Posts

Christopher Wray Was Doing Great Until He Accused Chad of Spewing Jihadist Propaganda

In his first House Judiciary Committee oversight hearing today, FBI Director Christopher Wray responded to questions about FBI Agent Peter Strzok by explaining there was an ongoing Inspector General investigation into Strzok’s role in the investigation into Hillary’s treatment of classified information more times (at least 16) than he dodged answers in his confirmation hearing (11).

At that level, it was a typical HJC hearing, as each side spent more time pitching their partisan spin (with Democrats asking a string of questions Wray was unable to answer about Russia) rather than — with a few exceptions — conducting much oversight.

That said, I really appreciated two aspects of Wray’s testimony today. First, with the very notable exception of FISA matters (specifically, any FISA applications tied to Trump’s associates, and whether they derived in any way from the Steele dossier), Wray seemed genuinely willing to accept HJC’s mandate to conduct oversight.

As I’ve already noted, I get that HJC can be full of partisan hacks. But it is also the case that the Executive branch, particularly something as powerful as the FBI, must be subject to the oversight requests of Congress. And under both the Bush and Obama Administrations, FBI and DOJ largely treated their oversight committees with (sometimes deserved, but often undeserved) contempt. Even where Wray was bullshitting members of Congress, such as when he pretended that moving Strzok to human resources wasn’t a demotion, he at least appeared to treat their inquiries with respect.

Perhaps, if it is treated with respect it sometimes doesn’t deserve, HJC will come to become the committee FBI and DOJ need as an oversight body.

The other thing I appreciated — particularly in the wake of Jim Comey’s treatment of everything as a fight between “good guys” and “bad guys” — was Wray’s repeated invocation of the humanness of FBI and its officials. For example, in what must have been a rehearsed response to a question about the reputation of the FBI, Wray said, “Do we make mistakes? You bet we make mistakes. Just like everyone who is human makes mistakes,” before describing how the IG (which is currently investigating Strzok) provides the opportunity to “hold our folks accountable, if that’s appropriate.” Somewhat less convincingly, in response to a question from Cedric Richmond, who cleverly noted that the FBI Headquarters is still named after the architect of COINTELPRO, J Edgar Hoover, Wray again stressed the humanity of FBI. “It’s something we’re not proud of but it is also something we’ve learned from … We’re human, we make mistakes. We have things that we’ve done well. We’ve had things we done badly, and when we’ve done badly we try to learn from them.”

Given FBI’s intransigence on back door searches and Wray’s own evolving understanding of the problems caused by the designation Black Identity Extremist (not to mention what appears to be undeserved self-congratulation about how many — or rather few — open investigation into white supremacist terrorists the FBI has) I’m not convinced the FBI really has learned those lessons. It is still too white and too male of an organization to understand how much it polices some of the same things COINTELPRO did, and with even more intrusive tools.

But I am heartened that the FBI Director, perhaps largely because of the focus on Strzok, publicly recognized that FBI is not always the good guy, contrary to what Comey internalized and evangelized over and over. In discussions with Karen Bass about the BIE designation, too, it sounded like he was at least able to listen, even if he refused to withdraw the intelligence report that created the designation.

That said, Wray made several outright errors that need to be corrected.

The first two, both about Section 702, came in response to questions by Ted Poe (who was one of just a few people to raise Section 702, in spite of the fact that I’ve heard from numerous staffers they can’t get answers about key aspects of how 702 works). First, addressing Poe’s claim that back door searches are abusive, Wray claimed that courts that had considered the querying had found it to be consistent with the Fourth Amendment.

Every court, every  court, to have looked at the way in which Section 702 is handled, including the querying, has concluded that it’s being done consistent with the Fourth Amendment.

As the EFF laid out, that’s not actually true. The Ninth Circuit punted on precisely the issue of back door searches.

When Wray mentions the Ninth Circuit, he is likely referencing a 2016 decision by the U.S. Court of Appeals for the Ninth Circuit. In the opinion for USA v. Mohamed Osman Mohamud, the appeals court ruled that, based on the very specific evidence of the lawsuit, data collected under Section 702 did not violate a U.S. person’s Fourth Amendment rights. But the judge explicitly wrote that this lawsuit did not involve some of the more “complex statutory and constitutional issues” potentially raised by Section 702.

Notably, the judge wrote that the Mohamud case did not involve “the retention and querying of incidentally collected communications.” That’s exactly what we mean when we talk about “backdoor searches.”

Wray is mischaracterizing the court’s opinion. He is wrong.

In addition, Wray claimed that,

The individuals that are incidentally collected — the US person information that is incidentally collected — are people that are in communication with foreigners who are the subject of foreign intelligence investigations, so like an ISIS recruiter, there’s a US person picked up, that person would have been in email contact, for example, with an ISIS recruiter.

While I’m not certain precisely what gets dumped into the FBI database that is queried, it is false to claim that every US person who has information collected would necessarily have been in communication with the target. That’s because PRISM providers are cloud storage providers and NSA gets anything a target stores and then some, and because people email very interesting stuff to each other all the time. That means there’s a whole bunch of other things that might implicate US persons swept up in the PRISM collection that gets shared, in raw form, with the FBI.

I wanted to point to an assumption virtually everyone has been making about PRISM collection and its suitability for back door searches that may not be valid. If you think about the hack-and-leak dumps in recent years, for example, often the most damaging, as well as the most ridiculous infringements on privacy, involve email attachments, such as the list of most Democratic members of Congress’ email many passwords for which were easily obtainable online, or phone conversations about routine housekeeping or illness. And that’s just attachments; most of the PRISM providers are actually cloud storage providers, in addition to being electronic communication providers, and from the very first requests to Yahoo there was mission creep of all the types of things the government might demand.

And while NSA and FBI aren’t supposed to keep stuff that doesn’t count as foreign intelligence or criminal information, it’s clear (from the WaPo report) that NSA, at least, does.

So as we talk about how inappropriate the upstream back door searches were and are because they can search on stuff that’s not foreign intelligence information, we should remember that the very same thing is likely true of back door searches of  the fruits of searches on a person’s cloud storage account.

Plus, while the example of an ISIS recruiter makes for good show, the targets will also include people like Chinese scientists and Russian businessmen, among other things. There are completely innocent reasons — like science!!! — to speak to such targets. And yet if FBI does a back door search on Americans who’ve engaged in such innocent discussions it can and almost certainly has led to innocent people being targeted unfairly.

It bothers me that me — a dirty fucking hippie blogger, though admittedly one who has become (as a Congressional staffer introduced me as earlier this year) as expert on FISA as anyone outside of government — knows these details better than the FBI Director (who, after all, was involved in not providing defendants adequate notice of this stuff during its illegal go-around under Stellar Wind).

But Wray’s biggest error, on a different topic, came later. After first dodging Pramila Jayapal’s questions about whether Trump’s tweets have contributed to the spike of hate crimes this year by suggesting the data was untrustworthy (!!!), Director Wray than answered her question about the Muslim ban this way.

An awful lot of our terror investigations do also involve immigration violations, so there is a close nexus between immigration violations and counterterrorism investigations, and an awful lot of the terrorist investigations we have involve global jihadist rhetoric, which is disproportionately concentrated in certain countries.

One reason terror investigations involve immigration violations is because that’s an easy way to punish someone who hasn’t actually committed any crime (and given that most terrorist attacks are not recent immigrants, sort of beside the point).

But the notion that immigration from Muslim majority countries — like the six included in the current Muslim ban: Iran, Libya, Syria, Yemen, Somalia, and Chad — is dangerous because global jihadist rhetoric arises from those countries is the height of nonsense. That’s because the most effective recruiter of Americans for almost a decade was a man, Anwar al-Awlaki, who wrote much of his propaganda here or in the UK; while his rhetoric subsequently did get published from Yemen, he’s been dead for 6 years, with far less jihadist rhetoric in English from there. And while Syria, Somalia, and Libya do export hateful rhetoric, so did Iraq and does Saudi Arabia and Pakistan, two countries we haven’t banned. Iran certainly exports a great deal of anti-American rhetoric, but it is not recruiting terrorists here and most of its anti-American actions are legitimate state-based opposition derived from power relations, not religion. And Awlaki is by no means the only producer of anti-American rhetoric in majority Christian countries, including but not limited to the US and UK.

Ultimately, of course, Jayapal was talking about Trump’s Muslim ban, the one that bans elite Venezuelans and North Koreans along with weaker Muslim ones. And while he didn’t go as far as to say that Kim Jong-Un was spewing jihadist rhetoric, that’s the logic here.

But by implication, he was talking about Chad, which in spite of its cooperation on terrorism, got added to the list because Trump is incompetent. To suggest Chad is a propaganda threat and the US and UK are not is the height of folly.

But that’s what the FBI Director claimed today to avoid criticizing Trump’s bigotry.

Update: For some reason I was writing Cedric Richmond’s last name wrong all day today. I’ve corrected my use of “Johnson” instead of “Richmond” here. My apologies to him for my still uncorrected tweets.

“Hype:” How FBI Decided Searching 702 Content Was the Least Intrusive Means

Former FBI Special Agent Asha Rangappa has a defense of back door searches at Just Security that (unlike most defenses of 702) actually takes on those searches as practiced in most problematic way at FBI, rather than as done in much more controlled fashion at NSA.

FBI does federated searches

I think she nitpicks a few issues. For example, she claims that back door opponents claim there is a “stand-alone computer in the middle of each FBI office with a big sign that reads ‘702 DATABASE ‘” but then goes on to claim “FBI uses one database for all of its investigative functions,” even while admitting that the FBI really does “federated queries” of multiple repositories. The distinction — particularly given that we know the database comes with access limits tied to job function — could offer solutions to concerns about 702 data (including providing access to just metadata, a proposal I’m not a fan of but one she attacks in the post). She also ignores the FBI’s use of “ad hoc databases” that have posed access and data protection concerns in the past.  Which is to say, the technical realities of how FBI Agents access this data soup are more complex than she lays out, and those complexities should be part of the discussion because they present additional risks and opportunities.

FBI’s raw data will be US-person focused

Rangappa minimizes what percentage of raw data obtained by FBI would include US person contact.

According to FBI Director Christopher Wray, the FBI receives about 4.3 percent of the NSA’s total collection – and since not every incidental communication will necessarily involve an USPER, the number of communications involving Americans are likely less than that.

While the FBI does have global investigations, the FBI is going to have few full investigations that have no domestic component. Investigations focused on US victims (say a US company hacked by Russian or Chinese state actors) won’t include many US interlocutors, but the other most likely 702 related investigations would all be focused on international communications: who suspected extremists were talking to in the US, what Iranians were buying dual use or other proliferation products, including from US companies, which Americans that Chinese scientists or Russian businessmen were engaging with closely. The 5,000 or so targets sucked into FBI would be the 5,000 targets in most frequent contact with Americans, by design. That has been the entire justification for this collection program since its inception as Stellar Wind.

And — as Ron Wyden recently made clear — it is permissible to target a foreigner if collecting on a US person is one purpose of the targeting, so long as the foreigner is targetable in his own right. Indeed, we can probably point to examples where that happened. That’s going to increase the US content pulled in with those 5,000 targets.

702 can target a whole bunch of selectors

And I believe this is misleading.

PRISM allows the NSA to target non-U.S. persons reasonably believed to be located abroad based on “selectors” – like an email address or a phone number (but not keywords or names) – which will reasonably return foreign intelligence information.

It is true that upstream collection doesn’t use keywords (and has halted about collection altogether). It is true that the most common selector provided in a directive to Google will be an email address. But there are a slew of other kinds of selectors that NSA and FBI can target. That includes IP addresses, which given the 2014 exception means entirely domestic communications can be collected. Even ignoring the targeting of IP addresses that Americans are known to also use (which will come into FBI’s possession a different way), the collection on chat room IPs, just as one example, might suck up a lot more US person content than individual emails might. And the FBI can also search for things like cookies or encryption tools, which will pull in different kinds of content.

FBI’s queries are not all routinely audited

I think Rangappa overstates the tracking of queries and makes an outright error when she claims that backdoor searches are “routinely audited.”

Every query, furthermore, is documented and placed in a case file. (If we learned anything from James Comey, it’s that the FBI puts everything down on paper.) In fact, every query conducted by the FBI is recorded and must be traceable back to an authorized purpose and a case file.  Agent queries are routinely audited, and a failure of an agent to provide an authorized purpose for conducting a query can be grounds for sanctions, suspension, or even termination.

She overstates the tracking of queries because by design there’s not a case file for many of the queries in question, because they’re done at the assessment stage. Moreover, if the FBI tracked its queries as well as Rangappa claims, it could provide documentation of what was going on to oversight bodies, but it has persistently claimed it could not do so, not in public, and not even in private.

More importantly, the FBI’s use of 702 is simply not audited adequately. That’s true, in part, because in 2012-2013, FBI moved much of its FISA activity to field offices, and not every field office gets audited every six months.

During this reporting period, however, FBI transitioned much of its dissemination from FBI Headquarters to FBI field offices. NSD is conducting oversight reviews of FBI field offices use of these disseminations, but because every field office is not reviewed every six months, NSD no longer has comprehensive numbers on the number of disseminations of United States person information made by FBI.

In 2015 — the most recent period for which we’ve gotten a Semiannual Report — NSD only reviewed minimization at 15 field offices (and ODNI did not attend all of these).

During these field office reviews, NSD also audits a sample of FBI personnel queries in systems that contain unminimized Section 702 collection. As detailed in the attachments to the Attorney General’s Section 707 Report, NSD conducted minimization reviews at 15 FBI field offices during this reporting period and reviewed cases involving Section 702-tasked facilities.

FBI has 56 field offices. And while I’m confident that NSD focuses its 702 reviews on the offices that work with FISA most often — places like DC, NY, LA, SF, and places with significant foreign population, like Detroit and Minneapolis — that means that when a field office that doesn’t use FISA often (say, if an Agent in Milwaukee were researching a hacker named MalwareTech), a combination of inexperience and lax oversight might be especially likely to result in problems.  And note, in any office, just a sample of queries gets reviewed, as the government explained to FISC last year, and the tracking isn’t detailed enough to figure out what occurred with a query without talking to the Agent who did it.

Additionally, NSD conducts minimization reviews in multiple FBI field offices each year. As part of these minimization reviews, NSD and FBI National Security Law Branch have emphasized the above requirements and processes during field office training. Further, during the minimization reviews, NSD audits a sample of queries performed by FBI personnel in the databases storing raw FISA-acquired information, including raw section 702-acquired information. Since December 2015, NSD has reviewed these queries to determine if any such queries were conducted solely for the purpose of retaining evidence of a crime. If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query.

Notably, the one case where FBI reported a criminal return on a criminal search in 702 information only got reported after NSD did follow-up questioning. So yeah, NSD spends 4 days at Main Justice reviewing this stuff and goes to 27% of the field offices every six months, but that’s a far cry from “routinely auditing” queries.

The importance of investigative levels

The most remarkable thing about Rangappa’s post, however, is how well she exhibits the absurdity of what really goes on here. She correctly states — as I reported here — that FBI only obtains 702 content in full investigations. And she provides a short description of FBI’s three investigative levels.

Specifically, the NSA passes on to the FBI information collected on selectors associated with “Full Investigations” opened by the FBI. Full Investigations are the most serious class of investigations within the Bureau, and require the most stringent predicate to open: There must be an “articulable factual basis” that a federal crime has occurred or is occurring or a threat to national security exists.  (Two other investigative classifications, Preliminary Investigations and Threat Assessments, have lower thresholds to open and shorter time limits to remain open.)

She helpfully describes how investigations work through stages, with new investigative methods approved for each

Querying DIVS is, quite literally, the first and most basic thing the FBI does in its investigative sequence. Depending on the kind of information the search returns, an agent will then take the next prescribed step as outlined in the FBI’s Domestic and Investigative Operations Guide (DIOG) until a case is either opened for further investigation, or the matter is resolved in the negative and closed.

She then dismisses the concern that FBI does queries of 702 data at the assessment level without really addressing it.

Much of the criticism of the FBI’s use of 702 centers around the fact that agents can query subjects in their databases even if there is no evidence of criminal wrongdoing. However, as any law enforcement official will tell you, criminals and spies don’t show up on the doorstep of law enforcement with all of their evidence and motives neatly tied up in a bow. Cases begin with leads, tips, or new information obtained in the course of other cases. Often, the discrete pieces of information the FBI receives may not in and of themselves constitute criminal acts – and the identifying information provided to the FBI may be incomplete. However, anytime the FBI receives a credible piece of information that could indicate a potential violation of the law or a threat to national security, it has a legal duty determine whether a basis for further investigation exists. It is for this reason that a query of its existing databases is essential before proceeding further.

Somehow, the necessity of investigating a tip requires not an assessment of the lead itself, but querying a vast data store to see if the lead connects to any other known evidence even if that evidence is not itself evidence of criminal behavior. (One of the reasons FBI does that — which I’ve written about elsewhere — is to make it easier to find informants.)

That logic — which absolutely reflects the logic under which FBI operates — is all the more bizarre given the fact that the FBI is obliged, under the same DIOG Rangappa cites as the basis for the step-by-step development of an FBI case, to always consider using the “least intrusive” means as laid out by this language in the Attorney General Guidelines.

The conduct of investigations and other activities authorized by these Guidelines may present choices between the use of different investigative methods that are each operationally sound and effective, but that are more or less intrusive, considering such factors as the effect on the privacy and civil liberties of individuals and potential damage to reputation. The least intrusive method feasible is to be used in such situations.

DIOG section 4.4, which lays out what least intrusive means, says that “wiretaps … are very intrusive.” It says that “collecting information regarding an isolated event, such as a certain phone number called … is less intrusive or invasive of an individual’s privacy than collecting a complete communications … profile.” It states that, “If, for example, the threat is remote, the individual’s involvement is speculative, and the probability of obtaining probative information is low, intrusive methods may not be justified, and, in fact, may do more harm than good.”

Ultimately, though, the DIOG swallows all these rules by stating that, “FBI employees may use any lawful method allowed, even if intrusive, where the intrusiveness is warranted by the threat to the national security.” The logic must be — probably not born out even by FBI’s limitation to obtaining raw 702 data tied to Full Investigations — that for any person tied to a Full Investigation, any possible tie to an American about whom someone has submitted a tip, national security overrides all FBI’s rules about least intrusive methods.

But nonetheless, the FBI’s own guidelines admit how intrusive it is to start an investigation by looking at entire conversations rather than simply seeing the record of a email sent. That is, however, what the routine practice is.

Christopher Wray and the Myth Created by Parallel Construction

At the Friday Heritage Foundation Section 702 event, FBI Director Christopher Wray argued that reforming Section 702 (he suggested, illogically, making any reforms) would rebuild the wall taken down after 9/11. (Here’s the transcript, which unfortunately doesn’t include the Q&A period.)

I think back to the time that I was in government before on 9/11, right before 9/11, right after 9/11. I think about how hard dedicated men and women throughout the intelligence community worked to try to tear down the walls that had prevented us from connecting all the information that might have been able to prevent those attacks. As I said at the beginning, listening to this debate right now, watching some of the potential ideas that are being floated strikes me as eerily similar to people, well-intentioned, starting to put bricks into a wall.

There are problems with that argument (which have as much to do with our national myopia about the risks we face and how we’ve combatted them as anything else). But I’m grateful Wray made an effort to avoid the ad hominem attacks some of Section 702’s other boosters have resorted to.

Still, Wray’s response to concerns about using Section 702 in criminal prosecutions got dangerously close to that. In response to a question from David Shedd, Wray said that concerns about the topic derive from a myth. Those of us with such concerns, Wray said, are just “confused.”

There’s been a little bit of myth development in that space. When we talk about the criminal side, I think it’s important to distinguish between the tip and lead kind of scenario that I’m describing, which is where Section 702 is so important, and the prosecution end of it, where the information of any sort is being used. Section 702 has not been used for any traditional criminal case as evidence in a trial or anything like that ever, except in about 10 terrorism prosecutions. So the notion that there are criminal agents using Section 702 to make garden variety criminal cases, that’s just myth. It is not happening.

I’m reluctant to try to guess as to how people who are confused get confused. My goal is to get them straight.

To claim this is a myth, of course, Wray has to rely on a bogus number of defendants who have gotten their legally required 702 notice — ten counterterrorism cases — thereby pretending that 702 hasn’t had a key role in far, far more criminal cases, and not just in counterterrorism cases, but also counterespionage (including nation-state hacking) and counterproliferation cases.  (Interestingly, defendants are only known to have gotten notice in eight cases, meaning Wray may have revealed two more where defendants got non-public notice.) Plus, as I’ve noted, FBI submitted notice about attorney-client violations to FISC in nine cases in the time since DOJ largely stopped giving defendants notice.

The numbers just don’t add up.

Which means, in significant part, what Wray calls a myth is, in reality, parallel construction, a myth of a different sort, the myth that law enforcement tells defendants about where their cases came from or why certain approaches were used with the case, the myth created by DOJ’s secret interpretations about how they deal with legally mandated FISA notice. The myth that decides Keith Gartenlaub is a counterintelligence threat because of the conversations he conducts on Skype, a PRISM provider, with his in-laws, only to scrub all mention of those Skype conversations (and, DOJ presumably maintains in its secret policies on the issue, the legal obligation to give notice) once you go to trial.

Wray goes on to blithely describe how content collected without a warrant comes to define the tips FBI Agents get, even before any evidence has been collected.

There’s the information over here, that the Agent is seeing in real time in the US. That’s the tip or the lead. And then there’s the information in the database. And it’s the connection that’s important. Let me talk about what’s in the database, first, and what isn’t. What’s in the database — that 4.3% [of the NSA’s targets] — that’s not evidence of garden variety criminal conduct. The only stuff that’s in that is information about foreigners, reasonably believed to be overseas, for foreign intelligence purposes. So that’s foreign intelligence information in there. That’s not evidence of … I don’t know, pick an example, you know, child porn, or something else. It could be very serious, but that’s not what’s in there. So the Agent over here, if he’s in national security investigator is connecting national sec–something that he thinks is national security information with foreign intelligence information. The criminal agent, who is not doing anything related to national security, he’s not looking to try to find some national security hook for his case. He’s just trying to make sure — let’s say he’s got a cigarette smuggling case — one of the things we know is that terrorist groups have used things like cigarette smuggling to finance their activities. There are cases that Department of Justice has brought over the years on that very thing. Cigarette smuggling is a crime. Well, it could be handled one way but if it turns out that cigarette smuggling that’s designed to support Hezballah, that’s different. It needs to be viewed differently. But we won’t know if we just build a wall between the Agent and the information that’s sitting right over here in the FBI database. [my emphasis]

Wray makes another error here, in claiming that “That’s not evidence of … I don’t know, pick an example, you know, child porn,” in the information FBI deems foreign intelligence information. Either that, or the government should very quickly inform the Ninth Circuit of that fact, because Keith Gartenlaub is as we speak challenging the use of a physical search FISA order to turn nine-year old child porn lying unaccessed on his hard drives into foreign intelligence information and thereafter into a criminal prosecution.

But it’s not just Gartenlaub and a traditional FISA search. Given that 702 PRISM collection obtains not only emails, but also attachments and data stored in the cloud, it will obtain a lot more than communications, including photos. Those photos may be garden variety sexy photos shared between adults (indeed, photos of that kind were also introduced in Gartenlaub’s case). But they also may be abusive photos of children. The Intelligence Community will use both kinds — as well as all the other kinds of non-email information obtained by targeting email accounts — for its foreign intelligence purposes.

It’s fairly unfortunate that, three years after FBI asked for and obtained a change in its Section 702 minimization procedures so as to be able to easily deal with child porn discovered using it, the FBI Director claimed publicly that Section 702  data doesn’t include child porn.

Of course it does.

Whether we should want the FBI to immediately prosecute child porn discovered in the name of foreign intelligence information or, first (as happened with Gartenlaub) use it to try to flip someone to become an informant, is a policy discussion we’re not having.

But the reason we’re not having that discussion is because of the other myth being told, the myths about prosecutions that have used parallel construction to hide the whys and wherefores of the case, in large part to sustain the myth Wray is telling here, that those tips and that warrantless collection have nothing to do with each other.

I appreciate Wray’s efforts to avoid dodging the key issues by attacking those of us who recognize the 702 needs reform. But what is really going on is that the myths the government tells about how intelligence is used serves to make a real policy discussion difficult (for people like me, who know the criminal cases) and impossible (for staffers and members of Congress, who don’t). Wray and others in the intelligence community have grown so accustomed to these myths (see this Bob Litt exchange for an example), that they don’t even seem to see the implications of parallel construction for our claims to due process anymore. If we’re confused about the use of 702 information in criminal proceedings, the government is confused about how metasticizing parallel construction rots the guarantees in our Constitution.

I imagine FBI would like to defer this discussion once again; pretending reformers are the ones inventing myths is a good way to do that. But it’s important, this time around, that we call the government on the myths they tell, even while they claim we’re the ones who’re confused.

Update: When I asked FBI about the discrepancy in numbers (8 versus 10), a spox emphasized that Wray said “about” 10 cases have used 702 evidence.

Evidence the US Government Used Section 702 against Keith Gartenlaub[‘s Parents-in-Law]

A few weeks ago, I laid out how the Keith Gartenlaub case made child pornography foreign intelligence information. I showed how the FBI moved back and forth from a criminal to a FISA to a criminal warrant, only to try to use evidence of child pornography to get Gartenlaub to flip on his Chinese in-laws regarding suspected spying.

In this post, I want to lay out circumstantial evidence that Section 702 was used in the case — probably to spy on communications of Gartenlaub’s Chinese in-laws as well as his communications with them. This is circumstantial, but important, particularly given FBI Director Christopher Wray’s claims last Friday that 702 doesn’t include child pornography and has only been used in counterterrorism cases.

FBI cites his communications on PRISM providers to obtain warrant for domestic records from those providers

The first reason to believe FBI used Section 702 with Gartenlaub is that the first warrant affidavit in the case, used to obtain his and his wife’s Yahoo and Google account data, looks like typical parallel construction. It provides a means to get the content from specific PRISM providers based in large part on the use of those providers to communicate with people in China.

The GARTENLAUB SUBJECT ACCOUNT, [email protected], is used by Keith Gartenlaub at work and at home based on information provided by Boeing regarding the use of his Boeing issued laptop computer . Information obtained from a court-authorized pen register and trap and trace device shows that he is in contact with a China based email account using a Shanghai IP address seven times since March 2013. The GARTENLAUB SUBJECT ACCOUNT is also used to communicate with his wife, as reflected in the results of a pen register and trap and trace device. Emails are also forwarded from Gartenlaubs Boeing e-mail account to the GARTENLAUB SUBJECT ACCOUNT, evidence of which exists on the results of the data pen and trap and trace device.

Given that this was a spying case, the Chinese interlocutors would have been solid Section 702 targets. Though, remarkably, nowhere in the unclassified legal documents does the government do anything more than cite him saying his wife’s family was “well connected” to explain who those suspected spying recruiters were.

Gartenlaub stated he never had to worry about his security while traveling in China because his wife’s family is “well connected.” Gartenlaub did not elaborate on what connections she has.

To get the later (or earlier!) FISA order, the FBI would have had to detail who in China he was talking about. And to get that they likely would have used 702.

The mysterious absence of Skype in evidence

In addition to Google and Yahoo, the affidavit asking for Google and Yahoo content also described his most frequent communications with people in China taking place on Skype.

I have also reviewed the records provided by Skype for the account subscribed to Keith Gartenlaub. Those records showed that in the period of April 2011 to March 2013, the account contacted other accounts based in China approximately once every three days, on average. (Gartenlaub was interviewed on February 7 , 8, and 22, 2013). After Gartenlaub was contacted by the FBI to set up an interview, the Skype account subscribed to Gartenlaub contacted accounts based in China approximately three times per day 1 on average.

[snip]

His contact with Chinese-based Skype accounts spiked as soon as he was contacted by the FBI about the C17 investigation;

But not only does the affidavit not ask for a warrant for Skype (as part of Microsoft, a PRISM provider), as best I can tell no Skype data ever got introduced at trial.

In other words, a key reason they suspected Gartenlaub — his discussions with elites in China — never made it into the case in chief.

Which may be how they avoided giving him his legally mandated 702 notice.

The timing of the Section 702 NCMEC change

Then there’s the most obvious reason to think that Gartenlaub’s prosecution implicates Section 702: the coincidence between the the change in Section 702’s minimization procedures, as it pertains to sharing with the Center for Missing and Exploited Children, and the date of his arrest.

The government changed the standard minimization procedures for individualized FISA orders on August 11, 2014. Then, citing back to this earlier change, FISC approved an equivalent change in the Section 702 minimization procedures on August 26, 2014. The next day, the government arrested Gartenlaub. Particularly given how long they had had the child porn from the January 2014 search, it seems likely they waited until all relevant authorities included NCMEC permission before arresting him based off information that clearly relied on FISA information, if not earlier 702 information.

Mind you, the change in the 702 minimization procedures would only be necessary to cover Gartenlaub’s case if the government had found some evidence of the child porn before the FISA search. I can’t think of any way they could have done that unless they found him sharing porn with targeted people in China. That shouldn’t be possible — not according to regular targeting rules, anyway.

Still, the timing does make me think the government wanted both sets of minimization procedures available in time for the arrest.

Whatever the case, given how easily the government could have targeted Gartenlaub’s in-laws, and given the PRISM providers implicated (both in the known discovery and the missing Skype communications), I think it highly likely the government used Section 702 as part of this case.

Even if they didn’t provide notice.

Chris Wray’s DodgeBall and Trump’s Latest Threats

Though I lived-tweeted it, I never wrote up Christopher Wray’s confirmation hearing to become FBI Director. Given the implicit and explicit threats against prosecutorial independence Trump made in this interview, the Senate should hold off on Wray’s confirmation until it gets far more explicit answers to some key questions.

Trump assails judicial independence

The NYT interview is full of Trump’s attacks on prosecutorial independence.

It started when Trump suggested (perhaps at the prompting of Michael Schmidt) that Comey only briefed Trump on the Christopher Steele dossier so he could gain leverage over the President.

Later, Trump called Sessions’ recusal “unfair” to the President.

He then attacked Rod Rosenstein by suggesting the Deputy Attorney General (who, Ryan Reilly pointed out, is from Bethesda) must be a Democrat because he’s from Baltimore.

Note NYT goes off the record (note the dashed line) with Trump in his discussions about Rosenstein at least twice (including for his response to whether it was Sessions’ fault or Rosenstein’s that Mueller got appointed), and NYT’s reporters seemingly don’t think to point out to the President that he appeared to suggest he had no involvement in picking DOJ’s #2, which would seem to be crazy news if true.

Finally, Trump suggested (as he has elsewhere) Acting FBI Director Andrew McCabe is pro-Clinton.

Having attacked all the people who are currently or who have led the investigation into him (elsewhere in the interview, though, Trump claims he’s not under investigation), Trump then suggested that FBI Directors report directly to the President. In that context, he mentioned there’ll soon be a new FBI Director.

In other words, this mostly softball interview (though Peter Baker made repeated efforts to get Trump to explain the emails setting up the June 9, 2016 meeting) served as a largely unfettered opportunity for Trump to take aim at every major DOJ official and at the concept of all prosecutorial independence. And in that same interview, he intimated that the reporting requirements with Christopher Wray — who got nominated, ostensibly, because Comey usurped the chain of command requiring him to report to Loretta Lynch — would amount to Wray reporting directly to Trump.

Rosenstein does what he says Comey should be fired for

Close to the same time this interview was being released, Fox News released an “exclusive” interview with Rod Rosenstein, one of two guys who acceded to the firing of Jim Comey ostensibly because the FBI Director made inappropriate comments about an investigation. In it, the guy overseeing Mueller’s investigation into (in part) whether Trump’s firing of Comey amounted to obstruction of justice, Rosenstein suggested Comey acted improperly in releasing the memos that led to Mueller’s appointment.

And he had tough words when asked about Comey’s recent admission that he used a friend at Columbia University to get a memo he penned on a discussion with Trump leaked to The New York Times.

“As a general proposition, you have to understand the Department of Justice. We take confidentiality seriously, so when we have memoranda about our ongoing matters, we have an obligation to keep that confidential,” Rosenstein said.

Asked if he would prohibit releasing memos on a discussion with the president, he said, “As a general position, I think it is quite clear. It’s what we were taught, all of us as prosecutors and agents.”

While Rosenstein went on to defend his appointment of Mueller (and DOJ’s reinstatement of asset forfeitures), he appears to have no clue that he undermined his act even as he defended it.

Christopher Wray’s dodge ball

Which brings me to Wray’s confirmation hearing.

In fact, there were some bright spots in Christopher Wray’s confirmation hearing, mostly in its last dregs. For example, Dick Durbin noted that DOJ used to investigate white collar crime, but then stopped. Wray suggested DOJ had lost its stomach for such things, hinting that he might “rectify” that.

Similarly, with the last questions of the hearing Mazie Hirono got the most important question about the process of Wray’s hiring answered, getting Wray to explain that only appropriate people (Trump, Don McGahn, Reince Priebus, Mike Pence) were in his two White House interviews.

But much of the rest of the hearing alternated between Wray’s obviously well-rehearsed promises he would never be pressured to shut down an investigation, alternating with a series of dodged questions. Those dodges included:

  • What he did with the 2003 torture memo (dodge 1)
  • Whether 702 should have more protections (dodge 2)
  • Why did Trump fire Comey (dodge 3)
  • To what extent the Fourth Amendment applies to undocumented people in the US (dodge 4)
  • What we should do about junk science (dodge 5)
  • Whether Don Jr should have taken a meeting with someone promising Russian government help to get Trump elected (dodge 6)
  • Whether Lindsey Graham had fairly summarized the lies Don Jr told about his June 9, 2016 meeting (dodge 7)
  • Can the President fire Robert Mueller (dodge 8)
  • Whether it was a good idea to form a joint cyber group with Russia (dodge 9)
  • The role of tech in terrorist recruitment (dodge 9 the second)
  • Whether FBI Agents had lost faith in Comey (dodge 10)
  • Who was in his White House interview — though this was nailed down in a Hirono follow up (dodge 11)

Now, don’t get me wrong, this kind of dodge ball is par for the course for executive branch nominees in this era of partisan bickering — it’s the safest way for someone who wants a job to avoid pissing anyone off.

But at this time of crisis, we can’t afford the same old dodge ball confirmation hearing.

Moreover, two of the these dodges are inexcusable, in my opinion. First, his non-responses on 702. That’s true, first of all, because if and when he is confirmed, he will have to jump into the reauthorization process right away, and those who want basic reforms let Wray off the hook on an issue they could have gotten commitments on. I also find it inexcusable because Wray plead ignorance about 702 even though he played a key role in (not) giving defendants discovery on Stellar Wind, and otherwise was read into Stellar Wind after 2004, meaning he knows generally how PRISM works. He’s not ignorant of PRISM, and given how much I know about 702, he shouldn’t be ignorant of that, either.

But the big one — the absolutely inexcusable non answer that would lead me to vote against him — is his claim not to know the law about whether the President can fire Robert Mueller himself.

Oh, sure, as FBI Director, Wray won’t be in the loop in any firing. But by not answering a question the answer to which most people watching the hearing had at least looked up, Wray avoided going on the record on an issue that could immediately put him at odds with Trump, the guy who thinks Wray should report directly to him.

Add to that the Committee’s failure to ask Wray two other questions I find pertinent (and his answers on David Passaro’s prosecution either revealed cynical deceit about his opposition to torture or lack of awareness of what really happened with that prosecution).

The first question Wray should have been asked (and I thought would have been by Al Franken, who instead asked no questions) is the circumstances surrounding Wray’s briefing of John Ashcroft about the CIA Leak investigation in 2003, including details on Ashcroft’s close associate Karl Rove’s role in exposing Valerie Plame’s identity.

Sure, at some level, Wray was just briefing his boss back in 2003 when he gave Ashcroft details he probably shouldn’t have. The fault was Ashcroft’s, not Wray’s. But being willing to give an inappropriate briefing in 2003 is a near parallel to where Comey found himself, being questioned directly by Trump on a matter which Trump shouldn’t have had access to. And asking Wray to explain his past actions is a far, far better indication of how he would act in the (near) future than his rehearsed assurances he can’t be pressured.

The other question I’d have loved Wray to get asked (though this is more obscure) is how, as Assistant Attorney General for the Criminal Division under Bush, he implemented the July 22, 2002 Jay Bybee memo permitting the sharing of grand jury information directly with the President and his top advisors without notifying the district court of that sharing. I’d have asked Wray this question because it was something he would have several years of direct involvement with (potentially even with the Plame investigation!), and it would serve as a very good stand-in for his willingness to give the White House an inappropriate glimpse into investigations implicating the White House.

There are plenty more questions (about torture and the Chiquita settlement, especially) I’d have liked Wray to answer.

But in spite of Wray’s many rehearsed assurances he won’t spike any investigation at the command of Donald Trump, he dodged (and was not asked) key questions that would have made him prove that with both explanations of his past actions and commitments about future actions.

Given Trump’s direct assault on prosecutorial independence, an assault he launched while clearly looking forward to having Wray in place instead of McCabe, the Senate should go back and get answers. Trump has suggested he thinks Wray will be different than Sessions, Rosenstein, Comey, and McCabe. And before confirming Wray, the Senate should find out whether Trump has a reason to believe that.

Update: I did not realize that between the time I started this while you were all asleep and the time I woke up in middle of the night Oz time SJC voted Wray out unanimously, which is a testament to the absolute dearth of oversight in the Senate.

Trump FBI Nominee Christopher Wray Gave Inappropriate Briefings to John Ashcroft During Plame Investigation

Donald Trump has tweeted that he will nominate Christopher Wray, who worked in Bush’s DOJ, to head the FBI.

While most people are noting that Wray is Chris Christie’s personal lawyer in Bridgegate, I’m at least as interested in some of the things he did while at DOJ, as Assistant Attorney General for the Criminal Division.

Wray was on the border of a lot of torture decisions in 2004 — the ACLU database of torture documents is full of entirely redacted documents involving him.

Wray was involved in one of the noted field trips to Gitmo to watch torture.

And he also charged David Passaro, the only CIA person (Passaro was a contractor training Afghans to be paramilitaries) ever charged for torture. DOJ seized a bunch of documents Passaro had which would have shown that CIA’s chain of command had approved torture. Whatever you think of Passaro, I strongly believe he was denied due process in a number of ways.

To Wray’s credit, he was the first to review Stellar Wind data for information that might need to be disclosed as discovery to defendants.

While Assistant Attorney General for the Criminal Division, Wray was involved in negotiations with lawyers for Chiquita (including Eric Holder) that resulted in Chiquita’s executives avoiding all penalties for materially supporting Colombian terrorists.

Finally and probably most importantly, also while AAG DOJ in the early days of the Plame investigation, Wray provided inappropriate briefings to John Ashcroft about what Ashcroft’s buddies had said during FBI interviews.

Among other things, the sources said, Ashcroft was provided extensive details of an FBI interview of Karl Rove, President George W. Bush’s chief political advisor. The two men have enjoyed a close relationship ever since Rove advised the Attorney General during the course of three of Ashcroft’s political campaigns.

The briefings for Ashcroft were conducted by Christopher Wray, a political appointee in charge of the Justice Department’s criminal division, and John Dion, a 30-year career prosecutor who was in charge of the investigation at the time. Neither Wray nor Dion returned phone calls seeking comment for this story.

The briefings raise questions about the appropriateness of Ashcroft’s involvement in the investigation, especially given his longstanding ties to Rove. Senior federal law-enforcement officials have expressed serious concerns among themselves that Ashcroft spent months overseeing the probe and receiving regular briefings regarding a criminal investigation in which the stakes were so high for the Attorney General’s personal friends, political allies, and political party. One told me, “Attorneys General and U.S. Attorneys in the past traditionally recused for far less than this.”

This is what led to Ashcroft’s recusal and the appointment, by Deputy Attorney General Jim Comey, of Patrick Fitzgerald as special counsel.

In short, it seems Wray is likely to ensure that highers up never see any consequences for their actions. And he sure seems likely to keep Trump in the loop on the investigation of Trump.

Update: Jack Goldsmith, who of course worked closely with Wray while at DOJ, thinks he is a “a good choice, a much better choice than any name I previously saw floated, and a much better choice than I expected Trump to make,” though notes there will be a “probing confirmation process” ahead.

Update: Here’s a hearing in which Wray got questioned about inappropriate briefings. h/t NW

Update: LOLOL. DOJ released a list of endorsements for Wray, about which I’ll have more to say. But they included an endorsement from the guy who made Wray give him inappropriate briefings.

“Chris Wray is a man of integrity with a deep commitment to the rule of law. His substantial experience, particularly in serving on our Justice Department team fighting terrorism after 9/11, uniquely qualifies him to protect America as FBI Director.”
–Former Attorney General John Ashcroft