emptywheel

Tuesday Morning: Brittle, Two

Published May 3, 2016 | By Rayne

Yesterday I talked about the shift toward mobile computing centered on smartphones, moving from PCs. Behind that transition, out of sight of the public, is the cloud which supports this shift. Content and applications are increasingly stored not on the user’s device but in a server (read: data farm) accessed over the internet.

One manifestation of the shift is the largest technology merger ever — computer manufacturer Dell‘s $70B acquisition of storage company EMC. Dell’s PC sales have been slowly falling over the last handful of years, not unexpected due to the maturity of the market and the shift to mobile devices. Servers have been a large part of Dell’s profits for years, but many opportunities often ended up with competitor EMC when Dell quoted storage. Mobile users need much more remote computing and storage — servers and storage in the cloud — which EMC’s storage area network (SAN) products provide. This made EMC an appetizing fit to augment Dell’s server offerings while offsetting the slowly fading desktop computer sales.

With the acquisition, Dell Technology (the new name for the merged companies) now competes more squarely against Hewlett-Packard, which also sells both desktop computers and enterprise storage.

HP, however, split into two companies late last year. One manufactures desktop and other smaller computing devices (HP), the other sells servers and storage products (HP Enterprise Business). One might wonder if HP was preparing to spin off the portion of the business that makes PCs just as its competitor IBM did in 2005 when it spun off its PC division to Chinese manufacturer Lenovo.

Media will say with the EMC acquisition that Dell is positioned for better end-to-end service — but with so much computing now done on smartphones, this is not true. Dell and its competitor HP are only offering up to the smartphone.

Speaking of smartphones…

Suspect ordered to open Apple iPhone with Touch ID
29-year-old Paystar Bkhchadzhyan, a small-time crook charged with identity theft, was ordered by U.S. Magistrate Judge Alicia Rosenberg to swipe an iPhone seized from her boyfriend’s apartment in order to unlock it.

It’s not clear whether the iPhone has been identified as belonging to Bkhchadzhyan based on multiple reports, only that she may have “control over” the device. Nor is it clear — since she has already pleaded no contest to the charge against her — if the iPhone’s contents will be used against her, or against her boyfriend.

It’s also not clear why law enforcement hasn’t used the “gummy bear technique” to open the phone, which would not force Bkhchadzhyan to lift a finger but instead use fingerprints already provided as evidence, bypassing any question of Fifth Amendment violations. Is this simple technique too much effort or too complicated for today’s police force?

DISH TV techs to offer Apple iPhone repair service
Not authorized by Apple, mind you, but DISH TV will offer new service to their customers who use iPhones, including battery and screen replacements. The company anticipates offering the same limited repair services to Android users in the near future. This says something about the transition of content consumption from TV to mobile devices, and the use of mobile devices as TV and content controllers.

LuxLeakers in court this week – Luxembourg’s version of Panama Papers
Antoine Deltour and Raphael Halet, former PricewaterhouseCoopers’ employees, appear in court this week on charges they stole and leaked documents on many of PwC’s corporate clients — Accenture, Burberry, Icap, Ikea, Walt Disney Co., Heinz, JP Morgan, FedEx, Microsoft Corp.’s Skype, PepsiCo Inc., Procter & Gamble, Shire Pharmaceuticals to name a few. The documents outline the tax avoidance/evasion strategies employed by these firms with PwC’s assistance and Luxembourg’s implicit or tacit approval. This case should have as much impact as the Panama Papers as the corporations involved are quite large and the Luxembourg government is implicated.

Australia: Your human rights abuses suck, but we Americans have no room to talk
If you don’t watch Australian politics, you should. Aussies have forced approximate 900 refugees to remain indefinitely on Manus Island of Papua New Guinea and the island country of Nauru, which are little more than rocks in the middle of the ocean with penal colonies masquerading as a refugee ‘welcome centers.’ The conditions have been wretched — and they must be if an outlet like Foreign Policy calls Australia’s practice ‘intolerable cruelty.’ Their captivity is now illegal according to PNG’s court, but the refugees are left without recourse. Two refugees have immolated themselves within the last week out of desperation. But Americans have not demanded Australia take the refugees because it would mean having to take some refugees here, too. Oh, and Gitmo — can’t point to island-based human holding pens without allowing other countries to point to Gitmo. Or our immigration detention and deportation processes.

That last bit — both of the immolated refugees were not offered immediate health care — is so disgusting and disheartening I can’t come up with anything more to write. Hope for a better day tomorrow, see you in the morning.

Posted in Culture, Cybersecurity | Tagged 2016 AM roundup, Apple, Australia, Dell, DISH TV, EMC, HP, iPhone, Luxembourg, LuxLeaks, Nauru, PricewaterhouseCooper, refugees, Touch ID | 6 Comments

The Theory of Business Enterprise Part 3: Business Principles

Published May 2, 2016 | By Ed Walker

Panel of Maggie and Jiggs comic strip, undated.

By principles, Veblen means the overarching habits of mind that enable one to participate effectively in a society or a subset of society. Before the machine age, the age of the industrial process, people thought about themselves and the world around them in terms of “…the principles of (primitive) blood relationship, clan solidarity, paternal descent, Levitical cleanness, divine guidance, allegiance, nationality”. Veblen thinks these principles are in decline as of 1904, replaced by habits of mind of thinking in terms of cause and effect, a scientific habit of mind, because that is what a machine culture needs. These habits relate to the pecuniary nature of the machine age. And the basis for the pecuniary culture is the ownership of property, which is the only one of the primitive standards to survive into the machine age. It not only survives, it becomes the dominant principle of the machine age. Every transaction, it seems, is settled with a payment of money.

Veblen says that the theory of property as used in the machine age comes from John Locke. Before Locke, the general theory was that the Deity gave dominion over the earth to humans, and specifically the King, who in the name of the Deity gave control over land and the things in it to those he desired, who in turn gave it to others. Locke offers a different view, which Veblen describes this way; the quotes are from Locke’s Second Treatise on Government.:

This modern European, common-sense theory says that ownership is a “Natural Right.” What a man has made, whatsoever “he hath mixed his labor with,” that he has thereby made his property. It is his to do with it as he will. He has extended to the object of his labor that discretionary control which in the nature of things he of right exercises over the motions of his own person. It is his in the nature of things by virtue of his having made it. “Thus labor, in the beginning, gave a right of property.” The personal force, the functional efficiency of the workman shaping material facts to human use, is in this doctrine accepted as the definitive, axiomatic ground of ownership; behind this the argument does not penetrate, except it be to trace the workman’s creative efficiency back to its ulterior source in the creative efficiency of the Deity, the “Great Artificer.”

I had never read any of Locke’s works, so I took a look at the Second Treatise. Here’s the original, and here’s a translated version that is somewhat easier to grasp. As I read Chapter 5, Veblen seems to be accurate. There is a lot of scholarly material attempting to understand and apply Locke’s ideas; here’s an example. For those interested in a polemical current view of Locke (and who isn’t?), here’s a fascinating essay by John Quiggan in Jacobin, Locke Against Freedom. Quiggan says that David Hume offered a rejoinder to this view:

As Hume objected, “there is no property in durable objects, such as lands or houses, when carefully examined in passing from hand to hand, but must, in some period, have been founded on fraud and injustice.”

Veblen agrees with Hume:

It became a principle of the natural order of things that free labor is the original source of wealth and the basis of ownership. In point of historical fact, no doubt, such was not the pedigree of modern industry or modern ownership; but the serene, undoubting assumption of Locke and his generation only stands out the more strongly and unequivocally for this its discrepancy with fact.

He thinks that Locke’s general idea came from a time when most useful work was done by small artisans like cobblers and blacksmiths, and farmers. He traces it on to the needs of merchants, and into his time. Veblen saw that while that this idea might work in earlier times, it’s application was not suited to the machine age. Still it was the dominant theory.

Veblen describes two other business principles. The first is the stability of money values, which at the time stood on the stability of the price of gold and to a much lesser extent, of silver. It was an assumption of businessmen, but not of economists, says Veblen. The second is a regular rate of profit. This enabled businessmen to capitalize their plant and equipment and their industrial processes, so that value turned on the capitalization rather than output, livelihood of the owner, or serviceability of products.

Veblen’s discussion of Locke is strikingly contemporary. Locke’s theory of ownership by reason of work done certainly doesn’t seem like a useful principle to me. Suppose a person sets up a factory, buys raw materials and machines, and hires some people to work for him. Who exactly is mixing labor with goods so as to “own” the resulting product? Or, consider a scientist working in a lab on identifying anti-virals for the Zika virus. The project will require the current work of thousands of people, and past work of uncounted numbers. Who exactly do we identify as the owner of the finished protocols and the final results? Whatever it is, it has little to do with the work done by those uncounted people. Ownership is divorced completely from substantially all of the workers who created the new solutions.

On the other hand, those old ideas that Veblen dismissed so casually never died. I don’t think many ideas ever die, but the ties of kinship, nation, and the Church are especially hardy. Even the idea of Levitical cleanness remains, as we can see in the unending efforts to control the lives and health of women, not just here, but around the world. There are even theoretical frameworks in which such principles have an important place, such as Moral Foundations Theory, discussed here:

We propose a simple hypothesis: Political liberals construct their moral systems primarily upon two psychological foundations—Harm/care and Fairness/reciprocity—whereas political conservatives construct moral systems more evenly upon five psychological foundations—the same ones as liberals, plus Ingroup/loyalty, Authority/respect, and Purity/sanctity.

In the US the rise of the anti-Enlightenment right wing and its sponsors forces us to question whether the scientific mind continues to be a form of self-governance and of shared cultural values. And, of course, Natural Law lives on in the jurisprudence of Clarence Thomas, at least according to an astonishing article in the Regent University Law Review which I couldn’t make myself read because the sections I did read were appalling, google it if you have to know.

Locke’s ideas generally are associated with the Founding Fathers. No doubt his positions on slavery and expropriating the lands of Native Americans, and his idea that ownership of private property free of governmental interference is a crucial element of freedom, were congenial to their personal desires and philosophical positions. We may need to think about property more closely, as we have done with the other two.

Posted in Economics | Tagged Locke, ownership, property, The Theory of Business Organizations, Veblen | 5 Comments

2015 I Con the Record Transparency™ Working Thread

Published May 2, 2016 | By emptywheel

ODNI has released the Transparency Report and DOJ has released the FISA Report for 2015. The former is the first that falls under USA Freedom Act expanded reporting requirements, so I’m going to do a very detailed report on it. Here are the ODNI and DOJ equivalent reports from last year and my post on both from last year.

The big news here is a 200% plus increase, either in the reporting or the actual back door searches of US person data collected under Section 702. And remember, this doesn’t include the FBI at all.

Preamble

(2 fn 3) ODNI admits that AOUSC counts each certificate under 702 as an order, whereas ODNI counts all the certificates as one order, so ODNI makes AOUSC redact its more accurate number.

(2) The report confirms something not everyone understood before: the report counts renewals (so an order that gets renewed 4 times a year will be counted 4 times) but not modifications.

(2) ODNI here admits that selector can be a much bigger number than target — I suspect maybe a hundred times bigger (because even for Google one target will have up to 45 selectors).

Within the IC, the term “target” has multiple meanings. With respect to the statistics provided in this report, the term “target” is defined as the individual person, group, entity comprised of multiple individuals, or foreign power that uses the selector, such as a telephone number or email address. If a target were known to use four different selectors, the IC would count one target, not four.

(2) ODNI is using the timing of the implementation of USAF to not report on how the new phone dragnet works.

Title V of FISA. The IC implemented the USA FREEDOM Act’s Title V provisions on November 30, 2015, resulting in one additional month’s worth of data for calendar year 2015. Because statistical information tied to a particular FISA authority for a particular month remains classified, Title V data specifically associated with December 2015 – i.e., the information required under Section 603 (b)(4)(A) and (B) and 603 (b)(5)(A), (B) and (C) – is included only in the classified annex to this report that has been provided to Congress.

Here’s all the reporting that we don’t get this year as a result (though we appear to get the top-line for 4 and 5 — see page 8 below):

(4) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of– [This is traditional 215 orders]

(A) the number of targets of such orders; and

(B) the number of unique identifiers used to communicate information collected pursuant to such orders;

(5) the total number of orders issued pursuant to applications made under section 501(b)(2)(C) and a good faith estimate of– [This is new style phone dragnet orders]

(A) the number of targets of such orders;

(B) the number of unique identifiers used to communicate information collected pursuant to such orders; and

(C) the number of search terms that included information concerning a United States person that were used to query any database of call detail records obtained through the use of such orders;

(3) ODNI used a definition for US person that is not the one used in USAF (in that it includes incorporated and non-incorporated US persons). At one level, this should provide a more realistic number, as it might include additional targets. At another level, it could very easily hide bulky collection, both by not counting (for example) a targeted mosque or US run chat room, or for non-communications signifiers, hide that a US corporation was used as part of a selector term.

(3) As a reminder, the unique identifiers used for 215 and PRTT collection does not include non-communications identifiers (say, bank accounts) or pings (say, stingray collection). It probably also doesn’t include data flow collections.

Targeted FISA

(4/DOJ 1-2) In 2015, the government got 1,585 targeted FISA orders targeting 1,695. That’s based off 1,499 applications, of which 1,497 were for electronic surveillance only.

One of those applications was withdrawn after submission stage (which is tantamount to a denial). In addition, DOJ included a footnote reminding that they don’t include pre-final submissions withdrawn to be withdrawn, which suggests the number of what would normally count as rejections might be significant this year.

Those numbers compare with 1,519 orders affecting 1,562 targets, based off 1,416 applications, of which 1,379 were for electronic surveillance only.

So the total number of orders has gone up 4%, the number of persons affected as gone up 8.5%, and the number of applications has gone up almost 6%.

The really alarming change is in modifications. Last year, there were 19 modifications to proposed orders (1.3% of all applications); this year there were 80 modifications (5.3% of all applications).

Section 702

(5) Last year there were 94,368 targets of 702 surveillance, up from 92,707 last year, which is less than a 2% increase. But remember, for each of these targets, NSA may have a hundred or so selectors.

This is the first year I Con the Record has to report back door searches (though FBI is excluded from this reporting). Last year, there were 4,672 back door searches of US person content. In 2013, there were 198 NSA US person identifiers whitelisted, some of which will get searched more than once; there were 1,900 CIA content back door searches, representing 1,400 unique identifiers (see pages 57-58). While these numbers are not exact, that suggests there was a 223% increase in back door searches of Americans by these two “foreign” intelligence agencies. There were 9,500 NSA US person metadata queries in 2013, and CIA didn’t count them. There were 23,800 metadata searches, with one IC element not being able to provide this information. That probably means CIA was not able to, which means there may have been a 250% increase in NSA back door searches of metadata. [Update: here’s the James Clapper certification indicating that one IC agency couldn’t count this number.]

(6) NSA discretionarily reports that NSA released 4,280 reports based on 702 including US person information, of which the information was unmasked upon release in 1,122 cases and got unmasked on request in 654 cases. (Note, given the number of 702 reports they issue, this is actually impressive, but since they don’t tell us how big that number is, they don’t get the PR value of it.)

PRTT

(7) The number of PRTT orders was down last year, from 135 orders affecting 516 targets in 2014 to 90 orders affecting 456 targets in 2015. 134,987 unique identifiers were used to communicate information in those PRTT orders, but that number doesn’t include:

FBI orders that don’t include email addresses or phone numbers (that is, this doesn’t include Stingray use or data flow, among other usages)
Data turned over in hard copy or portable media (only those turning over such information electronically gets counted)

Section 215

(8/DOJ 2) Because of the transition period, the 215 numbers may be a mess (see page 2 above).

There were 142 215 applications approved last year, as compared to 170 in 2014.

There were 134 specific targets of 215 orders as compared to 160 last year (in both cases it appears all but 6% of the orders are individualized, and the discrepancy may have had to do with the timing of the year, and this may not include December at all).

There were 56 RAS approved selectors last year, as compared to 161 in 2014. These numbers are probably the same (in which case far fewer selectors are being RAS approved), but it’s possible last year’s numbers don’t include those who, by virtue of having a traditional FISA order, automatically get treated as RAS-approved. I will try to clarify this.

There were 183 US person queried identifiers last year, as compared with 227 in 2014 (this partly reflects the automatic approval of those with FISA orders). But the number for last year definitely doesn’t include phone dragnet queries in December (so compare the 183 to 208, which is what 11 months of last year’s number would be).

The DOJ report notes that,

One application made by the Government after the effective data of the business records provisions of the USA FREEDOM Act did not specifically identify an individual, account, or personal device as the specific selection term.

The footnote explains that there’s a discrepancy between the reporting requirement, which is limited to individual, account, or personal devices, and the definition of specific selection term, which also includes “address” and anything else they can get the FISC to approve. Perhaps this is just about targeting an address, or perhaps this is a bulk or bulky collection (in any case, 215 can be very bulky on its own). That’s a problem with the transparency guidelines.

There’s also one more problem. The 2015 702 reauthorization opinion revealed that in summer of last year, a PRTT used a novel interpretation of specific selection term, which FISC might have otherwise gotten an amicus for. They didn’t because by the time they considered doing so, the emergency PRTT was done. But that may mean that novel interpretation of specific selection term will never get amicus review, because it will no longer be novel.

NSLs

(9/DOJ 3) Keep in mind that the NSL numbers aren’t exactly apples to oranges, because this year adds subscriber numbers. But this is what the comparison looks like. (I will update this once I figure out why the Total NSL numbers don’t add up, which presumably has to do with how they request for subscriber information.)

The key takeaway here is that while a lot more of the requests affect non-US persons, there were more US persons affected by non-subscriber requests than foreigners (though this sort of makes sense, as they’d be issued for US providers which would disproportionately affect US persons).

Posted in FISA | Leave a comment

Monday Morning: Brittle

Published May 2, 2016 | By Rayne

The Emperor’s Palace was the most splendid in the world, all made of priceless porcelain, but so brittle and delicate that you had to take great care how you touched it. …

— excerpt, The Nightingale from The Yellow Fair Book by Andrew Lang

Last week I’d observed that Apple’s stock value had fallen by ~7% after its financial report was released. The conventional wisdom is that the devaluation was driven by Apple’s first under-performing quarter of iPhone sales, indicating weaker demand for iPhones going forward. Commenter Ian remarked that Apple’s business model is “brittle.” This perspective ignores the meltdown across the entire stock global market caused by China’s currency devaluation, disproportionately impacting China’s consumption habits. It also ignores great untapped or under-served markets across other continents yet to be developed.

But more importantly, this “wisdom” misses a much bigger story, which chip and PC manufacturers have also reflected in their sales. The video above, now already two years old, explains very neatly that we have fully turned a corner on devices: our smartphones are and have been replacing our desktops.

Granted, most folks don’t go through the hassle of purchasing HDMI+USB connectors to attach larger displays along with keyboards. They continue to work on their phones as much as possible, passing content to and from cloud storage when they need to work from a keyboard attached to a PC. But as desktops and their attached monitors age, they are replaced in a way that supports smartphones as our main computing devices — flatscreen monitors, USB keyboards and mice, more powerful small-footprint external storage.

And ever increasing software-as-a-service (SaaS) combined with cloud storage.

Apple’s business model isn’t and hasn’t been just iPhones. Not since the debut of the iPod in October 2001 has Apple’s business model been solely focused on devices and the operating system required to drive them. Heck, not since the debut of iTunes in January 2001 has that been true.

Is there a finite limit to iPhones’ market? Yeah. Same for competing Android-driven devices. But is Apple’s business just iPhones? Not if iTunes — a SaaS application — is an indicator. As of 2014, there were ~66 million iPhones in the U.S., compared to ~800 million iTunes users. And Apple’s current SaaS offerings have exploded over time; the Apple store offers millions of apps created by more than nine million registered developers.

At least nine million registered developers. That number alone should tell you something about the real business model.

iPhones are a delivery mechanism, as are Android-based phones. The video embedded above shows just how powerful Android mobile devices can be, and the shift long underway is not based on Apple’s platform alone. If any business model is brittle right now, it’s desktop computing and any software businesses that rely solely on desktops. How does that change your worldview about the economy and cybersecurity? Did anyone even notice how little news was generated about the FBI accessing the San Bernardino shooter’s PCs? Was that simply because of the locked Apple iOS account, or was it in part because the case mirrored society’s shift to computing and communications on mobile devices?

File under ‘Stupid Michigan Legislators‘: Life sentences for automotive hackers?
Hey. Maybe you jackasses in Michigan’s state senate ought to deal with the permanent poisoning of nearly 8000 children in Flint before doing something really stupid like making one specific kind of hacking a felony worthy of a life sentence. And maybe you ought to do a little more homework on hacking — it’s incredibly stupid to charge a criminal with a life sentence for a crime as simple as entry permitted by wide-open unlocked doors. Are we going to allocate state money to chase hackers who may not even be in this country? Are we going to pony up funds for social media monitoring to catch hackers talking about breaching wide-open cars? Will this law deter citizen white hats who identify automakers’ vulnerabilities? File this mess, too, under ‘Idiotic Wastes of Taxpayers’ Money Along with Bathroom Legislation by Bigots‘. This kind of stuff makes me wonder why any smart people still live in this state.

File this, too, under ‘Stupid Michigan Legislators‘: Lansing Board of Water and Light hit by ransomware
Guess where the first ransomware attack on a U.S. utility happened? Do I need to spell it out how ridiculous it looks for the electric and water utility for the state’s capitol city to be attacked by ransomware while the state’s legislature is worrying about who’s using the right bathroom? Maybe you jackasses in Lansing ought to look at funding assessment and security improvements for ALL the state’s utilities, including both water safety and electricity continuity.

Venezuela changes clocks to reduce electricity consumption
Drought-stricken Venezuela already reduced its work week a month ago to reduce electricity demand. Now the country has bumped its clocks forward by 30 minutes to make more use of cooler early hour during daylight. The country has also instituted rolling blackouts to cutback on electricity. Cue the right-wing pundits claiming socialism has failed — except that socialism has absolutely nothing to do with a lack of rainfall to fill reservoirs.

Coca Cola suing for water as India’s drought deepens
This is a strong piece, worth a read: Whose Water Is It Anyway?

After a long battle, the UN declared in 2010 that clean water was a fundamental right of all citizens. Easier said than done. The essential, alarming question has become, ‘Who does the groundwater belong to?’ Coca Cola is still fighting a case in Kerala where the farmers rebelled against them for using groundwater for their bottling plants. The paddy fields for miles around dried up as water for Coke or the company’s branded bottled water was extracted and transported to richer urban consumers.

Who did that groundwater belong to? Who do our rivers belong to? To the rich and powerful who can afford the resources to draw water in huge quantities for their industries. Or pollute the rivers with effluent from their industries. Or transport water over huge distances at huge expense to turn it into profit in urban areas.

Justus Rosenberg: One of Hannah Arendt’s rescuers
Ed Walker brought this piece to my attention, a profile of 95-year-old Justus Rosenberg featured in this weekend’s New York Times. I love the last two grafs especially; Miriam Davenport characterized Rosenberg as “a nice, intelligent youngster with no family, no money, no influence, no hope, no fascinating past,” yet he was among those who “…were a symbol of sorts, to me, in those days […] Everyone was moving Heaven and earth to save famous men, anti-fascist intellectuals, etc.” Rosenberg was a superhero without a cape.

That’s our week started. See you tomorrow morning!

See you tomorrow morning!

Posted in Culture, Cybersecurity | Tagged 2016 AM roundup, Android, Apple, drought, hacking, India, Lansing BWL, Michigan, Michigan State Senate, ransomware, software as a service, Venezuela | 13 Comments

The (Former) Riyadh Station Chief Defends His Saudi Friends from Charges of Terrorism

Published May 2, 2016 | By emptywheel

On Sunday, former CIA Riyadh Station Chief John Brennan had a remarkable appearance on Meet the Press. A big part of it — the second to last thing he and Chuck Todd discussed — was Brennan’s argument against the release of the 28 pages (“so-called,” Brennan calls them) showing that 9/11 was facilitated by at least one Saudi operative.

Brennan opposes their release in three ways. First, he falsely suggested that the 9/11 Commission investigated all the leads implicating the Saudis (and also pretends the “so-called 28 pages” got withheld for sources and methods and not to protect our buddies).

JOHN BRENNAN:

Those so-called 28 pages, one chapter in this joint inquiry that was put out in December of 2002, was addressing some of the preliminary findings and information that was gathered by this joint commission within the Congress. And this chapter was kept out because of concerns about sensitive source of methods, investigative actions. The investigation of 9/11 was still underway in late 2002.

I’m quite puzzled by Senator Graham and others because what that joint inquiry did was to tee up issues that were followed up on by the 9/11 Commission, as well as the 9/11 Review Commission. So these were thoroughly investigated and reviewed. It was a preliminary review that put information in there that was not corroborated, not vetted and not deemed to be accurate.

The 9/11 Commission didn’t even look at NSA for intercepts Thomas Drake has said were there. Nor did it adequately investigate what now appears to be a Sarasota cell. How can Brennan claim the Commission investigated all these leads?

Brennan then slightly misstates how absolute was the 9/11 Commission judgement on Saudi involvement, such as it was.

CHUCK TODD:

The information in those 28 pages, you think, are inaccurate information? Everything that’s in there is false?

JOHN BRENNAN:

No, I think there’s a combination of things that is accurate and inaccurate. And I think the 9/11 Commission took that joint inquiry, and those 28 pages or so, and followed through on the investigation. And they came out with a very clear judgment that there was no evidence that indicated that the Saudi government as an institution, or Saudi officials individually, had provided financial support to Al Qaeda.

The 9/11 Commission report judged,

It does not appear that any government other than the Taliban financially supported al Qaeda before 9/11, although some government’s may have contained al Qaeda sympathizers who turned a blind eye to al Qaeda’s fundraising activities. Saudi Arabia has long been considered the primary source of al Qaeda funding, but we have found no evidence that the Saudi government as an institution or senior Saudi officials individually funded the organization. (This conclusion does not exclude the likelihood that charities with significant Saudi government sponsorship diverted funds to al Qaeda.)

That is, Brennan’s comment overstates whether any Saudi officials funded the attack, which the 9/11 Commission did not comment on (and the key paragraphs in underlying documents also remain classified).

Ultimately, though, the (former) Riyadh Station Chief argues it would be “very, very inaccurate” if anyone were to suggest the Saudis were involved in 9/11.

CHUCK TODD:

Are you concerned that the release of those pages will unfairly put the relationship in a damaged position?

JOHN BRENNAN:

I think some people may seize upon that uncorroborated, un-vetted information that was in there, that was basically just a collation of this information that came out of F.B.I. files, and to point to Saudi involvement, which I think would be very, very inaccurate.

Remember, for at least 8 years after 9/11 (including in the 9/11 report), it was the judgement of the intelligence community that Saudis were still the biggest funders for Al Qaeda. But the (former) Riyadh Station Chief argues it would be very, very inaccurate to suggest any Saudi involvement in the attack.

The whole thing was pathetic enough — Meet the Press propaganda worthy of Dick Cheney’s best exploitation of the form.

But it is all the more remarkable, coming as it did, after Brennan transitioned seamlessly from a victory lap about killing Osama bin Laden to “this new phenomenon of ISIL.”

CHUCK TODD:

You know, five years ago, I remember going to the White House and hearing cheers, hearing people gather in the streets of Washington, and it was happening in other cities. And there was a sense of relief. It was like this moment of, “Wow. Is this the end? Have we won whatever this was we were fighting, this war with Al Qaeda? Have we won?” Boy, it doesn’t feel that way five years later.

JOHN BRENNAN:

I remember that same evening. When I left that White House about midnight, it was as bright as day outside, and the chants of “U.S.A., U.S.A,” and, “C.I.A., C.I.A.” It was the culmination of a lot of very hard work by some very good people at C.I.A. and other agencies. And we have destroyed a large part of Al Qaeda. It is not completely eliminated, so we have to stay focused on what it can do. But now, with this new phenomenon of ISIL, this is going to continue to challenge us in the counterterrorism community for years to come.

I noted on Twitter during CIA’s propagandistic Twitter reenactment of their version of the bin Laden killing that, five years later, we’re still fighting the war against bin Laden. But Brennan wants you to forget that war, and pretend it’s all just ISIL.

Continue reading →

Posted in Terrorism | Tagged Bob Graham, John Brennan | 10 Comments

Recent Discussions of Neoliberalism

Published April 29, 2016 | By Ed Walker

People seem to have trouble defining neoliberalism adequately, and especially when it comes to labeling Hillary Clinton as a neoliberal. In a recent article at Jacobin Corey Robins gives a short history of the neoliberal version of the Democratic Party, specifically aimed at the Clinton/DLC/Third Way. Billmon discussed this article in this storify piece, in which he describes three current factions in the practice of neoliberalism, There is the Neo-Keynesian version, as with Krugman; the Monetarist version, that of Milton Friedman and his many followers;, and the Supply Side version, like Paul Ryan and his economic advisors. Each of the factions has attached itself to a political ideology. Both of these pieces should be read by anyone seeking to clarify their thinking about neoliberalism.

Underlying all of them is the broader program described by Michel Foucault, which turns in large part on the notion of governmentality, a point made by Mike Konzcal in this review of Philip Mirowski’s Never Let a Serious Crisis Go to Waste. After I read that book, I wrote several pieces at FDL trying to comprehend the idea of governmentality and make it comprehensible. Here are links to several of those posts.

1. How We Govern Our Selves and Ourselves.

2. The Panoptic Effect.

3. Discipline for the Benefit of the Rich.

4. Control of Markets in Foucault’s The Birth of Biopolitics.

5. Liberalism and the Neoliberal Reaction.

The idea of governability is present in the texts I’ve been looking at. In Polanyi, we saw the transformation of the farm-dwelling peasant into the city-dwelling factory worker. Arendt touches on it with her discussion of people who cannot find a place in the productive sector of society, the superfluous people. Veblen writes about the enormous productivity of machine culture, and the changes it demanded of the worker, about which more later. The great problem is that machine culture required a tremendous amount of self-discipline from the workers to make factories function. The principal institutions of society were remade to enforce that self-discipline, from the Army to the schools to the government. Other tools included prisons and mental institutions.

In one way or another, all of these writers on neoliberalism seem to agree that the goal of neoliberalism is to replace the notion of the self as reasonably free citizen, responsible for the self, the family, the community and the state, with the notion of the self as a buyer and seller engaged in zero-sum competition with all other buyer/sellers. We are consumers of any and all goods and services, and entrepreneurial sellers of the self seen as a bundle of skills on offer to the highest bidder. Each separate transaction, buying and selling, is an opportunity for judgment by the all-knowing market. If we are successful, it’s because we are winners. If we are losers, we are superfluous. It’s an even harsher transformation of the human being than the one from peasant to factory worker.

UPDATE: The excellent Paul Rosenberg discusses the rise of neoliberalism in the sense used by Robins in this Salon article.

Posted in Neoliberalism | Tagged Billmon, Core Robins, Michel Foucault, Mike Konczal, neoliberalism, Philip Mirowski | 24 Comments

Notorious “FOIA Terrorist” Jason Leopold “Saves” FBI Over $300,000

Published April 29, 2016 | By emptywheel

Last week, Jim Comey suggested the FBI paid more for the vulnerability that helped it break into Syen Rizwan Farook’s phone than he will be paid for the 7 years he’ll remain at FBI. The WSJ then did this math.

Speaking at the Aspen Security Forum in London, FBI Director James Comey didn’t cite a precise figure for how much the government paid for the solution to cracking the phone but said it was more than his salary for the seven-plus years remaining in his term at the FBI.

His annual salary is about $180,000 a year, so that comes to $1.26 million or more.

“[We] paid a lot’’ for the hacking tool, Mr. Comey said. “But it was worth it.’’

Over 600 outlets covered that story, claiming — without further confirmation — that FBI paid over $1 million for the hack, with many accounts settling on $1.3 million.

I noted at the time that 1) Jim Comey has a history of telling untruths when convenient and 2) he had an incentive to exaggerate the cost of this exploit, because it would pressure Congress to pass a bill, like the horrible Burr-Feinstein bill, that would force Apple and other providers to help law enforcement crack phones less expensively. I envisioned this kind of exchange at a Congressional hearing:

Credulous Congressperson: Wow. $1M. That’s a lot.

Comey: Yes, you’ll need to triple our budget or help me find a cheaper way.

Lonely sane Congressperson: But, uh, if we kill security won’t that be more expensive?

Comey: Let me tell you abt time I ran up some steps.

I then mused that, because Comey had officially acknowledged paying that kind of figure, it would make it a lot easier to FOIA the exact amount. By the time I tweeted that thought, of course, Jason Leopold had already submitted a FOIA for the amount.

Sure enough, the outcome I figured has already happened: without offering an explanation for the discrepancy, Mark Hosenball reported today that the figure was actually under $1 million, and FBI will be able to use it on other phones.

The FBI paid under $1 million for the technique used to unlock the iPhone used by one of the San Bernardino shooters – a figure smaller than the $1.3 million the agency’s chief initially indicated the hack cost, several U.S. government sources said on Thursday.

The Federal Bureau of Investigation will be able to use the technique to unlock other iPhone 5C models running iOS 9 – the specifications of the shooter’s phone – without additional payment to the contractor who provided it, these people added.

Just one FOIA submission later (and, probably, the calls of a bunch of outraged members of Congress wondering why FBI paid $1.3 million for a hack they claimed, in explaining why they would not submit the hack to the Vulnerabilities Equity Process that might require them to share it with Apple nine months after Apple patched it, they didn’t understand at all), and all of a sudden this hack is at least $300,000 less expensive (and I’m betting a lot more than that).

You see how effective a little aggressive FOIAing is at reining in waste, fraud, and abuse?

A pity it can’t reverse the impact of all those credulous reports repeating Comey’s claim.

Posted in Cybersecurity | Tagged Jim Comey, Syed Rezwan Farook | 8 Comments

Friday Morning [?!]: Chamber of Delights

Published April 29, 2016 | By Rayne

It’s Friday. FINALLY. And it’s jazz exploration day, too. Today we sample some chamber jazz, here with Meg Okura and the Pan Asian Chamber Ensemble.

It. Me. That is to say, of all genres, this one feels most like a part of myself. Here’s another chamber jazz favorite — Quarter Chicken Dark from The Goat Rodeo Sessions. And another — Model Trane, the first cut in this linked video by Turtle Island Quartet.

You can see and hear for yourself what makes chamber jazz different from other genres: chamber instruments used in classical music to perform jazz.

Whew, I needed this stuff. Hope you like it, too, though I know it’s not everybody’s cup of tea.

My morning was overbooked, only have time today for a few things that caught my eye.

Encryption and privacy issues

Go To Jail Indefinitely card for suspect who won’t unlock hard drives (Naked Security) — Seems odd this wasn’t the case the USDOJ used to force cracking of password-protected accounts on devices, given the circumstances surrounding a less-than-sympathetic defendant.

Amicus brief by ACLU and EFF for same case (pdf – Ars Technica)

Supreme Court ruling extends reach of FBI’s computer search under Rule 41 (Bloomberg) — Would be nice if the Email Privacy Act, now waiting for Senate approval, addressed this and limited law enforcement’s overreach.

Climate change and its secondary effects

India’s ongoing drought now affects 330 million citizens, thousands have died from heat and dehydration (Oneindia) — 330 million is slightly more people than the entire U.S. population. Imagine what could happen if even one or two percent of these affected fled the country as climate refugees.

Tiger poaching in India dramatically increased over last year (Phys.org) — Have to ask if financial stress caused by drought encouraged illegal killing of tigers, now that more tigers have been poached this year to date compared to all of last year. Are gains in tiger population now threatened by primary and secondary effects of climate change?

Though severe El Nino deepened by climate change causes record drought now, an equally deep La Nina could be ahead (Phys.org) — Which could mean dramatic rains and flooding in areas where plant growth has died off, leaving little protection from water runoff. Are any governments planning ahead even as they deal with drought?

Hope your weekend is pleasant — see you Monday morning!

Posted in Climate Change, Culture, Cybersecurity | Tagged 2016 AM roundup, climate refugees, computer search.India, drought, El Nino, encryption, La Nina, Rule 41, U.S. Supreme Court | 10 Comments

Rosemary Collyer’s Worst FISA Decision

Published April 29, 2016 | By emptywheel

In addition to adding former National Security Division head David Kris as an amicus (I’ll have more to say on this) the FISA Court announced this week that Rosemary Collyer will become presiding judge — to serve for four years — on May 19.

Collyer was the obvious choice, being the next-in-line judge from DC. But I fear she will be a crummy presiding judge, making the FISC worse than it already is.

Collyer has a history of rulings, sometimes legally dubious, backing secrecy and executive power, some of which include,

2011: Protecting redactions in the Torture OPR Report

2014: Ruling the mosaic theory did not yet make the phone dragnet illegal (in this case she chose to release her opinion)

2014: Erroneously freelance researching the Awlaki execution to justify throwing out his family’s wrongful death suit

2015: Serially helping the Administration hide drone details, even after remand from the DC Circuit

I actually think her mosaic theory opinion from 2014 is one of her (and FISC’s) less bad opinions of this ilk.

The FISC opinion I consider her most troubling, though, is not a FISC decision at all, but rather a ruling from last year in an EFF FOIA. Either Collyer let the government hide something that didn’t need hidden, or it has exploited EFF’s confusion to hide the fact that the Internet dragnet and the Upstream content programs are conducted by the same technical means, a fact that would likely greatly help EFF’s effort to show all Americans were unlawfully spied on in its Jewell suit.

Back in August 2013, EFF’s Nate Cardozo FOIAed information on the redacted opinion referred to in this footnote from John Bates’ October 3, 2011 opinion ruling that some of NSA’s upstream collected was illegal.

Here’s how Cardozo described his FOIA request (these documents are all attached as appendices to this declaration).

Accordingly, EFF hereby requests the following records:

1. The “separate order” or orders, as described in footnote 15 of the October 3 Opinion quoted above, in which the Foreign Intelligence Surveillance Court “address[ed] Section 1809(a) and related issues”; and,

2. The case, order, or opinion whose citation was redacted in footnote 15 of the October 3 Opinion and described as “concluding that Section 1809(a)(2) precluded the Court from approving the government’s proposed use of, among other things, certain data acquired by NSA without statutory authority through its ‘upstream collection.’”

Request 2 was the only thing at issue in Collyer’s ruling. By my read, it would ask for the entire opinion the citation to which was redacted, or at least identification of the case.

EFF, of course, is particularly interested in upstream collection because it’s at the core of their many years long lawsuit in Jewell. To get an opinion that ruled upstream collection constituted unlawful collection sure would help in EFF’s lawsuit.

In her opinion, Collyer made a point of defining “upstream” surveillance by linking to the 2012 John Bates opinion resolving the 2011 upstream issues (as well as to Wikipedia!), rather than to the footnote he used to describe it in his October 3, 2011 opinion.

The opinion in question, referred to here as the Section 1809 Opinion, held that 50 U.S.C. § 1809(a)(2) precluded the FISC from approving the Government’s proposed use of certain data acquired by the National Security Agency (NSA) without statutory authority through “Upstream” collection. 3

3 “Upstream” collection refers to the acquisition of Internet communications as they transit the “internet backbone,” i.e., principal data routes via internet cables and switches of U.S. internet service providers. See [Caption Redacted], 2012 WL 9189263, *1 (FISC Aug. 24, 2012); see also https://en.wikipedia.org/wiki/Upstream_collection (last visited Oct. 19, 2015); https://en.wikipedia.org/wiki/Internet_backbone (last visited Oct. 19, 2015).

As it was, Collyer paraphrased where upstream surveillance comes from as ISPs rather than telecoms, which was redacted in the opinion she cited. But by citing that and not Bates’ 2011 opinion, she excluded an entirely redacted sentence from the footnote Bates used to explain it, which in context may have described a little more about the underlying opinion.

Having thus laid out the case, Collyer deferred to NSA declarant David Sherman’s judgment — without conducting a review of the document — that releasing the document would reveal details about the implementation of upstream surveillance.

Specifically, the release of the redacted information would disclose sensitive operational details associated with NSA’s “Upstream” collection capability. While certain information regarding NSA’s “Upstream” collection capability has been declassified and publicly disclosed, certain other information regarding the capability remains currently and properly classified. The redacted information would reveal specific details regarding the application and implementation of the “Upstream” collection capability that have not been publicly disclosed. Revealing the specific means and methodology by which certain types of SIGINT collections are accomplished could allow adversaries to develop countermeasures to frustrate NSA’s collection of information crucial to national security. Disclosure of this information could reasonably be expected to cause exceptionally grave damage to the national security.

[snip]

With respect to the FISC opinion withheld in full, it is my judgment that any information in the [Section 1809 Opinion] is classified in the context of this case because it can reasonably be expected to reveal classified national security information concerning particular intelligence methods, given the nature of the document and the information that has already been released. . . . In these circumstances, the disclosure of even seemingly mundane portions of this FISC opinion would reveal particular instances in which the “Upstream” collection program was used and could reasonably be expected to encourage sophisticated adversaries to adopt countermeasures that may deprive the United States of critical intelligence. [my emphasis]

Collyer found NSA had properly withheld the document as classified information the release of which would cause “grave damage to national security.”

Continue reading →

Posted in FISA | Tagged EFF, Jefffrey White, John Bates, Rosemary Collyer, Thomas Hogan | 4 Comments

The Shell Game the Government Played During Yahoo’s Protect America Act Challenge

Published April 28, 2016 | By emptywheel

In his opinion finding Protect America Act constitutional, Judge Reggie Walton let his frustration with the way the government kept secretly changing the program at issue show.

For another, the government filed a classified appendix with the Court in December 2007, which contained the certifications and procedures underlying the directives, but the government then inexplicably modified and added to those certifications and procedures without appropriately informing the Court or supplementing the record in this matter until ordered to do so. These changes and missteps by the government have greatly delayed the resolution of its motion, and, among other things, required this Court to order additional briefing and consider additional statutory issues, such as whether the P AA authorizes the government to amend certifications after they are issued, and whether the government can rely on directives to Yahoo that were issued prior to the amendments.

The unsealed classified appendix released today (the earlier released documents are here) provides a lot more details on the shell game the government played during the Yahoo litigation, even with Walton. (It also shows how the government repeatedly asked the court to unseal documents so it could share them with Congressional Intelligence Committees or other providers it wanted to cooperate with PAA).

I mean, we expected the government to demand that Yahoo litigate blind, as it did in this February 26, 2008 brief arguing Yahoo shouldn’t be able to see any classified information as it tried to represent the interests of its American customers. (PDF 179)

In the approximately thirty years since the adoption of FISA, no court has held that disclosure of such documents is necessary to determine the legality of electronic surveillance and physical search. Similarly, there is of course a long history of ex parte and in camera proceedings before this Court. For almost three decades, this Court has determined, ex parte and in camera, the lawfulness of electronic surveillance and physical search under FISA. See 50 U.S.C. § 1805(a) (“the judge shall enter an ex parte order as requested or as modified approving the electronic surveillance” upon making certain findings); 50 U.S.C. § 1824(a) (same with respect to physical search).

Under the Protect America Act, then, the government has an unqualified right to have the Court review a classified submission ex parte and in camera which, of course, includes the unqualified right to keep that submission from being disclosed to any party in an adversarial proceeding before this Court.

But we shouldn’t expect a FISC judge presiding over a key constitutional challenge to have to beg to learn what he was really reviewing, as Walton had to do here. (PDF 159-160)

The Court is issuing this ex parte order to the Government requiring it to provide clarification concerning the impact on this case of various government filings that have been made to the FISC under separate docket.

[snip]

lt is HEREBY ORDERED that the government shall file a brief no later than February 20. 2008, addressing the following questions: 1. Whether the classified appendix that was provided to the Court in December 2007 constitutes the complete and up-to-date set of certifications and supporting documents (to include affidavits, procedures concerning the location of targets, and minimization procedures) that are applicable to the directives at issue in this proceeding. If the answer to this question is .. yes,'” the government” s brief may be filed ex parte. If the government chooses to serve Yahoo with a copy of the brief~ it shall serve a copy of this Order upon Yahoo as well.

2. If the answer to question number one is “no,” the Government shall state what additional documents it believes are currently in effect and applicable to the directives to Yahoo that are at issue in this proceeding. The government shall file copies of any such documents with the Court concurrent with filing its brief. The government shall serve copies of this Order, its brief, and any additional documents upon Yahoo, unless the government moves this Court for leave to file its submission ex parte, either in whole or in part. If the government files such a motion with the Court, it shall serve a copy of its motion upon Yahoo. The government shall also serve a copy of this Order upon Yahoo, unless the government establishes good cause for not doing so within the submission it seeks to file ex parte.

This is what elicited the government’s indignant brief about actually telling Yahoo what it was arguing about.

As a result of the government’s successful argument Yahoo had to argue blind, it did not learn — among other things — that CIA would get all the data Yahoo was turning over to the government, or that the government had basically totally restructured the program after the original expiration date of the program, additional issues on which Yahoo might have challenged the program.

Perhaps more interesting is that it wasn’t until Walton ruled on March 5 that he would not force the government to share any of these materials with Yahoo that the government finally provided the last relevant document to Judge Walton, the Special Procedures Governing Communications Metadata Analysis. (PDF 219)

On January 3, 2008, the Attorney General signed the “Department of Defense Supplemental Procedures Governing Communications Metadata Analysis,” which purported to supplement the DoD Procedures (“Supplement to DoD Procedures”), a copy of which is attached hereto as Exhibit A. The Supplement to DoD Procedures concerns the analysis of communications metadata that has already been lawfully acquired by DoD components, including the National Security Agency (NSA). Specifically, the Supplement to DoD Procedures clarifies that NSA may analyze communications metadata associated with U.S. persons and persons believed to be in the United States. The Supplement to DoD Procedures does not relate to the findings the Attorney General must make to authorize acquisition against a U.S. person overseas

This is particularly suspect given that one of the changes implemented after the original certification was to share data with CIA, something directly addressed in the memo justifying SPCMA to the Attorney General’s office (and a detail the government is still trying to officially hide).

Now, to be fair, in the original release, it was not clear that the government offered this much explanation for SPCMA, making it clear that the procedural change involved making American metadata visible. But the government very clearly suggested — falsely — that SPCMA had no Fourth Amendment implications because they didn’t make Americans overseas more likely to be targeted (which the government already knew was the key thrust of Yahoo’s challenge).

The opposite is true: by making US person metadata visible, it ensured the government would be more likely to focus on communications of those with whom Americans were communicating. These procedures — which were approved more than two months, one document dump, and one court order agreeing to keep everything secret from Yahoo earlier — were and remain the key to the Fourth Amendment exposure for Americans, as was argued just last year. And they weren’t given to even the judge in this case until he asked nicely a few times.

This was the basis for the dragnet that still exposes tens of thousands of Americans to warrantless surveillance. And it got briefed as an afterthought, well after the government could be sure it’d get no adversarial challenge.

Posted in FISA | Tagged Reggie Walton, SPCMA, Yahoo | 4 Comments