Monday, April 14, 2014

Guantánamo hearings halted amid accusations of FBI spying on legal team . Allegations surfaced Monday that the FBI turned a member of a 9/11 defendant’s defence team into a secret informant ..... The NSA's Heartbleed problem is the problem with the NSA . What the agency's denial isn't telling you: it didn't even need know about the bug to vacuum your privacy and store it indefinitely


Makes you wonder what " rights "  all of the  treasure  and blood devoted to Wars and billions spent on defense and security - actually are secured and for whom ? 





Guantánamo hearings halted amid accusations of FBI spying on legal team

Allegations surfaced Monday that the FBI turned a member of a 9/11 defendant’s defence team into a secret informant

Spencer Ackerman
Monday April 14 , 2014






Guantanamo Bay
One of Guantanamo Bay's two courthouses is seen through a broken window at Camp Justice at the Guantánamo Bay. Photograph: Michelle Shephard/AP
The US government’s troubled military trials of terrorism suspects were dealt another blow on Monday when proceedings were halted after an allegation surfaced that the Federal Bureau of Investigation turned a member of a 9/11 defendant’s defense team into a secret informant.
Judge James Pohl, the army colonel overseeing the controversial military commission at Guantánamo, gaveled a hearing out of session after barely 30 minutes on Monday morning, following the revelation of a motion filed by the defense stipulating that the FBI approached an unidentified member of the team during the course of an investigation into how a manifesto by accused 9/11 architect Khalid Shaikh Mohammed found its way to the media.
Defense attorneys argued the government plunged them into a potential conflict of interest, as they would need to potentially defend themselves against a leak investigation, risking their ability to put their clients’ legal needs ahead of their own.
They implored Pohl to investigate, and if necessary, assign their clients with new independent counsel to advise the defendants about the existence and implications of conflict of interest. That could be a lengthy process – potentially the next delay for a proceeding that has yet to get out of the pretrial stage nearly two years after the latest incarnation of the 9/11 military trials began.
“We have an impossible situation in terms of representing our client … on any issue,” said James Harrington, a civilian attorney for Mohammed’s co-defendant Ramzi bin al-Shibh in the case, which carries the death penalty.
“To say this is a chilling experience for all of us is a gross understatement,” Harrington said.
On 6 April two FBI agents approached the defense security officer assigned to bin al-Shibh’s defense team with a document that “in essence, seeks to enlist defense personnel” in an inquiry into the manifesto leak, said Walter Ruiz, an attorney for co-defendant Mustafa Ahmed al-Hasawi.
Harrington said the unnamed security officer, a contractor for the firm SRA International, had signed the document, which was written to indicate the start of an “ongoing” relationship with the bureau.
A defense security officer is a non-lawyer assigned by the commission’s convening authority to advise the defense team on the handling of classified information, among other issues. The officer would have had “unlimited access to our files,” Harrington said, although not to those of the other legal teams.
Cheryl Bormann, an attorney, for co-defendant Walid bin Attash, indicated that the officer signed the FBI document, and warned that she and her colleagues had no way of knowing if other members of the 9/11 defense teams had been similarly been covertly enlisted to inform on their colleagues. She and other lawyers said the question effectively paralyzed their ability to represent their clients.
“I cannot advise Mr bin Attash that there is conflict-free counsel now, because I quite honestly don't know that there is. I know I've done nothing wrong, but I can't vouch for anybody else on my team. I can't vouch for anybody else in this joint defense,” Bormann said.
Monday morning’s hearing was supposed to address bin al-Shibh’s competency to understand the pre-trial proceedings. Bin al-Shibh has repeatedly complained of “sounds and vibrations” in his cell at Guantánamo’s most secret detention facility that disrupt his sleep and concentration. Bin al-Shibh and his four co-defendants were in court on Monday morning, and did not issue any outbursts, which have disrupted previous hearings.
The chief prosecutor of the military commissions, army brigadier general Mark Martins, asked Pohl to proceed as scheduled.
Martins said he was not aware of the FBI approaching the defense team, a contention Harrington supported. The motion detailing the allegation, filed unexpectedly late Sunday night and first reported by Carol Rosenberg of the Miami Herald, was unsealed Monday, but a declassification review must proceed before it is yet available to the public. It is as yet not public which agency, if any, triggered the FBI’s involvement.
Harrington said one of the FBI agents who approached the contractor was named Kelley Clark. The defense attorney defended the Defense Security Officer as a “good man” placed in an impossible situation.
“We do not believe he did anything wrong. We believe the FBI is the one that did the wrong from the beginning,” Harrington told reporters after the hearing.
Defense lawyers implored Pohl to delay the pre-trial hearing and order an investigation into the FBI’s unexpected involvement in the defense team. Pohl ordered a secret session with the prosecution, apparently related to the competency issue and not the FBI, and an open session for Tuesday morning.
“This is more than just something where there's some circumstantial evidence where something that may have happened. Here it really happened,” Harrington told Pohl.
In January, the Huffington Post and Channel 4 in the UK published a 36-page manifesto by Mohammed, the first such statement from the alleged 9/11 architect to leak out during his 10 years in US captivity. According to a March letter Martins sent to 9/11 families, the prosecutor on 3 March requested Pohl order an inquiry “as to how this letter was released, and to take action to ensure that the Commission process cannot be used to inappropriately disseminate propaganda.”
Lieutenant Colonel Todd Breasseale, a Defense Department spokesman on detainee affairs, noted that “the prosecution has not alleged misconduct on the part of the defense, with regard to the document attributed to Mr Mohammed.” Breasseale declined to comment about which agency prompted FBI involvement.
Harrington was unaware what law the media acquisition of Mohammed’s manifesto would have broken. It was an unclassified document, not part of the court proceedings that are governed by a nondisclosure agreement, that was distributed to attorneys at Guantánamo late last year.
The possibility of the FBI enlisting bin al-Shibh’s Defense Security Officer as an informant on the defense teams follows on the heels of revelations and suspicions that attorneys’ communications are monitored at Guantánamo.
The Central Intelligence Agency was able to secretly mute commission courtroom proceedings in January 2013 when attorneys attempted to discuss the agency’s former off-the-books prisons.
In April 2013, over half a million defense counsel emails were inappropriately turned over to a Department of Defense agency, prompting Pohl to temporarily delay pretrial hearings in the case of Abd al-Rahim al-Nashiri, the accused organizer of the deadly 2000 USS Cole bombing.
In December 2013, Vocativ reported that a system at Guantánamo called RedWolf surreptitiously intercepts and records phone, email and Voice Over Internet Protocol communications. The US Southern Command denied violating the confidentiality of attorney-client conversations.
Ruiz said that the new indication of secret FBI involvement in defense counsel raised a concern “about the privilege and the confidentiality of our communications.”
Even before the FBI allegation arose, the multitude of pre-trial motions had already backed up the military commission for the 9/11 defendants. James Connell, a lawyer for co-defendant Ali Abdul Aziz Ali, told reporters on Sunday afternoon that he was “no longer confident” that the military trial could begin in 2016.
The five 9/11 co-defendants have waited years for their trial to unfold. Most were taken into secret CIA detention in 2002 and 2003 before being sent to Guantánamo in 2006. A 2008 war-crimes trial was aborted, as was the Obama administration’s 2009 plan to try them in civilian court in New York. The co-defendants were arraigned in 2012.
Karen Greenberg, the director of Fordham University Law School’s Center on National Security, said the alleged FBI involvement demonstrated the superiority of federal civilian courts over the military commissions as a venue for the 9/11 trial. “It's hard, if not impossible, to imagine a federal court judge, allowing such a violation to occur in a federal court prosecution,” Greenberg said.
Harrington told reporters after the hearing that the FBI may have jeopardized an already tenuous trust that the 9/11 legal teams have built with their detained clients.
“If you’re one of the detainees, you say, ‘Now they can spy on my lawyers, and spy on someone on the lawyers’ team and get information on the lawyer, how can I possibly trust the lawyer, or any lawyers?’ That’s a valid question,” Harrington said.





The NSA's Heartbleed problem is the problem with the NSA

What the agency's denial isn't telling you: it didn't even need know about the bug to vacuum your privacy and store it indefinitely

Julian Sanchez 

April 12 , 2014




heartbleed graffiti
Some apropos graffiti in Berlin this week Photograph: Romy Mlinzk / Snoopsmaus /Flickr via Creative Commons
The American intelligence community is forcefully denying reports that the National Security Agency has long known about the Heartbleed bug, a catastrophic vulnerability inside one of the most widely-used encryption protocols upon which we rely every day to secure our web communications. But the denial itself serves as a reminder that NSA's two fundamental missions – one defensive, one offensive – are fundamentally incompatible, and that they can't both be handled credibly by the same government agency.
In case you've spent the past week under a rock, Heartbleed is the name security researchers have given to a subtle but serious bug in OpenSSL, a popular version of the Transport Layer Security (TLS) protocol – successor to the earlier Secure Sockets Layer (SSL) – that safeguards Internet traffic from prying eyes. When you log in to your online banking account or webmail service, the little lock icon that appears in your browser means SSL/TLS is scrambling the data to keep aspiring eavesdroppers away from your personal information. But an update to OpenSSL rolled out over two years ago contained a bug that would allow a hacker to trick sites into leaking information – including not only user passwords, but the master encryption keys used to secure all the site's traffic and verify that you're actually connected to MyBank.comrather than an impostor.
It's exactly the kind of bug you'd expect NSA to be on the lookout for, since documents leaked by Edward Snowden confirm that the agency has long been engaged in an "aggressive, multi-pronged effort to break widely used Internet encryption technologies". In fact, that effort appears to have yielded a major breakthrough against SSL/TLS way back in 2010, two years before the Heartbleed bug was introduced – a revelation that sparked a flurry of speculation among encryption experts, who wondered what hidden flaw the agency had found in the protocol so essential to the Internet's security.
On Friday, Bloomberg News reported that Heartbleed had indeed been added to NSA's arsenal almost immediately after the bug appeared, citing two anonymous sources "familiar with the matter". Within hours, the intelligence community's issued an unusually straightforward denial, free from the weasely language intelligence officials sometimes employ to almost-but-not-quite deny allegations. As the statement pointed out, the federal government itself "relies on OpenSSL to protect the privacy of users of government websites and other online services." If NSA had found such a serious security hole, the agency would have disclosed it, officials asserted. Moreover, the White House has recently "reinvigorated" the "Vulnerabilities Equities Process" designed to ensure that newly-discovered exploits aren't kept secret any longer than is absolutely necessary for vital intelligence purposes.
As Indiana University cybersecurity expert Fred Cate points out, however, the intelligence community's track record of misleading statements about its capabilities means even such a seemingly unambiguous denial has been greeted with some skepticism. And even if we take that denial at face value when it comes to Heartbleed, reports of NSA's 2010 "breakthrough" suggest they may be sitting on other, still-undisclosed vulnerabilities.
Here, however, is the really crucial point to recognize: NSA doesn't need to have known about Heartbleed all along to take advantage of it.
The agency's recently-disclosed minimization procedures permit "retention of all communications that are enciphered." In other words, when NSA encounters encryption it can't crack, it's allowed to – and apparently does – vacuum up all that scrambled traffic and store it indefinitely, in hopes of finding a way to break into it months or years in the future. As security experts recently confirmed, Heartbleed can be used to steal a site's master encryption keys – keys that would suddenly enable anyone with a huge database of encrypted traffic to unlock it, at least for the vast majority of sites that don't practice what's known as "forward security", regularly generating new keys as a safeguard against retroactive exposure.
If NSA moved quickly enough – as dedicated spies are supposed to – the agency could have exploited the bug to steal those keys before most sites got around to fixing the bug, gaining access to a vast treasure trove of stored traffic.
That creates a huge dilemma for private sector security experts. Normally, when they discover a vulnerability of this magnitude, they want to give their colleagues a discreet heads-up before going public, ensuring that the techies at major sites have a few days to patch the hole before the whole world learns about it.
The geeks at NSA's massive Information Assurance Directorate – the part of the agency tasked with protecting secrets and improving security – very much want to be in that loop. But they're part of an organization that's also dedicated to stealing secrets and breaking security. And security companies have been burned by cooperation with NSA before: the influential firm RSA trusted the agency to help them improve one of their popular security tools, only to discover via another set of Snowden documents that the spies had schemed to weaken the software instead.
Giving NSA advance warning of Heartbleed could help the agency protect all those government systems that were relying on OpenSSL to protect user data – but it also would aid them in exploiting the bug to compromise privacy and security on a massive scale in the window before the fix was widely deployed.
Little wonder, then, that the President's Review Group on Intelligence and Communications Technologies – informally known as the Surveillance Review Group – dedicated a large section of its recent report, Liberty and Security in a Changing World, to this basic tension. "NSA now has multiple missions and mandates, some of which are blurred, inherently conflicting, or both," the Review Group wrote. "Fundamentally NSA is and should be a foreign intelligence organization" rather than "an information assurance organization."
Because Internet security depends on trust and cooperation between researchers, the mission of a security-breaking agency is fundamentally incompatible with that of a security-protecting agency. It's time to spin off NSA's "defense" division from the "offense" team. It's time to create an organization that's fully devoted to safeguarding the security of Internet users – even if that might make life harder for government hackers.

No comments:

Post a Comment