Yes, Margaret, the NSA Dragnet Does Involve Infiltration

/15 Comments/in , /by

Margaret Talbot has a piece at the New Yorker comparing COINTELPRO with Snowden’s leaks (and implicitly, the theft of data that lies behind both disclosures). Here’s the key paragraph of the comparison:

In most respects, the National Security Agency’s collection of domestic phone records which Edward Snowden revealed is nowhere near as disturbing as cointelpro’s activities. It is neither ideologically motivated (the N.S.A.’s actions were initially ramped up in response to a real attack; Hoover’s were intent on destroying perceived enemies) nor thuggish (it entails surveillance but not infiltration or harassment or blackmail or smear campaigns). Yet in one regard—its technological prowess—it is worse. As the U.S. District Court Judge Richard Leon wrote last month, in an opinion that strongly suggests that the metadata collection could be found unconstitutional, “Records that once would have revealed a few scattered tiles of information about a person now reveal an entire mosaic—a vibrant and constantly updating picture of a person’s life.” Leon noted that the government did not cite any instances in which the data collection proved necessary in preventing an imminent attack, and concluded that, when weighed against the “almost-Orwellian technology that enables the Government to store and analyze the phone metadata of every telephone user in the United States,” the N.S.A.’s rationale was simply too weak. [my emphasis]

There’s a lot I might quibble with in this paragraph. The government considered the anti-war effort part of Communism’s “attack” on the “free world,” whether or not that was true, in the same way it sometimes considers many critics of US policy in the Middle East — if they are themselves Muslim — to be inspired by al Qaeda, not opposition to crappy US policy. And the NSA has itself analogized its targeting of certain people in the US as terrorists with Project Minaret, the SIGINT targeting of largely anti-war activists; if the NSA makes this comparison, who are we to question it? Further, there’s evidence (albeit still very sketchy) that NSA targeted people associated with the Iraq War, not just terrorism.

But I’m particularly concerned by Talbot’s claim that none of this dragnet entails infiltration. The government itself told the FISA Court that it uses the phone dragnet to find potential informants — it is, according to the representations the government has made to get the FISC to approve the program, one of the primary purposes of the dragnet.

From the very start of the FISC-approved program, the government maintained the dragnet “may help to discover individuals willing to become FBI assets,” and given that the government repeated that claim 3 years later, it does seem to have been used to find informants.

When you unpack the possibilities of using metadata including the phone records of all Americans to find people who might narc on their community, it becomes very scary indeed. Because the dragnet would allow the government to discover details about people — their 3 degrees of separation from people suspected of terrorist ties, sure, but also extramarital affairs or financial problems — they can use to harass or blackmail potential informants with to convince them to inform, something they’ve suggested they do with their SIGINT.

One of the only reasons why we don’t know more about this is because we’re seeing just the NSA side of these programs. The government is thoroughly redacting any details about what FBI or CIA do with the data that gets churned out of the dragnet (all while boasting of its transparency), so we can’t yet explain what happens between the time the data gets crunched and some kid gets caught in a sting or some American loses her right to fly.

But we do know what the end product of infiltrating the Muslim community looks like, both in the way FBI informants push young men until they press a button they can be arrested for, the descriptions of the extensive spying FBI’s (and NYPD’s) informants conduct, largely targeted at mosques, and in the effect it has had on the discourse that takes place within those mosques.

African-Americans in the heart of Michigan’s auto industry built the mosque I attended as a child.

[snip]

Our African-American imam took turns with others to deliver the Friday khutba (sermon). We witnessed oral traditions accented from around the globe and across the road: the khateebs(deliverers of sermons) were lyrical and inspired, awkward and soft-spoken; the congregants received the khutba differently too, from active talk back to a silent receptive posture. While varied in style, the khutba routinely offered global context and critical content. The khateebs would remind us of the poverty in Detroit’s neighborhoods and the death in Baghdad’s streets. They would preach about the importance of the Muslim ummah (global community) and the duty to speak out against injustices small and large. The khateeb would regularly call for civic engagement as he also reached for religious inspiration.

These days, when I stop in a mosque, I am struck by the new normal: no politics, no world, no nimble movement between religious ethics and social context. Today’s khutbas present the congregation religious teachings in a void. Khateebs speak of the importance of honesty, forgiveness, humility and remembrance. They ignore Iraq and Afghanistan, Guantánamo and drones, informants and surveillance. They tell stories about Muhammad, Abraham, Moses, Mary and Jesus but leave out the universal themes of poverty, inequality and injustice.

From mosques to Muslim Student Association offices, American Muslim community spaces have been emptied of their politics, leeched of their dynamism as centers for religious and political debate. This new normal is the result of ten years of post-9/11 scrutiny combined with our government’s more recent embrace of “counter-radicalization” and “countering violent extremism” programs, which subject Muslim communities’ religious and political practices to aggressive surveillance, regulation and criminalization.

It’s easy, I think, for elite non-Muslim commentators to consider the infiltration of a political tradition they or their associates had personal involvement in, the anti-war movement, to be worse than the infiltration of mosques. I’m not sure they’re in a position to judge. But at least from what I’ve seen and heard, the infiltration of America’s Muslim communities seems designed to “enhance the paranoia endemic in these circles and will further serve to get the point across there is an FBI agent behind every mailbox,” just as the FBI’s efforts targeting the anti-war and African-American communities aimed to do.

The NSA has told us the dragnet involves infiltration. That the NSA hands off the data it collects so the FBI can carry out the infiltration should not confuse us that it does, in fact, play a role in infiltrating communities and sowing paranoia.

When FBI Director Jim Comey Ate 20 Journalists for Lunch, NSL Edition

/17 Comments/in , /by

Yesterday, charismatic FBI Director Jim Comey had what was alternately described as a “lunchtime interview” and a “roundtable” with a bunch of journalists. (See NYT, ABC, AFP, NPR, McClatchy, HuffPo, LAT, WSJ, Politico, AP)

Where he proceeded to eat them for lunch.

While he addressed many topics, it appears one of his key goals was to lobby to keep National Security Letter authority as is rather than adopt the NSA Review Group’s recommended changes.

Here’s how Politico described it (I don’t mean to pick on Josh Gerstein; his was one of the most thorough reports of what Comey said, even in spite of writing one of the single bylined stories; the outlets above all published some version of this story.)

“The national security letter is not only among the most highly regulated things the FBI does, but a very important building block tool of our national security investigations,” Comey said. “What worries me about their suggestion that we impose a judicial procedure on NSLs, is that it would actually make it harder for us to do national security investigations than bank fraud investigations.”

Comey said applying to a judge for a letter to track down an internet user who made a post indicating an interest in carrying out a terrorist bombing would take days or perhaps weeks, even if more judges were added to the court.

“Being able to do it in a reasonably expeditious way is really important to our investigations. So one of my worries about the proposal in the review group is it would add or introduce a delay,” he said. The director did say he believed there was merit to the review panel’s suggestion that such national security letters not come with a permanent bar on the recipient discussing the order with anyone other than legal counsel.

“We ought to be able to work something out that adopts a nondisclosure regime that is more acceptable to a broader array of folks than the one we have now,” he said.

Comey acknowledged that the FBI process for issuing such letters was too lax several years ago, but insisted it has since been fixed and is now rigorous and heavily audited. “No doubt the process for NSLs was broken in some ways six years ago or longer. It is not broken today. And so I don’t know why we would make natioanls [sic] security investigations harder in that respect than criminal investigations,” he said. He also said doing so would likely encourage his agents to go through prosecutors to get a grand jury subpoena instead—a process that doesn’t require the same number of approvals. [my emphasis]

Here’s the problem with this (aside from the hilarious claims that a program with no external oversight is the most “highly regulated” thing the FBI does, as bolded).

The journalists all, without an exception I’ve found, permitted Comey to misrepresent the Review Group’s two recommendations pertaining to National Security Letters (though HuffPo did include additional reporting noting that two of the Review Group members were Comey’s law professors and he thinks their emphasis is on gag orders preventing recipients from discussing the orders).

I described what the Review Group’s NSL recommendations were here (Julian Sanchez also did a good post).

But to understand why this is important enough for me to be an asshole over, it helps to see Review Group Recommendation 1, affecting the Section 215 dragnet, next to Review Group Recommendation 2, affecting NSLs.

Recommendation 1

We recommend that section 215 should be amended to authorize the Foreign Intelligence Surveillance Court to issue a section 215 order compelling a third party to disclose otherwise private information about particular individuals only if [it  finds that

(1)] the government has reasonable grounds to believe that the particular information sought is relevant to an authorized investigation intended to protect “against international terrorism or clandestine intelligence activities” and

(2) like a subpoena, the order is reasonable in focus, scope, and breadth.

 

Recommendation 2

We recommend that statutes that authorize the issuance of National Security Letters should be amended to permit the issuance of National Security Letters only upon a judicial finding that:

(1) the government has reasonable grounds to believe that the particular information sought is relevant to an authorized investigation intended to protect “against international terrorism or clandestine intelligence activities” and

(2) like a subpoena, the order is reasonable in focus, scope, and breadth.

[punctuation and spacing altered in brackets]

That is, Recommendation 1 (affecting Section 215) and Recommendation 2 (affecting NSLs) are — in the clauses changing the standard of review to eliminate bulk collection — substantively exactly the same. And while the NSLs require judicial review to get to any enforceable of standard of review — which is definitely one huge proposed change to the NSLs — viewed together like this, it is clear that at least as significant a goal of the Review Group is to end bulk collection under any authority.

Particularly when you consider Recommendation 3, which recommends real minimization procedures for NSLs.

The Review Group recommended judicial review of NSLs, sure. But it also recommended either preventing or (given the likelihood this has been going on) eliminating  bulk collection.

And yet a room full of — in some cases — very good journalists allowed the FBI Director to criticize what they all reported as the Review Group’s recommendation that NSL’s undergo judicial review without even mentioning he misrepresented the recommendation, addressing only a fraction of what the Review Group recommended.

Read more

It Turns Out CREDO Will Respond to Administration Subpoenas

/2 Comments/in /by

It turns out CREDO will respond to simple administrative subpoenas.

That’s one thing their new Transparency Report — the first of its kind in the industry — reveals. They complied with 5 administrative subpoenas last year: 3 from the DEA, one from a police department, and one from a DA, a full third of all the disclosed requests they got and complied with.

So they’re not opposed, in principle, to information requests lacking any judicial review.

That’s not in the least bit surprising, but it is significant because CREDO is almost certainly the telecom that challenged an NSL asking solely for subscriber information back in 2011; Judge Susan Illston ruled in their favor last March.

That may or may not say anything new about its challenge. I had considered whether this suggested it got some kind of bulk request (my new obsession). But the actual request in the NSL doesn’t leave much space for any bulk request.

Screen shot 2014-01-10 at 2.35.48 PM

The reference to what the government had required on page 11 of its reply to the government is redacted, and the reference to subscriber information on the following page lacks any pronoun to qualify it. Its language attesting to its preference to notice its subscriber uses “the,” which seems to suggest an entity rather than a person. A quotation from the FBI’s declaration on page 27 suggests the target is a plural noun.

But most of the rest of the discussion in the provider’s filings and the opinion suggest CREDO (if it is CREDO) challenged the NSL because it deemed the request on a CREDO subscriber to infringe on that subscriber’s First Amendment rights which are implicated in choosing CREDO (see pages 24-5), as well as CREDO’s ability to fight NSLs and PATRIOT more generally.

There’s two more related items of interest in CREDO’s Transparency Report. It includes two passages on related legislation — one mapping out things it can’t comment on, and one mapping out its stance on various pieces of legislation.

It is important to note that it may not be possible for CREDO or any telecom carrier to release to the public a full transparency report, as the USA PATRIOT Act and other statutes give law enforcement the ability to prevent companies from disclosing whether or not they have received certain orders, such as National Security Letters (NSLs) and Section 215 orders seeking customer information.

[snip]

CREDO supports the repeal the USA PATRIOT Act of 2001 and the FISA Amendments Act of 2008, and the passage of Rep. Rush Holt’s Surveillance State Repeal Act. Until full repeal can be achieved, CREDO has worked specifically to reform the worst abuses of both acts. This includes fighting to roll back the National Security Letter (NSL) provisions of the USA PATRIOT Act, and fighting to make FISA Court opinions public so that the American people know how the secret FISA court is interpreting the law. CREDO endorses the USA Freedom Act and the Amash Amendment, both aimed at halting the indiscriminate dragnet sweeping up the phone records of Americans. CREDO also opposes Senator Feinstein’s FISA Improvements Act which would codify the NSA’s unconstitutional program of surveillance by bulk collection.

Note it points to USA PATRIOT that prevents it from fully responding because it would be gagged in the case of both NSLs and Section 215 orders. (It made me wonder whether the government went and got a Section 215 order after Illston’s ruling.)

Then it describes opposing both PATRIOT and the FISA Amendments Act, which highlights FAA’s absence from CREDO’s list of statutes that limit its ability to fully respond.

Most telecoms would also be subject to FAA orders (incidentally: did you know telecom orders have been going up since 2012?). But CREDO is apparently not, for this reason.

Customer information refers to non-content information such a customer’s name, address, bill information, or handset or account information. Regarding the content of customer communications, CREDO does not receive or store the content of customer communications. This report includes only CREDO’s requests and does not include requests that may have been directed to another carrier.

I assume that Sprint (from which CREDO leases access) retains all CREDO’s customers’ content. If that’s right (and given the reference to “requests that may have been directed to another carrier,”) I wonder if the FBI initially served Sprint for this customer information based off content already collected.

Screen shot 2014-01-10 at 4.52.24 PM

It’s one possibility, I guess (though that would obviously weaken CREDO’s case, if they made it, that the FBI was infringing on its customer’s First Amendment choice to work with CREDO).

In any case, there are a few interesting new tidbits. And just as importantly, CREDO’s catalog of the requests it did get does lay an excellent standard for Verizon’s upcoming report.

Is PCLOB Holding Out for EO 12,333 Information?

/13 Comments/in /by

As you know, I’ve been tracking the way President Obama seems to want to game the various legislative and review group recommendations with his own.

Which is why I’m interested in this anonymous complaint, from someone in the White House, that PCLOB has not yet released its report.

Before making his final decisions, the president was supposed to receive a separate report from a semi-independent commission known as the Privacy and Civil Liberties Oversight Board, which was created by Congress. However, that panel’s report has been delayed without explanation until at least late January, meaning it won’t reach the president until after he makes his decisions public.

Members of that oversight board met with the president on Wednesday and have briefed other administration officials on some of their preliminary findings. In a statement, the five-member panel said its meeting with the Mr. Obama focused on the NSA phone collection program and the Foreign Intelligence Surveillance Court, which oversees the data sweeps.

It’s unclear why the president will announce his recommendations before receiving the report from the privacy and civil liberties board. One official familiar with the review process said some White House officials were puzzled by the board’s delay. The report would still be available to Congress, where legislators are grappling with several bills aimed at dismantling or preserving the NSA’s authority. [my emphasis]

The complaint is interesting not just because it betrays some consternation that the White House won’t be able to control the timing on all of this.

Last we heard from PCLOB on November 4, they said publicly that that report would focus on just Section 215 and 702 programs, the two programs the Administration has been trying to provide a limited hangout on since June (though in their Semi-Annual Report from November 3, they also said they were focusing on 12333 guidelines).

But different board members were also focusing on EO 12333 activities. PCLOB Chair David Medine asked about the theft of Google and Yahoo data off their fiber in Europe; Patricia Wald asked whether EO 12333 guidelines legally governed the dissemination of Section 215 data even if the FISC imposed more stringent guidelines; Medine asked whether searches of the corporate store (phone dragnet query results) are governed by EO 12333; and James Dempsey asked what governs the back door searches of data collected under EO 12333.

PCLOB board members clearly get that they can’t understand the NSA’s activities without understanding what goes on under EO 12333. Yet on one occasion (in response to the Google and Yahoo question), NSA’s General Counsel Raj De tried to defer any answer because it was not a Section 215 or 702 question.

MR. DE: Even by the terms of the article itself there is no connection to the 702 or 215 programs that we are here to discuss. I would suggest though that any implication which seemed to be made in some of the press coverage of this issue that NSA uses Executive Order 12333 to undermine, or circumvent or get around the Foreign Intelligence Surveillance Act is simply inaccurate.

Later, Dempsey asked ODNI’s General Counsel Robert Litt when PCLOB was going to get the guidelines NSA used for “other types of collection,” meaning that collected under EO 12333.

MR. DEMPSEY: We have asked about, in fact months ago, several months ago we asked about guidelines for other types of collection, and where do we stand on getting feedback on that? Because you said 18, for example, is the minimization provisions for collection outside the United States, and that’s pretty old. Where do we stand on looking at how that data is treated?

MR. LITT: I think we’re setting up a briefing for you on that. I believe we’re setting up a briefing for you on that. We did lose a few weeks.

MR. DEMPSEY: No, I understand. I was wondering if you could go beyond saying we’re setting up a briefing.

MR. LITT: Well, I mean we’re in the process of reviewing and updating guidelines for all agencies under 12333. It’s an arduous process. You know, it’s something that we’ve been working on for some time and we’re continuing to work on it.

They’re referring to a letter PCLOB sent back in August about outdated guidelines limiting the dissemination of US person data, a James Clapper response a month later promising and a follow-up 10 days later, on October 3,  reminding PCLOB had asked for a briefing and updates on agencies’ EO 12333 procedures.

And a month later, PCLOB still had not gotten either the briefing or the written description of where agencies were.

During that entire time, it was becoming more and more clear that the NSA might be moving programs overseas (and therefore under EO 12333) that had been governed by FISA. If that is happening, it’s a matter of significant concern.

Reports on Obama’s review say he wants to roll out reforms that might cover any disclosures to come.

Obama is expected to deliver a national address announcing a set of intelligence-gathering changes. His aim is to set in place guidelines that will convince critics he is serious about reform and that will withstand future disclosures.

[snip]

“The bulk of the work on this is the policy review, not reacting to what the next story is,” said another senior administration official, who requested anonymity to discuss the internal deliberations. “We don’t know what the next thing will be, and we do have to deal with what comes next. But getting the policy right is what’s important so that as new things come, we’ve addressed the core of it.

I’m of the opinion that the disclosures to come will continue to focus attention on what the NSA does under EO 12333.

So is that what’s holding up PCLOB?

Let’s Prosecute Treasury, State, and Drone Misses for Illegal Leaking

/3 Comments/in /by

Some crisis communications moron apparently advised John Inglis to repeat “unauthorized disclosure” over and over in his interview with Steve Inskeep (he does so 7 times).

Because Inglis implicitly accuses Treasury, the State Department, and failed drone operators for illegal leaks.

In response to Inskeep’s question whether the NSA conducts 44 million queries a year (which actually means the NSA is passively querying targets an order of magnitude more often, as Inglis’ response makes clear), Inglis tries to suggest that the only way a target would learn we were tracking him would be if someone leaked that information.

INGLIS: That’s what that math would lead you to but actually, it’s not that simple. So let’s say I’m interested in a particular terrorist, that individual might have dozens, might have across a given year hundreds of selectors. I’d kind of pick up and drop telephones on, you know, like it’s fast food. They might form, discard email addresses at a rapid rate. Why? Because we told them that they’re of interest to us. We’ve been telling them that for years through these unauthorized disclosures. So one individual might have attributable to them hundreds of these things. At the same time, we don’t query one time a year. We might try to find out every few hours. We might try to find out every once in a while, you know, where this thing is. It might be that geo-location is of interest to us. And so all of that then constitutes a broad number of inquiries.

Of course, the other way targets learn we are tracking them is if Treasury and State designate their organization a terror affiliate (or they themselves a designated target), or if they escape a near miss, perhaps by drone.

Seriously, Inglis would have to be a moron if he really believes many — if not most — of our top targets don’t know we’re tracking them. But he’s not a moron. Which presents the more logical conclusion that he has cynically started chanting leak leak leak when describing something that is a normal aspect of spying, all to suggest what Snowden has done devastated their work.

John Inglis Explains Why (US-Based Collection of) Internet Metadata Doesn’t Work

/6 Comments/in , /by

Steve Inskeep got a very long interview with NSA Deputy Director John Inglis. It suffers from the same problem that just about every interview the NSA has done since the Snowden leaks started has — because the NSA will only allow friendlies or non-beat writers to do interviews, NSA can avoid many real questions and falsely represent the facts (such as, just one example, what the Review Group really said about the legality of NSA’s programs).

But Inskeep did a good job, and succeeded in doing something that no one else has: get a real explanation for why the NSA gave up its (US-based collection of) Internet “metadata.”

Inskeep starts by suggesting NSA was unable to meet the requirements of the program. But Inglis insists that wasn’t the problem. Rather, it was that Internet companies keep no billing records for individual emails.

INSKEEP: And it was abandoned because it was too hard to comply with the safeguards and because it was judged not to be practical, it wasn’t worth the cost.

INGLIS: It was abandoned principally for the latter reason, which is it was just too hard to make operationally workable. In theory, and especially given that people move more and more to emails, right, that kind of communication, in theory it would be even more valuable to try to detect a plot that moves from a foreign domain to a domestic domain using email metadata. The challenge is, is that the business model within the private sector doesn’t support that. You and I grew up in an America where there were local calls, long distance calls, and the telephone company made their money by charging you for the number of local calls or the number of long distance calls for some duration. And for that reason they tracked that information. You could go to the telephone company and say, how many calls and what number called what number.

And they would actually track that with great precision. Email didn’t get its start that way. The first email account I had from a company with three letters said, for $6.95 a month you can write a million emails or one email, we don’t care. We’re going to send you, sell you a bandwidth. And so there was no material business interest on their part to track the metadata. They just wanted to sell you access to the pipe. Given that that information it doesn’t exist, it’s hard to recreate it. It became operationally very difficult to do that. It is theoretically possible, but very expensive. And we’ve decided in late 2011 that while we thought we could meet the requirements of the court, we were quite confident that we could, the only way we could proceed was in so doing, that it was operationally too difficult to do that because the business model was so different.

Ultimately, of course, Inglis is confirming Inskeep’s first assertion: that the NSA couldn’t meet the Court’s requirements that it not collect content that is also routing information, because the telecoms, from which NSA collected this data, only had access to the data the NSA wanted at a content level.

NSA could meet FISC’s requirements. But to do so gave them little meaningful data, because the telecom level of content isn’t all that useful.

Of course, they can collect that data elsewhere, in places where such content-based restrictions aren’t in place.

Obama Approves Releasing Classified Information to Attack Snowden for Leaking Classified Information

/15 Comments/in , /by

Kudos to Shane Harris who, unlike a number of other reporters, brought the appropriate skepticism to Mike Rogers and Dutch Ruppersberger’s attempt to fearmonger Edward Snowden’s leaks. Not only did Harris use the correct verb tense — “could” as opposed to “has” — to describe documents describing the activities of the Armed Services that have not yet been released (and note, implicitly Rogers and Rupp are saying the risk is to forces in the field but not within the domestic US). But he repeatedly noted Rogers and Rupp’s complete failure to provide any evidence:

But the lawmakers — who are working in coordination with the Obama administration and are trying to counter the narrative that Snowden is a heroic whistleblower — offered no specific examples to substantiate their claims.

[snip]

The lawmakers cited no articles or specific documents to support that claim.

[snip]

But the spokesman did not say what, if any, conclusions the task force had reached about actual damage caused by documents Snowden took, regardless of whether they’ve been disclosed or not.

My favorite part of Harris’ piece, however, is the way he makes clear that Rogers and Rupp are selectively releasing classified information — with the Administration’s approval — to complain about Snowden releasing classified information.

A congressional staffer who is familiar with the report’s findings said that the lawmakers chose to make some of its contents public in order to counter what they see as a false impression of Snowden as a principled whistleblower who disclosed abuses of power.

“Snowden has been made out by some people to be a hero. What we need to do is really look at the effect of his leaks and see that what he’s done is really harm our country and put citizens at risk. The purpose [of releasing some findings] is to clear the record and show that he’s not a hero,” the staffer told Foreign Policy.

The staffer said that the administration approved the information that the lawmakers disclosed in advance.

Because some leaky pigs are more equal than other leaky pigs.

After Meeting with Obama, Bob Goodlatte Calls for Reform of Phone Dragnet

/4 Comments/in , /by

Bob Goodlatte, the Chair of the House Judiciary Committee, voted against the Amash-Conyers Amendment that would have defunded the phone dragnet. Nor is he a named cosponsor of the USA Freedom Act, the Leahy-Sensenbrenner bill that would reform the dragnet.

Which is why it is particularly notable that he’s the one member of Congress cited by name in a story reporting on skepticism that Obama will actually reform the NSA.

President Obama met with hand-picked lawmakers at the White House on Thursday to discuss the National Security Agency’s controversial spying programs, the main event of a week full of meetings at the White House focusing on potential reforms for the maligned federal agency.

[snip]

At least some of the lawmakers left the meeting unconvinced that the president is going to do enough to curtail the NSA’s activities. House Judiciary Committee Chairman Bob Goodlatte, R-Va., said “it’s increasingly clear that we need to take legislative action to reform” the NSA’s intelligence gathering.

“If the president believes we need a bulk collection program of telephone data, then he needs to break his silence and clearly explain to the American people why it is needed for our national security,” Goodlatte said in a statement. “Americans’ civil liberties are at stake in this debate.”

If the President has not yet been able to convince Goodlatte the phone dragnet is necessary, if Goodlatte walks out of meeting with the President calling to legislatively roll back the phone dragnet, it might just have a shot at passing.

Update: Here’s Goodlatte’s full statement.

Over the course of the past several months, I have urged President Obama to bring more transparency to the National Security Agency’s intelligence-gathering programs in order to regain the trust of the American people. In particular, if the President believes we need a bulk collection program of telephone data, then he needs to break his silence and clearly explain to the American people why it is needed for our national security. The President has unique information about the merits of these programs and the extent of their usefulness. This information is critical to informing Congress on how far to go in reforming the programs. Americans’ civil liberties are at stake in this debate.

With each new revelation of the scope of these programs, it’s increasingly clear that we need to take legislative action to reform some of our nation’s intelligence-gathering programs to ensure that they adequately protect Americans’ civil liberties and operate in a sensible manner. We also need to ensure the laws are clear so that the U.S. tech industry is not disadvantaged vis-à-vis their foreign competitors. The House Judiciary Committee, which has primary jurisdiction over the legal framework of these programs, has conducted aggressive oversight on this issue and will be instrumental to reforming the Foreign Intelligence Surveillance Act. I am committed to working with members of Congress and Senators from both political parties, House leaders, and President Obama to ensure our nation’s intelligence collection programs include real protections for Americans’ civil liberties, robust oversight, and additional transparency. [my emphasis]

 

The Maneuvers to Get Ahead of the NSA Review Group Recommendations

/8 Comments/in , /by

Here’s a quick summary of all the events happening in response to the NSA Review Group report:

Tuesday, January 7: James Clapper “and other Intelligence Community Leaders” meet with Geoffrey Stone, Cass Sunstein, and Peter Swire; SSCI holds closed briefing with Review Group

Wednesday, January 8: Obama meets with Intelligence Community leaders; Obama meets with PCLOB; NatSec Aides and Congressional staffers meet in Situation Room

Thursday, January 9: Obama meets with (reportedly invited) Dianne Feinstein, Saxby Chambliss, Mike Rogers, Dutch Ruppersberger, Pat Leahy, Chuck Grassley, Bob Goodlatte, John Conyers, Ron Wyden, Mark Udall, and Jim Sensenbrenner

Tuesday, January 14: Review Group testifies publicly before Senate Judiciary Committee

PCLOB, which I believe has a better understanding of the dragnet than several members of the Review Group, was supposed to present its own recommendations sometime this month, and the White House claims to be conducting its own internal review which is finishing up work.

I raise this schedule to point to the several times when Obama will meet with advocates for reform in a venue where some horse-trading can go on. Not only will he meet with PCLOB before their recommendations come out (as he met with the Review Group), but he will have the sponsors of legislation that would reform NSA and FBI’s counterterrorism programs, as well as Wyden and Udall, in a room with a larger number of opponents of reform.

Jay Carney said today Obama will introduce his own “reforms” before the State of the Union on January 28. But I wouldn’t be surprised if Obama moved to pre-empt these other discussions even earlier than that, as he did with the Review Group suggestion that the Director of the NSA position be split from the Cybercommand position.

Will he try to get an agreement from the legislative critics to withdraw their legislation if he makes some changes as executive prerogative?

Sucky Assessments of the Phone Dragnet Reveal How Much They’re Keeping “Secret”

/12 Comments/in , /by

The assessments of the phone dragnet suck.

I don’t mean the assessments of the phone dragnet show the program sucks, though that may well be the case. I mean the assessments of the phone dragnet I’ve seen do a very poor job of assessing the value of it. Which serves to show how much of the larger dragnet remains, if not secret, still largely undiscussed.

To see what I mean, consider this post, from Just Security’s Ryan Goodman.

Insiders disagree about the phone dragnet value with outsiders

The strongest part of his post compares the seemingly contradictory assessments of the phone dragnet by two different members of the NSA Review Group. University of Chicago Professor Geoffrey Stone and Deputy Director of CIA Mike Morell.

Stone, based on what he learned from public sources and from the briefings the Group received, believes the program did not prevent any terrorist attacks. Morell, whose former agency receives Tippers from the program and even had direct access to query results until 2009 just like the FBI does and did (though no one talks about that) insists it has helped prevent terrorist attacks.

Goodman also notes that the Gang of Four immediately defended the phone dragnet after the Review Group released its results (actually, they object to more than the phone dragnet recommendation but don’t say what other recommendations they object to), but doesn’t note the terms they use to do so:

However, a number of recommendations in the report should not be adopted by Congress, starting with those based on the misleading conclusion that the NSA’s metadata program is ‘not essential to preventing attacks.’ Intelligence programs do not operate in isolation and terrorist attacks are not disrupted by the work of any one person or program. The NSA’s metadata program is a valuable analytical tool that assists intelligence personnel in their efforts to efficiently ‘connect the dots’ on emerging or current terrorist threats directed against Americans in the United States. The necessity of this program cannot be measured merely by the number of terrorist attacks disrupted, but must also take into account the extent to which it contributes to the overall efforts of intelligence professionals to quickly respond to, and prevent, rapidly emerging terrorist threats. [my emphasis]

In other words, Goodman presents evidence that the Gang of Four and a former top CIA official believe there are other reasons the phone dragnet is valuable, while someone relying on limited briefings evaluates the program based on its failure to stop any attack.

That ought to make Goodman ask what Morell and Dianne Feinstein know (or think they know) that Stone does not. It ought to make him engage seriously with their claim that the phone dragnet is doing something else beyond providing the single clues to prevent terrorist attacks.

One they’re not willing to talk about explicitly.

Assessments and the terrorist attack thwarted metric

Instead, Goodman assesses the phone dragnet solely on the basis of the public excuse offered over and over and over since the Guardian first published the Verizon order in June: to see which Americans are in contact with (alleged) terrorist associates so as to prevent an attack.

Goodman lectures program critics that identifying funders or members of terrorist groups might help find terrorists, too, and “peace of mind” might help dedicate resources most productively.

The key objective of course is to stop terrorist attacks against the US homeland and vital US interests abroad. An important distinction, however, is whether the intelligence generated by the program is:

(a) “direct”: timely information to foil a specific attack; or

(b) “indirect”: information that enables the government to degrade a terrorist group or decrease the general likelihood of attacks

Examples of the latter might include information on individuals who have joined or are funding a terrorist organization. Intelligence could help to identify and successfully prosecute such individuals, and hence disable them and deter others. The important point is that both types of information aid the overall goal of stopping terrorist attacks. That point appears to have been lost on some critics of the program. When the government cites the latter information yields, critics often consider such situations irrelevant or little to do with stopping attacks.

But Goodman imagines only those affirmatively supporting terrorism would help the government prevent terrorism, which is not necessarily the case.

Does the NSA’s network analysis even pick the right calls?

One thing missing from such assessments are the failures. Why didn’t, for example, Faisal Shahzad’s planning with the Pakistani Taliban identify him and his hawala before the attack? There are plausible explanations: he used good enough operational security such that he had no communications that could have included in the dragnets, his TTP phone and Internet contacts were not among the services sucked up, the turmoil in the phone and (especially) Internet dragnet in 2009 and 2010 led to gaps in the collection. Then there’s a far more serious one: that the methods NSA use to identify numbers of interest may not work, and may instead only be identifying those whose doings with terror affiliates are relatively innocent, meaning they don’t use operational security (though note the US-based phone dragnets would use more sophisticated analysis only after data gets put in the corporate store, whereas data collected overseas might be immediately subject to it).

And for those who, like Goodman, place great stock in the dragnet’s “peace of mind” metric, they need to assess not just the privacy invasion that might result, but the resources required to investigate all possible leads — which could have been upwards of 36,000 people in the Boston Marathon case.

That is, unless we have evidence that NSA’s means of picking the interesting phone contacts from the uninteresting ones works (and given the numbers involved, we probably don’t have that), then the dragnet may be as much a time suck as it is a key tool.

What about the other purposes the Intelligence Community has (quietly) admitted?

The other problem with assessments of the phone dragnet is they don’t even take the IC at its word in its other, quieter admissions of how it uses the dragnet (notably, in none of Stone’s five posts on the dragnet does he mention any of these — one, two, three, four, five — raising questions whether he ever learned or considered them). These uses include:

  • Corporate store
  • “Data integrity” analysis
  • Informants
  • Index

Corporate store: As the minimization procedures and a few FISC documents make clear, once the NSA has run a query, the results of that query are placed in a “corporate store,” a database of all previous query results. Read more