Author of USA Freedom Act Says “Nobody’s Got to Use the Internet”

/5 Comments/in /by

As a number of outlets have reported, at a town hall last week, Wisconsin’s Jim Sensenbrenner told a constituent, asking about her congressman’s vote to overturn Obama’s broadband privacy rules, said, “Nobody’s got to use the Internet.”

“Facebook is not comparable to an ISP. I do not have to go on Facebook,” the town hall meeting attendee said. But when it comes to Internet service providers, the person said, “I have one choice. I don’t have to go on Google. My ISP provider is different than those providers.”

That’s when Sensenbrenner said, “Nobody’s got to use the Internet.” He praised ISPs for “invest[ing] an awful lot of money in having almost universal service now.” He then said, “I don’t think it’s my job to tell you that you cannot get advertising for your information being sold. My job, I think, is to tell you that you have the opportunity to do it, and then you take it upon yourself to make the choice.”

It’s of course an absurd comment. It is difficult to get a job in this day and age without Internet access; it’s hard to find a place to live. It’s not a matter of convenience, at this point it is necessary to be on the Internet to be a fully integrated citizen.

But note why Sensenbrenner said this: he pitched it in terms of the beneficent ISP providers who have kindly provided us all gateways to the Internet.

What no report I’ve seen has noted is that Sensenbrenner also happens to be the author of the USA Freedom Act as passed. In spite of his key role in defeating prior efforts to shut down the PATRIOT Act dragnets, Sensenbrenner managed to pose as a privacy advocate (making horseshit claims about knowing about the dragnet) so as to push through a bill that took the heat off telecoms, all while making more innocent Americans’ data available to NSA’s analytical maw.

Here, he reveals his true colors, a completely unrealistic view of the importance of the Internet on actual human beings.

Why Susan Rice May Be a Shiny Object

/30 Comments/in , , /by

A bunch of Republican propagandists are outraged that the press isn’t showing more interest in PizzaGate Mike Cernovich’s “scoop” that the woman in charge of ensuring our national security under President Obama, then National Security Advisor Susan Rice, sought to fully understand the national security intercepts she was being shown.

There are two bases for their poutrage, which might have merit — but coming from such hacks, may not.

The first is the suggestion, based off Devin Nunes’ claim (and refuted by Adam Schiff) that Rice unmasked things she shouldn’t have. Thus far, the (probably illegally) leaked details — such as that family members, perhaps like Jared Kushner (who met with an FSB officer turned head of a sanctioned Russian bank used as cover for other spying operations), Sean Hannity (who met with an already-targeted Julian Assange at a time he was suspected of coordinating with Russians), and Erik Prince (who has literally built armies for foreign powers) got spied on — do nothing but undermine Nunes’ claims. All the claimed outrageous unmaskings actually seem quite justifiable, given the accepted purpose for FISA intercepts.

The other suggestion — and thus far, it is a suggestion, probably because (as I’ll show) it’s thus far logically devoid of evidence — is that because Rice asked to have the names of people unmasked, she must be the person who leaked the contents of the intercepts of Sergey Kislyak discussing sanctions with Mike Flynn. (Somehow, the propagandists always throw Ben Rhodes’ name in, though it’s not clear on what basis.)

Let me start by saying this. Let’s assume those intercepts remained classified when they were leaked. That’s almost certain, but Obama certainly did have the authority to declassify them, just as either George Bush or Dick Cheney allegedly used that authority to declassify Valerie Plame’s ID (as some of these same propagandists applauded back in the day). But assuming the intercepts did remain classified, I agree that it is a problem that they were leaked by nine different sources to the WaPo.

But just because Rice asked to unmask the identities of various Trump (and right wing media) figures doesn’t mean she and Ben Rhodes are the nine sources for the WaPo.

That’s because the information on Flynn may have existed in a number of other places.

Obviously, Rice could not have been the first person to read the Flynn-Kislyak intercepts. That’s because some analyst(s) would have had to read them and put them into a finished report (most, but not all, of Nunes’ blathering comments about these reports suggest they were finished intelligence). Assuming those analysts were at NSA (which is not at all certain) someone would have had to have approved the unmasking of Flynn’s name before Rice saw it.

In addition, it is possible — likely even, at least by January 2017, when we know people were asking why Russia didn’t respond more strongly to Obama’s hacking sanctions — that there were two other sets of people who had access to the raw intelligence on Flynn’s conversations with Kislyak: the CIA and, especially, the FBI, which would have been involved in any FISA-related collection. Both CIA and FBI can get raw data on topics they’re working on. Likely, in this case, the multi-agency task force was getting raw collection related to their Russian investigation.

And as I’ve explained, as soon as FBI developed a suspicion that either Kislyak was at the center of discussions on sanctions or that Flynn was an unregistered agent of multiple foreign powers, the Special Agents doing that investigation would routinely pull up everything in their databases on those people by name, which would result in raw Title I and 702 FISA collection (post January 3, it probably began to include raw EO 12333 data as well).

So already you’re up to about 15 to 20 people who would have access to the raw intercepts, and that’s before they brief their bosses, Congress (though the Devin Nunes and Adam Schiff briefing, at least, was delayed a bit), and DOJ, all the way up to Sally Yates, who wanted to warn the White House. Jim Comey has suggested it is likely that the nine sources behind the WaPo story were among these people briefed secondarily on the intercepts. And it’s worth noting that David Ignatius, who first broke the story of Flynn’s chats with Kislyak but was not credited on the nine source story, has known source relationships in other parts of the government than the National Security Advisor, though he also has ties to Rice.

All of which is to say that the question of who leaked the contents of Mike Flynn’s conversations with Sergey Kislyak is a very different question from whether Susan Rice’s requests to unmask Trump associates’ names were proper or not. It is possible that Rice leaked the intercepts without declassifying them first. But it’s also possible that any of tens of other people did, most of whom would have a completely independent channel for that information.

And the big vulnerability is not — no matter what Eli Lake wants to pretend — the unmasking of individual names by the National Security Advisor. Rather, it’s that groups of investigators can access the same intelligence in raw form without a warrant tied to the American person in question.

Devin Nunes’ So-Called Bibi Netanyahu Precedent

/12 Comments/in , , , /by

Throughout his ongoing information operation to claim the Obama White House spied on the Trump transition team, Devin Nunes has pointed to what he claimed was a precedent: when, in December 2015, members of Congress suddenly copped on that their conversations with Bibi Netanyahu would get picked up incidentally. In his March 22 press conference, he explained,

We went through this about a year and a half ago as it related to members of Congress, if you may remember there was a report I think it was in the Wall Street Journal and but then we had to have we had a whole series of hearings and then we had to have changes made to how Congress is informed if members of Congress are picked up in surveillance and this looks it’s like very similar to that.

Eli Lake dutifully repeated it in the second of his three-post series pitching Nunes’ information operation.

A precedent to what may have happened with the Trump transition involved the monitoring of Israel’s prime minister and other senior Israeli officials. The Wall Street Journal reported at the end of 2015 that members of Congress and American Jewish groups were caught up in this surveillance and that the reports were sent to the White House. This occurred during a bitter political fight over the Iran nuclear deal. In essence the Obama White House was learning about the strategy of its domestic political opposition through legal wiretaps of a foreign head of state and his aides.

But Lake didn’t apparently think through what the implications of Nunes’ analogy — or the differences between the two cases.

Here’s the WSJ report and CBS and WaPo versions that aren’t paywalled. All make it very clear that Devin Nunes took the lead in worrying about his conversations with Bibi Netanyahu being sucked up (I don’t remember Republicans being as sympathetic when Jane Harman got sucked up in a conversation with AIPAC). They also describe that Obama’s WH, faced with the potential that their surveillance would be seen as spying on another branch of Congress, had the NSA take charge of the unmasking.

The administration believed that Israel had leaked information gleaned from spying on the negotiations to sympathetic lawmakers and Jewish American groups seeking to undermine the talks.

According to the Journal, when the White House learned that the NSA eavesdropping had collected communications with U.S. lawmakers, it feared being accused of spying on Congress and left it to the NSA to determine what information to share with the administration. The Journal said the NSA did not pass along the names of lawmakers or any of their personal attacks on White House officials.

That’s not to say they’d take the same approach here — indeed, Lake now claims, at  least, that Susan Rice requested some Trump officials’ names to be unmasked, distinguishing it from the Bibi case in that White House did not leave it up to NSA to decide what to unmask (though the underlying reporting makes the silly claim that Rice, Loretta Lynch, and John Brennan were among a very limited number of people who could request a name be unmasked).

The larger point is, even assuming the collection of conversations between your political opponents and a foreign government designed to undermine your executive branch authority was scandalous, it’d still fall under the very legitimate concern of separation of powers.

Yes, Trump’s aides are from a different party. But they are nevertheless part of the executive branch. And the entire basis of counterintelligence spying — the entire point of FISA — is to ensure that executive branch officials are not targeted by foreign countries to be spies, which is part of the reason Mike Flynn attracted attention (which is not to justify the leaking of that intercept). Add in the legitimate necessity to implement executive branch policy and this is a very different case than the Bibi case, even if you want to defend (as I do, to a point) Republican members of Congress collaborating with foreign governments to undermine Article II authorities.

Nunes’ imagined solution — from his March 22 White House press conference — is ever nuttier.

Q: You’ve said legal and incidental. That doesn’t sound like a proactive effort to spy.

Nunes: I would refer you to, we had a similar issue with members of Congress that were being picked up in incidental collection a little over a year ago, we had to spend a full year working with the DNI on the proper notification for members of Congress to be notified which comes through the Gang of Eight. I would refer you to that because it looks very similar to that, would be the best way I can describe it.

The ODNI current informs the Gang of Eight when members of Congress get spied on (which means claims that a lot of GOP candidates got spied on is likely hot air, but which also means that if Nunes were collected as a member of the transition team, he’d have been the first to learn of it). Which is an important protection for separation of powers, but which also enables corrupt members of Congress to not just learn they’re being surveilled but, potentially, to alert the foreign targets what channels we’re using.

Maybe Trump wants that standard applied to the executive branch, but if he adopts it, we’re going to have a leaking free for all. Not to mention, it would make it absolutely impossible for the government to protect against espionage related to elections.

Or perhaps Nunes is just saying something more simple. Perhaps Nunes is saying the “dozens” of intercepts where Trump officials had been unmasked (to the extent that’s true) disclosed Trump’s transition-period attempts to drum up a war with Iran at the behest of Israel. Perhaps the real stink here is that, in the very same days Mike Flynn was telling Russia sanctions would be loosened, Trump was publicly undermining US efforts to take a stand against Israeli illegal settlements.

Perhaps, ultimately, this is still about a belief that the Israelis should never be wiretapped.

Who Violated Their Designated Role: Ezra Cohen-Watnick or Susan Rice?

/27 Comments/in , , /by

In the original version of the latest right wing claim — that Susan Rice requested that multiple incoming Trump figures’ names be unmasked in intercepts — Mike Cernovich describes the genesis of Devin Nunes’ concern this way:

The White House Counsel’s office identified Rice as the person responsible for the unmasking after examining Rice’s document log requests. The reports Rice requested to see are kept under tightly-controlled conditions. Each person must log her name before being granted access to them.

Upon learning of Rice’s actions, H. R. McMaster dispatched his close aide Derek Harvey to Capitol Hill to brief Chairman Nunes.

But as Eli Lake — fresh off having apologized for letting Devin Nunes use him — tells the story, close Mike Flynn associate Ezra Cohen-Watnick discovered it and brought the discovery to the White House Counsel’s office, whereupon he was told to “end his own research” on unmasking.

The pattern of Rice’s requests was discovered in a National Security Council review of the government’s policy on “unmasking” the identities of individuals in the U.S. who are not targets of electronic eavesdropping, but whose communications are collected incidentally. Normally those names are redacted from summaries of monitored conversations and appear in reports as something like “U.S. Person One.”

The National Security Council’s senior director for intelligence, Ezra Cohen-Watnick, was conducting the review, according to two U.S. officials who spoke with Bloomberg View on the condition of anonymity because they were not authorized to discuss it publicly. In February Cohen-Watnick discovered Rice’s multiple requests to unmask U.S. persons in intelligence reports that related to Trump transition activities. He brought this to the attention of the White House General Counsel’s office, who reviewed more of Rice’s requests and instructed him to end his own research into the unmasking policy.

This repeats a claim Lake had made in his earlier apology post, which he presented as one detail in the NYT version of this story that was not accurate.

Another U.S. official familiar with the affair told me that one of the sources named in the article, former Defense Intelligence officer Ezra Cohen-Watnick, did not play a role in getting information to Nunes. This official said Cohen-Watnick had come upon the reports while working on a review of recent Justice Department rules that made it easier for intelligence officials to share the identities of U.S. persons swept up in surveillance. He turned them over to White House lawyers.

But it adds the detail that Cohen-Watnick had been told to stand down. That would explain why Lake and others would want to claim that Cohen-Watnick wasn’t involved in dealing all this to Nunes: because he had already been told not to pursue it further. If the multiple accounts saying he was involved in the hand-off to Nunes, it appears he did.

The WaPo’s version of this included a detail not included by the right wingers: that Cohen-Watnick went to John Eisenberg, not Don McGahn, with his “discovery.” Eisenberg is significantly responsible, dating back to when he was at DOJ, for ensuring that ordinary Americans would be sucked up in surveillance under PRISM. For him to be concerned about the legal unmasking of Americans’ identities (to the extent that did exist — and the record is still unclear whether it did) is laughable.

The timing of Cohen-Watnick’s research — dating back to February — intersects in interesting ways with the timeline in this March 14 Politico story of H.R. McMaster’s attempt to sideline him, which was overruled by Steven Bannon.

On Friday [March 10], McMaster told the National Security Council’s senior director for intelligence programs, Ezra Cohen-Watnick, that he would be moved to another position in the organization.

The conversation followed weeks of pressure from career officials at the CIA who had expressed reservations about the 30-year-old intelligence operative and pushed for his ouster.

But Cohen-Watnick appealed McMaster’s decision to two influential allies with whom he had forged a relationship while working on Trump’s transition team — White House advisers Steve Bannon and Jared Kushner. They brought the matter to Trump on Sunday [March 12], and the president agreed that Cohen-Watnick should remain as the NSC’s intelligence director, according to two people with knowledge of the episode.

The House Intelligence Committee first asked NSA, CIA, and FBI for details on unmasking on March 15, the day after this story broke, at which point Nunes already knew of the White House effort. When Nunes first blew this up on March 22, he falsely claimed that that March 15 request had been submitted two weeks earlier.

It’s clear the right wing wants to shift this into Benghazi 2.0, attacking Susan Rice for activities that are, at least on the face of it, part of her job. But the only way the White House could be sure that she (or Ben Rhodes, who they’re also naming) were the ones to leak this would be to investigate not just those two, but also all the FBI (which would have access to this information without unmasking these names, which not a single one of these right wing scribes admit or even seem to understand). That is, the only way they could make credible, as opposed to regurgitated right wing propaganda accusations about leakers is to have spied even more inappropriately than they are accusing the Obama White House of doing.

Raw Versus Cooked: Could NSC Monitor FBI’s Investigation?

/16 Comments/in , , , /by

Multiple people,including Bart Gellman and Josh Marshall, are now arguing that the reason Ezra Cohen-Watnick and Michael Ellis found intercepts involving Trump’s people is that they were monitoring FBI’s investigation of the investigation.

I certainly think the Trump people would like to do that — and would be willing to stoop to that. I even believe that the response to the Russian hack last year had some counterintelligence problems, though probably not on the FBI side.

But there are some details that may limit how much the NSC can monitor the investigation.

First, Devin Nunes has always been very clear: the intercepts he was shown have nothing to do with Russia. That’s not, itself, determinative. After all, Cohen-Watnick and Ellis might have found a bunch of Russian intercepts, but only shared the non-Russian ones so Nunes could make a stink without being accused of endangering the investigation. Also, it’s possible that intercepts involving other countries — most notably Turkey, but there are other countries that might be even more interesting, including Ukraine or Syria — would impact any Russian investigation.

Also note that among the many things Nunes appears not to understand about surveillance is that there are two ways an American’s name can be visible outside the circle of analysts doing the initial review of them: their names can be put into finished intelligence reports that get circulated more broadly, with customers asking to have the name unmasked after the fact. Alternately, their names can be found off of subsequent searches of raw data. At the NSA and CIA, searches for US person content are somewhat controlled. At FBI they are not only not controlled, but they are routine even for criminal investigations. So if, say, General Flynn (or Paul Manafort) were under investigation for failing to register as a foreign agent, the FBI would routinely search their database of raw FISA material on his name. (These are the “back door searches” Ron Wyden has been screaming about for years, concerns which people like Devin Nunes have previously dismissed on national security grounds.) And we have every reason to believe that counterintelligence intercepts of Russians in the US are among the raw feeds that the FBI gets. So if Flynn had conversations with Russians (or Turks) in the US, we should assume that FBI saw them as a routine matter if Flynn became the subject of an investigation at all. We should also assume that the FBI did a search on every Sergey Kislyak intercept in their possession, so they will have read everything that got picked up, including all recorded calls with Trump aides.

On March 15, the House Intelligence Committee asked the NSA, CIA, and FBI for information on unmasking. I don’t believe that request asked about access to US person names on subsequent searches or raw material. Furthermore, at least as of last week, the FBI was not rushing to comply with that request. As I noted after the Jim Comey hearing before HPSCI, none of the Republicans concerned about these issues seemed to have any basic clue about FBI’s searches on raw data. If Nunes doesn’t know (and he appears not to), it’s unlikely Ellis knows, who was until this month Nunes’ aide.

But there’s one other thing that may prevent NSC from obtaining information about the investigation: FBI sometimes uses what are called “ad hoc databases” that include raw FISA data (and probably, post EO 12333 sharing rule changes, raw EO 12333 data) tied to particular investigations. It’s unclear what conditions might necessitate the use of an ad hoc database (see page 25ff for a discussion of them), but if security concerns would encourage their use, it would be likely to have one here, an investigation which Comey described as being so sensitive he delayed briefing the Gang of Four. Ad hoc databases are restricted to those working on investigations, and include specific records of those authorized to access the database. So if FBI were using an ad hoc database for this investigation, it would be even harder for the NSC to learn what they were looking at.

If the FBI’s investigation relies on raw intelligence — and it would be unfathomable that it does not, because it would probably receive the raw FISA data tied to such an investigation routinely, and EO 12333 sharing rules specifically envision the sharing of raw data associated with counterintelligence investigations — then the NSC’s access to finished intelligence reports would provide little insight into the investigation (Nunes was a bit unclear on whether that’s what he was looking at, but the entire premise of his complaints is that these were finished reports).

But while we’re worrying about whether and how Trump would monitor an investigation into his aides, remember that in 2002, Jay Bybee wrote a memo authorizing the sharing of grand jury information with the President and his close advisors including for counterintelligence investigations.

In addition, the Patriot Act recently amended 6(e) and Title III specifically to provide that matters involving foreign intelligence or counterintelligence or foreign intelligence information may be disclosed by any attorney for the government (and in the case of Title III, also by an investigative or law enforcement officer) to certain federal officials in order to assist those officials in carrying out their duties. Federal officials who are included within these provisions may include, for example, the President, attorneys within the White House Counsel’s Office, the President’s Chief of Staff, the National Security Advisor, and officials within the Central Intelligence Agency and the Department of Defense.

[snip]

Although the new provision in Rule 6(e) permitting disclosure also requires that any disclosures be reported to the district court responsible for supervising the grand jury, we conclude that disclosures made to the President fall outside the scope of the reporting requirement contained in that amendment, as do related subsequent disclosures made to other officials on the President’s behalf.

In other words, Trump could demand that he — or his National Security Advisor! — get information on any grand jury investigations, including those covering counterintelligence cases. And no judge would be given notice of that.

With Jeff Sessions’ recusal, that’s far less likely to happen than it might have been. But understand that the Executive Branch believes that the President can learn about the happenings in grand jury investigations of the sort that might target his aides.

Update: additional details have been added to this post after it was first posted.

Devin Nunes May Be a Buffoon and a Hack, But I Don’t Think He’s a Criminal

/10 Comments/in /by

I believe that Devin Nunes is a buffoon and a political hack. I believe he needs to be removed from his position as Chair of the House Intelligence Committee — not just because he has been running interference for Trump, betraying his Article I duties, but also because he doesn’t understand the programs he oversees.

But I don’t believe he’s a criminal.

I say that in disagreement with Bart Gellman, who made just such an argument regarding the revelations in this NYT story here. Gellman argued, in part, that Nunes’ sources (about which I hope to say more later) violated nondisclosure laws by sharing reports outside of normal channels with Nunes.

Secrecy regulations, including SF312, the Classified Information Nondisclosure Agreement, do not permit [Michael] Ellis and [Ezra] Cohen-Watnick to distribute sensitive compartmented information through a back channel to Nunes. This is true, and their conduct no less an offense, even though Nunes holds clearances sufficient to receive the information through proper channels. The offense, which in some cases can be prosecuted as a felony, would apply even if the White House officials showed Nunes only “tearsheet” summaries of the surveillance reports. Based on what Nunes has said in public, they appear to have showed him the more sensitive verbatim transcripts. Those are always classified as TS/SI (special intelligence) or TS/COMINT (communications intelligence), which means that they could reveal sources and methods if disclosed. That is the first apparent breach of secrecy rules. The second, of course, is the impromptu Nunes news conference. There is no unclassified way to speak in public about the identity of a target or an “incidentally collected” communicant in a surveillance operation.

To be clear, I think Ellis and Cohen-Watnick may have violated access rules on searches. But I don’t think Nunes violated any laws in accessing that intelligence (I think he probably violated the intent of classification rules on intercepts, but by providing no details about who he saw referenced in these reports, he’ll get away with it.)

That’s because minimization procedures pertaining to FISA materials specifically envision access to information — sometimes even raw data — for oversight purposes. The 2015 702 Minimization Procedures for NSA, for example, state,

Nothing in these procedures shall restrict NSA’s performance of lawful oversight of its personnel or systems, or lawful oversight function of the Department of Justice’s National Security Division, Office of the Director of National Intelligence, or the applicable Offices of the Inspectors General. Similarly, nothing in these procedures shall prohibit the retention, processing, or dissemination of information reasonably necessary to comply with specific constitutional, judicial,or legislative mandates.

At times, minimization procedures have been even more explicit. Starting in 2014, for example, the Section 215 phone dragnet minimization procedures explicitly permitted the sharing of query results “to facilitate lawful oversight functions.”

Notwithstanding the above requirements, NSA may share results from intelligence analysis queries of the BR metadata, including U.S. person identifying information, with Executive Branch personnel (1) in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings or (2) to facilitate their lawful oversight functions. Notwithstanding the above requirements, NSA may share the results from intelligence analysis queries of the BR metadata, including United States person information, with Legislative Branch personnel to facilitate lawful oversight functions.

The FISC even excluded such sharing from reporting requirements, so Congress could be doing a lot of this and it would never show up in annual reporting.

In other words, at least for FISA-governed data, the court has permitted the sharing of information — and remember, these are supposed to be finished intelligence reports, not raw data or queries — for people in an oversight role. The 702 procedures leave a lot of room for interpretation, too, about what might be a “constitutional” mandate, the kind of language that White Houses of both parties have been prone to abuse.

If these reports were collected under 12333, the new sharing rules explicitly prohibit the sharing of intelligence for political purposes.

Any IC element that obtains access to raw SIGINT under these Procedures will:

[snip]

Political process in the United States. Not engage in any intelligence activity authorized by these Procedures, including disseminations to the White House, for the purpose of affecting the political process in the United States. The IC element will comply with the guidance applicable to NSA regarding the application of this prohibition. Questions about whether a particular activity falls within this prohibition will be resolved in consultation with the element’s legal counsel and the General Counsel of the Office of the Director of National Intelligence (ODNI) (and the DoD’s Office of the General Counsel in the case of a DoD IC element).

Even if this covered what happened, NSC lawyer John Eisenberg was in the loop on this caper, so they effectively did consult with the element’s legal counsel. Moreover, we know that Presidents can pixie dust executive orders at will.

Nunes, at least, pretends he was functioning in an oversight role in raising questions about whether SIGINT had been properly minimized. He appears to have no clue about the authorities he’s talking about, he appears to have misrepresented what the problem is, and he clearly was doing all this with an eye towards making political accusations against Obama.

But nevertheless, he claims to believe he was functioning in an oversight role.

Which is part of the problem! I’ve long pointed to how unrestricted this language is. It invites abuse. It should be tightened going forward (though neither the Trump Administration nor Congress has incentive to do that at this point).

If you’re bothered by Devin Nunes’ information operation — and I am — then you should be calling to tighten up the language governing how intelligence can be shared for oversight and other “constitutional” purposes. Because they appear to envision something like this happening.

Did Devin Nunes Just Reveal NSC Is Monitoring Agency Response to Congress?

/35 Comments/in , /by

Multiple outlets this morning are covering Devin Nunes’ admission that he was on “White House grounds” last Tuesday, leading up to his Wednesday announcement that Trump officials’ identities may (or may not have) been unmasked in intelligence reports unrelated to Russia.

One source told CNN that Nunes, a California Republican, was seen on the White House grounds the day before his announcement. In a phone interview, Nunes confirmed to CNN that he was on the White House grounds that day — but he said he was not in the White House itself. (Other buildings, including the Eisenhower Executive Office Building, are on the same grounds.)

No one in the White House was aware that he was there, Nunes said.

The California Republican said he was there for additional meetings “to confirm what I already knew” but said he wouldn’t comment further so as to not “compromise sources and methods.”

He told CNN he wanted to “reiterate this has nothing to do with Russia.”

Nunes went to the building because he needed a secure area to view the information, he told CNN. A government official said Nunes was seen Tuesday night at the National Security Council offices of the Eisenhower building which, other than the White House Situation Room, is the main area on the complex to view classified information in a secure room.

Nunes explained to Eli Lake he couldn’t use HPSCI’s own SCIF, just two miles away, because it didn’t have networked access to the reports that he was being shown.

In an interview Monday, Nunes told me that he ended up meeting his source on the White House grounds because it was the most convenient secure location with a computer connected to the system that included the reports, which are only distributed within the executive branch. “We don’t have networked access to these kinds of reports in Congress,” Nunes said. He added that his source was not a White House staffer and was an intelligence official.

Laura Rozen notes that Nunes’ former aide, Michael Ellis, now works as NSC Deputy Legal Adviser.

New special assistant to the president, NSC deputy legal adviser Michael Ellis served as Nunes’ aide, HPSCI gen. counsel til early March 3/

Whether or not Ellis is Nunes’ source, it seems clear that someone in the EEOB first told, then shared, intercepts with Nunes.

That raises questions about how said source obtained the intercepts. That’s true particularly given that by Nunes’ later admission that some of the names weren’t unmasked per se, but rather described in such a way that would make the US person (that is, the Trump associate) clear, so it’s not like the NSC could just search on all of Trump’s top aides to find out if their names had been unmasked.

Remember, too, that this takes place against the background of HPSCI’s requests to NSA, CIA, and FBI for details on all the US persons who had been unmasked between June 2016 and January 2017. NSA had provided a partial response (basically deferring an answer until they could do more research) before last week’s hearing and Nunes’ press conference. But it’s not clear whether FBI intended to reply — it would have several possible reasons for refusing to do so, both to protect an ongoing investigation but also because unmasking is not the question to ask FBI, database searches are (it’s not clear how many of HPSCI’s Republicans understand this, which is pathetic).

In any case, NSA and CIA (at least) are already in the process of responding to this request. But someone worked his or her own angles to respond to the same request for Nunes.

The Lesson Trump Has (Thus Far) Not Taught Us: Civilian Casualties

/38 Comments/in , , , , /by

I have a confession.

There’s something I like about the Trump Administration.

It’s the way that his unpopularity taints long-standing policies or practices or beliefs, making people aware of and opposed to them in a way they weren’t when the same policies or beliefs were widely held under George Bush or Barack Obama. Many, though not all, of these policies or beliefs were embraced unquestioningly by centrists or even avowed leftists.

I’ve been keeping a running list in my mind, which I’ll begin to lay out here (I guess I’ll update it as I remember more).

  • Expansive surveillance
  • The presumption of regularity, by which courts and the public assume the Executive Branch operates in good faith and from evidence
  • Denigration of immigrants
  • Denigration of Muslims
  • Denigration health insurance

As an example, Obama deported a huge number of people. But now that Trump has expanded that same practice, it has been made visible and delegitimized.

In short, Trump has made things that should always have been criticized are now being far more widely so.

But there’s one thing that Trump has escalated that has thus far — with the singular exception of the botched raid on Yemen — escaped widespread condemnation: the bombing of civilians. There was the Al Jineh mosque on March 16, a school sheltering families in Raqqa on March 21, and this strike last week in Mosul, not to mention continued Saudi attacks in Yemen that the US facilitates.

Again, I’m not saying such civilian strikes didn’t happen under Obama. And it’s not clear whether this spate of civilian bombings arises from a change in the rule of engagement put in place in December, the influence of James Mattis, or Trump’s announced review of rules of engagement. But civilians are dying.

And for the most part, unlike all the other horrible things happening under President Trump, they’re getting little notice and condemnation in the US.

Update: This NYT story on the Mosul strike says that the increased civilian casualties do reflect a change in rules of engagement put in place under Trump.

When a White Republican Gets Spied On, Privacy Suddenly Matters

/38 Comments/in , , /by

As expected, much of today’s hearing on the Russian hack consisted of members of Congress — from both parties — posturing for the camera.

At first, it seemed that the Republican line of posturing — complaining about the leak that exposed Mike Flynn’s conversations with Ambassador Sergey Kislyak — tracked Donald Trump’s preferred approach, to turn this into a witch hunt for the leakers.

But it was actually more subtle than that. It appears Republicans believe the leaks about Flynn have (finally) made Congress skittish about incidental collection of US person communications as part of FISA collection. And so both Tom Rooney and Trey Gowdy spent much of their early hearing slots discussing how much more difficult the leak of Flynn’s name will make Section 702 reauthorization later this year. In the process, they should have created new fears about how painfully ignorant the people supposedly overseeing FISA are.

Rooney, who heads the subcommittee with oversight over NSA, started by quizzing Mike Rogers about the process by which a masked US person identity can be disclosed. Along the way, it became clear Rooney was talking about Section 702 reauthorization even while he was talking traditional FISA collection, which doesn’t lapse this year.

Rooney: If what we’re talking about is a serious crime, as has been alleged, in your opinion would leaking of a US person who has been unmasked and disseminated by intelligence community officials, would that leaking hurt or help our ability to conduct national security.

Rogers: Hurt.

Rooney: Ok, if it hurts, this leak, which through the 702 tool, which we all agree is vital–or you and I at least agree to that–do you think that that leak actually threatens our national security. If it’s a crime, and if it unmasks a US person, and this tool is so important it could potentially jeopardize this tool when we have to try to reauthorize it in a few months, if this is used against our ability to reauthorize this tool, and we can’t get it done because whoever did this leak, or these nine people that did this leak, create such a stir, whether it be in our legislative process or whatever, that they don’t feel confident a US person, under the 702 program, can be masked, successfully, and not leaked to the press, doesn’t that hurt–that leak–hurt our national security.

Eventually Admiral Rogers broke in to explain to his congressional overseer very basic facts about surveillance, including that Flynn was not and could not have been surveilled under Section 702.

Rogers: FISA collection on targets in the United States has nothing to do with 702, I just want to make sure we’re not confusing the two things here. 702 is collection overseas against non US persons.

Rooney: Right. And what we’re talking about here is incidentally, if a US person is talking to a foreign person that we’re listening to whether or not that person is unmasked.

Nevertheless, Rooney made it very clear he’s very concerned about how much harder the Flynn leak will make it for people like him to convince colleagues to reauthorize Section 702, which is even more of a privacy concern than traditional FISA.

Rooney: But it’s really going to hurt the people on this committee and you in the intelligence community when we try to retain this tool this year and try to convince some of our colleagues that this is really important for national security when somebody in the intelligence community says, you know what the hell with it, I’m gonna release this person’s name, because I’m gonna get something out of it. We’re all gonna be hurt by that. If we can’t reauthorize this tool. Do you agree with that?

A little later, Trey Gowdy got his second chance to complain about the leak. Referencing Rogers’ earlier explanation that only 20 people at NSA can unmask a US person identity, Gowdy tried to figure out how many at FBI could, arguing (this is stunning idiocy here) that by finding a finite number of FBI officials who could unmask US person identities might help assuage concerns about potential leaks of US persons caught in FISA surveillance.

Comey: I don’t know for sure as I sit here. Surely more, given the nature of the FBI’s work. We come into contact with US persons a whole lot more than the NSA does because we may be conducting — we only conduct our operations in the United States to collect electronic surveillance. I can find out the exact number. I don’t know it as I sit here.

Gowdy: I think Director Comey given the fact that you and I agree that this is critical, vital, indispensable. A similar program is coming up for reauthorization this fall with a pretty strong head wind right now, it would be nice to know the universe of people who have the power to unmask a US citizen’s name. Cause that might provide something of a road map to investigate who might have actually disseminated a masked US citizen’s name.

Here’s why this line of questioning from Gowdy is unbelievably idiotic. Both for traditional FISA, like the intercept targeting Kislyak that caught Flynn, and for Section 702, masking and unmasking identities at FBI is not the concern. That’s because the content from both authorities rests in FBI’s databases, and anyone cleared for FISA can access the raw data. And those FBI Agents not cleared for FISA can and are encouraged just to ask a buddy who is cleared to do it.

In other words, every Agent at FBI has relatively easy way to access the content on Flynn, so long as she can invent a foreign intelligence or criminal purpose reason to do so.

Which is probably why Comey tried to pitch something he called “culture” as adequate protection, rather than the very large number of FBI Agents who are cleared into FISA.

Comey: The number is … relevant. What I hope the US–the American people will realize is the number’s important but the culture behind it is in fact more important. The training, the rigor, the discipline. We are obsessive about FISA in the FBI for reasons I hope make sense to this committee. But we are, everything that’s FISA has to be labeled in such a way to warn people this is FISA, we treat this in a special way. So we can get you the number but I want to assure you the culture in the FBI and the NSA around how we treat US person information is obsessive, and I mean that in a good way.

So then Gowdy asks Comey something he really has a responsibility to know: what other agencies have Standard Minimization Procedures. (The answer, at least as the public record stands, is NSA, CIA, FBI, and NCTC have standard minimization procedures, with Main Justice using FBI’s SMPs.)

Gowdy: Director Comey I am not arguing with you and I agree the culture is important, but if there are 100 people who have the ability to unmask and the knowledge of a previously masked name, then that’s 100 different potential sources of investigation. And the smaller the number is, the easier your investigation is. So the number is relevant. I can see the culture is relevant. NSA, FBI, what other US government agencies have the authority to unmask a US citizen’s name?

Comey: Well I think all agencies that collect information pursuant to FISA have what are called standard minimization procedures which are approved by the FISA court that govern how they will treat US person information. So I know the NSA does, I know the CIA does, obviously the FBI does, I don’t know for sure beyond that.

Gowdy: How about Main Justice?

Comey: Main Justice I think does have standard minimization procedures.

Gowdy: Alright, so that’s four. NSA, FBI, CIA, Main Justice. Does the White House has the authority to unmask a US citizen’s name?

Comey: I think other elements of the government that are consumers of our can ask the collectors to unmask. The unmasking resides with those who collected the information. And so if Mike Rogers’ folks collected something, and they send it to me in a report and it says it’s US person #1 and it’s important for the FBI to know who that is, our request will go back to them. The White House can make similar requests of the FBI or NSA but they don’t on their own collect, so they can’t on their own unmask.

That series of answers didn’t satisfy Gowdy, because from his perspective, if Comey isn’t able to investigate and find a head for the leak of Flynn’s conversation with Kislyak — well, I don’t know what he thinks but he’s sure an investigation, possibly even the prosecution of journalists, is the answer.

Gowdy: I guess what I’m getting at Director Comey, you say it’s vital, you say it’s critical, you say that it’s indispensable, we both know it’s a threat to the reauthorization of 702 later on this fall and oh by the way it’s also a felony punishable by up to 10 years. So how would you begin your investigation, assuming for the sake of argument that a US citizen’s name appeared in the Washington Post and the NY Times unlawfully. Where would you begin that investigation?

This whole series of questions frankly mystifies me. I mean, these two men who ostensibly provide oversight of FISA clearly didn’t understand what the biggest risk to privacy is –back door searches of US person content — which at the FBI doesn’t even require any evidence of wrong-doing. That is the biggest impediment to reauthorizing FISA.

And testimony about the intricacies of unmasking a US person identity — particularly when a discussion of traditional FISA serves as stand-in for Section 702 — does nothing more than expose that the men who supposedly oversee FISA closely have no fucking clue — and I mean really, not a single fucking clue — how it works. Devin Nunes, too, has already expressed confusion on how access to incidentally collected US person content works.

Does anyone in the House Intelligence Committee understand how FISA works? Bueller?

In retrospect, I’m really puzzled by what is so damning about the Flynn leak to them. I mean, don’t get me wrong, I’m very sympathetic to the complaint that the contents of the intercepts did get leaked. If you’re not, you should be. Imagine how you’d feel if a Muslim kid got branded as a terrorist because he had a non-criminal discussion with someone like Anwar al-Awlaki? (Of course, in actual fact what happened is the Muslim kids who had non-criminal discussions with Awlaki had FBI informants thrown at them until they pressed a button and got busted for terrorism, but whatever.)

But Rooney and Gowdy and maybe even Nunes seemed worried that their colleagues in the House have seen someone like them — not a young Muslim, but instead a conservative white man — caught up in FISA, which has suddenly made them realize that they too have conversations all the time that likely get caught up in FISA?

Or are they worried that the public discussion of FISA will expose them for what they are, utterly negligent overseers, who don’t understand how invasive of privacy FISA currently is?

If it’s the latter, their efforts to assuage concerns should only serve to heighten those concerns. These men know so little about FISA they don’t even understand what questions to ask.

In any case, after today’s hearing I am beginning to suspect the IC doesn’t like to have public hearings not because someone like me will learn something, but because we’ll see how painfully little most of the so-called overseers have learned in all the private briefings the IC has given them. If these men don’t understand the full implications of incidental collection, two months after details of Flynn’s conversations have been leaked, then it seems likely they’ve been intentionally mis or underinformed.

Or perhaps they’re just not so bright.

Ron Wyden’s Complaints about Section 702

/3 Comments/in /by

In this post, I reviewed the Intelligence Community’s dubious history of refusing to count how many Americans get swept up under FISA Section 702. Of particular note, I showed that when Wyden first asked for a number of how many Americans were sucked up, the NSA was in the process of conducting a partial count (on how many Americans were caught up in one kind of upstream collection); yet the government neither told Wyden that count was going on or answered his question. Even the limited count NSA conducted resulted in a FISC ruling that the US person collection violated the Constitution.

I wanted to turn, now, to the litany of concerns about Section 702 Ron Wyden laid out earlier this week.

Ultimately, Wyden’s biggest concern is about reverse targeting.

But before he gets there, he lays out a number of ways Americans can be sucked in, some of which are familiar, some of which are less so.

Upstream collection

For example, he lays out MCTs (when a completely unrelated communication is sucked in with a targeted one) and SCTs (when an about communication picks up an entirely domestic communication). About this, Wyden notes no foreigners need to be involved.

The law only requires that one of the parties to the communication who again could be another American is overseas and even that requirement is hard for the government to meet in practice. So the implications here ought to be pretty obvious. You don’t even have to be communicating with one of the government’s targets to be swept up in Foreign Intelligence Surveillance Act collection. You don’t even have to be communicating with a foreigner.

Note, especially, his point that the requirement that one communication be overseas “is hard for the government to meet in practice.”

Tasking errors

Wyden describes accidental targeting — which (given my review of all available reporting, at least) is very closely policed.

The first are targeting mistakes in which contrary to the law, the target turns out to be an American or someone in the United States. The full impact of these mistakes on law-abiding Americans is not readily apparent. The most recent public report on section 702 noted that there were compliance incidents involving surveillance of foreigners in the United States and surveillance of Americans.

Tasking problems are closely policed, but as Wyden notes, the most recent report showed a number of tasking problems, representing a big spike in the number of such compliance problems.

My working hypothesis is that the increase in identified tasking problems stems from the implementation of additional documentation in response to the PCLOB report. Most of this spike is related to one office completely misapplying a certificate (which makes me wonder if there’s a new, possibly fourth, certificate). But there were also tasking errors. The unredacted section actually says none of these affected US persons and people in the US, but there are three paragraphs redacted that may describe older tasking problems.

One foreigner list-servs

Wyden also notes that it only takes one person on an email to grant the entire email foreignness designation.

It is also important to note that the government is prohibited from collecting communications only when the sender of an e-mail and everyone receiving that e-mail are in the United States. So an American in the United States can send an e-mail to another American in the United States, but if the e-mail also goes to an overseas target, it’s going to be collected. So that then brings us to the different kinds of collection under section 702 and how it affects the liberties of our people in different ways.

Imagine a group of people — say hackers — collaborating on some IRC channel where one known participant was foreign. That would meet the foreignness designation and lead to the collection of everyone, American or not, participating.

American business people doing business overseas

Wyden also emphasizes that the definition of “foreign intelligence” is so broad that the target doesn’t have to be suspected of any wrongdoing.

The statute requires that the collection be conducted, quote, to acquire foreign intelligence information. As implemented the standard for targeting individuals under the program is that the government has reason to believe that these persons possess or are expected to receive or are likely to communicate foreign intelligence information. Obviously that is broad. It doesn’t even require that a target be suspected of wrongdoing.

And it’s in that context that he raises the possibility that an “American business leader” could easily be collected.

[T]hink about how easy it would be for an American business leader to be in contact with a broad set of potential targets of this program. Consider how easy it would be for Americans communicating with other Americans to forward the e-mails of these people. All of this could be collected by the government.

Of course, any business person could be collected in such a way (or scientists, which appears to be what has gotten a lot of Chinese-American scientists in trouble).

Reverse targeting

But as I said, Wyden seems most concerned about the standard for reverse targeting, which he raised as a newly urgent concern in 2013. According to the standard currently implemented, reverse targeting is extremely rare — perhaps just three instances, with the most recent occurring in the December 2014 to May 2015 period.

One of NSA’s tasking errors involved the tasking of a facility that was used by a nonUnited States person located outside the United States that was determined to involve reverse targeting.

[snip]

In this incident, the Attorney General authorized the targeting of the United States person pursuant to Section 705(b) of FISA. This reverse targeting incident resulted from an NSA analyst misunderstanding the reverse targeting prohibition and not because an NSA analyst intentionally attempted to violate Section 702 or NSA policy.

The American being targeted was overseas and got targeted, under Section 705(b) anyway. A completely redacted footnote excuses the analyst’s error.

But Wyden suggests that several other factors may lead to more reverse targeting than gets identified by the current standard of review. He suggests back door searches (which he notes Bush didn’t do, at least not for the first several years of PRISM, though I suspect it actually happened at FBI) make the problem worse.

This issue was concerning in 2008 when the Foreign Intelligence Surveillance Act amendments passed with a prohibition on reverse targeting, but that was before the Congress knew about the collection of e-mails that are only about a foreign target and that could be to and from Americans. That was before the Obama administration sought and obtained authority to conduct warrantless searches for communications to, from and about Americans out of section 702 PRISM collection.

[snip]

Before 2011, the FISA court prohibited, prohibited queries for U.S. persons. I’m going to repeat that: Under the Bush Administration and the first two years of the Obama Administration, it was not possible to conduct these back-door, warrantless searches of law-abiding Americans. Then the Obama Administration sought to change the rules and obtained authority to conduct them.

While he doesn’t provide much detail, he points to the expanded ability of those doing the back door searches (presumably, I’d imagine, those at CIA and FBI) to also nominate people for targeting.

Each of the agencies authorized to conduct these warrantless searches, the N.S.A., the F.B.I., the C.I.A., are also authorized to identify the overseas targets of section 702. The agencies that have developed an interest in Americans’ communications and are actually looking for these communications are the same agencies that are in a position to encourage ongoing collection of those communications by targeting the overseas party.

Such targeting still has to undergo NSA targeting review, meaning the actual target has to be overseas and have, according to NSA’s review team, foreign intelligence value unto himself. But it would be fairly easy for the FBI to target someone known to communicate prolifically with an American to be able to get the American’s side of the conversation. To make things worse, FBI has devolved its targeting to field offices, and I’m not convinced the reviews of field offices are as rigorous as they were at Headquarters. Not all field offices even get reviewed (though I assume the ones doing the most foreign targeting are), and the tracking on US persons caught up in all this has diminished with the devolution.

I share Wyden’s concerns — especially given NSA’s dodgy response to the Snowden documents released last year.

Given the volume of information the NSA and, derivatively, CIA and FBI, collect, it would be very easy to get away with reverse targeting, particularly the more you move targeting into the hands of people leading investigations, as has happened at FBI.

Wyden is not the only one concerned about this. Ted Lieu, fresh off the classified 702 briefing last week, seemed pretty concerned as well (as well as Rand Paul, though I’m not sure if Paul has had briefing on this). We won’t get the kind of granularity we need to understand how big of a problem this is.