Hvat’s troll nema þat?

There have been two interesting developments in the world of organized political trolls today:

  1. The Daily Beast discovered that Russian Facebook ops did manage to incite some real-world organizing after all, but I’m linking you to Bellingcat’s writeup instead.
  2. It has generally been expected that Kremlin-backed trolls would go after Merkel, but instead most of the German- and English-language material is being generated by the American alt-right, and the Russians are nowhere to be found.

A few things stand out.  First, the lines between state-run campaigns, astroturf, and citizen propagandizing were never clear to begin with, but soon it’s going to be impossible to draw them at all.  Pretending to be Americans themselves, the Facebook Russians egg on actual right-wing American activists to organize rallies (this is so bananas I almost can’t get my head around it).  Private American citizens organize anonymously online to carry out a propaganda campaign directed towards the German electorate against a German presidential candidate.  Neither of these fit into our existing paradigms of an influence op, but neither are they citizen organizing in any sense we’re accustomed to.

Second, it’s a mistake to get hung up on numbers to the exclusion of all else when considering a decentralized political movement like the alt-right.  Numbers matter for forming voting blocs, but not for the other corrosive effects they can have on public discourse and civil society.  I’m not sure what to do about that, but yelling about how it’s only like two hundred dudes is no more helpful here than in the case of the jihadis.

Lastly, plenty of people have since 9/11 noted the rise of the non-state actor in the context of transnational Islamist terror groups like AQ and Daesh, but we have probably ascribed too much weight to the jihadis as jihadis: it will likely turn out that they were merely the first of the truly powerful non-state actors.  I’ll leave aside the absurdity of a transnational alliance of ethnonationalists for another post, but at least jihadi tactics are in harmony with their universalist ideology.  Anyway, technology has brought certain activities that were once the exclusive domain of the state within reach for the well-organized civilian: large-scale disinformation campaigns, geospatial intelligence, weaponized drones, etc.  It remains to be seen whether the centralization of data by the tech giants will have any mitigating effect on the decentralization of capabilities.

Advertisements

Easy Comey Easy Goey

What’s really going to tangle up the opposition is that the stated reason for firing Comey is a perfectly good reason to fire Comey, except that it happens not to be why they’re firing Comey.  He praised the damn letter to high heaven at the time, and now we’re supposed to believe that he has suddenly done a 180 and come round to the view that the violations of due process that contributed so much to his victory are in fact violations of due process.  This is the platonic ideal of tail wags dog: he wanted to fire Comey, and so they found the only remotely plausible justification.  As in the case of all of the intemperate CIA hyperventilation about Assange, however, many Democrats agree that Comey deserves the boot– it may not be not nearly so unpopular as it looks from here in the Tidal Marsh.

Do not delude yourself: there won’t be a special prosecutor.  The commentariat has got to quit pretending that there might be.  There won’t be a special prosecutor because the AG (or deputy AG) has to appoint one, and they’re the ones who recommended Comey’s dismissal in the first place.  Failing the AG’s office, Congress could technically have one appointed by passing a law that moved the appointment process out of the AG’s office, but it would have to get past a veto.  The story is not that Ben Sasse got out there like a real person and threw a fit.  The story is that aside from those few people who have not had their spines surgically removed, Republicans are circling the wagons, no doubt a difficult feat for the boneless.  Mitch McConnell is already whoring himself out to the White House.  That 2/3rds vote doesn’t exist.

The firing of Comey is a political crisis, not a constitutional one, but it’s still an existential threat to the separation of powers and the rule of law.  The regime will survive it.  Jack Shafer is funny and also right: Trump is the Teflon Man, and this can get off the front pages fast if he does something sufficiently spectacular elsewhere as a chaser.  I dare not speculate what that might be.  In Congress, this is going to degenerate into partisan warfare that will make the Benghazi hearings look like the Year of Jubilee.  Elsewhere, the Beltway Buzz, or rather the Beltway My-Phone-Is-On-Vibrate-Because-I’m-In-Class-Stop-Texting-Me-Oh-My-God, informs me that the rank-and-file FBI are not amused.  There may be leaks on the scale of a major hull breach impending.  Not that that helps: it’ll just degrade the rule of law faster.

And fuck you, Lavrov.

Lying under OAUTH

I don’t like this new thing where I’m going about my own damn business and suddenly end up on the front lines of the hybrid war, but that’s the cyberpunk dystopia we live in now.  Like nearly everyone inside the Beltway, my workplace got hit with the Google Docs OAUTH worm yesterday afternoon around 1500.  Thanks to Zeynep Tufekci’s efforts on Twitter, I was wise to it well before we actually saw one, and I managed to head my idiot comrades off from clicking on any of them.  I found myself speculating wildly this morning in a Twitter thread, but that’s the rankest Jeet-Heerishness so I’m hopping over to the blog where this belongs.  If you don’t know what an OAUTH phish is, read this.

It’s much too early for attribution, of course, but last time something like this happened, it came from APT28, who, as you may recall from my It Was The Russians attribution roundup post a few weeks ago, are the Russians.  While I should probably wait for further information from those who saw the landing page while there was still a domain to WHOIS, I’m inclined to believe this was intel collection— not necessarily from Moscow— until we have some negative confirmation.  What little I’ve seen of the WHOIS data (Google nuked everything before I got to clap eyes on the genuine article) shows the domains were all registered before TrendLab’s report on APT28’s use of faux-Google OAUTH exploits.  The apparent targets are consistent with the intel theory, as is the technique, if you look at it from a spyish angle instead of a hackish one.

The best argument against a state-level actor is that the phish was a dragnet.  Past OAUTH worms and other phishing campaigns from APT28 and Friends have overwhelmingly been spearphishes.  By contrast, this looks to many people like it could be a bunch of rubes looking to make a buck.

Yeah.

Sure.

Tell me another one.

The targets involved were media, feds, NGOs, contractors, and apparently academia.  The business sector only seems to have caught it second hand.  This is consistent with the interests of an intelligence service, but not with financial motives.  It’s still unclear where it began, but according to the above Gizmodo article, EFF thinks it may have started at Buzzfeed.  My own first hint of incoming fire was chatter early yesterday afternoon about a Google docs phish affecting journalists and media companies.  I put out some feelers and started hearing about it directly from friends in politics and the media around 1400 yesterday.  In DC it spread fast, like the bubonic plague-themed illustration of exponential growth that my middle school algebra teacher put on for the edification and amusement of a bunch of morbid eighth graders, hopping from journalists onto government networks and thence to NGOs and the private sector.  The ones I saw all came from a compromised address at USAID.

Then, the hard part of a spearphish is the intel-gathering that has to happen beforehand.  Public-facing social media will only tell you so much.  You’re not going to find out about a journalist’s confidential sources there, and many feds avoid realname social media entirely, because of the inherent opsec problem.  If only there was an easy way to map social networks in Washington so you could narrowly focus your OSINT efforts on the likeliest victims.

Enter a malicious Google app that siphons up your contacts and blasts itself out to your entire network.  That Mailinator address, presumably intended to detect whether the messages sent successfully, was CCed for every single hop the phish made between accounts.  Someone has that full dataset somewhere, even though Google nuked the app and the related domains, and is making it into a lovely network graphic with pretty colors and all.

As a phish searching for financial data, this campaign isn’t the greatest: it doesn’t catch any credentials that could be checked against banks or other accounts, and there doesn’t seem to have been a malware payload besides the mischievous app.  As a way to map networks and gather intelligence for a more sophisticated spearphishing campaign while looking like stupid crime, it’s brilliant.  So if there’s another, more subtle round of OAUTH spearphishes hitting intel targets any time soon, you’ll find me at a corner table at the Hamilton in the most disreputable clothes I own, inhaling cocktails and looking smug.

Leave Assange Alone

Listen.  I, too, think Julian Assange is a self-righteous posturing phony, a rapist, an abetter of tyrants, and a witting KGB cutout.  He’s a sniveling manchild who only publishes on countries with laws preventing them from pursuing him or without the resources to spike his coffee with polonium.  As a private citizen, I would love nothing more than to throw him out the embassy window into the waiting arms of the British constabulary.  I hate his stunted, vestigial guts; I hate the gut flora that inhabit them; and if I should be so lucky as to outlive him I fully intend to dance the hopak on his grave.  But that’s not what this is about.  As usual, this is about liberal democracy.

According to the Washington Post, it is not yet clear what charges DoJ wants to bring.  There may be evidence that Wikileaks was involved in more than receipt and publication of classified documents, or they may want to go for him under the Espionage Act of 1917.  The relevant clause seems to be this:

Whoever having unauthorized possession of, access to, or control over any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it…  shall be fined under this title or imprisoned not more than ten years, or both.

Hitherto the US government, aware of the bad precedent it would set and the SCOTUS smackdown that would likely follow, has not prosecuted anyone under the Espionage Act for publishing leaked material.  The Obama administration, otherwise godawful on transparency and press freedom, was at least in this one case well aware of the ancient principle according to which What Is Good For The Goose Is Good For The Gander.  Assange’s lawyer, while no doubt an even bigger human trash midden than his client, is right: Wikileaks is a publisher, and journalistic activities are protected even when the journalists in question are unethical dickweasels.  Especially when the journalists in question are unethical dickweasels.

A prosecution of Assange is the foot in the door.  There is classified information in every national newspaper every day, especially lately.  If DoJ succeeds in prosecuting him under the Espionage Act, it will be open season for the White House on all of our national outlets.  They’ll send Junior out there with an elephant gun.  Marty Baron’s head will end up stuffed on a wall.

There is no law of unintended consequences at work here.  From a White House that’s been frothing constantly at the mouth about all non-wiki leaks, the message is quite clear: it stops printing classified material, or it gets the Espionage Act.  After a successful Assange prosecution, journalists would be catching hell from all sides.  Besides having to worry about ending up in the camps for talking to whistleblowers, those bold enough to carry on regardless would find themselves dealing with editors reluctant to have the FBI in rummaging through the archives and making off with files and computers.

Of course much as it may seem like a contradiction, it was inevitable that the regime would turn on Assange sooner or later.  After 8 November, he became a threat, and he is the ideal vector for getting at the press.  Now that at long bloody last Assange is widely hated on the center-left, the political fallout from a prosecution under the Espionage Act would unfortunately not be particularly bad.  Critics on the left are already more likely to focus on the hypocrisy angle, and on the right, a prosecution of Assange might actually bring surveillance hawks, neocons, and Manning-haters round to il Douche’s side.  It might even be popular.

Why do we even HAVE that lever?

We are six state legislatures away from triggering an Article V constitutional convention, and hardly anybody is paying attention.

For anyone who needs a refresher, Article V is as follows:

The Congress, whenever two thirds of both Houses shall deem it necessary, shall propose Amendments to this Constitution, or, on the Application of the Legislatures of two thirds of the several States, shall call a Convention for proposing Amendments, which, in either Case, shall be valid to all Intents and Purposes, as Part of this Constitution, when ratified by the Legislatures of three fourths of the several States, or by Conventions in three fourths thereof, as the one or the other Mode of Ratification may be proposed by the Congress; Provided that no Amendment which may be made prior to the Year One thousand eight hundred and eight shall in any Manner affect the first and fourth Clauses in the Ninth Section of the first Article; and that no State, without its Consent, shall be deprived of its equal Suffrage in the Senate.

Congress must call a convention if the threshhold is met.  Once the convention is assembled, the delegates themselves have to establish procedures.  The convention is not constitutionally required to stay on topic and there is no higher authority than can intervene to mediate disputes.  The proponents of the convention, a rogues’ gallery of omnicidally insane budget hawks lead by ALEC and The Convention Of States, are currently trying to introduce legislation in Congress that will bring the proposals out of congressional records and into Archives’ jurisdiction where they can be catalogued, so that the convention will be triggered promptly if or perhaps when they pass the threshhold.

The convention provision has so far never been triggered because legal scholars agree that there’s no way to control an Article V convention.  This may well be what Gödel saw.  The constitution is the highest authority right up until a convention is called: after that, the Framers did not see fit to give us instructions, no precedent exists, and nothing can be assumed.  The last one turned out happily in the end, but we must remember that in 1787 the delegates ignored both their instructions from the state legislatures and the ratification procedures laid out in the Articles of Confederation, and we ended up with a totally new system of government.  This time Hamilton, Madison, and Jay are not coming to save us.

And, of course, our present situation doesn’t resemble 1787: the early republic was only six years out from complete regime change, and the convention was called to reform an ad-hoc system that everyone knew wasn’t working, even when they didn’t agree on what should be done about it.  We, on the other hand, have enjoyed a hundred and fifty-two years of a continuously functioning constitutional system, the only amendment in the national discourse is the abolition of the electoral college, and the last thing standing between us and the authoritarian populist maniac in the White House is those four pieces of parchment in a glass case down the street.  The state legislatures won’t send judges and political scientists and constitutional scholars: they will send politicians.  There are no rules to rein in the influence of moneyed interests.  This will not go well for us.

The lack of national news coverage is troubling.  It is a general truth of the internet that when people demand to know why the media aren’t talking about Thing, the media are, in fact, talking about Thing, which is why the morons demanding discussion of Thing know about Thing in the first place.  That isn’t the case here.  I consume a frankly unhealthy amount of news.  I found out about this while following up on a debate going on at Balkinization, and went looking for reporting afterward.  There’s some coverage in state-capital papers, and a single Washington Post editorial from a few weeks ago.  That’s all.  This advance has been going on unnoticed since 2010.  If the initiative reaches the threshhold, it will blindside the American people.

Between the regime and growing polarization, I don’t think we would survive this.

And Another Thing

I find the Greenwaldian muttering about the IC not tolerating contact with Russia totally preposterous.  In an absolute sense, the Trumpist reconciliation line on Russia is not hugely different from the previous two administrations’ positions at the beginning of their terms, and is just as likely to run headlong into fundamental incompatibilities in US and Russian interests as the last two were.  Making friends with Russia and going skipping off happily into the steppe has been an ambition of US presidential candidates since the end of the Cold War, and it just never does seem to go as planned.  This is because there is a KGB asshole in charge now and before that there was Yeltsin, who only looks good by comparison.  You didn’t exactly see this supposed cartoonish hostility to diplomatic relations with Russia manifesting in the same way when Bush and Obama had their respective disastrous goes at it.  Since then, however, Putin has started a war in Ukraine, made Syria even worse, and stuck his finger into our domestic politics.  Fuck you, Glenn.  Get off my swamp lawn.

What does make the Trumpist line stand out from the past is Trump’s characteristic fondness for strongmen (c.f. Erdogan, al-Sisi, Orban, need I go on), and that this comes on the heels of Putin’s deliberate, hostile interference in our domestic politics.  This is not perhaps a common view, but I have no problem with above-board, clearly-labelled foreign involvement in US electoral politics, as long as it doesn’t involve campaign donations.  Putin wants to come and give an opinion?  Fine.  He wants to run his crazy TV station here?  Also fine.  He wants to send volunteer canvassers to go out in the streets and tell people that Putin thinks they should vote for Trump?  Sure, still don’t care, so long as they’re clearly labelled.  I do take a dim view, on principle, of covert election meddling and foreign donations, no matter who’s doing it.

This is updated mischief for the 21st century, and we need to understand the extent and intent of the mischief before we can arrive at any sort of democratic consensus on what should be done about it (and obviously something like cutting off diplomatic relations with Russia over this would be beyond stupid but as far as I know, no one serious is suggesting that).

Oh yeah and also all the lying.

Warranted Twitter Panic

I got on Twitter just now and everything was on fire so I went to do my laundry and think about this a little.  It seems to me there are four possibilities here:

  1. There was a legitimately obtained FISA warrant, for whatever value of “legitimately” can be associated with FISA.
  2. There was an ordinary surveillance warrant out on the campaign.
  3. The Obama administration did something spectacularly illegal.
  4. There is no warrant at all and POTUS is just raving.

2, 3, and 4 seem relatively unlikely to me, except insofar as FISA is sometimes unconstitutional.  If there’s an ordinary, fully-constitutional warrant out, we need to know about it yesterday if not sooner, but what he’s talking about is most likely the FISA warrant reported at the Guardian, which was initially turned down as too broad.  It’s not inconsistent to believe simultaneously that FISA is sometimes unconstitutional and also that we have a problem that requires investigation if there is sufficient evidence on POTUS to eventually get any kind of FISA warrant on him.  How the constitutional needle is to be threaded depends on the specifics [Edit: I went digging around again and other reporting seems to suggest that the FISA warrant was obtained in the course of a felony investigation, which may mean probable cause was required, but this is also mainly from British sources so take the salt shaker].

And then one wonders where exactly the regime plans on taking this.  They’re not about to be going after FISA: that would be reducing their own power.  They’re not going to plead insanity: that would be crazy.  So that leaves them either with giving in to demands for an investigation (which won’t happen), or with an attempt to launch their own into illegal Obama administration wiretapping, for which there is no known evidence but when has that ever stopped them.

Anyway it’s totally insane that people who likely couldn’t pass an SSBI are running around the White House unhindered.