Incidental Unmasking

Now we know that then-National Security Advisor to then-President Barack Obama (D) Susan Rice asked several times for American names to be unmasked that had been masked since their presence in communications of foreign nationals that were being legitimately monitored was entirely incidental to the communications and the reasons for which those communications were being monitored.

Rice’s requests were strictly legal; the NSA incumbent is one of the Executive Branch officials with the legal authority to ask for, and to receive, the names to be unmasked without having first to go through a court, even the secretive Star Chamber FISA court.

Distractions

Congressman Adam Schiff (D, CA), Ranking Member of the House Intelligence Committee, wants them.  He’s so anxious to have them that he’s insisting that Committee Chairman Devin Nunes (R, CA) to stop being Chairman.

Mr Nunes should step aside from any congressional investigation pertaining to Russia or to the “incidental” collection of intelligence information, like what Mr Nunes said occurred to Mr Trump’s transition team.

Mr Schiff said in a statement it was “not a recommendation I make lightly…. I believe the public cannot have the necessary confidence that matters involving the president’s campaign or transition team can be objectively investigated or overseen by the chairman.”

Inadvertent Tapping and Leaks

As House Intelligence Committee Chairman Devin Nunes (R, CA) revealed the other day enroute to the White House, intelligence community personnel, in the course of surveilling the communications and other activities of foreign nationals (vis., Russian Ambassador Sergey Kislyak), also surveilled incidentally members of then-President-Elect Donald Trump’s campaign and transition teams, and perhaps Trump himself.  Wire tapping, indeed, if loosely and metaphorically.

Of larger import, though, is this, also from Nunes.

…the intelligence “ended up in reporting channels and was widely disseminated.”

It was previously reported that former National Security Adviser Michael Flynn was “unmasked” in this way; however, Nunes said “additional names” were unmasked as well.

Honeypots

In the cyber world, a honeypot

consists of data (for example, in a network site) that appears to be a legitimate part of the site but is actually isolated and monitored, and that seems to contain information or a resource of value to attackers, which are then blocked.

Of course, nothing prevents nefarious persons or entities from using honeypots to draw in honest folks for nefarious purposes.  Purposes like the following.

The trove of leaked Democratic National Committee emails posted to Wikileaks on July 22 has sparked concerns about malware as users access the vast trove of documents.

On the day of the leak, Google’s Transparency Report warned users of dangerous downloads from Wikileaks.org. Google has not revealed specifically what was detected….

The Feds Want to be in your Child’s School Bathroom

…right along with anyone else confused about who should or should not be there.

The Obama administration will send a letter to every public school district in the country telling them to allow transgender students to use bathrooms and locker rooms that match their chosen gender identity, as opposed to their birth certificate.

President Barack Obama (D) threatened in his letter to withhold Federal funding for those school districts impertinent enough to not comply with his decree.  South Dakota v Dole might have an impact on his threat, but Obama has never let legitimacy get in the way of his edicts, and this is another lame duck/what’re-you-gonna-do-about-it-in-my-last-8-months example.

Encryption and Safety

Senators Richard Burr (R, NC) and Dianne Feinstein (C, CA), in their op-ed in The Wall Street Journal, demonstrated their lack of understanding of the relationship between security and safety.  Their piece’s title, Encryption Without Tears, illustrates their basic misunderstanding of the inherent tension between the two, here encryption and safety.

In an increasingly digital world, strong encryption of devices is needed to prevent criminal misuse of data.  But technological innovation must not mean placing individuals or companies above the law.

Neither can technological backdoors be allowed to place government above the law.

Cyberthreat Information Sharing

The public and private sectors need to increasingly declassify and divulge critical information if the U.S. is to set up effective cyberthreat organizations, according to a report released Wednesday by PwC that sets out a blueprint for how those groups could be set up.

That would certainly lead to faster responses to hack attempts—committed by anyone, whether governments foreign or domestic or criminals—and to more efficient hardening against present and future hack attempts.

Unfortunately, FBI Director James Comey has already written off the concept of public sector—at the Federal government level, anyway—cyberthreat sharing.

Government Arrogance Should Disqualify It

…in its case trying to force Apple to disable encryption on its iPhones.

Rather than assist the effort to fully investigate a deadly terrorist attack by obeying this Court’s Order of February 16, 2016, Apple has responded by publicly repudiating that Order…Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation.

Security Tradeoffs

Here’s one.

A federal judge has ordered Apple Inc to provide software to the Justice Department to help it unlock a phone used by one of the suspects in the San Bernardino, CA, terror attack because investigators suspect the device may hold critical details of the plotting behind the mass murder.

The government’s justification is this:

Law-enforcement agencies say companies such as Apple make it harder to solve crimes including terrorist attacks, child abuse and murder by putting security measures on phones that make it difficult or impossible for investigators to open them and examine data inside.

Gross Incompetence?

As if we didn’t need another reason to disband the Department of Education (see its Dear Colleague letter for an example of its gross dishonesty), here’s another, of utter failure to perform. DoE isn’t taking care of its digital data.

The Education Department doesn’t hold nuclear launch codes. But its vast data trove on student-loan borrowers and their parents—and the nearly $100 billion it disburses in new loans every year—are reason enough to want the bureaucrats to prevent digital intrusions. ….
The stakes go well beyond personal privacy. Federal student loans outstanding exceed $1 trillion, and Team Obama is trying to forgive those debts. It would add injury to injury if cyber-fraudsters were able to pile on for a taxpayer plundering.