Hot Numbers and the 2009 Troubles

/1 Comment/in , /by

Starting in 2007, DOJ’s Inpector General Glenn Fine did a series of reports on the FBI’s use of National Security Letters and Exigent Letters. In response (and as the FBI tried to clean up the mess from its inappropriate use of those tools), in 2007 the government asked OLC for an interpretation on the Electronic Communications Privacy Act. That opinion, which was issued on November 8, 2008, ruled that ECPA barred telecom providers from responding to certain kinds of requests without legal process.

Finally, you have asked whether a provider, in answer to an oral request before service of an NSL, may tell the FBI whether a particular account exists. This information would be confined to whether a provider serves a particular subscriber or a particular phone number. We believe that ECPA ordinarily bars providers from complying with such requests.

In the last of his IG Reports on NSLs and Exigent Letters, Fine argued that that OLC opinion made two of FBI’s practices with exigent letters — “sneak peeks” and “hot numbers” — illegal.

[T]he Department’s Office of Legal Counsel concluded, and we agree, that the ECPA ordinarily bars communications service providers from telling the FBI, prior to service of legal process, whether a particular account exists. We also concluded that if that type of information falls within the ambit of “a record or other information pertaining to a subscriber to or customer of such service” under 18 USC 2702(a)(3), so does the existence of calling activity by particular hot telephone numbers, absent a qualifying emergency under 18 USC 2702(c)(4).

[snip]

Therefore, we believe that the practice of obtaining calling activity information about how numbers in these matters without service of legal process violated the ECPA.

[snip]

We believe the FBI should carefully review the circumstances in which FBI personnel asked the on-site communications service providers [redacted] “hot numbers” to enable the Department to determine if the FBI obtained calling activity information under circumstances that trigger discovery or other obligations in any criminal investigations or prosecutions.

The “hot number” practice is functionally equivalent to the “alert list” the NSA used on the Section 215 dragnet database, in which it checked daily incoming calls to see if there had been any US contact with both approved and unapproved identifiers; if there was activity in both cases, it would spark further investigation.

The practice Fine focused on in this report was the requests FBI would get onsite telecom providers to fill without a subpoena. But at the same time Fine was working on that series of reports (the last one wasn’t issued until 2010) he was also working on a report on the FBI’s 2006 use of Section 215 (issued in March 2008), which included two classified appendices on bulk collection programs including (presumably) the phone dragnet from May until December 2006, and the 2009 Joint IG Report on the illegal wiretap program (which would have covered the dragnet program through May 2006).

We now know that both the pre May 2006 dragnet program and the post May 2006 dragnet program included a practice that, in wake of that OLC opinion (and perhaps before), Fine would find required some legal attention (the Pen Register equivalent in a grand jury context might put the post May 2006 practice in good stead, the 2008 opinion would seem to make the use of alerts earlier illegal, along with everything else).

Which may be why the government asked Judge Reggie Walton to consider whether the dragnet program complied with ECPA for his December 12, 2008 opinion.

That’s just a hypothesis (though the December 2008 would have been the first dragnet application after the OLC memo).

But if it’s right, it makes the NSA”s “discovery” of the alert process the following month all the more ridiculous. The alert process had been in place for years. FBI was being scolded for an equivalent practice (that ended in 2006) within FBI. And yet NSA somehow didn’t think to tell Walton about it until he had ruled ECPA did not present a problem for the dragnet more generally.

These three programs — the illegal program and the exigent letters, which both became the early dragnet in 2006 — are all closely related. Once you read them in tandem, though, it makes NSA”s claims to ignorance completely incredible.

Which brings me back to a reminder I’ve made several times. In the wake of the 2009 discoveries, Pat Leahy tried to mandate a DOJ review of the ongoing Section 215 activity, an effort the Administration thwarted. Fine agreed to do one anyway … then left. His replacement, Michael Horowitz, keeps claiming he’s still working on that investigation (but only covering the activities through 2009). That investigation has been going on 1,191 days now.

Update: Another interesting timing detail. According to the White Paper, the Intelligence and Judiciary Committees had all received the initial application and Primary Order on the dragnet by December 2008. So did they wait until the Walton opinion? Or did they know the Judiciary Committees would get them as part of DOJ IG reports?

Oh, So THAT’S Why the Government Is So Insistent Section 215 Had a Role in the Zazi Case?

/7 Comments/in , /by

There’s a remarkable passage in the Primary Order for the Section 215 dragnet that Judge Reggie Walton signed on September 3, 2009.

In addition, the Custodian of Records of [redacted] shall produce to NSA upon service of the appropriate Secondary Order an electronic copy of the same tangible things created by [redacted] for the period from 5:11 p.m. on July 9, 2009 to the date of this Order, to the extent those records still exist.

In an order authorizing the prospective collection of phone records until October 30, 2009, Walton also authorizes the retroactive collection of phone records generated between July 9 and September 3, 2009, if the telecom(s) haven’t destroyed them yet.

This seems to suggest that in an Order on July 9 (which we don’t get, but which the government references in its August 19 submission) Walton halted the program.

Boom. 5:11, July 9. No more phone records, from at least one telecom.

We don’t know why he did so either. In his June 22 Order, he referenced a May 29 Order (another one we didn’t get), responding to NSA’s very delayed disclosures that unminimized results had been shared with NSA analysts unauthorized to receive them and that CIA, FBI, and NCTC had access to the dragnet databases.  He had assigned the government a new report, due on June 18. But in that, too, the government revealed new abuses (including one — described on page 4 — that may pertain to the Internet dragnet rather than the phone dragnet; recall that the NSA offered to “review” that program at the same time they did the phone dragnet). Walton issued new homework to the NSA, requiring the government to provide a weekly report of the dissemination that occurred, with the first due July 3 and therefore the second due July 10, the day after Walton appears to have stopped the collection.

In the government’s August submission, this line seems to indicate querying has been halted.

Based on these findings and actions, the Government anticipates that it will request in the Application seeking renewal of docket number BR 09-09 authority that NSA, including certain NSA analysts who obtain appropriate approval, be permitted to resume non-automated querying of the call detail records using selectors approved by NSA.

But it doesn’t seem to reflect that collection stopped. (Note, Walton’s June Order had a docket number of 09-06, whereas the August submission bears the docket number 09-09).

So while we can’t be sure, it appears the discoveries submitted to Walton in June 2009, as well as new ones in early July, may have led him to halt production of new phone records.

And that collection was turned back on on September 3, 2009. 3 days before the NSA intercepted Najibullah Zazi’s frantic emails to Pakistan trying to get help making TATP he planned to use in a September 11 attack on NYC’s subways.

According to Matt Apuzzo and Adam Goldman’s superb Enemies Within, after discovering Zazi’s emails, FBI had used travel records to find Zazi’s suspected accomplices, Zarein Ahmedzay and Adis Medunjanin.

But when the government tried to justify the dragnet earlier this year, they pointed to the fact that Medunjanin came up in the Section 215 collection as proof of the dragnet’s value, as in this July 17 House Judiciary Committee hearing where FBI National Security Division Executive Assistant Director Stephanie Douglas testified.

Additionally, NSA ran a phone number identifiable with Mr. Zazi against the information captured under 215. NSA queried the phone number and identified other Zazi associates. One of those numbers came back to Adis Medunjanin, an Islamic extremist located in Queens, New York.

The FBI was already aware of Mr. Medunjanin, but information derived from 215 assisted in defining his — Zazi’s network and provided corroborating information relative to Medunjanin’s connection to Zazi. Just a few weeks after the initial tip by NSA, both Zazi and Medunjanin were arrested with — along with another co-conspirator. They were charged with terrorist acts and a plot to blow up the New York City subway system.

As I noted 4 years ago, Dianne Feinstein immediately started using the Zazi investigation to successfully argue that Section 215 must retain its broad relevance standard, defeating an effort by Pat Leahy to require some tie to terrorism.

Now, it may be that the FBI also used Section 215 to collect records of 3 apparently innocent people buying beauty supplies. The government has neither explained what happened to these apparently innocent people or on what basis (it may have been the Section 215 dragnet) they claimed they were associates of Zazi.

But the public case that backs up DiFi’s claims that Section 215 dragnet was central to the Zazi investigation is now limited to the fact that the FBI used the dragnet to find a Zazi associate they already knew about.

Yet imagine! What if Reggie Walton’s stern action in response to the government’s blatantly violating dissemination rules on the dragnet prevented the FBI from finding Zazi’s associates (which wasn’t a problem, and would have been less of a problem if the NYPD hadn’t tipped of Zazi, but never mind)? What if Walton’s effort to rein in the government had prevented the FBI from thwarting an attack?

That, it seems to me, is the implicit threat. The government claims — in spite of all the evidence to the contrary — that Section 215 played a key role in thwarting one of the only real terrorist attacks since 9/11. And, I’d bet they warn in private, they might have been prevented from doing so because a pesky FISA judge halted the program because they hadn’t followed the most basic rules for it.

That, I’m guessing, is why they claim the Section 215 dragnet was central to the Zazi investigation. Not because it was. But because it raises the specter of a judge’s effort to make the government follow the law interfering with FBI’s work.

Also, the Nail Polish Remover Lobby Didn’t Challenge Section 215 Orders

/13 Comments/in , /by

The takeaway from the FISC opinion released today from about 6 outlets seems to be that no telecom has ever challenged a Section 215 order.

But the opinion actually says more than that. It says,

To date, no holder of records who has received an Order to produce bulk telephony has challenged the legality of such an Order. Indeed, no recipient of any Section 215 Order has challenged the legality of such an Order, despite the explicit statutory mechanism for doing so.

Now, if your bullshit antennae aren’t buzzing when you read that formulation, “no holder of records,” then you need to have them checked. Because it sure seems to allow for the possibility that someone whose customers had their records seized via someone deemed the actual holder of them objected. That entity, after all, wouldn’t be a Section 215 Order recipient, and therefore would have no standing to object, regardless of the statutory mechanism for doing so. (Plus, both EPIC and ACLU have — and had, by the time this order was written — objected. But they don’t count because they’re the actual customers.)

But remember, as far as we know, Section 215 has not been used for Internet metadata (except for subscriber information for the first 2 years of the program; see Verizon’s CEO bitching about the email companies his company stole data from for years complaining publicly about the dragnet). The one other big “customer base” we know has been targeted by bulk-ish orders are hydrogen peroxide and nail polish remover (acetone) purchasers.

However, there, too, like Internet providers whose data gets sucked up at a telecom provider’s switch, the actual beauty supply companies are unlikely to be the “holder of records.” The beauty of the Third Party doctrine, for the government, is it can always look elsewhere for people who have “records” that betray customers’ interests.

If only we had a powerful nail polish remover lobby we might be able to combat the dragnet.

How Mike Rogers’ Excessive Secrecy in 2011 Might Kill the Dragnet

/3 Comments/in , /by

The FISA Court just released an August 29, 2013 opinion that reaffirms the court’s prior support for the Section 215 dragnet.

There’s a lot to say about the general legal interpretation of the opinion, which I may return to.

More importantly, though, the opinion relies on a demonstrably false claim to reaffirm the program: that Congress was briefed on the program.

Prior to the May 2011 congressional votes on Section 215 re-authorization, the Executive Branch provided the Intelligence Committees of both houses of Congress with letters which contained a “Report on the National Security Agency’s Bulk Collection Programs for USA PATRIOT Act Reauthorization” (Report).

[snip]

The Report provided extensive and detailed information to the Committees regarding the nature and scope of this Court’s approval of the implementation of Section 215 concerning bulk telephone metadata.

[snip]

Furthermore, the government stated the following in the HPSCI and SSCI Letters: “We believe that making this document available to all Members of Congress is an effective way to inform the legislative debate about reauthorization of Section 215…” Id. HPSCI Letter at 1; SSCI Letter at 1. It is clear form the letters that the Report would be made available to all Members of Congress and that HPSCI, SSCI, and Executive Branch staff would also be made available to answer any questions from Members of Congress. Id. HPSCI Letter at 2; SSCI Letter at 2.

In light of the importance of the national security programs that were set to expire, the Executive Branch and relevant congressional committees worked together to ensure that each Member of Congress knew or had the opportunity to know how Section 215 was being implemented under this Court’s Orders.

But as I have shown, because of Mike Rogers’ actions, a very large block of Congresspersons — the 93 freshmen legislators elected in 2010, save the 7 who were on the Intelligence or Judiciary Committees — appear to have had no such opportunity to learn about the program. Indeed, 65 members who voted in favor of PATRIOT reauthorization appear to have had no way of learning about the dragnet. Furthermore, we have documentary evidence that then FBI General Counsel Valerie Caproni (who was informed about abuses in the program on January 23, 2009), and then FBI Director Robert Mueller (who had to write a brief responding those abuses in August 2009) lied about whether there had been abuses in response to a question clearly designed to learn about the secret use of Section 215 during a May 13, 2011 hearing purportedly designed to replace the letter the Administration sent.

This opinion relies on a claim that has now been proven false (and actually had been by the time the opinion was written).

Judge Claire Eagan seems to know she’s basing her argument on false claims, because in a footnote she invokes the presumption of regularity.

It is unnecessary for the Court to inquire how many of the 535 individual Members of Congress took advantage of the opportunity to learn the facts about how the Executive Branch was implementing Section 215 under this Court’s Orders. Rather, the Court looks to congressional action on the whole, not the prepatory work of Individual Members in anticipation of legislation. In fact, the Court is bound to presume regularity on the part of Congress.

[snip]

The ratification presumption applies here where each Member was presented with an opportunity to learn about a highly-sensitive classified program important to national security in preparation for upcoming legislative action.

But even here, Eagan relies on a false premise, that all members of Congress had the opportunity to be informed about the dragnet.

The record shows — even the Administration White Paper shows — they did not.

I’m not entirely sure how we use these facts to overturn the dragnet. But either the FISC lives up to every claim that it’s a rubber stamp, or this decision must be revisited.

Update: Orin Kerr, who accepts the claims that I’ve shown to be false as true, still finds the argument about congressional consent unpersuasive.

Finally, I was deeply unimpressed by the last section of the opinion (pages 23-27), which argues that the FISC’s reading of the statute is presumptively correct because Congress knew about what the FISC was doing and didn’t amend the statute when it reenacted Section 215 in 2011. While it’s true that statutory reenactment has been construed a kind of silent approval of prior interpretations in some caselaw, I don’t know how on earth that can apply to secret court rulings by a district court that were merely made available to members of Congress, most of whom never learned of the opinions and would have no idea what they were looking at if they did. The idea underlying the doctrine of ratification is that established cases become part of the background understandings of the law. But it’s hard for me to see how decisions from a non-precedential secret court can form that background understanding, especially given that few members of Congress knew of the opinions and no one in the public did.

Update: And predictably, in a post called “Congress has no clothes,” Ben Wittes, who has been informed repeatedly that the record shows the House was not alerted to the 2011 letter, nevertheless gets his rocks off on Judge Eagan’s use of that false claim to argue the program is legal.

Perhaps the most remarkable feature of the opinion is Judge Eagan’s insistence that Congress cannot run away from her interpretation of the statute.

[snip]

All told, it’s an excellent opinion for the government. It affirms the program’s legality. It pulls the folding screen away from Congress even as members seek delicately to change, leaving them nakedly implicated in a program whose memory they seem so eager to abandon on the laundry pile.

Who’s naked here, Ben?

Wyden/Udall: If Intelligence Community Is Dumb Rather than Malicious, Why Should We Trust Them?

/16 Comments/in /by

Ron Wyden and Mark Udall just released a second statement on last week’s Section 215 dragnet document dump, taking the intelligence community’s excuse — that no one really knew what these programs were doing — at face value.

If the IC is dumb rather than malicious, they ask, why should we take their word on the value of the programs?

The intelligence community’s defense was that these violations were occurring because no one had a full grasp of how the bulk collection program actually worked.

If the assertion that ineptitude and not malice was the cause of these ongoing violations is taken at face value, it is perfectly reasonable for Congress and the American people to question whether a program that no one fully understood was an effective defense of American security at all. The fact that this program was allowed to operate this way raises serious concerns about the potential for blind spots in the NSA’s surveillance programs. It also supports our position that bulk collection ought to be ended.

The government’s misrepresentations inevitably led to the Foreign Intelligence Surveillance Court being consistently misinformed as it made binding rulings on the meaning of U.S. surveillance law. This underscores our concern that intelligence agencies’ assessments and descriptions about particular collection programs — even significant ones — are not always accurate. It is up to Congress, the courts and the public to ask the tough questions and require intelligence officials to back their assertions up with actual evidence. It is not enough to simply defer to these officials’ conclusions without challenging them. [my emphasis]

Though I get the feeling that Wyden and Udall aren’t buying this “dumb not malicious” line.

An Illegal Program Sanctioned with a Rubber Stamp Is Still That Same Illegal Program

/4 Comments/in , /by

Consider this anecdote from Barton Gellman’s story on the many violations of the NSA’s spying programs.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

[snip]

In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a “large number” of intercepted calls. A spokesman declined to discuss the matter.

The NSA has different reporting requirements for each branch of government and each of its legal authorities. The “202” collection was deemed irrelevant to any of them. “The issue pertained to Metadata ONLY so there were no defects to report,” according to the author of the secret memo from March 2013.

Viewed against the background of the documents on the 2009 Section 215 dragnet problems, the anecdote tells us several things:

  • The phone metadata for Egypt and for DC were both accessible from the same user interface until at least 2008
  • US phone metadata was accessible by area code, not just by single phone identifier
  • Because it internally reported this incident, NSA was well aware of that fact
  • Among all the violations reported to Reggie Walton in 2009 (see my rough summary), it did not include this one (indeed, it appears NSA has never reported it to FISC, which may be why in response to this story Walton went on the record to complain that the FISA Court relies on the NSA’s self-disclosure)

That is, this violation undermines many of the stories the NSA told Walton during the 10 month period when they were purportedly coming clean on major problems with the dragnet, starting with the claim that these problems were a surprise not identified until after he wrote the first substantive opinion — 31 months after FISC first gave it sanction — authorizing the program. (I consider the 2006 opinion authorizing the dragnet a shockingly thin document, and Walton seems to have felt the need to lay out a more substantive case for the legality of it in 2008.)

But something else undermined that story: the pretense that the entire program arose from virgin birth in 2006.

Indeed, we know (though the government hasn’t actually admitted it, even though Ron Wyden has asked them to) that the Section 215 dragnet is actually just a part of the Dick Cheney’s illegal surveillance program placed under court sanction. Here’s how the NSA’s own draft IG Report (which was completed right smack dab in the middle of the discussions between Walton and the NSA about these violations) describes some aspects of the program, including the alert program that was part of the initial “discovery” of the violations.

(TS//SII/OC/NF) Analysis. NSA used a variety of tools to conduct metadata analysis and view the results. NSA’s primary tool for conducting metadata analysis, for PSP and traditional SIGINT collection, was MAINWAY. MAINWAY was used for storage, contact chaining, and for analyzing large volumes of global communications metadata. At the beginning of the PSP, only the “SIGINT Navigator” tool was available to view MAINWAY output. Over time, new tools and new processes, such as automated chaining alerting, were created to improve analysts’ efficiency. To obtain the most complete results, analysts used data collected under PSP and non-PSP authorities. Typically, they analyzed networks with two degrees of separation (two hops) from the target. Analysts determined if resulting information was reportable.

(TS//SII/OC/NF) In addition, an automated chaining alert process was created to alert analysts of new potentially reportable selectors. Previously approved selectors were compared to incoming MAINWAY data authorized by the PSP, E.O. 12333, or the FISC. Alerts of direct contacts with approved selectors were reported to NSA analysts for further analysis and potential reporting to FBI and CIA.

And here’s where the IG Report admits this all became the Section 215 dragnet.

(TS//SV/NF) According to NSA General Counsel Vito Potenza, the decision to transition telephony metadata to the Business Records Order was driven by a private sector company. After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephony metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order. 11

(TS//SII/NF) As with the PR/TT Order, DoJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisers. Their previous experience in drafting the PR/TT Order made this process more efficient.

Read more

The Irony of Booz Vice Chair Mike McConnell’s Timing

/1 Comment/in , , /by

Please support this kind of weedy journalism

I’m in the process of going really deep in the weeds on this Section 215 stuff, just adjusting my earlier timelines.

Several of us have noted the curious timing of the discovery of the problems with Section 215 dragnet. November 2, 2008 was the stated high number of identifiers which the NSA could contact chain, at 27,090 (though when NSA started cleaning this stuff up they only audited back through November 1, 2008).

On December 10, 2008, two analysts (whom I wildarseguess suspect were actually FBI Agents) start doing searches on unapproved identifiers, doing 280 over the next month and a half.

On December 11 and 12, 2008, Reggie Walton wrote the first systematic opinion on this program and approved a new Primary Order.

On December 15, 2008, the NSA stopped one of its abusive alert system processes.

On January 9, 2009, NSA told folks at DOJ’s National Security Division about them.

By January 15, 2009, NSA had seemingly purged thousands of identifiers from its alert list, because on that day (five days before the inauguration) it had only 17,835, down from 27,090 two days before Obama was elected.

January 20, 2009: Obama took the oath as President, replacing George Bush.

That, of course, led to change at key positions. One which I find remarkably interesting, however was that of Mike McConnell, who had spent two years as Director of National Intelligence (just long enough to get immunity for those who did all this illegally under Cheney’s program). McConnell left on January 27, 2009, leading to a delay on (reported) DNI involvement in this until his replacement Dennis Blair came in on January 29. Blair was briefed on this on his second day in office, January 30, 2009.

I don’t know — because the documents don’t say (see, especially, Keith Alexander’s chart on page 25 of his declaration that is totally non-responsive about anyone in DNI who would have known about these problems)– how much the revolving Intelligence Contractor Exec McConnell knew about NSA’s extension of the illegal Cheney program, illegally, under the FISC sanctioned Section 215 order.

But remember: as Vice Chair of Booz, Mike McConnell was (sort of) Edward Snowden’s boss until the latter absconded with proof of these gross violations under McConnell’s tenure at DNI.

Among other things, this rough outline suggests this wasn’t so much a “discovery” of violations, it was an attempt to hide what at least some people knew were systematic and gross violations of the Section 215 program, just before Obama came in and replaced some of the top players.

But I do find it ironic that McConnell’s company, Booz, played its small part in making all this clear.

ACLU [and congress] Has Standing to Know What It Is Debating

/8 Comments/in , /by

It is fundraising week(ish) here at Emptywheel. If you can, please support the site

In superb news, the FISA Court has agreed to release to ACLU whatever Section 215 opinions are not already covered by a 2011 FOIA suit ACLU filed in Southern District of New York.

 In an important decision, the Foreign Intelligence Surveillance Court ordered the government to review for release the court’s opinions on the meaning, scope, and constitutionality of Section 215 of the Patriot Act. The ruling is on a motion filed by the American Civil Liberties Union, the ACLU of the Nation’s Capital, and Yale Law School’s Media Freedom and Access Information Clinic. Section 215, which authorizes the government to obtain “any tangible things” relevant to foreign-intelligence or terrorism investigations, is the claimed legal basis for the NSA’s mass phone records collection program.

“We are pleased that the surveillance court has recognized the importance of transparency to the ongoing public debate about the NSA’s spying,” said Alex Abdo, staff attorney with the ACLU National Security Project. “For too long, the NSA’s sweeping surveillance of Americans has been shrouded in unjustified secrecy. Today’s ruling is an overdue rebuke of that practice. Secret law has no place in our democracy.”

The decision was based on a determination that, since ACLU is so central in these debates, it has standing to make such a request.

The Court ordinarily would not look beyond information presented by the parties to find that a claimant has Article III standing. In this case, however, the ACLU’s active participation in the legislative and public debates about the proper scope of Section 215 and the advisability of amending that provision is obvious from the public record and not reasonably in dispute. 11 Nor is it disputed that access to the Section 215 Opinions would assist the ACLU in that debate. The Court therefore concludes that the ACLU has satisfied that requirement. See, Ohio Citizen Action v. City of Englewood, 671 F.3d 564, 579 (6th Cir. 2012). Accordingly, the Court finds that the withholding from the ACLU of the Section 215 Opinions constitutes a concrete and particularized injury in fact to the ACLU for purposes of Article III standing.

11 See e.g., Michelle Richardson, Legislative Counsel, ACLU Washington Legislative Office, Misdirection: The House Intelligence Committee’s Misleading Patriot Act Talking Points (June 20, 2013) (https://www.aclu.org/blog/national-security/misdirection-house-intelligencecommittees-misleading-patriot-act-talking); Testimony of Jameel Jaffer, Deputy Legal Director of the ACLU Foundation, and Laura W. Murphy, Director, Washington Legislative Office, ACLU, before the Senate Judiciary Committee Hearing on Strengthening Privacy Rights and National Security:

In truth, after Monday’s document dump, this decision may be more about precedent than expanded releases. Because it is limited to substantive decisions on Section 215 — and wouldn’t include every time a judge pulls more hair out upon being informed of yet another “violation” — there may not be many more decisions to release (unless, as I have wondered, there have been significant violations since 2009).

But there is another part of this decision that may be even more important, from the standpoint of precedent. It gives this brief nod to the amici, calling out the Members of Congress specifically (the other amici were journalism organizations, which, like the third party with ACLU, Media Freedom and Information Access Clinic, might have been denied standing), for its claim to standing.

Assuming that there are such Section 215 Opinions that are not at issue in the FOIA litigation, movants and amici have presented several substantial reasons why the public interest might be served by their publication.

[snip]

Congressional amici emphasize the value of public information and debate in representing their constituents and discharging their legislative responsibilities.

Remember, the Congressional amici argued they can’t do their job without being able to discuss public FISC opinions.

Notwithstanding the compelling public interest in an open debate about the scope and propriety of government surveillance programs authorized under FISA, even the amici — Members of the U.S. Congress — cannot meaningfully participate in that public debate so long as this Court’s relevant decisions and interpretations of law remain secret. Read more

Imagine the Administration Lying to Congress about the Dragnet

/11 Comments/in , /by

As fundraising week comes to a close, please support this site

In a piece bemoaning the possibility that the dragnet programs created in secret might be scaled back now that citizens know what they entail, Ben Wittes lets his imagination run wild.

Imagine you were a high-level decision-maker in a clandestine intelligence agency. Imagine that you had played by the rules Congress had laid out for you, worked with oversight mechanisms to fix errors when they happened, and erected strict compliance regimes to minimize mistakes in a mind-bogglingly complex system of signals intelligence collection. Imagine further that when the programs became public, there was a firestorm anyway. Imagine that nearly half of the House of Representatives, pretending it had no idea what you had been doing, voted to end key collection activity. Imagine that in response to the firestorm, the President of the United States—after initially defending the intelligence community—said that what was really needed was more transparency and described the debate as healthy. Imagine that journalists construed every fact they learned in light of the need to keep feeding at the trough of a source who had stolen a huge volume of highly classified materials and taken it to China and Russia. [my emphasis]

Now, Ben sets up a few straw men here: journalists may have gotten some details wrong, but they’re probably doing better on accuracy than the Agencies that have all the information at hand, which continue to tell easily demonstrable lies. He suggests Obama is interested in debate, abundant evidence to the contrary. He excuses the NSA’s compliance problems because of complexity, when they introduced that complexity to make programs do what they legally weren’t supposed to (for example, allowing illegal access via 3 other systems and by 3 other agencies and inventing a pre-archive archive to skirt the rules in the case of the phone dragnet program). He suggests the NSA played by Congress’ rules, when in fact the FISC sets rules, and it says the government has repeatedly violated those rules and “misrepresented” claims about doing so.

But those straw men are nothing compared to the claim that those in the House who voted to defund the phone dragnet were “pretending it had no idea what you had been doing.”

The record shows that the 2011 PATRIOT Act extension was passed with the support of 65 people — enough to make the difference in the vote — who had had no opportunity to learn about the Section 215 dragnet except at hearings that didn’t provide notice of what they would present. Moreover, the record shows that when someone at one of (the only one of?) those hearings asked a question specifically designed to learn about problems with the dragnet, here’s what happened.

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

Then FBI Director Robert Mueller and then-General Counsel Valerie Caproni (the Administration waited to release the dragnet materials Monday almost until the second Caproni got confirmed to lifetime tenure as a judge) gave that answer in spite of the fact that Mueller had to submit a declaration to Judge Reggie Walton to explain why the program was important enough to keep in spite of the many abuses. Walton ordered that declaration, in part, because the government’s explanations about their gross violations “strain[] credulity,” according to Walton. And one of the abuses involved FBI getting access to this data directly.

But FBI knows nothing, Colonel Klink.

And even in what notice the government made somewhat available to Congress (but which Mike Rogers did not pass on), it provided just a one paragraph description of the abuses that would take a page to lay out in skeleton bullet form.

In other words, the record shows that many of those who voted against the dragnet in fact had no idea what the government had been doing, both about the dragnet itself, and about the abuses of the dragnet program.

And note, when almost half the House voted to defund the dragnet, they still hadn’t been informed of the full extent of these abuses (because the Administration was withholding the relevant opinions).

Congress is moving to rein in a program that the Executive Branch operated illegally for 5 years, then operated with FISC sanction for 7 years while abusing the terms of that sanction for at least 3 years. In Wittes imagination, that’s a bad thing.

Update: Also note Valerie Caproni got briefed on these abuses January 23, 2009.

Working Thread: Section 215 Dragnet Document Dump, Part II

/2 Comments/in , /by

It’s fundraising week. Please support the work I do with a donation.

This is part of a working thread on yesterday’s Section 215 dragnet. Part I is here. The documents are here.

IG Report

(i) Note that the cover letter was signed by the Acting IG, Brian McAndrew, but the report itself was signed by Joel Brenner.

(3) The IG Report uses a lot of passive voice where it should assign some responsibility for implementing controls.

(4) Note this recommendation is redacted but almost certainly is S 215 or S 332, based on the distribution list.

(4) Note the definition of processing.

(8) Note the finding the info assurance was adequate turned out to be wrong, as people were just wandering into this database.

(9) The audits OIG was supposed to conduct didn’t happen, per the description on page 31 of the Alexander declaration. This is sort of a big deal. Was OIG excluded (as they had been under the illegal program)? Or did they just not do their job?

(13) Note the review started immediately after the program started and by its own admission “did not conduct a full range of compliance and/or substantive testing.”

(18) Curious whether NSA introduced the word “archive” in the table.

(19) The language on metadata retention is another tell: they describe not “keeping” the data but “keeping it online” while avoiding mention of archive.

Compliance Incidents, Feb 26, 2009 & Supplemental Alexader

(4) Three different analysts querying databases. Again the timing on this is interesting, from day after election to day after transferring power. Note there’s still no discussion of where all those other identifiers went.

(SAlexander 2) Note the reference to telecoms remains unredacted.

Read more