The Faulty Google Search That Set Off A Constitutional Crisis

from the code-is-law dept

We already wrote about Jason Leopold "accidentally" receiving a letter the CIA never actually sent that was an apology for spying on Senate staffers, but there was a lot more that Leopold received in that FOIA dump as well. Beyond the document Leopold wasn't supposed to receive, the 300 pages handed over by the CIA (not by its voluntary desire to respect FOIA stipulations, but rather because a judge told it to) provide additional details about the alleged Senate breach and its "investigative" spying -- and the ensuing fight that set off something of a Constitutional crisis in the separation of powers between the executive branch and the legislative branch.

Leopold's article goes into great depth on the subject and is well-worth reading in its entirety. One of the many, many details worth noting is that the CIA's "firewall" between it and Senate staffers wasn't really anything of the sort. A Google-powered custom search function allowed staffers to search CIA documents, but only the documents the CIA wanted them to see. The problem was that the search didn't work correctly. Keyword searches were returning documents the CIA hadn't approved for Senate perusal. This was how the hidden Panetta Report was discovered.

The CIA claimed Senate staffers had abused their privileges by accessing and downloading documents the agency hadn't meant to make available. But the blame was misplaced. The search "appliance" configuration itself was faulty, and had been for years. And, from there, the CIA decided it was okay to spy on the Senate staffers' work, raising questions about the separation of powers.
"In November 2012, the RDI team learned of a vulnerability with the Google appliance, related to configuration settings that had been in place since the initial installation in November 2009," the OIG's report says. "[The Office of Inspector General] reviewed an April 2013 email between members of the RDINet IT staff detailing the existing settings, which indicated an access control deficiency for search results. The RDI IT team updated the Google appliance in April 2013 to reflect this change. Prior to this update, the settings provided to the [Office of Inspector General] showed that the Google appliance was not configured to enforce access rights or search permissions within RDINet and its holdings."

Weaver explained that the Cyber Blue Team concluded the Google appliance "wasn't enforcing permissions properly, and revealing accessible locations for the [CIA] files."
A problem the CIA was aware of but had never bothered to fix was now being portrayed as a breach of trust (at best) by the Senate staffers compiling the Torture Report. Brennan knew about the misconfigured search tool but still went after Feinstein and Senate staffers, accusing them of "hacking" the CIA's system and making off with a purloined copy of the Panetta Review.

Considering the Panetta Review was the former CIA director's own investigation into the CIA's torture programs, one would assume these documents would be highly relevant to the task at hand -- the compilation of the torture report. But the findings contained in it were so toxic the CIA immediately began burying the documents using every opaque agency's favorite hiding place: the oft-abused "deliberative documents" exemption.
US officials told VICE News that the Panetta Review was shut down for one reason: the CIA team conducting it discovered damning inconsistencies in reports agency officials made to Congress about the efficacy of the program, and horrific details about the way detainees were treated. These revelations by the CIA's own employees contradicted agency officials who had continued to publicly defend the program's value. The internal reports the Panetta Review team wrote, US officials told VICE News, were so troubling that a decision was made by agency lawyers to mark them as "deliberative" draft documents, thereby protecting them from disclosure via FOIA.
Leopold's article is a fascinating study of CIA deception, duplicity and retaliatory abuse. The only way the CIA could have made the aftermath of the Torture Report's release worse was to do all the things it actually did. It made false accusations against a Senate oversight committee. It made blatantly false claims about Senate staff and their "hacking." It stabbed its own Inspector General in the back, publicly impugning him and his findings. It performed an "internal investigation" that managed to "uncover" only the wrongdoing of others. The only act of contrition in this whole debacle went unperformed when CIA head John Brennan chose to toss his apology to the Senate in the nearest file cabinet. The CIA may have had a chance to salvage a small part of its reputation, but instead attempted to bluster its way back to respectability. And, in doing so, lost any respect it had remaining.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cia, configuration, constitutional crisis, dianne feinstein, google search, jason leopold, john brennan, senate, spying


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Chris Brand, 13 Aug 2015 @ 12:57pm

    Hacking

    Well, bear in mind that government agencies define "hacking" as "any access we don't like" regardless of whether the system is configured to allow it or not (e.g. Aaron Swartz, Lori Drew, David Nosal).

    link to this | view in thread ]

  2. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 13 Aug 2015 @ 1:01pm

    "A Google-powered custom search function allowed staffers to search CIA documents, but only the documents the CIA wanted them to see."

    Hey, news for you: Google only lets YOU see what it wants! That hidden censoring is the most insidious part of the SPY AGENCY.

    That most interesting fact is slipped in as if incidental!

    You KNOW that Google tailors and targets advertisements just for you, well, it also picks news stories according to "algorithm" to keep you in your own happy little ideological bubble with no counter-facts. (Some academic termed it "propaganda bubble"?)

    Now, here's the goal of your "friend" Google, which is actually a globalist corporation, as the number one search engine: You'll soon never be able to find anything but The Official Story. It's the Ministry Of Truth's dynamic memory-hole, suppressing all counter-evidence ("BB speech chocolate ration malquoted, rectify"), while at same time those with clearance can see figures that they'll like more! BUT NEITHER necessarily the truth! There is no longer such a thing as "the truth", it'll be exactly as in Orwell's "1984", the most hideous aspect of the novel if you made it that far: you're to say whatever The Party wants you to say.

    This is the start of that. There's Google right at center of the CIA, the essential component to shaping views.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 13 Aug 2015 @ 1:11pm

    Re: "A Google-powered custom search function allowed staffers to search CIA documents, but only the documents the CIA wanted them to see."

    I have a feeling you don't quite understand this. Would you prefer Autonomy?

    link to this | view in thread ]

  4. identicon
    That One Other Not So Random Guy, 13 Aug 2015 @ 1:37pm

    Re: "A Google-powered custom search function allowed staffers to search CIA documents, but only the documents the CIA wanted them to see."

    Go play in traffic boB.

    link to this | view in thread ]

  5. identicon
    Anonymous Anonymous Coward, 13 Aug 2015 @ 2:01pm

    Correcting a Constitutional Crisis

    To whom should we turn? Congress seems to have given up, the Executive agreed, and The Courts won't even let anyone have standing.

    I know, lets call in the Military Industrial Espionage Complex. They seem to have all the power anyway.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 13 Aug 2015 @ 2:05pm

    And so it is demonstrated once again, that oversight does not exist. Agencies, not just the CIA, would rather scream criminal and hurl charges than they are in cleaning up their own house to abide by laws and rules.

    Do you still believe that Clapper's perjury was accident in the light of these findings?

    link to this | view in thread ]

  7. identicon
    Capt ICE Enforcer, 13 Aug 2015 @ 2:33pm

    Jobless

    Why haven't individuals been fired and thrown in jail over this?

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 13 Aug 2015 @ 3:00pm

    "Google Custom Search"

    I've seen this on various websites. That custom search is supposed to only search the website it's on. You're supposed to toggle an option if you want that search to go out onto the whole web. Guess what: it doesn't always work that way; sometimes you get a search of the entire web when you only wanted that one site searched. And sometimes when it does do only the site you get "sponsored links". I've learned to avoid those custom search buttons unless I absolutely have to use it.

    link to this | view in thread ]

  9. identicon
    PRMan, 13 Aug 2015 @ 3:22pm

    Re: "A Google-powered custom search function allowed staffers to search CIA documents, but only the documents the CIA wanted them to see."

    I don't know. I've been able to find stuff about creationism on there (that's pretty obscure and unpopular), giants, aliens, illuminati stuff, conspiracy theories galore.

    I'm not sure what "truth" you think is missing from Google, but I haven't been made aware of it by anyone who says it's missing, and I've researched some pretty obscure topics.

    link to this | view in thread ]

  10. icon
    Wyrm (profile), 13 Aug 2015 @ 4:18pm

    Respect

    "And, in doing so, lost any respect it had remaining."

    No problem, they will request a law stating that respect is due. It seems to work so well with judges and cops.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 13 Aug 2015 @ 8:04pm

    Re:

    Your tinfoil hat is screwed on a bit tight.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 13 Aug 2015 @ 9:18pm

    Computer Fraud and Abuse Act

    According to the CFAA they did actually commit a crime by exceeding authorized access. It's a stupid law, but it does apply here.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 14 Aug 2015 @ 12:33am

    I'm confused about this Google Search 'appliance' the CIA is using. Did the CIA contract Google to deploy customized, private search software inside their LAN network? Then CIA employees somehow managed to misconfigure the search software settings causing to to leak all sorts of classified information?

    Sounds about right, but I just want to make sure I'm understanding what happened.

    link to this | view in thread ]

  14. icon
    Ninja (profile), 14 Aug 2015 @ 4:20am

    And, in doing so, lost any respect it had remaining.

    It had any?

    link to this | view in thread ]

  15. icon
    Get off my cyber-lawn! (profile), 14 Aug 2015 @ 12:11pm

    Let me get this straight...

    the agency we pay to SPY on the world SPIED on Congress and then lied about it. The same agency that has been SPYING on US citizens and lying about it.

    I'm astonished!

    link to this | view in thread ]

  16. identicon
    GEMont, 14 Aug 2015 @ 2:52pm

    Do as I say, not as I do.

    Odd how any the members of any civilian agency/business caught doing these very same criminal activities - cover-up, false accusation, hiding evidence, lying to federal officials, etc., would definitely be considered as criminals and these acts would in and of themselves likely incur criminal charges above and beyond the charges for the crimes being covered up.

    When the Federal Snoop and Scoop Agency does these things, its just business as usual and incurs not even a raised eyebrow from the so-called Justice Department, let alone a symbolic wrist slapping of those employees blatantly interfering with the investigation.

    Two Tiered Justice is alive and well in America today.
    One massive set of laws for the Public, and a single law for the Elite: The Donot Law; "Do Not Get Caught and if you do, Admit Nothing Ever.".

    ---

    link to this | view in thread ]

  17. identicon
    GEMont, 14 Aug 2015 @ 5:32pm

    Re: Jobless

    Because the post 9/11 War Measures Constitution states that these agencies are no longer answerable to American Law for the duration of the wars, and that any acts they perform, "in the furtherance of their duty", are all consequence-free acts.

    Remember, you're government is "at war" with Druggies and Terrories and so all federal agents and military forces are only answerable to war time laws, which are of course totally secret laws that the public cannot know because Druggies and Terrories might indeed be members of the public.

    ---

    link to this | view in thread ]

  18. icon
    Bergman (profile), 17 Aug 2015 @ 1:04am

    Re: Hacking

    It's especially bizarre when you consider that when using any search engine -- particularly a secured one -- you make a request for files and then receive only those files that the server gives you permission to receive.

    Or put another way, it's not unauthorized access if you asked nicely and were given authorization.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.