GCHQ's Dubious Role in The 'Quantum' Hacking Spy Tactic

Thursday, 12 December 2013

I've not posted here for a while, but I've got a good excuse. For the last month or so I've been out in Brazil working on a series of stories with the American journalist and former Guardian columnist Glenn Greenwald. We've been reporting a series of revelations about government surveillance based on the trove of files leaked by former NSA contractor Edward Snowden.

I've had some time to take a breather tonight and I want to draw attention to something important in one of the latest stories we worked on with a team of excellent Swedish journalists from Uppdrag Granskning — an investigative unit that operates as part of Sweden's national public broadcaster SVT.

We worked on several stories with Uppdrag Granskning in the lead up to an hour-long documentary, aired Wednesday, about Sweden's major role in the global surveillance nexus that is led by the United States, the United Kingdom, and the other members of the so-called Five Eyes group — Australia, Canada, and New Zealand.

As we reported, the documents reveal how Sweden has become a key partner for the US and the UK, and top-secret agreements have been made in the last decade that bolster Sweden's spying role like never before.

But aside from these crucial details, which are hugely important for Swedish citizens to be informed about, I'd like to highlight here one smaller piece of information that we reported that I think is highly notable.

Earlier this year, it was disclosed that UK spy agency GCHQ was involved in hacking into the Belgian telecom company Belgacom's computer systems in order to covertly gather intelligence on unknown targets. But what is interesting is that, despite being involved in using these hacking methods, GCHQ has been worrying behind the scenes about their legality.

One of the Snowden documents we revealed on the Uppdrag Granskning documentary — dated circa April 2013 — shows the NSA describing a so-called 'Quantum' hacking initative that GCHQ was involved in at a "proof-of-concept" level. However, the document notes:
Continued GCHQ involvement may be in jeopardy due to British legal/policy restrictions, and in fact NSA’s goal all along has been to transition this effort to a bilat with the Swedish partner. [Emphasis added.]
This struck me because, last year, I uncovered a document showing something similar. In obscure technical standards meetings with telecom companies about implementing new surveillance capabilities, GCHQ representatives from a little-known unit of the agency called the National Techical Assistance Centre were voicing the same concerns about hacking techniques.

At meetings held between 2010 and 2011 in Estonia and Italy, at which a GCHQ representative was present, the UK was said to be anxious about the legality of performing a so-called 'man-in-the-middle' attack to covertly hack and eavesdrop on communications:
An additional concern in the UK is that performing an active attack, such as the Man-in-the-Middle attack proposed in the Lawful Interception solution...may be illegal. The UK Computer Misuse Act 1990 provides legislative protection against unauthorised access to and modification of computer material. The act makes specific provisions for law enforcement agencies to access computer material under powers of inspection, search or seizure. However, the act makes no such provision for modification of computer material. A Man-in-the-Middle attack causes modification to computer data and will impact the reliability of the data.
This could not be clearer. The UK's position was that it might be unlawful for authorities to hack a computer in order to monitor communications and/or exfiltrate data. That was the position in 2010/11, and I think the same concern is what is being referenced in the 2013 NSA document when UK "legal/policy restrictions" are mentioned.

Yet despite this concern — and this is perhaps the most important point — GCHQ has marched ahead with its participation in clandestine surveillance operations that involve hacking. The Belgacom case is a specific example, but the NSA documents on Sweden illustrate that Belgacom was not an isolated case. GCHQ was (and likely continues to be) involved in a program called WINTERLIGHT that explicitly involves trying to infect hundreds of targeted computers with so-called 'implants' of malware. GCHQ even operates a covert computer server that it uses to help infect targets with the malware, likely by masquerading as legitimate websites such as LinkedIn, as previous reports have suggested. These covert servers are mentioned in one of the NSA documents on Sweden, dated April 2013, revealed by Uppdrag Granskning:
Last month, we received a message from our Swedish partner that GCHQ received FRA [Swedish spy agency] QUANTUM tips that led to 100 shots, five of which were successfully redirected to the GCHQ server.
So, the question here is: how can this be legal? If GCHQ was previously concerned that performing active hacking attacks may be unlawful under the UK's Computer Misuse Act, then how has that situation been resolved? Has the agency been granted immunity to perform these operations? If so, who granted the immunity? Alternatively, has the UK government, with zero public debate and under cover of total secrecy, produced a classified interpretation of the law aimed at justifying and rendering lawful the use of this clandestine hacking technique?

Another very intriguing theory I have considered is that GCHQ lets one of the other agencies do the "dirty work" — the part of the hack that would illegal under UK law. The NSA may deploy the malware, for instance, while GCHQ plays a lesser role by merely facilitating the attack by hosting the server — but still reaping the benefits (i.e. it gets access to the intercepted data). Having spent countless hours now looking at the Snowden documents, it certainly appears to me that this is something that occurs — that the spy agencies circumvent their domestic laws by allowing partner agencies to do things that they could not do themselves.

Either way, GCHQ's clear and undeniable role in Quantum hacking attacks raises hugely significant legal questions and it is remarkable to me — but perhaps not totally surprising — that the blundering British parlimentarians who are supposed to hold the agency to account have thus far failed to raise any of these key issues.

The Torture & Rendition Report the UK Government Hasn't Published

Thursday, 7 November 2013

Last year, the UK government was presented with a preliminary report about an inquiry into British security services' alleged role in the extraordinary rendition and torture of terror suspects. The government said at the time that it would make the report public — but it has never surfaced.

The report was produced as part of the so-called 'Detainee Inquiry', set up by prime minister David Cameron in 2010 to investigate allegations of British security agencies' involvement in the mistreatment of individuals accused of terror offences. Spy agency MI6, for instance, has been blamed for helping to facilitate the abduction and subsequent alleged torture of a Libyan Islamist and his pregnant wife, who were covertly 'rendered' from Bangkok and reportedly taken to a Libyan prison run by the Gaddafi regime in 2004.

Headed by retired judge Sir Peter Gibson, the Detainee Inquiry was supposed to look into these allegations and others. It was scrapped in 2012 amid controversy because the government said that it clashed with ongoing police investigations into some of the same cases. But a preliminary report was produced by the inquiry and sent to the prime minister on 27 June 2012. At the time, the government issued a statement saying that the report focused on "preparatory work to date, highlighting particular themes or issues which might be the subject of further examination." Justice Secretary Ken Clarke said that the government was committed to publishing "as much of this interim report as possible."

Almost 18 months on, however, where is the preliminary report? That is exactly what I have been trying to find out. And the UK government is not returning my emails.

In September, I sent a Freedom of Information Act request seeking a copy of the report to the government's Cabinet Office. Under the FOIA, the government has 20 working days to issue a response. 31 working days have now passed and I have sent three separate emails related to the request. I have received nothing in response — not even an acknowledgement informing me that my request has been received. This means that the government is violating its legal obligations, according to an official I consulted at the Information Commissioner's Office, the public body that enforces access to information legislation in the UK.

I submit quite a lot of FOI requests, and I can't think of another occasion when a government department has flat-out ignored a request in this way. It is very unusual. Normally, the procedure is that you will receive an acknowledgement within a few days. And a couple of weeks later the respective department will either send you the information or refuse to release it, usually citing some flimsy national security secrecy exemption.

Notably, the chap who runs the website Spy Blog has also previously attempted to obtain a copy of the preliminary report. His efforts have so far been stonewalled. But unlike me, Spy Blog has at least been privileged enough to receive responses from the Cabinet Office, most recently in July. The Cabinet refused to disclose the report to the website, claiming that officials were busy "clearing the report for publication" and adding that they expected that it could be published "in the autumn, although no date has been set."

It is not clear why the Cabinet Office has needed almost a year and a half to "clear" a report for public consumption. At best, it looks to me like a case of incompetence and bureaucratic inefficiency; at worst, it is a red herring being deployed to delay the release of controversial information for political convenience. Either way, the delay suggests that there could be some interesting details contained in the report. And the government is running out of excuses to postpone publication. Indeed, under section 22 of the Freedom of Information Act, the government can decline to disclose information requested if it is already intended for future release. However, Ministry of Justice guidance on the Section 22 exemption explicitly states that:

These qualifications recognise that sometimes there will be an overriding public interest in the information being released prior to the intended publication date. Public authorities should not be able to avoid putting information in the public domain by adopting unreasonable publication timetables or an 'intention' to publish where there is little prospect of that happening within a reasonable timescale.

Given the seriousness of the allegations about UK security agencies' role in facilitating extraordinary rendition and torture, there is evidently a very strong public interest case for this preliminary report to be immediately released under the Freedom of Information Act. That is especially true given the inexplicably lengthy delay that we have already had to endure.

It's worth also pointing out that despite the sort of behaviour detailed above, the government continues to audaciously insist it is committed to transparency. Just last week the Cabinet Office was proclaiming "wide-ranging new commitments to bring more of the benefits of transparency into people’s everyday lives." Cabinet minister Francis Maude was quoted as saying that "transparency is an idea whose time has come."

Unfortunately, the section of Maude's own department responsible for implementing transparency does not appear to have received the memo — and is currently flouting the Freedom of Information Act in a case involving the withholding of important information that the public clearly has a right to know.

I have lodged a formal complaint about the Cabinet Office's conduct with the Information Commissioner's Office — so watch this space.

UPDATE, 4 December 2013: Late last month, the Information Commissioner's Office replied to the complaint I filed about the UK government's non-response to my request that it release the rendition/torture report. An official from the ICO said he had contacted the government's Cabinet Office to confirm that my request had been received and to give the government a 10-day deadline to contact me. The ICO reminded the government of its obligations under the Freedom of Information Act and noted that it "may consider taking enforcement action" should similar complaints arise (read the ICO's correspondence here).

However, despite this light reprimand from the ICO, incredibly I've still received no response from the government about the rendition report. The 10-day deadline expired yesterday and I've heard nothing — I've not yet so much as received an acknowlegement that my initial request is being dealt with, even though it was submitted more than two months ago (the government is supposed to respond within 20 working days; it's now been more than 50). This means that the Cabinet Office, which likes to tout its transparency credentials, is not only actively flouting its obligations under the Freedom of Information Act — it has also now failed to act on a formal request made by the authority that enforces the FOIA law, the ICO. Before the end of the week, I'll be following up my complaint with the ICO in the hope that more serious action can be taken. Of course, I'll post further updates here with any new developments in this strange case as and when they arise.

UPDATE, 29 December 2013: The government has released the Detainee Report today; the Guardian reports that it reveals how "MI6 officers were under no obligation to report breaches of the Geneva conventions and turned a 'blind eye' to the torture of detainees in foreign jails, according to the report into Britain's involvement in the rendition of terror suspects." I am still pursuing my complaint against the Cabinet Office for its handling of my FOIA request.

UPDATE, 26 March 2014: In response to my complaint, the Information Commissioner's Office issued a "decision notice" stating that the Cabinet Office breached section 10 of the Freedom of Information Act in ignoring my request. More details here.

The Chenagai Madrassa Incident

Tuesday, 23 July 2013

On 30 October 2006, an Islamic school in Pakistan was targeted in a missile strike that killed up to 81 people, most of whom were reportedly children, some as young as seven.

At the time of the strike, which took place in the town of Chenagai in the tribal area of Bajaur, Pakistan's military claimed responsibility, saying it had targeted the school — known as a madrassa — because it was being used as a terrorist training facility. However, an anonymous former Pakistan official, described as an ex-"key aide" to then-President Pervez Musharraf, later reportedly claimed that the attack had been carried out by a US drone, according to the Sunday Times. The US denied any role, saying it was "completely done by the Pakistani military."

Now, a newly published report has raised fresh questions about exactly who was behind this horrific incident. A leaked Pakistan government document, published by London's Bureau of Investigative Journalism on Monday, lists the Bajaur case among a series of US Predator drone strikes and NATO-backed attacks in Pakistan between 2006 and 2009. The Bureau says that the document shows the attack was the result of "a single drone strike," though the document does not specify whether a drone or other aircraft was involved.

So who carried out this controversial attack?

At the time of the strike, Pakistan's army spokesman said that it had been carried out by Pakistan military helicopter gunships that fired four or five missiles into the madrassa. One local villager told the BBC he had "heard helicopters flying in and then heard bombs." An NBC news correspondent, who was reportedly about a mile away from the madrassa at the time of the incident, said that it "was dark and very early in the morning when the blast occurred. And then I heard helicopters over the village of Chenagai where the madrassa school is located."

Analysts speculated that Pakistan's military may have not had the skills required to conduct the helicopter strike, because it was apparently conducted at 5am while it was still dark and had the hallmarks of an elite operation. Hours after the attack, Bill Roggio at the Long War Journal suggested that a US special operations team may have been behind it. "Look for signs of Task Force 145 having carried out this raid," Roggio wrote, "with unmanned Predators firing Hellfire missiles, and possibly C-130 and helicopters following up."

Others had an alternative theory. On October 31, 2006, Syed Saleem Shahzad at the Asia Times wrote:

Recently, Islamabad agreed with NATO that it could conduct operations in Pakistan from across the border in Afghanistan... Significantly, Pakistan and Taliban authorities struck a peace deal in Bajour only two days ago and were scheduled to sign a document to that effect on Monday. This lends credence to the possibility that it was NATO and not Pakistani forces that made the raid.

Among those who died in the attack was the leader of the madrassa, a reportedly pro-Taliban radical cleric named Maulana Liaqat. Pakistan officials also claimed that Ayman al-Zawahiri — who was then Osama bin Laden's deputy — had used the madrassa to train suicide bombers. That would certainly have given both US and NATO forces a motive to want to target the building. And Pakistan has covered up for US drone strikes in the past.

But still, there is still no concrete information that has been presented confirming beyond doubt that a US drone or any other US or NATO military aircraft was involved.

Indeed, secret US diplomatic cables published by WikiLeaks in 2010, four years after the strike, did not hint at any US or NATO role. US officials writing in classified cables dated from 2006 described the incident alternately as a "Pakistan military strike against a madrassa/militant training camp" and a "Pak-Mil attack on an extremist madrassa."

Even with the Bureau of Investigative Journalism's publication of the leaked Pakistani document attributing the attack to NATO forces or a US drone, in my view, the facts remain murky and contentious. And that is perhaps one of the most shocking elements of this story — that seven years on there is still such a lack of clarity about the circumstances of this grave incident, involving the reported deaths of dozens of innocent children.

Without an answer to such a simple question — who pulled the trigger? — there can be no accountability, no closure, no recourse for justice for the families of those who lost a child on that day in Chenagai. It is an incident that seems to symbolise the bloody, faceless brutality of the ruthless covert warfare that has become a staple feature of the so-called War on Terror over the past decade, especially in the tribal regions of Pakistan. But just because there may be dangerous, high-level terror targets operating in these places, military forces, wherever they are from, should not get a pass to kill and maim with impunity. For that reason alone, the madrassa strike surely requires serious further scrutiny — perhaps from UN special rapporteur Ben Emmerson, who is currently investigating the issue of civilian drone deaths.

How UK Surveillance is on the Rise

Saturday, 20 July 2013

Earlier this week, the UK's official communications interception commissioner published his annual report. The commissioner releases statistics every year that offer an insight into the levels of surveillance being conducted by UK authorities, including police, security and intelligence agencies.

The latest report provides more evidence that the trend in recent years has been towards a general increase in surveillance of communications. In 2012, the report shows, there were a record 570,135 authorisations for police and other agencies to obtain so-called "communications data." This can include subscriber information about suspects' phone and email accounts, as well as call and email records showing who a suspect is phoning/emailing and when. It does not include the actual content of the communication.

Notably, the 570,135 figure is a 15 percent increase on the figure for 2011 and amounts to about an average 1,562 communications data authorisations every day. In addition, the commissioner noted in his report that "979 communications data errors" were made by authorities in cases involving the wrongful collection of data from innocent individuals. The botched surveillance had serious ramifications, with six members of the public "wrongly detained / accused of crimes" as a consequence.

Here's a quick graph I've knocked up showing how, with the exception of a unusual drop in authorisations in 2011, UK authorities have been increasingly obtaining communications data as part of investigations in recent years:

The same trend is reflected in the latest statistics on the interception of communications. Interception is when the authorities obtain a warrant, signed off by the secretary of state, enabling them to secretly eavesdrop on phone calls or read emails and texts. There were 3,372 interception warrants authorised in 2012, which represents a 16 percent increase on the figure for 2011. It is crucial to note that a single interception warrant can encompass large groups of individuals. It is not known exactly how many people were swept up in the 3,372 warrants because these figures are, unfortunately, not published.

Here's a graph that illustrates the steady increase in interceptions since 2008:

While surveillance is on the rise, as the above graphs show, the UK government has been arguing that it does not have enough digital spying capabilities and needs more surveillance powers.

The government's case may have recently been damaged, however, by leaked secret documents, published by the Guardian in June, that revealed how UK spy agency GCHQ was tapping into internet cables and reportedly monitoring some 600 million "telephone events" every day. The exposed extent of GCHQ's spying offered a rare and startling insight into the sweeping scope of surveillance already being conducted by the UK government, and seemed to affirm what the UN's special rapporteur on free expression, Frank La Rue, warned about in an unprecedented report published just weeks before the leaks.

"Technological advancements," La Rue wrote, "mean that the state’s effectiveness in conducting surveillance is no longer limited by scale or duration."

Rights Groups on Snowden

Friday, 12 July 2013

Edward Snowden is the NSA whistleblower whose document leaks have in recent weeks cracked open the US and UK governments' secret surveillance programs to an unprecedented level of public scrutiny. The former Hawaii-based NSA contractor, 30, is currently holed up in Sheremetyevo airport in Moscow, Russia, as he attempts to seek asylum in a number of countries — fearing persecution if he returns to the United States.

But Snowden's options are limited. The US government has revoked his passport while exerting extraordinary pressure on countries across the world in order to prevent the whistleblower from gaining asylum. This has raised questions about the US government's commitment to international law and has led a number of human rights groups to weigh in with criticism of US officials' actions. Today, Snowden is said to have set up a meeting with groups including Amnesty International in order to discuss his next steps.

Below, I've compiled a quick list for my own reference of the various rights groups that have issued a statement on the Snowden case so far. There may be others that I've missed. If so, add a comment at the bottom or send me a link via Twitter and I'll update this post.

American Civil Liberties Union

"In addition to infringing on Mr. Snowden's right to asylum, [the US government's] actions also create the risk of providing cover for other countries to crack down on whistleblowers and deny asylum to individuals who have exposed illegal activity or human rights violations." (Statement, 11 July.)

Amnesty International

"The US authorities’ relentless campaign to hunt down and block whistleblower Edward Snowden’s attempts to seek asylum is deplorable and amounts to a gross violation of his human rights." (Statement, 2 July.)

Article 19

“The manhunt for Edward Snowden must be stopped. More energy is being spent on arresting one whistleblower that exposed human rights violations than has been spent on finding and arresting perpetrators of war crimes or crimes against humanity." (Statement, 5 July.)

Government Accountability Project (US)

"Snowden disclosed information about a secret program that he reasonably believed to be illegal. Consequently, he meets the legal definition of a whistleblower, despite statements to the contrary made by numerous government officials and security pundits." (Statement, 14 June.)

Human Rights Watch

"[The US government] should not apply a double standard by working against other governments that might extend asylum in this case." (Statement, 3 July.)

“Edward Snowden has a serious asylum claim that should be considered fairly by Russia or any other country where he may apply. He should be allowed at least to make that claim and have it heard... Washington’s actions appear to be aimed at preventing Snowden from gaining an opportunity to claim refuge, in violation of his right to seek asylum under international law.” (Statement, 12 July.)

Index on Censorship

"The mass surveillance of citizens’ private communications is unacceptable – it both invades privacy and threatens freedom of expression. The US government cannot use the excuse of national security to justify either surveillance on this scale or the extradition of Snowden for revealing it." (Statement, 24 June.)

Norwegian PEN

"The threat of criminal prosecution against whistleblower Edward Snowden on the charge of espionage is an allegation against an individual who has used his right to free speech in order to uncover serious abuse, not worthy of a country that abides by the rule of law. By going out with this information, Edward Snowden has questioned the democratic openness of US counter-terrorism strategy. The practice uncovered in the United States is in clear conflict with the principles of a democratic constitutional state." (Statement, 3 July.)

Reporters Without Borders

"Now that Edward Snowden, the young American who revealed the global monitoring system known as Prism, has requested asylum from 20 countries, the EU nations should extend a welcome, under whatever law or status seems most appropriate... [European Union] countries owe Snowden a debt of gratitude for his revelations, which were clearly in the public interest... American leaders should realize the glaring contradiction between their soaring odes to freedom and the realities of official actions, which damage the image of their country." (Statement, 3 July.)

Prism D Notice

Tuesday, 18 June 2013

Following disclosures by the Guardian earlier this month about a US National Security Agency internet surveillance program called Prism, it has emerged that UK government officials issued a so-called "D notice" in a bid to censor coverage of spy tactics.

The D notice following the NSA leaks was reportedly issued to news organisations including the BBC on 7 June, the day after the Prism story broke. Prism is a system used by the NSA to monitor emails, file transfers, photos, videos, chats, and other data. Intelligence gleaned from the system has been passed to GCHQ, the UK's version of the NSA.

The notice to the media organisations was marked "Private and Confidential: Not for publication, broadcast or use on social media," according to Jeff Stein at And Magazine. It added:

There have been a number of articles recently in connection with some of the ways in which the UK Intelligence Services obtain information from foreign sources.

Although none of these recent articles has contravened any of the guidelines contained within the Defence Advisory Notice System, the intelligence services are concerned that further developments of this same theme may begin to jeopardize both national security and possibly UK personnel.

It particularly warned against reporting on:

specific covert operations, sources and methods of the security services, SIS and GCHQ, Defence Intelligence Units, Special Forces and those involved with them, the application of those methods, including the interception of communications and their targets; the same applies to those engaged on counter-terrorist operations.

The D-notice system was first set up in 1912 and operates in accordance with a voluntary code — providing "advice and guidance to the media about defence and counter-terrorist information the publication of which would be damaging to national security." In 2010, for instance, a D notice was reportedly issued prior to WikiLeaks' release of thousands of US government diplomatic cables. A D notice has no formal legal authority, but defying it can make journalists vulnerable to prosecution under the UK's Official Secrets Act.

Snowden's Fate

Monday, 17 June 2013

On Democracy Now today there was an insightful interview with Hong Kong legislator Charles Mok on the potential next steps for US National Security Agency whistleblower Edward Snowden.

Snowden is currently believed to be in Hong Kong after passing a batch of NSA documents revealing top-secret surveillance programs to the Guardian, the Washington Post, and the South China Morning Post. US authorities have initiated a criminal investigation over the leaks and will probably pursue Snowden's extradition in the weeks and months ahead.

Mok talks about what that process could entail, and says that though Hong Kong enjoys independence from mainland China on many issues, the international magnitude of the Snowden case means the final decision that will determine his fate is ultimately likely to be made by central government in Beijing:

Please understand that at least we have a one-country, two-system system in Hong Kong and between Hong Kong and the mainland. So our laws are different from the laws in China. And we do have a border and so on. We do have different governments, even though as a regional government, we do report to the central government.

So I think what we want locally is to make sure that we can protect [Snowden] and make sure that we can live up to our core values and make sure that we treat this person according to all the rights that he should be getting under Hong Kong law. And... exactly what I don’t want to see, is that this sort of political influence to be interfering into the justice process, the judicial process that Mr. Snowden may end up having to get in Hong Kong. If, for example, the US starts by contacting the Hong Kong government to try to initiate an extradition, and if Mr. Snowden decides to try to get asylum or apply for refugee status here in Hong Kong, he — if he chose to do that, if the process comes to that point, he should be getting all the rights. [...]

If the US started to initiate a process [to] say that we want to arrest this person and start an extradition process, then Mr. Snowden could apply in Hong Kong for refugee status. And then there would be at least two tests: first by the United Nations High Commission on Refugees to determine whether or not, for example, that he will face torture at home and whether or not this is political persecution and so on, and second, also by the Hong Kong court. [...]

He will be accorded rights to appeal all the way up to our highest court in Hong Kong. So, assuming that money and financial issues — because you do need to get lawyers and so on — assuming those are not an issue, these processes in the past could have taken quite a bit of time. But... if [Snowden] isn’t successful and there has to be a final decision to be made about the extradition, our chief executive in Hong Kong, which is pretty much [like] our president... he will have to make the final decision. But because this case very likely will involve foreign relations, then he has to consult the central government. So, in the end, it means that the process can be a pretty prolonged process, and, second, Beijing will probably come into the equation to make a final decision in the end.

You can watch the full interview here.

NSA Chief Quizzed Over Legality of Phone Records Grab: Transcript

Thursday, 13 June 2013

General Keith Alexander, the chief of the US National Security Agency, today appeared before a Senate committee and was quizzed publicly for the first time on issues related to the agency's recently revealed surveillance programs.

Most of the questions Alexander faced concerned the secret mass retention of Americans' phone records, exposed by the Guardian last week, which the spy chief said is necessary to conduct retrospective surveillance of patterns of communication during counter-terrorism investigations — enabling the agency to go "back and time" to monitor who has called whom, when, and for how long.

Perhaps the most notable point in Alexander's appearance came during an exchange with Oregon Senator Jeff Merkley (Democrat), who asked a few specific, probing questions about the section of the Patriot Act (215) being used to justify storing the records. Merkley seemed to believe the NSA had exceeded its authority in mass retaining the records, and I think his comments pinpoint a crucial part of the legal debate about the scope of the surveillance that we will see more of in the weeks ahead. Merkley also pressed for secret interpretations of the law being used by the government to justify the surveillance to be declassified and published, a point that Alexander seemed to agree was necessary though said he couldn't guarantee it because he was "not the only decision maker in the administration."

See the relevant part of the exchange below:

Sen. Merkley: You referred to section 215 [of the Patriot Act] and 215 requires for an application for production of any tangible thing. It says in it that this application must have a statement of facts showing reasonable grounds that the tangible things sought are relevant to an authorised investigation. So we have several standards of law embedded in this application: A statement of facts, reasonable grounds, and tangible things that are relevant to an authorised investigation.

Now as it's been described in this conversation and in the press, the standard for collecting phone records on Americans is now all phone records, all the time, all across America. How do we get from the reasonable grounds, relevant authorised investigation, statement of facts, to all phone records, all the time, all locations? How do you make that transition and how has the standard of the law been met?

General Alexander: So this is what we have to deal with the court and I think that... we go through this court process... it's a very deliberate process where we meet all of those portions of the 215. We lay out for the court what we're going to do and to meet that portion we just said. The answer is we don't get to look at the data, we don't get to swim through the data....

Sen. Merkley: Let me stop you there, because these are requirements to acquire the data, not to analyze the data, to acquire the data ... this is the application to acquire the data. So here I have my Verizon phone, my cell phone, what authorized investigation gave you the grounds for acquiring my cellphone data?

General Alexander: On this part here, on the legal standards and stuff, on this part here I think we need to get Department of Justice and others because it is a complex area and you're asking a specific question. I don't want to shirk that but I want to make sure I get it exactly right. And so I do think part of what we should do is perhaps at the closed hearing tomorrow walk through that with the intent of taking what you've asked and seeing if we can get it declassified and out to the American people so they can see how exactly how we do it because I do think that should be answered.

Sen. Merkley: In between these two pieces, the FISA court gives an interpretation of the plain language of the law, their interpretation is what translates the standards of the law into what is governable in terms of what you can do. I had an amendment last December that said these findings of law that translate the requirements that are in the law into what is permissible needs to be declassified so we can have the debate. I believe that what you just said is that you want to have that information to be declassified that explains how you get from these standards of law to the conduct that has now been presented publicly. Did I catch that right and do you support the standards of law, the interpretations of the FISA court of the plain language to be set before the American people so we can have this debate?

General Alexander: I think that makes sense. I'm not the only decision maker in the administration on this process so there are two issues I'm not equivocating. I just want to make sure that I put this expectation exactly right and that is I don't want to jeopardize the security of Americans by making a mistake and saying yes we're going to do all that, but the intent is to get the transparency there.

So Senator I will work hard to do that, and if I can't do that I will come back to you and tell you why and we will have that discussion and run it out and I defer to the chair of the intelligence committee. But I think that's reasonable to get this out. Having said that I don't have the legal background that perhaps you have in this area.

I want this debate out there for a couple of reasons. I think that what we're doing to protect American citizens here is the right thing. Our agency takes great pride in protecting this nation and our civil liberties and privacy and doing it in partnership with this committee, with congress and the courts. We aren't trying to hide it we are trying to protect America so we need your help in doing that. [...]

Sen. Merkley: General I thank you for your statement of support. I also want to thank chair Feinstein who helped develop and send a letter expressing this concern about the secrecy of the interpretations of the FISA court ... I think it's time that [the FISA interpretations] become understandable and public because otherwise how in a democracy do you have a debate if you don't know what the plain language [of the law] means. I do have concerns about that translation and I will continue this conversation.

The NSA's Prism & its Capabilities

Saturday, 8 June 2013

It has been two days now since the Guardian and the Washington Post reported that the US National Security Agency has "obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document." As part of a surveillance program called Prism, the NSA and the FBI, the Post reported, are "extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets."

But since the initial reports, the Internet companies have all denied this "direct access" claim [1], which prompted the Guardian on Saturday to publish the secret source document showing the NSA's description of Prism as program enabling "collection directly from the servers of these service providers: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube, Apple."

So what exactly is Prism and how does it work?

In my view, it is possible too much has been read into the NSA's description of Prism as enabling "collection directly from the servers." Taken in isolation, this statement does not necessarily mean that the NSA has direct and unrestricted access to these companies' central computers to sift through troves of private data whenever they feel like it, which is what the initial reporting seemed to imply. "Collection directly from the servers" could feasibly mean Prism is the codename the NSA uses for a "separate, secure portal" that is linked to or located within the servers of these companies. As the New York Times reported on Friday:

[I]nstead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said. [...] In at least two cases, at Google and Facebook, one of the plans discussed [with the government] was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.

This could still be understood as "collection directly from the servers," but the distinction is that it is not "open-ended access." Under this system, the NSA — or the FBI on behalf of the NSA — would obtain a court order under the Foreign Intelligence Surveillance Act and use it to demand the respective company turn over various data into its "separate, secure portal." The scale of the data grab, though somewhat limited in scope by the court order, could still be huge. As was separately disclosed earlier this week, for instance, a single FISA order can be used to obtain millions of phone records.

The confusing thing about this picture of Prism, however, is that it still conflicts a little bit with how the system was portrayed by the newspapers that reported on the secret documents. The description of a "separate, secure portal" like an "online room" where companies "deposit" data for the government suggests that the transaction happens in static, incremental stages: data is requested by the government, data is passed over by the company, then the government sifts through it. But the Washington Post's reporting suggests the transaction does not occur in static stages because it can involve real-time monitoring:

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

Additionally, the source who disclosed the document, described as a career intelligence officer, told the Post: “They quite literally can watch your ideas form as you type.”

So this means that if the companies are not providing "direct access" to their servers to mine data indiscriminately, then the "separate, secure portal" can also be used not just to "deposit" data, but also to obtain access to real-time communication flows, presumably authorized by a FISA order and implemented by the respective company that receives it (Google, Apple, Facebook, etc). Indeed, in a statement Sunday, the US director of national intelligence James Clapper said in a statement that Prism was authorized under Section 702 of FISA and he described the program as an "internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers."

The question, then, is how sweeping the FISA orders are. The Post reported that "from inside a company’s data stream the NSA is capable of pulling out anything it likes" and also said that the NSA's spies use Prism through a "Web portal" that entails entering “'selectors,' or search terms, that are designed to produce at least 51 percent confidence in a target’s 'foreignness'." This suggests to me that we are talking about dragnet FISA orders that oblige the companies to turn over huge amounts of data, some in real time, handled by the NSA on a system codenamed Prism, which may involve the NSA having its own "secure portal" within or at least linked to company servers.

The companies would not know that they were participating in anything named "Prism" — that is just the NSA's internal codename for the program. From the companies' perspective, all they are doing is responding to court-authorized FISA orders. What I would like to hear each of the companies publicly explain is whether they have any kind of interface for facilitating government FISA orders built within or linked to their server infrastructure. (See this update below.)

I should note that all of the above is my own speculation based on an analysis of the available facts. Other theories I have heard proposed include that the NSA has essentially secretly "hacked" the respective companies' servers by spoofing encryption certificates. But I think that is far-fetched and that what I have suggested here is likely more in line with what is happening, though, again, I am only speculating. Without access to the full leaked source documents, it is difficult to comprehensively analyse the details. Only a fraction of the secret documents has been published so far, presumably for legal and/or editorial reasons. There are reportedly 41 top-secret leaked PowerPoint slides in total related to Prism but only about four or five have been made available by the Guardian and the Post. It is my hope that they will all surface eventually so we can get a better and more accurate understanding of what this controversial surveillance program entails.

*****

[1] Facebook said it does not "provide any government organization with direct access to Facebook servers." Apple said "we do not provide any government agency with direct access to our servers." Microsoft said "If the government has a broader voluntary national security program to gather customer data we don’t participate in it.” Yahoo said "We do not provide the government with direct access to our servers, systems, or network.” Paltalk said it "does not provide any government agency with direct access to its servers.” AOL said that it does not "provide any government agency with access to our servers.” And Google, too, said that it had "not joined any program that would give the U.S. government — or any other government — direct access to our servers."

*****

UPDATE, 9 June 2013: A new report from the Washington Post has some additional interesting details about Prism. The Post has spoken with anonymous executives at some of the companies linked to the program, who "acknowledged the system’s existence and said it was used to share information about foreign customers with the NSA and other parts of the nation’s intelligence community." The report adds:

According to slides describing the mechanics of the system, PRISM works as follows: NSA employees engage the system by typing queries from their desks. For queries involving stored communications, the queries pass first through the FBI’s electronic communications surveillance unit, which reviews the search terms to ensure there are no U.S. citizens named as targets.

That unit then sends the query to the FBI’s data intercept technology unit, which connects to equipment at the Internet company and passes the results to the NSA.

PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.

This seems in line with my theory above about the functionality of the system — that it is a "secure portal" within or at least linked to the companies' servers. What is particularly notable is the role of the FBI in reviewing the search terms, and the fact that the companies apparently do not see what the NSA is searching for. I think this hammers home the point regarding the sweeping scope of the FISA orders, which we need to know much more about. Even without any further information, however, it is clear to me that Prism has huge ramifications — in particular for all non-US citizens using services like Gmail, Skype, and Hotmail.

Google's Role in the Government Surveillance of Fox News Reporter James Rosen

Monday, 3 June 2013

In recent weeks, there have been a series of controversies in the United States over the Justice Department snooping on journalists as part of aggressive investigations into leaks of classified information.

The most egregious case involves Fox News reporter James Rosen, whose private emails were secretly obtained, his phone records grabbed, and his movements to and from a government building electronically tracked. Rosen sparked a leak investigation after he authored a story in 2009, based on US intelligence passed to him by an anonymous source, concerning possible nuclear tests in North Korea in response to United Nations sanctions.

The case has attracted widespread coverage, and the extent of the monitoring of Rosen — and the FBI's accusation that he was "an aider, abettor and/or co-conspirator” who committed a crime for merely reporting news — has outraged media organisations. Some high-profile figures, including the lawyer James Goodale, have called for attorney general Eric Holder to resign for authorizing the surveillance.

But one element of the Rosen case has been largely overlooked: that is, the role of Google in handing over Rosen's emails. That is a point made by WikiLeaks founder Julian Assange in an opinion piece for the New York Times published Sunday. "There has been little analysis of Google’s role in complying with the Rosen subpoena," Assange noted.

I have been looking into this very issue in the past week, and so it seems like a good time to lay out what I've learned.

In 2010, it emerged last month, Google was ordered to hand over Rosen's emails and other data as part of a search warrant signed off by magistrate judge Alan Kay. Here is a list of what Google was told to give the FBI from Rosen's Gmail account, according to court documents:

  • An "exact duplicate" of all communications between Rosen's Gmail account and three named email accounts deemed of investigative interest, two of which were @yahoo.com and one @gmail.com. Specifically: all emails sent or received by Rosen to and from any of the three accounts, whether marked "cc," "bcc," "fwd," or "sent"; any deleted messages; messages maintained in the trash folder or other folders (i.e. drafts); and copies of attachments sent between Rosen and the three named accounts including videos, documents, and photographs.

  • ALL communications sent to and from Rosen's Gmail account on 10-11 June 2009, from or to ANY address (i.e. not just the three named accounts). Specifically, as above, the FBI sought: messages marked "cc," "bcc," "fwd," or "sent"; any deleted messages; messages maintained in the trash folder or other folders (i.e. drafts); and attachments including videos, documents, and photographs.

  • Screen names associated with Rosen's accounts, account numbers, status of accounts, dates of service, methods of any payment, telephone numbers, addresses, detailed billing records, histories and profiles.

  • Log files from Rosen's account showing dates, times, methods of connecting, ports, dial-ups, IP addresses, and/or location from which he connected.

Google was told that it must keep the warrant secret and should not "notify any other person... of the existence of the warrant." The question is: could Google have challenged the lawfulness of this contentious warrant and fought in the courts in an attempt to notify the journalist?

I asked Google, but the company said its policy was not to comment on specific cases. What I was able to establish, however, is that when Google receives an order to turn over user data as part of a search warrant, in most cases it does not see the full affidavit from the FBI investigator that details the specifics of the case — and the FBI has no legal obligation to inform Google of the specifics because a judge has already reviewed and signed off on it.

But crucially, what Google does sometimes see, a well-placed source told me on condition of anonymity, is an "attachment" that occasionally accompanies a warrant ordering it to disclose certain information. The attachment is an important document because it details the specific types of data investigators expect Google (or any other given company) to turn over. It also sometimes contains a note for the authorities detailing what they should look for in the data once it is disclosed.

In the Rosen case, there was a six-page attachment that detailed all of this. You can read it here. It breaks down the data Google was ordered to turn over, and it also has instructions for the investigators. If Google received this document before turning over Rosen's emails, in my view the company could fairly easily have established that this was a warrant to obtain private data on a journalist and his source.

How? The Rosen attachment, though it does not explicitly name Rosen or Fox News, outlines that the FBI is looking to find evidence concerning violations of the Espionage Act (18 USC § 793), a law that has been used at least seven times by the Obama administration to prosecute people for disclosing classified information. The attachment explains that the FBI is seeking to obtain communications between a man named Stephen Kim (the alleged source of the Fox News story) and the "author of [an] article that is the subject matter of the FBI investigation that is the basis for this warrant." The attachment also refers to "classified and/or intelligence information" and mentions that the FBI is seeking to find evidence in the emails that Stephen Kim and/or "the author" had knowledge of government rules or procedures regarding communicating with "members of the media." It adds that it is seeking to find evidence of the "author's communication with any other source or potential source of the information disclosed in the article," making it clear that it is a journalist's email being targeted.

Google would not tell me whether or not it had seen this attachment, again saying that its policy is not to "discuss the specifics of any particular case." But if the company did see it and did not seek to level any legal challenge, there is a legitimate and serious question to be asked concerning the extent of its complicity in the government's surveillance of a journalist in order to expose a confidential source. Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, told me that while it is unusual and difficult for a company to challenge a search warrant because a judge has already reviewed and signed off on it, it is still possible to challenge. "Theoretically a challenge to the search warrant would go back to the judge who signed it, who I imagine would be reluctant to change their mind (though you never know)," Fakhoury said in an email.

This also raises questions for me about how closely Google scrutinizes individual warrants and court orders before turning over users' private data. Google has a fairly solid track record of standing up to government snooping that it deems disproportionate, and it has commendably pioneered the publication of transparency reports showing government requests to censor Internet content and obtain users' data. But if it turns out Google's legal team were sent the attachment in the Rosen case and did not even attempt to challenge the lawfulness of the warrant, as seems possible, the company's reputation for standing up for users' rights will take a hit — and deservedly so — not least because the spying on Rosen stands out as such a flagrant example of government overreach and excessive surveillance.

Lady Liberty's Watching You: The Full Correspondence

Monday, 6 May 2013

Below is the full bizarre correspondence between myself and two companies, Cognitec and Total Recall Corporation, which was the subject of a recent article I wrote for Slate magazine called "Lady Liberty's Watching You."

As you will see, it started out with me following up a tip about new face recognition technology being piloted at the Statue of Liberty, and ended with me getting sent legal threats warning me not to write about it. A number of outlets followed up the story, including BoingBoing, the Village Voice, and Techdirt.

The correspondence — which consists of both phone interviews and emails listed in chronological order — has not been edited apart from a couple of typo fixes and the removal of email introductions and signatures ("hi there," "best regards," etc.) to avoid unnecessary repetition. I am publishing the correspondence in full not only because doing so is in the interest of transparency, but because I feel that it can serve as an educational example — helping inform about the sort of crass, outrageous intimidation attempts journalists occasionally face when attempting to go about their work. Receiving crude threats is unfortunately sometimes part of the job, but never should we back down.

*****
PHONE CALL
Ryan Gallagher
Elke Oberg [Cognitec]
19 March 2013 13:36pm
Contemporaneous note

I ask for more information about pilot of Cognitec face recognition at Statue of Liberty.

Oberg says: "We were doing this through an integrator [Total Recall Corporation]. So what usually happens is our software, we give it to a company that actually integrates it into a real-world application. I am not really the best person to tell you about what's happening with this project, because that's really more [for] the company that is doing the actual project. I mean, yes, they are going to try out our technology there. But as to the status, and how it's going, I am not the best person to answer those questions for you."

She adds: "I knew this project was going on but hadn't really checked up on it."

She describes what the technology can be used for: "facial analysis to determine how many people have gone through the checkpoints, how many are male, how many are female... we do have ethnicity detection as well but obviously not that accurate for person of mixed ethnicity. But you can also use it for people flow if you see a certain entrance or certain choke point there are too many people gathering you can open another entrance put more staff on etc. It can give a rough estimate of age... age ranges within five years of actual birth date, it is quite accurate.

She says the demographics capability was relevant to the Statue of Liberty pilot: "I'm certain that they are interested in that part."

*****

From: Ryan Gallagher
To: [Total Recall Corp. secretary] Viktoriya

19 March 2013 15:31

I spoke to you on the phone a moment ago. I am a journalist with Slate.com.

I'm doing a story on facial recognition technology in New York and was hoping you could give me an update on the status of a pilot I understand Total Recall is running at the Statue of Liberty with software made by a company called Cognitec.

Is the pilot still going ahead once the Statue of Liberty reopens? How long is the pilot expected to last?

If you could send me some information on this asap it'd be greatly appreciated.

*****

From: Ryan Gallagher
To: [Total Recall Corp. secretary] Viktoriya

20 March 2013 13:18

Hi Viktoriya, just wondering if you have managed to get me answers to my questions?

Thanks

*****

From: [Total Recall Corp. director of business development] Peter Millius
To: Ryan Gallagher
20 March 2013 14:06

Ryan,

Where did you get this information?

Please call me to discuss

*****

From: Ryan Gallagher
To: Peter Millius

20 March 2013 14:10

Hi Peter, calling now.

*****

PHONE CALL
Ryan Gallagher
Peter Millius
20 March 2013 14:19
Contemporaneous note

Millius asks where I heard about the pilot. I explain that I received a tip, had read about it in a police magazine, and that I had also spoken with Cognitec about it.

He says: "At this time there is not going to be a pilot project of the facial recognition at the Statue of Liberty although if it was it would be with Cognitec. We do work with Cognitec but right now because of what happened with [Hurricane] Sandy it put a lot of different pilots that we are doing on hold.

"There are no plans put something in right now. There are a lot of other things that need to get fixed. And they said that once we get all that stuff up we can start talking about that again. But nothing to talk about right now.

"Total recall is doing a security program at the Statue of Liberty. However, if you'd like to do a story about it I could talk to you about it more in detail when we want to do a full press release and so on and so forth.

"It's still months away and the facial recognition right now is not going to be part of this phase.

"We're in the middle of trying to work out what's going to get installed and what's not going to get installed.

"The timing is just premature."

[Millius then puts me on hold. He returns a minute or two later and puts me on speakerphone. One of his colleagues joins the call but does not introduce himself.]

Millius now says that the company had "discussed the possibility of it [a face recognition pilot] and it's been completely vetoed."

I ask, vetoed by who? He says the "Park Police."

I ask why it was vetoed and he says I should contact the Park Police. He declines to answer specific further questions and adds that I am "not authorized" to write about any use of face recognition at the statue.

*****

From: Ryan Gallagher
To: Elke Oberg [Cognitec]

20 March 2013 15:20

I have a couple more questions for you regarding the Statue of Liberty project. Do you think you could put me in touch with the person at Cognetic who knows most about this contract? Thanks.

*****

From: Elke Oberg
To: Ryan Gallagher

20 March 2013 15:23

LETTER ATTACHED.

Please consider this a written confirmation that you are to refrain from publishing any information about the use of face recognition at the Statue of Liberty. As you learned from Total Recall, the project was cancelled and you have false information.

If you decide to publish the information, we will need to take legal action to demand an official correction statement.

We appreciate your professionalism and integrity.

*****

From: Ryan Gallagher
To: Elke Oberg

20 March 2013 15:28

This is quite confusing. You told me yesterday that they were going to be trying out the Cognitec software at the statue. When and why was the project cancelled?

*****

From: Elke Oberg
To: Ryan Gallagher

20 March 2013 15:33

I asked you that I did not have any current information and that you need to talk to Total Recall about the status of this project. They told you and confirmed to me that the project is not happening. The City of New York has not approved it.

*****

From: Ryan Gallagher
To: Elke Oberg

20 March 2013 15:35

So the software is not going to be used because the City of New York has not given it approval?

You said yesterday, and I quote: "Yes, they are going to try out our technology there."

*****

From: Elke Oberg
To: Ryan Gallagher

20 March 2013 15:40

Again, I do not have any exact information about this. I thought you spoke to Total Recall about it?

*****

From: Ryan Gallagher
To: Elke Oberg

20 March 2013 15:42

I have spoken with Total Recall, yes, but I am trying to verify what they are saying. It is all very confusing and I have been provided contradictory information from different sources.

*****

From: Elke Oberg
To: Ryan Gallagher

20 March 2013 15:51

There seems enough confusion to leave the subject out of your article.

*****

From: Elke Oberg
To: Ryan Gallagher

20 March 2013 15:51

Quite the contrary, the confusion and people threatening me with legal action only encourages me to keep digging and establish the facts.

*****

From: Ryan Gallagher
To: Peter Millius

20 March 2013 16:52

Hi Peter,

A follow-up question for you. I have been back in touch with Cognitec and they are now saying that the facial recognition pilot project at the Statue of Liberty was "cancelled" because "the City of New York has not approved it."

Is that correct?

*****

From: Peter Millius
To: Ryan Gallagher

20 March 2013 17:04

LETTER ATTACHED.

Please consider this a written confirmation that you are to refrain from publishing any information about Total Recall and the Statue of Liberty or the use of face recognition at the Statue of Liberty. As you learned from Total Recall, the project was cancelled and you have false information.

If you decide to publish the information, we will need to take legal action to demand an official correction statement.

*****

From: Ryan Gallagher
To: Peter Millius

20 March 2013 17:10

Thanks for the interesting note, Peter. Who was the project cancelled by? You mentioned in our phone call that it had been "vetoed" by the Park Police, and Cognitec told me that "the City of New York has not approved it." Which of these statements is correct? If you could help clarify it'd be much appreciated.

*****

From: Peter Millius
To: Ryan Gallagher
CC: Attorney from Greenberg Traurig law firm.

20 March 2013 18:01

As I have previously told you- I have no comment and please be advised that we will take legal action against you personally and your company if you continue to harass me or chose to publish anything

*****

From: Ryan Gallagher
To: Peter Millius

20 March 2013 18:09

I am merely asking questions, Peter, legitimate questions. That is my job. I am a journalist. But If you have no further comment then I shall send no more inquiries. Thanks for your time.

*****

PHONE CALL
Ryan Gallagher
Elke Oberg [Cognitec]
22 March 2013 2:26pm
Contemporaneous note; summary of call

RG: I'm just trying to establish some of the details around why the project was cancelled, as you're saying.

Oberg: "I have no idea, Ryan, I really don't know. All I know is it's cancelled and that's the end of it... I have no information on it."

You did say the other day that they were 'going to try out our technology there.' So I'm just trying to establish what changed and why.

"Yes, not on that particular project, though, that particular project I don't know anything about. They informed us it was cancelled and I don't know any more than that."

You said you were aware it was going ahead at the statue.

"No, I did not say that. I don't know if it was scheduled."

Why did you tell me then, 'yes they're going to try out our technology there'?

"I don't think I said that."

Yes, you did.

"Then I must have made a mistake. I don't know anything about this project."

So you've never had any knowledge of this being tested at the Statue of Liberty, is that true?

"No, I don't. As I said, you need to ask the contractor."

*****

From: Ryan Gallagher
To: Peter Millius

28 March 2013 18:03

Mr. Millius,

I'm hoping you might have had a chance to reflect since our correspondence last week. I thought I would give you a final opportunity to talk with me — on record or off — about the reasons for the cancellation of the face recognition project at the Statue of Liberty. I am going to be writing about it based on information from a variety of sources. As things stand, your attempt to prevent me from reporting on the project will be a central focus of the story. But, of course, it doesn't have to be that way, and if you would like to discuss the project and the reasons for its cancellation then I would be happy to make time at your convenience for a phone call.

*****

Millius never responded to my final attempt to clarify details around the claimed cancellation of the Statue of Liberty face recognition project. The full article based on the above correspondence can be found at Slate.

The WikiLeaks Grand Jury

Thursday, 28 March 2013

As Alexa O'Brien reported Tuesday, the US Department of Justice has provided the latest confirmation that the grand jury investigation into WikiLeaks remains currently ongoing. That means it has been actively investigating the whistleblower website now for at least about 26 months (the Guardian first reported back in January 2011 that a subpoena seeking data on WikiLeaks had "appear[ed] to confirm for the first time the existence of a secret grand jury" empanelled to investigate individuals associated with the organisation. Prior to that, in late November 2010, the White House confirmed that there was an "active, ongoing criminal investigation" into WikiLeaks. And in July 2010, the Department of Defence stated that it had requested that the FBI help with an investigation related to WikiLeaks disclosures and that it "go wherever it needs to go").

I've been doing a bit of reading on grand juries, and the time-frame is significant because they do not have an indefinite lifespan. US law states that:
The grand jury shall serve for a term of eighteen months unless an order for its discharge is entered earlier by the court upon a determination of the grand jury by majority vote that its business has been completed. If, at the end of such term or any extension thereof, the district court determines the business of the grand jury has not been completed, the court may enter an order extending such term for an additional period of six months. No special grand jury term so extended shall exceed thirty-six months, except as provided in subsection (e) of section 3333 of this chapter.

From subsection (e) section 3333:

A special grand jury term may be extended by the district court beyond thirty-six months in order that such additional testimony may be taken or the provisions of subsection (b) of this section may be met.

And this from the American Bar Association's riveting Handbook on Antitrust Grand Jury Investigations:

The district court may extend the term of the special grand jury to a total of 36 months... The special grand jury may continue even beyond 36 months if it issues a report, and if the district judge determines that additional testimony is necessary, or that the report needs to be rewritten to comply with the governing statute.

So this means that the WikiLeaks grand jury seems to have been granted at least one six month extension thus far, as it has definitely exceeded the 18 month period already. It also suggests that some time between July this year and January 2014 — about four to ten months from now — the grand jury will either have already wrapped up or it will be close to wrapping up as it reaches the somewhat flexible 36-month cut-off point (see an update on this below). Grand juries, for those unfamiliar with them, do not decide the guilt of a person or persons. What they do is take evidence and make a judgement on whether or not criminal charges can be brought (in the form of an indictment) — in this case against Julian Assange and others affiliated with WikiLeaks.

All things considered, I would expect that within the next year or so it will be crunch time for this long-drawn-out saga. It still seems as if it could swing either way at this point, but it is worth weighing up the influence the broader political climate may have. There is an atmosphere in the United States at the minute that seems to represent a growing fatigue with the punitive national security culture that became pervasive post 9/11. Recent court judgments have gone against the government on issues related to secret surveillance and covert drone strikes, and this makes me wonder whether the tides are changing — albeit only incrementally and to a small degree.

Choosing to prosecute Assange for his role as an editor in publishing classified documents, as if it needs to be said, would be an outrageous decision that would cause an almighty outcry from a cross-partisan range of organisations and in the process damage the standing of the United States globally. Even at the height of the Bush administration's jingoistic reign it would have been an extremely controversial call to make. So for Obama's Justice Department to pursue a prosecution in the months ahead, in an atmosphere that may be tangibly shifting against draconian policies, would be a doubly contentious act that could turn out to be politically kamikaze for Obama personally in terms of his lasting legacy. All of these things will surely factor into any final decision regarding a prosecution, which will no doubt be discussed at the very highest echelons of the administration. But first, of course, we will have to wait to see whether or not the grand jury determines that there are charges to pursue in the first place....

*****

UPDATE, 1 April 2013: Wired.com news editor Kevin Poulsen, who was himself once the subject of a grand jury investigation for hacking into computer systems, tells me: "When a grand jury is up, prosecutors can just roll the case into a new grand jury." Significantly, this means that the 36-month cut-off point is far more flexible than the law I cited above implies, because when the first grand jury runs out of time, a new, second grand jury can effectively take up the investigation and continue its work with a fresh timetable. Poulsen said this occurred in his own case ("I had two GJs in series. Prosecution had a law enforcement witness summarize all previous testimony for the incoming panel"). And the book Grand Jury Practice by Howard W. Goldstein suggests it is not an unusual occurrence. Goldstein notes that "given the increasing complexity of federal investigations, many are not finished before the grand jury's term expires," adding: "information developed in one grand jury may be relevant to another grand jury."

An additional point worth mentioning here is that, according to an analysis of grand jury statistics circulated by WikiLeaks:

it is extremely rare for a grand jury not to indict. In the year 2009, federal grand juries in the United States saw cases involving 69,245 suspects and voted to indict all but 20 of them. (This is denoted by "no true bill returned" in the document.) That is a approximately one in every three thousand five hundred suspects. These statistics are repeated year after year. Given that it is known that he is the target of a grand jury investigation, Julian Assange has in and around a 99.97% chance of being indicted.
Interestingly, the same statistics show that US attorneys declined to prosecute 29,780 suspects in 2009 for reasons such as "stale case," "weak evidence," "minimal federal interest," and "Department of Justice policy." These all sound like strong grounds to halt any future attempt to prosecute WikiLeaks staff for their publishing work — if and when an indictment eventually materialises.

Jack Straw, MI6, and Extraordinary Rendition

Thursday, 14 March 2013

There was a very interesting interview aired this evening on Channel 4 News with former UK foreign secretary Jack Straw, which touched on the British government's role in the Iraq War and alleged complicity in kidnappings and torture.

First, some important context.

In 2004, a Libyan Islamist militant anti-Gaddafi fighter Abdel Hakim Belhadj and his pregnant wife were abducted at a Bangkok airport and "rendered" to Libya by American agents. Belhadj was taken to one of Gaddafi's prisons and says he was subjected to torture.

At the time, British government officials were publicly denying any role in so-called "extraordinary rendition" — the practice used frequently by the United States under the George W. Bush administration involving kidnapping terror suspects and taking them to secret locations in third countries where they were sometimes brutally interrogated. But amid the revolution in Libya in 2011, a trove of classifed documents were found during the raid of a government office revealing British spy agency MI6 had in fact played a role in rendition — providing crucial intelligence that resulted in Belhadj being handed over to Gaddafi.

MI6 did not deny involvement when the documents were discovered: instead, UK government sources insisted the agency's actions were part of "ministerially authorised government policy." Then, in April last year, the Sunday Times reported that Jack Straw — foreign secretary between 2001 and 2006 — had been forced by MI6 to admit he had signed off on the secret rendition of Belhadj.

A few days after the Sunday Times report, Belhadj, who is now a military commander in the new Libya, launched legal action against Straw for alleged complicity in illegal rendition and torture.

Now, to the interview.

Tonight, on Channel 4 News, Straw made some eyebrow-raising statements to reporter Alex Thomson in light of the above. Previously he has declined to comment on the Belhadj case, and he told Channel 4 that he wouldn't discuss specifics. But he did make several short remarks that seem significant:

Thomson: It seems extraordinary to have to ask this question... but is the kidnapping and torturing of people by nation states wrong?

Straw: Of course it's wrong and we had no part in that.

Thomson: Are you sure we had no part in it?

Straw: Absolutely. It is wrong. It is absolutely wrong for any of that to have happened.

Thomson: And you are sure that the UK government had no part in it, that's what you just said?

Straw: Well, I'm absolutely sure that I had no part in this, let's just be clear about this OK, and there is going to be a full-scale judicial-led inquiry on the wider issues.

So Straw was clear. "I'm absolutely sure that I had no part in this," he said. Here is what the Sunday Times reported last year:

JACK STRAW, the former Labour foreign secretary, admitted that he had approved the secret rendition of a terrorist suspect to Libya after MI6 showed him evidence proving he had signed off the operation, well placed sources say.

Straw, who faces questioning by police over claims by Abdel Hakim Belhadj that he was tortured in a Libyan prison after being seized in 2004, was confronted by Secret Intelligence Service (MI6) officers after publicly appearing to deny he had authorised rendition.

Asked about Britain’s rendition policy during an interview on BBC Radio 4 last autumn, Straw said: “The position of successive foreign secretaries, including me, is that we were opposed to unlawful rendition, opposed to torture or similar methods and not only did we not agree with it, we were not complicit in it, nor did we turn a blind eye to it."

According to well-placed sources, within days of those comments MI6 officers met Straw. “They reminded him [Straw] that he had signed off on it. He was shown evidence and [then] he did accept that he had signed off on the rendition," said one insider.

Straw has repeatedly declined to comment publicly on the Belhadj case. This weekend a spokesman for him said: “I think that you will readily understand that while an investigation is pending, it is not appropriate for Mr Straw to respond to queries like yours."

And here is a timeline of the key events:

6-8 March 2004: Abdel Hakim Belhadj and his wife Fatima Bouchar are abducted at a Bangkok airport and flown to one of Gaddafi's prisons in Libya.

13 December 2005: Jack Straw, then foreign secretary, tells MPs in response to concerns about rendition: "Unless we all start to believe in conspiracy theories and that the officials are lying, that I am lying, that behind this there is some kind of secret state which is in league with some dark forces in the United States, and also let me say, we believe that Secretary Rice is lying, there simply is no truth in the claims that the United Kingdom has been involved in rendition full stop, because we have not been."

4 September 2011: Documents are found by Human Rights Watch inside the abandoned office Gaddafi's former intelligence chief, Moussa Koussa. One file contained hundreds of secret letters and faxes that UK spy agency MI6 and US spy agency the CIA had sent to Koussa, some revealing "evidence that British intelligence agencies mounted their own 'rendition' operation in collaboration with Muammar Gaddafi's security services." One document showed MI6 counter-terror chief Mark Allen boasting to Koussa about helping render Belhadj in 2004. “The intelligence was British," Allen wrote, adding that assisting in rendering Belhaj by providing information about his movements was “the least we could do for you and for Libya."

5 September 2011: Straw tells BBC Radio 4 in response to the discovery of the documents: “The position of successive foreign secretaries, including me, is that we were opposed to unlawful rendition, opposed to torture or similar methods and not only did we not agree with it, we were not complicit in it, nor did we turn a blind eye to it."

8 April 2012: Extensive details on the rendition of Belhadj and his wife emerge in a special report published by the Guardian. It opens: "Just when Fatima Bouchar thought it couldn't get any worse, the Americans forced her to lie on a stretcher and began wrapping tape around her feet. They moved upwards, she says, along her legs, winding the tape around and around, binding her to the stretcher. They taped her stomach, her arms and then her chest. She was bound tight, unable to move."

15 April 2012: The Sunday Times reports that following Straw's Radio 4 appearance in September 2011, officers from MI6 met with him. A source told the newspaper: "They reminded him [Straw] that he had signed off on it [the rendition of Belhadj]. He was shown evidence and [then] he did accept that he had signed off on the rendition."

18 April 2012: Belhadj launches legal action against Straw over alleged complicity in illegal rendition and torture.

14 March 2013: Straw claims in an interview aired by Channel 4 News that he is "absolutely sure that I had no part in this [extraordinary rendition and torture]."

*****

It doesn't take a genius to see that something does not add up here. There are clear inconsistencies between statements made publicly by Straw and the secret documents, and Straw's Channel 4 interview today contradicted both the secret documents and the claims published by the Sunday Times. The long-delayed judge-led inquiry into the UK's involvement in rendition cannot begin soon enough.

*****

UPDATE, 4 April 2013: It is reported that Straw and former MI6 spy chief Mark Allen say "they cannot respond to allegations of conspiracy in the torture of a prominent Libyan dissident [Hakim Belhadj], pleading the need to protect official secrets." Court documents seen by the Guardian show the former foreign secretary is arguing that the law means he "can neither confirm or deny [MI6] operations," claiming he cannot plead in the case without "causing real harm to the public interest."

However, Straw does explicitly deny misleading parliament in 2005 with his statement that Britain had not "been involved in rendition full stop." Straw claims, according to the Guardian's report, that:

it was 'readily apparent' ... that the committee at the time was discussing 'extraordinary rendition' — that is, rendition specifically carried out for the purposes of torture.

This denial strikes me as tenuous in the extreme, because when you read Straw's full 2005 statement to the parliamentary committee it is not at all clear that when he is talking about rendition he is only talking about rendition in the context of torture. Indeed, he even says at one point that "rendition is a term of art which covers a variety of activities," before going on to add: "there simply is no truth in the claims that the United Kingdom has been involved in rendition full stop, because we have not been." Of course, we now know that the UK was involved in rendition, at the time when Straw was the foreign secretary and thus the responsible minister.

*****

UPDATE II, 22 December 2013: A long-delayed UK government report on British spy agencies' complicity in rendition and torture is finally released on 19 December. The report finds that MI6 turned a "blind eye" to the torture of detainees and was not under any obligation to report breaches of the Geneva Convention. In response to the publication of the report, Jack Straw issues yet another denial, saying in a statement to parliament:

as Foreign Secretary, I acted at all times in a manner that was fully consistent with my legal duties and with national and international law, and that I was never in any way complicit in the unlawful rendition or detention of individuals by the United States or any other state.

The following day, on 20 December, the UK High Court rejects Abdel Hakim Belhadj's rendition and torture case against the government, which Straw was reported to have signed off on. Astonishingly, the judge says that while Belhadj appears to have a "potentially well-founded claim that the UK authorities were directly implicated in the extraordinary rendition," the case cannot proceed because pursuing it would "jeopardise national security." Belhadj is now trying to appeal against the decision.

*****

UPDATE III, 12 November 2015: Citing ongoing Supreme Court proceedings, The Guardian reports that Straw and former MI6 spy Sir Mark Allen "could avoid prosecution over complicity in the rendition and torture" of Belhadj and his wife by claiming immunity in the case.