I Con the Record’s “Generally” Useful Section 702 Q&A

/1 Comment/in /by

As the next step in the effort to reauthorize FISA Section 702, I Con the Record has a released a “generally” useful Q&A document on the law. For those who haven’t been following along, it includes links to many (though not all) of the public resources on Section 702. It provides a generally fair overview, with some new almost admissions, which should at least provide Congress with a road map for unanswered questions they should demand answers on.

Downplaying FBI back door searches

My biggest gripe with the report parallels a gripe I’ve had about public testimony on Section 702 since the first confirmations that the NSA, CIA, and FBI can conduct queries on raw data — back door searches. In public hearings, the intelligence community always sends NSA witnesses who can describe, as former NSA lawyer April Doss did in March, a back door search process that is fairly constrained.

I’m most familiar with NSA’s processes: NSA analysts must obtain prior approval to run U.S. person identifier queries in FAA 702 content; there must be a basis to believe the query is reasonably likely to return foreign intelligence information; all queries are logged and reviewed after the fact by NSA; and DoJ and ODNI review every U.S. person query run at NSA and CIA, along with the documented justifications for those queries.

Of course, even though this description is completely true (as far as we know), it is completely useless when it comes to helping Congress understand the problems inherent to back door searches.

Here’s what the Q&A document says about back door searches.

The government’s minimization procedures restrict the ability of analysts to query the databases that hold “raw” Section 702 information (i.e., where information identifying a U.S. person has not yet been minimized for permanent retention) using an identifier, such as a name or telephone number, that is associated with a U.S. person. Generally, queries of raw content are only permitted if they are reasonably designed to identify foreign intelligence information, although the FBI also may conduct such queries to identify evidence of a crime. As part of Section 702’s extensive oversight, DOJ and ODNI review the agencies’ U.S. person queries of content to ensure the query satisfies the legal standard. Any compliance incidents are reported to Congress and the FISC.

12 Queries of Section 702 data using U.S. person identifiers are sometimes mischaracterized in the public discourse as “backdoor searches.”

While it’s true that NSA and CIA minimization procedures impose limits on when an analyst can query raw data for content (but not for metadata at CIA), that’s simply not true at FBI, where the primary rule is that if someone is not cleared for FISA themselves, they ask a buddy to access the information. As a result — and because FBI queries FISA data for any national security assessment and “with some frequency” in the course of criminal investigations. In other words, partly because FBI is a domestic agency and partly because it has broader querying authorities, it conduct a “substantial” number of queries as opposed to the thousands done by CIA. Here’s how PCLOB describes it:

In 2013, the NSA approved 198 U.S. person identifiers to be used as content query terms.

[snip]

In 2013, the CIA conducted approximately 1,900 content queries using U.S. person identifiers. Approximately forty percent of these content queries were at the request of other U.S. intelligence agencies. Some identifiers were queried more than once; the CIA has advised that approximately 1,400 unique identifiers were queried during this period.

[snip]

The CIA does not track how many metadata-only queries using U.S. person identities have been conducted.

[snip]

[T]he FBI’s minimization procedures differ from the NSA and CIA’s procedures insofar as they permit the FBI to conduct reasonably designed queries “to find and extract” both “foreign intelligence information” and “evidence of a crime.”

[snip]

Because they are not identified as such in FBI systems, the FBI does not track the number of queries using U.S. person identifiers. The number of such queries, however, is substantial for two reasons. First, the FBI stores electronic data obtained from traditional FISA electronic surveillance and physical searches, which often target U.S. persons, in the same repositories as the FBI stores Section 702–acquired data, which cannot be acquired through the intentional targeting of U.S. persons. As such, FBI agents and analysts who query data using the identifiers of their U.S. person traditional FISA targets will also simultaneously query Section 702–acquired data. Second, whenever the FBI opens a new national security investigation or assessment, FBI personnel will query previously acquired information from a variety of sources, including Section 702, for information relevant to the investigation or assessment. With some frequency, FBI personnel will also query this data, including Section 702– acquired information, in the course of criminal investigations and assessments that are unrelated to national security efforts.

So it’s simply dishonest to say that, “Generally, queries of raw content are only permitted if they are reasonably designed to identify foreign intelligence information,” because the most common queries involve national security and common criminal purposes as well. “Generally,” the queries don’t require such things, unless you’re focusing primarily at CIA and NSA, where the threat to US person privacy at the least.

Then, one thing this Q&A doesn’t say is that Judge Thomas Hogan required the FBI to tell FISC of any positive hits on searches for entirely criminal purposes. Congress should know that, because it’s an easy data point that the IC should be able to share with Congress.

And while the document generally describes giving notice to defendants,

Section 706 governs the use of Title VII-derived information in litigation; as with Traditional FISA, it requires the government to give notice to aggrieved persons when the government intends to use evidence obtained or derived from Title VII collection in legal proceedings.

It doesn’t hint at how apparently inadequate this notice has been. Those are all details that Congress needs to know.

Hiding a cybersecurity certificate in the cheap seats?

I’m also interested in how the Q&A describes the purpose of 702. Here’s the 5 bullet points describing 702 successes (I’ve changed ODNI’s bullets to numbers for ease of reference):

  1. NSA has used collection authorized under FISA Section 702 to acquire extensive insight into the highest level decision-making of a Middle Eastern government. This reporting from Section 702 collection provided U.S. policymakers with the clearest picture of a regional conflict and, in many cases, directly informed U.S. engagement with the country. Section 702 collection provides NSA with sensitive internal policy discussions of foreign intelligence value.
  2. NSA has used collection authorized under FISA Section 702 to develop a body of knowledge regarding the proliferation of military communications equipment and sanctions evasion activity by a sanctions-restricted country. Additionally, Section 702 collection provided foreign intelligence information that was key to interdicting shipments of prohibited goods by the target country.
  3. Based on FISA Section 702 collection, CIA alerted a foreign partner to the presence within its borders of an al-Qaeda sympathizer. Our foreign partner investigated the individual and subsequently recruited him as a source. Since his recruitment, the individual has continued to work with the foreign partner against al-Qaeda and ISIS affiliates within the country.
  4. CIA has used FISA Section 702 collection to uncover details, including a photograph, that enabled an African partner to arrest two ISIS-affiliated militants who had traveled from Turkey and were connected to planning a specific and immediate threat against U.S. personnel and interests. Data recovered from the arrest enabled CIA to learn additional information about ISIS and uncovered actionable intelligence on an ISIS facilitation network and ISIS attack planning.
  5. NSA FISA Section 702 collection against an email address used by an al-Qaeda courier in Pakistan resulted in the acquisition of a communication sent to that address by an unknown individual located in the United States. The message indicated that the United States-based individual was urgently seeking advice regarding how to make explosives. The NSA passed this information to the FBI. Using a National Security Letter (NSL), the FBI was able to quickly identify the individual as Najibullah Zazi. Further investigation revealed that Zazi and a group of confederates had imminent plans to detonate explosives on subway lines in Manhattan. Zazi and his co-conspirators were arrested and pled guilty or were convicted of their roles in the planned attack. As the Privacy and Civil Liberties Oversight Board (PCLOB) found in its report, “[w]ithout the initial tip-off about Zazi and his plans, which came about by monitoring an overseas foreigner under Section 702, the subway bombing plot might have succeeded.”

The list has two advantages over the lists the IC was releasing in 2013. First, it’s more modest about its claims, not, this time, listing every quasi-thwarted terrorist funding opportunity as a big success. In addition, it describes all three confirmed certificates (from the Snowden documents): counterterrorism (bullets 3 through 5), counterproliferation (2), and foreign government (1, though if this is Iran, it might also be counterproliferation). It also admits that one point of all this spying is to find informants (bullet 3), even if not as explicitly as some court filings and IG reports do. That purpose — and the associated sensitivities (including whether and how it is used by FBI) is one thing all members of Congress should be briefed on.

That said, the description of the foreign government certificate doesn’t come close to describing the kinds of people who might be swept up in it, and as such provides what I believe to be a misleading understanding of who might be targeted under 702.

Note, too, the silence about the use of certificates for counterintelligence purposes, which the government surely does. Again, that would present different threats to Americans’ privacy.

Then there’s the last sentence of the document, in the upstream collection section.

Furthermore, this collection has allowed the IC to acquire unique intelligence that informs cybersecurity efforts.

Oh, huh, what’s that doing there in the last line of the document rather than in the successes section?

From the very first public discussions of 702 after Edward Snowden, ODNI included cybersecurity among the successes, even before it had a certificate. In fact, the document released June 8, 2013, just three days after the first Snowden release, echoed some of the same language:

Communications collected under Section 702 have provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks. This insight has led to successful efforts to mitigate these threats.

This is a problem! Whether or not upstream 702 could be used for cyber purposes has been an undercurrent since the first USA Freedom Act. There are conflicting reports on whether NSA did obtain a cyber certificate in 2012, as they hoped to, or whether that was denied or so limited that it didn’t serve the function the NSA needed. I’ve even been told that CISA is supposed to serve the same purpose.That said, FBI’s minimization procedures (but not, by my read, NSA’s) include some language directed at cybersecurity.

Congress deserves to have a better sense of whether and how the government is using upstream 702 for cybersecurity, because there are unique issues associated with it. It’s clearly a great application of upstream searches, but not one without some risks. So the government should be more clear about this, at least in classified briefings available to all members.

Admitting NSA uses Section 704 not Section 703

Finally, this language is as close as the IC has come to admitting that it uses Section 704, not Section 703, to target Americans overseas.

In contrast to Section 702, which focuses on foreign targets, Section 704 provides additional protection for collection activities directed against U.S. persons located outside of the United States. Section 2.5 of Executive Order 12333 requires the AG to approve the use of “any technique for which a warrant would be required if undertaken for law enforcement purposes” against U.S. persons abroad for intelligence purposes. The AG’s approval must be based on a determination that probable cause exists to believe the U.S. person is a foreign power or an agent of a foreign power. Section 704 builds upon these pre-FAA requirements and provides that, in addition to the AG’s approval, the government must obtain an order from the FISC in situations where the U.S. person target has “a reasonable expectation of privacy and a warrant would be required if the acquisition were conducted inside the United States for law enforcement purposes.” The FISC order must be based upon a finding that there is probable cause to believe that the target is a foreign power, an agent of a foreign power, or an officer or employee of a foreign power and that the target is reasonably believed to be located outside the United States. By requiring the approval of the FISC in addition to the approval of the AG, Section 704 provides an additional layer of civil liberties and privacy protection for U.S. persons located abroad.

In addition to Sections 702 and 704, the FAA added several other provisions to FISA. Section 701 provides definitions for Title VII. Section 703 allows the FISC to authorize an application targeting a U.S. person located outside the U.S. when the collection is conducted inside the United States. Like Section 704, Section 703 requires a finding by the FISC that there is probable cause to believe that the target is a foreign power, an agent of a foreign power, or an officer or employee of a foreign power and is reasonably believed to be located outside the United States.

I’ve written about the distinction here.

Now, in theory, the authority used may not make a difference. Moreover, it’s possible that the NSA simply uses 705b for Americans overseas, meaning they can rely on domestic providers for stored Internet data, while using their more powerful spying for overseas content (in which case Congress should know that too).

But I also think the methods used may have an impact on US persons’ privacy, both the target and others. I’ll try to lay this out in a post in the coming days.

All of which is to say, this document is useful. But there are a few areas — particularly with FBI back door searches, which is the most important area — where the document gets noticeably silent.

 

Author of USA Freedom Act Says “Nobody’s Got to Use the Internet”

/5 Comments/in /by

As a number of outlets have reported, at a town hall last week, Wisconsin’s Jim Sensenbrenner told a constituent, asking about her congressman’s vote to overturn Obama’s broadband privacy rules, said, “Nobody’s got to use the Internet.”

“Facebook is not comparable to an ISP. I do not have to go on Facebook,” the town hall meeting attendee said. But when it comes to Internet service providers, the person said, “I have one choice. I don’t have to go on Google. My ISP provider is different than those providers.”

That’s when Sensenbrenner said, “Nobody’s got to use the Internet.” He praised ISPs for “invest[ing] an awful lot of money in having almost universal service now.” He then said, “I don’t think it’s my job to tell you that you cannot get advertising for your information being sold. My job, I think, is to tell you that you have the opportunity to do it, and then you take it upon yourself to make the choice.”

It’s of course an absurd comment. It is difficult to get a job in this day and age without Internet access; it’s hard to find a place to live. It’s not a matter of convenience, at this point it is necessary to be on the Internet to be a fully integrated citizen.

But note why Sensenbrenner said this: he pitched it in terms of the beneficent ISP providers who have kindly provided us all gateways to the Internet.

What no report I’ve seen has noted is that Sensenbrenner also happens to be the author of the USA Freedom Act as passed. In spite of his key role in defeating prior efforts to shut down the PATRIOT Act dragnets, Sensenbrenner managed to pose as a privacy advocate (making horseshit claims about knowing about the dragnet) so as to push through a bill that took the heat off telecoms, all while making more innocent Americans’ data available to NSA’s analytical maw.

Here, he reveals his true colors, a completely unrealistic view of the importance of the Internet on actual human beings.

Why Susan Rice May Be a Shiny Object

/30 Comments/in , , /by

A bunch of Republican propagandists are outraged that the press isn’t showing more interest in PizzaGate Mike Cernovich’s “scoop” that the woman in charge of ensuring our national security under President Obama, then National Security Advisor Susan Rice, sought to fully understand the national security intercepts she was being shown.

There are two bases for their poutrage, which might have merit — but coming from such hacks, may not.

The first is the suggestion, based off Devin Nunes’ claim (and refuted by Adam Schiff) that Rice unmasked things she shouldn’t have. Thus far, the (probably illegally) leaked details — such as that family members, perhaps like Jared Kushner (who met with an FSB officer turned head of a sanctioned Russian bank used as cover for other spying operations), Sean Hannity (who met with an already-targeted Julian Assange at a time he was suspected of coordinating with Russians), and Erik Prince (who has literally built armies for foreign powers) got spied on — do nothing but undermine Nunes’ claims. All the claimed outrageous unmaskings actually seem quite justifiable, given the accepted purpose for FISA intercepts.

The other suggestion — and thus far, it is a suggestion, probably because (as I’ll show) it’s thus far logically devoid of evidence — is that because Rice asked to have the names of people unmasked, she must be the person who leaked the contents of the intercepts of Sergey Kislyak discussing sanctions with Mike Flynn. (Somehow, the propagandists always throw Ben Rhodes’ name in, though it’s not clear on what basis.)

Let me start by saying this. Let’s assume those intercepts remained classified when they were leaked. That’s almost certain, but Obama certainly did have the authority to declassify them, just as either George Bush or Dick Cheney allegedly used that authority to declassify Valerie Plame’s ID (as some of these same propagandists applauded back in the day). But assuming the intercepts did remain classified, I agree that it is a problem that they were leaked by nine different sources to the WaPo.

But just because Rice asked to unmask the identities of various Trump (and right wing media) figures doesn’t mean she and Ben Rhodes are the nine sources for the WaPo.

That’s because the information on Flynn may have existed in a number of other places.

Obviously, Rice could not have been the first person to read the Flynn-Kislyak intercepts. That’s because some analyst(s) would have had to read them and put them into a finished report (most, but not all, of Nunes’ blathering comments about these reports suggest they were finished intelligence). Assuming those analysts were at NSA (which is not at all certain) someone would have had to have approved the unmasking of Flynn’s name before Rice saw it.

In addition, it is possible — likely even, at least by January 2017, when we know people were asking why Russia didn’t respond more strongly to Obama’s hacking sanctions — that there were two other sets of people who had access to the raw intelligence on Flynn’s conversations with Kislyak: the CIA and, especially, the FBI, which would have been involved in any FISA-related collection. Both CIA and FBI can get raw data on topics they’re working on. Likely, in this case, the multi-agency task force was getting raw collection related to their Russian investigation.

And as I’ve explained, as soon as FBI developed a suspicion that either Kislyak was at the center of discussions on sanctions or that Flynn was an unregistered agent of multiple foreign powers, the Special Agents doing that investigation would routinely pull up everything in their databases on those people by name, which would result in raw Title I and 702 FISA collection (post January 3, it probably began to include raw EO 12333 data as well).

So already you’re up to about 15 to 20 people who would have access to the raw intercepts, and that’s before they brief their bosses, Congress (though the Devin Nunes and Adam Schiff briefing, at least, was delayed a bit), and DOJ, all the way up to Sally Yates, who wanted to warn the White House. Jim Comey has suggested it is likely that the nine sources behind the WaPo story were among these people briefed secondarily on the intercepts. And it’s worth noting that David Ignatius, who first broke the story of Flynn’s chats with Kislyak but was not credited on the nine source story, has known source relationships in other parts of the government than the National Security Advisor, though he also has ties to Rice.

All of which is to say that the question of who leaked the contents of Mike Flynn’s conversations with Sergey Kislyak is a very different question from whether Susan Rice’s requests to unmask Trump associates’ names were proper or not. It is possible that Rice leaked the intercepts without declassifying them first. But it’s also possible that any of tens of other people did, most of whom would have a completely independent channel for that information.

And the big vulnerability is not — no matter what Eli Lake wants to pretend — the unmasking of individual names by the National Security Advisor. Rather, it’s that groups of investigators can access the same intelligence in raw form without a warrant tied to the American person in question.

Devin Nunes’ So-Called Bibi Netanyahu Precedent

/12 Comments/in , , , /by

Throughout his ongoing information operation to claim the Obama White House spied on the Trump transition team, Devin Nunes has pointed to what he claimed was a precedent: when, in December 2015, members of Congress suddenly copped on that their conversations with Bibi Netanyahu would get picked up incidentally. In his March 22 press conference, he explained,

We went through this about a year and a half ago as it related to members of Congress, if you may remember there was a report I think it was in the Wall Street Journal and but then we had to have we had a whole series of hearings and then we had to have changes made to how Congress is informed if members of Congress are picked up in surveillance and this looks it’s like very similar to that.

Eli Lake dutifully repeated it in the second of his three-post series pitching Nunes’ information operation.

A precedent to what may have happened with the Trump transition involved the monitoring of Israel’s prime minister and other senior Israeli officials. The Wall Street Journal reported at the end of 2015 that members of Congress and American Jewish groups were caught up in this surveillance and that the reports were sent to the White House. This occurred during a bitter political fight over the Iran nuclear deal. In essence the Obama White House was learning about the strategy of its domestic political opposition through legal wiretaps of a foreign head of state and his aides.

But Lake didn’t apparently think through what the implications of Nunes’ analogy — or the differences between the two cases.

Here’s the WSJ report and CBS and WaPo versions that aren’t paywalled. All make it very clear that Devin Nunes took the lead in worrying about his conversations with Bibi Netanyahu being sucked up (I don’t remember Republicans being as sympathetic when Jane Harman got sucked up in a conversation with AIPAC). They also describe that Obama’s WH, faced with the potential that their surveillance would be seen as spying on another branch of Congress, had the NSA take charge of the unmasking.

The administration believed that Israel had leaked information gleaned from spying on the negotiations to sympathetic lawmakers and Jewish American groups seeking to undermine the talks.

According to the Journal, when the White House learned that the NSA eavesdropping had collected communications with U.S. lawmakers, it feared being accused of spying on Congress and left it to the NSA to determine what information to share with the administration. The Journal said the NSA did not pass along the names of lawmakers or any of their personal attacks on White House officials.

That’s not to say they’d take the same approach here — indeed, Lake now claims, at  least, that Susan Rice requested some Trump officials’ names to be unmasked, distinguishing it from the Bibi case in that White House did not leave it up to NSA to decide what to unmask (though the underlying reporting makes the silly claim that Rice, Loretta Lynch, and John Brennan were among a very limited number of people who could request a name be unmasked).

The larger point is, even assuming the collection of conversations between your political opponents and a foreign government designed to undermine your executive branch authority was scandalous, it’d still fall under the very legitimate concern of separation of powers.

Yes, Trump’s aides are from a different party. But they are nevertheless part of the executive branch. And the entire basis of counterintelligence spying — the entire point of FISA — is to ensure that executive branch officials are not targeted by foreign countries to be spies, which is part of the reason Mike Flynn attracted attention (which is not to justify the leaking of that intercept). Add in the legitimate necessity to implement executive branch policy and this is a very different case than the Bibi case, even if you want to defend (as I do, to a point) Republican members of Congress collaborating with foreign governments to undermine Article II authorities.

Nunes’ imagined solution — from his March 22 White House press conference — is ever nuttier.

Q: You’ve said legal and incidental. That doesn’t sound like a proactive effort to spy.

Nunes: I would refer you to, we had a similar issue with members of Congress that were being picked up in incidental collection a little over a year ago, we had to spend a full year working with the DNI on the proper notification for members of Congress to be notified which comes through the Gang of Eight. I would refer you to that because it looks very similar to that, would be the best way I can describe it.

The ODNI current informs the Gang of Eight when members of Congress get spied on (which means claims that a lot of GOP candidates got spied on is likely hot air, but which also means that if Nunes were collected as a member of the transition team, he’d have been the first to learn of it). Which is an important protection for separation of powers, but which also enables corrupt members of Congress to not just learn they’re being surveilled but, potentially, to alert the foreign targets what channels we’re using.

Maybe Trump wants that standard applied to the executive branch, but if he adopts it, we’re going to have a leaking free for all. Not to mention, it would make it absolutely impossible for the government to protect against espionage related to elections.

Or perhaps Nunes is just saying something more simple. Perhaps Nunes is saying the “dozens” of intercepts where Trump officials had been unmasked (to the extent that’s true) disclosed Trump’s transition-period attempts to drum up a war with Iran at the behest of Israel. Perhaps the real stink here is that, in the very same days Mike Flynn was telling Russia sanctions would be loosened, Trump was publicly undermining US efforts to take a stand against Israeli illegal settlements.

Perhaps, ultimately, this is still about a belief that the Israelis should never be wiretapped.

Who Violated Their Designated Role: Ezra Cohen-Watnick or Susan Rice?

/27 Comments/in , , /by

In the original version of the latest right wing claim — that Susan Rice requested that multiple incoming Trump figures’ names be unmasked in intercepts — Mike Cernovich describes the genesis of Devin Nunes’ concern this way:

The White House Counsel’s office identified Rice as the person responsible for the unmasking after examining Rice’s document log requests. The reports Rice requested to see are kept under tightly-controlled conditions. Each person must log her name before being granted access to them.

Upon learning of Rice’s actions, H. R. McMaster dispatched his close aide Derek Harvey to Capitol Hill to brief Chairman Nunes.

But as Eli Lake — fresh off having apologized for letting Devin Nunes use him — tells the story, close Mike Flynn associate Ezra Cohen-Watnick discovered it and brought the discovery to the White House Counsel’s office, whereupon he was told to “end his own research” on unmasking.

The pattern of Rice’s requests was discovered in a National Security Council review of the government’s policy on “unmasking” the identities of individuals in the U.S. who are not targets of electronic eavesdropping, but whose communications are collected incidentally. Normally those names are redacted from summaries of monitored conversations and appear in reports as something like “U.S. Person One.”

The National Security Council’s senior director for intelligence, Ezra Cohen-Watnick, was conducting the review, according to two U.S. officials who spoke with Bloomberg View on the condition of anonymity because they were not authorized to discuss it publicly. In February Cohen-Watnick discovered Rice’s multiple requests to unmask U.S. persons in intelligence reports that related to Trump transition activities. He brought this to the attention of the White House General Counsel’s office, who reviewed more of Rice’s requests and instructed him to end his own research into the unmasking policy.

This repeats a claim Lake had made in his earlier apology post, which he presented as one detail in the NYT version of this story that was not accurate.

Another U.S. official familiar with the affair told me that one of the sources named in the article, former Defense Intelligence officer Ezra Cohen-Watnick, did not play a role in getting information to Nunes. This official said Cohen-Watnick had come upon the reports while working on a review of recent Justice Department rules that made it easier for intelligence officials to share the identities of U.S. persons swept up in surveillance. He turned them over to White House lawyers.

But it adds the detail that Cohen-Watnick had been told to stand down. That would explain why Lake and others would want to claim that Cohen-Watnick wasn’t involved in dealing all this to Nunes: because he had already been told not to pursue it further. If the multiple accounts saying he was involved in the hand-off to Nunes, it appears he did.

The WaPo’s version of this included a detail not included by the right wingers: that Cohen-Watnick went to John Eisenberg, not Don McGahn, with his “discovery.” Eisenberg is significantly responsible, dating back to when he was at DOJ, for ensuring that ordinary Americans would be sucked up in surveillance under PRISM. For him to be concerned about the legal unmasking of Americans’ identities (to the extent that did exist — and the record is still unclear whether it did) is laughable.

The timing of Cohen-Watnick’s research — dating back to February — intersects in interesting ways with the timeline in this March 14 Politico story of H.R. McMaster’s attempt to sideline him, which was overruled by Steven Bannon.

On Friday [March 10], McMaster told the National Security Council’s senior director for intelligence programs, Ezra Cohen-Watnick, that he would be moved to another position in the organization.

The conversation followed weeks of pressure from career officials at the CIA who had expressed reservations about the 30-year-old intelligence operative and pushed for his ouster.

But Cohen-Watnick appealed McMaster’s decision to two influential allies with whom he had forged a relationship while working on Trump’s transition team — White House advisers Steve Bannon and Jared Kushner. They brought the matter to Trump on Sunday [March 12], and the president agreed that Cohen-Watnick should remain as the NSC’s intelligence director, according to two people with knowledge of the episode.

The House Intelligence Committee first asked NSA, CIA, and FBI for details on unmasking on March 15, the day after this story broke, at which point Nunes already knew of the White House effort. When Nunes first blew this up on March 22, he falsely claimed that that March 15 request had been submitted two weeks earlier.

It’s clear the right wing wants to shift this into Benghazi 2.0, attacking Susan Rice for activities that are, at least on the face of it, part of her job. But the only way the White House could be sure that she (or Ben Rhodes, who they’re also naming) were the ones to leak this would be to investigate not just those two, but also all the FBI (which would have access to this information without unmasking these names, which not a single one of these right wing scribes admit or even seem to understand). That is, the only way they could make credible, as opposed to regurgitated right wing propaganda accusations about leakers is to have spied even more inappropriately than they are accusing the Obama White House of doing.

Raw Versus Cooked: Could NSC Monitor FBI’s Investigation?

/16 Comments/in , , , /by

Multiple people,including Bart Gellman and Josh Marshall, are now arguing that the reason Ezra Cohen-Watnick and Michael Ellis found intercepts involving Trump’s people is that they were monitoring FBI’s investigation of the investigation.

I certainly think the Trump people would like to do that — and would be willing to stoop to that. I even believe that the response to the Russian hack last year had some counterintelligence problems, though probably not on the FBI side.

But there are some details that may limit how much the NSC can monitor the investigation.

First, Devin Nunes has always been very clear: the intercepts he was shown have nothing to do with Russia. That’s not, itself, determinative. After all, Cohen-Watnick and Ellis might have found a bunch of Russian intercepts, but only shared the non-Russian ones so Nunes could make a stink without being accused of endangering the investigation. Also, it’s possible that intercepts involving other countries — most notably Turkey, but there are other countries that might be even more interesting, including Ukraine or Syria — would impact any Russian investigation.

Also note that among the many things Nunes appears not to understand about surveillance is that there are two ways an American’s name can be visible outside the circle of analysts doing the initial review of them: their names can be put into finished intelligence reports that get circulated more broadly, with customers asking to have the name unmasked after the fact. Alternately, their names can be found off of subsequent searches of raw data. At the NSA and CIA, searches for US person content are somewhat controlled. At FBI they are not only not controlled, but they are routine even for criminal investigations. So if, say, General Flynn (or Paul Manafort) were under investigation for failing to register as a foreign agent, the FBI would routinely search their database of raw FISA material on his name. (These are the “back door searches” Ron Wyden has been screaming about for years, concerns which people like Devin Nunes have previously dismissed on national security grounds.) And we have every reason to believe that counterintelligence intercepts of Russians in the US are among the raw feeds that the FBI gets. So if Flynn had conversations with Russians (or Turks) in the US, we should assume that FBI saw them as a routine matter if Flynn became the subject of an investigation at all. We should also assume that the FBI did a search on every Sergey Kislyak intercept in their possession, so they will have read everything that got picked up, including all recorded calls with Trump aides.

On March 15, the House Intelligence Committee asked the NSA, CIA, and FBI for information on unmasking. I don’t believe that request asked about access to US person names on subsequent searches or raw material. Furthermore, at least as of last week, the FBI was not rushing to comply with that request. As I noted after the Jim Comey hearing before HPSCI, none of the Republicans concerned about these issues seemed to have any basic clue about FBI’s searches on raw data. If Nunes doesn’t know (and he appears not to), it’s unlikely Ellis knows, who was until this month Nunes’ aide.

But there’s one other thing that may prevent NSC from obtaining information about the investigation: FBI sometimes uses what are called “ad hoc databases” that include raw FISA data (and probably, post EO 12333 sharing rule changes, raw EO 12333 data) tied to particular investigations. It’s unclear what conditions might necessitate the use of an ad hoc database (see page 25ff for a discussion of them), but if security concerns would encourage their use, it would be likely to have one here, an investigation which Comey described as being so sensitive he delayed briefing the Gang of Four. Ad hoc databases are restricted to those working on investigations, and include specific records of those authorized to access the database. So if FBI were using an ad hoc database for this investigation, it would be even harder for the NSC to learn what they were looking at.

If the FBI’s investigation relies on raw intelligence — and it would be unfathomable that it does not, because it would probably receive the raw FISA data tied to such an investigation routinely, and EO 12333 sharing rules specifically envision the sharing of raw data associated with counterintelligence investigations — then the NSC’s access to finished intelligence reports would provide little insight into the investigation (Nunes was a bit unclear on whether that’s what he was looking at, but the entire premise of his complaints is that these were finished reports).

But while we’re worrying about whether and how Trump would monitor an investigation into his aides, remember that in 2002, Jay Bybee wrote a memo authorizing the sharing of grand jury information with the President and his close advisors including for counterintelligence investigations.

In addition, the Patriot Act recently amended 6(e) and Title III specifically to provide that matters involving foreign intelligence or counterintelligence or foreign intelligence information may be disclosed by any attorney for the government (and in the case of Title III, also by an investigative or law enforcement officer) to certain federal officials in order to assist those officials in carrying out their duties. Federal officials who are included within these provisions may include, for example, the President, attorneys within the White House Counsel’s Office, the President’s Chief of Staff, the National Security Advisor, and officials within the Central Intelligence Agency and the Department of Defense.

[snip]

Although the new provision in Rule 6(e) permitting disclosure also requires that any disclosures be reported to the district court responsible for supervising the grand jury, we conclude that disclosures made to the President fall outside the scope of the reporting requirement contained in that amendment, as do related subsequent disclosures made to other officials on the President’s behalf.

In other words, Trump could demand that he — or his National Security Advisor! — get information on any grand jury investigations, including those covering counterintelligence cases. And no judge would be given notice of that.

With Jeff Sessions’ recusal, that’s far less likely to happen than it might have been. But understand that the Executive Branch believes that the President can learn about the happenings in grand jury investigations of the sort that might target his aides.

Update: additional details have been added to this post after it was first posted.

Devin Nunes May Be a Buffoon and a Hack, But I Don’t Think He’s a Criminal

/10 Comments/in /by

I believe that Devin Nunes is a buffoon and a political hack. I believe he needs to be removed from his position as Chair of the House Intelligence Committee — not just because he has been running interference for Trump, betraying his Article I duties, but also because he doesn’t understand the programs he oversees.

But I don’t believe he’s a criminal.

I say that in disagreement with Bart Gellman, who made just such an argument regarding the revelations in this NYT story here. Gellman argued, in part, that Nunes’ sources (about which I hope to say more later) violated nondisclosure laws by sharing reports outside of normal channels with Nunes.

Secrecy regulations, including SF312, the Classified Information Nondisclosure Agreement, do not permit [Michael] Ellis and [Ezra] Cohen-Watnick to distribute sensitive compartmented information through a back channel to Nunes. This is true, and their conduct no less an offense, even though Nunes holds clearances sufficient to receive the information through proper channels. The offense, which in some cases can be prosecuted as a felony, would apply even if the White House officials showed Nunes only “tearsheet” summaries of the surveillance reports. Based on what Nunes has said in public, they appear to have showed him the more sensitive verbatim transcripts. Those are always classified as TS/SI (special intelligence) or TS/COMINT (communications intelligence), which means that they could reveal sources and methods if disclosed. That is the first apparent breach of secrecy rules. The second, of course, is the impromptu Nunes news conference. There is no unclassified way to speak in public about the identity of a target or an “incidentally collected” communicant in a surveillance operation.

To be clear, I think Ellis and Cohen-Watnick may have violated access rules on searches. But I don’t think Nunes violated any laws in accessing that intelligence (I think he probably violated the intent of classification rules on intercepts, but by providing no details about who he saw referenced in these reports, he’ll get away with it.)

That’s because minimization procedures pertaining to FISA materials specifically envision access to information — sometimes even raw data — for oversight purposes. The 2015 702 Minimization Procedures for NSA, for example, state,

Nothing in these procedures shall restrict NSA’s performance of lawful oversight of its personnel or systems, or lawful oversight function of the Department of Justice’s National Security Division, Office of the Director of National Intelligence, or the applicable Offices of the Inspectors General. Similarly, nothing in these procedures shall prohibit the retention, processing, or dissemination of information reasonably necessary to comply with specific constitutional, judicial,or legislative mandates.

At times, minimization procedures have been even more explicit. Starting in 2014, for example, the Section 215 phone dragnet minimization procedures explicitly permitted the sharing of query results “to facilitate lawful oversight functions.”

Notwithstanding the above requirements, NSA may share results from intelligence analysis queries of the BR metadata, including U.S. person identifying information, with Executive Branch personnel (1) in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings or (2) to facilitate their lawful oversight functions. Notwithstanding the above requirements, NSA may share the results from intelligence analysis queries of the BR metadata, including United States person information, with Legislative Branch personnel to facilitate lawful oversight functions.

The FISC even excluded such sharing from reporting requirements, so Congress could be doing a lot of this and it would never show up in annual reporting.

In other words, at least for FISA-governed data, the court has permitted the sharing of information — and remember, these are supposed to be finished intelligence reports, not raw data or queries — for people in an oversight role. The 702 procedures leave a lot of room for interpretation, too, about what might be a “constitutional” mandate, the kind of language that White Houses of both parties have been prone to abuse.

If these reports were collected under 12333, the new sharing rules explicitly prohibit the sharing of intelligence for political purposes.

Any IC element that obtains access to raw SIGINT under these Procedures will:

[snip]

Political process in the United States. Not engage in any intelligence activity authorized by these Procedures, including disseminations to the White House, for the purpose of affecting the political process in the United States. The IC element will comply with the guidance applicable to NSA regarding the application of this prohibition. Questions about whether a particular activity falls within this prohibition will be resolved in consultation with the element’s legal counsel and the General Counsel of the Office of the Director of National Intelligence (ODNI) (and the DoD’s Office of the General Counsel in the case of a DoD IC element).

Even if this covered what happened, NSC lawyer John Eisenberg was in the loop on this caper, so they effectively did consult with the element’s legal counsel. Moreover, we know that Presidents can pixie dust executive orders at will.

Nunes, at least, pretends he was functioning in an oversight role in raising questions about whether SIGINT had been properly minimized. He appears to have no clue about the authorities he’s talking about, he appears to have misrepresented what the problem is, and he clearly was doing all this with an eye towards making political accusations against Obama.

But nevertheless, he claims to believe he was functioning in an oversight role.

Which is part of the problem! I’ve long pointed to how unrestricted this language is. It invites abuse. It should be tightened going forward (though neither the Trump Administration nor Congress has incentive to do that at this point).

If you’re bothered by Devin Nunes’ information operation — and I am — then you should be calling to tighten up the language governing how intelligence can be shared for oversight and other “constitutional” purposes. Because they appear to envision something like this happening.

Did Devin Nunes Just Reveal NSC Is Monitoring Agency Response to Congress?

/35 Comments/in , /by

Multiple outlets this morning are covering Devin Nunes’ admission that he was on “White House grounds” last Tuesday, leading up to his Wednesday announcement that Trump officials’ identities may (or may not have) been unmasked in intelligence reports unrelated to Russia.

One source told CNN that Nunes, a California Republican, was seen on the White House grounds the day before his announcement. In a phone interview, Nunes confirmed to CNN that he was on the White House grounds that day — but he said he was not in the White House itself. (Other buildings, including the Eisenhower Executive Office Building, are on the same grounds.)

No one in the White House was aware that he was there, Nunes said.

The California Republican said he was there for additional meetings “to confirm what I already knew” but said he wouldn’t comment further so as to not “compromise sources and methods.”

He told CNN he wanted to “reiterate this has nothing to do with Russia.”

Nunes went to the building because he needed a secure area to view the information, he told CNN. A government official said Nunes was seen Tuesday night at the National Security Council offices of the Eisenhower building which, other than the White House Situation Room, is the main area on the complex to view classified information in a secure room.

Nunes explained to Eli Lake he couldn’t use HPSCI’s own SCIF, just two miles away, because it didn’t have networked access to the reports that he was being shown.

In an interview Monday, Nunes told me that he ended up meeting his source on the White House grounds because it was the most convenient secure location with a computer connected to the system that included the reports, which are only distributed within the executive branch. “We don’t have networked access to these kinds of reports in Congress,” Nunes said. He added that his source was not a White House staffer and was an intelligence official.

Laura Rozen notes that Nunes’ former aide, Michael Ellis, now works as NSC Deputy Legal Adviser.

New special assistant to the president, NSC deputy legal adviser Michael Ellis served as Nunes’ aide, HPSCI gen. counsel til early March 3/

Whether or not Ellis is Nunes’ source, it seems clear that someone in the EEOB first told, then shared, intercepts with Nunes.

That raises questions about how said source obtained the intercepts. That’s true particularly given that by Nunes’ later admission that some of the names weren’t unmasked per se, but rather described in such a way that would make the US person (that is, the Trump associate) clear, so it’s not like the NSC could just search on all of Trump’s top aides to find out if their names had been unmasked.

Remember, too, that this takes place against the background of HPSCI’s requests to NSA, CIA, and FBI for details on all the US persons who had been unmasked between June 2016 and January 2017. NSA had provided a partial response (basically deferring an answer until they could do more research) before last week’s hearing and Nunes’ press conference. But it’s not clear whether FBI intended to reply — it would have several possible reasons for refusing to do so, both to protect an ongoing investigation but also because unmasking is not the question to ask FBI, database searches are (it’s not clear how many of HPSCI’s Republicans understand this, which is pathetic).

In any case, NSA and CIA (at least) are already in the process of responding to this request. But someone worked his or her own angles to respond to the same request for Nunes.

The Lesson Trump Has (Thus Far) Not Taught Us: Civilian Casualties

/38 Comments/in , , , , /by

I have a confession.

There’s something I like about the Trump Administration.

It’s the way that his unpopularity taints long-standing policies or practices or beliefs, making people aware of and opposed to them in a way they weren’t when the same policies or beliefs were widely held under George Bush or Barack Obama. Many, though not all, of these policies or beliefs were embraced unquestioningly by centrists or even avowed leftists.

I’ve been keeping a running list in my mind, which I’ll begin to lay out here (I guess I’ll update it as I remember more).

  • Expansive surveillance
  • The presumption of regularity, by which courts and the public assume the Executive Branch operates in good faith and from evidence
  • Denigration of immigrants
  • Denigration of Muslims
  • Denigration health insurance

As an example, Obama deported a huge number of people. But now that Trump has expanded that same practice, it has been made visible and delegitimized.

In short, Trump has made things that should always have been criticized are now being far more widely so.

But there’s one thing that Trump has escalated that has thus far — with the singular exception of the botched raid on Yemen — escaped widespread condemnation: the bombing of civilians. There was the Al Jineh mosque on March 16, a school sheltering families in Raqqa on March 21, and this strike last week in Mosul, not to mention continued Saudi attacks in Yemen that the US facilitates.

Again, I’m not saying such civilian strikes didn’t happen under Obama. And it’s not clear whether this spate of civilian bombings arises from a change in the rule of engagement put in place in December, the influence of James Mattis, or Trump’s announced review of rules of engagement. But civilians are dying.

And for the most part, unlike all the other horrible things happening under President Trump, they’re getting little notice and condemnation in the US.

Update: This NYT story on the Mosul strike says that the increased civilian casualties do reflect a change in rules of engagement put in place under Trump.

When a White Republican Gets Spied On, Privacy Suddenly Matters

/38 Comments/in , , /by

As expected, much of today’s hearing on the Russian hack consisted of members of Congress — from both parties — posturing for the camera.

At first, it seemed that the Republican line of posturing — complaining about the leak that exposed Mike Flynn’s conversations with Ambassador Sergey Kislyak — tracked Donald Trump’s preferred approach, to turn this into a witch hunt for the leakers.

But it was actually more subtle than that. It appears Republicans believe the leaks about Flynn have (finally) made Congress skittish about incidental collection of US person communications as part of FISA collection. And so both Tom Rooney and Trey Gowdy spent much of their early hearing slots discussing how much more difficult the leak of Flynn’s name will make Section 702 reauthorization later this year. In the process, they should have created new fears about how painfully ignorant the people supposedly overseeing FISA are.

Rooney, who heads the subcommittee with oversight over NSA, started by quizzing Mike Rogers about the process by which a masked US person identity can be disclosed. Along the way, it became clear Rooney was talking about Section 702 reauthorization even while he was talking traditional FISA collection, which doesn’t lapse this year.

Rooney: If what we’re talking about is a serious crime, as has been alleged, in your opinion would leaking of a US person who has been unmasked and disseminated by intelligence community officials, would that leaking hurt or help our ability to conduct national security.

Rogers: Hurt.

Rooney: Ok, if it hurts, this leak, which through the 702 tool, which we all agree is vital–or you and I at least agree to that–do you think that that leak actually threatens our national security. If it’s a crime, and if it unmasks a US person, and this tool is so important it could potentially jeopardize this tool when we have to try to reauthorize it in a few months, if this is used against our ability to reauthorize this tool, and we can’t get it done because whoever did this leak, or these nine people that did this leak, create such a stir, whether it be in our legislative process or whatever, that they don’t feel confident a US person, under the 702 program, can be masked, successfully, and not leaked to the press, doesn’t that hurt–that leak–hurt our national security.

Eventually Admiral Rogers broke in to explain to his congressional overseer very basic facts about surveillance, including that Flynn was not and could not have been surveilled under Section 702.

Rogers: FISA collection on targets in the United States has nothing to do with 702, I just want to make sure we’re not confusing the two things here. 702 is collection overseas against non US persons.

Rooney: Right. And what we’re talking about here is incidentally, if a US person is talking to a foreign person that we’re listening to whether or not that person is unmasked.

Nevertheless, Rooney made it very clear he’s very concerned about how much harder the Flynn leak will make it for people like him to convince colleagues to reauthorize Section 702, which is even more of a privacy concern than traditional FISA.

Rooney: But it’s really going to hurt the people on this committee and you in the intelligence community when we try to retain this tool this year and try to convince some of our colleagues that this is really important for national security when somebody in the intelligence community says, you know what the hell with it, I’m gonna release this person’s name, because I’m gonna get something out of it. We’re all gonna be hurt by that. If we can’t reauthorize this tool. Do you agree with that?

A little later, Trey Gowdy got his second chance to complain about the leak. Referencing Rogers’ earlier explanation that only 20 people at NSA can unmask a US person identity, Gowdy tried to figure out how many at FBI could, arguing (this is stunning idiocy here) that by finding a finite number of FBI officials who could unmask US person identities might help assuage concerns about potential leaks of US persons caught in FISA surveillance.

Comey: I don’t know for sure as I sit here. Surely more, given the nature of the FBI’s work. We come into contact with US persons a whole lot more than the NSA does because we may be conducting — we only conduct our operations in the United States to collect electronic surveillance. I can find out the exact number. I don’t know it as I sit here.

Gowdy: I think Director Comey given the fact that you and I agree that this is critical, vital, indispensable. A similar program is coming up for reauthorization this fall with a pretty strong head wind right now, it would be nice to know the universe of people who have the power to unmask a US citizen’s name. Cause that might provide something of a road map to investigate who might have actually disseminated a masked US citizen’s name.

Here’s why this line of questioning from Gowdy is unbelievably idiotic. Both for traditional FISA, like the intercept targeting Kislyak that caught Flynn, and for Section 702, masking and unmasking identities at FBI is not the concern. That’s because the content from both authorities rests in FBI’s databases, and anyone cleared for FISA can access the raw data. And those FBI Agents not cleared for FISA can and are encouraged just to ask a buddy who is cleared to do it.

In other words, every Agent at FBI has relatively easy way to access the content on Flynn, so long as she can invent a foreign intelligence or criminal purpose reason to do so.

Which is probably why Comey tried to pitch something he called “culture” as adequate protection, rather than the very large number of FBI Agents who are cleared into FISA.

Comey: The number is … relevant. What I hope the US–the American people will realize is the number’s important but the culture behind it is in fact more important. The training, the rigor, the discipline. We are obsessive about FISA in the FBI for reasons I hope make sense to this committee. But we are, everything that’s FISA has to be labeled in such a way to warn people this is FISA, we treat this in a special way. So we can get you the number but I want to assure you the culture in the FBI and the NSA around how we treat US person information is obsessive, and I mean that in a good way.

So then Gowdy asks Comey something he really has a responsibility to know: what other agencies have Standard Minimization Procedures. (The answer, at least as the public record stands, is NSA, CIA, FBI, and NCTC have standard minimization procedures, with Main Justice using FBI’s SMPs.)

Gowdy: Director Comey I am not arguing with you and I agree the culture is important, but if there are 100 people who have the ability to unmask and the knowledge of a previously masked name, then that’s 100 different potential sources of investigation. And the smaller the number is, the easier your investigation is. So the number is relevant. I can see the culture is relevant. NSA, FBI, what other US government agencies have the authority to unmask a US citizen’s name?

Comey: Well I think all agencies that collect information pursuant to FISA have what are called standard minimization procedures which are approved by the FISA court that govern how they will treat US person information. So I know the NSA does, I know the CIA does, obviously the FBI does, I don’t know for sure beyond that.

Gowdy: How about Main Justice?

Comey: Main Justice I think does have standard minimization procedures.

Gowdy: Alright, so that’s four. NSA, FBI, CIA, Main Justice. Does the White House has the authority to unmask a US citizen’s name?

Comey: I think other elements of the government that are consumers of our can ask the collectors to unmask. The unmasking resides with those who collected the information. And so if Mike Rogers’ folks collected something, and they send it to me in a report and it says it’s US person #1 and it’s important for the FBI to know who that is, our request will go back to them. The White House can make similar requests of the FBI or NSA but they don’t on their own collect, so they can’t on their own unmask.

That series of answers didn’t satisfy Gowdy, because from his perspective, if Comey isn’t able to investigate and find a head for the leak of Flynn’s conversation with Kislyak — well, I don’t know what he thinks but he’s sure an investigation, possibly even the prosecution of journalists, is the answer.

Gowdy: I guess what I’m getting at Director Comey, you say it’s vital, you say it’s critical, you say that it’s indispensable, we both know it’s a threat to the reauthorization of 702 later on this fall and oh by the way it’s also a felony punishable by up to 10 years. So how would you begin your investigation, assuming for the sake of argument that a US citizen’s name appeared in the Washington Post and the NY Times unlawfully. Where would you begin that investigation?

This whole series of questions frankly mystifies me. I mean, these two men who ostensibly provide oversight of FISA clearly didn’t understand what the biggest risk to privacy is –back door searches of US person content — which at the FBI doesn’t even require any evidence of wrong-doing. That is the biggest impediment to reauthorizing FISA.

And testimony about the intricacies of unmasking a US person identity — particularly when a discussion of traditional FISA serves as stand-in for Section 702 — does nothing more than expose that the men who supposedly oversee FISA closely have no fucking clue — and I mean really, not a single fucking clue — how it works. Devin Nunes, too, has already expressed confusion on how access to incidentally collected US person content works.

Does anyone in the House Intelligence Committee understand how FISA works? Bueller?

In retrospect, I’m really puzzled by what is so damning about the Flynn leak to them. I mean, don’t get me wrong, I’m very sympathetic to the complaint that the contents of the intercepts did get leaked. If you’re not, you should be. Imagine how you’d feel if a Muslim kid got branded as a terrorist because he had a non-criminal discussion with someone like Anwar al-Awlaki? (Of course, in actual fact what happened is the Muslim kids who had non-criminal discussions with Awlaki had FBI informants thrown at them until they pressed a button and got busted for terrorism, but whatever.)

But Rooney and Gowdy and maybe even Nunes seemed worried that their colleagues in the House have seen someone like them — not a young Muslim, but instead a conservative white man — caught up in FISA, which has suddenly made them realize that they too have conversations all the time that likely get caught up in FISA?

Or are they worried that the public discussion of FISA will expose them for what they are, utterly negligent overseers, who don’t understand how invasive of privacy FISA currently is?

If it’s the latter, their efforts to assuage concerns should only serve to heighten those concerns. These men know so little about FISA they don’t even understand what questions to ask.

In any case, after today’s hearing I am beginning to suspect the IC doesn’t like to have public hearings not because someone like me will learn something, but because we’ll see how painfully little most of the so-called overseers have learned in all the private briefings the IC has given them. If these men don’t understand the full implications of incidental collection, two months after details of Flynn’s conversations have been leaked, then it seems likely they’ve been intentionally mis or underinformed.

Or perhaps they’re just not so bright.