[Infowarrior] - OpEd: InfraGard FUD and misinformation

Richard Forno rforno at infowarrior.org
Mon Feb 25 13:17:22 UTC 2008


(counterpoint to previous post........rf)

More InfraGard FUD and misinformation
http://lippard.blogspot.com/2008/02/more-infragard-fud-and-misinformation.ht
ml

Gary D. Barnett, president of a financial services firm in Montana, has
written an article about InfraGard for The Future of Freedom Foundation,
apparently inspired by the Progressive article. Thankfully, he avoids the
bogus "shoot to kill" claims, but he introduces some erroneous statements of
his own. It's apparent that he didn't bother speaking to anyone in InfraGard
or doing much research before writing his article, which is another attempt
to spread fear, uncertainty, and doubt about the program.

Barnett first goes wrong when he writes:

    InfraGard¹s stated goal ³is to promote ongoing dialogue and timely
communications between members and the FBI.² Pay attention to this next
part:

        Infragard members gain access to information that enables them to
protect their assets and in turn give information to government that
facilitates its responsibilities to prevent and address terrorism and other
crimes. 

    I take from this statement that there is a distinct tradeoff, a tradeoff
not available to the rest of us, whereby InfraGard members are privy to
inside information from government to protect themselves and their assets;
in return they give the government information it desires. This is done
under the auspices of preventing terrorism and other crimes. Of course, as
usual, ³other crimes² is not defined, leaving us to guess just what
information is being transferred.

First, there isn't a "distinct tradeoff." There is no "quid pro quo"
required of InfraGard members. All InfraGard members get the same access to
bulletins as the others, regardless of whether they share information back.
There are some specific sector-oriented subgroups that share information
only with each other (and such private groups also exist independently of
InfraGard, such as the sector Information Sharing and Analysis Centers, or
ISACs). The FBI may come to a company from time to time with specific threat
information relevant to them (I've seen this happen once with respect to my
own company), but that happens whether a company is a member of InfraGard or
not. (Where InfraGard membership might give added benefit is that the FBI
knows that the InfraGard member has undergone some rudimentary screening.
There are companies that are set up and run by con artists, as well as by
foreign intelligence agents, believe it or not, and where there is apparent
risk of such a setup, the FBI is obviously going to be less forthcoming than
with somebody they already know.)

Second, "not available to the rest of us" suggests that InfraGard membership
is difficult to come by. It's not. I suspect Mr. Barnett himself could be
approved, as could whoever does IT security for his company.

Third, there's no need to guess about the "other crimes." The FBI's own
priority list tells you:

1. Protect the United States from terrorist attack. (Counterterrorism)
2. Protest the United States against foreign intelligence operations and
espionage. (Counterintelligence)
3. Protect the United States against cyber-based attacks and high-technology
crimes. (Cyber crime)
4. Combat public corruption at all levels.
5. Protect civil rights.
6. Combat transnational/national criminal enterprises.
7. Combat major white collar crime.
8. Combat significant violent crime.
9. Support federal, state, local, and international partners.
10. Upgrade technology to successfully perform the FBI's mission.

Some might question this list, in particular #5, on the basis of the FBI's
past record, but my interactions with law enforcement lead me to believe
that there are many who do take #5 quite seriously and would challenge and
speak out against actions contrary to it. I was at an InfraGard conference
in New Mexico yesterday at which an exchange occurred that went something
like this:

Me: I work for a global telecommunications company.
He: You're not one of those companies that's been eavesdropping on us, are
you?
Me: No.
He: Good.

"He" was a member of New Mexico's InfraGard--and a member of law
enforcement. I'll have more to say about warrantless wiretapping in a
moment.

The real issue with this list is that the top two are probably misplaced,
and 6-8 (and #10!) have been suffering, as I've previously written about.

Barnett goes on:

    Since these members of InfraGard are people in positions of power in the
³private² sector, people who have access to a massive amount of private
information about the rest of us, just what information are they divulging
to government? Remember, they are getting valuable consideration in the form
of advance warnings and protection for their lives and assets from
government. This does not an honest partnership make; quite the contrary.

There are several key ways in which private industry helps the FBI through
InfraGard. One is securing their own infrastructure against attacks so that
it doesn't create a problem that the FBI needs to devote resources to. Two
is by bringing criminal issues that are identified by private companies to
the attention of the FBI so that it can investigate and bring prosecutions.
Three is by assisting the FBI in its investigations by explaining what
evidence that requires technical skills to understand means, and giving them
guidance in how to successfully track down criminals.

Barnett goes on to talk about Rep. Jane Harman's bill in Congress,
HR1955/S.1959, which I've also briefly commented on at this blog, and makes
some significant errors of fact. He writes this this bill "if passed, will
literally criminalize thought against government." That's false--the bill
doesn't criminalize anything, it just creates a commission that will write a
report and make recommendations. That commission has no law enforcement
powers of any kind, not even the power of subpoena. Barnett also mistakenly
thinks that this bill contains a reference to InfraGard. He writes:

    S.1959, if passed, will be attached to the Homeland Security Act and
InfraGard is already a part of the Department of Homeland Security. This is
not a coincidence. Under section 899b of S.1959 it is stated:

        Preventing the potential rise of self radicalized, unaffiliated
terrorists domestically cannot be easily accomplished solely through
traditional Federal intelligence or law enforcement efforts, and can benefit
from the incorporation of State and local efforts.

    This appears to be a direct reference to the InfraGard program.

The reference to "the incorporation of State and local efforts" into
"traditional Federal intelligence or law enforcement efforts" in
counterterrorism contains no reference to private partnerships, only to
combining law enforcement efforts at federal, state, and local levels. This
is a reference to what are called "fusion centers," like the Arizona
Counter-Terrorism Information Center (ACTIC). The people who work in those
centers are people from government agencies (at the federal, state, and
local levels) with government security clearances. InfraGard in Phoenix does
partner with ACTIC, which in practice means that ACTIC representatives give
presentations to InfraGard (all of which I believe have also been open to
the general public), ACTIC shares threat information with InfraGard much
like the FBI does, and that InfraGard members are encouraged to report
potential terrorist tip information to ACTIC. (ACTIC also encourages the
general public to do this, which I think is far more likely to waste
resources than identify any actual terrorists.)

Note that Barnett is mistaken when he writes that InfraGard is part of the
Department of Homeland Security. InfraGard is not a government agency or
part of a government agency--it is a non-governmental organization, or
actually a collection of non-governmental organizations, which are 501(c)(3)
nonprofits, with leadership provided by board members who are InfraGard
members. Each chapter has a coordinator from the FBI who is not on the
board. The FBI provides guidance and suggestions, but the organizations are
run by the boards.

Now Barnett goes into Matt Rothschild territory when he writes: "I¹m just
speculating, of course, but is it possible that InfraGard will be a domestic
police and spying arm for the government concerning ³thought crime²?" It's
not just speculation, it's uninformed speculation. InfraGard is not part of
government and has no police powers of any kind. I've previously addressed
the degree to which I think the "spying" is a risk--I think it's relatively
low, but worth talking about.
Barnett continues in a Rothschild vein when he says "InfraGard, on the other
hand, is an organization cloaked in secrecy. It holds secret meetings with
the FBI." This talk of InfraGard being "cloaked in secrecy" is grossly
exaggerated. The group has fairly open membership and most meetings are open
to the public. When there are meetings restricted to membership, those
typically wouldn't be accurately described as "secret meetings with the
FBI." I and other members of InfraGard have had private meetings with FBI
agents with respect to particular investigations, but it would be inaccurate
to describe those as "InfraGard meetings." Law enforcement by its very
nature requires a high degree of confidentiality for ongoing investigations,
but it is a mistake to infer that this means conspiratorial plotting or
spying.

Towards the end of his article, Barnett talks about warrantless wiretapping,
telecom immunity, and the secrecy of InfraGard membership:

    Considering the recent attempts by President Bush and his administration
to protect many telecommunications companies and executives from prosecution
for releasing private information, how many of the top telecom executives
are members of InfraGard? I, for one, would be very interested in this
information, but alas, it is not public information; it is secret.

What's the sense in which InfraGard membership is secret? Only in that it's
not made available to the general public. Barnett writes that "no one
outside InfraGard is to know who is a member unless previous approval has
been given," but this is his misinterpretation of a guideline he quotes, not
what it says. There's nothing prohibiting an InfraGard member from
identifying themselves as such, only from identifying others as such without
their consent. And if you're going to speak on behalf of InfraGard, you need
to get approval from the organization first. (And note that I'm not speaking
on behalf of InfraGard here, and have had no approval from InfraGard for
what I've written on my blog.) If you're an InfraGard member, you have
access to the online directory of InfraGard members. If Barnett is really
interested in knowing who is a member, all he has to do is join.

As for "how many of the top telecom executives are members of InfraGard," I
haven't looked, but I would be willing to wager that the answer is none. I
know that none of the members of the "Senior Leadership Team" of my company
are members of InfraGard, though my boss, our VP of Global Security, heads
the Rochester, NY chapter of InfraGard. Senior executives of large
corporations don't have time or interest to belong to InfraGard, and it's
not really geared to them, as opposed to members of their physical and IT
security organizations.

And as for warrantless wiretapping (I said I'd get back to it), InfraGard
has nothing to do with that and it's foolish to think that it would. That
activity has involved direct relationships between incumbent telecom
providers (AT&T certainly, and probably Verizon as well) and the National
Security Agency, with information restricted to employees holding government
security clearances on a "need to know" basis, as the ACLU and EFF lawsuits
have revealed. These relationships also probably include commercial
relationships, and have included movement of personnel from one to the
other--for example, AT&T has a Director of Government Solutions who came
from the NSA. InfraGard members, many if not most of which hold no
government security clearances, are not in the loop on that activity. (For
that matter, I suspect few FBI personnel are in the loop on that, either.)

I find it discouraging that articles like Barnett's are written and
published. Such inaccurate information serves to distract from real issues
and real government abuses and to discredit those who repeat it, when they
have other things to say that are worth hearing, paying attention to, and
acting upon. I hope that Barnett and FFF will strive for greater accuracy in
the future.




More information about the Infowarrior mailing list