Exclusive: U.S. widens surveillance to include 'homegrown violent extremists' – documents

WASHINGTON (Reuters) – The U.S. government has broadened an interpretation of which citizens can be subject to physical or digital surveillance to include “homegrown violent extremists,” according to official documents seen by Reuters.

A U.S. Air Force airman at Petersen Air Force Base in Colorado Springs, in a file photo. REUTERS/Rick Wilking

The change last year to a Department of Defense manual on procedures governing its intelligence activities was made possible by a decades-old presidential executive order, bypassing congressional and court review.

The new manual, released in August 2016, now permits the collection of information about Americans for counterintelligence purposes “when no specific connection to foreign terrorist(s) has been established,” according to training slides created last year by the Air Force Office of Special Investigations (AFOSI). 

The slides were obtained by Human Rights Watch through a Freedom of Information Act request about the use of federal surveillance laws for counter-drug or immigration purposes and shared exclusively with Reuters.

The Air Force and the Department of Defense told Reuters that the documents are authentic.

The slides list the shooting attacks in San Bernardino, California, in December 2015 and Orlando, Florida, in June 2016 as examples that would fall under the “homegrown violent extremist” category. The shooters had declared fealty to Islamic State shortly before or during the attacks, but investigators found no actual links to the organization that has carried out shootings and bombings of civilians worldwide.

Michael Mahar, the Department of Defense’s senior intelligence oversight official, said in an interview that AFOSI and other military counterintelligence agencies are allowed to investigate both active duty and U.S. civilian personnel as long as there is a potential case connected to the military. Investigations of civilians are carried out cooperatively with the Federal Bureau of Investigation, Mahar said.

Executive order 12333, signed by former President Ronald Reagan in 1981 and later modified by former President George W. Bush, establishes how U.S. intelligence agencies such as the CIA are allowed to pursue foreign intelligence investigations. The order also allows surveillance of U.S. citizens in certain cases, including for activities defined as counterintelligence.

Under the previous Defense Department manual’s definition of counterintelligence activity, which was published in 1982, the U.S. government was required to demonstrate a target was working on behalf of the goals of a foreign power or terrorist group.

It was not clear what practical effect the expanded definition might have on how the U.S. government gathers intelligence. One of the Air Force slides described the updated interpretation as among several “key changes.”



However, some former U.S. national security officials, who generally support giving agents more counterterrorism tools but declined to be quoted, said the change appeared to be a minor adjustment that was unlikely to significantly impact intelligence gathering.

Some privacy and civil liberties advocates who have seen the training slides disagreed, saying they were alarmed by the change because it could increase the number of U.S. citizens who can be monitored under an executive order that lacks sufficient oversight.

“What happens under 12333 takes place under a cloak of darkness,” said Sarah St. Vincent, a surveillance researcher with Human Rights Watch who first obtained the documents. “We have enormous programs potentially affecting people in the United States and abroad, and we would never know about these changes” without the documents, she said.

The National Security Act, a federal law adopted 70 years ago, states that Congress must be kept informed about significant intelligence activities. But the law leaves the interpretation of that to the executive branch.

The updated interpretation was motivated by recognition that some people who may pose a security threat do not have specific ties to a group such as Islamic State or Boko Haram, Mahar at the Defense Department said.

“The internet and social media has made it easier for terrorist groups to radicalize followers without establishing direct contact,” Mahar said.

“We felt that we needed the flexibility to target those individuals,” he said.

In August 2016, during the final months of former President Barack Obama’s administration, a Pentagon press release announced that the department had updated its intelligence collecting procedures but it made no specific reference to “homegrown violent extremists.”

The revision was signed off by the Department of Justice’s senior leadership, including the attorney general, and reviewed by the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

Mahar said that “homegrown violent extremist,” while listed in the Air Force training slide, is not an official phrase used by the Defense Department. It does not have a specific list of traits or behaviors that would qualify someone for monitoring under the new definition, Mahar said. 

Hunches or intuition are not enough to trigger intelligence gathering, Mahar said, adding that a “reasonable belief” that a target may be advancing the goals of an international terrorist group to harm the United States is required.

The updated Defense Department manual refers to any target “reasonably believed to be acting for, or in furtherance of, the goals or objectives of an international terrorist or international terrorist organization, for purposes harmful to the national security of the United States.”

Mahar said that in counterterrorism investigations, federal surveillance laws, including the Foreign Intelligence Surveillance Act, continue to govern electronic surveillance in addition to the limitations detailed in his department’s manual.

Reporting by Dustin Volz; editing by Grant McCool

Our Standards:The Thomson Reuters Trust Principles.


Hack of U.S. securities regulator rattles investors, stirs doubts

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading.

The incursion at the Securities and Exchange Commission (SEC) struck at the heart of the U.S. financial system. The SEC’s EDGAR filing system is the central repository for market-moving information on corporate America with millions of filings ranging from quarterly earnings to statements on acquisitions.

Accessing documents before they are released publicly would offer hackers a lucrative opportunity to trade on that information.

The SEC said late on Wednesday that a hack occurred in 2016 but it had only discovered last month that the cyber criminals may have used the information to make illicit trades.

SEC Chairman Jay Clayton gave members of Congress a “courtesy call” about the hack late on Wednesday afternoon, said Rep. Bill Huizenga, chairman of the House subcommittee on Capital Markets, Securities, and Investment, which oversees the SEC.

”I’m glad that Jay Clayton has decided to acknowledge this and release it, warts and all,” Huizenga said.

”It’s hugely problematic and we’ve got to be serious about how we protect that information as a regulator. I’m hoping that this leads to some vast improvements and an uptick in the vigilance that all the regulators are going to have with information that’s coming to them.”

The disclosure has rattled investors’ faith in the security of their data. It comes two weeks after credit-reporting company Equifax (EFX.N) said hackers had stolen data on more than 143 million U.S. customers, and in the wake of last year’s cyber attack on SWIFT, the global bank messaging system.

It is particularly embarrassing for the SEC and its new boss Clayton, who has made tackling cyber crime one of the top enforcement issues during his tenure.

“The Chairman obviously recognizes the irony of the SEC potentially serving as the unwitting tipper in an insider trading scheme,” said John Reed Stark, a former SEC staff member and cyber expert.

The SEC has said it was investigating the source of the hack but it did not say when exactly it happened or what sort of non-public data was retrieved. The agency said the attackers had exploited a weakness in part of the EDGAR system and it had “promptly” fixed it.


Clayton will be grilled on the incident and its aftermath at a hearing by the Senate Banking Committee on Tuesday. In particular, questions are likely about how prepared the SEC was against such an attack and why it waited until now to disclose it.

Securities industry rules require companies to disclose cyber breaches to investors and the SEC has investigated firms over whether they should have reported incidents sooner.

In July, months after the breach was detected, a congressional watchdog office warned that the Wall Street regulator was “at unnecessary risk of compromise” because of deficiencies in its information systems.

The 27-page report by the Government Accountability Office found the SEC did not always fully encrypt sensitive information, used unsupported software, failed to fully implement an intrusion detection system and made missteps in how it configured its firewalls, among other things.

It also shut down a specialized unit on cyber crimes as part of a reorganization in 2010 despite former SEC chair Mary Jo White, in office when the hack occurred, telling Reuters in 2016 that cyber security posed the biggest risk to the U.S. financial system.

“Cyber crimes have continued to spread, thrive and become more innovative. Now, more than ever, the SEC needs a dedicated and specialized corps of cyber sleuths to track down and deter hackers,” said Stark, currently president of a cyber consulting firm.

The SEC has scored some victories in tackling cyber criminals. In 2015, the commission unmasked a ring of stock traders and hackers who had accessed company press releases from distributors Marketwire, PR Newswire and Business Wire before the information was made public to make $ 100 million in illegal profits.

Writing by Lisa Lambert; Editing by Carmel Crimmins and Nick Zieminski

Our Standards:The Thomson Reuters Trust Principles.


Alibaba-backed Best Inc cuts expected price range for U.S. IPO

(Reuters) – Alibaba Group-backed (BABA.N) Chinese logistics firm Best Inc on Tuesday slashed the expected price range of its U.S. initial public offering, one day before its market debut, suggesting tepid investor enthusiasm.

Best expects its offering of 45 million American depository shares (ADS) to be priced at $ 10 to $ 11 per ADS, it said in a filing with U.S. securities regulators. (bit.ly/2heEOFe)

The company had initially expected a price range of $ 13 to $ 15 per ADS and an IPO consisting of 53.56 million new shares and 8.54 million existing shares.

Best, founded by former Google executive Johnny Chou, faces stiff competition from fellow Chinese logistics firms such as S.F. Holding (002352.SZ), YTO Express (600233.SS) and STO Express (002468.SZ), all of which recently went public in China, the world’s biggest logistics market.

Best was banking on China’s booming logistics market to justify its valuation, but concerns over competition, along with rising fuel and labor costs prompted some investors to balk at Best’s initial pricing, Reuters reported earlier on Tuesday.

Best reported a net loss of 623.8 million yuan ($ 94.9 million) for the six months ended June 30. Total revenue rose 133.5 percent to 8.10 billion yuan, driven by its freight and express delivery business.

Chinese e-commerce company Alibaba, led by Jack Ma, holds a 23.4 percent stake in Best.

Reporting By Aparajita Saxena in Bengaluru; Editing by Sai Sachin Ravikumar

Our Standards:The Thomson Reuters Trust Principles.