In Neal Stephenson’s brilliant Cryptonomicon, a protagonist works for a shadowy Allied unit called “Detachment 2702.” Detachment 2702 creates elaborate fake evidence to offer explanations of how the Allies learned of German movements, thus concealing that the Allies had cracked the Enigma code. Though fictional, the Detachment is based on actual World War II tactics. The Allies did things like send spotter planes to places they knew German ships would be to fortuitously “spot” them, and reportedly sent a fake radio message of congratulations to a non-existent spy to suggest a source for other intelligence.
You expect the government to use secret surveillance and disinformation campaigns against a wartime enemy. You probably don’t expect the government to use secret surveillance and disinformation campaigns in court against its own citizens.
You should.
Category: Spying
Why Don’t Surveillance State Defenders Seem To Care That The Programs They Love Don’t Work?
There is a strong argument for ending these programs on the basis of their high cost and lack of effectiveness alone. But they actually do damage to our society. TSA agents participating in the behavioral detection program have claimed the program promotes racial profiling, and at least one inspector general report confirmed it. Victims unfairly caught up in the broader suspicious activity reporting programs have sued over the violations of their privacy. The Privacy and Civil Liberties Oversight Board concluded the telephone metadata program violated the Electronic Communications Privacy Act and raised serious constitutional concerns.
The Cybersecurity Information Sharing Act passed by Senate Intelligence Committee last week is yet another example of this phenomenon. Experts agree that the bill would do little, if anything, to reduce the large data breaches we’ve seen in recent years, which have been caused by bad cyber security practices rather than a lack of information about threats. If passed by the full Congress, it would further weaken electronic privacy laws and ultimately put our data at greater risk. The bill would add another layer of government surveillance on a U.S. tech industry that is already facing financial losses estimated at $180 billion as a result of the exposure of NSA’s aggressive collection programs.
Lobbyists for Spies Appointed To Oversee Spying
Who’s keeping watch of the National Security Agency? In Congress, the answer in more and more cases is that the job is going to former lobbyists for NSA contractors and other intelligence community insiders.
A wave of recent appointments has placed intelligence industry insiders into key Congressional roles overseeing intelligence gathering. The influx of insiders is particularly alarming because lawmakers in Washington are set to take up a series of sensitive surveillance and intelligence issues this year, from reform of the Patriot Act to far-reaching “information sharing” legislation.
After the first revelations of domestic surveillance by NSA whistleblower Edward Snowden, President Obama defended the spying programs by claiming they were “subject to congressional oversight and congressional reauthorization and congressional debate.” But as Rep. Alan Grayson, D-Fla., and other members of Congress have pointed out, there is essentially a “two-tiered” system for oversight, with lawmakers and staff on specialized committees, such as the House and Senate committees on Intelligence and Homeland Security, controlling the flow of information and routinely excluding other Congress members, even those who have asked for specific information relating to pending legislation.
Turns Out Feds Actually Tracked Most International Calls For Nearly A Decade Before 9/11 — Didn’t Stop The Attack
One of the big arguments trotted out repeatedly by surveillance state defenders concerning the NSA’s Section 215 program to collect records on all phone calls is that such a thing “would have prevented 9/11” if it had been in place at the time. Here’s former FBI boss Robert Mueller making just that argument right after the initial Snowden leaks. Here’s Dianne Feinstein making the argument that if we had that phone tracking program before September 11th, we could have stopped the attacks. And here’s former NSA top lawyer and still top NSA supporter Stewart Baker arguing that the program is necessary because the lack of such a program failed to stop 9/11.
Except, it turns out, the feds did have just such a program prior to 9/11 — run by the DEA. As you may recall, back in January it was revealed that the DEA had its own database of phone call metadata of nearly all calls from inside the US to foreign countries. Brad Heath at USA Today came out with a report yesterday that goes into much more detail on the program, showing that it dates back to at least 1992 — meaning that the feds almost certainly had the calls that Feinstein and Mueller pretended the government didn’t have prior to 9/11.
FBI would rather prosecutors drop cases than disclose stingray details
Not only is the FBI actively attempting to stop the public from knowing about stingrays, it has also forced local law enforcement agencies to stay quiet even in court and during public hearings, too.
An FBI agreement, published for the first time in unredacted form on Tuesday, clearly demonstrates the full extent of the agency’s attempt to quash public disclosure of information about stingrays. The most egregious example of this is language showing that the FBI would rather have a criminal case be dropped to protect secrecy surrounding the stingray.
Relatively little is known about how, exactly, stingrays, known more generically as cell-site simulators, are used by law enforcement agencies nationwide, although new documents have recently been released showing how they have been purchased and used in some limited instances. Worse still, cops have lied to courts about their use. Not only can stingrays be used to determine location by spoofing a cell tower, they can also be used to intercept calls and text messages. Typically, police deploy them without first obtaining a search warrant.
Under President’s New Cybersecurity Executive Order… Is Wikileaks Now An Evil Cyberhacker For Releasing Trade Deal?
Yesterday we talked about the ridiculousness of President Obama’s new cybersecurity executive order, in which he declares a national emergency around “malicious cyber-enabled activities” and enables his own government to do mean things to anyone they think is responsible for cyber badness (that his own NSA is the primary instigator of serious cyberattacks gets left ignored, of course). One of the points we made is that the definitions in the executive agreement were really vague, meaning that it’s likely that they could be abused in all sorts of ways that we wouldn’t normally think of as malicious hacking.
Helpfully, the ever vigilant Marcey Wheeler has provided some examples of how the vague language can and likely will be twisted:
The EO targets not just the hackers themselves, but also those who benefit from or materially support hacks. The targeting of those who are “responsible for or complicit in … the receipt or use for commercial or competitive advantage … by a commercial entity, outside the United States of trade secrets misappropriated through cyber-enabled means, … where the misappropriation of such trade secrets is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States” could be used to target journalism abroad. Does WikiLeaks’ publication of secret Trans-Pacific Partnership negotiations qualify? Does Guardian’s publication of contractors’ involvement in NSA hacking?
And, that’s not all. How about encryption providers? Not too hard to see how they might qualify:
And the EO creates a “material support” category similar to the one that, in the terrorism context, has been ripe for abuse. Its targets include those who have “provided … material, or technological support for, or goods or services in support of” such significant hacks. Does that include encryption providers? Does it include other privacy protections?And the EO creates a “material support” category similar to the one that, in the terrorism context, has been ripe for abuse. Its targets include those who have “provided … material, or technological support for, or goods or services in support of” such significant hacks. Does that include encryption providers? Does it include other privacy protections?
We’ve already seen some — including government officials — argue that Twitter could be deemed to be providing “material support” to ISIS if it didn’t take down Twitter accounts that support ISIS. Twitter wouldn’t directly qualify under this executive order (which targets non-US actors), but it shows you how easy it is to stretch this kind of thinking in dangerous ways.
Making sure the technology we use every day is secure is important. But vaguely worded executive orders and an over-hyped “national emergency” isn’t the solution. Instead, it’s likely to be abused in serious ways that harm our freedoms.
Britain Used Spy Team to Shape Latin American Public Opinion on Falklands
Faced with mounting international pressure over the Falkland Islands territorial dispute, the British government enlisted its spy service, including a highly secretive unit known for using “dirty tricks,” to covertly launch offensive cyberoperations to prevent Argentina from taking the islands.
A shadowy unit of the British spy agency Government Communications Headquarters (GCHQ) had been preparing a bold, covert plan called “Operation QUITO” since at least 2009. Documents provided to The Intercept by National Security Agency whistleblower Edward Snowden, published in partnership with Argentine news site Todo Notícias, refer to the mission as a “long-running, large scale, pioneering effects operation.”
At the heart of this operation was the Joint Threat Research and Intelligence Group, known by the acronym JTRIG, a secretive unit that has been involved in spreading misinformation.
The British government, which has continuously administered the Falkland Islands — also known as the Malvinas — since 1833, has rejected Argentine and international calls to open negotiations on territorial sovereignty. Worried that Argentina, emboldened by international opinion, may attempt to retake the islands diplomatically or militarily, JTRIG and other GCHQ divisions were tasked “to support FCO’s [Foreign and Commonwealth Office’s] goals relating to Argentina and the Falkland Islands.” A subsequent document suggests the main FCO goal was to “[prevent] Argentina from taking over the Falkland Islands” and that new offensive cyberoperations were underway in 2011 to further that end.
Tensions between the two nations, which fought a war over the small archipelago in the South Atlantic Ocean in 1982, reached a boil in 2010 with the British discovery of large, offshore oil and gas reserves potentially worth billions of dollars.
The British government frames the issue as one of residents’ self-determination. Prime Minister David Cameron maintains that the islands will remain British as long as that was the will of their inhabitants, “full stop, end of story.”
Argentine President Cristina Kirchner, known for her provocative, left-leaning foreign policy since taking office in 2007, rallied regional and international leaders to pass resolutions in international bodies supportive of Argentina’s claim to the islands and stand against what she called the U.K.’s “downright colonialism.”
Even the United States, Britain’s closest ally, declined to support the U.K. position, instead offering to mediate a resolution between the two sides in 2010. Prime Minister Cameron rejected the proposal, calling it “disappointing.”
GCHQ’s efforts on Argentina and the Falklands between 2008 and 2011, the time period the documents cover, were broad and not limited solely to JTRIG. Surveillance of Argentine “military and Leadership” communications on various platforms was a “high priority” task. Despite the Obama administration’s unwillingness to publicly back their ally, NSA assistance was ongoing as of 2010. According to an NSA “Extended Enterprise Report” dated June 2008, based on NSA officials’ meetings with GCHQ representatives, Argentina was “GCHQ’s primary interest in the region.”
Ross Ulbricht’s Lawyers Were Told About Corrupt Investigators, But Barred From Using That During His Trial
We already wrote about Monday’s unsealed criminal complaint against two government agents who were key players in investigating Silk Road — but who used that position to steal Bitcoins and a lot of other questionable behavior. Now it comes out that the Justice Department revealed the existence of this investigation to Ross Ulbricht’s lawyers five weeks before Ulbricht’s trial — but then blocked Ulbricht’s legal team from using that information, even as the Justice Department continued to rely on evidence from both of the apparently corrupt federal agents. Ulbricht’s lawyer, Joshua Dratel, has put out a statement pointing out some of the problems here:
In addition to keeping any information about the investigation from the defense for nearly nine months, then revealing it only five weeks prior to trial, and then moving to keep sealed and secret the general underlying information so that Mr. Ulbricht could not use it in his defense at trial, and then stymying the defense at every turn during trial when the defense tried to introduce favorable evidence, the government had also refused to agree to the defense’s request to adjourn the trial until after the indictment was returned and made public – a modest adjournment of a couple of months, since it was apparent that the investigation was nearing a conclusion.
Throughout Mr. Ulbricht’s trial the government repeatedly used the secret nature of the grand jury investigation as an excuse to preclude valuable defense evidence that was not only produced in discovery, independent of the investigation of Mr. Force, but also which was only at best tenuously related to that investigation. In that manner the government deprived the jury of essential facts, and Mr. Ulbricht of due process. In addition, the government failed to disclose previously much of what is in the Complaint, including that two federal law enforcement agents involved in the Silk Road investigation were corrupt. It is clear from this Complaint that fundamentally the government’s investigation of Mr. Ulbricht lacked any integrity, and was wholly and fatally compromised from the inside.
Dratel suggests that the corrupt behavior of Force and Bridges raises questions about nearly all aspects of the Ulbricht case, especially since they have already showed that they abused their access to the Silk Road platform in a way that could change the site and account information.
Additional information shows that Force not only acted as “Chief Compliance Officer” for CoinMKT while still employed as a DEA agent (and abusing his ability to use government databases for the job), but as a report from Sarah Jeong at Forbes shows, he also reached out to Mt. Gox CEO Mark Karpeles:
And then even asked about working with Mt. Gox as well, with this bizarre “American government and economy will crash in the next five years” statement:
Just about a month later, when Bridges was the affiant on helping the government seize millions of dollars from Mt. Gox (just days after withdrawing the money he himself allegedly stole from Silk Road), Force emailed Karpeles again, saying “told you should have partnered with me!”
And that doesn’t even get into the fact that the whole “murder plot” that was such a headline grabber in the original criminal complaint only happened after Bridges apparently took the money and Ulbricht reached out to Force to get him to put out a hit on the guy he thought had stolen the money (who had actually been cooperating with the government, which allowed Bridges to get the info to steal the money in the first place).
As we noted in our earlier piece, the criminal complaint shows that Force himself abused his power as a DEA agent to fake a subpoena against Venmo trying to get his own account unfrozen — and it appears that when that didn’t work, Force tried to further abuse his power to seize Venmo’s bank account in response. A snippet from an email he sent to a colleague:
Venmo has since registered with FinCEN, but I want to know if they have state money license remitting licenses in California and New York. Can you check? If not, I want to seize their bank accounts (need to identify them) a la BRIDGES and [M.M.’s] seizure warrants for Mt. Gox.
And here’s the big question: were Bridges and Force really just two “bad apples” in the investigation? Or could it have gone much deeper? As Jeong notes in her report:
During the trial, the defense kept trying to introduce the character of “mr. wonderful,” a Baltimore DHS agent who coerced a Silk Road moderator into giving her account over to law enforcement. Although many of Force’s aliases are listed in the criminal complaint against him, none of them are “mr. wonderful.” (In any case, Force is a DEA agent, and “mr. wonderful” is DHS). Who is mr. wonderful? What exactly did he do?
In other words, whether or not you believe that Ulbricht was DPR, the investigation and trial against him was a complete and utter mess, and these new charges raise an awful lot of questions about the fairness of that trial.
Australia Outlaws Warrant Canaries
In the US, certain types of warrants can come with gag orders preventing the recipient from disclosing the existence of warrant to anyone else. A warrant canary is basically a legal hack of that prohibition. Instead of saying “I just received a warrant with a gag order,” the potential recipient keeps repeating “I have not received any warrants.” If the recipient stops saying that, the rest of us are supposed to assume that he has been served one.
Lots of organizations maintain them. Personally, I have never believed this trick would work. It relies on the fact that a prohibition against speaking doesn’t prevent someone from not speaking. But courts generally aren’t impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary. And for all I know, there are right now secret legal proceedings on this very issue.
Australia has sidestepped all of this by outlawing warrant canaries entirely:
Section 182A of the new law says that a person commits an offense if he or she discloses or uses information about “the existence or non-existence of such a [journalist information] warrant.” The penalty upon conviction is two years imprisonment.
Expect that sort of wording in future US surveillance bills, too.
Encryption is the REAL threat – Head Europlod
Europe’s top cop has taken to the BBC to once again slam encryption as the biggest threat to counter-terrorism and law enforcement.
Europol Director Rob Wainright said encrypted communications gave plods across the continent the biggest headaches, and his main gripe was with the IT companies that provide them.
“We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet,” he said.
He told the civil liberties committee of the European Parliament the same thing last November. Now he says there is “a significant capability gap” that must be closed.
“It’s changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn’t provide that anymore,” he told the Beeb.
However, Wainright himself will not get his hands on any of that “capability”. According to Europol’s website, the organisation itself “has neither the technical equipment nor the legal authorisation to wiretap or monitor members of the public by any technological means”.
“Any information being analysed by Europol is provided directly by the co-operating law enforcement agencies. Europol’s principal role is to gather, analyse and re-distribute data,” he said in the interview.
That hasn’t stopped EU countries beefing up Europol with a new European Internet Referral Unit to find, identify and potentially remove websites used by terrorist groups.
National leaders across the EU have been calling for increased access to private communications since the Charlie Hebdo attacks in Paris. The European Council hopes the new unit will be up and running by June.
Meanwhile, tech companies will continue to boost end-to-end encryption after the Snowden revelations created a business case, as consumers demanded their communications be secured.
Dutch MEP Sophie In’t Veld said she found his comments (which echo those of UK PM David Cameron) extremely worrying. “What is next? Having a lock on the front door of your home being a criminal offence? Banning people from protecting their private communications is unacceptable in a democratic society. We are really on a slippery slope here.”
“Not only individual citizens have a right to privacy, but journalists, politicians, lawyers, whistleblowers, NGOs, etc must be able to communicate freely, safely and knowing they are unobserved,” she added.
“There seems to be no limit to the appetite of secret services to know EVERYTHING about us, without being subject to any meaningful kind of oversight or bound by laws,” continued In’t Veld.
“He believes all of this is caused by the ‘revelations’ on NSA mass surveillance. “One would think it was the secret and illegal mass surveillance itself, not the fact it was revealed, that has breached trust,” said In’t Veld.