Wednesday, August 31, 2016

SEKRIT Memo: Ix-Nay on the Artians-May

A mere two days ago, we got tantalizing news of sentient life in space.

An international team of scientists from the Search for Extraterrestrial Intelligence (SETI) is investigating mysterious signal spikes emitting from a 6.3-billion-year-old star in the constellation Hercules—95 light years away from Earth. The implications are extraordinary and point to the possibility of a civilization far more advanced than our own.

The unusual signal was originally detected on May 15, 2015, by the Russian Academy of Science-operated RATAN-600 radio telescope in Zelenchukskaya, Russia, but was kept secret from the international community. Interstellar space reporter Paul Gilster broke the story after the researchers quietly circulated a paper announcing the detection of “a strong signal in the direction of HD164595.”

[snip]

The signal’s strength indicates that if it in fact came from a isotropic beacon, the power source would have to be built by a Kardashev Type II civilization. (The Kardashev scale is used to determine the progress of a civilization’s technological development by measuring how much energy was used to transmit an interstellar message.) An ‘Isotropic’ beacon means a communication source emitting a signal with equal power in all directions while promoting signal strength throughout travel.

This created quite the tizzy among space watchers and had me warning it was a Russian plot to steal the election.

Oh, sure, there were warnings.

“The signal may be real, but I suspect it’s not ET,” Seth Shostak, senior astronomer at the SETI Institute, told GeekWire. “There are other possibilities for a wide-band signal such as this, and they’re caused by natural sources or even terrestrial interference.”

Nick Suntzeff, a Texas A&M University astronomer, agrees. “God knows who or what broadcasts at 11 GHz, and it would not be out of the question that some sort of bursting communication is done between ground stations and satellites,” he told Ars Technica, explaining that the signal was observed in the radio spectrum used by the military. “I would follow it if I were the astronomers, but I would also not hype the fact that it may be at SETI signal given the significant chance it could be something military.”

But nevertheless, last we heard — two whole days ago — America’s ET watchers were going to monitor that location permanently and telescopes in our hemisphere were turning their eye to watch the signal.

Still, he adds, “the signal is provocative enough that the RATAN-600 researchers are calling for permanent monitoring of this target.”

[snip]

In the meantime, the SETI Institute, based in Mountain View, California, directed its Allen Telescope Arraytoward HD 164595 on Sunday night, while METI International (Messaging Extraterrestrial Intelligence) did the same with the Boquete Optical SETI Observatory in Panama.

Turns out, two days into that permanent monitoring, the ET-watchers have decided it’s not ET.

We cautioned readers that, because the signal was measured at 11Ghz, there was a “significant chance” it was of terrestrial origin, likely due to some military activity.

Well, it apparently was. First, astronomers with the search for extraterrestrial intelligence downplayed the possibility of an alien civilization. “There are many other plausible explanations for this claimed transmission, including terrestrial interference,” Seth Shostak, a senior astronomer with SETI, wrote.

Now the Special Astrophysical Observatory of the Russian Academy of Sciences has concurred, releasing a statement on the detection of a radio signal at the RATAN-600 radio astronomy observatory in southern Russia. “Subsequent processing and analysis of the signal revealed its most probable terrestrial origin,” the Russian scientists said.

Or, to put it differently, after secretly monitoring this site 95 light years away for 15 months, the Russians have suddenly figured out that this is terrestrial origin.

Maybe even some kind of military activity.

All of which would seem to raise a bunch of other questions. Like who wrote the memo telling all the ET-watchers to Ix-Nay their stories of Artians-May? Or, if this is previously unseen military activity that Russians couldn’t identify for 15 months (but were might attentive to, mind you), whose military activity that might be? And what that previously unidentified military activity might be?

It probably means Russian martians aren’t going to steal our election. But the more interesting question is what this really was…

Tuesday, August 30, 2016

Breaking: Russians Claim They’ve Found Extraterrestrial Life to Tamper with Our Elections

Russians secretly found what might be a sign of life coming from a star 95 light years away and people are in a tizzy.

An international team of scientists from the Search for Extraterrestrial Intelligence (SETI) is investigating mysterious signal spikes emitting from a 6.3-billion-year-old star in the constellation Hercules—95 light years away from Earth. The implications are extraordinary and point to the possibility of a civilization far more advanced than our own.

The unusual signal was originally detected on May 15, 2015, by the Russian Academy of Science-operated RATAN-600 radio telescope in Zelenchukskaya, Russia, but was kept secret from the international community. Interstellar space reporter Paul Gilster broke the story after the researchers quietly circulated a paper announcing the detection of “a strong signal in the direction of HD164595.”

It turns out, however, that the story got way overhyped.

“No one is claiming that this is the work of an extraterrestrial civilization, but it is certainly worth further study,” wrote Paul Glister, who covers deep space exploration on the website Centauri Dreams. He seems to have missed headlines like “Alien Hunters Spot Freaky Radio Signal Coming From Nearby Star,” “Is Earth Being Contacted by ALIENS? Mystery Radio Signals Come From a Sun-like Star” and “SETI Investigating Mysterious, Extraterrestrial Signal From Deep Space Star System.”

[snip]

“God knows who or what broadcasts at 11 GHz, and it would not be out of the question that some sort of bursting communication is done between ground stations and satellites,” he told Ars Technica, explaining that the signal was observed in the radio spectrum used by the military. “I would follow it if I were the astronomers, but I would also not hype the fact that it may be at SETI signal given the significant chance it could be something military.”

In other words, there’s a good chance the signal is the product of terrestrial activity rather than a missive crafted by extraterrestrial life on a distant exoplanet. For those who prefer a different outcome, there are plenty of movies that can offer more thrilling narratives.

So in the spirit of the silly season that our election has become, I’m going to go one better, taking the word “Russia” and some very thin evidence and declare this an election year plot. Everything else that has thin evidence and the word Russia is an election year plot, after all.

Consider the latest panic, caused by someone leaking Michael Isikoff an FBI alert on two attacks on voter files that took place this summer. Isikoff wasted no time in finding a cyber contractor willing to sow panic about Russians stealing the election.

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.

[snip]

“This is a big deal,” said Rich Barger, chief intelligence officer for ThreatConnect, a cybersecurity firm, who reviewed the FBI alert at the request of Yahoo News. “Two state election boards have been popped, and data has been taken. This certainly should be concerning to the common American voter.”

Barger noted that one of the IP addresses listed in the FBI alert has surfaced before in Russian criminal underground hacker forums. He also said the method of attack on one of the state election systems — including the types of tools used by the hackers to scan for vulnerabilities and exploit them — appears to resemble methods used in other suspected Russian state-sponsored cyberattacks, including one just this month on the World Anti-Doping Agency.

Ellen Nakashima claimed the FBI had stated “Russians” were behind the attack and then talked about how Russia (rather than journalists overhyping the story) might raise questions about the integrity of our elections.

Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state.

The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week.

It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County.

Roberts said FBI investigators did not specify whether the hackers were criminals or employed by the Russian government.

[snip]

Until now, countries such as Russia and China have shown little interest in voting systems in the United States. But experts said that if a foreign government gained the ability to tamper with voter data — for instance by deleting registration records — such a hack could cast doubt on the legitimacy of U.S. elections.

She also cites the same Barger fellow that Isikoff did who might make a buck off sowing fear.

Then Politico quoted an FBI guy and someone who works with state election officials (who are not on the normal circulation lists for these alerts) stating that the alert which is not all that unusual is unprecedented.

But some cyber experts said the FBI’s alert, first revealed by Yahoo News on Monday, could be a sign that investigators are worried that foreign actors are attempting a wide-scale digital onslaught.

A former lead agent in the FBI’s Cyber Division said the hackers’ use of a particular attack tool and the level of the FBI’s alert “more than likely means nation-state attackers.” The alert was coded “Amber,” designating messages with sensitive information that “should not be widely distributed and should not be made public,” the ex-official said.

One person who works with state election officials called the FBI’s memo “completely unprecedented.”

“There’s never been an alert like that before that we know of,” said the person, who requested anonymity to discuss sensitive intergovernmental conversations.

Multiple former officials and security researchers said the cyberattacks on Arizona’s and Illinois’ voter databases could be part of a suspected Russian attempt to meddle in the U.S. election, a campaign that has already included successful intrusions at major Democratic Party organizations and the selective leaking of documents embarrassing to Democrats. Hillary Clinton’s campaign has alleged that the digital attacks on her party are an effort by Russian President Vladimir Putin’s regime to sway the election to GOP nominee Donald Trump. Moscow has denied any involvement.

Then David Sanger used a logically flawed Harry Reid letter calling for an investigation to sow more panic about the election (question: why is publishing accurate DNC documents considered “propaganda”?).

It turns out the evidence from the voting records hacks in the FBI alert suggests the hacks involved common tools that could have been deployed by anyone, and the Russian services were just one of several included in the hack.

Those clued-in to the incidents already knew that SQL Injection was the likely cause of attack, as anyone familiar with the process could read between the lines when it came to the public statements.

The notion that attackers would use public VPS / VPN providers is also a common trick, so the actual identity of the attacker remains a mystery. Likewise, the use of common SQL Injection scanners isn’t a big shock either.

The interesting takeaway in all of this is that a somewhat sensitive memo was leaked to the press. The source of the leak remains unknown, but flash memos coded to any severity other than Green rarely wind-up in the public eye. Doing so almost certainly sees access to such information revoked in the future.

And yet, there is nothing overly sensitive about the IOCs contained in this memo. The public was already aware of the attacks, and those in the industry were certain that something like SQL Injection was a possible factor. All this does is prove their hunches correct.

As for the attribution, that’s mostly fluff and hype, often used to push an agenda. Those working in the trenches rarely care about the Who, they’re more interested inWhat and How, so they can fix things and get the business back to operational status.

And Motherboard notes that stealing voter data is sort of common.

On Monday, Yahoo reported the FBI had uncovered evidence that foreign hackers had breached two US state election databases earlier this month. The article, based on a document the FBI distributed to concerned parties, was heavily framed around other recent hacks which have generally been attributed to Russia, including the Democratic National Committee email dump.

The thing is, voter records are not some extra-special commodity that only elite, nation-sponsored hackers can get hold of. Instead, ordinary cybercriminals trade this sort of data, and some states make it pretty easy to obtain voter data through legal means anyway.

In December of last year, CSO Online reported that a database of some 191 million US voter records had been exposed online. They weren’t grabbed through hacking, per se: the dump was available to anyone who knew where to look, or was happy to just cycle through open databases sitting on the internet (which, incidentally, common cybercriminals are).

In other words, by all appearances there is no evidence to specifically tie these hacks even to Russian criminals, much less than the Russian state. But the prior panic about the DNC hack led to a lower trigger for alerts on a specific kind of target, voter rolls, which in turn has fed the panic such that most news outlets have some kind of story proving Russian life on Mars based on the shadows they saw in the sand.

It’s not the Russian’s who are raising questions about the voting integrity — beyond questions that have persistently been raised for 15 years which have already lowered confidence in our voting system. It is shitty reporting.

So I’m going to join in. These ETs 95 light years away? I’m positive they want to steal our election.

Wednesday, August 24, 2016

Takedowns of Shadow Brokers Files Affirm Files as Stolen

I’ve been wondering something.

Almost immediately after the Shadow Brokers posted their Equation Group files, GitHub, Reddit, and Tumblr took down the postings of the actual files. In retrospect, it reminded me of the way Wikileaks was booted off PayPal in 2010 for, effectively, publishing files.

So I sent email to the three outlets asking on what basis they were taken down. GitHub offered the clearest reason. In refreshingly clear language, its official statement said,

Per our Terms of Service (section A8), we do not allow the auction or sale of stolen property on GitHub. As such, we have removed the repository in question.

Mind you, A8 prohibits illegal purpose, not the auction of stolen property:

You may not use the Service for any illegal or unauthorized purpose. You must not, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright or trademark laws).

Moreover, at least in its Pastebin explanation, Shadow Brokers were ambiguous about how they obtained the files.

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

They state they “found” the files, or at least traces of the files, and only say they “hacked” to obtain them to get to the latest stage. If they (in the Russian theory of the files) were “found” on someone’s own system, does that count as “stealing” property?

Tumblr wasn’t quite as clear as GitHub. They said,

Tumblr is a global platform for creativity and self-expression, but we have drawn lines around a few narrowly defined but deeply important categories of content and behavior, as outlined in our Community Guidelines. The account in question was found to be in violation of these policies and was removed.

But it’s not actually clear what part of their user guidelines Shadow Brokers violated. They’ve got a rule against illegal behavior.

I guess the sale of stolen property is itself illegal, but that goes back to the whole issue of Shadow Brokers’ lack of clarity of how they got what they got. Their property specific guidelines require someone to file a notice.

Intellectual property is a tricky issue, so now is as good a time as any to explain some aspects of the process we use for handling copyright and trademark complaints. We respond to notices of alleged copyright infringement as per our Terms of Service and the Digital Millennium Copyright Act; please see our DMCA notification form to file a copyright claim online. Please note that we require a valid DMCA notice before removing content. Parties asserting a trademark infringement claim should identify the allegedly infringing work and the legal basis for their claim, and include the registration and/or application number(s) pertaining to their trademark. Each claim is reviewed by a trained member of our Trust and Safety team.

If we remove material in response to a copyright or trademark claim, the user who posted the allegedly infringing material will be provided with information from the complainant’s notice (like identification of the rightsholder and the allegedly infringed work) so they can determine the basis of the claim.

The tech companies might claim copyright violations here (or perhaps CFAA violations?), but the files came down long before anyone had publicly IDed them as the victims. So the only “owner” here would  be the NSA. Did they call Tumblr AKA Verizon AKA a close intelligence partner of the NSA?

Finally, Shadow Brokers might be in violation of Tumblr’s unauthorized contests.

The guidelines say you can link to whackjob contest (which this is) elsewhere, but you do have to make certain disclosures on Tumblr itself.

One more thing about Tumblr, though. It claims it will give notice to a user before suspending their content.

Finally, there’s Reddit, which blew off my request altogether. Why would they take down Shadow Brokers, given the range of toxic shit they permit to be posted?

They do prohibit illegal content, which they describe as,

Content may violate the law if it includes, but is not limited to:

  • copyright or trademark infringement
  • illegal sexual content

Again, GitHub’s explanation of this as selling stolen property might fit this description more closely than copyright infringement, at least of anyone who would have complained early enough to have gotten the files taken down.

The more interesting thing about Reddit is they claim they’ll go through an escalating series of warning before taking down content, which pretty clearly did not happen here.

We have a variety of ways of enforcing our rules, including, but not limited to

  • Asking you nicely to knock it off
  • Asking you less nicely
  • Temporary or permanent suspension of accounts
  • Removal of privileges from, or adding restrictions to, accounts
  • Adding restrictions to Reddit communities, such as adding NSFW tags or Quarantining
  • Removal of content
  • Banning of Reddit communities

Now, don’t get me wrong. These are dangerous files, and I can understand why social media companies would want to close the barn door on the raging wild horses that once were in their stable.

But underlying it all appears to be a notion of property that I’m a bit troubled by. Even if Shadow Brokers stole these files from NSA servers — something not at all in evidence — they effectively stole NSA’s own tools to break the law. But if these sites are treating the exploits themselves as stolen property, than so would be all the journalism writing about it.

Finally, there’s the question of how these all came down so quickly. Almost as if someone called and reported their property stolen.

The Two Tales of Russia Hacking NYT

Yesterday, CNN posted this “first on CNN” story:

Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at The New York Times and other US news organizations, according to US officials briefed on the matter.

The intrusions, detected in recent months, are under investigation by the FBI and other US security agencies. Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said.

Here’s what the NYT’s own account of the hacking (attempt) is:

The New York Times’s Moscow bureau was the target of an attempted cyberattack this month. But so far, there is no evidence that the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” said Eileen Murphy, a spokeswoman for The Times. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

[snip]

The New York Times’s Moscow bureau was the target of an attempted cyberattack this month. But so far, there is no evidence that the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” said Eileen Murphy, a spokeswoman for The Times. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

So CNN tells an alarming story about specific reporters being targeted that fits into a larger narrative, citing both the FBI (in which Evan Perez has very good sources) and “other US security agencies,”  which presumably means the NSA. NYT tells an entirely different story, stating that an attack on its bureau in Russia was targeted unsuccessfully, relying solely on official sources as the FBI. One wonders why the NYT story required Nicole Perloth and David Sanger, and also why David Sanger didn’t cite any of his extensive sources at NSA, where these allegations appear to derive.

It’s quite possible both of these stories are misleading. But they do raise questions about why the spooks want to sensationalize these Russian hacks while NYT chooses to downplay them.

North Dakota and Feds Suppress Native American Pipeline Protesters

[top: planned Dakota Access pipeline route, via Dakota Access LLC; bottom: Keystone XL pipeline, via Independent-UK]

[top: planned Dakota Access pipeline route, via Dakota Access LLC; bottom: Keystone XL pipeline, via Independent-UK]

What’s the difference between these two pipelines? Only variations are the origin of the oil they may transport and their location as far as I can tell since they are described as competing pipelines.

Oh, and the Keystone XL pipeline was vetoed by President Obama a year ago this past February because Congress tried to ram through approval, attempting to “circumvent longstanding and proven processes for determining whether or not building and operating a cross-border pipeline serves the national interest,” according to the president.

In both cases — Keystone XL and the Dakota Access — the planned pipelines traversed Native American tribal lands and/or water systems upon which these sovereign nations relied. The affected tribes have protested the credible threats these pipelines pose to their health and safety as well as their heritage and sovereignty.

The threat is real; there have been 11 pipeline accidents since 2000 on lines carrying oil or gasoline across the Dakotas. One of those pipeline accidents resulted in roughly 20,000 barrels or 865,000 gallons of oil spilling beneath a farm in North Dakota in 2013. There was a ten-day lag after the farmer brought the spill to the company’s attention until the state’s governor heard about the accident — ridiculous, considering North Dakota is the 47th largest state in terms of population, at less than 800,000 residents. It’s not like there were a lot of people in the way. The spill covered an area equal to seven football fields and clean-up is still under way and may not be completed until some time in 2017. The North Dakota Tesoro pipeline oil spill is one of the largest in the U.S. to date.

Oil producers and pipeline owners/operators have frankly been lousy in their responsibilities to the public. It’s not just the 11 pipeline accidents in the Dakotas since 2000; it’s a rather lengthy list of them across the entire country and a lengthy track record of crappy response to the damage done to the environment. My state, Michigan, which is surrounded by the largest bodies of fresh water in the world, is also the site of the largest oil pipeline spill in the U.S. In 2010, more than 1.1 million gallons of oil spilled, much of it into a waterway. Alarms notifying the pipeline’s owner, Enbridge, of the spill were initially ignored for 17 hours, blown off as operation notifications.

Simply unacceptable.

The Native American tribes have no reason whatsoever to believe oil producers and pipeline owners/operators will act with any more care than they have to date. Further, they have no reason to trust the U.S. government about these pipelines, either. They have been betrayed and damaged again and again by the U.S. — excessive and mortal police brutality, theft of human remains, theft and mismanagement of billions in assets, the indignity of fighting to remove the name of a mass murderer from public lands, the catastrophic contamination of the San Juan River supplying water to the Navajo nation — the insults are endless.

The latest insult: North Dakota’s Governor Jack Dalrymple signed an executive order to obtain more funding for additional police to deter approximately 1,500 protesters. The state has pulled water supplies used by the protesters and refused to allow portable toilets to be emptied. This follows a temporary restraining order granted to Dakota Access LLC by a federal district court against protesters’ interference with pipeline work. Native Americans have also been prevented from leaving reservation land, which may be a violation of civil rights and treaties.

Native Americans have legitimate concerns with the Dakota Access pipeline. For one, its planned route crosses the Missouri River which serves as the entire water source for the Standing Rock Sioux Tribe; the Army Corp of Engineers (ACOE) approved 200 water crossings by the pipeline in spite of requests by the Sioux to deny construction permits. The ACOE, however, reviewed and rejected an alternate pipeline route crossing the Missouri River near Bismarck as it was deemed a threat to the municipal water supply. This looks like outright racism on the face of it; the pipeline is a threat to 92% white Bismarck, but not a sovereign Native American tribe?

Secondly, the ACOE has been asked by U.S. Environmental Protection Agency (EPA), the U.S. Department of Interior (DOI) and the Advisory Council on Historic Preservation to conduct an investigation and prepare a formal Environmental Impact Statement (EIS), requiring consultation with the affected tribes. No EIS appears to have been conducted to date. In addition to the health and environmental safety concerns related to the pipeline’s installation and operation, the historical significance of the area is inadequately documented. The lack of a thorough assessment means the current Dakota Access pipeline plan may disrupt an older Mandan village site where Mandan may be buried. The site has cultural and religious significance to tribes and should be protected by the Advisory Council on Historic Preservation under federal law.

Dakota Access LLC is pressing for this pipeline to reduce the costs of oil. Shipping crude oil from North Dakota’s Bakken Shale reserve by rail or truck is more expensive than shipping by pipeline.

That is until ALL the true costs and externalities are added, like the spills, remediation, short- and long-term health and environmental problems are added. These costs haven’t been added to the true cost of oil and are instead a gamble which humans living nearest to the pipeline must pay if there is a failure.

[10-year monthly price of WTI per barrel via Megatrends]

[10-year monthly price of WTI per barrel via Megatrends]

While the oil producers and pipeline operators continue to hammer away at the cost of oil, the price of oil has fallen. They can’t drop the cost fast enough and deep enough to realize a return on investment. They will cut corners as much as possible as the price of oil falls — and it will, if demand for oil also falls as it has with the rise of hybrid and electric vehicles. Cutting corners means there will be greater risk the pipeline will not be adequately monitored or maintained, just as it wasn’t in Michigan.

As more and more alternative, green energy resources come on line along with the technology to use them, it will make even less sense to invest in pipelines which may not carry all that much oil. The Bakken Shale reserve is estimated at several hundred billion barrels of oil, but the amount which can be recovered readily and economically is much less than 10% of the estimated total reserve. If the oil is too expensive to extract AND competing energy resources are both cheaper and available, why build this pipeline at all? How is enabling our continuing addiction to oil in the long-term best interests of our country?

It will take some spine to do the right thing and force this project to slow down for a full EIS assessment. It will take even more spine to point out we are both at the end of fossil fuel and at the limit of our disregard for Native Americans’ lives. It can be done, however; just ask Canada’s Justin Trudeau how he did it.

Monday, August 22, 2016

The Government Uses FISCR Fast Track to Put Down Judges’ Rebellion, Expand Content Collection

Since it was first proposed, I’ve been warning (not once but twice!) about the FISCR Fast Track, a part of the USA Freedom Act that would permit the government to immediately ask the FISA Court of Review to review a FISC decision. The idea was sold as a way to get a more senior court to review dodgy FISC decisions. But as I noted, it was also an easy way for the government to use the secretive FISC system to get a circuit level decision that might preempt traditional court decisions they didn’t like (I feared they might use FISCR to invalidate the Second Circuit decision finding the phone dragnet to be unlawful).

Sure enough, that’s how it got used in its first incarnation — not just to confirm that the FISC can operate by different rules than criminal courts, but also to put down a judges rebellion.

As I noted back in 2014, the FISC has long permitted the government to collect Post Cut Through Dialed Digits using FISA pen registers, though it requires the government to minimize anything counted as content after collection. It reviewed that issue in 2006 and 2009 (both ties after magistrates in the criminal context deemed PCTDD to be content that was impermissible).

At least year’s semiannual FISC judges’ conference, some judges raised concerns about the FISC practice, deciding they needed to get further briefing on the practice. So when approving a standing Pen Register, the FISC told the government it needed further briefing on the issue.

Screen Shot 2016-08-22 at 5.39.13 PM

They didn’t deal with it for three months until just as they were submitting their next application. At that point, there was not enough time to brief the issue at the FISC level, which gave then presiding judge Thomas Hogan the opportunity to approve the PRTT renewal and kick the PCTDD issue to the FISCR, with an amicus.

Screen Shot 2016-08-22 at 5.43.08 PM

Importantly, when Hogan kicked the issue upstairs, he did not specify that this legal issue applies only to phone PRTTs.

Screen Shot 2016-08-22 at 5.45.02 PM

At the FISCR, Mark Zwillinger was permitted to weigh in as an amicus. He saw the same problem as I did. While the treatment of phone PCTDD is bad but, if properly minimized, not horrible, it becomes horrible once you extend it to the Internet.

Screen Shot 2016-08-22 at 5.59.12 PM

The FISCR didn’t much care. They found the collection of content using a PRTT, then promising not to use it except to protect national security (and a few other exceptions to the rule that the government has to ask FISC permission to use this stuff) was cool.

Screen Shot 2016-08-22 at 5.47.34 PM

Along the way, the FISCR laid out several other dangerous precedents that will have really dangerous implications. One is that content to a provider may not be content.

Screen Shot 2016-08-22 at 5.55.29 PM

This is probably the issue that made the bulk PRTT dragnet illegal in the first place (and created problems when the government resumed it in 2010). Now, the problem of collecting content in packets is eliminated!

Along with this, the FISCR extended the definition of “incidental” to apply to a higher standard of evidence.

Screen Shot 2016-08-22 at 6.07.50 PM

Thus, it becomes permissible to collect using a standard that doesn’t require probable cause something that does, so long as it is “minimized.”

Finally, addition, FISCR certified the redefinition of “minimization” that FISC has long adopted (and which is crucial in some other programs). Collecting content, but then not using it (except for exceptions that are far too broad), is all good.

Screen Shot 2016-08-22 at 6.01.41 PM

In other words, FISCR not only approved the narrow application of using calling card data but not bank data and passwords (except to protect national security). But they also approved a bunch of other things that the government is going to turn around and use to resume certain programs that were long ago found problematic.

I don’t even hate to say this anymore. I told privacy people this (including someone involved in this issue personally). I was told I was being unduly worried. This is, frankly, even worse than I expected (and of course it has been released publicly so the FISCR can start chipping away at criminal protections too).

Yet another time my concerns have been not only borne out, but proven to be insufficiently cynical.

Blame It On The Bossa Nova: Lochte and Brazilian Police

The travails of the Ryan Lochte gang of American Swimmers has been playing out for a full week now. The result has been almost universal scorn, if not hatred, for Lochte et. al, and almost complete credulous acceptance of the somewhat dubious, if extremely strident, pushback and claims of the Brazilian Police.

Frankly, neither side’s story ever sat quite right with me. But Lochte’s story, among other exaggeration/fabrication, always, from the start, indicated that the swimmers were pulled from a taxi at gun point, by people in uniform with badges, who pointed guns at them, and took money from them.

And then came the dog and pony show press conference staged by the Brazilian Police for a worldwide audience during mid-day on Thursday August 18. It was a bizarre and rambling presser, that was nearly comical in its staging during its opening portion. It did, however, make clear that there was a lot more to the full story than Lochte had told, and that some of his story was flat wrong. But, if you listened carefully, as I am wont to do with cops making self serving statements, it, along with previous statements made by the police, also pretty much confirmed the swimmers were pulled from a taxi at gun point, by people in uniform with badges, who pointed guns at them, and took money from them.

So, then the question was what “crimes” and/or “vandalism” had Lochte and the swimmers really caused? There was an early news crew, I think NBC, that went to the site and did not really find all that much damage. As the statements by both Lochte and the other swimmers, notably Gunnar Bentz, came out, it was clear that there was a real question as to what, if any, real damage was done. And a question of who engaged in exactly what criminal behavior at that gas station in the early morning of August 15.

Well, now it is starting to come out. And, as expected, the Brazilians have ginned up every bit as much “over-exaggeration” as Ryan Lochte. From today’s USA Today Investigative Team of Taylor Barnes and David Meeks, which confirms some of the work previously seen from (again, I believe) NBC. It is a pretty thorough and convincing report:

But a narrative of the night’s events – constructed by USA TODAY Sports from witness statements, official investigations, surveillance videos and media reports – supports Lochte’s later account in which he said that he thought the swimmers were being robbed when they were approached at a gas station by armed men who flashed badges, pointed guns at them and demanded money.

A Brazilian judge says police might have been hasty in determining that the security guards who drew guns on the swimmers and demanded money did not commit a robbery. A lawyer who has practiced in Brazil for 25 years says she does not think the actions of Lochte and teammate Jimmy Feigen constitute the filing of a false police report as defined under Brazilian law.

An extensive review of surveillance footage by a USA TODAY Sports videographer who also visited the gas station supports swimmer Gunnar Bentz’s claim that he did not see anyone vandalize the restroom, an allegation that in particular heightened media portrayals of the four as obnoxious Americans behaving recklessly in a foreign country. Meanwhile, Rio authorities have declined to identify the guards or offer any details beyond confirming they are members of law enforcement who were working a private security detail.

Now, we can’t compare that with everything the Brazilian police have, because they have been hiding a lot of their material and, apparently, misrepresenting substantial portions of it from the start. But everything within the USA Today piece corresponds with the various videos obtained by the various media outlets, whether Brazilian, American or international, and corresponds with Gunnar Bentz’s statement, which nobody, even, quite notably the Brazilians, including police, seems to contest in the least.

In short, the overall picture of the incident seems to be bigger and more complex, with some outrageous conduct by not just the American swimmers, but also, and substantially, the Brazilians. Oh, and about that “bathroom trashing damage”? That appears to be vapor too:

At a news conference Thursday, Rio police chief Fernando Veloso characterized the athletes’ actions at the gas station as vandalism. He said they also had broken a soap dispenser and mirror inside the restroom. Reports quickly grew that the Americans had trashed the restroom.

A USA TODAY Sports videographer who visited the bathroom Thursday found no damage to soap dispensers and mirrors and said none of those items appeared to be new. Some media accounts suggested the men had broken down a door, which USA TODAY Sports also did not observe.

Bentz said in his statement that he believes there are surveillance videos shot from different angles that have not been released. He also said he did not see anyone damage the bathroom or even enter it.

Oh, and that much ballyhooed “sign” supposedly damaged? Reports are that it was a minor crack in a cheap plastic cover and that the swimmers were made to pay out approximately $400 to cover what appears to be nonsense. Additionally, irrespective of what the “security guards” extracted from the swimmers at gunpoint, swimmer James Feigan was made to pay the amount of $11,000 as a “donation” simply in order to leave the country and return home. That is not a “donation”, that is a flat out outrageous extortion demand and payment extracted by Brazilian authorities.

I wonder what bloviating sports columnists so full of righteous outrage and apologia will say now? Brazil is to be commended for putting on a great Olympics, and doing so under difficult constraints and conditions. But for the green pools (that affected nothing in the long run), they really pulled off a fantastic, admirable and beautiful show. Even the rain did not phase or slow down the glorious closing ceremonies Sunday night.

But one point on which Brazilian authorities “over-exaggerated”, overreacted, and failed to acquit themselves well on was in relation to the randy American swimmers. According to the USA Today report, even judges in Rio are wondering if they were hoodwinked in the rush of outrage by the authorities.

The distress of the Brazilian authorities over the emerging story from the swimmers is perfectly understandable given the dynamics. But, if an international scandal was created by this incident, it appears as if it is every bit as much the fault of the Brazilan police and authorities as it is the American swimmers.

It took two for this little tango.

Saturday, August 20, 2016

Breaking from Saudi Arabia!!! Two Month Old Misleading News

This Reuters exclusive is getting a lot of careless attention. Here’s what a careless reader learns:

Exclusive: U.S. withdraws staff from Saudi Arabia dedicated to Yemen planning

From that headline, particularly the use of the present tense, you might assume that the US is in the process of withdrawing its Yemen-related staff from Saudi Arabia, perhaps in response to the Saudi war crimes earlier this week.

But here’s what the story actually reports: the staff withdrawal happened in June, and was in no way a response to this week’s war crimes.

The June staff withdrawal, which U.S. officials say followed a lull in air strikes in Yemen earlier this year, reduces [sic] Washington’s day-to-day involvement in advising a campaign that has come under increasing scrutiny for causing civilian casualties.

In spite of the fact that this “exclusive” — which has since been reported by other outlets with similarly misleading headlines — describes two month old news, it nevertheless obscures that fact with its editorial choices, as here where it suggests the move “reduces,” in present tense, staff numbers, or the headline which hides that, in fact, the US already withdrew these staffers.

In fact, the report goes on to admit that this was not a response (which would have required a time machine in any case).

U.S. officials, speaking on condition of anonymity, said the reduced staffing was not due to the growing international outcry over civilian casualties in the 16-month civil war that has killed more than 6,500 people in Yemen, about half of them civilians.

But the Pentagon, in some of its strongest language yet, also acknowledged concerns about the conflict, which has brought Yemen close to famine and cost more than $14 billion in damage to infrastructure and economic losses.

“Even as we assist the Saudis regarding their territorial integrity, it does not mean that we will refrain from expressing our concern about the war in Yemen and how it has been waged,” Stump said.

I’d also suggest that reports about what non-uniformed US personnel are doing in Yemen’s immediate neighborhood would be a better gauge of the support we’re giving Saudi Arabia beyond refueling their aistrikes, the latter of which has not stopped at all.

It’s not until the last line two paragraphs of the story that we learn what this misleading news is really about:

U.S. Representative Ted Lieu, a Democrat from California and a colonel in the Air Force Reserve, said he believed such strikes could help galvanize votes for limiting arms transfers to Saudi Arabia.

“When its repeated air strikes that have now killed children, doctors, newlyweds, patients, at some point you just have to say: Either Saudi Arabia is not listening to the United States or they just don’t care,” Lieu said.

Not long ago, the US announced $1.5 billion in new arms sales to Saudi Arabia. Congress has a narrow window to affirmatively veto that sale, and people like Ted Lieu and Rand Paul and Scott Murphy are trying to do just that. The arms sale was announced such that Congress has just one day after they come back in session to reject the transfer. Stories like this — suggesting the US is not as involved in this war as it really is — will make the task all the more difficult.

The reality remains that the US, even the overt uniformed operations, continues to provide key support to Saudi Arabia’s war, and therefore to its war crimes. Selling it more arms in the wake of these most recent war crimes only doubles down on the complicity.

Friday, August 19, 2016

Wealthy Elites and Blowjobs

I haven’t seen this part of the Shadow Broker files get mentioned. The files themselves are addressed to, “!!! Attention government sponsors of cyber warfare and those who profit from it !!!!” with a description of the auction for further files (which most people believe to be fake).

But at the end of the Pastebin file from them, they include this rant.

We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

Ostenisbly, the rant serves to warn that if such tools get out, people might target banks and financial systems, specifically mentioning the hacks on SWIFT (not to mention suggesting that if the other claimed files get out someone might target finance).

Along the way it includes a reference to elites having their top friends announcing “no law broken, no crime commit.” And right before it, this: “make promise future handjobs, (but no blowjobs).”

Maybe I’m acutely sensitive to mentions of blowjobs, especially those received by Bill Clinton, for reasons that are obvious to most of you. But the reference to handjobs but no blowjobs in the immediate proximity of getting off of a crime followed closely by a reference to running for President seems like an oblique reference to the Clintons.

If so, it would place this leak more closely in line with the structure of the other leaks targeting Hillary.

That’s in no way dispositive, but the blowjobs references does merit mentioning.

Where Are NSA’s Overseers on the Shadow Brokers Release?

As Rayne has been noting, a group calling itself the Shadow Brokers released a set of NSA hacking tools. The release is interesting for what it teaches us about NSA’s hacking and the speculation about who may have released so many tools at once. But I’m just as interested by Congress’ reticence about it.

Within hours of the first Snowden leak, Dianne Feinstein and Mike Rogers had issued statements about the phone dragnet. As far as I’ve seen, Adam Schiff is the only Gang of Four member who has weighed in on this

U.S. Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, also spoke with Mary Louise. He said he couldn’t comment on the accuracy of any reports about the leak.

But he said, “If these allegations were true, I’d be very concerned about the impact on the intelligence community. I’d also obviously want to know who the responsible parties were. … If this were a Russian actor — and again, this is multiple ‘ifs’ here — we’d have to ask what is causing this escalation.”

Say, Congressman Schiff. Aren’t you the ranking member of the House Intelligence Committee and couldn’t you hold some hearings to get to the bottom of this?

Meanwhile, both Feinstein (who is the only Gang of Four member not campaigning for reelection right now) and Richard Burr have been weighing in on recent events, but not the Shadow Brokers release.

The Shadow Brokers hack should be something the intelligence “oversight” committees publicly engage with — and on terms that Schiff doesn’t seem to have conceived of. Here’s why:

The embarrassing story that the VEP doesn’t work

Whatever else the release of the tools did (and I expect we’ll learn more as time goes on), it revealed that NSA has been exploiting vulnerabilities in America’s top firewall companies for years — and that whoever released these tools likely knew that, and could exploit that, for the last three years.

That comes against the background of a debate over whether our Vulnerabilities Equities Process works as billed, with EFF saying we need a public discussion today, and former NSA and GCHQ hackers claim we ignorant laypeople can’t adequately assess strategy, even while appearing to presume US strategy should not account for the role of tech exports.

We’re now at a point where the fears raised by a few Snowden documents — that the NSA is making tech companies unwitting (the presumed story, but one that should get more scrutiny) or witting partners in NSA’s spying — have born out. And NSA should be asked — and its oversight committees should be asking — what the decision-making process behind turning a key segment of our economy into the trojan horse of our spooks looks like.

Mind you, I suspect the oversight committees already know a bit about this (and the Gang of Four might even know the extent to which this involves witting partnership, at least from some companies). Which is why we should have public hearings to learn what they know.

Did California’s congressional representatives Dianne Feinstein, Adam Schiff, and Devin Nunes sign off on the exploitation of a bunch of CA tech companies? If they did, did they really think through the potential (and now somewhat realized) impact it would have on those companies and, with it, our economy, and with it the potential follow-on damage to clients of those firewall companies?

The embarrassing story of how NSA’s plumbers lost their toolbox

Then there’s the question of how the NSA came to lose these tools in the first place. While the initial (and still-dominant) presumption about the release is that somehow Russia did this, since then, there have been a lot of stories that feel like disinformation.

First there was David Sanger’s piece wondering about NSA being hacked — based entirely on speculative claims of three security experts (including Edward Snowden) — which nevertheless read like this.

Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden

Shortly thereafter, there were a series of stories based on anonymous former NSA people also speculating, which had the effect of denying that those tools would be available external to NSA in one place.

The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap. (Motherboard was not able to independently verify this claim, and it’s worth bearing in mind that an air-gap is not an insurmountable obstacle in the world of hacking).

That is this story serves to deny what I and others, including Snowden, think is most likely: that someone at the NSA forgot to pack his hammer and screwdriver in his toolbox and his toolbox in his truck after he “fixed” someone’s kitchen sink or, more accurately, a forward deployment got compromised. Which would be embarrassing because we shouldn’t let forward deployments get compromised before we burn all the interesting toys and documents there. But also, we may find out, we’re not supposed to be that far forward deployed. And if we have been, we sure as heck ought not let those we’re forward deploying against find out.

We may learn more about specific targets that make this more clear, which would seem to be the extra bonus that would make compromising all these tools and alerting the NSA that you had them.

The impact of NSA exploiting American firewall companies should have been the subject of public Intelligence Committee oversight hearings when we learned of Juniper Networks vulnerabilities (with whispered comments about the great deal of damage those vulnerabilities had done to US agencies and companies). Given this release, the urgency of some public accountability — from both those at NSA and those purporting to oversee NSA — is overdue.

Wednesday, August 17, 2016

DC Cooties

There have been a series of stories fed to the press this week intended to heighten concerns about Trump advisor Paul Manafort’s ties to Russian thugs (but not his numerous ties to other thugs). The NYT had a story about Manafort receiving cash payments from 2007 to 2012 (that is, well before Trump decided to run for President). And the AP has a story headlined, “AP Sources: Manafort tied to undisclosed foreign lobbying” that describes how Manafort’s partner, Rick Gates, funneled funds from a pro-Yanukovych non-profit to two DC lobbying firms.

Paragraph 10 of the story reveals that it relies on sources from the Podesta Group, one of the lobbying firms in question.

Paragraph 15 begins to explain salient information about the Podesta group: that its ties to the Clinton campaign are as close as Gates’ ties to the Trump campaign.

The founder and chairman of the Podesta Group, Tony Podesta, is the brother of longtime Democratic strategist John Podesta, who now is campaign chairman for Democratic nominee Hillary Clinton. The head of Mercury, Vin Weber, is an influential Republican, former congressman and former special policy adviser to Mitt Romney. Weber announced earlier this month that he will not support Trump.

After being introduced to the lobbying firms, the European nonprofit paid the Podesta Group $1.13 million between June 2012 and April 2014 to lobby Congress, the White House National Security Council, the State Department and other federal agencies, according to U.S. lobbying records.

[snip]

One former Podesta employee, speaking on condition of anonymity because of a non-disclosure agreement, said Gates described the nonprofit’s role in an April, 2012 meeting as supplying a source of money that could not be traced to the Ukrainian politicians who were paying him and Manafort.

In separate interviews, three current and former Podesta employees said disagreements broke out within the firm over the arrangement, which at least one former employee considered obviously illegal. Podesta, who said the project was vetted by his firm’s counsel, said he was unaware of any such disagreements.

In other words, the headline and lead of this story should say something to the effect of, “Trump’s campaign manager’s partner funneled potentially illegal funds to Hillary’s campaign manager’s brother.”

Or more succinctly: “DC is a corrupt, incestuous cesspool.”

But it doesn’t. Instead of telling the story about the broken foreign registry system that permits elites of both parties to take funding from some unsavory characters — some we like, some we hate — the story instead spins this as a uniquely Trump and Manafort problem.

Sure. Vladimir Putin is one scary bastard. But there are a lot of scary bastards, and they’re feeding both sides of the DC pig’s trough.

Monday, August 15, 2016

Six Years Later, the US Continues to Facilitate Saudi War Crimes

Over six years ago, according to a State Department cable liberated by Chelsea Manning, the US ambassador to Saudi Arabia met with Prince Khalid bin Sultan to complain about all the civilians the Saudis killed in an airstrike on a health clinic. Prince Khalid expressed regret about the dead civilians. But the Saudis “had to hit the Houthis very hard in order to ‘bring them to their knees.'”

USG CONCERNS ABOUT POSSIBLE STRIKES ON CIVILIAN TARGETS
——————————————— ———-

2. (S/NF) Ambassador Smith delivered points in reftel to Prince Khaled on February 6, 2010. The Ambassador highlighted USG concerns about providing Saudi Arabia with satellite imagery of the Yemen border area absent greater certainty that Saudi Arabia was and would remain fully in compliance with the laws of armed conflict during the conduct of military operations, particularly regarding attacks on civilian targets. The Ambassador noted the USG’s specific concern about an apparent Saudi air strike on a building that the U.S. believed to be a Yemeni medical clinic. The Ambassador showed Prince Khaled a satellite image of the bomb-damaged building in question.

IF WE HAD THE PREDATOR, THIS MIGHT NOT HAVE HAPPENED
——————————————— ——-

3. (S/NF) Upon seeing the photograph, Prince Khalid remarked, “This looks familiar,” and added, “if we had the Predator, maybe we would not have this problem.” He noted that Saudi Air Force operations were necessarily being conducted without the desired degree of precision, and recalled that a clinic had been struck, based on information received from Yemen that it was being used as an operational base by the Houthis. Prince Khalid explained the Saudi approach to its fight with the Houthis, emphasizing that the Saudis had to hit the Houthis very hard in order to “bring them to their knees” and compel them to come to terms with the Yemeni government. “However,” he said, “we tried very hard not to hit civilian targets.” The Saudis had 130 deaths and the Yemenis lost as many as one thousand. “Obviously,” Prince Khaled observed, “some civilians died, though we wish that this did not happen.”

If only the Saudis had more accurate targeting, Prince Khalid explained — not just satellite imagery from the Americans, but also Predator drones — such unfortunate accidents might not happen.

Six years later, over a year into Saudi Arabia’s latest war against the Houthis, now backed by US satellite imagery and a drone base on Saudi soil, the Saudis are still having unfortunate “accidents,” attacking at least the third of four MSF facilities attacked in Yemen in the last year (Saudis deny responsibility for one of these strikes).

A hospital supported by the international medical humanitarian organization Doctors Without Borders/Médecins Sans Frontières (MSF) in northwestern Yemen was hit by an airstrike today, killing at least 11 people and injuring at least 19.

The attack on Abs Hospital, in Yemen’s Hajjah governorate, occurred at 3:45 pm local time and immediately killed nine people, including an MSF staff member. Two more patients died while being transferred to Al Jamhouri hospital. Five patients remain hospitalized. The hospital, supported by MSF since July 2015, was partially destroyed, and all the remaining patients and staff have been evacuated. The GPS coordinates of the hospital were repeatedly shared with all parties to the conflict, including the Saudi-led coalition, and its location was well- known.

“This is the fourth attack against an MSF facility in less than 12 months,” said Teresa Sancristóval, MSF emergency program manager for Yemen. “Once again, today we witness the tragic consequences of the bombing of a hospital. Once again, a fully functional hospital full of patients and MSF national and international staff members was bombed in a war that has shown no respect for medical facilities or patients.”

“Even with a recent United Nations resolution calling for an end to attacks on medical facilities and with the high-level declarations of commitment to International Humanitarian Law, nothing seems to be done to make parties involved in the conflict in Yemen respect medical staff and patients,” Sancristóval continued. “Without action, these public gestures are meaningless for today’s victims. Either intentional or as a result of negligence, this is unacceptable.”

MSF calls on all parties, and particularly the Saudi-led coalition responsible for the attack, guarantee that such attacks do not happen again.

Congress is finally beginning to complain about these serial war crimes, with Rand Paul and Chris Murphy attempting to block the latest $1.5 billion arms sale to the Saudis, and Ted Lieu issuing this scathing statement in support of an effort to do the same on the House side.

I have tried numerous times to work with the Administration to stop the United States from assisting Saudi Arabia in their indiscriminate killing of civilians in Yemen.  But when Saudi Arabia continues to kill civilians, and in this case children, enough is enough.  Having served on active duty, one of my responsibilities was to teach the Law of War.  I am also a graduate of Air War College.  The indiscriminate civilian killings by Saudi Arabia look like war crimes to me.  In this case, children as young as 8 were killed by Saudi Arabian air strikes. By assisting Saudi Arabia, the United States is aiding and abetting what appears to be war crimes in Yemen.  The Administration must stop enabling this madness now.

Nevertheless, six years later, we’re still getting this kind of lip service from the State Department.

QUESTION: All right. So just to clarify earlier what you said about Yemen in regards —

MS TRUDEAU: Yeah.

QUESTION: — to the hospital bombing this morning, you are – is it fair to say that you’re not coming out and condemning the attack; you’re saying we’re raising concerns with the coalition?

MS TRUDEAU: No, of course we would condemn any attack that hit civilians. We’re gravely concerned by any reports of civilian casualties. What we’re saying is we’ve seen these reports. Of course we would condemn any strike against a hospital.

QUESTION: Okay. Because, I mean, I’ve been hearing you all say for months now that we’re raising these concerns with the Saudi-led coalition, but this is the fourth attack on an MSF medical facility in Yemen in the past year, let alone countless others on clinics and hospitals. Are you concerned that these sort of stern conversations aren’t having the desired effect?

MS TRUDEAU: Well, what we would say – and we’d point you back to what we talked about earlier – is the Saudi-led coalition themselves have taken a look at these, they have done reports. One of those reports – I think one or two has been turned over to the UN. We’ve also called on them to make those reports public. And so there is more transparency in that accountability. We remain gravely concerned about civilian casualties anywhere in the world where they occur, and Yemen is no exception.

We’ve been (claiming to be) gravely concerned about Saudis bombing hospitals for six years now. Yet the only thing we do is throw more and more weapons at the Saudis to help them kill still more civilians.

Saturday, August 13, 2016

Security Territory and Population Part 4: Conclusion of Description of Security and Population

The third lecture by Michel Foucault in Security, Territory and Population begins with a discussion of the systems of law and discipline considered from the standpoint of “norms”. In the system of law, norms are the acceptable behaviors,derived from sacred texts or societal customs or the will of the sovereign. They are then codified and made mandatory. In disciplinary systems, the goal is to identify the best way to do some act, and the people are taught those actions and punished or reeducated for not doing them. In a security system, the ideas of the new sciences of understanding of the nature of the human species are brought to bear on the problem, with the goal of freeing people from the problem, or channeling their behavior into the best known forms. Normalization in the security regime consists in recognizing a problem, and working out solutions using analysis and planning.

He illustrates the latter with a detailed discussion of the introduction of inoculation and the related advances in medicine, administrative controls and statistics, showing that the basic idea of security as a method of government is to treat the population as a whole. There is a nice example of this here. In fact, once you get used to thinking about government as Foucault describes it, you see examples everywhere.

In a law regime, the determination of norms is based on the will of the sovereign, or some sacred text or long-established custom. In a disciplinary regime, the determination of norms is made to fulfill the desires of the powerful, including the sovereign. The examples given, how to load guns, how to form up for a battle, make this clear. Foucault does not discuss the way that norms and the process of normalization are derived in the security regime. How is the decision made as to what problem should be solved, or what behavior should be encouraged or discouraged? These decisions are made through relationships of power, so perhaps we will get more on this later.

Foucault then draws several conclusions.

1. The issues became more important because of the rise of towns as centers of economic and social activity. This changed the relation between sovereigns and their subjects, and required changes in the nature of government.

2. One of the central problems of the town is circulation, not only of humans walking the street but of goods and services moving about, the need for the careful control over the circulation of money, the need for circulation of air and so on. Towns operate on the basis of circulation, which was always an issue, but becomes central as the nature of economic activity changed.

3. One critical difference is that under a security regime, there is no attempt to “… make use of a relationship of obedience between a higher will, of the sovereign, and the wills of those subjected to his will. Security doesn’t depend on “… the exercise of a will over others in the most homogeneous, continuous, and exhaustive way possible. It is a matter rather of revealing a level of the necessary and sufficient action of those who govern.”

4. In a mercantilist state, it becomes clear that the power and strength of a nation are dependent on the activities of the population as a whole. The first source of strength is the merchant and manufacturing elites, but the entire population is also crucial. The strength of the state depends on the agricultural workers and factory laborers both for their work and for their numbers, which keep wages low. For the mercantilists, the population is seen as as a productive force, and not much more.

5. The function of the population under a regime of law is to create wealth for the sovereign. In a mercantile system, a regime of discipline, the goal is still the creation of wealth in the hands of the sovereign and a few others. In both cases, the people are seen as the objects of direct action by the sovereign and the elites.

This changed in the mid-1700s according to Foucault. He argues that once the population becomes an object of study, it becomes apparent that it cannot be changed by the will of the sovereign or by decree.

To say that population is a natural phenomenon that cannot be changed by decree does not mean, however, that it is an inaccessible and impenetrable nature, quite the contrary. … [T]he naturalness identified in the fact of population is constantly accessible to agents and techniques of transformation, on condition that these agents and techniques are at once enlightened, reflected, analytical, calculated, and calculating.

A population cannot be coerced into some new behavior, but it can be indirectly channeled and prodded. The example Foucault gives is currency: money must flow throughout the territory to encourage the people in the countryside to work on farms.

The one thing common across the individuals who make up a population is desire. “Every individual acts out of desire.” Nothing can be done about desire, but if everyone is allowed to act out of desire, according to the Physiocrats the natural outcome is the greatest good for the society. Foucault identifies this as the “matrix” of the utilitarian philosophy.

Foucault notes that he is using the term sovereign less and the word government more as the notion of the population emerges. The government is more than the power of the sovereign. It is a thing in itself, one addressed in much more detail in the next lecture. Foucault says that it is the interplay of the techniques of power and their object that carves out the population as a new reality, and as the object of the techniques of power.

Commentary

1. The first three lectures seem to roam around in circles, adding details as we repeat the loops. This is frustrating, and difficult to follow. It helps to realize that an introduction to a new framework has to start somewhere, and the ideas have to be repeated, developed and explained from several different perspectives. This is how we come to grips with most new ideas, but especially abstract ideas.

2. The idea of political economy, or the economy as an object of study, emerges in this lecture. This economy is driven by Desire. This idea hadn’t appeared in either of the first two lectures, and it appears here with no preparation and no explanation, simply as a fact. This idea deserves more analysis; and it seems odd that Foucault drops it so casually into the discussion.

3. I quoted a section about changing the population through “agents and techniques of transformation”. The gloss Foucault adds “on condition that these agents and techniques are at once enlightened, reflected, analytical, calculated, and calculating” could be misleading. It certainly does not mean that the agents must be decent humans with the best interests of society as a whole in their hearts. It’s simply a matter of technique, which can be used for any purpose.

4. Obviously these are not the only techniques that work to change society, or at least large parts of the population. Trump is a good example, and there are plenty of others whose techniques are good at changing things. In any event, the old techniques are not lost. Consider policing as we see it in Baltimore and Chicago. It sounds just like the law regime Foucault describes.

5. One way to understand this the changes in regimes is by size of population. Large populations cannot be governed in the same way as small populations. For example, we like to say that today’s large populations have a role to play in determining the goals of government and of society. Foucault has not mentioned this change.

7. Taking these last points together, the question becomes why increases in wealth and power are the only goals.

Friday: The Immoral Minority

While philosopher Slavoj Žižek isn’t everybody’s cup of quirky tea, he’s got a valid point in this video.

The right-wing has abandoned its claim to be the Moral Majority.

Don’t mistake this as a validation of the Democratic Party here in the U.S.; they are only earning a majority in terms of politics, and in no small part by being the “Not GOP” party. With its leadership cozying up to war criminals, climate denialists and fossil fuel-based polluters, and general denigrators both of human rights and the public commons, they are not the Moral Majority by default.

But an unorganized left in this country rejects the right-wing’s ethical decay implicitly underpinning the Republican Party. The left rejects those values which undermine democracy — misogyny, racism and marginalization of other minorities, the ongoing subversion of individuals’ rights to promote the interests of corporations.

A true Moral Majority won’t support a social contract undermining democracy by limiting life, liberty, and happiness’ pursuit to a narrow few. It’s well past time for the broader left to coalesce into an organized entity based upon the belief that all humans are created equal and deserving a more perfect union.

Zapped by Zika

  • “ZIKA VIRUS | Days since White House funding request: 186 | Funding response from Congress: $0 | Zika cases in US and territories: 8,580” (Tweet, Dan Diamond/Politico)
  • Peter robbed to pay Paul: DHHS pulls money from other projects to fund Zika vaccine research (Reuters) — Lacking new dedicated funding from Congress, U.S. Department of Health and Human Services squeezed out $81 million and spread it into Zika vaccine research, with $34 million of that to the National Institutes of Health and $47 million to the Biomedical Advanced Research and Development Authority (BARDA). The white House had asked for $1.9 billion last fall for Zika, but that amount was pared down by 42%; Republicans then objected to any of the remaining portion going to Planned Parenthood, putting Democrats in a bind. Access to birth control is critically important to preventing Zika’s spread; access to abortion could prevent the birth of severely deformed infants who will live short, utterly miserable, and expensive lives.
  • Arthrogryposis — congenital joint defects — associated with Zika during pregnancy (The BMJ) — Dislocated and or misshaped knees, ankles, elbows, hips appeared in children born with other neurological defects found in Zika-infected fetuses. Further research is necessary to prove both the virus is causal and learn the mechanism by which the virus inflicts this damage in utero. The patients had been tested for other known causes of arthrogryposis — toxoplasmosis, cytomegalovirus, rubella, syphilis, and HIV. All were negative.
  • First infant death due to Zika reported in Texas (KHOU) — The infant’s mother traveled to El Salvador during pregnancy where it is believed she contracted the virus.
  • Zika virus case confirmed in Monroe County, Michigan (Detroit Free Press) — But the method of infection is not clear (what?!). County health and state officials are working toward mosquito surveillance.

Wheels and steals

  • Millions of vehicles made from 1995 on vulnerable to keyless-remote hacking (USENIX) — Researchers at University of Birmingham and Kasper & Oswald GmbH presented a paper at the USENIX 2016 conference, showing more than 20 years’ worth of VW Group vehicles are hackable using inexpensive Arduino-based RF transceiver technology. Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, Ford and other makes relying on the Hitag2 access security method are similarly at risk. Researchers also looked at after-market keyless entry remotes for these and other vehicles; the cars for which these worked were also vulnerable. All vehicles tested appear to be those made for the European market, but the research noted the radio frequency differences — 315 MHz band in North America and the 433 MHz or 868 MHz band in Europe — used in remotes. The paper’s research team notified VW in November 2015 of their results; NXP Semiconductor, a manufacturer of Hitag2 remote technology, was also notified. NXP had already informed customers of the vulnerability in 2012 and has already improved device security.
  • Volkswagen suppressed news about keyless remote insecurity since 2013 (Bloomberg) — The same researchers from University of Birmingham and Kasper & Oswald GmbH had originally approached NXP Semiconductor and VW with their work in 2012 and 2013, respectively. VW sued and blocked release of their work; the paper was released this past week at USENIX only “after lengthy negotiations” and the removal of a single sentence which car thieves could use to easily crack the keyless remotes. A number of suspicious automobile thefts over the years may have relied on hacking remotes; will insurance companies look into these thefts and demand recovery from VW?
  • DOE grants Ford $6M for fuel cell research (Detroit Free Press) — Existing fuel cell technology has been too expensive for successful commercialization; the grant will be used to develop cheaper technology competitive with battery and internal combustion engines.

Longread: Geopolitics
FiveBooks.com interviewed former state department official and senior fellow at the Council on Foreign Relations, Jennifer M. Harris, about geopolitics. She discusses the topic and offers five book recommendations about the same. Harris is the co-author of recently released War by Other Means: Geoeconomics and Statecraft. Given her work as U.S. National Intelligence Council staff followed by work on economics under then-Secretary of State Hillary Clinton, this interview might offer a preview to future statecraft.

Friday Jazz
It’s still Friday somewhere according to my clock. Try French performer Zaz, stage name for Isabelle Geffroy. If you like this ditty, preview more of her work on her channel on SoundCloud.

It’s been a hectic week here; next week doesn’t look any better, but I’ll aim to be here on Monday. Have a relaxing weekend!

Friday, August 12, 2016

Maybe FBI Has Lost Track of Who the Informants Are?

Here are all the informants and undercover employees listed in the criminal complaint against Erick Hendricks, who was arrested for conspiring to materially support ISIL in relation to the Garland, TX attack:

  • CHS-1: a paid informant for the last year and a half with a criminal record of fraud and forgery who has not (yet?) received sentencing benefits for his cooperation; he met with Hendricks in Baltimore.
  • CHS2: a paid informant for the last 4 years with no known criminal history; he posed as someone wanting to join ISIL.
  • CHS-3: a paid informant for the last 4 and a half years with no known criminal history; Hendricks instructed CHS-3 to assess UCE-1 for recruitment.
  • CHS-4: a paid informant for the last 4 years with no known criminal history; Hendricks provided him with jihadist propaganda on social media. He also met with Hendricks in Baltimore, at a later date.
  • UCE-1: had conversations directly with Hendricks that mirrored those Hendricks had with a cooperating witness. UCE-1 also incited and then was present for the Garland attack.

Not mentioned at all in this narrative is the role played by Joshua Goldberg, a Jewish guy who adopted many avatars online to incite all kinds of violence, including, under the name of Australi Witness, Garland. In December Goldberg was deemed incompetent to stand trial, though in June it was decided with more treatment he might become competent enough to stand trial, so they’re going to check again in four months.

So, the cell that committed the Garland attack consisted of the two now-dead perpetrators, four informants, an undercover FBI officer, a mentally ill troll, and Hendricks.

Only now, Hendricks claims he was an informant too!

Hendricks claims to have been a paid informant of the FBI since 2009 who helped the agency identify potential terrorists. Code name: “Ahkie,” a variation of the Muslim term for “brother.”

He also claims to have been an outspoken and longtime opponent of radical Islam.

“I have publicly, privately and consistently denounced Al-Qaeda, ISIS and all extremist groups,” Hendricks said in a statement that Lisa Woods says her son dictated during a Wednesday phone call from the jail.

“I am baffled as to why the FBI (is) accusing me of terrorist ties.”

[snip]

In his statement, Hendricks says the FBI first made contact with him in 2009, when as Mustafa Abu Maryam, Hendricks was the youth coordinator of the Islamic Circle of North America Center in Alexandria, Va.

[snip]

In his jail statement, Hendricks says he was recruited in 2009 by an FBI agent named David to help identify potential terrorists. In 2010, after Hendricks had moved to Columbia, he says he worked with another FBI agent named Steve. Altogether, Hendricks claims to have developed “at least a half-dozen” cases against extremists.

Has the FBI simply lost track of who are real and who are the people it is paying to play a role? Or is it possible someone from another agency, claiming to be FBI, recruited Hendricks (don’t laugh! That’s one potential explanation for Anwar al-Awlaki’s curious ties to US law enforcement, a story that wends its way through a related mosque in VA)?

Sure, maybe Hendricks is making all this up (at the very least, it may necessitate the BoP to protect him in prison since he has now publicly claimed to be a narc). But FBI’s network of informants sure is getting confusing.

 

Thursday, August 11, 2016

Until at Least 2014, NSA Was Having Troubles Preventing Back Door Searches of Upstream Searches

Back on October 3, 2011, John Bates issued a FISA opinion reflecting some new practices — including back door searches on data collected under Section 702 using US person identifiers — but also reflecting his newfound understanding of upstream searches.  In the opinion, Bates required all sorts of special treatment of upstream data, among other things, requiring the NSA to segregate “multiple communication transactions” obtained from upstream Section 702 searches and prohibiting NSA from doing back door searches on upstream data.

I raise that as important background to one of the most troubling details in the Semiannual Reports on Section 702 released some weeks ago. The March 2014 report, which covers the period from December 1, 2012 through May 31, 2013, revealed that the review process could not directly monitor one of the new practices instituted with that 2011 opinion — back door searches on US person identifiers — because that information is not kept in a centralized place.

It should be noted both that NSA’s efforts to review queries are not limited to Section 702 authorities and that, at this time, content queries are not specifically identified as containing United States person identifiers. As such, and as the Government previously represented to Congress, NSD and ODNI cannot at this time directly monitor content queries using United States person identifiers because these records are not kept in a centrally located repository. While the changes described above in NSA’s super audit process have not changed this status, NSA is exploring whether future queries using United States person identifiers could be identified and centralized. In the meantime, and in accordance with NSA’s minimization procedures, NSD and ODNI review NSA’s approval of any United States person identifiers used to query unminimized Section 702- acquired communications.

This appears to indicate that internal overseers could not audit the actual queries completed, but instead only reviewed the identifiers used to query data to make sure they were approved. Which, in turn, means the NSA’s targeting of foreigners and dissemination of reports on them got monitored more closely than NSA’s spying on Americans.

The following report — completed in October 2014 and covering the period June 1, 2013 through November 30, 2013 — reports a predictable consequence of the inability to monitor the actual queries conducted as back door searches: prohibited back door searches on upstream data.

(TS//SI//NF) The joint oversight team, however, is concerned about the increase in incidents involving improper queries using United States person identifiers, including incidents involving NSA’s querying of Section 702-acquired data in upstream data using United States Person identifiers. Specifically, although section 3(b)(5) of NSA’s Section 702 minimization procedures permits the scanning of media using United States person identifiers, this same section prohibits using United States person identifiers to query Internet communications acquired through NSA’s upstream collection techniques. NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([redacted]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.

While the actual number is redacted, the number is high enough to refer to to “many” improper searches of upstream content.

That explicit violation of the rules set by Bates in 2011 was part of a larger trend of back door search violations, including analysts not obtaining approval to query Americans’ identifiers.

(TS//SI//NF) In addition, section 3(b)(5) of NSA’s Section 702 minimization procedures requires that queries using United States person identifiers must be first be approved in accordance with NSA internal procedures. In this reporting period, [redacted] NSA was in non-compliance with this requirement, either because a prior authorization was not obtained or the authorization to query had expired. For example, in NSA Incidents [redacted] NSA analysts performed queries using United States person identifiers that had not been approved as query terms. These queries occurred for a variety of reasons, including because analysts continued queries on terms that they suspected (but had not confirmed) were used by United States persons, forgot to exclude Section 702 data from queries [redacted], or did not realize that [redacted] constitute a United States person identifier even if the analyst was seeking information on a non-United States person.

Among other things, the third redaction in this passage appears to suggest that analysts conduct back door searches on data generally, presumably including both EO 12333 and 702 obtained data, but have to affirmatively exclude Section 702 data to stay within the rules laid out in the minimization procedures.

Consider the timing of this: the reporting of “many” back door search and other US person query violations occurred in the first post-Snowden period. While the fact NSA did back door searches was knowable from the 2012 SSCI report on Section 702 renewal, it did not become general knowledge among members of Congress and the general public until Snowden leaked more explicit confirmation of it. And all of a sudden, as soon as people started complaining about back door searches and Congress considered regulating it, NSA’s overseers discovered that NSA wasn’t following an explicit prohibition on searching upstream data. One of several risks of back door searching upstream data is it may amount to searching data collected domestically, or even entirely domestic communications.

And while the details get even more redacted, it appears the problem did not go away in the following period, the December 1, 2013 through May 31, 2014 reviews reported in a June 2015 report. After a very long redaction on targeting, the report recommends NSA require analysts to state whether they believe they’re querying on a US person.

Additionally, but separately, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. Such an improvement, even if it cannot be adopted universally in all NSA systems, could help prevent instances of otherwise approved United States person query terms being used to query upstream Internet transactions, which is prohibited by the NSA minimization procedures.64

The footnote that modifies that discussion is entirely redacted.

The June 2015 report was the most recent one released, so it is unclear whether simply requiring analysts to confirm that they are querying Americans solved the improper back door searches of upstream data. But at least as of the most recently released report, the two most troubling aspects of Section 702 surveillance — the upstream searching on Internet streams and back door unwarranted searches on US person identifiers — were contributing to “many” violations of NSA’s rules.