You may remember the ridiculous Thomas Drake case, in which the US government went after a former NSA employee under the Espionage Act, threatening him with decades in jail. However, as the details showed, Drake was really being targeted not for leaking information, but as a vindictive response for talking to Congressional staffers about what he saw as abuse and waste by the NSA. Jane Meyer, in the New Yorker, wrote a wonderfully detailed account of the case last year. It highlighted how the charges seemed pretty trumped up, claiming that having a certain document on his home computer was illegal, even though the clear target of the investigation was whether he had leaked info to the press.
Drake's story intertwines with that of a Congressional staffer named Diane Roark, who plays a role in his story. A snippet from that New Yorker piece:
Not long after Binney quit the N.S.A., he says, he confided his concerns about the secret surveillance program to Diane Roark, a staff member on the House Permanent Select Committee on Intelligence, which oversees the agency. Roark, who has flowing gray hair and large, wide-set eyes, looks like a waifish poet. But in her intelligence-committee job, which she held for seventeen years, she modeled herself on Machiavelli’s maxim that it is better to be feared than loved. Within the N.S.A.’s upper ranks she was widely resented. A former top N.S.A. official says of her, “In meetings, she would just say, ‘You’re lying.’ ”
Roark agrees that she distrusted the N.S.A.’s managers. “I asked very tough questions, because they were trying to hide stuff,” she says. “For instance, I wasn’t supposed to know about the warrantless surveillance. They were all determined that no one else was going to tell them what to do.”
While Roark was not charged in the same process that resulted in charges against Drake, there was a search conducted, and computers taken. She's now sued the US government, seeking the return (many years later) of the computers seized, as well as findings that the feds actions were unconstitutional.
Plaintiff asks that the Court find unconstitutional the following Government actions and claims:
the Government's activities and assertions... that infringe on citizen speech and communications under the First Amendment to the Constitution and on property rights under the Fourth, Fifth and Sixth Amendments.
the manner in which the Government investigated, managed and prolonged her case. Plaintiff contends that the actions taken against her constitute retaliation for her whistleblower activities and execution of her Congressional oversight responsibilities that revealed inefficenicy, contract fraud, the persistent waste of billions of dollars on a single ill-conceived program that was never built, plus illegal and unconstitutional operations.
To be honest, these kinds of lawsuits rarely get very far, but it should be interesting to watch either way...
from the and-it-may-have-just-made-new-critics dept
We've discussed how the government often seems much more focused on silencing leaks of information, rather than recognizing that those leaks are often highlighting serious misconduct. The latest example involves the Food and Drug Administration (FDA), who apparently started trying to find the source of a leak, but in the end started collecting thousands of emails to try to stifle all sorts of criticism of the FDA, as revealed by the NY Times over the weekend.
What began as a narrow investigation into the possible leaking of confidential agency information by five scientists quickly grew in mid-2010 into a much broader campaign to counter outside critics of the agency’s medical review process, according to the cache of more than 80,000 pages of computer documents generated by the surveillance effort.
Moving to quell what one memorandum called the “collaboration” of the F.D.A.’s opponents, the surveillance operation identified 21 agency employees, Congressional officials, outside medical researchers and journalists thought to be working together to put out negative and “defamatory” information about the agency.
The details show that the FDA installed key logger software on the computers of their own scientists, tracked the personal emails they wrote to others, and tracked documents they copied to key drives. Now, you can make a reasonable argument that since these were work laptops, the FDA has every right to track the usage, but it seems pretty clear that the FDA went really far here, and it wasn't just about stopping leaks, but about trying to stifle criticism and whistleblowing.
In fact, much of the evidence suggests that this absolutely was an attempt to blow the whistle on faulty review procedures by the FDA, that resulted in the approval of medical imaging devices that weren't actually safe. And, apparently, the complaints by the whistleblowers were convincing enough that there's now a Congressional investigation into "a substantial and specific danger to public safety" from this activity.
If the FDA were functioning as it was supposed to, it would have seen these complaints as a reason to investigate its own activities. Instead, in the supposed attempt to "stop leaks," the FDA used this info to try to squelch the attempt to have its own practices investigated.
The American Enterprise Institute (AEI) recently held an event about cybersecurity and cybersecurity legislation. The keynote speech was from NSA boss General Keith Alexander. He of course talked about why he supports cybersecurity legislation, such as CISPA and other proposals that will make it easier for the NSA access private content from service providers -- much of which, reports claim, they're already capturing and storing. Alexander has claimed that the NSA doesn't have "the ability" to spy on American emails and such, and reiterates that claim during the Q&A in this session, insisting that the Utah data center doesn't hold data on Americans' emails (and makes a joke about just how many emails that would be to read). That's nice for him to say, but so many people with knowledge of the situation claim the opposite.
In a motion filed today, the three former intelligence analysts confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the "secret room" at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.
So it's interesting to pay attention to what Alexander has to say in pushing for cybersecurity legislation. You can watch the full video below, if you'd like:
Much of what he talks about online involves basic malware and hack attacks. These are definitely issues -- but are they issues that we need the military (which the NSA is a part of) to step in on? His "quote" line is that these attacks represent the "greatest transfer of wealth in history." That is a pretty broad statement, and there's almost no evidence to support it. He points to studies from Symantec and McAfee on the "costs" of dealing with security issues -- but remember, those are two of the biggest sellers of security software, and have every incentive in the world to inflate the so-called "costs." Also, seriously? The "greatest transfer of wealth in history"? Has he paid absolutely no attention to what's happened on Wall Street and the financial world over the past decade? Does anyone honestly believe that the amount of money "transferred" due to hack attacks is greater than the amount of money transferred due to dodgy financial deals and the mortgage/CDO mess? That doesn't pass the laugh test.
He does insist that worse attacks are coming, but provides no basis for that (or, again, why the NSA needs your info). In fact, according to a much more believable study, the real risks are not outside threats and hackers, but internal security screwups and disgruntled inside employees. None of that requires NSA help. At all.
But it sure makes for a convenient bogeyman to get new laws that take away privacy rights.
Alexander, recognizing the civil liberties audience he was talking to, admits that the NSA neither needs nor wants most personal info, such as emails, and repeatedly states that they need to protect civil liberties (though, in the section quoted below, you can also interpret his words to actually mean they don't care about civil liberties -- but that's almost certainly a misstatement on his part):
One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us... at network speed. It doesn't require the government to read their mail -- or your mail -- to do that. It requires them -- the internet service provider or that company -- to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it.
It's like a missile, coming in to the United States.... there are two things you can do. We can take the "snail mail" approach and say "I saw a missile going overhead, looks like it's headed your way" and put a letter in the mail and say, "how'd that turn out?" Now, cyber is at the speed of light. I'm just saying that perhaps we ought to go a little faster. We probably don't want to use snail mail. Maybe we could do this in real time. And come up with a construct that you and the American people know that we're not looking at civil liberties and privacy, but we're actually trying to figure out when the nation is under attack and what we need to do about it.
Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability. Seems to be there's a great approach there.
Now all that's interesting, because if that's true, then why is he supporting legislation that would override any privacy rules that protect such info? If he really only needs limited information sharing, then why isn't he in favor of more limited legislation that includes specific privacy protections for that kind of information? He goes back to insisting they don't care about this info later on in the talk, but never explains why he doesn't support legislation that continues to protect the privacy of such things:
The key thing in information sharing that gets, I think, misunderstood, is that when we talk about information sharing, we're not talking about taking our personal emails and giving those to the government.
So make that explicit. Rather than supporting cybersecurity legislation that wipes out all privacy protections why not highlight what kind of information sharing is blocked right now and why it's blocked? Is it because of ECPA regulations? Something else? What's the specific problem? Talking about bogeymen hackers and malicious actors makes for a good Hollywood script, but there's little evidence to support the idea that it's a real threat here -- and in response, Alexander is asking us all to basically wipe out all such privacy protections... because he insists that the NSA doesn't want that kind of info. And, oh yeah, this comes at the same time that three separate whistleblowers -- former NSA employees -- claim that the NSA is getting exactly that info already.
So, this speech is difficult to square up with that reality. If he really believes what he's saying, then why not (1) clearly identify the current regulatory hurdles to information sharing, (2) support legislation that merely amends those regulations and is limited to just those regulations and (3) support much broader privacy protections for the personal info that he insists isn't needed? It seems like a pretty straightforward question... though one I doubt we'll get an answer to. Ever. At least not before cybersecurity legislation gets passed.
Early last week, we wrote about the oddity of how the White House didn't seem to much mind "leaks" that made the President look good in terms of being "tough" on our enemies, such as in the NY Times story confirming that the US was behind the Stuxnet malware, and that the President himself was very familiar with the program. This came at the same time as the White House continuing to vindictively prosecute people responsible for even very minor leaks, such as the Thomas Drake affair, in which some whistleblowing about out-of-control spending at the NSA tuned into a malicious prosecution.
Soon after that story came out, the issue of "good leaks" and "bad leaks" became a huge political football, as it gave the President's opponents an angle to attack him for leaking classified info. The President himself had to shoot back and insist that there were no such leaks happening from the White House -- which is clearly not true. Some of the information could have only come from administration officials.
And, of course, it wasn't just limited to Stuxnet, but other "leaks" of classified info, such as stories around the unmanned drone strike program, which lots of people have reported on, but which is still "classified." Of course, we've now seen grandstanding on both sides of the aisle decrying these leaks -- but not the actions that were exposed by them!
Instead, they all seem to be upset about the leaks themselves, rather than the fact that these questionable activities were secret in the first place. As John Cook recently wrote, these kinds of "leaks" are important because they let us know what our government is doing in our name. That's why these aren't leaks, so much as whistleblowing. And that's an important distinction. That's doubly true as we see to what ridiculous lengths the very same administration goes to in order to attack anyone who reveals information that makes it look bad.
One person's leak is another person's whistleblowing. To treat them all as "leaks" that must be punished (often severely) creates a significant chilling effect on reporting on key issues -- and (worse) gives the government a bubble in which it gets to abuse its power. Rather than condemning all these "leaks," we should be trying to (a) celebrate those who blew the whistle and (b) understand the details behind why such things were secret in the first place.
Pre-trial hearings for Bradley Manning, the guy accused of leaking State Department cables (and other info) to Wikileaks, are kicking off this week, with many assuming that he's clearly guilty and will spend the rest of his life in jail. Of course, reports suggest that many thousands (and perhaps hundreds of thousands) of people had access to the exact same documents, and we're still waiting for any proof of any harm from the leaks. That said, the most interesting question about the Manning trial comes from Gautham Nagesh, who asks if Manning would even have been prosecuted if he'd leaked the exact same info to the NY Times, rather than Wikileaks (even though the eventual publishing of the documents went through the NYTimes and others).
And that brings up an interesting point. Is this really a trial of Manning... or a trial-by-proxy of Wikileaks itself?
That said, I'm not convinced it would have made a huge difference, but the overall attention level might have been different. If we went back a decade, perhaps it would have been an issue. However, starting under the Bush (the younger) administration and certainly ramping up under the Obama administration, the federal government has been pretty aggressive in going after whistleblowers -- even when they are going to the press (including some specific cases involving the NY Times).
Where I think it might have made a bigger difference is in how the case finally works out. There seems to be this presumption that Wikileaks is obviously "evil" and therefore anyone working with them must be trouble by association. The concern if the leaks had merely been to the NY Times perhaps wouldn't have been nearly as strong.
We've noted the unfortunate trend of the Obama administration vindictively going after any whistleblowers (despite one of Obama's first moves in office being to encourage whistleblowing). To date, the Obama administration has been involved in six prosecutions of whistleblowers using the Espionage Act... twice as many such uses of all other Presidents combined. But, here's the thing. We just wrote about the NYTimes reporting that the US was behind Stuxnet, and that President Obama himself was deeply engaged in the project.
As people have noted, that level of "leak" seems to go way beyond what many of those charged under the Espionage Act did (including other leaks to the NY Times). And yet, as Gawker discovered, unlike with some of those other stories, the White House did not try to prevent the publication of this info, and almost certainly gave its tacit approval to the publication.
So, what's the difference? Well, the prosecutions against whistleblowers, and the attempts to stifle the reports based on them, all seem to focus on cases where the White House looks bad -- domestic spying, torture, etc. The Stuxnet story was a success story. Even though the malware eventually leaked out into the world and was exposed, the "damage" was already done. This leak actually lets the White House claim credit and look good.
A year and a half ago, we wrote about Daniel Ellsberg (the guy who leaked The Pentagon Papers to the NY Times a few decades back) talking about his personal theory as to why Obama was so vindictive against leaks, despite an outward persona (and specific statements) that totally contradicted the position. His belief was that Obama was so vindictive about whistleblowing, because all of those whistleblowing cases revealed things that were embarrassing to the President. The fact that the White House doesn't seem to have a problem with this particular leak of classified info -- one that more or less makes them look good -- certainly adds significant weight to that theory.
Back in January, we noted the somewhat ironic fact that a US Senator had put a "secret hold" on a bill to protect government whistleblowers. We wondered if someone would blow the whistle and out that Senator. Thankfully, the folks from On the Mediastepped up, and set up a project to find out who put that secret hold on the bill. Last we had checked in, they had narrowed it down to three possible Senators: Jon Kyl, Jeff Sessions and James Risch. Since then, Risch said he didn't put the hold on, leaving just Kyl and Sessions refusing to speak. Now that it's been narrowed down to just two, On the Media has decided to end the project, but is happy about the results. The campaign served to raise two key issues:
The Government Accountability Project has let us know that this project has had the two-pronged effect in the Senate of making Senators more hesitant to use the secret hold, and bringing new attention to the Whistleblower Protection Enhancement Act, which is expected to be reintroduced in the Senate shortly.
This is good news. While there actually are some serious problems with the Whistleblower Protection Enhancement Act as it was written last time around, that's still no excuse for anyone to put a "secret" hold on it. If Senators are going to block a bill, they should be willing to at least come out and admit that it was them, let alone explain their reasons for doing so.
A few weeks ago, we noted that WNYC's On the Media's attempt to out the Senator who put an anonymous block on a bill to protect whistleblowers, had narrowed down the list to just five Senators. Since then, two of the five remaining Senators -- David Vitter and Mitch McConnell have both said that they did not put the secret hold on the bill. So that leaves just three Senators, each of whom have been contacted multiple times and refuse to say. Here's OTM's summary:
Jon Kyl (AZ) 730 HART SENATE OFFICE BUILDING WASHINGTON DC 20510 (202) 224-4521
Notes: 3-2-2011 – Have yet to make contact with Senator Kyl’s Press Secretary Ryan Patmintra. Several messages have been left with the office. A caller spoke to a staffer named Nat on 1-18-2011 who didn’t think Sen. Kyl was responsible, but could not confirm. Since 2-17-2011, three constituents have received the following letter in reply to inquiries about his role in killing the Whistleblower Protection Enhancement Act: “Thank you for contacting me about the Whistleblower Protection Enhancement Act (S.372) . The Senate passed S. 372 on Dec 14, 2010 and the House passed a different version of the legislation on Dec 22. With only hours left in the session, the Senate did not have sufficient time to review the House’s changes and reconcile the differences between the two bills. “
Jeff Sessions (AL) 335 RUSSELL SENATE OFFICE BUILDING WASHINGTON DC 20510 (202) 224-4124
Notes: 3-2-2011 – Jeff Sessions aide Caroline explained to caller on 1-19-2011 that anonymous holds are 'anonymous' and that he is 'very private.' Subsequent calls have gotten similar responses. Have yet to get a response or make contact with Press Secretary Sarah Haley.
James Risch (ID) 483 RUSSELL SENATE OFFICE BUILDING WASHINGTON DC 20510 (202) 224-2752
Notes: 3-2-2011 – Press Secretary Kyle Hines, as well as other staffers have repeatedly told callers that the Senator does not comment on Secret Holds. Hines has said "That's his policy - that's his right" "He just doesn't comment on them." He told caller he would follow up with the Senator on 2-22-2011, and got back to the caller to confirm that the Senator would not comment.
3-4-2011 - Senator Risch's office continues to refuse comment on the secret hold. Brad Hoaglun, Senator Risch's spokesman sent the following email: "Senator Risch's policy has been to not comment secret holds. Although the rules have changed for this Congress he is still holding firm to his policy as it pertains to the last Congress."
There are some claims that Senator Kyl indirectly admitted that he put the hold on the bill, but that may be reading too much into his statements. That's based on the statement (also included above) where he did suggest that there wasn't "sufficient time to review" the House's changes to the bill. Either way, supporters of the bill have pointed out that whether or not this is an admission, it's a completely bogus reason:
Senator Kyl's response to Arizonans, without further explanation, is woefully disingenuous, since the Senator had more than sufficient time to review the content of the bill. In fact, his office had approved the remaining legislation just weeks prior to this final vote.
No matter what, it appears that sooner or later it's going to be revealed who put the secret hold on the bill.
While the bill had some significant shortcomings, we were still somewhat surprised to find out that a US Senator used an anonymous hold to block a bill designed to protect whistleblowers. At the time, we wondered if there would be a whistleblower who would reveal who blocked the bill. However, the folks at WNYC's On the Media set up a neat campaign to contact all 100 Senators and get them to say whether or not they put the hold on the bill. For weeks, many Senators refused to respond, but now the project has reached the point where 95 Senators have said they did not put the block on the bill, leaving just five Senators who have refused to answer. They are:
On the Media is still asking for help contacting those five senators to see if they'll finally explain whether or not they put a hold on the bill. The whole process of an "anonymous hold" in the Senate seems to go against basic principles of transparency in democracy. Anonymity is an important part of free speech for the citizenry, but it does not apply to a single Senator blocking legislation. If they are going to do that in the name of the people they represent, they should be expected to step forward and admit it.
At the beginning of the year, we wondered if a "whistleblower" might reveal the anonymous Senator who killed the whistleblower protection bill that was making its way through Congress (and had already been approved by the Senate earlier). Now, to be clear, there were many complaints about the bill, and some people claimed it was worse than what came before. However, it did seem somewhat ironic that a Senator would choose to use an anonymous hold on a bill about whistleblowing. The folks at WNYC's On The Media program are attempting to find out which Senator put the hold on by having volunteers ask their Senators and report back. As of this writing, there are a bunch of "No" answers, but still a lot of blanks.