Amid a crazy week traveling, I kept getting asked to do TV, in one case extending a short airport transfer in Chicago overnight to appear on Democracy Now. I thought I’d share today’s interviews.

To explain the Beeb clip above: I have a history of totally bolloxing the time difference in Chicago. So I thought I had another hour to get myself safely ensconced someplace quiet at O’Hare. Instead, they texted me and said I had 5 minutes while I was on the El heading out to O’Hare. So I jumped off at the next stop, huddled down in a shelter and did the interview sitting on the platform. The Beeb did a tremendous job editing out the train and highway noise–I could barely hear myself speak.

Then there’s this Democracy Now interview, which was a comedy of errors in its own way (if one of you wants to walk me through buying my own TV interview earpiece, I’d appreciate the help). I think the interview was good; it’s always a treat to be on with Amy Goodman. But I wanted to call attention to this part of the interview.

MARCY WHEELER: Right. So, this is not Ken Starr. For those of you old enough to remember, Ken Starr was investigating everything and everywhere and couldn’t be fired. And that—the law that authorized such investigations was ended, on the logic that they encouraged kind of wide—they encouraged investigators to keep investigating until they found anything, such as the consensual relationship between Clinton and Monica Lewinsky.

You can too teach an old dog new tricks!

One more note: the lack of make-up in these was not my fault. I thought I was adulting plenty by bringing a jacket with me just in case I had to go adulting somewhere, so I was reasonably okay for the Democracy Now interview. But I didn’t have makeup with me because … why?

Something new to add to my adulting list, now that I’ve mastered translating “blowjob” into “consensual relationship,” and even before coffee: make-up.

Some day soon I might yet grow up.

Update: Adding a link to the Intercepted podcast I was on with Jeremy Scahill and Glenn Greenwald, because it was a lot of fun.

Rod Rosenstein just appointed former FBI Director (and, before that, US Attorney) Robert Mueller as Special Counsel to take over the investigation into Trump and his associates.

I’m agnostic about the selection of Mueller. He has the benefit of credibility among FBI Agents, so will be able to make up for some of what was lost with Jim Comey’s firing. He will be regarded by those who care about such things as non-partisan. With Jim Comey, Mueller stood up to Dick Cheney on Stellar Wind in 2004 (though I think in reality his willingness to withstand Cheney’s demands has been overstated).

But Mueller has helped cover up certain things in the past, most notably with the Amerithrax investigation.

My bigger concern is with the scope, which I believe to be totally inadequate.

Here’s how the order describes the scope:

(b) The Special Counsel is authorized to conduct the investigation confirmed by then-FBI Director James 8. Comey in testimony before the House Permanent Select Committee on Intelligence on March 20, 2017, including:

(i) any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump; and

(ii) any matters that arose or may arise directly from the investigation; and

(iii) any other matters within the scope of 28 C.F.R. § 600.4(a).

As I read this, it covers just the investigation into ties between the Russian government and people associated with Trump’s campaign. Presumably, that includes Mike Flynn, Paul Manafort, and Carter Page, among others.

But there are other aspects of the great swamp that is the Trump and Russia orbit that might not be included here. For example, would Manafort’s corrupt deals with Ukrainian oligarchs be included? Would Flynn’s discussions with Turkish officials, or Rudy Giuliani’s attempt to excuse Turkey’s violation of Iran sanctions? Would the garden variety money laundering on behalf of non-governmental Russian mobbed up businessmen be included, something that might affect Manafort, Jared Kushner, or Trump himself?

And remember there are at least two other aspects of the Russian hacking investigation. Back in February, Reuters reported that San Francisco’s office was investigating Guccifer 2.0 and Pittsburgh was investigating the actual hackers.  Somewhere (San Francisco would be the most logical spot), they’re presumably investigating whoever it is that has been dumping NSA’s hacking tools everywhere. I’ve learned that that geography has either changed, or there are other aspects tied to those issues in other corners of the country.

Plus, there’s the Wikileaks investigation in EDVA, the same district where the Mueller-led investigation might reside, but a distinct investigation.

Any one of those investigations might present strings that can be pulled, any one of which might lead to the unraveling of the central question: did Trump’s associates coordinate with the Russian government to become President. Unless Mueller can serve to protect those other corners of the investigation from Trump’s tampering, it would be easy to shut down any of them as they become productive.

Yet, as far as I understand the scope of this, Mueller will only oversee the central question, leaving those disparate ends susceptible to Trump’s tampering.

Update: In its statement on the appointment, ACLU raises concerns about whether this would include the investigation into Trump’s attempt to obstruct this investigation.

Update: WaPo’s Philip Rucker reminds that Mueller is law firm partners with Jamie Gorelick, who has been representing both Ivanka and Kushner in this issue.

Update: Mueller is quitting WilmberHale to take this gig. He’s also taking two WilmerHale former FBI people with him. Still, that’s a close tie to the lawyer of someone representing key subjects of this investigation.

Update: One addition to the ACLU concern about investigating the Comey firing. In the most directly relevant precedent, the Plame investigation, when Pat Fitzgerald expanded his investigation from the leak of Plame’s identity to the obstruction of the investigation, he asked for approval to do so from the Acting Attorney General overseeing the investigation — in that case, Jim Comey.

The Acting Attorney General in this case is Rod Rosenstein. So if Mueller were as diligent as Fitzgerald was, he would have to ask the guy who provided the fig leaf for Comey’s firing to approve the expansion of the investigation to cover his own fig leaf.

Update: Petey noted to me that Jeff Sessions’ narrow recusal may limit how broadly Rosenstein’s order may be drawn. It’s a really interesting observation. Here’s what I said about Sessions’ recusal (which is very similar to what I tried to address in this post).

There are two areas of concern regarding Trump’s ties that would not definitively be included in this recusal: Trump’s long-term ties to mobbed up businessmen with ties to Russia (a matter not known to be under investigation but which could raise concerns about compromise of Trump going forward), and discussions about policy that may involve quid pro quos (such as the unproven allegation, made in the Trump dossier, that Carter Page might take 19% in Rosneft in exchange for ending sanctions against Russia), that didn’t involve a pay-off in terms of the hacking. There are further allegations of Trump involvement in the hacking (a weak one against Paul Manafort and a much stronger one against Michael Cohen, both in the dossier), but that’s in no way the only concern raised about Trump’s ties with Russians.

Back when Shadow Brokers doxxed some NSA hackers, I argued some allusions Shadow Brokers made served as a kind of warning, in that case directed at people who hack for NSA. As I understand it, Shadow Brokers’ threats reflected access to specific and accurate information.

Though I haven’t confirmed any of these details, yesterday’s Shadow Brokers post seems to do more of the same, although this time directed at NSA itself.

Consider this passage:

In April, 90 days from theequationgroup show and tell, 30 days from Microsoft patch, theshadowbrokers dumps old Linux (auction file) and windows ops disks. Because why not? TheShadowBrokers is having many more where coming from? “75% of U.S. cyber arsenal” TheShadowBrokers dumped 2013 OddJob from ROCTOOLS and 2013 JEEPFLEAMARKET from /TARGETS. This is theshadowbrokers way of telling theequationgroup “all your bases are belong to us”. TheShadowBrokers is not being interested in stealing grandmothers’ retirement money. This is always being about theshadowbrokers vs theequationgroup.

Shadow Brokers starts by saying it just dropped the EternalBlue dump, along with some other files, because “The ShadowBrokers is having many more where [those were] coming from.” Shadow Brokers then cites from a detail first reported in a WaPo report (though presents the factoid as a direct quote when it is not): that Hal Martin stole 75% of the US cyberarsenal. The WaPo report actually stated that Martin had stolen “75 percent of TAO’s library of hacking tools.”

Shadow Brokers then made some assertions that may disprove a claim WaPo made yesterday: “It is not clear how the Shadow Brokers obtained the hacking tools, which are identical to those breached by former NSA contractor Harold T. Martin III, according to former officials.” It described exactly where, on the NSA servers, the files came from. “TheShadowBrokers dumped 2013 OddJob from ROCTOOLS and 2013 JEEPFLEAMARKET from /TARGETS.” Having suggested it had at least seen file paths or screen caps of the NSA’s file system, Shadow Brokers then made its point even more clear: “This is theshadowbrokers way of telling theequationgroup ‘all your bases are belong to us‘,” both making fun of the claims about its broken language but also suggesting takeover (though I’m curious if mis-citation using a plural here is intentional — perhaps these file systems are in different places? — or just one of a some egregious typos in this post).

Again, I haven’t confirmed whether those details are accurate. Surely the NSA has doublechecked. If they are accurate, then the other claims made in the post — specifically about the other things it has to dump — will especially merit attention.

TheShadowBrokers Monthly Data Dump could be being:

• web browser, router, handset exploits and tools
• select items from newer Ops Disks, including newer exploits for Windows 10
• compromised network data from more SWIFT providers and Central banks
• compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

One more point. Shadow Brokers seems to suggest Oracle and another Microsoft patch were due to notice from former NSA hackers, as if all the former NSA employees are helping their employers clean up holes they’ve long known about.

Oracle is patching huge numbers of vulnerabilities but TheShadowBrokers is not caring enough to be look up exact dates.

[snip]

TheShadowBrokers is thinking Google Project Zero is having some former TheEquationGroup member. Project Zero recently releasing “Wormable Zero-Day” Microsoft patching in record time, knowing it was coming? coincidence?

It’s not clear whether they’d be doing this because they knew of holes NSA had been using or not.

But it’s worth observing that Shadow Brokers is not making vague threats here.

Let’s look at some dates the WaPo’s sources and Shadow Brokers are giving for the EternalBlue exploit that caused havoc around the world starting on Friday.

Yesterday, WaPo had a story on how concerned people within NSA were about the EternalBlue Windows exploit used in the WannaCry ransomware. It was so powerful, one source described, it was like “fishing with dynamite.”

In the case of EternalBlue, the intelligence haul was “unreal,” said one former employee.

“It was like fishing with dynamite,” said a second.

But that power came with risks. Among others, when the NSA started using the powerful tool more than five years, the military would have been exposed to its use.

Since the NSA began using EternalBlue, which targets some versions of Microsoft Windows, the U.S. military and many other institutions have updated software that was especially vulnerable.

Though Cyberscoop notes the US military hasn’t been entirely protected from WannaCry. An IP address associated with the Army Research Lab in Fort Huachuca was infected (though that could have been a deliberate attempt to respond to the ransomware).

WannaCry ransomware infected a machine tied to an IP address associated with the Army Research Laboratory, CyberScoop has learned. The information, found on a list of affected IP addresses provided by a security vendor, would mark the first time the ransomware was found on a federal government computer.

The security vendor, who provided the data on condition of anonymity to discuss sensitive material, observed communications from the victim IP address to the attackers’ known command and control server on May 12; confirming that the ransomware infection involving the ARL was in fact successful.

The IP address is tied to a server block parked at a host located at Fort Huachuca, Arizona. The type of machine the IP address is attached to is unknown.

In the early days of EternalBlue, the WaPo explains, it would often crash the infected computer, resulting in a bluescreen that might alert victims to its presence. That opened the possibility that the victim might discover the exploit and then turn it back on the US.

“If one of our targets discovered we were using this particular exploit and turned it against the United States, the entire Department of Defense would be vulnerable,” the second employee said. “You just have to have a foothold inside the network and you can compromise everything.”

The WaPo puts the date before which DOD was vulnerable to its own weapon at 2014.

What if the Shadow Brokers had dumped the exploits in 2014, before the government had begun to upgrade software on its computers? What if they had released them and Microsoft had no ready patch?

In yesterday’s post, Shadow Brokers claimed the Windows exploits released last month — which it had first named in January — came from a 2013 OpsDisk.

In January theshadowbrokers is deciding to show screenshots of lost theequationgroup 2013 Windows Ops Disk.

I’ll have a bit more to say about Shadow Brokers’ claims yesterday. But if this description of the source of the exploit is correct — an ops disk dating to 2013 — it opens up the possibility it was discovered around the same time (perhaps in response to the bluescreen effect). If it did, then it would have been able to attack DOD with it.

I keep asking people what the source for Shadow Brokers’ files might have been able — might still be able — to steal from the US using the tools in question. This timeline seems to suggest the Ops Disk would have been deployed before DOD was prepared to withstand its own weapons.

The other day, Microsoft President and Chief Legal Officer Brad Smith wrote a blog post about the WannaCry ransomware exploiting his company’s products to disrupt the world. At one level it was one of the first entries in what will surely be an interesting policy discussion once there’s an aftermath to the crisis, calling for collective action and a Digital Geneva Convention.

But at another level, Smith’s post provided an opportunity to bitch out the CIA and NSA, the leaked and stolen exploits of which have really fucked with Microsoft in the last few months.

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.

Joining the many people who object to the analogy between Tomahawks and hacking exploits, the entity that caused this crisis, Shadow Brokers, is none too impressed with Smith’s response, either. Along with suggesting NSA was paying Microsoft to sit on vulnerabilities and unleashing a load of expletives (you can click through for both of those), Shadow Brokers lays out the tensions between Microsoft, its enterprise contracts with the government, and the NSA’s reticence about the vulnerabilities in Microsoft products it is exploiting.

Despite what scumbag Microsoft Lawyer is wanting the peoples to be believing Microsoft is being BFF with theequationgroup. Microsoft and theequationgroup is having very very large enterprise contracts millions or billions of USD each year. TheEquationGroup is having spies inside Microsoft and other U.S. technology companies. Unwitting HUMINT.

[snip]

Microsoft is being embarrassed because theequationgroup is lying to Microsoft. TheEquationGroup is not telling Microsoft about SMB vulnerabilities, so Microsoft not preparing with quick fix patch. More important theequationgroup not paying Microsoft for holding vulnerability. Microsoft is thinking it knowing all the vulnerabilities TtheEquationGroup is using and paying for holding patch.

Then Shadow Brokers brings the hammer: threatens to dump (among other offerings in an “exploit of the month club”) a Windows 10 vulnerability.

TheShadowBrokers Monthly Data Dump could be being:

• web browser, router, handset exploits and tools
• select items from newer Ops Disks, including newer exploits for Windows 10
• compromised network data from more SWIFT providers and Central banks
• compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

Heck, at this point, Shadow Brokers doesn’t even need to have this exploit (though I’m guessing the NSA and Microsoft both may be erring on the side of caution at this point). Because simply by threatening another leak after leaking two sets of Microsoft exploits, Shadow Brokers will ratchet up the hostility between Microsoft and the government.

It might even force some disclosure about exploits more critical to NSA’s current toolkit than the very powerful tools Shadow Brokers already used to create a global ransomware worm.

Let’s stipulate that Donald Trump is an incompetent president. Let’s stipulate that his fondness for the Russians exhibits at least naiveté about their intentions, if not out and out compromise. Let’s agree that when he fucks up, it is fair game to scream about it as a way to limit his power. Let’s acknowledge ruefully, again, that the man who got elected heckling “Lock her up!” continues to engage in far more egregious mistreatment of classified information than an email server.

But it’s worth looking at one paragraph in the WaPo story on how Donald Trump shared code word intelligence with the two Russian Sergeys, Foreign Minister Sergey Lavrov and the omnipresent Ambassador to the US Sergey Kislyak last week.

First, some background.

The whole point of the story, which is sourced to “current and former U.S. officials,” just one of whom is described as a former intelligence official (meaning the others could be members of Congress), is that Trump’s actions are particularly egregious because he revealed the city from which ISIS was allegedly plotting a laptop attack on US planes that has led US Homeland Security to consider ineffective bans on laptops in passenger areas of planes.

Trump went on to discuss aspects of the threat that the United States learned only through the espionage capabilities of a key partner. He did not reveal the specific intelligence-gathering method, but he described how the Islamic State was pursuing elements of a specific plot and how much harm such an attack could cause under varying circumstances. Most alarmingly, officials said, Trump revealed the city in the Islamic State’s territory where the U.S. intelligence partner detected the threat. [my emphasis]

Revealing the city, these US officials sharing the information anonymously because of “the sensitivity of the subject” explain, might help ID the US ally or capability involved in revealing this laptop threat.

The identification of the location was seen as particularly problematic, officials said, because Russia could use that detail to help identify the U.S. ally or intelligence capability involved. Officials said the capability could be useful for other purposes, possibly providing intelligence on Russia’s presence in Syria. Moscow would be keenly interested in identifying that source and perhaps disrupting it.

Hmmm. How many cities does ISIS still hold…?

The other problem with sharing this information is that it is not ours to share. This ally gets very frustrated when it discovers we shared information that it hasn’t permitted us to share.

At a more fundamental level, the information wasn’t the United States’ to provide to others. Under the rules of espionage, governments — and even individual agencies — are given significant control over whether and how the information they gather is disseminated, even after it has been shared. Violating that practice undercuts trust considered essential to sharing secrets.

[snip]

At a more fundamental level, the information wasn’t the United States’ to provide to others. Under the rules of espionage, governments — and even individual agencies — are given significant control over whether and how the information they gather is disseminated, even after it has been shared. Violating that practice undercuts trust considered essential to sharing secrets.

The officials declined to identify the ally but said it has previously voiced frustration with Washington’s inability to safeguard sensitive information related to Iraq and Syria.

“If that partner learned we’d given this to Russia without their knowledge or asking first, that is a blow to that relationship,” the U.S. official said.

So: bad to share because this ally gets to veto any sharing of this information, and “if that partner learned we’d given this to Russia without their knowledge or asking first, that is a blow to that relationship.” And especially bad to share the city (even though there can’t be many possibilities) because that would make it easier to figure out the underlying sources and methods.

This stuff is so sensitive, the WaPo explains, that if anyone else were to share it (with an adversary, they caveat), it’d be illegal.

For almost anyone in government, discussing such matters with an adversary would be illegal.

You with me so far? Sharing bad without okay of frustrated ally, sharing location especially bad, illegal if you’re not the President.

Okay. Now read this paragraph:

The Post is withholding most plot details, including the name of the city, at the urging of officials who warned that revealing them would jeopardize important intelligence capabilities.

So multiple people learned of this event, and went out and leaked it (which is illegal to do for most anyone besides the President, the WaPo helpfully notes), not just with the WaPo’s two reporters, but with reporters from Buzzfeed, NYT, WSJ, and more. They leaked it to reporters who they presumably knew would then report it, alerting the frustrated ally that Trump had shared the information, which is a blow to that relationship, and also alerting the frustrated ally that they then proceeded to go leak it more.

I’m confused, is that a blow to that relationship too, leaking the sharing so it can be revealed? Or did, say, the Saudis call up a bunch of members of Congress and former spooks and permit them to leak this to the press so Donald and his close relationship with the Russians can be undermined?

And these sources who are outraged that Trump shared the city where our frustrated ally that shouldn’t learn we’re leaking it without its permission learned of the plot? These sources shared plot details, including the name of the city, with journalists whose job it is to publish stuff like this, though the journalists didn’t share it with us or the Russians.

Now, I’ll grant you, WaPo’s reporters aren’t an adversary (depending on who you ask), though neither are they tasked with keeping a nation that has already lost a plane to ISIS safe. WaPo’s reporters aren’t fighting for power in Syria like Russia (and our frustrated ally), so they can’t personally use this information for advantage there.

So, yeah, it’s different. But these very outraged sources are still sharing the information that it is so outrageous to share.

Me? I’m hoping all this sharing and leaking about sharing will reveal what the underlying threat really is supposed to be. Because some of our frustrated allies have a habit of exaggerating threats so we implement stupid transportation policies and grow ever more reliant on their intelligence that they seem to keep sharing even though it seems to keep getting leaked.

Yesterday, Mike Lee trolled Democrats by suggesting that Merrick Garland, who has a lifetime seat on the DC Circuit, should vacate that and lead the FBI. In a piece explaining how utterly moronic the many Democrats who took his bait are, Dave Weigel explains this is “Why Liberals Lose” — not just because they never press for advantage effectively, but because they so often fall prey when Republicans do.

We live in a golden age of political stupidity, but I’m not being hyperbolic when I say this: The idea of pulling Judge Merrick Garland off the D.C. Circuit federal appeals court and into the FBI is one of the silliest ideas I’ve seen anyone in Washington fall for. It’s like Wile E. Coyote putting down a nest made of dynamite and writing “NOT A TRAP” on a whiteboard next to it. It’s also an incredibly telling chapter in the book that’s been written since the Republican National Convention — the story of how Republicans who are uncomfortable with the Trump presidency gritting their teeth as they use it to lock in control of the courts.

You should definitely read all of Weigel’s piece, which is spot on.

But there are other aspects that the success of Lee’s ploy explain about Why Liberals Lose. First and foremost, it shows how mindlessly Democrats adopt the playing field that Republicans deal them.

I mean, even as Democrats have been pushing for months to use the Russian scandal to impeach Trump, and even at the moment where that actually seems feasible (down the road), most Democrats simply accepted the necessity of replacing Jim Comey and have shifted instead to fighting the worst names being floated, people like Trey Gowdy (an initial trial balloon) and Alice Fisher and Michael Garcia, who’re reportedly being formally considered.

Why are Democrats even accepting that Trump should get to replace Comey?

According to CNBC’s count from mid-April, Trump had filled just 24 of the 554 Senate confirmed positions in government.

Sure, Trump has filled a handful more in the interim month, but Trump is otherwise not in a rush to staff the government. Yet he has immediately turned to replacing Comey.

There is nothing more illegitimate than for Trump to be able to give someone a ten year term as FBI Director because he fired Jim Comey.

Trump is no longer hiding the fact that he fired Comey to try to undercut the Russian investigation. And the timeline is clear: the dinner to which Trump called Comey to twice demand his loyalty took place on January 27.

As they ate, the president and Mr. Comey made small talk about the election and the crowd sizes at Mr. Trump’s rallies. The president then turned the conversation to whether Mr. Comey would pledge his loyalty to him.

Mr. Comey declined to make that pledge. Instead, Mr. Comey has recounted to others, he told Mr. Trump that he would always be honest with him, but that he was not “reliable” in the conventional political sense.

[snip]

By Mr. Comey’s account, his answer to Mr. Trump’s initial question apparently did not satisfy the president, the associates said. Later in the dinner, Mr. Trump again said to Mr. Comey that he needed his loyalty.

Mr. Comey again replied that he would give him “honesty” and did not pledge his loyalty, according to the account of the conversation.

That means it took place the same day of Sally Yates’ second conversation with Don McGahn about FBI’s investigation into Mike Flynn (and by association, I always point out, Jared Kushner).

It was always a pipe dream for Democrats to think they could stave off Neil Gorsuch’s confirmation, in part because you really do need a full panel at SCOTUS.

But for the moment, the FBI will continue to run the same way the rest of government is running: with the acting officials who’re filling in until Trump gets around to filling the spot. Moreover, Andrew McCabe, the Acting FBI Director, is a Comey loyalist who will ensure his initiatives will continue for whatever portion of Comey’s remaining 6 years he gets to serve.

This is important not just for the Russian investigation — it’s important to the future of our democracy. Alice Fisher, for example, would be an even more insanely pro-corporate FBI Director than Comey (former Board Member of HSBC, remember) or Mueller.

Democrats should be out there, loudly and in unison, decrying how inappropriate it would be for Trump to get to replace Comey when everyone watching knows the firing was one of the most corrupt things a President has done in a century.

Instead, they’re falling prey to Mike Lee’s obvious ploys.

Since 2014, I have been trying to alert anyone who would listen about Section 704.

That’s a part of FISA Title VII — the part of FISA that will be reauthorized this year. When Congress passed FISA Amendments Act in 2008, they promised they’d protect US persons overseas by requiring an order to surveil them. Almost always, the section that accomplished that was referred to Section 703, which is basically PRISM for Americans overseas.

Except I discovered when I (briefly) worked at the Intercept that NSA never uses 703. Ever. Which meant that what they use to surveil Americans overseas is somewhat looser Section 704 (or, for Americans against whom there is a traditional domestic FISA order, 705b). Except no one — and I mean literally no one, not in the NGO community nor on the Hill — understood how Section 704 was used.

Exactly a year ago, I laid all this out in a post and suggested that, as part of the Section 702 reauthorization this year, Congress should finally figure out how 704 works and whether there are any particular concerns about it.

It turns out, four months before I wrote that, NSA’s Inspector General had finalized a report showing that in the seven and a half years since Section 704 was purportedly protecting Americans overseas, it wasn’t. The report is heavily redacted, but what isn’t redacted showed that the NSA had never set up a means to identify all 704/705b queries, and so couldn’t reliably oversee whether analysts were following the rules. The report showed that Signals Intelligence Compliance and Oversight only started helping DOJ and ODNI do their compliance reviews of 704/705b in October 2014, by providing the queries they could identify to the reviewers. But not all queries can be audited, because not all the feeds in question can be sent to NSA’s auditing and logging system.

The review itself — conducted from March to August of 2015 on data from the first quarter of that year — showed a not insignificant amount of querying non-compliance.

The 704 compliance problems are a part of the problem with NSA’s decision to shut down upstream surveillance (because 704 collection authorization is one of the things that automatically gets a US person approved for upstream searches]. Though, in her most biting comment in an otherwise pathetic opinion, Chief FISC judge Rosemary Collyer note the failure to tell her about this when 702 certificates were submitted in September or in an October 4 hearing showed a lack of candor.

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

A review that post-dated the IG Report revealed the problem was even bigger than that. In the compliance section of the report, Collyer noted that 85% of the 704/705b queries conducting using one particular tool (which was rolled out in 2012) were non-compliant.

NSA examined all queries using identifiers for “U.S. persons targeted pursuant to Sections 704 and 705(b) of FISA using the tool [redacted] in [redacted] . . . from November 1, 2015 to May 1, 2016.” Id. at 2-3 (footnote omitted). Based on that examination, “NSA estimates that approximately eighty-five percent of those queries, representing [redacted] queries conducted by approximately [redacted] targeted offices, were not compliant with the applicable minimization procedures.” Id. at 3. Many of these non-compliant queries involved use of the same identifiers over different date ranges. Id. Even so, a non-compliance rate of 85% raises substantial questions about the propriety of using of [redacted] to query FISA data. While the government reports that it is unable to provide a reliable estimate of the number of non-compliant queries since 2012, id., there is no apparent reason to believe the November 2015-April 2016 period coincided with an unusually high error rate.

And NSA was unable to chase down the reporting based off this non-compliant querying.

The government reports that NSA “is unable to identify any reporting or other disseminations that may have been based on information returned by [these] non-compliant queries” because “NSA’s disseminations are sourced to specific objects,” not to the queries that may have presented those objects to the analyst. Id. at 6. Moreover, [redacted] query results are generally retained for just [redacted].

All of which is to say that the authority that the government has been pointing to for years to show how great Title VII is is really a dumpster fire of compliance problems.

And still, we know very little about how this authority is used.

The number of Americans affected is not huge — roughly 80 people approved under 704 plus anyone approved for domestic FISA order that goes overseas (though that would almost certainly include Carter Page). Still, if this is supposed to be the big protection Americans overseas receive, it hasn’t been providing much protection.

In the wake of the Comey firing, particularly given the way Deputy Attorney General Rod Rosenstein let himself serve as a pawn, many people have renewed their call for “a special prosecutor.” In the short term, however, I believe Dana Boente — that is, the status quo — is a better solution.

As a reminder, Dana Boente is the US Attorney of Eastern District of VA. With Rosenstein’s confirmation as DAG, Boente is the last remaining confirmed US Attorney in the United States. Boente’s office is overseeing at least two parts of the Russian investigation: the generalized investigation into Wikileaks, and the investigation into Trump’s campaign. The latter investigation recently issued subpoenas to Mike Flynn associates. There are reportedly parts of the investigation in three other places: some work being done in Main Justice, as well a a team investigating Guccifer 2.0/Shadow Brokers in San Francisco, and a team investigating the Russian hackers in Pittsburgh.

But the bulk of what people think of as “the Russian investigation” — the investigation into Trump’s cronies — is happening in EDVA, overseen by The Last USA.

In addition to reporting up to Rosenstein as DAG and Rosenstein as Acting AG for the Russian investigation, Boente just took over as Acting Assistant Attorney General for National Security Division — the office that reviews things like FISA orders. That means Boente — for better and worse — has more authority, on several levels, than a “Special Counsel” would have.

First, note I use the term “Special Counsel,” not “Special Prosecutor.” Ken Starr was a Special Prosecutor, but in the wake of his fiasco and given persistent questions about the constitutionality of having someone who was totally independent from the structure of DOJ prosecuting people, Congress got rid of the provision supporting Special Prosecutors.

So if Rod Rosenstein wanted to appoint someone “independent” to oversee the Russian investigation, he’d have to use the Special Counsel provision.

While I think it is permissible to hire someone from outside of DOJ to do that job (so it is possible he could call up corporate lawyer Pat Fitzgerald for his third ride on the Special Counsel merry-go-round to, in dramatic fashion, save the investigation undercut by the firing of his good friend Jim Comey), in practice the recent Special Counsel appointments (the UndieBomb 2.0 leak investigation, the StuxNet leak investigation, the John Kiriakou prosecution, the Torture investigation, and the Plame investigation) have all been DOJ prosecutors, either US Attorneys (in all but one case) or an Assistant USA Attorney, in the case of John Durham’s whitewash of torture. Plus, while Fitz is still well-loved at DOJ and FBI as far as I know, if Rosenstein appointed him, I bet Trump would fire him within minutes because he’s sure as hell not going to be “loyal.” And because of Fitz’ past gunning hard for Cheney and Bush, many Republicans might not put up much of a stink there.

If Rosenstein were to adhere to the practice of naming existing DOJ prosecutors, though, it’d mean he’d be choosing between Boente, The Last USA, or an AUSA (perhaps one of the ones who recently reported to him in MD). In both cases, the Special Counsel would report to Rosenstein for AG approvals (as Pat Fitz reported to Jim Comey for the Plame case).

You can see quickly why Boente is the preferable option. First, there’s no reason to believe he isn’t pursuing the investigation (both investigations, into Wikileaks and Trump’s associates) with real vigor. He is a hard ass prosecutor and if that’s what you want that’s what you’d get. His grand jury pool is likely to be full of people with national security backgrounds or at least a predisposition to be hawks.

But — for better and worse — Boente actually has more power than a Special Counsel would have (and more power than Fitz had for the Plame investigation), because he is also in charge of NSD, doing things like approving FISA orders on suspected Russian agents. I think there are problems with that, particularly in the case of a possible Wikileaks prosecution. But if you want concentrated power, Boente is a better option than any AUSA. With the added benefit that he’s The Last USA, which commands some real respect.

Sure. If next week Trump calls Boente to dinner and demands his loyalty on threat of firing, this may change. But the same logic that people are using with a Special Counsel (that if Trump fired that person, maybe then Republicans in Congress would want something more independent) holds for Boente. Firing The Last USA ought to be as incendiary as firing an AUSA, assuming anything will be.

In her opinion approving the April 26 certifications (which may be one of the most unimpressive FISC opinions I’ve read), Rosemary Collyer borrowed heavily on the 2015 authorization in finding this year’s constitutional. As such she refers to Thomas Hogan’s imposition of a reporting requirement for any back door searches “in which FBI personnel receive and review Section 702-acquired information that the FBI identifies as concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information.”

She then describes the one incident reported this year: basically an Agent seeing an email of someone referring to violence toward children. The Agent searched on the person who allegedly committed the violence and the names of the children, only to find the same email again. The Agent reported the suspected child abuse to the local child protective services.

But, she reveals, no one reported this until DOJ’s National Security Division asked about such reporting during their review.

The Court notes, however, that the FBI did not identify those queries as responsive to the Court’s reporting requirement until NSD asked whether any such queries had been made in the course of gathering information about the Section I.F dissemination. Notice at 2. The Court is carrying forward this reporting requirement and expects the government to take further steps to ensure compliance with it.

There are several reasons this is troublesome.

First, the incident would have gone unreported unless someone felt obliged to be honest when asked specifically about it (ODNI/DOJ don’t do reviews in all field offices, so not everyone will get asked).

Moreover, the incident got reported not because it was “receive[d] and reviewe[d],” but because it was disseminated. So there may be a great deal of back door searches that get received and reviewed but because they don’t constitute evidence of a crime, aren’t disseminated, with the consequent paper trail.

Finally, this means certain kinds of criminal searches won’t be reported: those where FBI gets a criminal tip, then looks on their 702 data, only to find something they might use to coerce informants. Information used to coerce informants would suddenly become foreign intelligence information, so no longer subject to the reporting requirement.

To meet the actual requirement from FISC — rather than the one they’re willing to comply with — FBI needs to dramatically restructure the compliance to this reporting requirement, to measure when a search is done for criminal purposes, and then — as soon as an agent conducts that review — gets noticed to the FISC.

Of course, that would require precisely the kind of tracking the FBI has refused to do. Their arbitrary rewriting of this requirement demonstrates why.

Update: In application for certificates submitted on September 26, 2016, DOJ said this about its back door searches:

In a latter filed on December 4, 2015, the government noted that there is no automated way for the FBI to track whether a query is run solely for a foreign intelligence purpose, to extract evidence of a crime, or both. However, the December 4, 2015 letter detailed the processes the FBI put in place to attempt to identify those queries that are run in FBI systems containing raw 702-acquired information after December 4, 2015, that are designed to extract evidence of a crime. In addition, the December 4, 2015 letter explained that FBI had issued guidance to its personnel about this reporting requirement and the process to enable FBI to centrally track such scenarios and report any such queries to NSD that would fall under the reporting requirement described above. Additionally, NSD conducts minimization reviews in multiple FBI field offices each year. As part of these minimization reviews, NSD and FBI National Security Law Branch have emphasized the above requirements and processes during field office training. Further, during the minimization reviews, NSD audits a sample of queries performed by FBI personnel in the databases storing raw FISA-acquired information, including raw section 702-acquired information. Since December 2015, NSD has reviewed these queries to determine if any such queries were conducted solely for the purpose of retaining evidence of a crime. If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query. Since the above processes were put in place in December 2015, FBI and NSD have not identified any instance in which FBI personnel have received and reviewed section 702-acquired information of or concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information.

There are several key details here.

First, DOJ reported no queries on September 26, which means the query must have happened after that (though it’s not clear whether Collyer’s opinion would reflect the most recent reporting).

It’s also clear DOJ will only find these in spot checks. As DOJ makes clear here (and as was misrepresented at a recent hearing), NSD and ODNI don’t actually visit every FBI office (though I’m sure they hit SDNY, EDNY, DC, EDVA, MD, and NDCA routinely, which are the biggest national security offices). That means there’s not going to be a chance to find many possible queries.

There’s also some fuzzy language here. I’m particularly intrigued by this double usage of “FBI personnel,” as if someone from outside of FBI does review this, perhaps on an analytical contract.

If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query.

Or perhaps FBI calls up NSA and asks them to access the same content?

Finally, it’s clear the definition FBI is using, with respect to “foreign intelligence, crime, or both” permits generalized queries (in part to see if there’s intelligence to use to coerce someone to be an informant) that could serve either purpose. Such an approach cannot measure how much more often someone more likely to talk with a 702 target — like Muslims or Chinese-Americans — get pursued for crimes after a longer assessment decides against using the person as an informant.

Which is another way of saying that this metric is not measuring what Judge Hogan wanted it to measure.