Atlantic Monthly Contributors's Blog, page 1033

Edward Snowden wasn't your traditional spy. He was, however, a very modern one, a guy who worked from a computer terminal in an office, similar to how a modern bomber pilot might control his drone. The weekend's big revelations about the NSA's biggest revealer prompt a natural question: How many Snowden-type spies with top secret security clearance are there?

There's another way in which Snowden was a modern spy. He didn't work for the government, but for a government contractor, Booz Allen Hamilton. Snowden's emergence has drawn a great deal of attention to the company, about which it is almost certainly not excited. Both The New York Times and The Wall Street Journal have stories detailing the growth of contractor dependency in the federal government, looking at Booz in particular. As does our sister publication National Journal, which quotes former NSA head Michael Hayden: "There isn't a phone or computer at [NSA headquarters] that the government owns."

That's primarily because of shifts in how the government operates. Right now, federal employees make up less than one percent of the American population.

Since 2000, the number of people employed by the federal government has stayed generally flat.

As the Journal notes in its article, that number is dwarfed by those holding security clearance.

As of last October, nearly five million people held government security clearances. Of that, 1.4 million held top-secret clearances. More than a third of those with top-secret clearances are contractors, which would appear to include Mr. Snowden.

Or:

The number of people holding security clearance is equal to about 1.6 percent of the population of the country.

One does not have to be an American citizen to hold clearance, however. The State Department explains the process for receiving such clearance, which comes in three types: Confidential, Secret, and Top Secret, the highest level. To receive clearance, one must fill out Standard Form 86, which includes questions for those who are not citizens.

According to the Journal, those five million clearances break down like this.

Snowden, a contract employee, had that highest level of clearance — as do a third of the people who hold it. Again, from the Journal's data:

In its look at Booz, the Times indicates how closely the company is tied to the government.

As evidence of the company’s close relationship with government, the Obama administration’s chief intelligence official, James R. Clapper Jr., is a former Booz executive. The official who held that post in the Bush administration, John M. McConnell, now works for Booz.

But of those contractors who hold top secret clearance, only a small fraction work for Booz. The Times reports that it employs 25,000 people, half of whom have the highest level of access. The breakdown of just top secret clearances, then, looks like this.

That means that there are an estimated 450,000 people beyond those that work for Booz who have top secret clearance. Again, the Times:

“The national security apparatus has been more and more privatized and turned over to contractors,” said Danielle Brian, the executive director of the Project on Government Oversight, a nonprofit group that studies federal government contracting. “This is something the public is largely unaware of, how more than a million private contractors are cleared to handle highly sensitive matters.”

Many — or most — of whom, like Snowden, spend their days analyzing the reams of data that Snowden so suddenly brought to public attention. John Schindler, a former NSA officer, tweeted his opinion on such employees. ("CI" stands for "counter-intelligence.")

Been telling my CI peeps for years that NSA & IC only 1 disgruntled, maladjusted IT dork away from disaster (esp IT contractor)...oh well.

— John Schindler (@20committee) June 9, 2013

Remember, folks, IT weenies are the code-clerks of the 21st century: although low-ranking, they see everything, hence the huge CI risk

— John Schindler (@20committee) June 9, 2013

Nor is the way in which those "IT weenies" got clearance beyond critique. In February, John Hamre, a former deputy secretary of defense, wrote a column for The Washington Post expressing his frustration with how poorly constructed the State Department's clearance renewal process is. It concludes:

I have dedicated 38 years of my life to America’s national security. I know there are spies in our midst. We can improve security and save money simultaneously. But our country needs a system built for the 21st century. The current system is pathetic.

It is now safe to expect some reforms. But the trend will probably continue: more Edward Snowden spies, working for private companies, scanning highly confidential information.

Photo: NSA headquarters. (AP)

If you're looking forward to spending the summer of 2013 re-living major recent events of 2012, thank goodness The Newsroom is back. In a new trailer that aired before last night's Game of Thrones finale—this one with actual clips from season two, as opposed to desert wandering—we get a glimpse of the news on News Night beginning July 14.

And so it begins again: Our truth-speaking hero, Will McAvoy, is still dealing with that "American Taliban" speech from last season, and pissing off his higher-ups like Jane Fonda's CEO. The "chips are falling," she says. Meanwhile, Dev Patel's Neal has incredible foresight when it comes to Occupy Wall Street, and is eventually going to get arrested, and John Gallagher Jr.'s Jim is off to cover the Romney campaign and flirt with a Streep daughter. Aside from that, there's a nude-photo scandal involving Olivia Munn's Sloan, and a story involving a "massive war crime." (Does it involve drones, perhaps?) 

Are you ready? Because Aaron Sorkin has some major historial proselytizing for you.  

Jury selection for George Zimmerman's second-degree murder trial begins today, and in yet another controversial move seeking to prove their client's justification for self-defense, his lawyers have released a video that' allegedly one of the only recordings of Trayvon Martin's voice — and they claim it proves Martin wasn't, in fact, screaming for help in a 911 call. The video in question is actually a would-be piece of evidence that, like so much of the character assassination that has leaked ahead of the trial, Zimmerman's attorneys have already had to apologize for; after drumming up support for the defendant by claiming the footage showed Martin beating up a homeless man, Mark O'Mara and Co. were forced to admit that Martin just filmed two homeless men fighting over a bicycle. But now the lawyers insist the video — or at least its audio — raises new questions. So here it is:

You can hear multiple voices there — it's difficult to tell which one is allegedly Martin's, what with everyone laughing. But the defense claims this is the only existing recording of Martin's voice — an important caveat, since that would mean a 911 call on the night he was shot last February did not include his voice. Indeed, the attorneys say the voice in the video above doesn't match the voice on a 911 call that includes a man screaming Help me, NBC News reports. Importantly, the court still has to determine if the 911 call is admissible — unlike Martin's history of "violence" and marijuana use, Judge Debra Nelson hasn't thrown out that piece of evidence — but if the prosecution's experts are allowed to testify, that could still break Zimmerman's claim of self-defense, around which the trial will revolve. "Alan Reich, a voice analysis expert who testified Friday, believes that the screams recorded were not Zimmerman, but more likely came from Martin," CNN reports from last week's pre-trial hearing on the admissibility of the evidence. "Ted Owens, a forensic audio engineer, testified Friday that his analysis of the 911 call indicated that the person screaming was not Zimmerman."

That the video shows people laughing at two homeless people fighting, of course, is something of another character attack on Martin, which Zimmerman's lawyers aren't exactly being coy about.  "Asked whether it could be used in a way damaging to Martin's image, Shawn Vincent, a spokesman for the defense, said: 'The answer is we hope it doesn’'t.'" NBC News reported. Calling Martin's character into question has been one of the main pre-trial strategies from the defense, at least out in the open: They've leaked stories to the press about Martin's emails and text messages, which allegedly show a "violent side." They've also tried to bring Martin's past, from his marijuana use to school suspensions, into the spotlight; last month the judge ruled that the two sides cannot use this evidence.  The Martin family has called these leaks "a desperate and pathetic attempt by the defense to pollute and sway the jury pool." They probably feel the same way about this video now that it, too, is out in the open. 

Jury selection starts this morning and is expected to last for a while. Judge Nelson will hear the arguments about the 911 call at a later date. You can watch today's hearings streaming live right here.

Edward Snowden went to great lengths to cover his tracks and avoid the long arm of U.S. law, but the NSA leaker's decision to choose Hong Kong as a potential safe haven may have been his biggest misstep. Snowden says he chose the city-state because of its "commitment to free speech and the right of political dissent," except its citizens also care very deeply about something else: the rule of the law. That's why one lawyer said that, with the possible exception of the U.K., "Hong Kong is the worst place in the world for any person to avoid extradition."

According to The Wall Street Journal's Chinese bureau reports, lawyers who live and work in Hong Kong's legal system are "baffled" that Snowden believes he could be safe there. Not only does the city have a working extradition treaty with the U.S., they've always done their best to honor it. Usually for violent criminals and drug offenders, but still: The city's experts say they can't recall instances in which the agreement has been challenged in political circumstances.

[image error]Hong Kong's citizens do value the right of protest greatly and have exercised it often when the Chinese mainland has threatened restrictions or censorship. (The photo at right was a memorial for the victims of Tiananmen Square last week. Such events are banned on the mainland.) However, those protests are as much about protecting Hong Kong's autonomy as they are about free speech. A lack of censorship is more than just a sign of openness and free expression; it's what separates Hong Kong from the more authoritarian forces in Beijing. That independence was fundamental to the agreement that returned the area from British colonial control at the end of the last century and what has it allowed it to become an international center for banking and business. If China can violate that whenever it wants, then nothing in Hong Kong is really free.

It's possible that many of Hong Kong's citizens would sympathize with Snowden's cause, but their own cause of law and order in the face of China's more arbitrary system is more important. If they won't respect the treaty with the United States, then why should the U.S., its companies, or anyone else respect their rules in the future? Any extradition process may take a long time, but that's just more evidence their legal system plays by the rules and takes them seriously.

Obviously, this case is different, both in the nature of the crime, and the scope of the publicity. And the rules do still allow Beijing the authority to supersede any ruling on an extradition requests. (That's why relative to other democracies, Hong Kong isn't that free.) But many experts seem to think it's very unlikely that they would do so on Snowden's behalf. Put aside the complications it would create with its relationship with the United States or even the hypocrisy it would require to demand the return of its own dissidents in the future: the political headache it would create with Hong Kong would just be too great. Whatever they would hope to gain by protecting Snowden just isn't worth upsetting the delicate balance of things in its own backyard.

(Inset photo: Tens of thousands of people attend a candlelight vigil under rain at Victoria Park in Hong Kong Tuesday June 4, to mark the 24th anniversary of the June 4th Chinese military crackdown on the pro-democracy movement in Beijing. Photo by Kin Cheung/ AP)

Do you like computers, love Hawaii, and would thrill at the opportunity to access our government's most highly classified secrets? Then Booz Allen Hamilton has the job for you!

The security and consulting firm posted a job opening last month that sounds suspiciously similar to the one that Edward Snowden used to do for Booz Allen, before he hightailed it out the country and started leaking what he took with him. The position of "Information Security Engineer" is based in Hawaii, requires experience with network engineering and host-based security systems, and — this is non-negotiable, we assume — a full security investigation and background check to determine "eligibility requirements for access to classified information."

Naturally, there are lots of jobs like this at a lot of companies that work (almost exclusively with the government, but since it was posted on May 22, right around the time that Snowden took a leave of absence from the exact same firm, it looks a lot like an attempt to fill the hole he left behind. (The company hasn't commented on the posting, but did release a short non-statement about the leak.) Like Snowden, you you don't even need a college degree! Move fast though. Given all the attention this company and story are getting now, you're probably going to get a lot of competition!

Here's the full posting:

Information Security Engineer, Mid Job

Date: May 22, 2013

Location: Honolulu, HI, US

Description: Information Security Engineer, Mid-01127993

Description

Key Role:

Support a client's information assurance (IA) program manager to provide effective IA development, implementation, operation, maintenance, and modification to meet DoD and DON IA requirements in support of major communication systems. Assist IAM to research, analyze, implement, accredit, manage risk, and maintain detailed IA policies, plans, and programs. Work with the IT system owners to coordinate with command security requirements and provide systems engineering to support the certification and accreditation (C&A) manager. Develop and review documentation and artifacts for Defense Information Assurance Certification and Accreditation Process (DIACAP) packages for the command and subordinate commands. Conduct C&A validation testing, document results, and recommend steps for the remediation and mitigation of vulnerabilities. Coordinate with representatives of the Certifying Authority (CA) and Designated Approving Authority (DAA) to attain Authority to Operate (ATO) for systems and networks. This position is located in Honolulu, HI.

Qualifications

Basic Qualifications:
-4 years of experience with network engineering or Information Assurance
-3 years of experience with DIACAP or DITSCAP certification and accreditation within the last 5 years
-Top Secret clearance required
-IAM Level II 8570.01 M Certification (i.e. CAP, GSLC, CISM or CISSP)

Additional Qualifications:
-Experience with Navy IA and C&A processes
-Experience with computer network defense
-Experience with host-based security systems (HBSS)
-BA or BS degree preferred
-Fully Qualified Navy Validator Certification

Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.

Integrating the full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems, working by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/D/V.

Job: Information Security Engineering
Primary Location: United States-Hawaii-Honolulu
Travel: Yes, 5 % of the Time

Nearest Major Market: Honolulu 
Nearest Secondary Market: Hawaii 
Job Segment: Information Security, Security, Engineer, Consulting, Database, Technology, Engineering

The Taliban claimed responsibility for an early morning attack on the military wing of the main international airport in Kabul, which also happens to be the site of a NATO headquarters. 

As of late Sunday, the attack was still underway. There aren't any definitive reports of casualties, though the Guardian reports that at least some of the insurgents are wearing suicide vests. They were engaging in a gun battle with Afghan police forces, who responded to the attack. 

The AFP described the scene as it unfolded: 

"Loud explosions and bursts of small-arms fire erupted for at least two hours and were continuing, with the US embassy sounding its "duck and cover" alarm and its loudspeakers warning that the alarm was not a drill."

The U.S. embassy in the country issued an "emergency" warning for citizens in Afghanistan. Officials cancelled all flights to and from the airport. 

Last month, Kabul was the site of another hours-long attack with Taliban insurgents. The extremist group is apparently in the middle of what they're calling a "spring offensive" in the country, according to the BBC. They're targeting military and diplomatic sites. 

All of Katie Couric's best friends left for CNN, so it would make sense if she followed them to cable's problem child. And, according to a new report in the New York Post, she might be joining the poop cruise crew of news fairly soon.

Page Six reports Couric may join her old pal Jeff Zucker at CNN, the network he ditched her to run in November 2012, after her ABC daytime talk show Katie wraps up its second season. Things have been in disarray since Zuck, also Couric's former Today producer, left the show. 

The once unimpeachable Katie Couric is struggling on and off screen. The show's been a mess behind the scenes, according to Page Six. "Jeff’s departure left a void," a source told the Post. "Then they had four co-executive producers and the staffing decisions being made were poor. Katie was left vulnerable." Things didn't get any better when Michael Bass, another Today veteran, left Katie to join longtime partner-in-crime Zucker over at CNN. At the time, The New York Times gave us a glimpse of what was happening behind closed doors: 

But people at “Katie” and its distributor, the Walt Disney Company, say they expect a shake-up after the first season ends and before the second season begins. The executive who replaced Mr. Zucker just three months ago, Michael Morrison, has been marginalized, according to several staff members there, so much so that rumors are running rampant that he is about to be replaced.

So the show needed a shakeup after its first season and the guy in charge couldn't run the ship. That's a classic recipe for success in television. With all of that inside baseball business setting the table for the show's eventual demise, it was also losing in the ratings. Katie Couric was losing total viewers and the coveted-by-daytime-advertisers women 25-to-54 demographic to Steve Harvey. 

So let's operate under the assumption Couric will leave ABC, even though she's signed long term and network reps decline she's on the move, and join Zucker at CNN. Where does Couric fit in? She could bounce Kate Bouldan from CNN's new morning show that had a long, arduous search to find its 'Katie Couric' role. Katie Couric would probably qualify. Sorry, Kate. 

Or, more likely, Couric could move into the (admittedly crowded) primetime lineup. There have been rumors swirling for months about what Zucker will do to makeover CNN in primetime, from landing Leno to reviving Crossfire, but a classic Zucker move would be to replace the apparently vulnerable Piers Morgan. The move has been speculated about before. 

Or, who knows, maybe she could be the new Wolf Blitzer. The network wants to get someone younger and more attractive. Couric is not 

The most important pieces of the Veronica Mars inner circle are in place: the whole gang is going to be back together when that Kickstarter-funded film starts filming in nine days. Veronica's former boyfriends, best friends, and her always-reliable gumshoe dad are all on board for the movie. 

Within the last 24 hours, ahead of a panel at the Austin Television Festival, we've had two pieces of very important casting news: Chris Lowell will return as Stosh "Piz" Piznarski, Veronica's less crazy, nice guy boyfriend from season 3. And, most importantly, that Percy Daggs III will return as Veronica's best friend, Wallace Fennel. We knew Jason Dohring, Enrico Colantoni and Kristen Bell -- slightly crazy love interest Logan Echolls, Keith and Veronica Mars, respectively -- were all slated to appear in the movie. So now we know the five most central characters to Veronica's world will be back when this thing hits the big screen. 

So with a just more than a week away from filming, there are some remaining outstanding casting questions, though they're mostly outlier characters. We don't know if Francis Capra's Weevil, the biker thug with a heart of gold, or Tina Majorino's Mac, Veronica's nerdy galpal, or Teddy Dunn's Duncan Kane, Veronica's original high school sweetheart, will be returning in the movie. Either way: this movie starts shooting in nine days. It's actually happening.

Ever since reports from the Washington Post and the Guardian revealed the existence of the National Security Agency's PRISM — the government program that allegedly works with major Internet companies to collect (some) U.S. citizen data — reports have conflicted about whether the NSA has "direct access" to the servers of belonging to some of the biggest tech companies in the world — Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. The Guardian's James Ball released a new slide from the PRISM presentation that he thinks proves the NSA has unfettered access to these servers. He still doesn't prove anything definitively, though. 

In the last few days, Facebook and Google were forced to come out and deny the NSA has "direct access" to their servers.  "From inside a company's data stream the NSA is capable of pulling out anything it likes," the Post's Barton Gellman and Laura Poitras had reported. Then, on Saturday morning, a pair of reports seemed to corroborate Facebook and Google's defense. They cooperated with the NSA's data collection practices but didn't give the agency the keys to the kingdom. 

This was not sitting well with Ball and his colleagues at the Guardian. "Some articles have claimed that Prism is not a tool used for the collection of information from US companies, but is instead an internal tool used to analyse such information," he writes, before getting to his big debunking. "In the interests of aiding the debate over how Prism works, the Guardian is publishing an additional slide from the 41-slide presentation which details Prism and its operation." This is the slide: 

[image error]

So, the two things this slide shows: 1) that PRISM collects information over fiber Internet connections (ahem, Google?); 2) Ball's smoking gun: the words "collection directly from the servers," of the tech companies in question right there on the U.S. government Powerpoint presentation. So that's that, then, right? It says so right there in the slide! Not really. 

The upshot of the reports denying the NSA had direct access was there was a carefully crafted routine in place between the NSA and the tech companies: the agency would deliver as FISA request for info, company lawyers look over the request, and then the information would be securely delivered to the NSA. What system is in place to exchange information between the NSA and the tech companies. 

Andrew Nacin, the lead developer for Wordpress, doesn't think the NSA has "direct access" to Facebook's servers, as Ball implies: 

“Direct access” is *clearly* drop boxes. If you think Facebook would let *anyone* connect to actual DB servers, you’ve never met a sysadmin.

— Andrew Nacin (@nacin) June 8, 2013

Here's The New York Times' Claire Cain Miller explaining how Facebook and Google have their exchange system set up: 

In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.

We bolded the important parts so they wouldn't be missed. In another example, Miller says an NSA agent worked out of a tech company office for multiple weeks to retrieve information. The agent collected the data on an NSA laptop and brought it back with him. 

Ball's insistance that the NSA has access to all the information on Facebook and Google servers is founded entirely on the words "directly from the servers," found on a crudely made government Powerpoint presentation. Glenn Greenwald, the Guardian journalist credited with leaking much of this information, was measured when analyzing the inconsistencies on Facebook: 

Our story was written *from the start* to say NSA claimed this, telecoms deny-we wanted them to have to work it out *in public* what they do

— Glenn Greenwald (@ggreenwald) June 8, 2013

We reported - accurately - what the NSA claims. We reported - accurately - what the companies claim. It conflicts. That's why we reported it

— Glenn Greenwald (@ggreenwald) June 8, 2013

Given the information previously available to us, and developers arguing direct access is next to impossible, his smoking gun isn't very hot. It looks like the result of a confused government agent who can barely make a Powerpoint presentation that would earn a passing grade in college trying to explain the innerworkings of a complicated government data collection network to a room full of people who know even less. 

Everyone, meet the National Security Agency's Boundless Informant. It's the pretty tool designed to help staffers get an overview of the data collected by the agency and which comes complete with its own Frequently Asked Questions guide. The Guardian's Glenn Greenwald and Ewen MacAskill unleashed another scoop about the NSA's big data troves Saturday afternoon, introducing the world to the agency's handy system for easily "recording and analysing where its intelligence comes from." The program tells staffers how much data was collected in each country. There's a color-coded map showing where most data comes from, with green signifying a relatively low amount of data collected in that country while red means a high amount of data. 

Boundless Informant also shows how much data is collected. For example, the Guardian reports the tool "collected 97bn pieces of intelligence from computer networks worldwide." Beyond that, we don't know much about where or how BI fits into the greater data collection infrastructure that includes PRISM and the like. 

It is, as the FAQ explains, merely a prototype. What's unclear is whether it includes data collected by PRISM — the government program that allegedly works with major Internet and telecom companies to collect (some) U.S. citizen data. Tech companies never gave PRISM "direct access" to their servers, as was originally reported, but some — Facebook and Google, at least — set up secure drop-boxes for the NSA to collect information on users when demanded via a top-secret FISA request. Boundless Informant appears not to include data collected from FISA requests, the FAQ explains.

[image error]

But the program's existence shows enough people had to have access to this information, even if it doesn't reveal anything other than quantity and origin, that the NSA built a tool for staffers to use. The alternative would presumably be sending massive reports, filled with complicated tables of data — or numerous individual requests to data analysts.

James Clapper, the director of national intelligence, also released this information fact scheet about PRISM and the NSA's data collection efforts: 

DNI statement about PRISM