Monday, February 10, 2014

The NSA’s Secret Role in the U.S. Assassination Program



THE // INTERCEPT



News

Featured photo - The NSA’s Secret Role in the U.S. Assassination Program  
Credit: Kirsty Wigglesworth/Associated Press. 
 
 
 
The National Security Agency is using complex analysis of electronic surveillance, rather than human intelligence, as the primary method to locate targets for lethal drone strikes – an unreliable tactic that results in the deaths of innocent or unidentified people.

According to a former drone operator for the military’s Joint Special Operations Command (JSOC) who also worked with the NSA, the agency often identifies targets based on controversial metadata analysis and cell-phone tracking technologies. Rather than confirming a target’s identity with operatives or informants on the ground, the CIA or the U.S. military then orders a strike based on the activity and location of the mobile phone a person is believed to be using.
The drone operator, who agreed to discuss the top-secret programs on the condition of anonymity, was a member of JSOC’s High Value Targeting task force, which is charged with identifying, capturing or killing terrorist suspects in Yemen, Somalia, Afghanistan and elsewhere.

His account is bolstered by top-secret NSA documents previously provided by whistleblower Edward Snowden. It is also supported by a former drone sensor operator with the U.S. Air Force, Brandon Bryant, who has become an outspoken critic of the lethal operations in which he was directly involved in Iraq, Afghanistan and Yemen.

In one tactic, the NSA “geolocates” the SIM card or handset of a suspected terrorist’s mobile phone, enabling the CIA and U.S. military to conduct night raids and drone strikes to kill or capture the individual in possession of the device.

The former JSOC drone operator is adamant that the technology has been responsible for taking out terrorists and networks of people facilitating improvised explosive device attacks against U.S. forces in Afghanistan. But he also states that innocent people have “absolutely” been killed as a result of the NSA’s increasing reliance on the surveillance tactic.

One problem, he explains, is that targets are increasingly aware of the NSA’s reliance on geolocating, and have moved to thwart the tactic. Some have as many as 16 different SIM cards associated with their identity within the High Value Target system. Others, unaware that their mobile phone is being targeted, lend their phone, with the SIM card in it, to friends, children, spouses and family members.

Some top Taliban leaders, knowing of the NSA’s targeting method, have purposely and randomly distributed SIM cards among their units in order to elude their trackers. “They would do things like go to meetings, take all their SIM cards out, put them in a bag, mix them up, and everybody gets a different SIM card when they leave,” the former drone operator says. “That’s how they confuse us.”

As a result, even when the agency correctly identifies and targets a SIM card belonging to a terror suspect, the phone may actually be carried by someone else, who is then killed in a strike. According to the former drone operator, the geolocation cells at the NSA that run the tracking program – known as Geo Cell –sometimes facilitate strikes without knowing whether the individual in possession of a tracked cell phone or SIM card is in fact the intended target of the strike.

“Once the bomb lands or a night raid happens, you know that phone is there,” he says. “But we don’t know who’s behind it, who’s holding it. It’s of course assumed that the phone belongs to a human being who is nefarious and considered an ‘unlawful enemy combatant.’ This is where it gets very shady.”
The former drone operator also says that he personally participated in drone strikes where the identity of the target was known, but other unknown people nearby were also killed.

“They might have been terrorists,” he says. “Or they could have been family members who have nothing to do with the target’s activities.”
What’s more, he adds, the NSA often locates drone targets by analyzing the activity of a SIM card, rather than the actual content of the calls. Based on his experience, he has come to believe that the drone program amounts to little more than death by unreliable metadata.

“People get hung up that there’s a targeted list of people,” he says. “It’s really like we’re targeting a cell phone. We’re not going after people – we’re going after their phones, in the hopes that the person on the other end of that missile is the bad guy.”

The Obama administration has repeatedly insisted that its operations kill terrorists with the utmost precision.

In his speech at the National Defense University last May, President Obama declared that “before any strike is taken, there must be near-certainty that no civilians will be killed or injured – the highest standard we can set.” He added that, “by narrowly targeting our action against those who want to kill us and not the people they hide among, we are choosing the course of action least likely to result in the loss of innocent life.”

But the increased reliance on phone tracking and other fallible surveillance tactics suggests that the opposite is true. The Bureau of Investigative Journalism, which uses a conservative methodology to track drone strikes, estimates that at least 273 civilians in Pakistan, Yemen and Somalia have been killed by unmanned aerial assaults under the Obama administration. A recent study conducted by a U.S. military adviser found that, during a single year in Afghanistan – where the majority of drone strikes have taken place – unmanned vehicles were 10 times more likely than conventional aircraft to cause civilian casualties.

The NSA declined to respond to questions for this article. Caitlin Hayden, a spokesperson for the National Security Council, also refused to discuss “the type of operational detail that, in our view, should not be published.”

In describing the administration’s policy on targeted killings, Hayden would not say whether strikes are ever ordered without the use of human intelligence. She emphasized that “our assessments are not based on a single piece of information. We gather and scrutinize information from a variety of sources and methods before we draw conclusions.”

Hayden felt free, however, to note the role that human intelligence plays after a deadly strike occurs. “After any use of targeted lethal force, when there are indications that civilian deaths may have occurred, intelligence analysts draw on a large body of information – including human intelligence, signals intelligence, media reports, and surveillance footage – to help us make informed determinations about whether civilians were in fact killed or injured.”
The government does not appear to apply the same standard of care in selecting whom to target for assassination. The former JSOC drone operator estimates that the overwhelming majority of high-value target operations he worked on in Afghanistan relied on signals intelligence, known as SIGINT, based on the NSA’s phone-tracking technology.

“Everything they turned into a kinetic strike or a night raid was almost 90 percent that,” he says. “You could tell, because you’d go back to the mission reports and it will say ‘this mission was triggered by SIGINT,’ which means it was triggered by a geolocation cell.”

In July, the Washington Post relied exclusively on former senior U.S. intelligence officials and anonymous sources to herald the NSA’s claims about its effectiveness at geolocating terror suspects.

Within the NSA, the paper reported, “A motto quickly caught on at Geo Cell: ‘We Track ’Em, You Whack ’Em.’”

But the Post article included virtually no skepticism about the NSA’s claims, and no discussion at all about how the unreliability of the agency’s targeting methods results in the killing of innocents.

In fact, as the former JSOC drone operator recounts, tracking people by metadata and then killing them by SIM card is inherently flawed. The NSA “will develop a pattern,” he says, “where they understand that this is what this person’s voice sounds like, this is who his friends are, this is who his commander is, this is who his subordinates are. And they put them into a matrix. But it’s not always correct. There’s a lot of human error in that.”

The JSOC operator’s account is supported by another insider who was directly involved in the drone program. Brandon Bryant spent six years as a “stick monkey” – a drone sensor operator who controls the “eyes” of the U.S. military’s unmanned aerial vehicles. By the time he left the Air Force in 2011, Bryant’s squadron, which included a small crew of veteran drone operators, had been credited with killing 1,626 “enemies” in action.

Bryant says he has come forward because he is tormented by the loss of civilian life he believes that he and his squadron may have caused. Today he is committed to informing the public about lethal flaws in the U.S. drone program.
Bryant describes the program as highly compartmentalized: Drone operators taking shots at targets on the ground have little idea where the intelligence is coming from.

“I don’t know who we worked with,” Bryant says. “We were never privy to that sort of information. If the NSA did work with us, like, I have no clue.”
During the course of his career, Bryant says, many targets of U.S. drone strikes evolved their tactics, particularly in the handling of cell phones. “They’ve gotten really smart now and they don’t make the same mistakes as they used to,” he says. “They’d get rid of the SIM card and they’d get a new phone, or they’d put the SIM card in the new phone.”

As the former JSOC drone operator describes – and as classified documents obtained from Snowden confirm – the NSA doesn’t just locate the cell phones of terror suspects by intercepting communications from cell phone towers and Internet service providers. The agency also equips drones and other aircraft with devices known as “virtual base-tower transceivers” – creating, in effect, a fake cell phone tower that can force a targeted person’s device to lock onto the NSA’s receiver without their knowledge.

That, in turn, allows the military to track the cell phone to within 30 feet of its actual location, feeding the real-time data to teams of drone operators who conduct missile strikes or facilitate night raids.

The NSA geolocation system used by JSOC is known by the code name GILGAMESH. Under the program, a specially constructed device is attached to the drone. As the drone circles, the device locates the SIM card or handset that the military believes is used by the target.

DT 1

Relying on this method, says the former JSOC drone operator, means that the “wrong people” could be killed due to metadata errors, particularly in Yemen, Pakistan and Somalia. “We don’t have people on the ground – we don’t have the same forces, informants, or information coming in from those areas – as we do where we have a strong foothold, like we do in Afghanistan. I would say that it’s even more likely that mistakes are made in places such as Yemen or Somalia, and especially Pakistan.”

As of May 2013, according to the former drone operator, President Obama had cleared 16 people in Yemen and five in Somalia for targeting in strikes. Before a strike is green-lit, he says, there must be at least two sources of intelligence. The problem is that both of those sources often involve NSA-supplied data, rather than human intelligence (HUMINT).

As the former drone operator explains, the process of tracking and ultimately killing a targeted person is known within the military as F3: Find, Fix, Finish. “Since there’s almost zero HUMINT operations in Yemen – at least involving JSOC – every one of their strikes relies on signals and imagery for confirmation: signals being the cell phone lock, which is the ‘find’ and imagery being the ‘unblinking eye’ which is the ‘fix.’” The “finish” is the strike itself.

“JSOC acknowledges that it would be completely helpless without the NSA conducting mass surveillance on an industrial level,” the former drone operator says. “That is what creates those baseball cards you hear about,” featuring potential targets for drone strikes or raids.

President Obama signs authorizations for “hits” that remain valid for 60 days. If a target cannot be located within that period, it must be reviewed and renewed. According to the former drone operator, it can take 18 months or longer to move from intelligence gathering to getting approval to actually carrying out a strike in Yemen. “What that tells me,” he says, “is that commanders, once given the authorization needed to strike, are more likely to strike when they see an opportunity – even if there’s a high chance of civilians being killed, too – because in their mind they might never get the chance to strike that target again.”

While drones are not the only method used to kill targets, they have become so prolific that they are now a standard part of U.S. military culture. Remotely piloted Reaper and Predator vehicles are often given nicknames. Among those used in Afghanistan, says the former JSOC drone operator, were “Lightning” and “Sky Raider.”

The latter drone, he adds, was also referred to as “Sky Raper,” for a simple reason – “because it killed a lot of people.” When operators were assigned to “Sky Raper,” he adds, it meant that “somebody was going to die. It was always set to the most high-priority missions.”

In addition to the GILGAMESH system used by JSOC, the CIA uses a similar NSA platform known as SHENANIGANS. The operation – previously undisclosed – utilizes a pod on aircraft that vacuums up massive amounts of data from any wireless routers, computers, smart phones or other electronic devices that are within range.

One top-secret NSA document provided by Snowden is written by a SHENANIGANS operator who documents his March 2012 deployment to Oman, where the CIA has established a drone base. The operator describes how, from almost four miles in the air, he searched for communications devices believed to be used by Al Qaeda in the Arabian Peninsula in neighboring Yemen.The mission was code named VICTORYDANCE.

“The VICTORYDANCE mission was a great experience,” the operator writes. “It was truly a joint interagency effort between CIA and NSA. Flights and targets were coordinated with both CIAers and NSAers. The mission lasted 6 months, during which 43 flights were flown.”

VICTORYDANCE, he adds, “mapped the Wi-Fi fingerprint of nearly every major town in Yemen.”

DT 5
DT 6

The NSA has played an increasingly central role in drone killings over the past five years. In one top-secret NSA document from 2010, the head of the agency’s Strategic Planning and Policy Division of the Counterterrorism Mission Management Center recounts the history of the NSA’s involvement in Yemen. Shortly before President Obama took office, the document reveals, the agency began to “shift analytic resources to focus on Yemen.”

In 2008, the NSA had only three analysts dedicated to Al Qaeda in the Arabian Peninsula in Yemen. By the fall of 2009, it had 45 analysts, and the agency was producing “high quality” signal intelligence for the CIA and JSOC.

In December 2009, utilizing the NSA’s metadata collection programs, the Obama administration dramatically escalated U.S. drone and cruise missile strikes in Yemen.

The first strike in the country known to be authorized by Obama targeted an alleged Al Qaeda camp in the southern village of al-Majala.

The strike, which included the use of cluster bombs, resulted in the deaths of 14 women and 21 children. It is not clear whether the strike was based on metadata collection; the White House has never publicly explained the strike or the source of the faulty intelligence that led to the civilian fatalities.

Another top-secret NSA document confirms that the agency “played a key supporting role” in the drone strike in September 2011 that killed U.S. citizen Anwar al-Awlaki, as well as another American, Samir Khan. According to the 2013 Congressional Budget Justification, “The CIA tracked [Awlaki] for three weeks before a joint operation with the U.S. military killed” the two Americans in Yemen, along with two other people.

When Brandon Bryant left his Air Force squadron in April 2011, the unit was aiding JSOC in its hunt for the American-born cleric. The CIA took the lead in the hunt for Awlaki after JSOC tried and failed to kill him in the spring of 2011.


DT 4


According to Bryant, the NSA’s expanded role in Yemen has only added to what he sees as the risk of fatal errors already evident in CIA operations. “They’re very non-discriminate with how they do things, as far as you can see their actions over in Pakistan and the devastation that they’ve had there,” Bryant says about the CIA. “It feels like they tried to bring those same tactics they used over in Pakistan down to Yemen. It’s a repeat of tactical thinking, instead of intelligent thinking.”

Those within the system understand that the government’s targeting tactics are fundamentally flawed. According to the former JSOC drone operator, instructors who oversee GILGAMESH training emphasize: “‘This isn’t a science. This is an art.’ It’s kind of a way of saying that it’s not perfect.”

Yet the tracking “pods” mounted on the bottom of drones have facilitated thousands of “capture or kill” operations in Afghanistan, Iraq, Yemen, Somalia and Pakistan since September 11. One top-secret NSA document provided by Snowden notes that by 2009, “for the first time in the history of the U.S. Air Force, more pilots were trained to fly drones … than conventional fighter aircraft,” leading to a “‘tipping point’ in U.S. military combat behavior in resorting to air strikes in areas of undeclared wars,” such as Yemen and Pakistan.

The document continues: “Did you ever think you would see the day when the U.S. would be conducting combat operations in a country equipped with nuclear weapons without a boot on the ground or a pilot in the air?”

Even NSA operatives seem to recognize how profoundly the agency’s tracking technology deviates from standard operating methods of war.

One NSA document from 2005 poses this question: “What resembles ‘LITTLE BOY’ (one of the atomic bombs dropped on Japan during World War II) and as LITTLE BOY did, represents the dawn of a new era (at least in SIGINT and precision geolocation)?”

Its reply: “If you answered a pod mounted on an Unmanned Aerial Vehicle (UAV) that is currently flying in support of the Global War on Terrorism, you would be correct.”


DT 3


Another document boasts that geolocation technology has “cued and compressed numerous ‘kill chains’ (i.e. all of the steps taken to find, track, target, and engage the enemy), resulting in untold numbers of enemy killed and captured in Afghanistan as well as the saving of U.S. and Coalition lives.”
The former JSOC drone operator, however, remains highly disturbed by the unreliability of such methods. Like other whistleblowers, including Edward Snowden and Chelsea Manning, he says that his efforts to alert his superiors to the problems were brushed off. “The system continues to work because, like most things in the military, the people who use it trust it unconditionally,” he says.

When he would raise objections about intelligence that was “rushed” or “inaccurate” or “outright wrong,” he adds, “the most common response I would get was ‘JSOC wouldn’t spend millions and millions of dollars, and man hours, to go after someone if they weren’t certain that they were the right person.’ There is a saying at the NSA: ‘SIGINT never lies.’ It may be true that SIGINT never lies, but it’s subject to human error.”

The government’s assassination program is actually constructed, he adds, to avoid self-correction. “They make rushed decisions and are often wrong in their assessments. They jump to conclusions and there is no going back to correct mistakes.” Because there is an ever-increasing demand for more targets to be added to the kill list, he says, the mentality is “just keep feeding the beast.”
For Bryant, the killing of Awlaki – followed two weeks later by the killing of his 16-year-old son, Abdulrahman al Awlaki, also an American citizen – motivated him to speak out. Last October, Bryant appeared before a panel of experts at the United Nations – including the UN’s special rapporteur on human rights and counterterrorism, Ben Emmerson, who is currently conducting an investigation into civilians killed by drone strikes.

Dressed in hiking boots and brown cargo pants, Bryant called for “independent investigations” into the Obama administration’s drone program. “At the end of our pledge of allegiance, we say ‘with liberty and justice for all,’” he told the panel. “I believe that should be applied to not only American citizens, but everyone that we interact with as well, to put them on an equal level and to treat them with respect.”

Unlike those who oversee the drone program, Bryant also took personal responsibility for his actions in the killing of Awlaki. “I was a drone operator for six years, active duty for six years in the U.S. Air Force, and I was party to the violations of constitutional rights of an American citizen who should have been tried under a jury,” he said. “And because I violated that constitutional right, I became an enemy of the American people.”

Bryant later told The Intercept, “I had to get out because we were told that the president wanted Awlaki dead. And I wanted him dead. I was told that he was a traitor to our country…. I didn’t really understand that our Constitution covers people, American citizens, who have betrayed our country. They still deserve a trial.”

The killing of Awlaki and his son still haunt Bryant. The younger Awlaki, Abdulrahman, had run away from home to try to find his dad, whom he had not seen in three years. But his father was killed before Abdulrahman could locate him. Abdulrahman was then killed in a separate strike two weeks later as he ate dinner with his teenage cousin and some friends. The White House has never explained the strike.

“I don’t think there’s any day that goes by when I don’t think about those two, to be honest,” Bryant says. “The kid doesn’t seem like someone who would be a suicide bomber or want to die or something like that. He honestly seems like a kid who missed his dad and went there to go see his dad.”

Last May, President Obama acknowledged that “the necessary secrecy” involved in lethal strikes “can end up shielding our government from the public scrutiny that a troop deployment invites. It can also lead a president and his team to view drone strikes as a cure-all for terrorism.”

But that, says the former JSOC operator, is precisely what has happened. Given how much the government now relies on drone strikes – and given how many of those strikes are now dependent on metadata rather than human intelligence – the operator warns that political officials may view the geolocation program as more dependable than it really is.

“I don’t know whether or not President Obama would be comfortable approving the drone strikes if he knew the potential for mistakes that are there,” he says. “All he knows is what he’s told.”

Whether or not Obama is fully aware of the errors built into the program of targeted assassination, he and his top advisors have repeatedly made clear that the president himself directly oversees the drone operation and takes full responsibility for it. Obama once reportedly told his aides that it “turns out I’m really good at killing people.”

The president added, “Didn’t know that was gonna be a strong suit of mine.”
Ryan Devereaux contributed to this article.

Tuesday, January 28, 2014

Spy Agencies Probe Angry Birds and Other Apps for Personal Data

ProPublica



Spy Agencies Probe Angry Birds and Other Apps for Personal Data

Note: The story is not subject to our Creative Commons license. 


This story was co-produced with The New York Times and The Guardian.


When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spy agencies have plotted how to lurk in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.

In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.

According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.

The N.S.A. and Britain’s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services.

The eavesdroppers’ pursuit of mobile networks has been outlined in earlier reports, but the secret documents, shared by The New York Times, The Guardian and ProPublica, offer far more details of their ambitions for smartphones and the apps that run on them. The efforts were part of an initiative called “the mobile surge,” according to a 2011 British document, an analogy to the troop surges in Iraq and Afghanistan. One N.S.A. analyst’s enthusiasm was evident in the breathless title — “Golden Nugget!” — given to one slide for a top-secret 2010 talk describing iPhones and Android phones as rich resources, one document notes.

The scale and the specifics of the data haul are not clear. The documents show that the N.S.A. and the British agency routinely obtain information from certain apps, particularly some of those introduced earliest to cellphones. With some newer apps, including Angry Birds, the agencies have a similar capability, the documents show, but they do not make explicit whether the spies have put that into practice. Some personal data, developed in profiles by advertising companies, could be particularly sensitive: A secret 2012 British intelligence document says that spies can scrub smartphone apps that contain details like a user’s “political alignment” and sexual orientation.

President Obama announced new restrictions this month to better protect the privacy of ordinary Americans and foreigners from government surveillance, including limits on how the N.S.A. can view “metadata” of Americans’ phone calls — the routing information, time stamps and other data associated with calls. But he did not address the avalanche of information that the intelligence agencies get from leaky apps and other smartphone functions.

And while he expressed concern about advertising companies that collect information on people to send tailored ads to their mobile phones, he offered no hint that American spies routinely seize that data. Nothing in the secret reports indicates that the companies cooperate with the spy agencies to share the information; the topic is not addressed.

The agencies have long been intercepting earlier generations of cellphone traffic like text messages and metadata from nearly every segment of the mobile network — and, more recently, mobile traffic running on Internet pipelines. Because those same networks carry the rush of data from leaky apps, the agencies have a ready-made way to collect and store this new resource. The documents do not address how many users might be affected, whether they include Americans, or how often, with so much information collected automatically, analysts would see personal data.


This cartoon of a fairy accompanies a “top secret” NSA document about smartphones. The drawing seems to suggest that phones, and the data they transmit, are a magical intelligence gift to the agency.
“N.S.A. does not profile everyday Americans as it carries out its foreign intelligence mission,” the agency said in a written response to questions about the program. “Because some data of U.S. persons may at times be incidentally collected in N.S.A.'s lawful foreign intelligence mission, privacy protections for U.S. persons exist across the entire process.” Similar protections, the agency said, are in place for “innocent foreign citizens.”

The British spy agency declined to comment on any specific program, but said all its activities complied with British law.

Two top-secret flow charts produced by the British agency in 2012 show incoming streams of information skimmed from smartphone traffic by the Americans and the British. The streams are divided into “traditional telephony” — metadata — and others marked “social apps,” “geo apps,” “http linking,” webmail, MMS and traffic associated with mobile ads, among others. (MMS refers to the mobile system for sending pictures and other multimedia, and http is the protocol for linking to websites.)

In charts showing how information flows from smartphones into the agency’s computers, analysts included questions to be answered by the data, including “Where was my target when they did this?” and “Where is my target going?”
As the program accelerated, the N.S.A. nearly quadrupled its budget in a single year, to $767 million in 2007 from $204 million, according to a top-secret Canadian analysis written around the same time.

Even sophisticated users are often unaware of how smartphones offer a unique opportunity for one-stop shopping for information about them. “By having these devices in our pockets and using them more and more,” said Philippe Langlois, who has studied the vulnerabilities of mobile phone networks and is the founder of the Paris-based company Priority One Security, “you’re somehow becoming a sensor for the world intelligence community.”

Detailed Profiles

Smartphones almost seem to make things too easy. Functioning as phones — making calls and sending texts — and as computers — surfing the web and sending emails — they generate and also rely on data. One secret report shows that just by updating Android software, a user sent more than 500 printed lines of data about the phone’s history and use onto the network.

Such information helps mobile ad companies, for example, create detailed profiles of people based on how they use their mobile device, where they travel, what apps and websites they open, and other factors. Advertising firms might triangulate web shopping data and browsing history to guess whether someone is wealthy or has children, for example.

The N.S.A. and the British agency busily scoop up this data, mining it for new information and comparing it with their lists of intelligence targets.

One secret 2010 British document suggests that the agencies collect such a huge volume of “cookies” — the digital traces left on a mobile device or a computer when a target visits a website — that classified computers were having trouble storing it all.

“They are gathered in bulk, and are currently our single largest type of events,” the document says.

The two agencies displayed a particular interest in Google Maps, which is accurate to within a few yards or better in some locations. Intelligence agencies collect so much data from the app that “you’ll be able to clone Google’s database” of global searches for directions, according to a top-secret N.S.A. report from 2007.

“It effectively means that anyone using Google Maps on a smartphone is working in support of a G.C.H.Q. system,” a secret 2008 report by the British agency says.

(In December, The Washington Post, citing the Snowden documents, reported that the N.S.A. was using metadata to track cellphone locations outside the United States and was using ad cookies to connect Internet addresses with physical locations.)

In another example, a secret 20-page British report dated 2012 includes the computer code needed for plucking the profiles generated when Android users play Angry Birds. The app was created by Rovio Entertainment, of Finland, and has been downloaded more than a billion times, the company has said.

Rovio drew public criticism in 2012 when researchers claimed that the app was tracking users’ locations and gathering other data and passing it to mobile ad companies. In a statement on its website, Rovio says that it may collect its users’ personal data, but that it abides by some restrictions. For example, the statement says, “Rovio does not knowingly collect personal information from children under 13 years of age.”

The secret report noted that the profiles vary depending on which of the ad companies — which include Burstly and Google’s ad services, two of the largest online advertising businesses — compiles them. Most profiles contain a string of characters that identifies the phone, along with basic data on the user like age, sex and location. One profile notes whether the user is currently listening to music or making a call, and another has an entry for household income.

Google declined to comment for this article, and Burstly did not respond to multiple requests for comment. Saara Bergstrom, a Rovio spokeswoman, said that the company had no knowledge of the intelligence programs. “Nor do we have any involvement with the organizations you mentioned,” Ms. Bergstrom said, referring to the N.S.A. and the British spy agency.

Another ad company creates far more intrusive profiles that the agencies can retrieve, the report says. The apps that generate those profiles are not identified, but the company is named as Millennial Media, which has its headquarters in Baltimore.

In securities filings, Millennial documented how it began working with Rovio in 2011 to embed ad services in Angry Birds apps running on iPhones, Android phones and other devices.

According to the report, the Millennial profiles contain much of the same information as the others, but several categories listed as “optional,” including ethnicity, marital status and sexual orientation, suggest that much wider sweeps of personal data may take place.




A portion of the computer code in Burstly’s Software Development Kit — used by Angry Birds. This software was studied by GCHQ for intelligence value.
Possible categories for marital status, the report says, include single, married, divorced, engaged and “swinger”; those for sexual orientation are straight, gay, bisexual and “not sure.” It is unclear whether the “not sure” category exists because so many phone apps are used by children, or because insufficient data may be available.

There is no explanation of precisely how the ad company defined the categories or how accurate the information is. Nor is there any discussion of why all that information would be useful for marketing — or intelligence.

Unwieldy Heaps

The agencies have had occasional success — at least by their own reckoning — when they start with something closer to a traditional investigative tip or lead. The spies say that tracking smartphone traffic helped break up a bomb plot by Al Qaeda in Germany in 2007, and the N.S.A. bragged that to crack the plot, it wove together mobile data with emails, log-ins and web traffic. Similarly, mining smartphone data helped lead to arrests of members of a drug cartel hit squad for the 2010 murder of an employee of an American Consulate in Mexico.

But the data, whose volume is soaring as mobile devices have begun to dominate the technological landscape, is a crushing amount of information for the spies to sift through. As smartphone data builds up in N.S.A. and British databases, the agencies sometimes seem a bit at a loss on what to do with it all, the documents show. A few isolated experiments provide hints as to how unwieldy it can be.
In 2009, the American and British spy agencies each undertook a brute-force analysis of a tiny sliver of their cellphone databases. Crunching just one month of N.S.A. cellphone data, a secret report said, required 120 computers and turned up 8,615,650 “actors” — apparently callers of interest. A similar run using three months of British data came up with 24,760,289 actors.

“Not necessarily straightforward,” the report said of the analysis. The agencies’ extensive computer operations had trouble sorting through the slice of data. Analysts were “dealing with immaturity,” the report said, encountering computer memory and processing problems. The report made no mention of anything suspicious in the enormous lumps of data.
Ginger Thompson contributed reporting.

Government Could Hide Existence of Records under FOIA Rule Proposal

ProPublica


Journalism in the Public Interest

Government Could Hide Existence of Records under FOIA Rule Proposal







A proposed rule to the Freedom of Information Act would allow federal agencies to tell people requesting certain law-enforcement or national security documents that records don’t exist – even when they do.

Under current FOIA practice, the government may withhold information and issue what’s known as a Glomar denial that says it can neither confirm nor deny the existence of records.

The new proposal – part of a lengthy rule revision by the Department of Justice – would direct government agencies to “respond to the request as if the excluded records did not exist."

Open-government groups object.

"We don’t believe the statute allows the government to lie to FOIA requesters,” said Mike German, senior policy counsel for the American Civil Liberties Union, which opposes the provision.

The ACLU, along with Citizens for Responsibility and Ethics in Washington and OpenTheGovernment.org said the move would “dramatically undermine government integrity by allowing a law designed to provide public access to government to be twisted.

The Glomar denial arose in the mid-1970s when a Los Angeles Times reporter requested information about the CIA’s Glomar Explorer, built to recover a sunken Soviet submarine and the CIA’s attempt to suppress stories about it.
But the advocacy groups propose another response: You have requested “…records which, if they exist, would not be subject to the disclosure requirements of FOIA...”

They prefer such language because a last resort is to sue to obtain the records, something people requesting information might not do if they assumed that no records existed.

Open government groups also contend that the proposed rule could undermine judicial proceedings.

In a recent case brought by the ACLU of Southern California, the FBI denied the existence of documents. But the court later discovered that the documents did exist. In an amended order, U.S. District Judge Cormac Carney wrote that the “Government cannot, under any circumstance, affirmatively mislead the Court.”
DOJ’s draft FOIA rule was first published in March, but DOJ re-opened comment submissions in September at the request of open-government groups. The new comment period ended October 19.

The DOJ did not immediately respond to a request for comment. We will update as soon as it does.

FOIA Eyes Only: How Buried Statutes Are Keeping Information Secret


ProPublica

Journalism in the Public Interest


FOIA Eyes Only: How Buried Statutes Are Keeping Information Secret


A solar eclipse viewed on July 11, 2010. (Martin Bernetti/AFP/Getty Images file photo)




Anyone can request information from U.S. officials under the Freedom of Information Act, a law designed to allow people to know what their government is up to.

When a government agency withholds information from a requester, it typically must invoke one of nine FOIA exemptions that cover everything from national security to personal privacy. But among that list is an exemption—known as b(3) for its section in the FOI Act—that allows an agency to apply other statutes when denying information requests.

Some of those statutes allow exemptions that seem quite reasonable, for example to protect medical or financial information. Many others are more puzzling.

Citing the Watermelon Research and Promotion Act, for example, the U.S. Department of Agriculture has withheld lists of watermelon growers.

Under another law, information about the location of “significant” caves has been withheld by USDA and the U.S. Department of the Interior.

Until now, no one has known just how extensively these other laws were used across the federal government. New data compiled by the Sunshine in Government Initiative, a coalition of journalism and transparency groups, shows that agencies have applied more than 240 other laws in withholding information over the last decade.

And you can see them for yourself: We’ve created an interactive database of all the exemptions used in 2008-2009 and how they were used.

“FOIA is supposed to be a disclosure act, and these b(3)s make it more of a withholding act,” said Patrice McDermott, director of another transparency group, openthegovernment.org. “They can have a detrimental effect to know what government’s doing and hold it accountable.”

For years such provisions could be easily slipped into legislation without notice. But changes to FOIA that went into effect in 2009 require that proposed legislation must specifically say that it will create a new b(3) exemption. As part of their annual FOIA reports, agencies are now required to disclose not only which exemptions they used but also how many times each was invoked.


Financial reforms passed last year by Congress included an exemption to withhold from the public information concerning “surveillance, risk assessments or other regulator and oversight activities.”

The exemption became law, but it was later rescinded after it came under fire by transparency groups.

Our analysis also found that the most-often-invoked exemption is a law protecting information on tax returns filed with the IRS. From 2008 to 2009, federal agencies applied this statute nearly 3,000 times in FOIA denials.
The agency that invoked the most b(3) exemptions was the Department of Veteran Affairs, which from 2008 to 2009 received nearly 170,000 FOIA requests and invoked b(3)s more than 8,000 times—almost always for information relating to Veteran medical benefits or records.

The b(3) exemption used most widely—20 agencies applied it—was a law protecting losing contract bids.

Federal agencies are required to file annual reports about their FOIA activities, such as the number of requests they received, how many they denied and why they denied them. Agencies also must list which b(3) exemptions it used over the past year. Since 2008, reports must include the number of times each exemption was invoked.

“These should be debated and subject to scrutiny,” said McDermott, whose organization, openthegovernment.org, pushed for the disclosure requirement.

There may be legitimate reasons to withhold certain information, she said. “But blowing holes in the Freedom of Information Act is not the way to deal with it.”

Friday, January 24, 2014

The Fukushima Secrecy Syndrome: From Japan to America


Dissident Voice: a radical newsletter in the struggle for peace and social justice


The Fukushima Secrecy Syndrome: From Japan to America

Last month, the ruling Japanese coalition parties quickly rammed through Parliament a state secrets law. We Americans better take notice.

Under its provisions the government alone decides what are state secrets and any civil servants who divulge any “secrets” can be jailed for up to 10 years. Journalists caught in the web of this vaguely defined law can be jailed for up to 5 years.

Government officials have been upset at the constant disclosures of their laxity by regulatory officials before and after the Fukushima nuclear power disaster in 2011, operated by Tokyo Electric Power Company (TEPCO).

Week after week, reports appear in the press revealing the seriousness of the contaminated water flow, the inaccessible radioactive material deep inside these reactors and the need to stop these leaking sites from further poisoning the land, food and ocean. Officials now estimate that it could take up to 40 years to clean up and decommission the reactors.

Other factors are also feeding this sure sign of a democratic setback. Militarism is raising its democracy-menacing head, prompted by friction with China over the South China Sea. Dismayingly, U.S. militarists are pushing for a larger Japanese military budget. China is the latest national security justification for our “pivot to East Asia” provoked in part by our military-industrial complex.

Draconian secrecy in government and fast-tracking bills through legislative bodies are bad omens for freedom of the Japanese press and freedom to dissent by the Japanese people. Freedom of information and robust debate (the latter cut off sharply by Japan’s parliament in December 5, 2013) are the currencies of democracy.

There is good reason why the New York Times continues to cover the deteriorating conditions in the desolate, evacuated Fukushima area. Our country has licensed many reactors here with the same designs and many of the same inadequate safety and inspection standards. Some reactors here are near earthquake faults with surrounding populations which cannot be safely evacuated in case of serious damage to the electric plant. The two Indian Point reactors that are 30 miles north of New York City are a case in point.
The less we are able to know about the past and present conditions of Fukushima, the less we will learn about atomic reactors in our own country.

Fortunately many of Japan’s most famous scientists, including Nobel laureates, Toshihide Maskawa and Hideki Shirakawa, have led the opposition against this new state secrecy legislation with 3,000 academics signing a public letter of protest. These scientists and academics declared the government’s secrecy law a threat to “the pacifist principles and fundamental human rights established by the constitution and should be rejected immediately.”

Following this statement, the Japan Scientists’ Association, Japan’s mass media companies, citizens associations, lawyers’ organizations and some regional legislatures opposed the legislation. Polls show the public also opposes this attack on democracy. The present ruling parties remain adamant. They cite as reasons for state secrecy “national security and fighting terrorism.” Sound familiar?

History is always present in the minds of many Japanese people. They know what happened in Japan when the unchallenged slide toward militarization of Japanese society led to the intimidating tyranny that drove the invasion of China, Korea and Southeast Asia before and after Pearl Harbor. By 1945, Japan was in ruins, ending with Hiroshima and Nagasaki.

The American people have to be alert to our government’s needless military and political provocations of China, which is worried about encirclement by surrounding U.S.-allied nations and U.S. air and sea power. Washington might better turn immediate attention to U.S. trade policies that have facilitated U.S. companies shipping American jobs and whole industries to China.

The Obama administration must become more alert to authoritarian trends in Japan that its policies have been either encouraging or knowingly ignoring – often behind the curtains of our own chronic secrecy.
The lessons of history beckon.

Ralph Nader is a leading consumer advocate, the author of The Seventeen Traditions, among many other books, and a four-time candidate for US President. Read other articles by Ralph, or visit Ralph's website.