For many months now, there's been a war of words over the whole "going dark" issue, with the two loudest participants being the DOJ demanding backdoors to encryption, and Apple standing up and speaking out loudly about the importance of encryption. Sooner or later you knew the two would meet in a legal situation -- and now it's happened, with Apple clearly winning round one. The NY Times is reporting that the DOJ obtained a court order earlier this summer, demanding that Apple hand over decrypted iMessage messages (in real time) for an investigation. Apple, apparently, told the DOJ that those messages are encrypted, and it has no way to comply with the order. This is exactly the scenario that everyone's been chattering about for the past year. And apparently, people inside the DOJ are debating what to do about it:
The case, coming after several others in which similar requests were rebuffed, prompted some senior Justice Department and F.B.I. officials to advocate taking Apple to court, several current and former law enforcement officials said.
However, the article notes that any plans to take Apple to court have "been shelved for now." The rest of the article focuses on a somewhat related situation that we've discussed in the past, involving Microsoft refusing to comply with a DOJ subpoena to hand over emails that are stored on an Irish server. The issue in that case is not about encryption, so much as jurisdiction and the differences between a warrant and a subpoena. That case heads back to court this week. However, the issue about encryption and demands to decrypt communications or stored data will continue for quite some time.
The article notes that Apple did turn over some information, which the DOJ took as a sign of good faith:
In the drug and gun investigation this summer, Apple eventually turned over some stored iCloud messages. While they were not the real-time texts the government most wanted, officials said they saw it as a sign of cooperation.
Of course, the major difference here is that the iMessages are encrypted end-to-end, while data stored in iCloud is not, meaning that Apple actually has access to that content. Many have pointed out that in most cases, the important information that the DOJ will want is probably backed up in iCloud anyway, so perhaps that keeps the DOJ from actually going after Apple for the time being. But, still, it is noteworthy that a clash has already happened. Sooner or later, assuming Apple doesn't give in to the backdoor demands, the DOJ is likely to take someone to court over this... Perhaps it's just waiting for a company with pockets not quite as deep as Apple's.
It would appear that the FTC is quickly emerging as the counterforce to the FBI/NSA's push to backdoor encryption. We recently wrote about how the FTC's CTO, Ashkan Soltani, put up a blog post extolling the virtues of full disk encryption for devices, noting that it can even help to prevent or solve crimes (contrary to the scare stories you hear from the FBI and other law enforcement officials). And now, pretty quickly after that, FTC Commissioner Terrell McSweeny, has written a post for the Huffington Post arguing in favor of strong encryption as well. After discussing the range of threats, as well as the rise of personal data being collected by services, she notes that strong encryption is now being used to better protect consumers:
Encouragingly, many companies are taking meaningful steps to improve their security practices including greater use of encryption technology for data in transit and at rest, whether it be stored in the cloud or on devices. Encryption has helped protect the information of millions of consumers -- for example, protecting credit card information when a merchant is breached or protecting passwords when a popular website is hacked. The impact of major breaches may also be reduced the more that users' data and communications are encrypted end-to-end.
Moreover, there are more products on the market providing consumers with better security and privacy tools -- including encryption as the default for information stored on smartphones, apps that use end-to-end encryption, and services that encrypt data on devices and then back them up in the cloud. Competition in the marketplace of security and privacy technology holds considerable promise for consumers.
She also discusses how any attempt to backdoor encryption could create serious harm for future innovation and our economy:
This debate, sometimes called the crypto wars, is hardly new -- it has been going on in some form or another for decades. But what is changing is the extent to which we are using connected technology in every facet of our daily lives. If consumers cannot trust the security of their devices, we could end up stymieing innovation and introducing needless risk into our personal security. In this environment, policy makers should carefully weigh the potential impact of any proposals that may weaken privacy and security protections for consumers.
It's great to see the FTC coming out so publicly on this issue. I hope that others in other parts of the government will do the same as well. Unfortunately, thanks to the overly vocal FBI and NSA, many believe that the entire federal government believes that we should backdoor encryption, and that sets up a very unfortunate "us v. them" attitude between technologists and the government. Instead, it's clear that many, many people in government support strong encryption and are against backdoors. It's good to see more of them speaking up and making their voices heard.
In the wake of Hurricane Katrina, the federal government stepped up to assure the nation that as horrifically damaging as the storm was, we would all come out of it OK.*
*Offer does not apply to affected residents of New Orleans.
President Bush let us know that FEMA head "Brownie" (born Michael D. Brown) was doing a "heckuva job" botching the government's response. The New Orleans Police Department worked hard to secure critical infrastructure, going so far as to show up in civilian clothes, armed with unapproved weapons. And the FBI, which sent its people to assist in search and rescue operations and to help curtail post-storm looting, made sure an unprecedented tragedy wouldn't go to waste.
A year later, as part of post-Katrina review, the FBI’s WITT requested funding for additional equipment from Harris Corporation, which manufactures the StingRay line of cell phone trackers. Two drafts of the same memo (draft 1) and (draft 2) from July 2006, each with competing redactions, together weave a partial glimpse of WITT’s justification.
“In the summer of 2005, the U.S. Gulf Coast bore the brunt of several hurricanes, including Hurricane Katrina which severely degraded the capabilities of the [redacted],” the memo reads in part. Subsequent, heavily redacted sentences suggest that the storm crippled the FBI’s capacity to conduct certain types of cell phone tracking operations via equipment on-hand at the time of landfall.
Further details are redacted, but it's clear the diminished capabilities pushed IMSI catchers to the front of the acquisition queue. The accompanying purchase order was designated "priority." Previous purchases had only been declared "routine."
The redactions make it impossible to determine why exactly the agency felt the acquisition of more cellphone-tracking technology was a must post-Katrina. Perhaps the agency needed hardware upgrades to existing equipment that functioned in a less-than-ideal manner when local cell infrastructure suffered damage. Maybe it lent some devices to the New Orleans PD and was having trouble getting them back. Maybe it just wanted more IMSI catchers. No matter the stated reason, it can safely be assumed that post-act of God requisition processes receive less scrutiny than those made during times of relative peace and safety. Terrorism and drug dealing may have been off the table in terms of justifications, but any good government agency knows "national disaster" is spelled "O-P-P-O-R-T-U-N-I-T-Y." The FBI is no exception.
Last fall, we wrote about how the FBI had set up a fake AP news story in order to implant malware during an investigation. This came out deep in a document that had been released via a FOIA request by EFF, and first noticed by Chris Soghoian of the ACLU. The documents showed the FBI discussing how to install some malware, called a CIPAV (for Computer and Internet Protocol Address Verifier) by creating a fake news story:
It later came out that the way the FBI used this was an undercover agent pretended to be an AP reporter and sent the suspect -- a 15 year old high school kid... -- a "draft" of the article to review. And when the kid opened it, the malware was deployed.
In response to this, FBI director James Comey defended the practice, saying that it was legal "under Justice Department and FBI guidelines at the time" and, furthermore, that this bit of deception worked. Comey also said that while guidelines had changed, and such impersonation would require "higher-level approvals," it was still something the FBI could do.
The AP has now sued the FBI, along with the Reporters Committee on Freedom of the Press (RCFP) over its failure to reveal any more details about this effort following a FOIA request. For reasons that are beyond me, even though it's the AP filing the lawsuit and the AP writing about the lawsuit, reporter Michael Biesecker apparently doesn't think its readers can handle the actual filing, so they don't include it (this is bad journalism, folks). However, you can read the actual lawsuit here.
In short, the AP made a FOIA request for documents related to this specific case above, as well as "an accounting of the number of times" that the FBI "has impersonated media organizations or generated media-style material" to deliver malware. The FBI said it was working on it, and then bizarrely told the AP that the request was being "closed administratively" because it was being combined with someone else's FOIA request, which left the AP reasonably confused, since they had not initiated that request and had no idea who had.
In a letter from Mr. Hardy dated December 10, 2014, the FBI stated that, even
though the request had yet to be fulfilled, the AP Request was unilaterally “being closed
administratively,” because the “material responsive to your request will be processed in FOIA
1313504-0 as they share the same information.”
The combining of Mr. Satter’s request with Request No. 1313504-0 occurred
despite the fact that Mr. Satter had not filed Request No. 1313504-0 and was given no
information about the identity of the requester underlying FOIA Request No. 1313504-0.
When the AP asked the FBI for more info, it was told that "the estimated completion time for large requests is 649 days." And still refused to reveal who had sent in the other FOIA request. The AP filed a formal appeal, and a week ago was told that there was nothing to appeal because the FBI had not completed Request No. 1313504-0 (which, again, the AP had not actually sent in). Hence the lawsuit.
The RCFP FOIA request received a somewhat more standard "no responsive records" response, to which the RCFP pointed out that the FBI was clearly lying, given that the earlier response (to the EFF FOIA, which kicked off this whole thing) showed that there was, in fact, such responsive results (I know this experience all too well).
And thus, both organizations are now suing to force the FBI to actually turn over the damn documents. Can't wait to find out all the national security reasons (or will they be redacted) for why the FBI won't respond, and why it combined the AP's FOIA request with some totally unknown party's.
from the statute-of-limitations-may-be-a-problem dept
All the cool kids are suing the NSA these days. The EFF and ACLU led the way, suing the NSA before suing the NSA was cool. Others followed as a series Snowden/Greenwald split releases gained popularity (culimating in Greenwald leaving The Guardian to start his own labelwebsite). Most recently, those abused by the NSA for their whistleblowing efforts enlisted the help of the frequently more-entertaining-than-effective Larry Klayman to sue the NSA (and many others) for the retaliatory actions that followed their whistleblowing efforts.
The AP reports (without attaching the relevant filing, because information wants to be free omitted) that former Salt Lake City mayor Rocky Anderson is suing the NSA for "mass warrantless surveillance" conducted during the 2002 Winter Olympics, which were held less than six months after the 9/11 attacks.
Rocky Anderson may be suing the NSA, but it appears he's only doing so by hitching his name to a pre-existing lawsuit. Anderson's name isn't found among the listed plaintiffs, which basically makes him a "similarly situated party" -- indistinguishable from the average Salt Lake City resident except that the press is willing to publish his statements.
"I was outraged by this," Anderson said Wednesday. "Fundamentally, we want to get to the truth and expose what our government is doing."
Anderson says he learned about the program from a 2013 report in the Wall Street Journal and has since confirmed it with an unnamed agency source.
The suit names the NSA, FBI, George W. Bush, Michael Hayden, Dick Cheney and 50 "Does." What's alleged in the filing is the interception of data and communications in the Salt Lake City area for the duration of the Winter Olympics.
The NSA, in conjunction with the FBI, planned and implemented a mass warrantless program—for which there was no probable cause, completely outside the Constitution and outside of any applicable federal statutory laws, including FISA, the Wiretap Act, and the Stored Communications Act—in which blanket surveillance was attempted and achieved during a period preceding the commencement of the 2002 Salt Lake Winter Olympic Games and throughout the period of the Games, from February 8, 2002 (Opening Ceremony) through February 24 (Closing Ceremony), over everyone within designated geographical areas, including Salt Lake City, Utah, and the areas including and in the vicinity of all Olympic venues.
That surveillance included the interception and key-word spotting analysis of the contents of every text message sent and received, every email sent and received, and information reflecting the time and length of, and telephone numbers involved in, every telephone conversation involving any person within the areas subjected to the blanket surveillance. In some instances, people or telephone numbers were targeted by the NSA and FBI and telephone conversations involving such targeted telephone numbers were illegally and unconstitutionally recorded and subjected to analysis, without a warrant and without probable cause.
In support of these allegations, it cites the exposure of the "Stellar Wind" program in 2005, as well as other confirmations of the warrantless wiretapping authority granted after the 9/11 attacks.
The plaintiffs' standing relies on very simple assertions: that they made phone calls and sent text messages/emails during the Winter Olympics. Given what we know about the NSA's bulk collection programs, this is all that's really needed to make these allegations. Ex-mayor Rocky Anderson says he knows "about 200 others" who could make similar claims, but the barrier of entry for this class is low enough that thousands of residents and non-residents could join the proceedings, if granted class action status by the court. Here are the class stipulations:
All individuals in the United States who sent or received a phone call, text message, or email from or to a location within Salt Lake City or within an area including and adjacent to any other 2002 Salt Lake Winter Olympic Games venue where any of the defendants were engaged in warrantless surveillance of communications by telephone, text messaging, or email during the time of December 1, 2001 to February 24, 2002 (or whenever it is established the warrantless surveillance took place).
The lawsuit alleges First and Fourth Amendment violations, as well as violations of FISA, the Wiretap Act and the Stored Communications Act. It also cites similar violations of Utah's Constitution.
I'm not sure this suit has any chance of surviving a motion to dismiss by the government. While standing is easier to achieve now that leaked documents have verified the specifics of the NSA's collection programs, the courts have generally granted more deference to the government's "national security" arguments. What is (slightly) helpful is that the Second Circuit found the Section 215 bulk collection isn't actually authorized by the Patriot Act. While Utah resides outside of that Circuit, decisions that question the legitimacy of bulk surveillance still may prove useful to the plaintiffs' claims.
If there's going to be any retribution for the NSA's abuses, it will probably have to wait until the Supreme Court takes a swing at it. And by the time it does, the question about the legality of its bulk collection program (under Section 215) will be largely moot, thanks to the passage of the USA Freedom Act. While lawsuits like these have been mostly fruitless in their pursuit of favorable judgments, they have proven useful for shaking loose previously-hidden documents and legal justifications for warrantless, domestic surveillance.
The claims arise from the government's treatment of these whistleblowers after they started making noise about the NSA's surveillance programs. More specifically, the lawsuit points to the short-lived internet surveillance program THINTHREAD, which was ignored and abandoned in favor of something more expensive, but less protective of Americans' communications.
Plaintiffs worked in various roles on developing and perfecting a candidate program called THINTHREAD which was capable of performing the technical work desired by the NSA for surveillance of the internet efficiently, effectively, and at very low cost.
THINTHREAD was put into operation successfully but only on a demonstration basis. It was approved to demonstrate that it worked, but not officially commissioned for actual operational use.
Despite the Plaintiffs demonstrating that THINTHREAD actually worked, the NSA ignored THINTHREAD as a candidate for performing the desired surveillance of the internet and telephone communications, because THINTHREAD was inexpensive and highly effective, yet Lt. General Michael Hayden had made a corporate decision to “buy” externally rather than “build” internally the solution deemed necessary to harvest internet data.
$4 billion went into another program called TRAILBLAZER (THINTHREAD's internal development cost, by contrast, was only $4 MILLION), along with five years of development. In the end, TRAILBLAZER never worked properly and was abandoned by the NSA in 2006.
This wasteful "funneling" of funds to preferred government contractors was reported to the Dept. of Defense by four of the whistleblowers, under the heading of waste, fraud and misuse of taxpayers' money. The DoD wasn't happy. It issued a scathing internal report. But the NSA wasn't interested in having its faults pointed out. It sent the DOJ after the whistleblowers, using an unrelated leak of information about the NSA's expansive domestic surveillance programs to the New York Times as the impetus for a series of raids.
According to the filing, the raids were retaliatory. The government had already determined the plaintiffs had nothing to do with the leaks reported on by the New York Times. And it used faulty affidavits to justify the corresponding raids.
In fact, the affidavit for the search warrants are themselves based upon an illegal, warrantless phone tap and refer to a conversation illegally intercepted between Plaintiff Roark and Plaintiff William Binney, although misrepresenting the call’s contents. Further, the ultimate pretext for the search, a paper describing THINTHREAD at a high level that Binney had given the FBI, was falsely claimed by NSA to be classified. Thus, the search warrant affidavit is not only false but illegal.
The lawsuit also attempts to use the breadth and reach of known surveillance programs as proof the government knew the whistleblowers had nothing to do with the NYT leak.
Moreover, as later revealed by Edward Snowden, the NSA was even then, with the assistance of cooperating telephone and telecommunications companies, conducting mass interception and surveillance of all telephone calls within the domestic United States for the very purpose – at least so they claimed – of detecting both external and internal threats against the national security of the United States.
Therefore, through those phone and internet records, the Defendants had actual evidence at the time of the false affidavit and retaliatory searches and seizures that none of the Plaintiffs had communicated with the The New York Times or other journalists, except that Plaintiff Drake on his own had spoken confidentially with regard to public and /or unclassified information to the Baltimore Sun.
The end result of the FBI, NSA and DOJ's actions in response to whistleblowing (largely performed through proper channels) is a host of alleged civil liberties violations and other abuses, starting with the violation of 1998's Whistleblower Protection Act. From there, the whistleblowers allege violations of their First, Fourth and Fifth Amendment rights, along with malicious prosecution, intentional infliction of emotional distress and abuse of process.
It will be interesting to see where this goes. The government likely won't be able to dismiss the suit quickly, but the plaintiffs are going to run into a ton of immunity claims that will be buttressed by invocations of national security concerns. Their lawyer -- Larry Klayman -- has occasionally displayed his inability to distinguish between actionable claims and conspiracy theories, a tendency that doesn't improve the plaintiffs' chances of succeeding. But of all the outcomes I imagined for the stories of Drake, Binney, et al, taking these agencies on directly in federal court wasn't one of them.
FBI. DEA. NSA. CIA. DHS. TSA. All these acronyms (and more) participate in activities that can (and do) have negative effects on Americans' civil liberties. But that's OK, says the government, because we have oversight. This assertion just simply isn't true. The Snowden leaks proved what oversight existed was beholden to the NSA and frequently put itself between the agency and legislators on the outside of the inner circle in order to keep its secrets protected.
Elsewhere, the entities charged with providing oversight for government agencies -- the various Inspector General's offices -- were finding themselves unable to pursue their duties because the agencies they watched refused to cooperate with their investigations. Michael Horowitz, the DOJ Inspector General, frequently expressed his displeasure with the DEA and FBI, both of which refused to provide him with the documents he was seeking.
Over at the CIA, Inspector General David Buckley performed his investigation of the alleged hacking of Senate staffers' computers. He found the allegations to be true. The CIA responded by discrediting his report and performing its own internal audit, which naturally found the agency to be blameless and the Senate at fault for supposedly abusing its access to CIA documents. Buckley retired. The CIA has yet to replace him.
As if things couldn't get any worse, the Office of Legal Counsel decided the best route for effective oversight was to hand over control to the agencies being overseen. On July 20th, it issued a decision that said Inspectors General needed to seek permission from the agencies under their purview for access to sensitive documents. If the agencies turned them down, too bad. They'd just have to do without.
The IGs -- representing 72 government agencies -- have sent a letter to Congress asking them to overturn the OLC's decision. (via Unredacted)
Despite the unequivocal language of Section 6(a) of the IG Act, the OLC opinion concludes that it does not entitle the DOJ-IG to obtain independent access to grand jury, wiretap, and credit information in the DOJ’s possession that is necessary for the DOJ-IG to perform its work. Indeed, the OLC opinion concludes that such records cannot be obtained by the DOJ-IG pursuant to the IG Act, and can only be obtained in certain – but not all – circumstances through provisions in the specific laws related to those records. Further, the opinion provides that only the Department of Justice itself decides whether access by the DOJ-IG is warranted – placing the agency that the DOJ-IG oversees in the position of deciding whether to grant the Inspector General access to information necessary to conduct effective and independent oversight. Requiring an Inspector General to obtain permission from agency staff in order to access agency information turns the principle of independent oversight that is enshrined in the IG Act on its head.
The OLC opinion’s restrictive reading of the IG Act represents a potentially serious challenge to the authority of every Inspector General and our collective ability to conduct our work thoroughly, independently, and in a timely manner. Our concern is that, as a result of the OLC opinion, agencies other than DOJ may likewise withhold crucial records from their Inspectors General, adversely impacting their work. Even absent this opinion, agencies such as the Peace Corps and the U.S. Chemical Safety and Hazard Investigation Board (CSB) have restricted or denied their OIGs access to agency records on claims of common law privileges or assertions that other laws prohibit access. Similarly, the Department of Commerce denied its Inspector General (Commerce-IG) access to agency records that were needed for the Commerce-IG to complete an audit of agency operations because agency counsel had concluded, based on guidance that agency counsel said came from OLC, that it might be a violation of another federal statute to make the records available to its Inspector General. As a result, the Commerce-IG could not complete its audit.
In other words, things were already bad. Now, they're impossible. These agencies were already doing everything they could to thwart their oversight. Now, the OLC has given them permission to stonewall every single investigation that requires the access to "sensitive" agency documents -- which would be a great majority of them.
The letter goes on to point out that the OLC's decision creates a smokescreen that will have serious repercussions for years to come.
Without timely and unfettered access to all necessary information, Inspectors General cannot ensure that all government programs and operations are subject to exacting and independent scrutiny. Refusing, restricting, or delaying an Inspector General's independent access may lead to incomplete, inaccurate, or significantly delayed findings and recommendations, which in turn may prevent the agency from promptly correcting serious problems and pursuing recoveries that benefit taxpayers, and deprive Congress of timely information regarding the agency's activities. It also may impede or otherwise inhibit investigations and prosecutions related to agency programs and operations.
The OLC's decision is astounding, and should be undone as swiftly as possible. There's a lot of room for abuse in many agencies, and one of the only things acting as a check against this are the IGs. The assurances that there is sufficient oversight are hollow. There was very little oversight to begin with. With this determination in place, there's almost none. The denied access can likely be challenged, but time is often of the essence, and weeks or months of discussion over the release of documents can put a lot of space between badly-behaving agencies and whatever scandal they're attempting to ride out.
The OLC had decided government agencies shouldn't be accountable to the public, and its excuse is "security." It's being left up to agencies to decide what information is too "sensitive" to share with their overseers. And it will be evidence of screwups, quasi-legal activities and other abuses of power that receive this label first.
"Knowing it was wrong, you provided material support for a terrorist organization or some other offense," Comey said, explaining how the FBI sees these suspects in response to Huffington Post questions during a meeting with reporters last month. "That is the bulwark against prosecuting someone for having an idea or having an interest. You have to manifest a criminal intent to further the aims prohibited by the statute."
Asked if reposting materials alone would cross the line, Comey said the answer would be different based on the individual circumstances.
"It would depend upon what your mental state is in doing it," the FBI director said. "I can imagine an academic sharing something with someone as part of research would have a very different mental intent than someone who is sharing that in order to try and get others to join an organization or engage in an act of violence. So it's hard to answer in the abstract like that."
Yay. "Mental state" and "intent." That shouldn't be any problem to disprove in court. Comey says the burden of proof rests on the prosecution -- which it does -- but this "burden" becomes significantly lighter when "national security" is invoked and the onus suddenly shifts to the defendants, who are put in the position of proving a negative.
Much like Comey's certainty that secure encryption backdoors exist, the FBI head is also a firm believer that he and his agency will know materially-supportive retweets when they see them.
Comey said it was "pretty darn clear" where the line was.
Eye of the beholder and all that. Not exactly reassuring when the "pretty darn clear" line is being determined by an agency that appears to have created more terrorists in the US than any terrorist organization. Comey talks a lot in Reilly's article about "intent" and "mental state" -- two aspects that have been largely ignored in its counter-terrorist sting operations, which have resulted in the arrest of mentally-incompetent dreamers, senior citizens and a handful of easily-flattered bedroom revolutionaries. When the agency has to do everything but perform the terrorist attack itself, it would appear its definition of "intent" is very fluid... and any considerations about "mental states" completely subservient to its War on Terror desires.
A little over a month ago, we covered a FOIA response (if you could call it that...) from the FBI concerning TrueCrypt, in which it withheld all 69 pages of responsive documents. In addition to the ridiculousness of much of the withheld information being easily-accessible online, there was the question about what this denial meant for TrueCrypt.
When the FBI withholds documents, it often does so because the subject of the FOIA involves an ongoing investigation. In this case, the FBI cited an FOIA exemption related to "trade secrets and commercial information," which none of this was. So, why all the secrecy? Perhaps it was just the agency's default mode taking over. Or maybe it had something to do with TrueCrypt's sudden decision to halt development and declare the software "insecure." Had the FBI managed to "break" TrueCrypt or was its lack of a reponse to this request a signal that it was talking to the people behind it?
Scott Glenn, a 35-year-old Harris Corp. employee working at a US military base in Honduras, apparently made off with documents considered to be "military secrets."
In January, he admitted he hacked into the base commander's classified email account and copied thousands of messages and more than 350 attached documents, much of which dealt with U.S. military plans and information regarding the Middle East.
The judge who sentenced Glenn to 10 years in prison asserted Glenn grabbed these documents out of a desire to "damage" the "security" of the United States. His lawyer had argued that Glenn was nothing more than a "technological hoarder" -- someone who collects this sort of stuff just to be collecting it. He pointed to Glenn's retention of a secretary's hard drive that had no discernible value to anyone as evidence of Glenn's "hoarding" habit. He also pointed out Glenn never tried to distribute the documents or attempted to use them for financial gain.
Glenn, however, has both a troubled legal past and a hazy legal future. He has previously been expelled from a military base for committing benefits fraud and hacking into US databases for Iraqi businesses. He's also being investigated for "sexually exploiting" Honduran minors.
But the nexus point for this stash of military documents was TrueCrypt.
Glenn read up on the art of espionage and used an elaborate encryption system, TrueCrypt, with a decoy computer drive to distract investigators from another hidden drive that he protected with a complex 30-character password, army counterintelligence expert Gerald Parsons testified.
The FBI's counterintelligence squad in South Florida was able to crack Glenn's code, Parsons said.
Parsons said he didn't know how the FBI agents did it but he estimated it would have taken "billions" of years to crack the code using traditional methods.
This should be a bit concerning for TrueCrypt users. Either Glenn's password was cracked (rather than TrueCrypt's encryption) or the questions raised about the predictability of the random-number generator behind the encryption method have some validity. Because "traditional methods" would still be underway -- at least according to the expert presented by the prosecutors -- something else had to give. The most likely explanation is that Glenn gave up his password or had it trapped by a keylogger or other government surveillance software. The FBI has tried to crack TrueCrypt's encryption before and had no luck.
With many documents related to the case still sealed, it's unclear what the government's expert meant by "cracked." It likely means TrueCrypt is as secure as it has been, but its appearance in a case centering on a decrypted hard drive doesn't exactly encourage the throwing of caution to the wind.
The FBI recently raided a small gas station in Cleveland, Ohio for apparently no other reason than having a controversial mural painted on the wall.
The SWAT team, armed with rifles, handguns, and bulletproof vests, stormed through the store without showing any warrants or answering any questions about why they were there according to the store’s owner, Abe Ayad.
According to Cleveland’s NewsNet5, Ayad demanded to see a warrant from the agents, but they were never able to show him one.
Here's some video of the raid, which apparently concluded (the video, not the raid) when FBI agents shut down the recordings.
*While this sounds entirely despicable, there is a small bit of truth underlying the depiction of a rabbi with his mouth on an infant's penis. Here's a description of the circumcision process, as practiced by some Orthodox members of the Jewish faith. It's short, but says all it needs to say.
Under Jewish law, a mohel must draw blood from the circumcision wound. Most mohels do it by hand with a suction device, but some Orthodox groups use their mouth to draw blood after cutting the foreskin.
Abe Ayad "identifies" as a Muslim, which probably makes him a Muslim (distancing use of "identifies" courtesy of Cleveland.com), which probably explains why so many of his murals target Jews. That these are displayed on the outside of his business sort of makes it a civic issue. In all fairness to the city, it has never demanded a removal of the murals. It has only asked that they be made smaller and thus less visible from the road.
Ayad has refused. And if a man's home is his castle and his licensed business his castle with an ROI, then he should -- for the most part -- be free to decorate it with images others might find offensive. (Obviously, actually obscene images would be another issue altogether.) Those offended are free to tell Ayad he's a racist and a fool and spend their money elsewhere. It's not as though Ayad is the sole provider of anything in Cleveland. But considering the issues at the center of the artwork, the city has responded in a mostly commendable fashion. There seems to be nothing approaching a heckler's veto being humored here.
That's the good news. Here in the US, people are free to display their irrational hatred and ignorance. If Ayad isn't actually committing violence against Jews or imploring others to commit criminal acts, then his artwork is just a two-party wall of shame that should be pitied for its deep-held ignorance, rather than booed off the face of the planet by the offended.
Ayad also claims to have been raided by local police in 2009. He doesn't specifically say it was because of the murals (it's implied) but law enforcement seized money, guns and an apparently very expensive stamp collection. Most of it was subsequently returned.
"They can’t arrest me. For what?” said Ayad. “2009 they raided me too. No charges. They gave me back my guns, they kept my money and then they gave me back my money minus the coin collection, which was valued over $3 million.”
Similar items were seized in the recent raid. But this doesn't have anything to do with the murals, even if Ayad is skewing it in that direction. Cleveland.com has, simultaneously, no details and more details.
FBI spokeswoman Vicki Anderson said agents surrounded and sealed off the East 55th Street gas station about 10 a.m. to execute a warrant.
She would not provide any other details.
Ayad, however, did.
The store's owner, Abe Ayad, said agents were looking for evidence of food stamp fraud and illegal gun sales. Ayad said no such activity has taken place in the business.
Which is not the same thing as being raided for controversial murals. Ayad may believe this is part of a conspiracy to shut down his business and save the city from having to field more mural-related complaints, but it appears the issues at hand in this raid (and the 2009 raid as well) are unrelated to the paintings on the exterior walls.
Now, it may be possible that two raids with six years between them are both a part of a larger plan to disrupt and destroy Ayad's business. It could be Ayad's multiple appearances in court for civil lawsuits are also instrumental to the city's long-term plan to be rid of his murals forever. Or it could simply be that neither of these are related to the artwork, but rather inextricably tied together because the murals on the outside can't be separated from the interior of the business endorsing these viewpoints.
It may be that someone in Cleveland's law enforcement community has it in for Ayad, possibly because of the murals, but there doesn't appear to be a sustained history of harassment. While the city would undoubtedly enjoy a respite from Ayad's "antics" and the complaints that follow them, there's very little here to justify any claims that the FBI raided Ayad's store over the murals. Free speech (mostly) lives here and Ayad's contentious relationship with a great many people has yet to see his store shut down for any reason, legitimate or not.
As for Ayad not being allowed to see the warrant, that's perfectly legal as well. Law enforcement officers are under no obligation to present the warrant before performing searches or seizures. It's simply enough that the warrant exists and is presented to the raided party at some point during the search. A "warrantless raid" -- as this has been portrayed -- means the absence of a warrant, not just that the raided party wasn't presented with a warrant before it commenced. Any number of exigent circumstances exist that allow for the presentation of a warrant after a search/seizure has already commenced. In this case, paperwork was handed over to Ayad at the time of the agents' departure. So, while a bit on the shady side morally-speaking, the entire operation clearly falls within the legal bounds.
I'm all for a "bad cop/censorship" narrative, but one doesn't exist here. I prefer the ones where the official parties have buried themselves, rather than grab a shovel and start hurling dirt when in possession of only a bare minimum of facts. So, score one for the good guys, I guess -- pending any further details that point to the FBI being pointed in the direction of Ayad because (a) he's Muslim and (b) he owns guns.