NSA

Hayden, NSA and the Road to 9/11

This article originally appeared on Just Security on December 7, 2017
 

Retired Gen. Michael Hayden, former director of the NSA and CIA (and now, a national security analyst at CNN), has recently emerged as a leading critic of the Trump administration, but not so long ago, he was widely criticized for his role in the post-9/11 surveillance abuses. With the publication of his memoir, Playing to the Edge: American Intelligence in the Age of TerrorHayden launched his reputational rehab campaign.

Like most such memoirs by high-level Washington insiders, Hayden’s tends to be heavy on self-justification and light on genuine introspection and accountability. Also, when a memoir is written by someone who spent their professional life in the classified world of the American Intelligence Community, an additional caveat is in order: The claims made by the author are often impossible for the lay reader to verify. This is certainly the case for Playing to The Edge, an account of Hayden’s time as director of the NSA, and subsequently, the CIA.

Fortunately, with respect to at least one episode Hayden describes, litigation I initiated under the Freedom of Information Act (FOIA) has produced documentary evidence of Hayden’s role in the 9/11 intelligence failure and subsequent civil liberties violations. The consequences of Hayden’s misconduct during this time continue to be felt today. First, some background. 

What’s Missing from Apple’s Latest Lobbying Disclosure Form

MacRumors has a piece out today noting that Apple has raised its lobbying game in Washington over the last six months, spending $3.6 million on a team of lobbyists who’ve visited House and Senate offices on issues ranging from “general patent reform” to “green technology” to “issues related to implementation of Section 1502 of the Dodd-Frank Act.” What’s missing from the lobbying disclosure

#Russiagate Update: Winner Leak Implications

Megyn Kelly is probably kicking herself for not delaying her interview of Vladimir Putin. Had she waited just a few days, she could’ve brought a leaked copy of the latest NSA estimate of the timeline, motivations, and targets of alleged Russian hackers during the 2016 election cycle to her chat with Putin and asked a lot of pointed questions about it. Even though that opportunity never materialized, she and other journalists still have the chance to ask some equally important questions of American officials about this rather interesting document and the young woman responsible for sharing it with the world. What follows are some of my suggested lines of inquiry for our friends in the Fourth Estate.

The Leaker: Reality Leigh Winner

As I read The Intercept’s story, I kept asking myself one question, over and over: did this young woman learn nothing from Ed Snowden? 

This extract from the arrest warrant affidavit contains details that, if accurate, speak to a total lack of awareness of or concern for the kind of “insider threat” detection measures that now exist in most, if not all, Intelligence Community components:

Extract of arrest warrant affidavit in the case of Reality Leigh Winner

Why did Winner not use a truly secure means of contacting The Intercept? Why did she select this particular document? Why did she not contact a whistleblower advocacy organization for legal advice before even contemplating such a rash act?

The Media Outlet: The Intercept

In a statement published a short time ago, The Intercept claimed that

On June 5 The Intercept published a story about a top-secret NSA document that was provided to us completely anonymously. Shortly after the article was posted, the Justice Department announced the arrest of Reality Leigh Winner, a 25-year-old government contractor in Augusta, Georgia, for transmitting defense information under the Espionage Act. Although we have no knowledge of the identity of the person who provided us with the document, the U.S. government has told news organizations that Winner was that individual.

That statement is at odds with the search warrant affidavit quoted above, which claims that Winner was in “email contact” with the “News Outlet” (The Intercept).

Who’s telling the truth here vis a vis Winner’s alleged email contact with The Intercept–the Department of Justice or the paper? Could Winner have emailed the wrong reporter at The Intercept, and the actual story authors were in the dark that she’d contacted the paper? Did Winner’s email bounce? And why did Intercept staff share an exact copy of the purloined document with NSA officials in the first place? Why didn’t they simply read key passages of the document over the phone, or include extracts in an email to NSA officials?

Given the fact that Winner printed the document and thus left investigators a digital trace of her actions, perhaps The Intercept’s decision to share a scanned version of the document wouldn’t have mattered–but maybe it would have, and why endanger a source (annonymous or otherwise) by behaving in such an irresponsible way with the document?

The Stealth Fusion Center Data Sharing Bill

The attention of most in Congress, the media, and the privacy rights community has been focused this spring on the looming Foreign Intelligence Surveillance Amendments (FAA) Act Section 702 reauthorization fight, generally for good reasons. However, other expansions of domestic surveillance powers and data sharing are getting far less attention—and one such measure before the House today may dramatically expand the kind of information state and local law enforcement agencies can get from the federal government.

Introduced on April 26 by Rep. John Katko (R-NY), the “Improving Fusion Centers’ Access to Information Act” (HR 2169) is designed to plug any “information gaps” in state “fusion centers” by modifying the Homeland Security Act of 2002 to require DHS to

identify Federal databases and datasets, including databases and datasets used, operated, or managed by Department components, the Federal Bureau of Investigation, and the Department of the Treasury, that are appropriate, in accordance with Federal laws and policies, to address any gaps identified pursuant to paragraph (2), for inclusion in the information sharing environment and coordinate with the appropriate Federal agency to deploy or access such databases and datasets;

If the sound of this makes you feel uncomfortable, it should for several reasons—not the least of which is the last-minute decision by the Obama administration to make more raw (and thus potentially unverified or inaccurate) intelligence from the National Security Agency available to the FBI, and thus other law enforcement agencies the FBI decides need the data.

What makes Katko’s bill—which is coming to the House floor under expedited consideration via a legislative procedure known as “suspension of the rules“—even worse is that it ignores the 2012 findings of a Senate Homeland Security Committee report that found that state fusion centers were at best worthless, and at worse Bill of Rights violation factories.

In the press release on the committee report, then chairman Senator Tom Coburn (R-OK) stated, “It’s troubling that the very ‘fusion’ centers that were designed to share information in a post-9/11 world have become part of the problem. Instead of strengthening our counterterrorism efforts, they have too often wasted money and stepped on Americans’ civil liberties.”

NSA Hackers, Hacked

Screenshot of files from the Equation Group Hack

The Equation Group was like something out of a Hollywood film: A hacking team of unparalleled sophistication and skill who cracked open computer systems around the world like pistachio shells, yet escaped detection for 14 years until being noticed by the security researchers at Kaspersky Lab last year. They were also widely believed to be affiliated with the National Security Agency—most likely working with or from the NSA’s elite Tailored Access Operations unit.  Last weekend, the world learned that these hackers nonpareil had themselves apparently been hacked, when a group calling themselves the Shadow Brokers (likely a reference to the popular Mass Effect video game series) posted a cache of what they claimed were some of Equation Group’s “cyberweapons,” or computer exploitation tools, on the Web for all to see—along with an offer to sell even more valuable intrusion software they’d obtained to the highest bidder.

House Leadership Blocks Key Intelligence Reforms

The House GOP leadership’s hostility to reforming the U.S. Intelligence Community is on full display this week. The House Rules Committee (which is controlled by House Speaker John Boehner) blocked several key reform amendments to the annual Intelligence Authorization bill from even reaching the House floor for consideration.

Furious over an op-ed by Privacy and Civil Liberties Board chairman David Medine that called for an independent review of the executive branch’s “assassination-by-drone” policy, House Intelligence Committee chairman Devin Nunes (R-CA) included language in the annual Intelligence Authorization bill banning the PCLOB from examining the “covert” drone program. A bipartisan amendment (led by Rep. Jim Himes of Connecticut) that would have struck that language was barred from consideration.

Last week, the House passed a bipartisan amendment to the annual Defense Department spending bill baring the federal government from using taxpayer dollars to search the stored communications of Americans collected by NSA. That same amendment would also prevent the federal government from mandating that American tech companies build encryption-defeating “back doors” into their products. The authors of that amendment, Democrat Zoe Lofgren of California and Republican Thomas Massie of Kentucky, wanted to make those provisions permanent, but their amendment was also blocked.

Snowdenversary Gifts for Privacy Advocates

Today marks the second anniversary of The Guardian’s first blockbuster story derived from files provided by former NSA contractor Edward Snowden—launching what would become an unprecedented deluge of disclosures about the scope and scale of communications surveillance by American intelligence agencies. So it seems appropriate that this week saw not only the passage of the USA Freedom Act, but also the approval in the House of several privacy-protective appropriations amendments, about which more momentarily.  Snowden himself takes a quick victory lap in a New York Times editorial reflecting on the consequences of his disclosures, (very much in line with his remarks during our interview at the inaugural Cato Surveillance Conference):

Privately, there were moments when I worried that we might have put our privileged lives at risk for nothing — that the public would react with indifference, or practiced cynicism, to the revelations.

Never have I been so grateful to have been so wrong.

Two years on, the difference is profound. In a single month, the N.S.A.’s invasive call-tracking program was declared unlawful by the courts and disowned by Congress. After a White House-appointed oversight board investigation found that this program had not stopped a single terrorist attack, even the president who once defended its propriety and criticized its disclosure has now ordered it terminated.

He’s referring here to last month’s appellate court ruling against the notorious telephone records dragnet, followed this week by passage of the USA Freedom Act.  That law should bar bulk collection not only under §215 of the Patriot Act, the basis of the phone program, but also under §214—the “pen register” provision previously used to vacuum up international Internet metadata—and National Security Letters, which can be issued by senior FBI officials without judicial approval.  Since the latter two authorities are permanent, they would not have been affected by what quite a few lazy reporters described as “the expiration of the Patriot Act,” though in fact only about 2 percent of the law’s provisions were actually due to sunset.  While the law is far from ideal, incidentally, I think it does constitute more robust reform than many libertarians fear, for reasons I lay out in this piece at Motherboard and this blog post at Just Security.  It will, of course, be necessary to vigilantly watch for efforts to water down the law’s protection—something the public is finally at least somewhat empowered to do by a transparency provision requiring significant legal interpretations by the secret Foreign Intelligence Surveillance Court to be published in unclassfied form.

Pages

Subscribe to RSS - NSA