If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused

from the because-they-have dept

We've already pointed out that, for all the talk from NSA defenders that there have been almost no abuses of the system because of these supposedly foolproof "audits," none of those audits caught what Ed Snowden did, and it appeared that around 1,000 other people had the same sort of access that Snowden did. If anyone thinks that Snowden was the only one who used it to access documents he wasn't supposed to, that seems tremendously naive.

As Zeynep Tufekci notes, anyone who claims that the NSA's data hasn't been misused would have to know more about the NSA's system than the NSA does, since they don't seem to have a way to make sure it wasn't abused.

Given this reality, can anyone truly deny the possibility that a malevolent Snowden or a foreign government that might have placed a sysadmin mole into NSA has NOT scooped up personal information on influential and important politicians and is now (or will in the future) blackmailing them? Can we be sure that there is not already massive “unauthorized” snooping at lower levels? There is already a whistle blower who claims Barack Obama was wiretapped by the NSA along with a whole number of high-level US politicians. The possibilities for mischief—ranging from the small potatoes cases of scorned lovers to significant political and personal blackmail and deep privacy violations—is vast. And the scary truth is that nobody really knows for sure what has already happened, nor can anyone claim or guarantee that it won’t. Not the pundits, not the NSA itself, and not any individual sysadmin because, as I’ve already argued, digital unknowns can stay buried forever if tracks are covered with expertise and root access.

This, right here, is a key part of the problem. If there has been abuse (beyond what's already been reported), we probably wouldn't even know about it because the only ones who do know about it are those involved. And that's what's so scary here. The defenders of this system seem to have astounding and naive levels of trust that everyone working for them is trustworthy when that's almost certainly not true. The system itself is broken, and the claims from its defenders aren't unbelievable because they're unbelievable, they're unbelievable because what they're saying is impossible.

Filed Under: abuse, nsa, nsa surveillance

Why The NSA Must Be Reined In -- For Democracy's Sake

from the mission-creep dept

In the wake of the continuing leaks about the NSA's activities, most commentators are understandably still trying to get to grips with the enormity of what has been happening. But John Naughton, professor of the public understanding of technology at the UK's Open University, tackles a very different question on his blog: what is likely to happen in the future, if things carry on as they are?

Naughton notes that the NSA's mission statement includes the following phrase: "to gain a decision advantage for the Nation and our allies under all circumstances." "Under all circumstances" means that as the Internet grows -- and as we know, it is currently growing rapidly -- so the NSA will naturally ask for resources to allow it to do tomorrow what it is doing today: monitoring more or less everything that happens online. Naughton then asks where that might lead if the political climate in the US remains sufficiently favorable to the NSA that it does, indeed, get those resources:

The obvious conclusion therefore, is that unless some constraints on its growth materialise, the NSA will continue to expand. It currently has 35,000 employees. How many will it have in ten years' time? Who can say: 50,000, maybe? Maybe even more? So we're confronted with the likelihood of the growth of a bureaucratic monster.

How will such a body be subjected to democratic oversight and control? Let me rephrase that: can such a monster be subjected to democratic control?

Although optimists might answer 'yes', Naughton points to the FBI as an example of what has already happened in this area:

those with long memories recall the fear and loathing that J. Edgar Hoover, the founder -- and long-term (48 years) Director -- of the FBI aroused in important segments of the American polity. The relatively restrained Wikipedia entry for him claims that even US presidents feared him and quotes Harry Truman as saying that "Hoover transformed the FBI into his private secret police force". "We want no Gestapo or secret police", Truman is reported as saying. "FBI is tending in that direction. They are dabbling in sex-life scandals and plain blackmail. J. Edgar Hoover would give his right eye to take over, and all congressmen and senators are afraid of him."

He then goes on to draw the obvious parallel with a possible tomorrow:

Now spool forward a decade or so and imagine a Director of the NSA, a charismatic 'securocrat' imbued with a mission to protect the United States from terrorists and whatever other threats happen to be current at the time. He (or she) has 50,000+ operatives who have access to every email, clickstream log, text message, phone call and social-networking post that every legislator has ever made. S/he is a keystroke away from summoning up cellphone location logs showing every trip a lawmaker has made, from teenager-hood onwards, every credit- and debit-card payment. Everything.

And then tell me that lawmakers will not be as scared of that person as their predecessors were of Hoover.

Think that could never happen? Are we sure...?

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: abuse, corruption, democracy, nsa, nsa surveillance, power, surveillance

Former FBI Lawyer Who Oversaw Years Of Fourth Amendment Violations By The Agency Nominated For Federal Judge Seat

from the 'lifelong-position-of-power'-is-the-new-'disciplinary-action' dept

So, this is the way the system works, apparently. If you're linked with nearly a decade's worth of surveillance abuses, not only won't you be punished for your malfeasance, but you'll be promoted to a lifelong position of greater power.

Spencer Ackerman at The Guardian has compiled an in-depth look at Valerie Caproni, former top lawyer for the FBI and current nominee for a federal judge position in the Southern District of New York. Nothing Ackerman's dug up looks promising for plaintiffs running privacy-related cases through this district court if she's approved.

A 2010 report by the Department of Justice's internal watchdog found that the FBI misused a type of non-judicial subpoena known as an "exigent letter" to improperly obtain more than 5,500 phone numbers of Americans.

"The FBI broke the law on telephone records privacy and the general counsel's office, headed by Valerie Caproni, sanctioned it and must face consequences," said John Conyers, then the chairman of the House judiciary committee, in April 2010, who called for then-FBI director Robert Mueller to fire her.

Conyers said he was "outraged" that the FBI invented "exigent letters" to more easily obtain phone records, and intimated Caproni was responsible for it. "It's not in the Patriot Act. It never has been. And its use, perhaps coincidentally, began in the same month that Ms Valerie Caproni began her work as general counsel," Conyers said in a hearing that month. The FBI stopped using exigent letters in 2006.

"Exigent circumstance letters" (ECLs) were the end-around the FBI used when its National Security Letters failed to pry loose the phone data it was looking for, or more frequently, when it was deemed that following proper procedure would just take too long. Not that these NSLs were any less abusive -- they were often used to access data in violation of the "limits" built into the PATRIOT Act. Apparently, the NSL loophole frequently wasn't big enough or fast enough, at which point the FBI would craft "exigent letters." These were supposed to be followed up by official NSLs, but the FBI often found it was easier to just not do that.

The nadir was reached when the FBI decided to replace the entire legal process for obtaining this data with Post-It notes and requests made over the phone. All of this occurred under Caproni's watch.

Caproni doesn't seem to care much for privacy advocates either, considering them to be nothing but ignorant noise to be filtered out.

At one meeting in 2007, Graves recalled, "Caproni said she thought civil libertarians were wasting their time complaining about the NSL [national security letter] powers because the government could just obtain all that information and more through a 215 order by the Fisa court or through a grand jury subpoena issued by a single federal prosecutor and because those orders are secret we would never know. When pressed about that, she insisted that going around the limits on the NSL powers by using 215 or grand jury subpoenas was no big deal and a perfectly permissible use of those powers."

As has been clearly detailed over the years and confirmed by these leaks, giving an entity this sort of power guarantees it will be abused. Caproni's tenure began during the Bush administration and she followed that administration's lead in exploiting Section 215 to its fullest. The FBI's tactics didn't really have to change with the election of a new president, as he went on to expand the powers granted by the PATRIOT Act. Caproni's actions and justifications have fit in perfectly with the government's over the past nine years, despite a regime change.

Caproni is Obama's nominee for this district court seat, which makes sense as his administration has already forgiven her for her agency's past violations. This was done via a secret ruling issued by the Office of Legal Counsel -- the same office that retroactively gave its blessing for torture and warrantless wiretapping that occurred under Bush's administration.

Caproni has vowed to recuse herself from cases where her "impartiality might be questioned" or dealing with issues she was actively involved with in her former position. Unfortunately, this still leaves plenty of room for Caproni to insert herself into the ongoing court battles seeking to hold intelligence agencies accountable for their overreach.

Currently, the ACLU is suing the government in that court on its own behalf (as a Verizon customer) for violating its Fourth Amendment rights. Certainly there will be more to follow. As Karen Greenburg, director of Fordham University's Center on National Security points out, the southern district court of New York is the "premier venue" for terrorism cases.

Would Caproni consider cases like the ACLU's to be the sort she should recuse herself from, seeing as they deal with the same sort of Fourth Amendment violations the FBI routinely performed under her counsel? I'm of the opinion she wouldn't, especially considering her antipathy towards "civil libertarians" and her willingness to not only test the limits on data collection laws, but frequently exceed them if deemed "necessary."

Filed Under: abuse, exigent letters, fbi, judge, national security letters, valerie caproni

The Trustworthy Government Officials Delusion: Eventually Any Program Will Be Abused

from the not-everyone-is-trustworthy dept

I'd been meaning to write up a post like this for a few weeks, and when Pro Publica wrote about why it was publishing details of the latest Ed Snowden leaks concerning the feds ability to break encryption, they highlighted the exact point I was thinking about in talking about the nature of an untrustworthy government:

American history is replete with examples of the dangers of unchecked power operating in secret. Richard Nixon, for instance, was twice elected president of this country. He tried to subvert law enforcement, intelligence and other agencies for political purposes, and was more than willing to violate laws in the process. Such a person could come to power again. We need a system that can withstand such challenges. That system requires public knowledge of the power the government possesses.

To date, nearly every single defense of the NSA's pervasive surveillance powers, whether it comes from President Obama, James Clapper, Keith Alexander, Dianne Feinstein or Mike Rogers all seems premised on denying this basic fact. They're all focused on how hard the people working on these programs work to stay within the law and how they're designed with the best intentions in mind. In fact, the defenses seem almost entirely premised on this point: "we're the good guys, so you can trust us not to do the wrong thing here."

There's something about historical evil that makes people think that it won't happen again. I know it's a mental bias that I have all the time. We hear stories of the atrocities of Adolf Hitler, the excessive attacks of Joseph McCarthy, the pervasive surveillance of J. Edgar Hoover, and the paranoid political opportunism of Richard Nixon and we have a natural tendency and bias to think "wow, those guys were bad, but that was then -- isn't it great that we live in a time after those guys are gone?" The things that some of those people did were considered so bad, we have a hard time believing that it could happen again. After all we "learned our lesson" and we're in a new era.

But, of course, that's wrong. It's silly and naive.

These things didn't happen long ago at all.

People do bad things. And they will continue to do bad things. That doesn't mean that people are necessarily evil -- most are not. In fact, many who end up doing bad things start out with the best of intentions (and maybe believe to the end that they were following through on those intentions). But, temptation and power are strong drivers of behavior. And eventually abuse and excess are bound to happen.

Even if we assume that everyone working on these programs today is a wonderful soul with the best of intentions (a proposition that is unlikely, but let's go with it), there is simply no way that this will always be the case. This is what is leading to the miscommunication between defenders of these programs and those who fear them. Not all of us automatically assume that those in charge have nefarious intent (and, yes, I know some readers here do assume that), but we recognize that sooner or later, those with nefarious intent will have access and will abuse it. That's just the nature of the beast.

So, when President Obama, James Clapper, Keith Alexander, Dianne Feinstein or Mike Rogers argue "trust us," with these programs, that's really not the point. Even if we trust them, we have no way of knowing if we can or should trust the next guy or the guy after that. The only way -- the only way -- to make sure such programs won't be abused is to build programs that have real public and open oversight. And that's what the defenders of these programs continue to fight back against. And that's the problem.

Filed Under: abuse, corruption, nsa, nsa surveillance, politicians, power, surveillance

NSA Defender Claims Thousands Of Abuses By NSA Shows 'The System Is Working Well'

from the they-can't-be-serious dept

Been wondering how the usual pack of NSA defenders would be trying to spin the revelations of massive violations of the law by the NSA? I've assumed that most would focus on the fact that it's claimed (without real evidence) that these abuses were "accidents" or "typos" (by which you also alert NSA agents exactly how to abuse the system without getting in trouble for it: just make it look like a typo). And here we have a version of this that I expect to see a few politicians trot out. Jason Healey, who is a former "director of cyber infrastructure" for the White House from 2003 to 2005. has trotted out the trial balloon claiming that these thousands of abuses mean "the system is working."

NSA 'privacy violations' reflects system working well. My 1st job was writing such violation reports, ensure US info was purged from system

— Jason Healey (@Jason_Healey) August 16, 2013

We'll wait while you try to stop laughing. Need a bit more time? Okay. *Glances at watch* Okay, now, seriously, I'm assuming his argument is that the fact that there was a secret report noting all of these thousands of abuses means that the "auditing" and "review" process within the NSA proves that those processes "work" in "catching" abuses. This is wrong on so many levels. Let's discuss just a few, because, really, we don't have all day:

1. Just because this report notes thousands of abuses, it doesn't mean that many other, potentially worse, abuses didn't happen and just didn't make it into the report. In fact, given how widely the systems appear to be abused, this seems almost certain. The NSA argues that random errors, typos and accidents lead to the mistakes in the first place, yet now we're supposed to believe that there were no such errors in collecting the list of violations and abuses? Really?
2. As we've been discussing, the way these abuses are classified actually makes it painfully obvious to any NSA analyst worth his or her pocket protector just how to abuse the system and get away with it. If these abuses were rare, and not an everyday occurrence, it would be harder to get away with. But with multiple abuses every single day, it's not difficult to disguise a purposefully abusive search into one that looks "accidental."
3. The fact that there are so many abuses, and that the number has grown over time shows that the system is clearly not working. If it was, they'd be reducing the violations consistently.
4. Just because an abuse is written up, it doesn't excuse the abuse happening in the first place.

And, as mentioned we could go on and on and on. But, honestly, how can anyone want to be taken seriously and then argue that thousands of abuses of the law and violations of the privacy of Americans "reflects [the] system working well"? About the only way it shows the system is working well is if the plan was to spy on Americans against the law all along.

Filed Under: abuse, jason healey, nsa, nsa surveillance

Just Weeks Ago, Keith Alexander Said Review Of NSA Found Not A Single Violation; Reality: Thousands Of Violations

from the lying-will-get-you-nowhere dept

It's been clear that various defenders of the NSA program have been lying, but given yesterday's revelations, now we can show just how much and how explicitly they were lying. It was just a couple weeks ago at the Black Hat conference that Keith Alexander told an audience that a review of NSA activities showed no violations at all:

Congress did a review of this program over a four-year period, the Senate Select Committee on Intelligence. And over that four-year period, they found no willful or knowledgeable violations of the law or the intent of the law in this program.

More specifically, they found no one at NSA had ever gone outside the boundaries of what we’ve been given. That’s the fact. What you’re hearing, what you’re seeing, what people are saying is, well, they could. The fact is they don’t. And if they did, our auditing tools would detect them, and they would be held accountable.

Note the hedge in the first paragraph, that they found "no willful or knowledgeable violations." And, indeed, the Inspector General's report revealed last night notes that most of the violations they found were accidental. But, the line between "accidental" and "intentional but covered up by claiming it was an accident" is a somewhat fuzzy line. If you're an NSA analyst who wants to spy on someone, given how the agency treats "accidental" searches as no big deal, it appears that all you have to do is figure out a way to write a query that you can then claim accidentally, or "incidentally" just happened to collect the information you were looking for. "Oops."

Either way, even with those caveats in the first paragraph, in the second paragraph Alexander makes claims without such caveats. There he argues that "no one at NSA had ever gone outside the boundaries of what we've been given. That's a fact." Actually, that's a lie. As the report showed quite clearly, there are thousands of incidents in which they went outside the boundaries. That they were "accidental" or "incidental" doesn't change that fact.

Filed Under: abuse, keith alexander, nsa, nsa surveillance, violations

Okay, Now Will People Admit That Ed Snowden Is A Whistleblower?

from the he-clearly-disclosed-abuse dept

Nearly two weeks ago, Michael German, at the ACLU, posted a somewhat prescient article detailing why Ed Snowden was clearly a "whistleblower" under the current definitions in US law:

It is actually not a hard question to answer. The Whistleblower Protection Act protects "any disclosure" that a covered employee reasonably believes evidences "any violation of any law, rule, or regulation," or "gross mismanagement, a gross waste of funds, and abuse of authority, or a substantial and specific danger to public health or safety."

It goes on to give some evidence of how Snowden's leaks fit into those categories:

In the two months since Snowden's alleged disclosures, no fewer than five lawsuits have been filed challenging the legality of the surveillance programs he exposed. The author of the Patriot Act, Rep. James Sensenbrenner (R-Wis.), called the scope of data collection revealed in one of the leaked Foreign Intelligence Surveillance Court orders "incredibly troubling," and "an overbroad interpretation of the Act" that "raise[s] questions about whether our constitutional rights are secure."

It doesn't end there. Over a dozen bills have been introduced in Congress to narrow these now public surveillance authorities and increase transparency regarding continuing programs. No one can know what was in Edward Snowden's mind, but clearly he could have had a reasonable belief the documents he leaked to the news media revealed government illegality and abuse of authority.

The disclosures also revealed that U.S. military officers and intelligence community officials have been less than truthful in their public comments and congressional testimony about the government's domestic surveillance practices, both in the scope of the programs and their effectiveness. Such false and misleading testimony threatens more than just Americans' privacy; it threatens democratic control of government.

Of course, even then, some argued that since the revelations did not, in fact, reveal direct "abuses," he still wasn't a "whistleblower." But that's no longer true. As we've been detailing, his leaks have led to the clear evidence of not just a few random abuses, but rather thousands of abuses by the NSA every year.

So can we drop whatever name calling game people are playing and agree that he meets the definition of a whistleblower?

Filed Under: abuse, ed snowden, nsa, nsa surveillance, whistleblower

How Could Dianne Feinstein Not Have Seen The Report Laying Out NSA Abuses?

from the and-yet-push-to-renew-the-law? dept

We already mentioned this in our initial post about Barton Gellman's incredible Washington Post expose on NSA abuses, but one of the many astounding revelations was the claim that Senator Dianne Feinstein, the head of the Senate Intelligence Committee and the primary defender of the programs in the Senate, who has always tried to block or shut down any debate over these provisions, claims that she was unaware of the Inspector General's report that highlighted thousands of abuses:

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it, said in a statement late Thursday that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”

First of all, any statement from Feinstein arguing that her own committee should do more oversight of the NSA is startling. Remember, this is the same Senator who, during that debate over this program last year, ridiculously announced that she was going to wave the paper with the "secret" reason for why the program had to be renewed.

"I'd like to just show that classified letter, if I might. It's classified, so I can't read it to you. I don't happen to have it here, but as soon as someone brings it, I will wave it for a moment so that you see it."

And yet, now she's claiming that she never saw the required Inspector's General report that detailed all of these abuses? It's not as if the existence of this report was a secret. The Justice Department issued a public announcement last November 7th, stating that this report had been completed. And, there had been some public discussion about the classified report, because (at the very least) both Steven Aftergood and Julian Sanchez have filed FOIA requests on the document. In Sanchez's case, you may recall, he'd actually filed a FOIA request for an earlier version of the report -- again, whose existence was public knowledge -- and the DOJ told him it couldn't even confirm the existence of the report. While they later admitted that was an error, they still never delivered the document to Sanchez.

Towards the end of last year, Sanchez regularly made the point that it was ridiculous that this report, which had direct information pertaining to the FISA Amendments Act, and any abuses would remain classified throughout the period of time in which Congress was debating its renewal.

And now we're supposed to believe that Senator Feinstein had not seen this report? The report that directly assessed whether or not the program that she was the major proponent of, and whose oversight she was in charge of, had been abused? It seems rather obvious that Feinstein is either lying or incompetent here. The most charitable response would be that she or her staff didn't actually understand what it was Gellman had asked, when he talked about the report, but even that is tough to believe.

As such, her response that her own committee needed to "do more" seems even more ridiculous. If we take her at her word, it would seem that "do more" would mean at least reading the freaking review of the very program you were defending and renewing to see the details of the program's abuse... How can the Senate allow her to remain in charge of this committee when by her own public admission she didn't even look at a key report over what she insisted was the key program they were renewing last year?

Filed Under: abuse, dianne feinstein, fisa amendments act, inspector general's report, nsa, nsa surveillance, senate intelligence committee

NSA's Defense Of All Those Abuses: 'Well, Compared To All The Spying We Do, We Don't Abuse It That Often'

from the uh,-that's-not-helping dept

In our initial report about the Washington Post's astounding revelations about NSA abuses of surveillance, we posted part of the NSA's "defense" of those abuses, but we left out the truly crazy part, which came right after the part we initially quoted:

“You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”

This was a senior NSA official, almost certainly the NSA's "compliance director," arguing, in effect, "we do so much spying that a few thousand mistakes per year is really no big deal." Except, remember, throughout all of this, all of the NSA's defenders, from President Obama to James Clapper to Keith Alexander to Mike Rogers, keep insisting that abuse is next to impossible.

Yet, now even the NSA is admitting that "in absolute terms" there's a lot of abuse, but we shouldn't worry our pretty little heads about it, because in relative terms, it's not that much. This is the point at which anyone who understands the difference between absolute and relative numbers, and when each is the appropriate measure to use, starts coughing up a lung. The relative amount is meaningless here. The absolute number means everything, because it shows that abuse is widespread and happens daily -- something that the program's defenders have been trying to deny for months.

Filed Under: absolute numbers, abuse, nsa, nsa abuse, nsa surveillance

Simple Question: How Could President Obama Not Know That Ed Snowden Had The IG Report That Showed Widespread NSA Abuse?

from the absolutely-incredible dept

Among the many stunning things in the report from Barton Gellman and the Washington Post last night was the fact that it totally debunked President Obama's statements from less than a week ago, arguing (1) that these programs were not abused and (2) that no one was "listening in on people's phone calls (see update below). Both of those appear to be untrue. Here were President Obama's direct comments at last week's press conference:

If you look at the reports, even the disclosures that Mr. Snowden’s put forward, all the stories that have been written, what you’re not reading about is the government actually abusing these programs and, you know, listening in on people’s phone calls or inappropriately reading people’s e-mails.

What you’re hearing about is the prospect that these could be abused. Now part of the reason they’re not abused is because they’re — these checks are in place, and those abuses would be against the law and would be against the orders of the FISC

And yet, the Inspector General's report shows that just in the DC area alone there were thousands of violations and abuses, and some included intercepting the content of tons of phone calls in the DC area. Update: In an update, the Washington Post admits that the report was about metadata, not actual content, and they had misreported this initially.

Now, I know that some will take the cynical stance that politicians will just lie with abandon and not care about it. But the fact is that while many (perhaps all) are less than truthful at times, they very, very rarely will bumble into making a major statement like this that can be shown to be flat out false in black and white like this in a setting where the remarks were carefully scripted. So here's the thing I don't understand: by this point, the government must at least have some idea of what documents Snowden got, even if they haven't quantified all of them. They had to know that this Inspector's General report was out there and there was a high likelihood that Snowden had leaked it as well.

So I honestly can't figure out what the White House was thinking in having Obama make such a statement. You can argue that he offered a lie for convenience, and hoped that the truth wouldn't come out, but the White House had to know that there was a very high probability of him being proven a liar very soon after making those statements, which then would undermine the entire purpose of the press conference. Yes, politicians lie, but they lie for strategic reasons, and here it seems like the White House can't even think one step ahead in this chess game. Without last week's press conferences, the disclosures from last night would still be stunning and damaging, but coming so soon after the press conference, they're devastating.

Filed Under: abuse, barack obama, ed snowden, lies, nsa, nsa surveillance, surveillance