Topic: Telecom, Internet & Information Policy

Trump’s Wiretap Dance

I’ve already explained, in a post over at Just Security, some of the law and background surrounding what we know about Donald Trump’s incendiary claim that his predecessor wiretapped his phones at Trump Tower during the presidential campaign, and I’d suggest reading that if you want to delve into some of the wonky details, but I thought it might be worth a separate point to pull out some of the critical points and remark on how the story has evolved since Saturday.

  • There’s no basis on the public record to support the allegation that phones at Trump Tower were wiretapped, or that the Trump campaign was targeted for electronic surveillance, let alone on the orders of Barack Obama. Former Director of National Intelligence James Clapper has publicly denied it, and FBI Director James Comey has reportedly been pressing for a disavowal from the Justice Department. This appears to be something Trump concocted on the basis of (deep breath now) his own misreading of a misleading Breitbart News article based on a talk radio host’s summary of months-old reports in the British press. Those news stories—which conspicuously haven’t been reported out by the deeply-sourced intelligence journalists at U.S. outlets, and so should be taken with a grain of salt—concern some sort of order, purportedly sought by the FBI from the Foreign Intelligence Surveillance Court, targeting Russian banks in order to follow up intelligence leads concerning possible transfers of funds from Russia to Trump aides. If the reports are true, that’s vastly different from what Trump alleged, and not obviously improper on its face, though when intelligence surveillance intersects domestic politics, even indirectly, there’s always an elevated risk of abuse.
  • The White House has been dodging and weaving a bit in its public statements following Trump’s allegations on Twitter. Initially, aides told multiple reporters that they thought the president had been reacting to the Breitbart piece, which was circulated internally on Friday. But, as I explain in more detail in my Just Security post, the sources drawn on for the Breitbart piece don’t actually support Trump’s claims. More recently, spokeswoman Kellyanne Conway insinuated that Trump may have some other classified basis for his accusations. She’s called on the FBI to release more information, while other White House officials have suggested it should fall to Congress to investigate. This is all, to put it mildly, grossly irresponsible. If the president has classified information about improper surveillance of his campaign, he is empowered to declassify it. If he’s not sure whether to believe what he reads on the Internet, the head of the executive branch is not limited to relying on Breitbart News to learn about the activities of his own intelligence community. But it should be wholly unacceptable for Trump to level serious accusations of criminal abuse of intelligence authorities by his predecessor,  then punt to Congress when pressed to produce evidence.  

War of the Worst Case Scenarios

A few nightmare scenarios haunt the dreams of civil libertarians—scenes drawn from our long and ignominious history of intelligence abuses.   One—call it the Nixon scenario—is that the machinery of the security state will fall into the hands of an autocratic executive, disdainful of the rule of law, who equates “national security” with the security of his own grip on political authority, who is all too willing to turn powers meant to protect us from foreign adversaries against his domestic political opponents, and who lacks any qualms about quashing inquiries into his own illegal conduct or that of his allies.  Another—call it the Hoover scenario—is that the intelligence agencies anxious to protect their own powers and prerogatives will themselves slip the leash, using their command of embarrassing secrets to intimidate (and in extreme cases perhaps even select) their own nominal masters.  As the American surveillance state has ballooned over the past 15 years, we’ve often invoked those scenarios to argue out that the slippery slope from a reasonable-sounding security measure a tool of anti-democratic repression is disquietingly short and well-oiled. You may trust that some new authority will only be used to monitor terrorists today, but under a more authoritarian administration, might it be used to suppress dissent—as when civil rights and anti-war activists became the targets of the FBI’s notorious COINTELPRO?  You may be reassured by all the rigid rules and layers of oversight designed to keep the Intelligence Community accountable, but will those mechanisms function if the intelligence agencies decide to use their broad powers to cow their own overseers?

We are now, it seems, watching both scenarios play out simultaneously.  Perhaps surprisingly, however, they’re playing out in opposition to each other—for the moment. Whatever the outcome of that conflict, it seems unlikely to bode well for American liberal democracy.

On the one hand we have Donald Trump, whose thin-skinned vindictiveness and contempt for judicial checks on his whims are on daily display, and who during his presidential campaign revealed a disturbing instinct for lashing out at political opponents with threats to disclose embarrassing personal information. (Recall his tweets promising to “spill the beans” on Heidi Cruz, wife of primary opponent Ted, or his warning that the Ricketts family, which funded ads opposing him, had “better be careful” because they “have a lot to hide”.) As a private citizen, Trump treated the legal system as a tool to harass people who wrote unflattering things about him; as a candidate, he thought nothing of offhandedly suggesting he could use the power of the Justice Department to jail his opponent. Even before taking the Oval Office, then, Trump had provided civil libertarians and intelligence community insiders with a rare point of consensus: Both feared that with control of both the intelligence agencies and the institutional checks on those agencies within the executive branch, Trump would fuse a disposition to abuse power with an institutionally unique ability to get away with it.  On the flip side, Trump’s dismissive attitude toward the intelligence consensus that Russia had intervened to aid him in the election; his frankly bizarre, fawning posture toward Russia’s strongman leader; and his insistence on defying decades of political norms to shield his finances from public scrutiny signaled that inquiries into illicit conduct by himself or his allies and associates would be likely to wither on the vine once Trump loyalists had been installed at the heads of law enforcement agencies. As Nixon scenarios go, to steal a turn of phrase from my colleague Gene Healy, Trump is a civil libertarian’s grimmest thought experiment come to life.

Trump’s Android: Time for a Damage Assessment?

A New York Times report that Donald Trump continues to carry his ancient and insecure Android phone—despite having received a new Secret Service-approved secure device on Inauguration Day—has prompted a flurry of reports on the cybersecurity “risks” this entails.  But “risk”—the connotations of which are both future-oriented and hypothetical—seems like the wrong word here.  We should be asking how many foreign intelligence services have had access to the phone, for how long, and what sensitive information they’ve already gleaned from it.

Because let’s be clear: An American president’s personal smartphone may be a holy grail for foreign spies, but a phone belonging to a president-elect, or even a credible candidate, would be an extremely juicy target too.  It’s almost inconceivable it would not have been attacked already.  And given the laughable level of security provided by a phone that last saw an update in 2015, any serious effort to compromise it by a state-level adversary would likely have succeeded. The safe assumption that NSA’s overseas counterparts have a similar array of “implant” tools would mean that Trump’s movements could have been tracked, any credentials stored on the phone exfiltrated, and any conversation held in the same room as the phone, recorded.  

If the White House has been following the most basic protocols, we can at least expect Trump’s Android hasn’t been allowed into the Secure Compartmentalized Information Facilities where classified briefings are held, but even so, that’s a rich trove of intelligence on Trump’s strategic intentions and mindset, and may well include sensitive personal information that could be used for leverage.  So, by all means, he ought to ditch the phone immediately—but instead of tossing it in the trash, he ought to hand it off to NSA’s technical division for a thorough look, assuming they haven’t already had one.  It will be too late to undo the damage, but perhaps not too late to mitigate the consequences if the Intelligence Community can start piecing together what the adversaries would have obtained and how they’re likely to use it. 

The Chilling Effect of the Government’s Subpar Subpoenas

Here we go again. History repeats itself with classified-ad website Backpage.com’s announcement yesterday that it’s shuttering its “adult” section after years of unrelenting pressure from public officials at all levels of government. 

Most recently, the Senate’s Permanent Subcommittee on Investigations (PSI) hauled several Backpage.com officials before it for a public shaming without bothering to wait for a ruling on the legality of its “investigation.” In California, just before Christmas then-attorney general (now U.S. Senator) Kamala Harris refiled criminal charges against Backpage’s CEO and its former owners in the face of a December 9 ruling throwing her initial charges out.

These tactics represent a marked escalation since September 2010, when Craigslist caved in to pressure from a group of 17 state attorneys general and shut down its “adult advertisements” section. As a federal court had already ruled at that time—and numerous courts have held since—the government cannot assume that ads that mention sex are advertising illegal transactions, much less coercive sex-trafficking. Laws censoring such websites have been roundly and repeatedly held to violate the First Amendment.

But the law is one thing, and less-direct pressure tactics are quite another. It’s harder to hold government accountable when it tries to hide what it’s up to with public letters, demands, and investigations, even if meritless.

Power Arrangements in Identity Systems

Since the launch of the Sovrin Foundation, Phil Windley has been blogging a lot (no, reallya lot and more, more, more, more, and more) about how self-sovereign identity works and can be used. His most interesting and accessible post for a liberty-minded identity-layperson might be “On Sovereignty,” in which he briefly lays out what it means to have a “self-sovereign” identity.

Sovereignty over your identity doesn’t mean having complete control over information about yourself, but it puts you in a peer relationship with others, including the larger organizations we deal with, such as governments. “The beauty of sovereignty,” Phil emphasizes, is the “balance of power that leads to negotiations about the nature of the relationships between various entities in the system.” I want to expand on this notion that there are power arrangements in identity systems.

In a centralized identity system, the identity provider (such as your Department of Motor Vehicles) determines whether you can assert information and what you can assert. Centralized systems also often share information about you, or facilitate such sharing, whether you want them to or not. Implementation of the REAL ID Act would essentially move these powers from state governments to the U.S. Department of Homeland Security.

A self-sovereign identity system, on the other hand, gives you power to assert information about yourself, which others may accept or reject. It also better positions you to decline to share information about yourself. Those powers are important.

“Power” is an elusive concept. We’re more familiar with talking about power in terms of political and legal arrangements, such as how the Constitution gives certain powers to the U.S. federal government or denies all U.S. governments other powers. But absent these rules, “pre-political” power is simply the ability to do something or act in a particular way, or the capacity to direct or influence the behavior of others or the course of events. Power comes down to what resources you can bring to bear in going after what you want.

Ask Not What Technology Leaders Can Do for You, Mr. Trump, But What the DATA Act Can Do for Them

According to a New York Times report on President-Elect Donald Trump’s meeting with technology leaders last week, Mr. Trump asked the executives “to see if they could not apply data analysis technology to detect and help get rid of government waste.”

They can not. The existence of data that would permit them to do so will be dictated by the Trump administration’s approach to implementing the DATA Act.

The DATA Act requires the federal government to transform all spending information into open data. If the federal government follows through on publishing spending data in open formats—which is very much an open question—technology companies old and new will be able to work the kind of magic they have in other fields.

There is not an algorithm, of course, to separate wasteful spending from useful. These are value judgments made by humans. But while the data underlying these judgments is held by insiders, their preferences for lush spending will be satisfied. Average Americans seeing multiplicitous government programs and bloated government contracts perceive that as waste.

Nothing specific that I’m aware of suggests any Trump administration policy yet with respect to the DATA Act, but the selection of Rep. Mick Mulvaney (R-SC) to head the Office of Management and Budget may bode well. OMB has been a drag on government spending transparency, and Mulvaney is the type to do away with business as usual. The DATA Act would do for the whole government what he sought from National Credit Union Administration in recent legislation: line-by-line budget transparency.

When the time comes to formulate policy on spending transparency, ask not what technology leaders can do for you, Mr. Trump, but what the DATA Act can do for them.

The IRS Believes All Bitcoin Users are Tax Cheats

The Internal Revenue Service has filed a “John Doe” summons seeking to require U.S. Bitcoin exchange Coinbase to turn over records about every transaction of every user from 2013 to 2015. That demand is shocking in sweep, and it includes: “complete user profile, history of changes to user profile from account inception, complete user preferences, complete user security settings and history (including confirmed devices and account activity), complete user payment methods, and any other information related to the funding sources for the account/wallet/vault, regardless of date.” And every single transaction:

All records of account/wallet/vault activity including transaction logs or other records identifying the date, amount, and type of transaction (purchase/sale/exchange), the post transaction balance, the names or other identifiers of counterparties to the transaction; requests or instructions to send or receive bitcoin; and, where counterparties transact through their own Coinbase accounts/wallets/vaults, all available information identifying the users of such accounts and their contact information.

The demand is not limited to owners of large amounts of Bitcoin or to those who have transacted in large amounts. Everything about everyone.

Pages