Subscribe Now »

Special Holiday Deal

Give the Gift of the

Give one person a magazine subscription for $29.95, and get each additional subscription for just $19.95.

Newsletters

Get Where+When delivered to your inbox every Monday and Thursday.

The question of who knew what and when about the Boston bombings will get muddied by "information overload." By Shane Harris

More than a decade after the 9/11 terrorist attacks, US intelligence agencies are doing a much better job sharing information about terrorism and other national security threats. Their challenge now "is largely one of information overload," says a new report by the Congressional Research Service, published last week. 

"Analysts now face the task of connecting disparate, minute data points buried within large volumes of intelligence traffic shared between different intelligence agencies. According to a [Director of National Intelligence] statement from July 2010, 'Terabytes of foreign intelligence information come in each day, vastly exceeding the entire text holdings of the Library of Congress, which is estimated at 10 terabytes.' In the additional views section of the Senate report on the Christmas day bombing attempt, Senators Saxby Chambliss and Richard Burr noted that analysts who could have connected the dots prior to the incident struggled to search the large volume of terrorism-related intelligence available to them. The same problem was identified at the FBI in the aftermath of the 2009 Fort Hood shooting." 

The crippling dilemma of information overload is not news. (See here, here, here.) But in the context of the Boston Marathon bombings, and the inevitable questions that will follow about who knew what when, it's important to keep this salient fact in mind: The US intelligence community does not have a problem collecting information. It has a problem understanding much of it. 

(Thanks, as always, to Steve Aftergood at the Federation of American Scientists for posting this CRS report, among many others.) 


Posted at 01:13 PM/ET, 05/01/2013 | Permalink | Comments ()
An ex-CIA officer writes about an often-overlooked side of the spying business. By Shane Harris

If you've been watching the nearly non-stop coverage of the Boston Marathon bombings, you've seen a parade of alleged terrorism experts on the major networks and cable outlets. If you've seen Phil Mudd's face, however, you've seen the genuine article

Image: University of Pennsylvania Press

Mudd was the deputy director of the CIA's Counterterrorist Center and, later, the first-ever deputy director of the National Security Branch at the FBI. He left government in 2010, and now he's out with a new book that is part memoir, part inside look at the United States' hunt for the world's most wanted terrorist. 

Takedown: Inside the Hunt for al Qaeda starts with Mudd, in 1984, driving up to the gates at CIA headquarters to answer a help-wanted ad he heard about through a family friend. "I have my resume here," Mudd told the guard through a rolled-down car window. (Not having seen the ad himself, Mudd didn't have an address to mail his application.) A month or so later, he writes, he came home to a message on his answering machine from a guy who only gave his first name. Mudd "knew instantly, despite my ignorance about intelligence, national security, or Washington itself, that this was the CIA." 

Mudd's book is not a story of clandestine operators and special forces, but of the people who try to "connect" those proverbial dots about nascent, ambiguous terrorist plots, and who ultimately played just as vital a role in taking down Osama bin Laden as their gun-toting colleagues. The book is meant to evoke empathy for the pain-staking, frequently confounding work of what some have compared to putting together a jigsaw puzzle without the benefit of the picture on the box. 

Of the CIA's failure to stop the 9/11 attacks, Mudd writes, "It is not that reasoned intelligence analysis could not have pieced together such a story; we learned a painful lesson about understanding this adversary that day. But no one could have believed the scenario that unfolded with enough conviction to take the kind of action needed to fight this threat--global military and intelligence operations, along with diplomacy--that came to convulse the planet."  

Mudd's memoir will feel at home alongside operations-focused accounts of the CIA's war in the shadows, not because it's full of breathtaking adventures from the field, but because it's steeped in a particular culture and ultimately has the ring of authenticity. Mudd explains how the agency crafts the President's Daily Brief in such a way that it sounds more like a daily newspaper than a top secret intelligence document. But that's what you'd expect from someone whose job was to talk to top policymakers about classified material. For Mudd, this was a matter of routine, and while the significance of his line of work was not lost on him, it perhaps didn't seem as novel or enthralling as it may sound to an outsider. 

There are some pretty harrowing war stories in the book. Mudd was part of a small CIA team that went to Afghanistan to help overthrow the Taliban, when the agency "took the gloves off," as Cofer Black, then the director of the Counterterrorist Center, liked to put it. But the book makes its most valuable contributions to the bin Laden story when we see Mudd trafficking in information--the most powerful currency in Washington--obtained from many parts of the vast intelligence system. He takes you deep into the confusing process of sorting all those puzzle pieces and explains that murky process in a clarifying way. 



Posted at 05:57 PM/ET, 04/22/2013 | Permalink | Comments ()
What did Vladimir Putin know about the bombers, and when did he know it? By Shane Harris

There's an intriguing and still ambiguous Russian connection emerging in the investigation of the Boston Marathon bombings. Specifically, it involves the Russian government's interest in Tamerlan Tsarnaev and his potential connection to terrorist groups, as well as a curious offer of assistance in the investigation that came directly from Vladimir Putin. 

The Associated Press reports this afternoon that "the Russian FSB intelligence security service told the FBI in early 2011 about information that Tamerlan…was a follower of radical Islam…" Tamerlan died in a shootout with police Friday morning, and his brother, Dzhokhar, was captured last night. 

The FBI released a statement yesterday that sheds more light on this exchange between the FSB and US law enforcement.  

"…in early 2011, a foreign government asked the FBI for information about Tamerlan Tsarnaev. The request stated that it was based on information that he was a follower of radical Islam and a strong believer, and that he had changed drastically since 2010 as he prepared to leave the United States for travel to the country’s region to join unspecified underground groups." 

The statement doesn't identify the foreign government, but the AP and other news organizations have confirmed with US officials that it was Russia.  

In response to the request, the FBI checked government databases and "other information" looking for so-called derogatory information, according to the statement. Generally, derogatory information is a piece of intelligence, such as a phone record or a monetary transaction, that connects the individual in question to a known or suspected terrorist or group. In Tsarnaev's case, the FBI looked for "derogatory telephone communications, possible use of online sites associated with the promotion of radical activity, associations with other persons of interest, travel and history plans, and education history." 

This is a fairly extensive search, and it suggests that US law enforcement did more than a cursory scan of information for any connections Tsarnaev may have had to terrorist groups or fundamentalists. The FBI also interviewed Tsarnaev and unspecified family members. "The FBI did not find any terrorism activity, domestic or foreign, and those results were provided to the foreign government in the summer of 2011," the statement said. 

So far, pretty straightforward. But here's where things get curious. On April 16, one day after the bombing, Russian President Vladimir Putin publicly offered his country's assistance in the investigation. In a note posted on the Kremlin Web site, Putin condemned the attacks and said Russia “would be ready to provide assistance” to US investigators. 

This offer of assistance came three days before the FBI publicly identified the suspects and noted their Russian/Chechen roots. Did Putin know, or have some reason to suspect, who the bombers were, or that they had a connection to his country?  

It would not be unthinkable, or in some cases even unusual, for the head of a foreign government to offer condolences and assistance in the wake of a terrorist attack. And this was the most significant and high-profile attack on American soil since 9/11. But US-Russian relations are frosty right now amidst talk of a '"reset." Is this Putin making a first step towards better relations? Was he preemptively trying to cover himself knowing that a Russian connection in the bombings would emerge?  

On Friday, President Obama spoke with Putin and  "praised the close cooperation that the United States has received from Russia on counterterrorism, including in the wake of the Boston attack," according to a White House statement. 

Since the bombing, US officials have reportedly been looking at Tsarnaev's travel records and have found that he traveled from JFK International Airport to an airport near Moscow on January 12, 2013. He returned to JFK on July 17. It is not yet clear who Tsarnaev met with while he was there. Officials have reportedly found no connections with terrorist groups during that visit. But if Tsarnaev was "radicalized" or received any special training, perhaps in bomb making, investigators will want to know more about what he did while he was in Russia, and who he met with. Presumably, Putin's offer of assistance will come in handy as US investigators try to answer these questions. 

Posted at 02:23 PM/ET, 04/20/2013 | Permalink | Comments ()
CIA's former bin Laden hunters say don't rule out a foreign terrorist organization in the Boston bombings. By Shane Harris

The FBI has released photos and video of two men described as suspects in the Boston Marathon bombings and has asked for the public's help locating them. FBI Special Agent in Charge Richard DesLauriers emphasized during a press conference that no detail was too small, and that these are the only two men the FBI considers suspects at this point. The public was urged to disregard other photos at this point and to call 1-800-CALL-FBI (1-800-225-5324), prompt #3 with information. 

Officials did not say whether they think the suspects are part of a known terrorist group, whether foreign or domestic. A press conference in Boston this afternoon was short on details of the investigation. The man in the white cap, DesLauriers said, is believed to have put down a backpack that contained one of the two bombs. 

It's obviously too early to say definitively who these men are or how they may or may not be connected to an organized group. But three former CIA officers who I spoke with this morning--before these photos were publicized--cautioned against ruling our a foreign connection at this early stage. The former officers were in Washington to talk about their role in the upcoming HBO documentary Manhunt, about the CIA's search for Osama bin Laden--in which they all played key roles. I'll have more on the movie in a few weeks. I asked them to give me their read on the unfolding investigation in Boston. 

They all thought that it was premature to say this is not the work of al Qaeda or some foreign terrorist group. Just because this attack doesn't fit AQ's previous signatures doesn't mean the group hasn't changed up the playbook. And just because there were apparently few, if any, warning signs or chatter in the run-up doesn't mean that the attack must have been planned by a domestic terrorist group. 

"My fear has always been that al Qaeda would go low-tech and tactical," said Marty Martin, who was in charge of the operational hunt for bin Laden after 9/11. Martin worried that the group would move away from its trademark spectacular attacks that cause mass casualties (blowing up buildings and airplanes) towards assaults on soft targets, such as shopping malls, that might result in fewer deaths but still end up sewing panic and confusion, and that are easier to plan and harder to interdict. The finish line of the Boston Marathon, Martin said, is a very soft target and a very high-profile one. 

When bin Laden was alive, al Qaeda tended to favor bigger, large-scale attacks. But now that he's dead, the strategy may have shifted, noted Cindy Storer, an analyst who was part of the CIA "sisterhood" following bin Laden's trail in the 1990s. Martin added that an Egyptian, Ayman al-Zawahiri, bin Laden's long-time no. 2, is now in charge of the group, and that Egyptian terrorist groups have historically used the lower-scale, tactical attacks like the one in Boston. 

Nada Bakos, a former CIA targeting officer who tracked al Qaeda in Iraq, also urged people not to over-generalize al Qaeda. There are multiple variants and offshoots. Might the Boston attack have been executed by a group that hasn't shown up on the radar yet? Al Qaeda and its affiliates have also successfully recruited westerners and others who might draw less suspicion and have an easier time entering the United States, she said. Indeed, the group has made no secret of its desire to do so. 

Everyone cautioned they were just speculating, but their insights were nevertheless instructive. For instance, despite some commentary that the attack must be the work of amateurs because it didn't kill more people and involved improvised bombs, all three former officers said the attack reflected a high degree of skill, and possibly some significant training. For starters, the attackers--they didn't know how many there were this morning--built two bombs that went off as planned. That's not as easy as you might think. Building an explosive device that works as intended it not as simple as following a recipe on the Internet. Faisal Shahzad, the Times Square car bomber, couldn't do it. Neither could Umar Farouk Abdulmutallab, the Underwear Bomber who tried to blow up an airplane mid-flight. 

Second, the attackers were able to "infiltrate, execute, and exfiltrate," as Martin put it, meaning they got to their target, planted and set off the devices, and then got away without being caught. Martin called that "disconcerting." Pulling off this kind of mission isn't easy, and the fact that investigators are coming up short on leads lends credence to the idea that the attacker may have been trained in how to avoid detection. Martin speculated that they might have used disguises like wigs or hats, which would make them harder to find now. (In the photos, both men are wearing ball caps. One is wearing sunglasses.) 

Even though the signs don't point to a traditional al Qaeda attack, that doesn't mean it was planned at home or is the work of a lone-wolf. We could be witnessing something new, or a variation on an old strategy. 





Posted at 04:11 PM/ET, 04/18/2013 | Permalink | Comments ()

Federal investigators trying to identify the culprit of the Boston Marathon bombings are being flooded with with photographs and videos sent in by the public. 

A spokesperson for the FBI’s Boston Field Office, which is leading the case, said they’ve been “inundated with material,” including images captured on cell phones that have been sent to the office by e-mail. The FBI isn’t commenting on how many items it has received or on how it’s dividing up the laborious process of looking at the images for clues. “It’s being worked on, everything is coming in here,” the spokesperson said. 

The Boston Regional Intelligence Center, a federally supported “fusion center,” is also receiving tips from the public. However it’s passing all that information along to the FBI. Asked how many images the center has received, an employee there said, “I don't have a number. I don't think anybody does, but it’s a lot.” 

An employee at the Commonwealth Fusion Center, which is part of the Massachusetts state government, referred all inquiries to the Boston Field Office. 

This afternoon, CNN and Reuters reported that authorities in Boston may have identified a suspect in the bombings from surveillance video at a Lord & Taylor department store. A press conference is expected at 5 PM. UPDATE: Those initial reports turn out to be incorrect, with multiple news organizations now reporting no arrests have been made. 

You can get a sense of what FBI investigators are going through from this Reddit thread, where members are taking on a crowd-sourced version of the painstaking imagery analysis. 

The intelligence community has the capability to process and analyze large volumes of imagery data. But so far, sources tell me that the FBI has the lead on this investigation and has not asked for assistance from other agencies. One intelligence official says that if the FBI were to ask for outside assistance, they might bring in help from a fusion center, but at least in Massachusetts, that’s not happening. 

For the past two days, investigators have been coming up short on leads. Sources close to the investigation said that the likely break would come from some of the images now being collected. 

There’s a fairly standard playbook that intelligence and security agencies follow in the wake of a terrorist attack. A kind of “all-hands” message will be sent to the several intelligence agencies, with the request that they re-examine any information they’ve collected recently that might have bearing on the current case, one former official explained. The paucity of leads suggests these agencies didn’t find much. One official said that there had been no chatter or indications of an attack by a foreign group leading up to the bombing or after it. 

The FBI requests that anyone with images of the bombing site or the surrounding areas send the material to the Boston Field Office at Boston@ic.fbi.gov.  

Posted at 01:30 PM/ET, 04/17/2013 | Permalink | Comments ()

Almost 24 hours after the bombings in Boston, we're hearing few details about potential suspects. An intelligence official tells me that while the attack is clearly an act of terrorism, there was no hard information, as of last evening, about whether the perpetrator(s) is a foreigner or a homegrown terrorist--or perhaps someone inspired by a foreign group. The number of leads seems troublingly slim. 

This is precisely the moment in these kinds of investigations when vague, loosely sourced details of a "person of interest" begin to emerge, and when readers--and especially journalists--should be on guard. Consider the textbook example offered by the 1996 Centennial Olympic Park bombing during the summer games in Atlanta, a bombing that, similar to the attacks in Boston, used a small explosive device placed low to the ground in a crowded public area. 

Within a few days of the explosion, federal law enforcement officers turned their attention to a security guard, Richard Jewell, who'd initially been hailed as a hero for alerting police to a suspicious package and then helping to evacuate people from the scene after the bomb went off. Then, like now, investigators were under extraordinary pressure to frame a high-profile act of domestic terrorism around a suspect. They offered up Jewell, and in off-the-record chats with reporters and through authorized leaks of details in the investigation, spun a story about a disgruntled, fame-seeking security guard who'd decided to kill innocent people in order to make himself famous. 

None of it was true. 

The Atlanta-Journal Constitution was the first to report, 72 hours after the explosion, that Jewell was a focus of the investigation. In credulous language that looked like it could have been dictated to the reporters by an FBI agent, the paper said Jewell "fits the profile of the lone bomber. This profile generally includes a frustrated white man who is a former police officer, member of the military or police 'wannabe' who seeks to become a hero." 

Jewell sure seemed to fit that profile; after all, the paper noted, he'd "become a celebrity in the wake of the bombing," appearing on the "Today Show" and approaching newspapers, including the Journal-Constitution, "seeking publicity" for his actions at the scene.  

FBI agents bolstered this theory in part with their own interviews with Jewell's "acquaintances," which they shared with the newspaper. "FBI agents are reviewing hours of professional and amateur video tape to see if Jewell is spotted setting down the military-issue backpack that contained the bomb. Acquaintances have told agents that he owned a similar knapsack."  

You can argue about which was worse: The journalists' too-eager reporting, or officials' propagation of half-baked speculation about Jewell. Neither group acquitted themselves admirably. And there were severe consequences for their rush to judgment. 

After the Journal-Constitution story ran, a media frenzy ensued, and Jewell found no peace. He was surrounded by reporters at his home. Jewell wouldn't talk, but federal agents kept leaking details about what they were learning of Jewell from their now massive investigation. A vicious cycle was set in motion. Jewell was essentially tried in the press. 

As it turned out, the real Olympic bark bomber was Eric Rudolph, a serial bomber and terrorist. He was arrested in 2003, when he was on the FBI's Most Wanted list for the Atlanta attack as well as the bombings of two abortion clinics and a lesbian bar.

Jewell was exonerated publicly. His story has been taught to journalism students as a cautionary tale. Jewell sued several media organizations, including the Journal-Constitution, for libel, which is extremely difficult to prove in court. Some settled. The suit with the Journal-Constitution was eventually dismissed in 1997. Jewell had died four months earlier. 

The broad lesson here isn't that reporters shouldn't believe their sources. It's that they should remember the extraordinary pressure that law enforcement officers are under to make progress in a high-profile case such as this. And readers should remember that, too. This fast-paced environment is primed for mistakes and poor judgment, and it can induce otherwise upstanding people to commit deceptions. The same pattern repeated itself in the wake of the anthrax attacks, in 2002, when the government's focus on a military scientist as the culprit turned out to be wildly misplaced. 

Today, press attention has turned towards a Saudi man who was reportedly injured in one of the two blasts in Boston, and whose apartment in Revere was searched last night by federal officers. Investigators are now indicating he may have been a frightened bystander, and isn't considered a suspect. But other reports are laced with vague, suggestive language that, like the Jewell reporting, seems designed to make an argument, not to report facts. That is risky business. And it reminds me of an adage in investigative journalism: The first story is rarely the right one. 



 

Posted at 11:14 AM/ET, 04/16/2013 | Permalink | Comments ()

The Washington Post is short-listing the possible candidates to replace Robert Mueller as FBI Director, after he ends his tenure this summer. At the top of the list, says the paper, is Lisa Monaco, who recently ran the National Security Division at the Justice Department, was Mueller's longest-serving chief of staff, and is now at the White House in CIA Director John Brennan's old job. 

Lisa Monaco, who is currently President Obama's counterterrorism adviser, may be the leading candidate for FBI Director. Photo: Justice Department 

The list could probably stop at Monaco, given how improbable the other people on it are. Putting aside Monaco's legitimate credentials, and the fact that her name has indeed been making the rounds over the past few months--I've heard it from the lips of FBI watchers and former Justice Department officials--the other people on this list are not likely to want the job or be able to easily sail through confirmation. 

Let's take them one at a time. 

Merrick Garland is an esteemed jurist, chief of the U.S. Appeals Court for the D.C. Circuit, and widely seen as a potential nominee for the Supreme Court. Why on earth would he give that up to be the FBI Director? Garland has also been out of the game, on the executive branch side, for a long time. He took his seat on the bench in 1997. The Justice Department he worked in during the Oklahoma City bombing and the Unabomber investigation was a very different place than it is now. He is also, perhaps, too closely associated in the eyes of many experts with the he culture of the department pre-9/11, when intelligence and law enforcement operations were separated by statute, mistrust, and misunderstanding. 

James Comey, who was deputy attorney general to John Ashcroft, is, by my read, greatly enjoying his life in the private sector and the benefits that go with it. He has recently worked for defense contractor Lockheed Martin, the high-profile hedge fund Bridgewater, and recently took a seat on the board of directors of HSBC Holdings. Comey cares deeply about national security and counterterrorism issues, but he can exert  a lot of influence in those areas from his private perch, which brings him into proximity with decision makers in business and in government. Also, I think that Republicans would see him as too liberal, and Democrats would see him as too conservative. (A testament to his intellectual honesty, perhaps, but not likely to make him a shoe in for Senate confirmation.) And PS--Did you catch the part about him working for a defense contractor and a hedge fund? Optics problems abound here, fairly or not. 

Patrick Fitzgerald's name gets trotted out whenever there's a vacancy in a senior Justice post. I think people toss it onto every short list just to make it look longer. His political baggage as the prosecutor of Scooter Libby is enough to kill his chances.  

Neil MacBride, maybe in five years or so. He needs more seasoning. If he's truly on a short list, and not just thrown in artificially, he's a longshot. 

For good measure, or maybe for levity, the Post also quotes the national executive director of the Fraternal Order of Police, Jim Pasco, who suggests the White House consider Philadelphia Police Commissioner Charles Ramsey, who used to be the D.C. Police Chief and who has never held a federal position, or Ray Kelly, the New York Police Commissioner. Who is 71 years old. 

It's worth noting that Garland, Comey, and Fitzgerald also surfaced on a short list reported in the Wall Street Journal in 2011, along with Ken Wainstein, Michael Mason, John Pistole, and Jamie Gorelick, whose names aren't surfacing now. (Although, I know some non-partisan experts who think highly of Wainstein and have mentioned he'd be a good candidate.) 

And missing from the Post's article are some names that seem more plausible than the ones reported. For instance, how about David Kris? I doubt he's interested in returning to Washington from his corporate counsel job in Seattle, but he's got more obvious credentials in the operational aspects of law enforcement and intelligence than many of the candidates on the current list. For that matter, why not Fran Townsend? Granted, she's a Republican, and probably quite content in private practice and working as an on-air analyst for CNN. But if we're talking about plausible candidates here, you have to look to people who have done substantial work of the kind that will consume much of the FBI Director's attention. 

Monaco really fits that bill more than anyone on the list, in terms of her recent experience and its depth. Also, nominating her would allow President Obama to make history; a woman has never led the FBI. As I noted last week, after Obama picked Julia Pearson to run the Secret Service, the tide has obviously turned in favor of more women in top security positions. Even if Monaco doesn't get the nod for the FBI, a woman eventually will, and not, I think, in the distant future.  

Posted at 11:16 AM/ET, 04/01/2013 | Permalink | Comments ()
A new report from Google suggests that government investigators are interested in broad and potentially very detailed information about Internet users. By Shane Harris

Google is expanding its regular “transparency report” to include some broad statistics on the numbers of national security letters it receives from the US government. It’s a significant step for the company to publicly disclose what it privately tells the authorities about its users, and it gives us some more insight into how the government monitors the vastness of the Internet.  

The numbers Google is reporting are broad. But the big takeaway here is that the FBI--the primary user of national security letters--appears to be interested not so much in the content of a person's email, but rather in what's known as "basic subscriber information," more high-level data such as a person's name, address, and the length of service on his account. This information is potentially more useful, and surely easier to get, than the written contents of an e-mail. 

At first glance, the numbers of NSL requests Google is reporting look “awfully high” for one company, says Cato’s Julian Sanchez, who breaks down the report and places it the context of what we already know about how NSLs, which are notoriously opaque tools for secretly obtaining information, are used.  

Comparing the Google numbers for NSLs to those released by the Justice Department, one might conclude that the company received one-seventh of all NSL requests, something Sanchez concludes “seems impossible.” Google is big, but not so big that it would account for an outsized share of all NSLs relative to every other company that receives them. Telecommunications companies, including phone and Internet service providers, as well as financial institutions regularly get NSLs, which require companies to hand over different kinds of information short of the actual content of a message. 

So why are Google’s numbers so high? Sanchez persuasively argues that Google is counting requests for basic subscriber information, and that the Justice Department, in its own NSL reports, is not. Looking at Google’s numbers, it would appear that the “overwhelming majority” of NSL requests it receives are for this basic subscriber information, Sanchez writes, which suggests, troublingly, “that the total number of Americans affected by all NSLs is thus vastly, vastly larger than the official numbers would suggest.” 

I think Sanchez is right. And it makes sense based on what we know about how law enforcement and intelligence agencies use electronic information to track people and monitor the Internet for various threats. 

For instance, shortly before the 9/11 attacks, the National Security Agency asked Qwest Communications for subscriber information on its then-quickly expanding communications network. The NSA’s goal was to monitor the Internet for potential cyber threats against the government. (This was years before cyber security became de rigueur in national security circles, so this was a very foresighted move by the NSA.) After the attacks, the NSA again made the request, this time for tracking terrorists. 

Qwest refused, however, after concluding that access to such detailed customer information was illegal without a warrant. Qwest executives and lawyers decided that even though the information wasn't technically "content," it was still revealing enough that giving it to the government required some legal approval. 

This is an important point. Call logs and records of phone calls may be called “basic” information under the law, but they are full of rich, potentially illuminating information about a person. Today, government agencies, including the NSA, use basic data, particularly phone logs and Internet addresses, to create detailed pictures of a person’s communications and his associations. It doesn’t really matter, in this context, that the data doesn’t include the text of an e-mail or the spoken words of a phone call. 

The Google disclosure underscores the extent to which the government is after this kind of general data, more so than actual content. National security letters are not warrants, but they’re being used today to obtain information of the kind that the NSA wanted from Qwest. This should come as no surprise, given how well the NSA, and the FBI, anticipated the ways that digital technology would transform communication, and how that would, in turn, give the government new opportunities for collecting information. 

The way the FBI is using national security letters today, if Sanchez's analysis is correct, suggests that written e-mails aren’t really what investigators want most. It’s easier under the law to get basic information, and that information can tell them a lot about their targets, often more than the text of an e-mail itself. Think about it: How likely is a suspected terrorist to spell out his intentions in a message? You’d learn a lot more about his capability to do harm by positioning him within a bigger terrorist network, and you can understand and illuminate that network with the kinds of information that Google and other NSL recipients provide. This broad information is also useful to investigators when they're trying to identify individuals who they can scrutinize more closely with searches that require a warrant. 

The other reason why a government agency would want this kind of basic information? “To effectively de-anonymize the otherwise unknown user of a particular account,” Sanchez says. That's just what investigators did when they determined that Paula Broadwell was sending anonymous e-mails to a friend of Gen. David Petraeus. Sanchez speculates that this digital de-cloaking may be “the primary reason” an agency would ask Google for basic subscriber information. 

There’s an important wrinkle in all of this. Google also said that when it receives NSLs, it doesn’t disclose Internet protocol addresses. “Since these can be crucial to linking a wide array of online activity to a particular user, their exclusion would somewhat limit the potential of NSLs to undermine Internet anonymity,” Sanchez writes. But it could be that this exclusion is just a Google policy. Sanchez concludes that “it is not at all clear whether other providers will disclose IP addresses in response to NSLs.”  

We should also keep in mind that NSLs are not the only means by which companies share information with the government, nor are IP addresses the only way to unmask someone or provide useful intelligence for investigators. Nevertheless, this is an enlightening report, and it adds to the ever-accreting body of details about how the government watches us, and what companies are doing to comply with the law and at the same time protect their customers’ information. Never an easy balance. It’ll only get harder. 



Posted at 10:08 AM/ET, 03/06/2013 | Permalink | Comments ()
Report says DOD and NSA removed a “Post” server for forensic analysis. By Shane Harris

In the wake of news that the New York Times' computer networks were infiltrated by Chinese cyber spies, three more news organizations have reportedly had their networks infiltrated as part of what is being described as a broad campaign of espionage targeting American media companies. 

The Wall Street Journal reports that its networks were infiltrated, "apparently to monitor its China coverage." The Journal also quotes a spokeswoman for Thomson Reuters PLC saying the Reuters news service was hacked twice last year. 

Today, security journalist Brian Krebs reports that the Washington Post was hit, as well. According to a former Post information technology employee, Krebs reports: 

"[A]ttackers compromised at least three servers and a multitude of desktops, installing malicious software that allowed the perpetrators to maintain access to the machines and the network.

"They seemed to have the ability to do anything they wanted on the network. 'They transmitted all domain information (usernames and passwords),' the former Post employee said on condition of anonymity. 'We spent the better half of 2012 chasing down compromised PCs and servers.  [It] all pointed to being hacked by the Chinese. They had the ability to get around to different servers and hide their tracks. They seemed to have the ability to do anything they wanted on the network.'"

Security companies and government investigators responded to the breach, Krebs reports. And in a move that is sure to raise eyebrows in the Post newsroom, particularly among reporters covering national security and cyber espionage, "experts from the National Security Agency and Defense Department took one of the Post's servers for forensic analysis." 

Krebs doesn't say whether the FBI was involved with the Post investigation. Presumably the bureau would have the lead in a case such as this. The Defense Department has the biggest and arguably most sophisticated computer forensics agency in the government, but the FBI has that capability, as well. It's not immediately clear why DOD agencies would take the computer equipment. But the DOD could be assisting the FBI. 

Posted at 02:02 PM/ET, 02/01/2013 | Permalink | Comments ()
The top national security official at the Justice Department, Monaco has also been rumored as a candidate for FBI Director. By Shane Harris

President Obama has selected Lisa Monaco as his next homeland security and counterterrorism adviser, replacing John Brennan, who has been nominated as CIA Director. 

Monaco currently serves as the Assistant Attorney General in charge of the National Security Division at the Justice Department. She is a seasoned attorney who began her career as a federal prosecutor in Washington, DC, and rose to the senior ranks of Justice and the FBI. In 2009, Monaco became Eric Holder's principal associate deputy attorney general. Prior to that, she was the longest-serving chief of staff to FBI Director Robert Mueller, a testament to her skill, stamina, and Mueller's confidence in her abilities, according to those who know her. 

Monaco, who was confirmed by the Senate for her current position at Justice, has been on the rumored short list to replace Mueller, whose term ends this summer. It's not immediately clear what today's new appointment does to her chances. On the one hand, she will presumably be working closely with Obama on matters of the highest national security priority and sensitivity. The two do not have a long history of working together day to day, as Obama did with Brennan, who was also a campaign adviser in 2008. Proximity to the Oval Office would give Monaco the ultimate stage on which to audition for the directorship of the FBI.  

On the other hand, it could prove difficult to find a replacement for Monaco less than a year from now, as Mueller is stepping down. Brennan has been indispensable to Obama's program of targeted killings and other national security priorities. It's hard to see the position of counterterrorism adviser being a temporary stop over on the way to something bigger. 

Those who know Monaco describe her as non-partisan, tireless, and a skilled attorney. She worked for Janet Reno in the 1990s and later served on the Justice Department's Enron Task Force, overseeing the prosecution of executives from the failed energy company. For that work, she received the Attorney General's Award for Exceptional Service, the Justice Department's highest award.

"Lisa is a terrific choice. She has demonstrated herself to be the consummate public servant," said Fran Townsend, who was counterterrorism adviser to President George W. Bush. "She has served in both national security legal and policy roles. She has proven she has both the experience and judgment to provide the President with wise counsel." 

David Kris, who preceded Monaco has head of the NSD, says, "She has got the experience and the skills to take on this very challenging job and do it very well." 

The targeted killing program, and the attendant use of drones in countries where the United States is not at war, has become a central component of the counterterrorism adviser's portfolio. It is tempting to view the appointment of a career federal attorney as an attempt by the White House to signal some new deference for stronger legal guidelines on the use of drones. 

However, those who know Brennan have described him as a staunch proponent of "intelligence under law," and he has reportedly been instrumental in crafting clearer guidelines about the use of lethal force. So appointing Monaco perhaps should not be seen as a rebuke of Brennan, or as a stronger embrace of the law than administration officials believe they have already shown.

Monaco's appointment is unlikely to satisfy critics of targeted killings. Yesterday, the United Nations announced an investigation into the use of drones by the U.S. 

Monaco has been in charge of the NSD since July 2011. She is a graduate of Harvard University and earned her law degree from the University of Chicago, where Obama was once a professor. 

Posted at 12:33 PM/ET, 01/25/2013 | Permalink | Comments ()