Why Did NSA Raise Traffickers for a Story about Drone Killing Terrorists?

October 17, 2013/6 Comments/in Drones, Drug War, Financial Fraud, FISA /by emptywheel

There was an odd statement from NSA in the middle of yesterday’s WaPo story describing how NSA facilitates CIA’s drone mission (click to embiggen).

The NSA is “focused on discovering and developing intelligence about valid foreign intelligence targets, such as terrorists, human traffickers and drug smugglers,” the agency said Wednesday in a statement. “Our activities are directed against valid foreign intelligence targets in response to requirements from U.S. leaders in order to protect the nation and its interests from threats such as terrorism and the proliferation of weapons of mass destruction.” [my emphasis]

While the NSA is finally admitting again their central cybersecurity focus, I believe this is the first time since the Snowden leak that NSA has suggested its “valid foreign intelligence targets” include “human traffickers and drug smugglers.”

It’s not surprising they are, mind you, especially given the Obama Administration’s focus on Transnational Criminal Organizations.

It’s just that the admission comes in a story about NSA’s contributions to drones for which the WaPo explained,

[T]he documents provide the most detailed account of the intricate collaboration between the CIA and the NSA in the drone campaign.

The Post is withholding many details about those missions, at the request of U.S. intelligence officials who cited potential damage to ongoing operations and national security.

It seems the only reason to raise the issue is if some of the materials on drones make it clear they’re being used — if not lethally — against entirely new kinds of targets: human traffickers and drug smugglers (though there have been a slew of stories that they were even used to hunt Chapo Guzman).

Ah well. It’s all moot now. OneKade alerts me that the reference has now been removed from the story.

Poof! All record the NSA and CIA used drones against drug traffickers gone!

Dianne Feinstein Didn’t Mean to Mislead the Senate into Extending FAA, Promise!

October 17, 2013/4 Comments/in FISA, Terrorism /by emptywheel

Charlie Savage has a story describing how, after Solicitor General Don Verrilli got caught lying to SCOTUS about whether defendants busted using FISA Amendments Act would have the opportunity to challenge it in court, DOJ has now decided to adopt a different standard for disclosure of such information.

National security lawyers and a policy advisory committee of senior United States attorneys focused on operational worries: Disclosure risked alerting foreign targets that their communications were being monitored, so intelligence agencies might become reluctant to share information with law enforcement officials that could become a problem in a later trial.

But Mr. Verrilli argued that withholding disclosure from defendants could not be justified legally, officials said. Lawyers with several agencies — including the Federal Bureau of Investigation, the N.S.A. and the office of the director of national intelligence — concurred, officials said, and the division changed the practice going forward.

I’ll return to the import of this debate later.

As part of the story, Savage describes why Adel Daoud, who had been named by Dianne Feinstein last year during the FAA reauthorization debate, won’t get access to any wiretapping information, at least not from her. He links to court documents in which the Senate’s lawyer, Morgan Frankel, claims they don’t have to turn over anything under Speech and Debate, but that in any case, DiFi never meant to suggest FAA had identified the terrorists whose cases she invoked to scare the Senate into reauthorizing FAA.

Here’s what she said (the underlined comments were cited by Frankel):

There is a view by some that this country no longer needs to fear attack. I don’t share that view, and I have asked the intelligence committee staff to compile arrests that have been made in the last 4 years in America that have been made between 2009 and 2012. There are 100 arrests that have been made between 2009 and 2012. There have been 16 individuals arrested just this year alone. Let me quickly review some of these plots. Some of these may arrests [sic] come about as a result of this program. Again, if Members want to see the specific cases where FISA Amendments Act authorities were used, they can go and look at the classified background of these cases.

[lists 9 of the 16 arrests, including Daoud’s]

So I believe the FISA Amendments Act is important and these cases show the program has worked. As the years go on, I believe good intelligence is the most important way to prevent future attacks.

Information gained through programs such as this one — and through other sources as well — is able to be used to prevent future attacks. So, in the past 4 years, there have been 100 arrests to prevent something from happening in the United States, some of these plots have been thwarted because of this program.

And here’s how the Senate Legal Counsel Morgan Frankel dismissed these claims.

Notwithstanding that she was speaking in support of reauthorization of Title VII of the Foreign Intelligence Surveillance Act, Senator Feinstein did not state, and she did not mean to state, that FAA surveillance was used in any or all of the nine cases she enumerated,

Read more →

Not Breaking: Keith Alexander to Be Allowed to Retire Unscathed; Breaking: NSA

October 16, 2013/14 Comments/in Cybersecurity, FISA /by emptywheel

We’ve actually known for some time that Keith Alexander was retiring shortly. So Reuters’ headline reporting it (and the departure of Alexander’s Deputy John Inglis) is not news.

But mega kudos to the person who dubbed Alexander the “eavesdropping agency chief.”

One important implication of this headline though is,

Alexander will not be fired, much less criminally charged, for serial lies to Congress

Not to mention the fact that James Clapper will, as far as we know, remain employed and free.

All that said, the overall point of Reuters’ story is important. This presents Obama with an opportunity to set a new direction for NSA.

While both men are leaving voluntarily, the dual vacancies give Obama an opportunity both to install new leadership following Snowden’s revelations and to decide whether the NSA and Cyber Command should have separate leaders.

Cyber Command, which has grown significantly in recent years, has the authority to engage in both defensive and offensive operations in cyberspace. Many NSA veterans argue that having the same person lead the spy agency and Cyber Command diminishes the emphasis on the NSA’s work and its unique capabilities.

I say go even bigger than this: break up this Frankenstein contraption and split NSA’s defensive function from its offensive ones entirely. And while we’re at it, let’s move it out of DOD.

Noah Shachtman wrote a piece describing how to do this so long ago he actually referred to “the agency that tapped AT&T switching stations (OK, OK, allegedly)” instead of “the agency FISC deemed in violation of the Fourth Amendment for collecting US person data at AT&T’s switches.”

NSA headquarters — the “Puzzle Palace” — in Fort Meade, Maryland, is actually home to two different agencies under one roof. There’s the signals-intelligence directorate, the Big Brothers who, it is said, can tap into any electronic communication. And there’s the information-assurance directorate, the cybersecurity nerds who make sure our government’s computers and telecommunications systems are hacker- and eavesdropper-free. In other words, there’s a locked-down spy division and a relatively open geek division. The problem is, their goals are often in opposition. One team wants to exploit software holes; the other wants to repair them.

[snip]

A broken-out bureau — call it the Cyber Security Agency, or CSA — that didn’t include the spooks would obviate this conflict. Read more →

About that May 2007 FISC Opinion

October 15, 2013/2 Comments/in FISA, PATRIOT /by emptywheel

Update, March 11: Docket 07-449 is not an Internet dragnet one (those all have a PR/TT preface). This is one of the bulk collection programs approved in early 2007.

The other day, I pointed to a passage from the October 3, 2011 John Bates opinion,

The Court has effectively concluded that certain communications containing a reference to a targeted selector are reasonably likely to contain foreign intelligence information, including communications between non-target accounts that contain the name of the targeted facility in the body of the message. See Docket No. 07-449, May 31, 2007 Primary Order at 12 (finding probable cause to believe that certain “about” communications were “themselves being sent and/or received by one of the targeted foreign powers”). Insofar as the discrete, wholly domestic “about” communications at issue here are communications between non-target accounts that contain the name of the targeted facility, the same conclusion applies to them.

And suggested the May 31, 2007 order in question was probably the Primary Order for the Internet Dragnet program.

Given the description, it likely was a primary order for the purportedly defunct Internet dragnet program; if so, it would represent the application of an opinion about metadata to collection including content.

Timewise, that might make sense. Colleen Kollar-Kotelly signed the first Pen Register/Trap & Trace order for Internet metadata on July 14, 2004. Accounting for some margin of error in reapplications and the 5 days earlier 90-day authorizations would be each year, a May 31 order 3 years after that first order is not far off what you’d expect.

But the description of the opinion — which pertains to messages identified because they contain information “about” a target — seems to refer to content, not metadata (though packets would blur this issue).

The Court has effectively concluded that certain communications containing a reference to a targeted selector are reasonably likely to contain foreign intelligence information, including communications between non-target accounts that contain the name of the targeted facility in the body of the message. See Docket No. 07-449, May 31, 2007 Primary Order at 12 (finding probable cause to believe that certain “about” communications were “themselves being sent and/or received by one of the targeted foreign powers”).

Moreover, this order would have been issued during the period when two FISC orders allowed the collection of content. And those orders — as the 2009 Draft NSA IG Report explains — formalized the claim that a targeted “facility” could consist of a switch carrying general traffic rather than a specific phone number or IP address.

Ultimately, DoJ decided to pursue a FISC order for content collection wherein the traditional FISA definition of a “facility” as a specific telephone number or email address was changed to encompass the gateway or cable head that foreign targets use for communications. Read more →

Article II Is Article II: EO 12333 and Protect America Act, FISA Amendments Act, and FISC

October 15, 2013/2 Comments/in FISA /by emptywheel

I’m reading a very old SSCI hearing on FISA today — from May 1, 2007, when then Director of National Intelligence Mike McConnell initiated the push for the Protect America Act.

Given recent revelations that NSA continues to conduct some collection under EO 12333 — including the address books of people all over the world, including Americans — I thought this part of the hearing might amuse some of you.

SEN. FEINGOLD: I thank the witnesses for testifying today. Can each of you assure the American people that there is not — and this relates to what — the subject Senator Wyden was just discussing — that there is not and will not be any more surveillance in which the FISA process is side-stepped based on arguments that the president has independent authority under Article II or the authorization of the use of military force?

MR. McCONNELL: Sir, the president’s authority under Article II is – – are in the Constitution. So if the president chose to exercise Article II authority, that would be the president’s call. What we’re attempting to do here with this legislation is to put the process under appropriate law so that it’s conducted appropriately to do two things — protect privacy of Americans on one hand, and conduct foreign surveillance on the other.

SEN. FEINGOLD: My understanding of your answer to Senator Wyden’s last question was that there is no such activity going on at this point. In other words, whatever is happening is being done within the context of the FISA statute.

MR. McCONNELL: That’s correct.

SEN. FEINGOLD: Are there any plans to do any surveillance independent of the FISA statute relating to this subject?

MR. McCONNELL: None that — none that we are formulating or thinking about currently. But I’d just highlight, Article II is Article II, so in a different circumstance, I can’t speak for the president what he might decide.

SEN. FEINGOLD: Well, Mr. Director, Article II is Article II, and that’s all it is. Read more →

Remarkably Timed Spamouflage, Scary Iran Plot Edition

October 14, 2013/16 Comments/in FISA, Scary Iran Plot /by emptywheel

WaPo has its latest Snowden scoop out, describing how the NSA collects hundreds of thousands of email contact lists daily.

The National Security Agency is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans, according to senior intelligence officials and top secret documents provided by former NSA contractor Edward Snowden.

I’ll come back to this part of the story later.

But further down in the story, it describes how a hack-spam attack on a member of Iran’s Quds Force overwhelmed NSA, forcing it to conduct emergency detasking of that person and several others between September 20 and October 20, 2011.

Spam has proven to be a significant problem for NSA — clogging databases with data that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake’ addresses and never ‘delivered’ to targets.”

In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”

The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.

After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

This means that this target and “several people” within this Quds Force target’s contact books (and possibly the primary target’s email) were detasked in precisely the same time period as our informant, Narc, was entrapping Manssor Arbabsiar, of Scary Iran Plot fame.

Remember, if you read the plain language of some of the transcripts and other materials, it appears possible the money for this op involved another government.

There’s a similarly odd passage in the quotations purportedly showing that Shahlai was being funded for this by Iran.

[Arbabsiar] this is politics, ok … it’s not like, eh, personal … This is politics, so these people they pay this government … [Shahlai’s] got the, got the government behind him … he’s not paying from his pocket. [ellipses original]

Now this passage, unlike the last two (which are translations from Farsi), might best be explained by Arbabsiar’s less than perfect English. With that caveat, though, the bolded passage appears to suggest not that Iran was paying QF, but that QF was paying some other government (or someone else was paying Iran).

There are later details that also don’t make sense if this was an Iranian op.

In other words, during precisely the period when the most bizarre, improbable plot to hit Hollywood in years happens, some of the potential targets have their surveilled communications spamouflaged by an outside entity. (h/t to Frank N Furters for first calling this spamouflage.)

But I think our Intelligence Community is too dull to find that worthy of more consideration.

Dianne Feinstein’s Pre-UndieBomb Thinking

October 14, 2013/12 Comments/in FISA, PATRIOT /by emptywheel

A whole bunch of people have pilloried Dianne Feinstein’s defense of the phone dragnet and related programs.

But one bizarre argument I haven’t seen challenged is the underlying logic of this passage.

The U.S. must remain vigilant against terrorist attacks against the homeland. Al Qaeda in the Arabian Peninsula (AQAP), considered the world’s most capable and dangerous terrorist organization, is determined to attack the United States. As we have seen since the “underwear bomber” attempted to blow up an airliner over Detroit on Christmas Day 2009, AQAP has developed nonmetallic bombs that can elude airport screeners, and the organization’s expert bomb maker, Ibrahim al-Asiri, remains at large.

Asiri is believed to be behind the October 2010 plot to place bombs disguised as printer cartridges onto cargo planes headed for the U.S. He is also a suspect in the May 2012 suicide-bomber plot against an airliner headed for the U.S. that was foiled when U.S. authorities obtained the planned explosive device through good intelligence work.

Earlier this month, Director of National Intelligence James Clapper testified that in the case of the AQAP threat this summer, there were a number of phone numbers or emails “that emerged from our collection overseas that pointed to the United States.” Fortunately, the NSA call-records program was used to check those leads and determined that there was no domestic aspect to the plotting. [my emphasis]

So here’s the logic.

UndieBomb 1.0 proves AQAP wants to attack the US.

UndieBomb 2.0 is further proof of that, although DiFi doesn’t mention that it was a US-Saudi-Brit sting, meaning the intent came from us.

As part of the Legion of Doom investigation, NSA found phone numbers tied to the US that have, on investigation, proved to be unrelated to the actual alleged plot.

It’s that same theory that 36,000 innocent people must be investigated every time a terrorist plots something to keep us “safe.”

But let’s take a step back. UndieBomb 1.0 … UndieBomb 1.0 …

Yes.

I remember now.

UndieBomb 1.0 was the guy who was allegedly plotting out Jihad with Anwar al-Awlaki — whose communications the FBI had two guys reading — over things like chats and calls. That is, Umar Farouk Abdulmutallab was a guy whose plot the NSA and FBI should have thwarted before he got on a plane. (To say nothing of the CIA and NCTC’s fuck-ups.)

And yet, he got on that plane. His own incompetence and the quick work of passengers prevented that explosion, while a number of needles went unnoticed in the NSA’s most closely watched haystacks.

Nevertheless, the lesson DiFi takes is that we need more haystacks.

Shouldn’t the lessons of UndieBomb 1.0 be just as important to this debate as the partial, distorted, lessons of 9/11?

The FISC Opinion Dance

October 14, 2013/2 Comments/in FISA, PATRIOT /by emptywheel

Andrea Peterson calls attention to this cryptic Ron Wyden quote in WaPo’s story on extant FISA Court opinions on bulk collection.

“The original legal interpretation that said that the Patriot Act could be used to collect Americans’ records in bulk should never have been kept secret and should be declassified and released,” Sen. Ron Wyden (D-Ore) said in a statement to The Washington Post. “This collection has been ongoing for years and the public should be able to compare the legal interpretation under which it was originally authorized with more recent documents.”

Before I speculate about what Wyden might be suggesting, let’s review what opinions the article says exist.

There’s the original Colleen Kollar-Kotelly opinion.

In the recent stream of disclosures about National Security Agency surveillance programs, one document, sources say, has been conspicuously absent: the original — and still classified — judicial interpretation that held that the bulk collection of Americans’ data was lawful.

That document, written by Colleen Kollar-Kotelly, then chief judge of the Foreign Intelligence Surveillance Court (FISC), provided the legal foundation for the NSA amassing a database of all Americans’ phone records, say current and former officials who have read it.

[snip]

Kollar-Kotelly’s interpretation served as the legal basis for a court authorization in May 2006 that allowed the NSA to gather on a daily basis the phone records of tens of millions of Americans, sources say. Her analysis, more than 80 pages long, was “painstakingly thorough,” said one person who read it. The date of the analysis has not been disclosed.

There’s a 2006 one pertaining to Section 215 not written by Kollar-Kotelly.

The Justice Department also is reviewing a 2006 court opinion related to the Section 215 provision to determine whether it can be released, said Alex Abdo, an ACLU staff lawyer. (A senior department official told The Post that no 2006 Kollar-Kotelly opinion is based on that provision.)

There are two more on Section 215 the government has disclosed the existence of to ACLU.

Government lawyers have told the ACLU that they are withholding at least two significant FISC opinions — one from 2008 and one from 2010 — relating to the Patriot Act’s Section 215, or “business records” provision.

Now compare how these map up with the two opinions referenced by Claire Eagan in her recent opinion.

This Court had reason to analyze this distinction in a similar context in [redacted]. In that case, this Court found that “regarding the breadth of the proposed surveillance, it is noteworthy that the application of the Fourth Amendment depends on the government’s intruding into some individual’s reasonable expectation of privacy.” Id. at 62. The Court noted that Fourth Amendment rights are personal and individual, see id. (citing Steagald v. United States, 451 U.S. 204, 219 (1981); Rakas v. Illinois, 439 U.S. 128, 133 (1978) (“‘Fourth Amendment rights are personal rights which … may not be vicariously asserted.,) (quoting Alderman v. United States, 394 U.S. 165, 174 (1969))), and that “[s]o long as no individual has a reasonable expectation of privacy in meta data, the large number of persons whose communications will be subjected to the … surveillance is irrelevant to the issue of whether a Fourth Amendment search or seizure will occur.” Id. at 63. Put another way, where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.

[snip]

This Court has previously examined the issue of relevance for bulk collections. See [6 lines redacted]

While those involved different collections from the one at issue here, the relevance standard was similar. See 50 U.S.C. § 1842(c)(2) (“[R]elevant to an ongoing investigation to protect against international terrorism …. “). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. Read more →

The NSA Hides Its Domestic Collection by Refusing to Count It

October 13, 2013/9 Comments/in Cybersecurity, FISA /by emptywheel

In his speech at Cato last week Ron Wyden made it clear that when he asked Keith Alexander and James Clapper in advance of the reauthorization of the FISA Amendments Act for the number of Americans’ communications that had been collected under Section 702, he meant to elicit the estimates John Bates made in his October 3, 2011 opinion.

I spent much of 2012 asking the NSA and the DNI [Director of National Intelligence] whether anyone had done an estimate of how many American communications had been collected under section 702. The ODNI and the NSA insisted that such an estimate was impossible, but what they failed to tell the public was that the Fisa court had already done one.

Bates had the NSA conduct a manual review of a statistical subsection of 50,440 transactions collected via upstream collection between January and June 2011. (Note, it appears Bates may have had to raise dire warnings with “top DOJ officials” on July 8, 2011 before he got such a review.) He then annualized the results and estimated that the NSA was collecting up to 56,000 communications of Americans each year, made up of 46,000 communications consisting entirely of an American’s communication (Single Communication Transactions), and 10,000 in which their communication got included in a Multiple Communication Transaction swept up in the search.

Given what we’ve learned about the 2011 confrontation, Wyden’s serial requests for this information take on added importance for two reasons.

Administration never disclosed its domestic collection to the most Members of Congress

First, because the Administration very pointedly did not inform the bulk of Congress that NSA had been — and had been allowed to continue — collecting purely domestic communications from telecom switches. Neither the February 9, 2012 statement to the Senate Intelligence Committee nor the May 4, 2012 notice to Congress provided any indication that this violation involved collecting domestic communications (the December 8, 2011 statement to the House Intelligence Committee did, and both Committees, presumably as well as the Judiciary Committees, received the opinion itself, which makes that clear). It’s also not clear whether any of these notices included any mention of the SCTs, those single communication transactions involving just a US person communication.

The 2011 Disclosures

October 13, 2013/in FISA /by emptywheel

This post simply breaks out the dates in the October 3, 2011 John Bates opinion, adding the claims the government made at the time. It provides a somewhat better idea of the circumstances surrounding the manual review of upstream collection NSA did.