James Clapper Archives - Page 12 of 27

Posts

Scorecard: Snowden-Related Publication of Verizon’s Name — 1. ODNI Publication of Verizon’s Name — 1.

January 21, 2014/6 Comments/in FISA, PATRIOT /by emptywheel

Would you lookee here?

Sometime between the time I published this post — showing ODNI did not redact anything in this passage of the January 20, 2011 phone dragnet primary order …

… And this afternoon, ODNI swapped out the document such that that passage now looks like this:

I guess maybe James Clapper’s office figured it would be hard to spew their defector propaganda if they themselves had published some of the same material.

We all know how Clapper strives to cover up his own crimes.

Except they did publish it.

Meaning ODNI has caused Verizon’s name to be published in conjunction with the phone dragnet as many times as Edward Snowden has. I wait with bated breath for the ill-considered “Traitor!!!” cries to be directed against Clapper.

Update: To be clear, as I noted on this post, I didn’t find this particular redaction error (I’ve got some more … interesting ones). Michael alerted me to it on Twitter. I just decided to point out that ODNI had tried to cover this up.

Obviously Bogus Clapper Exoneration Attempt 4.0

January 4, 2014/19 Comments/in FISA, PATRIOT /by emptywheel

[youtube]QwiUVUJmGjs[/youtube]

Wyden: Does the NSA collect any type of data, at all, on millions, or hundreds of millions of Americans?

Clapper: No sir.

Wyden: It does not?

Clapper: There are cases where they could inadvertently, perhaps, uh, collect, but not wittingly. [After 6:38]

Almost immediately after the first Edward Snowden leaks proved James Clapper lied when he told Ron Wyden the NSA doesn’t collect data of any kind on millions of Americans, Clapper explained that he meant the NSA didn’t vicariously pore through Americans’ emails.

“What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. I stand by that,” Clapper told National Journal in a telephone interview.

That is, his first response was about reading emails in a certain smarmy fashion; he did not apparently deny collecting them.

Then, with a bit more time to think up an excuse, he admitted to Andrea Mitchell that he had been “too cute by half” but didn’t really explain what semantic excuse he had invented for himself.

First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.

[snip]

And this has to do with of course somewhat of a semantic, perhaps some would say too– too cute by half. But it is– there are honest differences on the semantics of what– when someone says “collection” to me, that has a specific meaning, which may have a different meaning to him. [my emphasis]

Nevertheless, the implication, less than a week after Snowden’s first revelations, was that collecting Americans’ metadata doesn’t count until you access it, which seems to address the phone dragnet data (though would apply to incidentally collected US person data as well).

Perhaps because his Mitchell answer only increased the mockery, Clapper thought up a new answer, one he sent Senate Intelligence Committee Chair Dianne Feinstein 3 months after he lied to her committee.

I have thought long and hard to re-create what went through my mind at the time. Read more →

James Clapper Claims Publicly Acknowledged Details Are State Secrets While Boasting of Transparency

December 22, 2013/14 Comments/in FISA, PATRIOT, state secrets /by emptywheel

Between documents leaked by Edward Snowden, official court submissions, and official public statements, we know at least the following about the surveillance system set up after 9/11 and maintained virtually intact to this day:

Around of 8-14% of the content collected under Bush’s illegal program was domestic content (page 15 of the NSA IG Report says this constituted 8% of all the illegal wiretap targets but the percentage works out to be higher)
Some of the content collected via ongoing upstream collection currently includes intentionally-collected domestic content (NSA refuses to count this, even for the FISA Court)
Bush’s illegal wiretap program targeted Iraqi Intelligence Service targets, as well as targets affiliated with al Qaeda and its associates (see page 8)
NSA uses the phone metadata program with Iranian targets, as well as targets affiliated with al Qaeda and its associates
Both the illegal wiretap program and the Internet dragnet authorized under Pen Register/Trap and Trace in 2004 collected information that (because of the way TCP/IP works) would be legally content if treated as electronic surveillance
The NSA still conducts an Internet dragnet via collection overseas, which not only would permit the metadata-as-content collection, but would permit far more collection on US persons; that collection is seamlessly linked to the domestic dragnet collection
NSA uses the dragnets to decide which of content the telecoms have briefly indiscriminately collected to read

That is, the surveillance system is not so much discrete metadata programs and content programs directed overseas, directed exclusively against al Qaeda or even terrorists. Rather, it is a system in which network analysis plays a central role in selecting which collected content to read. That content includes entirely domestic communication. And targets of the system have not always been — and were not as recently as June — limited to terrorists.

These details of the surveillance system — along with the fact that AT&T and Verizon played the crucial role of collecting content and “metadata” off domestic switches — are among the details James “Least Untruthful” Clapper, with backup from acting Deputy Director of NSA Frances Fleisch, declared to still be state secrets on Friday, in spite of their public (and in many cases, official) acknowledgement.

In doing so, they are attempting to end the last remaining lawsuits for illegal wiretapping dating to 2006 by prohibiting discussion of the central issue at hand: the government has repeatedly and fairly consistently collected the content of US persons from within the US, at times without even the justification of terrorism. (For more background on Jewel v. AT&T, see here.)

Here’s how Clapper, with a nod to Fleisch, lays out the rebuttal of the Jewel plaintiffs.

the NSA’s collection of the content of communications under the TSP was directed at international communications in which a participant was reasonably believed to be associated with al-Qa’ida or an affiliated organization. Thus, as the U.S. Government has previously stated, plaintiff’s allegation that the NSA has indiscriminately collected the content of millions of communications sent or received by people inside the United States after September 11, 2001, under the TSP is false.

There are several weasel parts of this claim.

The “Terrorist Surveillance Program” and the “Other Target Surveillance Program”

First, to make this claim, Clapper (and Fleisch) revert to use of “Terrorist Surveillance Program,” a term invented to segment off the part of the larger illegal wiretap program that George Bush was willing to confess to in December 2005, that involving international communications with a suspected al Qaeda figure. But as Fleisch admits — but doesn’t explain — at ¶20, the TSP is just a subset of the larger Presidential Surveillance Program. Read more →

Conning the Record, Conning the Courts, Defrauding the People

December 21, 2013/26 Comments/in Bush Administration, Cybersecurity, Department of Justice, FISA, Intelligence, Law, Obama Administration, PATRIOT, state secrets, Terrorism, Unitary Executive /by bmaz

In the parlance of the once and forever MTV set, civil libertarians just had one of the “Best Weeks Ever”. Here is the ACLU’s Catherine Crump weighing in on the surprising results of President Obama’s Review Board:

Friday, the president’s expressed willingness to consider ending the NSA’s collection of phone records, saying, “The question we’re going to have to ask is, can we accomplish the same goals that this program is intended to accomplish in ways that give the public more confidence that in fact the NSA is doing what it’s supposed to be doing?”

With this comment and the panel’s report coming on the heels of Monday’s remarkable federal court ruling that the bulk collection of telephone records is likely unconstitutional, this has been the best week in a long time for Americans’ privacy rights.

That “federal court ruling” is, of course, that of Judge Richard Leon handed down a mere five days ago on Monday. Catherine is right, it has been a hell of a good week.

But lest we grow too enamored of our still vaporous success, keep in mind Judge Leon’s decision, as right on the merits as it may be, and is, is still a rather adventurous and activist decision for a District level judge, and will almost certainly be pared back to some extent on appeal, even if some substantive parts of it are upheld. We shall see.

But the other cold water thrown came from Obama himself when he gave a slippery and disingenuous press conference Friday. Here is the New York Times this morning capturing spot on the worthless lip service Barack Obama gave surveillance reform yesterday:

By the time President Obama gave his news conference on Friday, there was really only one course to take on surveillance policy from an ethical, moral, constitutional and even political point of view. And that was to embrace the recommendations of his handpicked panel on government spying — and bills pending in Congress — to end the obvious excesses. He could have started by suspending the constitutionally questionable (and evidently pointless) collection of data on every phone call and email that Americans make.

He did not do any of that.
….
He kept returning to the idea that he might be willing to do more, but only to reassure the public “in light of the disclosures that have taken place.”

In other words, he never intended to make the changes that his panel, many lawmakers and others, including this page, have advocated to correct the flaws in the government’s surveillance policy had they not been revealed by Edward Snowden’s leaks.

And that is why any actions that Mr. Obama may announce next month would certainly not be adequate. Congress has to rewrite the relevant passage in the Patriot Act that George W. Bush and then Mr. Obama claimed — in secret — as the justification for the data vacuuming.

Precisely. The NYT comes out and calls the dog a dog. If you read between the lines of this Ken Dilanian report at the LA Times, you get the same preview of the nothingburger President Obama is cooking up over the holidays. As Ken more directly said in his tweet, “Obama poised to reject panel proposals on 702 and national security letters.” Yes, indeed, count on it.

Which brings us to that which begets the title of this post: I Con The Record has made a Saturday before Christmas news dump. And a rather significant one to boot. Apparently because they were too cowardly to even do it in a Friday news dump. Which is par for the course of the Obama Administration, James Clapper and the American Intel Shop. Their raison de’etre appears to be keep America uninformed, terrorized and supplicant to their power grabs. Only a big time operator like Big Bad Terror Voodoo Daddy Clapper can keep us chilluns safe!

So, the dump today is HERE in all its glory. From the PR portion of the “I Con” Tumblr post, they start off with Bush/Cheney Administration starting the “bulk” dragnet on October 4, 2001. Bet that is when it first was formalized, but the actual genesis was oh, maybe, September 12 or so. Remember, there were security daddies agitating for this long before September 11th.

Then the handcrafted Intel spin goes on to say this:

Over time, the presidentially-authorized activities transitioned to the authority of the Foreign Intelligence Surveillance Act (“FISA”). The collection of communications content pursuant to presidential authorization ended in January 2007 when the U.S. Government transitioned the TSP to the authority of the FISA and under the orders of the Foreign Intelligence Surveillance Court (“FISC”). In August 2007, Congress enacted the Protect America Act (“PAA”) as a temporary measure. The PAA, which expired in February 2008, was replaced by the FISA Amendments Act of 2008, which was enacted in July 2008 and remains in effect. Today, content collection is conducted pursuant to section 702 of FISA. The metadata activities also were transitioned to orders of the FISC. The bulk collection of telephony metadata transitioned to the authority of the FISA in May 2006 and is collected pursuant to section 501 of FISA. The bulk collection of Internet metadata was transitioned to the authority of the FISA in July 2004 and was collected pursuant to section 402 of FISA. In December 2011, the U.S. Government decided to not seek reauthorization of the bulk collection of Internet metadata.

After President Bush acknowledged the TSP in December 2005, two still-pending suits were filed in the Northern District of California against the United States and U.S. Government officials challenging alleged NSA activities authorized by President Bush after 9/11. In response the U.S. Government, through classified and unclassified declarations by the DNI and NSA, asserted the state secrets privilege and the DNI’s authority under the National Security Act to protect intelligence sources and methods. Following the unauthorized and unlawful release of classified information about the Section 215 and Section 702 programs in June 2013, the Court directed the U.S. Government to explain the impact of declassification decisions since June 2013 on the national security issues in the case, as reflected in the U.S. Government’s state secrets privilege assertion. The Court also ordered the U.S. Government to review for declassification all prior classified state secrets privilege and sources and methods declarations in the litigation, and to file redacted, unclassified versions of those documents with the Court.

This is merely an antiseptic version of the timeline of lies that has been relentlessly exposed by Marcy Wheeler right here on this blog, among other places. What is not included in the antiseptic, sandpapered spin is that the program was untethered from law completely and then “transitioned” to FISC after being exposed as such.

Oh, and lest anybody think this sudden disclosure today is out of the goodness of Clapper and Obama’s hearts, it is not. As Trevor Timm of EFF notes, most all of the “I Con” releases have been made only after being forced to by relevant FOIA and other court victories and that this one in particular is mostly germinated by EFF’s court order (and Vaughn index) obtained.

So, with that, behold the “I Con” release of ten different declarations previously filed and extant under seal in the Jewel and Shubert cases. Much of the language in all is similar template affidavit language, which you expect from such filings if you have ever dealt with them. As for individual dissection, I will leave that for later and for discussion by all in comments.

The one common theme that I can discern from a scan of a couple of note is that there is no reason in the world minimally redacted versions such as these could not have been made public from the outset. No reason save for the conclusion that to do so would have been embarrassing to the Article II Executive Branch and would have lent credence to American citizens properly trying to exercise and protect their rights in the face of a lawless and constitutionally infirm assault by their own government. The declarations by Mike McConnell, James Clapper, Keith Alexander, Dennis Blair, Frances Fleisch and Deborah Bonanni display a level of too cute by a half duplicity that ought be grounds for sanctions.

The record has been conned. Our federal courts have been conned. All as the Snowden disclosures have proven. And the American people have been defrauded by pompous terror mongers who value their own and institutional power over truth and honesty to those they serve. Clapper, Alexander and Obama have the temerity to call Ed Snowden a traitor? Please, look in the mirror boys.

Lastly, and again as Trevor Timm pointed out above, these are just the declarations for cases the EFF and others are still pursuing. What of the false secret declarations made in al-Haramain v. Obama, which the government long ago admitted were bogus? Why won’t the cons behind “I Con” release those declarations? What about the frauds perpetrated in Mohamed v. Jeppesen that have fraudulently ingrained states secrets cons into the government arsenal?

If the government wants to come clean, here is the opportunity. Frauds have been perpetrated on our courts, in our name. We should hear about that. Unless, of course, Obama and the “I Cons” are really nothing more than simple good old fashioned cons.

[By the way, Christmas is a giving season. If you have extra cheer to spread, our friends like Cindy Cohn, Trevor Timm, Hanni Fakhoury and Kurt Opsahl et al at EFF, and Ben Wizner, Alex Abdo, Catherine Crump et al at the ACLU all do remarkable work. Share your tax deductible love with them this season if you can. They make us all better off.]

Will DOJ’s 1,265-Day Old Section 215 Review Be Squelched By Past Classifications?

December 13, 2013/8 Comments/in FISA, PATRIOT /by emptywheel

DOJ’s Inspector General Michael Horowitz released his annual list of challenges today (which includes a focus on prison problems). In his section on national security and civil liberties he spends 4 paragraphs calling for more information sharing before he turns to civil liberties. In that section, he once again promises the report on the use of Section 215 his office has been working on for 1,265 days.

But he adds something new. He suggests this report may be limited by whether or not DOJ and ODNI declassify sections of the past reports.

The OIG’s ongoing reviews also include our third review of the Department’s requests for business records under Section 215 of the Foreign Intelligence Surveillance Act (FISA), as well as our first review of the Department’s use of pen register and trap-and-trace devices under FISA. Although the full versions of our prior reports on NSLs and Section 215 all remain classified, we have released unclassified versions of these reports, and we have requested that the Department and the Office of the Director of National Intelligence (ODNI) conduct declassification reviews of the full classified versions. The results of any declassification review may also affect how much information we will be able to publish regarding our pending reviews when they are complete.

As I have noted in the past, the 2008 report includes two appendices on then-secret uses of Section 215, one of which almost certainly pertains to the phone dragnet. In addition, it includes a sharply critical section on DOJ’s failure to institute new minimization procedures specific to Section 215 (which would dramatically affect its use for the phone dragnet).

Now Horowitz is saying that, unless DOJ and ODNI declassify these past reports, he won’t be able to present in unclassified form all the findings in his current report (which covers the period through 2009, and therefore the violations discovered in that year).

Horowitz suggests something similar is going on with DOJ IG’s work on content collection as well. Both a report he did last year on the FISA Amendments Act (which may suggest the FBI has not always abided by its targeting and minimization procedures) and Glenn Fine’s DOJ-specific review on the illegal wiretap program remain classified.

The OIG has also conducted oversight of other programs designed to acquire national security and foreign intelligence information, including the FBI’s use of Section 702 of the FISA Amendments Act (FAA), which authorizes the targeting of non-U.S. persons reasonably believed to be located outside the United States to acquire foreign intelligence information. The OIG’s 2012 review culminated in a classified report released to the Department and to Congress that assessed, among other things, the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity and the FBI’s compliance with the targeting and minimization procedures required under the FAA. Especially in light of the fact that Congress reauthorized the FAA for another 5 years last session, we believe the findings and recommendations in our report will be of continuing benefit to the Department as it seeks to ensure the responsible use of this foreign intelligence tool. This report also was included in our request to the Department and ODNI for a declassification review, as was the full, classified version of our 2009 report on the President’s Surveillance Program, which described certain intelligence-gathering activities that took place prior to the enactment of the FAA. [my emphasis]

Elsewhere, Horowitz alludes to the Snowden leaks. Clearly, much of what appears in the 2009 and 2012 reports has been covered in leaks and releases to Congress. And yet, it seems, someone is stalling the declassification of DOJ IG’s work.

What has DOJ’s IG found that Eric Holder and James Clapper are trying to hide?

“We’re Not Going to Leave It To the Guy Who Lies to Congress with Impunity Anymore”

December 13, 2013/25 Comments/in Cybersecurity, FISA /by emptywheel

The regular outlets for NSA leakers are presenting details of the recommendations the NSA Review Committee has given to President Obama (Gorman, Sanger). Curiously, Siobhan Gorman suggests that because the recommendations closely following the Leahy-Sensenbrenner bill, it bodes well for passage of that bill.

The panel’s idea “aligns very closely” with a bill offered by House Judiciary Committee Chairman James Sensenbrenner (R., Wis.) and Senate Judiciary Chairman Patrick Leahy (D., Vt.), said one person familiar with the report, suggesting it could give ammunition to congressional efforts.

From what I’ve seen so far, I’m not sure that’s actually true. Moreover, that’s not how intelligence reform generally works. Rather, usually the executive adopts changes asked by Congress, thereby dissuading Congress from actually passing those changes into enforceable law. With Jim Sensenbrenner correctly calling Dianne Feinstein’s Fake FISA Fix “a joke” and growing number of co-sponsors for Sensenbrenner’s bill, I can imagine why the Executive would want to pre-empt actual law.

Significantly, the proposed recommendations don’t end the concept of a phone dragnet; they just move administration of it elsewhere — either a third party or the telecoms — equally prone for abuse. The Review Committee apparently didn’t review efficacy of these programs.

Besides, according to David Sanger, the proposals predictably focus more on Angela Merkel’s privacy than the hundreds of millions of others whose privacy the NSA compromises.

The advisory group is also expected to recommend that senior White House officials, including the president, directly review the list of foreign leaders whose communications are routinely monitored by the N.S.A. President Obama recently apologized to Chancellor Angela Merkel of Germany for the N.S.A.’s monitoring of her calls over the past decade, promising that the actions had been halted and would not resume. But he refused to make the same promise to the leaders of Mexico and Brazil.

Administration officials say the White House has already taken over supervision of that program. “We’re not leaving it to Jim Clapper anymore,” said one official, referring to the director of national intelligence, who appears to have been the highest official to review the programs regularly.

[snip]

[National Security Council spokesperson Caitlin Hayden] added that the review was especially focused on “examining whether we have the appropriate posture when it comes to heads of state; how we coordinate with our closest allies and partners; and what further guiding principles or constraints might be appropriate for our efforts.”

It’s that James Clapper line that ought to be the tell, however: that folks within the Administration are boldly stating that James Clapper won’t be able to run amok anymore.

The same James Clapper, of course, on whom the White House imposed no consequences for lying to Congressional overseers.

Which brings me to my favorite detail, from the NYT:

One of the expected recommendations is that the White House conduct a regular review of those collection activities, the way covert action by the C.I.A. is reviewed annually.

Obama suggested last week he serves in no more than an advisory role for the Deep State, someone who can propose changes, but not someone who can order them. That an advisory committee has to tell the President that the NSA operates with less oversight than the CIA whose covert operations have systematically exceeded the claimed authority granted by the President says something.

I do fear this Review will pre-empt some of the most important legislative fixes.

But I also hope we’ll finally see heightened distance between the Deep State and the Executive that is overdue for reining it in.

In Naming Its Man of the Year, Time Proves It Doesn’t Even READ the News

December 11, 2013/15 Comments/in FISA, PATRIOT /by emptywheel

I’m probably fairly lonely among my crowd to be satisfied that Time picked Pope Francis over Edward Snowden to be Person of the Year. Not only do I prefer that the focus remain on the reporting on NSA than revert back to caricatures like Time creates of Snowden as a “Dark Prophet” reading Dostoevsky. The Pope’s criticism of — above all — inequality may have as much or more impact on people around the globe as Snowden’s criticism of the surveillance state.

Would that both the Catholic Church and the United States live up to the idealist claims they purport to espouse.

But reading the profile Time did of Snowden, I can’t help but suspect they picked the Pope out of either fear or ignorance about what Snowden actually revealed. Consider this paragraph, which introduces a section on the lies NSA has told.

The NSA, for its part, has always prided itself on being different from the intelligence services of authoritarian regimes, and it has long collected far less information on Americans than it could. The programs Snowden revealed in U.S. surveillance agencies, at least since the 1970s, are subject to a strict, regularly audited system of checks and balances and a complex set of rules that restrict the circumstances under which the data gathered on Americans can be reviewed. As a general rule, a court order is still expected to review the content of American phone calls and e-mail messages. Unclassified talking points sent home with NSA employees for Thanksgiving put it this way: “The NSA performs its mission the right way—lawful, compliant and in a way that protects civil liberties and privacy.” Indeed, none of the Snowden disclosures published to date have revealed any ongoing programs that clearly violate current law, at least in a way that any court has so far identified. Parts of all three branches of government had been briefed and had given their approval.

It’s full of bullshit. There’s the claim that NSA collects far less on Americans than it could. Does that account for the fact that, in the Internet dragnet and upstream collection programs, it collected far more than it was authorized to? Those same programs prove that surveillance can go on for (in the case of the Internet dragnet) 5 years before anyone realizes it has been violating the law — not exactly the definition of a regularly audited system. And, with its claim that “all three branches of government have been briefed,” Time must have missed Dianne Feinstein’s admission that the stunning sweep of the programs conducted under EO 12333 (which also collect US person data) don’t get close scrutiny from her committee (and none from the FISA Court).

But this claim most pisses me off:

As a general rule, a court order is still expected to review the content of American phone calls and e-mail messages.

Journalistic outlet Time must have missed where NSA’s General Counsel Raj De, in a public hearing, testified that NSA doesn’t even need Reasonable Articulable Suspicion — much less a court order — to read the content of Americans’ data collected incidentally under the FISA Amendment Act’s broad sweep, to say nothing of the even greater collection of data swept up under 12333. To support this demonstrably false claim, Time then points to the similarly false talking points the NSA sent home at Thanksgiving. It points to the NSA’s talking points just two paragraphs before Time lays out how often NSA has lied, both describing the government as actively misleading…

At the time Snowden went public, the American people had not just been kept in the dark; they had actively been misled about the actions of their government.

And then describing the specific lies of Keith Alexander and James Clapper.

The NSA lies, and lies often. But Time points to the NSA’s own lies to support its bad reporting.

At the same time, Time dances around the many things the US does that make us less secure. For example, it gives credence to the nonsense claim that Snowden singlehandedly prevented us from pressuring China into stopping hacking of us.

While in Hong Kong, Snowden gave an interview and documents to the South China Morning Post describing NSA spying on Chinese universities, a disclosure that frustrated American attempts to embarrass China into reducing its industrial-espionage efforts against U.S. firms.

This repeats the anachronistic claims and silence about US cyberwar that Kurt Eichenwald made in Newsweek.

And Time says Bullrun — a program that involves inserting vulnerabilities into code — “decodes encrypted messages to defeat network security,” which also minimizes the dangerous implications of NSA’s hacking.

If Time had actually read the news, rather than wax romantic about Russian literature, it might report that NSA in fact does collect vast amounts of and can the read incidentally collected content of most Americans. It might describe the several times NSA has been found to be violating the law, for years at a time. It might explain that many of these programs, because they operate solely under the President’s authority, might never get court review without Snowden’s leaks. And Time might bother to tell readers that, in some ways at least, the NSA makes us less safe because it prioritizes offensive cyberattacks (and not just on China) over keeping American networks safe.

As I said, I could have been happy about either a Pope Francis or an Edward Snowden selection. But as it is, Time might better call their scheme “Caricature of the Year,” because at least in their Snowden profile, they’re not actually presenting the news.

The James Clapper Plan to “Change” NSA by Keeping John Inglis in Charge

November 30, 2013/5 Comments/in FISA /by emptywheel

Yesterday, Ellen Nakashima reported that James Clapper supports splitting CyberCommand off of NSA. To understand whether this would represent real change or not, consider that they’re considering John Inglis — currently Keith Alexander’s Deputy — to lead NSA.

At a White House meeting of senior national security officials last week, Director of National Intelligence James R. Clapper Jr. said he was in favor of ending the current policy of having one official in charge of both the National Security Agency and U.S. Cyber Command, said the individuals, who spoke on the condition of anonymity.

Also, officials appear inclined to install a civilian as director of the NSA for the first time in the agency’s 61-year history. Among those said to be potential successors to the current director, Gen. Keith B. Alexander, is his deputy, John C. “Chris” Inglis.

Frankly, I think splitting off Cyber is the wrong solution in any case. The problem, as I see it, is that both the cyberoffensive and the information collecting missions favor a policy of creating vulnerabilities that both US hackers and collectors can exploit in the future. That leaves the third NSA mission — protecting US networks — stuck with an approach of finding those entities that are exploiting vulnerabilities, rather than working on a resilience strategy that not only might work better, but also would provide Americans greater privacy. I think splitting off the defensive side, potentially creating a champion for real security, would do more than splitting off Cyber, which probably only leaves two competing champions for creating and exploiting vulnerabilities.

In any case, though, if John Inglis is in charge of one of those champions of creating vulnerabilities, chances are negligible the NSA will change its approach.

NSA Denies Their Existing Domestic Cyberdefensive Efforts, Again

November 23, 2013/9 Comments/in Cybersecurity, FISA /by emptywheel

James Risen and Laura Poitras have teamed up to analyze a 4-year plan the NSA wrote in 2012, in the wake of being told its collection of some US person content in the US was illegal. I’ll discuss the document itself in more depth later. But for the moment I want to look at the denials anonymous senior intelligence officials (SIOs) gave Risen and Poitras about their domestic cyberdefensive efforts.

As a reminder, since before 2008, the government has been collecting bulk Internet data from switches located in the US by searching on selectors in the content. Some of that collection searches on identifiers of people (for example, searching for people sharing Anwar al-Awlaki’s email in the body of a message). But the collection also searches on other identifiers not tied to people. This collection almost certainly includes code, in an effort to find malware and other signs of cyberattacks.

We know that’s true, in part, because the Leahy-Sensenbrenner bill not only restricts that bulk domestic collection to actually targeted people, but also because it limits such collection only to terrorism and counterproliferation, thereby silently prohibiting its use for cybersecurity. The bill gives NSA 6 months to stop doing these two things — collecting non-person selectors and doing so for cybersecurity — so it’s clear such collection is currently going on.

So in 2012, just months after John Bates told NSA that when it collected domestic communications using such searches, it was violating the Constitution (the NSA contemplated appealing that decision), the NSA said (among other things),

The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on NSA’s mission.

The document then laid out a plan to expand its involvement in cybersecurity, citing such goals as,

Integrate the SIGINT system into a national network of sensors which interactively sense, respond, and alert one another at machine speed

Cyberdefense and offense are not the only goals mapped out in this document. Much of it is geared towards cryptanalysis, which is crucial for many targets. But it only mentions “non-state actors” once (and does not mention terrorists specifically at all) amid a much heavier focus on cyberattacks and after a description of power moving from West to East (that is, to China).

Which is why the SIO denials to Risen and Poitras ring so hollow.

Was DOJ Hiding a Section 215 Gun Registry from Congress?

November 22, 2013/14 Comments/in FISA, PATRIOT /by emptywheel

Among other documents, ODNI released on Monday all the Attorney General Reports on Section 215 use from 2005 to 2011 (2006, 2007, 2008, 2009, 2010, 2011, 2012).

This is the classified version of a report that also gets released in unclassified form as part of a larger report to Congress on FISA numbers (2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012; ODNI did not release the report covering 2012 because it lay outside the scope of ACLU’s FOIA). And the paragraph of each of these reports that lays out the following information remains redacted in all of them.

(3) the number of such orders either granted, modified, or denied for the production of each of the following:

(A) Library circulation records, library patron lists, book sales records, or book customer lists.

(B) Firearms sales records.

(C) Tax return records.

(D) Educational records.

(E) Medical records containing information that would identify a person.

Nevertheless, the reports show us two new things.

First, while we knew the number of modifications has gone up significantly in the last three years (we now know that many of the modifications in 2009 had to do with phone dragnet violations), the latest reports ODNI released say this:

The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).

The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).

Julian Sanchez had speculated that’s what was going on in a post (I can’t find the link right now) noting that NSL use had halved while Section 215 use had gone up. Remember, too, the government has not released a 2010 opinion on Section 215 that may explain why the FISC got much more involved in policing the government’s minimization.

Still, it is almost certain that the need to double check government minimization stems from bulk collections. If those bulk collections were also on a 90-day renewal cycle, then we might be looking at 44 bulk collection programs in 2011.

One more thing. As was reflected in the ACLU Vaughn Index, it appears DOJ never provided these reports to Congress starting with the report covering 2008. It did do so for the report covering 2011, but the report isn’t dated, so it’s not clear it was done in April 2012, when it should have been provided to Congress. Furthermore, that production was cc’ed to John Bates, which the tardy August 16, 2010 production of FISC opinions also was, which makes me wonder whether Bates had to force the Executive to fulfill the requirements in the PATRIOT Reauthorization (~~both~~ these reports ~~and the pre-2008 “significant constructions of law” requirement~~ stems from the 2006 reauthorization). [4/19/14 correction: The “significant constructions of law” stems from the FISA Amendments Act]

Now, maybe DOJ was just being lazy in not fulfilling the clear legal requirement. But given that it seems to have had no problem fulfilling the requirement for unclassified numbers during the same period, I wonder whether DOJ just didn’t want to reveal that it was collecting on one or more of the specified categories, such as firearms sales records (though I’ve long wondered whether DOJ was also collecting DNA records).