* Our leaker is a person with a Twitter timeline that makes you wonder how she maintained her Secret clearance. She retweets @Snowden, yet was hired at Pluribus in Feb. of this year, days after doing so.
* The story is a huge black eye for the Intercept, makes it look like they are very inept.
* The leak is not really substantial, mostly analyst notes about an ongoing thing that's been talked up in the press quite a bit.
Maybe my tinfoil hat is on too tight, but this just has a funny odor to it. One might speculate that this is a calculated leak intended to discredit The Intercept, sow fear in the minds of potential leakers?.
If the comments on other forums are anything to judge by, there are at least two groups of paid astroturfers battling it out today.
She had top secret clearance prior to being hired by Pluribus in February. She was formerly in the Air Force and apparently specialized in Middle Eastern languages. Apparently, top secret clearance is renewed every 5 years [0], so she may have had carte blanche to do what she wanted for a few years.
There are things that can easily be detected and cause you to have issues with a clearance. For example, if you get arrested or have other significant legal issues, someone will probably find out. Also, if you stop paying your bills long enough to have severe credit issues, someone will likely find out about that too.
For social media activity, someone would likely have to report you for anyone to take action.
I for one think its pretty reasonable, it sucks working for the government enough already, if we put people under 24x7 surveillance just for trying to serve their country they will go from having very few talented/ethical people working for them to absolutely none.
That was exactly Julian Assange's original thesis:
----
"The non linear effects of leaks on unjust systems of governance
[...]
The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption."
People with security clearances are under 24/7 surveillance. They sign away their 4th amendment rights by agreeing to the terms of EO12333 and the gov can do anything as part of its investigation process. Sort of foolish for anyone with TS to be blabbing about such things on social media but you know, kids these days.
Why would there be? Pluribus doesn't issue security clearances, the customer agency (in this case the NSA) does. It would be up to the NSA to do any additional background checks/vetting/polygraphs regarding security clearance for any contractors. Working for a contractor/switching jobs is hardly suspicious activity, so the NSA would have no reason to investigate her. Likewise Pluribus had no reason to be suspicious, so the most they'd do beyond the standard corporate background check is call up the NSA to confirm her clearance was active. At the end of the day even the NSA doesn't have the resources to be constantly vetting 100,000+ employees and contractors.
No, a contractor like Pluribus wouldn't issue the clearance, but they'd surely verify that the clearance exists and is valid. That seems like a good time to generate a cursory once over of the applicant's clearance. OTOH, since the IC is in the growth hacking phase these days maybe they don't want to do anything to slow down the money train.
Lots of people with TS clearances hate Trump, but most aren't going to ruin their lives just because the president is an asshole. You'd end up ruining a lot of careers and chances are you'd never stop a single leak.
Both the Intercept and the Washington post have one thing in common, Bezos who received $600 million contract from the CIA:"Meanwhile, a petition campaign was launched related to news that Amazon, under the Post’s new owner, Jeff Bezos, recently secured a $600 million contract from the CIA. That’s at least twice what Bezos paid for the Post this year. Bezos recently disclosed that the company’s Web-services business is building a “private cloud” for the CIA to use for its data needs.
Feeding information to the enemy is not a new tactic either in the form of misinformation to mislead or of mountweasels to flush out moles. Perhaps she did not expect them to publish originals. They do seem inept. But then their warez aren't all over the internet and I cannot see it doing anything other than educating potential leakers as to the necessity to at least think about opsec. So if that was NSA's game then that too is inept. It stinks though.
Both the Intercept and the Washington post has one thing in common,Bezos who received $600 million contract from the CIA:"Meanwhile, a petition campaign was launched related to news that Amazon, under the Post’s new owner, Jeff Bezos, recently secured a $600 million contract from the CIA. That’s at least twice what Bezos paid for the Post this year. Bezos recently disclosed that the company’s Web-services business is building a “private cloud” for the CIA to use for its data needs.
Any article that ends with a yes/no question is always answered with "no". This one is no exception. Print classified info out at work on work printers from a monitored work computer you are logged into and said info ends up with reporters days later? Reporters you communicated with over gmail?! This person isn't exactly an infosec genius. Which, I mean, isn't a sin or anything, but when you know the organization you are directly burning is the NSA and the president of the United States, that's almost an insane level of ignorance.
She didn't communicate with any reporters over Gmail. She e-mailed The Intercept asking for a podcast transcript months ago and again to confirm her account. In fact, she had no electronic correspondence of any kind regarding the leaks (that we know of).
Unless you are a whistleblower and feel that the public legitimately needs to know about something, because afterall this election affects our daily lives. We deserve to to know the truth about threats to democracy, especially when Presidential candidates are still claiming that voter data was rigged. Didn't Trump blame Hillary for him losing the popular vote, saying that it was her fault for hacking the election?
Was it really vital that this tidbit be leaked right now now? Mueller is currently performing an extremely detailed official investigation of this topic and has access to this and much more information, the resources to follow up, the motive to find the truth.
Whistleblowing is warranted in cases where information pertinent to the public interest won't come out otherwise. Given Mueller's investigation, the responsible thing would have been to wait and see, unless you had reason to doubt him.
She was clearly really into the Trump-Russia thing, and there's very little public evidence that there is a Trump-Russia thing. She saw something that she thought of as good evidence, and wanted to inform the public. Her intentions were good.
The problem is that there is also zero evidence in this document she leaked. No evidence of vote tampering, no evidence of Trump participating in anything, no evidence of Trump trying to cover it up, nothing at all to actually sink Trump.
She only sunk herself and gave ammo to critics of government leaks because now it seems that the NSA can't even investigate espionage incidents without somebody leaking to the press just to add fuel to some ongoing drama.
- Mueller's is a criminal investigation. If he doesn't believe he can prove a criminal case, the public will never hear about it. Even if, for example, he had enough to prove that some specific Russian hacker changed the records of enough voting machines to change the outcome of the election: If that guy subsequently died, he wouldn't have a criminal case and the case would be dropped without further commentary.
- It's really not the government's job to decide what the public has an interest in knowing. The system is, for the most part, set up as "default public", and that's how it should be.
- The fact that information (may) come out eventually doesn't help if it requires action now. I believe it's quite obvious that the public debate about these hacks is happening now, and that this is information that is central to that debate. Let's say nothing happens to prevent future hacking, and we learn about this incident in three or five years: I have no trouble imagining FOX commentators dismissing it as "We had this fight in 2017, and now the democrats want to talk about it again?"
I'm suggesting, maybe it wasn't ignorant. I can think of a few examples of where I'd want to be transparent in my actions. Seems like as a whistle-blower you should be as transparent as possible. I think it is time that we see the Russian evidence though. A bunch of techies deserve to disseminate if it is legitimate. Afterall, WikiLeaks has been doing nothing but providing verifiable evidence.
Nah. Only 6 people have printed the doc and of those only one could be found in phone call metadata making a call to a press related contact. I don't know what the leaker was thinking.
And in the end even this leak doesn't contain any evidence of anything that would even tie it to Russia, let alone GRU. On the internet no one knows you're a dog. So she will get 10 years in the slammer for nothing.
The Intercept scanned the document and posted high quality versions of them online. They were of such quality that the embedded dots modern printers add to each page were readily available:
It pointed to the exact printer being used and the exact time and date the document was printed. They didn't need her email to figure out it was her, but I'm sure that will help them in her court case.
In the vast majority of cases, the watermark data wouldn't point anywhere interesting. Maybe the serial number would point to a public library or a warehouse where the printer was stored prior to sale. Certainly The Intercept had no way of knowing that the serial number would correspond to an office printer at the NSA or one of their contractors.
I don't think we should expect news outlets to scour every printed document for these watermarks and remove them. Most aren't that technically savvy and this solidly seems like the responsibility of the person doing the leaking.
Leaking is dangerous and risky. I don't know the leaker personally but I could understand someone feeling that documents need to be released to the public and, at the same time, feeling like they can't evade the NSA's investigation. At that point any counter-measures probably seem pointless, especially for those who are not technical and can't imagine any bounds to the NSA investigative powers.
>Certainly The Intercept had no way of knowing that the serial number would correspond to an office printer at the NSA or one of their contractors.
They should have assumed it. While I agree they can't be expected to have enough technical savvy to remove watermarks, they should have re-typed it and hid or (better) destroyed the original.
What she did was illegal and the government is going to nail her to the wall for it, if for no other reason than as an example to others contemplating the same thing. I'm astounded how little effort they (both the leaker and the Intercept) put into avoiding discovery.
If it were me the watermarks would have been gone before the document left my possession. If you depend on other people to keep your secrets you're doomed.
Actually the Intercept should have known. Margaret Thatcher used water marking to find which Ministry was leaking stories in the 80s. It's standard practice to retype documents before sharing, set up well thought out, secure amnesty boxes, etc.
>It's standard practice to retype documents before sharing
My first thought is that even blogs like AndroidPolice protect their sources better than The Intercept does here - they go as far as re-creating screenshots or renders of phone leaks.
The Intercept's lack of care is astounding. There wasn't any reason they needed to publish the fact that they received printed copies, let alone the actual scans.
Simply converting the scans to black and white (i.e. not greyscale) would've avoided the problem with the dots, as is pointed out in the Errata Security blog post.
In your second paragraph, are you referring to the redactions? The document contains quotes like this:
"Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions."
That's a statement. Statements are not evidence. I can make it seem like it's GRU (or "the Chinese") from right where I am in the US, with no way for anyone to say it ain't so. And I'm not even a pro.
If somebody leaked internal FSB analysis docs claiming but offering no raw intelligence that Ukrainian government is full of US spies and Euromaidan was financed by Soros, would any mainstream media outlet take this kind of source as "evidence"?
It's embarrassing how much some people seem to forget about rationality and skepticism when thinking about this issue.
The leaked info contains a few more specifics about the hand waving from a few months ago, but no actual evidence. What's worse is how the wording of the leaked document and press coverage (including that of The Intercept) interleaves simple assertions of fact into the narrative which do not support claims made by the narrative but simply make the whole thing seem "fact-based" even if it's speculative.
Generally speaking, The Intercept publishes very high quality work, but the presence of Sam Biddle's name on the byline is generally a good indicator of low quality work.
I don't know about Sam Biddle, but a former CIA agent and whistleblower who served 30 months in prison for leaking CIA's torture techniques, also names Matthew Cole as another reporter that worked on this article and has previously also burned him as a source: https://twitter.com/JohnKiriakou/status/872087259985694721
There is no supporting evidence for the assertion that it was "Russia" or about the nature of the "hacking groups".
There is also no consideration of the possibility of false attribution of the above.
Suppose I see that an enemy wears size 10.5 Adidas sneakers. If I buy an identical pair and leave muddy footprints with them near a crime scene, does the presence of the footprints implicate my adversary?
In the case of hacking, our assessment must include a notion of how easy it would be for a nation or group to be falsely implicated.
Separately, there must be a discussion of motive apart from specific evidence. But what we're seeing is a blurring together of various tiny pieces of data, analysis, guesswork, etc., into a narrative.
Within intelligence circles such narratives are meant to be used to allow higher order analysis to proceed in the absence of low level proof.
This is useful in the same way that imagining Travis Kalanick as a misogynist is useful in assessing the question of how such a trait might have impacted corporate culture, but it does not follow that it's true just because one lower-level incident occurred, etc.
> In the case of hacking, our assessment must include a notion of how easy it would be for a nation or group to be falsely implicated.
> Separately, there must be a discussion of motive apart from specific evidence. But what we're seeing is a blurring together of various tiny pieces of data, analysis, guesswork, etc., into a narrative.
Do you believe that the intelligence community has failed to consider these fairly obvious principles when producing their reports?
It seems you've constructed a belief system by which you can never be convinced of Russia's involvement. This is what I was getting at with my question above (which you didn't really answer).
And you've constructed a belief system that we better believe anything that comes out of the NSA about adversaries of the US because well, I feel the NSA is really competent and what else are we supposed to believe anyways.
My belief system isn't convincing me that Russians didn't hack the election system, or that they aren't capable of it. Just that this particular document is not the smoking gun.
What If i told you in that report in which "17 agencies all agreed that Russia did it", one agency only had moderate confidence (50%~ chance) and it was the NSA.
> has failed to consider these fairly obvious principles
No, but I think that those spreading these kinds of reports are intentionally masking the way that they are meant to be used in intelligence circles. This happened during the buildup to the Iraq war also.
My point is that the reports make those leaps intentionally in order to support higher order analysis. They are not meant to be taken as a distillation of all of the available intel.
> you can never be convinced of Russia's involvement
Not at all. But your use of the word "involvement" is a great example of insinuation. What does "involvement" mean in this case? I'll take a stab at it:
- Russia is a geopolitical adversary to the US (check)
- Russia and the US are engaged in a proxy war on several fronts and have been for decades (check)
- Russia and the US both undertake various mischief campaigns against each other and have since the cold war (check)
- Russia and the US both have at least two distinct offensive and defensive capabilities... one being cyber "warfare" and another being cyber "mischief". (check and check)
I agree on all of the above. I think many of the people who are up in arms about the Russia story did not believe the above until quite recently, yet it has been the case for a long time.
The appropriate analysis is to consider whether Russia actually thought it would impact the outcome of the US election, or if it intended to merely create mischief and chaos/mistrust. Clearly the latter is true per the history between the two nations and is consistent with the ongoing mischief campaign.
A deliberate effort to hack election machines, trigger power failures in hospitals, or any variety of more severe attacks crosses the line from "cyber mischief" into "cyber warfare".
What we're seeing is the anti-Russia hawks seizing upon the mischief and trying to make it seem like a cause for war. Don't forget that many have been vehemently trying to get the US to use force against Russia for quite some time.
Thus, the key evidence that is needed to escalate Russia's "involvement" from routine mischief and turn it into something akin to "warfare" is the hard evidence of intent to harm infrastructure.
While spear phishing voting machine companies may signal intent to conduct a Stuxnet style attack on US electronic voting machines, is spear phishing really a nation-state level attack approach?
Clearly, unless "The Russians" had far better predictive models than American statisticians, it would have been utterly foolish to undertake an attack that would personally tick off the sure-thing presidential candidate.
So I think that proof entails both a clear delineation of what sort of behavior/mischief is actually abnormal or asymmetric, and the notion of what constitutes proof of intent to escalate.
One thing I find weird about people who are obsessed with the Russia scandal is that they seem to believe that if "involvement" is proven, it's over for the trump administration.
I really don't understand that at all because if we want to get real, the OPM china hack was bigger than most of the things being alleged at the moment by stealing the database of everyone with a security clearance and yet, not a peep from anybody.
It would seem if you were consistent about cyber threats, these people yelling for sanctions on Russia should be yelling for sanctions on China as well.
The difference between these cases is that even considering everything that is wrong with US administration, it is just not comparable to the Russian. People (and institutions) have a track record, and there's no principle in logic that prevents me from using that record to evaluate their trustworthiness: What you call an ad hominem, I call bayesian reasoning.
For example: It was, until this administration, extremely rare for the US government (the executive, to be precise) to lie to US-based press. They'd deny to comment, or say something that was meaningless when examined closely, or tell you to ask X (who will deny to comment). But, contrary to common believe, it's extremely hard to find examples for them straight-up saying A when knowing that it's really B.
It was, until this administration, somewhat rare for the press to _knowingly_ publish nothing but lies, and yet here we are. CNN (!) got caught on camera the other day stage managing a "Muslim protest" for the news. That's something that would cause a massive scandal just a year ago. These days everyone is so used to it no one even noticed.
This is another trend we are seeing -- so-called "fact checkers" claiming something is false because the most ardent reading of a specific claim, or maybe just a comment left by a troll in the same page -- isn't completely true.
"But nothing suggested that CNN “staged” the demonstrations to any extent greater than engaging protesters, directing their positions, and asking them questions as part of a news segment."
So it was staged, but not "really staged"?
This is like the fact-check where Trump precisely and accurately quoted a decrease in the national debt, but Politifact still checked it as "mostly false".
That aside, I don't see how it's rated false. Just because they claim "well this is how we do things" doesn't make what they have been doing for years any less fake.
I understand they didn't go out, pay some actors to hold some signs up but the scene itself was created and crafted for the TV and in my opinion that's fake.
The media is supposed to be informing the public, when you start using tricks to an attempt to hoodwink your audience into your narrative that's the opposite of informing the public.
All they had to do was point out either that they brought a few protesters over from the main protest to show you them specifically, or maybe a better idea yet, just go to the protest and turn the camera on so we can see what is actually happening, not what they are staging for us.
Can you describe how rare do you feel it was for US officials to straight up lie on or off the record? Also based on what data did you make this assessment?
I can recall of a number of occasions during the Bush and Obama era where high-level officials were caught lying, sometimes in public testimony. And I don't even have any data points for Russia because we don't get their official statements on our news so I don't even know how I'd compare. How did you get both sides of the story accurately enough where you feel so confident in your beliefs?
No, a statement is not evidence no matter how much you want it to be. A _sworn testimony_ of a _witness_ is evidence. But there can't really be any witness here, unless the person on the other end was extremely careless. So you get a bunch of hot air and unsubstantiated allegations which will never go anywhere.
This is not a PR document, it is a (leaked) internal classified NSA intelligence report. It was presumably prepared by NSA intelligence analysts, who are experts in analyzing intelligence.
go read her social postings, she wasn't thinking clearly as its pretty obvious she was acting irrational hatred of the current administration. people like this are easy to spot, how in the hell do they get clearance? how do they keep it?
Seriously, go read her twitter. That's what gets my tinfoil hatting. She sounds like a mid-range bot. Her account runs from Oct 2016 to Feb 2017. She only has one mode and its Trump sucks.
I have too many theories, but first we need to figure out if there is such a person: That's right, I'm questioning Reality.
There is a plausible narrative that she hates the Administration so much that she specifically found a job with access to top secret documents with the aim of disseminating them.
Although you would think that when applying for a job that requires security clearance (even though she already had clearance), you would at least try to scrub your history, at the very least, you'd remove your retweets of Edward Fucking Snowden and Iranian politicians.
Did anyone do even a cursory check of her social media? I thought that's what most employers did these days before hiring people.
Nah. I think she was careless on purpose. Imagine if she transferred it using encryption and Russia got ahold of it, and then claimed she gave it to them. I think she wanted people to know so that she could claim that she was doing the right thing.
That would be unbelievably stupid. It's not like in DOJ anyone cares if she "did the right thing", they'll put her in the slammer all the same. Not even Hillary Clinton would get off scot free after something like this.
> That would be unbelievably stupid. It's not like in DOJ anyone cares if she "did the right thing"
A jury (with nullification power), in principal, might (as might the electorate who choose Presidents who have pardon and clemency power); if you aren't going to flee to avoid capture and aren't confident of your ability to evade the counterintelligence services in the long term, compromising your ability in the short term to improve the optics of the event may not be completely irrational, even if it is far from guaranteed to pay off.
You sound like someone who's never been on a jury. Jury gets very exact instructions from the judge before it makes a decision. In these instructions judge interprets the law in a way that the jury will understand. She doesn't tell them how to vote, but in a clear cut case like this one someone who has been selected for impartiality will almost certainly make an accusatory decision. Jury is not a get out of jail free card.
> You sound like someone who's never been on a jury
I've not only been on juries, but studied them. Nullification is a thing. It's quite rare and unlikely in the specific circumstance at issue, but that's already factored into the discussion in the grandparent post.
Senator Mark Warner publicly commented today that this is not the full extent of Russian attacks. She has succeeded in opening national high-profile public discussion on another aspect of Russian attacks on our election.
But it also begs the obvious question, has TheIntercept been compromised by one of the alphabet agencies? Could it have been intentional on TheIntercept's part but done in a way that gives them plausible deniability? Does seem interesting that TheIntercept isn't treated like Wikileaks for essentially doing the same thing, especially seeing how they're a domestic organization.
The yellow dots thing was certainly a mistake on their part. But there's a much bigger issue I haven't seen anyone point out yet.
One thing that the Intercept--and Glenn Greenwald in particular--have been very critical of is news organizations that blindly publish leaks as verified facts. Here[0] is just one example where Greenwald writes:
> THE WASHINGTON POST late Friday night published an explosive story that, in many ways, is classic American journalism of the worst sort: The key claims are based exclusively on the unverified assertions of anonymous officials, who in turn are disseminating their own claims about what the CIA purportedly believes, all based on evidence that remains completely secret.
Now, in this case they at least have a document, which they verified was a real document created at the NSA. But even the Intercept's own article[1] admits:
> A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
So, are they living up to their own standard here? I don't think the answer is black and white. But I am certainly tired of hearing all this talk without seeing the technical details.
If the U.S. election system was hacked--even just one voter registration company--the American public deserves to get the details. Period.
What were the IP addresses used, and what ties them to Russia? What does the malware actually look like, and has it been seen before? How was this whole thing discovered?
For now, all we have to go off of is what the NSA says may have happened. That it was a leaked document doesn't make it any more revealing than if it was a phone conversation with another unnamed official.
How does the information you're describing (IP addresses used, ties to Russia, malware shape) help the average American if disclosed publicly? Because the harm seems immediate: bad actors will change their tactics and burn their channels, making them harder to detect, trace, or understand.
Given that the average American barely understands what a computer virus is, is the level of technical detail you're calling for sensible for public dissemination?
I think it's also informative to look at how attribution was viewed in the past. We as a tech community used to almost pride ourselves on our skepticism, as can be seen in this Bruce Schneier post[0] on Stuxnet.
In the post (written in 2010), he points out that attributing Stuxnet to the US Government is "almost entirely speculation", that ties to the Bushehr nuclear power plant were "rumors" at the time, and that "Once a theory takes hold, though, it's easy to find more evidence".
It took years months of more research, technical similarities to the Flame virus, video of an Israeli intelligence official joking about the virus, and much more before the tech community accepted the theory that Stuxnet was a US Government creation.
I'm not saying there's a perfect solution, but surely we as a tech community have lost our skeptical tone and no longer see it as important to question the government's technical claims as we once did.
I have a feeling if the roles were reversed, and it were Trump crying foul about Russian hacking, that's exactly what we'd be doing.
Isn't the Stuxnet story actually a good example of the tech community maybe taking their scepticism too far?
I'm also really sceptical of what, if anything, the government could provide as evidence that people would accept. If the evidence is technical, that doesn't only prevent non-technical people from evaluating it. It also means it's susceptible to being called "fake" when it isn't.
Say, for example, the NSA has log data from a bunch of switches across the world, and maybe the Russians also tapped into a few honeypots. All the NSA then has is IP addresses and other system logs–all of which could easily be faked.
Concerning your last point: Yes, we would treat the reverse different. And there's nothing wrong with judging some information by their record: If I read something on a website that open 6 pop-ups for porn, and that I have never seen before, I'm going to trust it less than the New York Times, which has, contrary to popular myth, an excellent track record of trying their best and making it public when they fail.
If it ends up that the government doesn't release the evidence because "our methods and the public is too stupid anyway" then we are heading for some incredibly dark times.
One thing people forget to mention about the FBI director 10 year term is that it wasn't put in place in order to have a director serve over a long period of time (somewhat like the SCOTUS) but to prevent somebody from amassing so much information and power that they can blackmail anybody.
That was decades ago, we now have agencies like the NSA who have far more information on people and if we are going to top that off with allowing them to make claims on wrongdoing without having to disclose actual evidence I just don't know such power could be kept in check.
Going by what we've seen so far (Crowdstrike report), the malware looks like an old copy of some freeware called P.A.S. and the IPs were mostly Tor exit nodes.
I wonder whether NSA uses syntactic watermarking[1], imperceptible changes to word order or sentence form, keyed to the user accessing a document. This, or other techniques of embedding a fingerprint in the text itself, would allow a leaker to be identified from just a transcription of the document.
What is the right amount of fuzzing for a news organization to perform on leaked documents, to protect a source while providing credible evidence to support a claim?
Meral, H. M., Sevinc, E., Ünkar, E., Sankur, B., Özsoy, A. S., & Güngör, T. (2007, February). Syntactic tools for text watermarking. In Electronic Imaging 2007 (pp. 65050X-65050X). International Society for Optics and Photonics.
Considering the NSA is an intelligence agency, arbitrarily changing info in intel documents could have serious potential repercussions. I'm thinking they wouldn't unless it was part of a counter-intelligence operation.
> What is the right amount of fuzzing for a news organization to perform on leaked documents, to protect a source while providing credible evidence to support a claim?
Maybe paraphrasing the key points or claims of the document would be the only safe way.
That seems entirely possible, although considering the scanned classified report also contained printer watermarking that identified the printer serial number, it also seems unnecessary.
Have we learned nothing about the NSA's tactics? The Intercept publishes reporting that they would rather not have been printed, and the very day the DOJ unseals charges where they try to say they learned about the leak from a paper crease from what can be reasonably inferred to be The Intercept. Meanwhile the alleged leaker allegedly used her work computer to contact The Intercept (in contradiction with their recommended best practices).
It has all the appearances of the government trying to smear a news outlet and ensure no one leaks to them again.
Do we still really trust the NSA? It was disappointing yet expected from the WaPo that they took as fact everything the DOJ alleged about how the case proceeded.
I don't think The Intercept has much responsibility here at all. In my opinion, in their role as receivers of leaked information, they should verify the information provided to them and decide if it should be released to the public. Sure, they shouldn't reveal their source and The Intercept met that requirement by insuring that they themselves did not know the leaker's identity.
Anyone who is thinking about leaking anything classified only needs to spend thirty seconds typing "Snowden" into Google to find out what happens when the federal government identifies the leaker. They then decide if it's worth the risk and how much time they will spend on covering their tracks. In this case (if true) it sounds like Reality Winner decided that they simply couldn't cover up their leaking and threw in the towel.
Much has been made of the watermarks on laser printers, we've known about those for a long time. Not everyone is aware but it's the sort of thing you can find out about if you put in time to do the research. After doing my own research, it doesn't seem like these watermarks really came into play; the NSA simply looked up everyone who had accessed the document and inspected their workstations for clues.
> the NSA simply looked up everyone who had accessed the document and inspected their workstations for clues.
The FBI doesn't mention the watermark in their affidavits, but they do mention that The Intercept gave away that the document had been printed and mailed from Augusta, GA. That allowed them to quickly zero in on Winner. The only "clue" on her workstation was that she had e-mailed The Intercept asking for a podcast transcript months before. In other words, she knew The Intercept existed.
The Intercept burned her.
I'm not doubting that the NSA would have figured out the source eventually, yellow dots or not, but I think it's a fair criticism to say the Intercept did not have to publish a picture of the document in full, instead of transcribing the contents.
I disagree, if the Intercept values leaking things the public deserves to know (their whole raison d'être), they need to do better.
Bear in mind, The Intercept is likely more aware of anti-leaker strategies than most of the people they are hoping will leak them data. If they're going to encourage the act, they should do everything possible to help their sources protect themselves, and do diligence on anonymizing everything they get even further.
No, Journalists need to ensure the confidentiality of their source by all means. Simply releasing the info would consitute negligence. They have a duty to protect those who risk their life or freedom for the public good
There's no evidence that it was The Intercept's actions that caused her to be found. I agree that they should be more careful (they should _always_ be more careful), but there are many ways the source could have been found independent of the newspaper. Regardless, the government has many incentives to claim that it was The Intercept's deficient opsec that caused them to find the leaker.
There really isn't much you can reasonably conclude about this. Is the government lying? Is The Intercept incompetent? The only thing you should remember is that if you are going to leak documents you need to do as much as possible while they are still in your control to hide your involvement. Once you send them off, your fate is in the hands of others.
For NSA documents classified "top secret" they don't just watermark when printing, they watermark the text. How do they do this?
For NSA documents classified "top secret" they don't just watermark when printed they watermark the text. How?
They can also sprinkle typos:
For NSA documents clasified "top secret" they don't just watermark when printing, they watermark the text. How do they do this?
Another option: They'll include meaningless "extra" information after the text such as a glossary or word definitions or even just something that looks like background info copied from Wikipedia.
Of course, it all depends on how the document was obtained. The systems that modify texts in this way aren't used everywhere.
Yes it certainly is. The Intercept should have taken such precautions, but it's not very smart to assume that they always will take those precautions. If you want to be safe as the leaker, you'll have to either do that sort of thing yourself or communicate with The Intercept to make sure they will. Point is that you cannot really control how much caution third parties will take with your documents.
But like I said, the government has every incentive to make us question The Intercept's competence in these matters even though there are many ways the government could have found the leakers. Leakers _should_ be worried about these sorts of things, but we as the general populace should realize that this is perfect opportunity to make The Intercept look bad and to deter future leaks.
I'm not really sure what argument is failing. I'm certainly blaming the leaker for using bad opsec (sent emails to The Intercept using a work computer). I'm also certainly blaming The Intercept for using bad opsec. I'm also pointing out that the government has every incentive to act like it was The Intercept's bad opsec that allowed them to find the leaker even if they, for example, found who it was by just looking at access logs for the document.
Yes, but there were only six who printed it to begin with. I'm inclined to agree that the Intercept shouldn't have shared that information with the contractor, but it's not at all clear that the leaker wouldn't have been found anyway.
How does the FBI know it was printed? Because the Intercept told them. It could have been screenshots from a phone. It could have been downloaded from some hack. The number of people that viewed a document is going to be a superset of the number of people that viewed and printed a document. And if they're worried someone could access the report outside of their controls, then the set gets even larger. The Intercept only needed to disclose some content and the intelligence report number to get confirmation. Instead, they gave away how they got the report (printed), narrowing it to a set of six, and then they gave away the postmark, narrowing to a set of one. The Intercept burned their source.
That article contains the following "evidence" claiming this is how the leaker was unmasked:
> Armed with this evidence, the NSA was able to quickly determine who had printed the document by checking audit logs.
So no I see exactly _zero_ evidence in that article that this was the method used. If you have any other article that has such evidence, I'm all ears.
Of course you're correct that The Intercept should have taken more care in this matter, but that doesn't mean that this was the reason why the leaker was found. The leaker should also have been a bit less amateur (e.g. not communicating with The Intercept on a _work_ computer).
Do you think the NSA wouldn't have checked access logs and the emails if not for the scan? The difference isn't between getting caught vs. not, it's between getting caught in days vs weeks.
But also caught with irrefutable proof. The printer and job time can be tracked back to her precisely. With that in hand, there is absolutely no doubt that leak came from her (she intentionally shared), or through her (she printed, but someone else shared, with or without her knowledge).
In a situation like this, you as the leaker have a lot more to lose than whoever you're leaking to.
In that situation, I'm sorry, but the responsibility for protecting your identity is on you. Anonymize the data. Do not leak something that only you would have access to. etc, etc.
Because unless you're leaking to Infowars, you have to expect that a legitimate journalist will present your data to the organization from which you leaked it to, and request comment.
Snoweden did everything right, and it still wasn't good enough.
> Snowden did everything right, and it still wasn't good enough.
But Snowden's whole strategy was to be a public figure. He fled the country and had a documentary filmmaker record the handover of the documents. It looks like Winning was hoping to remain private and had no idea what she was doing.
We don't really know, it might have been good enough.
> Snowden's identity was made public by The Guardian at his request on June 9, 2013.[97] He explained: "I have no intention of hiding who I am because I know I have done nothing wrong."[20] He added that by revealing his identity he hoped to protect his colleagues from being subjected to a hunt to determine who had been responsible for the leaks.
I think everyone would agree with that. The question then becomes: did The Intercept not follow best practices here? Once again, there is no evidence and any "yes" answer relies on trusting the NSA/DOJ.
They did not. They told a government contractor that the document had been printed and mailed from Augusta, GA, who then reported it to the government. That's what got her, microdots or not.
You can read the search warrant at https://www.buzzfeed.com/stevenperlberg/a-federal-government..., which is more complete than the arrest warrant. Just read paragraphs 12-19, which cover the relevant probable cause. If the FBI don't know how it leaked (printed) and from where (Winner's home town), the case becomes extremely difficult. Instead, they had so much that she just confessed when they showed up.
She signed up for an email subscription from her personal gmail, on her work computer.
That would certainly have been enough to raise her superiors' hackles when discovered, but the result would have been her getting fired, not indicted.
The bottom line is having a personal subscription to the Intercept was not ever going to be enough to build a case against her. You repeating that claim is victim blaming, and more importantly, wrong.
Exactaly right. You should assume, especially in an environment like the NSA, that your internet browsing and email correspondence is being monitored and certain hosts and suspicious DNS will trigger something.
I've worked at far less security concerned companies that monitored all network traffic going and out and logged it and continually were looking not only for internal nefarious behavior but for possibly viruses, worms, etc.
To be clear, she contacted The Intercept from her work computer for something entirely unrelated. (Which is still not smart, but not as bad as people are implying)
That's an important distinction that gets lost in the vaguery of the sensational journalistic rhetoric. To me, the evidence trail presented sounds like one of those post-facto explanations the FBI concocts in order to preserve their true secret methodologies.
I'm not sure I understand. There's a woman actually in jail awaiting charges over this. You're saying the NSA has a sacrificial agent to take the fall? That they're faking the whole judicial process? That they somehow induced a contractor to steal a real document and leak it to the paper they wanted it leaked to?
I'm all for a good conspiracy theory, but you're going to have to spell this one out better.
I think tanderson92 is claiming that the source was actually identified via other methods, so the material provided by the Intercept played no role in identifying the source. Hence the Intercept did not accidentally reveal their source but is being portrayed as such in order to discourage people from leaking to them.
Personally, while that scenario doesn't sound impossible I think the likelihood is being overstated due to motivated cognition: if you like the Intercept you would like to believe they did nothing wrong, but in reality people do make mistakes.
I don't make any particular claim about how the government identified the source. They also have access logs and apparently only 6 people accessed the document.
I do think that The Intercept bungled this in not stripping the watermarks; I don't shield them from criticism even though I value their reporting. But I do not necessarily accept the government's version of events. Parallel construction is not unheard-of.
> I don't make any particular claim about how the government identified the source. They also have access logs and apparently only 6 people accessed the document.
Thanks for pointing that out. I've edited it to simply say "via other methods", especially since other comments say the source did not directly send the info via her work email.
> I do think that The Intercept bungled this in not stripping the watermarks; I don't shield them from criticism even though I value their reporting. But I do not necessarily accept the government's version of events. Parallel construction is not unheard-of.
If the Intercept did make the mistakes they apparently made (if not they're free to deny it), does it matter whether or not the parallel construction theory is true?
Not that I have any idea what actually happened but hiring someone at a low level, who seems kind of unreliable, allowing them access to something who's leakage you might not care about, letting everything play out the way it did, seems like something a spy agency would be reasonably adept it.
The women was a contractor, not an agent, so they aren't sacrificing someone they've invested in. etc
So given the choice between "News Site Messed Up Protecting a Source" and "The Whole Thing Was Orchestrated By The Spymasters", you're refusing to make a call because... "who knows?"
I mean, if that's the level of detachment and rationality you're going to apply here... why stop at a mere egg-on-face moment for The Intercept? Surely the NSA could be applying those powers for something more juicy.
And so the top comment on this HN thread is more or less a content-free distilled expression of rooting interest. NSA bad, Intercept good, what more do you need to know?
Excuse me? Your characterization is far off the mark, and your snark unappreciated. I was simply remembering that the government can and does lie, and that there we should remember the interests of the parties involved. It's not content free to observe this fact and to stress what we do and do not know.
If I had to change anything it would be the fact that they only signed up for an intercept mailing list using work email, not direct contact. I regret the error, I was going off what I read yesterday.
One can be snarky while very serious. I didn't even realize until looking it up that "snark" is a portmanteau of "snide" and "remark". One can be seriously snide.
Anyway I'll take the lack of substantive criticism of my point and critique of form as a point of pride.
We're talking about the FBI, not the NSA, and court documents.
> Meanwhile the alleged leaker allegedly used her work computer to contact The Intercept.
This really should be ignored. The FBI included it as probable cause for their search and arrest warrants, but she had e-mailed them asking for a podcast transcript months earlier. As far as leaking, she mailed the document to them and had no electronic communication at all. The Intercept blabbed that it was postmarked Augusta, GA and was printed, which is what gave her away. They screwed up and if they want anyone to feel safe leaking to them again, they need to own up to it and describe how they are going to fix their procedures to protect their sources in the future.
Why do they need parallel construction when The Intercept narrowed it to a single person (printed and lives in Augusta, GA)? I'm going to restrict my conversation on this topic to the reporting and sworn testimony.
I'm not shielding The Intercept from criticism. But the reporting is based on what the DOJ wanted released and I do not share your trust in what they say.
You are shielding The Intercept from criticism. The Intercept has not countered the DOJ testimony or any of the other reporting on this. The FBI has sworn that these things happened. So let us think through the counterfactual that you're proposing: The Intercept didn't burn their source and the FBI lied to a federal judge on a warrant application. In that reality, the Intercept would immediately publish a story about how the FBI lies to federal judges. Not only would it be a huge blockbuster, but that search warrant would be fucked and the search (during which she confessed) would be inadmissible. Not only do they have a huge story, they got their source off!
Instead, they released this chickenshit statement that tries to cast doubt on the testimony without actually disputing any of it: https://theintercept.com/2017/06/06/statement-on-justice-dep...
So, it looks like we live in the reality where the FBI didn't lie on a warrant application and The Intercept burned a source.
I have not proposed a counterfactual, contrary to what you allege. I simply do not automatically trust what the DOJ believes simply because the FBI swore to it in an affidavit. The government lies.
Seriously seems like this was a whistleblower with a legitimate concern for the American people. Maybe she was careless on purpose. If you know you are going to get caught, might as well make your trail obvious so that you can claim that you are a whistleblower.
How is that she was a whistleblower? The US government wasn't breaking any laws and, for all we know, the evidence she had may be part of the ongoing investigation into Russian interference in the election.
People shouldn't necessarily trust the Washington Post either, who is beholden to their sources in the NSA.
The Washington Post covered Snowden's leaks of unconstitutional actions by the NSA, won a Pulitzer Prize for the coverage, only to then stab him in the back and call for his prosecution.
> The Washington Post covered Snowden's leaks of unconstitutional actions by the NSA, won a Pulitzer Prize for the coverage, only to then stab him in the back and call for his prosecution.
I've heard speculation that the change in attitude was tied to regime change at the Post in the wake of the Bezos acquisition.
This sort of conspiracy mongering is below the HN standard of discourse.
Amazon doesn't own WaPo, Jeff Bezos does. A $600 million 10 year contract for a private cloud is a tiny fraction of AWS revenue (some $15 billion per year), let alone overall Amazon revenue. It is in no way a sweetheart deal that would require Bezos bend over backwards, let alone undermine the integrity of the news organization for which he paid $250 million out of his own pocket.
Yes, or maybe no. It doesn't really matter, because this is just one of many battles being waged in the current cyber-war gripping our lives.
I mean, we have to just see it in the larger context: there is very definitely a war going on among various, nefarious, otherwise, or indeterminate, hostile parties.
It seems that if we must dismantle the military-industrial state, it is going to be through info-wars. The key targets are all secrets. (Curious that both sides seem to want the same thing though, i.e. "the info wants to be free", isn't it?)
I'm curious: If there is a war going on, did this leak help or hinder? Which side did it help or hinder? Who benefits from this leak, and who is harmed?
I have a sinking suspicion that the average American, for example, isn't benefited by this leak.
I dunno how we can quantify "Americans being benefited" in light of what these leaks are revealing in the global context, but I sure don't like it, living as I do, under either a velvet glove, or an iron one, depending on which side of the wall I happen to decide to visit.
But, I do think that these leaks are good for everyone, not just Americans, and that is why they need to happen.
But practically, what would you do given the information divulged. Hackers gonna hack, that's known. Does knowing Russian agents attempted a hack cast them in worse light? No; we already know Russia isn't a close political ally of the US. What details of the hack do is tip off the Russians to burn their channels and methods and complicate the NSA's work in protecting American digital assets from further attack (as well as, depending on what secondary information can be gleaned from the hack based on what the Russians know, compromise the NSA's own back-channels and espionage approaches to understanding what Russia's spy operations are doing).
There's a difference between the leaks Deep Throat provided ("Your President is a criminal") and the leaks allegedly executed by Reality Winner ("Russian spies are spying, as Russian spies do"). A failure to distinguish qualitative nature of dumped information weakens both the future security of leakers and the overall philosophy that more transparency is a good thing.
This story has the danger of cyber-fatigue'ing the general public, but it has the potential to forward a number of positive aspects in the war against warfare-criminality-because-secrecy, on either side of the argument: Pro "Pease with Russia, At All Costs", or Con "Send Russkie Hacker UP The Bomb(s)".
These leaks have value, because they continue to forward the narrative in the general public, and the centres of true power, though weakening: mainstream/middle-class/entitled-/privileged- consumers who can Do Stuff™ to change the power structures behind this big military-industrial mess.
If we hold one thing in place: Pease with Russia, we must assume that there are parties who want this, and parties who don't. Oh, sorry, I mean "War With Russia", which is what this is all really about.
I'm curious: If there is a war going on, did this leak help or hinder? Which side did it help or hinder? Who benefits from this leak, and who is harmed?
Do the answers to these questions matter if the war continues regardless?
Yeah I think it's basically guaranteed that this is what we would hear regardless of how they found the leaker. Maybe this method was used, maybe they looked at printer looks, maybe they looked at access logs to the document, etc. Regardless, they _say_ that the problem was The Intercept's handling because there is no way to verify it and it makes them look bad. Really this news should be taken with a grain of salt.
That said, the important thing for any leaker to do is to try as much as possible to obscure any links they have to the documents before handing them off to third parties even if those third parties are supposedly trusted (because once you hand the documents off, you are no longer in control).
>Really this news should be taken with a grain of salt.
Something I think is valuable in this leak is the fact that the general public will be better educated that in fact their printers are capable of tracking every single thing they print, and there is no really, truly, anonymous personal printing any more.
I hope the blahgosphere will pick up on this and that we see Stories targeted to the normals that explains these sorts of things to them. Grandma may not care too much about her phone being listened to (after all, it was always so, to her at least..), but if you explain to Grandpa that there is a secret code that will tie every single printed sheet back to his house-hold, well, that may raise a few shingles ..
> The methods presented in this paper have many applications in law enforcement such as tracking, counterfeiting, and child pornography. The downside is that they provide a mechanism for a simple device, a printer or a digital camera, to spy on its user. A typical user cannot turn off these signatures, particularly the intrinsic signature, without very detailed knowledge of how the device operates. This could have dire consequences for many important uses of these devices in our society. For example a whistleblower who would like to share documents with a regulatory agency could be in danger in that their printer could be identified as the one that produced the documents. [1]
Prophetic words from a 2008 paper (PDF) [1].
This paper may be duplicate information, but reading this paper impressed upon me how many more ways there may be to spy on people than I could imagine (and I know about some existing things like side-channel attacks... how do I spy on thee? Let me count the ways.)
So don't register your printer with the manufacturer, folks; the serial number may be on every page it prints. Ditto for digital cameras.
Then again, is fighting for digital privacy a losing battle when at every turn, there are deliberately hidden bits of PII? Pun intended.
I'm not clear on what the motivation for this 'leak' would be. Is it morally reprehensible for the NSA to withhold this information from the public? Was the NSA doing something illegal by withholding this info?
If the only actionable information leaked is politically charged or simply falling within the established/mass media narrative, is it wrong to suspect this 'leak' is disinformation?
Really? All kinds of motivations are easy to imagine, but the reporting about the leaker herself indicates that she maybe just did it for political reasons (ie- she is Anti-Trump).
But given the response and the constellation of corroborating info from various sources, it seems pretty reasonable at this point to presume it is NOT disinformation. It's almost certainly not a complete picture of what various parties know and it's likely a snapshot of an evolving knowledge base (ie- the broader intelligence community's knowledge of what was going on before and during our election).
But the presumption that it is not 'false' information should be pretty solid by now.
What I find interesting is that the email from the Gmail account on the work computer was able to be intercepted and logged. What mechanism might they have used, an SSL proxy with a pre-loaded root certificate? How long is this data logged?
How long would the National Security Agency keep copies of the internet sites visited by contractors with access to classified reports while inside secure facilities?
How long until the protons in the backup tapes decay?
Yes, that's pretty standard fare for a corporate firewall/proxy. Most configurations don't log everything, just traffic matching particular patterns or hosts. But when it's the NSA, who knows how much they retain.
> pretty standard fare for a corporate firewall/proxy
It is? So corporations install something that infects your laptop and updates the root certificate every time Chrome or Firefox updates? Sounds extreme to me. Something the NSA might be able to do, but hopefully not my company.
It is and they do. You'll find many historical threads here discussing cases where interested parties were actively campaigning to thwart anti-MITM measures being added to TLS, because they broke their MITM attacks that their businesses depend on.
Nope, you can install additional certificate authorities in the system keychain on Mac, which Safari and Chrome both use. Commonly done on managed installs.
Other applications on mac/linux that use their own keystore like OpenSSL or Java will throw cert errors if you don't also install the CA in their keystores, but that could be scripted as well if it causes too much friction for users.
If you're in such an environment, the options are either install the CA or don't use anything that requires HTTPS ¯\_(ツ)_/¯
I think the real fuckup is including in the article the method for IDing a Russian agent - registering with a personal phone number. That's the kind of mistake that could have been made again, but now probably won't be.
On the whole I think this information needed to get out. There were reports of people all over the US being dropped from voter registration rolls, and now proof that the Russian military targeted voter registration companies.
Not having your crew do things they would perceive as morally reprehensible is a fantastic start. Aside from that, providing an environment where they can disclose and/or discuss their issues with you would also work well.
Any other measures of "putting a stop to it" will only make it worse.
As an older worker, I'd say the mistrust issues of younger workers are entirely justified. If that is a problem, corporate management is hoist on its own petard.
If you wanted Gen Y to trust you, you should have treated Gen X better--or at least hidden the mistreatment better.
As for the entitlement, that's probably on their Boomer parents/grandparents. You could shove them down and kick them in the teeth until they become bitter and jaded, just like Gen X. But then you're back to the trust thing again.
So if I may humbly suggest, start treating your older workers better. First, have some to treat better. Then, give them back all the crap that Boomers once enjoyed, but which later got stripped from standard employment arrangements, like actual vacation weeks and sick days, longer-term employment contracts, career ladders without important rungs missing, viable retirement plans, job security, etc.
The younger workers were born into the networked world. They rely on friends and family to judge your company's reputation. And the source of that reputation is largely going to be people that worked for you in the past. Those older people have all been screwed by their employers in one way or another. Kids are usually naive, ignorant, and inexperienced, but they aren't stupid. They see what happens to uncles and cousins and friends of their parents.
Sadly, there's not much an individual manager can do about any of it. Those young workers are coming in expecting to get stabbed in the back, and one day, your CEO or Head of HR will call a meeting and issue you your knife--or maybe your axe. Those kids know it's coming; they have seen it happen over and over again to other people. So maybe validate the mistrust, and admit that the company doesn't care about them. Let them know that the one and only way to keep a job is to be productive enough to pay their own wage, and then some, and that everyone should plan to eventually jump ship near a port, before the captain gets the chance to throw them overboard in the middle of a crossing. Recognize that a mercenary attitude puts self first. That makes the manager's job harder, of course. Why should a mercenary work any harder than necessary to earn the paycheck?
I would (as a non-manager) use discretionary cash bonuses to reward good employee behavior, with intermittent reinforcement. Cultivate trust in you, personally, rather than trust in the company. Punishments and the threat of termination simply won't work. Just put everyone on a secret carrot schedule, and when it comes time for the next reward, set up a plausible reason to hand it over.
Trivial fun OT fact: a petard is an archaic word to describe a bomb or similar explosive device, so it would make more sense to write "hoist by its own petard", i.e. blown into the air by its own bomb.
I like to check on the kind of social circle they maintain. Loners generally don't get what it takes for a group to come to consensus about the grey stuff.
Don't handle them. Regardless of age. Pick out the worst and get rid of them. You may find the troubles with the others diminish.
Being fired once or twice in life is a character building experience. It often makes you re-assess your worth and take work more seriously. And later, as a person becomes (potentially) a manager, they realize the ego crush that is being fired and treat with respect, unlike "kid" managers who haven't been through the process and fire without understanding, sometimes for little more than an ego boost.
Also, removing impediments to the common goal is necessary for an organization to thrive.
Everyone eventually has to grow up. But it's a confusing world right now. There isn't anything to trust because we know so much more. And the school system has been preaching unrealistic pablum which gets under the skin after a bit.
Sometimes it takes a hard knock or two to understand the underlying nature of commerce and human interaction. Unfortunately, (like germophobe moms) we have made a bad habit of deferring these essential lessons thus weakening the ability to deal with the very real, very dirty world.
So for those two reasons, don't feel bad, don't try to fix and don't coddle. It won't work anyway.
Not sure were that was stated (or even implied) but since you ask, no, particularly with the modifier "anything other than".
We are born in blood. And we return to mud. That's the essence of our beginning and our end. Nobody likes this. So, we sanitize with (very important) abstractions. To make it so life is more than a reptilian struggle. To allow civilization, working collaboratively, a degree of security, care for the weak, all the things that make it possible to transcend the law of jungle and live beyond our biology. But the underlying reality doesn't go away just because we have abstracted on top of it. People sometimes forget why abstractions are important. Or, sometimes they forget there is a hard reality underlying.
The nature of the abstraction named "commerce" and the nature of the abstraction named "human interaction" is that of give and take. Not give and give. And both abstractions depend for existence on trust, on integrity, on honor, and on the willingness to part with something in exchange for something.
Point being, sometimes it takes getting down to primal gut level emotions to understand abstractions are abstractions, why they exist and how they relate to underlying reality.
Along with integrity and self sacrifice, respect is an important virtue that seems to be increasingly lacking. It won't be for long. These things will come back again because they are vital to any useful abstraction layer.
Says the person linking to "informationliberation dot com". Pot, meet kettle.
Sure her twitter profile is highly politically charged and should likely have made her unfit for clearance, but citing that as evidence that she should be institutionalized is ridiculous. She'd likely say the same about you given your proclivity for "informationliberation". Where does that leave us for discourse?
Have either of you been thru clearance? I have. They're really excited to know if you can be bribed with drugs or sex or simple money. If you have the politics of a typical college professor they're not terribly interested. The clearance process was mostly CYA, was this candidate dumb enough to say he'd sell secrets to the soviets for weed or cash to pay loansharks or kinky sex?
I've read this woman's weird social media profiles. What a nutcase. The systemic failure was in her direct superior not discussing some red flags that would be noteworthy at any other organization with HR and/or the police. Her boss is supposed to be having an awkward conversation with HR beginning with "So I've got this direct report, and in public she hates the CEO. And she's intensely racist, everything with her is all about race race race, and btw she bitterly hates the CEO's race, although she likes some other races. So she hates the race of some coworkers including the big guy, and she likes the race of other coworkers, and says this all in public which must be very intimidating to her coworkers. And she hates a couple entire countries include some that we have coworkers from which must be very awkward in the office. And she tweets out parodies making fun of the CEO, in public. And she denies and parodies the CEOs policies, and denies the CEO is the legitimate leader of the company, which makes me think shes not going to react rationally at all, if the CEO or anyone else in the chain of command disciplines or fires her, we're going to need security if not cops present. And she identifies her own race as being terrorists, which in an era of workplace violence frankly scares me, and she does this in public so her coworkers see her identify herself as terrorism race or whatever violent idiocy, and we're making an incredibly hostile workplace for every coworker who's not suicidal or martyr complex. She believes she's about to die from climate change or some nonsense, the specifics don't matter, which is super terrifying in the context of self identifying as being a terrorist, making me scared she's going to strike first perhaps. So, HR person, do we wait for her to go postal and shoot the entire office, or is there some kind of employee assistance plan for mental illness I mean if this can all be fixed with some pills she seems otherwise OK, or can we call security and fire her WRT the whole workplace violence thing combined with her bitter racism toward coworkers or the ethnic thing where she hates certain countries that we have coworkers in/from or ..."
I could probably be bribed with a comprehensive family health insurance plan, with no deductibles and low co-pays. Just putting that out there.
A simple cash bribe is a nice gesture, obviously, but really, you'd just be bribing my spouse or my kids. That's why I don't like getting cash or gift cards as birthday gifts. I appreciate the thought, but you know that's just going to get spent on electricity for the house, or a replacement AC compressor, or a tank of gas. A good gift is something that person, specifically, would want, but probably couldn't justify slipping it into the family budget.
So yeah, bribing me with the same kind of health plan that I got a taste of once, and then never saw again, would be so much more effective than a briefcase full of cash. A defined-benefit retirement plan might work, too.
But that works both ways. If my [loyal] employer were to bribe me in that fashion, I'd be nigh-unflippable. ...unless the ethics reporting hotline was useless and career suicide, I guess.
So I wouldn't say the systemic failure is in not recognizing warning signs and raising red flags. It's because so many decent people just don't want to work for certain parts of the government any more. That leads to lowered standards, just to meet staffing requirements. And then everyone has to get "insider threat" briefings all the time. Decent people want decent job conditions, including pay commensurate with the private sector, and benefits sufficient to raise 2.1 kids in a solidly middle-class lifestyle. Sane people don't want to work for paranoid employers. Stable people don't want to worry about going bankrupt from a medical emergency. Reliable people want to be able to plan out career and retirement. And above all, honorable people don't want to turn on their own neighbors.
How likely is it that an employee like the one you describe could have been selected specifically to burn Intercept? After all TFA is published in the official CIA press organ.
Well, I guess what I'm getting at is a clearance is top down CYA, like say I sold 72 M-60 machine guns to MS13 to pay off my gambling debt, and a journalist discovers in 5 minutes that I posted that to twitter before I got my job of working at the armory, and the journalist is going to ask the Commanding General of the post why no one noticed that before I got the job and did exactly what I said I'd do. So thats very top down outside agency approves you.
That's different from bottom up, a supervisor is supposed to handle (aka, fire from job) someone who spouts off about how proud they are to be racist, etc. Nobody ever asked a commanding general "how come you hired someone who flaked out and went nuts" "well, stuff happens". On the other hand its precisely the job of her immediate supervisor in a bottom up fashion to notice she's, well, gone nuts and is saying stuff that opens the company to hostile working environment lawsuits.
I'm not even commenting on her, uh, peculiar belief system, but the mistaken idea about how clearances work.
Clearances are a mix of pre-crime / CYA / shouldda known type stuff.
A direct report going insane in public is totally a supervisor direct report problem.
Clearances also vary a lot over time... 50 years ago the Soviets could bribe a gay guy into giving up secrets... today the gay guy is probably happily married and nobody cares so its no longer a clearance disqualification. On the other hand I can't imagine any scenario in the history of business where an employee stating in public that they hate the race of their CEO and some managers and coworkers would result in anything but firing, like forever pretty much everywhere.
Someday, after we stop punishing people for it, I imagine weed use will no longer be a clearance issue. How do you extort someone for secrets because they're a casual user of a cool legal substance? I suspect it'll never be acceptable in any workplace to ever say in public "I hate (some level of manager) because he's a (insert race here)"
He never said he was fit for a top secret clearance. Her Twitter profile should've been an instant disqualification from any sort of security clearance.
Nor did I say that the poster here was fit or unfit. I speculated about what two extreme opinion holders would say to one another.
My point was that polarizing the discourse and reducing the other side to "just came out of the psych ward" does absolutely nothing to further reasonable arguments.
Yeah, she shouldn't have had a clearance, but if anyone thinks her posts are particularly unusual, they haven't been following politics on Twitter this spring.
Either their methods work, and of course they should be secret, or their methods don't work, and it's unproductive to help them shorten the list of attack methods they try.
In this case, my guess would be fear that people would start distrusting these voting machines and, eventually, the election as a whole. Elections only work when everyone agrees the results are fair.
That said, I think that's an important story here. The infrastructure around these machines seems sloppy. The fact that there's no source code to read means they are black boxes we have to trust.
Personally I think that seeing a name like "Reality Winner" on a CV would immediately make me question the entire family's fitness to exist in society.
I can't help but feel a Zen-like sense of balance and bliss over this. An NSA contractor violated her employment agreement and the law in providing Top Secret info to The Intercept, who then published it.
The Intercept got a story published and is enjoying great attention (and ad revenue), and the guilty party was caught. Everyone can be happy.
"God’s in His heaven — All’s right with the world!" [R. Browning]
Something stinks here. Both WaPo and the NSA, who Greenwald has picked fights with, get to smear The Intercept, while we are supposed to bekieve the leaker has extreme incompetence (flagrantly incriminating herself while using a pseudonym), and meanwhile the public still has no evidence of the election tampering.
It's not like the Deep State didn't lie to the country to wage a war in Iraq not long ago.
As with every headline that poses a yes/no question, the answer is usually "no".
EDIT: I'm also unsure what the point of shifting the focus onto The Intercept's alleged "mishandling" of the leaker's identity is. It seems like a smear job meant to discredit a publication that the natsec community and mainstream media like WaPo dislike. It also removes the focus from the substance of the leaks and puts it on the "character" of the publication.
Except it sure seems like in this case, yeah, they bungled it. At the very least a total lack of awareness or care towards infosec to help protect sources (regardless of the fact that the lack of awareness extends to the source - I'd want a journalist to be better at this than I am if I were leaking information). [ The article doesn't mention this, but I wouldn't be surprised if these microdots, rather than "a crease" were the smoking gun: https://twitter.com/quinnnorton/status/871883733032415236 ]
> 14. The U.S. Government Agency [NSA] examined the document shared by the News Outlet [The Intercept] and determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space.
> 15. The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. These six individuals included WINNER. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet.
> 16. The U.S. Government Agency determined that WINNER had e-mail communication with the News Outlet on or about March 30, 2017, and March 31, 2017. The first e-mail was from WINNER, using e-mail address [redacted].fitness@gmail.com, to the News Outlet. In it, WINNER appeared to request transcripts of a podcast. The second e-mail was from the News Outlet to [redacted].fitness@gmail.com and confirmed WINNER'S subscription to the service. The [redacted].fitness@gmail.com account is a personal e-mail account not sponsored by or affiliated with the U.S. Government Agency.
Whether the 'crease' noticed by the NSA in paragraph 14 was actually creases or an internal code for microdots, if The Intercept was going to use this report there's nothing they could have done to protect this reckless source.
Could be an ordinary search warrant. Supposedly the Intercept also told the govt. that the document was mailed with an Augusta postmark. The postmark + being the only person to print the document in that city seems like reasonable basis for a search warrant, but I'm not a lawyer.
I agree the microdots thing was sloppy. At least degrade the image of the page, or better yet retype the thing before sending it on. However, being one of the few people who printed it off from work was pretty stupid and would have boned her anyway. At some point in her brain she should have reflected that she was going up against the NSA and stealing their top secret intel and that maybe just maybe the system kept track of who printed out the Top Secret stuff the POTUS's attorneys are sweating bullets over.
That said, if the dude gets impeached she will probably eventually be pardoned.
Are you saying that, having read the article, you think the answer is no? If so, having read the article, would you trust The Intercept to deal with a hypothetical leak by yourself?
Or are you saying "I didn't read the article, but the answer is usually no"?
I'm not sure how you can arrive at "no" here. Regardless of how you feel about the politics involved, if you publish information that outs a source you've "bungled" it almost by definition.
It seems clear they should've redacted the printer microdots - they're a known concern. It sounds like their source was caught in other ways, but that's not an excuse.
* The story is a huge black eye for the Intercept, makes it look like they are very inept.
* The leak is not really substantial, mostly analyst notes about an ongoing thing that's been talked up in the press quite a bit.
* The DocuColor thing is ancient as well: https://www.theregister.co.uk/2005/10/20/outlaw_printer_dots...
Maybe my tinfoil hat is on too tight, but this just has a funny odor to it. One might speculate that this is a calculated leak intended to discredit The Intercept, sow fear in the minds of potential leakers?.
If the comments on other forums are anything to judge by, there are at least two groups of paid astroturfers battling it out today.