Steve King Just Voted to Subject Americans to “Worse than Watergate”

Devin Nunes has launched the next installment of his effort to undercut the Mueller investigation, a “Top Secret” four page report based on his staffers’ review of all the investigative files they got to see back on January 5. He then showed it to a bunch of hack Republicans, who ran to the right wing press to give alarmist quotes about the report (few, if any, have seen the underlying FBI materials).

Mark Meadows (who recently called for Jeff Sessions’ firing as part of this obstruction effort) said, “Part of me wishes that I didn’t read it because I don’t want to believe that those kinds of things could be happening in this country that I call home and love so much.”

Matt Gaetz (who strategized with Trump on how to undercut the Mueller investigation on a recent flight on Air Force One) said, “The facts contained in this memo are jaw-dropping and demand full transparency. There is no higher priority than the release of this information to preserve our democracy.”

Ron DeSantis (who joined Gaetz in that Air Force One strategy session with Trump and also benefitted directly from documents stolen by the Russians) said it was “deeply troubling and raises serious questions about the [the people in the] upper echelon of the Obama DOJ and Comey FBI,” who of course largely remain in place in the Sessions DOJ and Wray FBI.

Steve King claimed what he saw was, “worse than Watergate.” “Is this happening in America or is this the KGB?” Scott Perry said. Jim Jordan (who joined in Meadows’ effort to fire Sessions) said, “It is so alarming.” Lee Zeldin said the FBI, in using FISA orders against Russians and facilities used by suspected agents of Russia was relying “on bad sources & methods.”

It all makes for very good theater. But not a single one of these alarmists voted the way you’d expect on last week’s 702 reauthorization votes if they were really gravely concerned about the power of the FBI to spy on Americans.

Indeed, Gaetz, DeSantis, and King — three of those squawking the loudest — voted to give the same FBI they’re claiming is rife with abuse more power to spy on Americans, including political dissidents. Nunes, who wrote this alarming report, also wrote the bill to expand the power of the FBI he’s now pretending is badly abusive.

Even those who voted in favor of the Amash-Lofgren amendment and against final reauthorization — Meadows, Jordan, and Perry, among some of those engaging in this political stunt — voted against the Democratic motion to recommit, which would have at least bought more time and minimally improved the underlying bill (Justin Amash and Tom Massie, both real libertarians, voted with Democrats on the motion to recommit). Zeldin was among those who flipped his vote, backing the bill that will give the FBI more power after making a show of supporting Amash’s far better bill.

In short, not a single one of these men screaming about abuse at the FBI did everything they could do to prevent the FBI from getting more power.

Which — if you didn’t already need proof — shows what a hack stunt this is.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Jack Goldsmith and Susan Hennessey Run Cover for Those Giving Jeff Sessions Unreviewable Authority to Criminalize Dissent

I’m used to Susan Hennessey partnering with Ben Wittes to write apologies for NSA and FBI that ignore known facts. I’m a bit surprised that Jack Goldsmith did so in this defense of Democrats — like Adam Schiff and Nancy Pelosi and nineteen Democratic Senators — who have voted to give Jeff Sessions unreviewable authority to criminalize dissent using certain privacy tools.

NSA did not fix “abouts” problems before the issues became public

There are numerous problems with this post. The one that irks me the most, however, is the claim that the “system itself” identified and addressed problems with “abouts” collection before they became public.

We acknowledge that the program has raised hard legal questions as well as difficult compliance issues, primarily involving “abouts” collection. But these problems were identified by the system itself, long before the issues became public, and the practices were fixed or terminated.

This claim, one I’ve corrected Hennessey for on numerous occasions on Twitter, is false, and should be retracted.

I say that with great confidence, because I wrote about the problems on August 11, 2016, well before NSA failed to disclose the full extent of the problems in an October 4, 2016 hearing, which led the worst FISC judge ever, Rosemary Collyer, to complain about NSA’s institutional “lack of candor.”

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

As a reminder, the problem (the FISC has) with “abouts” collection is not so much that it collected entirely domestic communications — that’s the complaint of the rest of us. It’s that NSA never ever complied with John Bates’ 2011 requirement that NSA not conduct back door searches on upstream collection, because it might result in searches of those entirely domestic communications. In my August 2016 post, I noted that reviewers kept discovering that NSA continued to do back door searches on upstream data in violation of that prohibition, and kept refusing to implement technical fixes to avoid them.

I also raised concerns about the oversight of 704/705(b), which is how the NSA first realized how badly non-compliant their upstream searches were, on May 13, 2016, That’s about when NSA first reported to DOJ “in May and June 2016” that “approximately eighty-five percent of” queries using a tool the NSA employs with 704/705b queries “were not compliant with the applicable minimization procedures.”

I’ll grant that I’m remarkably attentive to documents that get declassified years after the fact. But I’m nevertheless “the public.” If I’m identifying these problems — and NSA’s refusal to make the technical fixes to avoid them — before they get fully briefed to DOJ or FISC, then it is absolutely false to claim that “the system” fixed or terminated the problem long before they became public.

Again, Lawfare should issue a retraction for that claim.

Update, January 19: On Twitter yesterday, Hennessey claimed I misread this quote, and that her proof that the system works was that the NSA had gotten away with ignoring Bates’ orders for five years, but finally shut it down before the public learned that NSA had been ignoring FISC’s orders.

This is still factually false — as I responded to her, the NSA was still identifying problems for eight months after I wrote about the problems, even assuming it had found all of them by April 2017, which was the last declassified reporting on it. But her explanation actually makes the comment downright damning for the NSA. It suggests a lawyer who was at NSA during the period it was not in compliance believes that getting away with violating the Fourth Amendment for five years, but fixing it before documents released on a three year delay (and only because of Snowden) is a sign of a law-abiding agency.

A portrait of a guy who doesn’t know key details as a rigorous overseer

The fact that I was harping on the “abouts” problems before any overseers of the program managed to fully investigate and fix them by itself disproves the claims that Hennessey and Goldsmith make in their hagiography of Adam Schiff.

He is the ranking Democrat on the House intelligence committee and one of the most knowledgeable and informed members of Congress on intelligence matters. Schiff has not hesitated to be  when he sees fit. He has watched the 702 program up close over many years in classified settings in his oversight role. He knows well its virtues and its warts. We suppose it is possible that Schiff would vote to give the president, whose integrity he so obviously worries about, vast powers to spy on Americans in an abusive way. Given everything Schiff has publicly said and done over the last year, however, a much more plausible inference is that he knows not only how valuable the 702 program is but also how law-constrained and carefully controlled and monitored it is.

Plus, I’m not sure why they think that Schiff’s attempt to fix the Section 215 phone dragnet only after Edward Snowden made it public proves that Schiff “never hesitated to be critical of intelligence community practices.” On the contrary, it proves that he did hesitate to do so before excessive programs became public.

The distinction is utterly critical given something I’ve pointed out about this bill. The bill itself is an admission that the intelligence community is out of control, and that congressional overseers can’t get information they need to adequately oversee the program without demanding it in legislation. That’s because it requires the IC to provide information on two practices that Congress cannot be deemed competent to legislate on without having answers about first.

For example, the bill requires an IG Report on how FBI queries raw data.

(b) MATTERS INCLUDED.—The report under subsection (a) shall include, at a minimum, an assessment of the following:

(1) The interpretations by the Federal Bureau of Investigation and the National Security Division of the Department of Justice, respectively, relating to the querying procedures adopted under subsection (f) of section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(f)), as added by section 101.

[snip]

(6) The scope of access by the criminal division of the Federal Bureau of Investigation to information obtained pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), including with respect to information acquired under subsection (a) of such section 702 based on queries conducted by the criminal division.

(7) The frequency and nature of the reviews conducted by the National Security Division of the Department of Justice and the Office of the Director of National Intelligence relating to the compliance by the Federal Bureau of Investigation with such querying procedures.

I have explained (and I know Hennessey regards this as a problem too) that since 2012, FBI has devolved its access to raw 702 data to field offices. The FBI already conducted far, far less oversight of the back door searches it conducts than NSA does. But because the DOJ/DNI 702 review teams visit only a fraction of the FBI field offices with each review, and because FBI’s querying system doesn’t collect enough information to do oversight remotely, it is possible that the offices that are least familiar with 702 requirements are — for the smaller number of 702 queries they conduct — getting the least oversight.

You can’t pass a bill that effectively blesses FBI’s use of back door searches on Americans about whom it has no evidence of any wrongdoing, while admitting you don’t know how FBI conducts those back door searches, and make any claim to conduct adequate oversight. Rather, the bill permits FBI to continue practices it has stubbornly refused to brief Congress on, rather than demanding that FBI brief Congress first, so Congress can impose any restrictions that might be necessary to adequately protect Americans.

The bill also requires a briefing within six months to explain how DOJ complies with FISA’s legally mandated notice requirements (because notice under 702 is treated as notice under 106(c), this covers 702 surveillance as well).

Not later than 180 days after the date of the enactment of this Act, the Attorney General, in consultation with the Director of National Intelligence, shall provide to the Committee on the Judiciary and the Permanent Select Committee on Intelligence of the House of Representatives and the Committee on the Judiciary and the Select 10 Committee on Intelligence of the Senate a briefing with respect to how the Department of Justice interprets the requirements under sections 106(c), 305(d), and 405(c) of the Foreign Intelligence Surveillance Act of 1978 (50 14 U.S.C. 1806(c), 1825(d), and 1845(c)) to notify an aggrieved person under such sections of the use of information obtained or derived from electronic surveillance, physical search, or the use of a pen register or trap and trace device. The briefing shall focus on how the Department interprets the phrase ‘‘obtained or derived from’’ in such sections.

The public treatment of DOJ’s serial, obvious failures to give notice to defendants is a nifty trick. When DOJ fails to give notice, it clearly violates the law, but notice is not included in minimization procedure review, so therefore is not reviewed by the FISC. When surveillance boosters like Hennessey and Goldsmith say there have never been any willful violations of the law, they manage to ignore the notice violations that have allowed some pretty problematic practices to avoid judicial oversight only because by breaking the law DOJ ensures no court will find them to be breaking the law.

Catch 22: Heads legal violations never get reviewed by a court, tails surveillance boosters can claim the surveillance has a clean bill of health.

Again, this is a known, egregious problem with the implementation of 702.

But rather than do the obvious thing as part of what this post dubs “robust democratic deliberation,” which is to demand answers about how notice is (not) given and require DOJ to fix it as part of the bill, the bill instead simply requires DOJ to provide the information that Congress needs to do basic oversight six months after reauthorization, which effectively punts fixing the problem six years down the road.

How many Chinese-American scientists will be improperly prosecuted because FBI is technically inane in those 6 years, because a bunch of California legislators like Nancy Pelosi, Adam Schiff, and Dianne Feinstein chose to punt on basic oversight?

The most egregious example of this, however, involves the government’s obstinate refusal to explain how many US persons are affected by 702. This bill also did not incorporate an HJC proposal requiring a count of how many Americans got referred for criminal prosecution off of 702 collection.

Letting Jeff Sessions criminalize dissent

That refusal — the refusal to even legislatively require the government to report on the impact of 702 surveillance on Americans, via incidental collection and/or criminal referral — brings us to the problem with this bill that opponents are all raising, but about which Hennessey and Goldsmith are inexcusably silent: the codification of giving Jeff Sessions unreviewable authority to determine what counts as a “criminal proceeding [that] affects, involves, or is related to the national security of the United States.”

Here’s how Hennessey and Goldsmith describe the impact of this program on Americans.

As Lawfare readers know, Section 702 authorizes the intelligence community to target the communications of non-U.S. persons located outside the United States for foreign intelligence purposes. It does not permit the intelligence community to target a U.S. person anywhere in the world. But it does permit incidental collection on U.S. persons, subject to strict rules about minimization and use.

Their silence about how the bill doesn’t deal with back door searches is problematic enough.

But they predictably, but problematically, make no mention of the way the bill codifies the use of 702 in domestic law enforcement under the Tor/VPN exception.

As I have laid out, in 2014 FISC created an exception to the rule that NSA must detask from a facility as soon as they learn that Americans are also using that facility. That exception applies to Tor and (though I understand this part even less) VPN servers — basically the kinds of privacy tools that criminals, spies, journalists, and dissidents might use to hide their online activities. NSA has to sort through what they collect on the back end, but along the way, they get to decide to keep any entirely domestic traffic they find has significant foreign intelligence purpose or is evidence of a crime, among other reasons. The bill even codifies 8 enumerated crimes under which they can keep such data. Some of those crimes — child porn and murder — make sense, but others — like transnational crime (including local drug dealers selling imported drugs) and CFAA (with its well-known propensity for abuse) pose more potential for abuse.

But it’s the unreviewable authority for Jeff Sessions bit that is the real problem.

We know, for example, that painting Black Lives Matter as a national security threat is key to the Trump-Sessions effort to criminalize race. We also know that Trump has accused his opponents of treason, all for making critical comments about Trump.

This bill gives Sessions unreviewable authority to decide that a BLM protest organized using or whistleblowing relying on Tor, discovered by collection done in the name of hunting Russian spies, can be referred for prosecution. The fact that the underlying data predicating any prosecution was obtained without a warrant under 702 would — in part because this bill doesn’t add teeth to FISA notice — ensure that courts would never learn the genesis of the prosecution. Even if a court somehow managed to do so, however, it could never deem the domestic surveillance unlawful because the bill gives Jeff Sessions the unreviewable authority to treat dissent as a national security threat.

This is such an obviously bad idea, and it is being supported by people who talk incessantly about the threat that Trump and Sessions present. Yet, rather than addressing the issue head on (which I doubt Hennessey could legally do in any case), they simply remain silent about what is the biggest complaint from privacy activists, that this gives a racist, vindictive Attorney General far more authority than he should have, and does so without fixing the inadequate protections for criminal defendants along the way.

I mean, I get that surveillance boosters who recognize the threat Trump and Sessions pose want to absolve themselves for giving Trump tools that can so obviously be abused.

But this attempt does so precisely by dodging the most obvious reasons for which boosters should be held to account.

Update: Changed post to note that just Trump has accused FBI Agents of treason, not Sessions, and not (yet) journalists.

Update: Here’s the roll call of the 65-34 vote passage of the bill. Democrats who voted in favor are:

  1. Carper
  2. Casey
  3. Cortez Masto
  4. Donnelly
  5. Duckworth
  6. Feinstein
  7. Hassan
  8. Heitkamp
  9. Jones
  10. Klobuchar
  11. Manchin
  12. McCaskill
  13. Nelson
  14. Peters
  15. Reed
  16. Schumer
  17. Shaheen
  18. Stabenow
  19. Warner
  20. Whitehouse

 

The 702 Capitulations: a Real Measure of the “Deep State”

There were two details of the Section 702 reauthorization in the House that deserve more attention, as the Senate prepares for a cloture vote today at 5:30.

First, in the Rules Committee hearing for the bill, Ranking House Judiciary Committee member Jerry Nadler revealed that the FBI stopped engaging with his staffers when the two sides reached a point on negotiations over the bill beyond which they refused to budge.

Effectively, FBI just used the dual HJC/House Intelligence jurisdiction over FISA to avoid engaging in the legislative process, to avoid making any concessions to representatives supposedly overseeing this program.

As a result, the final bill included only a sham warrant requirement — one that will give criminal suspects more protection against warrantless search than it gives people against whom the FBI has no suspicion — and provided an easy way for the NSA to turn “about” collection (which has been the source of repeated NSA violations of FISA over the years) back on.

Then there was the effort Nancy Pelosi made to use the President’s reactive FISA tweet to impose a few more limits on the warrant requirement. In a filibustering speech, she suggested that Trump’s tweet claiming his had been surveilled and abused under the law (in reality, Title I warrants were used during the campaign, but Section 702 has likely been part of the investigation as well) necessitated a motion to recommit instructing HPSCI to boost the protections for Americans.

Pelosi had to have know the motion would fail (it did, with just six of the most libertarian Republicans joining Democrats in support). She counts votes better than anyone.

What the vote was really about was an effort not to fix the real problems with the bill. Nor was it a meaningful effort to add anything but illusory protections to the bill. It was an effort to make a vote in support of the bill more politically palatable. Pelosi (and Adam Schiff, who worked closely with Pelosi on this front) appears to have known that there will be political costs for supporting this bill, perhaps especially in San Francisco where one-fifth of Pelosi’s constituents are Chinese-American, one of the groups most disproportionately affected by the spying program.

She knew she was going to have to vote for the bill, political cost and all, and was trying to use Trump’s tweet to minimize the costs of doing so.

These two events, in my opinion, show how dysfunctional legislation affecting the “Deep State,” the entrenched national security bureaucracy, is. There is a clear political recognition among the Democratic leaders cooperating in passing the bill that the bill goes too far. Probably, they worry about what will happen when we learn how Jeff Sessions will use the unreviewable authority to deem either warrantless back door searches for Americans’ names or retention of Tor and VPN domestic collection a “national security” issue to target Democratic constituencies.

But that recognition was not enough to muster the political will to oppose the bill.

Heads the “Deep State” wins, tails democratic oversight fails.

Incidental Collection Under Section 702 Has Probably Contributed to Trump’s Downfall, Too

As you’ve no doubt heard, the House passed the bad reauthorization to Section 702 yesterday. The Senate will vote on cloture on Tuesday — though both Rand Paul and Ron Wyden have threatened to filibuster it — and will almost certainly be voted into law after that.

I’ll have comment later on the rising costs, for politicians, for mindlessly reauthorizing these bills in a follow-up post.

Paul Ryan told President Trump Section 702 hasn’t affected his people

But for the moment, I want to comment on the debate that took place in response to Trump’s two tweets. The first tweet, which was clearly a response to a Judge Napolitano piece on Fox News yesterday morning, complaining about FISA.

Then, after a half hour lesson from Paul Ryan on the different FISA regimes (note, for some reason Devin Nunes was conspicuously absent from much of this process yesterday, both the coddling of the President and managing debate on the bill), a follow-up tweet hailing Section 702’s utility for “foreign surveillance of foreign bad guys on foreign land.”

In response to those tweets, many commenters stated, as a matter of fact, that Trump hasn’t been impacted by Section 702, that only traditional FISA intercepts drove key developments in the Russian investigation.

That’s unlikely to be true, and I suspect we already have evidence that that’s not the case.

It is true that incidental collection on a Title I got Mike Flynn in trouble

To defend the case that incidental collection off a traditional FISA order has impacted Trump’s administration, people point to the December 29, 2016 intercepts of communications between Sergey Kislyak and Mike Flynn which were cited in Flynn’s guilty plea. It is true that those intercepts were done under a traditional FISA order. Admiral Mike Rogers as much as confirmed that last March in his efforts to explain basic FISA law to the House Intelligence Committee Republicans who are supposed to oversee it.

Rogers: FISA collection on targets in the United States has nothing to do with 702, I just want to make sure we’re not confusing the two things here. 702 is collection overseas against non US persons.

And Speaker Ryan, fresh off his efforts to teach the President basic surveillance law, yesterday clarified — inaccurately — that,

Title 1 of the FISA law is what you see in the news that applies to U.S. citizens. That’s not what we’re talking about here. This is Title 7, Section 702. This is about foreign terrorists on foreign soil.

Whatever the facts about FISA orders targeting Carter Page and Paul Manafort, the intercepts that have done the most known damage to the Trump Administration so far targeted a foreigner on US soil, Sergey Kislyak, and Flynn just got picked up incidentally.

Papadopoulos’ affidavit and statement of offense make different claims about his false claims and obstruction

But as I said, I suspect it is highly likely the Trump Administration has also been brought down by an American being caught up incidentally in a Section 702 tasking. That’s because of several details pertaining to the George Papadopoulos plea which I nodded to here; they strongly suggest that Papadopoulos’ Facebook communications with Joseph Mifsud were first obtained by the FBI via Section 702, and only subsequently parallel constructed using a warrant. It’s further likely that the FBI obtained a preservation order on Papadopoulos’ Facebook account before he deleted it because of what they saw via Section 702. [Update: KC has alerted me that they may not have gotten a preservation order, but instead were able to access the Facebook account because that content doesn’t all go away when you deactivate an account, which is what the October 5 document describes as happening.]

Compare the two descriptions of how Papadopoulos obstructed justice. The July 28, 2017 affidavit supporting Papadopoulos’ arrest describes Papadopoulos destroying his Facebook account to hide conversations he had with Timofeev.

The next day, on or about February 17, 2017, however, GEORGE PAPADOPOULOS, the defendant, shut down his Facebook account, which he had maintained since approximately August 2005. Shortly after he shut down his account, PAPADOPOULOS created a new Facebook account.

The Facebook account that PAPADOPOULOS shut down the day after his interview with the FBI contained information about communications he had with Russian nationals and other foreign contacts during the Campaign, including communications that contradicted his statements to the FBI. More specifically, the following communications, among others, were contained in that Facebook account, which the FBI obtained through a judicially authorized search warrant.

The affidavit makes it clear that Papadopoulos attempted to hide “his interactions during the Campaign with foreign contacts, including Russian nationals.” The descriptions of the communications that Papadopoulos attempted to hide are described as “a Facebook account identified with Foreign Contact 2,” Timofeev.

The FBI recorded both interviews, suggesting they already by January 27 they had reason to worry that Papadopoulos might not tell the truth.

The October 5 statement of the offense describes one of Papadopoulos’ false statements this way:

PAPADOPOULOS failed to inform investigators that the Professor had introduced him to the Russian MFA Connection [Timofeev], despite being asked if he had met with Russian nationals or “[a]nyone with a Russian accent” during the Campaign. Indeed, while defendant PAPADOPOULOS told the FBI that he was involved in meetings and did “shuttle diplomacy” with officials from several other countries during the Campaign, he omitted the entire course of conduct with the Professor and the Russian MFA Connection regarding his efforts to establish meetings between the Campaign and Russian government officials.

And it describes his obstruction this way:

The next day, on or about February 17, 2017, defendant PAPADOPOULOS deactivated his Facebook account, which he had maintained since approximately August 2005 and which contained information about communications he had with the Professor and the Russian MFA Connection. Shortly after he deactivated his account, PAPADOPOULOS created a new Facebook account that did not contain the communications with the Professor and the Russian MFA Connection.

On or about February 23, 2017, defendant PAPADOPOULOS ceased using his cell phone number and began using a new number.

In neither document does FBI mention having the content of Papadopoulos’ April 2016 Skype calls with Timofeev and neither one cites data — such as texts — that might have been on his cell phone.

What FBI (probably) learned when

While we can’t be sure — after all, the government may simply be withholding more information from other suspects — the differences between the two legal filings and other public information suggest the following evolution in what the government knew of Papadopoulous’ communications with his interlocutors when. Most importantly, the FBI had learned of Papadopoulos’ communications with Joseph Mifsud and Olga Vinogradova before his two interviews, but they had not learned of his communications with Ivan Timofeev.

Late July 2016

In a drunken conversation in May 2016, Papadopoulos told the Australian Ambassador Alexander Downer that he had been told (by Joseph Mifsud, but it’s not clear Papadopoulos would have revealed that) the Russians had dirt on Hillary in the form of emails.

Before January 27, 2017

  • Papadopoulos might lie and so should be recorded
  • Papadopoulos had interesting communications with Joseph Mifsud and Olga Vinogradova
  • Since Timofeev did not come up in the interview, FBI appears not to have learned of those conversations yet

Before February 16, 2017

  • Papadopoulos’ Facebook was interesting enough to sustain a preservation request but (because FBI still didn’t know about Timofeev) FBI had not yet accessed its content via Papadopoulos [Though see update above]
  • FBI had not yet accessed Skype, which would have shown call records between Timofeev and Papadopoulos
  • FBI did not have a warrant on Papadopoulos’ phone and never obtained one before February 23

By July 28, 2017

  • FBI had obtained a warrant for Papadopoulos’ email
  • FBI had read the Facebook content Papadopoulos tried to delete, discovering the communications (and the relationship) with Timofeev
  • FBI had identified the Skype conversations that had taken place, but not in time to collect them using 702

By October 5, 2017

  • FBI had obtained far more email from the campaign side
  • FBI had discovered that, in addition to destroying his Facebook account, Papadopoulos had also gotten a new phone number (and, I suspect, a new phone), thereby destroying any stored texts on the phone

FBI probably tracked Papadopoulos’ Facebook communications with Mifsud before February 16

Again, this is just a guess, but given the evolution of FBI’s understanding about Papadopoulos laid out above, it seems highly likely that FBI had obtained some (but not all) of Mifsud’s communications before February 16, had submitted preservation requests to Papadopoulos’ providers, but had not yet obtained any legal process for content via Papadopoulos. Given that Papadopoulos’ Facebook content was preserved even in spite of his effort to destroy it, it seems clear the government had reason to know its content was of interest, but it did not yet know about his Facebook communications with Timofeev. This is how FBI routinely launders Section 702 information through criminal process, by getting a warrant for the very same content available at PRISM providers that they already obtained via PRISM. They key detail is that they appear to have known about the content of some but not all of Papadopoulos’ Facebook messages in time to preserve the account before February 16.

This strongly suggests the FBI had obtained Mifsud’s Facebook content, but not Papadopoulos’.

Once FBI opened a full investigation into the Russian ties — which we know they did in late July, in part because of that Papadopoulos conversation about the Mifsud comments — it could task and obtain a raw feed of any known PRISM account for any foreigner overseas associated with that investigation. Once it identified Mifsud as Papadopoulos’ interlocutor — and they would have been able to identify their common relationship from their common front organization, the London Centre of International Law Practice — they would have tasked Mifsud on any identifier they could collect.

And collecting on Facebook would be child’s play — just ask nicely. So it would be shocking if they hadn’t done it as soon as they identified that Mifsud was Papadopoulos’ interlocutor and that he had a Facebook account.

Incidental collection under 702 may have led to the preservation of evidence about the Timofeev relationship Papadopoulos tried to destroy

If all this is right — and it is admittedly just a string of well-educated guesses — then it means FBI’s ability to incidentally collect on Papapdopoulos by targeting Mifsud may have been what led them to take action to preserve Papadopoulos’ Facebook content, and with it evidence of ongoing communications with Timofeev that he had tried to hide.

And the fact that he did try to hide it is what led to Mueller flipping his first cooperating witness.

So if all this is right, then incidental collection on Papadopoulos under Section 702 may be every bit as central to Trump’s legal jeopardy right now as the incidental collection on Flynn under Title I. They’re both critical pieces in proving any hypothetical case that Trump traded policy considerations for the release of Hillary emails.

This is how Section 702 is supposed to work, and could be done under USA Rights

Let me be clear: I’m not saying the discovery of Papadopoulos’ Facebook communications with Mifsud and through them his Facebook communications with Timofeev is an abuse. On the contrary, this is how 702 is supposed to work.

If we’re going to have this program, it should be used to target suspect agents of a foreign power located overseas, as Mifsud clearly was. If he was targeted under 702, he was targeted appropriately.

But there is no reason to believe doing so required any of the more abusive uses of 702 that USA Rights would limit. Unless Mifsud was already tasked at FBI when they opened the investigation in July 2016, there’s no reason to believe this account could have been found off of a back door search at FBI. Mifsud may have been tasked at NSA or even CIA, but if he was, searching on Papadopoulos because the government suspected he was being recruited by a foreign power would fall under known justifications for back door searches at those foreign intelligence agencies (especially at CIA).

USA Rights would permit the use of this 702 information to support the criminal case against Papadopoulos, because it’s clearly a case of foreign government spying.

And no use of the Tor exception would be implicated with this search.

In other words, Section 702 as Ron Wyden and Rand Paul and Justin Amash and Zoe Lofgren would have it would still permit the use of Section 702 as a tool to — ultimately — lead FBI to figure out that Papadopoulos was hiding his contacts with Ivan Timofeev.

As it turns out, the kinds of people Trump’s foreign policy advisor George Papadopoulos was chatting up on Facebook — Joseph Mifsud and Ivan Timofeev — are precisely the kind of people the FBI considers “foreign bad guys on foreign land” for the purposes of Section 702, meaning the Bureau could get their Facebook account quite easily.

And the incidental collection of Americans of such conversations can be — may well have been — as dangerous to Donald Trump as the incidental collection of Americans under Title I.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

What HPSCI Wants to Protect in 702: Back Doors, the Tor Exception, and a Dysfunctional FISC

The House is revving up to vote on 702 reauthorization, offering either the shitty bill drafted by Devin Nunes, Adam Schiff, and Devin Nunes or the Amash amendment (which is the Wyden-Paul USA Rights bill). As I noted in a piece at The New Republic,

Congress is, in an apparently serious attempt at surveillance reform, about to make it easier for the FBI to spy on those whom it has zero evidence of wrongdoing than those whom it has probable cause to suspect of illegal behavior. This bill would protect a very small subset of suspected criminals—perhaps just one a year, based on reporting from 2016. But it would do nothing to prevent the FBI from reading the communications of any innocent American who is named in a tip.

HPSCI has come out with a one pager making shite up about USA Rights. And I’m interested in three things HPSCI prioritizes:

  • Ensuring that NSA can order companies to bypass encryption
  • Sustaining the Tor domestic spying exception
  • Coddling the dysfunction of the FISA Court

Ensuring that NSA can order companies to bypass encryption

The HPSCI flyer complains that USA Rights,

Significantly limit[s] the Government’s ability to obtain Section 702 information on foreign terrorists by unnecessarily restricting when the Government may ask for technical assistance from electronic communication service providers;

At issue is language in USA Rights that limits government requests for technical assistance to things that are necessary, narrowly tailored, and would not pose an undue burden.

(B) LIMITATIONS.—The Attorney General or the Director of National Intelligence may not request assistance from an electronic communication service provider under subparagraph (A) without demonstrating, to the satisfaction of the Court, that the assistance sought—

(i) is necessary;

(ii) is narrowly tailored to the surveillance at issue; and

(iii) would not pose an undue burden on the electronic communication service provider or its customers who are not an intended target of the surveillance.

It is clear this is Wyden’s effort to prohibit the government from using individual directives (which are not reviewed by the FISA Court) to back door or circumvent a company’s encryption. While the government says it has not yet asked the FISC to force companies to do this (which is different from saying they haven’t asked and gotten companies to willingly do so), it has dodged whether it has asked companies to circumvent their own encryption.

So basically, one of the big things HPSCI thinks is wrong with USA Rights is that it won’t let NSA back door your phone.

Sustaining the Tor domestic spying exception

The HPSCI flyer claims that USA Rights,

Mandat[es] a flat prohibition on the use of Section 702 information in prosecuting dangerous criminals, including murderers and child abusers;

That flips reality on its head. What HPSCI is trying to protect, here, is its carve-out permitting the use of 702 information for anything that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

[snip]

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

As I have noted, the carve out, taken in conjunction with the 2014 exception letting the NSA collect on location obscuring servers (like VPNs and Tor) used by Americans, effectively makes 702 a domestic spying bill (on top of permitting its use for anything else Jeff Sessions claims is related to national security).

In other words, HPSCI doesn’t so much want 702 to spy on the terrorists, spies, and proliferators included in USA Rights: it wants to spy domestically.

Coddling the dysfunction of the FISA Court

Finally, the HPSCI flyer complains that USA Freedom,

Subvert[s] the authority and expediency of the Foreign Intelligence Surveillance Court by requiring an amicus review during every Section 702 authorization; and

This is a complaint about a number of common sense measures that make the FISA Court more credible, most notably requiring each 702 authorization to include an amicus review. The bill also includes measures to make the amicus review more robust, like enough advance involvement to be useful.

For a body of Congress to guard “the authority and expediency” of the FISC — especially in the wake of last year’s debacle of a ruling from Rosemary Collyer, who stubbornly refused to follow the law and either appoint an amicus or explain why she chose not to do so, is an outright abdication of congressional authority.

The FISC just defied Congressional intent as reflected in USA Freedom Act. USA Rights would make it harder for the FISC to continue to do so. And HPSCI’s response to that is to whimper that Congress is “subverting the authority” of another branch by demanding that it follow the law?

Update: DemandProgress did a fact check of this flyer that’s quite good.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Base Bill for 702 Reauthorization: Serial Admissions Oversight Committees Haven’t Been Doing Their Jobs

On Tuesday, the Rules Committee will do rules for a 702 reauthorization bill that is based on the HPSCI bill, but with some improvements designed to get Adam Schiff and Bob Goodlatte on board.

The changes are:

Eliminates expansion to definition of foreign power

The HPSCI bill had expanded the definition of a foreign power to include those engaged in “international malicious cyber activity” defined as someone who,

engages in international malicious cyber activity that threatens the national defense or security of the United States, or activities in preparation therefor, for or on behalf of a foreign power, or knowingly aids or abets any person in the conduct of such international malicious cyber activity or activities in preparation therefor, or knowingly conspires with any person to engage in such international malicious cyber activity or activities in preparation therefor;

It was particularly problematic given that activity that was merely “directed by” persons located outside the US qualified. This provision has been struck. (Note, the inclusion and then removal of it seems to confirm that there is not yet a separate Cyber certificate, beyond the cyber collection on designated foreign hacking groups currently done under the Foreign Government certificate.)

Adds a stripped down version of the meaningless HJC warrant requirement

The bill adds a warrant requirement before accessing the communications identified by metadata for use in a fully predicated criminal investigation (this is basically the existing HPSCI optional warrant, made obligatory for a narrow use), one that is as meaningless as the HJC warrant requirement. The caveats make it clear how meaningless it is, particularly clause iii that permits FBI to run queries even before they’ve opened an assessment.

(F) RULE OF CONSTRUCTION.—Nothing in this paragraph may be construed as—

(i) limiting the authority of the Federal Bureau of Investigation to conduct lawful queries of information acquired under subsection (a);

(ii) limiting the authority of the Federal Bureau of Investigation to review, without a court order, the results of any query of information acquired under subsection (a) that was reasonably designed to find and extract foreign intelligence information, regardless of whether such foreign intelligence information could also be considered evidence of a crime; or

(iii) prohibiting or otherwise limiting the ability of the Federal Bureau of Investigation to access the results of queries conducted when evaluating whether to open an assessment or predicated investigation relating to the national security of the United States.

In other words, back door searches will still function as Google for FBI (perhaps even at a more basic level), except for the one time a year when an Agent discovers communications she wants when she’s already deep into an a criminal investigation and can’t justify accessing the information on national security (including recruiting someone as an informant) grounds.

Or to put it more bluntly: FBI can access information more easily if they have zero suspicion than if they have probable cause, effectively flipping the Fourth Amendment on its head.

Ends a requirement FBI count how many acquisitions from criminal queries they obtain

The bill eliminates this requirement from reporting obligations under the old HPSCI bill.

‘(D) the number of instances in which the Federal Bureau of Investigation has received and reviewed the unminimized contents of electronic communications or wire communications concerning a United States person obtained through acquisitions authorized under such section in response to a search term that was not designed to find and extract foreign intelligence information;

think this would have the effect of hiding any criminal investigations that get opened off queries at the assessment stage (which would also serve to hide how the warrant requirement doesn’t actually protect the searches that most need protection).

Adopts the HJC definition of about collection

The HPSCI bill replaces its old definition of about collection,

(5) may not intentionally acquire communications that contain a reference to, but are not to or from, a facility, place, premises, or property at which an acquisition authorized under subsection (a) is directed or conducted, except as provided under section 203(b) of the FISA Amendments Reauthorization Act of 2017;

With the HJC one.

(5) may not intentionally acquire communications that contain a reference to, but are not to or from, a target of an acquisition authorized under subsection (a), except as provided under section 103(b) of the FISA Amendments Reauthorization Act of 2017; and

In reality, the government is collecting on facilities in any case (though the HJC definition is the one Rosemary Collyer adopted in last year’s reauthorization).

That said, the bill adopts the HPSCI method of restarting about collections, which (IMO) will result in an emergency reauthorization, followed by Congress failing to use its veto power to turn about back off again.

Eliminates unmasking changes

The bill takes out the unmasking changes that were in the HPSCI bill, which had offended Schiff. This will result in far too many Democrats reauthorizing 702 without meaningful changes.

Adds in inadequate whistleblower protections

The bill adds in the worse-than-nothing whistleblower protections from the HJC bill.

Requires a DOJ IG Report on FBI’s use of queries

The bill adds a DOJ IG Report — due within a year of the bill — that lays out,

(b) MATTERS INCLUDED.—The report under sub20 section (a) shall include, at a minimum, an assessment of the following:

(1) The interpretations by the Federal Bureau of Investigation and the National Security Division of the Department of Justice, respectively, relating to the querying procedures adopted under subsection (f) of section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(f)), as added by section 101.

(2) The handling by the Federal Bureau of Investigation of individuals whose citizenship status is unknown at the time of a query conducted under such section 702.

(3) The practice of the Federal Bureau of Investigation with respect to retaining records of queries conducted under such section 702 for auditing purposes.

(4) The training or other processes of the Federal Bureau of Investigation to ensure compliance with such querying procedures.

(5) The implementation of such querying procedures with respect to queries conducted when evaluating whether to open an assessment or predicated investigation relating to the national security of the United States.

(6) The scope of access by the criminal division of the Federal Bureau of Investigation to information obtained pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), including with respect to information acquired under subsection (a) of such section 702 based on queries conducted by the criminal division.

(7) The frequency and nature of the reviews conducted by the National Security Division of the Department of Justice and the Office of the Director of National Intelligence relating to the compliance by the Federal Bureau of Investigation with such querying procedures.

(8) Any impediments, including operational, technical, or policy impediments, for the Federal Bureau of Investigation to count—

(A) the total number of queries where the Federal Bureau of Investigation subsequently accessed information acquired under subsection (a) of such section 702;

(B) the total number of such queries that used known United States person identifiers; and

(C) the total number of queries for which the Federal Bureau of Investigation received an order of the Foreign Intelligence Surveillance Court pursuant to subsection (f)(2) of such section 702.

Thus, like the requirement that the AG and DNI tell the oversight committees what really goes on with notice to aggrieved persons, the bill adds another requirement that should have been done in 2012 (when FBI started devolving its access to 702 data to field offices, which — among other things — resulted in fewer reviews of how this data was used).

And this report does something that should have been done in 2015, when new transparency was added under the USA Freedom Act — require FBI to count how much of this goes on.

Extends 702 for almost six years

The revised bill extends 702 through 2023, as opposed to through 2021, as the HPSCI bill had originally done. This, in spite of the fact that a number of provisions in the bill (the notice study, the IG report, and the GAO study on classification, and a report on challenges to surveillance) that are basically admissions that all oversight committees have been negligent in recent years, and are only now requiring the IC produce the knowledge that should influence legislation.

Why I Left The Intercept: The Surveillance Story They Let Go Untold for 15 Months

The Intercept has a long, must-read story from James Risen about the government’s targeting of him for his reporting on the war on terror. It’s self-serving in many ways — there are parts of his telling of the Wen Ho Lee, the Valerie Plame, and the Jeffrey Sterling stories he leaves out, which I may return to. But it provides a critical narrative of DOJ’s pursuit of him. He describes how DOJ tracked even his financial transactions with his kids (which I wrote about here).

The government eventually disclosed that they had not subpoenaed my phone records, but had subpoenaed the records of people with whom I was in contact. The government obtained my credit reports, along with my credit card and bank records, and hotel and flight records from my travel. They also monitored my financial transactions with my children, including cash I wired to one of my sons while he was studying in Europe.

He also reveals that DOJ sent him a letter suggesting he might be a subject of the investigation into Stellar Wind.

But in August 2007, I found out that the government hadn’t forgotten about me. Penny called to tell me that a FedEx envelope had arrived from the Justice Department. It was a letter saying the DOJ was conducting a criminal investigation into “the unauthorized disclosure of classified information” in “State of War.” The letter was apparently sent to satisfy the requirements of the Justice Department’s internal guidelines that lay out how prosecutors should proceed before issuing subpoenas to journalists to testify in criminal cases.

[snip]

When my lawyers called the Justice Department about the letter I had received, prosecutors refused to assure them that I was not a “subject” of their investigation. That was bad news. If I were considered a “subject,” rather than simply a witness, it meant the government hadn’t ruled out prosecuting me for publishing classified information or other alleged offenses.

But a key part of the story lays out the NYT’s refusals to report Risen’s Merlin story and its reluctance — until Risen threatened to scoop him with his book — to publish the Stellar Wind one.

Glenn Greenwald is rightly touting the piece, suggesting that the NYT was corrupt for acceding to the government’s wishes to hold the Stellar Wind story. But in doing so he suggests The Intercept would never do the same.

That’s not correct.

One of two reasons I left The Intercept is because John Cook did not want to publish a story I had written — it was drafted in the content management system — about how the government uses Section 702 to track cyberattacks. Given that The Intercept thinks such stories are newsworthy, I’m breaking my silence now to explain why I left The Intercept.

I was recruited to work with First Look before it was publicly announced. The initial discussions pertained to a full time job, with a generous salary. But along the way — after Glenn and Jeremy Scahill had already gotten a number of other people hired and as Pierre Omidyar started hearing from friends that the effort was out of control — the outlet decided that they were going to go in a different direction. They’d have journalists — Glenn and Jeremy counted as that. And they’d have bloggers, who would get paid less.

At that point, the discussion of hiring me turned into a discussion of a temporary part time hire. I should have balked at that point. What distinguishes my reporting from other journalists — that I’m document rather than source-focused (though by no means exclusively), to say nothing of the fact that I was the only journalist who had read both the released Snowden documents and the official government releases — should have been an asset to The Intercept. But I wanted to work on the Snowden documents, and so I agreed to those terms.

There were a lot of other reasons why, at that chaotic time, working at The Intercept was a pain in the ass. But nevertheless I set out to write stories I knew the Snowden documents would support. The most important one, I believed, was to document how the government was using upstream Section 702 for cybersecurity — something it had admitted in its very first releases, but something that it tried to hide as time went on. With Ryan Gallagher’s help, I soon had the proof of that.

The initial hook I wanted to use for the story was how, in testimony to PCLOB, government officials misleadingly suggested it only used upstream to collect on things like email addresses.

Bob Litt:

We then target selectors such as telephone numbers or email addresses that will produce foreign intelligence falling within the scope of the certifications.

[snip]

It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.

[snip]

It is also however selector-based, i.e. based on particular phone numbers or emails, things like phone numbers or emails.

Raj De:

Selectors are things like phone numbers and email addresses.

[snip]

A term like selector is just an operational term to refer to something like an email or phone number, directive being the legal process by which that’s effectuated, and tasking being the sort of internal government term for how you start the collection on a particular selector.

[snip]

So all collection under 702 is based on specific selectors, things like phone numbers or email addresses.

Brad Wiegmann:

A selector would typically be an email account or a phone number that you are targeting.

[snip]

So that’s when we say selector it’s really an arcane term that people wouldn’t understand, but it’s really phone numbers, email addresses, things like that.

[snip]

So putting those cases aside, in cases where we just kind of get it wrong, we think the email account or the phone is located overseas but it turns out that that’s wrong, or it turns out that we think it’s a non-U.S. person but it is a  U.S. person, we do review every single one to see if that’s the case.

That PCLOB’s witnesses so carefully obscured the fact that 702 is used to collect cybersecurity and other IP-based or other code collection is important for several reasons. First, because collection on a chat room or an encryption key, rather than an email thread, has very different First Amendment implications than collecting on the email of a target. But particularly within the cybersecurity function, identifying foreignness is going to be far more difficult to do because cyberattacks virtually by definition obscure their location, and you risk collecting on victims (whether they are hijacked websites or emails, or actual theft victims) as well as the perpetrator.

Moreover, the distinction was particularly critical because most of the privacy community did not know — many still don’t — how NSA interpreted the word “facility,” and therefore was missing this entire privacy-impacting aspect of the program (though Jameel Jaffer did raise the collection on IP addresses in the hearing).

I had, before writing up the piece, done the same kind of iterative work (one, two, three) I always do; the last of these would have been a worthy story for The Intercept, and did get covered elsewhere. That meant I had put in close to 25 hours working on the hearing before I did other work tied to the story at The Intercept.

I wrote up the story and started talking to John Cook, who had only recently been brought in, about publishing it. He told me that the use of 702 with cyber sounded like a good application (it is!), so why would we want to expose it. I laid out why it would be questionably legal under the 2011 John Bates opinion, but in any case would have very different privacy implications than the terrorism function that the government liked to harp on.

In the end, Cook softened his stance against spiking the story. He told me to keep reporting on it. But in the same conversation, I told him I was no longer willing to work in a part time capacity for the outlet, because it meant The Intercept benefitted from the iterative work that was as much a part of my method as meetings with sources that reveal no big scoop. I told him I was no longer willing to work for The Intercept for free.

Cook’s response to that was to exclude me from the first meeting at which all Intercept reporters would be meeting. The two things together — the refusal to pay me for work and expertise that would be critical to Intercept stories, as well as the reluctance to report what was an important surveillance story, not to mention Cook’s apparent opinion I was not a worthy journalist — are why I left.

And so, in addition to losing the person who could report on both the substance and the policy of the spying that was so central to the Snowden archives, the story didn’t get told until 15 months later, by two journalists with whom I had previously discussed 702’s cybersecurity function specifically with regards to the Snowden archive. In the interim period, the government got approval for the Tor exception (which I remain the only reporter to have covered), an application that might have been scrutinized more closely had the privacy community been discussing the privacy implications of collecting location-obscured data in the interim.

As recently as November, The Intercept asked me questions about how 702 is actually implemented because I am, after all, the expert.

So by all means, read The Intercept’s story about how the NYT refused to report on certain stories. But know that The Intercept has not always been above such things itself. In 2014 it was reluctant to publish a story the NYT thought was newsworthy by the time they got around to publishing it 15 months later.

On Jim Baker’s Non-Prosecution for Leaking

The WaPo provides details on something that right wing propagandists had used to slam FBI General Counsel Jim Baker (who, the article notes, is being reassigned within FBI). The leak investigation into Baker must pertain to the Yahoo scan.

For months, Baker had become caught up in what some law enforcement officials considered a particularly frustrating probe of a leak involving the FBI, the National Security Agency and stories that appeared about a year ago involving surveillance techniques for a particular email provider, according to people familiar with the matter.

Some NSA officials were concerned that too much had been revealed about a classified program in an effort to correct a prior report, these people said.

“Jim was distressed about it but was confident he hadn’t leaked anything’’ and would be cleared, one U.S. official said.

A respected veteran prosecutor was assigned to the case, but people close to the matter said the investigation had petered out recently and charges were not expected to be filed.

The leak probe frustrated some law enforcement officials, who said officials were caught up in it only because they had tried to prevent misinformation about surveillance capabilities from spreading among the public and lawmakers. Others said the very existence of the investigation was mostly due to a disagreement between two agencies, according to people familiar with the matter.

The story that the government had obtained authority to scan all of Yahoo’s emails for some signature tied to either a foreign government or a terrorist organization (or most likely, Iran, which the US considers both) was first broken by Reuters, which claimed the scan happened under Section 702. But as I laid out here, Charlie Savage (who has written an entire billion page book on such matters) reported, more plausibly, that it was done under a targeted FISA order. Not only did the discrepancy in stories raise concerns about how Section 702 was being applied, but it led a lot of surveillance critics who had heretofore not understood things they were lobbying about to newly examine what the term “facility” meant.

From the context, it seems likely that Baker was trying to correct initial reports that the scan occurred under Section 702, which probably had a salutary effect on this year’s debate; no one has raised questions about that Yahoo scan (though surveillance critics have proven that they didn’t internalize the lesson  of the exchange to learn that the government has long interpreted facility more broadly than they understood).

If all that’s right, the spooks should be happy that Baker corrected the record. Heck, Baker could probably point to my work for proof that the definition of “facility” was actually known to people he hasn’t ever spoken with.

[S]tarting in 2004 and expanded in 2010, “facility” — the things targeted under FISA — no longer were required to tie to an individual user or even a location exclusively used by targeted users.

When Kollar-Kotelly authorized the Internet dragnet, she distinguished what she was approving, which did not require probable cause, from content surveillance, where probable cause was required. That is, she tried to imagine that the differing standards of surveillance would prevent her order from being expanded to the collection of content. But in 2007, when FISC was looking for a way to authorize Stellar Wind collection — which was the collection on accounts identified through metadata analysis — Roger Vinson, piggybacking Kollar-Kotelly’s decision on top of the Roving Wiretap provision, did just that. That’s where “upstream” content collection got approved. From this point forward, the probable cause tied to a wiretap target was freed from a known identity, and instead could be tied to probable cause that the facility itself was used by a target.

There are several steps between how we got from there to the Yahoo order that we don’t have full visibility on (which is why PCLOB should have insisted on having that discussion publicly). There’s nothing in the public record that shows John Bates knew NSA was searching on non-email or Internet messaging strings by the time he wrote his 2011 opinion deeming any collection of a communication with a given selector in it to be intentional collection. But he — or FISC institutionally — would have learned that fact within the next year, when NSA and FBI tried to obtain a cyber certificate. (That may be what the 2012 upstream violation pertained to; see this post and this post for some of what Congress may have learned in 2012.) Nor is there anything in the 2012 Congressional debate that shows Congress was told about that fact.

One thing is clear from NSA’s internal cyber certificate discussions: by 2011, NSA was already relying on this broader sense of “facility” to refer to a signature of any kind that could be associated with a targeted user.

The point, however, is that sometime in the wake of the 2011 John Bates opinion on upstream, FISC must have learned more about how NSA was really using the term. It’s not clear how much of Congress has been told.

The leap from that — scanning on telephone switches for a given target’s known “facility” — to the Yahoo scan is not that far. In his 2010 opinion reauthorizing the Internet dragnet, Bates watered down the distinction between content and metadata by stripping protection for content-as-metadata that is also used for routing purposes. There may be some legal language authorizing the progression from packets to actual emails (though there’s nothing that is unredacted in any Bates opinion that leads me to believe he fully understood the distinction). In any case, FISCR has already been blowing up the distinction between content and metadata, so it’s not clear that the Yahoo request was that far out of the norm for what FISC has approved.

Which is not to say that the Yahoo scan would withstand scrutiny in a real court unaware of the FISC precedents (including the ones we haven’t yet seen). It’s just to say we started down this path 12 years ago, and the concept of “facilities” has evolved such that a search for a non-email signature counts as acceptable to the FISC.

Of course, the better option is to stop playing word games and explain to everyone what facility actually means, and point out that that interpretation has been in place since 2007.

All that said, this is yet another example where a cherished government official can engage in behavior that others go to prison for. As I’ve pointed out, for example, the Jeffrey Sterling case codified the precedent that someone can go to prison for four minutes and 11 seconds of phone conversations during which you provide unclassified tips about classified information they know.

The Fourth Circuit just codified the principle that you can go to prison for four minutes and 11 seconds of phone calls during which you tell a reporter to go find out classified details you know about.

That’s probably pretty close to what Baker got investigated for. Obviously, doing so as a General Counsel is a different function than as a whistleblower. And whatever conversations Baker had probably took place in DC, so outside of the Fourth Circuit where that precedent stands.

I have no doubt that non-prosecution, if I’ve gotten the facts of the case correct, is the correct decision. But so should it be for others in similar situations, others treated differently because they’re not part of the FBI.

More importantly, the government’s so-called transparency should be such that experts like the surveillance critics who didn’t know how facility is used don’t have to get leaks to understand basic facts about the surveillance they discuss.

Congress Should Revert to Section 702 as Passed in 2008, If That’s What the Spooks Want!

Congress is passing a continuing resolution with an extension of Section 702 today, giving Congress one month to figure out how it will reauthorize the surveillance program.

But the Intelligence Community is making one more bid to talk Congress into passing some bill today. The same Intelligence Community that has opposed bills that offer even lip service reforms — most notably the House Judiciary Committee bill — insist that anything else than a new authorization will make the country less safe.

Reauthorizing Section 702 before it expires is vital to keeping the nation safe. Let us be clear: if Congress fails to act, vital intelligence collection on international terrorists and other foreign adversaries will be lost. The country will be less secure.

And (again, from an IC that has refused to engage with the HJC bill) the IC wants its reauthorization now, without the short term extension, because short term extension don’t provide certainty.

We also believe it is important that Congress reauthorize Section 702 before it expires on December 31, 2017.  Although the current Section 702 certifications do not expire until April 2018, the Intelligence Community would need to start winding down its Section 702 program well in advance of that date.  Winding down such a valuable program would force agencies to divert resources away from addressing foreign threats. Short-term extensions are not the long-term answer either, as they fail to provide certainty, and will create needless and wasteful operational complications. We urge Congress, therefore, to act quickly to reauthorize Section 702 in a manner that preserves the effectiveness of this critical national security law before it expires.

Where the release gets truly inexcusable, however, is how they flip their demand that this reauthorization codify certain dubious practices and not limit other ones. Congress is not required to make changes, the spooks say, without telling you that even the SSCI bill makes at least one reform, and most of the bills on the floor today make more serious ones. Those are the bills the IC prevented from passing.

To be clear – Congress is not required to make any changes to Section 702. The Intelligence Community conducts and uses 702 collection in a manner that protects the privacy and civil liberties of individuals.

The spooks pretend, as they have before, that the Ninth Circuit approved back door searches, which it didn’t.

Every single court that has reviewed Section 702 and queries of its data has found it to be constitutional.

They then take their emphasis on the word targeting a step further than normal to avoid telling you that their “targeted surveillance” of location-obscuring servers like Tor and VPNs actually collects on US persons, and the “oversight’ of that collection allows entirely domestic communications collected via such “targeted” collection to be used in criminal cases.

The Intelligence Community’s use of Section 702, which permits targeted surveillance only of foreign persons located outside the United States, is subject to extensive oversight and incorporates substantial protections to protect the privacy and civil liberties of individuals.

Here, the spooks don’t acknowledge how much has changed in between the various passage of these bills.

In short, we believe Congress got it right in 2008 when it passed Section 702 and in 2012 when Congress reauthorized it.

Consider: if the 702 on the table today were 702 as it existed in 2008, Congress would pass it gladly. That’s because no backdoor searches were permitted (though FBI was already doing them), to say nothing of the 2014 exception that permits the collection of US person location-obscured communications. And upstream “about” collection wasn’t affirmatively permitted either.

In other words, if Congress could have Section 702 as it passed in 2008, it’d be a vast improvement from a privacy perspective than the program as it exists right now (and also wouldn’t include a counterproliferation certificate or approval to target cybersecurity targets).

Note, too, the spooks don’t admit that most of Congress didn’t know about backdoor and other kinds of US person searches in 2012.

All that said, even after saying that Congress had it right in 2008, the spooks return to the coded demands that Congress not do a single thing to limit the spying on Americans that has gotten added to the program since 2008.

Nevertheless, the Intelligence Community continues to be open to reasonable reforms to Section 702 to further enhance the already-substantial privacy protections contained in the law, but we simply cannot support legislation that would impede the operational efficacy of this vital authority.

There were many “reasonable reforms to … further enhance the already-substantial privacy protections contained in the law.” Those were the bills the IC refused to let pass, which is why we’re here on one of the last legislative days of the year, punting this legislation for a month.

Yes, in Gartenlaub, FBI Was Hunting for Child Porn in the Name of Foreign Intelligence Information

Over at Motherboard, I’ve got a piece on the Keith Gartenlaub hearing in the Ninth Circuit on December 4. Gartenlaub was appealing his conviction for possession of child porn, in part, based on the argument that the government shouldn’t have been able to look for child porn under the guise of searching for foreign intelligence information.

As I note, the public hearing seems to have gone reasonably well for Gartenlaub, with a close focus on how the US v Comprehensive Drug Testing precedent in the 9th Circuit, which requires searches of digital media to be appropriate to the purpose of the search, might limit searches for Foreign Intelligence Information.

Anthony Lewis, arguing for the government, suggested that FISA was different from the Rule 41 context; in FISA, he argued, specificity would be handled by post collection minimization procedures.

Anthony Lewis, arguing for the government, responded to Gartenlaub’s argument with vague promises that the minimization procedures—rules that FISA imposes on data obtained under the statute—would take care of any Fourth Amendment concerns. “The minimization procedures themselves really supply the answer in the FISA context,” Lewis said. Accessing data found during a search “simply operates differently in the FISA context, in which there is a robust set of procedures that exist on the back end of the search through acquisition, retention, and dissemination that is simply unlike what happens in a Rule 41 context.”

Lewis argued (and this is not in the post) that because FISA permits the sharing of criminal information, minimization procedures would always using evidence of a crime found in a search.

If it is evidence of a crime, then the minimization procedures — the statute does not call for it to be minimized. There are other procedures in place, some of which I can’t discuss in this open proceeding, but there are procedures in place that limit the use of that. Some of them are in the statute itself that Attorney General approval is required in order to use information obtained or derived from FISA.

The judges didn’t seem convinced. Each judge on the panel voiced a theory by which they could rule for Gartenlaub (which is different from giving him any kind of relief).

Judge Ronald Gould worried that if the government found evidence that wasn’t foreign intelligence but revealed something urgent—he used the example of a serial killer’s next targets throughout the hearing—it would need a way to use that information. Gartenlaub’s attorney John Cline and amicus lawyer Ashley Gorski, arguing for the ACLU, both noted an exigent circumstance exception could justify the use of the information on the hypothetical serial killer.

Judge Lawrence Piersol, a senior district court judge from Idaho, seemed to imagine district court judges providing individualized review on whether the information was reasonably obtained in a FISA-authorized search, possibly with the involvement of the court’s own cleared experts.

Judge Kim Wardlaw, who sat on the en banc panel for the Ninth Circuit precedent in question, asked why, when the government saw “a whole database [that] obviously suggests child porn” it couldn’t “go get another warrant?” So she seemed to favor a system where the government would have to get a criminal warrant to obtain child porn. That would present very interesting questions in this case, however, since the government obtained a criminal warrant based on probable cause that Gartenlaub was sharing information on Boeing intellectual property with China before it executed the FISA-authorized search that discovered the child porn.

But (also not in the post) Piersol added another example — one that has direct relevance for the most prominent investigation in the country implicating FISA, the Mueller investigation, which indicted FISA target Paul Manafort for what amounts to money laundering.

What about instead if you’re going through and looking for foreign intelligence information and you find a tremendous number of financial transactions which looks like it could well be money laundering. What do you do with that? Nothing? I mean, you just go ahead and prosecute it? You don’t have to worry about the fact that you weren’t looking for that?

Sure, Manafort’s not in the Ninth, but the judges sure seem inclined to limit the government’s ability to use a FISA order to troll through digital devices to find evidence of a crime that they can then use — as they did with Gartenlaub and are trying to do with Manafort — to coerce cooperation from the defendant. Depending on how they framed such a limit, it might seriously limit how the government enacted other FISA authorities in the circuit (which of course includes Silicon Valley — though any secondary searches would take place in Maryland or some other NSA facility); of very particular import, it would affect how the government implements its 2014 exception, whereby the NSA collects location obscured data (including entirely domestic communications) but then purges all but that which can be retained, including for criminal purposes, after the fact.

Which is why it’s so troubling that — as has happened in the last case where a defendant had a good argument to look at his FISA materials — the panel asked Lewis to stick around for an ex parte session.

Things were going swimmingly, that is, up until Wardlaw’s last comments to the government’s lawyer, Lewis. As he finished, she said she had no further questions, but added, “We’re going to ask you to stay after the hearing, to be available for us.” Lewis responded, “Understood, your honor,” as if he (and the people whose bags were sitting behind his counsel’s table but who were not themselves present) had advance warning of this. “Understood,” Lewis repeated again.

That was the first Gartenlaub’s team learned of the secret meeting the panel of judges had planned.

So after having presented a lackluster argument, Lewis was going to get a chance, it appears, to argue his case without Gartenlaub’s lawyers present, to be able to argue that not even Ninth Circuit precedent can limit the government’s authority to search with no limits in the name of national security.

There’s apparently precedent for this. Cline, who worked on the appeal of a defendant who almostgot FISA review, Adel Daoud, said the appeals court judges booted him and the other defense lawyers out of the courtroom for a similar ex parte hearing in that case too.

“The Seventh Circuit cleared the courtroom after the public argument and then allowed only government attorneys back in for the classified, ex parte session,” he said.

The session would not only give Lewis a chance to make further argument that the law envisions finding criminal evidence and using it to flip targets, but also to explain why, if the panel ruled in the direction it appeared they might, it would cause problems with other NSA collection.

Here’s the thing though — and the reason why an ex parte proceeding is so problematic here.

If given the chance, Gartenlaub would be able to argue in fairly compelling manner that the government set out to find things like child porn. That’s because one of the first steps of a forensics search — according to Gartenlaub’s forensics expert, Jeff Fischbach, who attended the hearing — is to set what you’re looking for. There’s a button to exclude all images and videos; by turning it off you vastly accelerate the search. And in Gartenlaub’s case, the government claimed to be looking for very specific kinds of foreign intelligence information: Boeing intellectual property, or any materials suggesting that Gartenlaub was dealing in same. The IP would have been CAD drawings stolen in digital form, not images. So to search what the government claimed it wanted to search for, there would have been no reason to search through any videos or photos. Which would have excluded finding the decade old child porn lying unopened on the hard drive.

As Wardlaw (who had been on the CDT panel) laid out,

The main problem we had was that in CDT, the government was authorized to look at the files pertaining to certain individuals — I believe Barry Bonds — and instead, they went further, and looked at the drug testing files for other baseball players. So that search was not authorized. They were not the subjects of the warrant and the warrant was circumscribed that way. Here, the warrant is any foreign intelligence data, it’s not narrower than that.

We don’t actually know (and it’s likely Wardlaw doesn’t either, at this point). But the government claimed to be searching for very specific things, tied to very specific claims of stolen IP from Boeing. Yet they necessarily designed their search to find far more than that. Which is how they found no foreign intelligence, but instead unopened child porn.