September 22, 2016 | Posted in 4th Amendment, Al-Qaeda, Classified Information, Department of Defense, Director of National Intelligence, E.O. 12333, FISA, FISC, Intelligence, Leaks, NSA, President Obama, Russia, Snowden, Terrorism | By Tom Wither
In recent days, in the run-up to the release of an Oliver Stone helmed movie about him and his self-admitted theft of secrets from NSA and subsequent flight to China and then Russia, Edward Snowden has stated that he believes he deserves a presidential pardon for his crimes.
He bases this on a belief that, “If not for these disclosures, if not for these revelations, we would be worse off,” and goes on to say that a pardon would be appropriate, “…for the exceptions, for the things that may seem unlawful in letters on a page but when we look at them morally, when we look at them ethically, and when we look at the results, it seems obvious that these were necessary things,”. Both these quotes come from a CNN article that cites an interview in The Guardian.
Estimates reported by news outlets vary, but he allegedly stole approximately 1.5 million classified documents from NSA’s internal networks, far more material than anyone could have possibly needed to demonstrate alleged malfeasance and abuse by the government. According to NBC and Defense One, he did so by using computer passwords and credentials belonging to a civilian employee of NSA, a member of the military, and an NSA contractor to hide his criminal acts – in other words, he acted as a thief and con man to gain access to as much classified material as he could before he fled to China, and Russia – two great bastions of freedom and personal privacy.
Much has been made in various media outlets of the alleged impropriety, illegality, or unconstitutionality of NSA’s foreign intelligence efforts, both within the U.S. and abroad. However, after extensive public debate, the most controversial tools that concerned U.S. citizens remain in NSA’s toolbox, one of them, the ‘Section 215’ program, retooled by Congress and the Obama administration to ally the public’s concerns about potential overreach or misuse, but not halt it.
Moreover, NSA’s extensive efforts to preserve and protect the privacy rights of U.S. citizens is now documented the Director of National Intelligence’s ‘IC on the Record’ pages on Tubmlr. Thousands of now declassified documents that demonstrate how the government worked within the constitutional and complex legal framework set up to protect U.S. citizen privacy rights during the conduct of NSA’s SIGINT operations – controls that have been in place since at least 1980.
With regard to Mr. Snowden’s assertion that we “…look at the results…” of his actions to see that his pardon is warranted, we can do that. The report from the DoD Information Review Task Force-2 (IRTF-2) Initial assessment in December of 2013, titled ‘Impact Resulting from the Compromise of Classified material by a Former NSA Contractor’, said in its overall assessment that, “The IRTF-2 assesses with high confidence that the information compromise by a former NSA contractor….will have a GRAVE impact on U.S. national defense.”
In January 2015, Al-Qaeda created a YouTube video after the Snowden leaks teaching its operatives how to evade what the terrorists referred to somewhat erroneously as ‘FBI Secret Spying technology’. In May of 2015, the Henry Jackson Society, a conservative British think-tank published a 78-page report that drew heavily from the testimony from senior security sources outlining how terror groups had changed their communications methods and began more extensive use of encryption to hide terrorist operations from intelligence agencies. A July 2015 report in the New York Times also reported the Islamic State learning communications security from the Snowden leaks.
More recently, a Wall Street Journal article discussed how an Islamic State terrorist who led the November 13th terror attacks in Paris, evaded western intelligence agencies using better operational discipline and technical savvy in his communications. An awareness of which Mr. Snowden’s leaks undoubtedly raised, given the previous reporting.
The results of Mr. Snowden’s theft and leaks are pretty clear to my mind. Operating from a misguided sense of superiority and a flawed and incomplete understanding of the extensive U.S. person privacy protections in place within the intelligence community more broadly, and NSA in particular; he elected himself congressman, attorney general, and judge of a process and an oversight regime he initially tried to cheat his way into, and then barely had three months of experience in as a contractor (I’ll bet none of that is in the movie).
President Obama believes Snowden should stand trial, and so do I.
December 20, 2015 | Posted in Air Force, Author, Blog, Classified, Classified Information, Congress, Cyber attack, Department of Defense, E.O. 12333, FISA, Intelligence, Law Enforcement, Leaks, NSA, PPD-28, President Obama, Privacy, Snowden, U.S. Code Title 10, U.S. Code Title 50, Writing | By Tom Wither
I hope you’ve had a great summer and fall, and are enjoying the holiday season. I’d like to extend my thanks for being fans of my work, and wish you happy holidays and a bright new year.
I’ve been busy crafting my next novel, a project I’ve named ROGUE SENTINEL, and I will finish the manuscript shortly after the New Year. ROGUE SENTINEL will see Shane Mathews take on a solo mission to Jordan to find and capture an Islamic State mission planner known only as ‘Al-Amriki’ – The American.
Up next, I’ll be resuming work on SWIFT JUSTICE, the third and concluding novel of the ‘Aziz Trilogy’ that started with THE INHERITOR and AUTUMN FIRE, with main characters Shane Mathews and Emily Thompson.
During the year I’ve written a few Op-Eds on current issues that have been published in the Baltimore Sun and in The Hill’s Congress Blog. Here’s a list so you can look at them if you’re interested.
‘The NSA data collection program isn’t criminal; ending it is’ – http://www.baltimoresun.com/news/opinion/oped/bs-ed-nsa-data-20151203-story.html
‘Open Letter from a cyber terrorist’ – http://thehill.com/blogs/congress-blog/homeland-security/255370-open-letter-from-a-cyber-terrorist
‘Stand with our watchers’ – http://thehill.com/blogs/congress-blog/homeland-security/261237-stand-with-our-watchers
‘Access to encrypted communication, a balancing act’ – http://www.baltimoresun.com/news/opinion/oped/bs-ed-encryption-data-20151001-story.html
‘Clinton E-mails: Who else was involved?’ – http://www.baltimoresun.com/news/opinion/oped/bs-ed-clinton-emails-20150908-story.html
‘The country is vulnerable without CISPA’ – http://www.baltimoresun.com/news/opinion/oped/bs-ed-cispa-redux-20150209-story.html
Thanks again for being fans of my stories, and feel free make them presents for the fiction reader on your holiday list – they can be purchased from Amazon or Barnes & Nobel as e-books or hardcopies in trade paperback. You can even contact me via firstname.lastname@example.org for a signed copy if you like.
Take care and Happy Holidays!
July 27, 2014 | Posted in 4th Amendment, Department of Defense, Director of National Intelligence, E.O. 12333, FISA, FISC, Intelligence, Leaks, NSA, PPD-28, Privacy, Snowden, U.S. Code Title 50 | By Tom Wither
Over the last year, some media outlets have used the leaked classified material from Edward Snowden to write news stories that imply NSA has either: allegedly violated the privacy rights of ‘every American’ or exceeded its authorities. In every one of these stories, what is usually missing is a SIGINT professional’s level of understanding on the part of the journalist, admittedly difficult to gain when SIGINT operational training is classified.
Signals intelligence, referred to as SIGINT, is both technically complex due to the nature of modern communications technologies, and legally complex, due to the heavy legal and Constitutional burdens placed on the professionals at NSA who conduct it.
These professionals spend months and oftentimes years during a career training in the operational, technical, and legal aspects of conducting SIGINT – which includes training in the protection of U.S. person privacy.
For example, a recent Washington Post article on July 11th, ‘How 160,000 intercepted communications led to our latest NSA story’; written to amplify its July 5th story ‘Non-targets far outnumber targets in NSA data collection’, states that the rules for ‘minimization’ of U.S. person information are ‘opaque’ – in fact, they are not opaque at all.
The minimization rules come in two forms, both of which are written in black and white for anyone to read, now that they have been declassified. They are contained in the Foreign Intelligence Surveillance Court’s minimization instructions as part of its numerous court rulings, and United States Signals Intelligence Directive 18 (USSID 18). USSIDs provide implementation guidance and direction to NSA’s civilian and military workforce, ensuring our Constitutional principles, current laws, Executive Orders, and binding court orders are implemented and enforced within the entire United States SIGINT System. For the purposes of this blog post, we’ll focus on USSID 18.
USSID 18 is titled, “Legal Compliance and U.S. Persons Minimization Procedures”, and is fifty-two pages long. Naturally, portions of many paragraphs are blanked out as part of the declassification process, but the direction in, and intent of USSID 18 are very clear, and I can tell you from my experience in the intelligence community that it is binding and followed by all SIGINT professionals.
Discussing all the limits USSID 18 places on SIGINT operations would take several blog posts worth of space, but we can look at one instance where USSID 18 applies in the Washington Post’s July 5th story.
The Post’s story states that, in the sample of surveillance files it reviewed, ‘NSA analysts masked, or “minimized,” more than 65,000 [references to U.S. citizens or residents], but the Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S. residents.’ This line is clearly meant to bolster the implication that U.S. person identities or identifiers incidentally collected under the legally authorized, and court monitored FISA Amendments Act (the Patriot Act) Section 702 program are not properly minimized.
If this element of the Post’s story is accurate, that translates to a 98.7% accuracy rate (based on (900 / 65,900) x 100) of minimization, as required under USSID 18 – an operational standard that many U.S. corporations would envy. The Post didn’t word it that way, but it is example of how the professionals at NSA take protection of U.S. person privacy seriously, rather than supporting the Post’s implication that NSA treats U.S. person data in a cavalier manner.
The Post’s explanatory piece on the 11th also expresses its concern about the volume and nature of incidental collection, the Director of National Intelligence’s assertion that it is unable to estimate how many Americans are affected, and that no outside watchdog – the Congress, courts, or the President’s Privacy and Civil Liberties Oversight Board have access to the content to judge for themselves.
The reason for this is obvious to a professional. Although the Post could traipse at will through its purported pile of 160,000 intercepts (reviewing U.S. citizen’s private information under the comforting blanket of the 1st Amendment) – the government cannot legally look through incidental collection to identify and characterize it because laws, and both executive and court orders forbid it. Laws and orders every American citizen, including those working at NSA, must obey.
At this stage of the debate, I had hoped to see stories covering how NSA adheres to law and policy to conduct their assigned foreign intelligence mission, using background interviews with NSA’s professionals and managers in a more transparent environment. Instead, we continue to see stories from some members of the media filled with a selected set of ‘facts’ provided by a man charged with theft and violations of the espionage act, filtered through well-intended, but only partially educated journalist guesswork, resulting in implications or insinuations of impropriety or illegality. There is more to the story than just what Mr. Snowden, or the journalists who support him, would have you believe.
January 26, 2014 | Posted in Classified Information, Department of Defense, Director of National Intelligence, E.O. 12333, FISA, FISC, Intelligence, NSA, President Obama, Snowden, Terrorism, U.S. Code Title 18 | By Tom Wither
The editorial boards of the New York Times and Washington Post, a handful of members of Congress and others in the general public will undoubtedly continue to advocate for the extension of clemency for Mr. Snowden. The reasons why he will not be receiving clemency are pretty clear to me.
Let’s review what he’s charged with (you can read the criminal complaint filed with the court yourself). Bear in mind that this is likely only the initial set of charges. They could be amended once he’s in custody and a fuller understanding of his actions and activities is known (charges of misuse of government computer and telecommunications systems, etc.).
Snowden is charged with:
- Theft of Government Property – 18 U.S.C. Section 641
- Unauthorized Communication of National Defense Information – 18 U.S.C. 793(d)
- Willful Communication of Classified Communications Intelligence Information to an Unauthorized Person – 18 U.S.C. 798(a) (3)
HOW MANY COUNTS & THE PENALTY IF CONVICTED
One of the things missing so far is the number of counts for each of these charges. Something the government may amend the compliant to include once Mr. Snowden is in custody or been arraigned. Statements by various NSA officials to the media have provided the following numbers to consider: 1.7 million documents stolen. 200,000 of those leaked to journalists so far. In briefly perusing the 2013 Federal Sentencing guidelines, for just one conviction of violating 18 U.S.C 793(d) or 18 U.S.C. 798(a)(3), the minimum sentence is between seven and nine years.
Even if we assume the best case, and the government treats the entire theft of 1.7 million documents as one theft, and the communication of the information to Mr. Greenwald and Ms. Poitras are treated as two counts of unauthorized communication of National Defense Information, and two counts of Willful Communication of Classified Communications Intelligence Information; Mr. Snowden is looking at between 35 and 45 years in prison, aside from whatever fines the court may impose.
Worst case, the government chooses to make a point with Mr. Snowden’s case, and they charge him with just 10 counts each (out of a possible 1.7 million thefts and 200,000 unauthorized and willful communications). Do the math for 10 counts on each charge and that’s 210 to 270 years in prison.
THE GOVERNMENT’S POSITION
Any hope that some in Congress, the public, and the media may have that Mr. Snowden will be given clemency should be tempered by the following statements:
President Obama – “…I will say that our nation’s defense depends in part on the fidelity of those entrusted with our nation’s secrets. If any individual who objects to government policy can take it into their own hands to publicly disclose classified information, then we will not be able to keep our people safe, or conduct foreign policy. Moreover, the sensational way in which these disclosures have come out has often shed more heat than light, while revealing methods to our adversaries that could impact our operations in ways that we may not fully understand for years to come.”
Attorney General Holder – “We’ve always indicated that the notion of clemency isn’t something that we were willing to consider. Instead, were he coming back to the U.S. to enter a plea, we would engage with his lawyers. ”
A CRIMINAL NOT A WHISTLEBLOWER
What Mr. Snowden continues to fail to understand is something the President pointed out in his speech, and that FBI Director Comey pointed to in his remark quoted above.
“What I did not do is stop these programs wholesale — not only because I felt that they made us more secure, but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens.” – President Obama
You can’t ‘blow the whistle’ on a program that is implemented under a law Congress passed, the President signed, and that the Courts oversaw in concert with Congress. Should Congressional Oversight have been tighter? From what I’ve seen in the open hearings, there is a reasonable argument to made there. Should legislators and the Courts keep better pace in all areas of law regarding the rapid advances in telecommunications technology and related privacy issues? There is a case for that too.
Did those changes need to be fomented by a series of media sensationalized, unauthorized leaks of classified material describing lawful activities by the intelligence community where no evidence of willful abuse had occurred? Leaks that damaged diplomatic relations with our allies and other friendly nations? Leaks that have, according to members of the intelligence committees, caused terrorists to change their communications methods and potentially exposed military operations, increasing the risk to our military service members at home and abroad? Leaks that will in all likelihood continue because ‘journalists’ like Mr. Greenwald and Ms. Poitras care more about selling stories than they do about the safety and security of American, allied, and friendly nation’s citizens throughout the world? No, it did not.
Mr. Snowden could (and should) have gone to the NSA Inspector General, or the Director of National Intelligence’s Inspector General, or the Department of Defense’s Complaint Hotline for classified complaints. He also could have made a complaint to the FBI or Attorney General’s Office, or his company’s security office or leadership. If all of those failed, he could have gone to Congress himself with his concerns. Oversight committees LOVE to investigate potentially unlawful acts by the executive branch, and moreover, it’s their job to do so.
Instead, Snowden chose to steal 1.7 million classified documents and shared at least 200,000 of them (so far) with two members of the media, then made sure everyone knew he did it as soon as possible, so he could rise from obscurity, and show everyone that he really did know better than the collective wisdom of the members of Congress, the 15 judges on the FISA Court, and the administrations of two Presidents. Moreover, real whistle blowers have the courage to stand up and be counted, even if they must stand in a courtroom to do it. They don’t run away to a foreign nation to avoid the consequences of their actions, afraid of punishment for their criminal activities before the charges are even filed.
As I’m sure you’re aware, President Obama gave a speech Friday to describe the ‘reforms’ he was directing NSA to implement to restore the American public’s confidence in NSA’s activities, and reassure the citizens of our foreign partners and allies that NSA’s capabilities were not being used against them.
These confidence building measures (I won’t call them reforms again) were well thought out, and articulated well. Based on the news reports after the President’s speech, many commentators, pundits, politicians, and newspaper editors believe the President outlined some good ‘first steps’ but did not believe he went far enough. It seems to me that Obama the President, as opposed to Obama the Candidate for President, has a much firmer grasp and understanding now, not just about what the U.S. Intelligence Community is capable of doing, and under which legal and other oversight authorities they do it, but also the extreme value of their intelligence products in the maintenance of national security, the development of foreign policy, and the conduct of diplomacy. He also has a great appreciation and respect for the hard work and sacrifices of the intelligence professionals at NSA (none of the NSA’s leaders are political appointees) and throughout the intelligence community.
Let me highlight some of the lines from his speech and talk about them a little.
“…the folks at NSA and other intelligence agencies are our neighbors. They’re our friends and family.” – Yes they are. They are civilian employees and members of the United States military who have sworn their lives to defend our nation. They are also people just like you and I, and they have taken the extra step of surrendering some of their personal privacy for the protection of their fellow citizens by permitting the government to conduct background checks to be sure they are people of good character. The aren’t required to be perfect people, just people of good character, as are the majority of our fellow citizens. Friends and colleagues were interviewed and vouched for them. They were looked at to determine if they had criminal pasts or any associations with any foreign government or groups advocating the violent overthrow of the U.S. government. Their citizenship, places of residence, and education were all verified. For senior leaders, they have also exposed their personal financial situation to examination to be sure undue monetary influences, foreign or domestic were not present. All of them are strapped to a polygraph machine on a recurring basis so their suitability for a position of trust could be confirmed. How many of you would allow that kind of intrusive look at your lives?
“If any individual who objects to government policy can take it into their own hands to publicly disclose classified information, then we will not be able to keep our people safe, or conduct foreign policy.” & “…revealing methods to our adversaries that could impact our operations in ways that we may not fully understand for years to come.” – These two items speak to Mr. Snowden’s alleged criminal activities. If you are hoping Mr. Snowden will be welcomed home a hero, or should be given credit for fomenting the debate in this country about personal privacy, I suggest you reconsider. The President is obviously unimpressed with his actions, as are all of the Senators and Representatives I’ve heard speak on the issue. Congressmen Rogers and Ruppersberger, the Chair and Minority Leader of the House Permanent Select Committee on Intelligence, both spoke last week about the serious damage Mr. Snowden has done to U.S. national security after reading the Defense Department’s initial damage assessment. According to them, that assessment spoke to the tens of thousands of documents related to military operations and activities across all the services taken by Mr. Snowden and leaked to the media as well. Congressman Rogers has also stated previously that Al-Qaeda affiliated terrorist organizations are changing their communications methods as a result of the leaks. If you know someone who is, or have a family member serving in the armed forces at home or abroad, Mr. Snowden didn’t do them any favors.
“…nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens.” & “…the men and women of the intelligence community, including the NSA, consistently follow protocols designed to protect the privacy of ordinary people.” – These two statements clearly affirm that NSA is not a ‘rogue agency’ as some media outlets would prefer to characterize it, ‘spying on Americans’. Moreover, members of both parties on the intelligence and judiciary committees in both houses of congress have taken great care to laud the professionalism and sacrifices of the men and women in the intelligence community during the hearings that have been held since the unauthorized disclosures began in June. Additionally, since the declassification of USSID 18, we can clearly see that U.S. person privacy protections were in place since at least as early as 1993 within NSA, something Mr. Snowden, in his egotistical rush to steal what he could and run to China and then Russia (where privacy protections are so obviously the norm), chose to ignore.
BULK DATA & THE REST OF THE REVIEW GROUP’S RECOMMENDATIONS
The changes to bulk data collection the President proposes are modest, and the President has called on Congress to fulfill its role as the legislative authority. The President obviously feels that the bulk data collection of telephone call records under FISA 215 is a tool he wants the intelligence community to have, but given the public’s concerns about the privacy implications, he has ordered that another FISA Court warrant will be needed to query the collected records, and that the Attorney General and Director of National Intelligence report back to him on a way to have the data held outside of the government, but still available. (I’m sure they will examine the issue as the President has directed, but the phone companies don’t want to hold it, so we’ll need to see what happens.) Also, the NSA will not be able to retrieve records from a query beyond two ‘hops’ from the seed telephone number. This will limit the number of returned call records, and reduce the number of U.S. person phone records reviewed by a professional analyst.
Congress will now need to perform its role in debating and amending as they see fit the FISA law, and the composition/functioning of the FISA Court based not just on what they have heard in open testimony, but also what the intelligence community and NSA has shown them in a classified setting, where I suspect the individual member’s opinions are less influenced by the proximity of reporters and video cameras, and more on practical application of law and the real threats and adversaries in the world.
The President chose not to address many of the remaining review group’s recommendations, ordering some for study, and ignoring (at least in the public speech) others. For example, he did not address the personnel and computer security portions of the review group’s report, which will undoubtedly be actioned within the intelligence agencies, under the watchful eye of the DNI and Congress. The detailed specifics will likely be left to classified briefings to Congress to ensure our adversaries don’t learn too much about the internal security mechanisms of our intelligence agencies. They’ve obviously already learned more operational details than they could have ever hoped for.
PRIVACY PROTECTIONS FOR NON-U.S. CITIZENS
The last item to address then is the extension of privacy protections to foreign (i.e. non-U.S.) persons. Let me say at the outset that in all my professional experience, which is consistent with the testimony heard before Congress over the last eight months and the statements the President has made: the U.S. Intelligence Community is tasked, and therefore interested only in: collecting, analyzing, and disseminating foreign intelligence – just like every other nation on the face of the planet.
During all that testimony, and all those speeches, no one in the U.S. intelligence community ever stated that they cared about or were tasked to gather information on the general public of any country. Moreover, given Congressman Rogers’ assertion during a hearing last fall that ‘the committee has access to all the classified tasking and resulting intelligence reports’, I would expect any number of members to object to any collection effort outside of valid foreign intelligence tasking, if it were in fact occurring.
The U.S. Intelligence Community performs their foreign intelligence mission based on requirements received by the President and the Combatant Commanders around the world. While stated plainly in Executive Order 12333, President Obama’s Presidential Policy Directive PPD-28 re-affirms that and formalizes the ‘rules of the road’ for intelligence collection in the 21st Century. With PPD-28, those rules now include a formal declaration and direction to the U.S. intelligence community to protect foreign citizen’s privacy as they would a U.S. person’s, and it is direction that I’m sure, based on my direct knowledge of the professionalism of the 100,000+ member intelligence community, will be adhered to.
In doing so, the professionals in the U.S. Intelligence Community (of which NSA is a large part) will be doing exactly what it has been doing since 9/11, conducting its operations within the law as it exists, under the oversight regime Congress has put in place, based on the direction and prioritization given to it by the President. Which, by the way, is not a set of circumstances you will find in Russia or China.