SIM card security breached by US and UK

The Intercept is reporting this morning that US and UK spies broke into the internal network of Gemalto, the largest SIM card manufacturer in the world and stole the encryption keys used by the manufacturer. SIM cards are designed to protect the privacy of cellphone conversations, among other things. The reporting is based on documents provided by Edward Snowden, and the breach was described in a document written in 2010.

So, as a beginning point, you can safely assume that your mobile phone privacy was breached over four years ago.

Here are more details:

Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

* * *

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”

SIM cards were not primarily designed to protect privacy, but instead were by cell phone companies to limit fraudulent use of their networks.

SIM cards were not invented to protect individual communications — they were designed to do something much simpler: ensure proper billing and prevent fraud, which was pervasive in the early days of cellphones. Soghoian compares the use of encryption keys on SIM cards to the way Social Security numbers are used today. “Social security numbers were designed in the 1930s to track your contributions to your government pension,” he says. “Today they are used as a quasi national identity number, which was never their intended purpose.”

Because the SIM card wasn’t created with call confidentiality in mind, the manufacturers and wireless carriers don’t make a great effort to secure their supply chain. As a result, the SIM card is an extremely vulnerable component of a mobile phone. “I doubt anyone is treating those things very carefully,” says Green. “Cell companies probably don’t treat them as essential security tokens. They probably just care that nobody is defrauding their networks.” The ACLU’s Soghoian adds, “These keys are so valuable that it makes sense for intel agencies to go after them.”

Much more from The Intercept here.

Representative tweets:

Christmas Eve NSA data dump

If you head the NSA and, due to a court order, you are required to publicly release (heavily redacted) documents indicating that the NSA violated the law repeatedly over more than a decade, when would you choose to announce the release?

Well, the NSA chose to make the release around 1:30 pm, Christmas eve.

Bloomberg reports:

The NSA, responding to a Freedom of Information Act lawsuit from the American Civil Liberties Union, released a series of required quarterly and annual reports to the President’s Intelligence Oversight Board that cover the period from the fourth quarter of 2001 to the second quarter of 2013.

The heavily-redacted reports include examples of data on Americans being e-mailed to unauthorized recipients, stored in unsecured computers and retained after it was supposed to be destroyed, according to the documents. They were posted on the NSA’s website at around 1:30 p.m. on Christmas Eve.

In a 2012 case, for example, an NSA analyst “searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting,” according to one report. The analyst “has been advised to cease her activities,” it said.

Other unauthorized cases were a matter of human error, not intentional misconduct.

Last year, an analyst “mistakenly requested” surveillance “of his own personal identifier instead of the selector associated with a foreign intelligence target,” according to another report.


An excellent proposal

Senator Mark Udall (D-CO) lost his reelection bid on Tuesday. This is particularly important as Udall was one of the most forceful members of the Senate Intelligence Committee to call for more disclosure from the CIA and NSA regarding their operations.

Trevor Timm, writing in The Guardian, has interestingly suggested that Udall could legally read into the Congressional Record the text of the CIA Torture Report, prepared by the Intelligence Committee, which is still tied up by the CIA (and Obama Administration) refusals to allow publication of the report without massive and frustrating redactions.

America’s rising civil liberties movement lost one of its strongest advocates in the US Congress on Tuesday night, as Colorado’s Mark Udall lost his Senate seat to Republican Cory Gardner. While the election was not a referendum on Udall’s support for civil liberties (Gardner expressed support for surveillance reform, and Udall spent most of his campaign almost solely concentrating on reproductive issues), the loss is undoubtedly a blow for privacy and transparency advocates, as Udall was one of the NSA and CIA’s most outspoken and consistent critics. Most importantly, he sat on the intelligence committee, the Senate’s sole oversight board of the clandestine agencies, where he was one of just a few dissenting members.

But Udall’s loss doesn’t have to be all bad. The lame-duck transparency advocate now has a rare opportunity to truly show his principles in the final two months of his Senate career and finally expose, in great detail, the secret government wrongdoing he’s been criticizing for years. On his way out the door, Udall can use congressional immunity provided to him by the Constitution’s Speech and Debate clause to read the Senate’s still-classified 6,000-page CIA torture report into the Congressional record – on the floor, on TV, for the world to see.

There’s ample precedent for this. In 1971, former Senator Mike Gravel famously read the top-secret classified Pentagon Papers for three hours before almost collapsing and then entering thousands of pages more into the record after he couldn’t speak for any longer from exhaustion.

* * *

But now, Udall has nothing to lose. He can’t get kicked off any committee he won’t be a part of in two months. And he can’t be prosecuted for revealing classified information as a member of Congress.

This would be a terrific service to Americans who need to know that torture was official US policy following 9/11 so as to insure that such crimes never happen again by the American government.


Second NSA whistleblower is “confirmed”

Michael Isikoff is reporting that Federal agents have identified a suspected “second” whistleblower providing details of the NSA surveillance programs to reporters.


The FBI has identified an employee of a federal contracting firm suspected of being the so-called “second leaker” who turned over sensitive documents about the U.S. government’s terrorist watch list to a journalist closely associated with ex-NSA contractor Edward Snowden, according to law enforcement and intelligence sources who have been briefed on the case.

The FBI recently executed a search of the suspect’s home, and federal prosecutors in Northern Virginia have opened up a criminal investigation into the matter, the sources said.

But the case has also generated concerns among some within the U.S. intelligence community that top Justice Department officials — stung by criticism that they have been overzealous in pursuing leak cases — may now be more reluctant to bring criminal charges involving unauthorized disclosures to the news media, the sources said. One source, who asked not to be identified because of the sensitivity of the matter, said there was concern “there is no longer an appetite at Justice for these cases.”

I believe that the Justice Department should tread very carefully in dealing with any whistleblowers. And it should be especially careful in challenging reporters covering any additional disclosures in an attempt to reveal to Americans the overall breadth of the surveillance of American citizens. The people have a right to know.

Surveillance self-defense

The EFF has just released a compendium of products than can help you defend your computer systems and communications from the surveillance state. It is called Surveillance Self-Defense. It offers advice for people in differing scenarios.  I am planning to implement the recommendations in the section entitled “Mac User?”.

Well worth a careful review.

Conflicts of interest at the NSA

Who could have possibly thought that NSA employees, at high levels in the agency, would be involved in obvious conflicts of interest?  Well, BuzzFeed News is reporting that Teresa Shea, a high level employee, is leaving the agency as a result of financial interests and conflicts between her and her husband and the NSA.


Shea was the director of signals intelligence, or SIGINT, which involves intercepting and decoding electronic communications via phones, email, chat, Skype, and radio. It’s widely considered the most important mission of the NSA, and includes some of the most controversial programs disclosed by former contractor Edward Snowden, including the mass domestic surveillance program.

It couldn’t be determined why Shea is leaving her position or what new job she might take. Neither the Sheas nor the NSA responded immediately to requests for comment.

In September, BuzzFeed News reported that a SIGINT “contracting and consulting” company was registered at Shea’s house, even while she was the SIGINT director at NSA. The resident agent of the company, Telic Networks, was listed as James Shea, her husband.

Mr. Shea is also the vice president of a major SIGINT contractor that appears to do business with the NSA. The company, DRS Signals Solutions, is a subsidiary of DRS Technologies, which itself is a subsidiary of Italian-owned Finmeccanica SPA.

Last week Buzzfeed News also reported Shea herself had incorporated an “office and electronics” business at her house, and that the company owned a six-seat airplane and a condominium in the resort town of Hilton Head, South Carolina.


Grand Rapids ArtPrize entry highlights NSA surveillance activities

ArtPrize is an independently organized international art competition in Grand Rapids, Michigan. It is the world’s largest art competition based on daily attendance, prize amounts, number of artists and venues. ArtPrize 2014 takes place September 24-October 12.  Voting number for “Just Listening” is 56367. ArtPrize officially opens Wednesday, September 24.

One of my friends, Ruth Tyszka, together with two other artists created a piece that challenges the NSA surveillance programs and whether the concept of Lady Justice has continuing validity in a time of world-wide mass surveillance.

Here is their explanation of the piece:

Darcel Deneau, Joan Schwartz and Ruth Tyszka worked together for months to create their 11 foot high sculpture “Just Listening” for exhibition at the 2014 ArtPrize art competition in Grand Rapids, Michigan. The three accomplished artists deploy art and technology in this visual commentary on American ideals within the context of the National Security Agency’s (NSA) electronic data surveillance and collection programs.The artists were honored and excited to be selected to show their sculpture “Just Listening” at the Fountain Street Church venue, which partnered with the American Civil Liberties Union to present the exhibit titled “Art To Change the World: Inspiring Social Justice.”The artists drew from a broad range of experience in different mediums to carefully choose a variety of mixed media materials to construct a contemporary Lady Justice lifting the world above her head. Serving as a symbol of American ideals and morality within the justice system, the Lady Justice figure is initially intended to be beautiful and aesthetically pleasing, drawing to mind traditional representations of Lady Justice. Upon closer inspection, the viewer is invited to participate and question the NSA’s systematic use of technology to collect information on citizens of the United States and from around the world. Lady Justice wears an elaborate gown made from surveillance-related news articles and punctuated by a cascade of red and white glass mosaic stripes down the front. She stands on a platform of data servers and balances above her head a 30-inch diameter globe constructed of repurposed circuit boards and stained glass and lit from within. A tablet computer embedded in the globe streams Tweets that reference the NSA. Earbuds connect Lady Justice to the world’s data. Throughout the sculpture, the artists use symbols like the slipping blindfold, the scales of justice, and the American eagle tattoo to metaphorically raise questions about the potential for compromise of Lady Justice’s representation of justice, fairness and equity.

Photo credits: PD Rearick; click images to enlarge
Deneau is a graduate of the College for Creative Studies (Detroit) and recently completed her term as the Board Chair at the Detroit Artists Market. Schwartz graduated from Wayne State University (Detroit), is a non-practicing pediatrics nurse and currently serves on the board of the Mosaic Artists of Michigan. Tyszka is a graduate of Oakland University and Wayne Law School (Detroit), currently splits her time between law and art, and is the Governance Chair on the Board of Trustees for the Society of American Mosaic Artists.
The Fountain Street Church is located at 24 Fountain St. NE, Grand Rapids, Michigan. If you make it to the show, be sure to take a look at this project. And be sure to vote in its favor. Voting number for “Just Listening” is 56367. ArtPrize officially opens Wednesday, September 24.

The NSA builds a search engine

The Intercept is reporting that the NSA has a built a Google-like search engine of its intelligence collections which is used by nearly two dozen US government agencies.

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.

The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.

ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.


So they are collecting this information, including data generated by American citizens that in no way are targets of normal law enforcement actions. In effect, this data is used in ways not at all related to national security. This is the surveillance state writ large. And, as shown in the image above, this information is searchable by the so-called “5-eyes”: Australia, Canada, New Zealand, the United Kingdom and the United States.

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

The most wanted man in the world

Writing in Wired, James Bamford, a well-known IT security expert, has written a summary of what he learned during a recent visit he made to Russia to speak in person with Edward Snowden. It is a wonderful profile and it should be read in full. Snowden explains his reasons for the massive data dump of NSA operations and secrets.

Here is a video from the report, in Edward Snowden’s own words:

Communications collected by the NSA are an attractive nuisance

Michael P. Lynch has written an important analysis of the NSA’s large and growing collection of the full content of American’s communications. He highlights the dangers of abuse of such a collection and the essay is worth a careful read.

It’s been a while since we all became aware of what the National Security Administration has been up to. But as revelations of government breaches recede and the concerns of daily life resume, the public occasionally needs a reminder. A recent story in The Washington Post was exactly that. It laid out in detail what many had long suspected: that the N.S.A., in targeting foreign nationals, is collecting and storing extremely large amounts of information on many American citizens. This information is not restricted to metadata; it is content — photos, web chats, emails and the like. While United States law prevents targeting American citizens without a warrant (even if it is just a warrant from the secret FISA court) nothing currently prevents the N.S.A. from engaging in this “incidental collection” and no law prevents the agency — and other United States intelligence and law enforcement agencies — from accessing such content without a warrant into perpetuity.

We’ll get to know the consequences of our current policies on global warming. But the abuse of knowledge isn’t going to be so obvious.
Discussion of the Washington Post story has tended to concentrate on its eye-catching point that (at least) 90 percent of the data being collected is “incidental” in this way. But what, if anything, is wrong with the incidental collection of personal information? Should we be more or less alarmed by it?

My own view is that the storage of incidentally collected data is very wrong indeed. But the reasons that make it wrong also help to explain, I think, why as a nation we sometimes seem to refuse to resist it, and perhaps sympathize more than we should with Representative Mike Rogers’ comment from last year that your privacy can’t be violated if you don’t know about it.

The first reason many N.S.A. activities, including this one, are wrong is instrumental or consequential: they are potentially dangerous for the simple reason that they invite abuse that, should it occur, will be particularly difficult to uncover. To see this, reflect on the fact that the N.S.A. database is often referred to as a “pool of information.” This is an apt metaphor. In the law, swimming pools are called attractive nuisances. They attract children, and as a result, if you own a pool, even if you are a watchful, responsible parent yourself, you still have to put up a fence. Similarly, even if we can trust that the architects of the N.S.A.’s various programs had no intention of abusing the information they are collecting about American citizens, the pool of information could easily prove irresistible.

And the bigger the pool the more irresistible it is likely to become. This is not just common sense, it explains why the N.S.A.’s repeated assertions that they aren’t actually looking at the content of emails, or targeting Americans, should have been greeted with skepticism. The pool of data is a pool of knowledge. Knowledge is power; and power corrupts. As a consequence it is difficult to avoid drawing the inference that absolute knowledge might corrupt absolutely.

This “incidental” collection of data, under EO 12333 and other NSA programs, is creating and more and more alluring collection that is used not only by the NSA but by the FBI and the CIA. And all of the collection is accomplished without a warrant. The Constitution does not authorize warrantless collection of Americans’ communications without a warrant. And there is a good reason for requiring warrants.

Birds of a feather?

King Abdullah ibn Abdul Aziz in 2002
King Abdullah ibn Abdul Aziz in 2002 (Photo credit: Wikipedia)

Guess who has a new BFF.

Of course, it is the NSA. And the new friend is the brutally repressive Saudi Arabian state police apparatus, according to a report at The Intercept:

The National Security Agency last year significantly expanded its cooperative relationship with the Saudi Ministry of Interior, one of the world’s most repressive and abusive government agencies. An April 2013 top secret memo provided by NSA whistleblower Edward Snowden details the agency’s plans “to provide direct analytic and technical support” to the Saudis on “internal security” matters.

The Saudi Ministry of Interior—referred to in the document as MOI— has been condemned for years as one of the most brutal human rights violators in the world. In 2013, the U.S. State Department reported that “Ministry of Interior officials sometimes subjected prisoners and detainees to torture and other physical abuse,” specifically mentioning a 2011 episode in which MOI agents allegedly “poured an antiseptic cleaning liquid down [the] throat” of one human rights activist. The report also notes the MOI’s use of invasive surveillance targeted at political and religious dissidents.

But as the State Department publicly catalogued those very abuses, the NSA worked to provide increased surveillance assistance to the ministry that perpetrated them. The move is part of the Obama Administration’s increasingly close ties with the Saudi regime; beyond the new cooperation with the MOI, the memo describes “a period of rejuvenation” for the NSA’s relationship with the Saudi Ministry of Defense.

* * *

Asked if the U.S. takes human rights records into account before collaborating with foreign security agencies, a spokesman for the office of the director of national intelligence told The Intercept: “Yes. We cannot comment on specific intelligence matters but, as a general principle, human rights considerations inform our decisions on intelligence sharing with foreign governments.”

Absolutely terrific news. Saudi Arabia is the country that created, and fundedAl-Quaeda, tortures its own citizens and severely represses women’s freedom. We now know that the NSA is willing to look the other way to help a country that is at least partially responsible for 9/11. Your tax dollars at work.

PCLOB to investigate use of Executive Order 12333

I previously described the nature and operation of Executive Order 12333, which allows warrantless collection of communications by Americans, provided only that the collection occurs overseas. Now, the Privacy and Civil Liberties Oversight Board has announced to it will examine the surveillance activities conducted un EO 12333.

The Washington Post reports:

An independent privacy watchdog agency announced Wednesday that it will turn its focus to the largest and most complex of U.S. electronic surveillance regimes: signals intelligence collection under Executive Order 12333.

That highly technical name masks a constellation of complex surveillance activities carried out for foreign intelligence purposes by the National Security Agency under executive authority. But unlike two other major NSA collection programs that have been in the news lately, EO 12333 surveillance is conducted without court oversight and with comparatively little Congressional review.

The Privacy and Civil Liberties Oversight Board, an independent executive branch agency, over the last year has taken in-depth looks at the other two NSA programs. It concluded the bulk collection of Americans’ phone call metadata under Section 215 of the Patriot Act was illegal and raised constitutional concerns. By contrast, it found the gathering of call and email content under Section 702 of the Foreign Intelligence Surveillance Act to be lawful, though certain elements pushed “close to the line” of being unconstitutional.

Now the board is planning to delve into EO 12333 collection, among other topics. It is not clear, however, how deep or broad its examination will be.

“It’s obviously a complex thing to look at 12333,” but “it’s something we’ll likely be delving into,” said a member of the Privacy and Civil Liberties Oversight Board who requested anonymity in order to speak freely. The board has highlighted 12333 issues in the past. For example, each agency is supposed to have guidelines to carry out the executive order, but some guidelines are three decades old. The board has encouraged the guidelines be updated, the source said.

Reagan’s Executive Order 12333

Despite the pressure that has been generated to reform NSA surveillance of Americans under the FISA Act, there remains a huge program that the NSA operates completely without regard to FISA. It is called Executive Order 12333, it was put in place during the Reagan Administration and it continues unchanged.

The guts of the order provide that there is no protection for American’s communications if the communications are collected by US intelligence agencies outside the United States. There is no right to appeal the collection and no restrictions on how long the collections can be retained. No warrants are required. The order is not a statute and has never been subjected to judicial review for constitutional compliance. And this program does not collect merely metadata; it collects the full content of communications. It is in many respects less constitutional than the NSA’s telephone metadata collection program.

Writing in the Washington Post, John Napier Tye, who served as section chief for Internet freedom in the State Department’s Bureau of Democracy, Human Rights and Labor from January 2011 to April 2014, has called out the dangers of EO 12333.

A legal regime in which U.S. citizens’ data receives different levels of privacy and oversight, depending on whether it is collected inside or outside U.S. borders, may have made sense when most communications by U.S. persons stayed inside the United States. But today, U.S. communications increasingly travel across U.S. borders — or are stored beyond them. For example, the Google and Yahoo e-mail systems rely on networks of “mirror” servers located throughout the world. An e-mail from New York to New Jersey is likely to wind up on servers in Brazil, Japan and Britain. The same is true for most purely domestic communications.

Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all such communications — content as well as metadata — provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation. No warrant or court approval is required, and such collection never need be reported to Congress. None of the reforms that Obama announced earlier this year will affect such collection.

Without any legal barriers to such collection, U.S. persons must increasingly rely on the affected companies to implement security measures to keep their communications private. The executive order does not require the NSA to notify or obtain consent of a company before collecting its users’ data.

The attorney general, rather than a court, must approve “minimization procedures” for handling the data of U.S. persons that is collected under 12333, to protect their rights. I do not know the details of those procedures. But the director of national intelligence recently declassified a document (United States Signals Intelligence Directive 18) showing that U.S. agencies may retain such data for five years.

* * *

When I started at the State Department, I took an oath to protect the Constitution of the United States. I don’t believe that there is any valid interpretation of the Fourth Amendment that could permit the government to collect and store a large portion of U.S. citizens’ online communications, without any court or congressional oversight, and without any suspicion of wrongdoing. Such a legal regime risks abuse in the long run, regardless of whether one trusts the individuals in office at a particular moment.

I am coming forward because I think Americans deserve an honest answer to the simple question: What kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?

The President has specifically indicated that he intends to do nothing to disclose or eliminate this abusive program. So it appears that the President believes that the Fourth Amendment rights of US citizens end at the border, and anything that can be captured elsewhere is fair game. Even Dianne Feinstein, Chair of the Senate Intelligence Committee and a staunch NSA defender, has said that Congressional oversight of the program is limited.

Feinstein has consistently defended the NSA’s collection of domestic cellphone metadata, saying the program under which it is doing so is overseen by both the courts and Congress. But even she has said the 12333 programs skirt similar protections.

“The other programs do not (have the same oversight as FISA). And that’s what we need to take a look at,” she said, adding that her committee has not been able to “sufficiently” oversee the programs run under the executive order. “Twelve-triple-three programs are under the executive branch entirely.”

Feinstein has also said the order has few, if any, privacy protections. “I don’t think privacy protections are built into it,” she said. “It’s an executive policy. The executive controls intelligence in the country.”

There is more from the EFF.

US knew UK was going to destroy Snowden documents held by The Guardian

The New York Times is reporting that the Obama administration knew, in advance, that British authorities planned to go to The Guardian’s office and insist on the destruction of computers containing the trove of documents provided by whistleblower Edward Snowden. The destruction occurred in July 20 of last year. According to documents provided to the Associated Press, based on their FOIA requests, American officials, including those at the NSA, cheered the action.

When ask at the time of the event whether the US government agreed with the actions taken by the GCHQ in the UK, a White House spokesman, Joshua Earnest said at an August 20 briefing

It’s very difficult to imagine a scenario in which that would be appropriate.

And yesterday, a spokesman for the US Director of National Intelligence offered the following response:

The intelligence community saw the removal of any potential classified intelligence information from nonsecure computers as a good thing to ensure that any stolen documents, including those not published, would not be acquired by foreign intelligence services or cybercriminals.

The episode clearly shows the lack of freedom of the press in the UK as contrasted with the US.

Of course, journalists had multiple collections of the same documents, so effectively nothing was lost to disclosure. I guess we can chalk up the unconcealed glee of American government officials at the destruction of the documents to our so-called “special relationship” with the UK, in which the UK plays the role of lapdog to the US. For a musical take on that “relationship” check out this Pet Shop Boys song called “I’m With Stupid,” in which “Tony Blair” sings about his relationship with “Geroge Bush” in the Iraq war.

Here are the lyrics to the song:

Oh oh, I’m with stupid
Oh oh, I’m with stupid

See you on the TV
Call you every day
Fly across the ocean
Just to let you get your way

No one understands me
Where I’m coming from
Why would I be with someone
Who’s obviously so dumb?

Love comes
Love grows
Every time you rise to meet me
Take my hand to greet me

Love comes
Love grows
And power can give a man
Much more than anybody knows

Oh oh, I’m with stupid
Oh oh, I’m with stupid
Oh oh, I’m with stupid
Oh oh, I’m with stupid

Before we ever met
I thought like everybody did
You were just a moron
A billion-dollar kid

You flew up all the way
Like a hawk chasing a dove
I never thought that I would be
A sacrifice in love

It comes
It grows
And now we’re tied together
Everybody knows

Oh oh, I’m with stupid
Oh oh, I’m with stupid
Oh oh, I’m with stupid
Oh oh, I’m with stupid

Is stupid really stupid
Or a different kind of smart?
Do we really have a relationship
So special in your heart?

Oh oh, I’m with stupid
Oh oh, I’m with stupid

I have to ask myself
Like any lover might
Have you made a fool of me?
Are you not Mr. Right?

You grin
I pose
It’s not about sincerity
Everybody knows

Oh oh, I’m with stupid
Oh oh, I’m with stupid
Oh oh, I’m with stupid
Oh oh, I’m with stupid

Is stupid really stupid
Or a different kind of smart?
That’s how you stole my heart
I’m with stupid