fbi – Techdirt (original) (raw)

National Guard Troops Sent To California By Trump Are Just Out There Doing Drug Busts

from the abandoning-the-pretense dept

Martial law? Police state? These are just things the alleged Leader of Free World wants, rather than things a nation founded on rejecting these options should be in the process of instituting. And yet, here we are, barely six months into Trump’s return to office, staring down the barrel of both of these related horrors.

If it looks like fascism, it’s probably not intentional. Trump simply isn’t smart enough to implement the real thing. But he does like authoritarianism, which looks a lot like fascism, because he’s always felt a president should be treated like a king — someone who answers to no one, not even his 340 million employers.

Trump tested the waters on martial law during his last term, threatening to send troops out to handle George Floyd protests. This time around, he’s amped everything up, openly hoping to turn every “Democrat” city into Kent State.

Legally, he’s not allowed to do this. But his administration is relying on some vagueness in the law to get around the long-standing prohibition of sending in the army (so to speak) to police the populace. So, we get the sort of thing we’ve seen recently, where a Los Angeles swap meet was treated like an open-air market in some Middle Eastern country we’re currently at (undeclared) war with.

The National Guard troops sent to Los Angeles are presumably still working without pay and/or beds, but that isn’t stopping them from blending in with federal law enforcement to aid and abet actual law enforcement work. First reported by CBS, a combined force of more than 500 federal officers and National Guard troops walked away from the ICE raids and the protection of federal property to perform a bog standard drug bust. Nicholas Slayton has more details for Task and Purpose, a military-oriented publication:

California National Guard soldiers operating under federal orders helped the Drug Enforcement Administration and other federal personnel carry out a raid on a large marijuana growth operation in the eastern Coachella Valley last week, 130 miles from downtown Los Angeles.

It’s unclear how many National Guard troops participated in the operation, but the force totalled roughly 500 people. According to the DEA, other agencies included Customs and Border Patrol, Bureau of Alcohol, Tobacco, Firearms and Explosives, Immigration and Custom Enforcement and the Federal Bureau of Investigation.

While this commandeering of California National Guard troops may have originally been for the unstated purpose of pushing back against anti-ICE protests, now that they’re here, the administration has decided to just use them for whatever. This raid of multiple marijuana farms occurred more than 100 miles away from the boundaries of Los Angeles County and even further away from the location these troops were originally sent: downtown Los Angeles.

According to Trump’s military, everything about this is good and fine and nothing to be concerned about. After all, the law says the military can help federal cops, even if it (supposedly) prevents them from doing actual cop work. That’s the Title 10 vagueness the military is relying on when it serves up statements like this”

“The catalyst of this order was related to events occurring in Los Angeles; however, the president’s order and NORTHCOM’s mission is not constrained by the geography of Southern California. Recently, Title 10 forces supported a Drug Enforcement Agency operation a few hours outside of Los Angeles. Title 10 forces protect federal personnel who are performing federal law enforcement functions…”

Hence the military-provided shots of alleged National Guard troops allegedly manning the perimeter of the places being raided. And, also hence, the narrative no one can definitively dispute because — despite the National Guard embedding with federal law enforcement agencies — no journalists are being allowed to embed with military-esque operations occurring within the borders of the United States.

Of course, we’ve already seen Marines detain people for the purpose of handing them over to law enforcement. And we’ve seen National Guard troops swarm a swap meet like they’re looking for terrorists in a foreign country, rather than just anyone looking kind of Hispanic who might not have the proper paperwork on them.

The more things like this occur, the more easily many people will just come to accept this is the way the United States operates now. Many of them will cheer on these efforts, failing to recognize the abuse of these powers may, at some point, target them. But for the rest of us, this shouldn’t be allowed to pass without notice. Trump may be a blowhard and an idiot, but he’s surrounded by people who truly desire an opportunity to perform a hard reset on democracy and its principles, replacing it with jackboot heels, racism, fascism, and — eventually — a return of the British Empire, this time wrapped in an American flag.

Filed Under: cbp, dea, dhs, donald trump, drug raid, fbi, ice, los angeles, martial law, mass deportation, national guard, police state

FBI Arrests Wisconsin Judge For Allegedly Obstructing The Arrest Of An Undocumented Immigrant

from the might-makes-far-right dept

Oh hooray. Another part of our new normal under Trump 2.0. Here’s the Milwaukee Journal-Sentinel with the gory details:

Milwaukee County Circuit Judge Hannah Dugan was charged April 25 with two felonies on allegations of trying to help an undocumented immigrant avoid arrest after he appeared in her courtroom.

According to a 13-page complaint, Dugan, 65, is accused of obstructing a U.S. agency and concealing an individual to prevent an arrest. The two charges carry a maximum penalty of six years in prison and a $350,000 fine, but sentences in cases involving nonviolent offenses typically are much shorter.

Arresting a judge is an extremely rare occurrence. If it does happen, it usually follows months of investigation and massive amounts of evidence of criminal activity. In this case, it took less than a week and mostly hinges on the statements of a single court deputy and the allegations of federal officers who were free to assume the worst about the few things they did manage to witness first-hand. On top of that, the arrest was made at the courthouse, as though the judge posed some sort of a flight risk if she wasn’t apprehended in public at her place of government employment.

All very shitty. And all too familiar. There’s some precedent for this. Guess when that happened.

A Massachusetts judge who allegedly gave a “reasonable impression” that she was allowing an immigrant to evade federal custody was “less than fully candid” when asked about the incident, according to an ethics complaint filed Monday.

The judge, Judge Shelley M. Richmond Joseph of Massachusetts, is accused of willful misconduct in the ethics complaint.

[…]

Joseph had once faced federal charges of conspiracy to obstruct justice over the April 2018 incident in the Newton, Massachusetts, courthouse.

Prosecutors had alleged that Joseph allowed Medina-Perez to go downstairs to the lockup, supposedly to retrieve property. The immigrant was then allowed to leave through a back door by a court officer. The charges were dropped in September 2022 after Joseph agreed to report herself to the Massachusetts Commission on Judicial Conduct.

[Strokes chin thoughtfully] What could be the details that connect these two anomalies? What indeed. Allegedly helping an immigrant avoid interloping federal officers looking to make their jobs easier by poaching people outside courtrooms following court appearances? Check. President Trump in office? Check.

As noted in the above report, the felony obstruction charges were dropped and replaced with an ethics complaint. We’ll have to wait and see how this one goes, but so far, Trump Administration officials are treating it like a law and order win. The head of the FBI, Kash Patel, tweeted, de-tweeted, and tweeted again about how proud he was his agency was right there to bring an obstructionist judge to heel. Attorney General Pam Bondi confirmed this report on xTwitter, pretending this was just good government business, rather than the KGB-esque removal of, shall we say, a competing viewpoint in the marketplace of mass deportation ideas.

There’s a 13-page charging document [PDF] written by FBI Special Agent Lindsay Schloemer that portrays this as some sort of criminal conspiracy, rather than just a sympathetic judge being unwilling to let federal agents use her court as some sort of temporary holding cell for immigration arrests. It’s all written in accordance with the FBI Charging Document Style Guide — something capable of portraying someone pointing someone to an alternate exit as the equivalent to being the driver in a bank robbery getaway car.

But before we dip into that a bit, I must highlight one of most hilarious “training and experience” assertions I’ve ever seen in a warrant affidavit:

I am a Special Agent of the Federal Bureau of Investigation (“FBI”) and have been so employed since 2014. I am currently assigned to the Milwaukee Field Office. As such, I am an investigative or law enforcement agent of the United States authorized under Title 18, United States Code, Section 3052, that is, an officer of the United States who is empowered by law to conduct investigations, to make arrests, and to collect evidence for various violations of federal law. I am also a Certified Public Accountant (“CPA”) and worked as a CPA for seven years before my employment with the FBI.

Nice. Useless in this specific situation, but one should always have a fall-back career. Apparently, arresting judges is the agent’s fall-back career, because Schloemer goes on to point out their white collar crime bona fides before getting around to justifying the arrest of a county judge just because federal agents (including a DEA agent because that’s what we’re doing these days) were forced to run an extra 50-100 feet to apprehend Eduardo Flores-Ruiz, whose main evasive effort was (and this is all in the charging document!) using an elevator that was further away than the one federal agents assumed made more sense to use. I am not kidding.

After leaving the Chief Judge’s vestibule and returning to the public hallway, DEA Agent A reported that Flores-Ruiz and his attorney were in the public hallway. DEA Agent B also observed Flores-Ruiz and his attorney in the hallway near Courtroom 615 and noted that Flores. Ruiz was looking around the hallway. From different vantage points, both agents observed Flores- Ruiz and his counsel walk briskly towards the elevator bank on the south end of the sixth floor. | am familiar with the layout of the sixth floor of the courthouse and know that the south elevators are not the closest elevators to Courtroom 615, and therefore it appears that Flores-Ruiz and his counsel elected not to use the closest elevator bank to Courtroom 615.

Whatever. It really doesn’t matter. The allegations claim the judge diverted officers, ushered Flores-Ruiz out through the jury exit, and otherwise tried to impede this arrest. The chief judge also seemed a little concerned about the swarm of federal officers trying to poach exiting court attendees and expressed a desire to formalize where in the courthouse it was appropriate to make these arrests. In the end, the agents were momentarily inconvenienced.

Even if all of claims are factual, the FBI had several options to use, including the one that left it up to the DOJ to file an ethics complaint, rather than expedite a felony complaint against a judge — an action that’s just as inexcusable as it was back in 2018. But this administration is dead set on proving to everyone it will go after anyone and anything that even momentarily halts the progress of its fascist designs. And in doing so, it’s adding yet another black eye to US history, one it can only hope it remains in power long enough to retcon.

Filed Under: dea, doj, fbi, hannah dugan, ice, immigration, kash patel, milwaukee county, pam bondi, wisconsin

FBI Shifts Resources From Tracking The Terrorists Trump Likes To Pitching In With Anti-Immigration Efforts

from the federal-bureau-of-insurrectionists dept

Be the “deep state” you want to see in the world. That’s the new FBI under conspiracy theorist/Trump acolyte Kash Patel’s “leadership.” Instead of being the Federal Bureau of Investigation, it will become the Federal Bureau of Investigating People Trump Doesn’t Like. I wouldn’t be too surprised to hear journalists are getting their phone records seized again, something that happened the last time Trump was in charge of the country.

The latest twist in the ongoing enshittification of the federal government under Trump is this: the FBI won’t be spending nearly as much time investigating domestic terrorism, most likely because most domestic terrorists are the kind of people Trump will immediately pardon if they’re convicted. Here’s the latest bad news, reported by Andrew Goudsward and Sarah Lynch for Reuters.

The FBI has cut staffing in an office focused on domestic terrorism and has scrapped a tool used to track such investigations, in a shift that could undermine law enforcement’s ability to counter white supremacists and anti-government extremists, according to sources familiar with the matter.

The moves, sources said, are an indication that domestic terrorism investigations, which in recent years have largely involved violence fueled by right-wing ideologies, may be less of a priority under FBI Director Kash Patel, a prominent critic of the effort.

Well, you can strike the word “may” from that sentence and replace it with “will.” If Donald Trump thinks no one involved in the January 6, 2021 raid of the Capitol building should ever have been charged, much less jailed, it’s safe to assume he and Patel agree there’s no reason to go after terrorists who support Trump and his ideals.

Right now it’s a trickle, but it may become a flood if Trump and Patel can convince the rest of the FBI leadership that this is the way to go. (Or fire enough of the current leadership that there’s no longer any measurable objection.)

Two sources familiar with the changes said about 16 people had been reassigned from the section, which would have hundreds of employees if fully staffed. A different source said senior FBI officials have discussed disbanding it entirely, though a final decision has not yet been announced.

A department that was already likely understaffed (and definitely undermined by far too many Trump loyalists within the Bureau) is going to lose more resources. But those being reassigned have to go somewhere, so guess where they’re likely headed:

The Trump administration has separately directed the FBI’s Joint Terrorism Task Forces, which investigate domestic and international terrorist threats, to assist in President Donald Trump’s immigration crackdown, according to a memo seen by Reuters.

I guess having the DHS, ICE, CBP, Border Patrol, US National Guard, and dozens of overly compliant local law enforcement agencies focused on border security and mass expulsions just isn’t enough. From now on, the FBI will also be helping Trump achieve his goal of converting bigotry into nice round numbers that will ensure steady salivation from the frothiest of his followers.

But Trump and Patel may have pulled the trigger on domestic terrorism cuts a bit too soon. After all, there’s a new brand of domestic terrorism Trump is particularly hot and bothered about: a nationwide wave of disdain targeting Elon Musk, Tesla owners, and Tesla dealerships. While most of the activity has been non-violent (even when it crosses the line into harassment), some of it has not. If nothing else, there are probably a few vandalism and arson cases to be pursued, but that’s not the sort of thing that usually involves the FBI.

However, Trump considers these acts to be “domestic terrorism,” and wants the full force of the law applied against people who vandalize Tesla dealerships — going so far as to suggest these specific criminals should be rerouted to El Salvadorian prisons. With this “threat” still present, it might make a bit more sense to keep the domestic terrorism group intact. I mean, unless Trump really doesn’t believe his own heated rhetoric about Tesla and terrorism, which is just as likely an explanation as anything.

Either way, the FBI will no longer be investigating the sort of terrorism that routinely involves Trump supporters. Kash Patel and Trump have deliberately created a bug and are touting it as a feature. And for all their blowharding about “politicizing the FBI” when complaining about Biden and Obama, they seem perfectly fine with weaponizing federal agencies against their political and ideological enemies when they’re holding the keys to the government Cabinet.

Filed Under: domestic terrorism, donald trump, fbi, immigration, kash patel, white nationalists
Companies: tesla

Musk’s Big Accomplishment This Weekend Was Apparently Throwing The Entire Federal Government Into Chaos

from the the-worst-boss-ever dept

Look, there are different ways to manage people. You could, for instance, have regular performance reviews, set clear expectations, and provide constructive feedback. Or… you could send an email late on a Saturday to the entirety of the federal government workforce (even those outside the executive branch) demanding that everyone list five things they did last week, while simultaneously tweeting that anyone who doesn’t respond will be fired.

The latter is what happened this weekend when federal employees received this email:

What did you do last week?

Please reply to this email with approx. 5 bullets of what you accomplished last week and cc your manager.

Please do not send any classified information, links, or attachments.

Deadline is this Monday at 11:59pmEST.

Now, you might think this is just another story about Elon Musk’s catastrophically bad management style. (And it is!) But it’s actually much, much dumber than that.

It was sent on Saturday. And Elon Musk is taking credit for it, even though the Trump administration last week stated in court that Musk has no authority other than to advise the President, and has no official role with DOGE. Even more bizarre, Musk claimed on ExTwitter that anyone who failed to reply to the email by Monday night would have that failure to respond be taken as a resignation.

There are several problems here. Well, actually there are about fifty problems here, but let’s start with the obvious ones:

  1. The email doesn’t mention anything about resignations. That part came in a separate tweet, because apparently that’s how the federal government works now. (If you’re a federal employee who doesn’t obsessively follow Elon Musk on ExTwitter, I guess you just… accidentally resign? Maybe?)
  2. The federal government is, how do I put this, kind of big? Some federal employees are on maternity leave. Some are on vacation. Some are in submarines deep under the ocean where checking email would literally compromise national security. (I assume Musk would count “maintaining radio silence to avoid detection by foreign adversaries” as one of your five accomplishments for the week, but who knows?)

If this all feels familiar, it’s because we’ve seen this movie before: Musk pulled exactly the same stunt when he took over Twitter, right before destroying about 80% of that company’s value. (You would think he’d recognize how badly that has gone and think that maybe a different approach is needed, but not Elon Musk!)

Furthermore, the email went to all federal employees, including many who are not a part of the executive branch. There are multiple reports of clerks and judges in the judicial branch receiving it as well. And while we’re still waiting to see the courts sort out if Musk has authority over the executive branch (he likely does not), he absolutely does not have authority over the judicial branch.

Now, you might wonder what possible justification there could be for this bizarre demand. Well! According to Musk (who, remember, suffers from the most ridiculous level of troll-fueled confirmation bias we’ve ever seen) this is just a simple test to make sure federal employees are checking their email. Because apparently the biggest problem facing the federal government is… insufficient inbox monitoring?

There are a few problems with this theory:

  1. Some federal employees literally can’t check email (see: aforementioned submarine crews)
  2. Some federal employees shouldn’t check email (see: anyone handling classified information on secure systems)
  3. Some federal employees don’t need to check email on weekends (see: basically everyone else)

But the real kicker is what Musk’s defenders are saying.

The argument goes something like this: “Actually, this is totally normal! Companies do this all the time!” Which… no? Look, I’ve worked in and around plenty of companies, and yes, you typically have regular performance reviews. You might even have weekly check-ins with your manager. But there’s a slight difference between “scheduled performance review with your direct supervisor” and “surprise email from someone who may or may not have authority over you demanding immediate justification for your existence.” (The difference is that one is management and the other is performative chaos.)

That’s just being an asshole with too much power.

Also, because these are federal government emails, they’re subject to the Freedom of Information Act, which means reporters are already lining up to request copies of all the responses. I suspect we’ll soon have a fascinating database of federal employees explaining their jobs to… well, to no one in particular, since Musk doesn’t actually have any actual authority here.

Not surprisingly to most people, but apparently surprising to Musk, it turns out that various federal agencies have opinions about their employees sending detailed work descriptions to random email addresses. And those opinions are mostly variations on “please don’t do that.”

The FBI, for instance, whose new director Kash Patel (in theory a Musk ally, mind you) seems particularly annoyed:

Then there’s Tulsi Gabbard, the new Director of National Intelligence (and, again, typically a Musk ally), who had to explain something that really shouldn’t need explaining: “Given the inherently sensitive and classified nature of our work, I.C. employees should not respond to the OPM email.” (Translation: “Please don’t send classified intelligence work details to a random email address, even if Elon Musk asks nicely.”)

The Defense Department, meanwhile, sent out what might be the most diplomatically worded “absolutely not” in recent memory. From their memo:

“DoD personnel may have received an email from OPM requesting information. The Department of Defense is responsible for reviewing the performance of its personnel and it will conduct any review in accordance with its own procedures,” Selnick wrote. “When and if required, the Department will coordinate responses to the email you have received from OPM. For now, please pause any response to the OPM email titled, ‘What did you do last week.’”

The Administrative Office of the Courts, which is run by John Roberts, sent out a mealy-mouthed email to the judicial branch recommending not responding: “this email did not originate from the judiciary or the administrative office and we suggest that no action be taken.” Roberts could have taken a stand and noted that the executive branch has no authority whatsoever here, but I guess he’ll have an opportunity to do that in court before long.

The State Department and Homeland Security both also told employees not to respond. Though CISA, which is a part of Homeland Security, first told employees to obey the email. That kind of confusion is happening elsewhere as well:

Other departments gave conflicting guidance. The Department of Health and Human Services told its employees on Sunday morning to follow the directive. An hour later, an email from the Trump-appointed acting director of the National Institutes of Health, a subordinate agency, told employees to hold off on responding. Hours later, the health department told all employees to “pause” responses to the ultimatum.

According to the AP, the situation with HHS is even more absurd, with the acting General Counsel calling the whole thing insulting:

One message on Sunday morning from the Department of Health and Human Services, led by Robert F. Kennedy Jr., instructed its roughly 80,000 employees to comply. That was shortly after the acting general counsel, Sean Keveney, had instructed some not to. And by Sunday evening, agency leadership issued new instructions that employees should “pause activities” related to the request until noon on Monday.

“I’ll be candid with you. Having put in over 70 hours of work last week advancing Administration’s priorities, I was personally insulted to receive the below email,” Keveney said in an email viewed by The Associated Press that acknowledged a broad sense of “uncertainty and stress” within the agency.

Keveney laid out security concerns and pointed out some of the work done by the agency’s employees may be protected by attorney-client privilege: “I have received no assurances that there are appropriate protections in place to safeguard responses to this email.”

Look, even if you were somehow convinced this was a good idea (it’s not) and that demanding work summaries via surprise weekend email is totally normal corporate behavior (it really, really isn’t), you’d still have to marvel at the sheer incompetence of the implementation. All this is doing is generating a shit ton of confusion across the entirety of the federal government.

That doesn’t seem very useful for “efficiency.”

And then there’s Ed Martin, the US Attorney for DC (who, you might remember, we just last week discussed as spectacularly incompetent), who sent what might be the most confusing “clarification” email in federal government history:

“Let me clarify: We will comply with this OPM request whether by replying or deciding not to reply.”

Well! That certainly clears things up. (For those keeping score at home, Martin is saying they will comply by either… doing the thing or not doing the thing. Which is technically true and also technically useless.)

But wait, there’s more! Because Elon (who, remember, is supposedly just an advisor with no actual authority) didn’t take kindly to the Pentagon’s “please ignore this” memo. His response? To threaten to fire the person who wrote the Pentagon’s memo. Yes, the person with no authority is threatening to fire people at the Pentagon for not recognizing his non-existent authority. It’s like a fractal of nonsense.

Meanwhile, Musk has been gleefully mocking anyone pushing back on this demand, insisting that people are only upset because they can’t come up with five things they did last week. Which is… not the point. At all.

Let’s be clear about this (in “five bullets”):

  1. Everyone can list five things they did last week
  2. The issue isn’t the difficulty of the task
  3. The issue is being asked to justify your existence via a pointless busywork exercise to someone with no authority over you
  4. …via a weekend email
  5. …that threatens termination in a separate tweet

But Musk wasn’t done yet. Because his solution to this manufactured crisis is… wait for it… to use his own proprietary AI chatbot to generate fake responses. Yes, you read that right. Musk sent Trump a screenshot of someone (possibly himself) asking Grok (his own AI) to make up fake accomplishments for such an email reply, which Trump then posted to Truth Social, which Musk then reposted to ExTwitter as proof of how “easy” this all is.

So to summarize: The person demanding accountability from federal workers is actively encouraging them to use AI bullshit generators to create fake responses. And not just any AI — his AI specifically. (Nothing says “government efficiency” quite like using a private company’s AI to generate fake work reports for that same private company’s CEO who has no actual government authority but pretends he does.)

It also suggests a disturbing comfort with using AI to generate artificial accountability rather than pursuing any kind of meaningful government oversight (in case you were one of the three rubes left in the country who still believes that’s what Musk is doing). The fact that neither Musk nor Trump seem concerned about the security implications of federal employees feeding their work details into private commercial AI systems is particularly alarming.

There are a whole host of problems with all of this, but mainly, it’s just fucking stupid.

And, as the HHS GC pointed out, it’s insulting. Many others felt the same way:

Kelley said in the letter that the union has “received numerous reports from dedicated civil servants, including those who care for our veterans and safeguard our nation, expressing frustration over the email’s tone and intent. Rather than fostering professionalism and respect for their work, this hastily written email left many feeling undervalued and intimidated.”

And even Republicans are having trouble defending this one.

Senator Lisa Murkowski, Republican of Alaska, also criticized Mr. Musk’s order.

“Our public workforce deserves to be treated with dignity and respect for the unheralded jobs they perform,” she wrote in a statement on social media. “The absurd weekend email to justify their existence wasn’t it.”

The whole thing is an exercise in dickishness for the sake of dickishness. But beyond the obvious management failures, this episode raises serious concerns about data security and privacy. The combination of FOIA-able responses, encouraged use of commercial AI systems, and the broad scope of affected agencies creates a perfect storm of potential security risks. Federal employees’ work details could be exposed in ways that compromise ongoing operations, especially in sensitive areas like national security and law enforcement. It’s yet another example of how tech-bro solutions to imagined problems often create very real security vulnerabilities.

Of course, Musk fans will cheer it on, insisting that the federal workforce deserves to be treated like shit, even as this will impact many people who actually supported Trump and Musk. The entire attitude is “if you’re not part of the inner circle, you’re worthless.”

It’s obnoxious. And it’s designed to demoralize workers on purpose. The assumption that all federal employees are a waste is such a stupid, ignorant position. But it’s clearly how Musk is treating everyone who works for the government.

Filed Under: accomplishments, dhs, dod, elon musk, fbi, federal government, hhs, opm

US Gov’t Again Hacks Thousands Of Computers To Thwart Foreign Gov’t Hackers Who Hacked Thousands Of Computers

from the nothing-to-worry-about-here dept

It’s not the first time. It certainly won’t be the last. But every time, we’re expected to hang back and assume the FBI is on the right side of history.

Something the FBI has tried a couple of times previously is back in the news: the remote access of thousands of computers containing foreign spyware for the purpose of dismantling botnets and/or thwarting foreign access to US-based devices.

The first attempt was made more than a half-decade ago, right after federal law (specifically Rule 41) was altered to allow the feds to ignore jurisdictional limitations when crafting warrants. This issue presented itself during the FBI’s “Playpen” investigation — one in which it took over a server hosting CSAM and kept it running while it deployed its remote access tool to visitors’ computers, forcing their devices to give up identifying info, including where these devices might be located (IP addresses, in other words).

A single warrant obtained in Virginia resulted in the FBI accessing computers all over the nation (and all over the world). While this raised constitutional questions, most courts were fine with this because, well, the defendants were just people facing CSAM-related charges. The Rule 41 alterations codified the FBI’s previous abuse of the legal process.

Now, with a single warrant, the FBI can access computers anywhere in the US. Which it has. Multiple times. The incidents the FBI actually wants to talk about publicly involve rooting out botnets and thwarting malware deployed by hostile state actors. In addition to nuking malware servers, the warrants also allowed FBI agents to pull identifying information from targeted users, including IP addresses and routing info, supposedly for the sole reason of confirming the infections had been removed and the targeted computers were no longer communicating with malware “administrators.”

It has happened again, as Emma Roth reports for The Verge:

The FBI hacked about 4,200 computers across the US as part of an operation to find and delete PlugX, a malware used by state-backed hackers in China to steal information from victims, the Department of Justice announced on Tuesday.

In an unsealed affidavit, the FBI says the China-based hacking group known by the monikers “Mustang Panda” and “Twill Typhoon” used PlugX to infect thousands of Windows computers in the US, Asia, and Europe since at least 2012. The malware, which infects computers through their USB ports, operates in the background while allowing hackers to “remotely access and execute commands” on victims’ computers.

It worked like this. The FBI gained access to the command-and-control server, obtained a list of IP addresses of infected computers, and sent its own command to those devices to end the malware’s operation and delete the malware when the operation was finished. As in the earlier cases, users whose computers were accessed remotely by the FBI were not notified of this action.

All’s well that ends well, I guess. But we perhaps should offer only the most cautious of applause for this anti-malware action. While it’s nice to see power used for good, the underlying problem is that the FBI has both the power and permission to access an unlimited number of computers using a single warrant obtained in whatever jurisdiction the agency feels might be most receptive to its overtures. I’m not saying the FBI will abuse these powers. But I am saying that having these powers at your disposal, untethered from anything one might call rigorous oversight, is definitely an open invitation to abuse.

And while the DOJ is more than happy to talk about G-men performing virtual raids to rid citizens’ computers of unwanted spyware, it’s pretty much guaranteed the moment the FBI does something a bit more questionable, it will take a ton of litigation to force the DOJ to divulge details on operations that don’t reflexively lead to self-congratulatory press releases.

Filed Under: botnets, doj, fbi, malware, remote installs, warrant

Federal Court: FBI’s Backdoor Searches Of Section 702 Collections Violate The 4th Amendment

from the stay-tuned-for-the-Supreme-Court-flip dept

It’s a grind. But it’s been worth it. Last week, the court that’s been handling Agron Hasbajrami’s case for nearly a decade finally said what plenty of people have been saving for nearly as long: the FBI’s warrantless searches of NSA collections to target US persons’ communications and data violates the Constitution. Here’s Andrew Crocker and Matthew Guariglia of the EFF, detailing the lengthy background of this case (and this win) in a couple of concise paragraphs:

Better late than never: last night a federal district court held that backdoor searches of databases full of Americans’ private communications collected under Section 702 ordinarily require a warrant. The landmark ruling comes in a criminal case, United States v. Hasbajrami, after more than a decade of litigation, and over four years since the Second Circuit Court of Appeals found that backdoor searches constitute “separate Fourth Amendment events” and directed the district court to determine a warrant was required. Now, that has been officially decreed.

[…]

This decision sheds light on the government’s liberal use of what is essential a “finders keepers” rule regarding your communication data. As a legal authority, FISA Section 702 allows the intelligence community to collect a massive amount of communications data from overseas in the name of “national security.” But, in cases where one side of that conversation is a person on US soil, that data is still collected and retained in large databases searchable by federal law enforcement. Because the US-side of these communications is already collected and just sitting there, the government has claimed that law enforcement agencies do not need a warrant to sift through them. EFF argued for over a decade that this is unconstitutional, and now a federal court agrees with us.

It’s been five years since the Second Circuit Appeals Court ruled — albeit not all that convincingly — that some backdoor searches of Section 702 collections might violate the Fourth Amendment. Five years later, the lower court has applied this limited guidance to arrive at the conclusion [PDF] the Appeals Court strongly hinted at: backdoor searches targeting US persons require the use of a warrant.

The court says none of the warrant exceptions apply to backdoor searches, at least not in this case. And the government cannot hope to dodge warrant requirements by claiming the search resulting in the NSA’s collection isn’t actually the FBI’s search, since all it searches is data and communications already obtained by another government agency.

[T]he Second Circuit acknowledged the unique nature of querying, compared to Section 702 surveillance because the information queried is already in the government’s possession. As the Second Circuit observed: “[s]torage has litt_l_e significance in its own right.” In other words, the government cannot circumvent application of the warrant requirement simply because queried information is already collected and held by the government.

The FBI also cannot use built-in procedures meant to minimize interception of US persons’ communications as a justification for warrantless searches. That the NSA has to examine its collections to minimize stockpiles of US persons’ data doesn’t mean it’s ok for the FBI to do basically the same thing, but with the explicit intent of warrantlessly accessing US persons’ information.

By arguing that compulsory review of Section 702-acquired communications justifies later review of even a subset of those communications, the Government seeks to use minimization procedures to bootstrap access to communications of United States citizens for whom the procedures are designed to protect. This argument is akin to claiming that law enforcement can access privileged communications reviewed by a filter team because government employees laid eyes on the privileged communications at some point in the process. The argument makes no more sense in that context than it does here.

The minimization procedures are there to limit incidental collection of domestic communications. That alone strongly suggests the NSA cares more about the Fourth Amendment than the FBI does. That the FBI has decided to twist these protections into something it can use to avoid seeking warrants just makes it all the more obvious why warrants should be required for these searches.

While communications of U.S. persons may nonetheless be intercepted, incidentally or inadvertently, it would be paradoxical to permit warrantless searches of the same information that Section 702 is specifically designed to avoid collecting. To countenance this practice would convert Section 702 into precisely what Defendant has labeled it—a tool for law enforcement to run “backdoor searches” that circumvent the Fourth Amendment.

And if that’s not convincing enough, there’s this bit of bench-slapping:

If you can’t see the embed, it’s two fully redacted paragraphs that close with this sentence:

The Government’s opposition is rife with similarly vague and unsupported notions.

Yes, there’s a lot that’s been redacted but the end result is out there in plain English, free of redactions: the FBI needs warrants to search Section 702 collections. The good faith exception applies to this case, which means it won’t do much for the defendant, who was arrested in 2011 for alleged material support for terrorism. But it does apply going forward, for the time being. The government will certainly appeal this ruling. And it might take an act of Congress to actually make warrant requirements permanent. Even if this turns out to be temporary, it’s still significant. And hopefully the law laid down here will be utilized by others facing similar circumstances.

Filed Under: 4th amendment, backdoor searches, fbi, fisa, nsa, section 702, surveillance
Companies: eff

Phone Metadata Suddenly Not So ‘Harmless’ When It’s The FBI’s Data Being Harvested

from the turntabled dept

The government’s next-best argument (after “Third Party Doctrine yo!”) in support of its bulk collection of US persons’ phone metadata via the (now partly-dead) Section 215 surveillance program was this: hey, it’s just metadata. How harmful could it be? (And if it’s of so little use to the NSA/FBI/others, how is it possible we’re using it to literally kill people?)

While trying to fend off attacks on Section 215 collections (most of which are governed [in the loosest sense of the word] by the Third Party Doctrine), the NSA and its domestic-facing remora, the FBI, insisted collecting and storing massive amounts of phone metadata was no more a constitutional violation than it was a privacy violation.

Suddenly — thanks to the ongoing, massive compromising of major US telecom firms by Chinese state-sanctioned hackers — the FBI is getting hot and bothered about the bulk collection of its own phone metadata by (gasp!) a government agency. (h/t Kevin Collier on Bluesky)

FBI leaders have warned that they believe hackers who broke into AT&T Inc.’s system last year stole months of their agents’ call and text logs, setting off a race within the bureau to protect the identities of confidential informants, a document reviewed by Bloomberg News shows.

[…]

The data was believed to include agents’ mobile phone numbers and the numbers with which they called and texted, the document shows. Records for calls and texts that weren’t on the AT&T network, such as through encrypted messaging apps, weren’t part of the stolen data.

The agency (quite correctly!) believes the metadata could be used to identify agents, as well as their contacts and confidential sources. Of course it can. That’s why the NSA liked gathering it. And that’s why the FBI liked collections it didn’t need a warrant to access. (But let’s not pretend this data was “stolen.” It was duplicated and exfiltrated, but AT&T isn’t suddenly missing thousands of records generated by FBI agents and their contacts.)

The issue, of course, is that the Intelligence Community consistently downplayed this exact aspect of the bulk collection, claiming it was no more intrusive than scanning every piece of domestic mail (!) or harvesting millions of credit card records just because the Fourth Amendment (as interpreted by the Supreme Court) doesn’t say the government can’t.

There are real risks to real people who are affected by hacks like these. The same thing applies when the US government does it. It’s not just a bunch of data that’s mostly useless. Harvesting metadata in bulk allows the US government to do the same thing Chinese hackers are doing with it: identifying individuals, sussing out their personal networks, and building from that to turn numbers into adversarial actions — whether it’s the arrest of suspected terrorists or the further compromising of US government agents by hostile foreign forces.

The takeaway isn’t the inherent irony. It’s that the FBI and NSA spent years pretending the fears expressed by activists and legislators were overblown. Officials repeatedly claimed the information was of almost zero utility, despite mounting several efforts to protect this collection from being shut down by the federal government. In the end, the phone metadata program (at least as it applies to landlines) was terminated. But there’s more than a hint of egregious hypocrisy in the FBI’s sudden concern about how much can be revealed by “just” metadata.

Filed Under: bulk collection, doj, fbi, hacking, metadata, section 215, surveillance
Companies: at&t

Rep. Steve Scalise Takes To The Airwaves To Blame The New Orleans Terrorist Attack On DEI Initiatives

from the beating-their-drums-with-the-bones-of-the-dead dept

Never let a tragedy go unexploited. That’s the political rule and it applies to both sides of the partisan divide. Of course, the divide has been Oval Office top heavy for a majority of this century, so we’re hearing more from one side than another in most cases.

That being said, there’s no limit to the stupid things powerful people will say when they’re using dead bodies as hobby horses for whatever narrative they want to push. Mass killings have been blamed on music, “violent media,” video games, the internet in general, the internet more specifically, and the general collapses of family unit preferred by theocrats.

Now, we’re getting this, as (barely) reported by Ashleigh Fields for The Hill.

House Majority Leader Rep. Steve Scalise (R-La.) cited diversity, equity and inclusion (DEI) initiatives that he says have blurred the focus of law enforcement agents hired to keep the country safe while discussing what caused the Wednesday New Orleans attack.

“Some of these agencies have gotten so wrapped up in the DEI movement. You know, call it wokeness, call it whatever you want,” Scalise said during a Thursday interview with WWL Radio.

“But where their main focus is on diversity and inclusion as opposed to security. And they’re two very different things. And we’ve got to get back to that core mission.”

That much of the reporting is fine. It’s just the facts and it adequately sums up what Rep. Scalise said during his WWL interview.

The next paragraph, however, is exactly the sort of thing we don’t need any more of: the view from nowhere that grants credibility to literally any stupid thing that comes out of politicians’ mouths.

His concerns were raised amid an outpour of scrutiny from anti-DEI advocates including Robby Starbuck, who critiqued local leaders and the New Orleans Federal Bureau of Investigation (FBI) for hosting DEI recruiting events.

“His concerns” were not “raised.” His “moronic assertion” went “unchallenged” is a much better way to report this. Or his “delusions” were “vocalized.” Anything but treating this like it’s a regular concern raised by a regular person, especially when placed in the context of other theatrical hyperventilators who have decided DEI must be harming everyone because they personally don’t want to consider the mild imposition of having to include others, treat them as equals, or confront the fact that their own personal worldview isn’t the only world view.

It’s not much better at the source of Scalise’s stupidity. Here’s how it’s summed up by WWL:

When asked what Homeland Security missed or what they could’ve done differently in the case of the New Orleans terrorist, a case where an American citizen became radicalized, Scalise explained, “Some of these agencies have gotten so wrapped up in the DEI movement that they’re main focus is diversity and inclusion rather than security. We have to get back to that core mission.”

[…]

Scalise expanded on his belief that large federal agencies have lost sight of their mission, “It seems the further away we get from September 11th, the closer we are to September 10th. It’s the attitude of ‘It can’t happen again.’ It just did…I think they let their guard down and are focused on things other than keeping our homeland safe… When they lose focus lives are lost.”

Trust me, no law enforcement agency is leaning so heavily into DEI initiatives that they’re losing “mission focus.” If it’s like the initiatives I’ve seen enacted at any number of private companies, it’s something that is put on posters and hung on bulletin boards and occasionally mentioned at quarterly-meetings. It’s just another thing most employers and employees are pencil-whipping, along with all the usual compliance paperwork they’re required to fill out periodically.

While some companies actually care about DEI (Costco is on top of it, for instance), there’s absolutely no reason to believe law enforcement entities that still can’t reliably respect rights that have been around for a couple hundred years are so entranced by DEI initiatives they can no longer reliably fight crime, much less engage in the super-fun round-the-clock surveillance that rarely prevents terrorist attacks, but is always treated as just part of the price we pay for the freedom to be shot at, run over, or placed into the hands of a political party that thinks literally terrorizing their fellow legislators is an acceptable way to handle a presidential election loss.

Filed Under: dhs, fbi, new orleans, steve scalise, stupidity, terrorism

Trump’s Anti-Deep State FBI Pick Kash Patel Got Swept Up By… Trump’s Deep State

from the licking-the-boots-that-are-stamping-on-their-faces dept

As a non-fan, non-supporter of Donald Trump, I don’t have much left after discovering a disturbing number of my fellow Americans prefer fascism to liberty. But I still have these things I will forever hold near and dear to my heart: schadenfreude and irony.

And, if you’re like me, you get both of these things here. Kash Patel — a man who managed to ascend the government ladder with alacrity thanks to his undying support of Donald Trump during his last presidential term — is currently Trump’s pick to head the FBI.

Not only is Patel a loyalist, he’s also one of those guys who thinks anything bad said about Trump by government officials must be the result of a pernicious “deep state” conspiracy. Here’s some recent reporting on Patel’s “deep state” hallucinations from the Washington Post.

Next week, Cassidy Hutchinson will turn 28. The New Jersey native graduated from Christopher Newport University in Virginia five years ago. She interned briefly on Capitol Hill before taking a job at the White House, earning a write-up in the college newspaper. She worked in the Trump administration for a little over two years.

This, according to Kash Patel, earns Hutchinson a spot as one of 60 “Members of the Executive Branch Deep State.” Should he be confirmed to run the FBI, as President-elect Donald Trump desires, Hutchinson and those 59 others could find that their stints as government employees, however brief, earned them federal criminal investigations. Not because they compromised the public trust, but because they ran afoul of Trump — or Patel.

Sixty people! All Deep Statists! Allegedly! Astoundingly, many of the people populating Patel’s “deep state” list worked for Trump during his first term but made the mistake of questioning moves made by Trump or (far more importantly) Patel during his meteoric rise through the government ranks thanks to his willingness to bend a knee, kiss the ring, lick the boot… whatever was needed to make Trump feel good and make Patel feel better about his future employment opportunities.

Not that this will change anything, as I’m sure both Patel and Trump will find some way to talk around this, but Patel was targeted by the “deep state” headed by Trump when Trump told the DOJ to go after journalists and their sources following a long string of unflattering leaks.

Targeting journalists and their sources was obviously a constitutional problem. But trying to locate the sources of leaks meant targeting government employees and officials too. And that meant Kash Patel was targeted, despite his constant obsequiousness.

An apparent leak investigation years ago that swept up Patel’s Google account information fueled some of his anger toward the Justice Department and FBI in recent years.

Last fall, Patel sued Trump’s prior top DOJ and FBI appointees, including Director Christopher Wray, for unfairly obtaining his data in 2017.

Subpoena paperwork that Patel made public in the lawsuit indicate Justice Department prosecutors working with a federal grand jury in Washington, DC, sought Patel’s Google and Google Voice records from an almost 20-month period in 2016 and 2017.

In his complaint, he says he learned five years after the subpoena that the Justice Department had sought his communications from Google.

Somehow, this act didn’t prevent Trump from picking Patel to head the FBI. And, also (somehow), it didn’t prevent Patel from accepting this offer, despite his apparent antipathy towards the FBI and DOJ. Maybe Patel thinks he can clean it up by heading it up. But that doesn’t explain why he feels no animosity towards the man who made this all happen: Donald Trump.

Trump and Patel aside, the more disturbing fact is what the Inspector General uncovered during the office’s investigation of these leak investigations. More damage was done to trust in the federal government and the First Amendment rights of journalists than to Kash Patel’s career hopes. This is from the summary of the IG’s report [PDF]:

[We] found that the Department complied with some but not all of the then applicable provisions of the News Media Policy in the compulsory process it issued. Specifically, as detailed above, we found that the Department failed to convene the News Media Review Committee to consider the authorization requests in the three investigations; the Department did not obtain the required DNI certification in one investigation and we were unable to determine whether the Department provided the DNI certification it obtained in another investigation to the Attorney General for his consideration; and the Department did not obtain the Attorney General’s express authorization for the NDOs in any of the three investigations.

Given the important interests at stake, we were troubled that these failures occurred, particularly given that only a few years had elapsed since the Department substantially overhauled its News Media Policy in 2014 and 2015 following serious criticisms concerning the Department’s efforts to obtain communications records of members of the news media. In our judgment, the Department’s deviation from its own requirements indicates a troubling disparity between, on the one hand, the regard expressed in Department policy for the role of the news media in American democracy and, on the other hand, the Department’s commitment to complying with the limits and requirements that it intended to safeguard that very role.

In other words, the DOJ promised to make changes after being caught doing this sort of thing during the Obama Administration. And changes were made, but no one in the FBI or DOJ felt compelled to respect the new rules. So, the same thing happened again, only under a president with a much more antagonistic relationship with the press, as well as a far more limited tolerance for leaks that generated negative press.

Everything old was new again. With Trump taking office again and the DOJ still having done little to right the wrongs of the past, it seems unlikely the next four years won’t generate more questionable investigations that threaten the rights and freedoms of journalists. And, if Trump gets his way, the FBI will be headed by someone who has shrugged off his own targeting by Trump’s DOJ (give or take a lawsuit) apparently in hopes of being hired by the same man who once considered him a threat to his presidency. And there’s no better loyalty that the loyalty of someone who’s already been under the thumb of the person he plans to serve. That person — Kash Patel — knows his place. And he knows exactly what he needs to do to use these same powers against anyone he or his ultimate employer feel just aren’t loyal enough.

Filed Under: conspiracy theories, deep state, doj, donald trump, fbi, kash patel, leak investigations, rights violations

Criminals Are Still Using Bogus Law Enforcement Subpoenas To Obtain Users’ Info

from the abusing-the-same-tools-the-cops-abuse dept

Maybe if law enforcement didn’t abuse subpoenas so frequently, it might be a little bit more difficult for criminals to do the same thing. Subpoenas can be used to order companies and service providers to turn over user data and information. But they don’t require law enforcement to run this request past a court first, so subpoenas are the weapon of choice if investigators just don’t have the probable cause they need to actually obtain a warrant.

The FBI has a long history of abusing its subpoena power, crafting National Security Letters to obtain information it thinks it might not be able to acquire if it allowed a court to review the request. In fact, FBI investigators have been known to send out NSLs demanding the same info requested by their rejected warrant applications.

Most companies don’t have the time or personnel to vet every subpoena they receive to ensure it’s legitimate and only demanding info or data that can be legally obtained without a warrant. As long as it originates from a law enforcement email address or has some sort of cop shop logo on it, they’ll probably comply.

This has led to several successful exfiltrations of personal data by cybercriminals. The latest wave of bogus subpoenas has apparently been effective enough, the FBI (which is part of the problem) has decided it’s time to step in. Here’s Zack Whittaker with the details for TechCrunch:

The FBI’s public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone’s life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an “uptick” around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

“Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” reads the FBI’s advisory.

The full notice [PDF] gives more detail on how this is being accomplished, which involves utilizing data and personal info obtained through previous hacks or data leaks. Once a criminal has enough information to impersonate a cop, all they need is some easy-to-find subpoena boilerplate and a little bit of info about their targets. It also helps to know what might motivate faster responses while limiting the number of questions asked by service providers.

In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would “suffer greatly or die” unless the company in question returns the requested information.

To combat this, the FBI suggests recipients of law enforcement subpoenas start doing the sort of thing they should have been doing all along, which is also the sort of thing that law enforcement agencies seem to consider being a low-level form of obstruction. Investigators tend to be “We’ll be asking the questions here” people and seem to resent even the most minimal pushback when engaging in fishing expeditions via subpoena.

Private Sector Companies receiving Law Enforcement requests should apply critical thinking to any emergency data requests received. Cyber-criminals understand the need for exigency, and use it to their advantage to shortcut the necessary analysis of the emergency data request. FBI recommends reviewers pay close attention to doctored images such as signatures or logos applied to the document. In addition, FBI recommends looking at the legal codes referenced in the emergency data request, as they should match what would be expected from the originating authority.

The rest of the notice tells law enforcement agencies to do all the basic security stuff they should have been doing all along to prevent exactly this sort of thing from happening.

But what’s not suggested as a fix is one of the more obvious solutions: move away from utilizing subpoenas and rely on warrants instead. This will prevent service providers stepping into the role of magistrate judge when receiving subpoenas to determine whether the request is legitimate and is properly supported by existing law. It also will make it more difficult for cybercriminals to do little more than send emails from compromised accounts to fraudulently obtain user information. While it’s not impossible to forge court orders and warrants, it’s a bit more difficult than only having to impersonate a single person or law enforcement entity when sending bogus paperwork to tech companies.

Of course, no law enforcement agency would be willing to make this switch even if it meant protecting thousands of innocent people from being victimized by cybercriminals. Whatever makes things easier for cops to get what they want also makes it easier for criminals to do the same thing. If nothing else, maybe a few law enforcement officials will realize the parallels this has to mandating weakened encryption or encryption backdoors: what works better for cops works better for criminals.

Filed Under: cybercrime, fbi, privacy, security, subpoenas