Tag: NSA

What’s Missing from Apple’s Latest Lobbying Disclosure Form

MacRumors has a piece out today noting that Apple has raised its lobbying game in Washington over the last six months, spending $3.6 million on a team of lobbyists who’ve visited House and Senate offices on issues ranging from “general patent reform” to “green technology” to “issues related to implementation of Section 1502 of the Dodd-Frank Act.” What’s missing from the lobbying disclosure form is any mention of federal government surveillance practices, whether it be Section 702 of the FISA Amendments Act or that nasty encryption-related battle Apple had with the FBI in the wake of the San Bernardino shooting in 2015. 

As Reuters noted earlier this month, the tech industry generally has been rather quiet about FISA reform, though members of the Reform Government Surveillance consortium (of which Apple is a member) like to point to a letter they sent to key Congressional committees earlier this year as evidence of their committment to getting NSA and the FBI to clean up their acts on domestic surveillance. But as the old saying goes, talk is cheap.

Apple, as the richest and most successful tech company in human history, certainly has the resources to make it’s lobbying campaign–or even a surveillance reform-focused PAC–far more robust and politically threatening to pro-Surveillance State House and Senate members. That it has declined to do so to date is telling. Until Apple and the other members of the RSG make it clear to House and Senate members that there will be a steep political price to pay for failing to rein in NSA and the FBI, don’t expect significant domestic surveillance reforms to make it into law.

#Russiagate Update: Winner Leak Implications

Megyn Kelly is probably kicking herself for not delaying her interview of Vladimir Putin. Had she waited just a few days, she could’ve brought a leaked copy of the latest NSA estimate of the timeline, motivations, and targets of alleged Russian hackers during the 2016 election cycle to her chat with Putin and asked a lot of pointed questions about it. Even though that opportunity never materialized, she and other journalists still have the chance to ask some equally important questions of American officials about this rather interesting document and the young woman responsible for sharing it with the world. What follows are some of my suggested lines of inquiry for our friends in the Fourth Estate.

The Leaker: Reality Leigh Winner

As I read The Intercept’s story, I kept asking myself one question, over and over: did this young woman learn nothing from Ed Snowden? 

This extract from the arrest warrant affidavit contains details that, if accurate, speak to a total lack of awareness of or concern for the kind of “insider threat” detection measures that now exist in most, if not all, Intelligence Community components:

Extract of arrest warrant affidavit in the case of Reality Leigh Winner

Why did Winner not use a truly secure means of contacting The Intercept? Why did she select this particular document? Why did she not contact a whistleblower advocacy organization for legal advice before even contemplating such a rash act?

The Media Outlet: The Intercept

In a statement published a short time ago, The Intercept claimed that

On June 5 The Intercept published a story about a top-secret NSA document that was provided to us completely anonymously. Shortly after the article was posted, the Justice Department announced the arrest of Reality Leigh Winner, a 25-year-old government contractor in Augusta, Georgia, for transmitting defense information under the Espionage Act. Although we have no knowledge of the identity of the person who provided us with the document, the U.S. government has told news organizations that Winner was that individual.

That statement is at odds with the search warrant affidavit quoted above, which claims that Winner was in “email contact” with the “News Outlet” (The Intercept).

Who’s telling the truth here vis a vis Winner’s alleged email contact with The Intercept–the Department of Justice or the paper? Could Winner have emailed the wrong reporter at The Intercept, and the actual story authors were in the dark that she’d contacted the paper? Did Winner’s email bounce? And why did Intercept staff share an exact copy of the purloined document with NSA officials in the first place? Why didn’t they simply read key passages of the document over the phone, or include extracts in an email to NSA officials?

Given the fact that Winner printed the document and thus left investigators a digital trace of her actions, perhaps The Intercept’s decision to share a scanned version of the document wouldn’t have mattered–but maybe it would have, and why endanger a source (annonymous or otherwise) by behaving in such an irresponsible way with the document?

The Stealth Fusion Center Data Sharing Bill

The attention of most in Congress, the media, and the privacy rights community has been focused this spring on the looming Foreign Intelligence Surveillance Amendments (FAA) Act Section 702 reauthorization fight, generally for good reasons. However, other expansions of domestic surveillance powers and data sharing are getting far less attention—and one such measure before the House today may dramatically expand the kind of information state and local law enforcement agencies can get from the federal government.

Introduced on April 26 by Rep. John Katko (R-NY), the “Improving Fusion Centers’ Access to Information Act” (HR 2169) is designed to plug any “information gaps” in state “fusion centers” by modifying the Homeland Security Act of 2002 to require DHS to

identify Federal databases and datasets, including databases and datasets used, operated, or managed by Department components, the Federal Bureau of Investigation, and the Department of the Treasury, that are appropriate, in accordance with Federal laws and policies, to address any gaps identified pursuant to paragraph (2), for inclusion in the information sharing environment and coordinate with the appropriate Federal agency to deploy or access such databases and datasets;

If the sound of this makes you feel uncomfortable, it should for several reasons—not the least of which is the last-minute decision by the Obama administration to make more raw (and thus potentially unverified or inaccurate) intelligence from the National Security Agency available to the FBI, and thus other law enforcement agencies the FBI decides need the data.

What makes Katko’s bill—which is coming to the House floor under expedited consideration via a legislative procedure known as “suspension of the rules“—even worse is that it ignores the 2012 findings of a Senate Homeland Security Committee report that found that state fusion centers were at best worthless, and at worse Bill of Rights violation factories.

In the press release on the committee report, then chairman Senator Tom Coburn (R-OK) stated, “It’s troubling that the very ‘fusion’ centers that were designed to share information in a post-9/11 world have become part of the problem. Instead of strengthening our counterterrorism efforts, they have too often wasted money and stepped on Americans’ civil liberties.”

NSA Hackers, Hacked

Screenshot of files from the Equation Group Hack

The Equation Group was like something out of a Hollywood film: A hacking team of unparalleled sophistication and skill who cracked open computer systems around the world like pistachio shells, yet escaped detection for 14 years until being noticed by the security researchers at Kaspersky Lab last year. They were also widely believed to be affiliated with the National Security Agency—most likely working with or from the NSA’s elite Tailored Access Operations unit.  Last weekend, the world learned that these hackers nonpareil had themselves apparently been hacked, when a group calling themselves the Shadow Brokers (likely a reference to the popular Mass Effect video game series) posted a cache of what they claimed were some of Equation Group’s “cyberweapons,” or computer exploitation tools, on the Web for all to see—along with an offer to sell even more valuable intrusion software they’d obtained to the highest bidder.

IntelExit.org: Encouraging More Snowdens

If WIRED magazine was looking to get the attention of the heads of American and British intelligence agencies, it has a story today that is sure to do the trick.

The magazine’s Andy Greenberg has a major piece about a new non-profit organization dedicated to encouraging morally troubled intelligence officers to resign and go public with any allegations or information they have that prove waste, fraud, abuse or criminal conduct at NSA or it’s UK equivalent, GCHQ. Known as IntelExit.org, the organization has a professionally produced “resignation pitch” video featuring nationally-known security researcher and author Bruce Schneier and former NSA senior executive-turned-whistleblower Thomas Drake. The website of the Berlin-based organization provides a resignation letter generator, an FAQ on how and why to leave the intelligence business, and advice on how to use secure messaging means like Tor and PGP to communicate with IntelExit.org staff. 

The launch of IntelExit.org comes just over a year after the Institute for Public Accuracy, in conjunction with the Freedom of the Press Foundation, launched ExposeFacts.org, a journalism project designed to encourage whistleblowers to use the SecureDrop system to submit classified or otherwise sensitive or embarrassing government documents for review and possible publication by established media outlets. ExposeFacts.org advisory board includes former Pentagon Papers whistleblower Daniel Ellsberg, former Associated Press journalist Robert Parry, and former State Department official Matthew Hoh, among dozens of others.

I have written previously about the rise of a “digital resistance movement” to the kinds of government mass surveillance programs exposed by Edward Snowden over two years ago. In the immediate wake of Snowden’s revelations, a number of public interests groups and civil liberties advocates renewed their calls for the public to adopt personal encryption technology to help shield themselves from warrantless, mass electronic surveillance by NSA. The establishment of ExposeFacts.org and IntelExit.org are a clear sign that opponents of mass surveillance are taking the conflict with the American and UK governments on this issue to a new level. Only time will tell whether those behind IntelExit.org will succeed in motivating a current intelligence officer to become the next Edward Snowden.

Should NSA Be Immune from Constitutional Scrutiny?

Today the Court of Appeals for the DC Circuit issued a ruling in NSA v. Klayman that has almost no practical effect, but is a potent illustration of how excessive secrecy and stringent standing requirements effectively immunize intelligence programs from meaningful, adversarial constitutional review.

Contrary to some breathless headlines, today’s opinion does not “uphold” the NSA’s illicit bulk collection of telephone records—which, thanks to the recent passage of the USA Freedom Act, must end by November in any event. Rather, the court overturned an injunction that only ever applied specifically to the phone records of the plaintiffs. And they did so, not because the judges found the program substantially lawful, but because the plaintiff could not specifically prove that his telephone records had been swept into the database, even though the ultimate aim of the program was to collect nearly all such records.

Together with other similar thwarted challenges to mass government surveillance—most notably the Supreme Court case Clapper v. Amnesty International—the decision sends the disturbing signal that mass scale surveillance of millions of innocent people by our intelligence agencies is, for all practical purposes, immune from meaningful constitutional scrutiny. Even when we know about a mass surveillance program, as in the case of NSA’s bulk telephony program, stringent standing rules raise an impossibly high barrier to legal challenges. Perversely, the only people with a realistic chance of challenging such programs in court are actual terrorists who the government chooses to prosecute. The vast, innocent majority of people affected by bulk surveillance—those with the strongest claim that their rights have been violated—are effectively barred from ever having those rights vindicated in court.

Given the routine refusal of courts to step in to protect our Fourth Amendment rights, it is fortunate that Congress has already acted to bring this intrusive and ineffective program to a halt.

House Leadership Blocks Key Intelligence Reforms

The House GOP leadership’s hostility to reforming the U.S. Intelligence Community is on full display this week. The House Rules Committee (which is controlled by House Speaker John Boehner) blocked several key reform amendments to the annual Intelligence Authorization bill from even reaching the House floor for consideration.

Furious over an op-ed by Privacy and Civil Liberties Board chairman David Medine that called for an independent review of the executive branch’s “assassination-by-drone” policy, House Intelligence Committee chairman Devin Nunes (R-CA) included language in the annual Intelligence Authorization bill banning the PCLOB from examining the “covert” drone program. A bipartisan amendment (led by Rep. Jim Himes of Connecticut) that would have struck that language was barred from consideration.

Last week, the House passed a bipartisan amendment to the annual Defense Department spending bill baring the federal government from using taxpayer dollars to search the stored communications of Americans collected by NSA. That same amendment would also prevent the federal government from mandating that American tech companies build encryption-defeating “back doors” into their products. The authors of that amendment, Democrat Zoe Lofgren of California and Republican Thomas Massie of Kentucky, wanted to make those provisions permanent, but their amendment was also blocked.

Pages