Category Archives: NSA

Weve reported for months on the frightening Obama Administration unmasking scandal and other Obama deep state efforts to sabotage the new Administration and undermine the Constitution and what we are doing about it.

The momentum is starting to shift.

Recent reports show that President Obamas National Security Advisor Susan Rice is being implicated in the unmasking scandal and leaking disgrace which is being exposed for what it is. We sent a Freedom of Information Act (FOIA) request to the National Security Agency (NSA). They ignored it, so we took them to federal court our second federal lawsuit against the NSA in the past few months.

Reports just this month reveal that Samantha Power President Obamas Representative to the United Nations is believed to have requested hundreds of so-called unmaskings of United States persons.

You read that right, President Obamas U.N. Representative is believed to have made hundreds of unmasking requests.

According to the Washington Free Beacon:

Former United Nations Ambassador Samantha Power is believed to have made hundreds of unmasking requests to identify individuals named in classified intelligence community reports related to Trump and his presidential transition team, according to multiple sources who said the behavior is unprecedented for an official in her position. . . .

Efforts by the former Obama administration to obtain the names of Trump allies included in raw intelligence reports have fueled speculation that subsequent leaks to the press were orchestrated by the former administration and its allies in a bid to damage the current White House and smear Trumps most senior confidantes.

House Intelligence Committee Chairman Devin Nunes, in a recent letter to Director of National Intelligence Daniel Coats, expressed the Committees findings, and alarm, that senior government officials offered remarkably few individualized justifications for access to this U.S. person information.

He went on:

For example, this Committee has learned that one official, whose position had no apparent intelligence-related function, made hundreds of unmasking requests during the final year of the Obama Administration. Of those requests, only one offered a justification that was not boilerplate and articulated why that specific official required the U.S. person information for the performance of his or her official duties.

That person, the one whose position had no apparent intelligence-related function, is believed to be Obama U.N. Representative, Samantha Power.

This is outrageous and despicable.

Interestingly, her attorney denied that she committed any of the leaks, but did not deny that she was the one implicated in the Washington Free Beacon report and Chairman Nunes letter.

Sometimes whats not said is more important than what is.

In the midst of misinformation and doublespeak, the ACLJ is pressing forward to get to the bottom of this latest shocking and embarrassing story, and to keep the pressure on to hold this lawless behavior accountable.

Today we took our next big step.

We sent what is now our third FOIA request to the NSA, seeking:

records pertaining to any and all requests former United Nations Ambassador Samantha Power made to National Security Agency (NSA) officials or personnel regarding the unmasking of the names and/or any other personal identifying information of then candidate and/or President-elect Donald J. Trump, his family, staff, transition team members, and/or advisors who were incidentally caught up in U.S. electronic surveillance.

We laid out several specific requests to make sure we cover all possible angles. Heres one example:

All records, communications or briefings created, generated, forwarded, transmitted, sent, shared, saved, received, or reviewed by any NSA official or employee, where one communicant was former United Nations Ambassador Samantha Power, including any communications, queries or requests made under an alias or pseudonym, and another communicant was the Director of the National Security Agency, the Chief of the Central Security Service, SIGINT production organization personnel, the Signals Intelligence Director, Deputy Signals Intelligence Director, or the Chief/Deputy/Senior Operations Officers of the National Security Operations Center, or any other NSA official or employee, referencing, connected to, or regarding in any way communication, request, query, submission, direction, instruction, or order, whereby Samantha Power sought access to or attempted to access SIGINT reports or other intelligence products or reports containing the name(s) or any personal identifying information related to [various individuals connected to President Trump] whether incidentally collected or otherwise . . . .

In the mean time, Attorney General Sessions recently announced that his Department of Justice is stepping up the investigations into illegal leaking. This is something weve been calling for and we applaud his announcement.

The momentum continues to build, and the ACLJ will stay at the forefront of the battle to protect the Constitution, defend our national security, fight government corruption, and demand accountability. We must preserve the integrity of our nations intelligence and national security apparatus. If we fail, the consequences would be devastating. Join us. Sign our Petition today.

Read the original post:
You read that right, President Obama's UN Representative is believed to have made hundreds of unmasking requests. - American Center for Law and...

These digital currencies might make fiat currencies look good. Thats how bad they are. Peter Schiff

Until proven otherwise, , and all cryptocurrencies for that matter, are faith-based currencies, just like the U.S. dollar or any other fiat currency. Instead of full faith and credit of the U.S. Government, cryptocurrencies require full faith in blockchain technology. The Daily Coin posted an interview with Ken Schortgen of The Daily Economist in its revealed that: The NSA developed blockchain technology and released the information in a white paper that has been uncovered by Ken Schortgen, Jr., The Daily Economist LINK. The white paper can found here: How To Make A Mint: The Crytotography Of Anonymous Electronic Cash NSA, Cryptology Division, June 18, 1996.

Built to be skeptics, we have been wondering why Governments and Central Banks tolerate Bitcoin and all of the other cryptos if indeed the cryptos are the digital equivalent of the gold standard. As it turns out, the NSA de facto has the ability to hack crypto blockchains. We are certain the NSA is not the only entity globally with that ability. Furthermore, the cryptocurrencies are absorbing a lot of fiat currency that likely would otherwise be flowing into gold and silver. It reminds us of GLD (NYSE:) and SLV, both of which have absorbed billions of institutional cash into two black hole vaults that have yet to withstand a bona fide independent audit.

In this episode of we bravely shred the Bitcoin and cryptocurrency mystique, which are more emblematic of the global asset bubble than a suitable substitute for gold and silvers monetary function:

See original here:
The Bitcoin Bubble: Hidden Risks And The NSA - Investing.com

Move over, Pixar theres a new CGI creature in town, and he comes from the most unlikely of places, the National Security Agency. Of the federal government agencies that youd expect to have an anthropomorphic mascot dedicated to reducing environmental waste, the NSA is probably near the bottom of the list.

The mascot, Dunk, became public knowledge in 2015, thanks to a menacing NSA tweet the agency sent to publicize its green efforts.

That effort included a school initiative teaching children how to conduct awaste audit, categorize trash, and figure out how effective they were at properly disposing of trash. Yes, the NSA wanted children to go snooping through trash, which seems almost too on the nose to be true. So youre asking me, hey Dunk, what is a waste audit? Well, youre going to dig through all of the trash in your school and then youre going to analyze it, the blue beastintonedin his nasal voice. Youll need to identify the types of trash making up the waste stream of your school and the amounts of each type of trash, by weight and volume.

Upon learning of Dunk, I submitted a Freedom of Information Act request for any communication and documents related to the development of Dunk. More than two years later, the NSA came through with a handful of unclassified documents.

On August 22, 2008, a graphic-design coordinator sent an email with the subject line, (U) Quick Idea. Attached was a file called recycle idea.pdf, which contained preliminary sketches for two waste-disposal bins with faces and arms. One is a round, green recycling bin, for soda cans and such; the other is an orange dumpster labeled WOOD ONLY thats disposing of a pallet. The slogan: Think Before You Throw.

The initiative was put on hold until the graphic-design coordinator returned from leave in early September. The next email exchange that the NSA included begins on October 1, when a waste-and-recycling manager inquires about the Dunk program. Just wanted to know if weve made any further progress Let me know

Two days later, the Dunk we all know and love appears in a file simply titled dunk.pdf, courtesy of the same graphic-design coordinator. Hes now a blue, rectangular recycling bin, who throws trash through a hole in the top of his head, rather than eating it via his mouth. Does the trash give him energy? What happened to his dumpster friend? Why is he called Dunk when hes clearly lobbing the trash?

The final page included in the NSAs response is the final Dunk, now with fancy purple shorts. The picture is not dated, but its presumably the type of office posting that is placed right over the trash bins. Years before Dunk was telling kids to dig through the trash, he was telling NSA workers to be mindful of their waste habits.

Think before you throw! the NSA warns. I mean, thatd be crazy, right? Imagine if your stuff ended up in the wrong place, and someone you didnt intend got ahold of it and used it improperly. Thatd be so embarrassing!

Commonly held best practices for password safety are going out the window.

Nothing (rose) gold can stay.

Including sweatproof, noise-canceling, and foldable versions several under $50.

How an actual person became a bot overnight.

Weve got your John Tucker Must Die sequel right here, folks.

Think before you throw.

We finally know who wrote the infamous document.

Because what the world needs right now is obviously another way to leave your friends on read.

The one about the media wanting him in a noose is really something.

A leaked internal document called the wage gap a myth and laid out all the reasons men are treated unfairly.

Weve heard this argument before.

How to eke a few more minutes out of your battery before everything goes dark.

Its called Stamp.

Including one for $250.

We might be getting a frowning poop emoji to go with the smiling one.

Robbie Tripp is getting owned on Twitter after posting a gushing Instagram about how much he loves his wifes curvy body.

The CMS wasnt cutting it.

It was only after a drivers dashboard went up in spontaneous flames that the company decided to do something.

Read the original here:
I FOIA'd the NSA's Recycling Mascot, and Now I Have More Questions Than Answers - New York Magazine

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

At the outdoor hacker camp and conference SHA2017, which is taking place in the Netherlands, NSA whistleblower William Binney gave the talk, How the NSA tracks you.

As a former insider, Binney knew about this long before Snowden dropped the documents to prove it is happening. Although he didnt say anything new, Binney is certainly no fan of the NSAs spying he calls the NSA the New Stasi Agency. If you are no fan of surveillance, then his perspective from the inside about the total invasion of the privacy rights of everybody on the planet will fuel your fury at the NSA all over again.

In todays cable program, according to Binney, the NSA uses corporations that run fiber lines to get taps on the lines. If that fails, they use foreign governments to get taps on the lines. And if that doesnt work, theyll tap the line anywhere that they can get to it meaning corporations or governments wont even know about the taps.

The companies are involved at the next step the PRISM program, which includes collection directly from the servers of U.S. service providers. However, Binney said PRISM is the minor program when compared to Upstream, which includes collecting data from the taps on fiber-optic cables in hundreds of places around the world. Thats where they are collecting off the fiber lines all the data and storing it.

PRISM was for show-and-tell purposes, to show Congress and courts what the NSA was doing and to say we have warrants and are abiding by the laws. Upstream was the one that allowed the NSA to take everything off the line.

Regarding worldwide SIGINT, CNE (computer network exploitation) was the big one. Implants in hardware or software, lets say switches or servers, make them do anything they want because the NSA pwned them.

That feeds the NSAs Treasure Map, which provides a map of the entire internet in near real-time; any device, anywhere, all the time every minute of every day. As Binney put it, So its not just collecting what youre saying encrypted or not but its also monitoring where you are when you do it.

Treasure Map is also how intelligence agencies use GPS from cell phones to target drone attack victims. Binney noted there are at least 1.2 million people on the drone hit list.

He also mentioned the programs that include the input of all phone data, fixed, mobile, satellite any kind of phone which both the FBI and CIA can directly access so that when they want to see who did what, they have an index, all, to everything they ever said in their database.

All the data is collected without warrants so its a basic violation of the rights of every human, Binney said.

He also covered how other agencies can directly access the NSAs data, Five Eyes, CIA, FBI, DEA and DIA. The police can access it via the FBIs system.

The NSA could choose to look at the right targets, but doesnt. The NSA may collect it all, but thats not the same as intelligence, as understanding all of what was collected. If you use one of the hot keywords in an email, for example, it will get flagged for review. But planned attacks happen because analysts are so buried beneath the data they cant see the attacks coming. Binney previously tried to convince the U.K. that bulk data kills people.

While all this data isnt helping to stop attacks, having all the data gives the intelligence community the power to manipulate anyone they want. Its like J. Edgar Hoover on super steroids all the collected data gives intelligence agencies the means to target anyone. Then parallel construction is used after the fact to go back and build a separate basis for an investigation to cover up the fact that the data was obtained unconstitutionally.

Before taking questions from conference attendees, Binney pointed out an icon on a slide as a teaser to his startup, which will advise on ways you can do privacy and security by design. He came to Europe, since they cant get anything done in the U.S. The U.S. and U.K. are too dense to realize it can be done it also goes against their agenda for more money, power and control.

Can we expect more NSA employees to blow the whistle? Perhaps, but the people in power there are corrupt, Binney said. During the portion of the talk when attendees could ask questions, he talked about how the NSA has employed a lot of introverts, people with ISTJ personalities, making them easy to threaten. Binney added that the See Something, Say Something (about your fellow workers) program inside the NSA is what the Stasi did. Theyre picking up all the techniques from the Stasi and the KGB and the Gestapo and the SS; they just arent getting violent yet that we know of internally in the U.S.; outside is another story.

Read more from the original source:
NSA whistleblower discusses 'How the NSA tracks you' - CSO Online - CSO Online

NSA H. R. McMaster Exposed, Time is Short

People are growing more and more suspicious by the day of President Trumps National Security Adviser, H.R. McMaster.

Several reports last week painted General McMaster (US Army) as a man who is trying to consolidate power in the West Wing, and to undermine President Trumps specific goals when it comes to national security and foreign policy.

He is acting like he wants to limit the Presidents authority, ala the Democrats in the Senate, and if President Trump is really thinking about sending him to Afghanistan to manage the 17 yrs war, well, that might be far enough away for the 3-Star General to stop causing trouble here at home.

This week, we learned from a few news accounts that Gen. McMaster has been busy in recent weeks cleaning the National Security Council (NSC) of any holdovers from The Flynn Era.

Last Wednesday, he fired NSC Intelligence Director Ezra Cohen-Watnick, and earlier this month he fired Rich Higgins for a memo wrote about the globalists who were trying to undermine The Trump Administration.

Some reports say that McMaster is merely getting rid of dead weight analysts who have been presenting the President with foreign policy plans he does not like.

Other reports say Gen. McMaster himself cannot seem to please our President, and he is removing anyone who might take President Trumps side.

What really is worrisome is this the following report from Circa, which reveals that Gen.McMaster wrote a letter protecting Barack Hussein Obamas former National Security Adviser, Susan Rice.

From Circa: The undated and unclassified letter from McMaster was sent in the mail to Rices home during the last week of April. Trump was not aware of the letter or McMasters decision, according to two senior West Wing officials and an intelligence official, who spoke to Circa on condition that they not be named.

I hereby waive the requirement that you must have a need-to-know to access any classified information contained in items you originated, reviewed, signed or received while serving, as National Security Adviser, the letter said. The letter also states that the NSC will continue to work with you to ensure the appropriate security clearance documentation remains on file to allow you access to classified information.

It looks like Gen McMaster is being insubordinate to his Commander-in-Chief in here and that is deadly.

Ms. Rice is under investigation by the House Intelligence Committee for her role in unmasking the names of some Trump campaign officials caught on incidental foreign surveillance, and the President has suggested she may be guilty of violating the law.

The Big Q: Why would his national security adviser go behind the Commander-in-Chiefs back to ensure that Ms. Rice retains her clearances?

The Big A: We wait to see how the Marine 4-Star manages the Army 3-Star.

President Trump needs loyal people around him always, Gen. McMaster may not be suitable, best he retires before he is fired.

Stay tuned

intelligence, investigation, loyal, McMaster, NSA, president, reports, rice, Trump

Paul A. Ebeling, polymath, excels in diverse fields of knowledge. Pattern Recognition Analyst in Equities, Commodities and Foreign Exchange and author of The Red Roadmasters Technical Report on the US Major Market Indices, a highly regarded, weekly financial market letter, he is also a philosopher, issuing insights on a wide range of subjects to a following of over 250,000 cohorts. An international audience of opinion makers, business leaders, and global organizations recognizes Ebeling as an expert.

Read more here:
NSA HR McMaster Exposed, Time is Short - Live Trading News

The Government Accountability Office last week published a report that, among other things, weighs in on the pros and cons of the NSA/CYBERCOM dual-hat system (pursuant to which the director of the NSA/CSS and commander of CYBERCOM are the same person). The report deserves attention but also some criticism and context. Heres a bit of all three.

1. What is the dual-hat issue?

If you are new to the dual-hat issue, or if you have not closely followed developments of the past year, please read this recent post for an introduction and overview.

2. What was GAOs bottom line? Did it recommend keeping or abolishing the dual hat?

Neither. The report does not purport to answer that question. It is, instead, no more and no less than an attempt to convey the Defense Department perspective (and only the DOD perspective) on the pros and cons of keeping the dual-hat structure (as well as identifying some mitigation steps).

3. What method did GAO use to determine DODs perspective?

GAO did three things:

1. It reviewed documents previously generated by CYBERCOM and by the Joint Staff to educate their own leadership on the pros and cons.

2. It sent out questionnaires to various DOD components (with relevant responses received from CYBERCOM, six combatant commands, four combat support agencies, and three offices within the Office of the Secretary of Defense, plus a collective response for the Defense Department produced by DODs chief information officer); and

3. It conducted interviews with personnel from CYBERCOM, the Defense Department's chief information officer, and NSA/CSS.

4. Anything wrong with that methodology?

Not if your goal is to convey only the Defense Departments perspective. And to be fair, that was GAOs stated goal. But this approach is problematic.

One of the issues driving the dual-hat debate involves the tension that arises between intelligence-collection equities (which NSA would be inclined to favor) and disruption equities (which CYBERCOM would be inclined to favor), in the scenario in which access to enemy-controlled system could be used for either purpose. As a result, the intelligence community has a stake in this question. GAO should have reached out for input from the Office of the Director of National Intelligence in particular (it also is odd that GAO included only NSA in one of the three methods mentioned above).

GAO might respond that its terms of reference were DOD-specific. Thats clearly true for certain other parts of the GAO report in question, dealing with other topics. Its less clearly the case with the dual-hat portion of the report. But even if it is, it does not follow that GAO could not include in its report any reference to possibly competing perspectives from the intelligence community. Indeed, I would go further and say it was a big mistake not to do so, for it was perfectly foreseeable that this report would be taken by many (especially the media) as conveying a general assessment of the dual-hat issue rather than just a DOD-specific summary of opinions, no matter how many caveats are given.

5. Fine, but it is what it is. So lets look at what GAO actually reported, starting with the three pros favoring preservation of the dual-hat arrangement. The first one asserts that the dual hat promotes coordination and collaboration between NSA and CYBERCOM. Comments?

At bottom, this is a claim that having a common boss makes it relatively easy to collaborate when it comes to developing exploits and sorting out when and how they are used. That makes sense and is consistent with conventional wisdom on the dual-hat situation.

6. The second pro is about how the dual hat solves the deconfliction challenge mentioned above, but whats really interesting here is what the report implies about how that challenge would otherwise have to be managed.

As already noted, the need to deconflict when collection and disruption equities compete is a big part of this story. Here, GAO acknowledges that the status quo provides a ready-made solution. So far, so good. What is really interesting, though, is the comment GAO then makes regarding what would happen in such cases of tension in the absence of the dual hat.

Tellingly, the report observes that, in that case, deconfliction issues would have to be taken to the Secretary of Defense and/or Director of National Intelligence for resolution (emphasis added). I love the use of and/or in that sentence. It perfectly captures a critical point: Absent a dual hat, there has to be a new deconfliction system, yet the lead contenders for that role each have a dog in the fight.

Let me expand on that a bit.

Assume we decide to end the dual-hat system, without first settling on a new deconfliction system. What then? In that case, CYBERCOM usually will win over NSA. Why? Think about it. NSA wants to use existing access to keep collecting, but CYBERCOM wants to use it to disrupt the platform. If NSA barrels ahead with its preference, nothing really changes; the target remains operational and the enemy is none the wiser, hopefully. But if CYBERCOM barrels ahead with its preference, in most instances that will shut down the target (or at least make clear to the enemy that the target has been penetrated); no more collection at that point. NSA will lose such battles, except when DIRNSA manages to see the issue coming and gets someone over CYBERCOMs head to make it back off.

Sounds like we would need a formal system to replace the dual hat for deconfliction then. But what would that look like? If the solution is to charge the director of national intelligence with making the call, CYBERCOM probably wont be happy. If the solution instead is to charge the secretary of defense (or USD(I) or the like), NSA (and DNI) probably wont be happy. If the solution instead is to convene a committee of some kind with stakeholders from both sidesand that committee works by majority votethen the same problem arises (unless you find some third-party player, such as the national security adviser, to ensure there is not a tie and that the intelligence community and military have equal voting power).

The point being: This issue needs serious attention. I dont doubt that a decent solution can be developed, but care must be taken lest we stumble into the default scenario mentioned above.

7. The third pro involves the efficient allocation of resources, but its really about the idea that NSA makes CYBERCOM possibleand that reminds us that the dual hat isnt going away soon.

The third pro noted by GAO is that the dual hat facilitates NSA and CYBERCOM sharing operational infrastructure (translated: hacking tools, accesses, staging servers, personnel, etc.), as well as the infrastructure for training. Of course, its pretty much a one-way street; this traditionally is all about NSA sharing its expertise with CYBERCOM as it has stood up. Legislation currently forbids separation of the dual hat until the Defense Department can certify that CYBERCOM is truly ready to operate independently. Thats supposed to be the case by September next year, but of course its one thing to say it and quite another to achieve it.

8. Turning now to the cons, GAO introduces the idea that the dual hat may give CYBERCOM an unfair advantage over other commands.

This one was phrased very carefully. Without saying that this problem already exists, GAO says that CYBERCOM thinks that other commands are worried that the dual hat may in the future unduly favor CYBERCOM requests for NSA support over the requests that come from other military commands. This is an interesting twist on the more familiar concern that military equities in general will trump collection equities. This is military-vs.-military instead. At any rate, again note that it is framed as speculation rather than a current observation. That might be politeness, or it might really be purely speculative. You really cant tell from the GAO report (see my last point below, on whether any of the reports observations have strong evidentiary foundations).

9. The second con GAO lists is a bombshell: The dual hat creates [i]ncreased potential for exposure of NSA/CSS tools and operations.

Wow. In an almost cavalier way, the GAO report links the dual-hat issue directly to the fierce, ongoing debate over the security of NSAs tools, a topic that goes to the heart of NSAs mission. Because of the importance of that latter debate, GAOs assertion will constitute a heavy thumb on the scale in favor of separating the dual hat, if it catches on. Time will tell if it will. For now, lets just take a closer look at the claim.

First, here is what GAO says on the subject:

The dual-hat command structure has led to a high-level of CYBERCOM dependence on NSA/CSS tools and infrastructure. According to NSA/CSS officials, the agency shares its tools and tactics for gaining access to networks with a number of U.S. government agencies, but CYBERCOMs dependence on and use of the tools and accesses is particularly prevalent. CYBERCOMs dependence on NSA/CSS tolls increases the potential that the tools could be exposed.

Lets parse the two claims here.

Does the dual hat create CYBERCOM dependence on NSA, as the first sentence indicates? I think that has things backwards. As noted in the prior con, CYBERCOM badly needed NSA at first and still needs it to no small extent. Thats not caused by the dual hat. It is caused by lack of capacity. The dual hat has been part of the solution to that need. Perhaps DOD meant to convey a different point: that keeping the status quo has become a crutch that prevents CYBERCOM from pressing faster to build its own capacities. That makes more sense.

Does CYBERCOM use of NSA tools and accesses (i.e., exploits and penetrations) increase the risk of their exposure? Put that way, the answer must be yes. Every instance of use of any exploit or access creates an opportunity for others to discover it, and so the risk must go up each time (you might say each use increases the exposure surface). But note that weve just put the question in a non-nuanced way, without any attempt to quantify the degree of increase in the risk, let alone to place it in context with off-setting benefits or with reference to mitigation strategies for this problem. All that emerges from the GAO report is the bottom line: CYBERCOM relies on NSA tools ostensibly because of the dual hat, and therefore the dual hat increases the risk of those tools getting loose. Any suggestion that a policy exacerbates that risk is bound to draw attention.

The possibility of loose NSA tools has become a flash point for debate, in a manner that threatens for better or worse to create new limits on the ability of NSA to develop or keep certain capacities (particularly knowledge of zero-day vulnerabilities). NSA received a substantial black eye when a Russian intelligence agency the mysterious entity identifying itself as the Shadowbrokers somehow acquired a cache of NSA-created exploits and then began dumping them publiclyespecially after one of those exploits was used in connection with WannaCry and NotPetya. Both WannaCry and NotPetya received a vast amount of media attention, much of it pinning the blame in large part on NSA. This fueled arguments to the effect that NSA should not be allowed to create or preserve such tools (or at least that current procedures for balancing the competing equities involved (building NSAs collection capacity, vs. improving the security of commercially available products) should be altered significantly to reduce NSAs capacities in this area).

That argument was out there before WannaCry and NotPetya broke, but once those stories broke it received a strong boost from Microsoft. As this June piece in The New York Times from Nicole Perlroth and David Sanger underscores, this perspective has gained considerable momentum with some in private industry, Congress and foreign governments. Just this morning, former NSA deputy director Rick Ledgett wrote a post here at Lawfare fighting back against this argument, highlighting how important the issue is.

Whether you agree or disagree with this argument, surely you can appreciate how it has made the government acutely sensitive to questions about the security of NSAs tools. As a result, the argument that the dual hat creates significant security risks for those tools has the potential to have an outsize impact on the dual-hat debate. Which is a good thing, if the argument is a persuasive one. Unfortunately, the GAO report does not come anywhere close to giving us enough information to judge the matter. And yet this part of the report grabbed headlines in some quarters (see this piece in NextGov, titled GAO: Keeping NSA and CyberCom Together Makes Hacking Tool Leaks More Likely).

10. The next con listed by GAO: NSA and CYBERCOM are too much for any one person to manage.

Thats a familiar and serious concern, and it is unsurprising that it arose here. It is entangled to some extent with the deconfliction issue, of course, but at the end of the day being director of NSA and commander of CYBERCOM both concern vastly more than deconfliction.

11. The next con on the list? Strangely, its the deconfliction issue, which we already discussed above as a pro for the dual hat. What gives?

It is telling that the deconfliction issue pops up both as a pro and a con. As noted above, the dual hat is a good thing for deconfliction insofar as one thinks there ought to be a single decision-maker who takes both collection and disruption equities seriously. But here we see the flip-side of the argument, as GAO reports that personnel from both NSA and CYBERCOM (including a senior-level official) told GAO that the dual-hat leads to increased tension between NSA and CYBERCOM staffs, because their respective collection and disruption missions may not always be mutually achievable.

You know what Im going to say, I suspect. The tension is caused by the combination of incompatible missions and shared tools/accesses. Thats not the dual hats fault. The dual hat is one solution to resolving the tension. As I have noted here, there clearly is a view in some circles that the fix is in with the dual hat, in favor of NSAs collection mission. Maybe thats right, maybe its not. But at any rate, listing the dual hat as a con here seems to be a reflection of that perspective.

12. The last con on the list has to do with difficulties in tracking expenditures the NSA makes on behalf of CYBERCOM.

This may well be a very important issue, but it seems to me the sort of thing to be addressed through improved procedures and should not matter much in deciding whether to keep the dual hat.

13. How strong is the evidence supporting the various pro and con claims?

I recommend caution. We get a description of GAOs methods, as noted above, but we do not also get the underlying documents, interview notes, etc. And the reports narrative on each point is exceedingly thin, no longer really than what Im providing here. Note, too, my earlier observation that GAO does not appear to have sought the views of ODNI, and sought NSA views only to a limited extent. None of which is to say that any of the observations are incorrect, of course.

Visit link:
Separating NSA and CYBERCOM? Be Careful When Reading the GAO Report - Lawfare (blog)

When Americas enemies hide behind closed doors, the best military strategy could be stealthily picking the lock under the cover of night. Or it could be blowing the door to smithereens with an M203 in broad daylight.

Same goes for electronic warfare: some situations requires finesse, others demand brute force.

That, as much as anything, explains why the Pentagon is planning to separate U.S. Cyber Command from the National Security Agency the two entities that have the most influence over Fort Gordon and, by extension, Augustas fledgling cyber economy.

If the split happens as expected in the coming years, the impact would be a positive for Augusta. More on that later.

First, some background: The nearly decade-old Cyber Command focuses on digital warfare and oversees Army Cyber Command, which is gradually being moved from Fort Belvoir, Md., to a 324,000-square-foot facility under construction next to NSA-Georgias massive cryptologic center at Fort Gordon, which gathers intelligence from Europe, Africa and the Middle East.

Cyber and NSA directives differ, but both report to the same commander, Admiral Michael S. Rogers.

Cyber, being the new kid on the block, has essentially borrowed the NSAs tools. That made sense when the command was brand new in 2009, but now cyber warriors need battle-specific gear, military experts say.

One of those experts is Bill Leigher, director of government cybersecurity solutions for defense contractor Raytheon, which has an office in Augusta. Leigher will be one of nearly 3,300 attendees at the Armed Forces Communications and Electronics Associations TechNet show in Augusta later this week.

During a phone interview on the eve of the event, the retired Navy rear admiral explained the difference between Cybers needs and NSAs.

Using network capabilities to collect good intelligence, and not get caught while youre doing it, is the secret part of what our Department of Defense does, Leigher said. But when you go to war, that measure of performance changes. (The technology) needs to behave like a weapon. It needs to be measurable. It needs to be legal in the context of conducting war.

Leigher believes a Cyber-NSA split is about two years from becoming a reality. The two would, of course, continue to collaborate, but he said Cyber Command would be free to start adapting things used successfully in the intelligence community to create new tools that are more in line with the responsibilities of conducting war.

Leigher, who spent many years working with Fort Gordon as the commanding officer of Naval Information Operations Command and deputy commander for U.S. Fleet Cyber Command/U.S. 10th Fleet, said Cyber Command could and should become the Defense Departments 10th unified combatant command. It currently falls under U.S. Strategic Command, the Omaha, Neb.-based command that also oversees U.S. nuclear capabilities and space operations.

Though the Cyber-NSA separation would be transparent from the laymans point of view at Fort Gordon, a newly independent Cyber Command would likely create more opportunities for private industry to develop new cyberwarfare weapons or battle-focused adaptations of existing intelligence gathering.

Leigher noted increased outreach already is occurring through events such as last months Cyber Quest, where 27 companies put out more than three dozen products for road testing at the bases cyberwarfare school, the Army Cyber Center of Excellence.

He said a sharper focus on digital warfare technologies could speed development of private industry.

The best analogy I can give you is I happened to be working at NSA in Fort Meade on Sept. 11, Leigher said. What we now call Annapolis Junction a three-quarter-mile long, half-mile wide cluster of defense contractors and IT companies did not exist before the war on terrorism started. It has all emerged to stand up and support the intelligence needs around NSA. So I just have to believe that you guys in Augusta are going to see growth too.

TONS O TOURISTS: The TechNet show, with an estimated economic impact of nearly $2.8 million, is one of the biggest annual conferences in Augusta. And it keeps getting bigger.

But its not the months biggest event. That distinction goes to 2017 Military Worlds Softball Tournament, which is bringing an estimated 5,500 attendees and $3.4 million in economic impact to the region. This years United States Specialty Sports Association-sanctioned tournament is about the same size as it was last year, when it came to Diamond Lakes Regional Park in south Augusta for the first time in its 15-year history.

August in general is a big month for visitors, according to the Augusta Convention &Visitors Bureau and Augusta Sports Council, which said events like the tournament and TechNet will pump nearly $10.5 million into the economy. Other major events for the month include the the Georgia-South Carolina Bulls Soccer Clubs 2017 Aiken Soccer Cup (3,500 participants, $1,8 million impact) Georgia United States Tennis Associations 2017 Georgia State Mixed Doubles Championship (1,400 participants; $865,000 impact).

MELTING DOWN: Id be smiling more if our nuclear power industrys long-term outlook was as rosy as tourism s.

Heres two bombshells from this past week: South Carolinas SCANA and Santee Cooper canceled construction plans for their two new reactors at the V.C. Summer nuclear plant, and Atlanta-based Southern Co. said its Plant Vogtle expansion project will cost at least $25 billion and wont be finished until 2023.

For those of you keeping track, the Vogtle reactors should have been completed by now for $14 billion. Ay caramba!

Southern Co.s Georgia Power is said to be mulling whether to pull the plug Vogtle. Just two weeks ago it took project management at the site away from Westinghouse Electric Co., which has had numerous problems getting its super-advanced AP1000 reactor built. The subsidiary of Toshiba Corp. filed for bankruptcy in March, largely because of its problems at Vogtle and VC Summer.

Whats been described as Americas nuclear renaissance began in Georgia and South Carolina, and it may end there too.

Other companies that were planning to build new reactors may now be putting on the brakes. And those that havent, such as Utahs Blue Castle Project, have sought companies other than Westinghouse to build their AP1000 units.

Thats sort of like saying you love Fords new F-150 you just prefer it was built by General Motors.

Weve been well aware of the construction issues Westinghouse has been having as contractor at those (Vogtle and Summer) sites, Aaron Tilton, CEO of Blue Castle Holdings, told The Daily Sentinel in Grand Junction, Colo., earlier this year.

Vogltes woes coincide with this summers 30th anniversary of its units 1 and 2, which began operation in 1987 and 1989.

Meanwhile, the rest of the world plows ahead in nuclear. More than 9 gigawatts of new electricity, the largest increase in 25 years, were brought on last year according to the World Nuclear Association.

Four AP1000s under construction in China, two in Sanmen and two in Haiyang are scheduled to start commercial operation next year, with Sanmen being the first.

I predict that a couple of years after that, Chinas state-owned electric utility will probably start building its own reverse-engineered AP1000 knockoff. Maybe China will then sell the pirated technology back to us at discount prices?

Thats one way to grow the industry. Were certainly not going to be able to power our factories and homes or charge our precious smartphones on renewables .

SPEAKING OF PHONES: Xfinity Mobile, a wireless phone service through Comcast, is now available through the Xfinity store in the Augusta Exchange shopping center at 222 Robert C. Daniel Jr. Parkway.

Comcast is introducing the service in its retail stores market-by-market, and this location is among the first in the Southeast to offer Xfinity Mobile, the comapny said in a statement. Xfinity Mobile combines Verizons 4G LTE network with a Wi-Fi network of more than 17 million hotspots nationwide to support a seamless internet and entertainment experience.

The company said it offers straightforward data options: an unlimited $45 per month, per line plan up to five lines with no usage limits; and a $12 by the gig plan with hared cellular data across all lines on an account each month.

SCHOOL DAZE: Are your kids faces buried in a smartphone screen? Put the device to work for you looking into some free back-t0-school apps.

Mike Kinney at Verizons Evans store recommends the following: Family Locator, which lets you track your kids whereabouts; Brainscape, a digital version of flash cards that can be used to improve math and language skills; Easybib, a tool high schoolers can use to make bibliography citations; Todoist, a class, sports and chore task-management app; and Google Goals, a Google Calendar app that lets you schedule, defer or complete goals.

TAX TROUBLE In last weeks column I pointed out the trouble county officials will face dividing up taxes at the new Jim Hudson Lexus dealership under construction on the Richmond-Columbia county line near Washington and Pleasant Home roads.

My mistake was noting that car sales would become part of that headache. Not so, says a friendly neighborhood CPA, who reminded me sales taxes on cars were eliminated by 2013s Title Ad Valorem Tax, which is remitted to the county where the vehicle will be registered, not where the sale occurred.

Shows you how often I buy new cars I still pay the old birthday tax, where the cars taxable value decreases with age.

Car dealers lobbied the state for a title fee for more than 20 years before finally persuading them in 2012 to phase out sales and property taxes on cars. And theres been gripes about it ever since.

People complained the tax was killing the leasing business. Then they complained dealers were gaming the system by artificially inflating the value of trade-ins. Then they complained high-mileage, late model cars were being overvalued. Then Mercedes-Benz executives got an exemption for moving the companys U.S. headquarters to Atlanta while other people who moved away and then returned to Georgia got double taxed.

The tax started at 6.5 percent. Its now 7 percent. The law allows it to go as high as 9 percent.

Remind me, again, what was wrong with the old birthday tax?

ASK STEVEN: Have a local tax question? Youll be able to ask Richmond County Tax Commissioner Steven Kendick on Aug. 21 at 6:30 p.m. at the Warren Road Community Center at 300 Warren Road, where hell be the guest speaker at the West Augusta Alliance meeting, which is open to the public.

Reach Damon Cline at (706) 823-3352 or damon.cline@augustachronicle.com.

View post:
Scuttlebiz: Separating Cyber from NSA could speed private-sector development in Augusta - The Augusta Chronicle

A federal judge has sided with prosecutors in the case against former Fort Gordon contractor Reality Winner, finding that her defense team should be muzzled from speaking about any information deemed classified by the government, even if it has been widely reported in local, national and international media publications.

Winner has pleaded not guilty to a single count of violating a provision of the espionage act. She is accused of leaking a classified document to online media news publication, The Intercept.

That document was extensively reported on by The Intercept and numerous other news media organizations in stories on Winner, who is accused of leaking a national security document she allegedly obtained through her job with a NSA contractor on Fort Gordon.

The document is an analysis of the extent of Russias efforts to hack into state election boards. Russian meddling is the subject of U.S. Senate and House intelligence committees investigations and a special prosecutor who is looking into possible collusion between Trump supporters and the Russians during last years presidential campaign.

In his order released Thursday, Magistrate Judge Brian K. Epps wrote that determining what is classified information is a function of the executive branch of government, not the judicial branch.

Just because the defense team has expressed concern of accidentally mishandling classified information is no reason to relax the strict procedures required, Epps wrote. The defense is not prohibited in using classified information in Winners defense, but it must follow the strict procedures, he wrote.

Both sides have until Aug. 16 to weigh in on Epps proposed protective order that describes the closely guarded handling of materials in the case. A classified information security officer is in charge of ensuring such information is handled only by those on the defense team who have obtained security clearance, and only in a secured location.

The defense is to have free access to that location during regular business hours, although other times may be allotted with proper notice and consultation with the U.S. Marshals Service, according to the order.

Any notes or other papers the defense may create using classified information is not allowed outside of the security location. Any document filed with the court that contains or might contain classified information must be filed under seal. Only those portions deemed not classified by the classified information security officer will be unsealed for public review.

At the end of the case any such defense-prepared material will be destroyed by the classified information security officer. The confines of the protective order are a lifetime commitment and any violation is punishable not only by a finding of contempt but criminal prosecution.

The publication of any classified information does not change the classified status unless a member of the executive branch of government with the proper authorization declares the information to be declassified.

Winners trial is tentatively set to begin in October.

Reach Sandy Hodson at sandy.hodson@augustachronicle.com or (706) 823-3226

Link:
Judge sides with prosecution in Reality Winner NSA leak case | The ... - The Augusta Chronicle

(TNS) -- Further cementing its ambitions as a national powerhouse in cybersecurity education, Columbus State University announced Tuesday that it received a $174,000 grant from the National Security Agency to develop a new tool for rapid cybersecurity training and curriculum development.

The award makes CSU one of the top universities in the nation in providing technologies for cybersecurity workforce development to universities, government and private sector across the nation, said Shuangbao Wang, a professor in CSUs TSYS School of Computer Science in a press release.

The tool will be internet-based, allowing it to be accessed anywhere in the world. Wang expects it will eventually be used by global Department of Defense installations and other private and public organizations.

A key part of the tool will be the use of visual mapping, a technology developed by researchers at the university to assist in military decision making.

We are building a tool that people across the nation can use to develop cybersecurity training, which guarantees compliance with government and industry standards for cybersecurity workforce development, said Wang.

The grant is the latest in a string of awards the university has received for developing cybersecurity programs. Earlier this month, CSU announced that it had partnered with the Muscogee County School District to develop a yearlong cybersecurity course at Rothschild Leadership Academy with the help of a $50,000 grant from the NSA.

The university also hosted a weeklong cybersecurity summer camp in June with another NSA grant, this one for $28,000.

The investments may well pay off, with worldwide spending on cybersecurity estimated to reach more than $100 billion by 2020, according to research by the International Data Corporation. That spending is butting against an expected shortage of about two million jobs by 2019.

National cybersecurity workforce development is one of the key areas of this action plan, Wang said. Upon completion, universities, government, and private sector across the nation can use the tool to quickly develop training and curriculum that otherwise would not be possible due to lack of experts, knowledge and skills.

2017 the Columbus Ledger-Enquirer (Columbus, Ga.) Distributed by Tribune Content Agency, LLC.

The rest is here:
Columbus State Awarded NSA Grant to Develop Cybersecurity Tool - Government Technology

On August 3, The American Conservative ran a lengthy piece of mine dealing with the whistleblower protection nightmare that is the Department of Defense. One of the subjects of that piece is now former NSA IG George Ellard, and because I had even more on his case than I could fit into the TAC piece, I wanted to share the rest of what I knowand dont knowabout the allegations against Ellard, the final disposition of the case, why the Obama administrations whistleblower retaliation fix is itself broken, and what might be done to actually provide meaningful protections for would-be national security whistleblowers in the Pentagon and elsewhere in the national security establishment.

Regarding what little we know about the specifics of Ellards case, I had this to say in the TAC piece:

As the Project on Government Oversight firstreportedin December 2016, a three-member interagency Inspector General External Review Panel concluded in May 2016 that the then-Inspector General of the National Security Agency (NSA), George Ellard, had, according to POGO, himself had previously retaliated against an NSA whistleblower[.] This apparently occurred during the very same period that Ellard hadclaimedthatSnowden could have come to me. The panel that reviewed Ellards case recommended he be fired, a decision affirmed by NSA Director Mike Rogers.

But there was a catch: the Secretary of Defense had the final word on Ellards fate. Outgoing Obama administration Defense Secretary Ash Carter, apparently indifferent to the magnitude of the Ellard case, left office without making a decision.

In the months after Donald Trump became president, rumors swirled inside Washington that Ellard had, in fact, escaped termination. One source, who requested anonymity, reported that Ellard had been seen recently on the NSA campus at Ft. Meade, Maryland. That report, it turns out, was accurate.

On July 21, in response to the authors inquiry, the Pentagon public affairs office provided the following statement:

NSA followed the appropriate procedures following a whistleblower retaliation claim against former NSA Inspector General George Ellard. Following thorough adjudication procedures, Mr. Ellard continues to be employed by NSA.

After Id finished the TAC piece, Ellards attorney, Terrence ODonnell of the Washington mega law firm of Williams & Connolly, sent me the following statement about his client, George Ellard:

The Office of the Assistant Secretary of Defense (ASD) examined and rejected an allegation that former NSA Inspector General, George Ellard, had retaliated against an NSA employee by not selecting that employee to fill a vacancy in the OIGs Office of Investigations.

In a lengthy, detailed, and well-reasoned memorandum, the ASD concluded that Dr. Ellard had not played a role in that personnel decision or, in the terms of the applicable laws and regulations the ASD cited, Dr. Ellard did not take, fail to take, or threaten to take or fail to take any action associated with the personnel decision.

This judgment echoes the conclusion reached by the Department of Defenses Office of the Inspector General. An External Review Panel (ERP) later came to the opposite conclusion, leading to the ASD review. The ASD concluded that the evidence cited in the ERP report as reflective of [Dr. Ellards] alleged retaliatory animus toward Complainant is of a character so circumstantial and speculative that it lacks probity.

In assessing Dr. Ellards credibility and in rendering its decision, the ASD also considered Dr. Ellards distinguished career of public service, spanning more than 21 years of service across the executive, legislative, and judicial branches, culminating in almost 10 years of service as the NSA IG. Dr. Ellard, the ASD noted, has been entrusted to address some of our nations most challenging national security issues; successive NSA Directors have consistently rated Dr. Ellards performance as Exceptional Results and Outstanding; and he has been commended by well-respected senior officials with whom [he has] worked closely over the years for [his] ability and integrity.

Dr. Ellard is serving as the NSA Chair on the faculty of the National War College, a position he held prior to the ERP review.

Quite a bit to unpack in that statement. Lets start with the ASDs decision to overrule the External Review Panel (ERP), a key component of the Obama-era PPD-19, the directive designed to prevent in all government departments or agencies the very kind of thing Ellard allegedly did. Here are the key paragraphs of PPD-19 with respect to ERP recommendations:

If the External Review Panel determines that the individual was the subject of a Personnel Action prohibited by Section A while an employee of a Covered Agency or an action affecting his or her Eligibility for Access to Classified Information prohibited by Section B, the panel may recommend that the agency head take corrective action to return the employee, as nearly aspracticable and reasonable, to the position such employee would have held had the reprisal not occurred and that the agency head reconsider the employees Eligibility for Access to Classified Information consistent with the national security and with Executive Order 12968. (emphasis added)

An agency head shall carefully consider the recommendation of the External Review Panel pursuant to the above paragraph and within 90 days, inform the panel and the DNI of what action he or she has taken. If the head of any agency fails to so inform the DNI, the DNI shall notify the President. (emphasis added)

Taking the ERPs recommendations is strictly optional.

Whats so significant about the ERP recommendation in Ellards case was that the ERP not only apparently believed that the whistleblower in question should be given a fair chance at getting the position he or she originally applied for within the IG itself, but that Ellards actions werein the view of three non-DoD IGs who examined the caseso severe that they recommended he be terminated.

ODonnell quoted from a Pentagon memo clearing Ellard that is not public. The ERPs findings, along with their record of investigation, are not public. Nor do we know how thoroughor cursorythe ASDs review of the Ellard case was prior to the decision to clear Ellard. Given all of that, who are we to believe?

There are some key facts we do know that lead me to believe that the ERPs recommendations were not only likely soundly based, but that the whistleblower retaliation problem inside the Pentagon is deeply entrenched.

ODonnells statement also claimed that the ASDs decision to reverse the ERP and clear Ellard of wrongdoing echoes the conclusion reached by the Department of Defenses Office of the Inspector General. But its the DoD IG itself, as an institution, that is also under a major cloud because of other whistleblower retaliation claims coming from former NSA or DoD IG employeesspecifically former NSA senior executive service member Thomas Drake and for DoD Assistant Inspector General John Crane. As Ive noted previously, the independent Office of Special Counsel found adequate evidence of whistleblower retaliation and document destruction to refer the matter to the Justice Departments own IG; Cranes case is getting a look from the Government Accountability Office (GAO), Congresss own executive branch watchdog.

The DoD and NSA IGs have clear conflicts of interest when employees from within their own ranks are implicated in potential criminal wrongdoing. PPD-19 was supposed to be the answer to such conflicts of interest, but its lack of teeth from an enforcement standpoint renders it a badly flawed remedy for an extremely serious integrity problem.

And what about Congress? PPD-19 speaks to that as well:

On an annual basis, the Inspector General of the Intelligence Community shall report the determinations and recommendations and department and agency head responses to the DNI and, as appropriate, to the relevant congressional committees.

But Congress doesnt need to wait for the IC IG to tell it what is already publicly known about the Ellard, Drake, and Crane cases. It has ample cause to not only investigate these cases, but to take action to replace PPD-19 with a whistleblower protection system that actually protects those reporting waste, fraud, abuse, or criminal conduct and punishes those who attempt to block such reporting. Two options that deserve consideration are 1) empowering OSC to examine these kinds of cases and issue unreviewable summary judgments itself or 2) revive the expired Independent Counsel statute, rewritten with a focus on whistleblower reprisal case investigations.

One thing is beyond dispute. The PPD-19 process is not the answer for protecting whistleblower and punishing those who retaliate against them. We need a credible system that will do both. The only question now is whether anybody in the House or Senate will step up to the task of building a new one.

Read more:
The Curious Case Of Ex-NSA Inspector General George Ellard - Cato Institute (blog)