Thursday, June 30, 2016

The Secrets that Remain about Journalist NSLs

Someone has liberated to the Intercept a copy of the FBI’s guidelines for using NSLs to obtain the call records of journalists. The entire appendix is For Official Use Only save one paragraph noting that notes that foreigners serving as spooks or working for news outlets that are agents of a foreign power don’t get any protection. Otherwise, this is only being protected under a claim of privilege, not classification. That’s particularly troubling given that the US Attorney Guidelines on subpoenaing the press includes equivalent language about agents of a foreign power not getting the special treatment (though here it is more focused on terrorists).

The protections of the policy do not extend to any individual or entity where there are reasonable grounds to believe that the individual or entity is a foreign power or an agent of a foreign power; a member or an affiliate of a foreign terrorist organization; designated a specially designated global terrorist; a specially designated terrorist; a terrorist organization; committing or attempting to commit a crime of terrorism; committing or attempting to commit the crime of providing material support or resources to a terrorist organization; or aiding, abetting, or conspiring in illegal activity with such individuals or entities. 28 C.F.R.50.10(b)(1)(ii).

The liberated passage (like the USA guidelines) does not, however, define who counts as a member of the news media.

For those so lucky as to be considered a member of the news media, when DOJ is obtaining their records to learn a confidential source, they need to get the Executive Assistant Director of National Security Branch (who much consult with the AAG for National Security) and General Counsel’s approval to obtain an NSL. Note, the Public Affairs Director is not involved in this process, as he or she is supposed to be in the subpoena process (though even there, the policy states that DOJ’s Policy and Statutory Enforcement Unit will make the call on who is or is not entitled to be a journalist). Which would say NSLs, on top of being secret and offering the journalist no opportunity to fight the subpoena, also receive only a national security review, not a press review.

Which brings me back to the other point about NSLs I keep harping on. The 2014 NSL IG report showed that the FBI was not reporting at least 6.8% of their NSLs, even to Congress, much less to the Inspector General. When asked about that, FBI said an accurate number was really not worth trying to do, even while it admitted that the uncounted NSLs were “sensitive” cases — a category that includes journalists (and politicians and faith leaders).

That means there’s at least a decent possibility that some of the NSLs the FBI chooses not to report to either Congress or the Inspector General — in spite of the clear legal obligation to do so — are of journalists.

Given that they’ve been hiding this unclassified NSL policy under a dubious claim of privilege, that decent possibility seems all the more likely.

FBI Still Not Counting How Often Encryption Hinders Their Investigations

The annual wiretap report is out. The headline number is that wiretaps have gone up, and judges still don’t deny any wiretap applications.

The number of federal and state wiretaps reported in 2015 increased 17 percent from 2014.   A total of 4,148 wiretaps were reported as authorized in 2015, with 1,403 authorized by federal judges and 2,745 authorized by state judges.  Compared to the applications approved during 2014, the number approved by federal judges increased 10 percent in 2015, and the number approved by state judges increased 21 percent.  No wiretap applications were reported as denied in 2015.

The press has focused more attention on the still very small number of times encryption thwarts a wiretap.

The number of state wiretaps in which encryption was encountered decreased from 22 in 2014 to 7 in 2015.  In all of these wiretaps, officials were unable to decipher the plain text of the messages.  Six federal wiretaps were reported as being encrypted in 2015, of which four could not be decrypted.  Encryption was also reported for one federal wiretap that was conducted during a previous year, but reported to the AO for the first time in 2015.  Officials were not able to decipher the plain text of the communications in that intercept.

Discussing the number — which doesn’t include data at rest — on Twitter got me to look at something that is perhaps more interesting.

Back in July 2015, 7 months into the period reported on today, Deputy Attorney General Sally Yates and FBI Director Jim Comey testified in a “Going Dark” hearing. Over the course of the hearing, they admitted that they simply don’t have the numbers to show how big a problem encryption is for their investigations, and they appeared to promise to start counting that number.

Around January 26, 2016 (that’s the date shown for document creation in the PDF) — significantly, right as FBI was prepping to go after Syed Rizwan Farook’s phone, but before it had done so — Comey and Yates finally answered the Questions for the Record submitted after the hearing. After claiming, in a response to a Grassley question on smart phones, “the data on the majority of the devices seized in the United States may no longer be accessible to law enforcement even with a court order or search warrant,” Comey then explained that they do not have the kind of statistical information Cy Vance claims to keep on phones they can’t access, explaining (over five months after promising to track such things),

As with the “data-in-motion” problem, the FBI is working on improving enterprise-wide quantitative data collection to better explain the “data-at-rest” problem.”

[snip]

As noted above, the FBI is currently working on improving enterprise-wide quantitative data collection to better understand and explain the “data at rest” problem. This process includes adopting new business processes to help track when devices are encountered that cannot be decrypted, and when we believe leads have been lost or investigations impeded because of our inability to obtain data.

[snip]

We agree that the FBI must institute better methods to measure these challenges when they occur.

[snip]

The FBI is working to identify new mechanisms to better capture and convey the challenges encountered with lawful access to both data-in-motion and data-at =-rest.

Grassley specifically asked Yates about the Wiretap report. She admitted that DOJ was still not collecting the information it promised to back in July.

The Wiretap Report only reflects the number of criminal applications that are sought, and not the many instances in which an investigator is dissuaded from pursuing a court order by the knowledge that the information obtained will be encrypted and unreadable. That is, the Wiretap Report does not include statistics on cases in which the investigator does not pursue an interception order because the provider has asserted that an intercept solution does not exist. Obtaining a wiretap order in criminal investigations is extremely resource-intensive as it requires a huge investment in agent and attorney time, and the review process is extensive. It is not prudent for agents and prosecutors to devote resources to this task if they know in advance the targeted communications cannot be intercepted. The Wiretap Report, which applies solely to approved wiretaps, records only those extremely rare instances where agents and prosecutors obtain a wiretap order and are surprised when encryption prevents the court-ordered interception. It is also important to note that the Wiretap Report does not include data for wiretaps authorized as part of national security investigations.

These two answers lay out why the numbers in the Wiretap Report are of limited value in assessing how big a problem encryption is.

But they also lay out how negligent DOJ has been in responding to the clear request from SJC back in July 2015.

Wednesday, June 29, 2016

House Homeland Security Committee Apparently Knows Little about Homeland Security

Here are the first 36 words of an otherwise useful House Homeland Security Committee report on encryption:

Public engagement on encryption issues surged following the 2015 terrorist attacks in Paris and San Bernardino, particularly when it became clear that the attackers used encrypted communications to evade detection—a phenomenon known as “going dark.”

The statement has grains of truth to it. It is true that engagement on encryption surged following the Paris attacks, largely because intelligence committee sources ran around assuming (and probably briefing the White House) that encryption must explain why those same intelligence committee sources had missed the attack. It surged further months later when FBI chose to pick a fight with Apple over Syed Rizwan Farook’s work phone which — it was clear from the start — had no evidence relating to the attack on it.

It is also true that ISIS had been using Telegram leading up to the Paris attack; in its wake, the social media company shut down a bunch of channels tied to the group. But there has never been a public claim the plotters used Telegram to plan their attack.

It is also true that an ISIS recruit, arrested and interrogated months before the Paris attack, had told French authorities he had been trained to use a Truecrypt key and an elaborate dead drop method to communicate back to Syria.

But it is not true that the Paris attackers used encryption to hide their plot. They used a great many burner phones, a close-knit network (and with it face-to-face planning), an unusual dialect. But even the one phone that had an encrypted product loaded on it was not using that service.

It is also not true that the San Bernardino attackers used encryption to evade detection. They used physical tools to destroy the phones presumably used to plan the attack. They hid a hard drive via some other, unidentified means. But the only known use of encryption — the encryption that came standard on Farook’s work phone — was shown, after the FBI paid to bypass it, not to be hiding anything at all.

Now it’s possible there was encryption involved in these attacks we don’t know about, that HLSC has gotten classified briefings on. But even if there was, it could not very well have led to a public surge of engagement last year, because it would not be public.

There are reasons to discuss encryption. But factually false claims about terrorists’ use of encryption are not among those reasons.

h/t to Access Now’s Nathaniel White, who pointed out this bogosity on Twitter.

Update: See this Grugq post laying out what little encryption ISIS has been known to use in any attack.

Wednesday: Wandering

All that is gold does not glitter; not all those who wander are lost.

— excerpt, The Lord of the Rings by J. R. R. Tolkien

It’s a lovely summer day here, cool and dry. Perfect to go walkabout, which I will do straight away after this post.

Hackety-hack-hack, Jack

  • Spearphishing method used on HRC and DNC revealed by security firm (SecureWorks) — Here’s their report, but read this Twitter thread if you don’t think you can handle the more detailed version. In short, best practice: DON’T CLICK ON SHORTENED LINKS using services like Bitly, which mask the underlying URL.
  • Researchers show speakerless computers can be hacked by listening to fans (arXiv.org) — Air-gapping a computer may not be enough if hackers can listen to fan operation to obtain information. I’ll have to check, but this may be the second such study.
  • Another massive U.S. voter database breached (Naked Security) — This time 154 million voters’ data exposed, revealing all manner of details. 154M is larger than the number of voters in the 2012 general election, though smaller than the 191M voters’ records breached in December. At least this time the database owner slammed the breach shut once they were notified of the hole by researcher Chris Vickery. Nobody’s fessed up to owning the database involved in the the December breach yet.
  • Speaking of Vickery: Terrorism databased leaked (Reddit) — Thomson-Reuters’ database used by governments and banks to identify and monitor terrorism suspects was leaked (left open?) by a third party. Vickery contacted Thomson-Reuters which responded promptly and closed the leak. Maybe some folks need to put Vickery on retainer…
  • Different kind of hack: Trump campaign hitting up overseas MPs for cash? Or is he? (Scotsman) — There are reports that Trump’s campaign sent fundraising emails received by elected representatives in the UK and Iceland. Based on what we know now about the spearphishing of HRC and DNC, has anybody thought to do forensics on these emails, especially since government officials are so willing to share them widely? Using these kinds of emails would be a particularly productive method to spearphish government and media at the same time, as well as map relationships. Oh, and sow dissension inside the Trump family, urm, campaign. On the other hand, lack of response from Trump and team suggests it’s all Trump.

Makers making, takers taking

  • Apple granted a patent to block photo-taking (9to5Mac) — The technology relies on detecting infrared signals emitted when cameras are used. There’s another use for the technology: content can be triggered to play when infrared signal is detected.
  • Government suppressing inventions as military secrets (Bloomberg) — There’s merit to this, preventing development of products which may undermine national security. But like bug bounties, it might be worth paying folks who identify methods to breach security; it’s a lot cheaper than an actual breach, and a bargain compared to research detecting the same.
  • Google wants to make its own smartphone (Telegraph-UK) — This is an effort apart from development of the modular Ara device, and an odd move after ditching Motorola. Some tech industry folks say this doesn’t make sense. IMO, there’s one big reason why it’d be worth building a new smartphone from the ground up: security. Google can’t buy an existing manufacturer without a security risk.
  • Phonemaker ZTE’s spanking for Iran sanction violations deferred (Reuters) — This seems kind of odd; U.S. Commerce department agreed to a reprieve if ZTE cooperated with the government. But then think about the issue of security in phone manufacturing and it makes some sense.

A-brisket, a Brexit

  • EU health commissioner Andriukaitis’ response to Nigel Farage’s insulting remarks (European Commission) — Farage prefaced his speech to European Commissioners yesterday by saying “Most of you have never done a proper day’s work in your life.” Nice way to win friends and influence people, huh? Dr. Vytenis Andriukaitis is kinder than racist wanker Farage deserves.
  • Analysis of next couple years post-Brexit (Twitter) — Alex White, Director of Country Analysis at the Economist Intelligence Unit, offers what he says is “a moderate/constructive call” with “Risks definitely to the downside not to the upside.” It’s very ugly, hate to see what a more extreme view would look like. A pity so many Leave voters will never read him.

Follow-up: Facebook effery
Looks like Facebook’s thrown in the towel on users’ privacy altogether, opening personal profiles in a way that precludes anonymous browsing. Makes the flip-flop on users’ location look even more sketchy. (I can’t tell you anymore about this from personal experience because I gave up on Facebook several years ago.)

Happy hump day!

In 2010, DOJ Was Stalling Gang of Four Member Silvestre Reyes Over Common Commercial Services Memo

As far as the public record shows, Ron Wyden first started complaining about the Common Commercial Service OLC Memo in late 2010, in a letter with Russ Feingold written “over two years” before January 14, 2013. As I’ve written, John Yoo wrote the memo on May 30, 2003, as one of the last things he did before he left the Office of Legal Council. It seems to have something to do with both the Stellar Wind program and cybersecurity, and apparently deals with agreements with private sector partners. At least one agency has operated consistently with the memo (indeed, Ron Wyden’s secret memo submitted to the court probably says the memo was implemented) but the government claims that doesn’t mean that agency relied on the memo and so the ACLU can’t have it in its lawsuit.

According to a letter liberated by Jason Leopold, however, someone in Congress was raising concerns about the memo even before Wyden and Feingold were. On June 30, 2010, then Chair of the House Intelligence Committee Silvestre Reyes wrote Attorney General Holder a letter about the memo. On October 5, Ron Weich wrote Reyes,

We have conferred with Committee staff about your letter and your concerns regarding the potential implications of the opinion. We appreciate your concerns and your recognition of the complexities of the issues involved in our consideration of your request. We will let you know as soon as we are in a position to provide additional information.

In other words, three months after one of the top ranking intelligence overseers in government raised concerns about the memo, DOJ wrote back saying they weren’t yet “in a position to provide additional information.”

That seems like a problem to me.

It also seems to be another data point suggesting that — whatever the government did back in 2003, after Yoo wrote the memo — it was being discussed more generally in 2010, possibly with an eye to implement it.

 

IARPA’s MOSAIC FitBit for Psych

EFF’s Dave Maass discovered this conference notice from the Intelligence Advanced Research Projects Activity.

Selecting and evaluating a workforce that is well-suited for the psychological and cognitive demands of the diverse positions across the Intelligence Community (IC) is an important and persistent need. This is growing in importance as the pace and complexity of the challenges facing the IC workforce grow and expand. Methods that enhance our ability to evaluate an individual’s psychological drivers, cognitive abilities, and mental wellness and resilience will enable improved capabilities to select the right person for the right job, evaluate and help maintain optimal performance throughout their career, and better understand and anticipate changes in an individual that may impact their work effectiveness, productivity, and overall health and wellness.

To address this challenge, the MOSAIC program aims to take advantage of multimodal mobile, worn, and carried sensors and the corresponding data to enable the measurement of an individual in situ, throughout their daily activities, using an aggregate of behavior, physiology, social dynamics, physical location and proximity, as well as other novel data sources. Research in this program will aim to establish convergent validity of multimodal signals across a range of researcher-defined contexts and over time to enable accurate and personalized evaluations. It is anticipated that research teams will develop and test a suite of multimodal sensors to collect a range of subject-focused and situational data; build capabilities to develop an integrated model of the subject, their behaviors, and the social and physical context; and advance methods to personalize modeling approaches to develop accurate assessments of an individual over time.

The Program, which uses the intelligence jargon “Mosaic” to stand for “Multimodal Objective Sensing to Assess Individuals with Context” would start with volunteers and then roll out better measurements, though it’s not clear whether the program, as conceived, would roll out to the IC as a whole.

It’s all very spooky, especially given that it doesn’t really say what it wants to measure. Is it going to be a running polygraph, a constant assessment of deceit of the kind the IC doesn’t encourage, if that can be distinguished from the kind it does? Will it measure how the best operatives respond to stress? What kind of spying on the spies will it enable?

But it’s nice to see IARPA making clear whether the push for things like FitBit will lead the rest of society.

Hillary’s National Security Alliance for Quivering Over Bank Prosecutions

Fresh off being caught lying about rolling her eyes in response to calls for Palestinian rights, Neera Tanden has rolled out something called the National Security Leadership Alliance. Best as I can tell, it exists mainly on paper right now — I couldn’t even find it on CAP’s site yet. But it seems designed to fear-monger about what will happen if Trump becomes Commander-in-Chief.

The project, called the National Security Leadership Alliance, will be funded by C.A.P. Action. It will feature a roster of major members of the foreign policy and national security community, including two retired four-star generals; Leon E. Panetta, the former C.I.A. director; Madeleine K. Albright, the former secretary of state; Eric H. Holder Jr., the former attorney general; and Carl Levin, the former Michigan senator. All have endorsed Mrs. Clinton.

There will be an effort to highlight precisely what, in the military arsenal, Donald J. Trump would have access to as president. Mr. Trump has been criticized for his views on foreign policy, criticisms that have been central to the case that Mrs. Clinton has made against him in an effort to describe the stakes of the 2016 presidential election. The Center for American Progress is led by a top outside adviser to Mrs. Clinton, Neera Tanden, and the new project seeks to put a spotlight on what officials are calling a progressive foreign policy vision.

I’m perfectly okay with fearmongering about Trump. But let’s look at this lineup. It features the woman who said letting half a million Iraqi children die was worth the price of enforcing sanctions against the country. It also includes a guy, Panetta, whose exposure of the identities of Osama bin Laden killers’ identities to Hollywood producers serves to reinforce what a double standard on classified information Hillary (and Panetta) benefit from.

But I’m most curious by a “national security” team that includes both Eric Holder and Carl Levin, especially given the NYT focus, in announcing the venture, on Brexit.

“I think what brought us together is obviously a lot of concern about some of the division and polarization that we’re seeing in the world,” Mr. Panetta said in an interview. “We know we’re living in a time of great change and uncertainty.”

But he added, “The concern we have is we see these forces of division that are prepared to throw out the fundamental” principles of foreign policy in the United States over many decades.

“What we’re learning from ‘Brexit’ is that there’s a price to be paid in terms of letting out emotion dictate policy instead of responsible leadership,” he said, referring to Britain’s vote to leave the European Union. “We shouldn’t throw the baby out with the bath water.”

Leon Panetta, in rolling out a venture including Carl Levin — who as head of the Senate’s Permanent Subcommittee on Investigations worked tirelessly for some kind of accountability on bank crime — and Eric Holder — who ignored multiple criminal referrals from Levin, including one pertaining to Goldman Sachs head Lloyd Blankfein — says the lesson from Brexit is that we can’t let emotion dictate policy but instead should practice “responsible leadership” guarding the “fundamental principles of foreign policy in the United States over many decades.”

Of course, as David Dayen argued convincingly, to the extent Brexit was an emotional vote, the emotions were largely inflamed by elite failures — the failures of people like Eric Holder to demand any responsibility (Dayen doesn’t deal with the equally large failures of hawks like Albright whose destabilizing policies in the Middle East have created the refugee crisis in Europe, which indirectly inflamed Brexit voters).

Again, I’m okay if Hillary wants to spend her time fearmongering about the dangers of Trump.

But to do so credibly, she needs to be a lot more cognizant of the dangers her own team have created.

Tuesday, June 28, 2016

The Theory of Business Enterprises Part 7: Cultural Changes

In the early chapters of the book, Thorstein Veblen describes industrial productive methods and the changes they require of workers. In Chapter 9, he describes the effect of those changes on the workers and on businessmen who own the factories. In general, the businessmen become more attached to a system of thought based on natural rights. Natural rights law, especially as related to ownership and property, is the basis for their control of the productive sector; and it gives them the tools they use to continue that domination. Natural rights ideas were formulated in a much earlier era, when the dominant mode of production was the individual fabricator, the individual handicraft worker. Natural law was embedded in the entire social fabric, Church, State, and community. These institutions remained strong in the early part of the industrial age, up to 1904 when Veblen wrote.

Veblen says that factory workers were moving away from the natural law ideas, which, after all, were a metaphysical formulation, grounded in the social structures of an earlier day and an earlier system of production. Their lives were now ruled by gauges and measurements, by cause and effect. This is the form of inquiry behind the development of the sciences which drove the technology of the machine age. It tends to undercut the traditional forms of thought that underlie the conventional thinking of the businessmen, forms which Veblen calls metaphysical.

Veblen says that this newer kind of thinking led the working classes to lose respect the natural rights forms of thinking, and specifically for property rights and the individual ownership of industrial property. In turn, this helped the working class to see itself differently, as expressed in the trade union movement, and in socialist and even anarchist thinking. For the most part, he thought that the trade union movement would reinforce the business interests by making only those demands necessitated by the changes that the industrial process made in the lives of the workers. They sought standardized wages and regular hours and other accommodations necessary to make their lives more pleasant, and did not carry the ideas of cause and effect or the indifference to property rights to their logical extreme as socialist theory would. He adds a long and unfriendly discussion of socialism.

When he gets back to the cultural changes, one of the issues he identifies is changes in domestic relations. The traditional family becomes a less spiritually important institution.

What appears to be in jeopardy, should the socialistic defection gain ground, is the headship of the male in the household economy. The family, as it has come down from the medieval past, under the shelter of the church, is of a patriarchal constitution, at least in theory. The man has been vested with discretionary control in domestic affairs.

As the discussion continues, it becomes apparent that the driving force isn’t socialist theory, but real changes in the possible ways to live created by the machine age. It isn’t just the family, it’s the Church, and even patriotism that are called into question. Mere formal or conventional justifications do not suffice for people of any class whose thought processes are governed by theories grounded in cause and effect.

The machine technology is a mechanical or material process, and requires the attention to be centred upon this process and the exigencies of the process. In such a process no one factor stands out as unequivocally the efficient cause in the case, whose personal character, so to speak, is transfused into the product, and to whose workings the rest of the complex of causes are related only as subsidiary or conditioning circumstances. … The process is always complex; always a delicately balanced interplay of forces that work blindly, insensibly, heedlessly; in which any appreciable deviation may forthwith count in a cumulative manner, the further consequences of which stand in no organic relation to the purpose for which the process has been set going. The prime efficient cause falls, relatively, into the background and yields precedence to the process as the point of technological interest.

Veblen said that this was happening to the greatest extent in the large industrial towns, and less so in the smaller towns and the countryside. Veblen is obviously interested in the culture of the workers; he ignores the conventional thinking of the businessman, and focuses on cultural changes in the vastly larger class of working people. Veblen thought that cultural growth in the machine age would be “… of a skeptical, matter-of-fact complexion, materialistic, unmoral, unpatriotic, undevout.”

In Chapter 10, Veblen takes up the future of the businesses. He thinks they will collapse because they become “fiscal ways and means”, subservient to a militaristic state which itself will collapse under the pressures of war. That didn’t happen.

As it turned out Veblen was more or less right that there were changes in the working classes in the larger industrial towns, and less so in the rest of the country. He ignored the Grange Movement and a good bit of the populist revolution on the farms, though. Even so, that was enough change to produce the New Deal and a highly efficient war machine in WWII, and a strong working class throughout the 50s and early 60s. By that time, socialism was wiped out in the US, and the union movement began to deteriorate. The war industry picked up strength first under Kennedy and LBJ, and then at higher levels beginning with Reagan, the second of his predictions began to seem more plausible. But it won’t be counteracted by an organized and strong working class, because there isn’t one.

We seem to be lurching from one crisis created by the elites to the next crisis created by the elites. We could use some ballast.

Facebook’s Flip-Flop: Is It a Law Enforcement Thing?

Kash Hill has a fascinating story about a Facebook flip-flop over a story she reported yesterday.

It started when — as increasingly happens in her work — someone came to her with a scary problem. Facebook recommended he friend someone he had only just met for the first time at a meeting for parents of suicidal teens. In response, Facebook confirmed they do use co-location for such recommendations.

Last week, I met a man who was concerned that Facebook has used his smartphone location to figure out people he might know. After he attended a gathering for suicidal teens, Facebook recommended one of the other parents there as a friend, even though they seemingly had nothing else in common but being in the same place at the same time. He asked me whether Facebook was using location to figure out if people knew each other.

I was skeptical, because that seemed like such an egregious violation of privacy. On Friday, I emailed Facebook:

A Facebook user told me that he attended an event last week with people he’d never met before. The next morning, one of the people at the event came up as a suggested friend. They had no other ties beyond being in the same room the night before. Could their shared location have resulted in the suggestion?

A spokesperson responded, saying that location is one of the signals for “People You May Know.”

But then, as people started making a stink about this, Facebook reached out again and offered this oblique reversal.

Thus I reported that “Facebook is using your phone’s location to suggest new friends—which could be a privacy disaster.” The story garnered lots of negative feedback, with people upset about Facebook using their location information this way without telling them.

Then, on Monday night, the Facebook spokesperson reached out again, saying the company had dug into the matter and found that location isn’t currently used. She sent an updated statement:

“We’re not using location data, such as device location and location information you add to your profile, to suggest people you may know. We may show you people based on mutual friends, work and education information, networks you are part of, contacts you’ve imported and other factors.”

One part of this comment is easy: Facebook is not using locations you mark for yourself (so if I said I was in Grand Rapids, they wouldn’t use that to find new Grand Rapids friends for me). But it’s not really clear what they mean by “device location.” Determined by what? GPS? Cell tower? IP location? Wifi hotspot colocation?

Which got me thinking about the way that federal law enforcement (in both the criminal and FISA context, apparently) are obtaining location data from social media as a way to tie physical location to social media activity.

[Magistrate Stephen Smith] explained he had had several hybrid pen/trap/2703(d) requests for location and other data targeting WhatsApp accounts. And he had one fugitive probation violation case where the government asked for the location data of those in contact with the fugitive’s Snapchat account, based on the logic that he might be hiding out with one of the people who had interacted with him on Snapchat. The providers would basically be asked to to turn over the cell site location information they had obtained from the users’ phone along with other metadata about those interactions. To be clear, this is not location data the app provider generates, it would be the location data the phone company generates, which the app accesses in the normal course of operation.

Doing so with Facebook would be particularly valuable, as you could target an event (say, a meeting of sovereign citizens) and find out who had attended the meeting to see whose location showed up there. The application would be even more useful with PRISM, because if you were targeting meetings overseas, you wouldn’t need to worry about the law on location data.

In other words, I started wondering whether Facebook is using this application — and was perfectly willing to tell Hill about it — until the FBI or someone started complaining that people would figure out one of their favorite new law enforcement (and intelligence) methods.

Hill is still pressing Facebook for real answers (and noted that Facebook may be violating FTC rules if they are doing this, so expects answers from there if not from Facebook directly).

Still, I’m wondering if FBI is now telling our private spy companies they can’t reveal the techniques law enforcement most likes to rely on.

Ron Wyden: Obtaining ECTRs without a Warrant Is Almost Like Spying on Someone’s Thoughts

Screen Shot 2016-06-28 at 8.50.20 AM

As a number of outlets have reported, Ron Wyden has placed a hold on the Intelligence Authorization in an attempt to thwart FBI’s quest to be able to obtain Electronic Communication Transaction Records with just a National Security Letter.

But Wyden’s released statement on that hold differs in emphasis from what he said in his Senate address announcing the hold yesterday. The statement describes how all toll records — from emails, texts, or web browsing — can infringe on privacy.

The fact of the matter is that ‘electronic communication transaction records’ can reveal a great deal of personal information about individual Americans.  If government officials know that an individual routinely emails a mental health professional, or sends texts to a substance abuse support group, or visits a particular dating website, or the website of a particular political group, then the government knows a lot about that individual.  Our Founding Fathers rightly argued that such intrusive searches should be approved by independent judges.

But in his floor statement, Wyden went on at length about the particular threat posed by obtaining web browsing history (this starts after 4:40).

For example, the National Security Letters could be used to collect what are called Electronic Communication Transaction Records. This would be email and chat records and text message logs, and in particular, Mr. President, and I’ve had Senators come up to me to ask me about whether this could be true, folks at home this weekend, when I was out and responding to questions about this, people asked, “Does this really mean that the government can get the Internet browsing history of an individual without a warrant even when the government has the emergency authority if it’s really necessary?”

And the answer to that question, Mr. President, is yes, the government can. The government can get access to web browsing history under the Intelligence Authorization legislation, under the McCain amendment, and they can do it without getting a warrant, even when the government can go get it without a warrant when there is an emergency circumstance.

Now the reality is web browsing history can reveal an awful lot of information about Americans. I know of little information, frankly Mr. President, that could be more intimate than that web browsing history. If you know that a person is visiting the website of a mental health professional, or a substance abuse support group, or a particular political organization, or — say — a particular dating site, you know a tremendous amount of private and personal and intimate information about that individual — that’s what you get when you can get access to their web browsing history without a warrant, even when the government’s interest is protected, as I’ve said, in an emergency.

The reality is getting access to somebody’s web browsing history is almost like spying on their thoughts. This level of surveillance absolutely ought to come with court oversight, and as I’ve spelled out tonight, that is possible in two separate ways — the traditional approach with getting a warrant, and then under Section 102, which I wrote as part of USA Freedom Act, the government can get the information when there’s an emergency and come back later after the fact and settle up.

Wyden’s statement makes a few other things clear. First, by focusing on the emergency provision of USA Freedom Act, Wyden illustrates that the FBI is trying to avoid court oversight, not so much obtain records quickly (though there would be more paperwork to a retroactive Section 215 order than an NSL).

That means two things. First, as I’ve noted, FBI is trying to avoid the minimization procedures the FISC spent three years imposing on FBI. Right now, we should assume that FISC would prohibit FBI from retaining all of the data it obtains from web searches, but if it moved (back) to NSL collection it would have no such restriction.

The other thing obtaining ECTRs with NSLs would do, though, is avoid a court First Amendment review, which should be of particular concern with web search history, since everything about web browsing involves First Amendment speech. Remember, a form of emergency provision (one limited to Section 215’s phone chaining application) was approved in February 2014. But in the September 2014 order, the FISC affirmatively required that such a review happen even with emergency orders. A 2015 IG Report on Section 215 (see page 176) explains why this is the case: because once FISC started approving seeds, NSA’s Office of General Counsel stopped doing First Amendment reviews, leaving that for FISC. It’s unclear whether it took FISC several cycles to figure that out, or whether they discovered an emergency approval that infringed on First Amendment issues. Under the expanded emergency provision under USAF, someone at FBI or DOJ’s National Security Division would do the review. But FBI’s interest in avoiding FISC’s First Amendment review is of particular concern given that FBI has, in the past, used an NSL to obtain data the FISC refused on First Amendment grounds, and at least one of the NSL challenges appears to have significant First Amendment concerns.

In the Senate yesterday, Senator Wyden strongly suggested the FBI wants this ECTR provision so it can “spy[] on their thoughts” without a warrant. We know from other developments that doing so using an NSL — rather than an emergency Section 215 order — would bypass rigorous minimization and First Amendment review.

In other words, the FBI wants to spy on — and then archive — your thoughts.

Monday, June 27, 2016

Monday: Fierce Dog

Hunger and fear are the only realities in dog life: an empty stomach makes a fierce dog.

— excerpt, personal journal of Capt. Robert Falcon Scott

This short film by Aaron Dunleavy was inspired by his childhood in Blackburn, Lancashire UK. The script was improvised and cast using locals.

All districts in Lancashire voted Leave during last week’s Brexit referendum, with 65% of Blackburn voters supporting Leave.

Worth noting an article in Lancashire Telegraph about an Aldi’s store under construction. Aldi’s is a German-owned grocery store chain; have to wonder if construction will be completed.

Brexit botch bits

  • @shockproofbeats on Brexit’s impact on Northern Ireland (Storify) — It’s messy now and promises to be even uglier.
  • Downside for China (and other foreign investors): Real estate purchases may be put on hold (SCMP) — Some deals in the works may be halted until the pound is more stable. On the other hand, Britain may step in and put the brakes on sales; too easy for overseas entities with big money to buy up property while pound is depressed.
  • Upside for China (and other banking centers): Business could pick up in Hong Kong (SCMP) — London is the second largest trading center of yuan next to Hong Kong; some of the business could shift back to Hong Kong, especially if HSBC bank choose to relocate its headquarters to HK from London.
  • No change in position on Brexit referendum since last Friday according to PM David Cameron (Independent-UK) — Though Cameron is now going to leave in September. He continued to push triggering of the Article 50 to his successor while taking pot shots at Labor Party over its purge this weekend. Not certain most Americans will notice just how Cameron has managed to shift the blame to both MPs and the people for a referendum he proposed, or how he has turned execution of Article 50 into a poisoned chalice. Lord Chancellor Secretary of State for Justice Michael Gove, Leave campaign proponent, was present at today’s session in Parliament but said nothing before disappearing. Boris Johnson, MP for Uxbridge and South Ruislip and Leave campaign proponent, was noticably absent. Wankers all three.

SCOTUS Week
Waiting around watching the court for good or ill until this morning is kind of like waiting for Shark Week — hey, it IS Shark Week! What a coincidence!

Miscellaneous trouble

Promises to be a busy week ahead. Stay tuned!

NATO and Brexit

For the record, I think it quite likely that UK’s Tories will never trigger Article 50, which would mean the two year process of leaving the EU will never start much less finish. If that happens, we will face an increasing game of chicken between the EU — primarily Germany — and the UK, because until things settle with the UK, other right wing parties will call to Exit the EU.

All that said, I want to consider what a UK exit would mean for security, particularly as regards to the balance between privacy and dragnettery in which the EU has, in recent years, played a key but largely ineffectual role.

From a spying perspective, Brexit came just hours after the US and EU finalized a draft of the Privacy Shield that will replace the Safe Harbor agreement next week. When I read it, I wondered whether the US signed it intended to do some data analysis in the UK, an option that will likely become unavailable if and when the UK actually does leave the EU. Amazing, the UK’s hawkish Home Secretary Theresa May (who in the past has called for the UK to leave the ECHR) is considered a favorite to replace David Cameron is the Tory Prime Minister, which would be like Jim Comey serving as President. The UK will still need to sign its own IP Bill, which will expand what is authorized spying in the UK.

But all that assumes the relative structure of nesting alliances will remain the same if and when the UK departs the EU. And I don’t think that will happen. On the contrary, I think the US will use the UK’s departure — and security concerns including both an expanding Russia and the threat of terrorism — to push to give NATO an enhanced role off what it has.

Consider what Obama said in his initial statement about Brexit [my emphasis in all these passages],

The people of the United Kingdom have spoken, and we respect their decision. The special relationship between the United States and the United Kingdom is enduring, and the United Kingdom’s membership in NATO remains a vital cornerstone of U.S. foreign, security, and economic policy. So too is our relationship with the European Union, which has done so much to promote stability, stimulate economic growth, and foster the spread of democratic values and ideals across the continent and beyond. The United Kingdom and the European Union will remain indispensable partners of the United States even as they begin negotiating their ongoing relationship to ensure continued stability, security, and prosperity for Europe, Great Britain and Northern Ireland, and the world.

To Cameron,

President Obama spoke by phone today with Prime Minister David Cameron of the United Kingdom to discuss the outcome of yesterday’s referendum on membership in the European Union, in which a majority of British voters expressed their desire to leave the EU. The President assured Prime Minister Cameron that, in spite of the outcome, the special relationship between the United States and the United Kingdom, along with the United Kingdom’s membership in NATO, remain vital cornerstones of U.S. foreign, security, and economic policy. The President also expressed his regret at the Prime Minister’s decision to step aside following a leadership transition and noted that the Prime Minister has been a trusted partner and friend, whose counsel and shared dedication to democratic values, the special relationship, and the Transatlantic community are highly valued. The President also observed that the EU, which has done so much to promote stability, stimulate economic growth, and foster the spread of democratic values and ideals across the continent and beyond, will remain an indispensable partner of the United States. The President and Prime Minister concurred that they are confident that the United Kingdom and the EU will negotiate a productive way forward to ensure financial stability, continued trade and investment, and the mutual prosperity they bring.

And to Merkel,

The President spoke today by phone with Chancellor Angela Merkel of Germany regarding the British people’s decision to leave the European Union. Both said they regretted the decision but respected the will of the British people. The two leaders agreed that the economic and financial teams of the G-7 partners will coordinate closely to ensure all are focused on financial stability and economic growth. The President and the Chancellor affirmed that Germany and the EU will remain indispensable partners of the United States. The leaders also noted that they looked forward to the opportunity to underscore the strength and enduring bond of transatlantic ties at the NATO Summit in Warsaw, Poland, July 8-9.

NATO, NATO, NATO.

John Kerry and NATO Secretary General Jens Stoltenberg seem to echo that viewpoint, with Stoltenberg arguing NATO will become more important.

“We have high expectations of a very strong NATO meeting and important deliverables,” Kerry said of the summit planned for Warsaw on July 8-9. “That will not change one iota as a consequence of the vote that has taken place.”

Kerry, who is on a lightning tour of Brussels and London intended to reassure U.S. allies following the British vote, noted that 22 EU nations, including Britain, are part of NATO.

In Brussels Kerry met NATO Secretary General Jens Stoltenberg and EU foreign policy chief Frederica Mogherini.

“After the UK decided to leave the European Union I think that NATO has become even more important as a platform for cooperation between Europe and North America but also defence and security cooperation between European NATO allies,” said Stoltenberg, whose own country Norway is in NATO but not the EU.

Retired Admiral Stavridis provides a list of four reasons why Brexit will strengthen NATO.

  1. Putin’s adventurism: “NATO has provided the most resolute military balance against [Russia], and thus its stock can be expected to rise with publics in Europe.”
  2. UK manpower will be freed up from EU tasks: UK “will have additional ships, troops, and aircraft to deploy on NATO missions because they will not have to support EU military efforts such as the counter-piracy operations off the coast of East Africa or EU missions in the Balkans.”
  3. By losing the UK’s military power, the EU will become even more of a soft power entity ceding real military activities to NATO. “And, given that European military efforts will be greatly diminished by the loss of British military muscle, the EU can be expected to defer to NATO more frequently.”
  4. The UK will have to prove itself in NATO to retain its “special relationship.” UK “will have to look for new ways to demonstrate value in its partnership with the United States if it hopes to maintain anything like the “special relationship” it has become accustomed to (and dependent on).”

It’s actually the fourth bullet that I think will be key — and it will be carried over into spying. Without the UK, the EU doesn’t have the capability to defend itself, so it will be more dependent on NATO than it had been. Similarly, without GCHQ, the EU doesn’t have heightened SIGINT power to surveil its own population. And so — I fear — whereas prior to Brexit the EU (and Germany specifically) would at least make a show of pushing back against US demands in exchange for protection, particularly given the heightened security concerns, everyone will be less willing to push back.

It’s unclear whether Brexit (if it happens) will hurt the UK or EU more. It probably won’t hurt the US as much as any entity in Europe. It might provide the trigger for the dismantling of the EU generally.

I think it very likely it will shift Trans-Atlantic relationships, among all parties, to a much more militaristic footing. That’s dangerous — especially as things heat up with Russia. And the countervailing human rights influence of the EU will be weakened.

But I think the US will gain power, relatively, out it.

The Jordanian Arms Theft Story

The NYT has a blockbuster story reporting that Jordanian officers have been stealing weapons “shipped into Jordan” by CIA, and selling them on the black market. Some of these weapons were used to kill two Americans at a police training facility in November.

Weapons shipped into Jordan by the Central Intelligence Agency and Saudi Arabia intended for Syrian rebels have been systematically stolen by Jordanian intelligence operatives and sold to arms merchants on the black market, according to American and Jordanian officials.

Some of the stolen weapons were used in a shooting in November that killed two Americans and three others at a police training facility in Amman, F.B.I. officials believe after months of investigating the attack, according to people familiar with the investigation.

The existence of the weapons theft, which ended only months ago after complaints by the American and Saudi governments, is being reported for the first time after a joint investigation by The New York Times and Al Jazeera.

I’m still trying to figure out what to make of this story, so for the moment, I just want to unpack it.

First, consider the players. The story is sourced to US and Jordanian “officials,” (a term which can sometimes mean contractors or Members of Congress). The CIA and FBI both refused to comment for the story; the State Department and Jordan’s press people both gave fluff statements.

The story is a joint project — between Qatar’s media outlet, Al-Jazeera (here’s their link to the story), and the “official press” of the US, the NYT. So Americans, Jordanians, and Qataris were involved in this story.

But no Saudis, in spite of the fact that the story reports that Saudis apparently complained some months ago.

The story seems to suggest that after a Jordanian police official who had just been fired for reasons not yet made public and presumably had his official weapon confiscated went and got this one — it’s not clear whether he purchased it or got it some other way — and killed five (including two American DynCorp contractors) and injured seven others. As part of the FBI investigation, the story suggests, they traced the serial number of the Kalashnikov the killer used to a shipment directly tied to the CIA.

American and Jordanian officials said the investigators believed that the weapons that a Jordanian police captain, Anwar Abu Zaid, used to gun down two Jordanians, two American contractors and one South African had originally arrived in Jordan intended for the Syrian rebel-training programme.

The officials said this finding had come from tracing the serial numbers of the weapons.

Apparently parallel to that investigation, Jordanians have had rumors of the theft for some time.

Word that the weapons intended for the rebels were being bought and sold on the black market leaked into Jordan government circles last year, when arms dealers began bragging to their customers that they had large stocks of US- and Saudi-provided weapons.

Jordanian intelligence operatives monitoring the arms market – operatives not involved in the weapons-diversion scheme – began sending reports to headquarters about a proliferation of weapons in the market and of the boasts of the arms dealers.

 

Here’s the thing. The article says the theft and sale of the arms has led to a flood of new weapons on the black market.

The theft and resale of the arms – including Kalashnikov assault rifles, mortars and rocket-propelled grenades – have led to a flood of new weapons available on the black arms market.

Investigators do not know what became of most of them, but a disparate collection of groups, including criminal networks and rural Jordanian tribes, use the arms bazaars to build their arsenals.

Perhaps that’s true within Jordan. But the weapons came from the black market in the first place — from the Balkans and elsewhere in Eastern Europe, the story explains. So what has really happened is that the US and Saudis have transported weapons to Jordan, only to have them appear back on the black market there, with some cash in the pockets of some Jordanian officers.

And after the Americans and Saudis complained, there was a crack down with no real consequences for those involved.

Jordanian officials who described the operation said it had been run by a group of GID logistics officers with direct access to the weapons once they reached Jordan. The officers regularly siphoned truckloads of the weapons from the stocks, before delivering the rest of the weapons to designated drop-off points.

Then the officers sold the weapons at several large arms markets in Jordan.

[snip]

It is unclear whether the current head of the GID, General Faisal al-Shoubaki, had knowledge of the theft of the CIA and Saudi weapons. But several Jordanian intelligence officials said senior officers inside the service had knowledge of the weapons scheme and provided cover for the lower-ranking officers.

[snip]

After the Americans and Saudis complained about the theft, investigators at the GID arrested several dozen officers involved in the scheme, among them a lieutenant colonel running the operation. They were ultimately released from detention and fired from the service, but were allowed to keep their pensions and money they gained from the scheme, according to Jordanian officials.

One more point: the story notes that Obama authorized this program, which the story reveals is called Timber Sycamore, in 2013. It says it is run by the US and several Arab intelligence programs, but neglects to mention Qatar is a key player.

Now, it is true, as far as we know, that official covert CIA involvement started in 2013. But the rebel program dates back earlier, to 2011. The US got more involved in 2013, in part, to try to put some order to the program. You know: to ensure that weapons got to the people we wanted them to get to?

And here were learn — because a Jordanian officer gone back shot up the training program one day — that at least some of those weapons weren’t actually going where they were supposed to?

Friday, June 24, 2016

Democracy Has Always Been Post-Factual

In my earlier post on Brexit, I pointed to this comment, which has gotten a lot of attention. I agree with what the comment said about swapping elites (its first point) and the impact on the young (its second). But I don’t agree with the third:

Thirdly and perhaps most significantly, we now live in a post-factual democracy. When the facts met the myths they were as useless as bullets bouncing off the bodies of aliens in a HG Wells novel.

I’m not saying that the Brexit side told the truth about the downsides of exiting. Indeed, within hours of victory, Ukip leader Nigel Farage admitted a key claim made in Brexit propaganda, that the UK would save £350 million a week that could be put into social services like the National Health Service (which got cut significantly under Cameron) was a “mistake.”

I’m not even saying that this election, in the UK, was not exception in terms of the bald propaganda unleashed. I haven’t seen that measured, but everything I’ve heard reports that it was awful.

Still, what does it mean that we live in a post-factual democracy? I thought, at first, that the US is just ahead of its cousin, in that we’ve had WMD and birther lies for over a decade. But the UK had the very same WMD lies. Indeed, both countries have proudly lied about national security secrets for decades, centuries in England.

Plus, as I thought back in US history, I couldn’t get to a time when democracy didn’t depend on some key, big lies. Remarkably, they’re still some of the very same lies mobilized in the Brexit vote. You don’t get a United States, you don’t get a British Empire, without spewing a lot of lies about the inferiority of black (brown, beige, continental) men. You don’t get America, as it currently exists, without the myth of American exceptionalism, the unique national myth that has served to root an increasingly diverse former colony. You don’t get Britain without certain beliefs, traced back to Matthew Arnold and earlier, about the enobling force of British culture.

Those myths are precisely what have driven the democracy of both countries for a long time. They were a way of imposing discipline, privilege, and selective cohesion such that less privileged members of those included in the myth would buy in and tolerate the other inequities without undue violence.

They’re really the same myths deployed by some in Brexit: the immigrants, not the austerity policies, are taking your jobs and disrupting your English way of life.

Perhaps we’re moving closer to a fact-based democracy. Access to rebut sanctioned lies is more readily accessible, though the scaffold of spying makes it harder to release, except in bulk. We’re becoming more cosmopolitan, too. At least some voted Remain for that reason — the old nationalism has been dented in the decades of a failed European experiment.

But make no mistake, the myths have always been there. We’re still trying to break free.

Brexit: Unicorn-Sniffing Naifs Deprived of Their Future

Screen Shot 2016-06-24 at 8.46.11 AM

As you surely know, Britain voted to Brexit the European Union yesterday, confounding predictions and setting off a great deal of uncertainty.

One detail people are focusing most closely on is the age differential shown in a YouGov exit poll. It showed that voters 18-24 voted overwhelmingly to stay in the EU. “The younger generation has lost the right to live and work in 27 other countries,” a widely linked FT comment laid out. “We will never know the full extent of the lost opportunities, friendships, marriages and experiences we will be denied.”

That sentiment, and the overwhelming support for Remain, has been celebrated as wise by the punditocracy — and it probably is.

But the same people celebrating this Millennial view — one that embraced tolerance and opportunity — often as not attacked the overwhelming support by American Millennials for Bernie Sanders. That disproportionate support, coming from a much smaller part of the electorate but by very similar margins, was deemed a naive belief in empty promises (promises, of course, that largely resembled adopting the policies that the EU used to and in some places still represents).

I suspect the reality is that, on top of a real cosmopolitanism among younger people, both votes were just a vote for perceived self-interest, no more or less wise than the votes of their older, less cosmopolitan parents.

Still, those celebrating the UK’s Millennials for their wisdom might give some consideration as to why the underlying cosmopolitanism and interest in European style social policies of the young would be perceived self-interest on both sides of the pond.

There Is No [Easy] Exit

Not an European scholar or sage. Have tried to pay attention to the Brexit question across the pond, but unsure how well I have done so. Generally, however, it has struck me that, given real problems either way for the Brits, the best choice was to stay in the EU.

Really, there was a definitive majority to join then, so what is the plan now?

Tell me why the secrets have disappeared
cover up the traces of wasted years,
the traces of wasted years

build it up alibies for the damned
hide away, don’t ever reveal your plan.

So, what is the plan now for the always diminished, but oh so egotistically adventurous Brits, given they are woefully short on empire and hegemonic power? Oh so much like the terminally behind the queue United States?

Isn’t that a lesson the US ought not heed? If not decades ago, maybe finally now?

The UK may be leaving the collective, but do they really have an exit plan? The number of modalities in which they simply cannot have a great and immediate plan are too number to plow through.

There is no easy exit. Despite the vote in the UK. Germany and France make it clear this is not easy.

Lock it up,
standing behind closed doors
give it up,
no hiding place anymore

The value of the British pound and stock prices in Asia plummeted as financial markets absorbed the news.

I don’t know how it is going to be in the UK going forward. But if the vote is what it looks, the Brexit has occurred.

On the whole, pretty scary proposition, and the effort to get there seems much like the brain dead Trumpian movement afoot here in the States; i.e. shortsighted, uninformed and stupid. Hope I am wrong.

But here we all are, on both sides of the pond, looking inordinately stupid and shortsighted.

The world is being consumed by Trumpalos and Juggalos.

There is no exit.

[If you don’t know this band in the video featured, you should. They are The Angels, and this song is perfectly prescient for today even if from long ago.]

Thursday, June 23, 2016

An Economics For The Left

What would an economics for the left look like? It seems to me that it requires two things. First, it needs an economic theory derived from a close observation of the way the US economy actually behaves, and which creates a framework in which society can choose its goals and implement them effectively and as efficiently as possible. Second, it requires a leftist program, one clearly differentiable from the program of the conservatives and neoliberals which has so miserably failed millions of us, and one that people can understand and can see how it would make for a better world.

Theory

At the beginning of the 20th Century, the productive sector was dominated by a small group of capitalists who were primarily industrialists and financiers. Their control was secured by both federal and state governments in the name of protecting property rights and preventing Socialism. The interests of the rest of the people were for the most part ignored by the government. On the rare occasions when some piece of protective legislation was passed the courts struck it down. When a strike threatened the profits of the capitalists, the courts were quick to legitimate the use of force by governments. Eventually there was a small but effective Socialist Party. The capitalists responded by conflating Socialism with Anarchism and Communism, leading to the Palmer Raids, the jailing of the Socialist leader Eugene Debs, and other actions to crush all opposition to the dominant capitalist ideology.

Socialism came back in a milder form during the Depression, leading to the New Deal under FDR. Many of the major changes were made possible by fear of the Communists, particularly their support of the rights of African-Americans. That fear became stronger during WWII, and the Democrats purged Socialists from their party, starting with Henry Wallace, and the labor unions purged every last Communist and Socialist after the War. That left economics to a temporarily chastened breed of capitalists. By the 1950s there was no effective left opposition to capitalism. What C. Wright Mills called the Capitalist Celebration took over all economic discourse, and with no opposition, it was easy for a new breed of capitalists to push for the Gilded Age form of capitalism which we now call Neoliberalism.

The economic theory underlying this ideology had its roots in the 19th Century. William Stanley Jevons, one of the inventors of the theory of marginal utility and one of the first people to use the mathematical method in economics, wrote in The Theory of Political Economy, § 1.29 (1871).

I wish to say a few words, in this place, upon the relation of Economics to Moral Science. The theory which follows is entirely based on a calculus of pleasure and pain; and the object of Economics is to maximise happiness by purchasing pleasure, as it were, at the lowest cost of pain.

At the very core of neoclassical economics there is a moral judgment about humans and their behavior. Mainstream economics retains that core, and adds a number of other moral judgments. We are selfish utility maximizing creatures, we are purely rational creatures, able to make complex calculations about our utility on the fly. We are rewarded by the market for our skills, so that failure is our own fault, and success is due to our excellence. Economists use terms like moral hazard, and those preaching austerity claim that recessions and depressions are the result of our moral failures and we must be punished for those failures. Citizens acting through government neither can nor should do anything to make things better. Only the free market can save us.

A sensible leftist economic theory would not be grounded in an archaic philosophical theory about the nature of humanity or the nature of individual humans. It should to the maximum extent possible be non-judgmental about humans, and it should be as impervious as possible to the addition of moral overtones. We should look for a descriptive theory based on close observation of the way things work. Modern Money Theory is certainly a model for this kind of theory. Here’s how L. Randall Wray describes it in Modern Money Theory: A Primer on Macroeconomics for Sovereign Monetary Systems, §7.10:

On one level, the MMT approach is descriptive: it explains how a sovereign currency works. When we talk about government spending by keystrokes and argue that the issuer of a sovereign currency cannot run out of them, that is descriptive. When we say that sovereign governments do not borrow their own currency, that is descriptive. Our classification of bond sales as part of monetary policy, to help the central bank hit its interest rate target, is also descriptive. And finally, when we argue that a floating exchange rate provides the most domestic policy space, that is also descriptive.

Functional finance then provides a framework for prescriptive policy.

Any respectable economic theory should lend itself to either side as a plausible framework for solving society’s problems. Here’s what Wray says about that:

However, I also believe that most of the tenets of MMT can be adopted by anyone. It does not bother me if some simply want to use the descriptive part of MMT without agreeing with the policy prescriptions. The description provides a framework for policymaking. But there is room for disagreement over what government should do. Once we understand that affordability is not an issue for a sovereign currency-issuing government, then questions about what government should do become paramount. And we can disagree on those. (Emphasis in original.)

Program

It’s easy to identify a left program for the economy. We simply pick up where Franklin Delano Roosevelt left us, with his Second Bill of Rights. This is from his State of the Union Address, January 11, 1944.

We have come to a clear realization of the fact that true individual freedom cannot exist without economic security and independence. “Necessitous men are not free men.” People who are hungry and out of a job are the stuff of which dictatorships are made.

In our day these economic truths have become accepted as self-evident. We have accepted, so to speak, a second Bill of Rights under which a new basis of security and prosperity can be established for all regardless of station, race, or creed.

Among these are:

The right to a useful and remunerative job in the industries or shops or farms or mines of the Nation;

The right to earn enough to provide adequate food and clothing and recreation;

The right of every farmer to raise and sell his products at a return which will give him and his family a decent living;

The right of every businessman, large and small, to trade in an atmosphere of freedom from unfair competition and domination by monopolies at home or abroad;

The right of every family to a decent home;

The right to adequate medical care and the opportunity to achieve and enjoy good health;

The right to adequate protection from the economic fears of old age, sickness, accident, and unemployment;

The right to a good education.

All of these rights spell security. And after this war is won we must be prepared to move forward, in the implementation of these rights, to new goals of human happiness and well-being.

If it was good enough for FDR, and an inspiration for Bernie Sanders, it’s good enough for me.

It’s time to start thinking about an overarching program for the left, one that enables us to respond to the lives people are living right now. The economy is just one of the issues important to the left, but it sets the framework of permitted solutions to the many other problems we have. In future posts, I plan to take up these issues in more detail.

Thursday: Rough Beast

Mere anarchy is loosed upon the world,
The blood-dimmed tide is loosed, and everywhere
The ceremony of innocence is drowned;
The best lack all conviction, while the worst
Are full of passionate intensity.

— excerpt, The Second Coming by William Butler Yeats, c. 1919

This lovely bit of atmospheric electronica by Ă¥pne sinn from the 2012 album entitled en seier is an odd fit for the anarchic theme. en seier is Norwegian for ‘one victory’, which is how Ă¥pne sinn‘s Steve Brand characterizes each day of life after surviving a heart attack, a personal apocalypse like Yeats’ rough beast of The Second Coming.

The last couple of weeks culminating in today’s Brexit referendum feel like the onset of a global heart attack. Hope we enjoy a victory after this strife, but it’s too soon for more than hope.

Still a little off, not up to any more reading today after staying up far too late watching the House Democrats’ sit-in protest last night. Here’s a few things worth looking at:

  • DIESELGATE: Fuzzy definition of ‘cold’ may have led to EU passenger diesel cars’ spewing more NOX than expected (Ars Technica) — This means ALL EU makers of passenger diesels, not just Volkswagen Group, are producing too much NOX at low temperatures within an unclear range of ‘cold’. We’ve already seen a lawsuit in the U.S. against Mercedes for this reason.
  • ARTIFICIAL INTELLIGENCE: ‘Concrete Risks in AI Safety’ (paper, PDF at arXiv.org) — Researchers from Google Brain, OpenAI, Stanford University and UCBerkeley looked at the potential risks of using AI. specifically

    …the problem of accidents in machine learning systems. We define accidents as unintended and harmful behavior that may emerge from machine learning systems when we specify the wrong objective function, are not careful about the learning process, or commit other machine learning-related implementation errors.

    Worthwhile read, but I see a problem already, though, a blindspot they come so close to resolving but fail to recognize. The research team is not particularly diverse, nor is the AI development community. They will program systems based on a world as they understand it, not as it is even though they believe they are programming for a rich and noisy environment. The results will be far worse than blue screens of death.

  • ELECTRIC VEHICLES: Siemens suggests trucks powered by catenary electric lines (QZ) — Interesting concept, using electricity a la late 1800s trolley cars versus expensive and weighty batteries. But the infrastructure required…I don’t know. But that’s a lot more potential profit for Siemens, eh?
  • ZIKA VIRUS: Lame Congress funding bill on Zika defense is lame (Jezebel) — Really can’t improve on Jezebel’s hed: ‘
    Amid Gun Control Protests, House Passes a Shitty, Ineffective Zika Virus Bill‘. Yeah, that, especially the part where religious fanatics put their personal faith ahead of suffering by ensuring no funds are used by Planned Parenthood for birth control to prevent conception by persons infected with Zika. Hey You Radical Fundamentalist Anti-Science Freaks In Congress: Get Ready To Pay For Many Microcephalic Babies’ Lifetimes And Guillain-BarrĂ© Syndrome Care. Pro-life my left arse cheek. More like pro-torture for women and babies.

That’s enough for today, I need to reserve my strength for the outcome of the Brexit referendum. Toodles.

Wednesday, June 22, 2016

Senate Narrowly Avoids Voting Themselves to become Typos

The McCain (Cornyn) amendment to the Judiciary Appropriations bill that would let them get Electronic Communication Transaction Records with a National Security Letter just narrowly failed to get cloture, with Dan Sullivan flipping his vote to yes near the end but Mike Crapo, a likely no vote, not voting. The final vote was 59-37.

The floor debate leading up to the vote featured a few notable exchanges. Richard Burr was an absolutely douchebag, saying Ron “Wyden is consistently against providing LE the tools it needs to defend the American people.” He did so in a speech admitting that, “My colleague says this wouldn’t stop SB or Orlando. He’s 100% correct.”

Burr also insisted that we can’t let the Lone Wolf provision, which allegedly has never been used, expire. It was extended just last year and doesn’t expire until 2019.

More interesting though was the debate between Burr and Leahy over whether the FBI can’t obtain ECTRs because of a typo in the law as passed in 1993. Leahy basically described that Congress had affirmatively decided not to include ECTRs in NSLs (implicit in this, Congress also did not decide to include it in the 2001 expansion). Burr claimed that Congress meant to include it but didn’t in some kind of oversight.

Here’s how Mazie Hirono and Martin Heinrich described the debate in the report on the Intelligence Authorization, which has a version of the ECTR change.

The FBI has compared expanding these authorities to fixing a “typo” in the Electronic Communications Privacy Act (ECPA).

However, during consideration of ECPA reform legislation in 1993, the House Judiciary Committee said in its committee report that “Exempt from the judicial scrutiny normally
required for compulsory process, the national security letter is an extraordinary device. New applications are disfavored.”

The House Judiciary Committee report also makes clear that the bill’s changes to Section 2709(b) of ECPA were a “modification of the language originally proposed by the
FBI.”

This does not support claims that the removal of the ECTR language was a “typo.”

Burr effectively argued that because law enforcement wanted ECTRs to be included back in 1993, they were meant to be included, and Congress’ exclusion of them was just a typo.

In short, a member of the Senate just argued that if Congress affirmatively decides not to capitulate to every demand of law enforcement, it must be considered a “typo” and not legally binding law.

For the moment, the Senate voted down making itself a “typo,” but Mitch McConnell filed a motion to reconsider, meaning he can bring the vote back up as soon as he arm twists one more vote.

 

Tuesday, June 21, 2016

Key Details about the Mitch McConnell Bid to Expand FBI Surveillance

As I noted, one of the two poison pills that stalled (if not killed) ECPA reform in the Senate Judiciary Committee a few weeks back was a John Cornyn amendment that would give the FBI authority to obtain Electronic Communication Transaction Records — which have been billed as email records, but include far more, including URLs and IP records — with an NSL again.

In a move akin to what he did by attaching CISA to last year’s Omnibus bill, Mitch McConnell has moved to shove that amendment through, this time on the Judiciary Appropriation.

Here are some key details about that effort:

Generally, the amendment would not have prevented the Orlando shooting

Republicans are spinning (and therefore some reporters are reporting) the amendment as “an effort … to respond to last week’s mass shooting in an Orlando nightclub after a series of measures to restrict guns offered by both parties failed on Monday.”

The reason why the ECTR change would not have prevented the Orlando shooting — as I noted when John Cornyn made the same bogus claim — is that, at least according to FBI Director Jim Comey (then what would he know?) FBI already obtained Omar Mateen’s ECTRs. So it is false to say that this is a real response, except insofar as shifting the way FBI would have gotten ECTRs in this case would have had other implications.

The most obvious implication of obtaining ECTRs via a subpoena versus an NSL is the latter’s gag, which the executive would retain significant prerogative over keeping in place years after obtaining the records. NSL gags have been used to hide records collection from their targets — and given that these use a “related to” standard, probably hides the number of innocent people collected for their role in someone else’s suspicious behavior — but the record of the Nicholas Merrill NSL makes it clear the gag served even more prominently to hide the kinds of records the government obtained under a broad definition of ECTR.

FBI is doing this to bypass minimization the FISA Court fought for for years

For tactical reasons, privacy groups have been claiming that permitting FBI to obtain ECTRs with an NSL is an expansion of FBI authority. That’s not technically correct: whether it should have been or not, FBI obtained ECTRs with an NSL from 2001 to 2009, until the publication of an OLC memo gave some tech companies the ability to refuse NSLs asking for ECTRs. Indeed, there’s reason to believe some companies — notably including AT&T — still provide some records beyond those listed in the 2008 OLC memo with just an NSL.

But what happened next is critical for understanding why FBI wants this change now. When ECTR collection moved from NSLs to Section 215 orders starting in 2009, the number of 215 orders spiked from about 30 to about 200, and with that, court mandated minimization procedures spiked, and remained elevated, until FBI finally adopted minimization procedures mandated by the 2006 reauthorization of the authority after Edward Snowden’s leaks (which makes me wonder whether they were actually following FISC-ordered minimization in the interim). Given that we know the spike in 215 orders stemmed from ECTR requests, that has to mean that FISC believed this collection was sufficiently intrusive on innocent people that it needed to be minimized.

Side note: it’s possible that those 175 ECTR records a year were bulky records: more systematic collection on orders issued four times a year, just like the phone dragnet orders, in lieu of tens of thousands of orders obtained via an NSL prior to that. If that’s the case, it’s possible that USA Freedom Act’s limits on bulk have posed a problem for some, though not all, of this bulky collection. In most cases with a designated suspect, as with Mateen, the FBI could still get the records with a subpoena.

This would push through the more expansive of two ECTR efforts

There are actually two efforts to let the FBI obtain ECTRs via NSL. This amendment, which is largely similar to Cornyn’s amendment to ECPA reform, and language already approved in the Intelligence Authorization (see section 803 at pp 64-65) for next year. The Intel Authorization version basically just adds “ECTRs” to the records available under 18 USC 2709.

request the name, address, length of service, local and long distance toll billing records, and electronic communication transactional records of a person or entity, but not the contents of an electronic communication,

The amendment that will get a vote tomorrow, however, lays out what can be obtained in much greater detail with this list:

(A) Name, physical address, e-mail address, telephone number, instrument number, and other similar account identifying information.

(B) Account number, login history, length of service (including start date), types of service, and means and sources of payment for service (including any card or bank account information).

(C) Local and long distance toll billing records.

(D) Internet Protocol (commonly known as ‘IP’) address or other network address, including any temporarily assigned IP or network address, communication addressing, routing, or transmission information, including any network address translation information (but excluding cell tower information), and session times and durations for an electronic communication.

There are three big differences in the Cornyn version. The Cornyn amendment affirmatively permits FBI to obtain payment information. The Cornyn amendment affirmatively permits a lot more information, in addition to that financial information, that is used to correlate identities (things like all types of service used, all possible types of “address” or instrument number, and IP generally; see this post for more on correlations). Finally, Cornyn lays out that ECTRs include IP address information.

Nicholas Merrill described the significance of IP address information in a declaration he submitted, with the explanation, “I believe that the public would be alarmed if they knew what kinds of records the FBI apparently believes constitute ECTR,” in his bid to unseal the NSL he received.

Electronic communication service providers can maintain records of the IP addresses assigned to particular individuals and of the electronic communications involving that IP address. These records can identify, among other things, the identity of an otherwise anonymous individual communicating on the Internet, the identities of individuals in communication with one another, and the web sites (or other Internet content) that an individual has accessed.

Electronic communication service providers can also monitor and store information regarding web transactions by their users. These transaction logs can be very detailed, including the name of every web page accessed, information about the page’s content, the names of accounts accessed, and sometimes username and password combinations. This monitoring can occur by routing all of a user’s traffic through a proxy server or by using a network monitoring system.

Electronic communication service providers can also record internet “NetFlow” data. This data consists of a set of packets that travel between two points. Routers can be set to automatically record a list of all the NetFlows that they see, or all the NetFlows to or from a specific IP address. This NetFlow data can essentially provide a complete history of each electronic communications service used by a particular Internet user.

[snip]

Web servers also often maintain logs of every request that they receive and every web page that is served. This could include a complete list of all web pages seen by an individual, all search terms, names of email accounts, passwords, purchases made, names of other individuals with whom the user has communicated, and so on.

Content Delivery Networks, such as Akamai and Limelight Networks, are availability networks that popular websites use to increase the speed at which their content is delivered to users. For example, many of the country’s top media, entertainment, and electronic commerce companies use Akamai’s services to store images and other rich content so that users can download their pages more quickly. These Content Delivery Networks record every image, webpage, video clip, or other “object” downloaded by every user of their client websites. Content Delivery Networks can therefore serve as independent sources of a user’s web browsing history through the records that they store.

In 2004, when Merrill got his NSL, the FBI included Cell Site Location Information in its definition of ECTR. That is excluded here, but there are ways FBI can obtain general location information from IP address and other data included in ECTRs.

FBI likely would (and will, if and when the Intel Authorization passes) argue that ECTRs include the items identified by Merrill even if passed without the specifying language that appears in the Cornyn amendment. But with the language specifying login history and IP metadata, Cornyn’s gets much closer to admitting that this kind of information is what FBI is really after.

And, as noted, we should assume the reason FBI wants the gags associated with NSLs is to hide what they’re getting even more than from whom they’re getting it.

Long live the allegedly never used Lone Wolf

I said above that the amendment that will get a vote tomorrow is almost the same as the Cornyn amendment was. With regards to the NSL language, they’re virtually identical. But tomorrow’s amendment extends the Lone Wolf provision of the PATRIOT Act — which FBI keeps telling Congress they have never ever used — forever.

I suspect FBI is being disingenuous when they say the Lone Wolf has never been used. I suspect that it, like the roaming wiretap provision, was used by the FISA Court as a concept to justify approving something else. For example, a number of Americans have had FISA warrants deeming them agents of a foreign power even without ever speaking to a member of an actual terrorist group. I suspect — and this is just a wildarsed guess — that FISC will treat a foreign extremist and/or a non-Al Qaeda/ISIS jihadist forum as a lone wolf in concept (the law itself only applies here in the US), thereby finding the ties between the American and that non-formal Islamic extremist entity to reach the bar of agent of a foreign power via foreign-located lone wolf.

If I’m right, the lone wolf provision exists not so much because it has proven necessary as Congress understands it, but as a gimmick to get more Americans treated as foreign agents by FISC. Again, if I’m right, someday this will be disclosed in court (or understood by enough trial judges that it starts being a problem). But if this amendment passes, there will not be an easy time to review the use of lone wolf.

Why didn’t the GOP push this on USA Freedom Act?

There’s one more point I find notable about this. The USA Freedom Act affected both NSL and Section 215 orders last year, both of which are central to the question of how FBI obtains ECTRs. It also extended the Lone Wolf provision to December 15, 2019. In other words, Congress just legislated on precisely these issues, and USA Freedom Act would have been the appropriate time to make changes that might be necessary.

So why didn’t FBI and Comey do that last year?

Discrepancies between Past Versions of Mateen’s Calls and the “Transcript”

As promised, DOJ has censored the transcript of Omar Mateen’s calls with authorities the night of his attack. There is a discrepancy between Jim Comey’s earlier version of the calls and what appears in today’s “transcript.” Here’s what Comey said a week ago.

It is also not entirely clear at this point just what terrorist group he aspired to support; although, he made clear his affinity, at the time of the attack, for ISIL, and generally, leading up to the attack, for radical Islamist groups. He made 911 calls from the club, during the attack, at about 2:30 in the morning, Sunday morning. There were three different calls. He called and he hung up. He called again and spoke briefly with the dispatcher, and then he hung up, and then the dispatcher called him back again and they spoke briefly. There were three total calls.

During the calls he said he was doing this for the leader of ISIL, who he named and pledged loyalty to, but he also appeared to claim solidarity with the perpetrators of the Boston Marathon bombing, and solidarity with a Florida man who died as a suicide bomber in Syria for al Nusra Front, a group in conflict with Islamic State. The bombers at the Boston Marathon and the suicide bomber from Florida were not inspired by ISIL, which adds a little bit to the confusion about his motives.

And here’s what FBI says the censored “transcript” says.

The following is based on Orlando Police Department (OPD) radio communication (times are approximate):

  • 2:02 a.m.: OPD call transmitted multiple shots fired at Pulse nightclub.
  • 2:04 a.m.: Additional OPD officers arrived on scene.
  • 2:08 a.m.: Officers from various law enforcement agencies made entrance to Pulse and engaged the shooter.
  • 2:18 a.m.: OPD S.W.A.T. (Special Weapons & Tactics) initiated a full call-out.
  • 2:35 a.m.: Shooter contacted a 911 operator from inside Pulse. The call lasted approximately 50 seconds, the details of which are set out below:

Orlando Police Dispatcher (OD)
Shooter (OM)

OD: Emergency 911, this is being recorded.
OM: In the name of God the Merciful, the beneficial [in Arabic]
OD: What?
OM: Praise be to God, and prayers as well as peace be upon the prophet of God [in Arabic]. I let you know, I’m in Orlando and I did the shootings.
OD: What’s your name?
OM: My name is I pledge of allegiance to [omitted].
OD: Ok, What’s your name?
OM: I pledge allegiance to [omitted] may God protect him [in Arabic], on behalf of [omitted].
OD: Alright, where are you at?
OM: In Orlando.
OD: Where in Orlando?
[End of call.]

(Shortly thereafter, the shooter engaged in three conversations with OPD’s Crisis Negotiation Team.)

  • 2:48 a.m.: First crisis negotiation call occurred lasting approximately nine minutes.
  • 3:03 a.m.: Second crisis negotiation call occurred lasting approximately 16 minutes.
  • 3:24 a.m.: Third crisis negotiation call occurred lasting approximately three minutes.

In these calls, the shooter, who identified himself as an Islamic soldier, told the crisis negotiator that he was the person who pledged his allegiance to [omitted], and told the negotiator to tell America to stop bombing Syria and Iraq and that is why he was “out here right now.” When the crisis negotiator asked the shooter what he had done, the shooter stated, “No, you already know what I did.” The shooter continued, stating, “There is some vehicle outside that has some bombs, just to let you know. You people are gonna get it, and I’m gonna ignite it if they try to do anything stupid.” Later in the call with the crisis negotiator, the shooter stated that he had a vest, and further described it as the kind they “used in France.” The shooter later stated, “In the next few days, you’re going to see more of this type of action going on.” The shooter hung up and multiple attempts to get in touch with him were unsuccessful.

In Comey’s original version, there were just 3 calls, and only with the dispatcher, two of which included actual conversation. Now, there are 4 total calls, only one with the dispatcher (and no mention of the hang-up). I’d say the difference stemmed from confusion and a conflation, last week,  of all calls with authorities, but there seems to be a counting discrepancy I’d like resolved.

Predictably, the FBI censored details that should have led them to raise questions about Mateen’s invocation of ISIS. It made no mention of what Comey did: that Mateen also invoked al-Nusra and the Tsarnaev brothers (presumably in the calls to the crisis negotiation team), which doesn’t make sense. So rather than elucidating, this “transcript” actually covers over one of the problems with FBI’s reaction.

As noted, there’s also a (more explicable) discrepancy between this “transcript” and what survivor Patience Carter has said (7:16 and following). She said that Mateen said he wanted the US to stop bombing “his country,” which reports on this have interpreted to mean Afghanistan. Given the unbelievable amount of stress she must have been under, I would expect discrepancies in any case. But since she doesn’t specify precisely what he said that she interpreted to mean, “his country,” I don’t think this is a significant discrepancy.

Update: FBI and DOJ have now released the name Abu Bakr al-Baghdadi (calling it the “complete” transcript), but not the other things that would make them look bad.