Author Archives: Dustin

The Death of Irony: University of Penn’s Secret Meetings on Secret Surveillance Law

Posted on by
Reply

NSAbyEFFIt’s a crisp Saturday morning in late November, and the University of Pennsylvania’s campus is just barely stirring as I walk into the Silverman building and head towards Room 147, excited about the morning’s roundtable discussion: Spying and the Judiciary: FISA and Other Special Courts.

The event is one of seven moderated discussions at the Center for Ethics and the Rule of Law (CERL) Conference, On the Very Idea of Secret Laws: Transparency and Publicity in Deliberative Democracy.

I’m not the only geek fired-up either, a portly man in a suit walks up next to me as we briskly move towards the meeting room.

“We’re in for a treat this morning!” he says, his mouth cracked with a grin and his eyes alight. Only one of us would end up attending, however – and it had nothing to do with my lacking a tie.

After taking a seat (and catching out of the corner of my eye NSA’s deputy director John “Chris” Inglis drift into the room, among others), a wiry CERL staffer named Ilya Rudyak walks over and asks for my name. I introduce myself and offer my press badge.

“You’re going to have to leave,” he says with a nervous smile.

After escorting me out into the hallway, another CERL representative, Claire Finkelstein, says I can stop back in towards the end of the lunch break to ask her some questions.

In other words, this morning’s moderated discussion on secret courts, secret laws, and a rampaging surveillance apparatus is strangely, well, secret.

In fact, every event during this two day conference – with the exception of Chris Inglis’ keynote speech inside a packed auditorium the night before – is listed on the university’s law department website, yet completely shielded from press and public scrutiny. Furthermore, none of the event listings even have a full roster of attendees.

I find a 14-page list of participant bios outside of the room. The packet is chock full of representatives from the defense industry, intelligence community, academia, and think tanks such as the Cato Institute.

Courtesy for the Powerful, Not the Public

I return near the end of the attendees’ lunch break and quickly find CERL’s head staff member, Claire Finkelstein. She seems dismayed that I’m actually taking up her earlier invitation.

“Is there classified information being discussed here?” I ask Finkelstein.

“No, no classified information, but sensitive topics.”

“So if there’s no classified information being disclosed here, why is it closed to the public?”

“The main point of the discussions is for policy makers, academics, and others who are involved,” she begins, “to enter into dialogue with one another in a way that allows all of us to move up the learning curve, so that we become better-informed academics and policy makers become better-informed.”

She soon passes me off to another attendee: the ACLU’s Alex Abdo.

“There’s a non-attribution agreement that applies, a ‘Chatham House Rule’ that people here are talking about,” Alex Abdo tells me. Finally, we’re getting somewhere.

Abdo is an ACLU staff attorney and participant in that organization’s National Security Project. He arrived here this morning after doing battle with the National Security Agency in U.S. District Court in Lower Manhattan the day before. Abdo is also a conference participant. At moments during our conversation, he seems embarrassed when I press him on the absurdly-ironic secrecy cloaking a conference whose very theme ostensibly seeks to take a critical look at Intelligence Community obfuscation. Hell, even several participants (including Dr. Hans Blix) during a 2006 UK conference on freedom of information and the Iraq War scoffed at invoking the Chatham House rule.

“It’s a really fascinating discussion about how we should think about privacy in an era where so much private information can be collected so easily. That’s my understanding about what’s happened today so far.”

Thanks for the boilerplate, Mr. Abdo, but I’m still trying to wrap my head around why the public should be barred from participating in – or even observing – this “fascinating discussion” on how our “private information can be collected so easily.”

“I’ve been to a couple of these meetings before,” Abdo begins. “Usually, the thought is that if you get a bunch of people who are really thinking and working on these issues together in a room, and you promise not to use what they say against them later on, you’ll foster a thoughtful and uninhibited conversation.

He pauses, adding wryly:

If no one’s surveilling you, you can have an uninhibited conversation.

Julian Sanchez, a CATO Institute research fellow who attended the conference in its entirety, more-explicitly characterized this rule’s real purpose in a series of emails to me:

You’ve got a bunch of lawyers who used to work for the government, some who currently work for the government, and others who might very well hope to work for the government in the future, perhaps on these very issues” [such as Foreign Intelligence Surveillance Court opinions], he writes. I can promise you none of those people ever wants to be quoted in a newspaper making what comes off as a harsh personal criticism of a federal judge [who is assigned to the Foreign Intelligence Surveillance Court] — or even seeming like they partially agree with someone else’s criticism,” he continues.

“In certain circles, that’s at least going to be a huge PR headache, and very likely career kryptonite. Maybe I can just come right out and say ‘that opinion was a total disaster,’ but I’m never going to have to argue a case before that judge, or be applying for a job at DOJ, and I’m certainly not important enough to make headlines with an offhand remark. So the only way you really get a free-flowing, honest discussion is if everyone can just talk without thinking about whether they’re going to make a Huffington Post headline if they phrase something the wrong way.

Whether or not Sanchez was aware, there weren’t just “a bunch of [government] lawyers” in attendance, however. In addition to top-ranking officials within the Intelligence Community, individuals with long-standing corporate ties to the defense and intelligence industries participated too. To shed some light on a frustratingly non-transparent gathering, here’s a small sampling of attendees from the conference roster:

* John “Chris” Inglis, Deputy Director of the National Security Agency and the organization’s senior civilian leader, “responsible for guiding and directing strategies, operations, and policy.”

* Sean Kanuck, whose current position is National Intelligence Officer for Cyber Issues within the Office of the Director of National Intelligence. Kanuck came to this segment of the intelligence community after a decade-long position with the CIA’s Information Operations Center. Kanuck also has extensive experience in law focusing on corporate mergers and acquisitions;

* William R. Craven, the founder and CEO of Overwatch Systems, “a software company serving the Intelligence segment of the Defense industry.” Prior to forming Overwatch, Craven “had been the CEO of Paravant, a public company serving the defense community with rugged and high speed computing solutions for Battlefield and Intelligence applications;

* Lt. General Paul Menoher (Ret.), currently Director of Overwatch Systems LLC and an advising board member of Topia Ventures and Oberon Associates, Inc., and a consultant for ten other defense firms. Menoher also enjoyed a 35-year career in Army Intelligence;

* Amos Guiora, currently a Research Fellow at the International Institute on Counterterrorism in Israel, and Commander of the Israel Defense Force’s School of Military Law and a former legal advisor to Gaza Strip operations;

* George Casey, “head of Shearman and Sterling’s Global Mergers and Acquisitions Group”. Casey is an expert in U.S. domestic and cross-border mergers and acquisitions transactions, venture capital financing, and represents “many of the largest U.S. and non-U.S. corporate and investment banking clients.” Casey is also a current University of Pennsylvania School of Law lecturer.

* Harvey Rubin, M.D., Ph.D, Penn’s Institute for Strategic Threat Analyis and Response (ISTAR) director, and Associate Dean for Student Affairs in the School of Medicine.

So while influential members of government and private industry discuss issues (behind closed doors and shielded from any attribution to “career-damaging” statements) that clearly belong in the realm of public debate – and have been since the beginning of the Snowden-spurred surveillance scandal in April – you and I are shut out from these discussions because these officials are concerned that their statements might be recorded, publicized, and prove damaging to their reputations, careers, and profit margins.

And while this particular conference may not directly produce public policy, as Julian Sanchez also assured me, academic papers may be written about what was discussed. These papers may then become white papers that form the basis for later policy by unelected officials, and often outside the public eye.

Scrutinizing Penn’s Center for Ethics and the Rule of Law

What’s no secret, unlike the conversations throughout this two day CERL conference on surveillance and secret law, is how deeply entrenched this – and so many other non-state funded schools like Penn – are with the defense industry.

Including up to the third quarter of FY 2012 (the most recently available data), the University of Pennsylvania raked in over $17 million in government research work. FY 2011 saw a very lucrative $32 million in such contract work for Penn.

It’s worth taking a closer look at CERL too. Its advisory board contains not only law professors from a variety of universities, but defense contractors like William Craven, currently the CEO of Overwatch Systems and the former head of Paravant. Both companies have deep roots within the defense and intelligence communities. As stated earlier, Craven also participated in this Penn conference.

Ambassador Dell Dailey (Ret.) is another CERL board member whose consulting company “spans both Department of Defense and Department of State programs, numerous product focused companies, private equity, small arms company, think tank efforts and international operations.” Dailey also serves on the nonprofit Center for a New American Security’s Board of Advisors. CNAS boasts of developing “strong, pragmatic and principled national security and defense policies.”

CERL’s seeming affinity for defense industry players and its apparent sympathy for current national security policies doesn’t stop with its private contractor leadership, however.

In a Penn Law Journal article published this past summer titled The Perils of Push Button War, CERL’s head and perhaps its most publicly-visible member, Claire Finkelstein, is paraphrased regarding drone warfare:

Finkelstein points out, however, that as a weapons system, there’s a lot to like about drones. They are more precise than traditional aerial bombs, better able to pinpoint targets, and therefore have the potential to dramatically reduce civilian casualties.

Two law professors and current CERL board members, Jens Ohlin and Kevin Govern, are cited in the same article as supporting the targeted assassination of U.S. citizens abroad, as in the case of Anwar al-Awlaki:

Jens Ohlin, a law professor at Cornell, and a member of CERL’s advisory board, said that the presence of an al-Qaeda branch in Yemen with an avowed intent of engaging Americans more than justified the invocation of war powers there. He said it has never been the case that American citizens taking up arms against the U.S. get special treatment on the battlefield.

Another board member, Kevin Govern, law professor at Ave Maria Law School, and a former Army Judge Advocate, said that al-Awlaki might be compared to Nazi propaganda chief Joseph Goebbels.

What, then, do we make of Penn’s “secret” conference participants, their relationships to the U.S. defense and intelligence apparatuses, and the pervasive secrecy by which they are surrounded? Can we trust that whatever academic treatises, white papers, and possible policy decisions that may come from “On the Very Idea of Secret Laws” will represent not just the national security state’s perceived desires, but those of the public’s too?

Written by Dustin Slaughter. This article is cross-posted at Phawker.

Photo by EFF

Philly Fusion Center’s Reckless Disregard for Privacy Must Be Held to Account

Posted on by
Reply

The Declaration has uncovered troubling revelations regarding law enforcement operations at Philadelphia’s Delaware Valley Intelligence Center (DVIC), which include the fact that the DVIC, an “all crimes, all hazards” fusion center that assists law enforcement agencies in four states, appears to operate without any privacy policy in place, while its privacy officer position has been vacant since 2010.

In a related development, before the fusion center officially opened, the Philadelphia Police Department operated what one private contractor and a Senate subcommittee labeled a “DVIC Cell”. This unit’s existence indicates probable Constitutional violations dating as far back as 2009, as there doesn’t appear to be any indication of privacy or civil liberties protections attached to the “cell’s” operations.

If the Policy Exists, We Won’t Show it to You

Our research into the South Philly fusion center began in the summer of 2012. At that time the only readily discoverable item of any official nature was a brochure made by architect LR Kimball. Formal inquiries, which began in January of 2013, followed by multiple editorial admonitions published on our website and repeated communication with officials both on and off the record over a 10-month period, have not yielded any official policies. Local police officials have been unwilling – or unable – to produce any documents. They have on numerous occasions tried to assure us that a policy exists.

The Declaration also contacted the Department of Homeland Security’s Civil Liberties office, who upon first contact told the Declaration they would quickly locate the document. Our inquiry is now frozen after being passed to the Fusion Center Training Coordinator Ada Albright, whose final communication with us was a deferral to a telephone number which the Declaration has called countless times.

The officer or employee who answered the phone and confirmed that he was indeed at the DVIC told us that he knew Director Walt Smith already had our request, and that “he’d be best to deal with it.” The stonewall continues.

Additionally, a thorough online search for a DVIC policy will lead you to the National Fusion Center Association website and their list of member facility’s privacy policies. The “Delaware Valley Fusion Center” is on the page, with no link to a policy. A very important note sits at the bottom of that page:

FY 2010 DHS grant funds may not be used to support fusion center-related initiatives unless the fusion center is able to certify that privacy and civil rights/civil liberties (CR/CL) protections are in place that are determined to be at least as comprehensive as the ISE Privacy Guidelines by the ISE Privacy Guidelines Committee (PGC) within 6 months of the award date on this FY 2010 award. If these protections have not been submitted for review and on file with the ISE PGC, DHS grants funds may only be leveraged to support the development and/or completion of the fusion center’s privacy protections requirements.

A list of privacy policies on the NFCA website shows the DVIC among center missing a link to a document
A list of privacy policies on the NFCA website shows the DVIC, among a number of other fusion centers, missing a link to a document.

SEPTA police chief Thomas Nestel III, the DVIC’s privacy officer until July of 2010, told The Declaration that he resigned because he could not perform the on-site, full time duties he felt the position required. He believes he had “seen the final draft approved by the Department of Homeland Security.”

Furthermore, in an emailed statement given to us this morning, Nestel says that he “assisted in the creation of the privacy policy and it does exist. Since I no longer hold a position with the DVIC, I am reluctant to release the policy without [Philadelphia Police Inspector Walt Smith’s] permission.”*

Another law enforcement official, on condition of anonymity, also confirms that the DVIC has yet to hire a privacy officer, and describes the facility as not yet fully operational – despite a much-publicized opening on June 28th of this year – in part because the DVIC plans to hire “civilian intelligence analysts.”

These revelations cast strong doubt on the legality of the DVIC’s operations, as fusion centers across the country must adhere to basic standards – outlined in the Department of Homeland Security’s Fusion Center Guidelines as well as the agency’s Baseline Capabilities supplement – standards that include civil liberty and privacy protections. These standards must be implemented in order to receive federal funding.

Privacy guidelines, which the Department of Homeland Security provides a template for on its website and which other fusion centers across the country have in place, establish protocols for the types of intelligence DVIC analysts gather, as well as how that information can be used or disseminated to federal, state, and local law enforcement agencies throughout the four-state region.

Pre-Crime, Suspicious Activity Reporting, and No Privacy: A Troubling Mix

One facet of a fusion center’s day-to-day operations involves either civilian or privatized intelligence analysts examining “suspicious activity reports” filed by law enforcement. These analysts then create threat assessments based on these reports and will often upload them to a federal database, such as the FBI’s e-Guardian system. These assessments are accessible to other local, state, and federal agencies too, as part of a networked law enforcement ecosystem.

During last month’s International Association of Chiefs of Police conference in Philadelphia, The Declaration had the opportunity to attend a presentation on the controversial Nationwide Suspicious Activity Reporting Initiative, often known as “See Something, Say Something.”

David Sobzyk, the scheduled speaker, asserted almost immediately after beginning the presentation that the Nationwide SAR Initiative (NSI) contains built-in privacy and civil liberties protections, yet in the same breath notes that the NSI has 16 behaviors which authorities claim are “indicative of terrorist activity”. In other words, “pre-crime” behavior that could deem an individual or group of people eligible for increased scrutiny by authorities. Other revealing statistics cited by Sobzyk include the fact that 57% of fusion center directors have less than one year of experience; over 85,000 emergency personnel ranging from police officers to 9-1-1 operators and EMS workers have taken SAR training; and a standard SAR training for emergency personnel only consists of a one hour course.

It’s no surprise, then, that a recent ACLU document dump of a Los Angeles fusion center’s suspicious activity reporting made quite a stir among civil libertarians and the press – and this particular center has a published and publicly available privacy policy.

The Declaration submitted a Right-to-Know request in September with the police department for DVIC suspicious activity reporting, which was then rejected. We have since refiled, will appeal if denied again, and are prepared to litigate if necessary.

The potential for operational abuse at the DVIC, then, only increases the need for Constitutional protections that will only come with increased oversight by lawmakers and public scrutiny.

The DVIC’s Troubled Birth

As previously reported, the DVIC received intense criticism from a bi-partisan Senate subcommittee in October of 2012. Their findings indicated (Page 72) that federal grant money was likely being misappropriated by Southeastern Pennsylvania Regional Task Force (SEPA-RTF) officials. SEPA-RTF is multi-county task force that obtained grant funds for a regional intelligence center through the FEMA Homeland Security Grant Program in 2006, and with a consortium of private contractors named the System of Systems Security Consortium (SOSSEC, Inc), was tasked with developing and making the fusion center operational while adhering to federal grant regulations.

According to the subcommittee’s conclusions, the Pennsylvania Emergency Management Agency (PEMA) cut off federal grant money to SEPA-RTF and DVIC development in 2011, because PEMA became aware of plans to illegally use those funds for construction of a Philadelphia Police Department Real Time Crime center at the site of what would become the fusion center. The Senate subcommittee report notes that any planned use of Homeland Security grant money for building construction is prohibited by federal law.

Another curious thread contained in the Senate report, and one which may be another reason PEMA felt it necessary to pull funding in 2011: the existence of a fusion center, listed on the DHS website, that in reality “didn’t exist” according to FEMA testimony before the Senate subcommittee.

The contracting agent tasked with planning and developing the DVIC from 2009 until December of 2011, SOSSEC, Inc., also assisted in the creation of a “DVIC Cell”, a precursor to the current facility.

SOSSEC Vice President Eugene Del Coco, in a lengthy interview with The Declaration this week, revealed the existence of this offsite “microcosm” fusion center launched on July 15th, 2011. Because the DVIC project was experimental, in that it brought together resources and contacts from every jurisdictional tier within a large geographic area, Del Coco says DVIC planners thought it beneficial to establish a prototype operation where a minimal staff could familiarize themselves with the concept of an intelligence center, and gain practical experience and insight into technology and information sharing practices. This offsite center was relocated to the DVIC facility in December, according to a schedule we obtained, and is quite likely one of the mysterious “virtual fusion centers” referred to in testimony by DHS to the same Senate Subcommittee in response to questions about why the DHS listed centers on its site that it knew did not physically exist.

While the general notion of providing advance training to fusion center personnel is rational, given the sensitivity of the operation, the existence of the “Cell” is another example in a litany of cases where the fusion center has been conducting operations which pose serious dangers to Constitutional protections, without significant oversight, and with no record available to the public as to how authorities are ensuring those protections. Del Coco says SOSSEC was originally supposed to complete Phase III-b, “Implementation,” but in December 2011, at the request of the city and SEPA-RTF, relinquished all fusion center responsibilities.

SOSSEC's Del Coco said that the original three phase project was split by SEPA-RTF into two sub-phases for its third stage, for which the City of Philadelphia assumed control
SOSSEC’s Del Coco said that the original three phase project was split by SEPA-RTF into two sub-phases for its third stage, for which the city Philadelphia assumed control

It is Time for Answers

In October, the DVIC facility was host to a Mounted Unit ceremony, an Asian American Advisory Board meeting which apparently included a briefing on the police department’s intelligence gathering practices for members, and an untold number of formal and informal tours for out of town colleagues during the recent International Association of Chiefs of Police, including a former government intelligence officer who now works for IBM and who requested their name not be used for this article. It only seems fair, by matter not only of best transparency practices but simple intuition, that a privacy policy – the most conspicuous public offering regarding the facility – should indeed be available to the public.

Written by Dustin Slaughter and Kenneth Lipp, Image by Dustin Slaughter