Posts

Lamar Smith’s Futile Leak Investigation

Lamar Smtih has come up with a list of 7 national security personnel he wants to question in his own leak investigation. (h/t Kevin Gosztola)

House Judiciary Committee Chairman Lamar Smith, R-Texas, told President Obama Thursday he’d like to interview seven current and former administration officials who may know something about a spate of national security leaks.

[snip]

The administration officials include National Security Advisor Thomas Donilon, Director of National Intelligence James Clapper, former White House Chief of Staff Bill Daley, Assistant to the President for Homeland Security and Counterterrorism John Brennan, Deputy National Security Advisor Denis McDonough, Director for Counterterrorism Audrey Tomason and National Security Advisor to the Vice President Antony Blinken.

Of course the effort is sure to be futile–if Smith’s goal is to figure out who leaked to the media (though it’ll serve its purpose of creating a political shitstorm just fine)–for two reasons.

First, only Clapper serves in a role that Congress has an unquestioned authority to subpoena (and even there, I can see the Intelligence Committees getting snippy about their turf–it’s their job to provide impotent oversight over intelligence, not the Judiciary Committees).

As for members of the National Security Council (Tom Donilon, John Brennan, Denis McDonough, Audrey Tomason, and Antony Blinken) and figures, like Bill Daley, who aren’t congressionally approved? That’s a bit dicier. (Which is part of the reason it’s so dangerous to have our drone targeting done in NSC where it eludes easy congressional oversight.)

A pity Republicans made such a stink over the HJC subpoenaing Karl Rove and David Addington and backed Bush’s efforts to prevent Condi Rice from testifying, huh?

The other problem is that Smith’s list, by design, won’t reveal who leaked the stories he’s investigating. He says he wants to investigate 7 leaks.

Smith said the committee intends to focus on seven national security leaks to the media. They include information about the Iran-targeted Stuxnet and Flame virus attacks, the administration’s targeted killings of terrorism suspects and the raid which killed Usama bin Laden.

Smith wants to know how details about the operations of SEAL Team Six, which executed the bin Laden raid in Pakistan, wound up in the hands of film producers making a film for the president’s re-election. Also on the docket is the identity of the doctor who performed DNA tests which helped lead the U.S. to bin Laden’s hideout.

But his list doesn’t include everyone who is a likely or even certain leaker.

Take StuxNet and Flame. Not only has Smith forgotten about the programmers (alleged to be Israeli) who let StuxNet into the wild in the first place–once that happened, everything else was confirmation of things David Sanger and security researchers were able to come up with on their own–but he doesn’t ask to speak to the Israeli spooks demanding more credit for the virus.

Read more

Security Clearance Tyranny

Let’s review three data points on security clearances. They’ll show that our system of security clearances are increasingly becoming an arbitrary system of control that does more to foster cowed national security employees than to foster actual national security.

We’ve already discussed one of these data points: James Clapper’s decision to add an as-yet undefined question to Intelligence Community polygraphs probing unauthorized (but not authorized) disclosure of classified information.

First, those agencies within the IC that have mandatory lie detector tests will add an unspecified question about “unauthorized disclosure of classified information.”

(1) mandating that a question related to unauthorized disclosure of classified information be added to the counterintelligence polygraph used by all intelligence agencies that administer the examination (CIA, DIA, DOE, FBI, NGA, NRO, and NSA).

Not only does this cover just some who might have access to classified information, leaving some agencies, contractors, Congressional employees, and White House employees, not to mention our international intelligence partners, in the clear. But it also brackets off the “authorized” disclosure of classified information.

It’s a bad decision because it doesn’t end the asymmetrical abuse of classified information and it’s a bad decision because polygraphs are unreliable.

But it’s also unreliable because at least one of the IC agencies involved slated for this new question–the National Reconnaissance Office–has already been conducting fishing expeditions during polygraphs to find sensitive information.

The National Reconnaissance Office is so intent on extracting confessions of personal or illicit behavior that officials have admonished polygraphers who refused to go after them and rewarded those who did, sometimes with cash bonuses, a McClatchy investigation found.

The disclosures include a wide range of behavior and private thoughts such as drug use, child abuse, suicide attempts, depression and sexual deviancy. The agency, which oversees the nation’s spy satellites, records the sessions that were required for security clearances and stores them in a database.

As McClatchy reports, the NRO pursued such confessions–which are outside the scope of what they’re supposed to ask–even after they were warned to stop.

What’s particularly troubling is that the NRO is not using this information–or not in the most obvious way, by prosecuting those who reveal past crimes. Read more

James Clapper’s Anti-Leak Efforts Will Increase Information Asymmetry

As Charlie Savage and others report, Director of National Security James Clapper has instituted new efforts to crack down on leaks. The plan has two aspects. First, those agencies within the IC that have mandatory lie detector tests will add an unspecified question about “unauthorized disclosure of classified information.”

(1) mandating that a question related to unauthorized disclosure of classified information be added to the counterintelligence polygraph used by all intelligence agencies that administer the examination (CIA, DIA, DOE, FBI, NGA, NRO, and NSA).

Not only does this cover just some who might have access to classified information, leaving some agencies, contractors, Congressional employees, and White House employees, not to mention our international intelligence partners, in the clear. But it also brackets off the “authorized” disclosure of classified information. Heck, it might not even cover any of the leaks currently under investigation.

Then there’s the authorization of IC Inspectors General to investigate leaks that DOJ declines to pursue.

(2) requesting the Intelligence Community Inspector General lead independent investigations of selected unauthorized disclosure cases when prosecution is declined by the Department of Justice. The IC IG will establish and lead a task force of IC inspectors general to conduct ind ependent investigations, pursuant to his statutory authority and in coordination with the Office of the National Counterintelligence Executive. This will ensure that selected unauthorized disclosure cases suitable for administrative investigations are not closed prematurely.

As Savage has noted (and this report he links makes clear) the vast majority of leaks are not prosecuted. That’s partly because information is so widely distributed that identifying a sole leaker becomes legally problematic if not impossible more generally. In addition, many leak prosecutions would risk disclosing more classified information than simply letting the alleged leaker go free (this is probably why the Bush and Obama Administrations tried to trump up a charge against Thomas Drake rather than charge known leakers who exposed the illegal wiretap program).

Clapper’s solution will instead have Inspectors General pursue suspected leakers instead. Not only would this free investigative methods from evidentiary rules (so for example, IGs might use wiretaps and other intrusive investigative techniques because they would never need to be disclosed or not in court). The secrecy of such investigations would also make the exposure of selective prosecution impossible. And given the impunity with which the government can give or withdraw clearances, it would mean those unfairly targeted would have no recourse.

All this might be less problematic if the IC IG hadn’t already proven himself to serve government cover-ups rather than the citizens of this country. But as it is, this scheme is ripe for abuse.

Which won’t end leaking. Instead, it’ll make whistleblowing even riskier, as compared with sanctioned leaks, than it already is. Which, so long as Congressional oversight committees refuse to exercise any oversight, will mean the intelligence committee will operate with further unchecked power.

The Only Independent Reviewer of Targeting and Minimization Refuses to Review It

On May 4, Senate Intelligence Committee members Ron Wyden and Mark Udall asked the Intelligence Community Inspector General to determine whether it was feasible to determine how many US persons have been spied on under the FISA Amendments Act.

The Temporally Perfect Fuck You

On May 22, the Committee marked up the renewal of the Act. During consideration of the bill, the Committee rejected Wyden and Udall’s efforts to require the IGs quantify such numbers based on their pending request to the IGs.

During the Committee’s consideration of this legislation, several Senators expressed a desire to quantify the extent of incidental collection under Section 702. I share this desire. However, the Committee has been repeatedly advised by the ODNI that due to the nature of the collection and the limits of the technology involved, it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority. Senators Ron Wyden and Mark Udall have requested a review by the Inspector General of the NSA and the Inspector General of the Intelligence Community to determine whether it is feasible to estimate this number. The Inspectors General are conducting that review now, thus making an amendment on this subject unnecessary. SSCI report on the bill reminds that the IC IGs are authorized–but not required too–conduct reviews of Section 702.

Note, elsewhere the bill report includes these authorized but not mandatory reviews as part of the “robust oversight” of this spying program.

In addition, the Inspectors General of the Department of Justice and certain elements of the Intelligence Community are authorized to review the implementation of Section 702 and must provide copies of any such reviews to the Attorney General, DNI, and congressional committees of jurisdiction.

Yet in rejecting the motion to actually mandate a review, Dianne Feinstein’s report emphasizes that this authority is optional.

Also while marking up the bill, Wyden and Udall attempted to direct the Committee’s Technical Advisory Group to review what was really going on with the FAA. That motion was ruled out of order (Kent Conrad joined Wyden and Udall on this one vote–otherwise the committee voted against all their efforts for greater oversight).

We also proposed directing the committee’s Technical Advisory Group to study FISA Amendments Act collection and provide recommendations for improvements. We were disappointed that our motion to request that the Technical Advisory Group study this issue was ruled by our colleagues to be out of order.

As a result, the bill was voted out of committee on May 22 without any requirement that the intelligence community report on how many US persons it is spying on with FAA.

On June 15, the IC IGs finally got back to Wyden and Udall. (h/t Wired) Note the dates cited in the response.

On 21 May 2012, I informed you that the NSA Inspector General, George Ellard, would be taking the lead on the requested feasibility assessment, as his office could provide an expedited response to this important inquiry.

The NSA IG provided a classified response on 6 June 2012. I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

As I stated in my confirmation hearing and as we have specifically discussed, I firmly believe that oversight of intelligence collection is a proper function of an Inspector General. I will continue to work with you and the Committee to identify ways that we can enhance our ability to conduct effective oversight. [my emphasis]

So IC IG Charles McCullough waited 17 days to even tell Wyden what he was going to do with the request, at which point–the eve of the bill markup–he told Wyden that Ellard would prospectively conduct the inquiry. So when the Committee decided not to mandate an IG review based on the “pending” review, it had not started yet. Read more

Ron Wyden: “An Obvious Question I Have Not Answered”

In the background of the larger drama of the leak witch hunts is a paragraph that, to me, summarizes where the balance between secrecy and sanity is in our country.

An obvious question that I have not answered here is whether any warrantless searches for Americans’ communications have already taken place. I am not suggesting that any warrantless searches have or have not occurred, because Senate and committee rules regarding classified information generally prohibit me from discussing what intelligence agencies are actually doing or not doing. However, I believe that we have an obligation as elected legislators to discuss what these agencies should or should not be doing, and it is my hope that a majority of my Senate colleagues will agree with that searching for Americans’ phone calls and emails without a warrant is something that these agencies should not do.

This is the language Ron Wyden used to attempt to persuade his colleagues to join his opposition to the reauthorization of the FISA Amendments Act without first including protections for Americans’ communications. A very similar paragraph appeared at the end of Wyden and Mark Udall’s dissent from the Senate Intelligence Report on the legislation.

Now, I have already shown that even leak witch hunt convert Dianne Feinstein (who supports reauthorization without telling citizens what the legislation really does) made it clear that while NSA may not target Americans under FAA, the agency does query information collected under FAA to find the communications of Americans. That is, DiFi herself made it clear that the communications collected “incidentally” are fair game for review. And both the Wyden/Udall dissent and the exchange Wyden had with Director of National Intelligence James Clapper last year–which he re-released in conjunction with his hold–make it more clear that the government is reviewing Americans’ communications it collects in the guise of “targeting” non-US persons.

Everyone–Wyden, DiFi, DNI Clapper–admit that the government is accessing Americans’ communications under FAA; it’s just the latter two are pretending they’re not doing so by hiding behind the magic word “targeting.”

With that said, let’s look at Wyden’s paragraph closely and what it says about democracy in the age of secrecy. The first sentence reads like CYA, insulation against any accusation that Wyden has revealed classified information.

An obvious question that I have not answered here is whether any warrantless searches for Americans’ communications have already taken place.

Yet at the same time, Wyden defines the question that DiFi refuses to answer clearly: whether or not the government is using FAA to conduct warrantless searches of Americans’ communications.

It’s an obvious question, Wyden continues, but he’s not legally permitted to answer it.

I am not suggesting that any warrantless searches have or have not occurred, because Senate and committee rules regarding classified information generally prohibit me from discussing what intelligence agencies are actually doing or not doing.

That said, Wyden makes it clear he knows the answer. Read more

Yet More White House Involvement in FOIA Responses

As I’ve been writing my series on the Administration’s extensive efforts to hide all mention of what I have decided to call the Gloves Come Off Memorandum of Notification, this passage from Daniel Klaidman’s article on the Administration’s equivocations about revealing information on the Anwar al-Awlaki killing has been nagging me.

Another senior official expressing caution about the plan was Kathryn Ruemmler, the White House counsel. She cautioned that the disclosures could weaken the government’s stance in pending litigation. The New York Times has filed a lawsuit against the Obama administration under the Freedom of Information Act seeking the release of the Justice Department legal opinion in the Awlaki case. (The department has declined to provide the documents requested.)

The suggestion here is that White House Counsel Kathryn Ruemmler didn’t want to affirmatively reveal details about Awlaki’s killing because doing so would mean they’d have to reveal details in the ACLU and NYT’s FOIAs for … the same information.

That never really made sense (though I never dwelt too much on it because the Administration’s stance on secrecy rarely makes sense).

But in the last few days, I’ve been wondering if Ruemmler was thinking not about the drone FOIA–about revealing details of one element authorized by the Gloves Come Off MON–but instead thinking about the MON itself. After all, if the government reveals one (torture) after another (drones) of the programs authorized by the Gloves Come Off MON, then it gets harder and harder to claim the whole MON must remain secret. And remember, still to be litigated in the torture FOIA is the MON itself, in addition to what I believe are references to it in the title of the Tenet memo.

And while this may mean nothing, the government has been stalling on its response to the drone FOIA. Back on April 9, the government asked for 10 more days to respond to the FOIA. Judge Colleen McMahon responded by snipping, “Ok, but dont ask for any more time. If government official can give speeches about this matter without creating security problem, any involved agency can.” Yet in spite of her warning, they asked for an additional month-long extension today.

We write respectfully on behalf of the Department of Justice and the Central Intelligence Agency (collectively, the “Government”) to seek a further extension until May 21, 2012, of the Government’s deadline to file its consolidated motion for summary judgment in these related Freedom of Information Act cases seeking records pertaining to alleged targeted lethal operations directed at U.S. citizens and others affiliated with al Qaeda or other terrorist groups. Attorney General Eric H. Holder, Jr. has personally directed us to seek this additional time to allow the Government to finalize its position with regard to the sensitive national security matters presented in this case.

We are mindful of the Court’s admonition in its April 9, 2012, order that the Government not seek an further extensions of its briefing deadline, and we do not take this request lightly. Given the significance of the matters presented in this case, the Government’s position is being deliberated at the highest level of the Executive Branch. It has become clear that further consultation and discussion at that level of the Executive Branch is necessary before the Government can make its submission to the Court.

Read more

The “Oversight” over NCTC’s Not-Terrorist-Terrorist Database

Back when John Negroponte appointed him to be the Director of National Intelligence’s Civil Liberties Protection Officer, Alexander Joel admitted he had no problem with Cheney’s illegal domestic wiretap program.

When the NSA wiretapping program began, Mr. Joel wasn’t working for the intelligence office, but he says he has reviewed it and finds no problems. The classified nature of the agency’s surveillance work makes it difficult to discuss, but he suggests that fears about what the government might be doing are overblown.

“Although you might have concerns about what might potentially be going on, those potentials are not actually being realized and if you could see what was going on, you would be reassured just like everyone else,” he says.

That should trouble you, because he’s the cornerstone of oversight over the National Counterterrorism Center’s expanded ability to obtain and do pattern analysis on US person data.

The Guidelines describe such oversight to include the following:

  • Periodic spot checks overseen by CLPO to make sure database use complies with Terms and Conditions
  • Periodic reviews to determine whether ongoing use of US person data “remains appropriate”
  • Reporting (the Guidelines don’t say by whom) of any “significant failure” to comply with guidelines; such reports go to the Director of NCTC, the ODNI General Counsel, the CLPO, DOJ (it doesn’t say whom at DOJ), and the IC Inspector General; note, the Guidelines don’t require reporting to the Intelligence Oversight Board, which should get notice of significant failures
  • Annual reports from the Director of NCTC on an (admittedly worthwhile) range of metrics on performance to the Guidelines; this report goes to the CLPO, ODNI General Counsel, the IC IG, and–if she requests it–the Assistant Attorney General for National Security

There are a few reasons to be skeptical of this. First, rather than replicate the audits recently mandated under the PATRIOT Act–in which the DOJ Inspector General develops the metrics, these Guidelines have NCTC develop the metrics themselves. And they’re designed to go to the CLPO, who officially reports to the NCTC head, rather than an IG with some independence.

That is, to a large extent, this oversight consists of NCTC reporting to itself.

Read more

Does NCTC Have the Minimal Data Security to Guard Its New Not-Terrorist-Terrorist Database?

As I noted here and here, yesterday the Director of National Intelligence and DOJ rolled out new Guidelines allowing the National Counterterrrorism Center to acquire non-terrorist datasets from federal agencies–including US person data–so they can do pattern analysis on those datasets and pass off the resulting data to other agencies.

When intelligence officials wanted to explain to Charlie Savage how this would work, they pointed to a State Department dataset–visa applications–as one dataset NCTC might now access directly.

A person from Yemen applies for a visa and lists an American as a point of contact. There is no sign that either person is a terrorist. Two years later, another person from Yemen applies for a visa and lists the same American, and this second person is a suspected terrorist.

Under the existing system, they said, to discover that the first visa applicant now had a known tie to a suspected terrorist, an analyst would have to ask the State Department to check its database to see if the American’s name had come up on anyone else’s visa application — a step that could be overlooked or cause a delay. Under the new rules, a computer could instantly alert analysts of the connection.

The State Department is, of course, still reportedly recovering from the fact that because of DOD’s lax network security, 250,000 diplomatic cables got liberated for the world to see.

Not surprisingly, then, the new Guidelines appear determined to reassure original dataset owners that their data won’t be compromised by sharing it with NCTC (which can then share it with other elements of the Intelligence Community and even foreign allies). You can tell they’re serious about this, because it’s one of the places they occasionally use “shall” (in other sensitive areas, they use the squishier “will”).

For access to or acquisition of specific datasets, the DNI, or the DNI’s designee, shall collaborate with the data provider to identify any legal constraints, operational considerations, privacy or civil rights or civil liberties concerns and protections, or other issues, and to develop appropriate Terms and Conditions that will govern NCTC’s access to or acquisition of datasets under these guidelines.

[snip]

In addition to the [general requirements laid out for sharing this data], at the time when NCTC acquires a new dataset or a new portion of a dataset, the Director of NCTC shall determine, in writing, whether enhanced safeguards, procedures, and oversight mechanisms are needed.

Though this bold approach almost immediately breaks down, as the Guidelines not only revert to “will,” but–worse–dig out the passive voice when describing the data transfer.

Measures will be put into place to ensure that the dataset is received and stored in a manner to prevent unauthorized access and use prior to the completion of replication.

And when the Guidelines get into specifics, they use that passive “will” again.

Access to these datasets will be monitored, recorded, and audited. This includes tracking of logons and logoffs, file and object manipulation, and changes, and queries executed, in according with audit and monitoring standards applicable to the Intelligence Community.

Who will (“shall”) implement these data security measures? What if he or she fails to do so adequately?

It’s a really, really important question because–as this year’s intelligence authorizations make clear, the Intelligence Community does not yet have insider threat detection–the kind of security that would permit these audits–and they’re not going to get it until 18 months from now. Hell, they’re not even going to start getting it until 6 months from now!

(a) Initial Operating Capability.–Not later than October 1, 2012, the Director of National Intelligence shall establish an initial operating capability for an effective automated insider threat detection program for the information resources in each element of the intelligence community in order to detect unauthorized access to, or use or transmission of, classified intelligence.

Read more

The National Counterterrorism Center Just Declared All of Us Domestic Terrorists

I’m going to have a series of posts on the new National Counterterrorism Center data sharing guidelines. As a reminder, the whole point of these guidelines is to allow the NCTC to obtain information on US persons, dump it into their datamining, and then ultimately pass it on. In this, I’ll show how, by magic of cynical bureaucracy, the government is about to turn non-terrorist data into terrorist data.

Here’s how that trick is accomplished rhetorically. In the Background section (and in one or two other places), the document includes this language to legally justify throwing US person data into big databases to be data mined. It starts by laying out NCTC’s data mandate:

[NCTC] shall “serve as the primary organization in the United States for analyzing and integrating all intelligence possessed or acquired by the United States Government pertaining to terrorism and counterterrorism, excepting intelligence pertaining exclusively to domestic terrorists and domestic counterterrorism.

It blathers on about how NCTC also has the responsibility to request information and pass it on. This is the legal language they’re going to translate to mean the opposite of what it says.

Jumping ahead a bit, the guidelines acknowledges that NCTC is only supposed to have access, if needed, to domestic terrorism information.

In the National Security Act of 1947, as amended, Congress recognized that NCTC must have access to a broader range of information than it has primary authority to analyze and integrate if it is to achieve its missions. The Act thus provides that NCTC “may, … receive intelligence pertaining exclusively to domestic terrorism from any Federal, State, or local government or other source necessary to fulfill its responsibility and retain and disseminate intelligence.” [my emphasis]

See that? It can have all the foreign terrorism information, and then if it needs to, it can have the domestic terrorism information.

Now, going back a few lines, it takes this authority–“pertaining exclusively to domestic terrorism”–and uses it to get … everything.

NCTC’s analytic and integration efforts … at times require it to access and review datasets that are identified as including non-terrorism information in order to identify and obtain “terrorism information,” as defined in section 1016 of the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004, as amended. “Non-terrorism information” for purposes of these Guidelines includes information pertaining exclusively to domestic terrorism, as well as information maintained by other executive departments and agencies that has not been identified as “terrorism information” as defined by IRTPA. [my emphasis]

Note that bolded section is not a citation from existing law. It is, instead, NCTC turning NCTC’s authority to sometimes get domestic terrorism information into authority to get any dataset maintained by any executive agency that NCTC believes might include some information that might be terrorism information.

Those of us in the US Government’s tax, social security, HHS, immigration, military, and other federal databases? We’ve all, by bureaucratic magic, been turned into domestic terrorists.

Now, NCTC seems to understand what a grasp this is, so it deploys one more rhetorical effort, this time noting that the Director of National Intelligence–to whom NCTC reports–also gets access to all national security intelligence.

[The National Security Act] provides that “[u]nless otherwise directed by the President, the Director of National Intelligence shall have access to all national intelligence and intelligence related to hte national security which is collected by any federal department, agency, or other entity…”

So in addition to all of us in government databases–that is, all of us–being deemed domestic terrorists, the data the government keeps to track our travel, our taxes, our benefits, our identity? It just got transformed from bureaucratic data into national security intelligence.

We are all, now, first and foremost potential terrorists now. Only after NCTC destroys our data in five years (if they don’t find some excuse to keep it before then) will we become citizens again.

Will SCOTUS Invent a “Database-and-Mining” Exception to the Fourth Amendment?

As I noted yesterday, the Administration appealed the 2nd Circuit Decision granting review of the FISA Amendments Act to the Supreme Court last week. I wanted to talk about their argument in more detail here.

Over at Lawfare, Steve Vladeck noted that this case would likely decide whether and what the “foreign intelligence surveillance” exception to the Fourth Amendment, akin to “special needs” exceptions like border searches and drug testing.

Third, if the Court affirms (or denies certiorari), this case could very well finally settle the question whether the Fourth Amendment’s Warrant Clause includes a “foreign intelligence surveillance exception,” as the FISA Court of Review held in the In re Directives decision in 2008. That’s because on the merits, 50 U.S.C. § 1881a(b)(5) mandates that the authorized surveillance “shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.” Thus, although it is hard to see how surveillance under § 1881a could violate the Fourth Amendment, explication of the (as yet unclear) Fourth Amendment principles that govern in such cases would necessarily circumscribe the government’s authority under this provision going forward (especially if In re Directives is not followed…).

I would go further and say that this case will determine whether there is what I’ll call a database-and-mining exception allowing the government to collect domestic data to which no reasonable suspicion attaches, store it, data mine it, and based on the results of that data mining use the data itself to establish cause for further surveillance. Thus, it will have an impact not just for this warrantless wiretapping application, but also for things like Secret PATRIOT, in which the government is collecting US person geolocation data in an effort to be able to pinpoint the locations of alleged terrorists, not to mention the more general databases collecting things like who buys hydrogen peroxide.

I make a distinction between foreign intelligence surveillance and “database-and-mining” exceptions because the government is, in fact, conducting domestic surveillance under these programs and using it to collect intelligence on US persons (indeed, when asked about Secret PATRIOT earlier this month, James Clapper invoked “foreign or domestic” intelligence in the context of Secret PATRIOT). The government has managed to hide that fact thus far by blatantly misleading the FISA Court of Review in In re Directives and doing so (to a lesser degree) here.

In In re Directives, the government misled the court in two ways. First, according to Russ Feingold, the government didn’t reveal (and the company challenging the order didn’t have access to) information about how the targeting is used. The amendments he tried to pass–and which Mike McConnell and Michael Mukasey issued veto threats in response to–suggest some of the problems Feingold foresaw and the intelligence community refused to fix: reverse targeting, inclusion of US person data in larger data mining samples, and the retention and use of improperly collected information.

The government even more blatantly misled the FISCR with regards to what it did with US person data.

The petitioner’s concern with incidental collections is overblown. It is settled beyond peradventure that incidental collections occurring as a result of constitutionally permissible acquisitions to not render those acquisitions unlawful.9 [citations omitted] The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.

9 The petitioner has not charged that the Executive Branch is surveilling overseas persons in order intentionally to surveil persons in the United States. Because the issue is not before us, we do not pass on the legitimacy vel non of such a practice.

The notion that the government doesn’t have this US person data in a database is farcical at this point, as the graphic above showing the relative size of the NSA’s data center in UT–which I snipped from this larger ACLU graphic–makes clear (though the government’s unwillingness to be legally bound to segregate US person data made that clear, as well). Read more