Author Archives: Jeremy

Did the government get it right with Petraeus?

Commentators from both within the intelligence community (IC) and critics of the surveillant state have been unusually aligned in expressing shock that General David Petraeus has only been given a hand slap of a plea deal considering what classified secrets he leaked. Writing in the Daily Beast, Justin Miller and Nancy Youssef provide previously unknown details on what Petraeus gave to his mistress and biographer, Paula Broadwell:

While he was commander of coalition forces in Afghanistan, Petraeus “maintained bound, five-by-eight inch notebooks that contained his daily schedule and classified and unclassified notes he took during official meetings, conferences and briefings,” the U.S. Attorney’s Office for the Western District of North Carolina writes in a statement of fact regarding the case.

All eight books “collectively contained classified information regarding the identifies of covert officers, war strategy, intelligence capabilities and mechanisms, diplomatic discussions, quotes and deliberative discussions from high-level National Security Council meetings… and discussions with the president of the United States.”

That’s about a definitive list of precious “sources and methods” as you could wish to see enumerated. It’s not clear how much of this was classified (not all discussions with the President are classified) but by Petraeus’ own admission, it included codeword-level material, or TS//SCI (eg., TK, SI etc) usually described as “above top secret.” Codeword TK for example refers to Talent/Keyhole or spy satellite imagery which is so secret we’re not even allowed to know the capabilities of the cameras that take the pictures.

Marcy Wheeler, a well known expert in surveillance issues, didn’t hold back:

As a supine Congress sitting inside a scaffolded dome applauded Benjamin Netanyahu calling to reject a peace deal with Iran, DOJ quietly announced it had reached a plea deal with former CIA Director David Petraeus for leaking Top Secret/Secure Compartmented Information materials to his mistress, Paula Broadwell.

Not only did he affirmatively give these materials to non-cleared personnel, but he kept them in an unlocked drawer and a rucksack in his home. Petraeus also lied to the FBI about possessing classified material. Pretty bad opsec. China and the North Koreans could have saved a whole bunch of money just by hiring a couple of guys to break into his house. (Of course this is the guy who shared his Gmail login with Broadwell and left her messages in a draft folder so they supposedly wouldn’t be sent over a network, a dodgy practice familiar to both teenagers and terrorists.)

As numerous people have pointed out, this could be pretty bad for morale in the IC because of the premium placed on IC members to protect secrets. Naval War College professor John Schindler, who has labeled Edward Snowden a traitor, was left to tweet out examples of men who had died to protect classified intel:

(“Norks” is a pejorative slang term for North Korean.)

Just as critically, others have pointed to the unequal treatment meted out to others who either leaked far less sensitive and classified information, or who were also charged with lying to the FBI. These include Barrett Brown, John Kiriakou, and Jeffrey Sterling, who faces up to 20 years in prison for allegedly leaking details of a busted CIA operation to the author and journalist James Risen. (See his book State of War for details of Operation Merlin.)

Given the inequality in these sentences, that is, the lack of justice, we might well join in with the widespread condemnation not just of the sentence Petraeus received but of the man himself. Usually reliable IC defenders have been conspicuously silent (Overt Action, a blog run by former IC personnel, has not even mentioned the case except to denounce a leak that the FBI were recommending his indictment in February, this despite running frequent overviews called the Week in Intelligence–the latest was yesterday–of IC matters.) The Republican controlled Senate and House intelligence committee personnel have not defended Petraeus, despite the fact he was once touted as a Republican presidential candidate (the American Spectator compared him to Eisenhower). The silence, as they say, is deafening.

Yet there is a case to be made that it is not Petraeus who received the injustice, but rather Sterling, Brown, Kiriakou and even Risen himself (who was subpoenaed to reveal his source–presumed to be Sterling–before having the case against him dropped). The case depends on two assertions, first that there is a massive culture of over-classification, and second that it is very hard to prove harm in general is directly caused by leaks. (Specific leaks, such as the fact that Kim Philby was a Soviet double agent with access to the Venona project and told Moscow about it, are perhaps easier, though often you’re working with hypotheticals–the Soviets might have stopped re-using one-time pads anyway…).

Over-classification has been an issue even prior to 9/11 when then Senator Patrick Moynihan wrote his classic book Secrecy. (Moynihan was ironically one of the prime movers behind the declassification of the Venona project.) The Secrecy News blog at Federation of American Scientists by Steven Aftergood is dedicated to all the myriad ways over-classification is rampant.

There are of course secrets worth protecting (how to build a nuclear trigger is one that comes to mind). But Petraeus did not give classified material to a hostile or foreign agent, no harm has been cited to national security (Broadwell published none of the information according to the plea deal itself), even in the official statement of facts, and the documents were not formally classified (they were his own notes). Perhaps there is a case to made for sensible reaction to leaks–especially when they take the form of whistleblowing–rather than automatically reaching for the Espionage Act. Perhaps the government got it right? This case is a kind of test of what harm we think occurs when there is disclosure (unauthorized or not) of classified material. It is of course not an easy case of all protection is good/bad, all disclosure is good/bad, but of what reaction to disclosure should be, and on what grounds. The reaction and punishment here may offer better choices.

I do not write this to defend Petraeus and think he still got off too lightly. He held the TS//SCI in a non-secure location outside government premises, even delivering them into the possession of his biographer at one point, rather than in his residency’s SCIF as required, reintroducing the burglar scenario. (Compare the recent revelation, or really more widespread realization since this was already known, that Hillary Clinton used a private email address while Secretary of State and ponder what vulnerabilities this possibly introduces, not least immunity from FOIA and transparency. This seems a bigger case to me.)

Ironically, defendants can now cite this case (or try to; since it is a plea deal that never went to court it might provide something less than a true legal precedent) insofar as their cases follow the facts of this case to reduce their own sentences. This is something the government may come to regret, although perhaps we may see it as a better approach than blanket secrecy.

Late addition: after I had drafted but just before I published this I read this piece by Eli Lake which makes some of the same points.

Tracking cellphones through battery usage

In a development Harvard cyber security expert Bruce Schneier calls “interesting” but of unknown practicality, researchers have demonstrated how cellphones can be tracked via their battery usage. The basic principle is that along known routes you can record how much battery is used according to its distance from a cell phone tower.

Here’s a Wired story on it. Key quote:

PowerSpy takes advantage of the fact that a phone’s cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says.

I guess Tobler still rides!

I discuss some of these more unusual forms of geolocational tracking in my new paper “Collect it All” available here (free) or at the journal here.

h/t several people who alerted me to this story: John Krygier (@poponthebeezer) and @agaleszczynski

Cyber security conference at New America today

A big conference on cyber security is occurring all day today at the New America Foundation.

It is entitled “Cybersecurity for a New America: Big Ideas and New Voices” and you can follow some of the commentary about it (including an interview with DIRNSA Rogers) on Twitter under the hashtag #NewAmCyber

Citizenfour wins Oscar

Citizenfour, the documentary about Edward Snowden, won an Oscar last night in the Best Documentary category. The movie will be shown on HBO tonight (9PM EST). The Oscar went to director Laura Poitras, editor Mathilde Bonnefoy and producer Dirk Wilutzky.

Small geography sidenote: one of the cinematographers on the docu was Trevor Paglen, PhD in geography and well known for his photographic work on the security state.

The bartered self

Great article in the New Yorker about digital economy of affect. Includes this very suggestive paragraph:

The free economy is, in fact, an economy of the bartered self. But attention can never be limitless. Kaliouby put me in touch with Thales Teixeira, the business professor who collaborated with her, and we met at the Harvard Club in New York. “There are three major fungible resources that we as individuals have,” he said. “The first is money, the second is time, and the third is attention. Attention is the least explored.” Teixeira had recently tried to calculate the value of attention, and found that, like the dollar, its price fluctuated. Using Super Bowl ads as a rough indicator of the high end of the market, he determined that in 2010 the price of an American’s attention was six cents per minute. By 2014, the rate had increased by twenty per cent—more than double inflation. The jump had obvious implications: attention—at least, the kind worth selling—is becoming increasingly scarce, as people spend their free time distracted by a growing array of devices. And, just as the increasing scarcity of oil has led to more exotic methods of recovery, the scarcity of attention, combined with a growing economy built around its exchange, has prompted R. & D. in the mining of consumer cognition. “What people in the industry are saying is ‘I need to get people’s attention in a shorter period of time,’ so they are trying to focus on capturing the intensity of it,” Teixeira explained. “People who are emotional are much more engaged. And because emotions are ‘memory markers’ they remember more. So the idea now is shifting to: how do we get people who are feeling these emotions?”

This raises the question of whether geolocational information is a fourth term in this equation. So time, money, attention and the extraction of geolocational information/privacy.

Talk at Colgate University on Big Data

Today I’m giving a talk at Colgate University, in New York. It was a bit of toss-up if the weather would allow me to get here (snow and flight cancellations), but thankfully I’m here safely.

My talk is entitled “Big Data Narratives: Surveillance and Privacy in the Age of the Algorithm.”

Thanks to my hosts Peter Scull, Adam Burnett and the geography department. The talk is made possible by the Dennis Fund endowed lecture series in the social sciences at Colgate.

PS: small historical note. Colgate was the place Peter Gould was evacuated to during WWII when he was a child.

Lyzi Diamond on what to learn first about mapping

Great post by Lyzi Diamond on what to learn first about mapping. I was going to quote chunks of it, but do yourselves a favor and just read it.

Oh, OK here’s an extract:

In school, typically, we learn a basic formula: “When you’re faced with this problem, use this tool to solve it.” The real world is simply not like that. So much work goes into a) assessing the problem, b) determining which solution out of the possible range of solutions is best in this particular situation, c) deciding which tool is best to execute on that solution in that particular situation, and d) doing it over again because you fucked something up. I never learned about that reality in school, and I think that was a stunting factor.

But we’re a much more technically-literate society these days, so just learning the software isn’t enough. You have to understand both the theoretical principles around the tasks you’re executing on as well as the technology that’s underlying the software. For any tool you execute in ArcGIS, there is both a geometric/spatial problem that’s being solved (in a theoretical sense) as well as a database task that’s being executed (in a technical sense). Understanding both of those things is what will make you successful in the field.

It might be interesting to put together a sample syllabus/class along these lines, throwing in the “zombie GIS” approach I wrote about recently. Here’s what I put in my own syllabus:

Course Learning Outcomes
By the end of this course you will be both able to (1) identify candidate technologies for your problem; (2) identify and secure appropriate data; (3) successfully develop a solution using appropriate GIS and mapping technologies; and (4) critique and assess maps & GIS products, including your own. Additionally, the class will emphasize a key skill: (5) finding solutions to problems. By the end of the semester you should be able to not only comprehend GIS but solve problems of GIS applications and evaluate and recommend specific solutions to real-world problems.

A little ambitious perhaps!