I want to just follow on to Cheryl’s post about the President’s operational security failure on Twitter earlier today. What the President did today, despite his standing outside the White House and saying to a reporter that he had a right to tweet out the imagery, was not declassification of the geospatial intelligence (GEOINT) imagery that he tweeted out. If that had been the case, then the original classification markers would be visible, they’d be struck through, and there would be a time and date stamp along with standardized language that the imagery had been declassified as of X time today. Instead, as you can see in the image in Cheryl’s post, there is a black rectangle in the upper left hand corner, which is most likely covering the classification code. In this case that is most likely TS/SCI/NOFORN – Top Secret/Sensitive Compartmented Information/No Foreign Distribution. Though it could just as easily be UNCLASS/FOUO – Unclassified/For Official Use Only. We know some of the provenance of the GEOINT the President tweeted, because everyone in the Intel Community began scrambling to cover their tuchases, which the President had exposed and hung way out the window for everyone to see. The President received the imagery during a briefing earlier today.
A U.S. defense official told CNBC that the picture in Trump’s tweet, which appeared to be a snapshot of a physical copy of the satellite image, was included in a Friday intelligence briefing. https://t.co/9d8Q3VN8GP
— CNBC (@CNBC) August 30, 2019
What Cheryl described is clearly what happened here. The President had someone on his staff, most likely his caddie Dan Scavino, who is currently serving as the Assistant to the President-Director of White House Social Media Communications and tweets as/for the President, bring an unsecure smart phone into a sensitive compartmented information facility (SCIF) and take a picture of this classified information so he could tweet it out. Whomever took the picture, either at the President’s direction or their own initiative because they realized what they were doing was sketchy, placed a black bar over the classification markings, then loaded the image up so it could be tweeted out. Bringing an unsecure phone into a SCIF and taking pictures of anything in the SCIF is the type of thing that gets one suspended, one’s clearance stripped, and one prosecuted for stealing classified information.
As I stated above, this is not actually declassification. Here’s Brad Moss, whose law practice focuses on national security, clearance, and classification issues:
Something to bear in mind about that satellite imagery tweeted out by the President: it does not appear to have any classification markings anywhere. And, even if it did, yes, nothing prevents him from tweeting it out anyways.
And, no, it doesn't qualify as declassification.
— Bradley P. Moss (@BradMossEsq) August 30, 2019
This just made me think of something else. The courts have recently ruled that merely because Trump utters classified information that does not, in itself, render it declassified.
Therefore, it’s technically a security violation for clearance holders to even look at the image. pic.twitter.com/MZto0rglW1
— Bradley P. Moss (@BradMossEsq) August 30, 2019
So what we have here is data spillage (emphasis mine):
Data spillage is the transfer of classified or sensitive information to unaccredited or unauthorized systems, individuals, applications, or media. A spillage can be from a higher level classification to a lower one. The data itself may be residual (hidden) data or metadata. Spillage may result from improper handling of compartments, releasability controls, privacy data, or proprietary information.The trend towards increased information sharing has weakened access controls, giving users without a need-to-know access to large volumes of sensitive or classified data. Malware that propagates via removable media has increased the risk of large data transfers outside the network. The risk of data spillage is a problem largely because of inadequate end user security awareness, unmanageable networks, and poorly implemented data policies.
The bigger issue is that anyone who has a clearance (hello!) and encounters this information (hello!) is, unlike the President, potentially liable for accessing compartmented information that they do not have a need to know. Unlike the President, no one else in the US has an Office of Legal Council memo from 1973 that places them above the law.
Looks like a lot of people are about to be sanctioned. pic.twitter.com/fNTp4JmgOA
— National Security Counselors (@NatlSecCnslrs) August 30, 2019
If you’re wondering how this could be the case, how someone with a clearance who was just scrolling through Twitter, reading Balloon Juice, or watching the news when this comes up can get in trouble, but the President can just put classified information out there, claim he has the right to do it, even if it hasn’t been formerly and properly declassified, and he faces no jeopardy and the rest of us with clearances do, it is because THE RULES WERE NOT CONCEIVED OF AND WRITTEN WITH THE CURRENT PRESIDENT IN MIND!!!!! NOT A SINGLE ONE OF THEM!!!! The assumption was, based on historic performance of previous presidents, that NO FUTURE PRESIDENT WOULD BE THIS STUPID AND CARELESS!!!!
As Cheryl indicated, what the President tweeted out was the good stuff. No one is supposed to know we have that good of resolution wherever and whenever we want. And because the Iranians and others – friends and foes alike – know when the test failed, combined with the shadows and other static imagery in the GEOINT, they’ll be able to work out where we were looking from.
This is not just a major Operational Security (OPSEC) failure by the President, it is also a major counterintelligence (CI) breach by the President.
As we have been since November of 2016, we are off the looking glass and through the map!
Open Thread!
* Just a quick note, because I was actually getting caught up on the news shortly after the President tweeted this out, I saw it. I then sent an email to my company’s security officer to inform him that I’d seen data spillage, that it was inadvertent, and provided the context. This was done to cover myself.
Cheryl Rofer
Thanks, Adam, for explaining why this isn’t declassification. I’m seeing too many people on Twitter saying that it is. And whoever blacked out the classification markings knew exactly what they were doing.
Brachiator
Whoever.
Pedantry aside, this has been a great series of posts from two people who absolutely know their shit.
TenguPhule
Is it paranoia to wonder if Trump is doing this to justify replacing everyone who still has security clearance and isn’t loyal to Trump?
zhena gogolia
I have to go to bed now because my anxiety is through the roof.
Wapiti
Huh. I am happily retired and no longer have a clearance. I’m thinking of posting that image to facebook, along with the instruction to anyone that has a clearance that they need to report that they saw it to their security manager.
Sayne
Fucking seriously.
Every time I’ve seen this article come up I’ve immediately scrolled away so as to not inadvertently lay eyes on the image, even the thumbnail.
My god what a clusterfuck.
rikyrah
He is a National Security threat???
spanky
@TenguPhule: Yes, it’s paranoia to imagine he has the mental capacity to think two steps ahead.
PeakVT
Lock the Traitor-in-Chief up.
Raven
From just a guy some of us know.
spanky
On the other hand, since the image has no classification markings, if someone were to accuse you of accessing classified data, what do they do when you say “prove it!” ?
spanky
@Raven: Baud?
Alternative Fax, a hip hop artist from Idaho
I figured you’d memorialized the context of encountering data spillage. What are probable repercussions from the extreme violation of SCIF regs? Would the current DOJ even consider it? Will the rest of FVEY deliver a bovine?
Raven
@spanky: Nah, some wacky rwnj blogger.
I read it so you don’t have to!
Another Scott
A little bird just told me that AG Barr is outraged and has started what will likely be a 6+ [month] long investigation to figure out what happened. All of Donnie’s e-mails from the last 10 years will be investigated with a fine tooth comb.
McConnell is bringing the Senate back into session to start an immediate Senate inquiry.
The NYTimes has Maggie Haberman and all their best reporters coming back from vacation to start a multi-part front page series that is expected to last through November 2020.
…
Ha. I crack me up sometimes…. :-/
Someone here hates the expression, but IOKIYAR. Just watch.
:-/
Cheers,
Scott.
Alternative Fax, a hip hop artist from Idaho
@Raven: And we appreciate your generosity.
david
Hello, Matthew!
————
Matthew Yglesias @mattyglesias
Tired: Tom Steyer should spend his $100 million on registering voters.
Wired: Tom Steyer should spend his $100 million on paying liberals to move to Montana.
12:29 PM – 30 Aug 2019
————–
Add AK, AZ, ND, SD, and WY to that idea, and we’re talking permanent Senate takeover.
Sayne
I actually wish Cheryl would take down the thumbnail as it is preventing me from scrolling past the rest of the page.
Bill Arnold
@Sayne:
OK, we won’t tell you exactly how high-res it is. (There are some compression artifacts)
Adam L Silverman
@Cheryl Rofer: And that’s why I doubt this was simply marked UNCLASS or UNCLASS/FOUO. If that was the case they wouldn’t have bothered covering the classification markings.
Adam L Silverman
@Brachiator: Whom cares?
Adam L Silverman
@TenguPhule: Yes it is.
chris
@Sayne: Turn off images. https://merabheja.com/stop-images-showing-web-pages/
Adam L Silverman
@Sayne: That’s why I didn’t post the image or thumbnail of the image. Or the President’s tweet. Or even a link to the tweet.
Bill Arnold
@Sayne:
Chrome settings include an option to not show any images.
Or use a command-line browser, e.g. lynx or links2
Adam L Silverman
@Raven: Oy vey.
Wapiti
@Raven: That’s what they said to Lincoln. They didn’t wait for him to be sworn in before the traitorous
shitbirdsshitbags* bailed on the Union.* I don’t want FTFNYT to think I’m using eliminationist rhetoric by calling people animals.
Adam L Silverman
@spanky: It doesn’t work that way.
Adam L Silverman
@spanky: No. Raven’s comment was meant specifically for me.
Ken
I thought the President’s own phone was unsecured, and also a couple of generations old with several known exploits. Did they manage to get him to upgrade?
?BillinGlendaleCA
@Another Scott:
Was said bird drunk?
Adam L Silverman
@Alternative Fax, a hip hop artist from Idaho: Given that the President did it and/or ordered Scavino to do it, I really don’t have any idea. I don’t see Mulvaney allowing the White House Special Security Officer pulling Scavino’s clearance. Hell, I’m not even sure Scavino has a clearance. He certainly doesn’t need it for his job. And even if the White House Special Security Officer tried to take action, as was the case with Jared and Ivanka’s clearances, the President can always just overrule him. And I doubt AG Barr is going to do anything. Remember, Barr’s life’s work is establishing the reality that president’s are, essentially, the end all and be all of the entire executive branch and all the powers of the executive branch reside within the president.
Another Scott
@Sayne: As crazy as this timeline is, I cannot imagine anyone getting into trouble for viewing an image that the POTUS posted on his Twitter account.
Maybe I’m being naive.
Cheers,
Scott.
Amir Khalid
@Adam L Silverman:
Me sure don’t.
Sayne
Turned off all images. Now everything looks like 1990s Dial-up Netscape over a poor connection.
Christ.
Dev Null
This reminds me of the time circa 2013 when the Washington Post published classified NSA PPT liberated by Snowden and written up by Barton Gellman.
Idiot me, having read Gellman’s post, I forwarded the link to acquaintances …
… who very kindly pointed out that I had exposed them to data spillage, and in consequence they were self-reporting to their Security Officers.
What’s a moron to do?
I self-reported.
Duh.
The only interesting reveal here is that the security person I spoke to (after my Security Officer) wasn’t aware that the Washington Post had published class PPT.
If that’s not clear …
… I was the first person to self-report to her, more than 24 hours after Gellman’s post had gone up.
This in the
heart of darknessNational Capital Region.Call me naive, but I thought then, and think now, that umpty-gazillion individuals with security clearances failed to report that they had seen class dox in the Washington Post.
Adam L Silverman
@Raven: He actually wrote this!
He trained me to do the work I do in the wars we are not involved in.
Alternative Fax, a hip hop artist from Idaho
@Amir Khalid: Well played.
Adam L Silverman
@Ken: It is. I did a post about that problem last year. Or the year before. I’ve lost track.
Amir Khalid
@Adam L Silverman:
I fixted it for you.
Alternative Fax, a hip hop artist from Idaho
@Adam L Silverman: Exactly my point. I suspected the answer is “who the fuck knows?” But I was concerned I’d missed something, not having any clearance expertise.
chris
@Raven: @Adam L Silverman: Holy crap! I haven’t been to that place in years. There’s no sign of it on the site but bet you a dollar that he’s got Qanon pyjamas at home. WWG1WGA!
Another Scott
@?BillinGlendaleCA: Hard to tell. Those hummingbirds are flighty beasties!!
Cheers,
Scott.
Adam L Silverman
@Another Scott: You’re being naive.
MomSense
@zhena gogolia:
Yup. I’m going to try to watch a mindless movie and see if I can calm myself enough to sleep.
Democratic slogan for 2020 should be something like vote for me so America can sleep again.
Another Scott
@Ken: He apparently has 3 iPhones.
Of course, all of them (and everyone else’s) were (apparently) unsecure until recently because of a flaw in WebKit:
Yet another reason why he shouldn’t be tweeting, or doing anything else, with any smart phone all day…
Cheers,
Scott.
Adam L Silverman
@Dev Null: Most of them do. I was trying to find something for a seminar lesson at USAWC back in 2012 and managed to access something that had leaked from the Bush 43 DOD, which had been subsequently declassified. However, what I managed to access at a legit news media website, which was the declassified info I wanted, was the stuff that leaked. It wasn’t marked declassified. So I had to self report even though technically the information was now declassified.. Our Information Security Officer was just thrilled someone had called him.
Bill Arnold
@Another Scott:
Anyone who does not self-report might not be not following realDonaldTrump twitter, and is probably an enemy of the POTUS.
(Not entirely sure I’m joking here, TBH.)
ema
The professionals who run these briefings, isn’t it their duty to assess the risk and protect this information, from any and all? They must be aware that the President’s incompetence is an ongoing, active threat to our national security/interests.
Adam L Silverman
Adam L Silverman
@ema: They do. He’s still the president.
Alternative Fax, a hip hop artist from Idaho
@Another Scott: Extremely naive, with the caveat that I’m not an SME on clearance issues. But I do know that these kinds of things are taken very seriously.
Ladyraxterinok
When new POTUS (hopefully democratic) comes into office, will there be any remaining experts in State, intelligence departments, etc, who know how material is to be treated, handled, etc?
Haven’t many employees been let go, quit in disgust? Who is still there who knows correct proceedures?
And with Trump following his own way himself, overriding everything—how can new administration restore some semblance of proper procedures?
Adam L Silverman
@Ladyraxterinok: There will still be people available. A lot of the political appointees will also have experience and no how to do things. But it will take a lot of work to fix things.
Another Scott
@Adam L Silverman: As we recall, something kinda similar happened in May 2017 – USAToday:
Presumably, similar memos are being prepared for release next week.
It doesn’t make sense for hundreds of thousands of people (or more) to have to call their Security Officers and report seeing the tweet from the POTUS (or other tweets where people analyze the image). Spillage on that scale obviously isn’t what the regulations and policies were designed for. It’s actually counter-productive to follow the rules in that case, and someone at the administration should make it clear so as not to waste everyone’s time. Will they? Dunno.
Just my $0.02.
Cheers,
Scott.
Adam L Silverman
@Another Scott: I did at least one post about that too.
Another Scott
@Adam L Silverman: No doubt. You’re quote prolific.
Unfortunately, B-J posts don’t show up near the top of Google search results,, so… ;-)
Cheers,
Scott.
mrmoshpotato
Even not in these times, tuchases – hehe. Never seen it written out before.
On topic, fuck this fat, orange, fascist, Soviet shitpile mobster manchild and everyone who voted for him or a non-Democrat.
Philbert
@Another Scott: nobody except Dems how bout?
Evil Paul
I’ve been on exercise in the Canadian Forces. Virtual exercises where there were no troops at risk and just icons moving around on a computer screen. Even then we still had to lock our cell phones up in a special cabinet before we were allowed into the rooms where we were working.
I’ve been on exercise where the headquarters was basically just a mod tent in the woods. And they still had a guy sitting at the entrance guarding the box where you would leave your cell phone before going in (on one occasion, the guy had post-it notes he could use to record your name for your phone).
Bringing a phone into a secure area…even a SIMULATED secure area…THAT’S NOT ON!!!!
….I can’t even….
mrmoshpotato
@Another Scott: We need to start rage-tweeting about how Google is so wah wah wah unfair to the Balloon Juice community. :)
Adam L Silverman
@Another Scott: Click on Silverman on Security below the post and just go a looking.
Cheryl Rofer
I’ve put the image below the fold in my post, so that clearance holders can skim the front page safely. But, for a number of reasons, I don’t want to eliminate it entirely.
Steve in the ATL
@mrmoshpotato:
And the White Sox too!
Another Scott
@Adam L Silverman: Tell Cole to add a decent search function and I’ll never have to use Google for links here again. ;-)
Cheers,
Scott.
Adam L Silverman
@Another Scott: I’ll push it across for the rebuild. Just in case the rebuild actually works.
Another Scott
@mrmoshpotato: :-)
Google searching for:
gives a few applicable links, but that’s 22 extra characters!
Cheers,
Scott.
Jeffro
@Brachiator:
Yes – thank you Adam and Cheryl.
Now then. Could the IC please, um, try to get this national security risk under control…preferably, via a slippery set of steps or 110% fat cheeseburger? Like, yesterday?
A president* willing to break all the rules about classified intelligence handling just so he can tweak Iran is a clear and present danger to all of us. Over 14 months ’til the election and his poll numbers aren’t gonna go up, that’s for sure. What’s he going to do next, casually tweet out the nuclear codes (or put them in a letter to Kim Jong Un)?
Philbert
It’s on the front page of FTNYT, now what? His taxes? ..
Oh well
TS (the original)
@Another Scott:
Do a google advanced search with the domain set to balloon-juice.com
Edit: I see I was late with this one
Sayne
@Cheryl Rofer: Thanks Cheryl.
@Adam L Silverman: And yeah I’m gonna call my FSO on Monday just as CYA. Probably best practice for most of us who are cleared, even if I never saw the image, I just want to make sure I cover myself.
Jeffro
@Adam L Silverman:
Just thought I’d throw that in there.
These authoritarians…they all just reek of childhood Daddy issues that they never dealt with. It’s really weird.
Dev Null
@Adam L Silverman:
I assume you mean “most clearance holders self-report exposure to class info”. If I misunderstand your point, then ignore what follows…
… I’d be astonished if most self-report exposure to class info spilled in public fora.
24+ hours – probably more like 48 hours – after a blockbuster report in the NCR paper of record (ie, Washington Post) that got national attention, I was the first self-reporter?
Call me a slave to probability, but nope… not plausible. Not impossible, but highly improbable.
JanieM
@Evil Paul:
@Evil Paul:
Shee-it, when I had jury duty, we had to hand over our phones to be locked up before we could enter the jury room every day.
Jay
Adam L Silverman
@Dev Null: I think that should have been most of them don’t. Sorry for any confusion.
Adam L Silverman
@Jay: I do not understand how any of the opinion page editors allowed that to be published. Of course Bari Weiss is an opinion page editor at NY Times, so she may have just gone: “looks great to me!”
Jay
Jay
Jeffro
I love how the Dem representative who went on CNN was like, “well…it goes to ‘what is the end game/strategy here’ by tweeting this?”
Great response.
How about, “this guy is a complete fucking moron, it doesn’t matter why he did what he did, he’s a danger to our country’s national security in a multitude of ways”?
Better yet, “HE’S NUTS! WHOTHEFUCKWOULDDOTHIS??”
Keep it simple, Dems!
Dev Null
@Adam L Silverman: Ah. Your InfoSec Officer’s response makes a lot more sense, then.
HalfAssedHomesteader
I’m free to buy anything I want at the grocery store. Doesn’t mean I can use old socks to pay for it. Same goes for declassification. The president is free to declassify anything s/he wants. That DOES NOT mean s/he is free to invent any declassification procedure they want.
Another Scott
@Jeffro: Donnie wants to break the US Government so that he’s not constrained by any rules or norms. He wants to be God-Emperor and do whatever he wants.
That’s the purpose of things like this. To break the system.
Grr…
Cheers,
Scott.
Jay
@Adam L Silverman:
https://mobile.twitter.com/elivalley/status/1167525252450193409/photo/1
Yarrow
Thanks for the posts, Adam and Cheryl.
@Adam L Silverman:
Really? Why not? Seems to fit in just fine with what they do.
Jay
mrmoshpotato
@Steve in the ATL: Braves won, SteveintheWhereTheFuck.
The South Siders are toast anyway.
Damn you, postponed baseball. Go Reds – for the next two days!
mrmoshpotato
@Another Scott: And it’s a very specific search inquiry!
Mike in NC
Putin’s puppet is up to his usual antics. He conferred with Ivanka before releasing it, so all is good.
mrmoshpotato
@Jeffro:
Dump’s whole life is a childhood Daddy issue he never dealt with.
mrmoshpotato
@Jeffro: Or, Dump is a Soviet shitpile mobster conman who’s been owned by the Kremlin since at least 1987, and Dump’s puppet master Putin wants chaos and instability.
Jay
Another Scott
Dorian’s up to 140 MPH sustained winds, 948 mbar.
Fingers crossed.
Cheers,
Scott.
Yarrow
@MomSense:
I completely agree. I can see the ad starting with a montage of terrible things that Trump has ordered, supported, or ignored–“very fine people on both sides” while white supremacists march with tiki torches, kids in cages, headlines about Trump tweeting classified info, Republicans voting to take away health insurance, etc. Nice suburban white lady then says, “I’m voting for the Democrat because I’d like to have a good night’s sleep again.”
Just a rough draft but I think something like that could work.
Yarrow
@Another Scott: Latest track has Dorian staying offshore.
mrmoshpotato
@Yarrow: Add in a picture of all those Rethuglican Senators sucking Moscow’s ass on the 4th of July.
It’s not just the presidency that needs to change parties.
Vor
It is going to take decades to rebuild our government. They are destroying State and the USDA. DHS and CBP need to be rebuilt from scratch and the ground under them salted.
Enhanced Voting Techniques
@TenguPhule:
This Tengu, Trump isn’t that clever. This was Trump wagging his penis at the world.
Citizen Alan
@Wapiti:
I honestly don’t care if the FTNYT thinks I’m using eliminationist rhetoric. “God knows his own,” and all that.
Ceci n est pas mon nym
@Dev Null: Probably not. But it’s a standard part of security training that just because you see it in the press, that doesn’t declassify it and you are still expected to protect the information and not risk more spillage by commenting. With a case this public I imagine there is a lot of emergency rebriefing going on about this policy, especially for those whose jobs might bring them in contact with reporters.
MobiusKlein
For the record, I work at a financial services company, and I can’t use a USB data stick, or any other removable media without direct approval by infoSec. My friend who works at a major health care / insurance company, when he stuck in a removable drive, it got auto-encrypted. Now the drive is a brick, effectively. How is our intelligence community behind so far?
MobiusKlein
Would an ascii text impression of the photo get folks in trouble?
The tilde is smoke
Sam
No way for someone to know that image is classified. I would not report it unless I was sure. On the speculation: well, if it was what we think it was, really bad breach in all the ways discussed. This president is an idiot and harms our security every day he is in office, which is one reason why impeachment should have happened a long time ago
Dev Null
@Ceci n est pas mon nym: Yep, I know, but I don’t think the point was emphasized in my training. Whether or not I’m remembering correctly, I sure wasn’t expecting to see class info in the Washington Post, and was thrown for a loop by the encounter. (Not much of an excuse, but it’s the only explanation I can come up with for my cluelessness.)
Wouldn’t be surprised.
Dev Null
@MobiusKlein: Depends on the resolution, I s’pose.
Another Scott
@Sam: Rep Don Beyer retweeted some discussion about it (which included the image).
The horses are out of the barn, the fences are knocked down, and the farm is flooded. Having people report that the barn door was left open is a waste of time…
Cheers,
Scott.
Dev Null
@Ceci n est pas mon nym:
Tangentially (and objectively), in both cases (Gellman’s column, Trump’s tweeted photo) the damage was already done: adversaries either have the information already or will have it shortly. My sending a link to Gellman’s post inflicted no (further) damage on national security.
But (as I imagine everyone knows) there was potential harm from the linkage I sent, both to me and to my correspondents, which is why one self-reports, or should anyway. To wit: should I or my correspondents become the subject of a CI investigation, and the Gellman PPT slide be found in my / their browser cache(s), perhaps even a link to the column in browser history, that’s grounds for further investigation…
@Another Scott:
I don’t think that’s entirely true. Admittedly, the chances of being sucked into a CI investigation are small, but keeping one’s nose clean is a cheap hedge against an unlikely event. Especially because “them’s the rules”.
Happy to be corrected if there’s a point I’m missing.
Chief Oshkosh
@Adam L Silverman: Man, his website is bonkers. Just bonkers. Was he always such a dick?
Dev Null
@Chief Oshkosh:
Had to trace comments backwards to figure out the individual being maligned (or not) … it’s Pat Lange, right?
Back in the day I checked his website regularly, but the SNR dropped precipitously during Obama’s Admin, and eventually gave it up. Haven’t been there since before the 2016 election. Maybe before the 2012 election. Didn’t know he’s into Larry Johnson conspiracy theorizing… wow. That’s, uh, different.
(Not stealing Adam’s thunder, just adding my two pesos.)
SteverinoCT
@Adam L Silverman:
Knock, knock.
Who’s there?
To.
To who?
To Whom!
Tengrain
Thank Dawg Prznint Stupid tweeted it. Imagine if he used a private email server.
Regards,
Tengrain