FISA Archives - Page 106 of 179

Ben Wittes, Brookings Buck Naked

September 19, 2013/14 Comments/in FISA, PATRIOT /by emptywheel

Ben Wittes tries to respond to my complaints that he continues to insist all of Congress had a way of knowing about the Section 215 dragnet program and its abuses — THEY ARE NAKED, Wittes proclaims over and over while accusing me of spewing a “storm of outrage.”

My case, remember, is based on two discrete facts, only one of which Wittes even tries to address in his rebuttal.

First, the 93 Representatives elected in 2010 were never provided access to the letter the Administration wrote, ostensibly to inform them about the dragnet so they could make an informed vote. Assuming that the 7 members of the House who were on the Intelligence and Judiciary Committees learned of the program, that still left 86 members of the House who never had an opportunity to read about the secret use of Section 215 and the gross violations of it. Of those, 65 voted in favor of the PATRIOT reauthorization.

Here’s how Ben responds to this, in the 28th paragraph of his response.

Ms. Wheel insists that the 65 freshman members of the House who were not provided the 2011 briefing [note his inaccurate portrayal of this fact] might have swung the 250-153 vote for FISA reauthorization. She’s almost certainly wrong. On July 24, 2013, well after the public revelations of Section 215 bulk metadata collection hit the press and the butt-covering had begun, the House had the chance for a do-over. It voted on the Amash-Conyers amendment to halt NSA’s “indiscriminate” collection of telephony metadata. The House declined on a 217-to-205 vote to adopt it.

Ben presents evidence of a 33-vote swing at a time before the Administration released the notice letters or the White Paper that provided sanitized descriptions of the program abuses, or the Primary Order showing some other fairly troubling details of the program, to say nothing of the 2009 documents showing the government had enabled chaining four hops deep off of 27,090 approved selectors to find informants as well as terrorists, and claims it is proof that Members of Congress won’t change their vote based on full information about these programs. (At least one member has actually stated on the record he would now vote differently on Amash-Conyers given some of these more recent revelations.)

Ben’s argument remains the same then — pointing at votes that happen without full information about a program as proof that Congress supports that program. NAKED!

But Ben fails to even hint at the other critical fact here, the evidence we have about the briefings that those 83 and other House members had available, in spite of the fact he makes this assertion:

So we know beyond any shadow of a doubt that the administration wanted members to have certain detailed information about the program. We also know that there were a lot of briefings by that administration concerning this program to those same members [another false claim–all but two of the briefings were limited to Senators or Judiciary and Intelligence Committees] in the same time frame as the administration wanted those members to read that briefing paper.

Hmmmm. Wonder what they could have been talking about in those briefings….

It’s telling, here, that Ben doesn’t link to this post — which was a direct response to one of Ben’s other attempts to insist THOSE CONGRESSMEN ARE NAKED — nor to this one — which was still up on Emptywheel’s front page when I wrote this post and which quotes Ben’s NAKED post. That, in spite of the fact that Ben included this tweet among those he so courteously collected to support his assertion about my “storm of outrage” that he ignored the actual facts.

All of those would alert his readers to this detail, from one of just two out of the long list of briefings Ben posted that actually could have informed House members not on the Intelligence or Judiciary Committees. DOJ’s own account of what happened at the May 13, 2011 briefing — which Ben is sure adequately briefed those who attended about the dragnet — records this exchange.

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

A Member of Congress — surely picking up on public details Ben recites as proof they had some way of knowing about the dragnet — actually asked a question that goes to the heart of the dragnet and its problems. Feingold says Section 215 has been abused. Has it? And in response, two members of the Administration, Valerie Caproni and Robert Mueller — the people Ben is certain “beyond any shadow of a doubt” wanted Members of Congress to be informed — say the FBI had no knowledge of abuse.

By “Secret Law” Did They Mean “Not Written Down”?

September 18, 2013/12 Comments/in FISA, PATRIOT /by emptywheel

For years, Ron Wyden and Mark Udall have been calling the secret interpretation of Section 215 “secret law.”

I’ve always thought they meant that figuratively. The law got made by the FISA Court in secret, but there’s an opinion there somewhere, laying out the interpretation of the law. It’s just secret.

Ever since the release of the first documents responsive to the EFF/ACLU FOIAs, I’ve begun to wonder. What we’ve seen include:

Neither of those were comprehensive. And the “supplemental opinion” would seem to suggest it supplemented … something.

Yesterday, we got what appears to be a (shoddy) comprehensive opinion.

August 29, 2013 Amendment Opinion and Primary Order by Claire Eagan

That opinion cites an earlier opinion from the FISA Court that is not, however, cited in either the 2006 or 2008 opinions. That earlier opinion examines how bulk collection affects the Fourth Amendment.

Here, the government is requesting daily production of certain telephony metadata in bulk belonging to companies without specifying the particular number of an individual. This Court had reason to analyze this distinction in a similar context in [redacted]. In that case, this Court found that “regarding the breadth of the proposed surveillance, it is noteworthy that the application of the Fourth Amendment depends on the government’s intruding into some individual’s reasonable expectation of privacy.” Id. at 62. The Court noted that Fourth Amendment rights are personal and individual, see id. (citing Steagald v. United States, 451 U.S. 204, 219 (1981); Rakas v. Illinois, 439 U.S. 128, 133 (1978) (“‘Fourth Amendment rights are personal rights which … may not be vicariously asserted.,) (quoting Alderman v. United States, 394 U.S. 165, 174 (1969))), and that “[s]o long as no individual has a reasonable expectation of privacy in meta data, the large number of persons whose communications will be subjected to the … surveillance is irrelevant to the issue of whether a Fourth Amendment search or seizure will occur.” Id. at 63. Put another way, where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.

[snip]

Furthermore, for the reasons stated in [redacted] and discussed above, this Court finds that the volume of records being acquired does not alter this conclusion. [my emphasis]

Note while this pertains to metadata, there’s no indication it addressed phone metadata.

Later, it cites two earlier FISC cases.

This Court has previously examined the issue of relevance for bulk collections. See [6 lines redacted]

While those involved different collections from the one at issue here, the relevance standard was similar. See 50 U.S.C. § 1842(c)(2) (“[R]elevant to an ongoing investigation to protect against international terrorism …. “). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.” [my emphasis]

Both, apparently, relied on the Pen Register statute, not Section 215, and one was fairly recent (2010 — perhaps that’s the geolocation one?).

But it appears not to reference an earlier Section 215 phone metadata case, not even to lay out the rationale for relevance and bulk collection.

In addition to references to these earlier apparently non-215 phone data precedents, Eagan also cites the government’s 2006 Memorandum of Law.

Accompanying the government’s first application for the bulk production of telephone company metadata was a Memorandum of Law which argued that “[i]nformation is ‘relevant’ to an authorized international terrorism investigation if it bears upon, or is pertinent to, that investigation.” Mem. of Law in Support of App. for Certain Tangible Things for Investigations to Protect Against International Terrorism, Docket No. BR 06- 05 (filed May 23, 2006), at 13-14 (quoting dictionary definitions, Oppenheimer Fund, Inc. v. Sanders, 437 U.S. 340, 351 (1978), and Fed. R. Evid. 4012°).

Normally, a judge would cite a precedential opinion, showing that another judge had agreed with such definitions. Not here. Eagan cites the government’s own memorandum for the definition for relevant. (She cites that memorandum at least two more times in her opinion.)

Which seems to suggest this 2013 opinion — one written after widespread leaks of the program — constitutes the first opinion systematically rationalizing this program.

Well over 7 years after it started.

There’s one more detail that seems to support this conclusion. The White Paper describes how the Administration shared significant FISC materials with the Intelligence and Judiciary Committees.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.

So in 2007 DOJ started providing “all significant pleadings.” By the end of the following year — perhaps not coincidentally, the same month Walton wrote his supplemental opinion — the committees got “the initial application and primary order.”

The initial application (including, presumably, that same 2006 Memorandum of Law cited by Eagan) and the primary order, the same order we got last week. No mention of the initial opinion.

It appears there is no initial opinion.

One more detail that I’ve mentioned, but bears mentioning again. The judge that appears to have allowed the government to start collecting the phone records of every American without laying out his legal rationale for allowing them to do so, Malcolm Howard? He served as Deputy Special Counsel in the Nixon-Ford White House, when a young Dick Cheney was learning the ropes as Assistant to the President and then Chief of Staff.

Perhaps they learned the ropes together?

Update: Remember how the White Paper had to dig up an outdated version of the OED to support its definition of “relevant”?

the Administration decided to use a 24-year old edition of the Oxford English Dictionary for this definition.

Standing alone, “relevant” is a broad term that connotes anything “[b]earing upon, connected with, [or] pertinent to” a specified subject matter. 13 Oxford English Dictionary 561 (2d ed. 1989).

Note, that appears to be the same one used in the 2006 Administration Memorandum of Law. There’s nothing that surprising about that — I suspect substantial parts of the White Paper were lifted from that Memorandum.

But it is the kind of thing both Malcolm Howard and Claire Eagan might have challenged — and an adversary probably would have.

It appears neither did. Which is just one measure of the degree to which those judges simply rubber stamped whatever the government put before them.

Hot Numbers and the 2009 Troubles

September 18, 2013/1 Comment/in FISA, PATRIOT /by emptywheel

Starting in 2007, DOJ’s Inpector General Glenn Fine did a series of reports on the FBI’s use of National Security Letters and Exigent Letters. In response (and as the FBI tried to clean up the mess from its inappropriate use of those tools), in 2007 the government asked OLC for an interpretation on the Electronic Communications Privacy Act. That opinion, which was issued on November 8, 2008, ruled that ECPA barred telecom providers from responding to certain kinds of requests without legal process.

Finally, you have asked whether a provider, in answer to an oral request before service of an NSL, may tell the FBI whether a particular account exists. This information would be confined to whether a provider serves a particular subscriber or a particular phone number. We believe that ECPA ordinarily bars providers from complying with such requests.

In the last of his IG Reports on NSLs and Exigent Letters, Fine argued that that OLC opinion made two of FBI’s practices with exigent letters — “sneak peeks” and “hot numbers” — illegal.

[T]he Department’s Office of Legal Counsel concluded, and we agree, that the ECPA ordinarily bars communications service providers from telling the FBI, prior to service of legal process, whether a particular account exists. We also concluded that if that type of information falls within the ambit of “a record or other information pertaining to a subscriber to or customer of such service” under 18 USC 2702(a)(3), so does the existence of calling activity by particular hot telephone numbers, absent a qualifying emergency under 18 USC 2702(c)(4).

[snip]

Therefore, we believe that the practice of obtaining calling activity information about how numbers in these matters without service of legal process violated the ECPA.

[snip]

We believe the FBI should carefully review the circumstances in which FBI personnel asked the on-site communications service providers [redacted] “hot numbers” to enable the Department to determine if the FBI obtained calling activity information under circumstances that trigger discovery or other obligations in any criminal investigations or prosecutions.

The “hot number” practice is functionally equivalent to the “alert list” the NSA used on the Section 215 dragnet database, in which it checked daily incoming calls to see if there had been any US contact with both approved and unapproved identifiers; if there was activity in both cases, it would spark further investigation.

The practice Fine focused on in this report was the requests FBI would get onsite telecom providers to fill without a subpoena. But at the same time Fine was working on that series of reports (the last one wasn’t issued until 2010) he was also working on a report on the FBI’s 2006 use of Section 215 (issued in March 2008), which included two classified appendices on bulk collection programs including (presumably) the phone dragnet from May until December 2006, and the 2009 Joint IG Report on the illegal wiretap program (which would have covered the dragnet program through May 2006).

We now know that both the pre May 2006 dragnet program and the post May 2006 dragnet program included a practice that, in wake of that OLC opinion (and perhaps before), Fine would find required some legal attention (the Pen Register equivalent in a grand jury context might put the post May 2006 practice in good stead, the 2008 opinion would seem to make the use of alerts earlier illegal, along with everything else).

Which may be why the government asked Judge Reggie Walton to consider whether the dragnet program complied with ECPA for his December 12, 2008 opinion.

That’s just a hypothesis (though the December 2008 would have been the first dragnet application after the OLC memo).

But if it’s right, it makes the NSA”s “discovery” of the alert process the following month all the more ridiculous. The alert process had been in place for years. FBI was being scolded for an equivalent practice (that ended in 2006) within FBI. And yet NSA somehow didn’t think to tell Walton about it until he had ruled ECPA did not present a problem for the dragnet more generally.

These three programs — the illegal program and the exigent letters, which both became the early dragnet in 2006 — are all closely related. Once you read them in tandem, though, it makes NSA”s claims to ignorance completely incredible.

Which brings me back to a reminder I’ve made several times. In the wake of the 2009 discoveries, Pat Leahy tried to mandate a DOJ review of the ongoing Section 215 activity, an effort the Administration thwarted. Fine agreed to do one anyway … then left. His replacement, Michael Horowitz, keeps claiming he’s still working on that investigation (but only covering the activities through 2009). That investigation has been going on 1,191 days now.

Update: Another interesting timing detail. According to the White Paper, the Intelligence and Judiciary Committees had all received the initial application and Primary Order on the dragnet by December 2008. So did they wait until the Walton opinion? Or did they know the Judiciary Committees would get them as part of DOJ IG reports?

Oh, So THAT’S Why the Government Is So Insistent Section 215 Had a Role in the Zazi Case?

September 18, 2013/7 Comments/in FISA, PATRIOT /by emptywheel

There’s a remarkable passage in the Primary Order for the Section 215 dragnet that Judge Reggie Walton signed on September 3, 2009.

In addition, the Custodian of Records of [redacted] shall produce to NSA upon service of the appropriate Secondary Order an electronic copy of the same tangible things created by [redacted] for the period from 5:11 p.m. on July 9, 2009 to the date of this Order, to the extent those records still exist.

In an order authorizing the prospective collection of phone records until October 30, 2009, Walton also authorizes the retroactive collection of phone records generated between July 9 and September 3, 2009, if the telecom(s) haven’t destroyed them yet.

This seems to suggest that in an Order on July 9 (which we don’t get, but which the government references in its August 19 submission) Walton halted the program.

Boom. 5:11, July 9. No more phone records, from at least one telecom.

We don’t know why he did so either. In his June 22 Order, he referenced a May 29 Order (another one we didn’t get), responding to NSA’s very delayed disclosures that unminimized results had been shared with NSA analysts unauthorized to receive them and that CIA, FBI, and NCTC had access to the dragnet databases. He had assigned the government a new report, due on June 18. But in that, too, the government revealed new abuses (including one — described on page 4 — that may pertain to the Internet dragnet rather than the phone dragnet; recall that the NSA offered to “review” that program at the same time they did the phone dragnet). Walton issued new homework to the NSA, requiring the government to provide a weekly report of the dissemination that occurred, with the first due July 3 and therefore the second due July 10, the day after Walton appears to have stopped the collection.

In the government’s August submission, this line seems to indicate querying has been halted.

Based on these findings and actions, the Government anticipates that it will request in the Application seeking renewal of docket number BR 09-09 authority that NSA, including certain NSA analysts who obtain appropriate approval, be permitted to resume non-automated querying of the call detail records using selectors approved by NSA.

But it doesn’t seem to reflect that collection stopped. (Note, Walton’s June Order had a docket number of 09-06, whereas the August submission bears the docket number 09-09).

So while we can’t be sure, it appears the discoveries submitted to Walton in June 2009, as well as new ones in early July, may have led him to halt production of new phone records.

And that collection was turned back on on September 3, 2009. 3 days before the NSA intercepted Najibullah Zazi’s frantic emails to Pakistan trying to get help making TATP he planned to use in a September 11 attack on NYC’s subways.

According to Matt Apuzzo and Adam Goldman’s superb Enemies Within, after discovering Zazi’s emails, FBI had used travel records to find Zazi’s suspected accomplices, Zarein Ahmedzay and Adis Medunjanin.

But when the government tried to justify the dragnet earlier this year, they pointed to the fact that Medunjanin came up in the Section 215 collection as proof of the dragnet’s value, as in this July 17 House Judiciary Committee hearing where FBI National Security Division Executive Assistant Director Stephanie Douglas testified.

Additionally, NSA ran a phone number identifiable with Mr. Zazi against the information captured under 215. NSA queried the phone number and identified other Zazi associates. One of those numbers came back to Adis Medunjanin, an Islamic extremist located in Queens, New York.

The FBI was already aware of Mr. Medunjanin, but information derived from 215 assisted in defining his — Zazi’s network and provided corroborating information relative to Medunjanin’s connection to Zazi. Just a few weeks after the initial tip by NSA, both Zazi and Medunjanin were arrested with — along with another co-conspirator. They were charged with terrorist acts and a plot to blow up the New York City subway system.

As I noted 4 years ago, Dianne Feinstein immediately started using the Zazi investigation to successfully argue that Section 215 must retain its broad relevance standard, defeating an effort by Pat Leahy to require some tie to terrorism.

Now, it may be that the FBI also used Section 215 to collect records of 3 apparently innocent people buying beauty supplies. The government has neither explained what happened to these apparently innocent people or on what basis (it may have been the Section 215 dragnet) they claimed they were associates of Zazi.

But the public case that backs up DiFi’s claims that Section 215 dragnet was central to the Zazi investigation is now limited to the fact that the FBI used the dragnet to find a Zazi associate they already knew about.

Yet imagine! What if Reggie Walton’s stern action in response to the government’s blatantly violating dissemination rules on the dragnet prevented the FBI from finding Zazi’s associates (which wasn’t a problem, and would have been less of a problem if the NYPD hadn’t tipped of Zazi, but never mind)? What if Walton’s effort to rein in the government had prevented the FBI from thwarting an attack?

That, it seems to me, is the implicit threat. The government claims — in spite of all the evidence to the contrary — that Section 215 played a key role in thwarting one of the only real terrorist attacks since 9/11. And, I’d bet they warn in private, they might have been prevented from doing so because a pesky FISA judge halted the program because they hadn’t followed the most basic rules for it.

That, I’m guessing, is why they claim the Section 215 dragnet was central to the Zazi investigation. Not because it was. But because it raises the specter of a judge’s effort to make the government follow the law interfering with FBI’s work.

Also, the Nail Polish Remover Lobby Didn’t Challenge Section 215 Orders

September 17, 2013/13 Comments/in FISA, PATRIOT /by emptywheel

The takeaway from the FISC opinion released today from about 6 outlets seems to be that no telecom has ever challenged a Section 215 order.

But the opinion actually says more than that. It says,

To date, no holder of records who has received an Order to produce bulk telephony has challenged the legality of such an Order. Indeed, no recipient of any Section 215 Order has challenged the legality of such an Order, despite the explicit statutory mechanism for doing so.

Now, if your bullshit antennae aren’t buzzing when you read that formulation, “no holder of records,” then you need to have them checked. Because it sure seems to allow for the possibility that someone whose customers had their records seized via someone deemed the actual holder of them objected. That entity, after all, wouldn’t be a Section 215 Order recipient, and therefore would have no standing to object, regardless of the statutory mechanism for doing so. (Plus, both EPIC and ACLU have — and had, by the time this order was written — objected. But they don’t count because they’re the actual customers.)

But remember, as far as we know, Section 215 has not been used for Internet metadata (except for subscriber information for the first 2 years of the program; see Verizon’s CEO bitching about the email companies his company stole data from for years complaining publicly about the dragnet). The one other big “customer base” we know has been targeted by bulk-ish orders are hydrogen peroxide and nail polish remover (acetone) purchasers.

However, there, too, like Internet providers whose data gets sucked up at a telecom provider’s switch, the actual beauty supply companies are unlikely to be the “holder of records.” The beauty of the Third Party doctrine, for the government, is it can always look elsewhere for people who have “records” that betray customers’ interests.

If only we had a powerful nail polish remover lobby we might be able to combat the dragnet.

How Mike Rogers’ Excessive Secrecy in 2011 Might Kill the Dragnet

September 17, 2013/3 Comments/in FISA, PATRIOT /by emptywheel

The FISA Court just released an August 29, 2013 opinion that reaffirms the court’s prior support for the Section 215 dragnet.

There’s a lot to say about the general legal interpretation of the opinion, which I may return to.

More importantly, though, the opinion relies on a demonstrably false claim to reaffirm the program: that Congress was briefed on the program.

Prior to the May 2011 congressional votes on Section 215 re-authorization, the Executive Branch provided the Intelligence Committees of both houses of Congress with letters which contained a “Report on the National Security Agency’s Bulk Collection Programs for USA PATRIOT Act Reauthorization” (Report).

[snip]

The Report provided extensive and detailed information to the Committees regarding the nature and scope of this Court’s approval of the implementation of Section 215 concerning bulk telephone metadata.

[snip]

Furthermore, the government stated the following in the HPSCI and SSCI Letters: “We believe that making this document available to all Members of Congress is an effective way to inform the legislative debate about reauthorization of Section 215…” Id. HPSCI Letter at 1; SSCI Letter at 1. It is clear form the letters that the Report would be made available to all Members of Congress and that HPSCI, SSCI, and Executive Branch staff would also be made available to answer any questions from Members of Congress. Id. HPSCI Letter at 2; SSCI Letter at 2.

In light of the importance of the national security programs that were set to expire, the Executive Branch and relevant congressional committees worked together to ensure that each Member of Congress knew or had the opportunity to know how Section 215 was being implemented under this Court’s Orders.

But as I have shown, because of Mike Rogers’ actions, a very large block of Congresspersons — the 93 freshmen legislators elected in 2010, save the 7 who were on the Intelligence or Judiciary Committees — appear to have had no such opportunity to learn about the program. Indeed, 65 members who voted in favor of PATRIOT reauthorization appear to have had no way of learning about the dragnet. Furthermore, we have documentary evidence that then FBI General Counsel Valerie Caproni (who was informed about abuses in the program on January 23, 2009), and then FBI Director Robert Mueller (who had to write a brief responding those abuses in August 2009) lied about whether there had been abuses in response to a question clearly designed to learn about the secret use of Section 215 during a May 13, 2011 hearing purportedly designed to replace the letter the Administration sent.

This opinion relies on a claim that has now been proven false (and actually had been by the time the opinion was written).

Judge Claire Eagan seems to know she’s basing her argument on false claims, because in a footnote she invokes the presumption of regularity.

It is unnecessary for the Court to inquire how many of the 535 individual Members of Congress took advantage of the opportunity to learn the facts about how the Executive Branch was implementing Section 215 under this Court’s Orders. Rather, the Court looks to congressional action on the whole, not the prepatory work of Individual Members in anticipation of legislation. In fact, the Court is bound to presume regularity on the part of Congress.

[snip]

The ratification presumption applies here where each Member was presented with an opportunity to learn about a highly-sensitive classified program important to national security in preparation for upcoming legislative action.

But even here, Eagan relies on a false premise, that all members of Congress had the opportunity to be informed about the dragnet.

The record shows — even the Administration White Paper shows — they did not.

I’m not entirely sure how we use these facts to overturn the dragnet. But either the FISC lives up to every claim that it’s a rubber stamp, or this decision must be revisited.

Update: Orin Kerr, who accepts the claims that I’ve shown to be false as true, still finds the argument about congressional consent unpersuasive.

Finally, I was deeply unimpressed by the last section of the opinion (pages 23-27), which argues that the FISC’s reading of the statute is presumptively correct because Congress knew about what the FISC was doing and didn’t amend the statute when it reenacted Section 215 in 2011. While it’s true that statutory reenactment has been construed a kind of silent approval of prior interpretations in some caselaw, I don’t know how on earth that can apply to secret court rulings by a district court that were merely made available to members of Congress, most of whom never learned of the opinions and would have no idea what they were looking at if they did. The idea underlying the doctrine of ratification is that established cases become part of the background understandings of the law. But it’s hard for me to see how decisions from a non-precedential secret court can form that background understanding, especially given that few members of Congress knew of the opinions and no one in the public did.

Update: And predictably, in a post called “Congress has no clothes,” Ben Wittes, who has been informed repeatedly that the record shows the House was not alerted to the 2011 letter, nevertheless gets his rocks off on Judge Eagan’s use of that false claim to argue the program is legal.

Perhaps the most remarkable feature of the opinion is Judge Eagan’s insistence that Congress cannot run away from her interpretation of the statute.

[snip]

All told, it’s an excellent opinion for the government. It affirms the program’s legality. It pulls the folding screen away from Congress even as members seek delicately to change, leaving them nakedly implicated in a program whose memory they seem so eager to abandon on the laundry pile.

Who’s naked here, Ben?

Dilma Throws Obama a BRIC

September 17, 2013/7 Comments/in Economics, Energy Policy, FISA, War /by emptywheel

I was actually surprised, back in May, when the White House announced a State Visit for Brazil’s President, Dilma Rousseff.

After all, not long after Obama visited Brazil in March 2011, the real started gaining value against the dollar, significantly slowing the boom Brazil had enjoyed in the wake of our crash.

When she was here in April 2012, Dilma explicitly blamed US Quantitative Easing for the reversal in currencies, and suggested the policy was meant to slow growth in countries like Brazil. Before that, Brazil’s boom and its advances in energy independence had put Brazil in a position to assume the global stature a country of its size might aspire to. And Dilma (partly correctly) blamed US actions for undercutting that stature.

I interpreted the State Dinner to be an attempt to woo Brazil away from natural coalitions with the Bolivarist governments of Latin America and the BRICS (Brazil, Russsia, India, China, and South Africa).

Fast forward to today, when the Brazilian government announced that it has postponed the visit that had been scheduled for October 23.

The usual suspects are mocking Dilma’s decision, insisting that everyone spies, and that Brazil is just making a stink for political gain. The White House statement echoes that, suggesting that it was the revelation of US spying, and not the spying itself, that created the problems.

The President has said that he understands and regrets the concerns disclosures of alleged U.S. intelligence activities have generated in Brazil and made clear that he is committed to working together with President Rousseff and her government in diplomatic channels to move beyond this issue as a source of tension in our bilateral relationship.

There is something to that stance. Dilma’s government faces a lot of unrest and the tensions of preparing for the World Cup. The portrayal that the US was taking advantage of Brazil caught her at a politically sensitive time.

All that said, those poo-pooing Brazil’s complaints ignore the specific nature of the spying as revealed. As I noted, even James Clapper’s attempt to respond to concerns raised by the original reports in Brazil didn’t address (and indeed, may have exacerbated) concerns that the US is engaging in financial war, including manipulating its currency to undercut other countries as they rise in relative power. If the US is using its advantages in SIGINT to engage in such financial war, Brazil has every reason to object, because it’s not something Brazil’s currency or telecommunications position make possible.

US disclaimers of industrial espionage no longer matter if the US is collecting SIGINT that would support substantive financial attacks, especially since Clapper in March made it clear the US envisions such attacks (even if they only admit to thinking in defensive terms).

An Illegal Program Sanctioned with a Rubber Stamp Is Still That Same Illegal Program

September 16, 2013/4 Comments/in FISA, PATRIOT /by emptywheel

Consider this anecdote from Barton Gellman’s story on the many violations of the NSA’s spying programs.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

[snip]

In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a “large number” of intercepted calls. A spokesman declined to discuss the matter.

The NSA has different reporting requirements for each branch of government and each of its legal authorities. The “202” collection was deemed irrelevant to any of them. “The issue pertained to Metadata ONLY so there were no defects to report,” according to the author of the secret memo from March 2013.

Viewed against the background of the documents on the 2009 Section 215 dragnet problems, the anecdote tells us several things:

The phone metadata for Egypt and for DC were both accessible from the same user interface until at least 2008
US phone metadata was accessible by area code, not just by single phone identifier
Because it internally reported this incident, NSA was well aware of that fact
Among all the violations reported to Reggie Walton in 2009 (see my rough summary), it did not include this one (indeed, it appears NSA has never reported it to FISC, which may be why in response to this story Walton went on the record to complain that the FISA Court relies on the NSA’s self-disclosure)

That is, this violation undermines many of the stories the NSA told Walton during the 10 month period when they were purportedly coming clean on major problems with the dragnet, starting with the claim that these problems were a surprise not identified until after he wrote the first substantive opinion — 31 months after FISC first gave it sanction — authorizing the program. (I consider the 2006 opinion authorizing the dragnet a shockingly thin document, and Walton seems to have felt the need to lay out a more substantive case for the legality of it in 2008.)

But something else undermined that story: the pretense that the entire program arose from virgin birth in 2006.

Indeed, we know (though the government hasn’t actually admitted it, even though Ron Wyden has asked them to) that the Section 215 dragnet is actually just a part of the Dick Cheney’s illegal surveillance program placed under court sanction. Here’s how the NSA’s own draft IG Report (which was completed right smack dab in the middle of the discussions between Walton and the NSA about these violations) describes some aspects of the program, including the alert program that was part of the initial “discovery” of the violations.

(TS//SII/OC/NF) Analysis. NSA used a variety of tools to conduct metadata analysis and view the results. NSA’s primary tool for conducting metadata analysis, for PSP and traditional SIGINT collection, was MAINWAY. MAINWAY was used for storage, contact chaining, and for analyzing large volumes of global communications metadata. At the beginning of the PSP, only the “SIGINT Navigator” tool was available to view MAINWAY output. Over time, new tools and new processes, such as automated chaining alerting, were created to improve analysts’ efficiency. To obtain the most complete results, analysts used data collected under PSP and non-PSP authorities. Typically, they analyzed networks with two degrees of separation (two hops) from the target. Analysts determined if resulting information was reportable.

(TS//SII/OC/NF) In addition, an automated chaining alert process was created to alert analysts of new potentially reportable selectors. Previously approved selectors were compared to incoming MAINWAY data authorized by the PSP, E.O. 12333, or the FISC. Alerts of direct contacts with approved selectors were reported to NSA analysts for further analysis and potential reporting to FBI and CIA.

And here’s where the IG Report admits this all became the Section 215 dragnet.

(TS//SV/NF) According to NSA General Counsel Vito Potenza, the decision to transition telephony metadata to the Business Records Order was driven by a private sector company. After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephony metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order. 11

(TS//SII/NF) As with the PR/TT Order, DoJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisers. Their previous experience in drafting the PR/TT Order made this process more efficient.

Read more →

Double Dipping at SWIFT

September 15, 2013/16 Comments/in Financial Fraud, FISA /by emptywheel

Spiegel today reveals more details about NSA’s “Follow the Money” program, in which it collects credit card information from select geographical regions. In addition, as TV Globo also revealed last week, they are conducting Tailored Access Operations against SWIFT, the international financial transfer messaging system.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

Now, some caution about this claim is in order. Spiegel reports that NSA’s financial records database has 180 million records, of which 84% are credit card transactions.

The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.

Even assuming the balance of the records in the database come from SWIFT, that’s less than 29 million records (in 2011, so assume the number is larger now). In 2011, SWIFT was sending 17.5 million records a day. So whatever makes it into the actual database is just a small fraction of international traffic.

But that almost certainly doesn’t account for the bulk of the SWIFT information collected by the US government. Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.

The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.

Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.

Note, too, the timing. While Spiegel doesn’t provide enough details about the exploitation of SWIFT for us to date it, the dates it does provide about this financial spying are 2010 and 2011. That was the period when the EU was trying to put sensible limits to Treasury’s access of SWIFT.

Back when the intelligence community first decided to go after SWIFT data, their first plan was to just steal it.

Intelligence officials were so eager to use the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.

12 years later, they apparently are stealing at least some of it. That probably means they wanted data for transactions that have nothing to do with the counterterrorism application first SWIFT and then the EU bought off on. So there’s the legal access to counterterrorism data via Treasury, and the illegal access to (presumably) some other kind of data via NSA.

The Irony of Booz Vice Chair Mike McConnell’s Timing

September 13, 2013/1 Comment/in Contractors, FISA, PATRIOT /by emptywheel

Please support this kind of weedy journalism.

I’m in the process of going really deep in the weeds on this Section 215 stuff, just adjusting my earlier timelines.

Several of us have noted the curious timing of the discovery of the problems with Section 215 dragnet. November 2, 2008 was the stated high number of identifiers which the NSA could contact chain, at 27,090 (though when NSA started cleaning this stuff up they only audited back through November 1, 2008).

On December 10, 2008, two analysts (whom I wildarseguess suspect were actually FBI Agents) start doing searches on unapproved identifiers, doing 280 over the next month and a half.

On December 11 and 12, 2008, Reggie Walton wrote the first systematic opinion on this program and approved a new Primary Order.

On December 15, 2008, the NSA stopped one of its abusive alert system processes.

On January 9, 2009, NSA told folks at DOJ’s National Security Division about them.

By January 15, 2009, NSA had seemingly purged thousands of identifiers from its alert list, because on that day (five days before the inauguration) it had only 17,835, down from 27,090 two days before Obama was elected.

January 20, 2009: Obama took the oath as President, replacing George Bush.

That, of course, led to change at key positions. One which I find remarkably interesting, however was that of Mike McConnell, who had spent two years as Director of National Intelligence (just long enough to get immunity for those who did all this illegally under Cheney’s program). McConnell left on January 27, 2009, leading to a delay on (reported) DNI involvement in this until his replacement Dennis Blair came in on January 29. Blair was briefed on this on his second day in office, January 30, 2009.

I don’t know — because the documents don’t say (see, especially, Keith Alexander’s chart on page 25 of his declaration that is totally non-responsive about anyone in DNI who would have known about these problems)– how much the revolving Intelligence Contractor Exec McConnell knew about NSA’s extension of the illegal Cheney program, illegally, under the FISC sanctioned Section 215 order.

But remember: as Vice Chair of Booz, Mike McConnell was (sort of) Edward Snowden’s boss until the latter absconded with proof of these gross violations under McConnell’s tenure at DNI.

Among other things, this rough outline suggests this wasn’t so much a “discovery” of violations, it was an attempt to hide what at least some people knew were systematic and gross violations of the Section 215 program, just before Obama came in and replaced some of the top players.

But I do find it ironic that McConnell’s company, Booz, played its small part in making all this clear.