Posts

The FBI PRTT Documents: The Paragraph 31 PCTDD Technique

I’ve been working my way through a series of documents in EPIC’s FOIA for FISA PRTT documentsThis is the last of a series of posts where I unpack the Internet dragnet documents. This post tracks what the reports to Congress reveal (largely about the language the government used to hide programs). And this post shows that the government probably used combined PRTT and Section 215 orders to get real-time cell location. The last chunk of documents withheld pertain to what I’ll call “the Paragraph 31” technique, after the entirely redacted paragraph in the first David Hardy declaration describing it. The technique is some application of what gets treated as Post Cut-Through Dialed Digits (PCTDD), those digits a person enters after being connected to a phone number, which might include phone tree responses, credit card information, or password information.

The PCTDD DIOG section withheld

We know Paragraph 31 pertains to PCTDD because one of the documents withheld — described as document 1 in the first Hardy declaration — is a section of the Domestic Investigations and Operations Guide that pertains to PCTDD.

The first document is comprised of pages 186-189 of the DIOG. The DIOG is a manual used by FBI Special Agents in conducting and carrying out investigations. This particular excerpt of the DIOG provides a step-by-step guide in assisting Special Agents in determining whether to utilize a specific method in collecting information such as (1) when to use the method and technique; (2) factors to consider when making this determination; (3) how to go about using the specific method and technique; and (4) the type of information that can be gleaned from it

The paragraph cites paragraph 31, so we know it’s the same method. As reflected by the Vaughn Index, the pages in question appear to be from the 2008 DIOG, not the 2011 one. The pagination of the two documents reinforces that. There’s no way to work the pagination of the 2011 DIOG to land in the PRTT section, whereas those page numbers do point to the PRTT section in the 2008 DIOG. The section in question starts at PDF 79. The key unredacted part reads,

The definition of both a pen register device and a trap and trace device provides that the information collected by these devices “shall not include the contents of any communication.” See 18 U.S.C. § 3127(3) and (4). In addition, 18 U.S.C. § 3121(c) makes explicit the requirement to “use technology reasonably available” that restricts the collection of information “so as not to include the contents of any wire or electronic communications.” “Content” includes any information concerning the substance, purport, or meaning of a communication. See 18 U.S.C. §2510(8). When the pen register definition is read in conjunction with the limitation provision, however, it suggests that although a PR/TT device may not be used for the express purpose of collecting content, the incidental collection of content may occur despite the use of “reasonably available” technology to minimize, to the extent feasible, any possible over collection while still allowing the device to collect all of the dialing and signaling information authorized.

In addition to this statutory obligation, DOJ has issued a directive in [redacted half line in 2011 DIOG] to all DOJ agencies requiring that no affirmative investigative use may be made of PCTDD incidentally collected that constitutes content, except in cases of emergency–to prevent an immediate danger of death, serious physical injury, or harm to the national security.

The criminal context of FBI’s PCTDD FISA usage

As with the “hybrid” use of PRTT and toll record orders, the concern about PCTDD may have had some tie to criminal proceedings.

On May 24, 2002, Deputy Attorney General Larry Thompson issued a directive on “avoiding collection and investigative use of content in the operation of Pen Registers.” It explicitly said that FISA was “outside the scope of this Memorandum.”

In 2006 and 2007, the government applied for Pen Registers in EDNY, including PCTDD. The magistrate judge denied the request for PCTDD as content, which led to a process of reconsideration and further briefing, including amicus briefs from EFF and Federal Defenders of NY. [Update: I’ve been reliably informed that Kollar-Kotelly’s request was a response to a MJ Stephen Smith ruling issued in Texas in July 2006.]

During this period, on August 7, 2006, Colleen Kollar-Kotelly ordered briefing in docket PRTT 06-102 on how FBI was fulfilling its obligation, apparently under the 2002 DOJ directive FBI maintained did not apply to FISA, not to affirmatively use PCTDD for any investigative purpose.  PDF 39-40

Judge Kotelly has ordered the FBI to submit a report no later than September 25 (2006). This report must contain:

(1) an explanation of how the FBI is implementing its obligation to make no affirmative investigative use, through pen register authorization, of post-cut-through digits that do not constitute call dialing, routing, addressing or signaling information, except in a rare case in order to prevent an immediate danger of death, serious physical injury or harm to the National Security, addressing in particular: a) whether post-cut-through digits obtained via FISA pen register surveillance are uploaded into TA, Proton, IDW, EDMS, TED, or any other FBI system; and b) if so what procedures are in place to ensure that no affirmative investigative use is made of postcut-through digits that do not constitute call dialing, routing, addressing or signaling information, including whether such procedures mandate that this information be deleted from the relevant system.

(2) an explanation of what procedures are in place to ensure that the Court is notified, as required pursuant to the Courts Order in the above captioned matter, whenever the government decides to make affirmative investigative use of post-cut-through digits that do not constitute call dialing, routing, addressing or signaling information in order to prevent an immediate danger of death, serious physical injury, or harm to the national security.

At the time, at least some of FBI’s lawyers believed that for FISA Pen Registers, FBI retained all the PCTDD. PDF 38

When DSC 3000 is used for a FISA collection, doesn’t the DCS 3000 pass all to the [redacted](DSC 5000) including the PCTDD–in other words for FISAs the DCS3000 does NOT use the default of not recoding [sic] the PCTTD???? [sic]

This report — dated September 25, 2006 — appears to be the report Kollar-Kotelly requested. It implores her not to follow [redacted], which appears to is a reference the EDNY court Texas decision.

That report is followed by this one — which was submitted on November 1, 2006 — which appears to propose new procedures to convince her to permit the FBI to continue to collect and retain PCTDD.

In other words, during the early part of the period when the FBI was bumping up against a criminal standard prohibiting the retention of PCTDD under protection of minimization procedures, Judge Kollar-Kotelly required FBI to prove its existing (and new) minimization procedures to ensure they were strong enough to comport with the law.

The original PCTDD question was still burbling away in EDNY, however, and in November 2008 Judge Nicholas Garaufis mooted the question of PCTDD based on the government’s representation that it would delete the information when it received it.

On June 11, 2008, the Government applied to Judge Orenstein for authorization to install and use a pen register and trap and trace device on two wireless telephones (the “SUBJECT WIRELESS TELEPHONES”). (Gov. Br. at 5.) The Government requested, inter alia, an Order authorizing the recording of post-cut-through dialed digits (“PCTDD”) via pen register. PCTDD are digits dialed from a telephone after a call is connected or “cut through.” In the Matter of Applications, 515 F.Supp.2d 325515F.Supp.2d325, 328 (E.D.N.Y.2007) *204 (“Azrack Opinion”). Because PCTDD sometimes transmit information such as bank account numbers and Social Security numbers which constitutes “contents of communications,” and because the Pen Register Statute defines a pen register as “a device or process which records or decodes dialing … or signaling information… provided, however, that such information shall not include the contents of any communication,” 18 U.S.C. § 3127(3) (emphasis added), Judge Orenstein denied the Government’s request for authorization to record PCTDD. The Government subsequently appealed Judge Orenstein’s denial of its request to this court, asking this court to authorize it to record PCTDD.

On September 23, 2008, in response to the court’s request for clarification of the specifics of its request for pen register data, the Government informed the court that the law enforcement agency involved in the investigation of the SUBJECT WIRELESS TELEPHONES will configure its computers so as to immediately delete all PCTDD received from the provider. (Government’s September 23, 2008 letter to the court.) Therefore, as the pen registers sought by the Government in this application will not “record” or “decode” content within the meaning of the Pen Register Statute, the legal question presented by the Government in its appeal is moot.[3] As the Government is entitled to the information it now seeks, the court directs the Magistrate Judge to issue, if still necessary, an order authorizing the installation of the pen registers on the SUBJECT WIRELESS TELEPHONES that is consistent with the representations in the Government’s letter of September 23, 2008.

Note that Garaufis also embraced the hybrid theory other judges had started rejecting in 2005, which I believe lies behind the BRPR orders.

Behind the scenes, there appear to have been changes to the way the government dealt with PCTDD information under FISA collection. This August 17, 2009 Memo of Law appears to revisit the issue (perhaps in light of the final ruling in EDNY in 2008 and/or as part of the PRTT review of that year). It argues over some of the same Pat Leahy language as the other documents do. It appears to refer to the November 2006 document. It discusses the May 24, 2002 over-collection directive as applying only to the criminal context.

But it also describes some changes implemented in July and December 2008 (it’s possible there are references to revisions to the DIOG in this section).

That’s one reason why several changes between the 2008 and 2011 DIOG are of interest. In addition to the redacted passage on DOJ’s 2002 directive (above) probably affirmatively asserting now that the directive does not apply to FISA, there are two other changes in the Pen Register that are unclassified between the two DIOGs. First, the 2011 one reflects a 2010 change in FISC procedure (see Procedure 15 and Section 18 .6.9.5.1.4), no longer permitting (or requiring) the sequestration of over-collected information at FISC. In addition, the 2011 DIOG appears to show an extra use of PCTDD collection (showing 7 total across subsections A and B, as compared to 6).

What becomes clear reviewing the public records (these reports say this explicitly) is that the 2002 DOJ directive against retaining PCTDD applies to the criminal context, not the FISA context. When judges started challenging FBI’s authority to retain PCTDD that might include content under criminal authorities, FBI fought for and won the authority to continue to treat PCTDD using minimization procedures, not deletion. And even the standard for retention of PCTDD that counts as content permits the affirmative investigative use of incidentally collected PCTDD that constitutes content in cases of “harm to the national security.”

Whateverthefuck that is.

Which is, I guess, how FBI still has 7 uses of PCTDD, including one new one since 2008.

The details on the withheld documents

Which brings us to the remaining documents on Paragraph 31 the FBI is withholding. In addition to the DIOG and a Westlaw print out (which I would guess is the opinion in the criminal case), there are 4 memoranda and one report described in the first Hardy Declaration, as well as a PRBR motion to retain data that I wouldn’t be surprised if FBI used to request the authority to retain, under FISA authority, the materials it said it wouldn’t obtain in the EDNY case (in any case, it requested approval to retain some data collected under a hybrid PRBR order). One of the documents in that bunch includes both electronic surveillance (the collection of content) and the use of a pen register (ostensibly non-content).  The second Hardy declaration includes 9 FISC orders pertaining to the method, along with a District Court order pertaining to it (which might be that 2008 opinion).

Significantly, 4 of those orders are Primary Orders, suggesting multiple Secondary Orders to providers of some sort, and a program of some bulk. And those documents are only the ones that got shared with Congress, so only the ones that reflected some significant decision.

The declarations don’t tell us much about how they’re using this PCTDD information. Here are the most informative passages (some of which show up in both).

The ability to conduct electronic surveillance through the installation and use of pen registers and trap and trace devices has proven to be an indispensable investigative tool and continues to serve as a building block in many of the FBI’s counterterrorism and counterintelligence investigations. The specific type of electronic surveillance has resulted in numerous benefits by providing the FBI valuable substantive information in connection with national security investigations. The information gathered has either confirmed prior investigative information or has contributed to the development of additional investigative information, and has been invaluable in providing investigative leads.

[snip]

[T]he release of such information would reveal actual intelligence activities and methods used by the FBI against specific targets who are the subject of foreign counterintelligence investigations or operations; identify a target of a foreign counterintelligence investigation; or disclose the intelligence gathering capabilities of the activities or methods directed at specific targets.

[snip]

The information protected under this [7(E)] exemption contain details about sensitive law enforcement techniques used by the FBI in gathering valuable intelligence information in current and prospective criminal, counterintelligence, and national security investigations.

What I find most interesting about these declarations, however, is the near total (maybe even total) silence about terrorism. These are used for “national security” and “counterintelligence” investigations, but nothing explicitly described as a counterterrorism investigation.

While I can see some especially useful applications of PCTDD information in the CI context — imagine how valuable it would be to know the voicemail passwords of Chinese targets, for example — I also wonder whether the FBI is using this stuff primarily for cyber targets. Whatever it is, the government has apparently argued for and maintained the authority to retain PCTDD data in the FISA context, with the ability to use actual content in the event of possible harm to national security.

Protect America Act Was Designed to Collect on Americans, But DOJ Hid that from the FISC

The government released a document in the Yahoo dump that makes it clear it intended to reverse target Americans under Protect America Act (and by extension, FISA Amendments Act). That’s the Department of Defense Supplemental Procedures Governing Communications Metadata Analysis.

The document — as released earlier this month and (far more importantly) as submitted belatedly to the FISC in March 2008 — is fairly nondescript. It describes what DOD can do once it has collected metadata (irrespective of where it gets it) and how it defines metadata. It also clarifies that, “contact chaining and other metadata analysis do not qualify as the ‘interception’ or ‘selection’ of communcations, nor to they qualify as ‘us[ing] a selection term’.”

The procedures do not once mention US persons.

There are two things that should have raised suspicions at FISC about this document. First, DOJ did not submit the procedures to FISC in a February 20, 2008 collection of documents they submitted after being ordered to by Judge Walton after he caught them hiding other materials; they did not submit them until March 14, 2008.

The signature lines should have raised even bigger suspicions.

Gates Mukasey

First, there’s the delay between the two dates. Robert Gates, signing as Secretary of Defense, signed the document on October 17, 2007. That’s after at least one of the PAA Certifications underlying the Directives submitted to Yahoo (the government is hiding the date of the second Certification for what I suspect are very interesting reasons), but 6 days after Judge Colleen Kollar-Kotelly submitted questions as part of her assessment of whether the Certifications were adequate. Michael Mukasey, signing as Attorney General, didn’t sign the procedures until January 3, 2008, two weeks before Kollar-Kotelly issued her ruling on the certifications, but long after it started trying to force Yahoo to comply and even after the government submitted its first ex parte submission to Walton. That was also just weeks before the government redid the Certifications (newly involving FBI in the process) underlying PAA on January 29. I’ll come back to the dates, but the important issue is they didn’t even finalize these procedures until they were deep into two legal reviews of PAA and in the process of re-doing their Certifications.

Moreover, Mukasey dawdled two months before he signed them; he started at AG on November 9, 2007.

Then there’s the fact that the title for his signature line was clearly altered, after the fact.

Someone else was supposed to sign these procedures. (Peter Keisler was Acting Attorney General before Mukasey was confirmed, including on October 17, when Gates signed these procedures.) These procedures were supposed to be approved back in October 2007 (still two months after the first PAA Certifications) but they weren’t, for some reason.

The backup to those procedures — which Edward Snowden leaked in full — may explain the delay.

Those procedures were changed in 2008 to reverse earlier decisions prohibiting contact chaining on US person metadata. 

NSA had tried to get DOJ to approve that change in 2006. But James Baker (who was one of the people who almost quit over the hospital confrontation in 2004 and who is now FBI General Counsel) refused to let them.

After Baker (and Alberto Gonzales) departed DOJ, and after Congress passed the Protect America Act, the spooks tried again. On November 20, 2007, Ken Wainstein and Steven Bradbury tried to get the Acting Deputy Attorney General Craig Morford (not Mukasey, who was already AG!) to approve the procedures. The entire point of the change, Wainstein’s memo makes clear, was to permit the contact chaining of US persons.

The Supplemental Procedures, attached at Tab A, would clarify that the National Security Agency (NSA) may analyze communications metadata associated with United States persons and persons believed to be in the United States.

What the government did, after passage of the PAA, was make it permissible for NSA to figure out whom Americans were emailing.

And this metadata was — we now know — central to FISCR’s understanding of the program (though perhaps not FISC’s; in an interview today I asked Reggie Walton about this document and he simply didn’t remember it).

The new declassification of the FISCR opinion makes clear, the linking procedures (that is, contact chaining) NSA did were central to FISCR’s finding that Protect America Act, as implemented in directives to Yahoo, had sufficient particularity to be reasonable.

The linking procedures — procedures that show that the [redacted] designated for surveillance are linked to persons reasonably believed to be overseas and otherwise appropriate targets — involve the application of “foreign intelligence factors” These factors are delineated in an ex parte appendix filed by the government. They also are described, albeit with greater generality, in the government’s brief. As attested by affidavits  of the Director of the National Security Agency (NSA), the government identifies [redacted] surveillance for national security purposes on information indicating that, for instance, [big redaction] Although the FAA itself does not mandate a showing of particularity, see 50 U.S.C. § 1805(b). This pre-surveillance procedure strikes us as analogous to and in conformity with the particularly showing contemplated by Sealed Case.

In fact, these procedures were submitted to FISC and FISCR precisely to support their discussion of particularity! We know they were using these precise procedures with PAA because they were submitted to FISC and FISCR in defense of a claim that they weren’t targeting US persons.

Except, by all appearances, the government neglected to tell FISC and FISCR that the entire reason these procedures were changed, subsequent to the passage of the PAA, was so NSA could go identify the communications involving Americans.

And this program, and the legal authorization for it? It’s all built into the FISA Amendments Act.

Ashcroft, Comey, Goldsmith, and Baker: “All” Is the “Best” Reading of “Relevant”

Four MusketeersTowards the end of the Memorandum of Law in support of the Internet dragnet — which was signed by those guys ———-> — DOJ makes a claim that its reading of “relevant” to mean “almost all” was the best possible reading.

Here, by contrast, reading the term “relevant” to permit the collection of this critical information during wartime is a construction rooted in the text that requires no stretching of the ordinary meaning of the terms of the statute at all. In fact, for all the reasons outlined above, interpreting section 402 to authorize the collection the Government has requested in the best reading of the plain terms of the Act.

This is why you should not have secret courts.

I get making an aggressive push to authorize dragnet surveillance.

I get mining old and foreign dictionaries to come up with a definition that suits your needs.

But after you’ve made your best ditch effort to stretch the meaning of words, secretly, beyond all recognition, don’t then, secretly, pat yourself on the back pretending that wasn’t the game you just pulled.

But hey. Who’s the chump? After all, we now know that Misters Ashcroft, Comey, Goldsmith, and Baker pulled this off.

Yet no one is making any effort to put the English language back on some kind of sane footing. Nothing in any of the “reform” efforts before Congress attempts to put sanity back into the word “relevant.”

SPCMA: The Other NSA Dragnet Sucking In Americans

Screen Shot 2014-02-16 at 10.42.09 PMIn December, I wrote a post noting that NSA personnel performing analysis on PATRIOT-authorized metadata (both phone or Internet) can choose to contact chain on just that US-collected data, or — in what’s call a “federated query” — on foreign collected data, collected under Executive Order 12333, as well. It also appears (though I’m less certain of this) that analysts can do contact chains that mix phone and Internet data, which presumably is made easier by the rise of smart phones.

Section 215 is just a small part of the dragnet

This is one reason I keep complaining that journalists reporting the claim that NSA only collects 20-30% of US phone data need to specify they’re talking about just Section 215 collection. Because we know, in part because Richard Clarke said this explicitly at a Senate Judiciary Committee hearing last month, that Section “215 produces a small percentage of the overall data that’s collected.” At the very least, the EO 12333 data will include the domestic end of any foreign-to-domestic calls it collects, whether made via land line or cell. And that doesn’t account for any metadata acquired from GCHQ, which might include far more US person data.

The Section 215 phone dragnet is just a small part of a larger largely-integrated global dragnet, and even the records of US person calls and emails in that dragnet may derive from multiple different authorities, in addition to the PATRIOT Act ones.

SPCMA provided NSA a second way to contact chain on US person identifiers

With that background, I want to look at one part of that dragnet: “SPCMA,” which stands for “Special Procedures Governing Communications Metadata Analysis,” and which (the screen capture above shows) is one way to access the dragnet of US-collected (“1st person”) data. SPCMA provides a way for NSA to include US person data in its analysis of foreign-collected intelligence.

According to what is currently in the public record, SPCMA dates to Ken Wainstein and Steven Bradbury’s efforts in 2007 to end some limits on NSA’s non-PATRIOT authority metadata analysis involving US persons. (They don’t call it SPCMA, but the name of their special procedures match the name used in later years; the word, “governing,” is for some reason not included in the acronym)

Wainstein and Bradbury were effectively adding a second way to contact chain on US person data.

They were proposing this change 3 years after Collen Kollar-Kotelly permitted the collection and analysis of domestic Internet metadata and 1 year after Malcolm Howard permitted the collection and analysis of domestic phone metadata under PATRIOT authorities, both with some restrictions, By that point, the NSA’s FISC-authorized Internet metadata program had already violated — indeed, was still in violation — of Kollar-Kotelly’s category restrictions on Internet metadata collection; in fact, the program never came into compliance until it was restarted in 2010.

By treating data as already-collected, SPCMA got around legal problems with Internet metadata

Against that background, Wainstein and Bradbury requested newly confirmed Attorney General Michael Mukasey to approve a change in how NSA treated metadata collected under a range of other authorities (Defense Secretary Bob Gates had already approved the change). They argued the change would serve to make available foreign intelligence information that had been unavailable because of what they described as an “over-identification” of US persons in the data set.

NSA’s present practice is to “stop” when a chain hits a telephone number or address believed to be used by a United States person. NSA believes that it is over-identifying numbers and addresses that belong to United States persons and that modifying its practice to chain through all telephone numbers and addresses, including those reasonably believed to be used by a United States person, will yield valuable foreign intelligence information primarily concerning non-United States persons outside the United States. It is not clear, however, whether NSA’s current procedures permit chaining through a United States telephone number, IP address or e-mail address.

They also argued making the change would pave the way for sharing more metadata analysis with CIA and other parts of DOD.

The proposal appears to have aimed to do two things. First, to permit the same kind of contact chaining — including US person data — authorized under the phone and Internet dragnets, but using data collected under other authorities (in 2007, Wainstein and Bradbury said some of the data would be collected under traditional FISA). But also to do so without the dissemination restrictions imposed by FISC on those PATRIOT-authorized dragnets.

In addition (whether this was one of the goals or not), SPCMA defined metadata in a way that almost certainly permitted contact chaining on metadata not permitted under Kollar-Kotelly’s order.

“Metadata” also means (1) information about the Internet-protocol (IP) address of the computer from which an e-mail or other electronic communication was sent and, depending on the circumstances, the IP address of routers and servers on the Internet that have handled the communication during transmission; (2) the exchange of an IP address and e-mail address that occurs when a user logs into a web-based e-mail service; and (3) for certain logins to web-based e-mail accounts, inbox metadata that is transmitted to the user upon accessing the account.

Some of this information — such as the web-based email exchange — almost certainly would have been excluded from Kollar-Kotelly’s permitted categories because it would constitute content, not metadata, to the telecoms collecting it under PATRIOT Authorities.

Wainstein and Bradbury appear to have gotten around that legal problem — which was almost certainly the legal problem behind the 2004 hospital confrontation — by just assuming the data was already collected, giving it a sort of legal virgin birth.

Doing so allowed them to distinguish this data from Pen Register data (ironically, precisely the authority Kollar-Kotelly relied on to authorize PATRIOT-authorized Internet metadata collection) because it was no longer in motion.

First, for the purpose of these provisions, “pen register” is defined as “a device or process which records or decodes dialing, routing, addressing or signaling information.” 18 U.S.C. § 3127(3); 50 U.S.C. § 1841 (2). When NSA will conduct the analysis it proposes, however, the dialing and other information will have been already recorded and decoded. Second, a “trap and trace device” is defined as “a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing and signaling information.” 18 U.S.C. § 3127(4); 50 U.S.C. § 1841(2). Again, those impulses will already have been captured at the point that NSA conducts chaining. Thus, NSA’s communications metadata analysis falls outside the coverage of these provisions.

And it allowed them to distinguish it from “electronic surveillance.”

The fourth definition of electronic surveillance involves “the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire communication …. ” 50 U.S.C. § 1802(f)(2). “Wire communication” is, in turn, defined as “any communication while it is being carried by a wire, cable, or other like com1ection furnished or operated by any person engaged as a common carrier …. ” !d. § 1801 (1). The data that the NSA wishes to analyze already resides in its databases. The proposed analysis thus does not involve the acquisition of a communication “while it is being carried” by a connection furnished or operated by a common carrier.

This legal argument, it seems, provided them a way to carve out metadata analysis under DOD’s secret rules on electronic surveillance, distinguishing the treatment of this data from “interception” and “selection.”

For purposes of Procedure 5 of DoD Regulation 5240.1-R and the Classified Annex thereto, contact chaining and other metadata analysis don’t qualify as the “interception” or “selection” of communications, nor do they qualify as “us[ing] a selection term,” including using a selection term “intended to intercept a communication on the basis of … [some] aspect of the content of the communication.”

This approach reversed an earlier interpretation made by then Counsel of DOJ’s Office of Intelligence and Policy Review James A Baker.

Baker may play an interesting role in the timing of SPCMA. He had just left in 2007 when Bradbury and Wainstein proposed the change. After a stint in academics, Baker served as Verizon’s Assistant General Counsel for National Security (!) until 2009, when he returned to DOJ as an Associate Deputy Attorney General. Baker, incidentally, got named FBI General Counsel last month.

NSA implemented SPCMA as a pilot in 2009 and more broadly in 2011

It wasn’t until 2009, amid NSA’s long investigation into NSA’s phone and Internet dragnet violations that NSA first started rolling out this new contact chaining approach. I’ve noted that the rollout of this new contact-chaining approach occurred in that time frame.

Comparing the name …

SIGINT Management Directive 424 (“SIGINT Development-Communications Metadata Analysis”) provides guidance on the NSA/ CSS implementation of the “Department of Defense Supplemental Procedures Governing Communications Metadata Analysis” (SPCMA), as approved by the U.S. Attorney General and the Secretary of Defense. [my emphasis]

And the description of the change …

Specifically, these new procedures permit contact chaining, and other analysis, from and through any selector, irrespective of nationality or location, in order to follow or discover valid foreign intelligence targets. (Formerly analysts were required to determine whether or not selectors were associated with US communicants.) [emphasis origina]

,,, Make it clear it is the same program.

NSA appears to have made a few changes in the interim. Read more

The “Heroes” of the Hospital Confrontation Brief the FISC

I’m going to have several posts on the documents released yesterday, starting with the Internet dragnet opinion and the phone dragnet application.

But to give those two background, I want to look at a passage in the Internet dragnet opinion, in which Colleen Kollar-Kotelly describes a fascinating briefing that she received in advance of authoring what Orin Kerr describes as a “quite strange” opinion.

After describing some declarations she received (including one from a person whose title remains redacted) and some questions she posed, she describes this briefing.

The Court also relies on information and arguments presented in a briefing to the Court on [redacted] which addressed the current and near-term threats posed by [redacted reference to Al Qaeda and others], investigations conducted by the Federal Bureau of investigation (FBI) to counter those threats, the proposed collection activities of the NSA (now described in the instant application), the expected analytical value of information so collected in efforts to identify and track operatives [redacted] and the legal bases for conducting these collection activities under FISA’s pen register/trap and trace provisions. 4

4 This briefing was attended by (among others) the Attorney General; [redacted] the DIRNSA; the Director of the FBI; the Counsel to the President; the Assistant Attorney General for the Office of Legal Counsel; the Director of the Terrorist Threat Integration Center (TTIC); and Counsel for Intelligence Policy.

That is, right at the beginning of her opinion, Kollar-Kotelly tells us that she had a briefing with:

  • AG John Ashcroft
  • [redacted]
  • DIRNSA Michael Hayden
  • FBI Director Robert Mueller
  • Counsel to the President Alberto Gonzales
  • AAG for OLC Jack Goldsmith
  • TTIC Director John Brennan
  • Counsel for OIPR James Baker

On page 30, Kollar-Kotelly seems to refer to the same redacted person again, which in the context of the reference to CIA v. Sims in that footnote, seems to suggest this is a reference to CIA Director George Tenet, which suggests the redacted author of the brief she relied on was authored by Tenet. (I leave open the more tantalizing possibility that it’s someone like Dick Cheney, but highly doubt it.)

So before she approved the use of FISA’s Pen Register to collect much of the Internet metadata in the US, she had a meeting with at least one of the villains — Alberto Gonzales — of the hospital confrontation at which DOJ refused to reauthorize the Internet metadata program that was part of the President’s illegal wiretap program, and at least three of its “heroes:” Ashcroft, Mueller, and Goldsmith.

Interestingly, this meeting does not appear — at least not described as such — in the Draft NSA IG Report description of the transition to a FISC order.

After extensive coordination, DoJ and NSA devised the PRITT theory to which the Chief Judge of the FISC seemed amenable. DoJ and NSA worked closely over the following months, exchanging drafts of the application, preparing declarations, and responding to questions from court advisers. NSA representatives explained the capabilities that were needed to recreate the Authority, and DoJ personnel devised a workable legal basis to meet those needs. In April 2004, NSA briefed Judge Kollar-Kotelly and a law clerk because Judge Kollar-Kotelly was researching the impact of using PSP-derived information in FISA applications. In May 2004, NSA personnel provided a technical briefmg on NSA collection of bulk Internet metadata to Judge Kollar-Kotelly. In addition, General Hayden said he met with Judge Kollar-Kotelly on two successive Saturdays during the summer of 2004 to discuss the on-going efforts.

Was this “briefing” one of the Saturday meetings Hayden had with FISC’s Presiding Judge?

Remember, David Kris described the genesis of the bulk collection programs this way, in a paper emphasizing the role of the Internet dragnet.

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. [my emphasis]

The Internet dragnet was illegal. At least 3 of the people who conveyed the importance of authorizing this program had said so — in very dramatic fashion — less than four months before she would do so.

And yet she wrote a memo saying it was legal.

Update, 8/12/14: This application confirms that George Tenet was the redacted declaration submitter.

What Happened to that Third Branch Oversight?

Judge Colleen Kollar-Kotelly is pissed.

After spending 2002 to 2006 as Chief Judge of the FISA Court struggling to keep parts of the American legal system walled off from a rogue surveillance program, she read the classified account the NSA’s Inspector General wrote of her efforts. And while that report does say Kollar-Kotelly was the only one who managed to sneak a peek at a Presidential Authorization authorizing the illegal program, she doesn’t believe it reflects the several efforts she made to reel in the program.

“In my view, that draft report contains major omissions, and some inaccuracies, regarding the actions I took as Presiding Judge of the FISC and my interactions with Executive Branch officials,” Kollar-Kotelly said in a statement to The Post.

[snip]

Kollar-Kotelly disputed the NSA report’s suggestion of a fairly high level of coordination between the court and the NSA and Justice in 2004 to re-create certain authorities under the Foreign Intelligence Surveillance Act, the 1978 law that created the court in response to abuses of domestic surveillance in the 1960s and 1970s.

“That is incorrect,” she said. “I participated in a process of adjudication, not ‘coordination’ with the executive branch. The discussions I had with executive branch officials were in most respects typical of how I and other district court judges entertain applications for criminal wiretaps under Title III, where issues are discussed ex parte.”

The WaPo story reporting on her objections makes no mention of the role one FISC law clerk — who got briefed into the program before any of the other FISC judges — played in this process, something I’m pretty curious about.

It does, however, recall two incidents where Kollar-Kotelly took measures to crack down on the illegal program, which Carol Leonnig reported back in 2006.

Both [Kollar-Kotelly and her predecessor Royce Lamberth] expressed concern to senior officials that the president’s program, if ever made public and challenged in court, ran a significant risk of being declared unconstitutional, according to sources familiar with their actions. Yet the judges believed they did not have the authority to rule on the president’s power to order the eavesdropping, government sources said, and focused instead on protecting the integrity of the FISA process.

[snip]

In 2004, [DOJ Office of Intelligence Policy and Review Counsel James] Baker warned Kollar-Kotelly he had a problem with [a “federal screening system that the judges had insisted upon to shield the court from tainted information”]. He had concluded that the NSA was not providing him with a complete and updated list of the people it had monitored, so Justice could not definitively know — and could not alert the court — if it was seeking FISA warrants for people already spied on, government officials said.

Kollar-Kotelly complained to then-Attorney General John D. Ashcroft, and her concerns led to a temporary suspension of the program. The judge required that high-level Justice officials certify the information was complete — or face possible perjury charges.

In 2005, Baker learned that at least one government application for a FISA warrant probably contained NSA information that was not made clear to the judges, the government officials said. Some administration officials explained to Kollar-Kotelly that a low-level Defense Department employee unfamiliar with court disclosure procedures had made a mistake.

Though the NSA IG Report mentions violations that occurred before 2003, it makes no mention of these violations.

What good is an IG Report that gives no idea of how often and persistent violations are?

That said, today’s WaPo story provides this as the solution to our distorted view of the FISA Court’s role in rubber-stamping this massive dragnet.

A former senior Justice Department official, who spoke on the condition of anonymity because of the subject’s sensitivity, said he believes the government should consider releasing declassified summaries of relevant opinions.

“I think it would help” quell the “furor” raised by the recent disclosures, he said. “In this current environment, you may have to lean forward a little more in declassifying stuff than you otherwise would. You might be able to prepare reasonable summaries that would be helpful to the American people.”

Back in 2006, Leonnig noted that the judges didn’t believe they had the authority to intervene to stop the dragnet. So what good does a ruling — even two as broad and stunning as the ones that used Pen Registers and Business Records to collect the contact records of all Americans — do to depict the role the Court is in?

The Administration keeps pointing to this narrowly authorized court as real court review. But that’s not what it is. And until we have a better sense of how that manifested in the past (and continues to — I’ll bet you a quarter that they’ve moved the Internet data mining to some area outside of court purview), we’re not going to understand how to provide real oversight to this dragnet.

We’d be far better off having the FISC provide its own history of these surveillance programs.

In Re Sealed Case and the Goldsmith Memo

In addition to what I laid out here, comparing the 2006 White Paper with the May 6, 2004 Goldsmith memo on the warrantless wiretap program made me realize that the White Paper relies more frequently on In re: Sealed Case than Goldsmith does, at least in the unredacted portions. By my count, the White Paper refers to In re Sealed Case 9 times, whereas Goldsmith refers to it just 3 times (see pages 34, 47, 48; though technically one citation includes three quotes from it).

So I wanted to see why that might be–and what it might say about the program generally and the redacted sections of Goldsmith’s memo.

In Re Sealed Case: How Did the Patriot Act Change the “Wall” between Criminal and Intelligence Investigations?

In the PATRIOT Act, Congress expanded the limit on how the information sought in a FISA warrant could be used. It had required that foreign intelligence be the primary purpose of collection; in an attempt to break down the wall between criminal and intelligence investigations, PATRIOT allowed that foreign intelligence only be a “significant” purpose of the collection. In response to that change, Attorney General Ashcroft issued a memo finding that meant law enforcement could be the primary purpose of such collection and holding that criminal prosecutors could consult on the terms of the wiretaps to be used.

The FISA Court, noting that the FBI had misrepresented its goals in FISA collection in a number of recent instances (but citing only those from before 9/11) invoked its role in ensuring FISA collection meet certain minimization guidelines. It ruled that the government had to keep the Office of Intelligence and Policy Review in the loop in conversations between criminal and intelligence personnel, and criminal personnel could not direct wiretaps.

The FISA Court of Review reversed that decision, finding that the two functions were so intertwined as to permit the involvement of criminal personnel in planning wiretaps.

But its ruling also considered whether the change–allowing the government to use FISA to investigate “intelligence crimes”–was Constitutional under the Fourth Amendment. That discussion, while somewhat inconclusive, lays out some guidelines for what might be a reasonable search for a foreign intelligence purpose. It’s that discussion that provides ripe material for Goldsmith’s and the White Paper’s project of trying to claim the warrantless wiretap program was legal. But also, likely, caused big problems for the warrantless program as well.

The In Re Sealed Case Citations

Here’s how the unredacted parts of Goldsmith and the White Paper rely on In re Sealed Case.

Proof that “the wall” was a problem independent of 9/11

In attempts to dismiss the argument that the modifications Congress made to FISA after 9/11 prove Congress still intended the Administration to rely on its, both papers point to the discussion in In re Sealed Case about the problem of a “wall” between criminal investigations and intelligence. (Goldsmith 34, White Paper 28fn)

A claim that the opinion treats foreign wiretapping as an inherent authority

In a discussion of the President’s inherent authority to conduct warrantless searches of foreign intelligence, both papers cite In re Sealed Case on past Circuit discussions of the President’s power to use warrantless wiretaps to obtain foreign intelligence. Goldsmith does so in one discussion.

The Foreign Intelligence Surveillance Court of Review recently noted that all courts to have addressed the issue have “held that the President did have inherent authority to conduct warrantless searches to obtain foreign intelligence information.” In re Sealed Case, 310 F 3rd 717, 742 (Foreign Intel. Surv. Ct. or Rev. 2002). On the basis of that unbroken line of precedent, the Court “[took] for granted that the President does have that authority,” and concluded that, “assuming that is so, FISA could not encroach on the President’s constitutional power.” (Goldsmith 48)

The White Paper cites the first quote on page 31 and again on 37, the second on page 8, and the third on page 35.

In addition to the general use of In re Sealed Case to argue inherent authority, there’s a footnote in In re Sealed Case that dismisses concerns Laurence Silberman raised during the original debate on FISA about the non-adversary process laid out in it; Goldsmith noted that footnote did not extend to Silberman’s larger complaints about inherent power. (Goldsmith 47fn)

Discussion of how “special needs” would permit the use of FISA for criminal wiretaps

The White Paper, unlike Goldsmith in his unredacted discussion of times when “special needs” allow the government to avoid a warrant, relies on In re Sealed Case’s discussion on the topic. The White Paper  includes this quote:

One important factor in establishing “special needs” is whether the Government is responding to an emergency that goes

beyond the need for general crime control. See In re Sealed Case, 310 F.3d at 745-46. (page 38)

It repeats that very reference later on the same page.

In re Sealed Case, 310 F.3d at 745-46 (noting that suspicionless searches and seizures in one sense are a greater encroachment on privacy than electronic surveillance under FISA because they are not based on any particular suspicion, but “[o]n the other hand, wiretapping is a good deal more intrusive than an automobile stop accompanied by

questioning”).

It cites the same passage again, claiming the FISCR had concluded that that passage held that foreign intelligence fit the definition of special needs.

And then borrows from what it claims the FISCR concluded.

As explained by the Foreign Intelligence Surveillance Court of Review, the nature of the “emergency” posed by al Qaeda “takes the matter out of the realm of ordinary crime control.” In re Sealed Case, 310 F.3d at 746. (page 39)

In other words, the unredacted sections of Goldsmith do not rely on In re Sealed Case to claim warrantless wiretapping qualifies as a special need, whereas the White Paper does. Mind you, he does discuss special needs and his discussion covers most of the same cases as the White Paper–notably on page page 39 and to some degree on 105. But he doesn’t cite FISCR.

“The Government … Has Affirmatively Argued that FISA Is Constitutional”

Now, obviously, we can only compare the unredacted parts of Goldsmith’s memo with what the White Paper uses. And there are definitely places in his memo where it appears likely that he discussed In re Sealed Case in currently redacted passage.

For example, two pages following Goldsmith’s use of In re Sealed Case to claim FISCR had endorsed warrantless wiretapping as part of the President’s inherent authority are redacted.

I’m guessing that Goldsmith might have felt obliged to address this part of In re Sealed Case:

The government, recognizing the Fourth Amendment’s shadow effect on the FISA court’s opinion, has affirmatively argued that FISA is constitutional.

Read more