Newly Leaked NSA Slides On PRISM Add To Confusion, Rather Than Clear It Up

from the hmmm dept

Over the weekend there were two "big" new leaks from the documents that Ed Snowden took. The first, about US spying on EU embassies we already covered. The second one seemed bigger, but it also might have just made things murkier. It involves the Washington Post releasing four more slides about the PRISM program from that original slide deck that already had 5 of its 41 slides revealed in previous leaks. These slides show a lot more details about PRISM. What's amazing is that I've seen people claiming completely contrary things in looking over these slides: some are insisting it shows that the companies who are "members" of PRISM don't -- as was originally reported -- open up their servers to the NSA. Others insist that the slides actually support that original reporting and show that the companies are lying.

First up, here are the slides (sorry visitors from the Defense Department):





Things break down when people start to analyze these slides. A few news sources have zeroed in on the claim on that last slide that there are 117,675 "records" in PRISM as of April 5th. But, there's some disagreement about what the hell that means. The Washington Post says that these are "active surveillance targets" but it's unclear how they know that. It's possible that there's other, as yet unrevealed info that would support that, but even then there's confusion. How "active" is active? And, what constitutes a "record" anyway? No one seems to be providing any answers.

Another thing that's not entirely clear: the Washington Post annotations claim that the "FBI DITU," the "Data Intercept Technology Unit" (DITU), is on the premises of the companies listed as a part of PRISM -- but all of the companies have pretty strenuously denied this. And, honestly, from the slides, it's not at all clear that the DITU really is on-premises. Google has said in the past that when it receives a valid FISA court order under the associated program, it uses secure FTP to ship the info to the government. From that, it seems like the "DITU" could just be a government computer somewhere, not on the premises of these companies, and info is uploaded to those servers following valid FISC orders.

Others have focused in on the claims of "real-time surveillance," implying the ability to watch actual key strokes, but the slide in question (the third one above) suggests something slightly different: which is real time notifications for certain trigger events, such as logging into email or sending a message. Now, it does note that other forms of communication are available through the program, but it's not at all clear that's "real time." It's also not at all clear if the "real time" notifications apply to all companies in the program. It's entirely possible that a FISC order might require these companies to let the FBI/NSA know whenever a certain target logged into their email or chat. There are certainly some questions raised there about the appropriateness of that type of program, but it's not clear how much "real time" info is actually being sent.

It's entirely possible that the Washington Post's interpretation of these slides is accurate. It's also entirely possible that the other slides, or additional reporting from WaPo reporters allows them to have more knowledge on these things, and it could be true that the companies in questions are not being fully truthful. However, especially given how it appears that the WaPo's original reporting on PRISM was fairly sloppy, it seems worth reserving judgment until more information comes out.

Of course, if (as the NSA insists) this program is nothing more than these companies responding to valid FISC orders, I don't see why the NSA itself can't be a hell of a lot more transparent about these programs. If there's real oversight over these programs and they're really only used against actual threats (stop laughing...), then nothing revealed so far seems like it should be secret. It just shows how the system works for delivering the information that is legally required. The fact that there's so much secrecy over the program suggests either a stupid overclassification insistence by the NSA, or that there's a hell of a lot beyond this that they don't want to talk about (such as revealing that the program isn't what they claim). That seems like the most likely situation given what's been revealed so far.

Filed Under: ditu, fbi, leaks, nsa, nsa surveillance, prism, washington post

Latest Leak Showing US Spying On EU Embassies Not That Surprising

from the is-this-a-surprise dept

Over the weekend there were a few more "Snowden" leaks released, starting off with evidence that the US intelligence community (possibly involving the NSA, CIA and FBI) had been bugging a whole bunch of EU officials, including in their US embassies, but also in Europe as well. There is the reasonable and expected outrage from EU officials who really don't like the idea that their own allies are spying on all their calls, emails, faxes, etc. I can see how this may be quite awkward from a diplomatic standpoint, but of the various leaks to date, this one seems the least interesting. This kind of thing is exactly what intelligence agencies do. They spy on each other's government officials. Bugging embassies is a tradition that goes back quite a few decades. I'd actually be more surprised if we found out that the US wasn't bugging those communications.

Of course, that doesn't make things comfortable for the US, who will now certainly have to explain itself to a large number of allies.

The eavesdropping on the EU delegation to the US, on K Street in Washington, involved three different operations targeted on the embassy's 90 staff. Two were electronic implants and one involved the use of antennas to collect transmissions.

[....] The operation against the French mission to the UN had the covername "Blackfoot" and the one against its embassy in Washington was "Wabash". The Italian embassy in Washington was known to the NSA as both "Bruneau" and "Hemlock".

The eavesdropping of the Greek UN mission was known as "Powell" and the operation against its embassy was referred to as "Klondyke".

This kind of stuff just confirms more typical intelligence agency activities. The original leaks about surveillance specifically on the public remains a much bigger concern, though I do wonder if revealing spying on allies may lead to some chillier reactions to various agreements like the upcoming TAFTA negotiations.

Filed Under: allies, cia, diplomatic problems, ed snowden, espionage, eu embassies, leaks, nsa, nsa surveillance, surveillance

CIA Memo On Stopping Leaks To Reporters Is Promptly Leaked To Reporters

from the let's-go-back-to-step-one dept

Sometimes these kinds of stories write themselves. With all of the leaks coming out of the NSA lately, the CIA, complete with new director John Brennan, has announced a program to stop leaks to reporters from within the CIA. And, wouldn't you know it, the program was almost immediately leaked to the Associated Press:

In a memo to the CIA workforce this week, Brennan says the "Honor the Oath," campaign is intended to "reinforce our corporate culture of secrecy" through education and training. The Associated Press obtained the memo Wednesday, marked unclassified and for official use only.

Brennan writes that the campaign stems from a review of CIA security launched last summer by former director David Petraeus, following what Brennan calls "several high-profile anonymous leaks and publications by former senior officers."

I have this picture of John Brennan doing a facepalm upon seeing this, and starting his next memo: "Let's return to step one..."

Filed Under: cia, john brennan, journalism, leaks, memo

Ecuador Using Copyright To Try To Take Down Leaked Documents About Its Surveillance Practices

from the copyright-as-censorship dept

While Ecuador has received plenty of attention for granting asylum to Julian Assange and being one possible landing place for Ed Snowden, it's no secret that the country is not exactly known as a bastion of civil liberties protection. In fact, last year, just as it was granting Julian Assange asylum, there were reports coming out about highly questionable activities by the Ecuador government in extraditing someone who had exposed corruption. In that post, it was noted that Ecuardor scrapped its own rules requiring a warrant to investigate someone's IP address and has been known to seize the computers of critical journalists.

So, it should come as little surprise that while so much attention is on Ecuador, it was leaked to Buzzfeed that the country is in the middle of purchasing equipment for widespread surveillance, including a system called "GSM Interceptor" (subtle!) and some unmanned surveillance drones. Basically, the country does not have a great record on protecting civil liberties or freedom of the press.

But, here's where the story gets even more bizarre. Buzzfeed's reporters, Rosie Gray and Adrian Carrasquillo, had posted the various documents they got revealing these purchases on Scribd and embedded them beneath the story. Here's a screenshot: Could there be a copyright claim? Well, unlike the US, many countries do allow government documents to be covered by a form of copyright, but even so it seems ridiculous that Ecuador is clearly using copyright to try to stifle a free press in discussing its surveillance efforts. It's yet another example of copyright being used for censorship, made doubly ironic in that it came about while trying to stifle documents about its surveillance program that only came to light because the of possibility that it might offer political asylum to Ed Snowden for revealing US surveillance. Are there any places left on earth that actually do respect basic civil liberties?

Filed Under: censorship, copyright, ecuador, ed snowden, julian assange, leaks, surveillance

Defense Department Blocks All Web Access To The Guardian In Response To NSA Leaks

from the head-in-sand dept

Once again, the US government appears to be taking an incredible head-in-sand approach to the various leaks about NSA surveillance. The latest is that the Defense Department is now telling everyone in the DoD to block access to The Guardian's website, which was seen very clearly after it was discovered that the US army is blocking access to the Guardian's website from all Army computers. This is not only petty and stupid, but useless. First of all, while the Guardian has been breaking much of the news about the leaks, it's all picked up quickly elsewhere and discussed widely. Pretending that blocking the Guardian has any impact is just pure cluelessness in action. Second, just because the Guardian has broken some news stories, it doesn't mean it makes sense to block the entire site. That is only going to pique more interest from folks in the Army and the wider Defense Department who are now going to be curious why the government is banning access to one of the biggest newspaper websites in the world. The whole thing smacks of stupid desperation: it doesn't stop the leaks from happening, it doesn't stop anyone in the army from finding out about the leaks, it just seems petty and designed to alert more people that the Guardian is the source to follow on these leaks.

Filed Under: army, blocks, defense department, filters, leaks, nsa, nsa surveillance, the guardian, web access

Former Second Highest Ranking General In The US Apparently Under Investigation For 'Leaking' Stuxnet Info

from the bradley-manning's-cellmate? dept

You may recall last year that the NY Times revealed details on how US intelligence created the Stuxnet virus and got it into Iranian computers, leading to screwing up Iran's nuclear enrichment program. There were some questions at the time about who leaked that information and how the Obama administration didn't seem to mind nearly as much when the leaks made them look good. However, given the siege mentality the administration appears to have about any kind of leaks, to the point at which the Defense Department directly claims that "leaking is tantamount to aiding the enemies of the United States," it appears that the administration may be looking to go after the leaker of the Stuxnet info.

And, if a report from NBC is to be believed, the target of the investigation is retired General James Cartwright, who was recently the second-highest ranking officer in the military.

Cartwright, who was the number two person in the joint chiefs of staff from 2007 to 2011, was instrumental in the development of Stuxnet, and his role was publicised in a New York Times article published last year.

Of course, the really interesting thing to see, if this report is confirmed and anything happens, is how General Cartwright is treated in comparison to, say, someone like Bradley Manning...

Filed Under: investigation, james cartwright, leaks, stuxnet

DOJ Guidelines: Inappropriate To Prosecute Leaking Gov't Information As 'Theft Of Gov't Property'

from the umm... dept

Well, this is interesting. Last week, of course, it was revealed that the DOJ has charged Ed Snowden for various crimes, including "theft of government property." In fact, Rep. Mike Rogers, the head of the House Intelligence Committee, seems to think this is the key charge, and argues (ridiculously) that the documents "belong to the people of the US" and that Snowden somehow "stole" them by giving the documents to those very same "people of the US."

However, as Declan McCullagh points out, the DOJ's own manual very clearly says that it is "inappropriate" to charge people who take government documents and information with theft of government property, in part because that might lead to unfair prosecution of whistleblowers:

Section 641 of Title 18 prohibits theft or receipt of stolen government information as well as theft of the documents, computer discs, etc., that contain the information. United States v. Fowler, 932 F.2d 306, 309-10 (4th Cir. 1991); United States v. Girard, 601 F.2d 69, 70-71 (2d Cir.), cert. denied, 444 U.S. 871 (1979); United States v. DiGilio 538 F.2d 972, 977-78 (3rd Cir. 1976), cert. denied sub nom. Lupo v. United States, 429 U.S. 1038 (1977). But see United States v. Tobias, 836 F.2d 449, 451 (9th Cir.), cert. denied, 485 U.S. 991 (1988). Nevertheless, for the reasons set forth below, the Criminal Division believes that it is inappropriate to bring a prosecution under 18 U.S.C. § 641 when: (1) the subject of the theft is intangible property, i.e., government information owned by, or under the care, custody, or control of the United States; (2) the defendant obtained or used the property primarily for the purpose of disseminating it to the public; and (3) the property was not obtained as a result of wiretapping, (18 U.S.C. § 2511) interception of correspondence (18 U.S.C. §§ 1702, 1708), criminal entry, or criminal or civil trespass.

There are two reasons for the policy. First, it protects "whistle-blowers." Thus, under this policy, a government employee who, for the primary purpose of public exposure of the material, reveals a government document to which he or she gained access lawfully or by non-trespassory means would not be subject to criminal prosecution for the theft. Second, the policy is designed to protect members of the press from the threat of being prosecuted for theft or receipt of stolen property when, motivated primarily by the interest in public dissemination thereof, they publish information owned by or under the custody of the government after they obtained such information by other than trespassory means.

And yet, the "theft of government property" seems to be central to the government's charges against Snowden, suggesting that, yet again, the administration is really grasping at straws in trying to charge Snowden with anything it can dig up for daring to blow the whistle on the surveillance program.

Filed Under: doj, doj guidelines, ed snowden, edward snowden, espionage, leaks, prosecution, theft of government property, whistleblowers

Irony Abounds: Snowden Charged For Spying When What He Really Did Was Reveal Massive Spying

from the that's-not-how-it-works dept

Andy Borowitz, who writes popular satirical pieces, has a great one entitled, "U.S. Seemingly Unaware of Irony in Accusing Snowden of Spying," in response to the news from late last week that Edward Snowden has officially been charged under the espionage act. Like all great satire, it works because the underlying point is so true. Edward Snowden isn't a spy. He exposed massive spying by the US government. And yet he's the one charged with espionage?

At a press conference to discuss the accusations, an N.S.A. spokesman surprised observers by announcing the spying charges against Mr. Snowden with a totally straight face.

“These charges send a clear message,” the spokesman said. “In the United States, you can’t spy on people.”

It does seem quite ridiculous that the response to exposing massive spying to the public is to be accused of breaking a law designed to catch spies. But that's what you get when the government is so hell bent on spying on everyone and not letting anyone know about it.

Filed Under: ed snowden, edward snowden, espionage, leaks, public interest, spying

Obama Administration Has Declared War On Whistleblowers, Describes Leaks As 'Aiding The Enemy'

from the going-a-bit-far dept

In 2008, now President Obama ran with the following as a key plank in his campaign:

Protect Whistleblowers: Often the best source of information about waste, fraud, and abuse in government is an existing government employee committed to public integrity and willing to speak out. Such acts of courage and patriotism, which can sometimes save lives and often save taxpayer dollars, should be encouraged rather than stifled as they have been during the Bush administration. We need to empower federal employees as watchdogs of wrongdoing and partners in performance. Barack Obama will strengthen whistleblower laws to protect federal workers who expose waste, fraud, and abuse of authority in government. Obama will ensure that federal agencies expedite the process for reviewing whistleblower claims and whistleblowers have full access to courts and due process.

None of that has happened. Instead, as we've discussed repeatedly, President Obama has been the most aggressive President ever in attacking whistleblowers and bringing the full weight of the law down on them. In fact, in 2012, rather than promote protecting whistleblowers in his campaign, the campaign bragged about how it cracked down on whistleblowers:

President Obama has done more than any other administration to forcefully pursue and address leaks of classified national security information.... The Obama administration has prosecuted twice as many cases under the Espionage Act as all other administrations combined. Under the President, the Justice Department has prosecuted six cases regarding national security leaks. Before he took office, federal prosecutors had used the Espionage Act in only three cases.

The above paragraph is true -- and we've pointed it out in the past as well -- but we thought it was shameful, not something worth bragging about. Furthermore, since he was elected, President Obama has never praised a single federal employee who was a whistleblower. When asked by a reporter from the Huffington Post for an example of President Obama supporting a whistleblower, the White House refused to respond.

Given all of that, it will come as little surprise to read a piece by reporters Marisa Taylor and Jonathan Landay of McClatchy's Washington Bureau, in which they reveal that the White House has a special attack program to deal with whistleblowers called Insider Threat Program (ITP). And, no, contrary to what the administration has claimed, it's not just about "national security" issues. It goes way beyond that:

President Barack Obama’s unprecedented initiative, known as the Insider Threat Program, is sweeping in its reach. It has received scant public attention even though it extends beyond the U.S. national security bureaucracies to most federal departments and agencies nationwide, including the Peace Corps, the Social Security Administration and the Education and Agriculture departments.

And, as the reporters note, the program may emphasize classified material, but actually goes way beyond that to cover leaks of just about anything. Furthermore, it encourages the ridiculous view that leaks which expose questionable behavior to the public are the same as aiding the enemy.

“Hammer this fact home . . . leaking is tantamount to aiding the enemies of the United States,” says a June 1, 2012, Defense Department strategy for the program that was obtained by McClatchy.

Yes, informing the American public of misdeeds by the US government is considered "aiding the enemies of the United States." The reality, of course, is what they're saying is that they really mean "the current government" when they refer to "the United States," and "the enemies" are the American public.

And, part of the program seems to be to put pressure on anyone to snitch on their colleagues if they suspect potential leakers. Government employees who fail to report colleagues who exhibit "high risk" behaviors may be subject to criminal charges. Basically, snitch on anyone who acts suspiciously, or else... And, of course, it's not just the Defense Department. The Agriculture Department has an online tutorial teaching people how to spot potential whistleblowers, entitled "Treason 101."

As becomes obvious, this massively discourages whistleblowing. It massively discourages anyone raising any alarm about programs that might be out of control, for fear that they might be declared a "high risk" person or even guilty of espionage for trying to blow the whistle. President Obama not only has not supported the "courageous" whistleblowers he praised, he's made it so scary to report any malfeasance that when it eventually does come out, it takes the dramatic form of someone like Edward Snowden, rather than someone willing to go through all the "official channels." It's a complete failure and does little to promote good government.

Filed Under: aiding the enemy, espionage, leaks, whistleblowers

It's Come To This: Commentators Arguing That The Press Commits A Crime In Exposing NSA Surveillance

from the sad dept

Marc Thiessen, a former speechwriter for President Bush, apparently really hates it when government overreach is exposed. We last mentioned him when he attacked Wikileaks in the aftermath of its publishing of various State Department cables. Now, with the new NSA surveillance scandal, he's back (of course) and taking the lovely position that it's perfectly fine to charge journalists who publish information about NSA surveillance with crimes.

Greenwald’s crime is violating 18 USC § 798, which makes it a criminal act to publish classified information revealing government cryptography or communications intelligence.

The law is absolutely clear. It states: “Whoever knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes , or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information— (1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or (2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or (3) concerning the communication intelligence activities of the United States or any foreign government; or (4) obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes— Shall be fined under this title or imprisoned not more than ten years, or both.”

Of course, there's also that fancy First Amendment, which Thiessen would prefer to ignore:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

It would appear that 18 USC 798 is exactly what is forbidden by the First Amendment. It is a law abridging the freedom of the press and freedom of speech. Defenders of Thiessen and the NSA will point out that there are lots of times the courts have said this is okay, but I'm not sure what kind of defense that is, other than nitpicking why the First Amendment is something to ignore. Personally, I think that the First Amendment is fairly important, and worry about any laws that appear to push back on the basic concept of it.

Filed Under: first amendment, free speech, journalism, leaks, marc thiessen, nsa, nsa surveillance