Posts

Having Been Absolved by DOJ, CIA Now Admits They Illegally Spied on SSCI

/14 Comments/in /by

When Ron Wyden first asked John Brennan whether CIA had to comply with the Computer Fraud and Abuse Act, Brennan suggested they didn’t have to if they were conducting investigations.

The statute does apply. The Act, however, expressly “does not prohibit any lawfully authorized investigative, protective, or intelligence activity … of an intelligence agency of the United States.” 18 U.S.C. § 1030(f).

Then in March, after Senator Feinstein accused the CIA of improperly spying on her committee, Brennan claimed it was outside the realm of possibility.

As far as the allegations of, you know, CIA hacking into, you know, Senate computers, nothing could be further from the truth. I mean, we wouldn’t do that. I mean, that’s — that’s just beyond the — you know, the scope of reason in terms of what we would do.

Now that DOJ has decided not to investigate CIA’s illegal domestic spying, we learn it was well within the realm of possibility.

CIA employees improperly accessed computers used by the Senate Intelligence Committee to compile a report on the agency’s now defunct detention and interrogation program, an internal CIA investigation has determined.

Findings of the investigation by the CIA Inspector General’s Office “include a judgment that some CIA employees acted in a manner inconsistent with the common understanding reached between SSCI (Senate Select Committee on Intelligence) and the CIA in 2009,” CIA spokesman Dean Boyd said in a statement.

Brennan’s solution is to have corrupt hack Evan Bayh conduct an accountability review of the spying.

Mark Udall and Ron Wyden are furious. DiFi is less so. The Republicans on the Committee have been silent; apparently they’re okay with CIA breaching separation of powers.

And yet again, the CIA proves it refuses to subsist within democratic structures.

Cofer Black Gets to Rebut Torture Report that Shouldn’t Include Him

/9 Comments/in /by

Brennan with TortureIn a piece that gets at some of the points of leverage between the White House and CIA over torture, Mark Mazzetti describes George Tenet’s effort to “challenge” the torture report.

It suggests Brennan’s close ties to Tenet — Brennan was once Tenet’s Chief of Staff — led the CIA Director to reach out to Tenet to lead pushback. It describes how Brennan’s close ties to Obama Chief of Staff Denis McDonough from when he served as White House Counterterrorism Czar led McDonough to intervene when Dianne Feinstein tried to require any CIA review to take place in Senate Intelligence Committee space.

All that’s beside the real source of CIA’s power over the White House — the fact that torture operated as a Presidentially-authorized covert op for years, as has the drone program, which means CIA has the ability to implicate both George Bush personally (and Obama, in illegal drone strikes), as well as the Office of the President more generally.

My favorite detail, however, is that Cofer Black has also been involved in this pushback campaign.

Just after the Senate Intelligence Committee voted in April to declassify hundreds of pages of a withering report on the Central Intelligence Agency’s detention and interrogation program, C.I.A. Director John O. Brennan convened a meeting of the men who had played a role overseeing the program in its seven-year history.

The spies, past and present, faced each other around the long wooden conference table on the seventh floor of the C.I.A.’s headquarters in Northern Virginia: J. Cofer Black, head of the agency’s counterterrorism center at the time of the Sept. 11 attacks; the undercover officer who now holds that job; and a number of other former officials from the C.I.A.’s clandestine service. Over the speakerphone came the distinctive, Queens-accented voice of George J. Tenet.

Over the past several months, Mr. Tenet has quietly engineered a counterattack against the Senate committee’s voluminous report, which could become public next month. [my emphasis]

According to Ken Dilianian’s version of the same story, Black will not be allowed to preview the report — he’s probably among the dozen people who thought they could review it but recently learned they would not be able to.

About a dozen officials were called in recent days and told they could read the executive summary at a secure room at the Office of Director of National Intelligence, as long as they agreed not to discuss it, four former officials said.

Then, on Friday, CIA officials called them and told them that due to a miscommunication, only former CIA directors and deputy directors would be given that privilege. Former directors Michael Hayden, Porter Goss and George Tenet have been invited to read it, as have former acting directors John McLaughlin and Michael Morell.

Black’s involvement, of course, should be a story unto itself.

According to the CIA’s official version of torture, it got authorized under the September 17, 2001 Finding by language authorizing the capture and detention of top Al Qaeda officials. But they didn’t start considering torture until they picked up Abu Zubaydah at the end of March in 2002. They didn’t start torturing, the official story goes, until DOJ gave them the green light in August 1, 2002.

Why, then, would Black need to be involved in the torture pushback?

He left the Counterterrorism Director spot in May 2002, well before the torture started — at least according to the CIA version, but not the personal experience of Ibn Sheikh al-Libi and Binyam Mohamed, both of whom got tortured before Black’s departure. In his book Jose Rodriguez claims, falsely, the torture program started in June, and he led it. If this official CIA chronology is correct, Black should have had no role — and no personal interest — in the torture program.

And yet there he is with the other torturers, leading pushback.

Even in their pushback effort, then, the CIA proves that they’ve been lying for years.

CISA: The Banks Want Immunity and a Public-Private War Council

/4 Comments/in , /by

A group of privacy and security organizations have just sent President Obama a letter asking him to issue a veto threat over the Cybersecurity Information Sharing Act passed out of the Senate Intelligence Committee last week. It’s a great explanation of why this bill sucks and doesn’t do what it needs to to make us safer from cyberattacks. It argues that CISA’s exclusive focus on information sharing — and not on communications security more generally — isn’t going to keep us safe.

Which is why it really pays to look at the role of SIFMA — the Securities Industry and Financial Markets Association — in all this.

As I’ve noted, they’re the banksters whom Keith Alexander is charging big bucks to keep safe. As Bloomberg recently reported, Alexander has convinced SIFMA to demand a public-private cyber war council, involving all the stars of revolving door fearmongering for profit.

Wall Street’s biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document.

The proposal by the Securities Industry and Financial Markets Association, known as Sifma, calls for a committee of executives and deputy-level representatives from at least eight U.S. agencies including the Treasury Department, the National Security Agency and the Department of Homeland Security, all led by a senior White House official.

The trade association also reveals in the document that Sifma has retained former NSA director Keith Alexander to “facilitate” the joint effort with the government. Alexander, in turn, has brought in Michael Chertoff, the former U.S. Secretary of Homeland Security, and his firm, Chertoff Group.

Public reporting positions SIFMA as the opposition to the larger community of people who know better, embracing this public-private war council approach.

Kenneth Bentsen, chief executive at the Securities Industry and Financial Markets Association, said in a statement that leaders of the Senate Intelligence panel who wrote the bill have “taken a balanced and considered approach which will help the financial services industry to better protect our customers from cyber terrorists and criminals, as well as their privacy.”

According to the same banksters who crashed our economy 6 years ago, this bill is about protecting them at the expense of our privacy and rule of law.

And in their reply to Alan Grayson’s questions about WTF they’re paying Keith Alexander so handsomely for, SIFMA repeats this line (definitely click through to read about Quantum Dawn 2).

Cyber attacks are increasingly a major threat to our financial system. As such, enhancing cyber security is a top priority for the financial services industry. SIFMA believes we have an obligation to do everything possible to protect the integrity of our markets and the millions of Americans who use financial services every day.

[snip]

However, the threat increases every day. SIFMA and its members have undertaken additional efforts to develop cyber defense standards for the securities industry sector as a follow on to the recently published NIST standards. And we are developing enhanced recovery protocols for market participants and regulators in the event of an attack that results in closure of the equity and fixed income markets. We are undertaking this work in close collaboration with our regulators and recently held a meeting to brief them on our progress. And, we plan to increase our efforts even further as the risks are too great for current efforts alone.

We know that a strong partnership between the private sector and the government is the most efficient way to address this growing threat. Industry and investors benefit when the private sector and government agencies can work together to share relevant threat information. We would like to see more done in Congress to eliminate the barriers to legitimate information sharing, which will enable this partnership to grow stronger, while protecting the privacy of our customers.

This is not — contrary to what people like Dianne Feinstein are pretending — protecting the millions who had their credit card data stolen because Target was not using the cyberdefenses it put into place.

Rather, this is about doing the banksters’ bidding, setting up a public-private war council, without first requiring them to do basic things — like limiting High Frequency Trading — to make their industry more resilient to all kinds of attacks, from even themselves.

Meanwhile, if that’s not enough indication this is about the bankstsers, check out what Treasury Secretary Jack Lew is doing this afternoon.

In the afternoon, the Secretary will visit Verizon’s facilities in Ashburn, Virginia to discuss cybersecurity and highlight the important role of telecommunications companies in supporting the financial system. 

Just what we need: our phone provider serving the interests of the financial system first.

DiFi wants to make it easier to spy on Americans domestically to help private companies that have already done untold damage to Main Street America. We ought to be protecting ourselves from them, not degrading privacy to subsidize their insecure practices.

The Unaudited Tech Analyst Access to US Person Data

/16 Comments/in /by

In addition to its exposure of the sheer senselessness of much of the spying NSA engages in, yesterday’s WaPo story also shows that the government’s assurances that Edward Snowden could not access raw data have been misplaced.

For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material.

As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists.

“He didn’t get this data,” Alexander told a New Yorker reporter. “They didn’t touch —”

“The operational data?” the reporter asked.

“They didn’t touch the FISA data,” Alexander replied. He added, “That database, he didn’t have access to.”

Robert S. Litt, the general counsel for the Office of the Director of National Intelligence, said in a prepared statement that Alexander and other officials were speaking only about “raw” intelligence, the term for intercepted content that has not yet been evaluated, stamped with classification markings or minimized to mask U.S. identities.

“We have talked about the very strict controls on raw traffic, the training that people have to have, the technological lockdowns on access,” Litt said. “Nothing that you have given us indicates that Snowden was able to circumvent that in any way.”

In the interview, Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA’s Hawaii operations center gave him “unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ‘Dual Authorities’ role,” a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content — and “task” new collection — without prior approval of his search terms.

No one should ever have believed those assurances.

That’s because the documentation on the Section 215 program makes it clear how little oversight there is over tech people just like Snowden. The current phone dragnet order, for example, makes it clear that:

  • Tech personnel may access the phone dragnet data to tweak it in preparation for contact-chaining
  • Unlike intelligence analysts, tech personnel may query the phone dragnet data with selectors that have not been RAS-approved
  • Tech personnel may also conduct regular queries using RAS-approved selectors
  • Tech personnel may access the dragnet data to search for high volume numbers — this may require access to raw data
  • Some of the tech personnel (those in charge of infrastructure and receiving data from the telecoms) are exempt from special training on the phone dragnet data

The audit language in the dragnet order applies only to “foreign intelligence analysis purposes or using foreign intelligence analysis tools,” suggesting the tech analysis role access to the dragnet data is not audited.

Language in the order defining “NSA” suggests contractors may access the data (though it’s unclear whether they do so in a technical or intelligence analysis function); something made explicit in Dianne Feinstein’s bill.

That is, it is at least possible that Booz analysts are currently conducting audit-free tech massaging of the raw phone dragnet data.

And NSA knew this access was a vulnerability. As recently as 2012, tech analysts were found to have 3,000 files worth of phone dragnet data (it’s unclear how much data each file included) on an improper server past its required destruction date. NSA destroyed that data before definitively researching what it was doing there.

Thus, the risk of tech analyst breach is very real, and no one — not NSA, and not Congress, which has only codified this arrangement — seems to be addressing it.

Indeed, it is likely that some kind of Booz-type contractors will continue to have direct access to this data after it gets outsourced to the telecoms, otherwise USA Freedumber would not extend immunity to such second-level contractors.

For months, intelligence officials claimed not only that Snowden had not accessed raw data, but could not. That was always a dubious claim; even if Snowden couldn’t have accessed that data, other contractors just like him could and still can, with less oversight than NSA’s intelligence analysts get.

But it turns out Snowden could and did. And thanks to that, we now know many of the other claims made by government witnesses are also false.

In Advance of USA Freedom and CISA Fights, PCLOB Pretends Section 702 Doesn’t Have a Cyber Function

/2 Comments/in , /by

In a piece for Salon, I note some of the weird silences in yesterday’s PCLOB report, from things like the failure to give defendants notice (which I discussed yesterday) to the false claim that Targeting Procedures haven’t been released (they have been — by Edward Snowden). One of the most troubling silences, however, pertains to cybersecurity.

That’s especially true in one area where PCLOB inexplicably remained entirely silent. PCLOB noted in its report that, because Congress limited its mandate to counterterrorism programs, it focused primarily on those uses of Section 702. That meant a number of PCLOB’s discussions — particularly regarding “incidental collections” of Americans sucked up under Section 702 — minimized the degree to which Americans who corresponded with completely innocent foreigners could be in a government database. That said, PCLOB did admit there were other uses, and it discussed the government’s use of Section 702 to pursue weapons proliferators.

Yet PCLOB remained silent about a use of Section 702 that both Director of National Intelligence James Clapper’s office, in its very first information sheet on Section 702 released in June 2013, and multiple government witnesses at PCLOB’s own hearing on this topic in March, discussed: cybersecurity. Not only should that have been discussed because Congress is preparing to debate cybersecurity legislation that would be modeled on Section 702. But the use of Section 702 for cybersecurity presents a number of unique, and potentially more significant, privacy concerns.

And PCLOB just dodged that issue entirely, even though Section 702′s use for cybersecurity is unclassified.

In the transcript of the March PCLOB hearing on Section 702 uses, the word “cyber” shows up 12 times. Four of those references come from DOJ’s Deputy Assistant Attorney General Brad Wiegmann’s description of the kinds of foreign intelligence uses targeted under Section 702. (The other references came from Information Technology Industry Council President Dean Garfield.)

MR. WIEGMANN: You task a selector. So you’re identifying, that’s when you take that selector to the company and say this one’s been approved. You’ve concluded that it is, does belong to a non-U.S. person overseas, a terrorist, or a proliferator, or a cyber person, right, whoever it is, and then we go to the company and get the information.

[snip]

It’s aimed at only those people who are foreign intelligence targets and you have reason to believe that going up on that account that I mentioned, bad guy at Google.com is going to give you back information, information that is foreign intelligence, like on cyber threats, on terrorists, on proliferation, whatever it might be.

[snip]

So in other words, if I need to, if it’s Joe Smith and his name is necessary if I’m passing it to that foreign government and it’s key that they understand that it’s Joe Smith because that’s relevant to understanding what the threat is, or what the information is, let’s say he’s a cyber, malicious cyber hacker or whatever, and it was key to know the information, then you might pass Joe Smith’s name.

Yesterday’s report, however, doesn’t mention “cyber” a single time. Indeed, it seems to go out of its way to avoid mentioning it.

As discussed elsewhere in this Report, the Board believes that the Section 702 program significantly aids the government’s efforts to prevent terrorism, as well as to combat weapons proliferation and gather foreign intelligence for other purposes.

[snip]

The Section 702 program, for instance, is also used for surveillance aimed at countering the efforts of proliferators of weapons of mass destruction.473 Given that these other foreign intelligence purposes of the program are not strictly within the Board’s mandate, we have not scrutinized the effectiveness of Section 702 in contributing to those other purposes with the same rigor that we have applied in assessing the program’s contribution to counterterrorism. Nevertheless, we have come to learn how the program is used for these other purposes, including, for example, specific ways in which it has been used to combat weapons proliferation and the degree to which the program supports the government’s efforts to gather foreign intelligence for the benefit of policymakers.

Its footnote to that last section cites DOJ’s 2012 report to SSCI on the uses of Section 702 (which doesn’t mention cyber) rather than the information sheet released in June 2013, which does.

I find PCLOB’s silence about the use of Section 702 to pursue cyber targets particularly interesting for several reasons.

First, because cyber targets pose unique privacy threats — in part because cyberattackers are more likely to hide their location and exploit the communications of entirely innocent people, meaning Section 702’s claimed targeting limits offer no protection to Americans. Additionally, targeting (as Wiegmann describes it) a “malicious cyber hacker” goes beyond any traditional definition of foreign agent; it is telling he didn’t use a Chinese military hacker as his example instead! Indeed, while proliferation (along with foreign governments, the other presumed certification) is solidly within FISA Amendment Act’s definition of foreign intelligence, cybersecurity is not. In its discussion of back door searches, PCLOB admits there are concerns raised by back door searches that are heightened (or perhaps more sensitive, because they involve affluent white people) outside the counterterrorism context, that’s especially true for cybersecurity targeting.

Consider, too, the likelihood that cyber collection is among the categories of about collection that PCLOB obliquely mentions but doesn’t describe due to classification.

Although we cannot discuss the details in an unclassified public report, the moniker “about” collection describes a number of distinct scenarios, which the government has in the past characterized as different “categories” of “about” collection. These categories are not predetermined limits that confine what the government acquires; rather, they are merely ways of describing the different forms of communications that are neither to nor from a tasked selector but nevertheless are collected because they contain the selector somewhere within them.

At the beginning of the report, PCLOB repeated the government’s claim this is primarily about emails; here in the guts of it, it obliquely references other categories of collection, without really considering whether these categories present different privacy concerns.

Remember, too, that the original, good version of USA Freedom Act remains before the Senate Judiciary Committee. That bill would disallow the use of upstream 702 for any use but counterterrorism and counterproliferation. Did PCLOB ignore this use of Section 702 just to avoid alerting Senators who haven’t been briefed on it that it exists?

Finally, I also find PCLOB’s silence about NSA’s admitted use of Section 702 to pursue cyberattackers curious given that, after Congress largely ditched ideas to involve PCLOB in various NSA oversight — such as providing it a role in the FISA Advocate position — Dianne Feinstein’s Cyber Information Sharing Act all of a sudden has found a use for PCLOB again (serving a function, I should add, that arguably replaces FISC review).

(1) BIENNIAL REPORT FROM PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD.—Not later than 1 year after the date of the enactment of this Act and not less frequently than once every 2 years thereafter, the Privacy and Civil Liberties Oversight Board shall submit to Congress and the President a report providing—

(A) an assessment of the privacy and civil liberties impact of the type of activities carried out under this Act; and

(B) an assessment of the sufficiency of the policies, procedures, and guidelines established pursuant to section 5 in addressing privacy and civil liberties concerns.

Feinstein introduced this bill on June 17, several weeks after PCLOB briefed her staffers on their report (they briefed Congressional committee aides on June 2, and the White House on June 17 — see just after 9:00).

A renewed openness to expanding PCLOB’s role may be entirely unmotivated, or it may stem from PCLOB’s chastened analysis of the legal issues surrounding Section 702.

But I do find it interesting that PCLOB uttered, literally, not one word about the topic that, if DiFi’s bill passes, would expand their mandate.

Were DiFi’s Aides Who Claimed “Only a Small Number” of Back Door Searches Ignorant or Lying?

/11 Comments/in /by

Yesterday, we learned:

  • NSA conducted unwarranted back door searches on 198 US persons’ content last year and 9,500 back door searches on US person metadata
  • CIA conducted around 1,900 unwarranted back door searches on US person content, and an uncounted number of back door searches on US person metadata
  • FBI conducted a substantial number of unwarranted back door searches on US person content and metadata — so much so it doesn’t count it

Back in November, when Dianne Feinstein was trying to codify these unwarranted back door searches explicitly into law, here’s what anonymous sources described as Senate Intelligence Committee aides told the WaPo:

They say that there have been only a “small number” of such queries each year. Such searches are useful, for instance, if a tip arises that a terrorist group is plotting to kill or kidnap an American, officials have said.

“Only a small number.”

Over 2,000 counted searches between the CIA and NSA. Uncounted, but substantial, number of searches by FBI. “Only a small number.”

Were these anonymous sources ignorant — relying on false information from the Agencies? The actual number of unwarranted back door searches doesn’t appear in the unredacted portions of the one Semiannual Section 702 Compliance report we’ve seen (see page 13); there doesn’t appear to be a redacted section where they would end up.

So have the Agencies (CIA and NSA in this case; FBI’s back door searches get audited in a different way) simply hidden from their Congressional overseers how frequently they were doing these searches?

Or were these aides trying, once again, to pass legislation permitting the nation’s spy agencies to conduct intrusive searches on Americans by lying?

One way or another, it’s a damn good thing Ron Wyden asked for and insisted on getting an answer to his question of how common these back door searches are (even if the FBI still refuses to count them). Because the key people who are supposed to oversee them are either ignorant or lying about them.

NSA’s New-and-Improved Call Chaining Process, Now with No Calls Required

/2 Comments/in /by

As I noted, last night I Con the Record released the phone dragnet orders from last week and from March.

There are two significant changes (which may well be related).

First, perhaps in anticipation of shifting to production from the providers, perhaps because the Court has rethought its authorization granted in November 2012, the government appears to have given up its effort to introduce an automated query.

Queries of the BR metadata using RAS-approved selection terms for purposes of obtaining foreign intelligence information may occur by manual analyst query only.

PCLOB provided the only unclassified description of what the government had been trying to do with its automated query.

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records.68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’s database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. 

But, as I reported in February, NSA has never been able to pull off its automated alert, purportedly for technical reasons (which usually means it could not technically meet the requirements imposed by the court).

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

The government revealed NSA’s failure to implement its automatic alert in its motion to amend this year’s first dragnet order.

In that same motion it implemented the change in standard dragnet language that has been retained in these more recent dragnet orders: the NSA is chaining on “connections” as well as actual calls.

14 The first “hop” from a seed returns results including all identifiers (and their associated metadata) with a contact and/or connection with the seed. The second “hop” returns results that include all identifiers (and their associated metadata) with a contact and/or connection with an identifier revealed by the first “hop.”

Now, it may be that the entire time one after another government witness has testified to Congress that this phone dragnet only returns on calls, they’ve been doing this connection-based chaining as well. As I noted in this post, connection-based chaining has been in a redacted section of phone dragnet orders describing their automated query. (They seem to have ditched the automation but retained the connection based chaining.) And Dianne Feinstein’s Fake FISA Fix also would have permitted connection chaining.

Whether Administration witnesses were being deliberately deceitful when testifying about call-based chaining (“not wittingly!”) or the NSA only recently resumed doing connection based chaining manually, having given up on doing it automatically, one thing is clear. The NSA has been doing connection based chaining since at least February, and very few people in Congress know what that means. Nevertheless, they’re about to authorize that formally.

DiFi’s Fake FISA Fix “Connection” Language

/2 Comments/in /by

As you know, I’ve been trying to track the language in existing phone dragnet orders and new legislation approving the collection of records that are “connected” to a selector by means other than actual calls made. (See here, here, and here for background.) Basically, the automated query approved by the FISA Court in 2012 and the USA Freedumber Act both authorize the government to collect call detail records from phones “connected” to a selector without any call having been made.

Clearly this provision serves to allow the government to track “burner” phones. But given that under the Hemisphere program, AT&T uses cell location to conduct chaining, I expect “connections” will include that too. And it may include things like address books, photos, and calendars, which would be accessible to smart phone providers, and which we know the NSA collects and uses to establish such connections overseas.

I just realized in the last few days that the Fake FISA Fix Dianne Feinstein passed through the Senate Intelligence Committee last year also provides for “connections” based chaining. Here’s how it appears in the bill:

Scope of permissible query return information:

For any query performed pursuant to paragraph (1)(D)(i), the query only may return information concerning communications—

(A) to or from the selector used to perform the query;
(B) to or from a selector in communication with the selector used to perform the query; or
(C) to or from any selector reasonably linked to the selector used to perform the query, in accordance with the court approved minimization procedures required under subsection (g). [my emphasis]

This appears to confirm that the existing connection chaining uses the minimization procedures stage to assess the validity of the connection.

Nowhere, however, have I ever seen any language limiting what kind of “reasonable links” NSA can make in secret.

Particularly given that the government is intent on giving telecoms to make these links, we really ought to be limiting the kinds of links they’re permitted to make.

Dianne Feinstein: I Believe Specific Selection Term Is Confusing

/3 Comments/in /by

In the Senate Intelligence Committee hearing on HR 3361 — which I call the USA Freedumber Act because it makes the dragnet worse in several ways — Dianne Feinstein used her opening statement to talk about the role of “specific selection term” in the bill.

She says, in part,

The problem comes with the definition of a “specific selection term,” which is not clear on its face and I believe it’s confusing.

I’m glad that Feinstein is concerned about the same thing I’ve been focusing on for a month.

The problem with trying to prevent “bulk collection” using the definition of selection term — even aside from the fact that the Intelligence Community understands “bulk collection” to mean something entirely different from what normal people understand it to mean — is that it will be abused.

We didn’t even get out of the hearing without such cynicism. At the hearing, Deputy Attorney General James Cole assured Martin Heinrich and Mark Udall that statements in the legislative record indicating a desire to limit such collection would prevent any abuse. This is the same DAG whose DOJ argued — just the day before!!! — that the legislative record of FISA, which clearly indicates the congressional intent that some defendants will get to review their FISA applications, should be ignored in favor of the 36 year history during which no defendants got such review.

Cole’s comments are all the proof we need that the Executive cannot be trusted to cede to Congress’ wishes (not to mention that the legislative record is far more ambivalent than Cole pretended).

So I’m grateful Feinstein is trying to tighten the definition (though I don’t think that is the workable way to improve the bill).

But I’m a bit confused by Feinstein’s confusion.

You see, as I noted some weeks ago, the term “selection term” is already used for Section 215, and has been for at least a year. And at least in phone dragnet Primary Order standard references to FISA content orders (that is, to traditional FISA warrants and the like), they’re using “selection term” as well.

The intelligence community and the FISA Court already have some common understanding of what “selection term” means — and Primary Orders appear to define the term in a classified-to-us-but-not-Feinstein footnote — and yet Feinstein is confused about what “specific selection term” might mean?

Granted, “selection term” is slightly different than “specific selection term.” Still, given that the “selection term” appears to be defined — and used — in the existing program, I would hope that Senator Feinstein would have some clarity about what it means.

Perhaps the way to start this discussion is to publicly explain how the IC is currently using “selection term”?

Predictably, Saxby Chambliss Makes a Bid for USA Freedumbest

/12 Comments/in /by

I’ve written several times about how HR 3361 — what others call USA Freedom Act and I dubbed the USA Freedumber Act when it was gutted in the House — is worse than the status quo in a number of ways.

But I’m also aware that the Senate could make it worse. I’m still waiting to see what kind of surprises Dianne Feinstein has in store for Thursday’s Senate Intelligence Committee hearing.

So I am thoroughly unsurprised that Ranking Republican Saxby Chambliss wants to make Freedumber worse.

Sen. Saxby Chambliss (R-Ga.) said the surveillance reform bill that passed the House last month goes too far in ending some of the National Security Agency’s (NSA) sweeping surveillance programs.

“I actually think they went a little bit too far on the bulk collection side of it,” Chambliss — the top Republican on the Senate Intelligence Committee — said Tuesday while speaking a Bloomberg event on cybersecurity.

I actually think this is a calculated move to add various transparency measures that Pat Leahy will respond to, but open up the floodgates to a full Internet-and-smart-phone dragnet. It will allow those who’ve gotten badly played in this negotiation an opportunity to declare victory even as the dragnet gets even worse.

Add this to the evidence this  is all a big play:

Chambless said that he and Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) and House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) will be able to reconcile any differences between the House bill and a reform bill that comes out of the Senate.

“I’m confident that Rogers, Ruppersberger, Dianne and I can bridge that gap quickly if we can get a bill out of the Senate,” he said.

The Gang of Four is just working to get to Conference, where they already seem to have in mind what they’ll produce.

Before we’re done, we’re sure to see USA Freedumbest.