Posts

Like All Else, Trump’s Inspector General Turnover Is about Pandemic

Update: I’m republishing this and bumping it, because Trump just replaced Glenn Fine as Acting Inspector General — whom Michael Horowitz had named to head the Pandemic Response Accountability Committee — with the IG for EPA. This makes him ineligible to head PRAC. Fine will remain Principle Deputy IG. 

Late last night, President Trump fired the Intelligence Community Inspector General Michael Atkinson, the Inspector General who alerted Congress of the whistleblower complaint that led to Trump’s impeachment. Trump effectively put Atkinson on administrative leave for 30 days in a move that skirts the legal requirement that an inspector general be fired for cause and Congress be notified of it.

Trump has been accused of firing Atkinson late at night on a Friday under cover of the pandemic to retaliate for the role Atkinson had — which consisted of nothing more than doing his job as carefully laid out by law — in Trump’s impeachment. It no doubt is.

But it’s also likely about the pandemic and Trump’s proactive attempts to avoid any accountability for his failures in both the pandemic response and the reconstruction from it.

There were a lot of pandemic warnings Trump ignored that he wants to avoid becoming public

I say that, first of all, because of the likelihood that Trump will need to cover up what intelligence he received, alerting him to the severity of the coming pandemic. Trump’s administration was warned by the intelligence community no later than January 3, and a month later, that’s what a majority of Trump’s intelligence briefings consisted of. But Trump didn’t want to talk about it, in part because he didn’t believe the intelligence he was getting.

At a White House briefing Friday, Health and Human Services Secretary Alex Azar said officials had been alerted to the initial reports of the virus by discussions that the director of the Centers for Disease Control and Prevention had with Chinese colleagues on Jan. 3.

The warnings from U.S. intelligence agencies increased in volume toward the end of January and into early February, said officials familiar with the reports. By then, a majority of the intelligence reporting included in daily briefing papers and digests from the Office of the Director of National Intelligence and the CIA was about covid-19, said officials who have read the reports.

[snip]

Inside the White House, Trump’s advisers struggled to get him to take the virus seriously, according to multiple officials with knowledge of meetings among those advisers and with the president.

Azar couldn’t get through to Trump to speak with him about the virus until Jan. 18, according to two senior administration officials. When he reached Trump by phone, the president interjected to ask about vaping and when flavored vaping products would be back on the market, the senior administration officials said.

On Jan. 27, White House aides huddled with then-acting chief of staff Mick Mulvaney in his office, trying to get senior officials to pay more attention to the virus, according to people briefed on the meeting. Joe Grogan, the head of the White House Domestic Policy Council, argued that the administration needed to take the virus seriously or it could cost the president his reelection, and that dealing with the virus was likely to dominate life in the United States for many months.

Mulvaney then began convening more regular meetings. In early briefings, however, officials said Trump was dismissive because he did not believe that the virus had spread widely throughout the United States.

In that same period, Trump was demanding Department of Health and Human Service Secretary Alex Azar treat coronavirus briefings as classified.

The officials said that dozens of classified discussions about such topics as the scope of infections, quarantines and travel restrictions have been held since mid-January in a high-security meeting room at the Department of Health & Human Services (HHS), a key player in the fight against the coronavirus.

Staffers without security clearances, including government experts, were excluded from the interagency meetings, which included video conference calls, the sources said.

“We had some very critical people who did not have security clearances who could not go,” one official said. “These should not be classified meetings. It was unnecessary.”

The sources said the National Security Council (NSC), which advises the president on security issues, ordered the classification.”This came directly from the White House,” one official said.

Now, it could be that this information was legitimately classified. But if so, it means Trump had even more — and higher quality — warning of the impending pandemic than we know. If not, then it was an abuse of the classification process in an attempt to avoid having to deal with it. Either one of those possibilities further condemns Trump’s response.

Also in this same period, then Director of National Intelligence Joseph Maguire was asking not to hold a public Worldwide Threats hearing because doing so would amount to publicly reporting on facts that the President was in denial about.

The U.S. intelligence community is trying to persuade House and Senate lawmakers to drop the public portion of an annual briefing on the globe’s greatest security threats — a move compelled by last year’s session that provoked an angry outburst from President Donald Trump, multiple sources told POLITICO.

Officials from the Office of the Director of National Intelligence, on behalf of the larger clandestine community, don’t want agency chiefs to be seen on-camera as disagreeing with the president on big issues such as Iran, Russia or North Korea, according to three people familiar with preliminary negotiations over what’s known as the Worldwide Threats hearing.

The request, which is unlikely to be approved, has been made through initial, informal conversations at the staff level between Capitol Hill and the clandestine community, the people said.

Not only did that hearing never happened, but neither has a report been released.

Among the things then Director of National Intelligence Dan Coats warned of in last year’s hearing was the threat of a pandemic.

We assess that the United States and the world will remain vulnerable to the next flu pandemic or large-scale outbreak of a contagious disease that could lead to massive rates of death and disability, severely affect the world economy, strain international resources, and increase calls on the United States for support. Although the international community has made tenuous improvements to global health security, these gains may be inadequate to address the challenge of what we anticipate will be more frequent outbreaks of infectious diseases because of rapid unplanned urbanization, prolonged humanitarian crises, human incursion into previously unsettled land, expansion of international travel and trade, and regional climate change.

So to some degree, Trump has to make sure there’s no accountability in the intelligence community because if there is, his failure to prepare for the pandemic will become all the more obvious.

Richard Burr is incapable of defending the Intelligence Community right now

But it’s also the case that the pandemic — and the treatment of early warnings about it — may have created an opportunity to retaliate against Atkinson when he might not have otherwise been able to. Even beyond offering cover under the distraction of thousands of preventable deaths, the pandemic, and Senate Intelligence Committee Chair Richard Burr’s success at profiting off it, means that the only Republican who might have pushed back against this action is stymied.

On Sunday, multiple outlets reported that DOJ is investigating a series of stock trades before most people understood how bad the pandemic would be. Burr is represented by former Criminal Division head Alice Fisher — certainly the kind of lawyer whose connections and past white collar work would come in handy for someone trying to get away with corruption.

The Justice Department has started to probe a series of stock transactions made by lawmakers ahead of the sharp market downturn stemming from the spread of coronavirus, according to two people familiar with the matter.

The inquiry, which is still in its early stages and being done in coordination with the Securities and Exchange Commission, has so far included outreach from the FBI to at least one lawmaker, Sen. Richard Burr, seeking information about the trades, according to one of the sources.

[snip]

Burr, the North Carolina Republican who heads the Senate Intelligence Committee, has previously said that he relied only on public news reports as he decided to sell between $628,000 and $1.7 million in stocks on February 13. Earlier this month, he asked the Senate Ethics Committee to review the trades given “the assumption many could make in hindsight,” he said at the time.

There’s no indication that any of the sales, including Burr’s, broke any laws or ran afoul of Senate rules. But the sales have come under fire after senators received closed-door briefings about the virus over the past several weeks — before the market began trending downward. It is routine for the FBI and SEC to review stock trades when there is public question about their propriety.

In a statement Sunday to CNN, Alice Fisher, a lawyer for Burr, said that the senator “welcomes a thorough review of the facts in this matter, which will establish that his actions were appropriate.”

“The law is clear that any American — including a Senator — may participate in the stock market based on public information, as Senator Burr did. When this issue arose, Senator Burr immediately asked the Senate Ethics Committee to conduct a complete review, and he will cooperate with that review as well as any other appropriate inquiry,” said Fisher, who led the Justice Department’s criminal division under former President George W. Bush.

In spite of Fisher’s bravado, Burr is by far the most legally vulnerable of the senators who dumped a lot of stock in the period. That’s partly because he had access to two streams of non-public reporting on the crisis, the most classified on SSCI (which Senator Feinstein also would have had), but also on the Health, Education, Labor, and Pensions committee. And unlike the other senators, Burr admitted that he made these trades himself.

Again, in spite of Fisher’s claims, Burr will be forced to affirmatively show that he didn’t rely on this non-public information when dumping an inordinate amount of stock.

All of which is to say that Burr may be hoping that Fisher can talk him out of any legal exposure, which will require placating the thoroughly corrupt Bill Barr.

I had already thought that Trump might use this leverage to influence the findings or timing of the remaining parts of SSCI’s Russian investigation. That’s all the more true of Atkinson’s firing. Thus far, Burr has remained silent on what is obviously a legally inappropriate firing.

Even as he fired Atkinson, Trump undermined any oversight of his pandemic recovery efforts

A week before firing Atkinson, Trump made it clear he had no intention of being bound by Inspectors General in his signing statement for the “CARES Act” recovery bill. In addition to stating that Steve Mnuchin could reallocate spending without prior notice to Congress (as required by the bill and the Constitution), Trump also undercut both oversight mechanisms in the law. He did so by suggesting that the Chairperson of Council of the Inspectors General on Integrity and Efficiency (who is DOJ’s Inspector General Michael Horowitz) should not be required to consult with Congress about who he should make Director and Deputy Director of the Pandemic Response Accountability Committee.

Section 15010(c)(3)(B) of Division B of the Act purports to require the Chairperson of the Council of the Inspectors General on Integrity and Efficiency to consult with members of the Congress regarding the selection of the Executive Director and Deputy Executive Director for the newly formed Pandemic Response Accountability Committee. The Committee is an executive branch entity charged with conducting and coordinating oversight of the Federal Government’s response to the coronavirus outbreak. I anticipate that the Chairperson will be able to consult with members of the Congress with respect to these hiring decisions and will welcome their input. But a requirement to consult with the Congress regarding executive decision-making, including with respect to the President’s Article II authority to oversee executive branch operations, violates the separation of powers by intruding upon the President’s power and duty to supervise the staffing of the executive branch under Article II, section 1 (vesting the President with the “executive Power”) and Article II, section 3 (instructing the President to “take Care” that the laws are faithfully executed). Accordingly, my Administration will treat this provision as hortatory but not mandatory.

On Monday, Horowitz named DOD Acting Inspector General Glenn Fine Director of PRAC.

In appointing Mr. Fine to Chair the PRAC, Mr. Horowitz stated, “Mr. Fine is uniquely qualified to lead the Pandemic Response Accountability Committee, given his more than 15 years of experience as an Inspector General overseeing large organizations — 11 years as the Department of Justice Inspector General and the last 4 years performing the duties of the Department of Defense Inspector General. The Inspector General Community recognizes the need for transparency surrounding, and strong and effective independent oversight of, the federal government’s spending in response to this public health crisis. Through our individual offices, as well as through CIGIE and the Committee led by Mr. Fine, the Inspectors General will carry out this critical mission on behalf of American taxpayers, families, businesses, patients, and health care providers.”

Last night, however, after years of leaving DOD’s IG position vacant, Trump nominated someone who has never managed the an office like DOD’s Inspector General, which oversees a budget larger than that of many nation-states, and who is currently at the hyper-politicized Customs and Border Patrol.

Jason Abend of Virginia, to be Inspector General, Department of Defense.

Mr. Abend currently serves as Senior Policy Advisor, United States Customs and Border Protection.

Prior to his current role, Mr. Abend served in the Federal Housing Finance Agency’s Office of Inspector General as a Special Agent. Before that, he served as a Special Agent in the Department of Housing and Urban Development’s Office of Inspector General, where he led a team investigating complex Federal Housing Administration mortgage and reverse mortgage fraud, civil fraud, public housing assistance fraud, and internal agency personnel cases.

Mr. Abend was also the Founder and CEO of the Public Safety Media Group, LLC, a professional services firm that provided strategic and operational human resources consulting, training, and advertising to Federal, State, and local public safety agencies, the United States Military, and Intelligence agencies.

Earlier in his career, Mr. Abend worked as a Special Agent at the United States Secret Service and as an Intelligence Research Specialist at the Federal Bureau of Investigation.

Mr. Abend received his bachelor’s degree from American University and has received master’s degrees from both American University and George Washington University.

Abend seems totally unqualified for the DOD job alone, but if he is confirmed, he would also make Fine ineligible to head PRAC.

Horowitz issued a statement on Atkinson’s firing today that emphasized that Atkinson had acted appropriately with the Ukraine investigation, as well as his intent to conduct rigorous oversight, including — perhaps especially — PRAC.

Inspector General Atkinson is known throughout the Inspector General community for his integrity, professionalism, and commitment to the rule of law and independent oversight. That includes his actions in handling the Ukraine whistleblower complaint, which the then Acting Director of National Intelligence stated in congressional testimony was done “by the book” and consistent with the law. The Inspector General Community will continue to conduct aggressive, independent oversight of the agencies that we oversee. This includes CIGIE’s Pandemic Response Accountability Committee and its efforts on behalf of American taxpayers, families, businesses, patients, and health care providers to ensure that over $2 trillion dollars in emergency federal spending is being used consistently with the law’s mandate.

Also in last week’s signing statement, Trump said he would not permit an Inspector General appointed to oversee the financial side of the recovery to report to Congress when Treasury refuses to share information.

Section 4018 of Division A of the Act establishes a new Special Inspector General for Pandemic Recovery (SIGPR) within the Department of the Treasury to manage audits and investigations of loans and investments made by the Secretary of the Treasury under the Act. Section 4018(e)(4)(B) of the Act authorizes the SIGPR to request information from other government agencies and requires the SIGPR to report to the Congress “without delay” any refusal of such a request that “in the judgment of the Special Inspector General” is unreasonable. I do not understand, and my Administration will not treat, this provision as permitting the SIGPR to issue reports to the Congress without the presidential supervision required by the Take Care Clause, Article II, section 3.

That may not matter now, because Trump just nominated one of the lawyers who just helped him navigate impeachment for that SIGPR role.

Brian D. Miller of Virginia, to be Special Inspector General for Pandemic Recovery, Department of the Treasury.

Mr. Miller currently serves as Special Assistant to the President and Senior Associate Counsel in the Office of White House Counsel. Prior to his current role, Mr. Miller served as an independent corporate monitor and an expert witness. He also practiced law in the areas of ethics and compliance, government contracts, internal investigations, white collar, and suspension and debarment. Mr. Miller has successfully represented clients in government investigations and audits, suspension and debarment proceedings, False Claims Act, and criminal cases.

Mr. Miller served as the Senate-confirmed Inspector General for the General Services Administration for nearly a decade, where he led more than 300 auditors, special agents, attorneys, and support staff in conducting nationwide audits and investigations. As Inspector General, Mr. Miller reported on fraud, waste, and abuse, most notably with respect to excesses at a GSA conference in Las Vegas.

Mr. Miller also served in high-level positions within the Department of Justice, including as Senior Counsel to the Deputy Attorney General and as Special Counsel on Healthcare Fraud. He also served as an Assistant United States Attorney in the Eastern District of Virginia, where he handled civil fraud, False Claims Act, criminal, and appellate cases.

Mr. Miller received his bachelor’s degree from Temple University, his juris doctorate from the University of Texas, and his Master of Arts from Westminster Theological Seminary.

To be fair, unlike Abend, Miller is absolutely qualified for the SIGPR position (which means he’ll be harder to block in the Senate). But by picking someone who has already demonstrated his willingness to put loyalty ahead of the Constitution, Trump has provided Mnuchin one more assurance that he can loot the bailout with almost no oversight.

DOJ Still Claiming Its Kid Glove Oversight of Prosecutors Is Adequate

During the uproar over Jim Comey’s role in the Hillary email investigation, a lot of commentators figured it’d all come out in an Inspector General report. But as I noted, DOJ exempts its lawyers from normal kind of oversight, subjecting them instead to Office of Professional Responsibility investigations without statutory independence. The problem has been debated at least since 2007, but Congress squelched efforts to change it in 2008. That, helped by the interference of the now-deceased David Margolis, was how John Yoo got off after writing shoddy memos authorizing torture.

Last month, DOJ’s IG released its yearly review of top management challenges. And, as Michael Horowitz’s predecessor Glenn Fine had done before him, he made a bid for being able to review the conduct of DOJ’s lawyers. The report argues that the oversight for lawyers should be the same as it is for agents.

The OIG, however, does not have authority to investigate allegations of misconduct against Department attorneys when the allegations are related to their work as lawyers. Those allegations fall under the exclusive jurisdiction of the Department’s Office of Professional Responsibility. The OIG has long believed that there is no principled basis for this continued limitation on our jurisdiction, and no reason to treat the investigation of misconduct by prosecutors differently than misconduct by agents. Under the current system, misconduct allegations against agents are handled by a statutorily independent OIG, while misconduct allegations against prosecutors are handled by a Department component that lacks statutory independence and whose leadership is both appointed by and removable by the Department’s leadership.

As Horowitz has done with IG statutory independence with respect to accessing evidence, the report focuses on bills to address the problem.

Bipartisan bills pending in both the U.S. House of Representatives and the U.S. Senate would remove this limitation on the OIG’s jurisdiction. The legislation, as now proposed, would allow the OIG to investigate these important matters, where appropriate, with the independence and transparency that is the touchstone of all of the OIG’s work, thereby providing the public with confidence regarding the handling of these matters. The Department’s attorneys should be held to the same standards of oversight as other Department components, and the OIG should have oversight over all Department employees, just like every other OIG.

Most interesting, however, is the way that DOJ claimed this long-established problem doesn’t exist. Unbelievably, “the Department” claimed that OPR has the same independence as OIG.

In response to a draft of this report, the Department questioned our position that the OIG should have the same authority as every other federal Inspector General to review allegations of misconduct by Department attorneys in connection with their work as lawyers. Among other things, the Department took issue with our description of OPR’s relative lack of independence as compared to the OIG by asserting that (1) OPR’s Counsel “remains unchanged with successive Attorneys General and presidential administrations,” (2) the OIG has not “criticized OPR’s work, the thoroughness of its investigations, or the soundness of its findings,” and (3) the OIG has not “identified a single OPR investigation that failed to appropriately hold accountable . . . Department attorneys.”

The report calls bullshit on the claim that the department hasn’t replaced OPR officials, noting that Holder did replace OPR Counsel Marshall Jarret in 2009 in the midst of the Ted Stevens scandal (Jarret was also backing off promises he would make the results of the Yoo investigation with Congress).

On the first point, the same could be said of supervisory attorneys throughout the Department and, in fact, contrary to the Department’s claim with regard to OPR, in April 2009, less than 4 months after the last change in presidential administrations, the new Attorney General replaced the OPR Counsel without any public explanation.

Holder actually replaced the OPR Counsel one more time, in 2011.

The report goes on to note that we can’t assess OPR’s work because, unlike most IG Reports, it is not public.

On the second and third points, neither the OIG nor the public are in a position to fully assess the thoroughness and soundness of OPR’s work precisely because OPR does not disclose sufficient information to allow for such an assessment.

The report then lists off a bunch of people — including the judge in the Ted Stevens case, Emmet Sullivan — who have complained about OPR’s work.

However, federal judges, the American Bar Association, and the Project on Government Oversight (POGO) have all questioned the level of independence, transparency, and accountability of OPR. See, e.g., Order by Hon. Emmet G. Sullivan Appointing Henry F. Schuelke Special Counsel in United States v. Stevens, No. 08-cr-231 (Apr. 7, 2009), p. 46. (“the events and allegations in this case are too serious and too numerous to be left to an internal investigation that has no outside accountability”) ; “Criminal Law 2.0,” by Hon. Alex Kozinski, 44 Geo. L.J. Ann. Rev. Crim. Proc. iii (2015); ABA Recommendation urging the Department of Justice to release “as much information regarding individual investigations as possible,” Aug. 9-10, 2010, available here; “Hundreds of Justice Department Attorneys Violated Professional Rules, Laws, or Ethical Standards: Administration Won’t Name Offending Prosecutors,” Report by POGO, March 13, 2014, available here.

The report ends with a reassertion that the Inspector General Act requires far more of inspectors general than OPR provides.

Moreover, whatever the soundness of OPR’s work, the Department’s efforts to equate OPR’s independence and transparency with that of the OIG flies directly in the face of the Inspector General Act, which fundamentally exists to create entities with an enhanced degree of independence and transparency so that they can credibly conduct investigations and reviews where there would be an expectation that more independent and transparent oversight is required. That is the very reason why Attorney General Ashcroft expanded the OIG’s jurisdiction in 2001 to include the FBI and the DEA, and there simply is no reason why Department attorneys continue to be protected from the possibility that their conduct may warrant independent review by the OIG in appropriate cases.

Frankly, there is evidence that OPR’s investigation has been inadequate, starting with both the Yoo and the Stevens investigations.

But there have also been a slew of cases of prosecutors withholding evidence from defendants, cases that ought to merit some real review (to say nothing of the Clinton email case). For example, just this week, Ross Ulbricht’s lawyers revealed they had discovered evidence of a third corrupt agent, the evidence of which had been withheld from the defense team.

There’s no hint of why Horowitz is making this point now. But there sure are a number of cases that might elicit actual independent review.

FBI’s Open NSL Requests

DOJ’s Inspector General just released a report of all the recommendations it made prior to September 15, 2015 that are not yet closed. As it explained in the release, the IG compiled the report in response to a congressional request, but they’ve posted (and will continue to post, every 6 months) the report for our benefit as well.

Specifically, we have posted a report listing all recommendations from OIG audits, evaluations, and reviews that we had not closed as of September 30, 2015.  As you will see, most of the recommendations show a status of “resolved,” which indicates that the Department of Justice has agreed with our recommendation, but we have not yet concluded that they have fully implemented it.

As that release made clear, most of the recommendations that have not yet been closed are not open, but resolved, which means DOJ has agreed with the IG’s recommendation but has not fully implemented a fix for that recommendation.

Which leaves the “open” recommendations, which might include recommendations DOJ hasn’t agreed to address or hasn’t told the IG how they’ll address. There are 20 open recommendations in the report, most of which date to 2014. That’s largely because every single one of the 10 recommendations made in the 2014 report on National Security Letters remains open. Here are some of my posts on that report (one, two, three, four, five), but the recommendations pertain to not ingesting out-of-scope information, counting the NSL’s accurately, and maintaining paperwork so as to be able to track NSLs. [Update: as the update below notes, the FBI response to the released report claimed it was responding, in whole or in part, to all 10 recommendations, which means the “open” category here means that FBI has not had time to go back and certify that FBI has done what it said.]

Three of the other still-open recommendations pertain to hiring; they pertain to nepotism, applicants for the civil rights division wanting to enforce civil rights laws (!), and the use of political tests for positions hiring career attorneys (this was the Monica Goodling report). Another still open recommendation suggests DOJ should document why US Attorneys book hotels that are outside cost limits (this pertains, ironically, to Chris Christie’s travel while US Attorney).

The remaining 2 recommendations, both of which date to 2010, are of particular interest.

1/19/2010: A Review of the Federal Bureau of Investigation’s Use of Exigent Letters and Other Informal Requests for Telephone Records

The OIG recommends that the FBI should issue guidance specifically directing FBI personnel that they may not use the practices known as hot number [classified and redacted] to obtain calling activity information from electronic communications service providers.

The first pertains to the IG Report on exigent letters. The report described (starting on PDF 94) how FBI contracted with two providers for “hot number” services that would let them alert the FBI when certain numbers were being used. FBI first contracted for the service with MCI or Verizon, not AT&T (as happened with most tech novelties in this program). The newly released version of the report make it clear that redactions are redacted for b1 (classification), b4 (trade secrets), b7A (enforcement proceedings), and b7E (law enforcement technique). At one point, then General Counsel now lifetime appointed judge Valerie Caproni said the practice did not require Pen Registers.

I find this practice — and FBI’s longstanding unwillingness to forswear it — interesting for two reasons. First, most references to the practice follow “hot number” by a short redaction.

Screen Shot 2016-01-21 at 2.02.30 PM

That suggests “hot number” may just be a partial name. Given that this section makes it clear this was often used with fugitives — just as Stingrays are often most often used — I wonder whether this involved “number” and “site.” That’s especially true since Company C (again, MCI or Verizon) also tracked whether calls were being made from a particular area code or [redacted], suggesting some location tracking function.

I’m also interested in this because “hot numbers” tracks the unauthorized “alert” function the NSA was using with the phone dragnet up until 2009. As you recall, NSA analysts would get an alert if any of thousands of phone numbers got used in a given day, none of which it counted as a contact-chaining session.

In other words, this practice might be related to one or both of these things. And 6 years later, the FBI doesn’t want to forswear the practice.

9/20/2010, A Review of the FBI’s Investigations of Certain Domestic Advocacy Groups

The OIG recommends that the FBI seek to ensure that it is able to identify and document the source of facts provided to Congress through testimony and correspondence, and to the public.

This report (see one of my posts on it) reviewed why the FBI had investigated a bunch of peace and other advocacy groups as international terrorist groups dating back to 2004. ACLU had FOIAed some documents on investigations into Pittsburgh’s peace community. In response, Patrick Leahy started asking for answers, which led to obvious obfuscation from the FBI. And as I noted, even the normally respectable Glenn Fine produced a report that was obviously scoped not to find what it was looking for.

Nevertheless, a key part of the report pertained to FBI’s inability (or unwillingess) to respond to Leahy’s inquiries about what had started this investigation or to explain where the sources of information for their responses came from. (See PDF 56) The FBI, to this day, has apparently refused to agree to commit to be able to document where the information it responds to Congress comes from.

I will have more to say on this now, but I believe this is tantamount to retaining the ability to parallel construct answers for Congress. I’m quite confident that’s what happened here, and it seems that FBI has spent 6 years refusing to give up the ability to do that.

Update:

I didn’t read it when I originally reported in the NSL IG report, but it, like most IG reports, has a response from FBI, which in this case is quite detailed. The FBI claims that it had fulfilled most recommendations well before the report was released.

The response to the open exigent letter recommendation is at PDF 224. It’s not very compelling; it only promised to consider issuing a statement to say “hot number [redacted]” was prohibited.

The response to the 2014 report recommendations start on PDF 226. Of those, the FBI didn’t say they agreed with one part of one recommendations:

  • That the NSL subsystem generate reminders if an agent hasn’t verified return data for manual NSLs (which are sensitive)

In addition, with respect to the data requested with NSLs, FBI has taken out expansive language from manual models for NSLs (this includes an attachment the other discussion of which is redacted), but had not yet from the automated system.

FBI’s 5-Year Effort to Avoid Inspector General Scrutiny of Its Phone Dragnet Use

Screen Shot 2015-08-05 at 1.15.53 PMAs part of today’s Senate Judiciary Hearing on DOJ OLC’s decision to make DOJ’s Inspector General ask nicely before it gets certain kinds of materials it needs to conduct its work, John Cornyn asked what changed in 2010 to make the FBI start pushing back against sharing information freely with the IG.

Inspector General Michael Horowitz responded,

I was not the Inspector General at that time, but my understanding is that the memos and decisions from the legal counsel at the FBI followed several OIG reviews of the handling of National Security Letters, Exigent Letters, and other hard-hitting OIG reviews, because there was no other change in the law, no policy change, no regulatory change…

Horowitz is suggesting that because Horowitz’ predecessor, Glenn Fine, released reports that showed FBI abuse of national security programs, FBI started pushing back against sharing information. The claim is particularly interesting given that the Exigent Letters report, which was released in January 2010, significantly implicated FBI’s General Counsel’s office, including then General Counsel and now lifetime appointed judge (with Cornyn’s backing) Valerie Caproni.

The suggestion is also interesting given that Fine resigned in 2010 after starting an investigation into the use ofSection 215 and PRTT. It took years before DOJ had a working Inspector General again, resulting in a long delay before Congress got another report on how the government was using the phone dragnet.

All of which is all the more troubling, given that Horowitz revealed that,

Just yesterday, I’m told, in our review of the FBI’s use of the bulk telephony statute, a review that this committee has very much been interested in our doing, we got records with redactions, not for grand jury, Title III, or fair credit information, because those have been dealt with, but for other areas that the FBI has identified legal concerns about.

This is particularly troubling given that just weeks ago the USA Freedom Act mandated certain IG reviews of phone dragnet activities.

But the FBI is still obstructing such efforts.

Did FBI Stall an IG Review of Innocent Americans Sucked Up in the Dragnet?

I mentioned earlier that the FBI withheld information on the Bureau’s use of phone dragnet tippers from DOJ’s Inspector General long enough to make any review unusable for Congress’ consideration before it passed USA F-ReDux.

That’s important because of this passage from the Stellar Wind IG Report.

Another consequence of the Stellar Wind program and the FBI’s approach to assigning leads was that many threat assessments were conducted on individuals located in the United States, including U.S. persons, who were determined not to have any nexus to terrorism or represent a threat to national security.402 These assessments also caused the FBI to collect and retain a significant amount of personal identification about the users of tipped telephone numbers and e-mail addresses. In addition to an individual’s name and home address, such information could include where the person worked, records of foreign travel, and the identity of family members. The results of these threat assessments and the information that was collected generally were reported in communications to FBI Headquarters and uploaded into FBI databases.

The FBI’s collection of U.S. person information in this manner is ongoing under the NSA’s FISA-authorized bulk metadata collection. To the extent leads derived from this program generate results similar to those under Stellar Wind, the FBI will continue to collect and retain a significant amount of information about individuals in the United States, including U.S. persons, that do not have a nexus to terrorism or represent a threat to national security.

We recommend that as part of the [redacted] project, the Justice Department’s National Security Division (NSD), working with the FBI, should collect addresses disseminated to FBI field offices that are assigned as Action leads and that require offices to conduct threat assessments. The information compiled should include whether individuals identified in threat assessments are U.S. or non-U.S. persons and whether the threat assessments led to the opening of preliminary or full national security investigations. With respect to threat assessments that conclude that users of tipped telephone numbers or e-mail addresses are not involved in terrorism and are not threats to national security, the Justice Department should take steps to track the quantity and nature of U.S. person information collected and how the FBI retains and utilizes this information. This will enable the Justice Department and entities with oversight responsibilities, including the OIG and congressional committees, to assess the impact this intelligence program has on the privacy interests of U.S. persons and to consider whether, and for how long, such information should be retained. (PDF 666-7/329-330)

After a preceding section talking about how many of the tippers to FBI — which, after all, may be two hops away from someone of interest — weren’t all that useful, DOJ’s IG (the current IG, Michael Horowitz’s predecessor, Glenn Fine) noted how many Americans with no nexus to terrorism nevertheless have their names, home addresses, workplace, travel records, and family members’ identities collected and stored in an FBI database, potentially for decades. And, we now know, those assessments would include a search for any previously-collected content, which the FBI could read without a warrant.

Fine recommended that FBI begin to track what happens with the Americans sucked up in PATRIOT-authorized dragnets.

But we can be virtually certain FBI chose not to heed that recommendation, because it hasn’t heeded similar recommendations with NSLs, and because FBI refuses to track any of their other FISA-related activities.

And Horowitz has been very disciplined in following up on previous IG recommendations in reports that follow up on like topics, so that is likely one of the things he planned to investigate with his focus on the “receiving, processing, and disseminating [of] leads” from the phone dragnet.

The review will examine the FBI’s procedures for receiving, processing, and disseminating leads the NSA develops from the metadata, as well as any changes that have been made to these procedures over time. The review will also examine how FBI field offices respond to leads and the scope and type of information field offices collect as a result of any investigative activity that is initiated. In addition, the review will examine the role the leads have had in FBI counterterrorism efforts

Frankly, because NSA had to curtail so much of what they were doing with the phone dragnet in 2009, there should be fewer Americans sucked up in the dragnet now then there was when Fine did his Stellar Wind review in 2008-09. Though if FBI continued to require an assessment of every new identifier, it would still result in a lot of innocent Americans having their lives unpacked and stored for 30 years by the FBI.

But those numbers will likely be higher — potentially significantly higher — under USA F-ReDux, because any given query will draw off of more kinds of information. More importantly, FBI is exempted from counting the queries it does on any database of call detail records obtained under the new CDR function.

(C) the number of search terms that included information concerning a United States person that were used to query any database of call detail records obtained through the use of such orders;

[snip]

(A) FEDERAL BUREAU OF INVESTIGATION.—Paragraphs (2)(A), (2)(B), and (5)(C) of subsection (b) shall not apply to information or records held by, or queries conducted by, the Federal Bureau of Investigation.

This strongly suggests the data will come in through the FBI, be treated under FBI’s far more permissive (than NSA’s) minimization procedures, and searched regularly. Which likely means the privacy implications of innocent Americans sucked up into the dragnet will be far worse. And all that’s before any of the analysis NSA will do on these query results.

There was no public consideration of the privacy impact of the innocent Americans sucked in under the CDR function during the USA F-ReDux debate (though I wrote about it repeatedly).

But if DOJ’s IG intended to include past recommendations in its review of what FBI does with the phone dragnet data — which would be utterly consistent with past practice — that’s one of the things this review, the review FBI stalled beyond the point when it could be useful, would have focused on.

 

DOJ IG Report Confirms Government Flouted Statutory Requirements of Section 215 for 7 Years

For over a year, Congress has been working on a “reform” to Section 215 that it claims will rein in abusive government spying.

Also for about a year, DOJ’s Inspector General has been trying to release a Report on Section 215 use up to 2009. That investigation first began 1,800 days ago.

DOJ has finally managed to release the report.

It confirms a number of things I have been reporting for years: that the government uses the provision to collect records that have nothing to do with phone records in bulk, the majority of which are now Internet records, definitely including URLs and probably including subject lines.

But the takeaway report is something else I’ve been reporting on for some time.

The government completely blew off a requirement imposed with the 2006 PATRIOT Act Reauthorization that the FBI (which is the only agency that’s supposed to use Section 215) adopt minimization procedures specifically for Section 215. Even after FBI missed its September 2006 deadline by claiming it had Interim Procedures, FISC kept approving Section 215 orders, even including paragraphs that appear in every phone dragnet order claiming the government has met that statutory requirement. A year after DOJ’s Inspector General pointed out FBI was violating the statute, FISC started imposing its own minimization procedures and reporting requirements (though not — as a court operating with more transparency might have done — denying orders). Finally, in March 2013, DOJ adopted minimization procedures (though it did not start actually complying with them until more than four months after Edward Snowden’s leaks focused more attention on bulk 215 orders).

In other words, Congress imposed a mandate designed to protect innocent Americans’ privacy in 2006. And DOJ blew that statutory mandate off for years. And FISC let it do so for years, approving order after order requiring FBI to have fulfilled that mandate. And only after 7 years (and some unexpected transparency) did DOJ start following the law.

These are the people Congress is rushing headlong to provide new authorities (including an Emergency provision that is designed to invite abuse): government agencies who simply refuse to follow Congressional mandates.

The Loss of PRTT Minimization Review in USA F-ReDux

As I noted earlier, the House Judiciary Committee just released a new version of USA Freedom Act, which I’ve dubbed USA F-ReDux. I’ll have a lot more to say about it, but I want to make two minor point about things that got taken out of Leahy’s bill from last year.

Section 215 Minimization

215 tracker

First, last year’s bill had minimization procedures tied to bulky Section 215 collection effectively requiring the government to destroy the data that had not been determined to be two hops from a target within a period of time.

(C) for orders in which the specific selection term does not specifically identify an individual, account, or personal device, procedures that prohibit the dissemination, and require the destruction within a reasonable time period (which time period shall be specified in the order), of any tangible thing or information therein that has not been determined to relate to a person who is—

(i) a subject of an authorized investigation;

(ii) a foreign power or a suspected agent of a foreign power;

(iii) reasonably likely to have information about the activities of—

(I) a subject of an authorized 21 investigation; or

(II) a suspected agent of a foreign power who is associated with a subject of an authorized investigation;

(iv) in contact with or known to—

(I) a subject of an authorized investigation; or

(II) a suspected agent of a foreign power who is associated with a subject of an authorized investigation,

Those minimization procedures resemble what we’ve seen from the minimization procedures FISC imposed on the phone dragnet, which probably means they also resemble what FISC was imposing in other cases. In the previous year (2013), FISC had imposed minimization procedures on almost 80% of all orders.

In other words, the clause basically required the government to do what the FISC was probably already forcing it to do in the majority of orders (which, in any case, permitted the government to keep, indefinitely, the records associated with people two hops out of someone whom the government had a traffic stop suspicion had ties to terror or spying).

Last year, however, the FISC modified fewer than 3% of orders, and at least one of those was probably a phone dragnet one. Perhaps the change means the government finally started complying with the requirement laid out in 2006 that it adopt minimization procedures (the impending Section 215 IG Report likely created an incentive to do that, as following the law on minimization was one of the recommendations Glenn Fine had made in 2008, so Michael Horowitz surely followed up on that recommendation; plus, the generally law-abiding James Baker assumed FBI’s General Counsel role in this period). Perhaps it means the government stopped making bulky collections (though that is unlikely). But for some reason, the number of orders on which the FISC imposed minimization procedures and a report back fell off a cliff.

And now the requirement that the government adopt minimization procedures for bulky collection is gone from the bill.

I might be alarmed by that, but this year’s bill does add a Rule of Construction clarifying that the FISA Court can impose additional minimization procedures on top of what the bill requires the government to adopt for Section 215. So it may be that if the FBI returns to its recidivist ways on minimization procedures, we’ll see the number of modified orders spike again.

PRTT “Privacy Procedures”

I’m more concerned about what happened on the Pen Register side.

Last year, the PRTT section added new “privacy” (not “minimization”) procedures.

IN GENERAL.—The Attorney General shall ensure that appropriate policies and procedures are in place to safeguard nonpublicly available information concerning United States persons that is collected through the use of a pen register or trap and trace device installed under this section. Such policies and procedures shall, to the maximum extent practicable and consistent with the need to protect national security, include privacy protections that apply to the collection, retention, and use of information concerning United States persons.

Compare how squishy those privacy procedures are to the required Section 215 minimization procedures FBI blew off for years.

A) specific procedures that are reasonably designed in light of the purpose and technique of an order for the production of tangible things, to minimize the retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information;

(B) procedures that require that nonpublicly available information, which is not foreign intelligence information, as defined in section 1801 (e)(1) of this title, shall not be disseminated in a manner that identifies any United States person, without such person’s consent, unless such person’s identity is necessary to understand foreign intelligence information or assess its importance; and

Rather than requiring the procedures minimize the retention and dissemination, the bill required only that privacy protections be applied. And there was no requirement limiting dissemination of non-foreign intelligence data.

But at least there were privacy procedures, right? Baby steps?

Last year’s bill had, and this year’s bill retains, a Rule of Construction (like that added to Section 215) that notes nothing limits FISC’s power to impose additional minimization procedures.

(2) RULE OF CONSTRUCTION.—Nothing in this subsection limits the authority of the court established under section 103(a) or of the Attorney General to impose additional privacy or minimization procedures with regard to the installation or use of a pen register or trap and trace device.

Which is all well and good, but FISC’s authority to do so with PRTT has no statutory basis, unlike Section 215. And during both the 2004 initial application for the Internet dragnet and John Bates’ 2010 reauthorization of it, the government made some fairly aggressive claims about FISC’s impotence to do anything but rubber stamp applications. So this Rule of Construction may not have the same weight as that in Section 215.

Which is why I worry that this section was removed from the bill.

(3) COMPLIANCE ASSESSMENT.—At or before the end of the period of time for which the installation and use of a pen register or trap and trace device is approved under an order or an extension under this section, the judge may assess compliance with the privacy procedures required by this subsection by reviewing the circumstances under which information concerning United States persons was collected, retained, or disseminated.

As the documents on the phone dragnet violations showed, unless FISC has and exercises the authority to ensure compliance with minimization procedures, the government will cheat (or, more charitably, not find systematic years-long violations staring them in the face). FISC seemed to recognize this when it imposed compliance reports on its minimization of Section 215 orders in recent years. But it won’t have statutory authority to review assessment with these already-squishy “privacy procedures.”

Read more

Alberto Gonzales: The Counsel Represented by Counsel and Babysat by Cheney’s Counsel

Footnote 147 of the DOJ IG Report on Stellar Wind (PDF 462-3) modifies a discussion of the discussions on March 6 and 7, 2004 in which Jack Goldsmith and Patrick Philbin informed David Addington and Alberto Gonzales that they could not reauthorize Stellar Wind — in spite of applying a relaxed standard of review — because the White House wanted them to affirm that John Yoo’s November 2, 2001 memo had covered the program, yet Yoo’s memo had not included all aspects of it (this likely pertains to the collection of Internet metadata from telecom switches, though it may also pertain to the collection on Iraqi targets).

After reporting Gonzales’ claimed reaction to the meetings at which DOJ’s lawyers told the White House the program was illegal, the report notes that Gonzales was lawyered up at his IG interview, but later provided further elaboration in writing.

Later on March 6, Goldsmith and Philbin went to the White House to meet with Addington and Gonzales to convey their conclusions that the [2 lines redacted] According to Goldsmith’s chronology of these events, Addington and Gonzales “reacted calmly and said they would get back with us.” Goldsmith told us that the White House was not worried that it was “out there,” meaning that it was implementing a program without legal support.

On Sunday afternoon, March 7, 2004, Goldsmith and Philbin met again with Addington and Gonzales at the White House. According to Goldsmith, the White House officials informed Goldsmith and Philbin that they disagreed with Goldsmith and Philbin’s interpretation of Yoo’s memoranda and on the need to change the scope of the NSA’s collection. Gonzales told us that he recalled the meetings of March 6 and March 7, 2004, but did not recall the specifics of the discussions. He said he remembered that the overall tenor of the meetings with Goldsmith was one of trying to “find a way forward.”147

147 As noted above, Gonzales was represented by counsel during his interview with the OIG. Also present during the interview because of the issue of executive privilege was a Special Counsel to the President, Emmitt Flood. We asked Gonzales whether the President had been informed by this point in time of the OLC position regarding the lack of legal support for the program and [redacted]. Flood objected to the question on relevancy grounds and advised Gonzales not to answer, and Gonzales did not provide us an answer. However, when Gonzales commented on a draft of the report, he stated that he would not have brought Goldsmith and Philbin’s “concerns” to the attention of the President because there would have been nothing for the President to act upon at this point. Gonzales stated that this was especially true given that Ashcroft continued to certify the program as to legality during this period. Gonzales stated he generally would only bring matters to the President’s attention if the President could make a decision about them.

Remember the situation Gonzales would have been in. The interview (and probably, though not certainly, the review of the draft) would have taken place in fall to winter 2008, when Bush was still in office.

Thus, the interview would have happened during the period or just after DOJ IG conducted an investigation into what amounted to a CYA file Gonzales had carried around in his briefcase — documents and draft documents relating to all the illegal programs in which he had been involved, including his notes pertaining to the hospital confrontation over Stellar Wind. There’s reason to believe he was referred for that investigation precisely because it was recognized as a CYA file and he was no longer regarded as loyal on surveillance issues.

In addition, at the time, too, DOJ was still considering whether to file charges against Gonzales for the US Attorney scandal. So it makes sense that Gonzales’ retained lawyer, George Terwilliger, was there (and it is somewhat surprising that, given that John Ashcroft got away without cooperating, Terwilliger let him cooperate).

But then there is Emmet Flood.

Both before and after his tenure in the White House Counsel’s office — where he was brought in to deal with the scandals of the late Bush Administration — Flood was (and remains) a partner at Williams & Connolly. And not just a partner. He was formally part of Dick Cheney’s defense team when Patrick Fitzgerald was honing in on the Vice President for leaking Valerie Plame’s identity, and Flood would remain involved in protecting Cheney even after moved onto the taxpayer dime.

Emmet Flood may have been there in the name of protecting Executive Privilege, but it was not Bush’s privilege Flood was protecting.

So we learn that on March 6, 2004, Goldsmith and Philbin tell Gonzales and Addington that parts of Stellar Wind have never been legal. On March 7, 2004, Gonzales and Addington come back and tell OLC’s lawyers they’re wrong.

And when DOJ’s IG asked Gonzales whether — in the interim day — he had informed the President about this, Cheney’s defense lawyer pipes up and tells him not to answer. Given that Bush apparently learned new details of all this 4 days later when Comey and Robert Mueller would tell him directly, the answer is no (which is consistent with what Gonzales said when Cheney’s lawyer wasn’t present).

Which leaves the logical and thoroughly unsurprising conclusion — but one Cheney’s taxpayer funded lawyer didn’t want included in a legal document — Cheney (who is not a lawyer, nor does he have Article II authority directly) is the one who told Gonzales and Addington to dig in.

Update: Flood also had Gonzales refuse to answer a question about whether anyone had thought to include DOJ in the meeting with Congress.

Does the FBI STILL Have an Identity Crisis?

I’ve finished up my working threads on the NSA, CIA, and FBI Section 702 minimization procedures. And they suggest that FBI has an identity crisis. Or rather, an inability to describe what it means by “identification of a US person” in unclassified form.

Both the NSA and CIA minimization procedures have some form of this definitional paragraph (this one is NSA’s):

Identification of a United States person means (1) the name, unique title, or address of a United States person; or (2) other personal identifiers of a United States person when appearing in the context of activities conducted by that person or activities conducted by others that are related to that person. A reference to a product by brand name, or manufacturer’s name or the use of a name in a descriptive sense, e.g., “Monroe Doctrine,” is not an identification of a United States person.

Even though the FBI minimization procedures have a (briefer than NSA and CIA’s) definitional section and gets into when someone counts as US person from a geographical standpoint, it doesn’t have the equivalent paragraph on what they consider US person identifying information, which is central to minimization procedures.

Now, I might assume that this is just an oversight, something FBI forgot to incorporate as it was writing its own 702 minimization procedures incorporating what NSA has done.

Except that we know the FBI has suffered from this same kind of identity crisis in the past, in an analogous situation. As Glenn Fine described in the 2008 Inspector General Report on Section 215 (the one the successor for which has been stalled for declassification review for over 6 months), the FBI never got around to (and almost certainly still hasn’t gotten around to, except under modifications from the FISA Court) complying with Section 215’s requirement that it adopt minimization procedures specific to Section 215.

One holdup was disagreement over what constituted US person identifying information.

Unresolved issues included the time period for retention of information, definitional issues of “U.S. person identifying information,” and whether to include procedures for addressing material received in response to, but beyond the scope of, the FISA Court order; uploading information into FBI databases; and handling large or sensitive data collections.

(Note, there’s very good reason to believe FBI is still having all these problems, not least because several of them showed up in Michael Horowitz’ NSL IG Report last year.)

One problem Fine pointed out is that the AG Guidelines adopted in lieu of real minimization procedures don’t provide any guidance on when US identifying information is necessary to share.

When we asked how an agent would determine, for example, whether the disclosure of U.S. person identifying information is necessary to understand foreign intelligence or assess its importance, the FBI General Counsel stated that the determination must be made on a case-by-case basis.

While NSA’s 702 SMPs do lay out cases when FBI can and cannot share US person identifying information (those are, in some ways, less permissive than CIA’s sharing guidelines, if you ignore the entire criminal application and FBI’s passive voice when it comes to handling “sensitive” collections), if the guidelines for what counts as PII are not clear — or if they’re expansive enough to exempt (for example) Internet handles such as “emptywheel” that would clearly count as PII under NSA and CIA’s SMPs, then it would mean far more information on Americans can be shared in unminimized form.

And remember, FBI’s sharing rules are already far more lenient than NSA’s, especially with regards to sharing with state, local, and other law enforcement partners.

Call me crazy. But given the FBI’s past problems defining precisely this thing, I suspect they’re still refusing to do so.

The FBI PRTT Documents: Combined Orders

As I noted the other day, I’m working through documents submitted in EPIC’s FOIA for PRTT documents (see all of EPIC’s documents on this case here).

In addition to the documents released (the reports to Congress, the extensive reporting on the Internet dragnet), the government submitted descriptions of what appear to be two (possibly three) sets of documents withheld: documents pertaining to orders combining a PRTT and Section 215 order, and documents pertaining to a secret technique, which we’ll call the Paragraph 31 technique. In this post I’ll examine the “combined order” documents.

The Vaughn Index for this FOIA made it clear that a number of the documents Withheld in Full (WIF) pertained to orders combing the Pen Register and Section 215 (Business Record) authorities, as does this list from David Hardy’s second declaration.

Screen Shot 2014-11-30 at 11.46.30 AM

Footnotes 3, 4, and 5 all note that these documents have already been successfully withheld in the EFF’s FOIA for Section 215 documents, and by comparing the page numbers in that Vaughn Index in that case, we can guess with some confidence that these orders are the following documents and dates:

  • Document 16 is EFF 89D, dated  2/17/2006, 17 pages
  • Document 17 is EFF 89K,  dated 2/24/2006, 8 pages

As I’ll show, this correlates with what we can glean from the DOJ IG Reports on Section 215.

I’m less certain about Document 12. Both the EFF and ACLU Vaughn Indices show a 10/31/06 document (it is 82C in the EFF Vaughn) that is the correct length, 4 pages, that is linked with another 10/31/06 document (see 82B and 84, for example). For a variety of reasons, however, I think we can’t rule out Document 89S which appears only in the EFF FOIA (but not the ACLU FOIA), which is dated December 16, 2005 (intriguingly, the day after NYT exposed Stellar Wind), in which case the withheld portion might be the relevant 4 pages of a longer 16 page order.

Read more