Posts

The New I Con: “Total Number of Orders and Targets”

/1 Comment/in , /by

The I Con people, in another attempt to feign transparency, have announced they will release “new” numbers.

Consistent with this directive and in the interest of increased transparency, the DNI has determined, with the concurrence of the IC, that going forward the IC will publicly release, on an annual basis, aggregate information concerning compulsory legal process under certain national security authorities.

Specifically, for each of the following categories of national security authorities, the IC will release the total number of orders issued during the prior twelve-month period, and the number of targets affected by these orders:

  • FISA orders based on probable cause ( Titles I and III of FISA, and sections 703 and 704).
  • Section 702 of FISA
  • FISA Business Records (Title V of FISA).
  • FISA Pen Register/Trap and Trace ( Title IV of FISA)
  • National Security Letters issued pursuant to 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709.

Only, this is, as I Con transparency always is, less than meets the eye.

To start with, the I Cons already release much of this due to statutory requirements. It releases the number of FISA orders on probable cause (and the number rejected), the number of business records, and the National Security letters, as well as the number of US persons included in those NSLs.

If I understand this correctly, the only thing new they’ll add to this information is the number of people “targeted” under the Section 215. In other words, they’ll tell us they’ve used fewer than 300 selectors in the previous year to conduct up-to three hop link analysis which in reality mean thousands or even millions might be affected (to say nothing of the hundreds of millions whose communications might be affected by virtue of being collected). But they won’t tell us how many people got included in those two or three hops.

Furthermore, in the absence of knowing what else they’re using Section 215 for, the meaning of these numbers will be hidden — as it already was when the government told us (last year) it had submitted 212 Section 215 applications, without telling us several of those applications collected every American’s phone records.

The same is true of the Pen Register/Trap and Trace provision. The government has told us they’re no longer using it to collect the Internet metadata of all Americans. But what are they using it to do? Are they (in one theory posited since the Snowden leaks started) using it to collect key information from Internet providers? Given the precedents hidden at the FISA Court, we’re best served to assume there is some exotic use like this, meaning any number they show us could represent a privacy threat far bigger than the number might indicate.

Then, finally, there’s Section 702, which will be new information. The October 3, 2011 John Bates opinion tells the NSA collects 250 million communications a year under Section 702; the August 2013 Compliance Assessment seems to support (though it redacts the numbers) the NSA targeting 63,000 to 73,000 selectors on any given day. In other words, those numbers are big. But that doesn’t tell us, at all, how many US persons get sucked up along with the targeted selectors. That number is one the NSA refuses to even collect, though Ron Wyden has asked them for it. Usually, when the NSA refuses to count something, it is because doing so would demonstrate how politically (and potentially, Constitutionally) untenable it is.

Moreover, the government doesn’t, apparently plan to release the number Google and Yahoo would like it to release, numbers which likely show how much more enthusiastic the well-lubricated telecoms are about providing this material than the less-well lubricated Internet providers. That is, the government isn’t going to (or hasn’t yet agreed to) provide numbers that show corporations have some leeway on how much of our data they turn over to the government.

So, ultimately, this seems to be about providing two or three new numbers, in addition to what the government is legally obliged to provide, yet without providing any numbers on how many Americans get sucked into this dragnet.

They will provide the “total number of orders and targets.” But they’re not going to provide the information we actually want to know.

3 Tech Issues the Non-Technologist NSA Technical Committee Needs to Address

/32 Comments/in , /by

A number of people are asking why I’m so shocked that President Obama appointed no technologists for his NSA Review Committee.

Here are three issues that should be central to the Committee’s discussions that are, in significant part, technology questions. There are more. But for each of these questions, the discussion should not be whether the Intelligence Community thinks the current solution is the best or only one, but whether it is an appropriate choice given privacy implications and other concerns.

  • Whether the Intelligence Community can accomplish the goals of the Section 215 dragnet without collecting all US person metadata
  • Whether the NSA can avoid collecting Multiple Communication Transactions as part of upstream collection
  • How to oversee unaudited actions of technical personnel

There are just three really obvious issues that should be reviewed by the committee. And for all of them, it would be really useful for someone with the technical background to challenge NSA’s claims to be on the committee.

Whether the Intelligence Community can accomplish the goals of the Section 215 dragnet without collecting all US person metadata

One of the most contentious NSA practices — at least as far as most Americans go — is the collection of all US person phone metadata for the Section 215 dragnet. Yet even Keith Alexander has admitted — here in an exchange with Adam Schiff in a House Intelligence Committee hearing on June 18 — that it would be feasible to do it via other means, though perhaps not as easy.

REP. SCHIFF: General Alexander, I want to ask you — I raised this in closed session, but I’d like to raise it publicly as well — what are the prospects for changing the program such that, rather than the government acquiring the vast amounts of metadata, the telecommunications companies retain the metadata, and then only on those 300 or so occasions where it needs to be queried, you’re querying the telecommunications providers for whether they have those business records related to a reasonable, articulable suspicion of a foreign terrorist connection?

Read more

What to Expect When You’re Expecting a Report From James “Least Untruthful” Clapper

/10 Comments/in , /by

It is a time pregnant with possibilities as the world awaits release of the US report on chemical weapon use in Syria. Today’s Washington Post informs us that we may see the report as soon as tomorrow:

The Obama administration believes that U.S. intelligence has established how Syrian government forces stored, assembled and launched the chemical weapons allegedly used in last week’s attack outside Damascus, according to U.S. officials.

The administration is planning to release evidence, possibly as soon as Thursday, that it will say proves that Syrian President Bashar al-Assad bears responsibility for what U.S. officials have called an “undeniable” chemical attack that killed hundreds on the outskirts of the Syrian capital.

The report, being compiled by the Office of the Director of National Intelligence, is one of the final steps that the administration is taking before President Obama makes a decision on a U.S. military strike against Syria, which now appears all but inevitable.

Wait. What?

Marcy already mused on all the talking heads focusing on how a US response to Assad using chemical weapons on Syrian citizens is all about our “credibility“. If the US response is so tied up with credibility, how on earth can it be that the person charged with compiling the report on which we will base military action is the man whose obituary will be obliged to mention his admission that he lied to Congress, but that we should excuse the lies because he gave the “least untruthful” version possible? That is how the US will convince the world that, unlike when we lied about Iraq having WMD’s before we invaded, this time we aren’t lying about Assad?

Note also that Marcy mentioned yesterday that the US, through John Kerry, tried to prevent the UN carrying out its own investigation into the chemical weapon evidence. That move undercuts US efforts at credibility since outside, independent confirmation of findings would be a huge step in providing assurance that the US is being truthful.

The UN effort continues today, with the delegation of inspectors visiting a different Damascus suburb than the one they visited on Monday. (See the map in this BBC article for the sites at which chemical weapons were accused of being used in the attack.)

We get a bit of information from AP on how the UN team is operating:

The U.N. chemical weapons experts conducted their first field testing in the western Damascus suburb of Moadamiyeh on Monday. They collected samples and testimony after a treacherous journey through government and rebel-held territory. Their convoy was hit by snipers but members of the team were unharmed.

The ability of the UN team to interview victims (which is presumably how they got “testimony”) and then to take their own samples is a key part of making their work believable. Both environmental samples at the sites of attack and biological samples from the victims play a role in identifying whether and what chemical agents were used. See this informative piece from FAS on descriptions of symptoms that the investigators would be looking for when interviewing victims.

When Clapper finally releases the US report, one of the most important aspects in that report will be the provenance of any samples the US subjected to chemical analysis. We don’t have acknowledged “boots on the ground” in Syria, so how did the US get samples? What certifications, if any, are there on chain of custody documentation on those samples? As with most other accounts of the chemical attack, the AP article linked above mentions that Doctors Without Borders has documented the number of dead and injured from the attack. Samples and documentation coming from them would be seen as having a much greater level of independence than samples provided by the rebel groups that control the territory where the attacks are said to have taken place.

Even though their main website has been taken down, reportedly by the Syrian Electronic Army, the New York Times is continuing its reporting on the situation in Syria. An article published yesterday afternoon provides some useful background information on the ability of modern forensic methods to detect chemical agent use long after the fact: Read more

The No-Technologist Technology Review Panel

/15 Comments/in , /by

In addition to the four people ABC earlier reported would be part of Obama’s Committee to Learn to Trust the Dragnet, Obama added … another law professor, Geoffrey Stone. (Stone is [see update], along with Swire, a worthwhile member. But not a technologist.)

What’s fucking crazy about the committee is it has zero technologists to review a topic that is highly technical. Obama implicitly admits as much! He sells this committee for their “immense experience in national security, intelligence, oversight, privacy and civil liberties.” National security, intelligence, oversight, privacy, civil liberties. No technology.

On August 9, President Obama called for a high-level group of experts to review our intelligence and communications technologies. Today the President met with the members of this group: Richard Clarke, Michael Morell, Geoffrey Stone, Cass Sunstein and Peter Swire.

These individuals bring to the task immense experience in national security, intelligence, oversight, privacy and civil liberties. The Review Group will bring a range of experience and perspectives to bear to advise the President on how, in light of advancements in technology, the United States can employ its technical collection capabilities in a way that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure.

The President thanked the Members of the Group for taking on this important task and looks forward to hearing from them as their work proceeds. Within 60 days of beginning their work, the Review Group will brief their interim findings to the President through the Director of National Intelligence, and the Review Group will provide a final report and recommendations to the President. [my emphasis]

So in spite of the fact that the White House highlights technology in its mandate, that didn’t lead them to find even a single technologist.

Also: Cass Sunstein.

Also: the Committee does, in fact, report its findings through James Clapper, the guy whose programs they will review, they guy who lied to Congress.

At least the White House isn’t promising — as Obama originally did — that it will be an “outside” “independent” committee.

Update: Egads. I take back what I said about Stone, who said this in June.

[W]hat should Edward Snowden have done? Probably, he should have presented his concerns to senior, responsible members of Congress. But the one thing he most certainly should not have done is to decide on the basis of his own ill-informed, arrogant and amateurish judgment that he knows better than everyone else in government how best to serve the national interest. The rule of law matters, and no one gave Edward Snowden the authority to make that decision for the nation. His conduct was more than unacceptable; it was criminal.

Laura Poitras Chips at the Terrorism Lie

/11 Comments/in , /by

Laura Poitras has another piece in Spiegel laying out NSA’s spying on diplomats — this time focusing on how NSA acquired blueprints of the new EU building in NYC to facilitate tapping it all.

To a significant degree, Poitras lays out how the NSA does what other countries at least try to do as well. While the US has certain advantages in conducting such spying (like having the UN headquartered in NYC and dominating telecom infrastructure), in principle it is assumed spy agents will spy on senior people from other countries.

But a key point of Poitras’ piece is that top officials — up to and including President Obama — have led the American people to believe all this spying focuses only terrorism. Indeed, she points to a line of the speech Obama gave a few weeks back that suggested terrorism was the only reason the government conducted this dragnet (this is the full quote — Poitras breaks up the quote into two; I think it is slightly more ambiguous but at the same time more assertive like this).

I think the main thing I want to emphasize is I don’t have an interest and the people at the NSA don’t have an interest in doing anything other than making sure that where we can prevent a terrorist attack, where we can get information ahead of time, that we’re able to carry out that critical task. We do not have an interest in doing anything other than that.

This was a response to a journalists’ question, not part of Obama’s prepared speech. Nevertheless, the President stood up publicly and claimed that the NSA does not “have an interest in doing anything other than … prevent[ing] a terrorist attack.”

That is a false statement.

Had Obama said preventing terrorism was one of several primary goal, the reported sole focus of the US person phone records dragnet, had he said that he and the NSA have other interests, it might be a fair comment. But it is not the case that the only interest of the NSA is to find advance intelligence on potential terrorist attacks.

And, as Poitras also points out, Obama made these comments in an effort to make people trust the dragnet. The comment came in direct response to a question about trust.

I wanted to ask you about your evolution on the surveillance issues. I mean, part of what you’re talking about today is restoring the public trust. And the public has seen you evolve from when you were in the U.S. Senate to now. And even as recently as June, you said that the process was such that people should be comfortable with it, and now you’re saying you’re making these reforms and people should be comfortable with those. So why should the public trust you on this issue, and why did you change your position multiple times?

And it came in a speech where Obama talked about trust a number of times, including offering his asinine dishwashing metaphor.

Q Can you understand, though, why some people might not trust what you’re saying right now about wanting to —

THE PRESIDENT: No, I can’t.

Q — that they should be comfortable with the process?

THE PRESIDENT: Well, the fact that I said that the programs are operating in a way that prevents abuse, that continues to be true, without the reforms. The question is how do I make the American people more comfortable.

If I tell Michelle that I did the dishes — now, granted, in the White House I don’t do the dishes that much — (laughter) — but back in the day — and she’s a little skeptical, well, I’d like her to trust me, but maybe I need to bring her back and show her the dishes and not just have her take my word for it.

And so the program is — I am comfortable that the program currently is not being abused. I’m comfortable that if the American people examined exactly what was taking place, how it was being used, what the safeguards were, that they would say, you know what, these folks are following the law and doing what they say they’re doing.

But it is absolutely true that with the expansion of technology — this is an area that’s moving very quickly — with the revelations that have depleted public trust, that if there are some additional things that we can do to build that trust back up, then we should do them. [my emphasis]

Obama suggests Snowden’s revelations — and not his, James Clapper’s, and Keith Alexander’s lies about the programs — have chipped away at trust. In a press conference in which Obama falsely claimed this was solely about terrorism.

If Obama and everyone else want to start rebuilding credibility, they need to stop lying, and get rid of the more substantive liars like Clapper and Alexander. But they also need to square with the American people about what this dragnet is for. Congress has repeatedly rejected internet-based surveillance to protect Hollywood IP and to socialize the private cybersecurity risk of corporate owners of critical infrastructure. Even Congress doesn’t approve the use of this technology for some applications.

And until the government stops pretending this is exclusively about terrorism, and stops pretending that terrorism is an existential threat or even the country’s greatest one, it will continue to lose credibility.

Has Federal Use of Drones Violated EO 12333?

/5 Comments/in /by

The Privacy and Civil Liberties Oversight Board just sent a letter to Eric Holder and James Clapper requesting that they have all the Intelligence Committee agencies update what are minimization procedures (though the letter doesn’t call them that), “to take into account new developments including technological developments.”

As you know, Executive Order 12333 establishes the overall framework for the conduct of intelligence activities by U.S. intelligence agencies. Under section 2.3 of the Executive Order, intelligence agencies can only collect, retain, and disseminate information about U.S. persons if the information fits within one of the enumerated categories under the Order and if it is permitted under that agency’s implementing guidelines approved by the Attorney General after consultation with the Director of National Intelligence.

The Privacy and Civil Liberties Oversight Board has learned that key procedures that form the guidelines to protect “information concerning United States person” have not comprehensively been updated, in some cases in almost three decades, despite dramatic changes in information use and technology.

The whole letter reads like the public record of a far more extensive and explicit classified discussion. Which makes me wonder what PCLOB found, in particular.

There are many technological issues that might be at issue — especially location data, but also generally Internet uses. Then there’s the advance in database technology, making the sharing of information much more invasive because of the way it can be used. But I wonder if this letter isn’t a demand that members of the intelligence community correct their use of drones.

The letter seems to point to something in EO 12333 Section 2.3 as its concern. Among the other potential enumerated categories of interest is this one:

Agencies within the Intelligence Community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned and approved by the Attorney General, consistent with the authorities provided by Part 1 of this Order. Those procedures shall permit collection, retention and dissemination of the following types of information:

[snip]

(h) Information acquired by overhead reconnaissance not directed at specific United States persons; [my emphasis]

We recently learned that the FBI has used drones in the following situations:

UAVs have been used for surveillance to support missions related to kidnappings, search and rescue operations, drug interdictions, and fugitive investigations. Since late 2006, the FBI has conducted surveillance using UAVs in eight criminal cases and two national security cases.  For example, earlier this year in Alabama, the FBI used UAV surveillance to support the successful rescue of the 5-year-old child who was being held hostage in an underground bunker by Jimmy Lee Dykes.

[snip]

The FBI does not use UAVs to conduct “bulk” surveillance or to conduct general surveillance not related to an investigation or an assessment.

It goes on to cite the Domestic Investigations and Operations Guide as its internal authority for the use of drones.

And while FBI’s use of drones to catch a kidnapper may not fall under the FBI’s intelligence mandate (and therefore may not violate EO 12333, which is about intelligence collection), it seems the two national security uses would.

If the subject of those national security investigations was a US person, it would seem to be a violation of EO 12333.

Note, too, that drones are listed among PCLOB’s focus items (see page 13).

That’s just a guess. I would also imagine that minimization procedures need updated given the more prevalent use of databases (NCTC’s access of government databases is another of PCLOB’s focuses). I would imagine that some intelligence community members (including both the NCTC and DHS) are in violation of the mandate that the FBI collect foreign intelligence within the US. And PCLOB also cites GPC use as another of its foci, which is one of the technologies that has developed in the last 30 years.

But given the timing of it all, I wonder if this is a push to get the FBI to stop using drones for intelligence collection.

DNI’s Latest “I Con” Speak: “Sift Through and Have Unfettered Access To”

/4 Comments/in /by

The Director of National Intelligence, after having repeatedly refused to answer any questions about the WSJ’s big scoop in yesterday’s conference call, has released a new document pretending to debunk stories based on the WSJ (though not the WSJ itself). It reads, in part,

Press reports based on an article published in today’s Wall Street Journal mischaracterize aspects of NSA’s activities conducted under Section 702 of the Foreign Intelligence Surveillance Act. The NSA does not sift through and have unfettered access to 75% of the United States’ online communications.

The following are the facts:

  • Media reports based upon the recent Wall Street Journal (WSJ) article regarding NSA’s foreign intelligence activities provide an inaccurate and misleading picture of NSA’s collection programs, but especially with respect to NSA’s use of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
  • The reports leave readers with the impression that NSA is sifting through as much as 75% of the United States’ online communications, which is simply not true.
  • In its foreign intelligence mission, and using all its authorities, NSA “touches” about 1.6%, and analysts only look at 0.00004%, of the world’s internet traffic.

Obviously, the government partly obscures its answer by presenting the global numbers when trying to debunk US numbers.

But more importantly, it builds a gigantic straw man with its “sift through and have unfettered access to” language. That’s not what the WSJ said (which is why DNI shifts its accusation).

The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology, these people say.

[snip]

The surveillance system is built on relationships with telecommunications carriers that together cover about 75% of U.S. Internet communications.

The NSA doesn’t do all the sifting. The telecoms Americans are paying every month do the first sift (which means part of that 75% of US Internet traffic is inaccessible to the NSA).

But see what DNI doesn’t ever do? Refute the WSJ.

Which I assume means we can take as confirmation that the government and its pseudo-private partners the telecoms do, in fact, sift through 75% of US Internet traffic.

All Three Branches Conduct Vaunted NSA Oversight!

/17 Comments/in , /by

Today, we learned this is what the vaunted Congressional oversight of NSA spying looks like.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit [showing thousands of violations] until The Post asked her staff about it, said in a statement late Thursday that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”

We learned this is what the vaunted FISA Court oversight of NSA spying looks like.

The chief judge of the Foreign Intelligence Surveillance Court said the court lacks the tools to independently verify how often the government’s surveillance breaks the court’s rules that aim to protect Americans’ privacy. Without taking drastic steps, it also cannot check the veracity of the government’s assertions that the violations its staff members report are unintentional mistakes.

“The FISC is forced to rely upon the accuracy of the information that is provided to the Court,” its chief, U.S. District Judge Reggie Walton, said in a written statement to The Washington Post. “The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.”

We learned this is what the vaunted internal NSA oversight of NSA spying looks like.

The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.

In one required tutorial, NSA collectors and analysts are taught to fill out oversight forms without giving “extraneous information” to “our FAA overseers.” FAA is a reference to the FISA Amendments Act of 2008, which granted broad new authorities to the NSA in exchange for regular audits from the Justice Department and the office of the Director of National Intelligence and periodic reports to Congress and the surveillance court.

Using real-world examples, the “Target Analyst Rationale Instructions” explain how NSA employees should strip out details and substitute generic descriptions of the evidence and analysis behind their targeting choices.

Vaunted. For well over 2 months. This is what they’ve been hailing.

As WaPo Was Letting Pincus Transcribe, They Were Fighting Administration on Gellman Story

/11 Comments/in , /by

On Friday, the President promised us more transparency on NSA issues.

Meanwhile, the WaPo was preparing this story on NSA issues from Barton Gellman.

Along the way, the Administration gave Gellman a 90-minute interview of unspecified date (it may have been Saturday, the day after Obama’s promise to be more transparent) with NSA’s Director of Compliance John DeLong only to, after the fact, ask for quote approval.

The Obama administration referred all questions for this article to John DeLong, the NSA’s director of compliance, who answered questions freely in a 90-minute interview. DeLong and members of the NSA communications staff said he could be quoted “by name and title” on some of his answers after an unspecified internal review. The Post said it would not permit the editing of quotes. Two days later, White House and NSA spokesmen said that none of DeLong’s comments could be quoted on the record and sent instead a prepared statement in his name. The Post declines to accept the substitute language as quotations from DeLong.

On August 12, the government refused to answer specific questions about compliance issues, even though Gellman had a report on them in hand.

The NSA communications office, in coordination with the White House and Director of National Intelligence, declined to answer questions about the number of violations of the rules, regulations and court-imposed standards for protecting the privacy of Americans, including whether the trends are up or down. Spokesmen provided the following prepared statement.

Then, on August 14, it offered this statement in response to specific questions about the FISA Court finding NSA to have violated the Fourth Amendment in October 2011.

In July 2012, Director of National Intelligence [James R.] Clapper declassified certain statements about the government’s implementation of Section 702 in order to inform the public and congressional debate relating to reauthorization of the FISA Amendments Act (FAA). Those statements acknowledged that the Foreign Intelligence Surveillance Court (FISC) had determined that “some collection carried out pursuant to the Section 702 minimization procedures used by the government was unreasonable under the Fourth Amendment.”

The FISC’s finding was with respect to a very specific and highly technical aspect of the National Security Agency’s 702 collection. Once the issue was identified and fully understood, it was reported immediately to the FISC and Congress. In consultation with the FISC, the Department of Justice, NSA, and the Office of the Director of National Intelligence worked to address the concerns identified by the FISC by strengthening the NSA minimization procedures, thereby enhancing privacy protections for U.S. persons. The FISC has continued to approve the collection as consistent with the statute and reasonable under the Fourth Amendment.

I’m so old I remember when President Obama promised us more transparency.

But even as the WaPo was having these ridiculous conversations with the IC about data that Gellman had in hand, Walter Pincus was writing this story.

It’s time for the intelligence community to have its side of the debate over the National Security Agency’s collection programs explained.

[snip]

Such transparency is useless if the news media do not pass it on to the public. Few, if any, major news outlets carried any of the details from the Justice and NSA papers.

[snip]

Intelligence officials say that if the U.S. media do not provide what the government claims are the facts underlying what critics and supporters say, the public cannot understand the issue.

[snip]

There are two more issues intelligence officials want noted.

That is, even while IC officials were whining to Pincus that no one was spewing their propaganda, they were playing games with Gellman to try to influence his piece while not admitting he had a handful of documents on violations that proved them wrong.

Though none of that explains what this is, from Gellman’s story.

a senior NSA official said in an interview, speaking with White House permission on the condition of anonymity.

I’m going to guess that’s DeLong. But still: why give the government their shot at rebuttal if they refuse to let their officials be accountable for their comments?

More Notice Problems in the 215 Dragnet White Paper

/4 Comments/in , /by

According to the 2009 Draft NSA IG Report, the telecoms asked for some kind of order for the telecom dragnet collection in 2005, just after the NYT revealed the illegal wiretap program.

After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephone metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order.

At least for the beginning of 2006, the government responded to these concerns with a letter from Alberto Gonzales.

On 24 January 2006, the Attorney General sent letters to COMPANIES A, B, and C, [AT&T, Verizon, and MCI] certifying under 18 U.S.C. 2511 (2)(a)(ii)(B) that “no warrant or court order was or is required by law for the assistance, that all statutory requirements have been met, and that the assistance has been and is required.

The court first signed an order authorizing the collection of phone metadata on May 24, 2006 — 76 days after Congress had passed the reauthorization of the PATRIOT Act with the new “relevant to” language.

The FISC signed the first Business Records Order on 24 May 2006. The order essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had under the PSP. And, unlike the PRTT, there was no break in collection at transition.

But according to the March 2008 DOJ IG Report on Section 215 use, DOJ’s Office of Intelligence Policy and Review was briefing changes to at least some of the use of the use of Section 215 that would be implemented by the reauthorization before PATRIOT was reauthorized.

OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [redacted] from the FISA Court. Therefore, OIPR decided not to request [redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court.24

24 OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act.

The import of the new “relevant to” may well have been the substantive change in question; so this February briefing may have been the start of stripping “relevant to” of all meaning.

Ron Wyden seems to want the government to admit this first court authorization just approved dragnet collection already going on.

When he and 25 other Senators sent James Clapper some questions about Section 215, they asked how long the NSA was conducting dragnet collection under the PATRIOT Act (which remember also includes the PW/TT statute used for the Internet dragnet).

How long has the the NSA used PATRIOT Act authorities to engage in bulk collection of Americans’ records? Was this collection under way when the law was reauthorized in 2006?

And Wyden called out Clapper when he refused to answer.

In addition, the intelligence community’s response fails to indicate when the PATRIOT Act was first used for bulk collection, or whether this collection was underway when the law was renewed in 2006.

Was the government using National Security Letters to collect this information between the NYT scoop and the FISC authorization, I wonder?

In any case, we know the government was collecting phone metadata going back years, we know the government was discussing changes instituted by PATRIOT reauthorization in February 2006, and we know the FISC approved using Section 215 for a phone dragnet in May 2006.

In an interview published yesterday, Ron Wyden (who had already been on the Senate Intelligence Committee for several years in 2006) revealed when he first learned about the phone dragnet.

You went from supporting the Patriot Act in 2001 to pushing relentlessly for its de-authorization. What was the tipping point?
My concerns obviously deepened when I first learned that the Patriot Act was being used to justify the bulk collection of Americans’ records, which was in late 2006 or early 2007.

In other words, the government didn’t get around to briefing all of the Intelligence Committee about this collection until months after it started, and possibly up to a year after they first briefed related issues to the FISC.

Here’s how the White Paper turns that unforgivable delay into a boast.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.

Translation: The Executive Branch stalled for an impermissibly long period of time after this dragnet started before briefing even the Intelligence Committee. And while we might blame the Bush Administration, remember that Keith Alexander was already running the dragnet by this period.

So not only didn’t the government tell Congress it was using PATRIOT to conduct dragnet collection of Internet metadata when it reauthorized it in 2006, but it didn’t even tell all members of SSCI until well after the phone dragnet moved under PATRIOT as well.