Posts

Unread Reports as the Big Data Dump? Not Really.

/11 Comments/in , , , /by

The very same week the President released his breathless report on Big! Data!, the Washington Post has a story criticizing the sheer number and types of reports Congress requires from the Federal bureaucracy.

It started out with a good idea. Legislators wanted to know more about the bureaucracy working beneath them. So they turned to a tool as old as bureaucracy itself — the interoffice memo. They asked agencies to send in written reports about specific things they were doing.

Then, as happens in government, that good idea was overused until it became a bad one.

[snip]

But as the numbers got bigger, Congress started to lose track. It overwhelmed itself. Today, Congress is not even sure how many of those 4,291 reports are actually turned in. And it does not try to save copies of all the ones that are.

So some agencies cheat and send in nothing. And others waste time and money sending in reports — such as the one on dog and cat fur — that simply disappear into the void.

To support its case, WaPo focuses on one report requiring Customs and Border Patrol to report on how much dog and cat fur products are being shipped into the US, which is probably a needless report (which is also probably why WaPo picked it out of the 4,291 it identified).

And WaPo — a member of the Fourth Estate that purportedly serves as a check on power — comes to this very dangerous conclusion.

The problem is that there is no system to sort the good ones from the useless ones. They all flow in together, which makes it hard for congressional staffers to spot any valuable information hidden in the flood.

First, the press is part of that system! Rather than throwing cat and dog fur, perhaps WaPo could have tried to distinguish those that were critical from those that are questionable and those that are clearly frivolous.

Moreover, it is the height of irresponsibility to absolve Congressional staffers — whose bosses are the only ones that can eliminate useless reports — of responsibility for reading the reports they get. Either the staffers must be held accountable for reading the reports, or for eliminating them. That’s how you fix the system. That’s why we’re paying them.

Ultimately, too, I’m not sure I buy the WaPo’s argument that these are useless reports. 4,291 seems like a not unreasonable amount of data for legislators to receive and read about the world’s biggest (perhaps now second biggest) economy, about DOD’s $526 billion budget, about the many federal benefit programs, about the expanding police state.

And if you look at the actual list (rather than WaPo’s admittedly snazzy but not very informative infographic on them), many — perhaps even most — of the reports make a lot of sense.

Consider the reports listed for General Services Administration, an entity with an annual budget of $26 billion, which has the ability to effect great change as the source of enormous spending, and one that has routinely experienced significant spending scandals.

  1. Activities and status of advisory committees in existence during the previous calendar year
  2. A report on the status of the high-performance green building initiatives under this subtitle
  3. Administration’s alternative fueled vehicle program
  4. A description of lost opportunities for waste-heat recovery from the project described in paragraph (A)
  5. A report on the use of photovoltaic energy in public buildings
  6. Violations by Federal agencies of Federal Records Act of 1950, as codified 1950
  7. Reports by Inspector General of particularly serious or flagrant problems, abuses, or deficiencies in the administration of programs and operations of the agency
  8. Activities of the Inspector General
  9. Accessibility to public buildings by the physically handicapped
  10. Prospectus proposing a building project or lease
  11. Location, space, cost, and status of each public building, the construction, alteration, or acquisition of which is to be under authority of the Act, and which was uncompleted as of the date requested
  12. Building project surveys as requested by either the Senate or House
  13. Use of underutilized public buildings and property for facilities to assist the homeless
  14. Summary of excess property disposal reports
  15. Evaluation of the operation of programs for donation of Federal surplus personal property; excess personal property transferred
  16. Excessive stocking of property, above reasonable inventory levels, by executive agencies
  17. Administration of the Federal Property and Administrative Services Act of 1949
  18. Contracts to facilitate the national defense entered into, amended, or modified
  19. Acquisition cost of surplus real or related personal property conveyed for care or rehabilitation of criminal offenders during previous fiscal year
  20. Results of investigations of the cost of travel and the operation of privately owned vehicles to Federal employees while engaged in official business
  21. Annual determination of the average actual cost per mile for the use of a privately owned motorcycle, automobile, and airplane
  22. A plan to comply with Section 432 relating to energy and water conservation at General Services Administration facilities

Reports 1, 6, 7, 8, 10, 11, 12, 17, and 18 are simply reports Congress needs to ask for to ensure there’s some visibility into the Agency, to ensure they’ll be informed if GSA finds something wrong itself. Reports 2, 3, 4, 5, 9, 13, 14, 19, and 22 measure the efficacy of efforts to use GSA’s buying power to do some social good  (and report 9, on ADA accessibility, involves significant legal compliance).  Reports 15 and 16 address an area susceptible to graft.  Reports 20 and 21 are not only key to cost-benefit analysis of how Federal employees travel, but they apparently are tied to one of GSA’s most requested links. Some of these are also reports tied to an action, like buying a building. And all that amounts to less than 1 report for every $ billion American taxpayers give to GSA. If anything, there are a few more reports — that might identify obviously politicized or excessive spending, which is a persistent problem with GSA — that are missing.

Admittedly, that’s just one random agency. But aside from some entities the Federal government runs itself (like American Samoa and DC) as well as some Commissions over which there have been political fights in the past I’m not seeing a whole lot of waste here — though there may be some inefficiency in how the information is requested. I might grant that in the era of big data we need to automate this — in effect, give Congress a better way to Big! Data! the bureaucracies it oversees (though that would be awfully susceptible to abuse), but I don’t see a lot of information that shouldn’t be required from the bureaucracy.

I’m reminded how, 2 years ago, James Clapper claimed ODNI had to produce too many reports and should be permitted to eliminate 30 of them. He tried to get rid of the annual report on how many people have security clearance (one of the few ways we can measure the ballooning secret government). He tried to get rid of reports on Department of Homeland Security’s notoriously useless intelligence agency. He tried to eliminate reports on Chinese spying on the US and nuclear lab security, both persistent security issues. He tried to eliminate a report informing Congress what the privacy staffs of intelligence agencies are doing. In short, in the guise of onerous reporting, he tried to eliminate crucial oversight  (as well as a paper trail that could be FOIAed) on several areas of great public concern.

Or consider this: DOD cannot pass an audit. The biggest military in the world still is not required to account for the money it spends, both to itself and Congress.

And yet a newspaper is saying we require too much reporting from the great big bureaucracy?

I don’t buy it.

Henceforth All Published IC Comment Should Be Considered Propaganda

/10 Comments/in /by

Steve Aftergood reports that James Clapper has done what Congress refused to do: forbid any unauthorized contact between Intelligence Community staffers and any member of an unbelievably broadly defined media. The order requires IC employees to obtain authorization for contacts with the media, and report any unplanned contacts.

3. Contact by IC employees with the media on covered matters must be authorized by their IC element.
a. Within the IC, only the head or deputy head of an IC element, the designated public affairs official, and other persons designated in agency policy or authorized by that public affairs official are authorized to have contact with the media on covered matters, except as provided below.
b. IC employees, as defined in EO 12333, Section 3.5(d), not designated in accordance with Section D.3.a, must obtain authorization for contacts with the media on covered matters through the office responsible for public affairs for their IC element, and must also report to that office unplanned or unintentional contact with the media on covered matters.
4. No substantive information should be provided to the media regarding covered matters in the case of unplanned or unintentional contacts. Authorization for a particular contact on covered matters does not constitute authorization for additional media engagement.

And here’s the definition of “media,” which would include civil rights organizations and some attorneys.

4. For purposes of this Directive, media is any person, organization, or entity (other than Federal, State, local, tribal and territorial governments):
a. primarily engaged in the collection, production, or dissemination to the public of information in any form, which includes print, broadcast, film and Internet; or
b. otherwise engaged in the collection, production, or dissemination to the public of information in any form related to topics of national security, which includes print, broadcast, film and Internet.

Employees found to have violated this policy may lose their security clearance and/or their employment.

I guess James Clapper, whose credibility is already shot to shit for lying to Congress and spending 10 months uttering transparent lies, wants to doom the IC’s credibility entirely.

After all, from this point forward, we can assume that any statement citing an IC source is approved propaganda. Thanks for clearing that up, Clapper.

 

James Clapper Continues to Cover Up FBI’s Back Door Searches on US Targets

/6 Comments/in /by

Screen shot 2014-04-02 at 12.37.27 PMIn their stories catching up to my past reporting on the Semiannual Compliance Report‘s discussion of backdoor searches, the Guardian and NYT focus on NSA and (in the case of the NYT) CIA. Neither mentions that the FBI also does such back door searches, and has had the authority to do so longer than the foreign intelligence agencies.

That may be because Ron Wyden always focuses on the NSA, and as a result James Clapper mentioned the NSA in his letter to Wyden.

The public record makes clear that FBI has this authority. A footnote to one of the paragraphs describing oversight over NSA and CIA’s back door searches explains that “FBI’s minimization procedures had already provided that agency the ability,” followed by redacted descriptions.

Screen Shot 2014-04-02 at 1.14.49 PM

When Bates approved back door searches in his October 3, 2011 opinion, he pointed to FBI’s earlier (and broader) authorities to justify approving it for NSA and CIA. While the mention of FBI is redacted here, at that point it was the only other agency whose minimization procedures had to be approved by FISC, and FBI is the agency that applies for traditional FISA warrants.

[redacted] contain an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information. See [redacted]. In granting [redacted] applications for electronic surveillance or physical search since 2008, including applications targeting United States persons and persons in the United States, the Court has found that the [redacted] meet the definitions of minimization procedures at 50 U.S.C. §§ 1801(h) and 1821(4). It follows that the substantially-similar querying provision found at Section 3(b)(5) of the amended NSA minimization procedures should not be problematic in a collection that is focused on non-United States persons located outside the United States and that, in aggregate, is less likely to result in the acquisition of nonpublic information regarding non-consenting United States persons.

So since 2008, FBI has had the ability to do back door searches on all the FISA-authorized data they get, including taps targeting US persons.

When I saw ODNI’s tweets (above) admitting to back door searches, I realized that ODNI treated classification of FBI’s back door searches differently than it did CIA and NSA’s. In addition to the redactions in the footnote above, it also redacted its description of the review of FBI’s back door searches.

Screen Shot 2014-04-02 at 2.08.52 PM

Indeed, Clapper’s letter only admits to back door searches of data collected on foreign targets, not American ones.

As reflected in the August 2013 Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702, which we declassified and released on August 21, 2013, there have been queries, using U.S. person identifiers, of communications lawfully acquired to obtain foreign intelligence by targeting non U.S. persons reasonably believed to be located outside the U.S. pursuant to Section 702 of FISA.

Yet Bates makes it clear (even though the reference to FBI is redacted) that FBI can even back door search data collected in the United States on US persons.

Given how little we know about back door searches, it’s hard to know which is worse. As Bates notes, there will likely be more Americans’ records accessible via a back door search off an American target. But at least in that case, FISC has found there is probable cause to believe the target is a foreign agent or terrorist. Under Section 702, the Agencies can collect data on people without that same level of proof, and do so in much greater volume. Certainly, Ron Wyden and Mark Udall seem primarily concerned about the Section 702 targeting (which includes the FBI, as the Compliance report makes clear).

Still, Clapper’s greater secrecy about FBI’s back door searches makes me worried they are in some way even worse.

James Clapper Confirms VADM Mike Rogers Needlessly Obfuscated in Confirmation Hearing

/7 Comments/in /by

On Friday, James Clapper finally provided Ron Wyden an unclassified response to a question he posed on January 29, admitting that the NSA conducts back door searches. (via Charlie Savage)

As reflected in the August 2013 Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702, which we declassified and released on August 21, 2013, there have been queries, using U.S. person identifiers, of communications lawfully acquired to obtain foreign intelligence by targeting non U.S. persons reasonably believed to be located outside the U.S. pursuant to Section 702 of FISA.

It has taken just 9 months for Clapper to admit that, contrary to months of denials, the NSA (and FBI, which he doesn’t confirm but which the Report makes clear, as well as the CIA) can get the content of Americans’ communications without a warrant. But Clapper’s admission that this fact was declassified in August should disqualify Vice Admiral Mike Rogers from confirmation as CyberComm head (I believe he started serving as DIRNSA head, which doesn’t require confirmation, yesterday). Because it means Rogers refused to answer a question the response to which was already declassified.

Udall: If I might, in looking ahead, I want to turn to the 702 program and ask a policy question about the authorities under Section 702 that’s written into the FISA Amendments Act. The Committee asked your understanding of the legal rationale for NASA [sic] to search through data acquired under Section 702 using US person identifiers without probable cause. You replied the NASA–the NSA’s court approved procedures only permit searches of this lawfully acquired data using US person identifiers for valid foreign intelligence purposes and under the oversight of the Justice Department and the DNI. The statute’s written to anticipate the incidental collection of Americans’ communications in the course of collecting the communications of foreigners reasonably believed to be located overseas. But the focus of that collection is clearly intended to be foreigners’ communications, not Americans. But declassified court documents show that in 2011 the NSA sought and obtained the authority to go through communications collected under Section 702 and conduct warrantless searches for the communications of specific Americans. Now, my question is simple. Have any of those searches been conducted? Rogers: I apologize Sir, I’m not in a position to answer that as the nominee. Udall: You–yes. Rogers: But if you would like me to come back to you in the future if confirmed to be able to specifically address that question I will be glad to do so, Sir. Udall: Let me follow up on that. You may recall that Director Clapper was asked this question in a hearing earlier this year and he didn’t believe that an open forum was the appropriate setting in which to discuss these issues. The problem that I have, Senator Wyden’s had, and others is that we’ve tried in various ways to get an unclassified answer — simple answer, yes or no — to the question. We want to have an answer because it relates — the answer does — to Americans’ privacy. Can you commit to answering the question before the Committee votes on your nomination? Rogers: Sir, I believe that one of my challenges as the Director, if confirmed, is how do we engage the American people — and by extension their representatives — in a dialogue in which they have a level of comfort as to what we are doing and why. That is no insignificant challenge for those of us with an intelligence background, to be honest. But I believe that one of the takeaways from the situation over the last few months has been as an intelligence professional, as a senior intelligence leader, I have to be capable of communicating in a way that we are doing and why to the greatest extent possible. That perhaps the compromise is, if it comes to the how we do things, and the specifics, those are perhaps best addressed in classified sessions, but that one of my challenges is I have to be able to speak in broad terms in a way that most people can understand. And I look forward to that challenge. Udall: I’m going to continue asking that question and I look forward to working with you to rebuild the confidence. [my emphasis]

I assume that now that Clapper has given him the okay to discuss unclassified topics with Congress, Rogers will now provide a forthright answer, all the while claiming he was ignorant about the answer at the time (fine! then make me DIRNSA because I know more about it!). But Rogers’ response went far beyond such an answer. He refused — not just in the hearing but even after it — to commit to answering a question with a completely unclassified answer. And as I pointed out in this post, his written answers were even more obfuscatory. I don’t get a vote. But I think this should disqualify him as a nominee.

Update: Here’s the exchange in Rogers’ questions for the record on back door searches.

What is your understanding of the legal rationale for NSA to search through data acquired under section 702 using U.S. Persons identifiers without probable cause?

Information acquired by NSA under Section 702 of FI SA must be handled in strict accordance with minimization procedures adopted by the Attorney General and approved by the Foreign Intelligence Surveillance Court. As required by the statute and certifications approving Section 702 acquisitions, such activities must be limite d to targeting non-U.S. persons reasonably believed to be located outside the United States . NSA’s Court-approved procedures only permit searches of this lawfully acquired data using U.S. person identifiers for valid foreign intelligence purposes and under the oversight of the Department of Justice and Office of Director of National Intelligence.

In Nomination Hearing, DIRNSA Nominee Mike Rogers Continues James Clapper and Keith Alexander’s Obfuscation about Back Door Searches

/12 Comments/in , , , /by

Yesterday, the Senate Armed Services Committee held a hearing for Vice Admiral Mike Rogers to serve as head of Cyber Command (see this story from Spencer about how Rogers’ confirmation as Cyber Command chief serves as proxy for his role as Director of National Security Agency because the latter does not require Senate approval).

Many of the questions were about Cyber Command (which was, after all, the topic of the hearing), but a few Senators asked questions about the dragnet that affects us all.

In one of those exchanges — with Mark Udall — Rogers made it clear that he intends to continue to hide the answers to very basic questions about how NSA conducts warrantless surveillance of Americans, such as whether the NSA conducts back door searches on American people.

Udall: If I might, in looking ahead, I want to turn to the 702 program and ask a policy question about the authorities under Section 702 that’s written into the FISA Amendments Act. The Committee asked your understanding of the legal rationale for NASA [sic] to search through data acquired under Section 702 using US person identifiers without probable cause. You replied the NASA–the NSA’s court approved procedures only permit searches of this lawfully acquired data using US person identifiers for valid foreign intelligence purposes and under the oversight of the Justice Department and the DNI. The statute’s written to anticipate the incidental collection of Americans’ communications in the course of collecting the communications of foreigners reasonably believed to be located overseas. But the focus of that collection is clearly intended to be foreigners’ communications, not Americans. But declassified court documents show that in 2011 the NSA sought and obtained the authority to go through communications collected under Section 702 and conduct warrantless searches for the communications of specific Americans. Now, my question is simple. Have any of those searches been conducted?

Rogers: I apologize Sir, I’m not in a position to answer that as the nominee.

Udall: You–yes.

Rogers: But if you would like me to come back to you in the future if confirmed to be able to specifically address that question I will be glad to do so, Sir.

Udall: Let me follow up on that. You may recall that Director Clapper was asked this question in a hearing earlier this year and he didn’t believe that an open forum was the appropriate setting in which to discuss these issues. The problem that I have, Senator Wyden’s had, and others is that we’ve tried in various ways to get an unclassified answer — simple answer, yes or no — to the question. We want to have an answer because it relates — the answer does — to Americans’ privacy. Can you commit to answering the question before the Committee votes on your nomination?

Rogers: Sir, I believe that one of my challenges as the Director, if confirmed, is how do we engage the American people — and by extension their representatives — in a dialogue in which they have a level of comfort as to what we are doing and why. That is no insignificant challenge for those of us with an intelligence background, to be honest. But I believe that one of the takeaways from the situation over the last few months has been as an intelligence professional, as a senior intelligence leader, I have to be capable of communicating in a way that we are doing and why to the greatest extent possible. That perhaps the compromise is, if it comes to the how we do things, and the specifics, those are perhaps best addressed in classified sessions, but that one of my challenges is I have to be able to speak in broad terms in a way that most people can understand. And I look forward to that challenge.

Udall: I’m going to continue asking that question and I look forward to working with you to rebuild the confidence. [my emphasis]

The answer to the question Rogers refused to answer is clearly yes. We know that’s true because the answer is always yes when Wyden, and now Udall, ask such questions.

But we also know the answer is yes because declassified parts of last August’s Semiannual Section 702 Compliance Report state clearly that oversight teams have reviewed the use of this provision, which means there’s something to review.

As reported in the last semiannual assessment, NSA minimization procedures now permit NSA to query its databases containing telephony and non-upstream electronic communications using United States person identifiers in a manner designed to find foreign intelligence information. Similarly, CIA’s minimization procedures have been modified to make explicit that CIA may also query its databases using United States person identifiers to yield foreign intelligence information. As discussed above in the descriptions of the joint oversight team’s efforts at each agency, the joint oversight team conducts reviews of each agency’s use of its ability to query using United States person identifiers. To date, this review has not identified any incidents of noncompliance with respect to the use of United States person identifiers; as discussed in Section 4, the agencies’ internal oversight programs have, however, identified isolated instances in which Section 702 queries were inadvertently conducted using United States person identifiers. [my emphasis]

It even obliquely suggests there have been “inadvertent” violations, though this seems to entail back door searches on US person identifiers without realizing they were US person identifiers, not violations of the procedures for using back door searches on identifiers known to be US person identifiers.

Still, it is an unclassified fact that NSA uses these back door searches.

Yet the nominee to head the NSA refuses to answer a question on whether or not NSA uses these back door searches.

And it’s not just in response to this very basic question that Rogers channeled the dishonest approach of James Clapper and Keith Alexander.

As Udall alluded, at the end of a long series of questions about Cyber Command, the committee asked a series of questions about back door searches and other dragnet issues. They asked (see pages 42-43):

  • Whether NSA can conduct back door searches on data acquired under EO 12333 and if so under what legal rationale
  • Whether NSA can conduct back door searches on data acquired pursuant to traditional FISA and if so under what legal rationale
  • What the legal rationale is for back door searches on data acquired under FISA Amendments Act
  • What the legal rationale is for searches on the Section 215 query results in the “corporate store”

I believe every single one of Rogers’ answers — save perhaps the question on traditional FISA — involves some level of obfuscation. (See this post for further background on what NSA’s Raj De and ODNI’s Robert Litt have admitted about back door searches.)

Consider his answer on searches of the “corporate store” as one example.

What is your understanding of the legal rationale for searching through the “Corporate Store” of metadata acquired under section 215 using U.S. Persons identifiers for foreign intelligence purposes?

The section 215 program is specifically authorized by orders issued by the Foreign Intelligence Surveillance Court pursuant to relevant statutory requirements. (Note: the legality of the program has been reviewed and approved by more than a dozen FISC judges on over 35 occasions since 2006.) As further required by statute, the program is also governed by minimization procedures adopted by the Attorney General an d approved by the FISC. Those orders, and the accompanying minimization procedures, require that searches of data under the program may only be performed when there is a Reasonable Articulable Suspicion that the identifier to be queried is associated with a terrorist organization specified in the Court’s order.

Remember, not only do declassified Primary Orders make it clear NSA doesn’t need Reasonable Articulable Suspicion to search the corporate store, but PCLOB has explained the possible breadth of “corporate store” searches plainly.

According to the FISA court’s orders, records that have been moved into the corporate store may be searched by authorized personnel “for valid foreign intelligence purposes, without the requirement that those searches use only RAS-approved selection terms.”71 Analysts therefore can query the records in the corporate store with terms that are not reasonably suspected of association with terrorism. They also are permitted to analyze records in the corporate store through means other than individual contact-chaining queries that begin with a single selection term: because the records in the corporate store all stem from RAS-approved queries, the agency is allowed to apply other analytic methods and techniques to the query results.72 For instance, such calling records may be integrated with data acquired under other authorities for further analysis. The FISA court’s orders expressly state that the NSA may apply “the full range” of signals intelligence analytic tradecraft to the calling records that are responsive to a query, which includes every record in the corporate store.73

There is no debate over whether NSA can conduct back door searches in the “corporate store” because both FISC and PCLOB say they can.

Which is probably why SASC did not ask whether this was possible — it is an unclassified fact that it is — but rather what the legal rationale for doing so is.

And Rogers chose to answer this way:

  1. By asserting that the phone dragnet must comply with statutory requirements
  2. By repeating tired boilerplate about how many judges have approved this program (ignoring that almost all of these approvals came before FISC wrote its first legal opinion on the program)
  3. By pointing to AG-approved minimization procedures (note–it’s not actually clear that NSA’s — as distinct from FBI’s — dragnet specific procedures are AG-approved, though the more general USSID 18 ones are)
  4. By claiming FISA orders and minimization procedures “require that searches of data under the program may only be performed when there is a Reasonable Articulable Suspicion that the identifier to be queried is associated with a terrorist organization”

The last part of this answer is either downright ignorant (though I find that unlikely given how closely nominee responses get vetted) or plainly non-responsive. The question was not about queries of the dragnet itself — the “collection store” of all the data. The question was about the “corporate store” — the database of query results based off those RAS approved identifiers. And, as I said, there is no dispute that searches of the corporate store do not require RAS approval. In fact, the FISC orders Rogers points to say as much explicitly.

And yet the man Obama has picked to replace Keith Alexander, who has so badly discredited the Agency with his parade of lies, refused to answer that question directly. Much less explain the legal rationale used to conduct RAS-free searches on phone query results showing 3rd degree connections to someone who might have ties to terrorist groups, which is what the question was.

Which, I suppose, tells us all we need to know about whether anyone plans to improve the credibility or transparency of the NSA.

The Filings DOJ Is Withholding In Jewel/Shubert

/1 Comment/in /by

I’m re-reading all the declarations released last December in the Jewel case (the EFF-tied lawsuit challenging the dragnet) … because I’m like that.

But I also want to call attention to details in this court filing challenging James Clapper’s most recent declaration about what has been declassified. In addition to pointing out that far more has been declassified on the upstream collection and the ineffectiveness of the phone dragnet, but contrary to court orders, the government is still withholding some declarations.

Those declarations are:

  • April 9, 2007 notices indicating FISC Judge rejected early bulk orders
  • October 25, 2007 government challenge to motion to protect evidence, with ex parte NSA official declaration (submitted in Shubert)
  • April 3, 2009 supplement motion to dismiss
  • October 30, 2009 supplemental memorandum on points of authority
  • November 2012

Given that we have a much better understanding of the relative happenings in the dragnets, I wanted to lay these dates out.

NSA May Not Voyeuristically Pore Through Email But GCHQ Voyeuristically Pores Through WebCam Pictures

/10 Comments/in /by

Back in James Clapper’s very first attempt to dismiss his lies to Ron Wyden, he said,

“What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. I stand by that,” Clapper told National Journal in a telephone interview.

Apparently, however, NSA’s partner goes one step beyond that, with NSA”s assistance: GCHQ pores through bulk collected webcam photos, including those of US persons, of Yahoo’s users.

Britain’s surveillance agency GCHQ, with aid from the National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.

This includes the 3 to 11% of images that show nudity.

Sexually explicit webcam material proved to be a particular problem for GCHQ, as one document delicately put it: “Unfortunately … it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography.”

The document estimates that between 3% and 11% of the Yahoo webcam imagery harvested by GCHQ contains “undesirable nudity”.

Given past discussions of circumcision in regards to terrorist suspects, it’s only a matter of time before GCHQ defends its nudity stash because such evidence can be proof of radicalization (heh). Plus, we already know that NSA and GCHQ like to use targets’ online porn habits to discredit them.

Coming soon to an “oversight” hearing near you: James Clapper refuses to talk about this invasion of an American company’s customers’ privacy because it occurs under EO 12333 and liaison partnerships, and therefore is not subject to Congressional oversight.

“It’s Tough on My Family:” A Tale of Two Teachers

/9 Comments/in /by

“It’s tough on my family,” James Clapper said in an interview with the Daily Beast of observations he’s a liar. Especially his son, who is a high school teacher (though Clapper didn’t explain why his profession led his son to internalize accusations made against him).

The charges against his integrity bother Clapper. “I would rather not hear that or see that,” he said. “It’s tough on my family, I will tell you that. My son is a high school teacher and he has a tendency, or he is getting over it, to internalize a lot of this.”

And yet this man who thinks it unfair to question a public servant’s integrity after he lies blatantly, who has no idea why Edward Snowden did what he did, why he leaked proof that the NSA was collecting the phone records of most Americans, why Snowden leaked evidence of bulk collection (that includes Americans) overseas, why he leaked details on the NSA’s corruption of encryption.

Which made me think of a different teacher, Zaimah Abdur-Rahim, one of the plaintiff’s in the suit Judge William Martini dismissed last week.

Abdur-Rahim taught at the girls school surveilled by the NYPD — the school, which was accredited by the state of NJ — was actually in her home — and now teaches at another of the schools scoped out by the cops.

Zaimah Abdur-Rahim resides at [address removed]. She is currently a math teacher at Al Hidaayah Academy (“AHA”), a position she has held since 2010. A record of the NYPD’s surveillance of AHA appears in the Newark report, which includes a photograph and de scription of the school . Abdur-Rahim was also the principal of Al Muslimaat Academy (“AMA”), a school for girls grades five through twelve, from 2002 through 2010. Like AHA, a record of the NYPD’s surveillance of AMA appears in the Newark report, including a photograph, the address, and notations stating, among other things, that the school was located in a private house and that the ethnic composition of the school was African American.

Abdur-Rahim has been unfairly targeted and stigmatized by the NYPD’s surveillance of AHA, where she is currently employed, and AMA, where she was last employed, as part of the Department’s program targeting Muslim organizations. She reasonably fears that her future employment prospects are diminished by working at two schools under surveillance by law enforcement. Moreover, the Newark report’s photograph of AMA is also Abdur-Rahim’s home, where she has lived since 1993 with her husband and, at various times, her children and grandchildren. The fact that a photograph of h er home appears on the internet in connection with the NYPD’s surveillance p rogram that the City of New York has since publicly exclaimed is necessary for public safety, has decreased the value of the home and diminished the prospects for sale of the home.

I’m betting that having her home and places of work surveilled by the cops is tough on Abdur-Rahim’s family, far tougher than it is for Clapper’s son to internalize complaints by the citizens he serves about the demonstrable obfuscation by his father.

There is no evidence that the NSA programs defended by Clapper ever specifically targeted Abdur-Rahim, though in this era of information sharing it is conceivable that NYPD identified potential targets (especially mosques) using data obtained indirectly from NSA.

But the entire system Clapper defends — in which communication ties between individuals serve, by themselves, as cause for further investigation — foments a logic that questions the integrity of great many members of the Muslim community. They get swept up in a dragnet (or exposed to infiltrators selected in part by using the dragnet) that targets them not because of what they said publicly in front of television cameras, which is why Clapper’s integrity is under question, but simply because they are 2 or 3 degrees away from someone subjected to a virtual stop-and-frisk.

Imagine how the sons and daughters of the real live teachers targeted by Clapper’s dragnet must internalize the presumption of a lack of integrity or even worse? Imagine how much worse it must be when the suspicion comes not from actual actions taken, lies told, but from ties to a community?

Clapper’s plea for his own reputation here is ill-placed. It actually convinces me we’re relying on the wrong evidence for questioning his integrity.

Because his actions, particularly over the past 4 years, involved questioning the integrity of many people based on far, far less evidence than is now being wielded against him. But when he and his employees at the National Counterterrorism Center question someone’s integrity, in secret, with little recourse for appeal, there may be consequences, like losing the ability to fly, or receiving extra scrutiny when they do try to fly.

And he still doesn’t get the problem with that. He still doesn’t understand why his “so-called” domestic surveillance –and the foreign surveillance that also sucks up Americans — is so much worse than being held to account for lies you tell Congress.

Would We Have Accepted the Dragnet if NSA Had to Admit It Could Have Prevented 9/11?

/8 Comments/in /by

Screen shot 2014-02-18 at 10.16.30 AMI’m going to return to Glenn Greenwald’s latest showing details of how the NSA treated WikiLeaks and, to a lesser degree, Anonymous (as well as Alexa O’Brien’s update on the investigation into WikiLeaks) later.

If GCHQ does this kind of tracking, how did Five Eyes miss the Tsarnaev brothers?

But for now I want to look at one slide covering GCHQ’s AntiCrisis monitoring approach (see slide 34), which in this case is focused on WikiLeaks. It shows how GCHQ has the ability — and had it in 2012 — to monitor particular websites. It shows GCHQ can monitor the visitors of a particular website, where they’re coming from, what kind of browsers they use. None of that is, in the least surprising. But given those capabilities, it would be shocking if GCHQ weren’t doing similar monitoring of AQAP’s online magazine Inspire, with the added benefit that certain text strings in each Inspire magazine would make it very easy to track copies of it as it was downloaded, even domestically via upstream collection. And for the UK, this isn’t even controversial; even possessing Inspire in the UK can get you imprisoned.

Given that that’s the case, why didn’t GCHQ and NSA find the Tsarnaev brothers who — the FBI has claimed but provided no proof — learned to make a bomb from the Inspire release that GCHQ or NSA hacked? Why isn’t NSA reviewing why it didn’t find the brothers based on cross-referencing likely NSA tracking of Inspire with its FBI reporting on Tamerlan Tsarnaev?

I used to not believe NSA should have found the Tsarneavs. But now that I’ve seen all the nifty tools we’ve learned NSA and, especially, GCHQ have, they really do owe us an explanation for why they didn’t find the Tsarnaev brothers, one of whom was already in an FBI database, and who was allegedly learning to make a pressure cooker bomb from a document that surely gets tracked by the NSA and its partners.

Speaking of NSA failures…

Which brings me back to James Clapper’s interview with Eli Lake.

Clapper said the problems facing the U.S. intelligence community over its collection of phone records could have been avoided. “I probably shouldn’t say this, but I will. Had we been transparent about this from the outset right after 9/11—which is the genesis of the 215 program—and said both to the American people and to their elected representatives, we need to cover this gap, we need to make sure this never happens to us again, so here is what we are going to set up, here is how it’s going to work, and why we have to do it, and here are the safeguards… We wouldn’t have had the problem we had,” Clapper said.

“What did us in here, what worked against us was this shocking revelation,” he said, referring to the first disclosures from Snowden. If the program had been publicly introduced in the wake of the 9/11 attacks, most Americans would probably have supported it. “I don’t think it would be of any greater concern to most Americans than fingerprints

Now, I’ll have to review the latest declarations in Jewel, but I think Clapper’s statement — that the genesis of today’s phone dragnet dates to 9/11 —  goes slightly beyond what has been admitted, because it ties today’s phone dragnet program back to the PSP phone dragnet program. Ron Wyden has tried to make the tie between the illegal program and the current one clear for months. Clapper has now inched closer to doing so.

But I also want to take issue with Clapper’s claim that if NSA had presented a “gap” to Members of Congress and the public after 9/11 we would have loved the dragnet.

Had we known of the errors and territorialism that permitted 9/11, would we have agreed to any of this?

I do so, in part, because the claim there was a “gap” is erroneous and has been proven to be erroneous over and over. Moreover, that myth dates not to the days after 9/11, but to misrepresentations about the content of the 9/11 Commission report 3 years later. Note, too, that (as has happened with Inspector Generals reviews of the Boston Marathon attack) the Commission got almost no visibility into what NSA had against al Qaeda.

More importantly, had NSA gone to the public with claims about gaps it did and didn’t have before 9/11, we would likely have talked not about providing NSA more authority to collect dragnets, but instead, about the responsibility of those who sat on intelligence that might have prevented 9/11.

As Thomas Drake and the other NSA whistleblowers have made clear, the NSA had not shared intelligence reports that might have helped prevent 9/11.

I found the pre- and post-9/11 intelligence from NSA monitoring of some of the hijackers as they planned the attacks of 9/11 had not been shared outside NSA. Read more

Obviously Bogus Clapper Exoneration Attempt 5.0 Doesn’t Exactly Line Up with OBCEA 4.0

/9 Comments/in , /by

Office of Director of National Intelligence General Counsel Robert Litt, 45 days ago:

Senator Ron Wyden asked about collection of information on Americans during a lengthy and wide-ranging hearing on an entirely different subject. While his staff provided the question the day before, Mr. Clapper had not seen it. As a result, as Mr. Clapper has explained, he was surprised by the question and focused his mind on the collection of the content of Americans’ communications. In that context, his answer was and is accurate.

When we pointed out Mr. Clapper’s mistake to him, he was surprised and distressed. I spoke with a staffer for Senator Wyden several days later and told him that although Mr. Clapper recognized that his testimony was inaccurate, it could not be corrected publicly because the program involved was classified.

This incident shows the difficulty of discussing classified information in an unclassified setting and the danger of inferring a person’s state of mind from extemporaneous answers given under pressure.

Director of National Intelligence James Clapper, today:

But Clapper told The Daily Beast that he simply misunderstood Wyden’s question. At the time of the hearing last March, Congress had just finished consideration of a bill to renew the Foreign Intelligence Surveillance Act (FISA). Section 702 of that legislation gives the National Security Agency the authority to collect the electronic communications of non-U.S. persons. In his question, Wyden asked initially if the United States had collected “dossiers” on American citizens and referred to an answer to this question by then NSA director, Keith Alexander.

“I was not even thinking of what he was asking about, which is of course we now all know as section 215 of the Patriot Act governing the acquisition and storage of telephony business records metadata,” Clapper said. “Wasn’t even thinking of that.” The director of national intelligence said he thought Wyden’s question was actually about section 702 of FISA.

“The allegation about my lying and committing perjury I think are disproven by my labored amplification when I said, ‘if there is, it’s inadvertent collection,’ meaning when we’re collecting overseas under section 702, and if we inadvertently collect which we may not know at the time, U.S. persons data, that’s what I meant by inadvertent. That comment would make absolutely no sense whatsoever in the context of section 215.”

At the time of the Mitchell interview, the U.S. government was still in the process of declassifying elements of the FISA 702 program. “There is only one person on the planet who actually knows what I was thinking,” Clapper said of his testimony from last March. “Not the media, and not certain members of Congress, only I know what I was thinking.”

If only one person knows what he was thinking, then how was Robert Litt in any position to tell us Clapper was “surprised”?

And has Clapper decided he wasn’t “surprised” (perhaps because he had been briefed, not to mention had received months and months of letters, about the question), but instead simply “misunderstood” the intent of a question he had received months of letters about?