Was DOJ Hiding a Section 215 Gun Registry from Congress?

/14 Comments/in , /by

Among other documents, ODNI released  on Monday all the Attorney General Reports on Section 215 use from 2005 to 2011 (2006200720082009201020112012).

This is the classified version of a report that also gets released in unclassified form as part of a larger report to Congress on FISA numbers (20052006200720082009201020112012; ODNI did not release the report covering 2012 because it lay outside the scope of ACLU’s FOIA). And the paragraph of each of these reports that lays out the following information remains redacted in all of them.

(3) the number of such orders either granted, modified, or denied for the production of each of the following:

(A) Library circulation records, library patron lists, book sales records, or book customer lists.

(B) Firearms sales records.

(C) Tax return records.

(D) Educational records.

(E) Medical records containing information that would identify a person.

Nevertheless, the reports show us two new things.

Screen shot 2013-11-22 at 8.52.29 AM

First, while we knew the number of modifications has gone up significantly in the last three years (we now know that many of the modifications in 2009 had to do with phone dragnet violations), the latest reports ODNI released say this:

The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).

The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).

Julian Sanchez had speculated that’s what was going on in a post (I can’t find the link right now) noting that NSL use had halved while Section 215 use had gone up. Remember, too, the government has not released a 2010 opinion on Section 215 that may explain why the FISC got much more involved in policing the government’s minimization.

Still, it is almost certain that the need to double check government minimization stems from bulk collections. If those bulk collections were also on a 90-day renewal cycle, then we might be looking at 44 bulk collection programs in 2011.

One more thing. As was reflected in the ACLU Vaughn Index, it appears DOJ never provided these reports to Congress starting with the report covering 2008. It did do so for the report covering 2011, but the report isn’t dated, so it’s not clear it was done in April 2012, when it should have been provided to Congress. Furthermore, that production was cc’ed to John Bates, which the tardy August 16, 2010 production of FISC opinions also was, which makes me wonder whether Bates had to force the Executive to fulfill the requirements in the PATRIOT Reauthorization (both these reports and the pre-2008 “significant constructions of law” requirement stems from the 2006 reauthorization). [4/19/14 correction: The “significant constructions of law” stems from the FISA Amendments Act]

Now, maybe DOJ was just being lazy in not fulfilling the clear legal requirement. But given that it seems to have had no problem fulfilling the requirement for unclassified numbers during the same period, I wonder whether DOJ just didn’t want to reveal that it was collecting on one or more of the specified categories, such as firearms sales records (though I’ve long wondered whether DOJ was also collecting DNA records).

Read more

By “Application” the Administration Didn’t Mean “Memorandum of Law”

/1 Comment/in , /by

This is a very minor point.

But, perhaps to rebut my observation that the government withheld significant constructions of law from the oversight committees until after the PATRIOT Act was reauthorized in 2010, ODNI released these this July 22, 2009 document, approving the unsealing of the original application for the phone dragnet so it could be shared with the Judiciary and Intelligence Committees as mandated by the FISA Amendments Act over a year earlier.

That makes it clear the oversight committees did have the application, at least, before they started discussions to reauthorize PATRIOT.

But it also shows several other things.

It shows how misleading the White Paper was when it implied the oversight committees had everything by December 2008.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees. [my emphasis]

It seems that reference to “application” in the White Paper referred only to the formal application, absent the underlying legal memorandum revealing just how radical this request was, which the Executive Branch withheld for another 7 months (even as the program was showing serial violations).

It also shows that the government took over a year after FAA required this sharing before it actually shared the document.

And it shows that, while we don’t know what the government withheld for over another year, the government was still withholding substantive information from Congress until after PATRIOT was reauthorized in February 2010.

Unlike some of the documents released by the government, the original Colleen Kollar-Kotelly opinion doesn’t reveal when it got released to Congress. I wonder when the Executive decided to share that?

Update: I may have spoken too soon. FISC unsealed this, but I don’t see the submission recorded on the Vaughn indices. Will update soon.

Update: Here’s what the ACLU Vaughn Index (there are differences with the EFF Vaughn Index, but not on this point) shows as far as Congressional submissions of pre-FAA material.

  • October 3, 2008, 31 pages of post FAA matters, all apparently on Section 215
  • October 3, 2008, 31 pages of post FAA matters, all apparently on Section 215 (may be duplicate entry — see entries 13 and 82)
  • December 1, 2008, at least 1084 pages of pre FAA matters, 378 of which pertain to Section 215
  • August 16, 2010, 236 pages of Section 215 matter plus more on other topics, pre FAA matters
  • February 4, 2011, 39 pages, all apparently on Section 215, unclear whether this is pre or post FAA materials

In other words, if the Vaughn Index is accurate, FISC unsealed this opinion on July 22, 2009, but the Executive Branch didn’t provide it to the oversight committees until August 16, 2010.

8 Years Later, NSA Still Using Same PR Strategy to Hide Illegal Wiretap Program

/18 Comments/in , /by

[youtube]kfbHbht081E[/youtube]

Between these two posts (one, two), I’ve shown that the Executive Branch never stopped illegally wiretapping Americans, even after the worst part of it got “shut down” after the March 2004 hospital confrontation. Instead, they got FISC to approve collection with certain rules, then violated the rules consistently. When that scheme was exposed with the transition between the Bush and Obama Administrations, the Executive adopted two new strategies to hide the illegal wiretapping. First, simply not counting how many Americans they were illegally wiretapping, thus avoiding explicit violation of 50 USC 1809(a)(2). And, starting just as the Executive was confessing to its illegal wiretapping, moving — and expanding it — overseas. Given that they’re collecting content, that is a violation in spirit, at least, of Section 704 of FISA Amendments Act, which requires a warrant for wiretapping an American overseas (the government probably says this doesn’t apply because GCHQ does much of the wiretapping).

One big discovery the Snowden leaks have shown us, then, is that the government has never really stopped Bush’s illegal wiretapping program.

That actually shows in the PR response the government has adopted, which has consisted of an affirmative and a negative approach. The affirmative approach emphasizes the programs — PATRIOT Act Section 215 and Section 702 of FAA — that paralleled the illegal wiretap program (I’m not conceding either is constitutional, but only the upstream collection under 702 has been deemed an explicit violation of the law). This has allowed the government to release a blizzard of documents — Transparency!™ — that reveals some shocking disclosures, without revealing the bigger illegal programs. But note how, when the revelations touched on the Internet dragnet (which should be no more revelatory than the phone dragnet), ODNI tried to obscure basic details by hiding dates (even if they left those dates in one URL).

Meanwhile, the I Con has invested energy in trying to undermine every story that touches on the larger illegal wiretapping programs. Read more

The Empire’s New Clothes

/9 Comments/in /by

Jay Rosen likes to talk about the Snowden effect — the events that have followed on Edward Snowden’s leaks that lead to more public knowledge.

This is surely a superb example of it. Someone has leaked the US Redlines — US negotiating goals aiming to curtail the German-British proposal to recognize an international right to privacy in electronic communications — to Colum Lynch. Lynch writes,

Publicly, U.S. representatives say they’re open to an affirmation of privacy rights. “The United States takes very seriously our international legal obligations, including those under the International Covenant on Civil and Political Rights,” Kurtis Cooper, a spokesman for the U.S. mission to the United Nations, said in an email. “We have been actively and constructively negotiating to ensure that the resolution promotes human rights and is consistent with those obligations.”

But privately, American diplomats are pushing hard to kill a provision of the Brazilian and German draft which states that “extraterritorial surveillance” and mass interception of communications, personal information, and metadata may constitute a violation of human rights. The United States and its allies, according to diplomats, outside observers, and documents, contend that the Covenant on Civil and Political Rights does not apply to foreign espionage.

The Redlines set three goals:

  • Clarify that references to privacy rights are referring explicitly to States’ obligations under ICCPR and remove suggestion that such obligations apply extra-territorially.
  • Clarify that the focus of the resolution is on “unlawful” or “illegal” surveillance and interception of communications.
  • Clarify that violations of privacy rights to not necessarily violate freedom of expression.

The Redlines, along with a basic understanding of the degree to which the US dominates global telecommunications networks, make it clear how important retaining this advantage is to the American Empire. After all, a limit on extraterritorial spying primarily limits the US and its partners, because no one else has the ability to operate extraterritorially at such scale. And assuming the US can limit the application of privacy to nation-states, then limiting the resolution would exempt all the extraterritorial dragnet that would otherwise be in violation. I’m perhaps most intrigued by US insistence that massive dragnets don’t violate freedom of expression, because while that’s obviously false, the US already depends on that false claim to conduct its dragnet domestically.

This is, then, in addition to being a perfect example of the Snowden effect, it’s also a perfect example of what Henry Farrell and Martha Finnemore have described in their essay on American hypocrisy and what I elaborated on here.

US hegemony rests on a lot of things: the dollar exchange, our superlative military, our ideological lip service to democracy and human rights.

But for the moment, it also rests on the globalized communication system in which we have a huge competitive advantage. That is, one reason we are the world’s hegemon is because the rest of the world communicates through us — literally, in terms of telecommunications infrastructure, linguistically, in English, and in terms of telecommunications governance.

Aggressively hacking the rest of the world endangers that, both because of what it does to our ideological claims, but just as importantly, because it provides rivals with the concrete incentive to dismantle that global infrastructure.

We’re opting to retain the ability to spy on everyone else, all using the increasingly flaccid claim of terrorism, all while pretending that simply endorsing this basic principle of human rights won’t devastate one tool of our Empire.

But as the leak of these Redlines makes clear, we clearly do believe it would undermine the Empire.

The Five Year Parade of Internet Dragnet Violations

/9 Comments/in /by

Monday’s document release provided mounting evidence that when the hospital confrontation “heroes” moved the Internet dragnet they had deemed to be illegal under the auspices of the FISA Court, neither they, nor Judge Colleen Kollar-Kotelly believed it was legally sound. But they traded those truly crummy legal claims to bring the program under court oversight. Since then, boosters of the scheme have claimed the oversight serves to eliminate violations quickly.

We already knew that’s not true.

Still, Monday’s release — particularly this John Bates opinion written around July 2010 — makes that even more clear. After Kollar-Kotelly sacrificed judicial wisdom for court oversight on July 14, 2004, the government continued breaking the court’s rules for five years, until Reggie Walton shut the program down, sometime in fall 2009.

First, let’s lay out the dates. I’ve done a rough timeline below, based on the known start-date (July 14, 2004) and the rough end point with John Bates’ opinion (around July 2010). The bulk of the other dates impose the timeline laid out in the Bates opinion on a few known dates taken from the phone dragnet production (plus, the geniuses at ODNI not only left the date of the June 22 Internet dragnet order in its URL (CLEANED101.%20Order%20and%20Supplemental%20Order%20%286-22-09%29-sealed.pdf), but it’s the same document as the June 22 phone dragnet order, which has different redactions but most dates intact — see the three bolded entries below).

As you’ll see, there were two known violations in the Internet dragnet before the before the discoveries of the problems started in earnest in 2009. That’s not that big a deal — there was at least one phone violation before 2009 too, except in the case of the Internet dragnet, NSA overcollected from the very start.

The examination of the Internet dragnet started in response to the first phone dragnet disclosures in January 2009 (with the change in Administration, it should be remembered). Reggie Walton told NSA to see if the Internet dragnet had the same compliance problems as the phone dragnet did.

From that point until June 2009, the discoveries seemed to work in parallel (the NSA was working on End-to-End reports for both programs at the same time, and they share some common databases). But with the discovery that both dragnet programs were sharing information freely with other agencies, it became clear the violations were much worse on the Internet dragnet side, with reports going out with US person information that did not even remotely comply with minimization requirements.

Then sometime after that — and after Walton issued what would be the last Internet dragnet order for a year (that was sometime after June 22, 2009) — NSA discovered they had been receiving “metadata” far outside the permitted scope, which surely included content. Note this may have happened around the same time as NSA reported that one phone provider had overproduced (including international data in addition to domestic, I think) on July 9, 2009, so I wonder if they were only then reviewing returned data on receipt.

In any case, it was around that time that NSA “discovered” the Internet metadata program had never ever been in compliance. From Bates:

Notwithstanding this and many similar prior representations [made on the summer 2009 reauthorization] there in fact had been systemic overcollection since [redacted]. On [redacted] the government provided written notice of yet another form of substantial non-compliance discovered by NSA OGC on [redacted] this time involving the acquisition of information beyond the [redacted] authorized categories.

[snip]

This overcollection, which had occurred continuously since the initial authorization in [redacted] included the acquisition of [long redaction]. [my emphasis]

Never.

If my math is correct, the application the NSA withdrew was submitted not long after September 20. There are briefings for the Intelligence Committees that likely alerted them to the scale of the Internet dragnet problems around that time. But as of October 5, some of the most assertive House Judiciary members seem to have had no idea about the problems with the Internet dragnet. If they found out about it with the notice to Congress on December 17, 2009, it explains why the PATRIOT Act reauthorization process stalled.

There’s one more very important thing in this timeline. You’ll see below that almost at exactly the same time as NSA “realized” it had never complied with program requirements, it started a pilot project that would be rolled out on January 3, 2011, analyzing metadata with no special protections for US persons or limit for use only on counterterrorism.

Specifically, these new procedures permit contact chaining, and other analysis, from and through any selector, irrespective of nationality or location, in order to follow or discover valid foreign intelligence targets. (Formerly analysts were required to determine whether or not selectors were associated with US communicants.)

[snip]

In the second place it enables large-scale graph analysis on very large sets of communications metadata vwithout having to check foreignness of every node or address in the graph. Analysts in S2 have used this to great benefit over the past year and a half under a pilot program. [emphasis original]

In other words, at the moment they were coming clean with the FISC that they had never ever complied with the PR/TT orders, they were beginning the pilot project that would move metadata collection overseas, under EO 12333. (This document goes back to this NYT story on social network analysis.)

So much for the notion that putting all this under court oversight would accomplish a damn thing. All it did was degrade the law and provide NSA cover until they developed the technology to do all this overseas.

Update, 11/22: More dates added to timeline.

Update, 11/26: More dates added to timeline. Read more

The John Bates Internet Metadata Opinion Probably Dates to July 2010

/6 Comments/in /by

I’ve seen a lot of outright errors in the reporting on the John Bates opinion authorizing the government to restart the Internet metadata program released on Monday.

Bates’ opinion was likely written in July 2010.

We know it had to have been written before October 3, 2011, because Bates’ opinion of that date cites this one (page 17 footnote 15). It was almost certainly written before May 2, 2011, because that’s when the government “clarified” its upstream production included US person content, which was likely a response to this opinion.

According to Claire Eagan, it was written in 2010; this quotation from Eagan’s opinion cites page 73 of this opinion (though she leaves out one word — “analytic” — from this quotation).

As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ [analytic] tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.”

It had to have been written after June 21, 2010 and probably dates to between June 21 and July 23, 2010, because page 92 footnote 78 cites Holder v. HLP (which was released on June 21), but uses a “WL” citation; by July 23 the “S. Ct.” citation was available. (h/t to Document Exploitation for this last observation).

So: it had to have been written between June 21, 2010 and October 3, 2011, but was almost certainly written sometime in the July 2010 timeframe.

John Bates’ TWO Wiretapping Warnings: Why the Government Took Its Internet Dragnet Collection Overseas

/12 Comments/in /by

A couple of us were joking on Twitter the other day that the June-July 2010 John Bates opinion released the other day — in which he yelled mightily about illegal collection that had persisted for 5 years but then rubber stamped the government’s plan to vastly expand metadata collection — ought to lead to the term “Bates stamp” to take on new meaning, a rubber stamp by a FISC judge.

(I’m working on a separate post that shows the timing of all this, but for the moment, you’ll have to trust me that Bates’ opinion was written some time around July 2010.)

Bates did, however, sort of kind of rein in the government’s actions, spending the last 17 pages of his opinion explaining how 50 USC 1809(a) prohibited him from allowing the government to use metadata it had collected for years in violation of the court’s rules.

Basically, Bates argued that the government would be guilty of illegal wiretaps under FISA if it used the illegally collected information. I believe the illegal collection involved taking metadata that counted as content and/or didn’t count as addressing information.

The government, in a submission and a reply to him, argued that was not the case. It made several arguments: first, it claimed their collection wasn’t “intentional” and therefore distributing it would not count as an illegal wiretap.

Insofar as the government contends that Section 1809(a)(2) reaches only “intentional violations of the Court’s orders,” or “willful” as opposed to intentional conduct, see Memorandum of Law at 74 n. 37, the Court disagrees. The plain language of the statute requires proof that the person in question “intentionally” disclosed or used information “knowing or with reason to know” the information was obtained in the manner described.

It also argued that the Pen Register statute allowed the Court to override the wiretap prohibitions.

The government argues that the opening phrase of 50 U.S.C. § 1842(a) vests the Court with authority to enter an order rendering Section 1809(a)(2) inapplicable. See Memorandum of Law at 74 n. 37.

It argued that because the Court could limit what the government could do with the data, it could also expand it.

The government next contends that because the Court has, in its prior orders, regulated access to and use of previously accumulated metadata, it follows that the Court may not authorize NSA to access and use all previously collected information, including information that was acquired outside the scope of prior authorizations, so long as the information “is within the scope of the [PR/TT] statute and the Constitution.” Memorandum of Law at 73.

It then argued that the Court’s own rules allowed it to authorize access to the data.

The government further contends that Rule 10(c) of the Rules of this Court gives the Court discretion to authorize access to and use of the overcollected information. Memorandum of Law at 73.

Finally, Article II argued that Article III had inherent authority to ignore the law. (!)

Finally, insofar as the government suggests that the Court has an inherent authority to permit the use and disclosure of all unauthorized collection without regard to Section 1809, see Memorandum of Law at 73-74 & n.37, the Court again must disagree.

Read more

Wrong Agency, Wrong Minimization: Two More Ways the Original Phone Dragnet Application Violated the Law

/12 Comments/in , /by

In addition to everything else several of us have been pointing out in the original Internet metadata opinion and the phone metadata application, there are two more problems with the phone dragnet.

They’re using the wrong agency and the wrong minimization procedures.

Section 215 reads, in part:

[T]he Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things [my emphasis]

Here’s who signed the application that kicked off the phone dragnet program:

Screen shot 2013-11-19 at 3.02.54 PM

 

This is probably the lesser of these two problems. After all, the law permits the FBI Director to delegate this, and delegating the application to your boss is probably perfectly fine. Though it is a bit of a conflict if the boss in question was, in part, trying to legalize a program that had operated under his purview when he worked at the White House.

The problem becomes bigger still given that there’s no explanation of how it is that an NSA declaration serves as backup for an application to obtain data for the NSA, the use of which is limited to FBI. At least in what we get (which, remember, is what got produced to Congress, not what got submitted to the Court), there’s no discussion of that process.

The other problem is a bit more complicated. As I described last week, the 2006 Reauthorization of the PATRIOT Act included a new requirement that the Attorney General develop minimization procedures for Section 215.

(1) IN GENERAL- Not later than 180 days after the date of the enactment of the USA PATRIOT Improvement and Reauthorization Act of 2005, the Attorney General shall adopt specific minimization procedures governing the retention and dissemination by the Federal Bureau of Investigation of any tangible things, or information therein, received by the Federal Bureau of Investigation in response to an order under this title.

(2) DEFINED- In this section, the term `minimization procedures’ means–

(A) specific procedures that are reasonably designed in light of the purpose and technique of an order for the production of tangible things, to minimize the retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information;

(B) procedures that require that nonpublicly available information, which is not foreign intelligence information, as defined in section 101(e)(1), shall not be disseminated in a manner that identifies any United States person, without such person’s consent, unless such person’s identity is necessary to understand foreign intelligence information or assess its importance;

This post describes how DOJ basically blew off that requirement and — at least according to former DOJ Inspector General Glenn Fine — instead used existing procedures that didn’t meet the terms of the law.

Given that this application passed just 2 months after the Reauthorization, this dragnet application was probably one of the earliest Section 215 applications submitted after the Reauthorization so there might have been a discussion about this new requirement anyway. But in this case, the new requirement should have posed an additional problem. The data went not to FBI, but immediately to NSA, an enormous database of non-publicly available of information pertaining to US persons, handed off without a hint of minimization first.

Here’s how the application dealt with minimization procedures.

NSA will apply the existing (Attorney General approved) guidelines in United States Signals Intelligence Directive 18 (1993) … to minimize the information reported concerning U.S. persons.

USSID 18 is supposed to be less restrictive than FBI minimization procedures (though FBI data gets shared freely with other agencies).

There’s not only no discussion in this application of how USSID 18 meets the terms of the law, but there’s no discussion of what it means that NSA basically got unminimized data for which FBI is, by law, the proper recipient, which should be the most voluminous minimization violation ever.

And yet … the application doesn’t even acknowledge this problem at all.

Freedom of Association: From Six Degrees of Kevin Bacon to Three Degrees of Terry Stop

/4 Comments/in , /by

One thing the July 24, 2004 Colleen Kollar-Kotelly opinion and the May 23, 2006 phone dragnet application reveal is that the government and the court barely considered the First Amendment Freedom of Association implications of the dragnets.

The Kollar-Kotelly opinion reveals the judge sent a letter asking the government about “First Amendment issues.” (3) Way back on 57, she begins to consider First Amendment issues, but situates the in the querying of data, not the creation of a dragnet showing all relationships in the US.

In this case, the initial acquisition of information is not directed at facilities used by particular individuals of investigative interest, but meta data concerning the communications of such individuals’ [redacted]. Here, the legislative purpose is best effectuated at the querying state, since it will be at a point that an analyst queries the archived data that information concerning particular individuals will first be compiled and reviewed. Accordingly, the Court orders that NSA apply the following modification of its proposed criterion for querying the archived data: [redacted] will qualify as a seed [redacted] only if NSA concludes, based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable articulable suspicion that a particularly known [redacted] is associated with [redacted] provided, however, that an [redacted] believed to be used by a U.S. person shall not be regarded as associated with [redacted] solely on the basis of activities that are protected by the First Amendment to the Constitution. For example, an e-mail account used by a U.S. person could not be a seed account if the only information thought to support the belief that the account is associated with [redacted] is that, in sermons or in postings on a web site, the U.S. person espoused jihadist rhetoric that fell short of “advocacy … directed to inciting or producing imminent lawless action and … likely to incite or produce such action.” Brandnberg v. Ohio

By focusing on queries rather than collection, Kollar-Kotelly completely sidesteps the grave implications for forming databases of all the relationships in the US.

Then, 10 pages later, Kollar-Kotelly examines the First Amendment issues directly. She cites Reporters Committee for Freedom of the Press v. AT&T to lay out that in criminal investigations the government can get reporters’ toll records. Predictably, she says that since this application is “in furtherance of the compelling national interest of identifying and tracking [redacted terrorist reference], it makes it an easier case. Then, finally, she cites Paton v. La Prade to distinguish this from an much less intrusive practice, mail covers.

The court in Paton v. La Prade held that a mail cover on a dissident political organization violated the First Amendment because it was authorized under a regulation that was overbroad in its use of the undefined term “national security.” In contrast, this pen register/trap and trace surveillance does not target a political group and is authorized pursuant to statute on the grounds of relevance to an investigation to protect against “international terrorism,” a term defined at 50 U.S.C. § 1801(c). This definition has been upheld against a claim of First Amendment overbreadth. [citations omitted]

Of course, a mail cover is not automated and only affects the targeted party. This practice, by contrast, affects the targeted party (the selector) and anyone three hops out from him. Thus, even if those people are, in fact, a dissident organization (perhaps a conservative mosque), they in effect become criminalized by the association to someone only suspected — using the Terry Stop standard (the same used with stop-and-frisk) — of ties (but not even necessarily organizational ties) to terrorism.

Here’s how it looks in translation, in the 2006 application:

It bears emphasis that, given the types of analysis the NSA will perform, no information about a telephone number will ever be accessed or presented in an intelligible form to any person unless either (i) that telephone number has been in direct contact with a reasonably suspected terrorist-associated number or is linked to such a number through one or two intermediaries. (21)

So: queries require only a Terry Stop standard, and from that, mapping out everyone who is three degrees of association — whose very association with the person should be protected by the First Amendment — is fair game too.

Imagine if Ray Kelly had the authority to conduct an intrusive investigation into every single New Yorker who was three degrees of separation away from someone who had ever been stop-and-frisked. That’s what we’re talking about, only it happens in automated, secret fashion.

Colleen Kollar-Kotelly Ate the Serpent’s Fruit of Judicial “Oversight” in Lieu of Law

/8 Comments/in , /by

Sometime next week, I will have a post on what known documents the government chose not to release in yesterday’s dump — a significant chunk, for example, almost certainly show how the dragnet programs are tied inextricably to the content programs.

But for now, we’re getting increased clarity on the phone and Internet dragnet program.

One thing that seems clear is that there is no opinion authorizing the phone dragnet, as I suggested two months ago.

What passes as the government’s application for the phone dragnet — it is described as “Production to Congress of a May 23, 2006 Government Memorandum of Law,” but for a number of reasons, I have my doubts we’ve gotten even precisely that, which I’ll lay out at a future time — is dated May 23, 2006, the day before Malcom Howard approved the application. That doesn’t leave time for Howard to have written a fulsome opinion on the practice (and indeed, the timing makes me wonder whether this was approved because of urgent legal deadlines facing the telecoms). [Update: And when John Bates cites the “precedent” in his June-July 2010 opinion (75) he doesn’t cite an opinion.]

And the application makes it clear it relies on Kollar-Kotelly’s opinion as its legal justification. The first instance of doing so, tellingly, makes it clear FISC approval is designed primarily to give legal sanction for the program, not to assess whether the program actually is legal.

The Application is completely consistent with this Court’s ground breaking and innovative decision [redacted] in [redacted]. In that case, the Court authorized the installation and use of pen registers and trap and trace devices to collect bulk e-mail metadata [redacted]. The Court found that all of “the information likely to be obtained” from such collection is “relevant to an ongoing investigation to protect against international terrorism.” 50 U.S.C. § 1842(c)(2); [redacted] 25-54. The Court explained that “the bulk collection of meta data–i.e., the collection of both a huge volume and high percentage of unrelated communications–is necessary to identify the much smaller number of [redacted] communications.” Id. at 49. Moreover, as was the case in [redacted], this Application promotes both the twin goals of FISA: facilitating the foreign-intelligence collection needed to protect American lives while at the same time providing judicial oversight to safeguard American freedoms.

Let’s pause and reflect on this point for a moment.

We can now say with some certainty that a great many dragnet applications stem from the Kollar-Kotelly opinion. That’s because we have almost certainly identified the two opinions named in Claire Eagan’s opinion from earlier this year.

This Court has previously examined the issue of relevance for bulk collections. See [6 lines redacted]

While those involved different collections from the one at issue here, the relevance standard was similar. See 50 U.S.C. § 1842(c)(2) (“[R]elevant to an ongoing investigation to protect against international terrorism …. “). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.”

An earlier reference in Eagan quotes the Kollar-Kotelly opinion directly (and the page number lines up), and while I have not found the citation from this passage in the Bates opinion also released yesterday yet (I think it may appear in the redactions on page 76), that opinion discusses relevance at length and was clearly written between 2009 and 2011. [Update: the quote appears to be a rough transcription of Bates’ cherry picked quote from Kollar-Kotelly that appears on page 9. Update 2: The quote comes from page 73, which is Bates’ own transcription of his citation of K-K, but Eagan missed the word “analytic” before tools.]

[Update] Another thing suggests the Bates opinion dates to 2010. The language in the December 2009 notice to Congress suggests ongoing problems, and includes the Internet metadata problems, whereas the February 2011 notice includes far more redacted discussion (yet still treats an active Internet metadata program.

In addition, we know from the geolocation materials that the government didn’t get an opinion dedicated to that application before they started.

DOJ advised in February 2010 that obtaining the data for the described testing purposes was permissible based upon the current language of the Court’s BR FISA order requiring the production of’ all ca11 detail records.’ It is our understanding that DOJ also orally advised the FISC, via its staff, that we had obtained a limited set of test data sampling of cellular mobility data (cell site location information) pursuant to the Court-authorized program and that we were exploring the possibility of acquiring such mobility data under the BR FISA program in the near future based upon the authority currently granted by the Court.

There are 2004, 2006, 2008, 2010, and 2013 opinions that relate to Section 215 (and, I suspect, other activities as well; updated with typo fixed). But at the very least, Kollar-Kotelly’s opinion authorized gathering substantially all the phone and (by 2010) Internet metadata in the country, as well as (starting in 2010) some subset of geolocation data).

Kollar-Kotelly, then, is the primary analysis the government has always relied on to construct maps charting the relationships of every American.

Which is why I find it so troubling that the application here is unashamed that the point of the opinion is not to assess the legality of a practice, but instead to “provid[e] judicial oversight to safeguard American freedoms.” (Side note: these opinions argue these practices are “necessary” to protect American lives, but the phone dragnet has never once done so, as far as we know, and the government has since purportedly canceled the Internet dragnet program because it was unnecessary, though that is almost certainly a lie.)

Guaranteeing the government doesn’t violate the Constitution was supposed to safeguard American freedoms. But with the Kollar-Kotelly opinion and all that follows from it, impotent oversight has came to substitute for defending the Constitution.