Google Reveals It Was Forced to Hand Over Journalist’s Data for WikiLeaks Grand Jury Investigation

Jacob Appelbaum

Google released another legal disclosure notice related to the United States government’s ongoing grand jury investigation into WikiLeaks. It informed journalist and technologist Jacob Appelbaum, who previously worked with WikiLeaks, that Google was ordered to provide data from his account.

The disclosure suggests the grand jury investigation may have sought Appelbaum’s data because the US government believed data would contain details on WikiLeaks’ publication of State Department cables.

Appelbaum has been under investigation because of his connection to WikiLeaks for four to five years. He has been detained and interrogated at the US border multiple times. He was one of three subjects of an order the government issued to Twitter for account data for its investigation, which Twitter and other groups like the American Civil Liberties Union (ACLU) and Electronic Frontier Foundation (EFF) challenged in court.

He was recently profiled along with Chinese activist and artist Ai Weiwei in a short film by Laura Poitras, “The Art of Dissent.” He lives in Berlin, where he has spent the past couple of years reporting on documents from NSA whistleblower Edward Snowden for media organizations like Der Spiegel. His lawyers have advised him not to return to the US.

Google’s full legal disclosure to Appelbaum consisted of 306 pages of documents. He did not post the disclosure in its entirety but shared screen shots of parts of the disclosure through his Twitter account.

On April 1, the government apparently determined there was some information that could be disclosed to Appelbaum.

The government seems to confirm in legal documents that it does not consider WikiLeaks to be a journalistic enterprise. It also writes, “The government does not concede that the [redacted] subscriber is a journalist,” referring to Appelbaum.

Nevertheless, the government broaches the issue and insists “newsmen” may be subject to grand jury investigations of this intrusive nature.

“Journalists have no special privilege to resist compelled disclosure of their records, absent evidence that the government is acting in bad faith,” the government asserts. “Even if the [redacted] subscriber were to bring a First Amendment challenge, he could not quash the order because he could not show that the government has acted in bad faith, either in conducting its criminal investigation or in obtaining the order.”

Later, the government adds, “The government has acted in good faith throughout this criminal investigation, and there is no evidence that either the investigation or the order is intended to harass the [redacted] subscriber or anyone else.”

Appelbaum mentioned that this reminded him of how the government targeted New York Times reporter James Risen when they were investigating CIA whistleblower Jeffrey Sterling. He also recalled that a US border agent once said to him he would be “endlessly harassed.”

That experience would seem to call into question the government’s claim it has not acted in bad faith. Plus, given that his Google data was targeted in secret, Appelbaum could not possibly mount a First Amendment challenge because his lawyers did not even know to file a challenge or what to challenge exactly.

(more…)

You Want to Commit Espionage with Hacked Personal Data?

This post was originally published at WeMeantWell.com.

Did the most-recent, recent, breach of United States government personnel files significantly compromise American security? Yes. Could a foreign government make use of such information to spy on the United States? Oh my, yes.

China-based hackers are suspected of breaking into the computer networks of the United States Office of Personnel Management (OPM), the human resources department for the entire federal government. They allegedly stole personnel and security clearance information for at least four million federal workers. The current attack was not the first. Last summer the same office announced an intrusion in which hackers targeted the files of tens of thousands of those who had applied for top-secret security clearances; the Office of Personnel Management conducts more than 90 percent of federal background investigations, including all those needed by the Department of Defense and 100 other federal agencies.

Why all that information on federal employees is a gold mine on steroids for a foreign intelligence service is directly related to what is in the file of someone with a security clearance.

Most everyone seeking a clearance starts by completing Standard Form 86, Questionnaire for National Security Positions, form SF-86, an extensive biographical and social contact questionnaire.

Investigators, armed with the questionnaire info and whatever data government records searches uncover, then conduct field interviews. The investigator will visit an applicant’s home town, her second-to-last-boss, her neighbors, her parents and almost certainly the local police force and ask questions in person. As part of theclearance process, an applicant will sign the Mother of All Waivers, giving the government permission to do all this as intrusively as the government cares to do; the feds really want to get to know a potential employee who will hold the government’s secrets. This is old fashioned shoe-leather cop work, knocking on doors, eye balling people who say they knew the applicant, turning the skepticism meter up to 11.

Things like an old college roommate who moved back home to Tehran, or that weird uncle who still holds a foreign passport, will be of interest. Some history of gambling, drug or alcohol misuse? Infidelity? A tendency to not get along with bosses? Significant debt? Anything at all hidden among those skeletons in the closet?

The probe is looking for vulnerabilities, pure and simple. And that’s the scary “why this really matters” part of the China-based hack into American government personnel files.

America’s spy agencies, like every spy agency, know people are manipulated and compromised by their vulnerabilities. If someone applying for a federal position has too many of them, or even one of particular sensitivity, s/he may be too risky to expose to classified information.

And that’s because unlike almost everything you see in the movies, the most important intelligence work is done the same way it has been done since the beginning of time. Identify a person with access to the information needed (“Qualifying an agent;” a Colonel will know rocket specifications, a file clerk internal embassy phone numbers, for example.) Learn everything you can about that person. Was she on her college tennis team? Funny thing, your intelligence officer likes tennis, too! Stuff like that is very likely in the files taken from the Office of Personnel Management.

But specifically, a hostile intelligence agency is looking for a target’s vulnerabilities. They then use that information to approach the target person with a pitch – give us the information in return for something.

For example, if you learn a military intelligence officer has money problems and a daughter turning college age, the pitch could be money for secrets. A recent divorce? Perhaps some female companionship is desired, or maybe nothing more than a sympathetic new foreign friend to have a few friendly beers with, and really talk over problems. That kind of information is very likely in the files taken from the Office of Personnel Management. And information is power; the more tailored the approach, the more likely the chance of success.

Also unlike in the movies, blackmail is a last resort. Those same vulnerabilities that dictate the pitch are of course ripe fodder for blackmail (“Tell us the location of the code room or we’ll show these photos of your new female friend to the press.”) However, in real life, a blackmailed person will try whatever s/he can do to get out of the trap. Guilt overwhelms and confession is good for the soul. A friendly approach based on mutual interests and goals (Your handler is a nice guy, with a family you’ve met. You golf together. You need money, they “loan” you money. You gossip about work, they like the details) has the potential to last for many productive years of cooperative espionage.

So much of what a foreign intelligence service needs to know to create those relationships and identify those vulnerabilities is in those hacked files, neatly typed and in alphabetical order. Never mind the huff and puff you’ll be hearing about identity theft, phishing and credit reports.

Espionage is why this hack is a big, big deal.

Image is Creative Commons Licensed Photo from Digitale Gesellschaft.

Congress Did Not Pass an Anti-Surveillance Law (And Other Thoughts About the USA Freedom Act)

Screen shot 2015-06-03 at 4.39.24 PM

When President Barack Obama signed the USA Freedom Act, it did not end bulk data collection or mass surveillance programs. It did not address many of the policies, practices or programs of the NSA, which NSA whistleblower Edward Snowden revealed. It did not sharply limit surveillance nor was it an anti-surveillance law. The USA Freedom Act renewed Patriot Act provisions, which had sunset days ago. However, it is difficult to disagree with Snowden’s generally optimistic assessment.

During an Amnesty International UK event, as the Senate was about to pass the law, Snowden declared, “For the first time in forty years of US history, since the intelligence community was reformed in the ’70s, we found that facts have become more persuasive than fear.”

Snowden continued, “For the first time in recent history we found that despite the claims of government, the public made the final decision and that is a radical change that we should seize on, we should value and we should push further.”

He was specifically referring to how the Congress and courts had rejected this NSA surveillance program.

In that sense, June 2 was a day that the people won against the security state. US citizens took away the government’s control of nearly all of their domestic call records. And power was forced to act because their operation of a program and the operations of a secret surveillance court, the Foreign Intelligence Surveillance Court, were no longer seen as legitimate.

The extent of the victory, however, probably ends there.

As another NSA whistleblower, Bill Binney, said during an event in Chicago, the USA Freedom Act was a “surface change.” The government still has Executive Order 12333, which it can use for “content collection of US domestic communications as well as metadata. It’s all done through the Upstream programs. It’s done without oversight at all. There’s no oversight by Congress or the courts.” [Upstream is the series of different cables and fiber optic taps that the NSA uses to collect data that passes through fiber networks. Phone calls, emails, cloud transfers, pictures, and video, according to Binney, can all be collected.]

Journalist Marcy Wheeler pointed out that bulk collection of Americans’ international phone calls will continue. “Backdoor searches” under Section 702 of the FISA Amendments Act will continue, as the NSA can collect emails, browsing and chat history of US citizens without a warrant.

A number of the senators who voted for the USA Freedom Act did so because the three Patriot Act provisions had expired. They wanted something passed quickly so the NSA could resume spying operations that were supposed to be put on hold. So, some senators saw the USA Freedom Act as both a law to protect security as well as privacy.

Senator Bernie Sanders voted against the USA Freedom Act and explained in a released statement that it would still give the NSA and “law enforcement too much access to vast databases of information on millions of innocent Americans.”

The independent senator voted against the Patriot Act and both of the law’s extensions in 2005 and 2011.

The only Democratic senator to vote against the law. (more…)

Spy Planes: FBI Flew Over 100 Secret Missions Over 30 Cities in Recent Months

The Associated Press reported new details on secret surveillance flights being conducted by the FBI, including how the agency registers aircrafts with fake companies to conceal their role.

A recent review conducted by the AP found that over a “recent 30-day period” the FBI flew over 100 flights over 30 cities in 11 states and the District of Columbia.

Most of the missions were with Cessna 182T Skylane aircrafts. They were flown over Boston, Chicago, Houston, Phoenix, Seattle and parts of Southern California.

The planes carried video surveillance equipment as well as Stingray surveillance equipment or cell-site simulator gear, which creates a dragnet and enables the FBI to trick cellphones in a given area into providing identification information to agents.

Unlike the agency’s drone fleet, piloted aircraft is not subject to the Justice Department’s policy barring drones from being used to monitor “First Amendment activities,” which may partly explain why the secret flights have been spotted over cities where communities have protested killings by police.

Sam Richards, an independent journalist, first reported that the FBI was flying secret missions over cities with aircraft registered to fake companies.

“The aircraft have been registered to corporations that do not exist, and the purpose of the aerial operations is not known at this time. The flight patterns of the aircraft indicate they are most likely conducting surveillance, much like the controversial aircraft caught flying circles over the city of Baltimore which has seen many protests recently,” Richards reported on May 25.

Richards searched “aircraft registration” in Bristow, Virginia, and found many “three-letter acronym companies.” A few of the aircrafts listed were “registered explicitly to the Department of Justice.” He decided the companies had to be fake when his searches for information on the Internet were “fruitless.” He also noticed that the flight patterns—repeated circles around a city—indicated these planes were likely involved in surveillance missions. (more…)

Sales Exec Fired for Refusing to Install 24/7 Tracking App on Smartphone, Sues Company


Myrna Arias, a sales executive who lives in Kern County, California, is suing Intermex, a wire-transfer company, for wrongful termination, claiming that she was fired for refusing to install a tracking app on her smartphone that would monitor her off-hours location.

According to a Courthouse News Service report that describes the lawsuit, Intermex recruited Ms. Arias while she was working for Netspend, a money-transfer competitor. She requested that Intermex allow her to continue work with Netspend in order to maintain health benefits during a new-hire waiting period, and Intermex agreed. A couple of months into her new employment, her boss, Intermex’s regional vice president of sales John Stubits, told Arias and other employees that they would have to download an app from Xora onto their smartphones that “contained a global positioning system function which tracked the exact location of the person possessing the smartphones on which it was installed.” When she refused, she was fired. Intermex then called Netspend and informed them of her overlapping employment- and Netspend fired her as well. Courthouse News Service explains:

Arias says in her complaint that she researched the app and asked Stubits if Intermex would be tracking her whereabouts when she was off the clock.
“Stubits admitted that employees would be monitored while off duty and bragged that he knew how fast she was driving at specific moments ever since she had installed the app on her phone,” Arias says in her complaint. “Plaintiff expressed that she had no problem with the app’s GPS function during work hours, but she objected to the monitoring of her location during non-work hours and complained to Stubits that this was an invasion of her privacy. She likened the app to a prisoner’s ankle bracelet and informed Stubits that his actions were illegal. Stubits replied that she should tolerate the illegal intrusion because Intermex was paying plaintiff more than NetSpend.”
Stubits also told Arias she had to keep her phone on “24/7″ to assist clients, and “scolded” her when she uninstalled the app to protect her privacy, the complaint adds.
Arias says Intermex fired her a few weeks later

/snip/

Arias objected to the app because there was no way to turn it off when she was at home. Even if she shut down the app on her phone, it would still be running in the background, Glick said.
“She found it very offensive that they were treating her like a felon,” she added. “She was not underperforming, so there was no reason to monitor her.”
To make matters worse, Glick said, Intermex was so angry at her objection to the app that it went “above and beyond a normal wrongful termination and interfered with her ability to earn a livelihood.”
Arias says in her complaint that Robert Lisy, Intermex’s president and CEO, “telephoned John Nelson, vice president of NetSpend, and informed Nelson that plaintiff had been disloyal to NetSpend and was employed by Intermex. As a result of Lisy’s intentional and malicious interference with plaintiff’s contract with NetSpend, NetSpend fired plaintiff promptly. NetSpend specifically cited Lisy’s phone call as the reason for the decision to terminate plaintiff,” the complaint states.

Ms. Arias’s lawsuit claims violation of the right to privacy and California labor laws, unfair business practices, and wrongful termination in violation of public policy.

Should companies be allowed to track workers’ movements on and off the clock with smartphone apps?