USA Freedom Act’s So-Called “Transparency” Provisions Enable Illegal Domestic Surveillance
I regret that I am only now taking a close look at the “transparency” provisions in Patrick Leahy’s version of USA Freedom Act. They are actually designed not to provide “transparency,” but to give a very misleading picture of how much spying is going on. They are also designed to permit the government to continue not knowing how much content it collects domestically under upstream and pen register orders, which is handy, because John Bates told them if they didn’t know it was domestic then collecting domestic isn’t illegal.
In this post, I’ve laid out the section of the bill that mandates reporting from ODNI, with my comments interspersed along with what the “transparency” report Clapper did this year showed.
(b) MANDATORY REPORTING BY DIRECTOR OF NATIONAL INTELLIGENCE.—
(1) IN GENERAL.—Except as provided in subsection (e), the Director of National Intelligence shall annually make publicly available on an Internet Web site a report that identifies, for the preceding 12-month period—
This language basically requires the DNI to post a report on I Con the Record every year. But subsection (e) provides a number of outs.
Individual US Person FISA Orders
(A) the total number of orders issued pursuant to titles I and III and sections 703 and 704 and a good faith estimate of the number of targets of such orders;
This language requires DNI to describe, in bulk, how many individual US persons are targeted in a given year (there were 1,767 orders and 1,144 estimated targets last year). But it only requires DNI to give a “good faith estimate” of these numbers (and that’s what they’re listed as in ODNI’s report from last year)! If there’s one thing DNI should be able to give a rock-solid number for, it’s individual USP targets. But … apparently that’s not the case.
Section 702 Orders
(B) the total number of orders issued pursuant to section 702 and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders;
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;
This language requires DNI to provide an estimate of the number of targets of Section 702 which includes both upstream and PRISM production. Last year, this was one order (ODNI doesn’t tell us, but there were at least 3 certificates –Counterterrorism, Counterproliferation, and Foreign Government) affecting 89,138 targets.
The new reporting requires the government to come up with some estimate of how many communications are collected, as well as how many are located inside the US.
Except DNI is permitted to issue a certification saying that there are operational reasons why he can’t provide that last bit — how many are in the US. Thus, 4 years after refusing to tell John Bates how many Americans’ communications NSA was sucking up in upstream collection, Clapper is now getting the right to continue to refuse to provide that ratified by Congress. And remember — Bates also said that if the government didn’t know it was collecting that content domestically, then it wasn’t really in violation of 50 USC 1809(a). So by ensuring that it doesn’t have to count this, Clapper is ensuring that he can continue to conduct illegal domestic surveillance.
Don’t worry though. The bill includes language that says, even though this provision permits the government to continue conducting illegal domestic collection, “Nothing in this section affects the lawfulness or unlawfulness of any government surveillance activities described herein. ”
Back Door Searches
(iv) the number of search terms that included information concerning a United States person that were used to query any database of the contents of electronic communications or wire communications obtained through the use of an order issued pursuant to section 702; and
(v) the number of search queries initiated by an officer, employee, or agent of the United States whose search terms included information concerning a United States person in any database of noncontents information relating to electronic communications or wire communications that were obtained through the use of an order issued pursuant to section 702;
This language counts back door searches.
But later in the bill, the FBI — which we know does the bulk of these back door searches — is exempted from all of this reporting. As I noted in this post, effectively the Senate is saying it’s no big deal of FBI doesn’t track how many warrantless searches of US person content it does, even of people against whom the FBI has no evidence of wrongdoing.
In addition, note that odd limit to (v). DNI only has to report metadata searches “initiated by an officer, employee, or agent” of the United States. That would seem to exempt any back door metadata searches by foreign governments (it might also exempt contractors, but they should be included as “agents” of the US). Which, given that CIA doesn’t currently count its metadata searches, and given that CIA conducts a bunch of metadata searches on behalf of other entities, leads me to suspect that CIA may be doing metadata searches “initiated” by foreign governments. But that’s a guess. One way or another, though, this clause was written to not count some of these metadata searches. [Update: On reflection, that language may be designed to avoid counting automated processes as searches — if they’re initiated by a robot rather than an employee they’re not counted!]
Pen Register Orders
C) the total number of orders issued pursuant to title IV and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders; and
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;
This language counts how many Pen Register orders the government obtains, how many individuals get sucked up, and how many are in the US, both of which are additions on what ODNI reported this year.
But that last bit — counting people in the US — is again a permissible exemption under the bill. Which is, as you’ll recall, the other way NSA has been known to engage in illegal domestic content collection. The only known bulk pen register is currently run by FBI, but in any case, the exemption has the same effect, of permitting the government from ever having to admit that it is breaking the law.
Traditional Section 215 Collection
(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders; and
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;
This requires DNI to report on traditional Section 215 orders, but the entire requirement is a joke on two counts.
First, note that, for a reporting requirement for a law permitting the government to collect “tangible things,” it only requires individualized reporting for “communications.” “Individuals whose communications were collected” are specifically defined as only involving phone calls and electronic communications.
So this “transparency” bill will not count how many individuals have their financial records, beauty supply purchases, gun purchases, pressure cooker purchases, medical records, money transfers, or other things sucked up, much of which we know to be done under this bill. And this is particularly important, because the law still permits bulk collection of these things. Thus, this “transparency” report creates the illusion that far less collection is done under Section 215 than actually is, it creates the illusion that bulk collection is not going on when it is.
But it gets worse!
After having limited the individualized reporting solely to communications, the bill also exempts FBI from (iii). And that’s important because we know the majority of Section 215 orders are being used to order Internet companies to provide something that the government failed to obtain using NSLs. Those orders are almost certainly minimized, meaning they involve significant bulk either in terms of people sucked up or in terms of sensitive First Amendment materials (which might be the case for URL searches). So while the bill will show how many people have their communications collected, the reports will wrongly suggest Americans’ communications aren’t being sucked up.
So the traditional 215 reporting will show the orders and targets of the orders, but will hide how many individuals are having their non-communications records sucked up, and how many Americans communications records the FBI is sucking up. This report will give an unbelievably deceptive picture of how Section 215 is being used.
Newfangled Section 215 Reporting
(E) the total number of orders issued pursuant to applications made under section 501(b)(2)(C) and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders;
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection; and
(iv) the number of search terms that included information concerning a United States person that were used to query any database of call detail records obtained through the use of such orders; and
This is the reporting on the new Call Detail Record provision. It purports to show how many orders are issued, the number of targets, the number of individuals collected, and the number of Americans implicated, either by having their communications collected or using information from a US person to conduct the query.
But … you guessed it! There’s another exemption for the FBI, covering the two US person provisions.
Now, I assume that, given this provision will no longer require the ingestion of all the call records of all Americans every day, this collection amy actually go back to the FBI, where it belongs. If that’s the case, then it means the CDR “transparency” report will, again, provide a completely misleading impression that no Americans are being sucked up.
National Security Letters
(F) the total number of national security letters issued and the number of requests for information contained within such national security letters.
This bill prohibits bulk collection!!!! its supporters claim. But with NSLs — a collection conducted with no oversight from courts — the bill doesn’t require reporting of the total people affected. (Current reporting hides bulk collection with NSLs of what are basically phone books by not requiring those to be broken out by US person.) This is, admittedly, way down on my list of things that worry me about these “transparency” provisions. But still, another indication of how seriously this bill takes “transparency.”
Update, 10/4: This is incorrect. A different provision requires reporting on this, which is in fact slightly better than what we currently get.
The Fine Print and Other Loopholes
(2) BASIS FOR REASONABLE BELIEF INDIVIDUAL IS LOCATED IN UNITED STATES.—A phone number registered in the United States may provide the basis for a reasonable belief that the individual using the phone number is located in the United States at the time of collection.
I’m not sure whether this is the intent, but I believe this language provides DNI another way to not report when it collects Internet data in the US — because an IP address located in the US is not considered a reasonable basis to believe the person using that IP address is located in the US. So it may well make the Internet reporting even more inaccurate.
(c) DISCRETIONARY REPORTING BY DIRECTOR OF NATIONAL INTELLIGENCE.—The Director of National Intelligence may annually make publicly available on an Internet Web site a report that identifies, for the preceding 12-month period—
(1) a good faith estimate of the number of individuals whose communications were collected pursuant to orders issued pursuant to titles I and III and sections 703 and 704 reasonably believed to have been located in the United States at the time of collection whose information was reviewed or accessed by an officer, employee, or agent of the United States;
(2) a good faith estimate of the number of individuals whose communications were collected pursuant to orders issued pursuant to section 702 reasonably believed to have been located in the United States at the time of collection whose information was reviewed or accessed by an officer, employee, or agent of the United States;
(3) a good faith estimate of the number of individuals whose communications were collected pursuant to orders issued pursuant to title IV reasonably believed to have been located in the United States at the time of collection whose information was reviewed or accessed by an officer, employee, or agent of the United States;
(4) a good faith estimate of the number of individuals whose communications were collected pursuant to orders issued pursuant to applications made under section 501(b)(2)(B) reasonably believed to have been located in the United States at the time of collection whose information was reviewed or accessed by an officer, employee, or agent of the United States; and
(5) a good faith estimate of the number of individuals whose communications were collected pursuant to orders issued pursuant to applications made under section 501(b)(2)(C) reasonably believed to have been located in the United States at the time of collection whose information was reviewed or accessed by an officer, employee, or agent of the United States.
This discretionary reporting is all designed to allow James Clapper to come out every year and say, “sure, we’ve got all your Gmail in a server somewhere, but don’t worry, we didn’t look at it.” Note that it doesn’t talk about electronic access, just human access, and doesn’t talk about foreign person access.
(d) TIMING.—The annual reports required by subsections (a) and (b) and permitted by subsection (c) shall be made publicly available during April of each year and include information relating to the previous year.
The timing of reports will match current timing.
(e) EXCEPTIONS.—
(1) REPORTING BY UNIQUE IDENTIFIER.—If it is not practicable to report the good faith estimates required by subsection (b) and permitted by subsection (c) in terms of individuals, the good faith estimates may be counted in terms of unique identifiers, including names, account names or numbers, addresses, or telephone or instrument numbers.
This is, I think, a totally innocuous provision permitting DNI to not have to run its correlations tool against this reporting.
(2) STATEMENT OF NUMERICAL RANGE.—If a good faith estimate required to be reported under clauses (ii) or (iii) of each of subparagraphs (B),(C), (D), and (E) of paragraph (1) of subsection (b) or permitted to be reported in subsection (c), is fewer than 500, it shall exclusively be expressed as a numerical range of ‘fewer than 500’ and shall not be expressed as an individual number.
This says that DNI can use 500 rather than provide a specific number for the individualized reports. Note that’s worse than what they did this year on Section 215.
(3) FEDERAL BUREAU OF INVESTIGATION.— Subparagraphs (B)(iv), (B)(v), (D)(iii), (E)(iii), and (E)(iv) of paragraph (1) of subsection (b) shall not apply to information or records held by, or queries conducted by, the Federal Bureau of Investigation.
As I noted, the FBI has exemptions for things that the FBI does the bulk of. There is another grave problem with this exemption, which I’ll get to in another post.
(4) CERTIFICATION.—
(A) IN GENERAL.—If the Director of National Intelligence concludes that a good faith estimate required to be reported under subparagraph (B)(iii) or (C)(iii) of paragraph (1) of subsection (b) cannot be determined accurately, including through the use of statistical sampling, the Director shall—
(i) certify that conclusion in writing to the Permanent Select Committee on Intelligence and the Committee on the Judiciary of the House of Representatives and the Select Committee on Intelligence and the Committee on the Judiciary of the Senate; and
(ii) make such certification publicly available on an Internet Web site.
(B) CONTENT.—
(i) IN GENERAL.—The certification described in subparagraph (A) shall state with specificity any operational, national security, or other reasons why the Director of National Intelligence has reached the conclusion described in subparagraph (A).
This is the language that permits DNI to not count the stuff that would be illegal if he counted it. Also note — one of my favorite bits! — House Judiciary does not get this report (the bill fixes non-reporting to HJC on most other provisions).
Remarkably, it permits DNI to provide “national security” reasons why he can’t count this accurately. Such certification will say something like, “If I count this stuff, it then becomes illegal, and I’ll no longer be able to illegally collect US person content in the US anymore, which will be bad for national security, so I certify that I can’t count it.”
GOOD FAITH ESTIMATES OF CERTAIN INDIVIDUALS WHOSE COMMUNICATIONS WERE COLLECTED UNDER ORDERS ISSUED UNDER SECTION 702.—A certification described in subparagraph (A) relating to a good faith estimate required to be reported under subsection (b)(1)(B)(iii) may include the information annually reported pursuant to section 702(l)(3)(A).
‘(iii) GOOD FAITH ESTIMATES OF CERTAIN INDIVIDUALS WHOSE COMMUNICATIONS WERE COLLECTED UNDER ORDERS ISSUED UNDER TITLE IV.—If the Director of National Intelligence determines that a good faith estimate required to be reported under subsection (b)(1)(C)(iii) cannot be determined accurately as that estimate pertains to electronic communications, but can be determined accurately for wire communications, the Director shall make the certification described in subparagraph (A) with respect to electronic communications and shall also report the good faith estimate with respect to wire communications.
This says that DNI may report only the phone conversations collected under 702, but not the wire communications — the stuff that’s illegal.
(C) FORM.—A certification described in subparagraph (A) shall be prepared in unclassified form, but may contain a classified annex.
(D) TIMING.—If the Director of National Intelligence continues to conclude that the good faith estimates described in this paragraph cannot be determined accurately, the Director shall annually submit a certification in accordance with this paragraph.
Hey! At least we’ll know that DNI refuses to count its illegal domestic collection. Every year he’ll write a note to Congress saying, “I still refuse to count how many people get sucked up under 702,” with the classified bit explaining that if he counted it, then it’d be illegal.
quote”They are actually designed not to provide “transparency,” but to give a very misleading picture of how much spying is going on.”unquote
So, the IC business as usual, while the author of the most untruthful bill in the history of law lies through his teeth.
quote”Hey! At least we’ll know that DNI refuses to count its illegal domestic collection. Every year he’ll write a note to Congress saying, “I still refuse to count how many people get sucked up under 702,” with the classified bit explaining that if he counted it, then it’d be illegal.”unquote
Meanwhile, the Surveillance State will expand to the point even Orwell will be in shock. In my universe, the people would be loading weapons and gearing up for all out civil war. In this one, Keeping up with the Kardashian’s viewing numbers increase exponentially while the masses line up to buy the new iPhone 6.
bartender. ..a bottle of Michigan cult TwoRollingEyes and a shot of DoubleFacePalm… er..make that triples. I wanna get fucking drunk.
ps..USA FREEDOM ACT. This is the absolute most sadistic slap in the Framers face ever to be perpetrated in the history of the USA. If I could I would spit in Leahy’s face. In reality, I know they did this just to fucking spite Snowden.
These fuckers redefine the word TRAITOR.
emptywheel – do you send any of your analysis to Leahy’s office? I’m a constituent of his, and I’d really like to know if or how he responds to your reviews of his legislation. I’d also be glad to help if a constituent’s push would be beneficial.
I am jazzed to see so much to read, but here to say the Intercept needs to check their pool filters; the kid’s turds are going down the spam drain!
I don’t need to be posted, but I begin to wonder after weeks go by if I am being ignored or simply never arrived. All they need to do is once in a few weeks post a single comment, but now not even that form of Milgram Experiment will fly there. I refuse to scream at the Moderator because, of course, they are the test subject I would most like to see flunk the exam, and they are flunking in flying colors.
Marcy, have you gone over the Black Report, yet? You know, that public private partnership that explains why most of the military is off the books, now.
If the first of SOC’s 12 core activities is “Direct Action: ‘Short-duration strikes and other small scale offensive actions taken to seize, destroy, capture or recover in denied areas”…then why does Obama need to ask Congress for permission for anything? Privates have this ISIL action covered. Notice how they never really get the job done? Why should they? What’s the profit in THAT?
Seriously, had TAC been allowed to live, this would already be so over. Napalm, do your JOB.
Marcy, thank you for your fine combing. I would have loved for you to hear this awesome audiologist explaining the backdoor mechanism insurers foist on her. She has agreed to see if our insurer will actually return on their commitment as stated in their policy by billing them FIRST. Then, if they pay their share, we will buy those new aids. Otherwise, we could get stuck with the entire bill and left looking at an expensive and lengthy arbitration process.
She said insurers who under pay are asking her to overcharge to recoop the cost, but that only means they are thus inflating healthcare costs and then calling that a savings on their Ebitda claims for larger bonuses, those dirty CEOs!
This whole insurance claim game is a boon to insurers who typically refuse you just for asking. And of course this surveillance system is online with our health issues, too. I see health records are all over those private public partneshits in Black’s SOC report.
OMG, can Seimens hear us NOW! Up to 12000 Hz
http://www.youtube.com/watch?v=PQtIdiUWKOg
That’s a whistle I can no longer hear. Can you?
quote”That’s a whistle I can no longer hear. Can you?”unquote
Hahahahahahahahahahaha? aba..don’t you ever get tired of looking like a cryptic buffoon who the entire planet has already identified as a clown who doesn’t know the difference between Barnum and Lansdale?
this is an important summary article whose comments section was obliterated by two inane commenters and a blizzard of idiocy.
can this really be accidental? i don’t think so; watch where it occurs.
I try to ignore the less-connected-to-reality comments. It isn’t always easy.
but watch what happens. they target certain posts and obliterate with a blizzard of posts the likelihood of a set of comments from this sites sensible, genuinely concerned commenters.