• Exposure: Why Mishandling Classified Material Matters

    January 21, 2023 // Comments Off on Exposure: Why Mishandling Classified Material Matters

    Hillary versus Trump versus Biden. All three kept classified information at their homes. Who wins the battle to have likely done the most damage to national security?

    In the end when dealing with the damage done by mishandling classified information it comes down to exposure; who saw it, what was it, when was it seen, and for how long?

    The “who” part is clear enough; a document left inadvertently on a desk top in an embassy guarded by Marines might not be seen by anyone. A document left on a park bench and seized by the local police risks direct exposure to the host country intelligence services if not sale to the highest bidder depending on the locale. But never underestimate cleaning staff; spies love ’em. In what other capacity are likely locals allowed to rummage through an embassy at night, picking through the trash, and moving things around on desks to um, dust?

    The “what” and how much of it is the real stuff of James Bond. At times “what” is in the eye of the beholder. The Secretary of State’s daily list of telephone calls to make is always highly classified. It might matter very little to a Russian spy that the Secretary is calling the leader of Cyprus on Wednesday but matter an awful lot to the leader of nearby Greece. That is why intelligence services often horsetrade, buying and selling info they pick up along the way about other countries for info they need about theirs.

    The “when” aspect is also important as many documents are correctly classified at one point in their history but lose value over time. One classic example is a convoy notification; it matters a lot who knows tomorrow at midnight the convoy will set forth. It matters a whole lot less a month later after everybody in town saw the convoy arrive. “How Long” can matter as well, as the longer a document is exposed the more chances someone unauthorized has to see it.

    So those are the ground rules, on to Hillary versus Trump versus Biden!

    “Who” between Trump and Biden seems a toss-up, given that as far as we know both kept classified in locked closets (we’ll turn to Hillary and her server below.) An investigator would want to know who had keys to that lock, and if possible, who used them when. What controls if any were in place to prevent duplicates from being made? What kind of lock was used? Was it pickable? Would cleaning staff or painters called in have had time alone to work the lock? Were there any video or access logs that might show the staff spent an inordinate amount of time near the closets? We know nothing about this regarding Trump’s and Biden’s closets. One might also want to get into who packed the boxes containing classified info, on whose orders, and how much exposure did they get en route to those naughty closets. Did the information sit in an unguarded truck stop overnight in 2010? Who would have known? “Who” is more than a name, it is a line of dominoes.

    We have a starting on “what” material may have been compromised, and it is not good. Hillary, Trump, and Biden mis-stored information at at least the SCI level (Sensitive Compartmentalized Information, above Top Secret.) SCI means not only is the document classified, even seeing it is restricted to a specific list of people such that merely holding a full Top Secret clearance is not enough. We can say the documents included some real secrets as of their drafting.

    Next of concern is the raw number of documents potentially exposed. In Trump’s case we have a decent tally, thanks to the Department of Justice. The initial batch of documents retrieved by the National Archives from Trump in January included more than 150 classified. With the raid, the government recovered over 300 classified documents from Trump. This worked out to over 700 pages of classified material and “special access program materials,” especially clandestine stuff that might include info on the source itself, the gold star of intelligence gathering. If you learn who the spy is inside your own organization you can shoot him, arrest him, find other spies in his ring, or turn him into a double agent to feed bogus information back to your adversary.

    Our contest is a bit unfair to Trump, as inventories of what was found at Mar-a-Lago are online for all to see while the Biden media has been very cagey on how many document have been found, using phrases like “several” and “a few dozen.” We’ll have to wait until Biden’s home is raided or the Special Counsel concludes his investigation to know for sure.

    In Hillary’s case just coming to a raw number is very hard, as she destroyed her server before it could be placed into evidence. Because her stash was email the secret files were also not all in their original paper cover folders boldly marked Top Secret with bright yellow borders, as in Trump’s case. Hillary also stripped the classification markings off many documents in the process of transferring them from the State Department’s classified network to her own homebrew server setup.

    Nonetheless, according to the FBI, from the group of 30,000 e-mails returned to the State Department, 110 contained classified information at the time they were sent or received. Eight of those chains contained information Top Secret at the time they were sent, with some labeled as “special access program materials.” Some 36 chains contained Secret information at the time; and eight contained Confidential information. Separate from those, about 2,000 additional e-mails were “up-classified” to make them Confidential; the information in those had not been classified at the time the messages were sent, suggesting they were drafts in progress, in the process of being edited before a classification was ultimately assigned.

    The “what” is a toss-up for now. Little information exists on specifically what each document trove held, though the WaPo claims one of Trump’s docs detailed a foreign country’s nuclear capability (ironically, the leak from DOJ revealing the document’s contents suggests things were more secure at Mar-a-Lago than after the search) giving him a slight lead in this category. Clinton discussed Top Secret CIA drone info and approved drone strikes via Blackberry.

    We do have a winner in the “when” category, albeit via an odd path. Biden’s classified materials date back to his Vice Presidency, and we don’t know when they were moved out of secure storage, so the material goes possibly back to 2009. That’s potentially 14 years of the paper hanging around waiting for someone to discover and make nefarious use of it. In Trump’s case, he left the White House in January 2021 and the classified was pulled out of Mar-a-Lago no later than August 2022, only some 20 months of hiding for no more than four years of material.

    Investigations are ongoing in both cases but there is no evidence to date that anyone unauthorized saw the classified documents. We know that after classified was id’ed inside Mar-a-Lago by the National Archives, DOJ asked Trump to provide a better lock, which he did, and later to turn over surveillance tapes of the storage room, which he did. But the clearest evidence of non-exposure is the lack of urgency on the part of all concerned to bust up Trump’s place. Claims he retained classified documents from the White House began circulating even as he moved out in January 2021. The first public evidence of classified in Mar-a-Lago waited until January 2022 when the initial docs were seized, and the recent search warrant tailed that by eight months. If the FBI thought classified material was in imminent danger from one of America’s adversaries they might have acted with a bit more alacrity.

    The real money-maker in the classified world is exposure, and here we finally have a clear leader. Hillary wins in that her exposure of classified emails was done consistently over a period of years in real-time. Her server was connected to the internet, meaning for a moderately clever adversary there was literally a wire between her computer with its classified information and the Kremlin. Her server held at least 110 known messages containing classified information, including e-mail chains classified at the Top Secret/Special Access Program level, the highest level of civilian classification, that included the names of CIA and NSA employees. The FBI found classified intelligence improperly stored and transmitted on Clinton’s server may have been “compromised by unauthorized individuals, to include foreign governments or intelligence services, via cyber intrusion or other means.” How could anyone have gained access to the credentials? Clinton’s security certificate was issued by GoDaddy.

    We have a winner. Whether anyone unauthorized got a look at Trump’s or Biden’s stash remains unclear, but we know for near-certain Hillary’s was compromised. And by compromised we mean every email the Secretary of State sent wide open and read, an intelligence officer’s dream. Hillary had no physical security on her server, her server was enabled for logging in via web browser, smartphone, Blackberry, and tablet, and she communicated with it on 19 trips abroad including to Russia and China. It would have taken the Russians zero seconds to see she was using an unclassified server, and half a tick or two to hack (hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact) into it. Extremely valuable to the adversary were the drafts, documents in progress, a literal chance to look over Clinton’s shoulder as she made policy concerning their country.

    No search warrant was exercised to seize the server and Hillary’s word was taken when she said there was no chance of compromise. So enjoy the bread and circuses around two old men with irresponsible staffs and or irresponsible ambitions who got caught with classified information improperly stored. The real damage had already been done years earlier by Hillary, who escaped any penalty, not even the embarrassment of a Special Prosecutor.

    Related Articles:

    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Biden, Democracy, Trump

    Why Doesn’t TSA Trust the State Department?

    August 2, 2012 // 2 Comments »

    The mighty men and women of TSA have a trust issue. Perhaps many were unloved as children, but they as a group simply are not people persons. Until very recently, a soldier in uniform, the pilot who is going to fly the actual plane, and a guy on a camel with a T-shirt reading “I am a Terrorist” holding an AK-74 were all treated the same at airport security checkpoints. Under some bizarre, irrational interpretation of fairness, limited security resources were not focused on the most likely threats but instead spread thin. A little old grandma’s wrapped birthday gift would set off the same level of scrutiny as a leaking box with wires hanging out the sides.

    No more. A tiny ray of reality seems to have entered the TSA world with the announcement that certain groups of low-risk travelers will be moved into a category called “TSA Pre-check.” No application needed or allowed as with previous attempts to sort out folks. Now, based on where you work and especially on whether or not you hold a US Government security clearance, you will face lighter screening.

    First in the pool are uniformed military at certain airports. Kind of a no brainer.

    Then we learned in a round-about-way that TSA is also including to exclude from full screening many CIA officers. Wired.com reports that TSA signed an agreement with the Director of National Intelligence in February to include members of the intelligence community in “pre check.” Again, kind of a no brainer.

    A Bit of Black Ops in Passports?

    Quite intriguingly, TSA chief John Pistole explained that membership in the special pre-check program is acknowledged when one uses his/her passport as ID. “The beauty of it from my perspective is that the information that the person is a known and trusted traveler is embedded in a bar code in the passport. And it doesn’t distinguish between a member of the intel community or a frequent flier. So the security officer at the checkpoint doesn’t know whoever you are.”

    Passport barcodes are in the back of the booklet and are tied to the physical booklet itself, not the traveler who is issued that booklet. US passports issued after 2007 contain an RFID chip which holds information about the traveler, including all the bio info from the passport and the photo. TSA does not scan or read the passport barcodes when you pass through the airport. They do scan the passport info encoded in plain letters and numbers, and can/do read the RFID chip. It would be interesting to know exactly what database TSA refers this info to to determine who is and who is not a pre-check qualified traveler. That database would have to be largely unclassified, as it would not do to have a handy list of all CIA officers (we hope), just a list of passport numbers and a go/no go code.

    Whither State?

    The justification for including CIA officers as a group in the pre-check program makes sense. As a group they all hold at least Top Secret clearances and are well-known to the government. If you are not ready to trust them to leave their shoes on going through the airport you probably should not trust them to hunt terrorists, operate killer drones and all that. Kind of a no brainer.

    But what about State Department Foreign Service Officers as a group? They are not in the pre-check program. As a group they all hold at least Top Secret clearances and are well-known to the government. If you are not ready to trust them to meet with foreign governments, reconstruct Iraq, Afghanistan and Haiti, why trust them to leave their shoes on going through the airport?

    Ironically, it is the State Department who issues the passports others can use as tickets to faster security processing. Maybe there’s a way State can spoof the passports to get their people included?

    Permission to ease through TSA security has been under discussion inside State for a long time. State’s internal “ideas marketplace,” the Sounding Board, has had a thread on this topic since 2010, with over 140 entries. Yet not a word there or anywhere else on why State’s diplomats are not trusted by TSA. State Department employees coming from overseas were initially excluded from airline discount programs for pets, originally offered only to the military. State had to fight its way into that program, largely through its employee association, AFSA’s, efforts. It is always “People First” at State.

    Bonus for State Department people: It appears State has been part of some inter-agency working group “looking into this” since at least March 2012, with the boffo results above. I contacted AFSA, who tells me they have raised and continue to pursue this very issue with management.

    Related Articles:

    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Biden, Democracy, Trump

    Here’s How It Works: An Open Appeal for Reason and Free Speech

    October 19, 2011 // 5 Comments »

    When you offend the State Department by exercising free speech, albeit speech that is unkind to the Department, here’s what they do:

    1) State will take a blog link, to something already on the web, and pretend it is a “disclosure.” They will ignore the reality that several media sources already wrote about the link. They will ignore the fact that al Qaeda can read the document online. They alone determine what is a disclosure within their closed world. They won’t care of their accusations actually drive thousands more people to look at the link. It is not about the link, it is about YOU.

    2) State will then accuse you publicly, without giving you a means to defend yourself, of publishing more classified material. Unless some third party shows you the fax, you won’t even know State made the accusations behind your back. You’ll be held responsible for not complying with an order you never received.

    3) State will then take their own self-created accusation(s) and use them as “evidence” to suspend your security clearance, effectively torpedoing your career. They’ll suspend, rather than revoke the clearance, because a suspension can’t be challenged, questioned or appealed. They simply label you a security risk… and you are one.

    4) State then uses the lack of a security clearance to take away your job.

    5) Circle is complete. Sleep well America. You are safe now.

    For those too busy to click on the link in item Number 3, above, here is the money paragraph State is using as justification:

    DS/SI/PSS has been notified that you have shown an unwillingness to comply with Department rules and regulations regarding writing and speaking on matters of official concern, including by publishing articles and blog posts on such matters without submitting them to the Department for review, and that your judgement in the handling of protected information is questionable. This raises serious security concerns…

    Note the word “and” hilighted in the passage. An “and” statement is used traditionally to link two logical operations, A and B make C true. How does blogging and writing about unclassified information logically link to “your judgement in the handling of protected information is questionable.” Trick question– it does not.

    People in the government with access to classified information, like me for the past two decades, routinely process class and unclass info differently. As in “I’m in a secure space with another cleared person, I can talk about XYZ.” Or, “I am at a dinner party with strangers, I will not bring up classified info.” You get used to it in our line of work.

    The usual thing Diplomatic Security does with someone who has had a clearance for two decades is look to their handling of classified material; there is a track record to assess. Any close calls? Any questionable incidents? (Nope, clean record since 1988.) Next, they look to life circumstances that may have changed– a recent divorce (no, happily married for 24 years), huge debts (nope, just a mortgage), sudden interest in hanging around the Chinese Embassy (nah, prefer a good sports bar).

    What is not done is look at someone’s simple expression of free speech, all clearly unclassified, and extrapolate from that to say suddenly that person cannot be trusted. I wrote the book 14 months ago, have been blogging since April, was first interrogated on September 1 and only today those actions added up to insecurity.

    That is what makes this unfair, twisting things around, hiding behind security procedures, to piss on someone you don’t like. Ain’t right, just ain’t right.

    Related Articles:

    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Biden, Democracy, Trump