Tuesday, May 26, 2009

National Cyber Range: Building Attack Tools for Mass Destruction

A quintessential hallmark of an authoritarian regime, particularly one that operates within highly-militarized, though nominally democratic states such as ours, is the maintenance of a system of internal control; a seamless panopticon where dissent is equated with criminality and the rule of law derided as a luxury ill-afforded "during a time of war."

In this context, the deployment of new offensive technologies which can wreck havoc on human populations deemed expendable by the state, are always couched in a defensive rhetoric by militarist aggressors and their apologists.

While the al-Qaeda brand may no longer elicit a compelling response in terms of mobilizing the population for new imperial adventures, novel threats--and panics--are required to marshal public support for the upward transfer of wealth into the corporate trough. Today, "cyber terror" functions as the "new Osama."

And with Congress poised to pass the Cybersecurity Act of 2009, an Orwellian bill that would give the president the power to "declare a cybersecurity emergency" and shut down or limit Internet traffic in any "critical" information network "in the interest of national security" of course, the spaces left for the free flow of information--and meaningful dissent--slowly contract.

DARPA--and Cybersecurity Grifters--to the Rescue

But protecting critical infrastructure from hackers, criminals and terrorists isn't the only game in town. The Pentagon is planning to kick-start a new office, Cyber Command, armed with the capacity to launch devastating attacks against any nation or group deemed an official enemy by Washington.

As Antifascist Calling reported last year, the Defense Advanced Research Projects Agency (DARPA), the Pentagon's "geek squad," is building a National Cyber Range (NCR). As Cyber Command's research arm, the agency's Strategic Technology Office (STO) describes NCR as

DARPA's contribution to the new federal Comprehensive National Cyber Initiative (CNCI), providing a "test bed" to produce qualitative and quantitative assessments of the Nation's cyber research and development technologies. Leveraging DARPA's history of cutting-edge research, the NCR will revolutionize the state of the art for large-scale cyber testing. Ultimately, the NCR will provide a revolutionary, safe, fully automated and instrumented environment for our national cyber security research organizations to evaluate leap-ahead research, accelerate technology transition, and enable a place for experimentation of iterative and new research directions. ("National Cyber Range," Defense Advanced Research Projects Agency, Strategic Technology Office, no date)

According to a January 2009 press release, the agency announced that NCR "will accelerate government research and development in high-risk, high-return areas and work in close cooperation with private-sector partners to jump-start technical cyber transformation."

Given the Pentagon's proclivity to frame debates over defense and security-related issues as one of "dominating the adversary" and discovering vulnerabilities that can be "exploited" by war planners, one can hypothesize that NCR is a testing range for the creation of new offensive weapons.

Amongst the "private-sector partners" chosen by the agency to "develop, field, and test new 'leap ahead' concepts and capabilities" are:

BAE Systems, Information and Electronic Systems Integration Inc., Wayne, N.J. ($3,279,634); General Dynamics, Advanced Information Systems, San Antonio, Texas ($1,944,094); Johns Hopkins University Applied Physics Laboratory, Laurel Md. ($7,336,805); Lockheed Martin Corp., Simulation, Training and Support, Orlando, Fla. ($5,369,656); Northrop Grumman, Intelligence, Surveillance and Reconnaissance Systems Division, Columbia, Md. ($344,097); Science Applications International Corp., San Diego, Calif. ($2,821,725); SPARTA, Columbia, Md. ($8,603,617).

While little-known outside the defense and intelligence establishment, SPARTA describes its "core business areas" as "strategic defense and offense systems, tactical weapons systems, space systems." Its security and intelligence brief includes "intelligence production, computer network operations, and information assurance."

Investigative journalist James Bamford wrote in The Shadow Factory that SPARTA "hired Maureen Baginski, the NSA's powerful signals intelligence director, in October 2006, as president of its National Security Systems Sector." According to Bamford, the firm, like others in the netherworld of corporate spying are always on the prowl for intelligence analysts "to pursue access and exploitation of targets of interest."

Given their spooky résumé, information on SPARTA's contracts are hard to come by. Indeed, the firm claims that under Section 508 of the Rehabilitation Act they are exempt from providing the public with information because their products involve "the operation, or use of... intelligence activities... related to national security, command and control of military forces, equipment that is an integral part of a weapon or weapons system, or systems which are critical to the direct fulfillment of military or intelligence missions." How's that for openness and transparency! One can only hazard a guess as to the firm's role in devising DARPA's "leap-ahead" National Cyber Range.

While the initial outlay of defense funds for NCR may appear to be a substantial amount of boodle for enterprising contractors, it is merely a down payment on Phase I of the project. Melissa Hathaway, the Obama administration's director of the Joint Interagency Cyber Task Force said, "I don't believe that this is a single-year or even a multi-year investment--it's a multi-decade approach." Hathaway, a former consultant at the spooky Booz Allen Hamilton corporation, told the Intelligence and National Security Alliance (INSA) in April,

Building toward the architecture of the future requires research and development that focuses on game-changing technologies that could enhance the security, reliability, resilience and trustworthiness of our digital infrastructure. We need to be mindful of how we, government and industry together, can optimize our collective research and development dollars and work together to improve market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services. ("Remarks by Melissa E. Hathaway, Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils," INSA, April 30, 2009)

That Hathaway chose INSA as a forum is hardly surprising. Describing itself as a "non-profit professional association created to improve our nation's security through an alliance of intelligence and national security leaders in the private and public sectors," INSA was created by and for contractors in the heavily-outsourced shadow world of U.S. intelligence. Founded by BAE Systems, Booz Allen Hamilton, Computer Sciences Corporation, General Dynamics, Hewlett-Packard, Lockheed Martin, ManTech International, Microsoft, the Potomac Institute and Science Applications International Corporation, The Washington Post characterized INSA as "a gathering place for spies and their business associates."

"Partners" who benefit directly from the launch of DARPA's National Cyber Range. No doubt, Hathaway's remarks are music to the ears of "beltway bandits" who reap hundreds of billions annually to fund taxpayer-fueled "national security priorities." That the Pentagon is richly rewarding INSA-connected firms with documented track records of "misconduct such as contract fraud and environmental, ethics, and labor violations," according to the Project on Government Oversight's (POGO) Federal Contractor Misconduct Database (FCMD) hardly elicits a yawn from Congress.

Among the corporations selected by the agency to construct the National Cyber Range, Lockheed Martin leads the pack in "Misconduct $ since 1995" according to POGO, having been fined $577.2 million (No. 1); Northrop Grumman, $790.4 million (No. 3); General Dynamics, $63.2 million (No. 4); BAE Systems, $1.3 million (No. 6); Science Applications International Corporation (SAIC), $14.5 million (No. 9); Johns Hopkins University, $4.6 million, (No. 81)

But as disturbing as these figures are, representing corporate grifting on a massive scale, equally troubling is the nature of the project itself. As Aviation Week reports, "Devices to launch and control cyber, electronic and information attacks are being tested and refined by the U.S. military and industry in preparation for moving out of the laboratory and into the warfighter's backpack."

High-Tech Tools for Aggressive War

The American defense establishment is devising tools that can wreck havoc with a keystroke. DARPA is currently designing "future attack devices" that can be deployed across the imperialist "battlespace" by the "non-expert," that is by America's army of robosoldiers. According to Aviation Week, one such device "combines cybersleuthing, technology analysis and tracking of information flow. It then offers suggestions to the operator on how best to mount an attack and, finally, reports on success of the effort."

The heart of this attack device is its ability to tap into satellite communications, voice over Internet, proprietary Scada networks--virtually any wireless network. Scada (supervisory control and data acquisition) is of particular interest since it is used to automatically control processes at high-value targets for terrorists such as nuclear facilities, power grids, waterworks, chemical plants and pipelines. The cyberattack device would test these supposedly inviolate networks for vulnerabilities to wireless penetration. (David A. Fulghum, "Network Attack Weapons Emerge," Aviation Week, May 21, 2009)

As can be expected, the Pentagon's rhetorical mise-en-scène is always a purely "defensive" response to future depredations by nefarious and shadowy forces threatening the heimat. In fact, the United States has systematically employed battlefield tactics that target civilian infrastructure as a means of breaking the enemy's will to fight. Stretching across the decades, from Southeast Asia to Iraq to Yugoslavia, imperialist strategists have committed war crimes by targeting the electrical grid, water supply and transportation- and manufacturing infrastructure of their adversaries.

The NCR will potentially serve as a new and improved means to bring America's rivals to their knees. Imagine the capacity for death and destruction implicit in a tool that can, for example, at the push of a button cause an adversary's chemical plant to suddenly release methyl isocynate (the Bhopal effect) on a sleeping city, or a nuclear power plant to go supercritical, releasing tens of billions of curies of radioactive death into the atmosphere?

During NATO's 1999 "liberation" of the narco-state Kosovo from the former Yugoslavia, American warplanes dropped what was described as a graphite "blackout bomb," the BLU-114/B "soft bomb" on Belgrade and other Serbian cities during its war of aggression. As the World Socialist Web Site reported at the time,

A particularly dangerous consequence of the long-term power blackout is the damage to the water systems in many Yugoslav cities, which are dependent on pumping stations run by electrical power. Novi Sad, a city of 300,000 which is the capital of the Vojvodina province of Serbia, has been without running water for eight days, according to residents. Families have been compelled to get water from the Danube river to wash and operate the toilet, and a handful of wells to provide drinking water.

Sewage treatment plants have also been shut down, with the result that raw, untreated sewage has begun to flow into the network of rivers that feed into the Danube, central Europe's most important waterway. (Marty McLaughlin, "Wall Street celebrates stepped-up bombing of Serbia," World Socialist Web Site, May 5, 1999)

With technological advances courtesy of DARPA's National Cyber Range and their "private-sector partners," the potential for utterly devastating societies ripe for resource extraction by American corporatist war criminals will increase exponentially. As Wired reported,

Comparisons between nuclear and cyberweapons might seem strained, but there's at least one commonality. Scholars exploring the ethics of wielding logic bombs, Trojan horses, worms and bots in wartime often find themselves treading on ground tilled by an earlier generation of Cold War nuclear gamesmen.

"There are lots of unknowns with a cyberattack," says Neil Rowe, a professor at the Center for Information Security Research at the U.S. Naval Postgraduate School, who rejects cyberattacks as a legitimate tool of war. "The potential for collateral damage is worse than nuclear technology.... With cyber, it can spread through the civilian infrastructure and affect far more civilians." (Marty Graham, "Welcome to Cyberwar Country, USA," Wired, February 11, 2008)

Initiatives such as the National Cyber Range are fully theorized as one facet of "network-centric warfare," the Rumsfeldian "Revolution in Military Affairs." Durham University geographer Stephen Graham describes the Pentagon notion that dominance can be achieved through "increasingly omnipotent surveillance and 'situational awareness', devastating and precisely-targeted aerial firepower, and the suppression and degradation of the communications and fighting ability of any opposing forces."

Indeed, these are integrated approaches that draw from corporate management theory to create "continuous, always-on support for military operations in urban terrain," an imperialist battlespace where Wal-Mart seamlessly morphs into The Terminator.

According to Aviation Week, the device currently being field tested will "capture expert knowledge but keep humans in the loop." As a battlefield weapon, simplicity and ease of operation is the key to successfully deploying this monstrous suite of tools. And Pentagon "experts" are designing a console that will "quantify results so that the operator can put a number against a choice," "enhance execution by creating a tool for the nonexpert that puts material together and keeps track of it" and finally, "create great visuals so missions can be executed more intuitively."

A touch-screen dashboard beneath the network schematic display looks like the sound mixing console at a recording studio. The left side lists cyberattack mission attributes such as speed, covertness, attribution and collateral damage. Next to each attribute is the image of a sliding lever on a long scale. These can be moved, for example, to increase the speed of attack or decrease collateral damage. (Aviation Week, op. cit.)

A tunable device for increased destructive capabilities; what are these if not a prescription for mass murder on a post-industrial scale?

Additionally, DARPA sorcerers are combining "digital tools that even an inexperienced operator can bring into play. In the unclassified arena there are algorithms dubbed Mad WiFi, Air Crack and Beach. For classified work, industry developers also have a toolbox of proprietary cyberexploitation algorithms."

What has been dubbed "Air Crack" deploys "open source tools to crack the encryption key for a wireless network." Cryptoattacks on the other hand, "use more sophisticated techniques to cut through the password hash."

One means to "penetrate" an adversary's protective cyber locks is referred to as a "de-authorization capability." According to Aviation Week, the attack operator "can kick all the nodes off a network temporarily so that the attack system can watch them reconnect. This provides information needed to quickly penetrate the network." As The Register reported in January when the ink on the DARPA contracts had barely dried,

Thus the planned Cyber Range must be able to simulate not just large computer networks teeming with nodes, but also the people operating and using these interlocked networks. These software sim-people--users, sysadmins, innocent network bystanders and passers-by--are referred to in the Range plans as "replicants". It seems clear that they won't know that they are merely simulated pawns in a virtual network wargame designed to test the efficiency of America's new cyber arsenal. They will merely have to live in a terrible Groundhog Day electronic armageddon, where the weapons and players change but destruction and suffering remain eternal. (Lewis Page, "Deals inked on DARPA's Matrix cyber VR," The Register, January 5, 2009)

Rance Walleston, the head of BAE's cyber warfare division told Aviation Week in late 2008, "We want to change cyber attack from an art to a science." And as The Register averred, the Pentagon's "simulated cyber warzone" should be up and running next year, "ready to pass under the harrow of BAE's new electronic pestilences, digital megabombs and tailored computer plagues."

Is it any wonder then, that the Russian revolutionary Lenin wrote nearly a century ago that "the civilized nations have driven themselves into the position of barbarians"?

Thursday, May 21, 2009

FBI's Use of National Security Letters Soar in 2008

The FBI's employment of Constitution-killing National Security Letters (NSLs) to nab the personal details of Americans without benefit of a court order soared in 2008.

NSLs are written demands by the Bureau (call them self-authorized subpoenas) that compel internet service providers, credit card companies, banks and other financial institutions to turn over records about their customers.

In a letter to the Senate and House Judiciary and Intelligence Committees May 14, U.S. Assistant Attorney General Ronald Weich said that the FBI issued 24,744 NSLs in 2008 compared to 16,804 the previous year.

While less than the 49,000 letters issued by the Bureau in 2006, it still represents a dramatic rise in the use of these onerous warrants.

Under cover of counterterrorism or espionage investigations, the FBI can demand that communications records such as subscriber information, phone numbers, email addresses, web sites browsed or personal financial records can be seized and catalogued by Bureau snoops.

The draconian USA Patriot Act vastly expanded the type of information subject to seizure. Arriving without benefit of a court review and with a lifetime gag order attached, recipients are prohibited from ever disclosing they've received such an oppressive request. As Wired reported May 19,

The FBI's use of NSLs has been sharply criticized. In 2007, a Justice Department Inspector General audit found that the FBI, which issued almost 200,000 NSLs between 2003 and 2006, had abused its authority and misused NSLs.

The inspector general found that the FBI evaded limits on (and sometimes illegally issued) NSLs to obtain phone, e-mail and financial information on American citizens, and under-reported the use of NSLs to Congress.

About 60 percent of a sample of the FBI's NSLs did not conform to Justice Department rules, and another 22 percent possibly violated the statute because they made improper requests of businesses or involved unauthorized collections of information. (Kim Zetter, "FBI Use of Patriot Act Authority Increased Dramatically in 2008," Wired, May 19, 2008)

As Gregory T. Nojeim, the Center for Democracy & Technology's Director of that organization's Project on Freedom, Security & Technology testified last year before the Senate Judiciary Committee:

The intelligence investigations in which NSLs are issued are not only secretive and long running but also encompass purely legal, even political activity. The PATRIOT Act seriously weakened the standard for issuance of NSLs, loosened internal oversight, and allowed NSLs to be used to get sensitive records on innocent persons suspected of absolutely no involvement in terrorism or espionage. The Intelligence Authorization Act for FY 2004 dramatically expanded the scope of NSLs, so they can now be served on the US Postal Service, insurance companies, travel agents, jewelers, and car dealers, among others. Moreover, agencies other than the FBI have been authorized to issue NSLs, and the number of government officials who can authorize NSLs has been expanded. ...

These realities are compounded by the fact that the FBI keeps records for a very long time, even when it concludes that the person to whom the information pertains is innocent of any crime and is not of any continuing intelligence interest. Information is increasingly being shared across agency boundaries, but without audit trails or the ability to reel back erroneous or misleading information, or information that is about people who are of no continuing criminal or intelligence interests. Finally, the PATRIOT reauthorization act made many NSLs for the first time ever compulsory and placed criminal penalties on violation of the non-disclosure requirement (commonly known as a "gag"), changes that probably make it even less likely NSLs will be challenged. ("Statement of Gregory T. Nojeim before the Senate Judiciary Committee," Center for Democracy & Technology, April 23, 2008, pp. 2-3)

Weich's letter to Congress said that the Bureau issued a number of "corrective NSLs" to "provide legal authority to retain information it had previously received," primarily from so-called "exigent" or informal "emergency" requests to a business or individual to voluntarily hand over information until a formal warrant is issued to cover FBI demands. The Justice Department claimed,

As you may know, in March 2007, and again in March 2008, the Inspector General of the Department of Justice (OIG) released reports regarding the FBI's use of NSLs. One of the Inspector General's findings was that the manner in which the FBI tracked NSLs resulted in inaccuracies in the statistics reported to Congress. In response to the Inspector General's findings and recommendations, the FBI has taken substantial steps to correct the identified deficiencies in its statistical tracking of NSLs. ("Letter to Senate and House Judiciary and Intelligence Committees," U.S. Department of Justice, Office of Legislative Affairs, May 14, 2009)

There it is, problem solved! While the DoJ may have "corrected" the FBI's "identified deficiencies" in its "statistical tracking," the wider question of issuing blanket orders to seize private data by an out-of-control domestic political police agency are not addressed by Weich, nor would it appear sought by Congress.

Antifascist Calling reported last year how Brewster Kahle, the founder of the Internet Archive, a project founded in 1996 that created a digital library of the web, after being served with an NSL in 2007, sued the FBI--and won.

After a legal challenge mounted by the American Civil Liberties Union and the Electronic Frontier Foundation in Federal District Court in San Francisco, the Bureau was forced to withdraw the NSL and unseal the case, allowing the Archive's founder to speak out.

On May 18, the ACLU reported that the administration will not ask the Supreme Court to "review a decision that struck down Patriot Act provisions that allow the government to impose unconstitutional gag orders on recipients of national security letters (NSLs)."

According to the civil liberties' watchdog group, "A lower court ruled in 2007 that the gag order provisions were unconstitutional, and the U.S. Court of Appeals for the Second Circuit upheld that ruling in 2008. The government's time for petitioning the Supreme Court for review has now expired." Jameel Jaffer, the Director of the ACLU's National Security Project said:

"We're very pleased that the government has decided not to seek further review of the appeals court's decision. The appeals court was right to find that the FBI can't be given the unchecked power to impose gag orders on the recipients of national security letters, and the government's decision not to seek Supreme Court review means that FBI gag orders will finally be subject to meaningful judicial review. As the last few years have shown us, the blanket of secrecy that cloaks the FBI's activities is an invitation to abuse. Judicial review may not end that abuse altogether, but it will certainly discourage it." ("Obama Administration Will Not Ask Supreme Court to Take Up National Security Letter 'Gag Order' Decision," American Civil Liberties Union, Press Release, May 18, 2009)

While certainly good news, I'm far less sanguine about the FBI's interest in seeking "meaningful judicial review" before targeting political dissent in the United States.

Indeed, the same day the ACLU issued their press release, Federal Computer Week reported that the FBI "is looking for fans on Facebook and followers on Twitter to expand its ability to share information with millions of social media users."

John Miller, a former "journalist" with ABC News and currently an Assistant FBI Director, told the technology publication: "To reach out to the public, we need to be where people are, and we know tens of millions of people spend their time in social media sites."

The social media programs supplement other information technology tools the bureau has deployed in recent years to make it easier for people to submit tips and get news from the FBI, bureau officials said May 15. In addition to a Facebook page and tweets sent via Twitter, the bureau also has a YouTube page and is testing the usefulness of the virtual world Second Life. (Ben Bain, "FBI expands use of social media," Federal Computer Week, May 18, 2009)

FBI securocrats said the widgets the Bureau have released in recent weeks have been "popular," and the domestic spooks plan to release new ones in coming weeks for iPhones and iPod Touches.

Which just goes to show that during the new, golden age of Obama: Plus ça change, plus c'est la même chose!

Sunday, May 17, 2009

FBI "Going Dark." Budget Request for High-Tech Surveillance Capabilities Soar

The Federal Bureau of Investigation's budget request for Fiscal Year 2010 reveals that America's political police intend to greatly expand their high-tech surveillance capabilities.

According to ABC News, the FBI is seeking additional funds for the development of "a new 'Advanced Electronic Surveillance' program which is being funded at $233.9 million for 2010. The program has 133 employees, 15 of whom are agents."

Known as "Going Dark," the program is designed to beef up the Bureau's already formidable electronic surveillance, intelligence collection and evidence gathering capabilities "as well as those of the greater Intelligence Community," ABC reports. An FBI spokesperson told the network:

"The term 'Going Dark' does not refer to a specific capability, but is a program name for the part of the FBI, Operational Technology Division's (OTD) lawful interception program which is shared with other law enforcement agencies."

"The term applies to the research and development of new tools, technical support and training initiatives." (Jason Ryan, "DOJ Budget Details High-Tech Crime Fighting Tools," ABC News, May 9, 2009)

Led by Assistant Director Marcus C. Thomas, OTD describes the office as supporting "the FBI’s investigative and intelligence-gathering efforts--and those of our federal, state, and local law enforcement/intelligence partners--with a wide range of sophisticated technological equipment, examination tools and capabilities, training, and specialized experience. You won’t hear about our work on the evening news because of its highly sensitive nature, but you will continue to hear about the fruits of our labor..."

According to OTD's website, the Division possesses "seven core capabilities": Digital Forensics; Electronic Surveillance; Physical Surveillance; Special Technology and Applications; Tactical Communications; Tactical Operations and finally, Technical Support/Coordination.

Under the heading "Electronic Surveillance," OTD deploys "tools and techniques for performing lawfully-authorized intercepts of wired and wireless telecommunications and data network communications technologies; enhancing unintelligible audio; and working with the communications industry as well as regulatory and legislative bodies to ensure that our continuing ability to conduct electronic surveillance will not be impaired as technology evolves."

But as we have seen throughout the entire course of the so-called "war on terror," systemic constitutional breeches by the FBI--from their abuse of National Security Letters, the proliferation of corporate-dominated Fusion Centers to the infiltration of provocateurs into antiwar and other dissident groups--the only thing "impaired" by an out-of-control domestic spy agency have been the civil liberties of Americans.

Communications Backdoor Provided by Telecom Grifters

While the Bureau claims that it performs "lawfully-authorized intercepts" in partnership with the "communications industry," also known as telecommunications' grifters, the available evidence suggests otherwise.

As Antifascist Calling reported last year, security consultant and whistleblower Babak Pasdar, in a sworn affidavit to the Government Accountability Project (GAP), provided startling details about the collusive--and profitable alliance--between the FBI and America's wireless carriers.

Pasdar furnished evidence that FBI agents have instantly transferred data along a high-speed computer circuit to a Bureau technology office in Quantico, Virginia. The so-called Quantico Circuit was provided to the FBI by Verizon, The Washington Post revealed.

According to published reports, the company maintains a 45 megabit/second DS-3 digital line that allowed the FBI and other security agencies virtually "unfettered access" to the carrier's wireless network, including billing records and customer data "transferred wirelessly." Verizon and other telecom giants have supplied FBI technical specialists with real-time access to customer data.

"The circuit was tied to the organization's core network," Pasdar wrote. Such access would expose customers' voice calls, data packets, even their physical movements and geolocation to uncontrolled--and illegal--surveillance.

In April, Wired obtained documents from the FBI under a Freedom of Information Act request. Those files demonstrate how the Bureau's "geek squad" routinely hack into wireless, cellular and computer networks.

Although the FBI released 152 heavily-redacted pages, they withheld another 623, claiming a full release would reveal a "sensitive investigative technique." Nevertheless, Wired discovered that the FBI is deploying spyware called a "computer internet protocol address verifier," or CIPAV, designed to infiltrate a target's computer and gather a wide range of information, "which it sends to an FBI server in eastern Virginia." While the documents do not detail CIPAV's capabilities, an FBI affidavit from a 2007 case indicate it gathers and reports,

a computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL.

After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. (Kevin Poulsen, "FBI Spyware Has Been Snaring Extortionists, Hackers for Years," Wired, April 16, 2009)

"Going Dark" is ostensibly designed to help the Bureau deal with technological changes and methods to intercept Voice Over Internet Protocol (VOIP) phone calls facilitated by programs such as Skype. But a tool that can seamlessly target hackers and cyber-criminals can just as easily be deployed against political opponents.

The FBI also intends to continue their use of automated link- and behavioral analysis derived from data mining as investigative tools. As a subset of applied mathematics, social network theory and its derivatives, link- and behavioral analysis, purport to uncover hidden relationships amongst social groups and networks. Over time, it has become an invasive tool deployed by private- and state intelligence agencies against political activists, most recently, as Antifascist Calling reported in February, against protest groups organizing against the Republican National Convention.

These methods raise very troubling civil liberties' and privacy concerns. The Electronic Privacy Information Coalition (EPIC) filed a Freedom of Information Act request, demanding that the General Services Administration (GSA) turn over agency records "concerning agreements the GSA negotiated between federal agencies and social networking services, including Flickr, YouTube, Vimeo, Blip.tv, and Facebook."

With the proliferation of social networking sites, applications allow users to easily share information about themselves with others. But as EPIC points out, "Many online services relay information about online associations as users create new relationships. While government agencies may use social networking, cloud computing, and Internet services to create greater transparency on their activities, it remains unclear if there are data collection, use, and sharing limitations."

And with "information discoverability" all the rage amongst spooky security agencies ranging from the FBI to the NSA, "connecting the dots," particularly when it comes to dissident Americans, "is gaining increasing attention from homeland security officials and experts in their ongoing attempt to corral anti-terrorism information that resides across federal, state and local jurisdictions," Federal Computer Week reports.

Will an agreement between Facebook and the FBI facilitate "dot connecting" or will it serve as a new, insidious means to widen the surveillance net, building ever-more intrusive electronic case files on dissident Americans?

The Electronic Police State

As Antifascist Calling reported earlier this month, citing the Electronic Frontier Foundation's (EFF) dossier on the FBI's Investigative Data Warehouse (IDW), the office had "transitioned to the operations and maintenance phase during FY 2008" and now possesses some "997,368,450 unique searchable documents," ready for data mining.

But as study after study has revealed, most recently the comprehensive examination of various programs by the National Research Council, automated data mining is "likely to generate huge numbers of false leads."

Because the mountainous volumes of data "mined" for "actionable intelligence" are drawn from dozens of disparate sources on terrorism or criminal suspects, "they have an enormous potential for privacy violations because they will inevitably force targeted individuals to explain and justify their mental and emotional states."

EFF documented that the Bureau's Telephone Application (TA) "provides a central repository for telephone data obtained from investigations." TA allegedly functions as an "investigative tool ... for all telephone data collected during the course of FBI investigations. Included are pen register data, toll records, trap/trace, tape-edits, dialed digits, airnet (pager intercepts), cellular activity, push-to-talk, and corresponding subscriber information."

Additionally, the civil liberties' group revealed that "records obtained through National Security Letters are placed in the Telephone Application, as well as the IDW by way of the ACS [Automated Case] system." It would appear that "Going Dark" will serve as a research subsystem feeding the insatiable appetite of the Investigative Data Warehouse.

In fact, these programs are part and parcel of what the security website Cryptohippie refers to as the Electronic Police State. Far from keeping us safe from all manner of dastardly plots hatched by criminals and/or terrorists, Cryptohippie avers:

An electronic police state is quiet, even unseen. All of its legal actions are supported by abundant evidence. It looks pristine.

An electronic police state is characterized by this:

State use of electronic technologies to record, organize, search and distribute forensic evidence against its citizens.

The two crucial facts about the information gathered under an electronic police state are these:

1. It is criminal evidence, ready for use in a trial.
2. It is gathered universally and silently, and only later organized for use in prosecutions.

In an Electronic Police State, every surveillance camera recording, every email you send, every Internet site you surf, every post you make, every check you write, every credit card swipe, every cell phone ping... are all criminal evidence, and they are held in searchable databases, for a long, long time. Whoever holds this evidence can make you look very, very bad whenever they care enough to do so. You can be prosecuted whenever they feel like it--the evidence is already in their database. ("The Electronic Police State, 2008 National Rankings," Cryptohippie, no date)

Unfortunately, this is not the stuff of paranoid fantasies, but American reality in the year 2009; one unlikely to change in the foreseeable future.

In addition to "Going Dark," the FBI is busily constructing what ABC News refers to as the "development of the Biometric Technology Center, a Joint Justice, FBI and DoD program." At a cost of $97.6 million, the center will function as a research and development arm of the Bureau's Biometric Center of Excellence (BCOE), one which will eventually "be a vast database of personal data including fingerprints, iris scans and DNA which the FBI calls the Next Generation Identification (NGI)."

The program is closely tied with technology under development by West Virginia University's Center for Identification Technology Research (CITeR). As the FBI's "lead academic partner in biometrics research" according to a Bureau press release, CITeR provides "biometrics research support to the FBI and its law enforcement and national security partners and serve as the FBI liaison to the academic community of biometric researchers nationwide."

Indeed, CITeR director Lawrence A. Hornak, "a visionary of the Big Brother school of technology" told The Register, he awaits the day "when devices will be able to 'recognize us and adapt to us'." The "long-term goal," Hornak declared, is the "ubiquitous use of biometrics."

But as The Register pointed out when the program was publicly rolled-out, "civil libertarians and privacy advocates are not amused."

They claim that the project presents nightmare scenarios of stolen biometric information being used for ever-more outlandish forms of identity theft, which would be nearly impossible to correct. Correcting an inaccurate credit report is already an insulting and hair-raising experience in America, and critics contend that the use of biometrics would make correcting inaccurate credit reports or criminal histories nearly impossible. Besides, they argue, the US government does not exactly have a sterling record when it comes to database security--what happens when, as seems inevitable, the database is hacked and this intimate and allegedly indisputable data is compromised? ...

Databases usually become less accurate, rather than more, the older and bigger they get, because there's very little incentive for the humans that maintain them to go back and correct old, inaccurate information rather than simply piling on new information. Data entry typically trumps data accuracy. Furthermore, the facial recognition technology in its current iteration is woefully inaccurate, with recognition rates as low as 10 per cent at night. All in all, there is ample reason for skepticism--not that it will make much of a difference. (Burke Hansen, "FBI preps $1bn biometric database," The Register, December 24, 2007)

But WVU's CITeR isn't the only partner lining-up to feed at the FBI's trough. ABC reports that the Bureau "has awarded the NGI contract to Lockheed Martin to update and maintain the database which is expected to come online in 2010. After being fully deployed the NGI contract could cost up to $1 billion."

However, Federal Computer Week reported in 2008 that although the initial contract will "consist of a base year," the potential for "nine option years" means that "the value of the multiyear contract ... could be higher." You can bet it will!

Additional firms on Lockheed Martin's "team" as subcontractors include IBM, Accenture, BAE Systems, Global Science & Technology, Innovative Management & Technology Services and Platinum Solutions. In other words, NGI is yet another in a gigantic herd of cash cows enriching the Military-Industrial-Security Complex.

Democracy "Going Dark"

The "vast apparatus of domestic spying" described by the World Socialist Web Site, greatly expanded under the criminal Bush regime is a permanent feature of the capitalist state; one that will continue to target political dissent during a period of profound economic crisis.

That the Obama administration, purportedly representing fundamental change from the previous government, has embraced the felonious methods of the Bush crime family and its capo tutti capo, Richard Cheney, should surprise no one. Like their Republican colleagues, the Democrats are equally complicit in the antidemocratic programs of repression assembled under the mendacious banner of the "global war on terror."

From warrantless wiretapping to the suppression of information under cover of state secrets, and from the waging of imperialist wars of conquest to torture, the militarist mind-set driving capitalist elites at warp speed towards an abyss of their own creation, are signs that new political provocations are being prepared by America's permanent "shadow government"--the military-intelligence-corporate apparatus.

Tuesday, May 12, 2009

Big Increases for Intelligence and Pentagon "Black" Programs in 2010

Continuing along the dark path marked out by his predecessors in the Oval Office, President Barack Obama's Defense and Intelligence budget for Fiscal Year 2010 will greatly expand the reach of unaccountable agencies--and the corporate grifters whom they serve.

According to Aviation Week, "the Pentagon's 'black' operations, including the intelligence budgets nested inside it, are roughly equal in magnitude to the entire defense budgets of the UK, France or Japan, and 10 per cent of the total."

Yes, you read that correctly. The "black" or secret portions of the budget are almost as large as the entire defense outlays of America's allies, hardly slouches when it comes to feeding their own militarist beasts. The U.S. Air Force alone intends to spend approximately $12 billion on "black" programs in 2010 or 36 percent of its entire research and development budget. Aviation Week reveals:

Black-world procurement remains dominated by the single line item that used to be called "Selected Activities," resident in the USAF's "other procurement" section. This year's number stands just above $16 billion. In inflation-adjusted terms, that's 240 per cent more than it was ten years ago.

On the operations side, secret spending has risen 8 per cent over last year, to just over $15 billion--equivalent to more than a third of Air Force operating costs.

What does it all go for? In simple terms, we don't know. It is apparent that much if not all of the intelligence community is funded through the black budget: for example, an $850 million USAF line item is clearly linked to reconnaissance satellites. But even so, the numbers are startling--and get more so year by year. (Bill Sweetman, "Black budget blows by $50 billion mark," Aviation Week, May 7, 2009)

How's that for change! The Register gives a break down of the numbers for added emphasis:

1) Mainstream US armed forces $490bn-odd
2) UK armed forces $60bn
3) Chinese armed forces $58bn
4) French armed forces $54bn
5) "Black" US forces $50bn+
6) Japanese Self-Defence forces $44bn

While the American government refuses to disclose the CIA or NSA's budget, "both the Agency and other non-military spooks do get money of their own. Some of this is spent on military or quasi-military activities," The Register reports.

Toss in the world-wide deployment of CIA and U.S. Special Operations Command (USSOCOM) paramilitary operatives hidden among a welter of Special Access Programs (SAPs) classified above top secret and pretty soon we're talking real money!

One such program may have been Dick Cheney's "executive assassination ring" disclosed by investigative journalist Seymour Hersh during a "Great Conversations" event at the University of Minnesota in March.

And should pesky investigators from the Government Accountability Office (GAO) have the temerity to probe said "executive assassination ring," or other DoD "black" programs well, their Inspector General's had better think again!

According to the whistleblowing security and intelligence website Cryptome, a May 8, 2009 letter from Susan Ragland, GAO Director of Financial Management and Assurance to Diane Watson (D-CA), Chairwoman of the House Committee on Government Management, Organization and Procurement, lays down the law in no uncertain terms to Congress.

Ms. Ragland wrote: "the IG Act authorizes the heads of six agencies to prohibit their respective IGs from carrying out or completing an audit or investigation, or from issuing any subpoena if the head determines that such prohibition is necessary to prevent either the disclosure of certain sensitive information or significant harm to certain national interests."

Neat, isn't it! Under statutory authority granted the Executive Branch by congressional grifters, Congress amended the IG Act "to establish the Department of Defense (DOD) IG and placed the IG under the authority, direction, and control of the Secretary of Defense with respect to audits or investigations or the issuance of subpoenas that require access to certain information."

What information may be withheld from public scrutiny? Ms. Ragland informs us: "Specifically, the Secretary of Defense may prohibit the DOD IG from initiating, carrying out, or completing such audits or investigations or from issuing a subpoena if the Secretary determines that the prohibition is necessary to preserve the national security interests of the United States." (emphasis added)

The same restrictions to the IG Act that apply to the Defense Department are similarly operative for the Departments of the Treasury, Homeland Security, Justice, the U.S. Postal Service (!), the Federal Reserve Board, and the Central Intelligence Agency. Talk about veritable mountains of dirty laundry--and "black" programs--that can be hidden here!

Space-Based Spies

Among the items nestled within the dark arms of Pentagon war planners is a program called "Imagery Satellite Way Ahead," a joint effort between "the Office of the Director of National Intelligence and the Department of Defense designed to revamp the nation's constellation of spy satellites," Congressional Quarterly reports.

As Antifascist Calling revealed in several investigative pieces in June, October and November 2008, America's fleet of military spy satellites are flown by the secretive National Reconnaissance Office (NRO).

According to the agency's own description, "The NRO is a joint organization engaged in the research and development, acquisition, launch and operation of overhead reconnaissance systems necessary to meet the needs of the Intelligence Community and of the Department of Defense. The NRO conducts other activities as directed by the Secretary of Defense and/or the Director of National Intelligence."

As investigative journalist Tim Shorrock revealed in his essential book, Spies for Hire, some ninety-five percent of NRO employees are contractors working for defense and security firms. Indeed, as Shorrock disclosed, "with an estimated $8 billion annual budget, the largest in the IC, contractors control about $7 billion worth of business at the NRO, giving the spy satellite industry the distinction of being the most privatized part of the Intelligence Community."

While the Office's website is short on information, some of the "other activities" alluded to by NRO spooks include the Department of Homeland Security's National Applications Office (NAO).

As I wrote in October, the NAO will coordinate how domestic law enforcement and "disaster relief" agencies such as FEMA use satellite imagery (IMINT) generated by spy satellites. But based on the available evidence, hard to come by since these programs are classified above top secret, the technological power of these military assets are truly terrifying--and toxic for a democracy.

DHS describes the National Applications Office as "the executive agent to facilitate the use of intelligence community technological assets for civil, homeland security and law enforcement purposes." As Congressional Quarterly reveals, the "classified plan would include new, redesigned 'electro-optical' satellites, which collect data from across the electromagnetic spectrum, as well as the expanded use of commercial satellite imagery. Although the cost is secret, most estimates place it in the multibillion-dollar range."

How these redesigned assets will be deployed hasn't been announced. The more pertinent issue is whether or not DHS, reputedly a civilian agency but one which answers to the militarized Office of the Director of National Intelligence (ODNI), will position these assets to illegally spy on Americans. The available evidence is they will.

DHS avers that "homeland security and law enforcement will also benefit from access to Intelligence Community capabilities." With Pentagon "black" programs already costing taxpayers tens of billions of dollars the question remains, with NAO as the "principal interface" between American spooks, DHS bureaucrats and law enforcement, who will oversee NAO's "more robust access to needed remote sensing information to appropriate customers"?

Certainly not Congress. Investigative journalist Siobhan Gorman writing in The Wall Street Journal documented last year, that despite a highly-critical June 2008 study by the Congressional Research Service (CRS), Congress partially-funded the program "in a little debated $634 billion spending measure."

Indeed, a fully-operational NAO now provides federal, state and local officials "with extensive access to spy-satellite imagery--but no eavesdropping--to assist with emergency response and other domestic-security needs, such as identifying where ports or border areas are vulnerable to terrorism." But as CRS investigators wrote:

Members of Congress and outside groups have raised concerns that using satellites for law enforcement purposes may infringe on the privacy and Fourth Amendment rights of U.S. persons. Other commentators have questioned whether the proposed surveillance will violate the Posse Comitatus Act or other restrictions on military involvement in civilian law enforcement, or would otherwise exceed the statutory mandates of the agencies involved. (Richard A. Best Jr. and Jennifer K. Elsea, "Satellite Surveillance: Domestic Issues," Congressional Research Service, June 27, 2008)

While these serious civil liberties' issues have apparently been swept under the carpet, huge funding outlays by Congress for Pentagon's "black" budget operations indicate that President Obama's promises of "change" in how "government does business" is so much hot-air meant to placate the rubes.

Driven by a Corporatist Agenda

Wholesale spying by the American government on its citizens as numerous investigators have uncovered, is aided and abetted by a host of well-heeled corporate grifters in the defense, intelligence and security industries. These powerful, and influential, private players in the Military-Industrial-Security Complex are largely unaccountable; it can be said that America's intelligence and security needs are driven by firms that benefit directly from the Pentagon's penchant for secrecy.

Federal Computer Week reported in April that the program to revamp America's spy satellites "has the backing of the Obama administration, and the program is expected to win congressional approval, according to a senior intelligence official."

The same anonymous "senior official" told the publication, "given the backing of the Defense Department, ODNI and the Obama administration, lawmakers are expected to approve the plan." And as with other "black" programs, the cost is classified but is expected to run into the billions; a veritable windfall for enterprising defense corporations.

The electro-optical satellite modernization program involves building new satellites that the National Reconnaissance Office (NRO) would operate and expanding the use of imagery from commercial providers, according to a statement the Office of the Director of National Intelligence released April 7. Under the plan, the National Geospatial-Intelligence Agency would continue to integrate imagery products for government customers. (Ben Bain, "Spy satellite tally could increase," Federal Computer Week, April 8, 2009)

While no decision has been reached on the "acquisition approach for the program," ODNI and NRO "would oversee the acquisition strategy for the new government-built satellites and a contract would likely be awarded within months."

In a toss-off statement to justify the enormous outlay of taxpayer dollars for the new initiative, Obama's Director of National Intelligence, Dennis Blair, said last month, "When it comes to supporting our military forces and the safety of Americans, we cannot afford any gaps in collection." Or perhaps "any gaps in collection" on Americans. As Tim Shorrock revealed,

The plans to increase domestic spying are estimated to be worth billions of dollars in new business for the intelligence contractors. The market potential was on display in October at GEOINT 2007, the annual conference sponsored by the U.S. Geospatial Intelligence Foundation (USGIF), a non-profit organization funded by the largest contractors for the NGA. During the conference, which took place in October at the spacious Henry B. Gonzalez Convention Center in downtown San Antonio, many companies were displaying spying and surveillance tools that had been used in Afghanistan and Iraq and were now being re-branded for potential domestic use. ("Domestic Spying, Inc.," CorpWatch, November 27, 2007)

Indeed, according to Shorrock when the NAO program was conceived in 2005, former ODNI director Michael McConnell "turned to Booz Allen Hamilton of McLean, Virginia--one of the largest contractors in the spy business. The company was tasked with studying how intelligence from spy satellites and photoreconnaissance planes could be better used domestically to track potential threats to security within the U.S."

Tellingly, McConnell was a senior vice president with the spooky firm for a decade. Booz Allen Hamilton was acquired by the private equity firm The Carlyle Group in a 2008 deal worth $2.54 billion. In addition to Booz Allen Hamilton, other giant defense and security corporations involved in running Homeland Security's National Applications Office include the scandal-tainted British firm BAE Systems, ManTech, Boeing and L-3 Communications.

Among the firms in the running to land ODNI/NRO new spy satellite contracts are: BAE, Boeing, Lockheed Martin and Northrop Grumman. All of these corporations according to the Project on Government Oversight's (POGO) Federal Contractor Mismanagement Database (FCMD) have "histories of misconduct such as contract fraud and environmental, ethics, and labor violations."

Unsurprisingly, Lockheed Martin, Boeing, BAE and Northrop Grumman lead the pack in "total instances of misconduct" as well as fines levied by the federal government for abusive practices and outright fraud.

Conclusion

Unaccountable federal agencies and corporations will continue the capitalist "security" grift, particularly when it comes to "black" programs run by the Department of Defense and the Office of the Director of National Intelligence. Despite a documented history of serious ethical and constitutional breeches, these programs will persist and expand well into the future. While the Obama administration has said it favors government transparency, it has continued to employ the opaque methods of its predecessors.

From the use of the state secrets privilege to conceal driftnet surveillance of Americans, to its refusal to launch an investigation--and prosecution--of Bush regime torture enablers and war criminals, the "change" administration instead, has delivered "more of the same."

Thursday, May 7, 2009

Spying in the UK: GCHQ Awards Lockheed Martin £200m Contract, Promises to "Master the Internet"

The Government Communications Headquarters (GCHQ), the National Security Agency's "kissin' cousin" across the pond, has awarded a £200m ($300m U.S.) contract for an internet panopticon.

American defense and security giant Lockheed Martin and BAE subsidiary Detica (yet another firm specializing "in collecting, managing and exploiting information to reveal actionable intelligence"), snagged the contract The Register and The Sunday Times revealed May 3.

According to The Register the new system, called Mastering the Internet (MTI) "will include thousands of deep packet inspection probes inside communications providers' networks, as well as massive computing power at the intelligence agency's Cheltenham base, 'the concrete doughnut'."

Lockheed Martin and Detica aren't talking and have referred all inquiries on the MTI contract to GCHQ. ComputerWeekly however, reported May 6 that Detica, a firm with close ties to MI5 and MI6, "has data mining software that can detect links between individuals based on their contacts with sometimes widely separated organisations."

The magazine revealed in 2007 that the Insurance Fraud Bureau (IFB) "has outsourced its data mining operations to Detica, a specialist IT company. Its NetReveal software applies social network analysis to huge amounts of data to identify, understand, and evaluate higher-level networks of potentially collusive individuals and organisations."

It would appear the system under construction by GCHQ will apply a similarly unsound and unscientific approach to "counterterrorism." As the National Research Council revealed in their 2008 report on data mining and other dodgy methodologies such as link- and social network analysis for reading digital tea leaves, such techniques "are likely to generate huge numbers of false leads."

However, as a repressive tool for corralling recalcitrant individuals such as antiwar campaigners, environmental activists, socialists and Muslims under Britain's draconian 2006 Terrorism Act, thousands of digital nodes designed to "master the internet" would certainly fit the bill for spooks-gone-wild.

While £200m is a lot of boodle to spy and data mine the private communications and internet browsing habits of British citizens, as James Bamford revealed in Body of Secrets, GCHQ is a key member of the exclusive "UKUSA club."

Under terms of the Cold War-era UKUSA Communications Intelligence Agreement, a surveillance nexus linking the United States, Canada, Britain, Australia and New Zealand, a cosy relationship was created where member agencies agreed to share information, including that obtained illegally on their citizens, with one another. "By the late 1980s," Bamford wrote, "there was barely a corner of the earth not covered by a listening post belonging to one of the members, or by an American satellite."

GCHQ whistleblower Katherine Gun revealed in 2004, that British spooks and their American partners at NSA had sought leverage by spying on diplomats at the United Nations during the run-up to the U.S.-led invasion and occupation of Iraq, The Observer reported.

A firestorm of protest erupted in the usually staid confines of the UN Security Council when Gun leaked a memo to The Observer from NSA section leader Frank Koza to his compadres at GCHQ. The missive detailed a massive spying operation designed to give America "the edge" in forthcoming negotiations over a second UN resolution authorizing war--and what NSA expected from GCHQ. Despite their efforts the targeted nations--Chile, Pakistan, Guinea, Angola, Cameroon and Bulgaria--wouldn't play ball.

It now appears that GCHQ has expanded its brief and intends to routinely spy on British internet users under the guise of "preventing terrorism." According to The Register,

Sources said MTI received approval and funding of more than £1bn over three years in the October 2007 Comprehensive Spending Review. GCHQ, like MI5 and MI6, is funded out of the opaque Single Intelligence Account. For 2007/8 the planned budget for the three agencies was over £1.6bn.

GCHQ began work on MTI soon after it was approved. Records of job advertising by the agency show that in April 2008 it was seeking a Head of Major Contracts with "operational responsibility for the ‘Mastering the Internet’ (MTI) contract". The new senior official was to be paid an annual salary of up to £100,000. (Chris Williams, "Jacqui's secret plan to 'master the internet'," The Register, May 3, 2009)

Not to be outdone by NSA's all-inclusive driftnet surveillance of American citizens, The Sunday Times reported that "the £1 billion snooping project ... will rely on thousands of 'black box' probes being covertly inserted across online infrastructure."

The top-secret programme began to be implemented last year, but its existence has been inadvertently disclosed through a GCHQ job advertisement carried in the computer trade press.

Last week, in what appeared to be a concession to privacy campaigners, Smith announced that she was ditching controversial plans for a single "big brother" database to store centrally all communications data in Britain.

"The government recognised the privacy implications of the move [and] therefore does not propose to pursue this move," she said.

Grabbing favourable headlines, Smith announced that up to £2 billion of public money would instead be spent helping private internet and telephone companies to retain information for up to 12 months in separate databases.

However, she failed to mention that substantial additional sums--amounting to more than £1 billion over three years--had already been allocated to GCHQ for its MTI programme. (David Leppard and Chris Williams, "Jacqui Smith's secret plan to carry on snooping," The Sunday Times, May 3, 2009)

When news of GCHQ's project surfaced, the director of Liberty, Shami Chakrabarti, said Smith's announcement was a "smokescreen" meant to conceal the new MTI project. The civil liberties' watchdog group had applauded the Home Secretary's apparent "climb-down" on an earlier proposal for a a centralized communications database.

Chakrabarti told The Sunday Times, "We opposed the big brother database because it gave the state direct access to everybody's communications. But this network of black boxes achieves the same thing via the back door." One might add, seamlessly and silently through deep packet inspections of message content.

A deep packet inspection refers to a form of computer network filtering that examines the data portion of a communication (including a message header) as it passes the inspection point of an ISP. While it can filter out viruses and spam, the technology can also enable advanced security functions such as data mining, internet eavesdropping and censorship.

Additionally, because ISP's route all of their customers' traffic to a multitude of network providers, they are also able to monitor web-browsing habits in a way that permit them to gain insight into their customers' interests; this then, becomes the basis of a new form of corporate grift: the sale of data to companies that specialize in targeted advertising.

In the United States for example, NSA's unholy alliance with AT&T, Verizon and other giant telecommunications companies, use deep packet inspection to facilitate internet surveillance, sorting and forwarding private communications to a multitude of spooky agencies.

As the Electronic Frontier Foundation has documented in their landmark lawsuits against telecommunications' grifters and the state, Hepting v. AT&T and Jewel v. NSA, AT&T's suite of "secret rooms" located across the country function as virtual--and illegal--NSA listening posts.

According to AT&T whistleblower Mark Klein, the NSA's SG3 secure room is where internet traffic is split and then diverted to NSA worker ants, most likely outsourced techno-drones hired by the agency to do the dirty work. Private communications are then analyzed by Narus traffic analyzers and logic servers. Narus, a spooky Israeli corporation with a Mountain View, California address as a "beard," claims that its devices are capable of real-time data collection and capture at 10 gigabits per second.

In his sworn affidavit Klein told the Court:

Starting in February 2003, the "splitter cabinet" split (and diverted to the SG3 Secure Room) the light signals that contained the communications in transit to and from AT&T's Peering Links with the following Internet networks and Internet exchange points: ConXion, Verio, XO, Genuity, Quest, PAIX, Allegiance, Abovenet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet, and MAE-West.

Internet exchange points are facilities at which large numbers of major Internet service providers interconnect their equipment in order to facilitate the communications among their respective networks.

Through the "splitter cabinet," the content of all the electronic voice and data communications going across the Peering Links ... was transferred from the WorldNet Internet room's fiber optical circuits into the SG3 Secure Room. ("Declaration of Mark Klein in Support of Plaintiffs' Motion for Preliminary Injunction," United States District Court, Northern District of California, Hepting v. AT&T, No. C-06-0672-VRW, March 28, 2006)

According to Wired, the Narus STA 6400 Semantic Traffic Analyzer "can keep track of, analyze and record nearly every form of internet communication, whether e-mail, instant message, video streams or VOIP phone calls that cross the network."

The system under construction by GCHC may surpass the already-intrusive Big Brother capabilities of NSA. Indeed, GCHQ under terms of the UKUSA Communications Intelligence Agreement may in fact be building the system in cahoots with NSA. Certainly the presence of Lockheed Martin would indicate something more than a simple business deal with British spooks!

Suffice it to say, a source familiar with GCHQ's Mastering the Internet project told The Register, "In MTI, computing resources are not measured by the traditional capacities or speeds such as Gb, Tb, Megaflop or Teraflop... but by the metric tonne!.. and they have lots of them."

As author James Bamford points out in his essential book, The Shadow Factory, NSA is currently researching--and racing--to deploy supercomputers with exaflop capacities (one quintillion operations per second); it wouldn't be a stretch to infer that American spies may very well be assisting their British counterparts in a deranged quest to field the next generation of monstrous data mining and surveillance machines.

But don't be alarmed. Just like their American partners, GCHQ operates with "strict accountability ... under the existing legal framework." In response to media reports, GCHQ issued a press release May 3 claiming,

Because we rely upon maintaining an advantage over those that would damage UK interests, it is usually the case that we will not disclose information about our operations and methods. People sometimes assume that secrecy comes at the price of accountability but nothing could be further from the truth. In fact, GCHQ is subject to rigorous parliamentary and judicial oversight (the Intelligence and Security Committee of parliamentarians, and two senior members of the judiciary: the Intelligence Services Commissioner and the Interception of Communications Commissioner) and works entirely within a legal framework that complies with the European Convention on Human Rights. ("GCHQ: Our Intelligence and Security mission in the Internet Age," Government Communications Headquarters, Press Release, May 3, 2009)

Try selling that to countless victims of the 1994 Intelligence Services Act or the 2000 Regulation of Investigatory Powers Act. After all, as public servants at the beck and call of their political and corporate masters, "GCHQ does not spy at will"!

Sunday, May 3, 2009

The FBI's Department of Precrime

As they walked along the busy, yellow-lit tiers of offices, Anderton said: "You're acquainted with the theory of precrime, of course. I presume we can take that for granted." -- Philip K. Dick, The Minority Report

From COINTELPRO to the illegal targeting of antiwar activists and Muslim-Americans, the FBI is America's premier political police agency. And now, from the folks who brought us Wi-Fi hacking, viral computer spyware and al-Qaeda triple agent Ali Mohamed comes the Bureau's Department of Precrime!

A chilling new report by the Electronic Frontier Foundation (EFF) reveals the breadth and scope of the FBI's Investigative Data Warehouse (IDW), the Bureau's massive data-mining project.

With more than a billion records "many of which contain information on American citizens," EFF is calling on Congress to demand FBI accountability and strict oversight of this Orwellian project. By all accounts IDW is huge and growing at a geometric pace. According to the Bureau's own narrative,

The IDW received its initial authority to operate in September 2005, and successfully completed a Federal Information Security Management Act audit in May 2007. As of September 2008, the IDW had: 7,223 active user accounts; 3,826 FBI personnel trained on the system, and 997,368,450 unique searchable documents. The IDW transitioned to the operations and maintenance phase during FY 2008. (Federal Bureau of Investigation, "Investigative Data Warehouse," no date)

EFF notes that "the Library on Congress by way of comparison, has about 138 million (138,313,427) items in its collection."

Kurt Opsahl, EFF's Senior Staff Attorney and the author of the new report said: "The IDW includes more than four times as many documents as the Library of Congress, and the FBI has asked for millions of dollars to data-mine this warehouse, using unproven science in an attempt to predict future crimes from past behavior. We need to know all of what's in the IDW, and how our privacy will be protected."

In 2008, the National Academy of Science's National Research Council issued a stinging report that questioned the efficacy of data-mining as an investigative tool for combatting terrorism.

That report, "Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Assessment," concluded that automated programs such as IDW that collect and mine data should be evaluated for their impact on the privacy rights of citizens. An NRC press release stated candidly:

Far more problematic are automated data-mining techniques that search databases for unusual patterns of activity not already known to be associated with terrorists, the report says. Although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism precisely because so little is known about what patterns indicate terrorist activity; as a result, they are likely to generate huge numbers of false leads. Such techniques might, however, have some value as secondary components of a counterterrorism system to assist human analysts. Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result, the report adds.

The committee also examined behavioral surveillance techniques, which try to identify terrorists by observing behavior or measuring physiological states. There is no scientific consensus on whether these techniques are ready for use at all in counterterrorism, the report says; at most they should be used for preliminary screening, to identify those who merit follow-up investigation. Further, they have enormous potential for privacy violations because they will inevitably force targeted individuals to explain and justify their mental and emotional states. (National Academy of Science, National Research Council, "All Counterterrorism Programs That Collect and Mine Data Should Be Evaluated for Effectiveness, Privacy Impacts," Press Release, October 7, 2008)

Noting that the Bureau is withholding critical information from public scrutiny, and that mining data gleaned from dozens of disparate sources is at the heart of IDW, EFF reports that the FBI "has identified only 38 of the 53 'data sources' that feed into the IDW," and has refused to hand over remaining documents, the result of a 2006 Freedom of Information Act request.

In a subsequent court action over the Bureau's document stonewall, the civil liberties' group reported that the Department of Justice told the court that "no additional material will be disclosed," despite Obama administration assertions that it has "new policies on open government."

Indeed, a May 12, 2005 email obtained by EFF from "an unidentified employee in the FBI's Office of the General Counsel to FBI General Counsel Valerie Caproni" notes that the author was "nervous about mentioning PIA [Privacy Impact Assessment] in context of national security systems."

The author admitted that "It is true the FBI currently requires PIAs for NS [national security] systems as well as non-NS systems." EFF reports that the author "thought that the policy might change." Accordingly the anonymous writer "recommend[ed] against raising congressional consciousness levels and expectations re NS PIAs." Caproni's response is short: "ok."

However, "congressional consciousness levels" were raised after an August 30, 2006 Washington Post piece exposed the intrusive nature of the IDW system.

The Bureau's response? Several emails revealed the FBI's desire to play down privacy concerns, noting cynically: "I'm with [Redacted] in view that if everyone [Redacted] starts running around with their hair on fire on this, they will just be pouring gas on something that quite possibly would just fade away if we just shrug it off."

Given the corporate media's snail-like attention span when it comes to anything other than puppies trapped in a well or the shenanigans of various "celebrities," it's a sure-fire bet something as mundane as the rights of ordinary citizens "would just fade away."

IDW: A Web-Based Panopticon and Cash Cow for Corporate Spooks

The Electronic Frontier Foundation's report, citing the Bureau's own description, characterizes the Investigative Data Warehouse as "the FBI's single largest repository of operational and intelligence information."

In 2005, FBI Section Chief Michael Morehart said that "IDW is a centralized, web-enabled, closed system repository for intelligence and investigative data." Unidentified FBI agents have described it as "one-stop shopping" for FBI agents and an "uber-Google." According to the Bureau, "[t]he IDW system provides data storage, database management, search, information presentation, and security services."

Documents released to EFF show that the FBI began spending funds on IDW in 2002 and that "system implementation was completed in FY 2005." Version 1.1 was released in July 2004 "with enhanced functionality, including batch processing capabilities."

But as with all things related to "national security," early-on in the game the FBI forged a "public-private partnership" with spooky corporations in the defense and security industry, including Science Applications International Corporation (SAIC), Convera and Chiliad to develop the project.

As the Project on Government Oversight (POGO) notes in their Federal Contractor Misconduct Database, the San Diego-based SAIC has paid out some $14.5 million in fines on $5.3 billion in revenue largely derived from contracts in the defense, intelligence and security fields.

Misconduct ranged from false claims and defective pricing to conflict of interest violations. Last August, SAIC was forced to drop its bid with the Federal Emergency Management Agency (FEMA) for the agency's TOPOFF 5 national disaster drill "after allegations of improprieties in the contracting process" were uncovered, according to Washington Technology.

Indeed, SAIC had been hired by the FBI to build an early version of IDW known as the Virtual Case File (VCF). According to Washington Technology, SAIC was contracted by the Bureau in 2001 to build VCF "but pulled the plug in 2005 after realizing the system would not work."

The 2007 appropriations bill directed the Bureau to "retrieve as much as $104 million from the defaulted VCF contract" and in unusual language for the Senate, "expects FBI to use all means necessary, including legal action, to recover all erroneous charges from the VCF contractor," Washington Technology revealed.

Federal Computer Week reported in 2005 that Aerospace, an independent contractor hired to evaluate the system concluded that SAIC "did a poor coding job" and that it was "virtually impossible to update the system."

Despite these revelations, the San Diego defense and security giant has cornered billions of dollars in new contracts from the Defense, Homeland Security and Justice Departments.

Convera, describing itself as "the leading technology provider of intelligent search," the Vienna, Virginia corporation claims it is "an established leader in the business of search technologies." Apparently, the company is less than sanguine about trumpeting its products for the FBI. A search of their website returned zero hits on the terms "FBI-IDW."

However, Washington Technology revealed in 2004, Convera won a contract worth more than $2 million to "provide an agency-wide search and discovery platform for the FBI."

The contract "covers a perpetual license for the company's RetrievalWare software as the search technology." The 2004 award was "a follow-on from an earlier contract worth approximately $1.5 million ... for search and categorization software for the FBI's Investigative Data Warehouse," the technology insider publication reported.

On the other hand Chiliad avers that they will help "organizations realize the full business value of all of their disparate information resources," and their innovative products "in enterprise search and analysis technology, and virtual information sharing" will "help organizations 'Connect the Dots' and arrive at truly actionable intelligence." In this spirit, Chiliad boasts that the FBI as the lead agency for "domestic counterterrorism" has purchased a "worldwide enterprise license to Chiliad's software."

Founded in 1999, the Washington, D.C.-based firm's customer base include such spooky corporations as defense giant BAE, Booz Allen Hamilton, described by investigative journalist Tim Shorrock in Spies For Hire as a "revolving door" connecting the corporate security world and agencies such as NSA, General Dynamics, ITT, Northrop Grumman, SAIC and many, many more!

According to EFF, the FBI is busily putting these products to the test.

In addition to storing vast quantities of data, the IDW provides a content management and data mining system that is designed to permit a wide range of FBI personnel (investigative, analytical, administrative, and intelligence) to access and analyze aggregated data from over fifty previously separate datasets included in the warehouse. Moving forward, the FBI intends to increase its use of the IDW for "link analysis" (looking for links between suspects and other people--i.e. the Kevin Bacon game) and to start "pattern analysis" (defining a "predictive pattern of behavior" and searching for that pattern in the IDW's datasets before any criminal offence is committed--i.e. pre-crime). (Kurt Opsahl, "Report on the Investigative Data Warehouse," Electronic Frontier Foundation, April 2009)

Accordingly, EFF revealed that then-Assistant Director for the Counterterrorism Division, Willie Hulon said in 2004 that the FBI was "introducing advanced analytical tools" that would "make the most" of IDW data.

Hulon went on to state that when IDW is completed, "Agents, JTTF [Joint Terrorism Task Force] members and analysts," using the new data-mining technology "will be able to search rapidly for pictures of known terrorists and match or compare the pictures with other individuals in minutes rather than days. They will be able to extract subjects' addresses, phone numbers, and other data in seconds, rather than searching for it manually. They will have the ability to identify relationships across cases. They will be able to search up to 100 million pages of international terrorism-related documents in seconds." EFF notes that since 2004, "the number of records has grown nearly ten-fold."

According to an April 1 press release from the American Civil Liberties Union, FBI Joint Terrorism Task Forces and the related national nexus of Fusion Centers, comprised of the FBI, local police, the military (U.S. Northern Command) and private outfits in the corporate security world, relying heavily on data-mining and link analysis "have experienced a mission creep in the last several years, becoming more of a threat than a security device."

Indeed, the ACLU noted that Fusion Centers have routinely targeted activists across the political spectrum, relying on specious data-mining techologies as well as paid provocateurs and informants (HUMINT) that label any and all government critics as "extremists" to be monitored and indexed in national security databases. The civil liberties' group averred: "From directing local police to investigate non-violent political activists and religious groups in Texas to advocating surveillance of third-party presidential candidate supporters in Missouri, there have been repeated and persistent disclosures of troubling memos and reports from local fusions centers."

Since 2004, EFF has identified 38 separate data sources feeding the FBI's Investigative Data Warehouse. In addition to the FBI's Automated Case System (ACS), soon to be replaced by the Sentinel Case Management System after the $170 million "Virtual Case File" fiasco briefly described above, IDW compiles information from the following sources:

Secure Automated Messaging Network (SAMNet). SAMNet consists of all message traffic sent by the CIA, Defense Intelligence Agency, including Intelligence Information Reports (IIRs) and Technical Disseminations (TD) to the FBI. These include Secret classified information but not those designated Top Secret and above, including Sensitive Compartmented Information (SCI), the highest security classification.

Joint Intelligence Committee Inquiry (JICI) Documents of "all FBI documents related to Islamic extremist networks between 1993 and 2002."

Open Source News, collected from the MiTAP system run by San Diego State University. EFF describes MiTAP as a "system that collects raw data from the internet, standardizes the format, extracts named entities, and routes documents into appropriate newsgroups. This dataset is part of the Defense Advanced Research Projects Agency (DARPA) Translingual Information Detection, Extraction and Summarization (TIDES) Open Source Data project."

Violent Gang and Terrorist Organization File (VGTOF), provided by the FBI National Crime Information Center (NCIC). It includes "biographical data and photos" of individuals "who the FBI believes to be associated with violent gangs and terrorism." However, numerous abuses of the VGTOF classification system have been uncovered by the ACLU. According to the ACLU of Colorado, the FBI's JTTF added anarchists and eight separate categories of "extremists" to the VGTOF, including "environmental extremist" and "Black extremist." Indeed, Colorado antiwar activist Bill Sulzman, a campaigner against the weaponization of space, was listed in the VGTOF as a "terrorist," according to an article in the Colorado Springs Independent.

CIA Intelligence Information Reports (IIR) and Technical Disseminations (TD), "designed to provide the FBI with the specific results of classified intelligence collected on internationally-based terrorist suspects and activities, chiefly abroad."

Eleven IntelPlus scanned document libraries "related to FBI's major terrorism-related cases."

Eleven Financial Crimes Enforcement Network (FinCEN) Databases.

Selectee List: Copies of a Transportation Security Administration (TSA) "list of individuals that the TSA believes warrant additional security attention prior to boarding a commercial airliner."

Terrorist Watch List (TWL): according to EFF, the "FBI Terrorist Watch and Warning Unit (TWWU) list of names, aliases, and biographical information regarding individuals submitted to the Terrorist Screening Center (TSC) for inclusion into VGTOF and TIPOFF watch lists. Also called the Terrorist Screening Database (TSDB), the database 'contained a total of 724,442 records as of April 30, 2007'." The TWL has balooned to 1,192,000 names as of May 3, 2009.

According to the ACLU, "members of Congress, nuns, war heroes and other 'suspicious characters' ... have become trapped in the Kafkaesque clutches of this list, with little hope of escape." Barry Steinhardt, director of the ACLU Technology and Liberty Project said last summer: "Putting a million names on a watch list is a guarantee that the list will do more harm than good by interfering with the travel of innocent people and wasting huge amounts of our limited security resources on bureaucratic wheel-spinning. I doubt this thing would even be effective at catching a real terrorist." While true enough as far as it goes, perhaps the list's true intent is not to prevent terrorism but rather to terrorize the American people.

At the heart of these systems is data mining, that is, the deployment of a vast infrastructure capable of receiving, processing, managing and analyzing data flowing into the system from disparate sources. Indeed, documents released to EFF disclosed that the Bureau's 2008 budget justification explained that "[t]he Investigative Data Warehouse (IDW), combined with FTTTF's [Foreign Terrorist Tracking Task Force] existing applications and business processes, will form the backbone of the NSB's [National Security Branch] data exploitation system." The FBI also requested "$11,969,000 ... for the National Security Branch Analysis Center (NSAC)." The FBI claimed:

Once operational, the NSAC will be tasked to satisfy unmet analytical and technical needs of the NSB, particularly in the areas of bulk data analysis, pattern analysis, and trend analysis. … The NSAC will provide subject-based "link analysis" through the utilization of the FBI's collection datasets, combined with public records on predicated subjects. "Link analysis" uses datasets to find links between subjects, suspects, and addresses or other pieces of relevant information, and other persons, places, and things. This technique is currently being used on a limited basis by the FBI; the NSAC will provide improved processes and greater access to this technique to all NSB components. The NSAC will also pursue "pattern analysis" as part of its service to the NSB. "Pattern analysis" queries take a predictive model or pattern of behavior and search for that pattern in datasets. The FBI's efforts to define predictive models and patterns of behavior will improve efforts to identify "sleeper cells."

When this request was submitted to Congress, NSAC said it would "bring together nearly 1.5 billion records created or collected by the FBI and other government agencies," expected to quadruple by 2012. The House Science and Technology Committee was so alarmed that they demanded that the Government Accountability Office investigate the National Security Branch Analysis Center.

ABC News' Brian Ross reported that lawmakers are "questioning whether a proposed FBI anti-terrorist program is worth the price, both in taxpayer dollars and the possible loss of Americans' privacy."

Noting that the the FBI has a history "of improperly--even illegally--gathering personal information on Americans, most recently through the widespread abuse of so-called National Security Letters," ABC reported that congressional investigators are demanding to know "whether there are protections in place to make sure all the data in the program was legally collected."

Given the track record of the Bureau when it comes to targeting political opponents, I wouldn't hold my breath.

Two years later, EFF notes in a letter to Senator Patrick Leahy (D-VT) that the FBI has refused to release documents filed under the Freedom on Information Act and that the Bureau "has published neither a 'system of records notice' (as required by the Privacy Act) nor a 'privacy impact assessment' (as required by the E-Government Act) for the IDW, thus depriving the public of the kind of accountability that usually comes with the creation and maintenance of large database systems containing sensitive personal information."

Citing Leahy's own assertion that the IDW is a "system ripe for abuse," EFF has called on the Judiciary Committee to examine IDW closely and "provide the public with needed assurances concerning its potential impact on the privacy rights of citizens."

Stay tuned...