If the US intelligence committee is concerned about the status of “hearts and minds” in its ongoing NSA v. Snowden battle, it won’t be winning anyone over with its latest response to a FOIA request.
Various representatives of the intelligence community have asserted (sometimes repeatedly) that Snowden’s leaks have caused irreparable harm to intelligence-gathering efforts and placed the nation in “grave danger.” But when given the chance to show the public how much damage has been done, it declares everything on the subject too sensitive to release. EVERYTHING.
Category: Spying
Why Does the FBI Have to Manufacture its Own Plots if Terrorism and ISIS Are Such Grave Threats?
The FBI and major media outlets yesterday trumpeted the agency’s latest counterterrorism triumph: the arrest of three Brooklyn men, ages 19 to 30, on charges of conspiring to travel to Syria to fight for ISIS (photo of joint FBI/NYPD press conference, above). As my colleague Murtaza Hussain ably documents, “it appears that none of the three men was in any condition to travel or support the Islamic State, without help from the FBI informant.” One of the frightening terrorist villains told the FBI informant that, beyond having no money, he had encountered a significant problem in following through on the FBI’s plot: his mom had taken away his passport. Noting the bizarre and unhinged ranting of one of the suspects, Hussain noted on Twitter that this case “sounds like another victory for the FBI over the mentally ill.”
In this regard, this latest arrest appears to be quite similar to the overwhelming majority of terrorism arrests the FBI has proudly touted over the last decade. As my colleague Andrew Fishman and I wrote last month — after the FBI manipulated a 20-year-old loner who lived with his parents into allegedly agreeing to join an FBI-created plot to attack the Capitol — these cases follow a very clear pattern:
The known facts from this latest case seem to fit well within a now-familiar FBI pattern whereby the agency does not disrupt planned domestic terror attacks but rather creates them, then publicly praises itself for stopping its own plots.
First, they target a Muslim: not due to any evidence of intent or capability to engage in terrorism, but rather for the “radical” political views he expresses. In most cases, the Muslim targeted by the FBI is a very young (late teens, early 20s), adrift, unemployed loner who has shown no signs of mastering basic life functions, let alone carrying out a serious terror attack, and has no known involvement with actual terrorist groups.
They then find another Muslim who is highly motivated to help disrupt a “terror plot”: either because they’re being paid substantial sums of money by the FBI or because (as appears to be the case here) they are charged with some unrelated crime and are desperate to please the FBI in exchange for leniency (or both). The FBI then gives the informant a detailed attack plan, and sometimes even the money and other instruments to carry it out, and the informant then shares all of that with the target. Typically, the informant also induces, lures, cajoles, and persuades the target to agree to carry out the FBI-designed plot. In some instances where the target refuses to go along, they have their informant offer huge cash inducements to the impoverished target.
Once they finally get the target to agree, the FBI swoops in at the last minute, arrests the target, issues a press release praising themselves for disrupting a dangerous attack (which it conceived of, funded, and recruited the operatives for), and the DOJ and federal judges send their target to prison for years or even decades (where they are kept in special GITMO-like units). Subservient U.S. courts uphold the charges by applying such a broad and permissive interpretation of “entrapment” that it could almost never be successfully invoked.
Confidential Informant Played Key Role in FBI Foiling Its Own Terror Plot
The FBI Wednesday announced the arrest of three men it alleges planned to help the Islamic State, news that at first appeared to confirm fears that radical extremism is spreading to the United States.
“The flow of foreign fighters to Syria represents an evolving threat to our country and to our allies,” U.S. Attorney Loretta Lynch said in a press release announcing the arrests. “We will vigorously prosecute those who attempt to travel to Syria to wage violent jihad on behalf of ISIL and those who support them.”
Left unmentioned in the FBI statement, however, is the integral role a paid informant appears to have played in generating the charges against the men, and helping turn a fantastical “plot” into something even remotely tangible. It appears that none of the three men was in any condition to travel or support the Islamic State, without help from the FBI informant.
On Feb. 25, two Brooklyn men were arrested following FBI and New York Police Department anti-terror raids and charged with providing “material support” to the Islamic State. Abdurasul Hasanovich Juraboev, 24, and Akhror Saidakhmetov 19, are alleged to have made arrangements to travel to Syria, and also to have expressed willingness to conduct attacks in the United States “if ordered to do so” by the group. A third man, Abror Habibov, 30, was arrested in Florida and charged with helping provide financial support for their travel plans.
According to the criminal complaint against the three, the FBI first began investigating Juraboev after he made postings on Uzbek-language social media sites in August 2014 praising the Islamic State and offering to pledge allegiance to them. While these postings were made anonymously, Juraboev neglected to conceal his IP address which led to him being quickly identified by authorities.
On Aug. 15, 2014, Juraboev was visited at a Brooklyn residence by FBI agents; he openly expressed his desire to join Islamic State to them. He is said to have told the agents he desired to travel and join the group, but that “he currently lacked the means to go there.” Juraboev is also said to have told the FBI agents in this interview of his desire to kill President Obama, but stated that he does not have any “means or imminent plans to do so.”
Three days after that initial visit, FBI agents visited him again; he reiterated these violent and criminal desires, stating his willingness to kill President Obama if he were ordered to do so by any member of Islamic State, and also telling the agents he was willing to “plant a bomb on Coney Island if so ordered by ISIL”.
Is Retweeting ISIS ‘Material Support Of Terrorism’?
Last week there was a bizarre and ill-informed post by music industry lawyer Chris Castle — who has a weird infatuation with the idea that Google must be pure evil — in which he tried to argue that because YouTube wasn’t able to take down propaganda videos showing ISIS atrocities fast enough, that Google was providing “material support” for terrorism. As Castle notes:
Google’s distribution of jihadi videos on Google’s monopoly video search platform certainly looks like material support of terrorists which is itself a violation of the federal law Google claims to hold so dear. (See 18 U.S. Code §2339A and §2339B aka the U.S. Patriot Act.)
Of course, there are all sorts of problems with the Patriot Act, including its definitions of “material support of terrorism,” but to stretch the law to argue that providing an open platform and simply not removing videos fast enough (the videos in question all got removed pretty rapidly anyway, but not fast enough for Castle) is somehow “material support for terrorism” is flat out crazy. It stems from the same sort of confused logic that Castle has used in the past, arguing that Google and others must magically “just know” what is infringing and what is not — suggesting a true lack of understanding about the scale of offerings like YouTube and the resources needed to sort through all the content.
We were inclined to simply dismiss Castle’s nuttiness to the category of “WTF” where it belongs… until at a conference earlier this week, a DOJ official, John Carlin, who holds the role of assistant attorney general for national security, appeared to suggest that anyone helping ISIS’s social media campaign could be guilty of “material support” for terrorism:
John Carlin, the assistant attorney general for national security, told a cybersecurity conference in Washington on Monday that officials could try to blunt ISIS’s violent PR operation by essentially trying propagandists as terrorists. He suggested the Justice Department could bring prosecutions under the law against providing material support to a terrorist organization. His remarks were believed to be the first time a U.S. official has ever said that people who assist ISIS with online media could face criminal prosecution.
Carlin was asked at the conference whether he would “consider criminal charges” against people who are “proliferating ISIS social media.”
His answer: “Yes. You need to look at the particular facts and evidence.” But Carlin noted that the United States could use the material support law to prosecute “technical expertise” to a designated terrorist organization. And spreading the word for ISIS online could count as such expertise.
AT&T Charging Customers to Not Spy on Them
AT&T is charging a premium for gigabit Internet service without surveillance:
The tracking and ad targeting associated with the gigabit service cannot be avoided using browser privacy settings: as AT&T explained, the program “works independently of your browser’s privacy settings regarding cookies, do-not-track and private browsing.” In other words, AT&T is performing deep packet inspection, a controversial practice through which internet service providers, by virtue of their privileged position, monitor all the internet traffic of their subscribers and collect data on the content of those communications.
What if customers do not want to be spied on by their internet service providers? AT&T allows gigabit service subscribers to opt out — for a $29 fee per month.
I have mixed feelings about this. On one hand, AT&T is forgoing revenue by not spying on its customers, and it’s reasonable to charge them for that lost revenue. On the other hand, this sort of thing means that privacy becomes a luxury good. In general, I prefer to conceptualize privacy as a right to be respected and not a commodity to be bought and sold.
Head Of UK Parliamentary Committee Overseeing Intelligence Agencies Resigns After Being Caught In Sting
The UK government’s response to Snowden’s leaks has been twofold: that everything is legal, and that everything is subject to rigorous scrutiny. We now know that the first of these is not true, and the second is hardly credible either, given that the UK’s main intelligence watchdog has only one full-time member. There’s one other main oversight body, the UK’s Intelligence and Security Committee of Parliament (ISC), which is tasked with examining:
the policy, administration and expenditure of the Security Service, Secret Intelligence Service (SIS), and the Government Communications Headquarters (GCHQ).
The ISC was criticized as part of a larger condemnation of intelligence oversight by another UK Parliament committee. The head of the ISC, Sir Malcolm Rifkind, was reported by the Guardian as dismissing those criticisms as “old hat,” as if that somehow made them acceptable. Rifkind has now been caught up in a rather more serious row, which involves reporters from the UK’s Channel 4 and The Telegraph newspaper posing as representatives of a Chinese company:
PMR, a communications agency based in Hong Kong was set up, backed by a fictitious Chinese businessman. PMR has plenty of money to spend and wants to hire influential British politicians to join its advisory board and get a foothold in the UK and Europe.
Here’s what Channel 4 and the Telegraph allege happened in their meeting with Rifkind:
Sir Malcolm also claimed he could write to a minister on behalf of our company without saying exactly who he was representing
Sir Malcolm added that he could see any foreign ambassador in London if he wanted, so could provide ‘access’ that is ‘useful’
Rifkind said that he was “self-employed” — in fact, he is a Member of Parliament, and receives a salary of £67,000 per year — and that his normal fee was “somewhere in the region of £5,000 to £8,000” for half a day’s work. There’s no suggestion that Rifkind made any reference during the sting to his role as head of the ISC, but that’s not really the point. He was offering a Chinese company access to influential people purely because he would get paid to do so, and that is surely not the kind of person you would want to grant the high-level security clearance Rifkind enjoys.
NSA Director: If I Say ‘Legal Framework’ Enough, Will It Convince You Security People To Shut Up About Our Plan To Backdoor Encryption?
Admiral Mike Rogers, the NSA Director, has barely been on the job for a year, and so far he’d mostly avoided making the same kinds of absolutely ridiculous statements that his predecessor General Keith Alexander was known for. Rogers had, at the very least, appeared slightly more thoughtful in his discussions about the surveillance state and his own role in it. However, Rogers ran into a bit of trouble at New America’s big cybersecurity event on Monday — in that there were actual cybersecurity folks in the audience and they weren’t accepting any of Rogers’ bullshit answers. The most notable exchange was clearly between Rogers and Alex Stamos, Yahoo’s chief security officer, and a well known privacy/cybersecurity advocate.
Alex Stamos (AS): “Thank you, Admiral. My name is Alex Stamos, I’m the CISO for Yahoo!. … So it sounds like you agree with Director Comey that we should be building defects into the encryption in our products so that the US government can decrypt…
Mike Rogers (MR): That would be your characterization. [laughing]
AS: No, I think Bruce Schneier and Ed Felton and all of the best public cryptographers in the world would agree that you can’t really build backdoors in crypto. That it’s like drilling a hole in the windshield.
MR: I’ve got a lot of world-class cryptographers at the National Security Agency.
AS: I’ve talked to some of those folks and some of them agree too, but…
MR: Oh, we agree that we don’t accept each others’ premise. [laughing]
AS: We’ll agree to disagree on that. So, if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?
MR: So, I’m not gonna… I mean, the way you framed the question isn’t designed to elicit a response.
AS: Well, do you believe we should build backdoors for other countries?
MR: My position is — hey look, I think that we’re lying that this isn’t technically feasible. Now, it needs to be done within a framework. I’m the first to acknowledge that. You don’t want the FBI and you don’t want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn’t be for us. I just believe that this is achievable. We’ll have to work our way through it. And I’m the first to acknowledge there are international implications. I think we can work our way through this.
AS: So you do believe then, that we should build those for other countries if they pass laws?
MR: I think we can work our way through this.
AS: I’m sure the Chinese and Russians are going to have the same opinion.
MR: I said I think we can work through this.
AS: Okay, nice to meet you. Thanks.
[laughter]
MR: Thank you for asking the question. I mean, there are going to be some areas where we’re going to have different perspectives. That doesn’t bother me at all. One of the reasons why, quite frankly, I believe in doing things like this is that when I do that, I say, “Look, there are no restrictions on questions. You can ask me anything.” Because we have got to be willing as a nation to have a dialogue. This simplistic characterization of one-side-is-good and one-side-is-bad is a terrible place for us to be as a nation. We have got to come to grips with some really hard, fundamental questions. I’m watching risk and threat do this, while trust has done that. No matter what your view on the issue is, or issues, my only counter would be that that’s a terrible place for us to be as a country. We’ve got to figure out how we’re going to change that.
[Moderator Jim Sciutto]: For the less technologically knowledgeable, which would describe only me in this room today, just so we’re clear: You’re saying it’s your position that in encryption programs, there should be a backdoor to allow, within a legal framework approved by the Congress or some civilian body, the ability to go in a backdoor?
MR: So “backdoor” is not the context I would use. When I hear the phrase “backdoor,” I think, “well, this is kind of shady. Why would you want to go in the backdoor? It would be very public.” Again, my view is: We can create a legal framework for how we do this. It isn’t something we have to hide, per se. You don’t want us unilaterally making that decision, but I think we can do this.
Former FBI Director Defends Metadata Collection
The current practices of the Foreign Intelligence Surveillance Act court are effective and don’t need to be changed, according to former FBI director Robert Mueller.
“Yes, it’s worthwhile. Metadata of telephone companies is terribly helpful,” Mueller said, speaking Tuesday morning at an American Bar Association breakfast held at the the University Club in Washington, D.C.
Mueller cited the example of the Boston Marathon bombing as evidence that bulk collection is important, saying that analysis of metadata was able to rule out potential associates of the Tsarnaev brothers. “They had additional IEDs [Improvised Explosive Devices],” Mueller said, adding that bulk collection helped prevent a second attack.
Metadata collection, he said, “is tremendously helpful in identifying contacts.”
The FISA court’s bulk metadata collection program has come under intense scrutiny in light of disclosures made by former National Security Agency contractor Edward Snowden. Congress now has until the end of May to decide whether to reauthorize Section 215 of the Patriot Act, which allows the bulk collection program.
Legislators are working on the language for a reauthorization bill, according to Mueller. “They’re tweaking it, trying to accommodate additional concerns, like privacy,” he said.
Mueller also defended current procedures, which have been criticized for not allowing those subject to surveillance to argue in front of the FISA court. “I’m not sure you need to change what’s been in effect,” he said.
Mueller also didn’t mince words when asked about a possible plea deal for Snowden.
“He’s indicted,” Mueller said of Snowden. “He should come back and face the music.”
Lawmaker Who Said Snowden Committed Treason, Now On The Other Side Of Metadata Surveillance
Rep. Aaron Schock is frequently referred to as a “rising star” in Congress, but this week, the Associated Press reported on a scandal involving Schock and his use of taxpayer and campaign funds for things like flights on private jets (owned by key donors) and a Katy Perry concert. Frankly, I think some of the “scandal” here is a bit overblown. But what struck me is part of how the AP tracked these details about Schock down:
The AP tracked Schock’s reliance on the aircraft partly through the congressman’s penchant for uploading pictures and videos of himself to his Instagram account. The AP extracted location data associated with each image then correlated it with flight records showing airport stopovers and expenses later billed for air travel against Schock’s office and campaign records.
In short, the metadata brought Schock down. Of course, as we’ve been describing, anyone who says that we shouldn’t be concerned about the NSA’s surveillance of metadata, or brushes it away as “just metadata,” doesn’t understand how powerful metadata can be. As former NSA/CIA boss Michael Hayden has said, the government kills people based on metadata.
But it does seem noteworthy that Schock was one of those who claimed that Ed Snowden’s leaking of how the NSA collected metadata on nearly everyone amounted to treason. I wonder if he still feels that way…
Leaky battery attack reveals the paths you walk in life
Here’s another one that shows how seemingly anonymous data is never truly anonymous:
More than 100 mobile apps leak users’ location regardless of whether they opt to keep the information private, according to researchers.
Power consumption data is the source of the leaks, which make it possible to determine users’ whereabouts with 90 percent accuracy.
A quartet from Stanford University and Israeli defence contractor Rafael developed an app called PowerSpy to demonstrate the leak.
“Modern mobile platforms like Android enable applications to read aggregate power usage on the phone … We show that by simply reading the phone’s aggregate power consumption over a period of a few minutes an application can learn information about the user’s location,” the team wrote in the paper PowerSpy: Location Tracking using Mobile Device Power Analysis (PDF).
“Aggregate phone power consumption data is extremely noisy due to the multitude of components and applications simultaneously consuming power.
“Nevertheless, we show that by using machine learning techniques, the phone’s location can be inferred.”
Power consumption increases the further a user is from a base station and the more objects are in the line of sight between the two.
If an attacker has a general idea where their target is they can track them by plotting these variations, the boffins say.