WASHINGTON – A previously confidential directive by Biden administration lawyers lays out how military and spy agencies must handle personal information about Americans when using artificial intelligence, showing how the officials grappled with trade-offs between civil liberties and national security.

The results of that internal debate also underscore the constraints and challenges the government faces in issuing rules that keep pace with rapid advances in technology, particularly in electronic surveillance and related areas of computer-assisted intelligence gathering and analysis.

The administration had to navigate two competing goals, according to a senior administration official Joshua Geltzer, the top legal adviser to the National Security Council, “harnessing emerging technology to protect Americans, and establishing guardrails for safeguarding Americans’ privacy and other considerations”.

The White House last month held back the four-page, unclassified directive when President Joe Biden signed a major national security memo that pushes military and intelligence agencies to make greater use of AI within certain guardrails.

After inquiries from The New York Times, the White House has made the guidance public. A close read and an interview with Mr Geltzer, who oversaw the deliberations by lawyers from across the executive branch, offers greater clarity on the current rules that national security agencies must follow when experimenting with using AI.

Training AI systems requires feeding them large amounts of data, raising a critical question for intelligence agencies that could influence both Americans’ private interests and the ability of national security agencies to experiment with the technology.

When an agency acquires an AI system trained by a private sector firm using information about Americans, is that considered “collecting” the data of those Americans?

The guidance says that does not generally count as collecting the training data – so those existing privacy-protecting rules, along with a 2021 directive about collecting commercially available databases, are not yet triggered.

Still, the Biden team was not absolute on that question. The guidance leaves open the possibility that acquisition might count as collection if the agency has the ability to access the training data in its original form, “as well as the authorisation and intent to do so.” NYTIMES

WASHINGTON – A sophisticated breach of US telecommunications systems has extended to the presidential campaigns, raising questions about the group behind the attack and the extent of its efforts at collecting intelligence.

It was unclear what data was taken in the attack. The far-reaching operation has been linked to the Chinese government and attributed to a group experts call Salt Typhoon.

Investigators believe hackers took aim at a host of well-connected Americans, including the presidential candidates – reflecting the scope and potential severity of the hack.

Here’s what to know.

What is Salt Typhoon?

Salt Typhoon is the name Microsoft cybersecurity experts have given to a Chinese group suspected of using sophisticated techniques to hack into major systems – most recently, US telecommunication companies.

The moniker is based on Microsoft’s practice of naming hacking groups after types of weather – “typhoon” for hackers based in China, “sandstorm” for efforts by Iran and “blizzard” for operations mounted by Russia. A second term, in this case “salt,” is used to denote the type of hacking.

Experts say Salt Typhoon seems to be focused primarily on counterintelligence targets, unlike other hacking groups that may try to steal corporate data, money or other secrets.

What do US officials think Salt Typhoon has done?

National security officials have gathered evidence indicating the hackers were able to infiltrate major telecom companies, including but not limited to Verizon.

The New York Times reported on Oct 25 that among the phones targeted were devices used by former President Donald Trump and his running mate, Senator JD Vance of Ohio. The effort is believed to be part of a wide-ranging intelligence-collection effort that also took aim at Democrats, including staff members of both Vice President Kamala Harris’ campaign and Senator Chuck Schumer of New York, the majority leader.

How serious is this hacking?

National security officials are still scrambling to understand the severity of the breach, but they are greatly concerned if, as it appears, hackers linked to Chinese intelligence were able to access US cellphone and data networks. Such information can provide a wealth of useful intelligence to a foreign adversary like China.

To some degree, the breach represents a continuation of data collection on the types of targets that spies have been gathering for decades. In this instance, however, the sheer quantity and quality of the information Salt Typhoon may have gained access to could put the intrusion into its own category, and suggests that US data networks are more vulnerable than officials realised.

What did the hackers get?

At this stage, that is still unclear. One major concern among government officials is whether the group was able to observe any court-ordered investigative work, such as Foreign Intelligence Surveillance Act collection – a highly secretive part of American efforts to root out spies and terrorists.

No one has suggested yet that the hackers were able to essentially operate inside individual targets’ phones. The more immediate concern would be if they were able to see who was in contact with candidates and elected officials, and how often they spoke and for how long. That kind of information could help any intelligence agency understand who is close to senior decision-makers in the government.

People familiar with the investigation say it is not yet known if the hackers were able to gain access to that kind of information; investigators are reasonably confident that the perpetrators were focused on specific phone numbers associated with presidential campaigns, senior government leaders, their staff members and others.

Like the weather, hacking is never really over, and the Salt Typhoon breach may not be over either. It is also possible that the United States may never learn precisely what the hackers got. NYTIMES

WASHINGTON – The accused Iranian hacking group who intercepted Republican U.S. presidential candidate Donald Trump’s campaign emails have finally found some success in getting their stolen material published after initially failing to interest the mainstream media. 

In recent weeks, the hackers began peddling Trump emails more widely to one Democratic political operative, who has posted a trove of material to the website of his political action committee, American Muckrakers, and to independent journalists, at least one of whom posted them on the writing platform Substack. The latest material shows Trump campaign communications with external advisers and other allies, discussing a range of topics leading up to the 2024 election.

The hackers’ activities tracked by Reuters provide a rare glimpse into the operations of an election interference effort. They also demonstrate Iran remains determined to meddle in elections despite a September U.S. Justice Department indictment accusing the leakers of working for Tehran and using a fake persona. 

The indictment alleged that an Iranian-government linked hacking group, known as Mint Sandstorm or APT42, compromised multiple Trump campaign staffers between May and June by stealing their passwords. In a Homeland Security advisory published earlier this month, the agency warned that the hackers continue to target campaign staff. If found guilty, they face prison time and fines. 

The Department of Justice indictment said the leakers were three Iranian hackers working with Iran’s Basij paramilitary force whose voluntary members help the regime to enforce its strict rules and to project influence. Attempts to reach the hackers identified by name in the indictment via email and text message were unsuccessful.

In conversations with Reuters, the leakers – who collectively use the fake persona “Robert” – did not directly address the U.S. allegations, with one saying “Do you really expect me to answer?!” 

“Robert” is the same fake persona referred to in the U.S. indictment, according to FBI emails sent to journalists and reviewed by Reuters. 

Iran’s mission to the United Nations said in a statement that reports of the country’s involvement in hacking against the U.S. election were “fundamentally unfounded, and wholly inadmissible,” adding that it “categorically repudiates such accusations.” The FBI, which is investigating Iran’s hacking activity against both presidential campaigns in this election, declined to comment.

David Wheeler, the founder of American Muckrakers, said the documents he shared were authentic and in the public interest. Wheeler said his goal was to “expose how desperate the Trump campaign is to try to win” and to provide the public with factual information. He declined to discuss the material’s origin. 

Without making any specific references, the Trump campaign said earlier this month that Iran’s hacking operation was “intended to interfere with the 2024 election and sow chaos throughout our democratic process,” adding any journalists reprinting the stolen documents “are doing the bidding of America’s enemies.”

 In 2016, Trump took a different position when he encouraged Russia to hack into Hillary Clinton’s emails and provide them to the press.

LEAK OPERATION

The leak operation started around July when an anonymous email account, [email protected], began communicating with reporters at several media outlets, using the Robert moniker, according to two people familiar with the matter. They initially contacted Politico, the Washington Post and the New York Times, promising damning internal information about the Trump campaign.

In early September, the accused Iranian hackers used a second email address, [email protected], in a fresh round of overtures, including to Reuters and at least two other news outlets, the two people familiar with the matter, said.

At the time, they offered research compiled with public information by the Trump campaign into Republican politicians JD Vance, Marco Rubio and Doug Burgum, all of whom were under consideration as Trump’s running mate.

The vice presidential reports were authentic, a person familiar with the Trump campaign told Reuters. Neither Politico, the Washington Post, the New York Times, nor Reuters published stories based on the reports.

New York Times spokesperson Danielle Rhoades Ha, said the newspaper only published articles based on hacked material “if we find newsworthy information in the materials and can verify them.”

In an email, the Washington Post referred Reuters to past comments made by its executive editor, Matt Murray, who said the episode reflected the fact that news organizations “aren’t going to snap at any hack” provided to them. A spokesperson for Politico said the origin of the documents was more newsworthy than the leaked material. Reuters did not publish this material because the news agency did not believe it was newsworthy, a spokesperson said.

Both AOL email accounts identified by Reuters were taken offline in September by its owner Yahoo, which worked with the FBI before the indictment to trace them to the Iranian hacker group, according to two people familiar with the investigation. Yahoo did not respond to a request for comment.

Before losing email access, Robert suggested reporters might need an alternate contact and offered a telephone number on the encrypted chat application Signal. Signal, which is more difficult to monitor by law enforcement, did not return messages seeking comment.

Some senior U.S. intelligence and law enforcement officials have said that Iran’s interference efforts this election cycle are focused on denigrating Trump as they hold him responsible for the 2020 American drone assassination of former Iranian military general Qassem Soleimani. 

Thus far, the already-published leaks do not appear to have changed the public dynamics of the Trump campaign.   

MUCKRAKERS

On Sept. 26, North Carolina-based American Muckrakers, began publishing internal Trump campaign emails. Active since 2021, the PAC has a history of publicizing unflattering material about high-profile Republicans. According to public disclosure reports, it is funded through individual, small-dollar donors from around the country.

On its website, American Muckrakers said the leaks came from “a source,” but, ahead of the publication last month, the group publicly asked Robert to get in touch. “HACKER ROBERT, WHY THE F DO YOU KEEP SENDING THE TRUMP INFORMATION TO CORPORATE MEDIA?” the group said in a post to X. “Send it to us and we’ll get it out.”

When asked whether his source was the alleged Iranian persona Robert, Wheeler said “that is confidential” and that he had “no confirmation of the source’s location.” He also declined to comment on whether the FBI had warned him that the communication was the product of a foreign influence operation. 

In one example, Muckrakers published material on Oct. 4th purporting to show an unspecified financial arrangement with lawyers representing former Presidential candidate Robert F. Kennedy Jr. and Trump. RFK Jr. attorney Scott Street, said in an email to Reuters he could not speak publicly about the incident. Reuters confirmed the authenticity of the material. 

Muckrakers subsequently published documents from Robert about two high-profile races. It included alleged campaign communication about North Carolina Republican gubernatorial candidate Mark Robinson and Florida Republican representative Anna Paulina Luna, both of whom were endorsed by Trump. 

   The exchange about Robinson concerned an attempt by Republican adviser W. Kirk Bell, to seek guidance from the Trump camp after the scandal over comments attributed to Robinson on a pornographic forum. Robinson has previously denied the comments. The other message came from a Republican adviser sharing information with the campaign about Luna’s personal life. 

Robinson and Luna’s campaigns did not return messages seeking comment.

One of the few journalists contacted by Robert who did publish material was independent national security reporter Ken Klippenstein, who posted the vice presidential research documents to Substack late last month. Robert confirmed to Reuters that they gave the material to Klippenstein.

Substack did not respond to a question about its policies concerning hacked material. 

  After the story, Klippenstein said FBI agents contacted him over his communication with Robert, warning that they were part of a “foreign malign influence operation.” In a post, Klippenstein said the material was newsworthy and he chose to publish it because he believed the news media should not be a “gatekeeper of what the public should know.”

A spokesperson for Reuters, which received similar notifications from the FBI, said, “We cannot comment on our interactions, if any, with law enforcement.” An FBI spokesperson declined to comment on its media notification effort. 

Wheeler said he had new leaks in store “soon” and that he would continue to publish similar documents as long as they were “authentic and relevant.” REUTERS