Showing posts with label washington post. Show all posts
Showing posts with label washington post. Show all posts

WikiLeaks-Trump timeline

Tuesday, 31 July 2018

I put together a short timeline comparing WikiLeaks' public statements on Trump with its leaked private comments on him. Useful for anybody trying to keep track of all the duplicity that's going on:

**

Privately, 19 Nov 2015: WikiLeaks says "we believe it would be much better for GOP to win." Calls Clinton a "well connected, sadistic sociopath." (Source: copy of DMs - via The Intercept. Note: I personally verified the authenticity of these DMs.)

Publicly, 26 Aug 2016: Assange appears on Fox & Friends and says "We do have some information about the Republican campaign" but suggests he won't publish it because "it’s actually hard for us to publish much more controversial material than what comes out of Donald Trump’s mouth every second day." (The material is never disclosed.)

Privately, 20 Sept 2016: WikiLeaks sends Donald J Trump Jr a password to an anti-Trump website which it claims to have "guessed." (Source: Twitter DMs - copies released by Donald J Trump Jr.)

Privately, 3 Oct 2016: WikiLeaks asks Donald J Trump Jr to "push" a dubiously sourced story from a conservative website called "True Pundit" alleging Hillary Clinton wanted to kill Assange with a drone. (Source: Twitter DMs - copies released by Donald J Trump Jr.)

Publicly, 7 Oct 2016: The Washington Post, at about 4pm US Eastern Time, publishes a now infamous video recording in which Donald Trump can be heard boasting about grabbing women's genitals. Within an hour, WikiLeaks publishes an email leak from Hillary Clinton's campaign chair, John Podesta. (Source: Politifact.)

Privately, 21 Oct 2016: WikiLeaks asks Trump Jr to let it publish copies of his father Donald Trump's tax returns because it says doing so would "dramatically improve the perception of our impartiality" & get "much higher impact" for "the vast amount of stuff that we are publishing about Clinton." (Source: Twitter DMs - copies released by Donald J Trump Jr.)

Privately, 8 Nov 2016 (day of the election, before results announced): WikiLeaks advises Donald J Trump Jr that Donald Trump shouldn't concede the election if he loses & instead should blame "rigging" and "media corruption" to "keep his base alive." (Source: Twitter DMs - copies released by Donald J Trump Jr.)

Publicly, 10 Nov 2016 (after Trump election victory announced): WikiLeaks claims in a Reddit AMA that "allegations that we have colluded with Trump, or any other candidate for that matter...are just groundless and false." (Source: Reddit.)

Publicly, 10 Nov 2016: WikiLeaks claims in a Reddit AMA that "we were not publishing with a goal to get any specific candidate elected." Claims it did not "editorially back one candidate over another." (Source: Reddit.)

Publicly, 10 Nov 2016: WikiLeaks says in a Reddit AMA that it has "not received information on Donald Trump’s campaign." (Three months earlier, on 26 Aug 2016, Assange said "We do have some information about the Republican campaign" - see above.) (Source: Reddit.)

Privately, 16 Dec 2016: WikiLeaks asks Donald J Trump Jr to get Donald Trump to pressure Australia to "appoint Assange ambassador to DC" because he is a "really smart tough guy." (Source: Twitter DMs - copies released by Donald J Trump Jr.)

Publicly, 14 Jan 2017: WikiLeaks denies Assange is trying to endear himself to Trump, claims it's just "using Trump aligned media to amplify its publications and critiques of secrecy and war." (Source: Twitter.)

**

(The Donald J Trump Jr private messages were first disclosed in Nov 2017; the original source material can be found in three parts, here, here, and here. The other referenced private messages were first disclosed in Feb 2018 by my colleagues at The Intercept - the full archive of 11,000 private messages were released this week by activist Emma Best and can be found here. This is only a partial analysis; it is not comprehensive. There's a lot more information out there. I may add to this timeline once I have reviewed other material.)

Snowden's Fate

Monday, 17 June 2013

On Democracy Now today there was an insightful interview with Hong Kong legislator Charles Mok on the potential next steps for US National Security Agency whistleblower Edward Snowden.

Snowden is currently believed to be in Hong Kong after passing a batch of NSA documents revealing top-secret surveillance programs to the Guardian, the Washington Post, and the South China Morning Post. US authorities have initiated a criminal investigation over the leaks and will probably pursue Snowden's extradition in the weeks and months ahead.

Mok talks about what that process could entail, and says that though Hong Kong enjoys independence from mainland China on many issues, the international magnitude of the Snowden case means the final decision that will determine his fate is ultimately likely to be made by central government in Beijing:

Please understand that at least we have a one-country, two-system system in Hong Kong and between Hong Kong and the mainland. So our laws are different from the laws in China. And we do have a border and so on. We do have different governments, even though as a regional government, we do report to the central government.

So I think what we want locally is to make sure that we can protect [Snowden] and make sure that we can live up to our core values and make sure that we treat this person according to all the rights that he should be getting under Hong Kong law. And... exactly what I don’t want to see, is that this sort of political influence to be interfering into the justice process, the judicial process that Mr. Snowden may end up having to get in Hong Kong. If, for example, the US starts by contacting the Hong Kong government to try to initiate an extradition, and if Mr. Snowden decides to try to get asylum or apply for refugee status here in Hong Kong, he — if he chose to do that, if the process comes to that point, he should be getting all the rights. [...]

If the US started to initiate a process [to] say that we want to arrest this person and start an extradition process, then Mr. Snowden could apply in Hong Kong for refugee status. And then there would be at least two tests: first by the United Nations High Commission on Refugees to determine whether or not, for example, that he will face torture at home and whether or not this is political persecution and so on, and second, also by the Hong Kong court. [...]

He will be accorded rights to appeal all the way up to our highest court in Hong Kong. So, assuming that money and financial issues — because you do need to get lawyers and so on — assuming those are not an issue, these processes in the past could have taken quite a bit of time. But... if [Snowden] isn’t successful and there has to be a final decision to be made about the extradition, our chief executive in Hong Kong, which is pretty much [like] our president... he will have to make the final decision. But because this case very likely will involve foreign relations, then he has to consult the central government. So, in the end, it means that the process can be a pretty prolonged process, and, second, Beijing will probably come into the equation to make a final decision in the end.

You can watch the full interview here.

The NSA's Prism & its Capabilities

Saturday, 8 June 2013

It has been two days now since the Guardian and the Washington Post reported that the US National Security Agency has "obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document." As part of a surveillance program called Prism, the NSA and the FBI, the Post reported, are "extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets."

But since the initial reports, the Internet companies have all denied this "direct access" claim [1], which prompted the Guardian on Saturday to publish the secret source document showing the NSA's description of Prism as program enabling "collection directly from the servers of these service providers: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube, Apple."

So what exactly is Prism and how does it work?

In my view, it is possible too much has been read into the NSA's description of Prism as enabling "collection directly from the servers." Taken in isolation, this statement does not necessarily mean that the NSA has direct and unrestricted access to these companies' central computers to sift through troves of private data whenever they feel like it, which is what the initial reporting seemed to imply. "Collection directly from the servers" could feasibly mean Prism is the codename the NSA uses for a "separate, secure portal" that is linked to or located within the servers of these companies. As the New York Times reported on Friday:

[I]nstead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said. [...] In at least two cases, at Google and Facebook, one of the plans discussed [with the government] was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.

This could still be understood as "collection directly from the servers," but the distinction is that it is not "open-ended access." Under this system, the NSA — or the FBI on behalf of the NSA — would obtain a court order under the Foreign Intelligence Surveillance Act and use it to demand the respective company turn over various data into its "separate, secure portal." The scale of the data grab, though somewhat limited in scope by the court order, could still be huge. As was separately disclosed earlier this week, for instance, a single FISA order can be used to obtain millions of phone records.

The confusing thing about this picture of Prism, however, is that it still conflicts a little bit with how the system was portrayed by the newspapers that reported on the secret documents. The description of a "separate, secure portal" like an "online room" where companies "deposit" data for the government suggests that the transaction happens in static, incremental stages: data is requested by the government, data is passed over by the company, then the government sifts through it. But the Washington Post's reporting suggests the transaction does not occur in static stages because it can involve real-time monitoring:

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

Additionally, the source who disclosed the document, described as a career intelligence officer, told the Post: “They quite literally can watch your ideas form as you type.”

So this means that if the companies are not providing "direct access" to their servers to mine data indiscriminately, then the "separate, secure portal" can also be used not just to "deposit" data, but also to obtain access to real-time communication flows, presumably authorized by a FISA order and implemented by the respective company that receives it (Google, Apple, Facebook, etc). Indeed, in a statement Sunday, the US director of national intelligence James Clapper said in a statement that Prism was authorized under Section 702 of FISA and he described the program as an "internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers."

The question, then, is how sweeping the FISA orders are. The Post reported that "from inside a company’s data stream the NSA is capable of pulling out anything it likes" and also said that the NSA's spies use Prism through a "Web portal" that entails entering “'selectors,' or search terms, that are designed to produce at least 51 percent confidence in a target’s 'foreignness'." This suggests to me that we are talking about dragnet FISA orders that oblige the companies to turn over huge amounts of data, some in real time, handled by the NSA on a system codenamed Prism, which may involve the NSA having its own "secure portal" within or at least linked to company servers.

The companies would not know that they were participating in anything named "Prism" — that is just the NSA's internal codename for the program. From the companies' perspective, all they are doing is responding to court-authorized FISA orders. What I would like to hear each of the companies publicly explain is whether they have any kind of interface for facilitating government FISA orders built within or linked to their server infrastructure. (See this update below.)

I should note that all of the above is my own speculation based on an analysis of the available facts. Other theories I have heard proposed include that the NSA has essentially secretly "hacked" the respective companies' servers by spoofing encryption certificates. But I think that is far-fetched and that what I have suggested here is likely more in line with what is happening, though, again, I am only speculating. Without access to the full leaked source documents, it is difficult to comprehensively analyse the details. Only a fraction of the secret documents has been published so far, presumably for legal and/or editorial reasons. There are reportedly 41 top-secret leaked PowerPoint slides in total related to Prism but only about four or five have been made available by the Guardian and the Post. It is my hope that they will all surface eventually so we can get a better and more accurate understanding of what this controversial surveillance program entails.

*****

[1] Facebook said it does not "provide any government organization with direct access to Facebook servers." Apple said "we do not provide any government agency with direct access to our servers." Microsoft said "If the government has a broader voluntary national security program to gather customer data we don’t participate in it.” Yahoo said "We do not provide the government with direct access to our servers, systems, or network.” Paltalk said it "does not provide any government agency with direct access to its servers.” AOL said that it does not "provide any government agency with access to our servers.” And Google, too, said that it had "not joined any program that would give the U.S. government — or any other government — direct access to our servers."

*****

UPDATE, 9 June 2013: A new report from the Washington Post has some additional interesting details about Prism. The Post has spoken with anonymous executives at some of the companies linked to the program, who "acknowledged the system’s existence and said it was used to share information about foreign customers with the NSA and other parts of the nation’s intelligence community." The report adds:

According to slides describing the mechanics of the system, PRISM works as follows: NSA employees engage the system by typing queries from their desks. For queries involving stored communications, the queries pass first through the FBI’s electronic communications surveillance unit, which reviews the search terms to ensure there are no U.S. citizens named as targets.

That unit then sends the query to the FBI’s data intercept technology unit, which connects to equipment at the Internet company and passes the results to the NSA.

PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.

This seems in line with my theory above about the functionality of the system — that it is a "secure portal" within or at least linked to the companies' servers. What is particularly notable is the role of the FBI in reviewing the search terms, and the fact that the companies apparently do not see what the NSA is searching for. I think this hammers home the point regarding the sweeping scope of the FISA orders, which we need to know much more about. Even without any further information, however, it is clear to me that Prism has huge ramifications — in particular for all non-US citizens using services like Gmail, Skype, and Hotmail.

Saudi Drone Base Blackout

Thursday, 7 February 2013

Yesterday it was widely reported that the United States has been operating "secret" drone base in Saudi Arabia since 2011. Not only that, but some American news organisations had known about the base for more than a year and chose not to disclose its existence because of a blackout agreement made with the government.

Here's a snippet from the Washington Post's report:

The Washington Post had refrained from disclosing the location at the request of the administration, which cited concern that exposing the facility would undermine operations against an al-Qaeda affiliate regarded as the network’s most potent threat to the United States, as well as potentially damage counterterrorism collaboration with Saudi Arabia.

The Post learned Tuesday night that another news organization was planning to reveal the location of the base, effectively ending an informal arrangement among several news organizations that had been aware of the location for more than a year.

But the logic here doesn't stack up. Why? Because on 26 July 2011 a story was published by the London Times titled "Secret drone bases mark latest shift in US attacks on al-Qaeda." This report revealed the existance of a CIA drone base in Saudi Arabia, and even went as far as to speculatively pinpoint its exact location:

The CIA has set up a network of secret drone bases in Arab states in a major escalation of its campaign against al-Qaeda militants in Yemen.

Sources in the Gulf say the agency is now massed along Yemen’s borders, launching daily missions with unmanned Predator aircraft from bases in Saudi Arabia, Oman, Djibouti and the United Arab Emirates. [...]

“Oman, Saudi and the UAE are being used as bases for drones. The operation against al-Qaeda has been stepped up in Yemen and in Somalia,” said a Gulf defence source. [...]

A senior Gulf intelligence source believes the most likely base in Saudi Arabia is at Khamis Mushayt in the southwest. The site has been used by Saudi forces for airstrikes against Houthi rebels in northern Yemen. A possible alternative is Sharurah in the kingdom’s Empty Quarter, close to the Yemeni border but considered less secure.

What this means is that the information the United States government was pressuring American reporters to keep secret was already in the public domain — it had already been "outed," as it were, and it hadn't damaged counter-terrorism operations or the relationship with Saudi Arabia. Anyone with an Internet connection — and yes, that includes members of al-Qaeda — could find out that the CIA had a "secret" drone base in Saudi Arabia simply by doing a quick Google search. (Even though the Times story is behind a paywall, the first few paragraphs, which include the Saudi detail, can still be viewed for free.)

Defending the decision not to publish this information after some criticism, Washington Post reporter Greg Miller posted a tweet today saying: "For the record, WaPo has reported CIA drone base on Arabian peninsula since 2011, w/out disclosing it was in Saudi." I asked him why not disclose the specific country when it had already been published elsewhere, and he responded: "Short answer: US govt concerned more about US press than British, and saying on Arabian peninsula puts readers pretty close."

I think this shows poor judgement. It seems flawed to make a distinction between the British and American press here, especially in the age of the Internet. All news stories published online are distributed instantly to an international audience. By disclosing the existence of an "Arabian peninsula" base while suppressing the exact country in question — even though it is already in the public domain — not only are you serving no substantive purpose but you are doing your readers a disservice.

In national security journalism, difficult decisions often have to be made under incredible pressures. Sometimes, there can be a legitimate need to keep a certain military operation undisclosed if, for example, lives are at stake. But in this case I think the American press got it wrong. Unfortunately, it comes off looking like another example of deference to power that will ultimately taint the reputations of the newspapers involved.