State Dept’s Wibbly Wobbly Jello Stance on Use of Private Email, Also Gummy Jello on Prostitution

Posted: 1:38 am EDT

 

We’ve added to our timeline of the Clinton Email saga (see Clinton Email Controversy Needs Its Own Cable Channel, For Now, a Timeline).

On August 24, 2015, State Dept. Spokesman John Kirby told CNN:  “At The Time, When She Was Secretary Of State, There Was No Prohibition To Her Use Of A Private Email.” Below is the video clip with Mr. Kirby.

Okay, then. Would somebody please get the State Department to sort something out. If there was no prohibition on then Secretary Clinton’s use of a private email, why, oh, why did the OIG inspectors dinged the then ambassador to Kenya, Scott Gration for using commercial email back in 2012? (See OIG inspection of US Embassy Kenya, 2012).

Screen Shot 2015-08-25

Oh, and here’s a more recent one dated August 25, 2015. The OIG inspection of U.S. Embassy Japan (pdf) says this:

In the course of its inspection, OIG received reports concerning embassy staff use of private email accounts to conduct official business. On the basis of these reports, OIG’s Office of Evaluations and Special Projects conducted a review and confirmed that senior embassy staff, including the Ambassador, used personal email accounts to send and receive messages containing official business. In addition, OIG identified instances where emails labeled Sensitive but Unclassified6 were sent from, or received by, personal email accounts.

OIG has previously reported on the risks associated with using commercial email for official Government business. Such risks include data loss, hacking, phishing, and spoofing of email accounts, as well as inadequate protections for personally identifiable information. Department policy is that employees generally should not use private email accounts (for example, Gmail, AOL, Yahoo, and so forth) for official business.7 Employees are also expected to use approved, secure methods to transmit Sensitive but Unclassified information when available and practical.8

OIG report referenced two cables, we’ve inserted the hyperlinks publicly available online: 11 STATE 65111 and 14 STATE 128030 and 12 FAM 544.3, which has been in the rules book, at least since 2005:

12 FAM 544.3 Electronic Transmission Via the Internet  (updated November 4, 2005)

“It is the Department’s general policy that normal day-to-day operations be conducted on an authorized [Automated Information System], which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information.”

This section of the FAM was put together by the Office of Information Security (DS/SI/IS) under the Bureau of Diplomatic Security, one of the multiple bureaus that report to the Under Secretary for Management.

Either the somebodies were asleep at the switch, as the cliché goes, or somebody at the State Department gave authorization to the Clinton private server as an Automated Information System.

In any case, the State Department’s stance on the application of regulations on the use of private and/or commercial email is, not wobbly jello on just this one subject or on just this instance.

gummy-bears-o

dancing jello gummy bears

On October 16, 2014, State/OIG released its Review of Selected Internal Investigations Conducted by the Bureau of Diplomatic Security. This review arose out of a 2012 OIG inspection of the Department of State (Department) Bureau of Diplomatic Security (DS). At that time, OIG inspectors were informed of allegations of undue influence and favoritism related to the handling of a number of internal investigations by the DS internal investigations unit. The allegations initially related to eight, high-profile, internal investigations. (See State/OIG Releases Investigation on CBS News Allegations: Prostitution as “Management Issues” Unless It’s NotCBS News: Possible State Dept Cover-Ups on Sex, Drugs, Hookers — Why the “Missing Firewall” Was a Big Deal).

One of those eight cases relate to an allegation of soliciting a prostitute.

The Foreign Affairs Manual (FAM) provides that disciplinary action may be taken against persons who engage in behavior, such as soliciting prostitutes, that would cause the U.S. Government to be held in opprobrium were it to become public.1

In May 2011, DS was alerted to suspicions by the security staff at a U.S. embassy that the U.S. Ambassador solicited a prostitute in a public park near the embassy. DS assigned an agent from its internal investigations unit to conduct a preliminary inquiry. However, 2 days later, the agent was directed to stop further inquiry because of a decision by senior Department officials to treat the matter as a “management issue.” The Ambassador was recalled to Washington and, in June 2011, met with the Under Secretary of State for Management and the then Chief of Staff and Counselor to the Secretary of State. At the meeting, the Ambassador denied the allegations and was then permitted to return to post. The Department took no further action affecting the Ambassador.

OIG found that, based on the limited evidence collected by DS, the suspected misconduct by the Ambassador was not substantiated. DS management told OIG, in 2013, that the preliminary inquiry was appropriately halted because no further investigation was possible. OIG concluded, however, that additional evidence, confirming or refuting the suspected misconduct, could have been collected. For example, before the preliminary inquiry was halted, only one of multiple potential witnesses on the embassy’s security staff had been interviewed. Additionally, DS never interviewed the Ambassador and did not follow its usual investigative protocol of assigning an investigative case number to the matter or opening and keeping investigative case files.

Department officials offered different justifications for handling the matter as a “management issue,” and they did not create or retain any record to justify their handling of it in that manner. In addition, OIG did not discover any guidance on what factors should be considered, or processes should be followed, in making a “management issue” determination, nor did OIG discover any records documenting management’s handling of the matter once the determination was made.

The Under Secretary of State for Management told OIG that he decided to handle the suspected incident as a “management issue” based on a disciplinary provision in the FAM that he had employed on prior occasions to address allegations of misconduct by Chiefs of Mission. The provision, applicable to Chiefs of Mission and other senior officials, states that when “exceptional circumstances” exist, the Under Secretary need not refer the suspected misconduct to OIG or DS for further investigation (as is otherwise required).2 In this instance, the Under Secretary cited as “exceptional circumstances” the fact that the Ambassador worked overseas.3

DS managers told OIG that they viewed the Ambassador’s suspected misconduct as a “management issue” based on another FAM disciplinary provision applicable to lower-ranking employees. The provision permits treating misconduct allegations as a “management issue” when they are “relatively minor.”4 DS managers told OIG that they considered the allegations “relatively minor” and not involving criminal violations.

Office of the Legal Adviser staff told OIG that the FAM’s disciplinary provisions do not apply to Ambassadors who, as in this instance, are political appointees and are not members of the Foreign Service or the Civil Service.5

OIG questions the differing justifications offered and recommends that the Department promulgate clear and consistent protocols and procedures for the handling of allegations involving misconduct by Chiefs of Mission and other senior officials. Doing so should minimize the risk of (1) actual or perceived undue influence and favoritism and (2) disparate treatment between higher and lower-ranking officials suspected of misconduct.6 In addition, OIG concludes that the Under Secretary’s application of the “exceptional circumstances” provision to remove matters from DS and OIG review could impair OIG’s independence and unduly limit DS’s and OIG’s abilities to investigate alleged misconduct by Chiefs of Mission and other senior Department officials.

In the SBU report provided to Congress and the Department, OIG cited an additional factor considered by the Under Secretary—namely, that the Ambassador’s suspected misconduct (solicitation of prostitution) was not a crime in the host country. However, after the SBU report was issued, the Under Secretary advised OIG that that factor did not affect his decision to treat the matter as a “management issue” and that he cited it in a different context. This does not change any of OIG’s findings or conclusions in this matter. 

After the SBU report was issued, the Under Secretary of State for Management advised OIG that he disagrees with the Office of the Legal Adviser interpretation, citing the provisions in the Foreign Service Act of 1980 which designate Chiefs of Mission appointed by the President as members of the Foreign Service. See Foreign Service Act of 1980, §§ 103(1) & 302(a)(1) (22 USC §§ 3903(1) & 3942(a)(1)). 

During the course of that review, State/OIG said it discovered some evidence of disparity in DS’s handling of allegations involving prostitution. Between 2009 and 2011, DS investigated 13 prostitution-related cases involving lower-ranking officials.

The OIG apparently, found no evidence that any of those inquiries were halted and treated as “management issues.”

.

Also, have you heard?  Apparently, DEA now has an updated “etiquette” training for its agents overseas.

That’s all.

Is there a diplomatic way to request that the responsible folks at the State Department culture some real backbone in a petri-dish?

No, no, not jello backbone, please!

#

Burn Bag: No emergency notification cascade. Sigh.

Via Burn Bag:

Last Friday, an armed former fed committed murder/suicide in the federal building in NYC where Diplomatic Security has an office.  The response from DS New York management? No emergency notification cascade, no immediate accountability of all personnel…not a word from the Special Agent in Charge (SAC) or ASAC. 

Via reactiongifs.com

Via reactiongifs.com

 

Related items: 

 

 

OIG Compliance Review: Minimum Security Standards For Overseas Facilities Remain a Hard Nut to Crack

Posted: 2:00 pm EDT

 

Three ARB-related IG reports were issued this past week, two of them, the Audit of the DOS Implementation of the Vital Presence Validation Process and the Review of the Implementation of the Benghazi Accountability Review Board Recommendation have been designated as Classified. The third one, the Compliance Followup Review of the 2013 Special Review of the Accountability Review Board Process is available in full online.

On September 25, 2013, State/OIG released its Special Review of the Accountability Review Board (ARB) Process. That report contains 20 formal and 8 informal recommendations. For the status of the 20 formal recommendations, see Appendix B of the report.  For the status of the informal recommendations, see Appendix C of the report. The OIG notes that the action taken by State at some Benghazi ARB recommendations “did not appear to align with the intent of the recommendations and some Benghazi ARB recommendations did not appear to address the underlying security issues adequately.”

Thirteen of the formal recommendations and five of the informal recommendations are related to the ARB process. The remaining seven formal and three informal recommendations mirror or are closely related to the Benghazi ARB recommendations. As stated in the ARB process review report, the ARB process team’s rationale for issuing these recommendations was that the action taken to date on some of the Benghazi ARB recommendations did not appear to align with the intent of the recommendations and some Benghazi ARB recommendations did not appear to address the underlying security issues adequately. The classified annex to the report provides an assessment of the Department’s implementation of the recommendations of the Benghazi ARB as of the date of the review. Its focus is on the implementation of the 64 tasks S/ES issued in response to the Benghazi ARB recommendations. It contains no OIG recommendations.

In the Compliance Followup Review or CFR dated August 2015, State/OIG reissued one recommendation from the 2013 inspection report, that the Under Secretary of State for Management, in coordination with the Bureau of Diplomatic Security and the Bureau of Overseas Buildings Operations, develop minimum security standards that must be met prior to occupying facilities located in designated high-risk, high-threat locations and include these minimum standards for occupancy in the Foreign Affairs Handbook as appropriate. The report also include a little nugget about DOD cooperation with investigative reports of security-related incidents that involve State Department personnel, specifically mentioning “the incident in Zabul Province, Afghanistan.” That’s the incident where FSO Anne Smedinghoff and four others were killed in Zabul, Afghanistan in April 2013.

Outstanding Recommendation on Minimum Security Standards 

Recommendation 17 of the ARB process review report recommended that the Department develop minimum security standards that must be met prior to occupying facilities in HRHT locations. The Department rejected this recommendation, stating that existing Overseas Security Policy Board standards apply to all posts and that separate security standards for HRHT posts would not provide better or more secure operating environments. Furthermore, recognizing that Overseas Security Policy Board standards cannot be met at all locations, the Department has a high threshold for exceptions to these standards and the waiver and exceptions process requires “tailored mitigation strategies in order to achieve the intent of the standards.”5

Although OIG acknowledges the Department’s assertion of a “high threshold for exceptions,” the Department’s response does not meet the recommendation’s requirement for standards that must be met prior to occupancy. As was noted in the ARB process review report, “…occupying temporary facilities that require waivers and exceptions to security standards is dangerous, especially considering that the Department occupies these facilities long before permanent security improvements are completed.”6 As the Department has not identified minimum security standards that must be met prior to occupancy, Recommendation 17 is being reissued.

Recommendation CFR 1: The Office of the Under Secretary of State for Management, in coordination with the Bureau of Diplomatic Security and the Bureau of Overseas Buildings Operations, should develop minimum security standards that must be met prior to occupying facilities located in Department of State-designated high-risk, high-threat environments and include new minimum security standards of occupancy in the Foreign Affairs Handbook as appropriate. (Action: M, in coordination with DS and OBO)

So, basically back to where it was before Benghazi, when there were no minimum security standards prior to occupying temporary facilities.

How high is this “high threshold of exceptions” that’s being asserted?

Risk management process now called “tailored mitigation strategies” — resulting in waivers of Inman standards?

So waivers will continue to be executed?

And temporary facilities will continue to be occupied?

Key Findings:

  • The Department of State has complied with all the formal and informal recommendations of the 2013 Special Review of the Accountability Review Board Process, except one, which has been reissued in this report.
  • The Department of State has implemented regulatory and procedural changes to delineate clearly who is responsible for implementation, and oversight of implementation, of Accountability Review Board recommendations. The Under Secretary for Management, in coordination with the Under Secretary for Political Affairs, is responsible for implementation of Accountability Review Board recommendations. The Deputy Secretary for Management and Resources is responsible for overseeing the Department’s progress in Accountability Review Board implementation, which places accountability for implementation at an appropriately high level in the Department of State.
  • The Office of Management Policy, Rightsizing, and Innovation manages the Accountability Review Board function. The Accountability Review Board process review report was critical of the Office of Management Policy, Rightsizing, and Innovation’s recordkeeping and files of past Accountability Review Boards. The Office of Management Policy, Rightsizing, and Innovation has since revised its Accountability Review Board recordkeeping guidelines. These revised guidelines have yet to be tested, as no Accountability Review Board has met since the Benghazi Accountability Review Board, which issued its report in December 2012.

More details excerpted from the IG report

Flow of Information

Formal Recommendations 1, 2, 3, and 9—as well as Informal Recommendations 1 and 3—concern the flow of information within the Department and from the Department to Congress. The recommendations introduce additional reporting requirements for all incidents that might meet the criteria to convene an ARB, as well as a more clearly defined list of congressional recipients for the Secretary’s Report to Congress. Recommendation 9 tasks S/ES with creating a baseline list of congressional recipients for the Secretary’s report to Congress. That list is now more clearly specified and included in regulations governing the ARB process.

Informal Recommendation 3 requires broader circulation of ARB reports as well as the Secretary’s report to Congress. The M/PRI position is that these reports belong to the Secretary and their dissemination should be at the Secretary’s discretion. OIG continues to believe that the Secretary should exercise discretion and circulate ARB reports and subsequent reports to Congress more widely within the Department.

ARB Recordkeeping

In December 2014, M/PRI revised its ARB recordkeeping guidelines regarding those records to be retained and safeguarded. However, because no ARB has convened since Benghazi, these revised guidelines remain untested. Although these guidelines require recording and transcribing telephone interviews, they do not mandate verbatim transcripts of all interviews, including in-person meetings, as the Inspector General suggested in his May 29, 2014, memorandum to the D/MR.

Action Memo for the Secretary

In compliance with Recommendation 1, the OIG CFR team found that M/PRI now drafts an action memo for the Secretary after every Permanent Coordinating Committee (PCC) meeting detailing the PCC decision, even if the PCC does not recommend convening an ARB.

In response to Recommendation 4, the Under Secretary for Management amended 12 FAM 030 to require vetting and reporting security-related incidents, which do not result in convening a PCC. Those cases will be communicated to the Secretary.

Alternative Review

To meet the intent of Recommendation 2, M/PRI has included in its instructions to the PCC chair a reminder to PCC members that if the PCC votes not to convene an ARB, the PCC should decide whether to recommend that the Secretary request an alternative review.

Terminology

Recommendation 5 recommends establishing written criteria to define the key terms “serious injury,” “significant destruction of property,” and “at or related to a U.S. mission abroad.” The 2013 OIG inspection team found that ambiguity in the terminology had led to their inconsistent application as criteria in decisions to convene ARBs.

ARB Implementation

Recommendations 10 and 11 recommend institutionalizing the oversight of the implementation of ARB recommendations as a responsibility of D/MR. M/PRI’s revision of 12 FAM 030 and addition of 12 Foreign Affairs Handbook (FAH)-12 now clearly delineate who is responsible for managing the ARB process and who is responsible for oversight of implementation of ARB recommendations. The Deputy Secretary’s responsibility for overseeing implementation of ARB recommendations places accountability for implementation at an appropriately high level in the Department.

Personnel Performance 

Recommendation 19 tasks M/PRI, in coordination with the Bureau of Human Resources and the Office of the Legal Adviser, to prepare clear guidelines for ARBs on recommendations dealing with issues of poor personnel performance. M/PRI has revised its standing guidance to ARB members, referring them to the Department’s new leadership principles in 3 FAM 1214, 4138, and 4532 when documenting instances of unsatisfactory performance or poor leadership. The Department further codified this ARB authority by expanding the list of grounds for taking disciplinary or separation action against an employee, including “conduct by a senior official that demonstrates unsatisfactory leadership in relation to a security incident under review by an [ARB] convened pursuant to 22 U.S.C. 4831.” In addition, in January 2013 the Department began seeking an amendment to the ARB statute (22 U.S.C. 4834(c)) to provide explicitly that unsatisfactory leadership may be a basis for disciplinary action and that the ARB would have the appropriate authority to recommend such action. No change to the statute has yet been made.

Strengthening Security at High-Risk, High-Threat Posts

New courses:  Guided by a panel of senior DS special agents and outside organizations, DS updated its former High Threat Tactical Course to create a suite of mandatory courses for DS agents assigned to HRHT locations, drawing on lessons learned from the attacks in Benghazi, Libya, and Herat, Afghanistan. The cornerstone of these courses is the “High Threat Operations Course” (HT-310), which, as of October 1, 2013, was made mandatory for all DS agents at grades FS 04 through 06 who are assigned to HRHT locations. Similar, but shorter duration courses (HT-310E and HT-315) are required for senior and mid-level DS agents assigned to such locations.

Marine Detachments

The Department, in coordination with DOD, has added 20 new MSG detachments, and Marine Corps Headquarters has created the Marine Security Augmentation Unit. Although some HRHT posts still lack MSG detachments, for example, because of the lack of host government approval, the Department has made progress in deploying new detachments and increasing the size of existing detachments.[…] The June 2013 revision of the memorandum of agreement also includes a revision of the MSG mission. In the previous version, the MSG’s primary mission was to prevent the compromise of classified information. Their secondary mission was the protection of personnel and facilities. In the revised memorandum of agreement, the mission of the MSG is to protect mission personnel and prevent the compromise of national security information.

DS Agents Embed With DOD Forces

An additional area of security improvement beyond reliance on the host government has been the Department’s closer relationship with DOD, whose personnel have been involved in every Department contingency operation at an HRHT post since the Benghazi attack. Furthermore, DS agents are now embedded in DOD expeditionary forces.

About That Zabul Incident

Recommendation 6 recommends that the Department seek greater assurances from the Department of Defense (DOD) in providing investigative reports of security-related incidents that involve Department personnel. The Department makes its requests via Executive Secretary memorandum to the equivalent DOD addressee, in accordance with 5 FAH-1 H-120. The DOD counterpart has been responsive in delivering requested materials in all the recent instances, including the incident in Zabul Province, Afghanistan. M/PRI will continue to monitor DOD responses to requests for reports in the future.

That means, the State Department now has the Army investigation report into the death of FSO Anne Smedinghoff and four others in Zabul, Afghanistan in April 2013.  See Zabul Attack: Spox Says State Dept Did Its Own Review, It’s Classified, and There’s Now a Checklist! Zabul Attack: Walking But Not Lost, More Details But Not Official; Plus Update on Kelly HuntArmy Report: Poor planning led to FSO Anne Smedinghoff and troops’ death in Afghanistan.

The Chicago Tribune FOIA’ed that Army report but did not make the document public. The State Department internal report of the incident as far as we are aware, remains Classified. Then State Department spox, Jennifer Psaki referred to “multiple investigations” in April 2014;  none publicly released.

#

Related item:

ISP-C-15-33 | Compliance Followup Review of the Special Review of the Accountability Review Board Process | August 2015

 

What’s Next For Former FSO Michael Sestak, Plus Some Unanswered Questions

Posted: 2:05 pm EDT

 

On August 14, 2015, former FSO Michael T. Sestak was sentenced to 64 months imprisonment for receiving over $3 million in bribes in exchange for visas at the U.S. Consulate General in Ho Chi Minh City, Vietnam.

The Preliminary Consent Order of Forfeiture filed in the District Court of Columbia includes forfeiture of a) “any property, real or personal, which constitutes or is derived from proceeds traceable to the offense;” and  b) “a money judgment equal to the value of any property, real or personal, which constitutes or is derived from proceeds traceable to the offense.”

The consent order identifies 1) any and all funds and securities seized from Scottrade Account #XXXX001S, held in the name of Anhdao Thuy Nguyen (“Scottrade Account”); and 2) $198,199.13 seized from the Department of Treasury from the Treasury Suspense Account under Seizure Number 38l30010—O1 (“Treasury Account”); and 3) a money judgment in the amount of at least $6,021,440.58, for which the defendant (Sestak) is jointly and severally liable with any co-conspirators ordered to pay a forfeiture money judgment as a result of a conviction for either offense.

In the plea agreement, Sestak agreed to sell nine properties in Thailand and that the proceeds would be paid to the United
States to satisfy a portion of the money judgment entered against him. The consent order also notes that “upon entry of a forfeiture order, Fed. R. Crim. P. 32.2(b)(3) authorizes the Attorney General or a designee to conduct any discovery the Court considers proper in identifying, locating, or disposing of property subject to forfeiture.”

In a pre-sentencing filing,  Mr. Sestak requested that any term of incarceration occur in a Camp-level facility. Specifically, at FCI Miami or if that’s not available, FCI Pensacola.  Defense justification is based on Sestak’s “lack of criminal history, the non-violent nature of the crimes, his cooperation with the Government, his lifetime of public service, his age, education, and status as a trustee during his pretrial confinement at Northern Neck Regional Jail.”‘

We had a chance to ask a few questions from his lawyer, Gray Broughton; we wanted to know where will be the location of his incarceration.

“The Bureau of Prisons will ultimately make a determination as to where Mr. Sestak is incarcerated,” said Mr. Broughton.  The defense lawyer again cited the nonviolent nature of the crimes and Mr. Sestak’s “clean criminal history.”  Mr. Sestak should be housed in a lower security level facility, according to his lawyer and that his prior employment with the U.S. Marshal will be taken into consideration by the Bureau of Prison.
We asked about the plea deals received by Sestak and main co-conspirator Bihn Vo.   Sestak’s lawyer believed the government made the best deal it could:

Mr. Sestak received a sentence of 64 months – 32 months less than codefendant Binh Vo, who received a sentence of 96 months. The Government will end up getting roughly $5M from Binh Vo – the $3M it already seized and the $2M he has agreed to pay in the next year. Binh Vo’s money (and his wife) are all currently outside of the U.S., so the U.S. doesn’t have any control over either. It made the best deal it felt it could with Binh Vo.

We were also interested in the duration of the sentence. By our calculation, Mr. Sestak would be almost 50 by the time he completes his sentence.  Mr. Broughton, however, told us that “assuming good behavior, Mr. Sestak would serve 85% of the sentence.” He will reportedly also get credit for the 27 months he has been in jail since his arrest, towards his sentence. We’re not sure if he’ll get credit for the full 27 months. But if that’s the case, and if our math is correct, he’d be out between 2-3 years.

We asked what happened to the 500 visa applicants that Mr. Sestak had issued visas to in Vietnam. And if Mr. Sestak was asked to help track or account for the applicants who paid bribes for their visas. Mr. Broughton said, “I don’t know what happened to the visa applicants. I am not aware of any efforts by the US Government in that regard.”

Mr. Broughton also released the following statement after the sentencing:

**
Michael Sestak received a fair, well-reasoned sentence today. The Court had the unenviable task of taking a multitude of opposing factors into consideration in devising Mr. Sestak’s sentence. 

As counsel for the U.S. Government readily admitted during Mr. Sestak’s sentencing hearing, Binh Vo was the mastermind of the visa fraud conspiracy. Binh Vo also had the largest pecuniary gain and will likely have millions of dollars waiting for him upon his release – along with his wife Alice Nguyen, who was able to avoid prosecution as a result of Binh Vo’s plea agreement. The Court appeared to appreciate that a sentence greater than or equal to Binh Vo’s sentence of 8 years would be fundamentally unjust for Michael Sestak, even though the U.S. Sentencing Guidelines recommended a sentence of approximately 20 years.
 
What made things difficult for the Court in determining an appropriate sentence is that Mr. Sestak was an essential component to the conspiracy and a public servant who had taken an oath of loyalty to his Country. It was Mr. Sestak’s status as a public official and the theory that would-be criminals will think twice before committing similar crimes that caused the Court to sentence Michael Sestak to something greater than time served.
 
Ultimately, the Court balanced these countervailing factors by issuing a sentence of 64 months – 32 months less than codefendant Binh Vo, who received a sentence of 96 months.
 
Michael Sestak is a good man who made made a huge mistake. Even after his release from prison, Mr. Sestak’s actions – and the shame that follows – will haunt him forever.
**

 

With the case concluded for all charged co-conspirators, we thought we’d asked the State Department what systemic changes had Consular Affairs instituted at USCG Ho Chi Minh City and worldwide following the Sestak incident.

The State Department, on background says this:

The Bureau of Consular Affairs takes all allegations of malfeasance seriously and continually works to improve its operations. Following any detection of vulnerabilities, CA works to improve management controls and guidance to the field. After the incident in Ho Chi Minh City, the management controls at post were comprehensively reviewed to determine what improvements could be made to their processes. As a matter of policy, we do not discuss the specifics of internal management controls.

Most of the Sestak visa cases were allegedly previous refusals. If true, we don’t quite understand how one officer could overturn so many visa refusals and issue close to 500 visas without red flags, if consular management controls worked as they should.  We wanted to know what consequences will there be for supervisors, embassy senior officials and principal officers who fail to do their required oversight on visas. And by the way, what about those who also do not follow the worldwide visa referral policy, particularly, Front Office occupants? The State Department would only say this:

As a matter of policy we do not discuss specific internal personnel actions. Protecting the integrity of the U.S. visa is a top priority of the U.S. government. We have zero tolerance for malfeasance. We work closely with our law enforcement partners to vigorously investigate all allegations of visa fraud. When substantiated, we seek to prosecute and punish those involved to the fullest extent of the law.

We imagined that the Bureau of Consular Affair’s Consular Integrity Division would be tasked with reviewing procedures and lessons learned on what went wrong in the Sestak case. We wanted to know if that’s the case and wanted to ask questions from the office tasked with the responsibility of minimizing a repeat of the Sestak case. Here is the official response:

The Consular Integrity Division regularly reviews incidents of malfeasance or impropriety and makes recommendations for procedural changes to reduce vulnerabilities and updates training materials for adjudicators and managers based on the lessons learned, including the case in Ho Chi Minh City. The Consular Integrity Division also does reports on the management controls at overseas posts, as well as reports that review global management controls issues, which inform CA leadership about any issues of concern.

No can do.  So far, we’ve only learned that the CID reviewed incidents of malfeasance including the Sestak case but it doesn’t tell us if it did a specific report on HCMC and what systemic changes, if any, were actually made.

We tried again. With a different question: According to in country reports, USCG Ho Chi Minh City received a letter from a jilted man in central Vietnam that helped DS crack the Sestak case. ConGen Ho Chi Minh City is one of the few consular posts that actually has a Regional Security Officer-Investigator, dedicated to visa investigations. If this case started with this reportedly jilted lover, the question then becomes how come neither the RSO-I or the internal consular management controls did not trip up the FSO accused in this case? If there was no anonymous source, would the authorities have discovered what was right under their noses?

As a matter of policy, we do not discuss the details of investigations. Protecting the integrity of the U.S. visa is a top priority of the U.S. government. We continually work to improve its operations, both in the field and here in Washington DC.

Ugh! Sestak was charged in May 2013. In July that year, the State Department told Fox News it was reviewing thoroughly alleged “improprieties” regarding a consular official in Guyana allegedly trading visas for money and possibly sex. In another article in 2014,  former Peace Corps, Dan Lavin,  said, “The State Department makes millions off of the poorest people in the world just by selling them the opportunity to fill out the application.” He also made the following allegation: “There are people at the embassy who can get you a visa,” Lavin said. “If you’re a Sierra Leonean, you go to a man called a ‘broker’; you then pay that ‘broker’ $10,000 and he personally gives that money to someone at the embassy who in turn gets you a visa.”  Apparently,  when asked about the accusations, a spokesperson at the U.S. embassy in Freetown declined to comment.

In any case, we also wanted to know if there were systemic changes with the State Department’s RSO-I program and how they support consular sections worldwide? Or to put it another way, we were interested on any changes Diplomatic Security had implemented in the aftermath of the Sestak case. Here is the amazing grace response, still on background:

It is the mission of DS special agents assigned as Assistant Regional Security Officer-Investigators (ARSO-I) to find fraud in the countries where they serve.

Sigh, we know that already. We thought we’d also ask about those 489 Vietnamese who got their visas under this scheme. What happened to them? Did Diplomatic Security, DHS or some other agency tracked them down?

The Bureau of Consular Affairs conducted a review of visas issued by Mr. Sestak. The Department revoked those visas that were improperly issued. If the visa holder had already travelled to the United States on the improperly issued visa, the Department of State notified the Department of Homeland Security so that agency could take action as appropriate.

We don’t know how many “improperly issued” visas were revoked. All 489?

We don’t know how many of those able to travel to the U.S. were apprehended and/or deported to Vietnam.

Frankly, we don’t really know what happened to the 489 Vietnamese nationals who paid money to get visas.

Calvin Godfrey who covered this case from Vietnam writes:

State Department investigators managed to track down and interrogate a few, though they wouldn’t say how many. The Washington DC office of the US Immigration and Customs Enforcement Agency didn’t respond to a list of questions about their efforts to track them down.

We also don’t know how much was the total proceed from this illegal enterprise. The USG talks about $9.7 million but one of the co-conspirators in an email, talked $20 million. Below via Thanh Nien News:

Prosecutors only put the gang on the hook for a $9.7 million — a “conservative estimate” they came up with by multiplying $20,000 by 489. Statement written by Hong Vo the middle of the illicit ten-month visa auction:

“I can’t believe Binh has pretty much made over $20m with this business,” she wrote to her sister, identified only as Conspirator A.V. “Slow days… are like 3 clients… and that’s like 160k-180.”

 

Then there’s the individual who purportedly started this ball rolling in Vietnam. Below excerpted from Thanh Nien News:

The State Department was quick to crow over Vo’s sentencing, but it remains deeply disingenuous about how this case came about and what it means.

“This case demonstrates Diplomatic Security’s unwavering commitment to investigating visa fraud and ensuring that those who commit this crime are brought to justice,” crowed Bill Miller, the head of the Diplomatic Security Service (DSS) in a press release generated to mark Vo’s sentencing.

The problem there is that the whole case didn’t come about through careful oversight; it came about because a sad sack from Central Vietnam loaned his pregnant wife $20,000 to buy a US visa from Sestak and the Vos. Instead of coming home with their baby boy, she disappeared, married another man and blabbed about it on Facebook. The sad sack wrote rambling letters to the President and the State Department’s OIG trying to get his wife and money back.

That Vietnamese informant reportedly is a recipient of threats from some of the Sestak visa applicants. Poor sod. So, now, one of the co-conspirators got 7 months, another 16 months, Sestak got 5 years, Vo got 8 years,  one alleged co-conspirator was never charged, and we don’t know what happened to close to 500 visa applicants. Also, the USG gets less than half the $20 million alleged gains. It looks like, at least Vo, will not be flipping burgers when he gets out of prison.

Now life goes on.
 #

State Dept Responds to Purported ISIS ‘Hit List’ — This Gives Me A Sad

Posted: 3:18 pm EDT

On August 16, we blogged this: Purported ISIS ‘Hit List’ With 1,482 Targets Includes State Department Names.  We asked the State Department about this over the weekend. We wanted to know if the agency has been able to confirmed the affected State personnel. The State Department, on background, told us this:

We acknowledge the reports. While we will not comment on or confirm the specifics of this particular assertion, we know that malicious actors often target email accounts of government and business leaders across the United States.

We’ve also inquired about its response, or guidance to personnel , if any, and the State Department, still on background, would only say this:

We believe it is important for not only government and private sector companies but also individuals to improve their cybersecurity practices. That is why this Administration is working hard to raise our cyber defenses across the board.

Yikes! ¯\_(ツ)_/¯  

Well, we hope they’re talking to employees behind the firewall with more substance than this two-sentence practically useless response.

*

We have not been able to find anything State Department related-response/guidance on this on the public net, but DOD has some useful reminders posted on the wide-web, no logons required. The first set of slides below is actually a social networking cybersecurity awareness briefing by Diplomatic Security. The slide set appears dated a few years back (uses 2009 examples) and is not available, as far as we can tell, from state.gov. We found this set posted on the slideshare site maintained by the Defense Department. The other two set of slides are on opsec for families and one on geotagging safety for those who posts photos online. both from the DOD site.

Social Networking Cybersecurity Awareness


.

Social Media Cyber Security Awareness Briefing | OPSEC For Families

.

Social Media Roundup/Geotagging Safety

#

Burn Bag: Embarrassed by Hillary Server Scandal (*/_⧹) Not Enough Facepalms

Via Burn Bag:

“I understand most in our profession are admirers of Hillary, but the lack of response from the Department on this e-mail issue is a disgrace.  A Cabinet-level official and her top aides completely disregard IT security policies for 4 years, and we’re not even recognizing how badly we failed?  How many in the Executive Secretariat knew about this?  Short of formal reprimands, have we at least said this must never happen again?  Maybe a FAM amendment explicitly forbidding senior officials from doing this?”

via reactiongifs.com

via reactiongifs.com

#

Purported ISIS ‘Hit List’ With 1,482 Targets Includes State Department Names

Posted: 6:52 pm EDT


According
to CNN, a group calling itself the Islamic State Hacking Division recently posted online a purported list of names and contacts for Americans it refers to as “targets,” according to officials.

Though the legitimacy of the list is questionable, and much of the information it contains is outdated, the message claims to provide the phone numbers, locations, and “passwords” for 1400 American government and military personnel as well as purported credit card numbers, and excerpts of some Facebook chats.

The Guardian describes the list as a spreadsheet, published online last week which exposes names, email addresses, phone numbers and passwords. The 1,482 names include members of the U.S. Marine Corps, NASA, the State Department, the U.S. Air Force, and the FBI.

The Daily Mail  reports that the list includes an accompanying message that reads:  ‘Know that we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts.’

The list apparently also includes the names of eight Australians and UK government personnel. In Australia where there this is huge news, Prime Minister Tony Abbott told the press, “We’ve just discovered that it’s actually able to launch cyber attacks in this country so this is a very sophisticated and deadly threat to us even here in Australia.” A chief executive of a forensic data firm in the country went so far as to advise that Canberra’s public servants get off social media. He also recommended that “on the day [ADFA] cadets enlist, their entire electronic lives be erased” and that “they should not exist on digital networks until they retire from Defence.”

The reaction here is a little less ZOMG!  Last week, then Army Chief of Staff Gen. Ray Odierno said in a press conference that “this is the second or third time they’ve claimed that and the first two times I’ll tell you, whatever lists they got were not taken by any cyber attack.”

“This is no different than the other two,” Odierno said. “But I take it seriously because it’s clear what they’re trying to do … even though I believe they have not been successful with their plan.”

CNN reports that Pentagon spokesman Lt. Col. Jeffrey Pool also cautioned that many of the military email addresses looked at least several years old, based on their suffixes. He said that shortly after this list was posted, a reminder went out to service personnel that they should limit the personal information they put on social media. “If any of your information on it is accurate, you’re very concerned,” former Homeland Security adviser Fran Townsend told CNN, “as are government officials.”

According to the Washington Examiner, State Department employees comprise about a quarter of the alleged personal information on the list. That would be about 370 names. It also says that at the bottom of the leaked document, originally posted on zonehmirrors.org, are receipts from State Department employees along with their credit card numbers.  The report notes that Islamic State supporters tweeted a link to the document and also tweeted, in one instance, information claiming to be the personal details of a staff member from the U.S. embassy in Cairo that said: “To the lone wolves of Egypt.”

Technology security expert, Troy Hunt,  writes that “nothing makes headlines like a combination of ISIS / hackers / terrorism!” and has taken a closer look with an analysis here. Mr. Hunt’s conclusion — drawn merely from looking at the leaked list and applying what he observed from experience with previous data dumps leaked list —  is that “the data is almost certainly from multiple locations and very unlikely to be from a single data breach.” Also that “most of the data is easily discoverable via either existing data breaches or information intentionally made public.” He writes, “Even the source of the amalgamated data is unverifiable – it could be someone who does indeed wish harm on the individuals named, it could be a kid in his pyjamas, there’s just not enough information to draw a conclusion either way.”

In his analysis of the ISIS list, Mr. Hunt says that “there are many sources from which attributes in this list can be compiled.” As an example, he cited the Adobe breach of 2013 in which 152M records were leaked, which includes 257k .gov email addresses. He writes:

The ISIS list has a lot of state.gov email addresses – Adobe leaked 1,657 of those and they look just like this:

state.gov email addresses in the Adobe data breach

state.gov email addresses in the Adobe data breach via Troy Hunt (used with permission)

“Adobe also leaked password hints so you can begin to quite easily build a profile around people working in the US State Department,” he said.

Would be good to know if any of the names in the Adobe breach are showing up in the ISIS list. We have not seen the purported ISIS list or the names from the Adobe hack but we hope somebody at State is looking at those names. Folks probably need to work on their password hints, too.

In a separate post, Mr. Hunt also notes this:

“The hyperbole and the fear, uncertainty and doubt that spread over this was just off the scale compared to the significance of the actual data. Here we have what amounts to little more than easily discoverable information mostly already in the public domain and suddenly it’s become a huge terror hack. [….] However, the legitimacy of the claims that this was an “ISIS hack” appear to have gotten in the way of a good story and the news has simply run with it.

A couple more reading clips below from Troy Hunt:

.

.

There’s not much one can do with the Adobe, Target, Home Depot, OPM hack except to sign up for credit monitoring service or put a credit freeze on one’s account. That is, if we’re concerned about identity thief. But those services  will not work against potential blackmails related to a foreign government hack, or online threats related to potentially scraped data, collected from websites and social media accounts.

We are persuaded by Mr. Hunt’s analysis that this was not a real hack. But real or not, the information is out there and thinking about ‘lone wolf’ offenders seduced by ISIS’ call, in the U.S. or elsewhere is not paranoid.  Folks might consider this a good excuse to review their digital footprint.

The threats online — whether real or part of propaganda — is not going to abate anytime soon. This is the world as it is, and not an attempt at hyperbole.  Employees overseas can report these threats to RSOs but hey, have you seen the rundown of the RSO’s managed programs?   We don’t even know what specific office at State tracks these breaches or who has responsibility for online threats. Was anyone notified by State when the Adobe breach occurred in 2013 and leaked hundreds of official emails? Were those emails changed?  A talkinghead writinghead would like to know.

Also some of USG’s overseas posts still display the official email addresses of personnel in public affairs, and those dealing with contracts, solicitations, and acquisitions on their websites. Those should be generic e-mail accounts not linked to an individual’s name but linked instead to the section, function or office, e.g. Sanaacontracts@state.gov. Makes better sense as people rotate jobs anyway.

We’re trying to find if Diplomatic Security has any response, guidance, reminder for State Department personnel given this report and the Burn Bag received earlier.  Would be a good time as any to issue an opsec reminder. We will have a follow-up post if/when we get an official response.

 #

Binh Tang Vo Gets 8 Years For Conspiring With Former U.S. Consulate Official in Visa Scheme

Posted: 3:42 pm EDT

 

We have previously blogged about the Sestak visa scheme in this blog (see Michael T. Sestak Visa Scandal: Two Co-Conspirators Sentenced to 10 Months and 16 MonthsFSO Michael T. Sestak Pleads Guilty in Visa Fraud-Bribery Case, Faces 19-24 Years in Prison). Last month, the Justice Department announced that Binh Tang Vo, a U.S. citizen and one of the alleged conspirators pleaded guilty and was sentenced to eight years in prison plus forfeiture of nearly $5.1 million. Court records indicate that Michaell Sestak’s sentencing had been rescheduled for this month.

Via USDOJ:

Man Sentenced to Eight Years in Prison for Conspiring With Former U.S. Consulate Official in Visa Scheme | Vietnam-Based Scheme Yielded Millions of Dollars in Bribes

WASHINGTON  Binh Tang Vo, 41, an American citizen who had been living in Vietnam, was sentenced today to eight years in prison on charges of conspiracy to commit bribery and visa fraud, bribery of a public official, and conspiracy to commit money laundering, announced Acting U.S. Attorney Vincent H. Cohen, Jr. and Bill A. Miller, Director of the U.S. Department of State’s Diplomatic Security Service (DSS).

Vo pled guilty to the charges in March 2015 in the U.S. District Court for the District of Columbia. The plea agreement, which was contingent upon the Court’s approval, called for a prison sentence between six and eight years, as well as forfeiture of nearly $5.1 million. The Honorable Emmet G. Sullivan accepted the plea agreement and sentenced Vo accordingly today.

Vo was arrested on Sept. 24, 2013, at Washington Dulles International Airport and has been held without bond ever since.

According to a statement of facts in support of his guilty plea, Vo conspired with co-defendant Michael Sestak and others to obtain visas to the United States for Vietnamese citizens.  Sestak was the Non-Immigrant Visa Chief in the Consular Section of the U.S. Consulate in Ho Chi Minh City, Vietnam from August 2010 to September 2012.

As outlined in the statement of facts, Vo and Sestak conspired with other U.S. citizens and Vietnamese citizens to advertise the scheme and recruit customers. Co-conspirators reached out to people in Vietnam and the United States and advertised the scheme by creating a website and by spreading the word through emails and telephone calls.  The conspirators told potential customers that once the customers obtained a visa from the scheme, they could disappear, get married or return to Vietnam and be assured of receiving visas in the future.

Vo and his co-conspirators received biographical information and photographs from customers and assisted them with their visa applications.  Upon submitting an application, the applicant would receive an appointment at the Consulate, be interviewed by Sestak, and approved for a visa. Applicants or their families generally paid between $30,000 and $60,000 per visa.  Nearly 500 fraudulent visas were issued as a result of the conspiracy.

Applicants paid for their visas in Vietnam, or by routing money to co-conspirators in the United States.  Vo admitted to receiving millions of dollars for arranging for Sestak to approve the visas.  He ultimately moved some of the money out of Vietnam by using money launderers to move funds through off-shore banks.  Co-conspirators also had money laundered through off-shore banks to bank accounts in the United States.

“Binh Vo conspired with a corrupt U.S. Consulate Official to collect bribes in exchange for issuing visas that allowed nearly 500 Vietnamese nationals to enter the United States,” said Acting U.S. Attorney Cohen.  “Binh Vo and his family members recruited bribe-paying customers by telling them that once in the United States they could disappear or get married.  He collected millions of dollars in bribes by undermining the integrity of the process used to screen foreign visitors to our country.  This prison sentence demonstrates our commitment to preserving the integrity of a process that is critical to our national security.”

“The U.S. visa is one of the most coveted travel documents in the world. Foreign nationals who acquire visas fraudulently to enter the United States could do so in order to carry out any number of criminal activities, including terrorism,” said Director Miller. “This case demonstrates Diplomatic Security’s unwavering commitment to investigating visa fraud and ensuring that those who commit this crime are brought to justice.”

Sestak, 44, pled guilty in November 2013 to one count each of conspiracy to commit bribery and visa fraud and to defraud the United States, bribery of a public official, and conspiracy to engage in monetary transactions in property derived from illegal activity. He is scheduled to be sentenced July 1, 2015.

Hong Vo, 29, an American citizen, and Truc Thanh Huynh, 31, a Vietnamese citizen, also pled guilty to conspiring with Sestak and Binh Vo.  Hong Vo is Binh Vo’s sister, and Truc Thanh Huynh is Binh Vo’s cousin. Hong Vo was sentenced in March 2014 to seven months in prison and three months of home detention. Truc Tranh Huynh was sentenced in February 2014 to 16 months of incarceration.

According to the statement of facts, fraudulent visas granted by Sestak were connected to an Internet Protocol (“IP”) address controlled by Hong Vo. Huynh allegedly participated in the visa scheme by obtaining documents necessary for the visa applications, collecting money and providing model questions and answers for visa applicants.  Sestak also allegedly approved a visa for Huynh to the United States, the application for which was submitted by the IP address controlled by Hong Vo.

The case was investigated and prosecuted by the U.S. Department of State Diplomatic Security Service and Assistant U.S. Attorneys Brenda J. Johnson, Alessio D. Evangelista of the National Security Section, and Catherine K. Connelly and Jennifer Ambuehl of the Asset Forfeiture and Money Laundering Section, as well former Assistant U.S Attorneys Christopher Kavanaugh, and Mona N. Sahaf.

#

 

560 Ex-Peace Corps Volunteers Write to Secretary Kerry Urging Suspension of Aid to Dominican Republic

Posted: 3:08 am EDT

 

Nearly 600 former Peace Corps volunteers and three PC country directors who served in the Dominican Republic wrote an open letter to Secretary Kerry urging the suspension of aid to the Dominican Republic due to its treatment of Dominicans of Haitian descent:

It is due to our deep and abiding concern for the most vulnerable members of Dominican society that we are writing to you about the crisis of statelessness among Dominicans of Haitian descent. We urge you to end U.S. involvement in the violation of their human rights: enforce the Leahy Amendments to the Foreign Assistance Act and annual Department of Defense appropriations.

The Leahy laws state that no U.S. assistance shall be furnished to any unit of the security forces of a foreign country if there is credible information that such a unit has committed a gross violation of human rights. Given the Dominican government’s disregard for international law with respect to the status of its citizens of Haitian descent; the violent track record of Dominican security forces receiving funding and training from the United States; and the Dominican Armed Forces’ readiness to execute a potentially massive campaign of rights-violating expulsions, we ask that the United States suspend its military aid to the Dominican government.

In 2013, the Dominican Constitutional Court i​ssued a ruling (168-13) that effectively stripped hundreds of thousands of people, primarily those of Haitian descent, of their Dominican citizenship. This ruling stands in direct contravention of international human rights law—specifically the A​merican Convention on Human Rights,​which the Dominican government r​atified in 1978. This convention enshrines the right to a nationality and prohibits its arbitrary deprivation. Many Dominicans of Haitian ancestry, including those whose families have resided in the

Dominican Republic for generations, were rendered stateless and face forcible deportation to a country where many have no ties whatsoever. A subsequent Dominican law (1​69-14)​, which addressed the court’s ruling, further entrenched the negation of the right to citizenship on the basis of one’s place of birth, and retroactively conferred citizenship on the basis of the immigration status of one’s parents.

The volunteers’ letter specifically cites the security forces that “appear poised to carry out mass deportations within the country, including the U​.S.-trained border patrol agency, CESFRONT, which has r​eceived more than $17.5 million in assistance from the United States since 2013.”

“If the United States is serious about protecting universally recognized human rights, we must no longer abet such actions in the Dominican Republic, much less be complicit in an impending intensification of human rights abuses. In our view, it appears impossible for the Dominican government to move forward with the implementation of its human rights-violating, internationally condemned citizenship laws without involving its security forces in yet more widespread and severe abuses.”

A small group representing the volunteers has requested a meeting with Assistant Secretary for Western Hemisphere Roberta Jacobson.

.

.

.

.

.

#