Posts

Section 309: A Band-Aid for a Gaping Wound in Democracy

Someone surveilling our conversation "connection chained" Bob Litt and I while chatting at CATO.

Metadata: Someone surveilling our conversation “connection chained” Bob Litt and me chatting about spying on Americans in the Hayek Auditorium at CATO on 12/12/14.

On Friday, officials from James Clapper’s office confirmed in a number of different ways that the government obtains “vast troves” of Americans’ communication overseas. And rather than enforce Dianne Feinstein and Mark Udall’s suggestion that the intelligence community treat it under FISA — as the spirit of FISA Amendment Acts, which extended protection to Americans abroad, would support — Congress instead passed Section 309, a measure to impose limited protections on vast unregulated spying on Americans.

This all happened at CATO’s conference on surveillance, an awesome conference set up by Julian Sanchez.

My panel (moderated very superbly by Charlie Savage) revisited at length the debate between former State Department whistleblower John Napier Tye and Director of National Intelligence Civil Liberties Officer Alex Joel (into which I stuck my nose). As he did in his Politico post responding to Tye’s alarms about the risk of EO 123333 collection against Americans to democracy, Joel pointed to the topical limits on bulk collection Obama imposed in his Presidential Policy Directive 28, which read,

The United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats. Routine communications and communications of national security interest increasingly transit the same networks, however, and the collection of signals intelligence in bulk may consequently result in the collection of information about persons whose activities are not of foreign intelligence or counterintelligence value. The United States will therefore impose new limits on its use of signals intelligence collected in bulk. These limits are intended to protect the privacy and civil liberties of all persons, whatever their nationality and regardless of where they might reside.

In particular, when the United States collects nonpublicly available signals intelligence in bulk, it shall use that data only for the purposes of detecting and countering: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; (4) cybersecurity threats; (5) threats to U.S. or allied Armed Forces or other U.S or allied personnel; and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section.

I noted — as I did in my Salon piece on the topic — that bulk collection for even just one topic means the collection of everything, as counterterrorism serves as the excuse to get all phone records in the US in the phone dragnet. Joel did not dispute that, explaining that PPD-28 only limits the use of data that has been bulk collected to these six purposes. PPD-28 does nothing to limit bulk collection itself. Though the fact that these limitations have forced a change in how the NSA operates is testament that they were using data collected in bulk for even more reasons before January.

The NSA is, then, aspiring to collect it all, around the world.

Which was a point confirmed in an exchange between Joel and Tye. Joel claimed we weren’t collecting nearly all of the Internet traffic out there, saying it was just a small fraction. Tye said that was disingenuous, because 80% of Internet traffic is actually things like Netflix. Tye stated that the NSA does collect a significant percentage of the remainder (he implied most, but I’d want to see the video before I characterize how strongly he said that).

Again, collect it all.

Our panel didn’t get around to talking about Section 309 of the Intelligence Authorization, which I examined here. The Section imposes a 5 year retention limit on US person data except for a number of familiar purposes — foreign intelligence, evidence of a crime, encryption, all foreign participants, tech assurance or compliance, or an Agency head says he needs to retain it longer (which requires notice to Congress). Justin Amash had argued, in an unsuccessful attempt to defeat the provision, that the measure provides affirmative basis for sharing US person content collected under EO 12333.

In a later panel at the CATO conference, DNI General Counsel Bob Litt said that the measure doesn’t change anything about what the IC is already doing.  Read more

Should Alfreda Bikowsky’s Lawyer Really Be in Charge of Declassifying the Torture Report?

It took McClatchy 21 paragraphs to illustrate why it was such a big conflict of interest for Director of National Intelligence General Counsel to lead negotiations over how much of the torture report would be declassified, as he currently is doing.

According to reports in The Washington Post, Litt previously represented a CIA analyst, Alfreda Frances Bikowsky, who played a central role in the bungled rendition of Khaled el-Masri. El-Masri, who was revealed to be innocent, claimed to have been tortured by the agency.

As the rest of the article explains, Litt reviewed his role brokering the declassification process with ODNI’s Ethics officer — who is his subordinate — and she approved his participation.

But it still probably conflicts with Litt’s promises, made during his confirmation process, to recuse himself from matters affecting his former clients. And given the centrality of CIA’s absurd demand to hide even the pseudonyms making clear that the same woman who got El-Masri tortured also went out of her way to watch Khalid Sheikh Mohammed be tortured (among a fairly substantial list of other things — here’s a reminder of details on how she got promoted after the El-Masri debacle), it is a problem that Litt is brokering this process.

Don’t worry, National Security Council spokesperson Caitlin Hayden insists (fresh off insisting it’s a good thing that the White House cybersecurity czar doesn’t have a technical background), Bob Litt — the same guy hiding known dates in Internet dragnet documents, almost certainly to avoid legal repercussions — is one of the administration’s strongest proponents of what it calls “transparency.”™

“Bob Litt is one of the administration’s strongest proponents of transparency in intelligence, consistent with our national security, and he and we are fully committed to ensuring there is no conflict of interest as the administration continues to work to see the results of the committee’s review made public,” Hayden said in a statement.

Calling Bob Litt a proponent of “transparency”™ is itself cause for concern.

The Unaudited Tech Analyst Access to US Person Data

In addition to its exposure of the sheer senselessness of much of the spying NSA engages in, yesterday’s WaPo story also shows that the government’s assurances that Edward Snowden could not access raw data have been misplaced.

For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material.

As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists.

“He didn’t get this data,” Alexander told a New Yorker reporter. “They didn’t touch —”

“The operational data?” the reporter asked.

“They didn’t touch the FISA data,” Alexander replied. He added, “That database, he didn’t have access to.”

Robert S. Litt, the general counsel for the Office of the Director of National Intelligence, said in a prepared statement that Alexander and other officials were speaking only about “raw” intelligence, the term for intercepted content that has not yet been evaluated, stamped with classification markings or minimized to mask U.S. identities.

“We have talked about the very strict controls on raw traffic, the training that people have to have, the technological lockdowns on access,” Litt said. “Nothing that you have given us indicates that Snowden was able to circumvent that in any way.”

In the interview, Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA’s Hawaii operations center gave him “unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ‘Dual Authorities’ role,” a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content — and “task” new collection — without prior approval of his search terms.

No one should ever have believed those assurances.

That’s because the documentation on the Section 215 program makes it clear how little oversight there is over tech people just like Snowden. The current phone dragnet order, for example, makes it clear that:

  • Tech personnel may access the phone dragnet data to tweak it in preparation for contact-chaining
  • Unlike intelligence analysts, tech personnel may query the phone dragnet data with selectors that have not been RAS-approved
  • Tech personnel may also conduct regular queries using RAS-approved selectors
  • Tech personnel may access the dragnet data to search for high volume numbers — this may require access to raw data
  • Some of the tech personnel (those in charge of infrastructure and receiving data from the telecoms) are exempt from special training on the phone dragnet data

The audit language in the dragnet order applies only to “foreign intelligence analysis purposes or using foreign intelligence analysis tools,” suggesting the tech analysis role access to the dragnet data is not audited.

Language in the order defining “NSA” suggests contractors may access the data (though it’s unclear whether they do so in a technical or intelligence analysis function); something made explicit in Dianne Feinstein’s bill.

That is, it is at least possible that Booz analysts are currently conducting audit-free tech massaging of the raw phone dragnet data.

And NSA knew this access was a vulnerability. As recently as 2012, tech analysts were found to have 3,000 files worth of phone dragnet data (it’s unclear how much data each file included) on an improper server past its required destruction date. NSA destroyed that data before definitively researching what it was doing there.

Thus, the risk of tech analyst breach is very real, and no one — not NSA, and not Congress, which has only codified this arrangement — seems to be addressing it.

Indeed, it is likely that some kind of Booz-type contractors will continue to have direct access to this data after it gets outsourced to the telecoms, otherwise USA Freedumber would not extend immunity to such second-level contractors.

For months, intelligence officials claimed not only that Snowden had not accessed raw data, but could not. That was always a dubious claim; even if Snowden couldn’t have accessed that data, other contractors just like him could and still can, with less oversight than NSA’s intelligence analysts get.

But it turns out Snowden could and did. And thanks to that, we now know many of the other claims made by government witnesses are also false.

USA Freedumber Weakens FISC’s Authority Over Abuse of Emergency Queries

I Con the Record just released the most recent dragnet orders — I’ll have more comment on them later.

But for now, I wanted to show how HR 3361 — AKA the USA Freedumber Act — weakened FISA Court authority in yet another way.

I have repeatedly pointed to how pathetic the “prohibition” against using information, obtained via an Attorney General emergency order, but then ruled by the FISA Court to be an improper use of the Section 215 authority. It reads:

(5) If such application for approval is denied, or in any other case where the production of tangible things is terminated and no order is issued approving the production, no information obtained or evidence derived from such production shall be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in or before any court, grand jury, department, office, agency, regulatory body, legislative committee, or other authority of the United States, a State, or political subdivision thereof, and no information concerning any United States person acquired from such production shall subsequently be used or disclosed in any other manner by Federal officers or employees without the consent of such person, except with the approval of the Attorney General if the information indicates a threat of death or serious bodily harm to any person.

‘(6) The Attorney General shall assess compliance with the requirements of paragraph (5).

The bill would prohibit the government from using the improperly obtained information in trials and other proceedings. And the information is not supposed to be used in any manner — except if the Attorney General deems the information tin indicate a threat of death or bodily harm (which we know the government has secretly redefined to include threat to property).

But it’s the Attorney General — the same guy who approved the illegal production — who ensures the government follows that role.

Moreover, the bill does not require the government to destroy this data. They get to keep it.

Compare that with the status quo (see footnote 8).

In the event the Court denies such motion [retroactively seeking approval for emergency production], the government shall take appropriate remedial steps, including any steps the Court may direct.

Call me crazy, but I think the FISA Court judge who deemed the collection to be improper is a better person to determine what the remedy is to fix that improper collection.

I guess even that basic concept of separation of powers was too burdensome for Bob Litt.