This post took a great deal of time, both in this go-around, and over the years to read all of these opinions carefully. Please consider donating to support this work. 

It often surprises people when I tell them this, but in general, I’ve got a much better opinion of the FISA Court than most other civil libertarians. I do so because I’ve actually read the opinions. And while there are some real stinkers in the bunch, I recognize that the court has long been a source of some control over the executive branch, at times even applying more stringent standards than criminal courts.

But Rosemary Collyer’s April 26, 2017 opinion approving new Section 702 certificates undermines all the trust and regard I have for the FISA Court. It embodies everything that can go wrong with the court — which is all the more inexcusable given efforts to improve the court’s transparency and process since the Snowden leaks. I don’t think she understood what she was ruling on. And when faced with evidence of years of abuse (and the government’s attempt to hide it), she did little to rein in or even ensure accountability for those abuses.

This post is divided into three sections:

• My analysis of the aspects of the opinion that deal with the upstream surveillance
  • Describing upstream searches
  • Refusing to count the impact
  • Treating the problem as exclusively about MCTs, not SCTs
  • Defining key terms
  • Failing to appoint (much less consider) appointing an amicus
  • Approving back door upstream searches
  • Imposing no consequences
• A description of all the documents I Con the Record released — and more importantly, the more important ones it did not release (if you’re in the mood for weeds, start there)
• A timeline showing how NSA tried to hide these violations from FISC

Opinion

The Collyer opinion deals with a range of issues: an expansion of data sharing with the National Counterterrorism Center, the resolution of past abuses, and the rote approval of 702 certificates for form and content.

But the big news from the opinion is that the NSA discovered it had been violating the terms of upstream FISA collection set in 2011 (after violating the terms of upstream FISA set in 2007-2008, terms which were set after Stellar Wind violated FISA since 2002). After five months of trying and failing to find an adequate solution to fix the problem, NSA proposed and Collyer approved new rules for upstream collection. The collection conducted under FISA Section 702 is narrower than it had been because NSA can no longer do “about” searches (which are basically searching for some signature in the “content” of a communication). But it is broader — and still potentially problematic — because NSA now has permission to do the back door searches of upstream collected data that they had, in reality, been doing all along.

My analysis here will focus on the issue of upstream collection, because that is what matters going forward, though I will note problems with the opinion addressing other topics to the extent they support my larger point.

Describing upstream searches

Upstream collection under Section 702 is the collection of communications identified by packet sniffing for a selector at telecommunication switches. As an example, if the NSA wants to collect the communications of someone who doesn’t use Google or Yahoo, they will search for the email address as it passes across circuits the government has access to (overseas, under EO 12333) or that a US telecommunications company runs (domestically, under 702; note many of the data centers at which this occurs have recently changed hands). Stellar Wind — the illegal warrantless wiretap program done under Bush — was upstream surveillance. The period in 2007 when the government tried to replace Stellar Wind under traditional FISA was upstream surveillance. And the Protect America Act and FISA Amendments Act have always included upstream surveillance as part of the mix, even as they moved more (roughly 90% according to a 2011 estimate) of the collection to US-based providers.

The thing is, there’s no reason to believe NSA has ever fully explained how upstream surveillance works to the FISC, not even in this most recent go-around (and it’s now clear that they always lied about how they were using and processing a form of upstream collection to get Internet metadata from 2004 to 2011). Perhaps ironically, the most detailed discussions of the technology behind it likely occurred in 2004 and 2010 in advance of opinions authorizing collection of metadata, not content, but NSA was definitely not fully forthcoming in those discussions about how it processed upstream data.

In 2011, the NSA explained (for the first time), that it was not just collecting communications by searching for a selector in metadata, but it was also collecting communications that included a selector as content. One reason they might do this is to obtain forwarded emails involving a target, but there are clearly other reasons. As a result of looking for selectors as content, NSA got a lot of entirely domestic communications, both in what NSA called multiple communication transactions (“MCTs,” basically emails and other things sent in bundles) and in single communication transactions (SCTs) that NSA didn’t identify as domestic, perhaps because they used Tor or a VPN or were routed overseas for some other reason. The presiding judge in 2011, John Bates, ruled that the bundled stuff violated the Fourth Amendment and imposed new protections — including the requirement NSA segregate that data — for some of the MCTs. Bizarrely, he did not rule the domestic SCTs problematic, on the logic that those entirely domestic communications might have foreign intelligence value.

In the same order, John Bates for the first time let CIA and NSA do something FBI had already been doing: taking US person selectors (like an email address) and searching through already collected content to see what communications they were involved in (this was partly a response to the 2009 Nidal Hasan attack, which FBI didn’t prevent in part because they were never able to pull up all of Hasan’s communications with Anwar al-Awlaki at once). Following Ron Wyden’s lead, these searches on US person content are often called “back door searches” for the way they let the government read Americans’ communications without a warrant. Because of the newly disclosed risk that upstream collection could pick up domestic communications, however, when Bates approved back door searches in 2011, he explicitly prohibited the back door searching of data collected via upstream searches. He prohibited this for all of it — MCTs (many of which were segregated from general repositories) and SCTs (none of which were segregated).

As I’ve noted, as early as 2013, NSA knew it was conducting “many” back door searches of upstream data. The reasons why it was doing so were stupid: in part, because to avoid upstream searches analysts had to exclude upstream repositories from the search query (basically by writing “NOT upstream” in a Boolean query), which also required them realizing they were searching on a US person selector. For whatever reason, though, no one got alarmed by reports this was going on — not NSA’s overseers, not FISC (which reportedly got notices of these searches), and not Congress (which got notices of them in Semiannual reports, which is how I knew they were going on). So the problem continued; I noted that this was a persistent problem back in August, when NSA and DOJ were still hiding the extent of the problems from FISC.

It became clear the problem was far worse than known, however, when NSA started looking into how it dealt with 704 surveillance. Section 704 is the authority the NSA uses to spy on Americans who are overseas. It basically amounts to getting a FISC order to use EO 12333 spying on an American. An IG Report completed in January 2016 generally found 704 surveillance to be a clusterfuck; as part of that, though, the NSA discovered that there were a whole bunch of 704 backdoor searches that weren’t following the rules, in part because they were collecting US person communications for periods outside of the period when the FISC had authorized surveillance (for 705(b) communication, which is the spying on Americans who are simply traveling overseas, this might mean NSA used EO 12333 to collect on an American when they were in the US). Then NSA’s Compliance people (OCO) did some more checking and found still worse problems.

And then the government — the same government that boasted about properly disclosing this to FISC — tried to bury it, basically not even telling FISC about how bad the problem was until days before Collyer was set to approve new certificates in October 2016. Once they did disclose it, Judge Collyer gave NSA first one and then another extension for them to figure out what went wrong. After 5 months of figuring, they were still having problems nailing it down or even finding where the data and searches had occurred. So, finally, facing a choice of ending “about” collection (only under 702 — they can still accomplish the very same thing under EO 12333) or ending searches of upstream data, they chose the former option, which Collyer approved with almost no accountability for all the problems she saw in the process.

Refusing to count the impact

I believe that (at least given what has been made public) Collyer didn’t really understand the issue placed before her. One thing she does is just operate on assumptions about the impact of certain practices. For example, she uses the 2011 number for the volume of total 702 collection accomplished using upstream collection to claim that it is “a small percentage of NSA’s overall collection of Internet communications under Section 702.” That’s likely still true, but she provides no basis for the claim, and it’s possible changes in communication — such as the increased popularity of Twitter — would change the mix significantly.

Similarly, she assumes that MCTs that involve “a non-U.S. person outside the United States” will be “for that reason [] less likely to contain a large volume of information about U.S. person or domestic communications.” She makes a similar assumption (this time in her treatment of the new NCTC raw take) about 702 data being less intrusive than individual orders targeted at someone in the US, “which often involve targets who are United States persons and typically are directed at persons in the United States.” In both of these, she repeats an assumption John Bates made in 2011 when he first approved back door searches using the same logic — that it was okay to provide raw access to this data, collected without a warrant, because it wouldn’t be as impactful as the data collected with an individual order. And the assumption may be true in both cases. But in an age of increasingly global data flows, that remains unproven. Certainly, with ISIS recruiters located in Syria attempting to recruit Americans, that would not be true at all.

Collyer makes the same move when she makes a critical move in the opinion, when she asserts that “NSA’s elimination of ‘abouts’ collection should reduce the number of communications acquired under Section 702 to which a U.S. person or a person in the United States is a party.” Again, that’s probably true, but it is not clear she has investigated all the possible ways Americans will still be sucked up (which she acknowledges will happen).

And she does this even as NSA was providing her unreliable numbers.

The government later reported that it had inadvertently misstated the percentage of NSA’s overall upstream Internet collection during the relevant period that could have been affected by this [misidentification of MCTs] error (the government first reported the percentage as roughly 1.3% when it was roughly 3.7%.

Collyer’s reliance on assumptions rather than real numbers is all the more unforgivable given one of the changes she approved with this order: basically, permitting the the agencies to conduct otherwise impermissible searches to be able to count how many Americans get sucked up under 702.  In other words, she was told, at length, that Congress wants this number (the government’s application even cites the April 22, 2106 letter from members of the House Judiciary Committee asking for such a number). Moreover, she was told that NSA had already started trying to do such counts.

The government has since [that is, sometime between September 26 and April 26] orally notified the Court that, in order to respond to these requests and in reliance on this provision of its minimization procedures, NSA has made some otherwise-noncompliant queries of data acquired under Section 702 by means other than upstream Internet collection.

And yet she doesn’t then demand real numbers herself (again, in 2011, Bates got NSA to do at least a limited count of the impact of the upstream problems).

Treating the problem as exclusively about MCTs, not SCTs

But the bigger problem with Collyer’s discussion is that she treats all of the problem of upstream collection as being about MCTs, not SCTs. This is true in general — the term single communication transaction or SCT doesn’t appear at all in the opinion. But she also, at times, makes claims about MCTs that are more generally true for SCTs. For example, she cites one aspect of NSA’s minimization procedures that applies generally to all upstream collection, but describes it as only applying to MCTs.

A shorter retention period was also put into place, whereby an MCT of any type could not be retained longer than two years after the expiration of the certificate pursuant to which it was acquired, unless applicable criteria were met. And, of greatest relevance to the present discussion, those procedures categorically prohibited NSA analysts from using known U.S.-person identifiers to query the results of upstream Internet collection. (17-18)

Here’s the section of the minimization procedures that imposed the two year retention deadline, which is an entirely different section than that describing the special handling for MCTs.

Similarly, Collyer cites a passage from the 2015 Hogan opinion stating that upstream “is more likely than other forms of section 702 collection to contain information of or concerning United States person with no foreign intelligence value” (see page 17). But that passage cites to a passage of the 2011 Bates opinion that includes SCTs in its discussion, as in this sentence.

In addition to these MCTs, NSA likely acquires tens of thousands more wholly domestic communications every year, given that NSA’s upstream collection devices will acquire a wholly domestic “about” SCT if it is routed internationally. (33)

Collyer’s failure to address SCTs is problematic because — as I explain here — the bulk of the searches implicating US persons almost certainly searched SCTs, not MCTs. That’s true for two reasons. First, because (at least according to Bates’ 2011 guesstimate) NSA collects (or collected) far more entirely domestic communications via SCTs than via MCTs. Here’s how Bates made that calculation in 2011 (see footnote 32).

NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13.25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Assuming some of this happens because people use VPNs or Tor, then the amount of entirely domestic communications collected via upstream would presumably have increased significantly in the interim period. Indeed, the redaction in this passage likely hides a reference to technologies that obscure location.

If so, it would seem to acknowledge NSA collects entirely domestic communications using upstream that obscure their location.

The other reason the problem is likely worse with SCTs is because — as I noted above — no SCTs were segregated from NSA’s general repositories, whereas some MCTs were supposed to be (and in any case, in 2011 the SCTs constituted by far the bulk of upstream collection).

Now, Collyer’s failure to deal with SCTs may or may not matter for her ultimate analysis that upstream collection without “about” collection solves the problem. Collyer limits the collection of abouts by limiting upstream collection to communications where “the active user is the target of acquisition.” She describes “active user” as “the user of a communication service to or from whom the MCT is in transit when it is acquired (e.g., the user of an e-mail account [half line redacted].” If upstream signatures are limited to emails and texts, that would seem to fix the problem. But upstream wouldn’t necessarily be limited to emails and texts — upstream collection would be particularly valuable for searching on other kinds of selectors, such as an encryption key, and there may be more than one person who would use those other kinds of selectors. And when Collyer says, “NSA may target for acquisition a particular ‘selector,’ which is typically a facility such as a telephone number or e-mail address,” I worry she’s unaware or simply not ensuring that NSA won’t use upstream to search for non-typical signatures that might function as abouts even if they’re not “content.” The problem is treating this as a content/metadata distinction, when “metadata” (however far down in the packet you go) could include stuff that functions like an about selector.

Defining key terms terms

Collyer did define “active user,” however inadequately. But there are a number of other terms that go undefined in this opinion. By far the funniest is when Collyer notes that the government’s March 30 submission promises to sequester upstream data that is stored in “institutionally managed repositories.” In a footnote, she notes they don’t define the term. Then she pretty much drops the issue. This comes in an opinion that shows FBI data has been wandering around in repositories it didn’t belong and indicating that NSA can’t identify where all its 704 data is. Yet she’s told there is some other kind of repository and she doesn’t make a point to figure out what the hell that means.

Later, in a discussion of other violations, Collyer introduces the term “data object,” which she always uses in quotation marks, without explaining what that is.

Failing to appoint (or even consider) amicus

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Approving back door upstream searches

Collyer’s failure to appoint an amicus is most problematic when it comes to her decision to reverse John Bates’ restriction on doing back door searches on upstream data.

To restate what I suggested above, by all appearances, NSA largely blew off the Bates’ restriction. Indeed, Collyer notes in passing that, “In practice, however, no analysts received the requisite training to work with the segregated MCTs.” Given the persistent problems with back door searches on upstream data, it’s hard to believe NSA took that restriction seriously at all (particularly since it refused to consider a technical fix to the requirement to exclude upstream from searches). So Collyer’s approval of back door searches of upstream data is, for all intents and purposes, the sanctioning of behavior that NSA refused to stop, even when told to.

And the way in which she sanctions it is very problematic.

First, in spite of her judgment that ending about searches would fix the problems in (as she described it) MCT collection, she nevertheless laid out a scenario (see page 27) where an MCT would acquire an entirely domestic communication.

Having laid out that there will still be some entirely domestic comms in the collection, Collyer then goes on to say this:

The Court agrees that the removal of “abouts” communications eliminates the types of communications presenting the Court the greatest level of constitutional and statutory concern. As discussed above, the October 3, 2011 Memorandum Opinion (finding the then-proposed NSA Minimization Procedures deficient in their handling of some types of MCTs) noted that MCTs in which the target was the active user, and therefore a party to all of the discrete communications within the MCT, did not present the same statutory and constitutional concerns as other MCTs. The Court is therefore satisfied that queries using U.S.-person identifiers may now be permitted to run against information obtained by the above-described, more limited form of upstream Internet collection, subject to the same restrictions as apply to querying other forms of Section

This is absurd! She has just laid out that there will be some exclusively domestic comms in the collection. Not as much as there was before NSA stopped collecting abouts, but it’ll still be there. So she’s basically permitting domestic communications to be back door searched, which, if they’re found (as she notes), might be kept based on some claim of foreign intelligence value.

And this is where her misunderstanding of the MCT/SCT distinction is her undoing. Bates prohibited back door searching of all upstream data, both that supposedly segregated because it was most likely to have unrelated domestic communications in it, and that not segregated because even the domestic communications would have intelligence value. Bates’ specific concerns about MCTs are irrelevant to his analysis about back door searches, but that’s precisely what Collyer cites to justify her own decision.

She then applies the 2015 opinion, with its input from amicus Amy Jeffress stating that NSA back door searches that excluded upstream collection were constitutional, to claim that back door searches that include upstream collection would meet Fourth Amendment standards.

The revised procedures subject NSA’s use of U.S. person identifiers to query the results of its newly-limited upstream Internet collection to the same limitations and requirements that apply to its use of such identifiers to query information acquired by other forms of Section 702 collection. See NSA Minimization Procedures § 3(b)(5). For that reason, the analysis in the November 6, 2015 Opinion remains valid regarding why NSA’s procedures comport with Fourth Amendment standards of reasonableness with regard to such U.S. person queries, even as applied to queries of upstream Internet collection. (63)

As with her invocation of Bates’ 2011 opinion, she applies analysis that may not fully apply to the question — because it’s not actually clear that the active user restriction really equates newly limited upstream collection to PRISM collection — before her as if it does.

Imposing no consequences

The other area where Collyer’s opinion fails to meet the standards of prior ones is in resolution of the problem. In 2009, when Reggie Walton was dealing with first phone and then Internet dragnet problems, he required the NSA to do complete end-to-end reviews of the programs. In the case of the Internet dragnet, the report was ridiculous (because it failed to identify that the entire program had always been violating category restrictions). He demanded IG reports, which seems to be what led the NSA to finally admit the Internet dragnet program was broken. He shut down production twice, first of foreign call records, from July to September 2009, then of the entire Internet dragnet sometime in fall 2009. Significantly, he required the NSA to track down and withdraw all the reports based on violative production.

In 2010 and 2011, dealing with the Internet dragnet and upstream problems, John Bates similarly required written details (and, as noted, actual volume of the upstream problem). Then, when the NSA wanted to retain the fruits of its violative collection, Bates threatened to find NSA in violation of 50 USC 1809(a) — basically, threatened to declare them to be conducting illegal wiretapping — to make them actually fix their prior violations. Ultimately, NSA destroyed (or said they destroyed) their violative collection and the fruits of it.

Even Thomas Hogan threatened NSA with 50 USC 1809(a) to make them clean up willful flouting of FISC orders.

Not Collyer. She went from issuing stern complaints (John Bates was admittedly also good at this) back in October…

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

… to basically reauthorizing 702 before using the reauthorization process as leverage over NSA.

Of course, NSA still needs to take all reasonable and necessary steps to investigate and close out the compliance incidents described in the October 26, 2016 Notice and subsequent submissions relating to the improper use of U.S.-person identifiers to query terms in NSA upstream data. The Court is approving on a going-foward basis, subject to the above-mentioned requirements, use of U.S.-person identifiers to query the results of a narrower form of Internet upstream collection. That approval, and the reasoning that supports it, by no means suggest that the Court approves or excuses violations that occurred under the prior procedures.

That is particularly troubling given that there is no indication, even six months after NSA first (belatedly) disclosed the back door search problems to FISC, that it had finally gotten ahold of the problem.

As Collyer noted, weeks before it submitted its new application, NSA still didn’t know where all the upstream data lived. “On March 17, 2017, the government reported that NSA was still attempting to identify all systems that store upstream data and all tools used to query such data.” She revealed that  some of the queries of US persons do not interact with “NSA’s query audit system,” meaning they may have escaped notice forever (I’ve had former NSA people tell me even they don’t believe this claim, as seemingly nothing should be this far beyond auditability). Which is presumably why, “The government still had not ascertained the full range of systems that might have been used to conduct improper U.S.-person queries.” There’s the data that might be in repositories that weren’t run by NSA, alluded to above. There’s the fact that on April 7, even after NSA submitted its new plan, it was discovering that someone had mislabeled upstream data as PRISM, allowing it to be queried.

Here’s the thing. There seems to be no way to have that bad an idea of where the data is and what functions access the data and to be able to claim — as Mike Rogers, Dan Coats, and Jeff Sessions apparently did in the certificates submitted in March that didn’t get publicly released — to be able to fulfill the promises they made FISC. How can the NSA promise to destroy upstream data at an accelerated pace if it admits it doesn’t know where it is? How can NSA promise to implement new limits on upstream collection if that data doesn’t get audited?

And Collyer excuses John Bates’ past decision (and, by association, her continued reliance on his logic to approve back door searches) by saying the decision wasn’t so much the problem, but the implementation of it was.

When the Court approved the prior, broader form of upstream collection in 2011, it did so partly in reliance on the government’s assertion that, due to some communications of foreign intelligence interest could only be acquired by such means. $ee October 3, 2011 Memorandum Opinion at 31 & n. 27, 43, 57-58. This Opinion and Order does not question the propriety of acquiring “abouts” communications and MCTs as approved by the Court since 2011, subject to the rigorous safeguards imposed on such acquisitions. The concerns raised in the current matters stem from NSA’s failure to adhere fully to those safeguards.

If problems arise because NSA has failed, over 6 years, to adhere to safeguards imposed because NSA hadn’t adhered to the rules for the 3 years before that, which came after NSA had just blown off the law itself for the 6 years before that, what basis is there to believe they’ll adhere to the safeguards she herself imposed, particularly given that unlike her predecessors in similar moments, she gave up any leverage she had over the agency?

The other thing Collyer does differently from her predecessors is that she lets NSA keep data that arose from violations.

Certain records derived from upstream Internet communications (many of which have been evaluated and found to meet retention standards) will be retained by NSA, even though the underlying raw Internet transactions from which they are derived might be subject to destruction. These records include serialized intelligence reports and evaluated and minimized traffic disseminations, completed transcripts and transcriptions of Internet transactions, [redacted] information used to support Section 702 taskings and FISA applications to this Court, and [redacted].

If “many” of these communications have been found to meet retention standards, it suggests that “some” have not. Meaning they should never have been retained in the first place. Yet Collyer lets an entire stream of reporting — and the Section 702 taskings that arise from that stream of reporting — remain unrecalled. Effectively, even while issuing stern warning after stern warning, by letting NSA keep this stuff, she is letting the agency commit violations for years without any disincentive.

Now, perhaps Collyer is availing herself of the exception offered in Section 301 of the USA Freedom Act, which permits the government to retain illegally obtained material if it is corrected by subsequent minimization procedures.

Exception.–If the Government corrects any deficiency identified by the order of the Court under subparagraph (B), the Court may permit the use or disclosure of information obtained before the date of the correction under such minimization procedures as the Court may approve for purposes of this clause.

Except that she doesn’t cite that provision, nor is there any evidence deficiencies have been corrected.

Which should mean, especially given the way Collyer depends on the prior opinions of Bates and Hogan, she should likewise rely on their practice of treating this as a potential violation of 50 USC 1809(a) to ensure the harm to Americans doesn’t persist. She did no such thing, basically sanctioning the illegal use of back door searches to spy on Americans.

Up until this opinion, I was generally willing to argue for the efficacy of the FISC (even while arguing the job could and should be devolved to district courts for more rigorous testing of the law). But not now. This opinion discredits the entire court.

Last April when Collyer became presiding FISC judge, I pointed to what I considered Rosemary Collyer’s worst FISC decision, which was actually a District Court opinion that permitted the NSA to keep aspects of its upstream problems secret from EFF, which is suing over those same issues. I predicted then that, “I fear she will be a crummy presiding judge, making the FISC worse than it already is.”

In my opinion — as a civil libertarian who has been willing to defend the FISC in the past — with this opinion she has done real damage to any credibility or legitimacy the FISC has.

Update: Latter for former fixed in which choice the Administration picked, h/t CS.

The Documents

Here’s what I Con the Record released.

January 7, 2016 IG Report

This heavily redacted report describes a review of NSA’s compliance with 704/705b of Title VII of FISA, the authority NSA uses to spy on Americans who are located overseas (see my report on the 704 problems here). It was conducted from March through August 2015 and reviewed data from January through March 2015. It basically showed there were no compliance mechanisms in place for 704/705b, and NSA couldn’t even reliably identify the queries that had been conducted under the authority. This report is relevant to the reauthorization, because Americans targeted in individual FISA orders are approved (and almost certainly tasked) by default for 702 back door searches. Though the report was obviously done well before the 702 certifications were submitted on September 26, was not noticed to FISC until days before the court would otherwise have approved the certifications in conjunction with the upstream problems.

September 26, 2016 702 Certification Package 

ICTR released much if not all of the materials submitted for 702 reauthorization on September 2016. The package includes:

Certification cover filing: This is basically the application, which the metadata reveals is actually two parts merged. It describes the changes to the certificates from the past year, most notably a request to share raw 702 data directly from NSA or FBI to NCTC, some tweaks to the FBI targeting and minimization procedures, and permission for NSA, FBI, and CIA to deviate from minimization procedures to develop a count of how many US persons get collected under 702.

The report also describes how the government has fulfilled reporting requirements imposed in 2015. Several of the reports pertain to destroying data it should not have had. The most interesting one is the report on how many criminal queries of 702 data FBI does that result in the retrieval and review of US person data; as I note in this post, the FBI really didn’t (and couldn’t, and can’t, given the oversight regime currently in place) comply with the intent of the reporting requirement.

Very importantly: this application did not include any changes to upstream collection, in large part because NSA did not tell FISC (more specifically, Chief Judge Rosemary Collyer) about the problems they had always had preventing queries of upstream data in its initial application. In NSA’s April statement on ending upstream about collection, it boasts, “Although the incidents were not willful, NSA was required to, and did, report them to both Congress and the FISC.” But that’s a load of horse manure: in fact, NSA and DOJ sat on this information for months. And even with this disclosure, because the government didn’t release the later application that did describe those changes, we don’t actually get to see the government’s description of the problems; we only get to see Collyer’s (I believe mis-) understanding of them.

Procedures and certifications accepted: The September 26 materials also include the targeting and minimization procedures that were accepted in the form in which they were submitted on that date. These include:

• FBI Minimization Procedures
• FBI Targeting Procedures
• FBI Director’s Affidavit
• CIA Minimization Procedures
• CIA Director’s Affidavit
• NCTC Minimization Procedures
• NCTC Director’s Affidavit

Procedures and certificates not accepted: The materials include the documents that the government would have to change before approval on April 26. These include,

• NSA Minimization Procedures
• NSA Targeting Procedures
• DIRNSA Affidavit*
• AG/DNI Certification*

Note, I include the latter two items because I believe they would have had to be resubmitted on March 30, 2017 with the updated NSA documents and the opinion makes clear a new DIRNSA affidavit was submitted (see footnote 10), but the release doesn’t give us those. I have mild interest in that, not least because the AG/DNI one would be the first big certification to FISC signed by Jeff Sessions and Dan Coats.

October 26, 2016 Extension

The October 26 extension of 2015’s 702 certificates is interesting primarily for its revelation that the government waited until October 24, 2016 to disclose problems that had been simmering since 2013.

March 30, 2017 Submissions

The release includes two of what I suspect are at least four items submitted on March 30, which are:

• NSA Minimization Procedures
• NSA Targeting Procedures

April 26, 2017 Opinion

This is the opinion that reauthorized 702, with the now-restricted upstream search component. My comments below largely lay out the problems with it.

April 11, 2017 ACLU Release

I Con the Record also released the FOIAed documents released earlier in April to ACLU, which are on their website in searchable form here. I still have to finish my analysis of that (which includes new details about how the NSA was breaking the law in 2011), but these posts cover some of those files and are relevant to these 702 changes:

• Processing versus handling in 702
• At the Moment NSA Shut Down the PRTT Metadata Dragnet, FISC Permitted It to Query Upstream Metadata
• What Queries of Metadata Derived from Upstream Data Might Include

Importantly, the ACLU documents as a whole reveal what kinds of US persons are approved for back door searches at NSA (largely, but not exclusively, Americans for whom an individual FISA order has already been approved, importantly including 704 targets, as well as more urgent terrorist targets), and reveal that one reason NSA was able to shut down the PRTT metadata dragnet in 2011 was because John Bates had permitted them to query the metadata from upstream collection.

Not included

Given the point I noted above — that the application submitted on September 26 did not address the problem with upstream surveillance and that we only get to see Collyer’s understanding of it — I wanted to capture the documents that should or do exist that we haven’t seen.

• October 26, 2016 Preliminary and Supplemental Notice of Compliance Incidents Regarding the Querying of Section 702-Acquired Data
• January 3, 2017: Supplemental Notice of Compliance Incidents Regarding the Querying of Section 702-Acquired Data
• NSA Compliance Officer (OCO) review covering April through December 2015
• OCO review covering April though July of 2016
• IG Review covering first quarter of 2016 (22)
• January 27, 2017: Letter In re: DNI/AG 702(g) Certifications asking for another extension
• January 27, 2017: Order extending 2015 certifications (and noting concern with “important safeguards for interests protected by the Fourth Amendment”)
• March 30, 2017: Amendment to [Certificates]; includes (or is) second explanatory memo, referred to as “March 30, 2017 Memorandum” in Collyer’s opinion; this would include a description of the decision to shut down about searches
• March 30, 2017 AG/DNI Certification (?)
• March 30, 2017 DIRNSA Certification
• April 7, 2017 preliminary notice

Other Relevant Documents

Because they’re important to this analysis and get cited extensively in Collyer’s opinion, I’m including:

• October 3, 2011 John Bates 702 Opinion
• November 6, 2015 Thomas Hogan 702 Opinion

Timeline

November 30, 2013: Latest possible date at which upstream search problems identified

October 2014: Semiannual Report shows problems with upstream searches during period from June 1, 2013 – November 30, 2013

October 2014: SIGINT Compliance (SV) begins helping NSD review 704/705b compliance

June 2015: Semiannual Report shows problems with upstream searches during period from December 1, 2013 – May 31, 2014

December 18, 2015: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

January 7, 2016: IG Report on controls over §§704/705b released

January 26, 2016: Discovery of error in upstream collection

March 9, 2016: FBI releases raw data

March 18, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

May and June, 2016: Discovery of querying problem dating back to 2012

May 17, 2016: Opinion relating to improper retention

June 17, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

August 24, 2016: Pre-tasking review update

September 16, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

September 26, 2016: Submission of certifications

October 4, 2016: Hearing on compliance issues

October 24, 2016: Notice of compliance errors

October 26, 2016: Formal notice, with hearing; FISC extends the 2015 certifications to January 31, 2017

November 5, 2016: Date on which 2015 certificates would have expired without extension

December 15, 2016: James Clapper approves EO 12333 Sharing Procedures

December 16, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

December 29, 2016: Government plans to deal with indefinite retention of data on FBI systems

January 3, 2017: DOJ provides supplemental report on compliance programs; Loretta Lynch approves new EO 12333 Sharing Procedures

January 27, 2017: DOJ informs FISC they won’t be able to fully clarify before January 31 expiration, ask for extension to May 26; FISC extends to April 28

January 31, 2007: First extension date for 2015 certificates

March 17, 2017:Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA; Probable halt of upstream “about” collection

March 30, 2016: Submission of amended NSA certifications

April 7, 2017: Preliminary notice of more query violations

April 28, 2017: Second extension date for 2015 certificates

May 26, 2017: Requested second extension date for 2015 certificates

June 2, 2017: Deadline for report on outstanding issues

NYT has gotten a lot of heat for letting associates speaking for Jared Kushner who nevertheless refused to be IDed as such provide this explanation for why he asked Sergey Kislyak for a channel of communications that bypassed any US intelligence scrutiny.

Jared Kushner, President Trump’s son-in-law and senior adviser, spoke in December with Russia’s ambassador to the United States about establishing a secret communications channel between the Trump transition team and Moscow to discuss strategy in Syria and other policy issues, according to three people with knowledge of the discussion.

I would defend NYT on two grounds. First, while I’m totally supportive of WaPo (and others) providing anonymity for their sources who are providing highly sensitive details about what went on, they, too, could provide a bit more detail so readers could understand the motives, not least by indicating whether these were Congressional (and therefore partisan) or intelligence sources.

But I also think it highly likely the relationship between the Syria claim and what is really going on is similar to the original NYT explanation of this meeting — that it served to “establish a line of communication” between the Trump Administration and Russia and what has now been disclosed as an effort to establish a line of communication that bypassed all IC scrutiny. That is, I suspect those who shared this excuse believe it and believe it is rational within a larger context, and I believe it describes part of what they know to be going on. (Don’t go nuts just yet — I’m not defending that belief.)

Before I explain what I mean, consider a few more data points.

First, in this appearance, Juliette Kayyem and Steven Hall distinguish what this appears to be — a channel that bypasses the IC — from one that uses a third country (the Pope, in Kayyem’s example of President Obama’s back channel to Cuba) to establish a dialogue with an estranged country, a traditional back channel.

But remember, this is not the only country Kushner was establishing weird communications with. The WaPo story on this reminds of Trump’s secrecy surrounding a meeting between the Sheikh Mohamed bin Zayed al-Nahyan and Kushner, Flynn, and Bannon.

Trump’s advisers were similarly secretive about meetings with leaders from the United Arab Emirates. The Obama White House only learned that the crown prince of Abu Dhabi was flying to New York in December to see Kushner, Flynn and Stephen K. Bannon, another top Trump adviser, because U.S. border agents in the UAE spotted the Emirate leader’s name on a flight manifest.

And WaPo ties that meeting to a meeting, brokered by UAE, between Erik Prince and a Putin confidante on January 11.

Now consider National Security Adviser H.R. McMaster’s take on all this. First, he’s not all that concerned that his boss’ son-in-law tried to set up a channel of communication using an adversary’s facilities. According to him, they do this all the time!

“We have back-channel communications with any number of individual (countries). So generally speaking, about back-channel communications, what that allows you to do is communicate in a discreet manner,” McMaster said.

“So it doesn’t pre-expose you to any sort of content or any kind of conversation or anything. So we’re not concerned about it.”

Actually, he does have a point there. There’s the Emirates meeting, but there’s also Mike Flynn’s discussions of kidnapping Fethullah Gulen at the behest of Recep Erdogan. You might even include Rudy Giuliani’s intervention in the Reza Zarrab case.

As if McMaster’s lackadaisical attitude about Kushner’s attempt to use Russia’s facilities isn’t weird enough, though, there’s something else. Even before he made this weird defense of Kushner’s back channels, McMaster was excluded from at least one meeting on Trump’s overseas trip: that between Trump and Bibi Netanyahu.

National security advisor H.R. McMaster was left out of a meeting between President Donald Trump and Israeli Prime Minister BenjaminNetanyahu on Monday, a move that raised eyebrows among officials.

According to Kafe Knesset, Trump met with Netanyahu Monday evening, starting with a one-on-one meeting. The forum was soon expanded by several advisors on each side, including Jared Kushner, Jason Greenblatt and Ambassador David Friedman on the U.S. side, according to Israeli officials.

Secretary of State Rex Tillerson was also later invited to the expanded meeting, per an official, but “McMaster sat outside the King David room during the course of the entire meeting.”

So perhaps we can add Israel to the list of countries that Kushner has been establishing back channel communications with.

For better or worse, a back channel with Israel by itself would never get you accused of treason in the US. But I do find it interesting given the underlying precedent to Devin Nunes’ complaints about “unmasking:” the earlier collection of conversations in which Bibi told Members of Congress what the Obama Administration’s plans were with respect to Iran. The conversations of Trump associates that Nunes was outraged were unmasked didn’t involve Russia, he said, but did they involve Israel? Or Turkey or the Emirates?

With all that in mind, consider what the purported Middle East peace that Kushner has reportedly been crafting would actually look like. It’d include unlimited support for Israeli occupation of Palestine. Bashar al-Assad would be ousted, but in a way that would permit Russia a strategic footprint, perhaps with sanction of its occupation of Crimea and Donetsk as well. It’d sanction the increasing authoritarianism in Turkey. It’s sanction Saudi Arabia’s ruthless starvation of Yemen. It’d fuck over the Kurds.

And it’d mean war with Iran.

Trump took steps towards doing most of those things on his trip, not least with his insane weapons deal with Saudi Arabia, itself premised on a formal detachment of weapons sales from any demands for respect for human rights. Of particular note, Trump claimed to be establishing a great peace initiative with Islamic countries, even when discussing meetings that treated Iran (and by association most Shia Muslims) as an enemy.

Several days ago in Saudi Arabia, I met with the leaders of the Muslim world and Arab nations from all across the region. It was an epic gathering. It was an historic event. Kind Salman of Saudi Arabia could not have been kinder, and I will tell you, he’s a very wise, wise man. I called on these leaders and asked them to join in a partnership to drive terrorism from their midst, once and for all. It was a deeply productive meeting. People have said there had really never been anything even close in history. I believe that. Being there and seeing who was there and hearing the spirit and a lot of love, there has never been anything like that in history. And it was an honor to be involved.

Kushner’s “peace plan” is not so much a plan for peace. It’s a plan for a complete remapping of the Middle East according to a vision the Israelis and Saudis have long been espousing (and note the multiple nods on Trump’s trip to the growing alliance between the two, including Trump’s flight directly from Riyadh to Tel Aviv and Bibi’s comment on “common dangers are turning former enemies into partners”). It’s a vision for still more oppression (a view that Trump supports globally, in any case).

Yes, it’d probably all be accomplished with corrupt self-enrichment on the part of all players.

And it’d likely be a complete clusterfuck.

Which is why you’d want to keep all of that — not just the conversations in which you persuade Russia to ditch Iran as an ally, but also the conversations where you reverse long-standing policy with Israel and America’s embrace of human rights — from the intelligence community.

Because the actual experts, the people who’ve long played a game with our frenemies Israel, Saudi Arabia, and Turkey (and a battle with our adversaries like Russia), would explain all the problems with the plan.

I get why the focus on Russia is important, here.

But what if that focus is preventing us from seeing the vast forest of a horribly realigned American foreign policy for one Russian birch tree?

This post has been updated.

Update: A longtime (but anonymous) friend of the blog sent this humorous interpretation.

Zbigniew Brezezinski passed away today of cancer at the age of 89. My condolences to his family.

I share(d) a birthday with him, and once slept in a room he used during the first cabinet meetings of the Carter Administration. So I’ve always had some curiosity about, if not quite affinity to, him.

Perhaps as a result I’ve always been acutely aware that he is the man who set off the chain of events, 38 years ago, that has led to the war on terror (without even — as he optimistically claimed in 1998 — ending the Cold War). Here’s the 1998 interview where he boasted of the decision.

Q: The former director of the CIA, Robert Gates, stated in his memoirs [“From the Shadows”], that American intelligence services began to aid the Mujahadeen in Afghanistan 6 months before the Soviet intervention. In this period you were the national security adviser to President Carter. You therefore played a role in this affair. Is that correct?

Brzezinski: Yes. According to the official version of history, CIA aid to the Mujahadeen began during 1980, that is to say, after the Soviet army invaded Afghanistan, 24 Dec 1979. But the reality, secretly guarded until now, is completely otherwise: Indeed, it was July 3, 1979 that President Carter signed the first directive for secret aid to the opponents of the pro-Soviet regime in Kabul. And that very day, I wrote a note to the president in which I explained to him that in my opinion this aid was going to induce a Soviet military intervention.

Q: Despite this risk, you were an advocate of this covert action. But perhaps you yourself desired this Soviet entry into war and looked to provoke it?

Brzezinski: It isn’t quite that. We didn’t push the Russians to intervene, but we knowingly increased the probability that they would.

Q: When the Soviets justified their intervention by asserting that they intended to fight against a secret involvement of the United States in Afghanistan, people didn’t believe them. However, there was a basis of truth. You don’t regret anything today?

Brzezinski: Regret what? That secret operation was an excellent idea. It had the effect of drawing the Russians into the Afghan trap and you want me to regret it? The day that the Soviets officially crossed the border, I wrote to President Carter: We now have the opportunity of giving to the USSR its Vietnam war. Indeed, for almost 10 years, Moscow had to carry on a war unsupportable by the government, a conflict that brought about the demoralization and finally the breakup of the Soviet empire.

Q: And neither do you regret having supported the Islamic [integrisme], having given arms and advice to future terrorists?

Brzezinski: What is most important to the history of the world? The Taliban or the collapse of the Soviet empire? Some stirred-up Moslems or the liberation of Central Europe and the end of the cold war?

Of course, while the Cold War may have paused, it’s back in full swing now, and Sunni extremists continue to wreak havoc on targets within and outside of the Middle East.

Zbig’s blowback has officially outlived the man. May we remember the soldiers, of every country, who have died as a result this Memorial Day weekend. Rest in Peace.

Just when I thought we’d have a long weekend without a big news dump, the WaPo published its story revealing Jared Kushner asked Sergey Kislyak to set up a channel of communication with Russia at Russian facilities at a meeting in early December.

Jared Kushner and Russia’s ambassador to Washington discussed the possibility of setting up a secret and secure communications channel between Trump’s transition team and the Kremlin, using Russian diplomatic facilities in an apparent move to shield their pre-inauguration discussions from monitoring, according to U.S. officials briefed on intelligence reports.

Ambassador Sergei Kislyak reported to his superiors in Moscow that Kushner, then President-elect Trump’s son-in-law and confidant, made the proposal during a meeting on Dec. 1 or 2 at Trump Tower, according to intercepts of Russian communications that were reviewed by U.S. officials. Kislyak said Kushner suggested using Russian diplomatic facilities in the United States for the communications.

The meeting also was attended by Michael Flynn, Trump’s first national security adviser.

That story — and additional details on Kushner’s discussions with UAE — is the big headliner.

But the fascinating detail is that WaPo received an anonymous letter with details of this meeting — and other things that the WaPo suggests it may not yet have confirmed — in mid-December.

The Post was first alerted in mid-December to the meeting by an anonymous letter, which said, among other things, that Kushner had talked to Kislyak about setting up the communications channel. This week, officials, who reviewed the letter and spoke on condition of anonymity to discuss sensitive intelligence, said the portion about the secret channel was consistent with their understanding of events.

For instance, according to those officials and the letter, Kushner conveyed to the Russians that he was aware it would be politically sensitive to meet publicly, but it was necessary for the Trump team to be able to continue their communication with Russian government officials.

In addition to their discussion about setting up the communications channel, Kushner, Flynn and Kislyak also talked about arranging a meeting between a representative of Trump and a “Russian contact” in a third country whose name was not identified, according to the anonymous letter.

So who could have sent the letter?

First, consider the timing. The letter was sent within a few weeks of the meeting itself. In between the meeting and sending of the letter, these very same reporters got the scoop that the CIA believed Russia affirmatively wanted Trump elected, a scoop that pre-empted the President’s call for a report on Russian tampering in the election. A week later, two of these reporters got another confirmation that John Brennan said the other agencies agreed with him on the view that Putin wanted Trump elected.

The letter also got received a few days after John McCain got a copy of Christopher Steele’s dossier (reportedly on December 9), followed just four days later by the last known and by far most incendiary installment of the dossier, which for the first time accused Trump’s campaign of paying the DNC hackers.

In other words, WaPo received the letter at a time when the IC was dumping a ton of information implicating Trump. So perhaps it was a spook who heard Kislyak’s description of the meeting on an intercept.

The dominant narrative on those intercepts, however, has said that the IC wasn’t listening closely to Kislyak intercepts until after Russia did not retaliate in response to the hacking sanctions imposed on December 28, and didn’t find the incriminating Mike Flynn conversations until around January 3. If that’s right, then the IC wouldn’t have heard about this meeting until weeks after the letter was sent. [Update: the NYT version of this–which appears to be damage control from the White House–cites a senior American official stating that they learned about this conversation “several months ago,” which would put it after the letter was sent.]

Of course, with the FBI and CIA getting their own raw feeds of data, it’s possible one agency listened to the intercepts (and had the language skills to understand them) before another did. It’s possible, for example, CIA learned about the meeting before FBI did so in the aftermath of the sanctions concerns.

It’s also possible that the Russians sent the letter — or even that Kislyak made up the Kushner claim as disinformation (remember, by this point there were leaks about FISA orders, with reports that Russian interlocutors were changing their communication habits). But it’s unclear what Russia would have to gain by sending a letter in December, rather than waiting until Kushner had compromised himself. Doing so would eliminate all the control they had gained with the information.

Which (barring a spook sending the letter) would seem to leave a Trump associate. Reportedly, WaPo’s Miller said that the letter appears to come from someone inside the Trump transition. Anyone else at the meeting would seem to be an immediate target for Trump retaliation. Though it is possible that Mike Flynn sent the letter, realizing he was getting set up by Trump, which would make the delay in reporting this detail rather interesting. That said, he would have little reason to do so in December, as opposed to now, given that he faces criminal investigation.

Outside of Flynn, though, it’s not clear many people knew this meeting ever happened, much less what happened in it. The meeting was first disclosed by the New Yorker, following which the White House quickly added (in a story to the NYT) Flynn to the story — suggesting he, and not the President’s son-in-law suggested the communication channel.

Michael T. Flynn, then Donald J. Trump’s incoming national security adviser, had a previously undisclosed meeting with the Russian ambassador in December to “establish a line of communication” between the new administration and the Russian government, the White House said on Thursday.

Jared Kushner, Mr. Trump’s son-in-law and now a senior adviser, also participated in the meeting at Trump Tower with Mr. Flynn and Sergey I. Kislyak, the Russian ambassador. But among Mr. Trump’s inner circle, it is Mr. Flynn who appears to have been the main interlocutor with the Russian envoy — the two were in contact during the campaign and the transition, Mr. Kislyak and current and former American officials have said.

[snip]

“They generally discussed the relationship and it made sense to establish a line of communication,” Ms. Hicks said. “Jared has had meetings with many other foreign countries and representatives — as many as two dozen other foreign countries’ leaders and representatives.”

The Trump Tower meeting lasted 20 minutes, and Mr. Kushner has not met since with Mr. Kislyak, Ms. Hicks said.

It later became clear that Kushner hadn’t even shared that meeting with White House staffers (presumably including Don McGahn) when responding the Mike Flynn firing, much less included them on his security clearance form.

The extent of Mr. Kushner’s interactions with Mr. Kislyak caught some senior members of Mr. Trump’s White House team off guard, in part because he did not mention them last month during a debate then consuming the White House: how to handle the disclosures about Mr. Flynn’s interactions with the Russian ambassador.

Ms. Hicks said that Mr. Trump had authorized Mr. Kushner to have meetings with foreign officials that he felt made sense, and to report back to him if those meetings produced anything of note. She said that because in Mr. Kushner’s view the meetings were inconsequential, it did not occur to him to mention them to senior staff members earlier.

“There was nothing to get out in front of on this,” she said.

So there wouldn’t be that many transition staffers who would know of the meeting by mid-December.

That said, one person who knew about the meeting ahead of time was Marshall Billingslea, who tried to warn Flynn about Kislyak. And his request for the Kislyak profile would have alerted the CIA to his concerns about the meeting.

In any case, there are now reports of still more Kushner communications with Kislyak coming out, going back to April 2016. So the FBI sure has a lot to review.

Update: As others have pointed out, at 8:30 there’s a more detailed description of the typed letter, received December 12.

Laura Rozen has me worried.

She pointed to this CNN article — posted sometime this afternoon — describing Sheldon Whitehouse’s worries that the scope of the DOJ inquiry into Trump and Russia might conflict with the Congressional inquiries.

Sen. Sheldon Whitehouse, the top Democrat on a Judiciary subcommittee, told CNN Thursday that it’s possible Flynn is cooperating with the Justice Department — and that Capitol Hill has not been kept in the loop. He warned that congressional probes that have subpoenaed Flynn for records could undercut Mueller’s investigation if the former national security adviser is secretly working with the Justice Department as part of its broader investigation into possible collusion between Russian officials and Trump associates during the campaign season.

“There is at least a reasonable hypothesis that Mike Flynn is already cooperating with the DOJ investigation and perhaps even has been for some time,” said Whitehouse, a Rhode Island Democrat.

Whitehouse added he had no direct evidence to suggest that Flynn is cooperating with the Justice Department. But he said there is circumstantial evidence to suggest that it could be the case, saying Mueller must immediately detail the situation to “deconflict” with probes on the Hill to “make sure that congressional investigations aren’t inadvertently competing with DOJ criminal investigations.”

[snip]

The Rhode Island Democrat said there are number of factors that suggest Flynn is working the Justice Department in its probe. He pointed out that “all reporting indicates they’ve got him dead to rights on a false statement felony” in his private interview with the FBI over his conversations last year with Russian Ambassador Sergey Kislyak. He also noted that Flynn has gone silent and retroactively signed on as a foreign agent to Turkey. And he noted that a federal grand jury has been summoned and has issued subpoenas to Flynn associates.

“So none of that proves anything but it’s all consistent with the hypothesis that he’s already cooperating,” Whitehouse told CNN.

“But that’s certainly a hypothetical case of a time when we do need need this de-confliction apparatus in place to make sure that congressional investigations aren’t inadvertently competing DOJ criminal investigations.”

Now, in point of fact, that deconfliction has already happened — or at least started. That’s what a May 11 meeting between Rod Rosenstein, Richard Burr, and Mark Warner was described as at the time.

Rosenstein was tight-lipped as he entered and emerged from a secure facility Thursday on Capitol Hill, where he huddled with Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and Vice Chairman Mark R. Warner (D-Va.). The senators said the meeting had been scheduled before Comey’s ouster to discuss “deconfliction” — keeping the FBI’s and committee’s investigations of alleged ties between the Trump campaign and the Russian government from stepping on each other’s toes.

According to reports, the meeting was scheduled before the Jim Comey ouster, so it should reflect the scope of what he was investigating, and therefore presumably resembles the scope of what Robert Mueller will investigate.

But there are three reasons why Whitehouse might be justified in worrying that Congress might fuck up what DOJ is investigating.

Obviously, the first is Mueller: the Comey firing might have reflected some new investigative approach (including Flynn immunity), or Mueller, because of the firing, might be scoping the investigation differently.

A second is jurisdiction. Whitehouse and Lindsey Graham have assumed jurisdiction over the Russia investigation for their subcommittee — and the Senate Judiciary Committee obviously should oversee the FBI. So it may be that former US Attorney Sheldon Whitehouse wants to have a deconflicting conversation for himself, because he knows how investigations work (and for all we know is getting tips from DOJ).

The other is another announcement from this afternoon: that the Senate Intelligence Committee had voted to give Chair Richard Burr and Vice Chair Mark Warner the ability to issue subpoenas themselves going forward, without consulting the committee.

The leaders of the Senate Intelligence Committee now have broad authority to issue subpoenas in the Russia investigation without a full committee vote, Chairman Richard Burr (R-N.C.) said Thursday.

The panel voted unanimously to give Burr and Vice Chairman Mark Warner (D-Va.) the blanket authority for the duration of the investigation into Russia’s election meddling and possible collusion with President Trump’s campaign.

The two Senate leaders must be in agreement in order to issue an order.

Now, as the article notes, thus far, the committee has asked for documents, not testimony. My suspicion is this might have more to do with ensuring Comey’s testimony — promised after Memorial Day — is “compelled” in such a way that DOJ can’t object.

Nevertheless, the power to subpoena does grant someone (like former Trump National Security Advisor Richard Burr) the ability to fuck with the DOJ investigation by potentially working at cross-purposes. To grant immunity (and therefore to fuck up the investigation as happened in Iran-Contra), I think Burr would still need the support of the committee.

Still, this still gives Burr far more power to thwart the investigation, with only Mark Warner (who unlike Whitehouse has never been a prosecutor) to prevent it.

In theory, I think Whitehouse is just pushing for jurisdiction (and for the ability to demand the same kind of deconfliction conversation Burr and Warner have gotten).

But upon reflection, I don’t think his concerns are entirely unjustified.

In any case, I trust Whitehouse (with whatever leftover ties he has to DOJ) to do this review more than Mark Warner.

Update: Burr told Bloomberg he has had a deconfliction conversation with Mueller.

Senate Intelligence Chairman Richard Burr, a Republican from North Carolina, said he has contacted Mueller to discuss their parallel probes of Russian meddling.

The WaPo has an utterly dispiriting story providing more detail on a document first revealed in this big NYT story on Jim Comey. Here’s how the NYT described it:

During Russia’s hacking campaign against the United States, intelligence agencies could peer, at times, into Russian networks and see what had been taken. Early last year, F.B.I. agents received a batch of hacked documents, and one caught their attention.

The document, which has been described as both a memo and an email, was written by a Democratic operative who expressed confidence that Ms. Lynch would keep the Clinton investigation from going too far, according to several former officials familiar with the document.

Read one way, it was standard Washington political chatter. Read another way, it suggested that a political operative might have insight into Ms. Lynch’s thinking.

[snip]

The document complicated that calculation, according to officials. If Ms. Lynch announced that the case was closed, and Russia leaked the document, Mr. Comey believed it would raise doubts about the independence of the investigation.

But as the WaPo reveals, the document was not an email, but rather a Russian document purportedly reporting on email. And while in August the FBI deemed the document a hoax, it took five months — covering the all important July announcement ending the Hillary investigation — to get to that point.

The document, obtained by the FBI, was a piece of purported analysis by Russian intelligence, the people said. It referred to an email supposedly written by the then-chair of the Democratic National Committee, Rep. Debbie Wasserman Schultz (D-Fla.), and sent to Leonard Benardo, an official with the Open Society Foundations, an organization founded by billionaire George Soros and dedicated to promoting democracy.

The Russian document did not contain a copy of the email, but it described some of the contents of the purported message.

[snip]

Comey had little choice, these people have said, because he feared that if Lynch announced no charges against Clinton, and then the secret document leaked, the legitimacy of the entire case would be questioned.

From the moment the bureau received the document from a source in early March 2016, its veracity was the subject of an internal debate at the FBI. Several people familiar with the matter said the bureau’s doubts about the document hardened in August when officials became more certain that there was nothing to substantiate the claims in the Russian document. FBI officials knew the bureau never had the underlying email with the explosive allegation, if it ever existed.

Yet senior officials at the bureau continued to rely on the document as part of their justification for how they handled the case before and after the election.

As the WaPo lays out, the FBI hadn’t even asked Loretta Lynch, much less the other participants in the alleged emails, about them before Comey used the document to justify his July statement on the investigation into Hillary’s emails. They simply relied on it, in spite of the way a Debbie Wasserman Schultz and George Soros screams of the worst kind of fevered misinformation that circulated last year. Or, at a minimum, they acted based on the assumption that they couldn’t combat evidently fake news were it to leak.

We talk a lot about dumb ordinary voters who can’t sort through PizzaGate and Seth Rich conspiracies on their own.

But even the FBI, with all the investigative tools you can imagine, was unable to sort through fake news. And that had a role in one of the most significant events in last year’s election.

Parts of the security community have decided that Lazarus, a hacking group associated with North Korea, is behind WannaCry, including the global ransomware attack from a few weeks back. That’s based on significant reuse of code from earlier Lazarus activities.

But to explain certain aspects of the attack — notably, why Lazarus would become incompetent at ransomware after having been perfectly competent at it in the past — proponents of this theory are adopting some curious theories. For example, this — in Symantec’s report on the code reuse — doesn’t make any sense at all.

The small number of Bitcoin wallets used by first version of WannaCry, and its limited spread, indicates that this was not a tool that was shared across cyber crime groups. This provides further evidence that both versions of WannaCry were operated by a single group.

It’s effectively the equivalent of saying, “using just three bitcoin wallets doesn’t make sense [it doesn’t, if your goal is actual ransomware], so we’ll just claim that’s further proof that there must be few people involved.” In interviews, Symantec’s technical director has explained away other inconsistencies in this story by hackers working for a brutal dictator with a penchant for executing those who cross them by suggesting they were moonlighting when they blew up Lazarus’ ransomware by misdeploying it with Eternal Blue.

At the same time, flaws in the WannaCry code, its wide spread, and its demands for payment in the electronic bitcoin before files are decrypted suggest that the hackers were not working for North Korean government objectives in this case, said Vikram Thakur, Symantec’s security response technical director.

“Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had to have source code access,” Thakur said in an interview.

But he added: “We don’t think that this is an operation run by a nation-state.”

With WannaCry, Thakur said, Lazarus Group members could have been moonlighting to make extra money, or they could have left government service, or they could have been contractors without direct obligations to serve only the government.

Krypt3ia has a post making fun of the nonsense theories out there.

• LAZARUS code snippets found in WANNACRY samples
• LAZARUS has been active in stealing large sums of money from banks, as this attack was about ransom and money… well… UNDERPANTS GNOMES AND PROFIT!
• LAZARUS aka Un, would likely love to sow terror by unleashing the digital hounds with malware attacks like this to prove a point, that they are out there and to be afraid.
• LAZARUS aka Un, might have done this not only to sow fear but also to say to President CRAZYPANTS (Official USSS code name btw) “FEAR US AND OUR CYBER PROWESS“
• LAZARUS aka Un, is poor and needs funds so ransoming hospitals and in the end gathering about $100k is so gonna fill the coffers!
• LAZARUS aka UNIT 108 players are “Freelancing” and using TTP’s from work to make MO’ MONEY MO’ MONEY MO’ MONEY (No! Someone actually really floated that idea!)
• LAZARUS is a top flight spooky as shit hacking group that needed to STEAL code from RiskSense (lookit that IPC$ from the pcap yo) to make their shit work.. Huh?

Note the last bullet is a reference to another post he did, where he showed another piece of code in WannaCry was taken from folks working to reverse engineer Eternal Blue for Metasploit. That piece of borrowed code doesn’t permit you to blame the Evil Hermit Kingdom, though, so no one is talking about it.

Perhaps the oddest piece of evidence presented relating the claim North Korea did WannaCry comes from CNBC.

Analysts have been weighing in with various theories on the identity of those behind WannaCry, and some early evidence had pointed to North Korea. The Shadow Brokers endorsed that theory, perhaps to take heat off their own government backers for the disaster.

CNBC must be referring to this passage from Shadow Brokers’ latest screed.

In May, No dumps, theshadowbrokers is eating popcorn and watching “Your Fired” and WannaCry. Is being very strange behavior for crimeware? Killswitch? Crimeware is caring about target country? The oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry. Nukes and cyber attacks, America has to go to war, no other choices! (Sarcasm) No new ZeroDays.

As part of a narrative of how reasonable it was to release all these files after they’ve been patched (all the while threatening far more damaging leaks), Shadow Brokers comments on WannaCry. Importantly, it lays out one detail — the kill switches — that doesn’t make sense if the goal was true ransomware, as well as another detail — “caring about target country”? — that I don’t understand. (Russia was hit badly in the attack, the US very lightly, and there were reports that Arabic speaking countries weren’t hard hit, which I find interesting since it is the one Microsoft supported language that for which a ransomware note was not included.)

But the part that CNBC has read to mean Shadow Brokers endorsed this theory instead does nothing of the sort; if anything, it does the opposite. I read it as a comment about how quickly we go from dodgy attribution to calling for war. And it comes with a sarcasm tag!

Moreover, why would you take Shadow Brokers’ endorsement for anything? Either they did WannaCry (which actually seems to be what CNBC suggests; Krypt3ia makes fun of that possibility, too), in which case any endorsement might be disinformation, or they didn’t do it, and they’d have no more clue who did than the rest of us.

The entire exercise in attribution with WannaCry is particularly odd given the assumptions that it is what it looks like, traditional ransomware, in spite of all the evidence to suggest it is not. And so we’ll just ignore obvious tags, like a “sarcasm” tag, because accounting for such details gets very confusing.

This passage from John Brennan’s testimony about Russia to the House Intelligence Committee yesterday has gotten a lot of attention:

Through the so-called Gang of Eight process, we kept Congress apprised of these issues as we identified them. Again, in consultation with the White House, I personally briefed the full details of our understanding of Russian attempts to interfere with the election to Congressional leadership, specifically Senators Harry Reid, Mitch McConnell, Dianne Feinstein, and Richard Burr, and to Representatives Paul Ryan, Nancy Pelosi, Devin Nunes, and Adam Schiff between 11 August and 6 September. I provided the same briefing to each of the Gang of Eight members.  Given the highly sensitive nature of what was an active counterintelligence case involving an ongoing Russian effort to interfere in our presidential election, the full details of what we knew at the time were shared only with those members of Congress, each of whom was accompanied by one senior staff member. The substance of those briefings was entirely consistent with the main judgments contained in the January classified and unclassified assessments, namely that Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton and harm her electability and potential presidency and to help President Trump’s election chances.

The passage has been used to question why GOP leaders, most especially Mitch McConnell, didn’t react more strongly, particularly given public reports that he wouldn’t sign onto a more aggressive statement about Russian efforts.

As I noted in this post, the record thus far reflects a difference in emphasis (on protecting the election systems rather than on Russian attempts to hurt Clinton).

But I want to look more closely at what Brennan actually said.

His description of the briefings seems to be a denial of what I laid out in this post — the NYT report that he gave Harry Reid a special briefing (one which may have been based on the Christopher Steele dossier) that was more alarming than others.

CIA DIRECTORS SHOULD NOT MEET WITH JUST ONE GANG OF EIGHT MEMBER

The second detail I find most interesting in this story is that John Brennan privately briefed Harry Reid about his concerns about the Russians.

John O. Brennan, the C.I.A. director, was so concerned about the Russian threat that he gave an unusual private briefing in the late summer to Harry Reid, then the Senate Democratic leader.

Top congressional officials had already received briefings on Russia’s meddling, but the one for Mr. Reid appears to have gone further. In a public letter to Mr. Comey several weeks later, Mr. Reid said that “it has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government — a foreign interest openly hostile to the United States.”

While I’m generally sympathetic to Democrats’ complaints that DOJ should have either remained silent about both investigations or revealed both of them, it was stupid for Brennan to give this private briefing (and I hope he gets grilled about it by HPSCI when he testifies in a few weeks). In addition to the things Reid said publicly about the investigation, it’s fairly clear he and his staffers were also behind some of the key leaks here (and, as CNN reported yesterday, leaks about the investigation actually led targets of it to alter their behavior). For reasons beyond what appears in this story, I think it likely Reid served as a cut-out for Brennan.

And that’s simply not appropriate. There may well have been reasons to avoid briefing Richard Burr (who was advising Trump). But spooks should not be sharing information with just one party. CIA did so during its torture cover-up in ways that are particularly troubling and I find this — while not as bad — equally problematic.

When Brennan said he “provided the same briefing to each of the Gang of Eight members,” he might be seen as denying that the briefing to Reid was anything unusual.

Except this NYT article describes Reid’s as taking place in “late summer” and describes top officials as already having received briefings. Another NYT article describes the special briefing for Reid as having taken place on August 25.

In an Aug. 25 briefing for Harry Reid, then the top Democrat in the Senate, Mr. Brennan indicated that Russia’s hackings appeared aimed at helping Mr. Trump win the November election, according to two former officials with knowledge of the briefing.

The officials said Mr. Brennan also indicated that unnamed advisers to Mr. Trump might be working with the Russians to interfere in the election. The F.B.I. and two congressional committees are now investigating that claim, focusing on possible communications and financial dealings between Russian affiliates and a handful of former advisers to Mr. Trump. So far, no proof of collusion has emerged publicly.

Mr. Trump has rejected any suggestion of a Russian connection as “ridiculous” and “fake news.” The White House has also sought to redirect the focus from the investigation and toward what Mr. Trump has said, with no evidence, was President Barack Obama’s wiretapping of phones in Trump Tower during the presidential campaign.

The C.I.A. and the F.B.I. declined to comment for this article, as did Mr. Brennan and senior lawmakers who were part of the summer briefings.

In the August briefing for Mr. Reid, the two former officials said, Mr. Brennan indicated that the C.I.A., focused on foreign intelligence, was limited in its legal ability to investigate possible connections to Mr. Trump. The officials said Mr. Brennan told Mr. Reid that the F.B.I., in charge of domestic intelligence, would have to lead the way.

As described by the NYT, the Reid briefing went beyond what Brennan says he briefed all the Gang of Eight members on, specially with regards to Trump advisors working with Russia. It’s possible Brennan briefed Reid twice.

Much later in the hearing, Trey Gowdy asked Brennan about the Steele dossier. Some of Brennan’s responses — especially his claim not to know who commissioned the Steele dossier; watch him play with his pen — were not all that believable. Brennan went on to say that the CIA didn’t rely on the dossier, but his denial pertained to the IC report on the hack.

It wasn’t part of the corpus of intelligence, uh, information that we had. It was not in any way used as a basis for the intelligence community assessment that was done, uh, it was not.

Note the funny mouth gesture which used to be Brennan’s main “tell.”

Gowdy being Gowdy was not smart enough to ask whether the dossier was ever used in a briefing to members of Congress.

As I have noted, the IC denials pertaining to the dossier are, um, unconvincing (one two three). That’s all the more true given that Steele has admitted to sharing copies of his dossier with his former employer, who would naturally share with Brennan (elsewhere in the hearing Brennan refused to address what our foreign partners had shared with us).

In any case, it seems to me the question is not so much whether McConnell blew off the seriousness of the Brennan warning, but, still, whether Reid received another briefing–perhaps outside that date scope–that included information McConnell didn’t get.

The Trump Administration has a plan to infringe on Americans’ right to bear drones.

It has submitted language carving out an exception in surveillance and hacking laws such that it can track and destroy drones. The idea is a government agent (military or civilian) will be able to track and destroy any drone over a covered facility or operation, with no legal recourse for the owner of the drone.

Covered facilities are basically any stationary structure an agency wants to designate. The legislative language describes the following as covered operations:

(A) any operation that is conducted in the United States by a member of the Armed Forces or a Federal officer, employee, agent, or contractor, that is important to public safety, law enforcement, or national or homeland security, and is designated by the head of a department or agency, consistent with the Federal Government-wide policy issued pursuant to subsection (d); and

(B) may include, but is not limited to, search and rescue operations; medical evacuations; wildland firefighting; patrol and detection monitoring of the United States border; a National Security Special Event or Special Event Assessment Ratings event; a fugitive apprehension operation or law enforcement investigation; a prisoner detention, correctional, or related operation; securing an authorized vessel, whether moored or underway; authorized protection of a person; transportation of special nuclear materials; or a security, emergency response, or military training, testing, or operation.

At one level, I’m sympathetic to the need. There have definitely been cases where drones have disrupted the work of firefighters and drones flying over sporting events (which might be classified as a National Security Special Event) certainly could pose a terrorist threat. And while I’m not aware of any public descriptions of drones being used to spy on military facilities or training, its inclusion here suggests it has happened (which also might explain the seeming urgency). Also, given the emphasis in the language on detecting drones, it’s clear that there are drones going unnoticed that are surveilling facilities and operations.

Still, there are a whole bunch of activities in this list that also rightly deserve oversight, at least from the press. And this language would give the Federal government the ability to blow any press drone out of the air with impunity.

So while I recognize the need to limit drone overflights of certain kinds of activities, this also seems like the completely wrong way to go about infringing on citizens’ right to bear drones. At the very least, the language should include some kind of requirement for notice and appeal, such that the government can’t just arbitrarily decide that it should be immune from the surveillance (literally, “over-sight”) of citizens.

The WaPo reports that Trump called both Admiral Mike Rogers and Dan Coats to ask if they could issue statements denying any collusion between Trump’s campaign and Russia.

Trump made separate appeals to the director of national intelligence, Daniel Coats, and to Adm. Michael S. Rogers, the director of the National Security Agency, urging them to publicly deny the existence of any evidence of collusion during the 2016 election.

Coats and Rogers refused to comply with the requests, which they both deemed to be inappropriate, according to two current and two former officials, who spoke on the condition of anonymity to discuss private communications with the president.

If Trump was calling spooks, he presumably would have called all spooks, including CIA Director Mike Pompeo (with whom he is probably closer than the other two). So why aren’t we hearing about that call? Is Pompeo just better at keeping secrets than his counterparts? Or is he hiding it because he didn’t object as strongly as his counterparts?