Posts

“There are two more issues intelligence officials want noted”

Walter Pincus fancies his work to be about “reading documents” and finding the bits that everyone else has missed.

The way I’ve always done it is reading documents. I mean there is a huge amount of public material that’s put every day out in the public record and people don’t read it. The key to the column whether it’s good or not is documents. I just – I try to base every column on something I read; a transcript, a report, a hearing, whatever.

Somehow, that approach to journalism has resulted in this, basically an entire piece listing the things Intelligence Community bigwigs wish people had noticed in the White Paper released last Friday.

There are two more issues intelligence officials want noted.

For the most part, however, Pincus’ piece either reiterates the same tired bullet points the IC keeps repeating.

The NSA document notes that of 54 terrorist events discussed publicly, 13 had a U.S. connection, and in 12 of them, the phone metadata played a role.

[snip]

Intelligence officials later pieced together — and have remembered ever since — that 9/11 hijacker Khalid Almihdhar resided in California in early 2000 and that while some of his conversations with an al-Qaeda safe house in Yemen were picked up, the NSA did not have that U.S. phone number or any indication that he was located in San Diego.

[snip]

Another point they note is that over the length of these NSA programs, and similar ones that date to the late 1960s, there have been layers of oversight by the NSA, the Justice and Defense departments, Congress and the judiciary.

Or, in what is really only Pincus’ close focus on the released documents, uses thin evidence from the White Paper to “support” whiny complaints from the IC.

What also angers many former senior intelligence officials is the complaint by members of Congress and particularly some on the intelligence oversight committees that they were never told about the extent of the phone metadata program.

As the Justice paper notes, the Senate and House Intelligence and Judiciary committees “by December 2008 . . . had received the initial application and primary order authorizing the telephone metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.”

What Pincus fails to mention is that the White Paper actually proves the critics to be correct. Not only does it prove the Administration waited 5 months — from Silvestre Reyes’ September 30, 2009 request to their December 14, 2009 response to Reyes’ request to the February 24, 2010 letter to members making them aware of that notice, effectively stalling through the entire period of debate over this issue — before actually informing Congress about the dragnet. It also suggests — as has been all-but confirmed since — that Mike Rogers simply decided not to pass on the notice at all the following year. The White Paper proves critics’ point, but Pincus hides that fact.

And all those details about 2009 and 2011 distract from the question of why the Bush Administration didn’t even try to give notice to Congress in 2006, when it had already briefed the FISA Court it planned to use the “relevant” language Congress intended to use to constrain Section 215’s use to blow up it up beyond recognition. Why is it adequate to provide the judiciary committees notice (note, even here the Administration’s claims fall short, as I’ll show in a follow-up) only 3 years after the fact?

Remember, too, that Pincus is a JD. At least in theory, he is trained to do the kind of analysis that Jeffrey Rosen and Orin Kerr have done, pointing out the legal flaws in this logic. Or maybe he might just want to point out how hard the Administration had to look for a definition of “relevant” that didn’t totally undermine their argument.

All of which is to show that Pincus has himself failed to do what he claims is his schtick. A close reading of the White Paper actually introduces more problems, not fewer, for the Administration’s dragnet programs.

Which makes these two parroted claims all the more painful to read.

Such transparency is useless if the news media do not pass it on to the public. Few, if any, major news outlets carried any of the details from the Justice and NSA papers.

[snip]

Intelligence officials say that if the U.S. media do not provide what the government claims are the facts underlying what critics and supporters say, the public cannot understand the issue.

Here Pincus is in a major news outlet passing on not what the White Paper actually shows, not the actual facts presented there, but reinterpreting it with the mostly anonymous guidance of the IC, spinning it to put in better light.

I guess Walter Pincus should read Walter Pincus.

Alexander Joel: Dragnet with a Human Face

For some reason, James Clapper’s office decided it would be a good idea to tell the rest of the world that it has a Civil Liberties Protection Officer, Alexander Joel. Today, he introduces himself in a piece in McClatchy.

Before you read it, consider that, back in 2006 when he was appointed, he said he was cool with Dick Cheney’s illegal wiretap program.

When the NSA wiretapping program began, Mr. Joel wasn’t working for the intelligence office, but he says he has reviewed it and finds no problems. The classified nature of the agency’s surveillance work makes it difficult to discuss, but he suggests that fears about what the government might be doing are overblown.

“Although you might have concerns about what might potentially be going on, those potentials are not actually being realized and if you could see what was going on, you would be reassured just like everyone else,” he says.

As for his essay, most of it is the same blathering boilerplate about Section 215 not collecting content and Section 702 not permitting “targeting” of US persons (without acknowledging that it does permit collecting of their content).

But there are two amusing details. First, in one paragraph he goes from actually mentioning the Constitution (which is welcome and novel!) to suggesting that a national security contractor like Edward Snowden would have been protected as a whistleblower.

Some people question whether people who work for the government can be trusted. In my experience, intelligence professionals � [sic] and those overseeing them – are profoundly committed to the oath they take to support and defend the Constitution. People inside government have questions and concerns just like everyone else. It’s my job to raise civil liberties and privacy issues about intelligence activities, and I do. If intelligence personnel have legal or civil liberties concerns, they can raise them in secure ways, including by contacting my office, offices of inspector general, or the congressional oversight committees. Under law, they are protected from reprisal if they do.

More interesting still, is Joel’s discussion of the two oversight Boards he claims have an active role in these programs.

Oversight boards are also involved. The President’s Intelligence Oversight Board reviews reports of potential violations. The Privacy and Civil Liberties Oversight Board, an independent federal agency, is currently conducting an in-depth review of these two programs, and has full access to classified information about them and to the personnel involved. My office works with both boards to ensure that they are receiving the information they need to perform their oversight functions.

Back in 2010 and 2011 — a time when Joel was in the office — ODNI at first stalled and then provided really confused information about whether there even was a functional Intelligence Oversight Board. And with the ascension of Chuck Hagel, who was a big part of the board, to be Defense Secretary, it is dysfunctional (unless Obama has snuck another person onto without telling anyone).

And PCLOB only recently became functional for the first time in Obama’s presidency, partly due to his delays, partly due to the Senate’s. And their recent public hearing on the NSA programs was underwhelming.

Joel has just bragged about how closely he worked with these Boards. He knows they’ve been of spotty functionality.

But this is the dragnet with a human face. The truth doesn’t matter so much as making people feel better.

Update, 8/15: On the subject of IOB and its parent board, the President’s Intelligence Advisory Board, Josh Gerstein has this:

The President’s Intelligence Advisory Board stood 14 members strong through 2012, but the White House website was recently updated to show the panel’s roster shrinking to just four people.

In the past four years, the high-powered group has waded into the implications of WikiLeaks for intelligence sharing, and urged retooling of America’s spy agencies as the United States withdraws from big wars abroad.

[snip]

Chuck Hagel was nominated in January as defense secretary and sworn in the following month. Venture capitalist and former lobbyist Tom Wheeler joined the board in 2011, but was tapped by Obama in May 2013 to head the Federal Communications Commission.

And Hagel’s co-chairman and fellow former senator, David Boren, said he asked to leave the panel early this year “because of the demands of my work as president of the University of Oklahoma. My request to the president was made shortly after the first of the year,” Boren said in a statement responding to a query from POLITICO.

Also exiting the board in recent months, according to the White House website: former Securities and Exchange Commission member Roel Campos, international lawyer and philanthropist Rita Hauser, stealth technology pioneer and former Undersecretary of Defense Paul Kaminski, Stimson Center CEO Ellen Laipson, and retired Air Force Gen. Lester Lyles. [my emphasis]

So yesterday, Alexander Joel pointed to IOB as one of the key oversight mechanisms over the dragnet. Today, we learn that every single member of the Board has been appointed away or asked to resign.

Update: Gerstein says on Twitter he thinks IOB is fully operational.

Actually, I think IOB more or less fully staffed & chaired by Meltzer. I think WH understands they need that up for lgl reasons

The Clapper Review: How to Fire 90% of SysAdmins?

Yesterday, I noted it took just 72 hours from Obama to turn an “independent” “outside” review of the government’s SIGINT programs into the James Clapper Review of James Clapper’s SIGINT Programs.

But many other commenters have focused on the changed description of the review’s mandate. In his speech on Friday, Obama said the review would study, “how we can maintain the trust of the people, how we can make sure that there absolutely is no abuse in terms of how these surveillance technologies are used, ask how surveillance impacts our foreign policy.”

On Monday, his instruction to James Clapper said the review would, “whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust.”

Both addressed public trust. But Monday’s statement replaced a focus on “absolutely no abuse” with “risk of unauthorized disclosure.”

Now, I’m not certain, but I’m guessing we all totally misunderstood (by design) Obama’s promises on Friday.

The day before the President made those promises, after all, Keith Alexander made a different set of promises.

“What we’re in the process of doing – not fast enough – is reducing our system administrators by about 90 percent,” he said.

The remarks came as the agency is facing scrutiny after Snowden, who had been one of about 1,000 system administrators who help run the agency’s networks, leaked classified details about surveillance programs to the press.

Before the change, “what we’ve done is we’ve put people in the loop of transferring data, securing networks and doing things that machines are probably better at doing,” Alexander said.

We already know that NSA’s plan to minimize the risk of unauthorized disclosure involves firing 900 SysAdmins (Bruce Schneier provides some necessary skepticism about the move). They probably believe that automating everything (including, presumably, the audit-free massaging of the metadata dragnet data before analysts get to it) will ensure there “absolutely is no abuse.”

And by turning the review intended to placate the civil libertarians into the review that will come up with the brilliant idea of putting HAL in charge of spying, the fired SysAdmins might just blame the civil libertarians.

So this review we all thought might improve privacy? Seems, instead, designed to find ways to fire more people faster.

This Independent Technical Review Group Brought to You By the Booz Allen Hamilton Director of National Intelligence™

When Obama announced Friday the formation of a technical advisory group to review our SIGINT programs, I naively believed “outside” and “independent” meant “outside” and “independent.”

Fourth, we’re forming a high-level group of outside experts to review our entire intelligence and communications technologies. We need new thinking for a new era. We now have to unravel terrorist plots by finding a needle in the haystack of global telecommunications. And meanwhile, technology has given governments — including our own — unprecedented capability to monitor communications.

So I am tasking this independent group to step back and review our capabilities — particularly our surveillance technologies. And they’ll consider how we can maintain the trust of the people, how we can make sure that there absolutely is no abuse in terms of how these surveillance technologies are used, ask how surveillance impacts our foreign policy — particularly in an age when more and more information is becoming public. And they will provide an interim report in 60 days and a final report by the end of this year, so that we can move forward with a better understanding of how these programs impact our security, our privacy, and our foreign policy. [my emphasis]

I also naively believed this was an effort to take up Ron Wyden and Mark Udall’s call to get an independent review of the program, which the rest of the Senate Intelligence Committee thwarted a year ago.

We also proposed directing the committee’s Technical Advisory Group to study FISA Amendments Act collection and provide recommendations for improvements. We were disappointed that our motion to request that the Technical Advisory Group study this issue was ruled by our colleagues to be out of order.

Nope!

In the memo Obama just released ordering James Clapper to form such a committee, those words “outside” and “independent” disappear entirely.

I believe it is important to take stock of how these technological advances alter the environment in which we conduct our intelligence mission. To this end, by the authority vested in me as President by the Constitution and the laws of the United States of America, I am directing you to establish a Review Group on Intelligence and Communications Technologies (Review Group).

The Review Group will assess whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust. Within 60 days of its establishment, the Review Group will brief their interim findings to me through the Director of National Intelligence (DNI), and the Review Group will provide a final report and recommendations to me through the DNI no later than December 15, 2013. [my emphasis]

And neither Obama nor the Intelligence Committees get to hear from this Group themselves. It all goes through James Clapper.

What on Friday was an outside and independent group is now branded by the Director of National Intelligence as the Director of National Intelligence Group.

At the direction of the President, I am establishing the Director of National Intelligence Review Group on Intelligence and Communications Technologies to examine our global signals-intelligence collection and surveillance capability.

The Review Group will assess whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust.

Huh. It took exactly 72 hours for that good idea to fizzle into a navel gaze directed by the guy who lies to Congress.

I Told You So, It’s about Cybersecurity Edition

When James “Least Untruthful” Clapper released the first version of PRISM success stories and the most impressive one involved thwarting specific cyberattacks, I noted that the NSA spying was about hackers as much as terrorists.

When  “Lying Keith” Alexander answered a question about hacking China from George Stephanopoulos by talking about terror, I warned that these programs were as much about cybersecurity as terror. “Packets in flight!”

When the Guardian noted that minimization procedures allowed the circulation of US person communications collected incidentally off foreign targets if they were “necessary to understand or assess a communications security vulnerability,” I suggested those procedures fit cybersecurity targets better than terror ones.

When Ron Wyden and Mark Udall caught Lying Keith (again) in a lie about minimization, I speculated that the big thing he was hiding was that encrypted communications are kept until they are decrypted.

When I compared minimization procedures with the letter of the law and discovered the NSA had secretly created for itself the ability to keep US person communications that pose a serious threat to property (rather than life or body), I suggested this better targeted cyber criminals than terrorists.

When Joel Brenner suggested Ron Wyden was being dishonorable for asking James Clapper a yes or no question in March 2013, I noted that Wyden’s question actually referred to lies Lying Alexander had told the previous year at DefCon that hid, in part, how hackers’ communications are treated.

When the Guardian happened to publish evidence the NSA considers encryption evidence of terrorism the same day that Keith Alexander spokes to a bunch of encrypters exclusively about terrorism, I suggested he might not want to talk to those people about how these programs are really used.

And when I showed how Lying Keith neglected his boss’ earlier emphasis on cyber in his speech to BlackHat in favor of terror times 27, I observed Lying Keith’s June exhortation that “we’ve got to have this debate with our country,” somehow didn’t extend to debating with hackers.

I told you it would come to this:

U.S. officials say NSA leaks may hamper cyber policy debate

Over two months after Edward Snowden’s first disclosures, the cyberwarriors are now admitting disclosures about how vast is NSA’s existing power — however hidden behind the impetus of terror terror terror — might lead Congress to question further empowering NSA to fight cyberwar.

I told you so. Read more

More Lies to the FISA Court

I was pulling up something else from Ron Wyden’s site, and noticed a sentence in this release pointing out how last week’s so-called transparency dump from James Clapper actually shows the lies the Intelligence Community told to Congress. I didn’t see the first time I looked at it.

Similarly misleading statements about the bulk email records program were also made to the Foreign Intelligence Surveillance Court, though these statements unfortunately remain classified.

As I’ve noted before, John Brennan testified that he submitted CIA interrogation derived evidence to the FISA Court, almost certainly in the “scary memos” he submitted to justify the continuation of Cheney’s illegal wiretap program.

Burr: I’m still not clear on whether you think the information from CIA interrogations saved lives.  Have you ever made a representation to a court, including the FISA court, about the type and importance of information learned from detainees including detainees in the CIA detention and interrogation program?

Brennan: Ahm, first of all, in the first part of your question, as to you’re not sure whether I believe that there has been information … I don’t know myself.

Burr: I said I wasn’t clear whether I understood, whether whether I was clear.

Brennan: And I’m not clear at this time either because I read a report that calls into question a lot of the information that I was provided earlier on, my impressions. Um. There, when I was in the government as the head of the national counterterrorism center I know that I had signed out a number of um affirmations related to the uh continuation of certain programs uh based on the analysis and intelligence that was available to analysts. I don’t know exactly what it was at the time, but we can take a look at that.

Burr: But the committee can assume that you had faith if you made that claim to a court or including the FISA court, you had faith in the documents in the information that was supplied to you to make that declaration.

Brennan: Absolutely. At the time if I had made any such affirmation, i would have had faith that the information I was provided was an accurate representation. [my emphasis]

While Wyden’s hinted misrepresentations are probably more modest — probably relating to how important the information derived from the Internet metadata collection really was — it nevertheless adds to the evidence that the non-adversarial nature of the FISA Court has allowed the Executive Branch to lie to the judges who preside there.

Shut Down CyberCommand — US CyberCommander Keith Alexander Doesn’t Think It’s Important

Back on March 12 — in the same hearing where he lied to Ron Wyden about whether the intelligence community collects data on millions of Americans — James Clapper also implied that “cyber” was the biggest threat to the United States.

So when it comes to the distinct threat areas, our statement this year leads with cyber. And it’s hard to overemphasize its significance. Increasingly, state and non-state actors are gaining and using cyber expertise. They apply cyber techniques and capabilities to achieve strategic objectives by gathering sensitive information from public- and private sector entities, controlling the content and flow of information, and challenging perceived adversaries in cyberspace.

That was the big takeaway from Clapper’s Worldwide Threat Assessment. Not that he had lied to Wyden, but that that cyber had become a bigger threat than terrorism.

How strange, then, that the US CyberCommander (and Director of National Security) Keith Alexander mentioned cyber threats just once when he keynoted BlackHat the other day.

But this information and the way our country has put it together is something that we should also put forward as an example for the rest of the world, because what comes out is we’re collecting everything. That is not true. What we’re doing is for foreign intelligence purposes to go after counterterrorism, counterproliferation, cyberattacks. And it’s focused. [my emphasis]

That was it.

The sole mention of the threat his boss had suggested was the biggest threat to the US less than 5 months earlier. “Counterterrorism, counterproliferation, cyberattacks. and it’s focused.”

The sole mention of the threat that his audience of computer security professionals are uniquely qualified to help with.

Compare that to his 27 mentions of “terror” (one — the one with the question mark — may have been a mistranscription):

terrorists … terrorism … terrorist attacks … counterterrorism … counterterrorism … terrorists … counterterrorism … terrorist organizations … terrorist activities … terrorist … terrorist activities … counterterrorism nexus … terrorist actor … terrorist? … terrorism … terrorist … terrorists … imminent terrorist attack … terrorist … terrorist-related actor … another terrorist … terrorist-related activities … terrorist activities … stopping terrorism … future terrorist attacks … terrorist plots … terrorist associations

That was the speech the US CyberCommander chose to deliver to one of the premiere group of cybersecurity professionals in the world.

Terror terror terror.

Sitting among you are people who mean us harm

… US CyberCommander Alexander also said.

Apparently, Alexander and Clapper’s previous intense focus on stopping hacktavists and cyberattacks and cybertheft and cyber espionage have all been preempted by the necessity of scaring people into accepting the various dragnets that NSA has deployed against Americans.

Which, I guess, shows us the true seriousness of the cyber threat.

To be fair to our CyberCommander, he told a slightly different story back on June 27, when he addressed the Armed Forces Communications and Electronics Association International Cyber Symposium.

Sure, he started by addressing Edwards Snowden’s leaks.

But then he talked about a debate he was prepared to have.

I do think it’s important to put that on the table, because as we go into cyber and look at–for cyber in the future, we’ve got to have this debate with our country. How are we going to protect the nation in cyberspace? And I think this is a debate that is going to have all the key elements of the executive branch–that’s DHS, FBI, DOD, Cyber Command, NSA and other partners–with our allies and with industry. We’ve got to figure how we’re going to work together.

How are we going to protect the nation in cyberspace? he asked a bunch of Military Intelligence Industrial Complex types.

At his cyber speech, Alexander also described his plan to build, train, and field one-third of the force by September 30 — something you might think he would have mentioned at BlackHat.

Not a hint of that.

Our US CyberCommander said — to a bunch of industry types — that we need to have a debate about how to protect the nation in cyberspace.

But then, a month later, with the group who are probably most fit to debate him on precisely those issues, he was all but silent.

Just terror terror terror.

Keith Alexander: We Report Violations to “Everyone”

At 32:14 in his speech to BlackHat yesterday, Keith Alexander said of the Section 215 dragnet,

We comply with the court orders and do this exactly right. And if we make a mistake, we hold ourselves accountable and report it to everyone.

Here’s what the 2011 report on both the telecom and Internet dragnets declassified yesterday said about NSA’s compliance failures (see PDF page 8).

Screen shot 2013-08-01 at 11.45.38 AM

By “everyone” Alexander appears not to include “citizens and taxpayers.”

As I reported Friday, Ron Wyden and Mark Udall say the Intelligence Committee downplays the seriousness of the violations that have occurred.

Their violations of the rules for handling and accessing bulk phone information are more troubling than have been acknowledged and the American people deserve to know more details.

Monday, Wyden elaborated further.

I am not allowed to discuss the classified nature of that, but I want to make sure those who are following this debate know that from my vantage point, reading those documents that are classified, these violations are more serious than have been stated by the intelligence community, and in my view that is very troubling. So I do hope Senators will go to the Intelligence Committee and ask to see those classified documents because I think when they read them–I think they will come to the conclusion to which I have come that, not only is what was stated by the Director of National Intelligence in that letter that was sent to you and me and Senator Udall and 23 other Senators–not only was that correct, but I think Senators who read those classified documents will also come to the conclusion that the violations are more serious than they thought–than the intelligence community portrayed.

After Alexander’s speech yesterday, CNBC asked further questions, including specifically about Wyden’s claims.

CNBC: General Alexander, Senator Wyden said yesterday that phone records collection abuse has been more significant than the government has acknowledged. What do you say about that?

Alexander: I’m not sure what he’s referring to, so I don’t know without him being more specific. If he could be. I think, um, maybe we should have a discussion on what that means.

(Alexander went on to provide actual specifics about what “everyone” means, though he did not explicitly admit it doesn’t include “everyone.”)

I’m not actually sure where that “if he could be” fits syntactically in Alexander’s response. But here’s why Wyden can’t provide more specifics.

Screen shot 2013-08-01 at 11.45.38 AM

Alexander, who is a classification authority (though James Clapper may be the classification authority for the 215 program), responded to a question about abuse by demanding that Wyden, who is not a classification authority, provide more details about something that NSA and ODNI have specifically kept classified.

But don’t worry. When they commit abuses, Alexander claimed, they tell “everyone.”

Later in the interview, Alexander told CNBC it could help.

Just reporting what somebody says is not the right thing to do for our country.

[snip]

Let’s put the facts on the table. If you just blindly take what somebody says, I think that’s not what our nation needs.

Yet blindly taking what somebody says about government abuse is precisely where Alexander and Clapper have left American citizens.

 

 

The James Clapper Stall Declaration

On Thursday July 25, the ACLU met the government for a hearing in their suit to stop the Section 215 dragnet (which I’ll call ACLU Injunction for this post). While there, the government handed the judge a filing for ACLU’s Section 215 FOIA, asking for more time (until September 15, or maybe longer) before respond in that case; they sent ACLU a redacted copy by letter the next day.

The filing includes a James Clapper declaration written way back on July 7 meant to apply to four or five cases asking for a two month delay on FOIA or related litgation; as far as is publicly known, however, the declaration had not yet been submitted in any of those cases.

The filing (and its redactions) are interesting for several reasons:

It suggests one ongoing case pertains to Section 215 and/or Section 702 surveillance in a way that is not publicly known.

As I said, this declaration pertains to four or five cases. Three of those are named:

  • EFF v. DOJ (12-1441): EFF’s FOIA suit to get the FISA Court opinion deeming Section 702 to have violated the Fourth Amendment (EFF FISC Opinion FOIA)
  • EFF v. DOJ (4:11-5221): EFF’s FOIA suit to get a limited number of documents pertaining to Section 215 (EFF 215 FOIA)
  • ACLU v. FBI (11-7562): ACLU’s FOIA suit to get a broader range of documents pertaining to Section 215 (ACLU 215 FOIA)

But after referencing those suits, the Clapper declaration redacts over a line describing at least one other case.

Screen shot 2013-07-28 at 10.16.40 AM

 

The letter accompanying this declaration includes a footnote explaining,

Some redactions in the declaration include information that, in isolation, may be unclassified but, in the context of the discussion in the declaration, could tend to reveal information that is still classified in other settings.

Given the other redactions — which largely refer to still unacknowledged or undisclosed aspects of the Section 215 and Section 702 surveillance, along with one probable reference to CIA — the name of these case(s) are probably one of those redactions that would be unclassified in other circumstances.

That suggests that it may be the relevance to this issue — the role of Section 215 or Section 702 — that makes the reference to the case classified.

My first guess about what case(s) might be included in that redaction is EPIC’s FOIA suit for materials pertaining to the investigation of supporters of WikiLeaks. As I have described, the government not only withheld everything under an “ongoing investigation” exemption, it also invoked “protected by statute.” But it didn’t say what statute prohibited it from releasing the materials, an unheard of FOIA practice. That suit is awaiting the judges decision on motions to dismiss.

Read more

Wyden and Udall: They’re Blowing Smoke about Phone and Other Bulk Record Safety

When I wrote about the letter from Ron Wyden, Mark Udall, and 24 other Senators to James Clapper a month ago, I focused on the specter that Section 215 would be used to collect gun records (in response to which, the NRA let its political guns drop from flaccid fingers).

Given yesterday’s response from Wyden and Udall to Clapper’s response, I should have focused on this passage:

Senior officials have noted that there are rules in place governing which government personnel are allowed to review the bulk phone records data and when. Rules of this sort, if they are effectively enforced, can mitigate the privacy impact of this large-scale data collection, if they do not erase it entirely. Furthermore, over its history the intelligence community has sometimes failed to keep sensitive information secure form those who would misuse it, and even if these rules are well-intentioned they will not eliminate all opportunities for abuse.

In response to that passage, Clapper spent one paragraph talking about when the government can access this data and another describing the oversight over it, including,

Implementation of the program is regularly reviewed not only by NSA, but by outside lawyers from the Department of Justice and by my office, as well as by Inspectors General. The Executive Branch reports all compliance incidents on to the FISC.

Later, in response to a question specifically about violations, Clapper wrote,

Since the telephony metadata collection program under section 215 was initiated, there have been a number of compliance problems that have been previously identified and detailed in reports to the Court and briefings to Congress as a result of Department of Justice reviews and internal NSA oversight. However, there have been no findings of any intentional or bad-faith violations.

These problems generally involved human error or highly sophisticated technology issues related to NSA’s compliance with particular aspects of the Court’s orders. As required, those matters, including details and appropriate internal remedial actions, are reported to the NSA’s Inspector General, the Department of Justice, the Office of the Director of National Intelligence, the FISC and in reports provided to Congress and other oversight organizations.

To which Wyden and Udall insisted,

Their [in context, probably meaning NSA’s, though they did not specify] violations of the rules for handling and accessing bulk phone information are more troubling than have been acknowledged and the American people deserve to know more details.

Now, there are a couple of different things going on here.

First, as Wyden and Udall also note, Clapper didn’t answer their question, “How long has the NSA used the PATRIOT Act authorities to engage in bulk collection of Americans’ records? Was this collection underway when the law was reauthorized in 2006?” Clapper instead answered how long NSA was using Section 215 to get telephony metadata, answering May 2006. But we know that collection was briefed before passage of the PATRIOT reauthorization, and it appears the government used a kluged hybrid order to get it from at least the time the illegal program was revealed in 2005 until the reauthorization passed.  So this earlier use may implicate earlier violations.

Nevertheless, what Clapper claims to be human error seems to be something more, the querying of records pertaining to phone numbers that aren’t clearly terrorists (or Iranians).

And given the revelation the government has gone three hops deep into this data, the reference to “highly sophisticated technology issues” suggests more sophisticated data mining than a game of half-Bacon.

Finally, one more thing. In the debate over the Amash-Conyers amendment the other day, House Intelligence Chair Mike Rogers also boasted of the controls that — according to Wyden and Udall — have proven insufficient. But in the process of boasting, he admitted other agencies have less effective oversight than the NSA.

It is that those who know it best support the program because we spend as much time on this to get it right, to make sure the oversight is right. No other program has the legislative branch, the judicial branch, and the executive branch doing the oversight of a program like this. If we had this in the other agencies, we would not have problems. [my emphasis]

When Wyden and Udall asked this question originally, they asked specifically, “Have there been any violations of the court orders permitting this bulk collection, or of the rules governing access to these records?” While most of their questions specified NSA, that one didn’t. The FBI, not NSA, is the primary user of Section 215, though it shares its counterterrorism (and counterespionage) data with the National Counterterrorism Center.

And even Mike Rogers appears to believe “the other agencies” have problems with this kind of data.

All of which seems to suggest there have been serious problems with the NSA’s use of the phone record dragnet. But there have been even more serious problems with bulk records on other subjects as used by other agencies.