Posts

Feinstein’s Fake Fix May Expand Use of the Phone Dragnet

/7 Comments/in , /by

Dianne Feinstein and 10 other Senate Intelligence Committee members approved a bill yesterday that purports to improve the dragnet but actually does almost nothing besides writing down the rules the FISA Court already imposed on the practice.

I’ll have far more on DiFi’s Fake Fix later, but for now, I want to point to language that could dramatically expand use of the phone dragnet database, at least as they’ve portrayed its use.

Here’s how, in June, DiFi described the terms on which NSA could access the dragnet database.

It can only look at that data after a showing that there is a reasonable, articulable that a specific individual is involved in terrorism, actually related to al Qaeda or Iran. At that point, the database can be searched. [my emphasis]

Here are the terms on which her Fake Fix permits access to the database.

there was a reasonable articulable suspicion that the selector was associated with international terrorism or activities in preparation therefor. [my emphasis]

The bill passed yesterday does not require any tie to al Qaeda (or Iran!). An association with al Qaeda (and Iran!) is one possible standard for accessing the database. But it also permits use of the data if someone is “associated with activities in preparation” for international terrorism.

Does that include selling drugs to make money to engage in “terrorism”? Does that include taking pictures of landmark buildings? Does that include accessing a computer in a funny way?

All of those things might be deemed “activities in preparation” for terrorism. And this bill, as written, appears to permit the government to access the database of all the phone-based relationships in the US based not on any known association with al Qaeda (and Iran!), but instead activities that might indicate preparation for terrorism but might also indicate mild nefarious activity or even tourism crossing international borders.

One Day after Rolling Out “Comprehensive Review,” Feinstein Proceeds with Mark-Up Anyway

/13 Comments/in /by

Yesterday, Dianne Feinstein announced, “a total review of all intelligence programs … so that members of the Senate Intelligence Committee are fully informed as to what is actually being carried out by the intelligence community.”

Today, her committee will nevertheless conduct a mark-up of her bill to not fix the spying targeted at Americans.

Umm, given that she just admitted she doesn’t know everything the NSA has been doing — and that she hasn’t been fully informed — don’t you think the comprehensive review should precede the new legislation?

Has John McCain Been Chatting Up Bibi on a Tapped Phone?

/24 Comments/in , /by

Even more than Dianne Feinstein’s so-called reversal on the NSA, I’m intrigued by  John McCain’s.

“We have always eavesdropped on people around the world. But the advance of technology has given us enormous capabilities, and I think you might make an argument that some of this capability has been very offensive both to us and to our allies,” McCain said. “Eavesdropping on someone’s private cellphone obviously is something that is offensive to the chancellor of the Federal Republic of Germany.”

[snip]

“I think it may even call for a select committee, perhaps even bicameral, when you look at the damage that this has done to our relationship with some of our closest friends and allies,” said McCain, who was the unsuccessful GOP presidential nominee pitted against Obama in 2008. Still, McCain noted that foreign governments are not “innocent” because they also have spied on the U.S. government.

 

In the past, McCain hasn’t been uncritical in his comments on NSA, but he has used it to fearmonger about terrorists. More tellingly, he favors NSA taking the lead in Internet monitoring for domestic cybersecurity, effectively advocating for domestic spying. And yet now he’s squeamish because we’re wiretapping leaders of other countries?

Sure, it may be he’s just latching onto an issue to attack Obama on. Though who needs a new one given that 60 Minutes has resuscitated the old one?

Of course, McCain is the kind of guy who likes to freelance on foreign policy issues, frequently to pressure Obama from the right. And I can’t help but note that Bibi Netanyahu and Obama spoke today for no apparent reason aside from “regular consultations.”

President Obama and Prime Minister Netanyahu spoke by phone today as part of their regular consultations.  The two leaders discussed recent developments related to Iran, Israeli-Palestinian negotiations, and other regional issues.   The two leaders agreed to continue their close coordination on a range of security issues.

While there has been no public report that we tapped Bibi, and while I’m sure the Israelis take his security very seriously, he’s precisely the kind of frenemy I could see the government prioritizing. And while I’m sure Germany spies on us (ineffectively), McCain knows that Israel spies on (and hacks) us extensively, making it a more apt reference as a country that is itself not “innocent.”

Just a gut feel: when the Section 215 database got revealed, a wide range of Senators were up in arms until, in secret briefings, they all of a sudden learned something that calmed their nerves (I strongly believe NSA strips congressional numbers from the Section 215 database on intake). And I think it not outside the realm of possibility that McCain has shown newfound concern about NSA upon learning one of his interlocutors might be targeted as well.

Civil Libertarians to Dianne Feinstein: We Told You So

/25 Comments/in /by

The moment when Dianne Feinstein should have called for a comprehensive review of NSA’s programs was no later than August 18, when she admitted the Senate Intelligence Committee doesn’t get briefed on violations that occur under Executive Order 12333, even though they constitute the bulk of violations.

The committee does not receive the same number of official reports on other NSA surveillance activities directed abroad that are conducted pursuant to legal authorities outside of FISA (specifically Executive Order 12333), but I intend to add to the committee’s focus on those activities.

The committee has been notified—and has held briefings and hearings—in cases where there have been significant FISA compliance issues. In all such cases, the incidents have been addressed by ending or adapting the activity.

[snip]

I believe, however, that the committee can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate. This should include more routine trips to NSA by committee staff and committee hearings at which all compliance issues can be fully discussed.

While at the time she bought the NSA’s roamer myth, it was already clear the NSA was spying on US persons via its bulk collection “overseas,” including via some of the more troubling violations. She should have further gotten concerned when both Keith Alexander and James Clapper dodged questions about upstream violations. But then, she was too busy reading factually inaccurate statements about the same collections.

Back in the day, though, making sure the NSA wasn’t using Article II to evade oversight used to be one of her chief concerns.

Nevertheless, it took the disclosures of spying on Angela Merkel — and, no doubt, the embarrassment of her party’s President, and perhaps growing support for a real investigation — to really rile her up.

It is abundantly clear that a total review of all intelligence programs is necessary so that members of the Senate Intelligence Committee are fully informed as to what is actually being carried out by the intelligence community.

Unlike NSA’s collection of phone records under a court order, it is clear to me that certain surveillance activities have been in effect for more than a decade and that the Senate Intelligence Committee was not satisfactorily informed. Therefore our oversight needs to be strengthened and increased.

With respect to NSA collection of intelligence on leaders of U.S. allies—including France, Spain, Mexico and Germany—let me state unequivocally: I am totally opposed.

Unless the United States is engaged in hostilities against a country or there is an emergency need for this type of surveillance, I do not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers. The president should be required to approve any collection of this sort.

It is my understanding that President Obama was not aware Chancellor Merkel’s communications were being collected since 2002. That is a big problem.

The White House has informed me that collection on our allies will not continue, which I support. But as far as I’m concerned, Congress needs to know exactly what our intelligence community is doing. To that end, the committee will initiate a major review into all intelligence collection programs. [my emphasis]

I welcome this review — by all accounts the torture review conducted under her supervision is more thorough than anything else we’ve seen.

But … ah, the torture review.

There’s one other reason DiFi should have been quicker to respond to questions Edward Snowden — whom she called a traitor — raised.

In December she finished a 6,000 page report, one key finding of which was that the CIA lied to her community.

Why did she think NSA would be any different?

James “Too Cute By Half” Clapper’s Denial

/15 Comments/in /by

James Clapper made a somewhat unprecedented denial of Le Monde’s report (French, English) about the NSA’s dragnet, denying the eye-popping numbers on the volume of French spying (70.3 million in a month) we do.

October 22, 2013

Recent articles published in the French newspaper Le Monde contain inaccurate and misleading information regarding U.S. foreign intelligence activities.  The allegation that the National Security Agency collected more than 70 million “recordings of French citizens’ telephone data” is false.

While we are not going to discuss the details of our activities, we have repeatedly made it clear that the United States gathers intelligence of the type gathered by all nations.  The U.S. collects intelligence to protect the nation, its interests, and its allies from, among other things, threats such as terrorism and the proliferation of weapons of mass destruction.

The United States values our longstanding friendship and alliance with France and we will continue to cooperate on security and intelligence matters going forward.

Now, for what it’s worth, this seems the product of somewhat bad translation of the English for the Le Monde article, which started as this,

Parmi les milliers de documents soustraits à la NSA par son ex-employé figure un graphique qui décrit l’ampleur des surveillances téléphoniques réalisées en France. On constate que sur une période de trente jours, du 10 décembre 2012 au 8 janvier 2013, 70,3 millions d’enregistrements de données téléphoniques des Français ont été effectués par la NSA.

And then a worse translation back into English, which produced this,

Amongst the thousands of documents extracted from the NSA by its ex-employee there is a graph which describes the extent of telephone monitoring and tapping (DNR – Dial Number Recognition) carried out in France. It can be seen that over a period of thirty days – from 10 December 2012 to 8 January 2013, 70,3 million recordings of French citizens’ telephone data were made by the NSA.

I’m not going to explain this perfectly, but effectively it took a verbal that could mean the tape recording or the data notation of calls and turned it into a gerund that has the connotation in English of a discrete tape recording (note also the really cloddish use of the passive in a situation where you wouldn’t use it in English).

And from that, Clapper pounced on the “recordings” and presented them — in a quotation taken out of context — as discrete phone calls recorded individually. NSA’s not doing that, he says.

But we knew that. What they’re doing is intercepting call data in bulk and then sorting through what they want to keep.

It’s worth noting that the comment on the Boundless Informant screen Le Monde gets this from, however, refers to a more accurate calls “interceptées.” None of that excuses Le Monde’s presentation of it as such, particularly not its weak English translation which Clapper exploited (which isn’t, however, the actual language that has given François Hollande an opportunity to pretend to be shocked, and his English-only gotcha would be useful in refuting this for actual French readers). But that’s one source of the gotcha.

Now, as I said, this is relatively unprecedented. In the recent “interview” with Keith Alexander, NSA issued non-denial denials about info sharing with Israel. But there have been few very specific denials like this one.

And why would there be? Should we now assume all the other facts that have come out, anywhere in the world, are true? That Clapper has gone out of his way to do so, it seems, suggests the IC doesn’t dispute any other facts, which is almost certainly not the case, but nevertheless a fair assumption given their attention to this discrete point.

The one exception to this general rule, though, suggests why Clapper may have used this bad translation to claim gotcha! It just so happens to pertain to the WSJ story on upstream Internet collection, Read more

Intelligence Committees: Not Informed about Torture, Not Informed about Drone Casualties, Not Informed about US Person Spying

/8 Comments/in , , /by

Amnesty International and Human Rights Watch released reports on US drone killings today. For the moment, I’m going to outsource reading the reports to Sarah Knuckey’s excellent post.

Both reports (per Knuckey) point to individual drone strikes on civilians that may or probably violate international law.

Specific US strikes killed civilians in violation of the law and US policy.  These are the first major reports by each organization detailing field investigations into specific strikes.  HRW reviewed six strikes in Yemen (occurring between December 2009 and April 2013). HRW concluded that two of the strikes violated international law (pp. 54, 67), four may have (pp. 30, 39, 43, 60), and none of the six appeared to have complied with Obama’s May 2013 Presidential Policy Guidance (p. 89).  AI reviewed all 45 reported Pakistan strikes between January 2012-August 2013, and investigated nine in detail.  AI’s legal findings include that “evidence indicates” that an October 2012 strike unlawfully killed a grandmother and injured eight children (p. 23), and AI had “serious concerns” that a July 2012 strike that killed 18 and injured 22 (p. 24) may have been a war crime or extrajudicial execution (p. 27).  AI also investigated a number of strikes on apparent rescuers (those who came to the scene of a first strike to help the wounded), which it concluded may have been illegal (pp. 28-30).  Neither report seeks to assess the total number or rate of civilian casualties for all strikes.

[snip]

Investigations and accountability obligations. AI states that the US has legal obligations to investigate any cases where there are “reasonable grounds to indicate that unlawful killings have occurred,” and to prosecute, and remedy where appropriate (pp. 35-37).  HRW similarly states that the US has a duty to investigate violations of the laws of war, and that government secrecy effectively denies victims’ right to redress (p. 87).  Both reports also state the US should provide compensation or condolence payments for any civilian harm, but that neither organization is aware of the US having done this (AI, p. 39; HRW, p. 88).

This documentation of civilian casualties, of course, provides further evidence Dianne Feinstein and Mike Rogers’ claims about civilian casualties are false.

But we knew that.

Which means, in addition to the fact that we’re violating international law with some of our drone killings, we also are seeing a recurrent trend.

Even the CIA’s own lawyer agreed that CIA didn’t properly inform Congress, including the Intelligence Committees, about torture.

We’re learning that vast parts of the NSA’s spying — including spying that collects US person data — remains largely hidden from the Intelligence Committees.

And we have yet more proof they have been misinformed about drone killings.

Is there some dubiously legal program the Intelligence Community has fully informed Congress on?

False Prophet of Adequate Congressional Oversight Finds Congressional Ignorance Unnewsworthy

/8 Comments/in , /by

I was going to leave this post, in which Ben Wittes complains that WaPo published details of NSA’s collection of millions of contact lists, which he didn’t find at all newsworthy, well enough alone.

Here the public interest in disclosure seems, at least to me, remarkably weak, after all. At the policy level, the entire story amounts to nothing more than the proposition that NSA is under 12333 collecting large volumes of live-stream data, storing it, and protecting U.S. person material within that data only through minimization requirements. We knew all of that already.

So what does this story reveal that we didn’t already know? A specific collection method that people can now frustrate and a particular interest in collecting contact lists. In other words, here the Post does not seem to be balancing the costs of the disclosure against its benefit to the public interest. The costs, rather, are the benefit to the public interest. Put another way, I can’t quite shake the feeling that my old newspaper is now blowing secrets merely for the sake of doing so.

But his response to this post from Conor Freidersdorf convinced me to do a post. He’s written about 40 tweets in response, asserting things like, “there is no good argument that this sort of activity is illegal under current law.” In all that tweeting, he did not, however, respond to what I thought was a pretty decent argument this sort of activity might be illegal under current law.

Two years ago, then FISA Court Judge John Bates considered the legality of content collected off US switches. He found the practice, as had been conducted for over 3 years, violated both Section 702 of FISA Amendments Act and the Fourth Amendment because it intentionally collected US person data (NSA’s apologists usually obscure this last point, but Bates’ opinion was quite clear that this was intentional collection). To make the collection “reasonable” under a special needs exception, he required NSA to follow more stringent minimization procedures than already required under Section 702, effectively labeling some of the data and prohibiting the NSA from using US person data except in limited circumstances.

That collection differs from the contact list collection revealed by the WaPo in several ways:

The contact lists are collected overseas

WaPo’s sources are quite clear: this collection would be illegal in the US. They get around that restriction by collecting the data overseas.

The NSA has not been authorized by Congress or the special intelligence court that oversees foreign surveillance to collect contact lists in bulk, and senior intelligence officials said it would be illegal to do so from facilities in the United States. The agency avoids the restrictions in the Foreign Intelligence Surveillance Act by intercepting contact lists from access points “all over the world,” one official said, speaking on the condition of anonymity to discuss the classified program. “None of those are on U.S. territory.”

It’s not clear whether the contact list counts as metadata or content

The collection reviewed by Bates was clearly content: Internet messages collected because a selector appeared in the body of the message. With the contact lists, I could see the government claiming it was just metadata, and therefore (incorrectly, in my opinion but not in current law) subject to a much lower standard of protection. Except (as noted) WaPo’s sources admit this would be illegal if collected in the US, probably because NSA is collecting content as well.

Each day, the presentation said, the NSA collects contacts from an estimated 500,000 buddy lists on live-chat services as well as from the inbox displays of Web-based e-mail accounts.

[snip]

Contact lists stored online provide the NSA with far richer sources of data than call records alone. Address books commonly include not only names and e-mail addresses, but also telephone numbers, street addresses, and business and family information. Inbox listings of e-mail accounts stored in the “cloud” sometimes contain content, such as the first few lines of a message.

This data is subjected to a much lower standard of minimization than that imposed by Bates

In his flurry of tweets, Ben keeps repeating that the US person contact lists collected under this program are protected by minimization, so it’s all good. But minimization for Executive Order 12333 collection is not as rigorous as minimization under Section 702, and certainly doesn’t include the special handling that Bates required to make the Section 702 upstream collection compliant with the Fourth Amendment. So even for those who believe minimization on bulk collection gets you to compliance with the Fourth Amendment, it’s unclear whether the minimization provided for this collection does, and given Bates’ ruling, there’s reason to believe it does not.

Neither Congress nor the FISA Court oversee this collection closely

This is the part of the WaPo story that a guy like Ben who wails NAKED! every time someone questions whether there’s adequate oversight ought to have noted. A single source claimed this program includes checks and balances. But as WaPo lays out, these aren’t checks and balances like those protecting other US person collections.

A senior U.S. intelligence official said the privacy of Americans is protected, despite mass collection, because “we have checks and balances built into our tools.”

NSA analysts, he said, may not search within the contacts database or distribute information from it unless they can “make the case that something in there is a valid foreign intelligence target in and of itself.”

In this program, the NSA is obliged to make that case only to itself or others in the executive branch. With few exceptions, intelligence operations overseas fall solely within the president’s legal purview. The Foreign Intelligence Surveillance Act, enacted in 1978, imposes restrictions only on electronic surveillance that targets Americans or takes place on U.S. territory.

[snip]

Sen. Dianne Feinstein, the California Democrat who chairs the Senate Intelligence Committee, said in August that the committee has less information about, and conducts less oversight of, intelligence gathering that relies solely on presidential authority. Read more

On the 12th Day of Christmas, the NSA Gave to Me … 12 “Terrorism Supporters”

/4 Comments/in , , /by

Dianne Feinstein is writing op-eds again. Of course, I’m not actually recommending you read her defense of the phone dragnet program — though I do recommend this rebuttal of her claims from ACLU’s Mike German.

In other words, the problem was not that the government lacked the right tools to do its job (it had ample authority to trace Mihdhar’s calls). The problem was that the government apparently failed to use them.

But I do want to look at how DiFi dances around the debunked claims about all the plots the dragnet have stopped.

Since its inception, this program has played a role in stopping roughly a dozen terror plots and identifying terrorism supporters in the U.S.

Her claim is grammatically false, of course. Of the 2 known of these 12 cases where Section 215 was useful, with just one — when it was used to identify an unknown phone of one already identified accomplice of Najibullah Zazi — was a plot actually stopped. In the other, all Section 215 did was identify a supporter of terrorism, Basaaly Moalin. And even there, the FBI itself believed Moalin sent money to al-Shabaab not so much to support terrorism, but to support expelling (US backed) Ethiopian invaders of Somalia.

So while she could say that on 12 occasions Section 215 has helped stop a plot or identified terrorism supporters, what she has said is — surprise surprise! — a lie.

But I am rather amused at how close DiFi gets to arguing a dragnet of every Americans’ phone based relationships is worthwhile because it has found 12 guys who support, but do not engage in, terrorism.

Dianne Feinstein Didn’t Mean to Mislead the Senate into Extending FAA, Promise!

/4 Comments/in , /by

Charlie Savage has a story describing how, after Solicitor General Don Verrilli got caught lying to SCOTUS about whether defendants busted using FISA Amendments Act would have the opportunity to challenge it in court, DOJ has now decided to adopt a different standard for disclosure of such information.

National security lawyers and a policy advisory committee of senior United States attorneys focused on operational worries: Disclosure risked alerting foreign targets that their communications were being monitored, so intelligence agencies might become reluctant to share information with law enforcement officials that could become a problem in a later trial.

But Mr. Verrilli argued that withholding disclosure from defendants could not be justified legally, officials said. Lawyers with several agencies — including the Federal Bureau of Investigation, the N.S.A. and the office of the director of national intelligence — concurred, officials said, and the division changed the practice going forward.

I’ll return to the import of this debate later.

As part of the story, Savage describes why Adel Daoud, who had been named by Dianne Feinstein last year during the FAA reauthorization debate, won’t get access to any wiretapping information, at least not from her. He links to court documents in which the Senate’s lawyer, Morgan Frankel, claims they don’t have to turn over anything under Speech and Debate, but that in any case, DiFi never meant to suggest FAA had identified the terrorists whose cases she invoked to scare the Senate into reauthorizing FAA.

Here’s what she said (the underlined comments were cited by Frankel):

There is a view by some that this country no longer needs to fear attack. I don’t share that view, and I have asked the intelligence committee staff to compile arrests that have been made in the last 4 years in America that have been made between 2009 and 2012. There are 100 arrests that have been made between 2009 and 2012. There have been 16 individuals arrested just this year alone. Let me quickly review some of these plots. Some of these may arrests [sic] come about as a result of this program. Again, if Members want to see the specific cases where FISA Amendments Act authorities were used, they can go and look at the classified background of these cases.

[lists 9 of the 16 arrests, including Daoud’s]

So I believe the FISA Amendments Act is important and these cases show the program has worked. As the years go on, I believe good intelligence is the most important way to prevent future attacks.

Information gained through programs such as this one — and through other sources as well — is able to be used to prevent future attacks. So, in the past 4 years, there have been 100 arrests to prevent something from happening in the United States, some of these plots have been thwarted because of this program.

And here’s how the Senate Legal Counsel Morgan Frankel dismissed these claims.

Notwithstanding that she was speaking in support of reauthorization of Title VII of the Foreign Intelligence Surveillance Act, Senator Feinstein did not state, and she did not mean to state, that FAA surveillance was used in any or all of the nine cases she enumerated,

Read more

Dianne Feinstein’s Pre-UndieBomb Thinking

/12 Comments/in , /by

A whole bunch of people have pilloried Dianne Feinstein’s defense of the phone dragnet and related programs.

But one bizarre argument I haven’t seen challenged is the underlying logic of this passage.

The U.S. must remain vigilant against terrorist attacks against the homeland. Al Qaeda in the Arabian Peninsula (AQAP), considered the world’s most capable and dangerous terrorist organization, is determined to attack the United States. As we have seen since the “underwear bomber” attempted to blow up an airliner over Detroit on Christmas Day 2009, AQAP has developed nonmetallic bombs that can elude airport screeners, and the organization’s expert bomb maker, Ibrahim al-Asiri, remains at large.

Asiri is believed to be behind the October 2010 plot to place bombs disguised as printer cartridges onto cargo planes headed for the U.S. He is also a suspect in the May 2012 suicide-bomber plot against an airliner headed for the U.S. that was foiled when U.S. authorities obtained the planned explosive device through good intelligence work.

Earlier this month, Director of National Intelligence James Clapper testified that in the case of the AQAP threat this summer, there were a number of phone numbers or emails “that emerged from our collection overseas that pointed to the United States.” Fortunately, the NSA call-records program was used to check those leads and determined that there was no domestic aspect to the plotting. [my emphasis]

So here’s the logic.

UndieBomb 1.0 proves AQAP wants to attack the US.

UndieBomb 2.0 is further proof of that, although DiFi doesn’t mention that it was a US-Saudi-Brit sting, meaning the intent came from us.

As part of the Legion of Doom investigation, NSA found phone numbers tied to the US that have, on investigation, proved to be unrelated to the actual alleged plot.

It’s that same theory that 36,000 innocent people must be investigated every time a terrorist plots something to keep us “safe.”

But let’s take a step back. UndieBomb 1.0 … UndieBomb 1.0 …

Yes.

I remember now.

UndieBomb 1.0 was the guy who was allegedly plotting out Jihad with Anwar al-Awlaki — whose communications the FBI had two guys reading — over things like chats and calls. That is, Umar Farouk Abdulmutallab was a guy whose plot the NSA and FBI should have thwarted before he got on a plane. (To say nothing of the CIA and NCTC’s fuck-ups.)

And yet, he got on that plane. His own incompetence and the quick work of passengers prevented that explosion, while a number of needles went unnoticed in the NSA’s most closely watched haystacks.

Nevertheless, the lesson DiFi takes is that we need more haystacks.

Shouldn’t the lessons of UndieBomb 1.0 be just as important to this debate as the partial, distorted, lessons of 9/11?