Posts

DC’s Elite: Let Our General Go!

/5 Comments/in /by

At almost precisely the moment the FBI started investigating who was pestering Tampa Bay socialite Jill Kelley, an investigation that would lead to the resignation and investigation of David Petraeus, John McCain called for an investigation into top Obama officials leaking details of covert ops to make themselves look good.

Outraged by two recent articles published by the New York Times, which exposed the extent of U.S. involvement in cyberattacks made against Iran and the White House’s secret ‘Kill List,’ John McCain (R-Ariz.) and Saxby Chambliss (R-Ga.) took to the Senate floor to admonish the administration, and accuse it of widespread disregard for national security.

“The fact that this administration would aggressively pursue leaks by a 22-year-old Army private in the Wikileaks matter and former CIA employees in other leaks cases, but apparently sanction leaks made by senior administration officials for political purposes is simply unacceptable,” McCain said.

Now, McCain is outraged! that former top Obama official David Petraeus is getting the callous treatment given to those being investigated for leaks.

U.S. Senators John McCain (R-Ariz.) and Lindsey Graham (R-S.C.) today released the following statement on the handling of the investigation into former CIA Director David Petraeus:

“While the facts of the case involving General David Petraeus remain unknown and are not suitable for comment, it is clear that this investigation has been grievously mishandled.

“It is outrageous that the highly confidential and law enforcement-sensitive recommendation of prosecutors to bring charges against General Petraeus was leaked to the New York Times. It is a shameful continuation of a pattern in which leaks by unnamed sources have marred this investigation in contravention to fundamental fairness.

“No American deserves such callous treatment, let alone one of America’s finest military leaders whose selfless service and sacrifice have inspired young Americans in uniform and likely saved many of their lives.”

And of course, McCain had no problem when the first story about poor Petraeus’ treatment appeared in December, quoting lots of McCain’s buddies calling for justice! for Petraeus.

McCain (and his sidekick Lindsey) are not the only ones rending their garments over the injustice of a top Obama official being investigated for leaking classified details to make himself look good. Jason Chaffetz keeps complaining about it. And Dianne Feinstein took to the Sunday shows to declare that Petraeus has suffered enough. Richard Burr apparently made false claims about how the Espionage Act has been wielded, of late, even against those whose leaks caused no harm.

Golly, you’d think all these legislators might figure out they have the authority, as legislators, to fix the overly broad application of the Espionage Act.

Meanwhile, Eli Lake — who launched the campaign to Let Our General Go last month — has an odd story complaining about Petraeus’ treatment. To Lake’s credit, he mentions — though does not quote — how Petraeus celebrated John Kiriakou’s guilty plea. Here’s what Petraeus said then about the importance of respecting your vows to secrecy:

It marks an important victory for our agency, for our intelligence community, and for our country. Oaths do matter, and there are indeed consequences for those who believe they are above the laws that protect our fellow officers and enable American intelligence agencies to operate with the requisite degree of secrecy.

Lake also suggests Paula Broadwell’s job — writing fawning biographies of the man she was fucking — was the same as Bob Woodward’s.

What’s more, Broadwell herself was writing a second book on Petraeus. When Broadwell — a graduate of West Point — was writing her first biography of him, she was given access to top secret information covering the period in which Petraeus commanded allied forces in Afghanistan. This arrangement is common in Washington for established authors. Sources for Bob Woodward, whose books often disclose classified information that is provided to him through semi-official leaks, are not investigated for betraying state secrets.

Maybe it is, maybe Woodward is nothing more than a power-fucker. But it obscures the key difference (which should not be true but is) that when the White House sanctions a book, they get to sanction self-serving leaks for it.

Finally, Lake misstates something about selective treatment.

Senior officials such as Petraeus, who serve at the highest levels of the national security state, are almost never punished as harshly as low- and mid- level analysts who are charged with leaking. When former CIA director John Deutch was found to have classified documents on his unsecure home computer, he was stripped of his security clearance and charged with a misdemeanor. 

An even better example — one not mentioned at all — is when Alberto Gonzales was found to have kept a CYA file, full of draft OLC memos and notes from a briefing on the illegal wiretap program, in a briefcase in his house. He resigned at the beginning of that investigation (and it has never been clear how much that played a role in his resignation; there are many interesting questions about Gonzales’ resignation that remain unanswered). But he suffered no consequences from keeping unbelievably sensitive documents at his house, aside from being denied the sinecure all other Bush officials got.

That said, that’s true of a lot of people in sensitive positions. Of the 40 witnesses who might be called against Jeffrey Sterling, for example, 6 have been found to have mistreated classified information (as has Sterling himself); that includes his direct supervisor while at CIA as well as 3 others cleared into the Merlin op (and I’m certain that doesn’t include Condi Rice, whose testimony the AIPAC defendants would have used to show how common leaking to the press was, nor does it include one other witness I strongly suspect has been involved in another big leak case). CIA withheld that detail from DOJ until right before the trial was due to start in 2011. But it does offer at least one metric of how common mistreating classified information is.

The prosecution of it, of course, is very selective. And that’s the problem, and David Petraeus’ problem, and Congress’ problem.

Yet that won’t ensure that Congress does anything to fix that problem with the means at their disposal, legislating a fix to stop the misuse of the Espionage Act. That’s because they like the overly broad use of it to cudgel leakers they don’t like. Just not the ones they’re particularly fond of.

Former NSA General Counsel Robert Deitz, Who Rubber-Stamped Illegal Wiretap Program, Says All Felonies Should Be Prosecuted

/7 Comments/in , , /by

I’m watching a CUNY conference on sources and secrets, which currently has a panel including Bob Woodward, Jane Mayer, and former NSA General Counsel Robert Deitz.

When asked whether he could think of a leak that had been damaging, Deitz said the exposure of the illegal (he called it “special”) wiretap program had been damaging.

Then, in the context of prosecuting leaks, Deitz argued that all leaks should be prosecuted, because they involve a felony violation of an oath (that’s not always true, but I’ll just accept that Deitz believes all felonies should be prosecuted). He went on to say, “How is it you put a line around this felony and not prosecute it?”

According to the 2009 Draft NSA IG Report, Deitz, on September 20, 2001, suggested to Alberto Gonzales they should consider modifying FISA (which was then being modified as part of the PATRIOT Act); he appears to have gotten no answer. On October 5, 2001 — having asked but not been permitted to read the underlying OLC authorization for it (Addington read him a few lines over the phone), having not participated in the drafting of the Presidential Authorization for it, and having given it just one day of legal review — Deitz said a program violating the exclusivity provision of FISA was legal. On October 8, Deitz briefed the analysts who would carry out this illegal program.

Deitz’ subordinates provided the only oversight of the program at first. (Later in today’s program he claimed the line between domestic and foreign intelligence was rigorously maintained.) To his credit, Deitz ultimately fought to have the Inspector General read into the program after it had operated for some months.

This is a man who provided the legal fig leaf for a patently illegal program (though the IG Report provides no details of Deitz’ actions for the March to May 2004 timeframe, when the program was even more illegal). This is a man who showed awareness of the legally correct way to do this — include this expanded program in PATRIOT — but nevertheless accepted and participated in not doing so.

And he advocates prosecuting every felony.

Perhaps before he talks about prosecuting journalists and their sources, he should consider his own role in encouraging felonies?

The Lapses in Dragnet Notice to Congress

/7 Comments/in , /by

I’m at a great conference on national security and civil liberties. Unfortunately, speakers have repeatedly claimed that NSA fully informs Congress on its programs.

Even setting aside Dianne Feinstein’s admission that the intelligence committees exercise less oversight over programs conducted under EO 12333, there are a number of public documents that show the Executive failing to fully inform Congress:

April 27, 2005: Alberto Gonzales and Robert Mueller brief SSCI on PATRIOT Authorities in advance of reauthorization. They make no mention of the use of PR/TT to gather Internet metadata, much less the violations of Colleen Kollar-Kotelly limits on the kind of data collected during the first period of its use.

October 21, 2009: A Michael Leiter and NSA Associate Deputy Director briefing to the House Intelligence Committee pointed to the September 3, 2009 phone dragnet reauthorization as proof that NSA had regained FISC’s confidence, without mentioning further violations on September 21 and 23 — violations that NSA did not inform FISC about.

August 16, 2010: DOJ did not provide the Intelligence and Judiciary Committees with some of the pre-July 10, 2008 FISC rulings providing significant constructions of FISA pertaining to — at a minimum — Section 215 until after the first PATRIOT Reauthorization.

February 2, 2011: House Intelligence Chair Mike Rogers did not invite members of Congress to read the 2011 notice about the phone and Internet dragnets. Approximately 86 freshmen members — 65 of whom voted to reauthorize the PATRIOT Act, a sufficient number to tip the vote — had no opportunity to read that notice.

May 13, 2011: In a briefing by Robert Mueller and Valerie Caproni designed to substitute for the Executive’s notice to Congressmen about the phone and Internet dragnets, the following exchange took place.

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

While the balance of the briefing remains redacted, this seems to suggest the FBI did not brief House Republicans about the dragnet violations.

September 1, 2011: NSA did not provide notice to the House Judiciary Committee about its testing of geolocation data under Section 215 until after the reauthorization of PATRIOT Act, in spite of the fact that it had been conducting such tests throughout the 2010 and 2011 debates on the PATRIOT Act.

The NSA versus “Issue-Based Extremists”

/3 Comments/in /by

The CBC has a Snowden-based story about how the NSA helped Canada’s Communications Security Establishment Canada in advance of and during the G20 held in Toronto in 2010. That isn’t all that surprising. As the story notes, it’s consistent with other stories of NSA spying surrounding international diplomatic meetings.

But the story does note that the Snowden documents make it clear there was no specific al Qaeda threat. Instead, the “threat” to the meeting came from “issue-based extremists.”

Much of the secret G20 document is devoted to security details at the summit, although it notes: “The intelligence community assesses there is no specific, credible information that al-Qa’ida or other Islamic extremists are targeting” the event.

No matter. The NSA warns the more likely security threat would come from “issue-based extremists” conducting acts of vandalism.

The comment reminds me of a paragraph in testimony Alberto Gonzales and Robert Mueller gave to the Senate Intelligence Committee in 2005, in advance of the first PATRIOT Act reauthorization. The testimony is notable for Gonzales and Mueller’s silence about the use of Pen Registers to collect a significant chunk of all the Internet-based metadata in the US (NSA had already been caught collecting “metadata” that was really “content” by then), even while he emphasized the “relevant to” language that had been added to Pen Registers in 2001.

Sensibly, Section 214 of the USA PATRIOT Act simplified the standard that the government must meet in order to obtain pen/trap data in national security cases. Now, in order to obtain a national security pen/trap order, the applicant must certify “that the information likely to be obtained is foreign intelligence information not concerning a United States person, or is relevant to an investigation to protect against international terrorism or clandestine intelligence activities.” Importantly, the law requires that such an investigation of a United States person may not be conducted solely upon the basis of activities protected by the First Amendment to the Constitution.

Section 214 should not be permitted to expire and return us to the days when it was more difficult to obtain pen/trap authority in important national security cases than in normal criminal cases. This is especially true when the law already includes provisions that adequately protect the civil liberties of Americans. I urge you to reauthorize section 214.

Over the course of the reauthorization process, of course, Congress added that “relevance” language to Section 215, which served as the basis for the phone dragnet of all American’s phone calls.

But the paragraph of the Gonzales/Mueller testimony that stuck out at me described how PATRIOT Section 203 — which permitted the sharing of Grand Jury, wiretap, and other criminal investigation information with intelligence professionals — had authorized information sharing at similar high profile meetings. After 8 bullet point examples showing how this information sharing had supported terrorism (or Iraqi) investigations, the testimony then revealed it had been used to authorize information sharing during 2004’s G-8 and Presidential Conventions.

In addition, last year, during a series of high-profile events — the G-8 Summit in Georgia, the Democratic Convention in Boston and the Republican Convention in New York, the November 2004 presidential election and other events — a task force used the information sharing provisions under Section 203(d) as part and parcel of performing its critical duties. The 2004 Threat Task Force was a successful inter-agency effort where there was a robust sharing of information at all levels of government.

Now perhaps these big meetings faced an Al Qaeda threat in 2004 that the G-20 didn’t face in 2010. But I’m cognizant that PATRIOT defines “foreign intelligence information” to include “sabotage,” which might be used to treat legitimate “issue-based extremists” as terrorists.

We already know that anti-war protestors (the kind of “single-issue extremists” who protested in big numbers in 2004) were investigated as terrorists as early as 2002, though DOJ professed to be unable to connect all the investigations together. Indeed, precisely that kind of “criminal” investigation started in local FBI offices is the kind of information that might be shared under PATRIOT 203(d) with a Task Force facing protestors.

We don’t know, from this one paragraph, what kind of information the government shared in 2004 in the name of “foreign intelligence.” But the 2010 Canadian example suggests the government is still (or was, as recently as 2010) treating legitimate protestors as outside infiltrators. Which makes it likely that the US did the same back during the height of anti-Iraq War protests.

Wrong Agency, Wrong Minimization: Two More Ways the Original Phone Dragnet Application Violated the Law

/12 Comments/in , /by

In addition to everything else several of us have been pointing out in the original Internet metadata opinion and the phone metadata application, there are two more problems with the phone dragnet.

They’re using the wrong agency and the wrong minimization procedures.

Section 215 reads, in part:

[T]he Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things [my emphasis]

Here’s who signed the application that kicked off the phone dragnet program:

Screen shot 2013-11-19 at 3.02.54 PM

 

This is probably the lesser of these two problems. After all, the law permits the FBI Director to delegate this, and delegating the application to your boss is probably perfectly fine. Though it is a bit of a conflict if the boss in question was, in part, trying to legalize a program that had operated under his purview when he worked at the White House.

The problem becomes bigger still given that there’s no explanation of how it is that an NSA declaration serves as backup for an application to obtain data for the NSA, the use of which is limited to FBI. At least in what we get (which, remember, is what got produced to Congress, not what got submitted to the Court), there’s no discussion of that process.

The other problem is a bit more complicated. As I described last week, the 2006 Reauthorization of the PATRIOT Act included a new requirement that the Attorney General develop minimization procedures for Section 215.

(1) IN GENERAL- Not later than 180 days after the date of the enactment of the USA PATRIOT Improvement and Reauthorization Act of 2005, the Attorney General shall adopt specific minimization procedures governing the retention and dissemination by the Federal Bureau of Investigation of any tangible things, or information therein, received by the Federal Bureau of Investigation in response to an order under this title.

(2) DEFINED- In this section, the term `minimization procedures’ means–

(A) specific procedures that are reasonably designed in light of the purpose and technique of an order for the production of tangible things, to minimize the retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information;

(B) procedures that require that nonpublicly available information, which is not foreign intelligence information, as defined in section 101(e)(1), shall not be disseminated in a manner that identifies any United States person, without such person’s consent, unless such person’s identity is necessary to understand foreign intelligence information or assess its importance;

This post describes how DOJ basically blew off that requirement and — at least according to former DOJ Inspector General Glenn Fine — instead used existing procedures that didn’t meet the terms of the law.

Given that this application passed just 2 months after the Reauthorization, this dragnet application was probably one of the earliest Section 215 applications submitted after the Reauthorization so there might have been a discussion about this new requirement anyway. But in this case, the new requirement should have posed an additional problem. The data went not to FBI, but immediately to NSA, an enormous database of non-publicly available of information pertaining to US persons, handed off without a hint of minimization first.

Here’s how the application dealt with minimization procedures.

NSA will apply the existing (Attorney General approved) guidelines in United States Signals Intelligence Directive 18 (1993) … to minimize the information reported concerning U.S. persons.

USSID 18 is supposed to be less restrictive than FBI minimization procedures (though FBI data gets shared freely with other agencies).

There’s not only no discussion in this application of how USSID 18 meets the terms of the law, but there’s no discussion of what it means that NSA basically got unminimized data for which FBI is, by law, the proper recipient, which should be the most voluminous minimization violation ever.

And yet … the application doesn’t even acknowledge this problem at all.

The “Heroes” of the Hospital Confrontation Brief the FISC

/6 Comments/in , /by

I’m going to have several posts on the documents released yesterday, starting with the Internet dragnet opinion and the phone dragnet application.

But to give those two background, I want to look at a passage in the Internet dragnet opinion, in which Colleen Kollar-Kotelly describes a fascinating briefing that she received in advance of authoring what Orin Kerr describes as a “quite strange” opinion.

After describing some declarations she received (including one from a person whose title remains redacted) and some questions she posed, she describes this briefing.

The Court also relies on information and arguments presented in a briefing to the Court on [redacted] which addressed the current and near-term threats posed by [redacted reference to Al Qaeda and others], investigations conducted by the Federal Bureau of investigation (FBI) to counter those threats, the proposed collection activities of the NSA (now described in the instant application), the expected analytical value of information so collected in efforts to identify and track operatives [redacted] and the legal bases for conducting these collection activities under FISA’s pen register/trap and trace provisions. 4

4 This briefing was attended by (among others) the Attorney General; [redacted] the DIRNSA; the Director of the FBI; the Counsel to the President; the Assistant Attorney General for the Office of Legal Counsel; the Director of the Terrorist Threat Integration Center (TTIC); and Counsel for Intelligence Policy.

That is, right at the beginning of her opinion, Kollar-Kotelly tells us that she had a briefing with:

  • AG John Ashcroft
  • [redacted]
  • DIRNSA Michael Hayden
  • FBI Director Robert Mueller
  • Counsel to the President Alberto Gonzales
  • AAG for OLC Jack Goldsmith
  • TTIC Director John Brennan
  • Counsel for OIPR James Baker

On page 30, Kollar-Kotelly seems to refer to the same redacted person again, which in the context of the reference to CIA v. Sims in that footnote, seems to suggest this is a reference to CIA Director George Tenet, which suggests the redacted author of the brief she relied on was authored by Tenet. (I leave open the more tantalizing possibility that it’s someone like Dick Cheney, but highly doubt it.)

So before she approved the use of FISA’s Pen Register to collect much of the Internet metadata in the US, she had a meeting with at least one of the villains — Alberto Gonzales — of the hospital confrontation at which DOJ refused to reauthorize the Internet metadata program that was part of the President’s illegal wiretap program, and at least three of its “heroes:” Ashcroft, Mueller, and Goldsmith.

Interestingly, this meeting does not appear — at least not described as such — in the Draft NSA IG Report description of the transition to a FISC order.

After extensive coordination, DoJ and NSA devised the PRITT theory to which the Chief Judge of the FISC seemed amenable. DoJ and NSA worked closely over the following months, exchanging drafts of the application, preparing declarations, and responding to questions from court advisers. NSA representatives explained the capabilities that were needed to recreate the Authority, and DoJ personnel devised a workable legal basis to meet those needs. In April 2004, NSA briefed Judge Kollar-Kotelly and a law clerk because Judge Kollar-Kotelly was researching the impact of using PSP-derived information in FISA applications. In May 2004, NSA personnel provided a technical briefmg on NSA collection of bulk Internet metadata to Judge Kollar-Kotelly. In addition, General Hayden said he met with Judge Kollar-Kotelly on two successive Saturdays during the summer of 2004 to discuss the on-going efforts.

Was this “briefing” one of the Saturday meetings Hayden had with FISC’s Presiding Judge?

Remember, David Kris described the genesis of the bulk collection programs this way, in a paper emphasizing the role of the Internet dragnet.

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. [my emphasis]

The Internet dragnet was illegal. At least 3 of the people who conveyed the importance of authorizing this program had said so — in very dramatic fashion — less than four months before she would do so.

And yet she wrote a memo saying it was legal.

Update, 8/12/14: This application confirms that George Tenet was the redacted declaration submitter.

The Phone Dragnet Did Not (and May Still Not) Meet the PATRIOT Act’s Minimization Requirements

/3 Comments/in , /by

While a number of the changes to Section 215 passed just before the government started relying on it to create a database of all phone-based relationships in the United States watered down the law, one provision made the law stricter.

The 2006 Reauthorization required the Attorney General to establish minimization procedures for the data collected under the program.

(g) Minimization Procedures and Use of Information- Section 501 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1861) is further amended by adding at the end the following new subsections:

(g) Minimization Procedures-

(1) IN GENERAL- Not later than 180 days after the date of the enactment of the USA PATRIOT Improvement and Reauthorization Act of 2005, the Attorney General shall adopt specific minimization procedures governing the retention and dissemination by the Federal Bureau of Investigation of any tangible things, or information therein, received by the Federal Bureau of Investigation in response to an order under this title.

(2) DEFINED- In this section, the term `minimization procedures’ means–

(A) specific procedures that are reasonably designed in light of the purpose and technique of an order for the production of tangible things, to minimize the retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information;

(B) procedures that require that nonpublicly available information, which is not foreign intelligence information, as defined in section 101(e)(1), shall not be disseminated in a manner that identifies any United States person, without such person’s consent, unless such person’s identity is necessary to understand foreign intelligence information or assess its importance; and

(C) notwithstanding subparagraphs (A) and (B), procedures that allow for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes.

(h) Use of Information- Information acquired from tangible things received by the Federal Bureau of Investigation in response to an order under this title concerning any United States person may be used and disclosed by Federal officers and employees without the consent of the United States person only in accordance with the minimization procedures adopted pursuant to subsection (g). No otherwise privileged information acquired from tangible things received by the Federal Bureau of Investigation in accordance with the provisions of this title shall lose its privileged character. No information acquired from tangible things received by the Federal Bureau of Investigation in response to an order under this title may be used or disclosed by Federal officers or employees except for lawful purposes.’.

But from the very start, the FISA Court and the Administration set out to ignore this requirement. After all, well before anyone did any analysis about the foreign intelligence value of the phone dragnet data, the FBI disseminated all of it, by having the telecoms hand it over directly to the NSA. And phone numbers are US person identifiers (best demonstrated by NSA’s use of phone numbers as identifiers to conduct searches in other contexts).

Thus, before any Agency even touched the data, the phone dragnet scheme violated this provision by disseminating non-publicly available information about US person identifiers on every single American without their consent.

According to FISC’s original Section 215 phone dragnet order, the NSA only had to abide by the existing SID-18 minimization procedures.

[D]issemination of U.S. person information shall follow the standard NSA minimization procedures found in the Attorney General-approved guidelines (U.S. Signals Intelligence Directive 18). [link added]

And the FBI only applied the minimization procedures it used to fulfill the statute after the NSA had already run queries on it.

With respect to any information the FBI receives as a result of this Order (information that is passed or “tipped” to it by NSA), the FBI shall follow as minimization procedures the procedures set forth in The Attorney General’s Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (October 31, 2003). [link added]

Even after this initial order, the Attorney General did not comply with the mandate to come up with minimization procedures specific to Section 215. Instead, then Attorney General Alberto Gonzales just adopted four sections of the National Security Investigations Guidelines.

In analysis included in a 2008 review of the FBI’s use of Section 215, DOJ Inspector General Glenn Fine deemed this measure to fall short of the statute’s requirements.

These interim minimization procedures use general hortatory language stating that all activities conducted in relation to national security investigations must be “carried out in conformity with the Constitution.” However, we believe this broad standard does not provide the specific guidance for minimization procedures that the Reauthorization Act appears to contemplate.

[snip]

[T]he Reauthorization Act required the Department to adopt “specific procedures” reasonably designed to “minimize the retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information.” We believe that the interim procedures do not adequately address this requirement, and we recommend that the Department continue its efforts to construct specific minimization procedures relating to Section 215 orders, rather than rely on general language in the Attorney General’s NSI Guidelines.

As I’ll show in a follow-up post, presumably in response to Fine’s report, Attorney General Michael Mukasey adopted new, arguably even more general guidelines to fulfill this requirement, the AG Guidelines for Domestic FBI Operations. (I strongly suspect the August 20, 2008 FISC opinion the government won’t release authorizes the language that would appear in those Guidelines).

But the implications of this have more immediate significance.

After all, the only known American who got busted based on a Section 215 tip, Basaaly Moalin, argues for a new trial tomorrow. And he was tipped based on dissemination that took place in 2007 — that is, before DOJ even tried to address these problematic minimization procedures. He was tipped based on dissemination that — under the letter of the PATRIOT Act — should never have happened.

Update: With regards to Moalin’s case, this seems pertinent.

As of early December 2007, the [Director of National Intelligence] working group [trying to harmonize defintions] had not defined “U.S. person identifying information.

This means that, at the time he was identified in the dragnet, the entire intelligence community was still fighting over whether phone numbers constituted US person identifying information entitled to additional protection.

Update: In an address to the EU Parliament, Jim Sensenbrenner accuses NSA of ignoring civil liberty protections in the PATRIOT Act.

“I firmly believe the Patriot Act saved lives by strengthening the ability of intelligence agencies to track and stop potential terrorists, but in the past few years, the National Security Agency has weakened, misconstrued and ignored the civil liberty protections we drafted into the law,” he said, adding that the NSA “ignored restrictions painstakingly crafted by lawmakers and assumed a plenary authority we never imagined.”

Three Theories Why the Section 215 Phone Dragnet May Have Been “Erroneous” from the Start

/6 Comments/in , /by

Update, 1/6/14: I just reviewed this post and realize it’s based on the misunderstanding that the February 24 OLC opinion is from last year, not 2006. That said, the analysis of the underlying tensions that probably led to the use of Section 215 for the phone dragnet are, I think, still valid. 

According to ACLU lawyer Alex Abdo, the government may provide more documents in response to their FOIA asking for documents relating to Section 215 on November 18. Among those documents is a February 24, 2006 FISA Court opinion, which the government says it is processing for release.

That release — assuming the government releases the opinion in any legible form — should solve a riddle that has been puzzling me for several weeks: whether the FISA Court wrote any opinion authorizing the phone dragnet collection before its May 24, 2006 order at all.

The release may also provide some insight on why former Assistant Attorney General David Kris concedes the initial authorization for the program may have been “erroneous.”

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. [my emphasis]

That “erroneous” language comes not from me, but from David Kris, one of the best lawyers on these issues in the entire country.

And the date of the opinion — February 24, 2006, 6 days before the Senate would vote to reauthorize the PATRIOT Act having received no apparent notice the Administration planned to use it to authorize a dragnet of every American’s phone records — suggests several possible reasons why the original approval is erroneous.

Possibility one: There is no opinion

The first possibility, of course, is that my earlier guess was correct: that the FISC court never considered the new application of bulk collection, and simply authorized the new collection based on the 2004 Colleen Kollar-Kotelly opinion authorizing the Internet dragnet. In this possible scenario, that February 2006 opinion deals with some other use of Section 215 (though I doubt it, because in that case DOJ would withhold it, as they are doing with two other Section 215 opinions dated August 20, 2008 and November 23, 2010).

So one possibility is the FISA Court simply never considered whether the phone dragnet really fit the definition of relevant, and just took the application for the first May 24, 2006 opinion with no questions. This, it seems to me, would be erroneous on the part of FISC.

Possibility two: FISC approved the dragnet based on old PATRIOT knowing new “relevant to” PATRIOT was coming

Another possibility is that the FISA Court rushed through approval of the phone dragnet knowing that the reauthorization that would be imminently approved would slightly different language on the “relevance” standard (though that new language was in most ways more permissive). Thus, the government would already have an approval for the dragnet in hand at the time when they applied to use it in May, and would just address the “relevance” language in their application, which we know they did.

In this case, the opinion would seem to be erroneous because of the way it deliberately sidestepped known and very active actions of Congress pertaining to the law in question.

Possibility three: FISC approved the dragnet based on new PATRIOT language even before it passed

Another possibility is that FISC approved the phone dragnet before the new PATRIOT language became law. That seems nonsensical, but we do know that DOJ’s Office of Intelligence Policy Review briefed FISC on something pertaining to Section 215 in February 2006.

After passage of the Reauthorization Act on March 9, 2006, combination orders became unnecessary for subscriber information and [one line redacted]. Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber information to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary. In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [half line redacted] from the FISA Court. Therefore, OIPR decided not to request [several words redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court. 24

24 OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act. [two lines redacted] [my emphasis]

Still, this passage seems to reflect an understanding, at the time DOJ briefed FISC and at the time that the FISC opinion was written that the law was changing in significant ways (some of which made it easier for the government to get IDs along with the Internet metadata it was collecting using a Pen Register).

This would seem to be erroneous for timing reasons, in that the judge issued an opinion based on a law that had not yet been signed into law, effectively anticipating Congress.

The looming threat of Hepting v. AT&T and Mark Klein’s testimony

Which brings me to why. The 2009 Draft NSA IG Report describes some of what went on in this period.

After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephone metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order.

As with the PR/TT Order, DOJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisors. Their previous experience in drafting the PRTT Order made this process more efficient.

The FISC signed the first Business Records Order on 24 May 2006. The order essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had under the PSP. And, unlike the PRTT, there was no break in collection at transition.

But the IG Report doesn’t explain why the telecom(s) started getting squeamish after the NYT scoop.

It doesn’t mention, for example, that on January 17, 2006, the ACLU sued the NSA in Detroit. A week after that suit was filed, Attorney General Alberto Gonzales wrote the telecoms a letter giving them cover for their cooperation.

On 24 January 2006, the Attorney General sent letters to COMPANIES A, B, and C, certifying under 18 U.S.C. 2511 (2)( a)(ii)(B) that “no warrant or court order was or is required by law for the assistance, that all statutory requirements have been met, and that the assistance has been and is required.”

Note, this wiretap language pertains largely to the collection of content (that is, the telecoms had far more reason to worry about sharing content). Except that two issues made the collection of metadata particularly sensitive: the data mining of it, and the way it was used to decide who to wiretap.

More troubling still to the telecoms, probably, came when EFF filed a lawsuit, Hepting, on January 31 naming AT&T as defendant, largely based on an LAT story of AT&T giving access to the its stored call records.

But I’m far more interested in the threat that Mark Klein, the AT&T technician who would ultimately reveal the direct taps on AT&T switches at Folsom Street, posed. Read more

More Notice Problems in the 215 Dragnet White Paper

/4 Comments/in , /by

According to the 2009 Draft NSA IG Report, the telecoms asked for some kind of order for the telecom dragnet collection in 2005, just after the NYT revealed the illegal wiretap program.

After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephone metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order.

At least for the beginning of 2006, the government responded to these concerns with a letter from Alberto Gonzales.

On 24 January 2006, the Attorney General sent letters to COMPANIES A, B, and C, [AT&T, Verizon, and MCI] certifying under 18 U.S.C. 2511 (2)(a)(ii)(B) that “no warrant or court order was or is required by law for the assistance, that all statutory requirements have been met, and that the assistance has been and is required.

The court first signed an order authorizing the collection of phone metadata on May 24, 2006 — 76 days after Congress had passed the reauthorization of the PATRIOT Act with the new “relevant to” language.

The FISC signed the first Business Records Order on 24 May 2006. The order essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had under the PSP. And, unlike the PRTT, there was no break in collection at transition.

But according to the March 2008 DOJ IG Report on Section 215 use, DOJ’s Office of Intelligence Policy and Review was briefing changes to at least some of the use of the use of Section 215 that would be implemented by the reauthorization before PATRIOT was reauthorized.

OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [redacted] from the FISA Court. Therefore, OIPR decided not to request [redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court.24

24 OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act.

The import of the new “relevant to” may well have been the substantive change in question; so this February briefing may have been the start of stripping “relevant to” of all meaning.

Ron Wyden seems to want the government to admit this first court authorization just approved dragnet collection already going on.

When he and 25 other Senators sent James Clapper some questions about Section 215, they asked how long the NSA was conducting dragnet collection under the PATRIOT Act (which remember also includes the PW/TT statute used for the Internet dragnet).

How long has the the NSA used PATRIOT Act authorities to engage in bulk collection of Americans’ records? Was this collection under way when the law was reauthorized in 2006?

And Wyden called out Clapper when he refused to answer.

In addition, the intelligence community’s response fails to indicate when the PATRIOT Act was first used for bulk collection, or whether this collection was underway when the law was renewed in 2006.

Was the government using National Security Letters to collect this information between the NYT scoop and the FISC authorization, I wonder?

In any case, we know the government was collecting phone metadata going back years, we know the government was discussing changes instituted by PATRIOT reauthorization in February 2006, and we know the FISC approved using Section 215 for a phone dragnet in May 2006.

In an interview published yesterday, Ron Wyden (who had already been on the Senate Intelligence Committee for several years in 2006) revealed when he first learned about the phone dragnet.

You went from supporting the Patriot Act in 2001 to pushing relentlessly for its de-authorization. What was the tipping point?
My concerns obviously deepened when I first learned that the Patriot Act was being used to justify the bulk collection of Americans’ records, which was in late 2006 or early 2007.

In other words, the government didn’t get around to briefing all of the Intelligence Committee about this collection until months after it started, and possibly up to a year after they first briefed related issues to the FISC.

Here’s how the White Paper turns that unforgivable delay into a boast.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.

Translation: The Executive Branch stalled for an impermissibly long period of time after this dragnet started before briefing even the Intelligence Committee. And while we might blame the Bush Administration, remember that Keith Alexander was already running the dragnet by this period.

So not only didn’t the government tell Congress it was using PATRIOT to conduct dragnet collection of Internet metadata when it reauthorized it in 2006, but it didn’t even tell all members of SSCI until well after the phone dragnet moved under PATRIOT as well.

Alberto Gonzales and Internet Data Mining

/14 Comments/in , /by

I was going to leave this speculation well enough alone. But George W Bush decided to interrupt his dog painting to defend Obama’s surveillance dragnet.

Bush also defended the surveillance program, which began during his administration after 9/11, saying the programs guarantee civil liberties are protected.

“I put the program in place to protect the country and one of the certainties is civil liberties were guaranteed,” Bush said.

So here goes.

In his book, Jack Goldsmith describes Alberto Gonzales siding against David Addington in a debate just once, only to have George Bush override the then White House Counsel.

Addington’s hard-line nonaccommodation stance always prevailed when the lawyers met to discuss legal policy issues in Alberto Gonzales’ office. During these meetings, Gonzales himself would sit quietly in his wing chair, occasionally asking questions but mostly listening as the querulous Addington did battle with whomever was seeking to “go soft.” It was Gonzales’ responsibility to determine what to advise the president after the lawyers had kicked the legal policy matters around. But I only knew him to disagree with Addington once, on an issue I cannot discuss, and on that issue the president overruled Gonzales and sided with the Addington position. [my emphasis]

The issue Goldsmith could not discuss could be torture or prisoner transfers or something entirely unknown, but the data mining at the heart of the hospital confrontation is clearly one candidate.

There’s no overt evidence Gonzales tried to do the right thing on the illegal surveillance program. After all, even after Bush agreed to put the program right on March 12, 2004, Gonzales still objected to Goldsmith and Jim Comey’s first advice on the program. After Goldsmith laid out his initial advice on March 15, Gonzales wrote a memo saying,

Your memorandum appears to have been based on a misunderstanding of the President’s expectations regarding the conduct of the Department of Justice. While the President was, and remains, interested in any thoughts the Department of Justice may have on alternative ways to achieve effectively the goals of the activities authorized by the Presidential Authorization of March 11, 2004, the President has addressed definitively for the Executive Branch in the Presidential Authorization the interpretation of the law.

This led Comey to write up his resignation letter on March 16. “[A]lthough I believe this has been one of [DOJ’s] finest hours, we have been unable to right that wrong.” Three days later, Bush modified his March 11 Authorization, directing NSA to stop collecting Internet metadata within a week.

Of course, three months later, the Administration resumed collection of Internet metadata using the FISC PR/TT order. That was within days of Goldsmith’s departure, though he had announced his departure a month earlier and Comey, obviously, stuck around for over a year longer.

So still no evidence the Internet data mining was the issue on which Gonzales tried to stand up to Addington.

But let’s jump ahead to the circumstances of Alberto Gonzales’ resignation in August 2007. At the time, his sudden and confusing resignation was attributed to the multiple scandals embroiling him — chiefly the US Attorney firing scandal, but also Gonzales’ Clapper-like lies about the illegal wiretap program before the Senate a month earlier. But for some reason, Gonzales did not benefit from the kind of sinecure every other former Bush official — even James Comey, who went to Lockheed — enjoyed upon departure, which you would have thought he’d get after lying to protect the President.

Then, a year after Gonzales’ departure, we learned that in the weeks before he resigned, White House Counsel Fred Fielding had narced him out for storing a bunch of Top Secret CYA documents in a briefcase in his closet. Read more