensively on the memo than anyone ever has on December 17, 2013 (see my transcript above). This is a still-active memo, but the then acting OLC head said this about the memo in particular.

I have been thinking about your question because I understand your serious concerns about this opinion, and one approach that seems possible to me is that you could ask for an assurance from the relevant elements of the Intelligence Community that they would not rely on the opinion. I can give you my assurance that if I were confirmed I would not rely on the opinion at the CIA.

That seems to be new information from the Executive branch (albeit before the March 31, 2014, final judgment in that other suit).

I'd say this detail is the most likely possibility for DOJ's inaccuracy, except that Krass' comments are in the public domain, and have been been written about by other outlets. It wouldn't seem that Wyden would need to identify this detail in secret.

(I think it's possible some of the newly declassified language in Stellar Wind materials may be relevant to, but I will have to return to that.)

The document may be a different document

DOJ's memo and the Paul Colborn declaration describe this as a March 30, 2003 memo written by John Yoo.

The withheld document is a 19-page OLC legal advice memorandum to the General Counsel of an executive branch agency, drafted at the request of the General Counsel, dated March 30, 2003 and signed by OLC Deputy Assistant Attorney General John Yoo. The memorandum was written in response to confidential communications from an executive branch client soliciting legal advice from OLC attorneys. As with all such OLC legal advice memoranda, the document contains confidential client communications made for the purpose of seeking legal advice and predecisional legal advice from OLC attorneys transmitted to an executive branch client as part of government deliberative processes. In light of the fact that the document’s general subject matter is publicly known, the identity of the recipient agency is itself confidential client information protected by the attorney-client privilege.

But their claim that ACLU has already been denied this document under FOIA is based on the claim that this document is the same document as one identified in a Steven Bradbury declaration submitted in the Stellar Wind suit. Here's how he described the document.

DAG 42 is a 19-page memorandum, dated May 30, 2003, from a Deputy Assistant Attorney General in OLC to the General Counsel of another Executive Branch agency. This document is withheld under FOIA Exemptions One, Three, and Five.

This may be an error (if so, Bradbury is probably correct, as March 30, 2003 was a Sunday), but a document dated March 30, 2003 cannot be the same document as one dated May 30, 2003. If it's not a simple error in dates, it may suggest that the document the DC court reviewed was a later revision, perhaps one making less outrageous claims. Moreover, as I'll show in my post on newly learned Stellar Wind information, the change in date (as well as the confirmation that Yoo wrote the memo) make the circumstances surrounding this memo far more interesting.

The document may not have been properly classified

As noted, this is a March 2003 OLC memo written by John Yoo. That's important not just because Yoo was freelancing on certain memos at the time. But more importantly, because a memo he completed just 16 days earlier violated all guidelines on classification. Here's what former ISOO head Bill Leonard had to say about John Yoo's March 14, 2003 torture memo.

The March 14, 2003, memorandum on interrogation of enemy combatants was written by DoJ’s Office of Legal Counsel (OLC) to the General Counsel of the DoD. By virtue of the memorandum’s classification markings, the American people were initially denied access to it. Only after the document was declassified were my fellow citizens and I able to review it for the first time. Upon doing so, I was profoundly disappointed because this memorandum represents one of the worst abuses of the classification process that I had seen during my career, including the past five years when I had the authority to access more classified information than almost any other person in the Executive branch. The memorandum is purely a legal analysis – it is not operational in nature. Its author was quoted as describing it as “near boilerplate.”! To learn that such a document was classified had the same effect on me as waking up one morning and learning that after all these years, there is a “secret” Article to the Constitution that the American people do not even know about.

[snip]

In this instance, the OLC memo did not contain the identity of the official who designated this information as classified in the first instance, even though this is a fundamental requirement of the President’s classification system. In addition, the memo contained neither declassification instructions nor a concise reason for classification, likewise basic requirements. Equally disturbing, the official who designated this memo as classified did not fulfill the clear requirement to indicate which portions are classified and which portions are unclassified, leading the reader to question whether this official truly believes a discussion of patently unclassified issues such as the President’s Commander-in-Chief authorities or a discussion of the applicability to enemy combatants of the Fifth or Eighth Amendment would cause identifiable harm to our national security. Furthermore, it is exceedingly irregular that this memorandum was declassified by DoD even though it was written, and presumably classified, by DoJ.

Given that Yoo broke all the rules of classification on March 14, it seems appropriate to question whether he broke all rules of classification on March 30, 16 days later, especially given some squirrelly language in the current declarations about the memo.

Here's what Colborn has to say about the classification of this memo (which I find to be curious language), after having made a far more extensive withholding argument on a deliberative process basis.

OLC does not have original classification authority, but when it receives or makes use of classified information provided to it by its clients, OLC is required to mark and treat that information as derivatively classified to the same extent as its clients have identified such information as classified. Accordingly, all classified information in OLC’s possession or incorporated into its products has been classified by another agency or component with original classifying authority.

The document at issue in this case is marked as classified because it contains information OLC received from another agency that was marked as classified. OLC has also been informed by the relevant agency that information contained in the document is protected from disclosure under FOIA by statute.

As far as the memo of law, it relegates the discussion of the classified nature of this memo to a classified declaration by someone whose identity remains secret.

As explained in the classified declaration submitted for the Court’s ex parte, in camera review,1 this information is also classified and protected from disclosure by statute.

Remember, this memo is about some secret interpretation of common commercial service agreements. Wyden believes it should be "declassified and released to the public, so that anyone who is a party to one of these agreements can consider whether their agreement should be revised or modified."

If this is something that affects average citizens relationships with service providers, it seems remarkable that it can, at the same time, be that secret (and remain in force). While Wyden certainly seems to treat the memo as classified, I'd really love to see whether it was, indeed, properly classified, or whether Yoo was just making stuff up again during a period when he is known to have secretly made stuff up.

In any case, given DOJ's continued efforts to either withdraw or disclose this memo, I'd safe it's safe to assume they're still using it.

FBI Claimed It Consulted a Manual Rather Than Cellebrite Directly

Yesterday, I suggested that the initial docket pertaining to efforts to search Syed Rizwan Farook's Lexus and the work phone found in it is consistent with FBI first asking Cellebrite (or some other outside party) to break into the phone before asking the court to use an All Writs Act to compel Apple to help.

In an article today in the wake of possibly incorrect reports the outside entity now helping FBI is Cellebrite, the NYT claims that FBI did try them.

The F.B.I. has tried many ways to get into the iPhone used by Mr. Farook, such as exploiting a previous bug that allowed unsigned code to be loaded and run on the device, Stacey Perino, an electronics engineer with the F.B.I. has said in a court filing in the case.

The F.B.I. also tried tools made by the agency and a mobile forensics company, Cellebrite, which let older iPhones load and run code that could crack a device passcode, Ms. Perino wrote. Cellebrite describes itself on its website as a subsidiary of Sun Corporation, a publicly traded Japanese company; it has done work for a number of government agencies.

Yet none of those tools worked, Ms. Perino wrote in the court document that was filed March 10.

I think this misreads Perino's declaration, which in the section in question basically repeats what she found in the standard law enforcement tool UFED manual.

Those previous tools that are available cannot be used on the Subject Device because they are not signed by Apple, and the current chain of trust on the Subject Device requires Apple to have signed any software that will be allowed to run

[snip]

From this open source research, several forensic tools were developed that combined (1) the boot ROM code signing defeat, and (2) brute-force passcode guessing. Examples include the Cellebrite UFED tool and an FBI-developed tool. Both the Cellebrite13 and FBI tools utilize the boot ROM exploit, allowing iPhone 3GS and iPhone 4 devices to load and boot an unsigned RAMdisk containing code to brute force the device passcode. The passcode recovery process operated from RAM, and did not alter the system or user data area

[snip]

Apple addressed the bug, and subsequently a jailbreak (i.e., allowing code unsigned by Apple) could only occur on an iPhone after it had been booted and unlocked.
13Cellebrite is a private company that makes forensic data recovery tools for mobile devices. While I have not examined the source code for the UFED tool, based on the Cellebrite Physical Extraction Manual for iPhone and iPad (Rev 1.3) and the fact that the Cellebrite tool no longer supports iPhone 4S and later devices, I believe the UFED tool relied on the same ROM exploit. The manual states: “The extraction application does not load iOS but instead loads a special forensic utility to the device. This utility is loaded to the device’s memory (RAM) and runs directly from there.” The utility is loaded from recovery mode.

It does not reveal that DOJ agencies continue to request Cellebrite's help on more sophisticated phones, nor that Cellebrite advertises the ability to crack iOS 8 phones (which is still an earlier operating system than Farook's phone runs).

Perino's passage is one that Apple's Erik Neuenschwander discussed, dismissively, at length.

21. Paragraphs 25 through 28 of the Perino Declaration describe supposedly already existing software that Mr. Perino suggests Apple use as a starting point to create GovtOS. For example, Mr. Perino points to a security exploit that supposedly allowed an iPhone to load a minimal operating system in RAM that had not been signed by Apple, which is what the government is requesting here. Similarly, Mr. Perino points to a hacking tool the FBI created that supposedly allowed it to brute force the device passcode on older iPhones.

22. These descriptions show that the FBI, along with its partners, currently have, and have had in the past, the capability to develop the types of code that Apple is being asked to create.

23. Mr. Perino is incorrect, however, in his suggestion that Apple can use these third-party items, add Apple’s signature, and load the finished product on to the subject device to accomplish the result that the government seeks with less effort than what I described in my initial declaration.

24. Using the allegedly already existing software code that Mr. Perino identifies would not be an appropriate way to accomplish what the government wants. Setting aside the legal question of whether Apple can incorporate a software tool created by some other party (such as the Cellebrite UFED tool Mr. Perino identifies) for this purpose, Apple would not save time and effort by incorporating unfamiliar third-party code that has never been used and deployed by Apple before, and it would introduce a host of new issues and potential risks that would need to be addressed. [my emphasis]

Of particular note, Neuenschwander noted that "FBI, along with its partners, currently have...the capability to develop the types of code that Apple is being asked to create." Cellebrite was the only partner listed by name.

Neuenschwander went on to note that the jailbreaking Perino described is precisely why Apple works so hard to improve its security.

The NYT wants to claim FBI researched all possibilities before repeatedly claiming, more than 19 times (I did not include Perino's declaration in my count), that only the FBI or Apple could open this phone.

But Perino's declaration understates what Cellebrite itself claims to be able to do -- and that DOJ asks Cellebrite to do.

That still doesn't mean Cellebrite is the entity now helping FBI crack the phone. It does mean FBI and DOJ engaged in affirmatively misleading briefing on whether Cellebrite might be able to do so.

On the Coming Showdown over Promiscuous Sharing of EO 12333 Data

A number of outlets are reporting that Ted Lieu and Blake Farenthold have written a letter to NSA Director Mike Rogers urging him not to implement the new data sharing effort reported by Charlie Savage back in February. While I'm happy they wrote the letter, they use a dubious strategy in it: they suggest their authority to intervene comes from Congress having "granted" NSA authority to conduct warrantless collection of data.

Congress granted the NSA extraordinary authority to conduct warrantless collection of communications and other data.2

2 See Foreign Intelligence Surveillance Act and the Patriot Act.

As an initial matter, they've sent this letter to a guy who's not in the chain of approval for the change. Defense Secretary Ash Carter and Attorney General Loretta Lynch will have to sign off on the procedures developed by Director of National Intelligence James Clapper; they might consult with Rogers (if he isn't the one driving the change), but he's out of the loop in terms of implementing the decision.

Furthermore, the Congressionally granted authority to conduct warrantless surveillance under FISA has nothing to do with the authority under which NSA collects this data, EO 12333. In his story, Savage makes clear that the change relies on the [what he called "little-noticed," which is how he often describes stuff reported here years earlier] changes Bush implemented in the wake of passage of FISA Amendments Act. As I noted in 2014,

Perhaps the most striking of those is that, even while the White House claimed “there were very, very few changes to Part 2 of the order” — the part that provides protections for US persons and imposes prohibitions on activities like assassinations — the EO actually replaced what had been a prohibition on the dissemination of SIGINT pertaining to US persons with permission to disseminate it with Attorney General approval.

The last paragraph of 2.3 — which describes what data on US persons may be collected — reads in the original,

In addition, agencies within the Intelligence Community may disseminate information, other than information derived from signals intelligence, to each appropriate agency within the Intelligence Community for purposes of allowing the recipient agency to determine whether the information is relevant to its responsibilities and can be retained by it.

The 2008 version requires AG and DNI approval for such dissemination, but it affirmatively permits it.

In addition, elements of the Intelligence Community may disseminate information to each appropriate element within the Intelligence Community for purposes of allowing the recipient element to determine whether the information is relevant to its responsibilities and can be retained by it, except that information derived from signals intelligence may only be disseminated or made available to Intelligence Community elements in accordance with procedures established by the Director in coordination with the Secretary of Defense and approved by the Attorney General.

Given that the DNI and AG certified the minimization procedures used with FAA, their approval for any dissemination under that program would be built in here; they have already approved it! The same is true of the SPCMA — the EO 12333 US person metadata analysis that had been approved by both Attorney General Mukasey and Defense Secretary Robert Gates earlier that year. Also included in FISA-specific dissemination, the FBI had either just been granted, or would be in the following months, permission — in minimization procedures approved by both the DNI and AG — to conduct back door searches on incidentally collected US person data.

In other words, at precisely the time when at least 3 different programs expanded the DNI and AG approved SIGINT collection and analysis of US person data, EO 12333 newly permitted the dissemination of that information.

What Bush did just as he finished moving most of Stellar Wind over to FISA authorities, was to make it permissible to share EO 12333 data with other intelligence agencies under the same kind of DNI/AG/DOD approval process already in place for surveillance. They've already been using this change (though as I note, in some ways the new version of EO 12333 made FAA sharing even more permissive than EO 12333 sharing). And Savage's article describes that they've intended to roll out this further expansion since Obama's first term.

Obama administration has been quietly developing a framework for how to carry it out since taking office in 2009.

[snip]

Intelligence officials began working in 2009 on how the technical system and rules would work, Mr. Litt said, eventually consulting the Defense and Justice Departments. This month, the administration briefed the Privacy and Civil Liberties Oversight Board, an independent five-member watchdog panel, seeking input. Before they go into effect, they must be approved by James R. Clapper, the intelligence director; Loretta E. Lynch, the attorney general; and Ashton B. Carter, the defense secretary.

“We would like it to be completed sooner rather than later,” Mr. Litt said. “Our expectation is months rather than weeks or years.”

All of which is to say that if Lieu and Farenthold want to stop this, they're going to have to buckle down and prepare for a fight over separation of powers, because Congress has had limited success (the most notable successes being imposition of FAA 703-705 and Section 309 of last year's intelligence authorization) in imposing limits on EO 12333 collection. Indeed, Section 309 is the weak protection Dianne Feinstein and Mark Udall were able to get for activities they thought should be covered under FAA.

Two more points. First, I suspect such expanded sharing is already going on between NSA and DEA. I've heard RUMINT that DEA has actually been getting far more data since shutting down their own dragnets in 2013. The sharing of "international" narcotics trade data has been baked into EO 12333 from the very start. So it would be unsurprising to have DEA replicate its dragnet using SPCMA. There's no sign, yet, that DEA has been included under FAA certifications (and there's not, as far as we know, an FAA narcotics certificate). But EO 12333 sharing with DEA would be easier to implement on the sly than FAA sharing. And once you've shared with DEA, you might as well share with everyone else.

Finally, this imminent change is why I was so insistent that SPCMA should have been in the Brennan Center's report on privacy implications of EO 12333 collection. What the government was doing, explicitly, in 2007 when they rolled that out was making the US person participants in internationally collected data visible. We've seen inklings of how NSA coaches analysts to target foreigners to get at that US person content. The implications of basing targeting off of SPCMA enabled analysis under PRISM (which we know they do because DOJ turned over the SPCMA document, but not the backup, to FISC during the Yahoo challenge), currently, are that US person data can get selected because US persons are involved and then handed over to FBI with no limits on its access. Doing so under EO 12333 will only expand the amount of data available -- and because of the structure of the Internet, a great deal of it is available.

Probably, the best way to combat this change is to vastly expand the language of FAA 703-705 to over US person data collected incidentally overseas during next year's FAA reauthorization. But it will take language like that, because simply pointing to FISA will not change the Executive's ability to change EO 12333 -- even secretly! -- at will.

Thursday Morning: Two Too Good

I would post this video every week if I could get away with it. It's a favorite in my household where three of us play string instruments. I've blown out speakers cranking these guys up as far as I can (shhh...don't tell the dude in charge of speaker maintenance here).

You'll note this post is pushed down the page as Marcy's last two posts about #AppleVsFBI (here and here) have been picked up by several news outlets. Let's let new readers have the rail for a bit.

NC and GA state legislatures wreaking bigoted havoc
Regressive bills allowing open practice of anti-LGBT bigotry have been working their way through states' legislatures in the wake of Burwell v. Hobby Lobby Stores, Inc. Indiana and Arizona are two examples where bills using a template based on the federal Religious Freedom Restoration Act (RFRA) have been passed. Arizona's governor Jan Brewer made an unusually rational move and vetoed the bill. Indiana did not, and many organizations protested until an amendment was passed modifying SB 101's worst component.

Georgia's legislature passed their own spin on RFRA, The Free Exercise Protection Act; the bill is now in the hands of Gov. Nathan Deal, who has until the first week of May to sign it into law. The state has an emerging film and TV production industry, home to popular shows like AMC's The Walking Dead. Disney and its subsidiary Marvel yesterday announced they would yank production out of Georgia if Gov. Deal signed the bill. AMC followed suit and announced it too would pull out of Georgia. Other corporations with business interests in GA, like The Dow Chemical Company, are also unhappy. How many more companies will it take before Deal wises up and vetoes the bill or demands amendment?

Sadly, North Carolina's GOP-led legislature rushed through a bill yesterday with a slightly different spin -- like a proof-of-concept for the rest of the states where RFRA bills have been unable to gain traction while avoiding the potential for boycotting leveraged against the governor. Anti-transgender fear-mongering was used to force HB2-Public Facilities Privacy & Security Act through while avoiding "religious freedom" as a promotional feature. It was signed into law yesterday by NC's jackass governor, Pat McCrory, who tweeted,

Ordinance defied common sense, allowing men to use women's bathroom/locker room for instance. That's why I signed bipartisan bill to stop it.

I signed bipartisan legislation to stop the breach of basic privacy and etiquette, ensure privacy in bathrooms and locker rooms.

Except that HB2 not only overturns local ordinances protecting LGBT persons, it prevents transpersons from using the facilities appropriate to their transgender, and it allows businesses to post notices they will not serve groups. Welcome back, Jim Fucking Crow.

The bill was not truly bipartisan, either. Although 14 idiotic state house Democrats voted for the bill, the entire Democratic state senate caucus walked out in protest rather than vote on the bill at all. Methinks NC Dem Party discipline needs a little work, and state house members need a little less bigotry.

Speaking of which, DNC was typically ineffectual, offering a bunch of jargon instead of straight talk about NC's discrimination. Are there any groups at all the DNC under its current leadership will really extend any effort except for corporations?

The speed at which the bill passed through NC's legislature during an "emergency" session -- because making sure the body parts align with the identity on the bathroom door is an emergency! -- may have prevented the state's largest employers from responding appropriately. Let's see if NC's largest employers, including University of North Carolina, Time Warner Cable, Duke Energy, Bank of America, Wells Fargo, Merrill Lynch, and the many sci-tech companies of Research Triangle, will wise up and demand an end to the ignorance and bigotry of Public Facilities Privacy & Security Act.

Finished digging out here after a late season snow storm, now serving up a hot dish brunch casserole made with a mess of oddments.

• Diebold buys German competitor Wincor Nixdorf (Bloomberg) -- wonder how this industry shakes out as mobile payment systems become more popular and more widely accepted.
• Speaking of mobile payment systems: Apple Pay expected to expand to apps and websites before Christmas shopping season (FastCompany) -- expected to take a bite out of PayPal's market share, but if transactions are conducted online, this could eat into other payment processing systems. Need the importance of encryption be pointed out yet again, too?
• Apple's new, smaller iPhone SE available for pre-orders today (BusinessInsider) -- also iPad Pro. Already hearing strong interest from a lot of women about the smaller phone; they've been unhappy with the increasing size of iPhones.
• Nielsen TV ratings data will begin tracking streaming equipment brands (FastCompany) -- their data will be based on 40,000 households, though. Apparently sales of streaming equipment like Apple TV, Chromecast, Roku aren't granular enough for firms acquiring content consumption data. Wonder how long before Nielsen itself is replaced by network sniffing?
• Related? Funny how Iran is the focus of the first, but not mentioned in the second:
  • USDOJ charging Iranian hackers for alleged cyber attacks on banks and Wall street (Bloomberg); and
  • U.S. military wants additional cybersecurity for nuclear and other WMDs (Bloomberg)
• AI-written novel survives first round in Japanese literature contest (DigitalTrends) -- and you thought it was just the news that was generated by robots.

That's a wrap, catch you tomorrow morning!

Did FBI Ask Cellebrite to Open Farook’s Phone before Getting an AWA Order?

In this post, I note that DOJ obtained a warrant to search (among other things) an iPhone 6 using Cellebrite's assistance on the same day as it obtained an All Writs Act order to Apple to help crack Syed Rizwan Farook's iPhone 5C. That other warrant demonstrates not only that DOJ was at least willing to try opening a late model iPhone with Cellebrite's help during the same period it was claiming it could only do so with Apple's help, but it also shows us what it would look like if DOJ tried to enlist Cellebrite's help.

I'd like to look at the underlying "warrant" such as it exists for this phone. There are two dockets in this case. 5:15-mj-00451, the docket under which DOJ got a search warrant for Farook's (actually, his mother's) Lexus. And 5:16-cm-00010, where the fight with Apple lives. The order for an All Writs Act actually lives in the earlier docket, with the first numerical docket item in the newer one is the government's motion to compel.

Technically, we have never seen any free-standing warrant for Farook's phone. Rather, what got attached to the AWA order application was actually the warrant for the Lexus. That warrant includes a bunch of boilerplate language about any devices found in the car, which basically permit authorities to search a device to find out if it contains any items covered by the search warrant, but requiring further legal order to keep that information.  

Obviously, FBI hasn't gotten to the point where they've found the phone includes evidence relating to the crime, because they haven't yet been able to search the phone, so they haven't gotten the point where they'd need this "further court order." Moreover, the phone doesn't belong to Farook, it belongs to San Bernardino County, and they've consented to any search (but you can't get an AWA unless you have a search warrant).

But it appears DOJ covered their asses, given the following entries in the original docket.



As I understand it, this warrant docket was terminated on December 21. But then on January 26, it got active again, with the government sealing a document, then unsealing the parts of the search warrant. Then, on January 29, the government applied for and got and then sealed an extension of time on the original warrant, but noting they just needed an extension for devices related to it (that is, for Farook's phone). Then on February 2, they submitted and got sealed another document. Finally, they got parts of the original warrant that had been unsealed in part days earlier unsealed (again?) so they could get the AWA, which they did.

I'm interested in all this for several reasons. First, if they closed this docket in December, after they had already obtained the content of Farook's iMessage account, does that indicate they had determined the phone had no evidence relating to the crime? That's consistent with what everyone believes. But it would also seriously undermine their claims that they do need the information (especially since the claims they made in their AWA application are inconsistent with that they've claimed in later documents).

I also suspect that FBI asked Cellebrite to open this phone. If I'm reading the docket correctly, the parts of the search warrant pertaining to the phone have been unsealed twice, the latter time for the AWA. I suspect the earlier activity in the docket pertained to a Cellebrite request, in which case the February 2 docket document might resemble the method of search language, naming Cellebrite, found in the February 16 warrant for the iPhone 6 in the other case.

The thing is, Judge Pym may know that, if that's the case, because she's the one who signed off on the January 26 and 29 activity. Which is interesting given that, in the phone hearing on whether to vacate the hearing yesterday, she suggested FBI might need to brief on what this effort was.

I'm not -- to some extent I'm not sure how much difference it makes whether the order is vacated at this point or not, because if it turns out, after exploring this possibility, that the FBI believes it won't work, you know, I would be inclined to go forward without really -- and there might need to be some additional briefing, supplemental submissions, with respect to this effort, but I think the matter's been fully briefed.

She may be less willing to decide for FBI if she knows that Cellebrite is actively working on a solution that would solve FBI's needs, which she may already know.

In any case, given the import of this case, citizens really deserve to know what the government was asking for at the end of January, particularly if their first effort to get into the phone involved a request to Cellebrite that has now been answered.

On February 16, DOJ Got a Warrant to Open an iPhone 6 Using Cellebrite

As a number of outlets are reporting, the Israeli security firm Cellebrite is the source the FBI is using to attempt to break into Syed Rizwan Farook's phone.

Israel's Cellebrite, a provider of mobile forensic software, is helping the U.S. Federal Bureau of Investigation's attempt to unlock an iPhone used by one of the San Bernardino, California shooters, theYedioth Ahronoth newspaper reported on Wednesday.

If Cellebrite succeeds, then the FBI will no longer need the help of Apple Inc, the Israeli daily said, citing unnamed industry sources.

Cellebrite officials declined to comment on the matter.

According to the narrative the government is currently telling, it means 33 days after DOJ obtained an All Writs Act on February 16 ordering Apple to help unlock Farook's phone, and 108 days after FBI first seized the phone on December 3 -- during which entire period the FBI now claims they were diligently researching how to crack the phone -- on March 20, Cellebrite contacted the FBI out of the blue and told them they can help.

That's interesting, especially given this search warrant, approved (as coinkydink would have it) on February 16, the very same day DOJ got its AWA in California.

Among the phones DEA obtained a warrant to search was an iPhone 6, a later model than Farook's phone with default encryption (though running unknown iOS). Here's what DEA Task Force Officer Shane Lettau had to say about how he (might) access the contents of this iPhone 6.



To be sure, these phones aren't the same, nor is the agency. Farook's is a 5C running iOS 9, this is a 6, and we don't know what iOS it is running. But if Cellebrite can break into a 6 they presumably can break into a 5C. FBI is seeking access in CA, whereas this MD phone is in DEA's possession.

The point is, however, that it is inconceivable to claim, as DOJ did 19 times, that the only way they could get into Farook's phone was with Apple's help when DOJ was at the same time participating in DEA's discussions with Cellebrite about whether they could crack a later model phone. It may be that Cellebrite only perfected their technique with iOS 8 and later model phones in recent weeks, or that they could not crack an iOS 9 in December or February but have since perfected that, but DOJ still shouldn't have been submitting sworn declarations pretending that Cellebrite was not a possible option.

Update: I originally said Farook's phone was a 5S. I've corrected the post to say it is a 5C, h/t JC.

Update: FBI signed a contract with Cellebrite on the same day it announced it had found a solution, though I think it's for license renewals for 7 machines in Cook County.

Wednesday Morning: Wicked Weary World

Let's have a brunch-time salute to Belgium, which produced this fine young artist Loic Nottet. Too bad there's not much well-produced content in YouTube yet by this youngster. He has incredible upper range reach with great potential because of the power behind his voice. Hope to hear more by him soon; he's a sweet antidote to bitter wickedness.

All in the family
Hope you've read Marcy's piece already this morning on the relevance of nuclear family units to terrorism. In addition to suicide bombers El Bakraoui brothers Marcy mentioned, it's worth examining the other links between the November 13 attacks in Paris and the attacks in Belgium yesterday. Note the familial relationships and their first-degree network:

Brahim Abdelslam -- older brother of Salah, blew himself up in Paris during the November 15 attacks. (Dead) Salah Abdelslam -- captured last Friday March 18, has admitted he 'had planned to target Brussels.' His location was flagged by an unusual number of pizzas delivered to an apartment where power and water had been shut off. (In custody)

Abaid Aberkan -- characterized as a relation of the Abdelslams, carried Brahim's casket at the funeral last week. (NOT a terror suspect Edit: Le Monde indicates Aberkan was arrested during Friday's raid, but name spelled 'Abid.') (In custody) Aberkan's mother -- renter/owner of Molenbeek apartment in which Salah was hiding when captured last week. (NOT a terror suspect)

Mohamed Belkaid -- killed in a raid last Tuesday at an apartment in Forest district; Salah fled the apartment. (Dead)

Mohamed Abrini -- A childhood friend and neighbor of Salah, his younger brother Suleymane died fighting in an Islamist militia under the direction of Abdelhamid Abaaoud. Abaaoud, the leader of the Paris attacks, died on November 18 during a police raid. Abrini had traveled with both of the Abdelslam brothers the week before the attacks in Paris. He is now on the run and sought in relation to yesterday's attack. (Suspect)

Najim Laachraoui -- traveled with Salah and Belkaid last September, under the name Soufiane Kayal. His DNA was found in three different locations: on explosives in Paris, and at two other hide-outs used by attackers. He is now sought in relation to yesterday's attack. (Suspect)

Though we'll hear arguments for increased internet surveillance, it's easy to see that traditional police work could identify a terrorist network of family and friends in the same way members of an organized crime syndicate centered around a family are revealed. (Sources for the above: The Guardian and The Australian)

Other stuff going on...

• 'Flash Crash' trader to be extradited to the U.S., rule British judges (France24)
• Sextortionist Michael Ford, who ran a criminal enterprise from his work computer while employed at U.S. embassy, sentenced to four years and nine months in prison (Ars Technica) -- BoingBoing notes the hypocrisy of a government demanding backdoors while failing to note such a massive misuse of its own network.
• Another hospital held hostage by ransomware, this time in Kentucky (Krebs on Security) -- STOP OPENING LINKS IN EMAIL at work, for starters. Isolating email systems from all other networked operations would be better.
• 24 car models by 19 automakers vulnerable to keyless entry hack (WIRED--mind the ad-block hate) -- Mostly foreign models affected due to the radio frequency used.

Better luck tomorrow, gang. See you in the morning.

How to Protect against Terrorism: Eliminate the Valuable Terrorist Technology, the Nuclear Family

In addition to catching the third Brussels airport bomber, Najim Laachraoui, a known Salah Abdelslam associate, authorities in Europe have also revealed that the other two airport bombers were brothers, Khalid and Ibrahim El Bakraoui.

Police sources earlier told NBC News that Khalid El Bakraoui, 27, and 30-year-old sibling Ibrahim blew themselves up. Both had been convicted of violent crimes in the past and had links to one of the Paris attackers.

The El Bakraouis join an increasingly long list of recent terrorists who partner within their nuclear family (the Boston Marathon attack, Charlie Hebdo attack, and Paris attack were all carried out by brothers, and the San Bernardino attack was carried out by spouses). As New America noted in November (that is before several more family launched attacks), 30% of the fighters they've identified had family ties to jihad.

One-third of Western fighters have a familial connection to jihad, whether through relatives currently fighting in Syria or Iraq, marriage, or some other link to jihadists from prior conflicts or attacks. Of those with a familial link, almost two-thirds have a relative fighting in this conflict and almost one-third are connected through marriage, many of them new marriages conducted after arriving in Syria.

There has been less attention (though there has been some) about the operational advantages organizing attacks among family members offers. Not only would there be far more face-to-face conversations in any case (which you'd need a physical bug to collect), but even electronic communications metadata might not attract any attention, except insofar as helping to geolocate the parties. It'd be hard to distinguish, from metadata, between brothers or spouses discussing taking care of their kids from the same family members plotting to blow something up.

Family ties then, along with a reportedly difficult Moroccan dialect, may function to provide as much security as any (limited, given the reports) use of encryption. And all that's on top of the cell's extensive use of burner phones.

Using Jim Comey, um, logic, we might consider eliminating this threat by eliminating the nuclear family. Sure, the overwhelming majority of people who use it are law-abiding people obtaining valuable benefit from nuclear family. Sure, for the most vulnerable, family ties provide the most valuable kind of support to keep someone healthy. But bad guys exploit it too, and we can't have that.

I mean, perhaps there should be an honest public discussion about the proportional value the nuclear family gives to terrorists and to others. But why would we have that discussion for the nuclear family and not for encryption?

Update: as soon as I posted this I saw notice that Belgian press (and with them NBC, apparently) got the identity of the third hijacker wrong, so I've crossed out and/or taken out those references.

The Problem of the Liberal Elites Part 4 Conclusion

Most economists supported NAFTA, and then spent years justifying their support with models and econometric studies they claimed showed that it had little effect. They continued to support trade treaties when China entered the World Trade Organization. They supported the KORUS deal and most supported TPP. Meanwhile, manufacturing job losses increased from the allegedly minor losses of NAFTA to astonishingly high levels. Link. Link. The linked studies don’t count ancillary job losses, including the jobs that never came here because US corporate executives took US generated capital and know-how overseas to build new plants, many with advanced manufacturing capability. The damage done by these trade deals to people and communities is obvious now, especially after Bernie Sanders won the Michigan primary, and an increasing number of economists are talking about it in public.

There is a strong parallel here with the crucial role played by economists in deregulation of the financial sector. This too had widespread support from economists across ideological spectrum.

How did these experts get it so wrong, and wreak such damage on so many people? I think it’s because they have so much confidence in their models, and use their authority as experts to push through policies based on those models. And if I’m right, this is a genuine problem for liberal experts.

We can see the confidence in models in Krugman’s work. In this blog post, Krugman takes up the question of why economists were so late to the study of inequality. He says he agrees with this Bloomberg View column by Justin Fox (which gives a nice history of the issue), but says that Fox missed a critical part of that failure: inequality is “a hard issue to model”.

The other [issue one might model] involves the personal distribution of income and wealth. Why are investment bankers paid so much? Why did the gap between CEOs and the average worker widen so much after 1980?

And here’s the thing: we really don’t know how to model personal income distribution — at best we have some semi-plausible ad hoc stories. Part of why Piketty made such a big splash was that he offered a sketch of a model of wealth inequality that tied it into broader macro numbers — r > g and all that — which gave all of us something systematic to talk about. But he himself concedes that the big rise in inequality so far has come from a surge in the right tail of earnings, which may have had something to do with norms, but in any case isn’t well explained by any model we have right now. Emphasis in original.

Krugman claims to rely on his models. He’s written a number of blog posts explaining his views and defending the process against those who argue that models are worthless if they don’t predict disasters and other bitter criticisms. Here’s an example from earlier this year.

And that really gets at my point, which is not that existing models are always the right guide for policy, but that policy preferences should be disciplined by models. If you don’t believe the implications of the standard model in any area, OK; but then give me a model, or at least a sketch of a model, to justify your instincts.

Conservatives and their economists insist that the vast increase in incomes at the top and the decrease at the bottom are the result of some special skill or lack of skill, or that the “market pays people what they are worth”; but that is just false, as I explain in detail here and here. Fox says that economists should look outside their specialties and consider the possibility of changing social norms, as some sociologists suggest, or changes in laws and political priorities, as some political scientists suggest. I doubt that social norms have changed. Every survey I’ve seen says that people don’t know the actual figures about wealth and income inequality, and wildly underestimate them.

Krugman says Piketty offers the explanation of “r > g and all that”, but what I read in Piketty is his theory that the rich use their economic and political power to get favorable changes in laws, regulations and court rulings, changes that increase wealth and income inequality solely for their benefit, with the losses inflicted on the rest of us. As far as I can tell, raw economic and political power are completely outside the economist field of view, simply because they cannot be modeled. And on top of that, those models don’t even consider fraud and corruption, which play a large role in our version of capitalism.

In his 1993 article in Foreign Affairs, Krugman makes the case that the real basis for NAFTA is foreign policy. It was intended to help Mexico transition to a more Westernized economy, which he thought was a good idea. That is a policy judgment, not an economic judgment. But whatever the government and the economists thought, NAFTA was an experiment in the exercise of raw economic power.

The same thing was true about China and the WTO, and TPP and TISA and US/China deals like BITs. The point of these treaties is to change the nature of existing markets and social structures, to create non-governmental forms of control of trade and property, and to protect and enhance the economic power of some US industries at the expense of the lives of millions of workers. Hiding behind weasel words like Free Trade and the professional reputations of most economists, Congress has ceded US sovereignty to a bunch of rogue corporations acting strictly in the interest of profits and shareholder returns, with neoliberals in both parties supporting Fast Track approval of whatever they want.

Krugman counts himself a lukewarm opponent of TPP, as do other liberal economists, for political and not economic reasons. Even though the damage is done, it’s nice to see this change.

That leads me to the conclusion that liberal elites, especially liberal economists, have a real problem: they have been wrong too often on too many important issues. They were wrong about trade. They were wrong about neoliberal economics in general, the Washington Consensus, and, as Queen Elizabeth II pointed out, they couldn’t even see the Great Crash coming.

After the Great Crash, they searched for explanations, but while some focused on the effect of deregulation, there were still plenty of defenders, including many who denied the relevance of the gradual weakening and then elimination of Glass-Steagall, but none of those explanations touched on fraud and corruption. No liberal economists called for prosecutions. Instead they focused the debate on the nature of their models, claiming that they were unfairly blamed for not predicting the Great Crash. Of course, those were the very models they used to advise policy makers that deregulation would be just fine.

Economists have all used the same introductory textbooks for decades now, teaching the simple tropes of capitalism. That sets the baseline for economic theory for the great mass of citizens who have been taught to think the ideas of Econ 101 as laid out the textbooks of Mankiw or Samuelson and Nordhaus are Gospel. Liberal economists who move away from those ideas are rejected by conservatives.

Now liberals say we trusted you to be right, and you weren't. And not just that, you were wrong in the worst possible way: you concurred with conservative economists. That costs the liberal elites credibility with liberals and even many centrists.

And progressives, the heirs to FDR, by nature more suspicious of wealth and power, say: we trusted you, but you didn't even question the goals and motives of the rich and powerful. Why would we ever trust you? We aren't even sure we're on the same side.

That presents liberal economists with a real problem. Why would anyone listen to them now?


Index to prior posts in this series.