Posts

Findings versus Law: “The Intelligence Community Does Not Task Itself”

Predictably, Ben Wittes adopted the Shane Harris piece airing NSA gripes about the White House’s flaccid defense of them as part of Lawfare’s Empathy for Wiretappers series (brought to you in part by NSA contractor Northrop Grumman!).

In his commentary on the piece, Wittes compares Bush’s defense of torture (which Wittes calls coercive interrogation) and warrantless wiretapping (I assume he means the illegal warrantless wiretapping, as distinct from the warrantless wiretapping permitted under the existing legally sanctioned program) with Obama’s relative silence on NSA’s programs.

Another comparison would be to the way President Bush handled the firestorms over NSA’s warrantless wiretapping program and the CIA’s coercive interrogation program. Whatever one thinks of the programs in question, in my view the comparison does not flatter Obama.

Say what you will about Bush and the CIA’s interrogation program; there’s no question that he owned it. Nobody in the public ever thought that the program belonged to then-CIA Director George Tenet—though Tenet certainly was an enthusiastic executor. It was Bush’s program, and the reason it came off this way was that Bush publicly, repeatedly, and personally defended it. He made speeches about it. He wrote about it in his book. He never ran away from it. Nor, notably, did his attorney general. Similarly, Bush never ran away from warrantless wiretapping program. We associate him so personally with these programs, because he stoutly stood by them.

Obama has a lot on his plate right now. But he and his White House should not be leaving defense of intelligence programs he believes in to the intelligence community. Nor should Eric Holder, whose department convinced the FISA Court of the legal views currently at issue and oversees day-to-day FISA collection activity at NSA.

The intelligence community does not task itself. And when the political leadership tasks it to do something that then engulfs it in controversy, it should be a matter of honor not to let it dangle in the breeze.

As a threshold matter, who in their right mind would ask Eric Holder to defend a program? For better or worse, he has no more credibility right now than James Clapper or Keith Alexander, particularly among conservatives who believe he’s responsible for Fast and Furious. That may make him ineffective as an AG, but that is the AG Obama has chosen to retain.

Furthermore, which Attorney General does Ben have in mind that also defended these programs (or does he mean just torture?). Not only did John Ashcroft refuse to reauthorize parts of the illegal wiretap program, but Alberto Gonzales lied about it to get confirmed as Attorney General. Or does he mean Michael Mukasey, who by all appearances sold his soul at a meeting with David Addington, promising he wouldn’t oppose torture, in order to become Attorney General in the first place?

But I’m more interested, generally, in what I consider an inapt comparison.

One can argue that the President should aggressively defend whatever intelligence activities take place under his watch. But there is a big difference between the illegal wiretap and torture programs — which were authorized by a Presidential Directive and Finding, respectively — and the surveillance programs being exposed as a result of the Snowden  leaks — which were authorized by law.

In the former case, the intelligence agencies are all the more reliant on the President’s vocal defense, because without it they are entirely illegal. And for better and worse, the President should (but didn’t, at least not in the case of torture) pay close attention to the execution of those programs because he’s on the hook for them himself. That makes it much harder for the President to criticize any violations of the programs he authorized (like torture contractors James Mitchell and Bruce Jessen exceeding the terms of the program).

To the extent that the Intelligence Committees operate within the terms of the law, the same could be said of congressionally sanctioned programs.

That’s not what we’re talking about here. We’re talking about phone dragnet, Internet dragnet, and upstream collection, all of which violated the laws and/or Court ordered procedures authorizing them. When the government moved the phone dragnet under Section 215, it retained access for other agencies, performed contact chaining on unapproved selectors, and allowed access to the database from other NSA interfaces, old features of the illegal program that should have been turned off in 2006. We don’t know what the Internet dragnet violations were, but they’re likely also continuations of the illegal program. And NSA used FISA to intentionally target (according to John Bates) US person communications, in violation of the law and the Fourth Amendment, but also a practice that continued from the illegal program.

And the phone dragnet and (presuming they were discovered as part of the end-to-end review, though if they weren’t it’d be even more damning) Internet dragnet violations were admitted, after having persisted for 3 years, just as Obama entered the White House. The phone dragnet violations, at least, did not operate unchecked under the Obama Administration.

Further, as I noted yesterday, the woman now being criticized for her silence, Lisa Monaco, is one of the handful of people who had to ride herd on NSA as DOJ’s National Security Division brought NSA practices into compliance with the actual letter of the law.

I’d like to learn more about the tensions between Agencies as the Administration tried to bring the NSA programs into line with the letter of the law and FISC orders. Perhaps NSA worked proactively to reveal and fix everything (though the record seems to suggest the opposite). Perhaps it didn’t, and David Kris and Lisa Monaco had to push to force them to comply. But under Keith Alexander, the NSA failed to stay within the letter of the law (which ought to be reason enough to fire him). That makes the problems now being revealed substantively different from the torture and illegal wiretap programs, where the Executive only had to comply with what the President personally bought off on.

It may well be that Obama has approved all of what we’re seeing (he certainly approved an expanded StuxNet so should be held responsible for much of the hacking we’re doing; note that our offensive attacks actually are parallel to the covert programs raised by Wittes), though he couldn’t have approved the phone dragnet violations. It may well be that his Administration instead reined them in as soon as they discovered them, with whatever cooperation or resistance from NSA. We simply don’t know.

But an Agency violating the letter of the law and court orders affirmatively authorizing their actions is qualitatively different than an Agency violating the law based on direct orders from the President.

Shorter Rupp: We Inform Members at Briefings They Can’t Attend Because They’re Too Busy

Since it became clear Mike Rogers had chosen not to pass on the Administration’s notice of phone dragnet problems, I’ve been wondering if he did the same with any notice about the FISA Amendments Act upstream problems.

In response to a query from Politico, Rogers and his counterpart Dutch Ruppersberger seem to suggest they did not pass on the notice.

Moreover, the House leaders who held the keys to the report did not loudly broadcast its existence to the rest of the chamber. The chairman of the Intelligence Committee, Rogers, and the panel’s ranking Democrat, Dutch Ruppersberger of Maryland, declined to say whether they even had sent a letter in 2012 informing members there had been a critical document to view. Hill sources say they don’t recall anything of the sort.

More telling still, though, is Rupp’s justification for providing briefings instead of the actual white paper.

Party leaders did hold unclassified and classified briefings on FISA, but they occurred just days before the House’s September 2012 vote to reauthorize the law. The Republican briefing, for example, occurred only two days before the House approved the FISA Amendments Act, according to an invite obtained by POLITICO. Yet nowhere in the message, sent Sept. 7, 2012, is any mention of the White House white paper on FISA oversight — the document that detailed how the agency had erred in collecting U.S. communications.

Committee leaders, though, stress they acted appropriately. “Members were notified of the contents of the white paper through the briefing,” Ruppersberger told POLITICO. “We felt that a briefing was an appropriate way to notify members of this important issue so that they would have the opportunity to get all of their questions answered immediately.”

The congressman continued: “Some members chose to take advantage of a briefing and some did not. We thought offering a briefing shortly before the vote was held would work best with members’ busy schedules and keep the issue fresh in their minds as they cast their vote.” [my emphasis]

In his explanation, Rupp explains that members have busy schedules.

And his accommodation for those busy schedules was to require members who want to be informed on issues they didn’t receive notice of adjust their busy schedule to show up at one of two briefings, rather than go to a SCIF to read a document during whatever time is most convenient for them. Indeed, I’ve heard from members that that’s part of the problem with briefings — they require people to drop all their other important issues and cater to Rogers’ and Rupp’s schedules, instead. All to learn about issues not identified in the meeting notice.

I’d add two points to the Politico piece. First, while it notes that the notice pitched the 2011 compliance problems as an example of functional oversight, there’s another problem with it. It doesn’t appear to reveal that some agency (probably FBI) already did, and the NSA newly started searching on incidentally collected US person data. Thus, it left out one of the most crucial aspects of the 2011 opinion, that it permitted the access to US person communications without a warrant.

And then a persnickety issue. Politico makes this claim.

The Washington Post first revealed that lapse in PATRIOT Act oversight in August, which at the time Rogers acknowledged “very few members” had taken advantage of any related briefing opportunities.

As the reporter admitted he knew, the WaPo did not, in fact, “first” reveal the earlier failure to pass on the notice. The WaPo reporting followed my own and the Guardian’s, as well as several other sites. The whole issue of “first” is stupid, but why use it, particularly if you know it is factually inaccurate?

6 Years Later, Are the Internet Companies Trying to Expose Telecoms Stealing Their Data, Again?

Update: And now this, too, has been halted because of the shutdown (h/t Mike Scarcella). This motion suggests the government asked the Internet companies for a stay on Friday. This one suggests the Internet companies asked the government for access to the classified information in the government filing, but the government told them they can’t consider that during the shut-down. 

As Time lays out, unlike several of the other NSA-related transparency lawsuits, the fight between the government and some Internet companies (Google, Yahoo, Facebook, Microsoft, and LinkedIn, with Dropbox as amicus) continues even under government shut-down. The government’s brief and declaration opposing the Internet bid for more transparency is now available on the FISA Court docket.

Those documents — along with an evolving understanding of how EO 12333 collection works with FISA collection — raise new questions about the reasons behind the government’s opposition.

When the Internet companies originally demanded the government permit them to provide somewhat detailed numbers on how much information they provide the government, I thought some companies — Google and Yahoo, I imagined — aimed to show they were much less helpful to the government than others, like Microsoft. But, Microsoft joined in, and it has become instead a showdown with Internet companies together challenging the government.

Meanwhile, the phone companies are asking for no such transparency, though one Verizon Exec explicitly accused the Internet companies of grandstanding.

In a media briefing in Tokyo, Stratton, the former chief operating officer of Verizon Wireless, said the company is “compelled” to abide by the law in each country that it operates in, and accused companies such as Microsoft, Google, and Yahoo of playing up to their customers’ indignation at the information contained in the continuing Snowden leak saga.

Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”

“This is a more important issue than that which is generated in a press release. This is a matter of national security.”

Stratton said the larger issue that failed to be addressed in the actions of the companies is of keeping security and liberty in balance.

“There is another question that needs to be kept in the balance, which is a question of civil liberty and the rights of the individual citizen in the context of that broader set of protections that the government seeks to create in its society.”

With that in mind, consider these fascinating details from the government filings.

  • The FBI — not the NSA — is named as the classification authority and submits the declaration (from Acting Executive Assistant Director Andrew McCabe) defending the government’s secrecy claims
  • The government seems concerned about breaking out metadata numbers from content (or non-content from non-content and content, as Microsoft describes it), even while suggesting this is about providing our “adversaries” hints about how to avoid surveillance
  • The government suggests some of what the Internet companies might disclose doesn’t fall under FISC’s jurisdiction

All of these details lead me to suspect (and this is a wildarsed guess) that what the government is really trying to hide here is how they use upstream metadata collection under 12333 to develop relatively pinpointed requests for content from Internet companies. If the Internet companies disclosed that, it would not only make their response seem much more circumscribed than what we’ve learned about PRISM, but more importantly, it would reveal how the upstream, unsupervised collection of metadata off telecom switches serves to target this collection.

The FBI as declarant

Begin with the fact that the FBI — and not NSA or ODNI — is the declarant here. I can think of two possible reasons for this.

One, that much of the collection from Internet companies is done via NSL or another statute for which the FBI, not the NSA, would submit the request. There are a number of references to NSLs in the filings that might support this reading. [Correction: FBI is not required to submit NSLs in all cases, but they are in 18 USC 2709, which applies here.]

It’s also possible, though, that the Internet companies only turn over information if it involves US persons, and that the government gets all other content under EO 12333. As with NSLs, the FBI submits applications specifically for US person data, not the NSA. But if that’s the case, then this might point to massive parallel construction, hiding that much of the US person data they collect comes without FISC supervision.

And remember — the FBI seems to have had the authority to search incidentally collected (presumably, via whatever means) US person data before the NSA asked for such authority in 2011.

There may be other possibilities, but whatever it is, it seems that the FBI would only be the classification authority appropriate to respond here if they are the primary interlocutor with the Internet companies — at least within the context of collection achieved under the FISA Court’s authority.

Breaking out metadata from content numbers and revealing “timing”

While the government makes an argument that revealing provider specific information would help “adversaries” to avoid surveillance, two other issues seem to be of more acute concern.

First, it suggests Google and Microsoft’s request to break out requests by FISA provision — and especially Microsoft’s request to “disclose separate categories for ‘non-content’ requests and ‘content and non-content requests” — brought negotiations to a head (see 2-3). This suggests we would see a pretty surprising imbalance there — perhaps (if my theory that the FBI goes to Internet companies only for US person data is correct) primarily specific orders (though that would seem to contradict the PRISM slide that suggested it operated under Section 702). It also suggests that the Internet companies may be providing either primarily content or primarily metadata, not both (as we might expect under PRISM).

The government is also concerned about revealing “the timing of when the Government acquires certain surveillance capabilities.” (see brief 19; the brief references McCabe’s discussion of timing, but the discussion is entirely redacted). That’s interesting because these are to a large extent (though not exclusively) storage companies. It may suggest the government is only asking for data stored in the Internet companies’ servers, not data that is in transit.

The FISC may not have jurisdiction over all this

Then there are hints that the FISC may not have jurisdiction over all the collection involving the Internet companies. That shows up in several ways.

First, in one spot (page 17) the government refers to the subject of its brief as “FISA proceedings and foreign intelligence collection.” In other documents, we’ve seen the government distinguish FISC-governed collection from collection conducted under other authorities — at least EO 12333. Naming both may suggest that part of the jurisdictional issue is that the collection takes place under EO 12333.

There’s another interesting reference to the FISC’s jurisdiction, where the government says it wants to reveal information on the programs “overseen by this Court.”

Although the Government has attempted to release as much information as possible about the intelligence collection activities overseen by this Court, the public debate about surveillance does not give the companies the First Amendment right to disclose information that the Government has determined must remain classified.

I’m increasingly convinced that the government is trying to do a limited hangout with the Edward Snowden leaks, revealing only the stuff authorized by FISC, while refusing to talk about the collection authorized under other statutes (this likely also serves to hide the role of GCHQ). If this passage suggests — as I think it might — that the Government is only attempting to release that information overseen by the FISC, then it suggests that part of what the Internet companies would reveal does not fall under FISC.

Then there are the two additional threats the government uses — in addition to gags tied to FISA orders — to ensure the Internet personnel not reveal this information: nondisclosure agreements and the Espionage Act.

I’m not certain whether the government is arguing whether these two issues — even if formulated in conjunction with FISA Orders — are simply outside the mandate of the FISC, or if it is saying that it uses these threats to gag people engaged in intelligence collection not covered by FISA order gags.

The review and construction of nondisclosure agreements and other prohibitions on disclosure unrelated to FISA or the Courts rules and orders fall far outside the powers that “necessarily result to [this Court] from the nature of [the] institution,” and therefore fall outside the Court’s inherent jurisdiction.

Whichever it is (it could be both), the government seems intent on staving off FISC-mandated transparency by insisting that such transparency on these issues is outside the jurisdiction of the Court.

There there’s this odd detail. Note that McCabe’s declaration is not sworn under oath, but is sworn under penalty of perjury under 18 USC 1746 (see the redaction at the very beginning of the declaration) . Is that another way of saying the FISA Court doesn’t have jurisdiction over this matter? [Update: One possibility is that this is shut-down related–that DOJ’s notaries who validate sworn documents aren’t considered essential.]

The PRISM companies and the poisoned upstream fruit

One more thing to remember. Though we don’t know why, the government had to pay the PRISM companies — that is, the same ones suing for more transparency — lots of money to comply with a series of new orders after John Bates imposed new restrictions on the use of upstream data. I’ve suggested that might be because existing orders were based on poisoned fruit, the illegally collected US person data collected at telecom switches.

That, too, may explain why PRISM company disclosure of the orders they receive would reveal unwanted details about the methods the government uses: there seems to be some relation between this upstream collection and the requests the Internet companies that is particularly sensitive.

As I have repeatedly recalled, back in 2007, these very same Internet companies tried to prevent the telecoms from getting retroactive immunity for their actions under Bush’s illegal wiretap program. That may have been because the telecoms were turning over the Internet companies’ data to the government.

They appear to be doing so again. And this push for transparency seems to be an effort to expose that fact.

Update: Microsoft’s Amended Motion — the one asking to break out orders by statute — raises the initial reports on PRISM, reports on XKeyscore, and on the aftermath of the 2011 upstream problems (which I noted above). It doesn’t talk about any story specifically tying Microsoft to Section 215. However, it lists these statutes among those it’d like to break out.

1These authorities could include electronic surveillance orders, see 50 U.S.C. §§ 1801-1812; phyasical search orders, see 50 U.S.C. §§ 1821-1829; pen register and trap and trace orders, see 50 U.S.C. §§ 1841-1846; business records orders, see 50 U.S.C. §§ 1861-1862; and orders and directives targeting certain persons outside the United States, see 50 U.S.C. §§ 1881-1881g. [my emphasis]

If I’m not mistaken, the motion doesn’t reference this article, which described how the government accessed Skype and Outlook, which you’d think would be one of the ones MSFT would most want to refute, if it could. But I’ve also been insisting that they must get Skype info for the phone dragnet, otherwise they couldn’t very well claim to have the whole “phone” haystack.

But the mention of Section 215 suggests they may be included in that order.

Also, we keep seeing physical search orders included in a communication arena. I wonder if that’s a storage issue.

Update: One more note about the MSFT Amended Motion. It lists where the people involved got their TS security clearances. MSFT’s General Counsels is tied to DOD; the lawyers on the brief all are tied to FBI.

One final detail on MSFT. Though the government brief doesn’t say this, MSFT is also looking to release the number of accounts affected by various orders, not just the number of targets (which is what the government wants to release). That’s a huge difference.

Upstream US Person Collection: EO 12333 and/or FISA?

Screen shot 2013-10-04 at 2.42.00 AMKeith Alexander had a really bizarre response to a question from Mazie Hirono in Tuesday’s hearing.

SEN. HIRONO: I have one more question, Mr. Chairman. General Alexander, is PRISM the only intelligence program NSA runs under FISA Section 702?

GEN. ALEXANDER: Well, PRISM was (the statement ?), but, yes. Essentially, the only program was that — that, you know, is PRISM under 702, which under — operates under that authority for the court. But we also have programs under 703, 704 and 705.

Perhaps he was confused by her question (which came in the context of questions about the NYT’s report on the construction of dossiers, potentially on Americans). But he seems to have claimed that PRISM — the collection of Internet content from Internet providers under Section 702 — is the only way the NSA uses FISA Amendments Act to collect content.

Not only does the PRISM slide above belie that (and there’s also phone content that is not covered under PRISM).

But the government itself released the October 3, 2011 John Bates FISC opinion (and other related documents) which describes the government’s collection of Internet transactions directly from the phone company switches (see footnote 24 where Bates distinguishes between the two kinds of Section 702 Internet collection). In an attempt to spin this collection as a big mistake last week, Dianne Feinstein even confirmed that this “upstream” collection comes from the backbone operated by the phone companies.

In mid 2011, NSA notified the DOJ, the DNI, and the FISA court, and House and Senate Intelligence Committees, of a series of compliance incidents impacting a subset of NSA collection under Section 702 of FISA, known as upstream collection.

This comprises about 10 percent of all collection that takes place under 702, and occurs when NSA obtains Internet communications, such as e-mails, from certain U.S. companies that operate the Internet background;[sic] i.e., the companies that own and operate the domestic telecommunication lines over which Internet traffic flows.

So there’s PRISM, there’s phone content collection, and there’s the upstream Internet collection from the phone companies’ switches. All operated, per the 2011 Bates memo, under Section 702 (and therefore overseen by the FISA Court and Congress).

Which is why I’ve been pondering this chart and related explanation, from NSA’s internal review of compliance incidents for the first quarter of 2012.

Screen shot 2013-10-04 at 2.18.15 AM

The chart shows all the violation incidents NSA discovered under programs authorized under Executive Order 12333 — the EO that covers entirely foreign collection, over which FISC and Congress exercise much less oversight than FISA. And what NSA calls “Transit Program” violations appear in the EO 12333, not the FISA, chart. In the first quarter of 2012 (the first quarter after the government started to resolve the 702 upstream collection problems laid out in the Bates memo), Transit Program violations went up from 7 in a quarter to 27.

NSA describes Transit Program violations this way.

(TS//SI//REL TO USA, FVEY) International Transit Switch Collection*: International Transit switches, FAIRVIEW (US-990), STORMBREW (US-983), ORANGEBLOSSOM (US-3251), and SILVERZEPHYR (US-3273), are Special Source Operations (SSO) programs authorized to collect cable transit traffic passing through U.S. gateways with both ends of the communication being foreign. When collection occurs with one or both communicants inside the U.S., this constitutes inadvertent collection. From 4QCY11 to 1QCY12, there was an increase of transit program incidents submitted from 7 to 27, due to the change in our methodology for reporting and counting of these types of incidents,

That is, these “Transit Program” violations reflect the collection of US person data in upstream collection, the very same problem described in the Bates opinion.

As I’ve been puzzling through why Transit Program violations would appear under EO 12333 rather than FISA, I wondered whether NSA collects off switches under both authorities — some content that the telecoms provide after doing an initial screening (as described in this WSJ article and backhandedly confirmed by the DNI), and some programs that the NSA collects and sorts off undersea cables itself. Both FAIRVIEW and STORMBREW show up — seemingly as Section 702 collection — on the PRISM slide above, but ORANGEBLOSSOM and SILVERZEPHYR don’t (WSJ also lists OAKSTAR and LITHIUM).

If so, though, you’d expect NSA to be finding violations under both authorities, because we know the government collects US person data under the 702 authorized upstream collection (they call this unintentional but Bates deemed it intentional).

This is all the more confusing given the way former Assistant Attorney General David Kris discusses “vacuum cleaner” collection taking place under EO 12333. His paper is on metadata collection, not content, but the vacuum cleaner (that is, dragnet) collection collects content as well (and the distinction may get distorted in discussions of Internet packets).

I don’t, yet, know the answer to this question, but the question itself raises several others:

  • Given that there’s not a 702-authorized Transit Program violation category, does that mean NSA wasn’t and may still not be tracking it? That doesn’t make sense, because there are greater mandates to track these things under 702.
  • If there wasn’t a 702-authorized Transit Program violation category before the revelations to John Bates, is it possible NSA instead treated upstream collection as authorized by 12333 so as not to have to report these violations?
  • Are these known violations being reported now? Are they getting reported to Congress and the Court? Or has the NSA simply decided they’re not violations since Bates has okayed them, sort of, as intentional collection?
  • If some of the upstream collection yielding US person content operates under 12333, does it have to be treated under any minimization rules?
  • What do the 7 and 27 violation numbers reflect in relation to the figures of 10,000 SCT and 46,000 MCT estimates involving US persons provided to Bates?
  • Did these violations ever get reported to Congress and the FISC?

In short, either all this upstream collection falls under 702, in which case there’s a big question why NSA tracks it as 12333 collection. Or the NSA’s ability to operate upstream collection under both authorities raises real questions about the protections it accords US person data collected under the 12333 collection.

Update: Two more things on this.

First, remember back in 2001, John Yoo pixie dusted EO 12333, basically holding the President could change the content of it without changing the language of it publicly. That was done, according to Sheldon Whitehouse, to permit the government to “wiretap Americans traveling abroad.” But I suspect it was done to permit the government to “wiretap Americans’ communications traveling abroad” — that is, American Internet traffic that transits foreign switches.

That said, I suspect the 2010 OLC memo on using 2511(2)(f) for collection was meant to clean up some of that (and also Yoo’s reliance on claiming the Fourth Amendment didn’t apply in DOD searches of entire apartment buildings if they were searching for terrorists).

Also, remember that the language of the 2008 Yahoo opinion makes it clear that the Protect America Act — Section 702’s predecessor — relied on 12333 for particularity. While we should soon learn more (FISC is releasing much more of this opinion and underlying documents), it seems that PAA was treated as a nested program within 12333.

EFF: The Fourth Amendment Is Not Top Secret

EFF is requesting that the judge in its FOIA for the October 3, 2011 John Bates FISA Court opinion, Amy Berman Jackson, review the redactions currently in the document to ensure they are properly classified. (h/t Mike Scarcella) It argues the court should undertake such a review because disclosure of the things DOJ had previously claimed were Top Secret has now proven “the agency’s previous blanket withholding assertions were overbroad and wholly without merit.”

To support that case, they point to this passage originally withheld from production.

Upon even a cursory review of the Opinion, it is apparent, DOJ’s blanket exemption claims were far broader than the law allows. For example, this passage, according to the agency, was appropriately “classified at the TOP SECRET level” and withheld from the Opinion:

The Fourth Amendment provides:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Opinion at 67 (reciting Fourth Amendment); see also Bradley Decl., ¶ 5 (Opinion “withheld in full pursuant to FOIA Exemptions b(1) and b(3)”).

Now, I’m actually not sure about this argument. In recent years, after all, the Fourth Amendment has been almost entirely disappeared without a trace. I wouldn’t be surprised if the government had disappeared it as a conscious policy decision. So perhaps they really do maintain that the Fourth Amendment must now be hidden pursuant to the Executive Order governing classified information.

Technically, the government previously argued that revealing the existence and text of the Fourth Amendment would cause exceptionally grave harm to the United States — that’s what the Top Secret classification it withheld this material under means. [Update: Or, as Nigel puts it, that the opinion referenced the Fourth. Except that’s even more absurd because the FOIA was a response to Ron Wyden’s declassification of a statement that said the FISC had found in this opinion that the program violated the Fourth.]

We’ll see whether Judge Jackson agrees that was a reasonable claim.

“Whoa Whoa Whoa, Stop!” Dianne Feinstein Misstates the 2011 Violations

One of the most enlightening aspects of yesterday’s Senate Intelligence Hearing on FISA came when Dianne Feinstein tried to rebut witness Tim Edgar’s categorization of the 2011 violations described in John Bates October 8, 2011 opinion. In her rebuttal, she proved she either doesn’t know, doesn’t understand, or chooses to misrepresent the opinion, which found that NSA had violated the law and Fourth Amendment in its Section 702 program.

Edgar was arguing (see page 5-6) that if the FISA Court opinions were publicly released, we’d know about ridiculous semantic definitions — like “relevant” — as those definitions were invoked, not years after the fact, which would lead to greater trust in the FISC.

As his second example, he cited NSA’s collection of US person communications on upstream collection. (After 2:20)

EDGAR: [T]he NSA’s interpretation of the requirement in Section 702, for content surveillance targeting foreign persons, that those procedures must target foreign persons is also surprising. The FISA court’s recently released opinions show that communications that target foreign persons include not only communications that are to or from that person, but also those that are merely about that person in a particular narrow sense, that the selection — the selector for that person appears in the communication.

Even communications which are not to or from, or about, the foreign target at all have been acquired as the result of the manner in which some NSA collection was conducted.

DiFi interrupted him (whoa whoa whoa stop!) — and (having read his statement in advance) started reading a written rebuttal to provide her version of the 2011 violations.

FEINSTEIN: Whoa, whoa, whoa, stop. Exactly what program are you talking about?

EDGAR: In the recently released FISA court opinion about upstream collection in the compliance incidents in 2011, it was documented how information from multiple communications — what they called “multiple communications transactions” — was obtained not by mistake, but because of the way the system was designed. That included any selector that was a foreign target in the entire multi- communications transaction.

And so that created a lot of controversy in the FISA court, and required the FISA court to work with the Justice Department and the intelligence community to narrow the minimization guidelines.

FEINSTEIN: OK. Because this is — this is important, may I interrupt this just — respond? [reading from prepared statement] In mid 2011, NSA notified the DOJ, the DNI, and the FISA court, and House and Senate Intelligence Committees, of a series of compliance incidents impacting a subset of NSA collection under Section 702 of FISA, known as upstream collection.

This comprises about 10 percent of all collection that takes place under 702, and occurs when NSA obtains Internet communications, such as e-mails, from certain U.S. companies that operate the Internet background;[sic] i.e., the companies that own and operate the domestic telecommunication lines over which Internet traffic flows.

In essence, the issue that arose in 2011 was that NSA, while trying to acquire e-mails to, from, or about an overseas target, realized it, and was inadvertent — that it was inadvertently acquiring other e-mails, including some e-mails sent between persons inside the United States that happened to be bundled with the e-mail messages NSA was trying to collect.

This bundling is done by Internet companies in order to make it easier to send information quickly over the telecom lines that make up the Internet. Unfortunately, NSA’s technical systems could not easily separate the individual messages within these bundles. And the result was that NSA collected some e-mail messages it did not intend to acquire.

OK. We held a lengthy hearing on the court’s ruling on October 20, 2011, at which General Alexander and Lisa Monaco — then the assistant attorney general for national security — described the court’s ruling and what they were doing to address it.

Here’s my point: It was a mistake. Action was taken immediately to correct it. It came to us. We took action. [bold mine, underline emphasis DiFi applied in delivery]

DiFi’s prepared statement misstates the facts as presented in Bates’ opinion in several ways:

  • The issue had existed since before July 2008
  • The collection was — according to the court ruling — not inadvertent
  • NSA only corrected the problem under threat of criminal referral, after months of delay

First, the issue did not arise in 2011.

As Bates made clear, “NSA has been collecting MCT’s since before the Court’s approval of the first Section 702 certification in 2008.” Read more

Senate Intelligence Committee Open Hearings: A Platform for Liars

Pentagon Papers era NYT Counsel James Goodale has a piece in the Guardian attracting a lot of attention. In it, he says the first step to reform NSA is to fire the liars.

The NSA has lied to the Congress, the courts, and perhaps even to the president himself, but no one seems to care.

The Director of National Intelligence James R Clapper admitted he lied to Congress about the NSA metadata collection program. He said the NSA had no such program – and then added that that was the least “untruthful” remark he could make. General Keith Alexander, director of the National Security Agency, lied in 2012 that the NSA does not hold data on US citizens, and repeated similar misstatements, under oath, to Congress about the program:

We’re not authorized to do it [data collection on US citizens], nor do we do it.

NSA lawyers lied to secret Fisa court Judges John D Bates and Reggie B Walton. In recently released opinions, Bates said he had been lied to on three separate occasions and Walton said he had been lied to several times also.

But Clapper and Alexander have not been held in contempt of Congress. Nor have the Justice Department attorneys, who lied to Judges Walton and Bates, been disciplined.

And while he links to many of the best examples of James Clapper and Keith Alexander lying, he misses this.

In just its third open hearing this year, the Senate Intelligence Committee has arranged the following witnesses for tomorrow’s hearing on NSA’s spying.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.) today announced the committee will hold an open hearing to consider legislative changes to the Foreign Intelligence Surveillance Act, to include the NSA call records program, on Thursday, September 26, at 2 p.m.

WHAT:  Public hearing on FISA, NSA call records

WHO:

Panel I

  • Director of National Intelligence James Clapper
  • National Security AgencyDirector General Keith Alexander
  • Deputy Attorney General James Cole

Panel II

  • Ben Wittes, Brookings Institution
  • Tim Edgar, Watson Institute for International Studies, Brown University

So DiFi’s idea of an “open hearing” is to invite two established liars. And for her non-governmental witnesses, one keeps declaring Congress NAKED! in the face of evidence the government lies to them, and the other tells fanciful stories about how much data NSA shares.

It’s like DiFi goes out of her way to find liars and their apologists to testify publicly.

That’s nothing new, though. Those other two open hearings? The Global Threat Assessment hearing where Clapper assured Ron Wyden the NSA didn’t collect data on millions of Americans. And the confirmation hearing for John Brennan, who once claimed the US had killed no civilians in an entire year of drone strikes (and, if his odd mouth gestures were the tell they appeared to be, he lied about leaks to journalists including on UndieBomb 2.0 in the hearing as well.)

It’s DiFi’s committee. And if she wants every single open hearing to serve as a platform for accomplished liars, I guess that’s her prerogative.

But observers should be clear that’s the purpose of the hearings.

NSA Caught Illegally Spying on Americans and Keith Alexander’s Answer Is a Group Hug

Kevin Gosztola had a superb post yesterday on a letter NSA Deputy Director John Inglis and DIRNSA Keith Alexander sent to family members of NSA employees to make them feel better about the dragnet. It’s a two page letter attempting to convince the family members of our SIGINT spies that their mission is noble and their actions within the scope of the law.

I’m particularly interested in the timing of it. As Kevin notes, the letter cites a typically obsequious post from Ben Wittes on how the Administration should have responded to WaPo’s disclosure of an internal review (just as one example, Ben claims to have read the report closely but somehow misses that 9 to 20% of violations consist of analysts breaking rules they know).

Inglis and Alexander write,

There are some in the media who are taking the time to actually study the leaked material, and they have drawn conclusions that are very different from those who are in it for a quick headline. One such legal scholar wrote that we should have made our case more forcefully by responding,

Shameful as it is that these documents were leaked, they actually should give the public great confidence both in NSA’s internal oversight mechanisms and in the executive and judicial oversight mechanisms outside the agency. They show no evidence of any intentional spying on Americans or abuse of civil liberties. They show a low rate of the sort of errors any complex system of technical collection will inevitably yield. They show robust compliance procedures on the part of the NSA.

We couldn’t agree more.

I wonder if NSA would like to send family members my way, given that I have taken even more time than Ben studying these revelations and find he’s frequently engaging in spin?

Hmm. Probably not.

But what’s most fascinating by this citation is the timing.

Ben wrote that post on August 18, in the midst of a slew of disclosures by WaPo and the Guardian.

But Inglis and Alexander wrote this letter on September 13 — last Friday — at the end of a month when all of the major US-based disclosures (save that NSA has deliberately made all of us more vulnerable to hackers) have come from the government. In the month leading up to this letter, we learned the NSA:

At the end of 2008, the NSA had authorized contact chaining off of 27,090 identifiers and analysts could go four hops deep into the data, which effectively would allow them to create a relationship map of the entire country. And they used it not just to find “terrorists,” but also people they could coerce to inform on targets.

A system the Stasi would envy!

And FISA Court judges had deemed some of the first and third practices illegal. One threatened criminal referral and the other even shut down at least part the program for a period.

Read more

DOJ Refuses to Explain How Executive Gets Away with Serial Lies to the FISA Court

USA Today’s Brad Heath asked DOJ a very good question: why haven’t the Executive Branch’s serial lies to the FISA Court ever been referred to Office of Professional Responsibility?

I’ve talked to a former OPR attorney who says the office
would ordinarily review a case in which a judge used that type of language, and that it should have
at least opened an inquiry into these.

Over the past several days, DOJ’s Brian Fallon has been stupendously prickish about Heath’s questions based on his assertion that Heath is biased in his belief that such gross misrepresentations would normally merit some kind of sanction.

I have an answer from OPR, and a FISC judge. I am not providing it to you because all you will do is seek to write around it because you are biased in favor of the idea that an inquiry should have been launched. So I will save what I have for another outlet after you publish.

[snip]

You are not actually open-minded to the idea of not writing the story. You are running it regardless. I have information that undercuts your premise, and would provide it if I thought you were able to be convinced that your story is off base. Instead, I think that to provide it to you would just allow you to cover your bases, and factor it into a story you still plan to write. So I prefer to hold onto the information and use it after the fact, with a different outlet that is more objective about whether an OPR inquiry was appropriate.

I’ve lost count of the number of times someone in the Executive Branch complains that no one comes to them to get their view on NSA-related questions.

But apparently this is what goes on. If you don’t come in with the Executive Branch’s bias, then they refuse to provide you any information.

I really look forward to seeing which journalist DOJ seems to believe will bring “balance” to this issue.

Update: Heath has published his story.

The Justice Department’s internal ethics watchdog says it never investigated repeated complaints by federal judges that the government had misled them about the NSA’s secret surveillance of Americans’ phone calls and Internet communications.

The Justice Department’s Office of Professional Responsibility routinely probes judges’ allegations that the department’s lawyers may have violated ethics rules that prohibit attorneys from misleading courts. Still, OPR said in response to a Freedom of Information Act request by USA TODAY that it had no record of ever having investigated — or even being made aware of — the scathing and, at the time, classified, critiques from the Foreign Intelligence Surveillance Court between 2009 and 2011.

DOJ insists, however, that 5 years of lying to judges is just the way things are supposed to work.

Justice spokesman Brian Fallon said in a statement Thursday that the department’s lawyers “did exactly what they should have done. The court’s opinions and facts demonstrate that the department attorneys’ representation before the court met the highest professional standards.”

Fallon continued spinning for other journalists.

Of course, if DOJ were going to investigate lawyers — as opposed to Keith Alexander or similar — for misconduct and lies, Lisa Monaco, who headed the National Security Division from 2010 until earlier this year. But she’s at the White House now, so off limits for any accountability.

Any Bets FBI Was Already Searching US Person Data?

If you want to support our work reporting news the WaPo will report as news in two months, please donate!

In the department of news that got reported here two months ago, the WaPo is reporting on FISC’s approval to let the government search through incidentally collected information. Its news hook is that the 2011 move reversed an earlier 2008 ban that the government had asked for.

The court in 2008 imposed a wholesale ban on such searches at the government’s request, said Alex Joel, civil liberties protection officer at the Office of the Director of National Intelligence (ODNI). The government included this restriction “to remain consistent with NSA policies and procedures that NSA applied to other authorized collection activities,” he said.

But in 2011, to more rapidly and effectively identify relevant foreign intelligence communications, “we did ask the court” to lift the ban, ODNI general counsel Robert S. Litt said in an interview. “We wanted to be able to do it,” he said, referring to the searching of Americans’ communications without a warrant.

It may well be that the NSA was prohibited from searching on incidentally collected information, but not all parts of the government were. In his October 3, 2011 FISC opinion, John Bates pointed to some other minimization procedures allowing such searches to justify his approval for NSA to do so.

This relaxation of the querying rules does not alter the Court’s prior conclusion that NSA minimization procedures meet the statutory definition of minimization procedures. [2 lines redacted] contain an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information. See [redacted] In granting [redacted] applications for electronic surveillance or physical search since 2008, including applications targeting United States persons and persons in the United States, the Court has found that the [redacted] meet the definition of minimization procedures at 50 U.S.C. §§ 1801 (h) and 1821(4). It follows that the substantially similar querying provision found at Section 3(b)(5) of the amended NSA minimization procedures should not be problematic in a collection that is focused on non-United States persons located outside the United States and that, in the aggregate, is less likely to result in the acquisition of nonpublic information regarding non-consenting United States persons.

We already had reason to believe other agencies do this, because when the Senate Intelligence Committee discussed it, they described the intelligence community generally wanting such searches.

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession. [my emphasis]

Bates’ mention of targeting US persons strongly suggests FBI was the agency in question (though the CIA may as well). (If this practice weren’t already permitted, I would bet it got approved in the aftermath of the Nidal Hasan attack, which might explain why so many more Americans who had communicated with Anwar al-Awlaki or Samir Khan were caught in stings after that point.)

So did Ronald Litt and Alex Joel tell Ellen Nakashima this to hide a much more intrusive practice at FBI (which they also oversee)?