"You keep using that word. I do not think it means what you think it means." - Inigo - The Princess Bride
If you haven't guessed it by now, I used the above classic quote from one of my all-time favorite movies to characterize the Obama administration's frequent use of the term
"transparency." Of course, the quote could also apply to John Brennan's use of the term
"imminent" -- as in imminent threat.
But that's another story.
CNET tells the tale:
Justice Department agreed to issue "2511 letters" immunizing AT&T and other companies participating in a cybersecurity program from criminal prosecution under the Wiretap Act, according to new documents obtained by the Electronic Privacy Information Center.
Apparently, the White House has secretly authorized the practice of intercepting communications on portions of national network carriers that would otherwise be illegal under longstanding federal laws against wiretapping. The authorization from Justice Department officials originally applied only to a cybersecurity pilot program the U.S. military used to monitor internet links of defense contractors. But, starting on June 12th, the program will be expanded to include energy, healthcare, financial, and other sectors considered to be critical infrastructure.
"The Justice Department is helping private companies evade federal wiretap laws," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. "Alarm bells should be going off."
High-ranking Defense Department and National Security Agency officials were significantly involved in pushing the Justice Department for the secret legal authorization. Apparently, NSA Director Keith Alexander was personally involved in the planning. Despite substantial pushback from some potential industry participants and the certain Justice Department officials themselves, the DoJ eventually signed off on the project.
Did Alberto Gonzalez sneak back into the DoJ or what?
Under federal statute 18 USC 2511, (enacted in Jan. 2012) which codifies the Wiretap Act, legal immunity will be granted to all participating net providers in the form of "2511 letters," in reference to the statute.
The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a "necessary incident" to providing the service or it takes place with a user's "lawful consent." An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It's not clear how many 2511 letters were issued by the Justice Department.
In 2011, Deputy Secretary of Defense William Lynn publicly disclosed the existence of the original project, called the DIB Cyber Pilot, which used login banners to inform network users that monitoring was taking place. In May 2012, the pilot was turned into an ongoing program -- broader but still voluntary -- by the name of Joint Cybersecurity Services Pilot, with the Department of Homeland Security becoming involved for the first time. It was renamed again to Enhanced Cybersecurity Services program in January, and is currently being expanded to all types of companies operating critical infrastructure.
Both the NSA and DoJ declined to comment but DHS spokesman Sy Lee issued a statement to CNET:
DHS is committed to supporting the public's privacy, civil rights, and civil liberties. Accordingly, the department has implemented strong privacy and civil rights and civil liberties standards into all its cybersecurity programs and initiatives from the outset, including the Enhanced Cybersecurity Services program. In order to protect privacy while safeguarding and securing cyberspace, DHS institutes layered privacy responsibilities throughout the department, embeds fair practice principles into cybersecurity programs and privacy compliance efforts, and fosters collaboration with cybersecurity partners.
And, in the
did-you-think-I-was-kidding-when-I-mentioned-Alberto-Gonzalez department, former DHS official and the founder of
Red Branch Consulting Paul Rosenzweig compared the interdepartmental request for the 2511 letters to the DoJ -- to the CIA asking the DoJ for the infamous
"torture memos" written by the equally infamous (
and recently banned from traveling to Russia)
John Yoo who erroneously concluded that waterboarding wasn't torture.
"If you think of it poorly, it's a CYA function," Rosenzweig says. "If you think well of it, it's an effort to secure advance authorization for an action that may not be clearly legal."
Back in March of this year, the
Congressional Research Service issued a report stating that the White House lacks the legal authority to authorize even more widespread communications monitoring unless or until the current laws are rewritten by Congress.
"Such an executive action would contravene current federal laws protecting electronic communications," the report says.
Here's where the whole thing gets curious:
Because it overrides all federal and state privacy laws, including the Wiretap Act, legislation called CISPA would formally authorize the program without the government resorting to 2511 letters. In other words, if CISPA, which the U.S. House of Representatives approved last week, becomes law, any data-sharing program would be placed on a solid legal footing. AT&T, Verizon, and wireless and cable providers have all written letters endorsing CISPA.
Around the time that CIPSA was originally introduced in late 2011, NSA, DOD, and DHS officials were actively meeting with the aides on the House Intelligence committee who drafted the legislation, the internal documents show. The purpose of the meeting, one e-mail shows, was to brief committee aides on "cyber defense efforts." In addition, Ryan Gillis, a director in DHS's Office of Legislative Affairs, sent an e-mail to Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Intelligence committee, discussing the pilot program around the same time.
So, why did the White House threaten to veto the CISPA bill when it would effectively codify what they're trying to do now? The administration originally said it was due to "privacy concerns." But if this authorization goes forward all internet privacy would essentially cease to exist anyway. So, WTF?
I'd sure appreciate some astute analysis.
It's certainly beyond my limited legal comprehension.
I encourage everyone to read the entire article.