Posts

The Business as Usual Brigade

/7 Comments/in /by

I missed the CATO surveillance event today (they’ll have video up soon, Julian Sanchez promises), but here’s the speech Ron Wyden gave.

I’m amused by this line:

We wanted to put this marker down early because we know in the months ahead we will be up against a “business-as-usual brigade” – made up of influential members of the government’s intelligence leadership, their allies in thinktanks and academia, retired government officials, and sympathetic legislators.

Wyden, a politician, can’t name these people.

But I would suggest they are all immediately identifiable as an archetype:

Influential members of the government’s intelligence leadership: Keith Alexander and James Clapper

Their allies in thinktanks and academia: Ben Wittes

Retired government officials: Michael Hayden

Sympathetic legislators: Dianne Feinstein

Indeed, further in his speech, he repeats claims these people have made, without identifying the speaker.

Some of the “business as usual” arguments have something of an Alice in Wonderland flavor.

We have heard that surveillance of Americans’ phone records, aka metadata, is not actually surveillance at all – it’s simply the collection of bits of information. [DiFi]

We’ve been told that falsehoods aren’t falsehoods – they are simply imprecise statements. [Clapper]

We’ve been told that rules that have been repeatedly broken are a valuable check on government overreach. [Wittes]

And we’ve been told that codifying secret surveillance laws and making them public surveillance laws is the same as actually reforming these overreaching surveillance programs. [Hayden]

And Wyden is absolutely correct. DiFi has submitted changes to Section 215 and 702 that … don’t change a single solitary thing, except that they (1) write down what the FISA Court has already mandated and (2) expand surveillance by authorizing the wiretapping of roamers for a period in the US.

So maybe Wyden isn’t correct? Maybe this is not the “Business as Usual Brigade,” but the “Use a crisis to authorizing phone wiretapping in the US brigade”?

Whatever it is, these are recognizable people. And the press should be focusing on the many ways in which their legislation actually increases surveillance.

Upstream US Person Collection: EO 12333 and/or FISA?

/10 Comments/in /by

Screen shot 2013-10-04 at 2.42.00 AMKeith Alexander had a really bizarre response to a question from Mazie Hirono in Tuesday’s hearing.

SEN. HIRONO: I have one more question, Mr. Chairman. General Alexander, is PRISM the only intelligence program NSA runs under FISA Section 702?

GEN. ALEXANDER: Well, PRISM was (the statement ?), but, yes. Essentially, the only program was that — that, you know, is PRISM under 702, which under — operates under that authority for the court. But we also have programs under 703, 704 and 705.

Perhaps he was confused by her question (which came in the context of questions about the NYT’s report on the construction of dossiers, potentially on Americans). But he seems to have claimed that PRISM — the collection of Internet content from Internet providers under Section 702 — is the only way the NSA uses FISA Amendments Act to collect content.

Not only does the PRISM slide above belie that (and there’s also phone content that is not covered under PRISM).

But the government itself released the October 3, 2011 John Bates FISC opinion (and other related documents) which describes the government’s collection of Internet transactions directly from the phone company switches (see footnote 24 where Bates distinguishes between the two kinds of Section 702 Internet collection). In an attempt to spin this collection as a big mistake last week, Dianne Feinstein even confirmed that this “upstream” collection comes from the backbone operated by the phone companies.

In mid 2011, NSA notified the DOJ, the DNI, and the FISA court, and House and Senate Intelligence Committees, of a series of compliance incidents impacting a subset of NSA collection under Section 702 of FISA, known as upstream collection.

This comprises about 10 percent of all collection that takes place under 702, and occurs when NSA obtains Internet communications, such as e-mails, from certain U.S. companies that operate the Internet background;[sic] i.e., the companies that own and operate the domestic telecommunication lines over which Internet traffic flows.

So there’s PRISM, there’s phone content collection, and there’s the upstream Internet collection from the phone companies’ switches. All operated, per the 2011 Bates memo, under Section 702 (and therefore overseen by the FISA Court and Congress).

Which is why I’ve been pondering this chart and related explanation, from NSA’s internal review of compliance incidents for the first quarter of 2012.

Screen shot 2013-10-04 at 2.18.15 AM

The chart shows all the violation incidents NSA discovered under programs authorized under Executive Order 12333 — the EO that covers entirely foreign collection, over which FISC and Congress exercise much less oversight than FISA. And what NSA calls “Transit Program” violations appear in the EO 12333, not the FISA, chart. In the first quarter of 2012 (the first quarter after the government started to resolve the 702 upstream collection problems laid out in the Bates memo), Transit Program violations went up from 7 in a quarter to 27.

NSA describes Transit Program violations this way.

(TS//SI//REL TO USA, FVEY) International Transit Switch Collection*: International Transit switches, FAIRVIEW (US-990), STORMBREW (US-983), ORANGEBLOSSOM (US-3251), and SILVERZEPHYR (US-3273), are Special Source Operations (SSO) programs authorized to collect cable transit traffic passing through U.S. gateways with both ends of the communication being foreign. When collection occurs with one or both communicants inside the U.S., this constitutes inadvertent collection. From 4QCY11 to 1QCY12, there was an increase of transit program incidents submitted from 7 to 27, due to the change in our methodology for reporting and counting of these types of incidents,

That is, these “Transit Program” violations reflect the collection of US person data in upstream collection, the very same problem described in the Bates opinion.

As I’ve been puzzling through why Transit Program violations would appear under EO 12333 rather than FISA, I wondered whether NSA collects off switches under both authorities — some content that the telecoms provide after doing an initial screening (as described in this WSJ article and backhandedly confirmed by the DNI), and some programs that the NSA collects and sorts off undersea cables itself. Both FAIRVIEW and STORMBREW show up — seemingly as Section 702 collection — on the PRISM slide above, but ORANGEBLOSSOM and SILVERZEPHYR don’t (WSJ also lists OAKSTAR and LITHIUM).

If so, though, you’d expect NSA to be finding violations under both authorities, because we know the government collects US person data under the 702 authorized upstream collection (they call this unintentional but Bates deemed it intentional).

This is all the more confusing given the way former Assistant Attorney General David Kris discusses “vacuum cleaner” collection taking place under EO 12333. His paper is on metadata collection, not content, but the vacuum cleaner (that is, dragnet) collection collects content as well (and the distinction may get distorted in discussions of Internet packets).

I don’t, yet, know the answer to this question, but the question itself raises several others:

  • Given that there’s not a 702-authorized Transit Program violation category, does that mean NSA wasn’t and may still not be tracking it? That doesn’t make sense, because there are greater mandates to track these things under 702.
  • If there wasn’t a 702-authorized Transit Program violation category before the revelations to John Bates, is it possible NSA instead treated upstream collection as authorized by 12333 so as not to have to report these violations?
  • Are these known violations being reported now? Are they getting reported to Congress and the Court? Or has the NSA simply decided they’re not violations since Bates has okayed them, sort of, as intentional collection?
  • If some of the upstream collection yielding US person content operates under 12333, does it have to be treated under any minimization rules?
  • What do the 7 and 27 violation numbers reflect in relation to the figures of 10,000 SCT and 46,000 MCT estimates involving US persons provided to Bates?
  • Did these violations ever get reported to Congress and the FISC?

In short, either all this upstream collection falls under 702, in which case there’s a big question why NSA tracks it as 12333 collection. Or the NSA’s ability to operate upstream collection under both authorities raises real questions about the protections it accords US person data collected under the 12333 collection.

Update: Two more things on this.

First, remember back in 2001, John Yoo pixie dusted EO 12333, basically holding the President could change the content of it without changing the language of it publicly. That was done, according to Sheldon Whitehouse, to permit the government to “wiretap Americans traveling abroad.” But I suspect it was done to permit the government to “wiretap Americans’ communications traveling abroad” — that is, American Internet traffic that transits foreign switches.

That said, I suspect the 2010 OLC memo on using 2511(2)(f) for collection was meant to clean up some of that (and also Yoo’s reliance on claiming the Fourth Amendment didn’t apply in DOD searches of entire apartment buildings if they were searching for terrorists).

Also, remember that the language of the 2008 Yahoo opinion makes it clear that the Protect America Act — Section 702’s predecessor — relied on 12333 for particularity. While we should soon learn more (FISC is releasing much more of this opinion and underlying documents), it seems that PAA was treated as a nested program within 12333.

The Scandal of Lying about “Thwarted” “Plots” Started 4 Years Ago

/13 Comments/in , , /by

As predicted, one big takeaway from yesterday’s NSA hearing (the other being the obviously partial disclosure about location tracking) is Keith Alexander’s admission that rather than 54 “plots” “thwarted” in the US thanks to the dragnet, only one or maybe two were. Here are some examples.

But they’re missing this real scandal about the government’s lies about the central importance of Section 215.

That scandal started 4 years ago, when an example the FBI now admits had limited import played a critical role in the reauthorization of Section 215 without limits on the dragnet authority.

First, note that even while Leahy got Alexander to back off his “54 plots” claim, the General still tried to insist Section 215 had been critical in two plots, not just one.

SEN. LEAHY: Let’s go into that discussion, because both of you have raised concerns that the media reports about the government surveillance programs have been incomplete, inaccurate, misleading or some combination of that. But I’m worried that we’re still getting inaccurate and incomplete statements from the administration.

For example, we have heard over and over again the assertion that 54 terrorist plots were thwarted by the use of Section 215 and/or Section 702 authorities. That’s plainly wrong, but we still get it in letters to members of Congress; we get it in statements. These weren’t all plots, and they weren’t all thwarted. The American people are getting left with an inaccurate impression of the effectiveness of NSA programs.

Would you agree that the 54 cases that keep getting cited by the administration were not all plots, and out of the 54, only 13 had some nexus to the U.S. Would you agree with that, yes or no?

DIR. ALEXANDER: Yes.

SEN. LEAHY: OK. In our last hearing, Deputy Director Inglis’ testimony stated that there’s only really one example of a case where, but for the use of Section 215, bulk phone records collection, terrorist activity was stopped. Is Mr. Inglis right?

DIR. ALEXANDER: He’s right. I believe he said two, Chairman; I may have that wrong, but I think he said two, and I would like to point out that it could only have applied in 13 cases because of the 54 terrorist plots or events, only 13 occurred in the U.S. Business Record FISA was only used in (12 of them ?).

SEN. LEAHY: I understand that, but what I worry about is that some of these statements that all is — all is well, and we have these overstatements of what’s going on — we’re talking about massive, massive, massive collection. We’re told we have to do that to protect us, and then statistics are rolled out that are not accurate. It doesn’t help with the credibility here in the Congress; doesn’t help with the credibility with us, Chairman, and it doesn’t help with the credibility with the — with the country. [my emphasis]

Here’s the transcript at I Con the Record from the previous hearing, where Inglis in fact testified that Section 215 was only critical in the Basaaly Moalin case (which was not a plot against the US but rather funding to defeat a US backed invasion of Somalia).

MR. INGLIS: There is an example amongst those 13 that comes close to a but-for example and that’s the case of Basaaly Moalin.

 

That is, in fact, Inglis said it had been critical in just one “plot.”

After he did, FBI Deputy Director Sean Joyce piped in to note the phone dragnet also “played a role” by identifying a new phone number of a suspect we already knew about in the Najibullah Zazi case.

MR. JOYCE: I just want to relate to the homeland plots. So in Najibullah Zazi and the plot to bomb the New York subway system, Business Record 215 played a role; it identified specifically a number we did not previously know of a —

SEN. LEAHY: It was a — it was a critical role?

MR. JOYCE: What I’m saying — what it plays a

SEN. LEAHY: (And was there ?) some undercover work that was — took place in there?

MR. JOYCE: Yes, there was some undercover work.

SEN. LEAHY: Yeah —

MR. JOYCE: What I’m saying is each tool plays a different role, Mr. Chairman. I’m not saying that it is the most important tool —

SEN. LEAHY: Wasn’t the FBI — wasn’t the FBI already aware of the individual in contact with Zazi?

MR. JOYCE: Yes, we were, but we were not aware of that specific telephone number, which NSA provided us. [my emphasis]

So, when pressed, Joyce admitted that Section 215 wasn’t critical to finding Adis Medunjanin, one of Zazi’s conspirators. (And if you read Matt Apuzzo and Adam Goldman’s Enemies Within, you see just how minor a role it played.)

That’s important, because the Administration’s use of Section 215 in the Zazi case was crucially important to the defeat of two efforts to rein in the dragnet in 2009.

Read more

David Kris Joins Ben Wittes in His NAKED! Choir

/8 Comments/in , /by

I know, I know. I’ve promised my substantive post on David Kris’ paper on the phone and Internet dragnets.

I know, I know. My repeated harping on the failure to inform the 2011 House freshmen about the dragnet is getting tedious.

But Kris dedicated 16 pages of his 67 page paper to arguing that the statutory requirements for briefing Congress about the dragnets (which Kris says require only Intelligence and Judiciary Committee briefing) have been met. He ultimately makes a half-hearted attempt to make the same argument Claire Eagan did about Congress adopting judicial interpretation. And he lays out the fatally weak case Ben Wittes has in the past to justify his wails of NAKED!

In doing so, Kris claims that, “all Members were offered briefings on the FISC’s interpretation.”

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. There is a basic principle of statutory construction that “Congress is presumed to be aware of an administrative or judicial interpretation of a statute and to adopt that interpretation when it reenacts a statute without change,”208 as it did repeatedly with the tangible things provision.

[snip]

Of course, it would be ridiculous to presume that Congress adopted a classified interpretation of a law of which it could not have been aware. As described above, however, the historical record shows that many Members were aware, and that all Members were offered briefings on the FISC’s interpretation, even if they did not attend the briefings.

And yet, in all those 16 pages, he offers not one whit of evidence that the 93 members of Congress elected in 2010 (save the 7 on the Intelligence and Judiciary Committees) could have learned about the program save two briefings offered in May 2011.

Unless you count this argument, which suffers from a basic logic problem.

In an unclassified report published in March 2011, the Senate Intelligence Committee emphasized that it had offered a briefing to all Members of Congress concerning the bulk telephony metadata collection:

Prior to the extension of the expiring FISA provisions in February 2010, the Committee acted to bring to the attention of the entire membership of the Senate important information related to the nature and significance of the FISA collection authority subject to sunset. Chairman Feinstein and Vice Chairman Bond notified their colleagues that the Attorney General and the DNI had provided a classified paper on intelligence collection made possible under the Act and that the Committee was providing a secure setting where the classified paper could be reviewed by any Senator prior to the vote on passage of what became Public Law 111–141 to extend FISA sunsets. [my bold]

The entire membership of the Senate, after all, is not the same thing as “all Members of Congress.”

Ultimately, though, Kris concedes (citing just the white paper, and not citing me, the Guardian, any other reporting, or Justin Amash’s public statements to the effect) that just maybe this information wasn’t passed on in 2011 — but don’t worry, the Executive did its job!

Although the House Intelligence Committee did notify Members of the House of the classified documents and briefings in 2010 (when it was led by Chairman Sylvestre Reyes), it may not have done so in 2011 (when it was led by Chairman Mike Rogers). See White Paper at 18 n.13.

[snip]

Regardless of any intracongressional issues in 2011, as a matter of inter-branch relations, it is clear that the Executive Branch provided the materials with the intent that they be made available to all Members of Congress, as they had been in 2009.

Now, Kris is a much better lawyer than the flunkies who wrote the Administration’s far weaker White Paper on Section 215, and his argument here betrays not only that, but, I suspect, a hint that he realizes the flaw in his argument.

Notice in his claim that “all Members were offered briefings on the FISC’s interpretation,” he doesn’t argue all members got the Executive Branch notices on the program. He doesn’t argue that all members got briefed on the content on the notices. Rather, he claims only that they were offered briefings on the FISC’s interpretation.

Read more

The People Who Work at Arthur Anderson NSA Are Such Nice People

/8 Comments/in /by

[youtube]uF40mZbrd7I[/youtube]

Back in 2001 or early 2002, I sat next to a lifetime Arthur Anderson accountant on a long plane ride. We talked about the Enron debacle and its ties to Anderson. She hadn’t worked the Enron account, and she insisted that Anderson itself was a highly ethical company — it was just the Enron account that was bad, she said. I gently raised the several other big accounting scandals Anderson starred in — Waste Management and Sunbeam both broke in 2001. But in her mind, that she and the people she worked with seemed like good people was all the proof she needed that Anderson was not a systematically unethical company.

That is, effectively, the defense that Bobby Chesney and Ben Wittes want to offer of the NSA after Chesney helped set up a special meeting of academics (plus Wittes) with the agency.

Our major takeaway concerns the dramatic disparity that separates the perception on the outside of what this agency does and NSA’s self-perception. To hear NSA folks talk about their compliance regime, for example, is to hear about an entirely different animal than the situation depicted in many new stories. To hear NSA folks discuss the relationship between encryption, cyber-security, and cyber offense is a different animal than to read news stories about how NSA breaks encryption. And so forth.  These conversations were all unclassified, but they vividly described a wide gap in understanding between NSA and the press, members of Congress, and the public regarding what the agency does and doesn’t do, how accountable and regulated it is, to what extent it complies with the law and how, and what the relevant law is.

That gap is unnecessary, or at least it need not be so wide. Read more

“Whoa Whoa Whoa, Stop!” Dianne Feinstein Misstates the 2011 Violations

/20 Comments/in /by

One of the most enlightening aspects of yesterday’s Senate Intelligence Hearing on FISA came when Dianne Feinstein tried to rebut witness Tim Edgar’s categorization of the 2011 violations described in John Bates October 8, 2011 opinion. In her rebuttal, she proved she either doesn’t know, doesn’t understand, or chooses to misrepresent the opinion, which found that NSA had violated the law and Fourth Amendment in its Section 702 program.

Edgar was arguing (see page 5-6) that if the FISA Court opinions were publicly released, we’d know about ridiculous semantic definitions — like “relevant” — as those definitions were invoked, not years after the fact, which would lead to greater trust in the FISC.

As his second example, he cited NSA’s collection of US person communications on upstream collection. (After 2:20)

EDGAR: [T]he NSA’s interpretation of the requirement in Section 702, for content surveillance targeting foreign persons, that those procedures must target foreign persons is also surprising. The FISA court’s recently released opinions show that communications that target foreign persons include not only communications that are to or from that person, but also those that are merely about that person in a particular narrow sense, that the selection — the selector for that person appears in the communication.

Even communications which are not to or from, or about, the foreign target at all have been acquired as the result of the manner in which some NSA collection was conducted.

DiFi interrupted him (whoa whoa whoa stop!) — and (having read his statement in advance) started reading a written rebuttal to provide her version of the 2011 violations.

FEINSTEIN: Whoa, whoa, whoa, stop. Exactly what program are you talking about?

EDGAR: In the recently released FISA court opinion about upstream collection in the compliance incidents in 2011, it was documented how information from multiple communications — what they called “multiple communications transactions” — was obtained not by mistake, but because of the way the system was designed. That included any selector that was a foreign target in the entire multi- communications transaction.

And so that created a lot of controversy in the FISA court, and required the FISA court to work with the Justice Department and the intelligence community to narrow the minimization guidelines.

FEINSTEIN: OK. Because this is — this is important, may I interrupt this just — respond? [reading from prepared statement] In mid 2011, NSA notified the DOJ, the DNI, and the FISA court, and House and Senate Intelligence Committees, of a series of compliance incidents impacting a subset of NSA collection under Section 702 of FISA, known as upstream collection.

This comprises about 10 percent of all collection that takes place under 702, and occurs when NSA obtains Internet communications, such as e-mails, from certain U.S. companies that operate the Internet background;[sic] i.e., the companies that own and operate the domestic telecommunication lines over which Internet traffic flows.

In essence, the issue that arose in 2011 was that NSA, while trying to acquire e-mails to, from, or about an overseas target, realized it, and was inadvertent — that it was inadvertently acquiring other e-mails, including some e-mails sent between persons inside the United States that happened to be bundled with the e-mail messages NSA was trying to collect.

This bundling is done by Internet companies in order to make it easier to send information quickly over the telecom lines that make up the Internet. Unfortunately, NSA’s technical systems could not easily separate the individual messages within these bundles. And the result was that NSA collected some e-mail messages it did not intend to acquire.

OK. We held a lengthy hearing on the court’s ruling on October 20, 2011, at which General Alexander and Lisa Monaco — then the assistant attorney general for national security — described the court’s ruling and what they were doing to address it.

Here’s my point: It was a mistake. Action was taken immediately to correct it. It came to us. We took action. [bold mine, underline emphasis DiFi applied in delivery]

DiFi’s prepared statement misstates the facts as presented in Bates’ opinion in several ways:

  • The issue had existed since before July 2008
  • The collection was — according to the court ruling — not inadvertent
  • NSA only corrected the problem under threat of criminal referral, after months of delay

First, the issue did not arise in 2011.

As Bates made clear, “NSA has been collecting MCT’s since before the Court’s approval of the first Section 702 certification in 2008.” Read more

Ron Wyden’s What’s-Old-Is-New Question: Reverse Targeting

/2 Comments/in , /by

When you track Ron Wyden’s persistent attempts to squeeze answers out of National Security officials, you grow familiar with the rhythm of questions. Drone memos — Article II or AUMF, he asked for years before getting a still-secret answer. Has the government ever bulk collected location, Keith Alexander refused to answer yet again yesterday. As I noted, he publicly asked for the common commercial agreement OLC memo back in January before he asked again yesterday, in addition to a number of non-public requests he (and Russ Feingold) made.

That’s true of most of his questions from yesterday.

He asked, again, about the NSA’s ability to search through incidentally collected data for US person communications.

Section 702 of FISA was intended to give the government new authority to target foreigners, but the executive branch has argued that the NSA should have the authority to deliberately go through communications collected under section 702 and conduct warrantless searches for the communications of individual Americans. Has the NSA ever conducted any of these warrantless searches for individual Americans’ communications?

He tried to limit this in last year’s reauthorization, asked about it last fall, and caught Keith Alexander lying about it back in June.

The answer to the question, of course, is “Yes.”

He asked, again, how long the government has used PATRIOT to conduct bulk collection of US person data.

How long has the NSA used Patriot Act authorities to engage in the bulk collection of Americans’ records? And was this collection underway when Congress was voting to reauthorize the Patriot Act in late 2005 and early 2006?

He — and 25 other Senators — asked this question back in June. But Clapper refused to answer it.

The answer to the question (as has been confirmed by the 2009 draft NSA IG Report) is “Yes.” Which of course either means Congress added the “relevant to” language to shut down such bulk collection, or the government lied about how it was using the Pen Register/Trap and Trace and Business Records provisions when Congress reauthorized the PATRIOT Act in 2006.

But it’s the last question that — in this form at least — is new:

One of the recurring debates about section 702 of FISA is whether the law should include stronger protections against reverse targeting, which is the prohibited practice of trying to spy on Americans by collecting the communications of foreigners that those Americans are believed to be talking to. Since the FISA Amendments Act was passed in 2008, have there been any instances of reverse targeting by NSA analysts?

Don’t get me wrong. There has been plenty of discussion of reverse targeting going back to before the FISA Amendments Act (and, for that matter, the Protect America Act) were passed.

But the answer to this question, as with the two others, is almost surely “Yes.” Otherwise, Wyden wouldn’t have asked it (and planned to ask it during a public hearing).

Which means that, either before or after the FISA Court permitted the NSA to search through incidentally collected for US person communications (see question 1), it caught analysts picking foreign targets in such a way that they could collect the communications of Americans.

They did precisely what the law prohibits explicitly.

That is new.

No wonder DiFi ensured Wyden wouldn’t get a second round of questions, saving Keith Alexander and James Clapper from answering this in public.

Did OLC Rule Americans Have Voluntarily Allowed NSA to Collect Their Communications Domestically?

/12 Comments/in , /by

Some weeks ago, I waded into a discussion between Charlie Savage and Ben Wittes to suggest that a still-secret OLC opinion Ron Wyden mentioned back in January might serve as the basis for collecting US person communications at the phone switches.

In his letter to John Brennan in January asking for a slew of things, Ron Wyden mentioned two opinions that may be the still-secret legal analysis mentioned by Savage.

Third, over two years ago, Senator Feingold and I wrote to the Attorney General regarding two classified opinions from the Justice Department’s Office of Legal Counsel, including an opinion that interprets common commercial service agreements. We asked the Attorney General to declassify both of these opinions, and to revoke the opinion pertaining to commercial service agreements. Last summer, I repeated the request, and noted that the opinion regarding commercial service agreements has direct relevance to ongoing congressional debates regarding cybersecurity legislation. The Justice Department still has not responded to these letters.

The opinions would have to pre-date January 14, 2011, because Feingold and Wyden requested the opinions before that date.

The reason I think the service agreements one may be relevant is because the opinions Ben cites focus on whether government users have given consent for EINSTEIN surveillance; in his article on it Bradbury focuses on whether the government could accomplish something similar with critical infrastructure networks.

I suspect this opinion — whatever question it addresses — makes the case that Americans have given NSA voluntary permission to collect US person communications from certain (I’m not sure which ones) switches.

Whatever it says, though, Ron Wyden just asked for the opinion again.

Over the last few years I have written multiple letters to Attorney General Holder regarding a particular opinion from the Justice Department’s Office of Legal Counsel that interprets common commercial service agreements. I have said that I believe that this opinion is inconsistent with the public’s understanding of the law, and that it needs to be both withdrawn and declassified. Despite multiple follow-ups from my staff I still have not received a response to any of these letters. Can you tell me when I can expect a response?

The biggest reason public understanding of the law would matter, after all, is if OLC were interpreting it to reflect voluntary consent for collection of data that the public didn’t realize they had given. And we know NSA wants to — if it is not already — scan communications for malicious code in the name of cybersecurity on critical infrastructure networks the same way it is doing on government networks.

Remember, this is one of 4 questions Wyden would have asked had DiFi allowed an elected Senator to ask questions rather than an NSA apologist to appear. Wyden had apparently alerted Keith Alexander to what those questions were.

Heck, this is even a question aplogist Ben Wittes has expressed an interest in. For once it is his questions, in addition to members of Congress, that are not getting answered.

Dianne Feinstein Gives NSA Apologist Ben Wittes More “Oversight” Time than Ron Wyden

/11 Comments/in , /by

Screen shot 2013-09-26 at 5.01.04 PMThe Senate Intelligence Committee hearing on NSA changes just finished.

It was about what you’d expect: Dianne Feinstein and Saxby Chambliss claimed they were making changes that don’t amount to much, at least four Senators filibustered themselves so they wouldn’t have to ask any questions (and therefore betray ignorance).

And of course, Ron Wyden and Mark Udall tried to ask questions.

The problem is, Dianne Feinstein had already deviated from normal Senate policy by giving Senators just 5 minutes to ask questions (that is the practice in the House, which is why House hearings are so much more stupid than Senate ones, generally).

Which meant that when Ron Wyden asked his first question — about geolocation — General Keith Alexander knew he could filibuster. As he did.

Now with respect to questions, let me start with you Director Alexander, and, as you all know, I will notify you in advance so that there won’t be any surprise about the types of issues we are going to get into. And Director Alexander, Senators Udall, Heinrich and I and about two dozen other senators have asked in the past whether the NSA has ever collected or made any plans to collect Americans’ cell-site information in bulk. What would be your response to that?

Gen. Keith Alexander (Alexander): Senator, on July 25, Director Clapper provided a non-classified written response to this question amongst others, as well as a classified supplement with additional detail. Allow me to reaffirm what was stated in that unclassified response. Under section 215, NSA is not receiving cell-site location data and has no current plans to do so. As you know, I indicated to this committee on October 20, 2011, that I would notify Congress of NSA’s intent to obtain cell-site location data prior to any such plans being put in place. As you may also be aware, —

Wyden: General, if I might. I think we’re all familiar with it. That’s not the question I’m asking. Respectfully, I’m asking, has the NSA ever collected or ever made any plans to collect Americans’ cell-site information. That was the question and we, respectfully General, have still not gotten an answer to it. Could you give me an answer to that?

Alexander: We did. We sent that — as you’re also aware I expressly reaffirmed this commitment to the committee on June 25, 2013. Finally, in the most recent and now declassified opinion renewing this program, the FISA court made clear in footnote number five that notice to the court in a briefing would be required if the government were to seek production of cell-site location information as part of the bulk production of call detail records. Additional details were also provided in the classified supplement to Director Clapper’s July 25th response to this question. So what I don’t want to do, Senator, is put out in an unclassified forum anything that’s classified there so I’m reading to you exactly. So we sent both of these to you. I saw what Director Clapper sent and I agree with it.

Wyden: General, if you’re responding to my question by not answering it because you think that’s a classified matter that is certainly your right. We will continue to explore that because I believe this is something the American people have a right to know whether the NSA has ever collected or made plans to collect cell-site information. I understand your answer. I’ll have additional questions on the next round. Thank you, Madam Chair. [my emphasis]

Wyden deferred his further questions to the second round.

But when the first round ended, DiFi said they didn’t have time for a second one, because they had to move onto the two non-governmental witnesses, Ben Wittes and Tim Edgar. Wyden tried to just ask his questions quickly, but Susan Collins objected.

Wittes — who recently admitted that he is an NSA apologist, according to the dictionary definition of the term — had an unfettered (and unsworn) opportunity to read his statement, which seemed to take up far more than the 5 minutes Wyden got to exercise oversight (the entire statement, with admittedly long footnotes, was 13 pages, though I’m not certain he read it all).

Effectively, then, Wittes’ mere presence served as a means to silence people asking real questions about NSA. DiFi claimed she had invited James Clapper and Keith Alexander to set the facts straight, but then made sure they’d be able to filibuster any effort to liberate a stray fact or two.

Next time he accuses Congress of being NAKED!, I do hope he remembers that his very presence has been used to prevent elected members of Congress from asking the questions Wittes is so sure the government is forthcoming in answering.

NSA Bids to Expand Power Domestically to Track Chinese (!?) Terrorists

/12 Comments/in /by

While all sane people are trying to rein in NSA’s authority, the Gang of Four plans to use today’s parade of liars to expand NSA’s authority.

In explaining the need for this expanded authority, Dianne Feinstein and Mike Rogers claimed to the AP this is about terrorists.

The chairwoman of the Senate Intelligence Committee, Sen. Dianne Feinstein, D-Calif., told The Associated Press that her committee is drafting a bill that would amend the law’s Section 702 provision, which authorizes targeting non-Americans outside the U.S., to allow uninterrupted spying on a suspect for “a limited period of time after the NSA learns the target has traveled to the United States, so the government may obtain a court order based on probable cause.”

“Logically, someone under NSA surveillance, such as a terrorist, may present more interest to the government if they are inside the United States,” but the surveillance can be temporarily stopped while the NSA or FBI builds its case to permit uninterrupted spying, Feinstein said.

[snip]

“I call it the terrorist lottery loophole,” said Rep. Mike Rogers, D-Mich., the chairman of the House Intelligence Committee. “If you can find your way from a foreign country where we have reasonable suspicion that you are … a terrorist … and get to the United States, under a current rule, they need to turn it off and do a complicated handoff” to the FBI.

But further down, Rogers make it clear that this measure is designed to address the roamer problem that was revealed in an internal NSA audit earlier this year.

“It’s a foreign phone, it’s pinging off foreign networks,” Rogers said. “The suspect may turn it off. The suspect gets here. Now all of the sudden, the next thing they know, they (the NSA) are picking it up, but it’s in Brooklyn. … But they’ve been listening to it for two days. They have to turn it off, and then report it as an incident.”

We know from that audit report that this roamer problem actually declined during the period in question (though it did rise for Section 702 authority), contrary to NSA attempts to attribute the rise in violations to it. In addition, at least at that time, the problem primarily arose from Chinese targets entering the US, not Middle Eastern terrorists (the breakdown of violations from NSA’s geographical focus areas seems to support this). Indeed, the NSA made the embarrassingly false claim that the increase (which was actually a decrease) of roaming incidents was just about Chinese New Year.

The increase [sic] in incidents reported for 1QCY12 was due to an increase in the number of reported Global System for Mobile Communications (GSM) roamer1 incidents, which may be attributed to an increase in Chinese travel to visit friends and family for the Chinese Lunar New Year holiday.

So apparently we’re now beset by hordes of Chinese terrorists visiting the US for Chinese New Year we knew nothing about.

There’s one more problem with the claim that they will allow the NSA (or maybe the FBI) to track GSM phones without a warrant domestically. The Gang of Four claims the amended law would allow the NSA to continue tracking that GSM phone for “a limited period of time after the NSA learns the target has traveled to the United States.”

But the entire reason the roamer problem exists is because NSA only gets updates on location quarterly, so unless they learn about these Chinese terrorists’ travel by some content data, they don’t even know the phone is in the US. Read more