"Turkish officials are wary of releasing the recordings, fearing they could divulge how the Turks spy on foreign entities in their country, the officials said [as they discussed the recordings against Turkish wishes, revealing how Turks spy on foreign entities in their country]"
These leaks always have the feature of all of the downsides of disclosure (burning sources and methods) with none of the upsides (no formal accusation with requirement for response at intl level, no sanctions, easy for KSA to claim is false etc)
So many, many problems with the past few weeks. But folks intentionally blurring FBI special background checks--which are always for and whose terms are always set by the WH--from the rest of the FBI's work is going to suuuuuuck so bad for everyone.
Here's the thing: when you say "the FBI is a partisan political organization", that makes it easier for politicians to say "the things it does that I don't like are just partisan, and we should make it do more partisan things I do want, and that's fine because it was always thus"
It's really a White House check, with FBI people on loan to do it. And even that's weird, because for advice and consent, it's really the Senate who should be doing the investigation; they are just outsourcing it to WH who are then getting FBI to do the groundwork.
Former NSA Employee Nghia Hoang Pho, 68, Sentenced to 5½ Years in Prison After Pleading Guilty to Willful Removal and Retention of Classified National Defense Information justice.gov/opa/pr/former-…
According to the plea agreement, Pho was a developer at NSA's Tailored Access Operations (TAO) hacking group from April 2006, and began unlawfully removing and retaining TS/SCI material from 2010 thru March 2015 including tools and documents in both hardcopy and digital form.
It has been widely alleged in the media (tho not confirmed or alleged by USG) that the Shadow Brokers tools—repurposed in the 2017 WannaCry mass-ransomware incident—were NSA tools lost as a consequence of Pho's removal of them from NSA to his unsecured internet-connected computer
If we think about it as a "cyber attack", we tend to overfocus on demanding that tech companies and USG build some magic technical defences against hackers, rather than ask how to build resiliency to media overloading and echo-chambers that led to lots of the problems in 2016.
Anyway, sometimes how you frame the problem shapes how you try to solve it, and if you misframe it sometimes it is not solvable.
Here is a copy of the letter from Sen. @RonWyden's office. It identifies a solvable root problem: the Sergeant at Arms asserts he cannot use funds appropriated for securing government accounts to help legislators and staff secure their personal accounts. documentcloud.org/documents/4906…
This is a good example of a rule constructed for laudable reasons -- the strong firewall to stop legislators using govt money for campaigning and personal things is there for a reason -- ending up with bad consequences on edge-cases like defending high-value accounts from hackers
Anyway, if Wyden's legislation clarifies to say the SAA (and the House equiv) can use appropriated cybersecurity funds to protect personal as well as government accounts of legislators and their staffers, that would be a big deal.
E.g. one of the third parties is *called* "Article 19", not to be confused with Articles 8, 10, 14, 6 which are the law of the case. Nor should you confuse section 8(4) as being anything to do with Article 8 even when they appear in the same sentence.
Thanks, ECtHR. V helpful.
The Court is answering lots of Qs on various aspects of the UK's legal basis for its surveillance programs.
On some issues the Court says the UK's practices comply with ECHR. On other Qs, the Court concludes the UK must do more, or update its practices.
Interesting Q, but I don't see why not. OLC's opinion on presidential immunity here says his role is unique, and while sfaict it's never came up for justices, I don't see why it would be constitionally different to congressmen who can be indicted in office
(this tweet should nevertheless not be read as any suggestion this is even remotely likely)
That said, the question gets more exciting if you ask whether it would be permissable to indict *all* of the sitting justices. But by then we're a long way down the rabbit hole of not-going-to-happen hypotheticals.
CFAA used to cover "Federal interest" computers til 96 when it was relaxed to cover "protected" computers, defined ~ as computers that belong to the government/banks, or which do "interstate commerce" which ended up being almost all of them bc of the Internet. Hence this outlier.
Interesting discussion on it in the DOJ "Prosecuting Computer Crimes" manual.
I appreciate security is a hard game where you get grief no matter what, and @defcon isn't the easiest con to manage security for because folks bring weird stuff, but this is just overkill and bad management.