As Privacy International has said in response, this appears to completely wipe out the idea that "general warrants" (i.e., not against named individuals/targets) are (and have been) unlawful:
“The IPT has decided that GCHQ can use ‘thematic warrants’, which means GCHQ can hack an entire class of property or persons, such as ‘all phones in Birmingham’.
“In doing so, it has upended a longstanding English common law principle that such general warrants are unlawful. Allowing governments to hack places the security and stability of the internet and the information we exchange on it at stake.”
This is an unfortunate decision, if not that surprising. But yet another reminder that perhaps the UK is a dangerous place for technology firms to do business these days.
If you're a CIA Director, one would assume that you know how to be cool under fire, right? Apparently that's not the case for current CIA Director John Brennan who seemed to completely freak out when Senator Ron Wyden started asking questions about the CIA's infamous decision to spy on the network and computers of Senate Intelligence Committee staffers who were compiling a report on the CIA's torture program. The details are a bit complex, but the short version is that the Intelligence Committee, which has oversight powers over the CIA, had been set up in a CIA building, with special access to CIA documents, and a special search tool. Apparently, at some point, that search tool returned a document which the CIA had never intended to share with the intelligence committee staffers. That document, called "the Panetta Review" was a draft document that then-CIA chief Leon Panetta had tasked people internal at the CIA to prepare on what the Senate Intelligence Committee staffers were likely to find as they went through the documents.
Yes, this is fairly meta. You had Senate staffers reviewing CIA documents, and at the same time, the CIA reviewing those same documents to try to get out ahead of any controversy -- and to make matters confusing, the Senate staffers then got access to that CIA review document as part of their regular searches. When the CIA was questioned about this Panetta review, they freaked out, wondering how the Senate staffers got their hands on the document, and did what the CIA does: they spied on the Senate staffers' computers and network to try to determine how they got the document in the first place. This was despite a promise from the CIA that the Senate staffers' computers and network were considered off-limits (due to an even earlier incident). That resulted in Senator Dianne Feinstein accusing the CIA of illegally spying on the Senate (its overseers). In response, Brennan first denied the spying altogether, and then insisted that it was the Senate staffers who broke the law, saying they illegally mishandled classified CIA documents in how they handled the Panetta Review.
Eventually, the DOJ decided that there wasn't enough evidence that either side broke the law, and refused to make any criminal charges either way. While both the CIA's Inspector General and a special review board Brennan himself set up found that the CIA did, in fact, spy on the Senate staffers' network and computers, and that this was inappropriate, neither seemed to say that it rose to a truly controversial level. Not surprisingly, the review board Brennan set up himself cleared him of wrongdoing.
Mixed in with all of this are remaining questions about how involved Brennan himself actually was in all of this (he refuses to say) and an ongoing request for an apology. While the CIA's Inspector General claimed that Brennan apologized for the breach, later reporting by Jason Leopold at Vice showed that Brennan had drafted an apology, but never sent it. Instead, he apparently provided a very narrow apology solely to Feinstein and then vice chair Saxby Chambliss, basically of the "I'm sorry if what did upset you" manner.
Given this, during a rare open Senate Intelligence Committee hearing, Wyden decided to quiz Brennan about all of this, leading to a rather sarcastic and testy exchange that needs to be watched to be believed:
Immediately, Brennan gets snarky, noting that "This is the annual threat assessment, is it not? Yes?" implying that he doesn't think it's appropriate for Wyden to be bringing up this "other" topic in such a hearing. And it only gets worse from there. He immediately jumps to the argument, again, that it was the Senate staffers' fault for getting access to a document he didn't want them to see. He then says the CIA therefore had an "obligation" to find out how that happened. And then he, somewhat insultingly, suggests that Senator Wyden had not actually read the IG's account, or the report of the review panel that Brennan himself set up.
Wyden cuts him off, quoting directly from the report and notes that other agencies have all said it would be inappropriate to review Senate oversight computer systems, and asks Brennan if he disagrees. Brennan is clearly pissed off:
Brennan: Yes, I think you mischaracterize both their comments as well as what's in those reports. And I apologized to the Chairman and the Vice Chairman about the de minimis access and inappropriate access that CIA officers made to five emails or so of Senate staffers during that investigation. And I apologized to them for that very specific inappropriate action that was taken as part of a very reasonable investigative action. But do not say that we spied on Senate computers or files. We did not do that. We were fulfilling our responsibilities.
Wyden: I read the exact words of the Inspector General and the Review Board. You appointed the Review Board! They said nobody ought to be punished, but they said there was improper access. And my point is, in our system of government, we have responsibilities to do vigorous oversight. And we can't do vigorous oversight if there are improper procedures used to access our files.
Wyden then admits his time is up... but Brennan's so angry that he won't give up. He breaks all proper Senate hearing protocol and jumps back in, asking Wyden to say, again, that it was the Senate staffers' fault for accessing the Panetta Review:
Do you not agree there was improper access that senate staffers had to CIA internal deliberative documents? Was that not inappropriate or unauthorized?
Wyden angrily points out that everything the Senate staffers did was appropriate, and anyway, he's now asking about the CIA's activities, and points to the Inspector General review and the other review board... all the while with Brennan angrily shaking his head at Wyden. When Wyden finishes, Brennan goes back to being snarky, saying:
And I'm still awaiting the review that was done by the Senate to take a look at what the staffers actions were.
And then there's this:
Separation of powers between the executive, legislative branches, Senator, goes both ways.
In short: even if you have oversight over us, don't mess with the CIA, Senator. That's quite a statement.
He then goes on to again claim that Wyden is mischaracterizing everything, and that what the CIA did was entirely appropriate. Wyden concludes:
It's pretty hard to mischaracterize word for word quotes that use the words "improper access."
"In January 2014, CIA personnel conducted an unauthorized, unprecedented search of Senate committee files, including the emails and other files of Senate staff investigating the CIA's use of torture," says the letter...
"The CIA Inspector General stated in a July 2014 report that this search involved 'improper agency access to [Senate Intelligence Committee] files.' A review board selected by CIA Director Brennan concluded in December 2014 that this CIA search 'resulted in inappropriate access to [Senate Intelligence Committee] work product'."
"We believe that it is necessary for you to ensure that senior officials in your administration recognize the importance of adhering to the rule of law," the lawmakers wrote to Obama. "We ask that you instruct Director Brennan to acknowledge that the CIA's unauthorized search of Senate files was improper and will not be repeated."
The White House and CIA have yet to comment on the letter and there's nothing in the history of the incident that suggests either will move forward on this. Obama's on short time and the CIA already cleared itself of all wrongdoing with an in-house "investigation" and further showed its disdain for independent oversight by throwing its Inspector General and his report on the spying efforts under the bus.
Jason Leopold and Vice obtained hundreds of documents through FOIA requests that appeared to show the opposite of what the CIA's internal investigation claimed. But it was the CIA that had the last word, proclaiming itself innocent and simultaneously accusing Senate staffers of improperly accessing restricted documents.
But the most damning document -- at least in the context of a demand for an official apology from the CIA -- was the apology the agency unofficially disavowed when it cleared itself of hacking allegations.
[T]he documents turned over to VICE News included a July 28, 2014 letter from Brennan that was addressed to Feinstein and Saxby Chambliss, who was then the ranking Republican on the Intelligence Committee, in which he apologized to them and admitted that the CIA's penetration of the computer network used by committee staffers reviewing the agency's torture program was improper.
The thing is, Brennan never signed or sent this apology. It just sat in a Torture Report-related file until it was FOIAed. Brennan even offered a closed-door, off-the-record apology to Dianne Feinstein, but to date, the final official word remains the CIA's: we did nothing wrong.
As numerous Techdirt stories make clear, the particular words used to describe something can make a big difference in how it is perceived. For example, intelligence agencies like to avoid the use of the bad-sounding "mass surveillance," with its Orwellian overtones, and prefer to talk about "bulk collection," which can be presented as some kind of cool big data project. No one is more vociferous in insisting that they are not engaged in mass surveillance, but merely bulk collection, than the UK's Home Secretary, Theresa May. She was pushing that line again last week, during a grilling by a UK Parliamentary committee about her proposed Snooper's Charter. As BBC News reported:
She said the security minister, John Hayes, had written to the committee of MPs and peers scrutinising the draft bill to give the reasons why the government did not want to reveal the kinds of data investigators were accessing.
She insisted the practice -- and the sweeping up by the security services of large quantities of internet traffic passing through the UK -- did not amount to "mass surveillance" as civil liberties campaigners claim.
"The UK does not undertake mass surveillance," she told the committee.
Given what we know that GCHQ is already doing, and adding in what the UK government says it wants to do, that seems an absurd thing to say. But Paul Bernal, Lecturer in Information Technology, Intellectual Property and Media Law at the UK's University of East Anglia, thinks that there is more to this than meets the eye:
Precisely what constitutes surveillance is far from agreed. In the context of the internet (and other digital data surveillance) there are, very broadly speaking, three stages: the gathering or collecting of data, the automated analysis of the data (including algorithmic filtering), and then the 'human' examination of the results of that analysis of filtering. This is where the difference lies: privacy advocates and others might argue that the 'surveillance' happens at the first stage -- when the data is gathered or collected -- while Theresa May, [former GCHQ director] David Omand and those who work for them would be more likely to argue that it happens at the third stage -- when human beings are involved.
If surveillance occurs through the act of gathering personal data on a large scale, then clearly what the UK government does (and wants to do more of) is mass surveillance. But if surveillance only takes place once a human operator looks at some of the gathered data, then Theresa May can plausibly argue that what the UK government is engaged in is not mass surveillance, because relatively little personal data is scrutinized in this way. So the question then becomes: at what point is it most appropriate to say that surveillance has occurred? Bernal offers a helpful analogy. What the UK government wants to do with the Snooper's Charter would be like:
installing a camera in every room of every house in the UK, turning that camera on, having the footage recorded and stored for a year -- but having police officers only look at limited amounts of the footage and only when they feel they really need to.
Does the surveillance happen when the cameras are installed? When they’re turned on? When the footage is stored? When it’s filtered? Or when the police officers actually look at it.
Most people would probably find the automated video recording of everything they did in the privacy of their own home intrusive, and clearly a form of surveillance, even if it was unlikely the footage would ever be seen by a human being. And in Europe, the question has already been settled by the courts:
Privacy invasion occurs when the camera is installed and the capability of looking at the footage is enabled. That’s been consistently shown by recent rulings at both the Court of Justice of the European Union and of the European Court of Human Rights. Whether it is called ‘surveillance’ or something else, it invades privacy -- which is a fundamental right. That doesn’t mean that it is automatically wrong -- but that the balancing act between the rights of privacy (and freedom of expression, of assembly and association etc that are protected by that privacy) and the need for 'security' needs to be considered at the gathering stage, and not just at the stage when people look at the data.
That's important, because it is precisely this issue that the courts will have to consider when the inevitable legal challenges are brought against the UK's Snooper's Charter once some version of it becomes law. In the end, whether the Home Secretary thinks what she is doing is mass surveillance or merely bulk collection is irrelevant -- the UK and EU courts will be the ones that decide whether it's allowed.
Remember how Dianne Feinstein -- a huge supporter of the intelligence community -- absolutely freaked out about surveillance when it happened to her staffers (when the CIA snooped on their network)? It would almost be funny how the defenders of surveillance react when they're being surveilled... if it weren't so tragic.
As we noted earlier today, the WSJ just revealed that the NSA had no problem intercepting calls made by Congress as part of spying on foreign leaders, such as Israeli Prime Minister Benjamin Netanyahu. And, as you might expect, some folks are quite upset about this... including former US Representative Pete Hoekstra, who headed the House Intelligence Committee a decade ago. He sent out a pair of angry tweets about the news:
If you can't read those, he says:
WSJ report that NSA spied on Congress and Israel communications very disturbing. Actually outrageous. Maybe unprecedented abuse of power.
NSA and Obama officials need to be investigated and prosecuted if any truth to WSJ reports. NSA loses all credibility. Scary.
Of course, this very same Pete Hoekstra, who long defended NSA surveillance, didn't seem to have much of an issue when the NSA was spying on anyone other than himself. Just last year, in a debate with Glenn Greenwald, Hoekstra mocked the idea that anyone was upset at the NSA spying on foreign governments and said if there was anything to complain about, it was that the NSA allowed such info to leak:
If the country's intelligence techniques leak, what is to say our enemies won't also review the information, Hoekstra asked. He laughs at foreign governments who are shocked they've been spied on because they, too, gather information.
"Spying is a matter of fact," Hoekstra said. "The mistake that we made is that we had a NSA that did not put in the protections that it need to protect (it) ... they enabled someone like Edward Snowden to steal our documents and steal our national securities to the world."
Uh huh. But suddenly when it's his communications, the NSA "loses all credibility" and there needs to be an "investigation"?
“I was briefed by the vice president and then-head of the NSA, Michael Hayden, and it was from my perspective a very thorough briefing,” recalled Hoekstra in an exclusive interview on Wednesday. “They talked about what the capabilities of the program were, how the programs functioned, and the protections that were put in place to make sure that American civil liberties were protected.”
The Michigan Republican said he met with some of the people who administered the programs and came away convinced “they clearly understood the responsibilities that they had to No. 1, do their job, but also to protect Americans' civil liberties.”
Also, this is the very same Hoekstra, who back when he was running the House Intelligence Committee blatantly misled the public about the surveillance powers of the NSA. In that case, somewhat ironically, Hoekstra attacked a bill called the RESTORE Act, that would have granted a tiny bit more oversight over situations where (you guessed it) the NSA was collecting information on Americans. Hoekstra falsely argued that this would make it harder to track terrorists overseas (despite the fact that their communications weren't subject to the law). But now that his own communications got sucked up in surveillance efforts targeted at foreigners, it's a giant scandal?
Beginning to think that being a total hypocrite on these issues should be called "being a total Hoekstra."
"See Something, Send Something" allows anyone to capture suspicious activity as a photo or written note and send the information to the New York State Intelligence Center. From there, the tip will be reviewed and if relevant, sent to the appropriate law enforcement agency. Public service announcements promoting the campaign will be played at DMV offices and service areas along state highways.
By using the app, which can be downloaded for free for iPhone and Android phone users, there is no worry about who to send the tip to or what phone number to call—users can simply send a photo of the suspicious activity using their device’s camera, by choosing a photo from its library, or sending a written note. It also includes information on what to look for and when to report suspicious activity. The service is already available in Colorado, Louisiana, Ohio, Pennsylvania and Virginia.
The governor's press release reminds New Yorkers that the app is for reporting of suspicious people/objects/actions only and very definitely not for criticizing the government's terrorist hysteria or regaling local DHS Fusion Centers with an assortment of dick pics.
In order to keep the app focused on safety, users should report only suspicious behavior and situations (e.g., an unattended backpack or briefcase in a public place) rather than beliefs, thoughts, ideas, expressions, associations, or speech unrelated to terrorism or other criminal activity.
The governor's office also links to recommended reading material to better inform would-be See-Senders about the warning signs of potential terrorist activity.
Terrorist cells have been known to record and monitor activities, taking pictures and making drawings.
ALSO: new parents, artists, people with excessive amounts of time on their hands, public sector employees, everyone who possesses a smartphone, etc.
A clarifying note inside the app that will probably be read by no one adds some cautionary wording not found on the NY DHS website.
Taking pictures or video of facilities, buildings, or infrastructure in a manner that would arouse suspicion in a reasonable person…All reporting on photography should be done within the totality of the circumstances.
But acting as an extra set of eyes for a city that has millions of them -- some even located in human skulls -- doesn't just help fight the War on Terror. It also helps fight the War on… Fire.
Being observant supports homeland security and fire prevention efforts.
If nothing else, the app comes highly recommended by someone who watches a lot of cable news programming.
This App was on Cnn, Cnbc, Msnbc.. Due to IsIs we have to do all we can to protect ourselves
The app itself has been around since January 2013. Despite that, it's apparently still only usable in six states. And there seems to be no information available on how many suspicious activity reports the app has generated, much less if it's actually resulted in any attacks prevented.
What it is, though, is "something," the favorite activity of politicians looking to capitalize on tragic events. My Mobile Witness is nothing more than "Do Something: the App." It gives those who feel they need a direct line to local DHS offices something to do with their idle fingers/paranoia and gives the state's top legislator something to say in the wake of the Paris attacks. Everybody wins… except maybe those who are accosted/arrested for whipping out their sketch pad within eyeshot of a public structure.
The DOJ issued its formal guidance on Stingray devices and warrants back in September. While it was a nice afterthought, it sported an underdeveloped set of teeth. The biggest problem? It's nothing more than guidance. It's a set of internal policies that the DOJ's underlings are expected to follow. Any misuse will presumably be subject to written reprimands and little else.
As it is only guidance, there's very little accountability added. If an agency violates the new policies during the course of an investigation, the violated person doesn't have the option of seeking redress through the judicial system.
This policy guidance is intended only to improve the internal management of the Department of Justice. It is not intended to and does not create any right, benefit, trust, or responsibility, whether substantive or procedural, enforceable at law or equity by a party against the United States, its departments, agencies, instrumentalities, entities, officers, employees, or agents, or any person, nor does it create any right of review in an administrative, judicial, or any other proceeding.
Whatever restraints the DOJ is applying to itself matter only to the DOJ, which can perform its own internal investigations and mete out whatever disciplinary actions it feels those coloring outside of the lines deserve.
Reps. Jason Chaffetz (R-Utah), John Conyers (D-Mich.), and Peter Welch (D-Vt.) on Monday introduced the Stingray Privacy Act, which would limit the government's use of so-called "stingray" devices— surveillance tools that pretend to be cell towers so they can intercept mobile network traffic.
The bill would only permit a government agency to collect data using a stingray if it obtained a traditional search warrant or if it carried out its investigation under the Foreign Intelligence Surveillance Act (FISA), which does not permit the targeting of Americans.
No evidence collected through a stingray without a warrant or outside the FISA process could be used in a trial, congressional hearing, or other federal, state, or local proceeding.
The DOJ's better-late-than-never guidance could become law, turning violations of the former policies into actionable civil rights complaints. Better yet, the abuse of Stingray devices could lead to the dismissal of improperly-obtained evidence. The codification of the warrant requirement also means agencies will have more trouble obscuring the origin of introduced evidence and will be creating a discoverable, possibly FOIA-able paper trail.
The bill has bipartisan support, which is always helpful. It also has a bit of propulsion thanks to the gradual uncovering of widespread usage for bog-standard criminal investigations and widespread secrecy that has led to bogus FOIA request denials and the dismissal of criminal indictments.
The question now is whether the bill will survive intercessions on behalf of the DOJ, which would like to appear Strong on Stingrays but without actually having to deal with the public's complaints of civil liberties violations. Expect to see child killers, kidnappers and terrorists seated at the stakeholders' table on behalf of the FBI and others if this bill gains momentum.
There has always been a strong emphasis in educational institutions on stopping cheating. All of this hand-wringing makes sense to a point, of course. With the advent of technological progress, however, two separate roads appear to be heading to a cross: the use of technology to stop cheaters and the question of just how we're going to define cheating as information becomes more widely searchable and available. For the latter, I'm very much in favor of judging students on their ability to find answers and create interesting solutions compared with the originality of their responses. As the saying goes, it's not what you think that's most important, but how you think. As to the former, it seems we can't go a single story about schools using technology to police any aspect of their students without finding some failing in its implementation.
Verificient Technologies, the company behind the student-monitoring, anti-cheating software ProctorTrack, has not communicated to Rutgers students what the company has done with their personal data.
As we reported, ProctorTrack uses remote-monitoring technology to collect audio, video, and document the web activity of students as they take the exam. The software also scans the ID, face and knuckles of the student, and takes a voice sample. But complaints from students suggest that Verificient has not sent out any notification about the status of their data.
Notifications that Verificient was contract-bound to supply to students upon the purging of the data it collected on them. The way this was supposed to work was that all student monitoring data would be deleted from the primary servers after 90 days, with a notice to students, and then deleted form the backup servers 30 days after that, with another notice to students. Aiding in the confusion is that Rutgers had initially told students the purges would occur within 30 days of the test, back when the school had only a verbal agreement with Verificient, as did the company on its website in what it called its "privacy pledge." That pledge appears to have been violated in the name of "we can change our promise whenever the hell we feel like it" corporate provisions.
According to the contract, which actually went into effect seven months before it was signed, students who used the software during the spring 2015 semester should have received email notifications that their proctoring data had been permanently deleted from the servers.
But they didn't get those emails and students are now rightly pissed off at not knowing what the hell is going on with their personal, audio, and video data. Were this about monitoring web-browsing during tests, it would be bad enough, but we're talking about intrusive audio/video data on students and the company handling that information couldn't be bothered to follow its own post-redefinition pledge of privacy notifications. And, it should be noted, Rutgers students themselves had to pay $32 for the privilege of using this software.
Down in Australia, it appears that phone giant Vodafone is facing a bit of a scandal as it's come out that the company went digging into a journalist's phone records after she wrote some stories about security flaws in a Vodafone system. Remember, a decade ago, when there was a big scandal at HP, when it spied on board members to try to stop leaks? That was bad. This is worse. This is directly violating a customers' privacy, just because you're upset about some leaks.
In a 2012 email from then Vodafone Hutchison Australia head of fraud Colin Yates to then Vodafone global corporate security director Richard Knowlton, Mr Yates warns of the “huge risk” to the company if a string of allegations — which he “has no reason to believe” are not factual — “gets into the public domain”.
Of particular concern to Mr Yates was the hacking of the “call charge records and text messages” from the mobile of Fairfax investigative reporter Natalie O’Brien, then a Vodafone customer.
On January 10, 2011, the day after O’Brien broke a story about major security flaws with Vodafone’s Siebel data system — including that private call records could be illegally accessed — Vodafone investigators had discussions about searching her phone records to find the Vodafone sources for the story.
You can see the story by O'Brien here, in which she revealed that people could access Vodafone customer information, because a source she was talking to had the password to the company's database. This resulted in an investigation by Australia's Privacy Commissioner into Vodafone's security practices. Meanwhile, Vodafone tried to play the whole thing down as a "one-off incident" of someone abusing the password to the system.
Meanwhile, in the background, they were abusing their own systems to try to figure out who was talking to O'Brien -- and were admitting internally that they were misrepresenting the real situation publicly:
Following her story, Vodafone executives allegedly “told the press, the NSW Privacy Commissioner and other high-profile Australian agencies that the breach was a one-off incident”.
Mr Yates wrote to Mr Knowlton: “As you know this is in fact not the case and VHA has been suffering these breaches since Siebel went live and did nothing or very little to close off the weaknesses that allowed them to occur.”
Investigating a privacy breach by breaching the privacy of the reporter who exposed it is... perhaps not the proper response.
We already wrote about Jason Leopold "accidentally" receiving a letter the CIA never actually sent that was an apology for spying on Senate staffers, but there was a lot more that Leopold received in that FOIA dump as well. Beyond the document Leopold wasn't supposed to receive, the 300 pages handed over by the CIA (not by its voluntary desire to respect FOIA stipulations, but rather because a judge told it to) provide additional details about the alleged Senate breach and its "investigative" spying -- and the ensuing fight that set off something of a Constitutional crisis in the separation of powers between the executive branch and the legislative branch.
Leopold's article goes into great depth on the subject and is well-worth reading in its entirety. One of the many, many details worth noting is that the CIA's "firewall" between it and Senate staffers wasn't really anything of the sort. A Google-powered custom search function allowed staffers to search CIA documents, but only the documents the CIA wanted them to see. The problem was that the search didn't work correctly. Keyword searches were returning documents the CIA hadn't approved for Senate perusal. This was how the hidden Panetta Report was discovered.
The CIA claimed Senate staffers had abused their privileges by accessing and downloading documents the agency hadn't meant to make available. But the blame was misplaced. The search "appliance" configuration itself was faulty, and had been for years. And, from there, the CIA decided it was okay to spy on the Senate staffers' work, raising questions about the separation of powers.
"In November 2012, the RDI team learned of a vulnerability with the Google appliance, related to configuration settings that had been in place since the initial installation in November 2009," the OIG's report says. "[The Office of Inspector General] reviewed an April 2013 email between members of the RDINet IT staff detailing the existing settings, which indicated an access control deficiency for search results. The RDI IT team updated the Google appliance in April 2013 to reflect this change. Prior to this update, the settings provided to the [Office of Inspector General] showed that the Google appliance was not configured to enforce access rights or search permissions within RDINet and its holdings."
Weaver explained that the Cyber Blue Team concluded the Google appliance "wasn't enforcing permissions properly, and revealing accessible locations for the [CIA] files."
A problem the CIA was aware of but had never bothered to fix was now being portrayed as a breach of trust (at best) by the Senate staffers compiling the Torture Report. Brennan knew about the misconfigured search tool but still went after Feinstein and Senate staffers, accusing them of "hacking" the CIA's system and making off with a purloined copy of the Panetta Review.
Considering the Panetta Review was the former CIA director's own investigation into the CIA's torture programs, one would assume these documents would be highly relevant to the task at hand -- the compilation of the torture report. But the findings contained in it were so toxic the CIA immediately began burying the documents using every opaque agency's favorite hiding place: the oft-abused "deliberative documents" exemption.
US officials told VICE News that the Panetta Review was shut down for one reason: the CIA team conducting it discovered damning inconsistencies in reports agency officials made to Congress about the efficacy of the program, and horrific details about the way detainees were treated. These revelations by the CIA's own employees contradicted agency officials who had continued to publicly defend the program's value. The internal reports the Panetta Review team wrote, US officials told VICE News, were so troubling that a decision was made by agency lawyers to mark them as "deliberative" draft documents, thereby protecting them from disclosure via FOIA.
Leopold's article is a fascinating study of CIA deception, duplicity and retaliatory abuse. The only way the CIA could have made the aftermath of the Torture Report's release worse was to do all the things it actually did. It made false accusations against a Senate oversight committee. It made blatantly false claims about Senate staff and their "hacking." It stabbed its own Inspector General in the back, publicly impugning him and his findings. It performed an "internal investigation" that managed to "uncover" only the wrongdoing of others. The only act of contrition in this whole debacle went unperformed when CIA head John Brennan chose to toss his apology to the Senate in the nearest file cabinet. The CIA may have had a chance to salvage a small part of its reputation, but instead attempted to bluster its way back to respectability. And, in doing so, lost any respect it had remaining.