Posts

Is PCLOB Holding Out for EO 12,333 Information?

/13 Comments/in /by

As you know, I’ve been tracking the way President Obama seems to want to game the various legislative and review group recommendations with his own.

Which is why I’m interested in this anonymous complaint, from someone in the White House, that PCLOB has not yet released its report.

Before making his final decisions, the president was supposed to receive a separate report from a semi-independent commission known as the Privacy and Civil Liberties Oversight Board, which was created by Congress. However, that panel’s report has been delayed without explanation until at least late January, meaning it won’t reach the president until after he makes his decisions public.

Members of that oversight board met with the president on Wednesday and have briefed other administration officials on some of their preliminary findings. In a statement, the five-member panel said its meeting with the Mr. Obama focused on the NSA phone collection program and the Foreign Intelligence Surveillance Court, which oversees the data sweeps.

It’s unclear why the president will announce his recommendations before receiving the report from the privacy and civil liberties board. One official familiar with the review process said some White House officials were puzzled by the board’s delay. The report would still be available to Congress, where legislators are grappling with several bills aimed at dismantling or preserving the NSA’s authority. [my emphasis]

The complaint is interesting not just because it betrays some consternation that the White House won’t be able to control the timing on all of this.

Last we heard from PCLOB on November 4, they said publicly that that report would focus on just Section 215 and 702 programs, the two programs the Administration has been trying to provide a limited hangout on since June (though in their Semi-Annual Report from November 3, they also said they were focusing on 12333 guidelines).

But different board members were also focusing on EO 12333 activities. PCLOB Chair David Medine asked about the theft of Google and Yahoo data off their fiber in Europe; Patricia Wald asked whether EO 12333 guidelines legally governed the dissemination of Section 215 data even if the FISC imposed more stringent guidelines; Medine asked whether searches of the corporate store (phone dragnet query results) are governed by EO 12333; and James Dempsey asked what governs the back door searches of data collected under EO 12333.

PCLOB board members clearly get that they can’t understand the NSA’s activities without understanding what goes on under EO 12333. Yet on one occasion (in response to the Google and Yahoo question), NSA’s General Counsel Raj De tried to defer any answer because it was not a Section 215 or 702 question.

MR. DE: Even by the terms of the article itself there is no connection to the 702 or 215 programs that we are here to discuss. I would suggest though that any implication which seemed to be made in some of the press coverage of this issue that NSA uses Executive Order 12333 to undermine, or circumvent or get around the Foreign Intelligence Surveillance Act is simply inaccurate.

Later, Dempsey asked ODNI’s General Counsel Robert Litt when PCLOB was going to get the guidelines NSA used for “other types of collection,” meaning that collected under EO 12333.

MR. DEMPSEY: We have asked about, in fact months ago, several months ago we asked about guidelines for other types of collection, and where do we stand on getting feedback on that? Because you said 18, for example, is the minimization provisions for collection outside the United States, and that’s pretty old. Where do we stand on looking at how that data is treated?

MR. LITT: I think we’re setting up a briefing for you on that. I believe we’re setting up a briefing for you on that. We did lose a few weeks.

MR. DEMPSEY: No, I understand. I was wondering if you could go beyond saying we’re setting up a briefing.

MR. LITT: Well, I mean we’re in the process of reviewing and updating guidelines for all agencies under 12333. It’s an arduous process. You know, it’s something that we’ve been working on for some time and we’re continuing to work on it.

They’re referring to a letter PCLOB sent back in August about outdated guidelines limiting the dissemination of US person data, a James Clapper response a month later promising and a follow-up 10 days later, on October 3,  reminding PCLOB had asked for a briefing and updates on agencies’ EO 12333 procedures.

And a month later, PCLOB still had not gotten either the briefing or the written description of where agencies were.

During that entire time, it was becoming more and more clear that the NSA might be moving programs overseas (and therefore under EO 12333) that had been governed by FISA. If that is happening, it’s a matter of significant concern.

Reports on Obama’s review say he wants to roll out reforms that might cover any disclosures to come.

Obama is expected to deliver a national address announcing a set of intelligence-gathering changes. His aim is to set in place guidelines that will convince critics he is serious about reform and that will withstand future disclosures.

[snip]

“The bulk of the work on this is the policy review, not reacting to what the next story is,” said another senior administration official, who requested anonymity to discuss the internal deliberations. “We don’t know what the next thing will be, and we do have to deal with what comes next. But getting the policy right is what’s important so that as new things come, we’ve addressed the core of it.

I’m of the opinion that the disclosures to come will continue to focus attention on what the NSA does under EO 12333.

So is that what’s holding up PCLOB?

The Intelligence Community’s Wide Open, Unprotected Back Door to All Your Content

/2 Comments/in , , /by

PCLOB has posted the transcript from the first part of its hearing on Monday. So I want to return to the issue I raised here: both Director of National Intelligence General Counsel Robert Litt and NSA General Counsel Raj De admit that there are almost no limits on Intelligence Community searches of incidentally collection US person data (we know that FBI, NSA, and CIA have this authority, and I suspect National Counterterrorism Center does as well).

This discussion starts when PCLOB Chair David Medine asks whether the IC would consider getting a warrant before searching on incidentally collected data.

MR. MEDINE: And so turning to the protections for U.S. persons, as I understand it under the 702 program when you may target a non-U.S. person overseas you may capture communications where a U.S. person in the United States is on the other end of the communication. Would you be open to a warrant requirement for searching that data when your focus is on the U.S. person on the theory that they would be entitled to Fourth Amendment rights for the search of information about that U.S. person?

MR. DE: Do you want me to take this?

MR. LITT: Thanks, Raj. Raj is always easy, he raises his hands for all the easy ones.

MR. DE: I can speak for NSA but this obviously has implications beyond just NSA as well.

MR. LITT: I think that’s really an unusual and extraordinary step to take with respect to information that has been lawfully required.

I mean I started out as a prosecutor. There were all sorts of circumstances in which information is lawfully acquired that relates to persons who are not the subject of investigations. You can be overheard on a Title III wiretap, you can overheard on a Title I FISA wiretap. Somebody’s computer can be seized and there may be information about you on it.

The general rule and premise has been that information that’s lawfully acquired can be used by the government in the proper exercise of authorities.

Now we do have rules that limit our ability to collect, retain and disseminate information about U.S. persons. Those rules, as know, are fairly detailed. But generally speaking, we can’t do that except for foreign intelligence purposes, or when there’s evidence of a crime, or so on and so forth. But what we can’t do under Section 702 is go out and affirmatively use the collection authority for the purpose of getting information about U.S. persons. Once we have that information I don’t think it makes sense to say, you know, a year later if something comes up we need to go back and get a warrant to search that information. [my emphasis]

Litt compares finding incidental information on a laptop, presumably seized using a warrant, with searching for incidental information on a digital collection that includes very few limits on specificity. Remember, NSA can and has claimed a targeted “facility” may mean all the Internet traffic from a particular country or at least a region of a country. This is petabytes of data obtained with a directive, not gigabytes obtained with a specific warrant.

Read more

PCLOB: An Exercise in False Oversight

/2 Comments/in , /by

As you may have seen from the reporting or my live-tweeting of yesterday’s Privacy and Civil Liberties Oversight Board hearing on the government’s surveillance program, there were a few interesting bits of news, starting with former FISC judge James Robertson’s assertion that what FISC has done since it started approving bulk collection amounts to “approval” not “adjudication” and puts the court in an inappropriate policy making role. Robertson also said FISC needs an adversarial role it doesn’t currently have. Robertson also raised the possibility Section 215 could be used to create a gun registry not otherwise authorized by law, a point ignored by the former government officials on his panel.

I also thought James Baker’s testimony was interesting. In his prepared statements, Baker seemed to suggest the entire hearing was a wasted exercise, because the program had plenty of oversight. (Remember, Baker was in a key role at DOJ working with FISC through 2007, and got stuck trying to keep intelligence gathered under the illegal program out of traditional FISA applications.) But just before the end of the hearing Baker said before all the bulk collection, FISA worked. He repeated it, FISA worked. Baker may have come to accept these bulk programs, but he sure seemed to think they weren’t necessary.

But the most telling part of the hearing, in my opinion, is the presence of Steven Bradbury and Ken Wainstein on the panel.

There were plenty of other former government officials on the panels, representing all branches. But these two were in far more central positions in the roll out of both the legal and illegal programs. One of the key documents released by the Guardian, showing Wainstein and Bradbury recommending that newly confirmed Attorney General Michael Mukasey resume the contact chaining of Internet metadata, shows them expanding one of the most legally questionable aspects of this surveillance.

The ground rules of the hearing made it worse. The hearing followed the inane rules the Obama Administration adopts in the face of large leaks, pretending these public documents aren’t public. The Chair of PCLOB, David Medine, said no one could confirm anything that hadn’t already been declassified by the government.

Which not only put that document outside the scope of the discussion. But meant neither Bradbury nor Wainstein disclosed this clear conflict.

At one point in the hearing, the moderator even suggested that every time ACLU’s Jameel Jaffer said something, either Bradbury or Wainstein should have an opportunity to rebut what Jaffer said.

Yes, there were a number of interesting revelations at the hearing, along with the typical inanity from Wainstein and, especially, Bradbury. But it was set up with all the conflicts of a Presidential Commission meant to dispel controversy, not a real champion for privacy or civil liberties.

And its treatment of these two former government shills is just representative of that.