Posts

Former Presiding Judge, John Bates, Makes Compelling Case to Eliminate FISA Court

As you read John Bates’ “comments” about the NSA Review Group’s recommendations, it’s worth keeping two things in mind about him:

  • He has a history of dismissing legally important cases out of caution — arguably excess caution — over getting involved in matters reserved for the political branches, a caution he did not exercise here.
  • In August 2011, after Bates asked NSA to tell him how many entirely domestic communications were being caught via upstream collection (and after Bates had told NSA domestic collection of US person data was only illegal if they acknowledged it), they did not provide the number. And he didn’t make them. He did however, in the same exchange, rubber stamp NSA’s authority to conduct back door searches into US person communications.

In other words, Bates has long been overly solicitous of Executive power, and contrary to some claims, his work on the FISC actually reinforces, rather than refutes, claims that the Court is a rubber stamp.

Perhaps it’s not surprising, then, that his comments actually make a fairly compelling — albeit unintentional — case for eliminating the FISC (at least for all its expanded uses since 2001) altogether.

Don’t get me wrong. I’m sympathetic to some of Bates’ stated concerns. The concerns about workload (which Bates raises in his first and second bullets, but relegates to his last paragraphs) are real, and have been recognized by a number of people in the FISC debate. Bates points to some real constitutional issues in constructing an advocate for the court (which, again, have been pointed out, with potential solutions, by others).

But ultimately Bates’ comments (which may also reflect the concerns of Chief Justice John Roberts, whose authority he invokes in commenting on FISC matters) object to anything that might make FISC more of a … court.

Consider his argument against a Special Advocate. He worries a special advocate would harm what he (the same guy who couldn’t get the government to divulge how many Americans are getting swept up in domestic upstream collection) claims is candor.

Perhaps most troubling, however, is our concern that providing an institutional opponent to FISA applications would alter the process in other ways that would be detrimnetal to the FISC’s timely receipt of full and accurate information. As noted above, the current process benefits from the government’s taking on — and generally abiding by — a heightened duty of candor to the Court. Providing for an adversarial process in run-of-the-mill, fact-driven cases may erode this norm of governmental behavior, thereby impeding the Court’s receipt of relevant facts. (As noted above, the advocate would rarely, if ever, serve as a separate source of factual information.) Instead, intelligence agencies may become reluctant to voluntarily provide to the Court highly sensitive information, or information detrimental to a case, because doing so would also disclose that information to a permanent bureaucratic adversary.

Even setting aside the number of times I’ve been able to find factual problems with claims made in the few FISC filings so far released (suggesting advocates could provide factual and technical details the government doesn’t want to), this is a tacit admission that the FISC is not considered a bureaucratic adversary by the government.

This is particularly troubling given that, as Bates portrays the process, the “FISC may request or receive information from the applicant informally through the legal staff” (which according to Judge Walton’s portrayal of the process, means via the phone). The only paper trail of the process, then, are (again relying in part on Walton) the written analysis of the FISC’s staff attorneys. Which would mean an advocate would require “broad access” to these “draft decisions and memoranda from legal staff,” would would violate “ethical canons and separation-of-powers principles,” in turn “infring[ing] on the independence of the judges’ decisionmaking.”

One reason Bates objects to a Special Advocate, then, is that the Government would have to write all its requests down, which might affect their candor.

If that isn’t already troubling, Bates’ observation that “even relatively routine national security investigations involve changing facts” raises additional concerns. Bates describes FISC judges making decisions on a sometimes undocumented set of moving facts, facts which the targets of such surveillance have never been permitted to see, much less challenge, in court.

Then there’s Bates’ stated worries about the problems an advocate would present for the FISA Court of Review (and again, some of this may reflect John Roberts’ concern, as SCOTUS is the ultimate court of appeal). Some of this, again, reflects resource concerns. But even those resource concerns — such as the possibility the FISCR would have “to hire its own staff” reveals that the FISCR relies on the same staffers who drive FISC decisions in the first place. It is not, as it turns out, an independent court of its own.

Which makes the Constitutional concerns raised by the wacky decisions of the FISC, starting with its secret redefinition of “relevance” (without even benefit of independent dictionary definitions), all the more urgent. There is no standing to challenge these issues outside of the courts; with the FISC structure, there is apparently no fully independent court of appeal. And the Chief Justice wants to keep it that way.

Which means part of what Bates is defending is the authority for a bunch of District Court Judges to serve as Appellate Judges for some of the most Constitutionally novel issues raised by national security.

Yet Bates also seems to be defending the Court’s ability to remain ignorant about some things the Executive does. He rejects any proposal to serve as an oversight check on the Executive (this is another concern I have some sympathy for). But he does so in a document including this disclosure raised in objection to requiring warrants to conduct back door searches. (Snoopdido noted this passage last night.)

Decisions about querying Section 702 information are now made within the Executive Branch. As a result, the Courts do not know how often the government performs queries of data previously acquired under Section 702 in order to retrieve information about a particular U.S. person. It seems likely to us, however, that the practice would be common for U.S. persons suspected of activities of foreign intelligence interest, e.g., engaging in international terrorism, so that the burden on the FISC of entertaining this new kind of application could be substantial.

Remember: Bates is the guy who first approved NSA and CIA’s use of these back door searches (relying in part on the prior 3-year history of FBI’s use of them). But he has apparently never gotten enough “candor” from the Executive — either before or after he approved this — to know how and how often the Executive is using these searches!

Then he goes on to explain that the Executive might need to use back door searches to get the content of Americans they can’t otherwise target under FISA.

For a variety of reasons, a U.S. person suspected of such activity may not otherwise be a FISA target. For example, there may be probable cause to believe that a U.S. person is engaged in international terrorism, but intelligence agencies may not have the ability to implement current forms of FISA collection against that person because of the person’s location or lack of information about particular facilities.

Granted, what Bates is describing is the use of reverse targeting to get around technical difficulties, not legal ones (though I wonder how he’s sure about the legal case if the government has never made it).

But it is reverse targeting, the use of a back door search to get to the US person content, without a warrant, via collection on another target. This is forbidden by the law. Yet he describes it as one reason why the FISC shouldn’t get involved in reviewing warrants for this kind of search, which (as he describes it) violates the law.

Against the background of admitting that the FISC doesn’t always require the government to write down its requests and that it doesn’t want to approve warrants for activity that by his description violates the statute because the government should be permitted to continue violating the statute, Bates then objects to the recommendations to eliminate bulk collection and provide more review of 215 and NSLs, in part because of the burdens they’d pose for the Court. Most curiously, Bates says that if reforms eliminated NSL gag orders, the government would begin to use Section 215.

Those changes would like result in the government’s decreasing its reliance on NSLs for records subject to such a disclosure requirement and instead bringing to the FISC more applications under Section [215] for production of such records, in order to avoid disclosure of such information to private parties.

If the government could still get bulk Section 215 orders, I agree, they might well use those instead.

But Jim Comey — to the extent he can be believed in comments that were clearly misleading — said he’d end up using grand jury subpoenas instead. So a guy with years of involvement in prosecuting terrorism cases at least claims that he not only could — but would prefer to — use grand jury subpoenas for this information over the FISC.

Which would alleviate the need to routinely eliminate gags, because review in any criminal proceedings would provide the kind of transparency and review necessary for such things (this is a point Peter Swire made in yesterday’s hearing).

The reason we need a FISC is because the government — often through inadequate notice to defendants — has succeeded in avoiding the kind of review courts normally bring. But John Bates reveals a number of ways in which the court that is supposed to be providing that review has failed to do so. And Jim Comey, at least, thinks some of this could move back to real courts.

So why not? Why not move this, with all the gags grand jury subpoenas get and the national security experience judges have acquired over the last decade and all the normal constitutionally required review process, back to normal Title III Courts?

I admit it. Bates makes an excellent case for eliminating the FISC case, at least for all the exotic bulk programs the government has been inventing in secret.

Dragnet at Bernie’s: On Spying on Congress

Bernie SandersIt turns out that Mark Kirk — not Bernie Sanders — was the first member of Congress to raise concerns about the NSA spying on Senators after Edward Snowden’s leaks started being published. Kirk did so less than a day after the Guardian published the Verizon order from the phone dragnet, in an Appropriations Committee hearing on the Department of Justice’s budget (see at 2:00). After Susan Collins raised the report in the context of drone killing, Kirk asked for assurances that members of Congress weren’t included in the dragnet.

Kirk: I want to just ask, could you assure to us that no phones inside the Capitol were monitored, of members of Congress, that would give a future Executive Branch if they started pulling this kind of thing up, would give them unique leverage over the legislature?

Holder: With all due respect, Senator, I don’t think this is an appropriate setting for me to discuss that issue–I’d be more than glad to come back in an appropriate setting to discuss the issues that you’ve raised but in this open forum–

Kirk: I’m going to interrupt you and say, the correct answer would say, no, we stayed within our lane and I’m assuring you we did not spy on members of Congress.

The first substantive question Congress asked about the dragnet was whether they were included in it.

After that, a few moments of chaos broke out, as other Senators — including NSA’s representative on the Senate Intelligence Committee, Barb Mikulski — joined in Kirk’s concerns, while suggesting the need for a full classified Senate briefing with the AG and NSA. Richard Shelby jumped in to say Mikulski should create the appropriate hearing, but repeated that what Senator Kirk asked was a very important question. Mikulski agreed that it’s the kind of question she’d like to ask herself. Kirk jumped in to raise further separation of powers concerns, given the possibility that SCOTUS had their data collected.

The very first concern members of Congress raised about the dragnet was how it would affect their power.

And then there was a classified briefing and …

… All that noble concern about separation of power melted away. And some of the same people who professed to have real concern became quite comfortable with the dragnet after all.

It’s in light of that sequence of events (along with Snowden’s claim that Members of Congress are exempt, and details about how data integrity analysts strip certain numbers out of the phone dragnet before anyone contact-chains on it) that led me to believe that NSA gave some assurances to Congress they need not worry that their power was threatened by the phone dragnet.

The best explanation from external appearances was that Congress got told their numbers got protection the average citizen’s did not, perhaps stripped out with all the pizza joints and telemarketers (that shouldn’t have alleviated their concerns, as some of that data has been found sitting on wayward servers with no explanation, but members of Congress can be dumb when they want to be).

And they were happy with the dragnet.

Then, 7 months later, Bernie Sanders started asking similar — but not the same –questions. In a letter to Keith Alexander, he raised several issues:

  • Phone calls made
  • Emails sent
  • Websites visited
  • Foreign leaders wiretapped

He even defined what he meant by spying.

“Spying” would include gathering metadata on calls made from official or personal phones, content from websites visited or emails sent, or collecting any other data from a third party not made available to the general public in the regular course of business.

In response, Alexander rejected Sanders’ definition of spying (implicitly suggesting it wasn’t fair), while using a dodge he repeatedly has: the Americans in question are not being targeted, even while they might be collected “incidentally.”

Nothing NSA does can fairly be characterized as “spying on Members of Congress or other American elected officials.”

[snip]

NSA may not target any American for foreign intelligence collection without a finding of probable cause that the proposed target of collection is a foreign power or an agent of a foreign power. Moreover, as you are aware, whenever an NSA activity results in the incidental collection of information about Americans, that information is handled pursuant to the very robust procedures designed to protect privacy interests — procedures that must be approved by the Attorney general or the Foreign Intelligence Surveillance Court, as appropriate. All those protections apply to members of Congress, as they do to all Americans.

Alexander then addressed just one of the three kinds of spying Sanders raised: phone data (which, if I’m right that NSA strips Congressional numbers at the data integrity stage, is the one place Alexander can be fairly sure Sanders’ contacts won’t be found).

Your letter focuses on NSA’s acquisition of telephone metadata…

And used the controls imposed on the raw data of the phone dragnet as an excuse for not answering Sanders’ question.

Among those protections is the condition that NSA can query the metadata only based on phone numbers reasonably suspected to be associated with specific foreign terrorist groups. For that reason, NSA cannot lawfully search to determine if any records NSA has received under the program have included metadata of the phone calls of any member of Congress, other American elected officials, or any other American without that predicate.

Alexander totally ignored Sanders’ two other specified concerns: emails sent and websites visited.

Which is mighty convenient, because for a very large segment of that collection (the internet metadata collected under EO 12333 and via PRISM, though not the data collected domestically before 2011 or domestic upstream collection), NSA believes it doesn’t even need Reasonable Articulable Suspicion to search on US person identifiers. Read more

Parallel Constructing Daoud’s Emails

Judge Sharon Johnson Coleman held a hearing Friday in the Adel Daoud case on whether the government needs to reveal how it collected certain communications from Daoud. That would be notable in any case, given that Daoud is one of the defendants Dianne Feinstein invoked during debate of the FISA Amendments Act reauthorization who has not, however, been noticed that FAA was used to bust him.

But it gets more interesting given something the prosecutor in the case, William Ridgway, said in Friday’s hearing.

Another Daoud attorney, Josh Herman, said some documents turned over by prosecutors, including emails dated 2011, seemed to support defense attorneys’ claim that warrantless surveillance was used on Daoud.

“This is not tin-foil hat paranoia,” Herman said.

But prosecutor William Ridgway said that the 2011 emails may have been found on Daoud’s computer that authorities seized with a warrant in 2012.

If the government did target Daoud only after sifting through communications data without a warrant, the defense wants to challenge all subsequent evidence on the grounds it was gathered through a violation of Daoud’s constitutional rights against unreasonable searches.

The criminal complaint describes an email account Daoud used to “obtain and distribute material … relating to violent jihad” going back to October 2011. That was 7 months before the FBI’s online undercover officers first contacted Daoud — purportedly in response to things he had posted publicly — to set up their sting.

So did the FBI’s investigation of Daoud really start in May 2012, as the complaint sort of implies. In which case, why mention the earlier emails? Or did they identify Daoud via emails collected back in 2011? What legal authority did they use to access those emails? And if they did, what explains the 7 month delay in their sting?

In discussions of where those emails came from at the hearing, Ridgway was non-committal, suggesting they “may” have come from a search on his computer seized with a warrant, but not claiming they did. (The government noticed both FISA wiretap and physical search information, the latter of which often means searches of stored communications, which is presumably another way they could have obtained the emails, if Daoud didn’t delete them, but he appears to have been fairly attentive to hiding his digital tracks by 2012.)

The timing of that claimed start date — October 2011 — is particularly intriguing. Not only is that around the time Daoud turned 18. But it also dates to John Bates’ October 3, 2011 approval (for the first time) of NSA (and CIA)’s use of back door searches on previously collected data and minimization procedures that addressed his concerns about the illegal upstream collection.

I have, in the past, suggested they may have identified Daoud (or perhaps found these emails) via a back door search. While there’s no direct evidence of what collection may have included Daoud, it’s possible they collect URL searches or hits on certain websites from which he collected extremist material.

But it’s also conceivable they identified Daoud via an upstream content search (that is, email collected at a telecom switch via a search on some of the content he had in his emails). For example, perhaps NSA first picked up Daoud’s contacts based on him sending Anwar al-Awlaki materials on October 9 and 18, 2011. It’s conceivable NSA tracks online jihad membership notices, like the one Daoud received on February 6, 2012. It’s likely they track links to sites making Inspire available, such as the URL Daoud sent himself on May 9, 2012 (the initial contacts with online undercover FBI officers were on May 14 and May 17, 2012). If so, any of those emails that transited certain collection points might be sucked up as part of NSA’s use of Section 702 to search on content.

Remember though: NSA has claimed they won’t use these authorities in tandem. They told John Bates they would not conduct back door searches on upstream collection. If they got any of this via upstream collection, they presumably should not be able to go back and search for Daoud (though who knows how NSA finesses this issue via tech claims).

This is why Ridgway’s comment is so striking. Ridgway seemed to suggest there were two possible ways (three, with collection of stored emails) the government could have obtained Daoud’s earlier emails.

Does he know for a fact there are two different ways to get these emails, because the government used both? Does he know there are two ways to get them because the government is using parallel construction to hide one of their more exotic uses of FISA collection from Judge Coleman?

Either of these practices — accessing Daoud’s communications at a time when he had done nothing beyond engage in potentially hateful speech via back door search, or obtaining his emails via upstream collection — would present a use of FISA that, while approved by FISA Judge John Bates (assuming it started after October 3, 2011), has not been known to be scrutinized by an Article III judge presiding in a criminal case. So there’d be a big incentive for the government to use parallel construction to hide the underlying collection.

Of course, it’s most likely — given Judges’ unwillingness to be the first to challenge the government’s ability to keep all FISA materials secret — that we’ll never know, that Daoud will be denied any more information about how the government first identified him as a terrorism lead.

Judge Pauley’s Deliberate Blind Spot: Systematic Section 215 Abuses

Sorry for my silence of late, particularly regarding William Pauley’s ruling finding the phone dragnet legal. The good news is my mom can now reach the light switch in her sewing room without risk of falling.

As noted, Judge Pauley ruled against the ACLU in their suit challenging the phone dragnet. A number of commentators have pointed to some bizarre errors or focus in Pauley’s ruling, including,

  • Pauley says the government could not find the “gossamer threads” of terrorist plotters leading up to 9/11. They did find them. They simply didn’t act appropriately with them.
  • He unquestioningly considers the 3 uses of Section 215 (with Zazi, Headley, and Ouazzani) proof that it is effective. He does not note that even Keith Alexander has admitted it was only critical in one case, one not even mentioned in the government’s filings in this case.
  • He ignores the role of the Executive in willingly declassifying many details this program, instead finding it dangerous to allow the ACLU to sue based on an unauthorized leak. The government has actually been very selective about what Snowden-leaked programs they’ve declassified, almost certainly to protect even more problematic programs from legal challenge.
  • He claims Congress has renewed Section 215 7 times (including 2001, it was renewed it 5 times).
  • He claims there is no doubt the Intelligence and Judiciary Committees knew about the rulings underlying the program in spite of the fact that some rulings were not provided until after Section 215 was renewed; he admits that the limits on circulation of notice in 2011 was “problematic” but asserts the Executive met its statutory requirements (he doesn’t deal with the evidence in the record that the Executive Branch lied in briefings about the conduct of the dragnet).

There are also Pauley’s claims about the amount of data included — he says the government collects all phone metadata; they say NSA collects far less data. This is a more complicated issue which I’ll return to, though maybe not until the New Year.

But I’m most interested in the evidence Pauley points to to support his claim that the FISC (and Congress) conduct adequate oversight over this program. He points to John Bates’ limits to the government’s intentional collection of US person data via upstream collection rather than Reggie Walton’s limits to Section 215 abuses.

For example, in 20011, FISC Judge Bates engaged in a protracted iterative process with the Government–over the Government’s application for reauthorization of another FISA collection program. That led to a complete review of that program’s collection and querying methods.

He then immediately turns to Claire Eagan’s opinion reiterating that the government had found and dealt with abuses of the phone dragnet program.

In other words, for some bizarre reason he introduces a series of rulings pertaining to Section 702 — and not to Section 215 — to support his argument that the government can regulate this Section 215 collection adequately.

It’s particularly bizarre given that we have far more documents showing the iterative process that took place in 2009 pertaining directly to the phone dragnet. Why even mention the Bates rulings on upstream collection when there are so many Reggie Walton ones pertaining directly to Section 215?

I suspect this is because Pauley relies so heavily on the adequacy of the minimization procedures imposed by the FISC, as when he cites Claire Eagan’s problematic opinion to claim that without adequate minimization procedures, FISC would not approve Section 215 phone dragnet orders.

Without those minimization procedures, FISC would not issue any section 215 orders for bulk telephony metadata collection.

(Note, Pauley doesn’t note that the government has not met the terms of the Section 215 itself with regards to minimization procedures, which among other things would require an analysis of the NSA using a statute written for the FBI.)

The only way Pauley can say the limits he points to in his analysis — that NSA can only analyze 3 hops deep, that FBI only gets summaries of the queries, that every query got approved for RAS — is if he ignores that for the first 3 years of the program, all of these claims were false.

He uses similar analysis to dismiss concerns about the power of metadata.

But [ACLU’s contention that the government could use metadata analysis to learn sensitive details about people] is at least three inflections from the Government’s bulk telephony metadata collection. First, without additional legal justification–subject to rigorous minimization procedures–the NSA cannot even query the telephony metadata database. Second, when it makes a query, it only learns the telephony metadata of the telephone numbers within three “hops” of the “seed.” Third, without resort to additional techniques, the Government does not know who any of the telephone numbers belong to.

These last assertions are all particularly flawed. Not only have these minimization procedures failed in the past, not only has the government been able to go four hops deep in the past (which could conceivably include all Americans in a query), not only is there abundant evidence — which I’ll lay out in a future post — that the government does know the identities of at least some of those whom it is chaining, but there are two ways the government accesses this data for which none of this is true: when “data integrity analysts” fiddle with the data to prepare it for querying, and when it is placed in the “corporate store” and analyzed further.

All the claims about minimization Pauley uses to deem this program legal have big big problems.

The NSA conducted a fraud on the FISC for 3 years (and still is, to the extent they claim the violations under the program arose from complexity rather than their insistence on adopting all the practices used under the illegal program for the FISC-authorized program). Yet Pauley points to the FISC to dismiss any Constitutional concerns with this program.

And to do that, he ignores the abundant evidence that all his claims have been — and may still be, in some cases — false.

Coincidental Timing in NSA’s Telecom Switch Collection

We knew the government had “shut down” the Internet metadata in “late” 2011.

But I believe Friday’s filings are the first time they’ve specified publicly: they shut it down in December 2011.

That gives us the following chronology:

May 29, June 22, 2009: First Internet dragnet violations noticed as part of phone dragnet review

Around July 2009: NSA pilots new contact-chaining approach for Internet dragnet

Around November 2009: FISA Court does not re-approve Internet dragnet (see 15-16)

Between July and October 2010: FISC reauthorizes and NSA restarts Internet dragnet, but finds some overcollection since start of program in 2004

November 29, 2010: NSA signs directive allowing analysts to chain through US persons

January 3, 2011: Government rolls out new dragnet approach, providing

May 2, 2011: Government “clarifies” that upstream collection includes some US person data

October 3, 2011: John Bates finds some upstream dragnet illegal

Between October 3 and October 6, 2011: NSA General Counsel considers appeal

October 13, 2011: Government claims 1809(a)(2) does not apply — presumably to upstream collection

October 17, 2011: Draft training module advises analysts to talk to management or subject matter expert about Internet dragnet from prior to November 2009

November 22, 2011: Government still challenging applicability of 1809(a)(2) in upstream collection

Late 2011: Government starts dealing with upstream content

December 2011: Government halts Internet dragnet

That is, the government stopped collecting Internet metadata in the US within weeks of the discussion between John Bates and the government over whether or not Section 1809(a)(2) applied to NSA’s deliberate collection of US person content within the US via collection off telecom switches in the US — the same method of collection as used in the Internet dragnet.

That’s not to say the legal discussion influenced the decision. There are plenty of other explanations — including Google’s encryption by default (which made Google content inaccessible via US switches) and the earlier limits Bates imposed on US metadata collection, which may have made domestically-collected metadata less useful — for NSA to shut down that collection.

But I wonder whether Bates’ persistent focus on 1809(a)(2) had an influence.

I say that for two reasons — aside from the timing.

First, it is unusual for a training document to recommend asking a person for information about how to handle something, as the dragnet training instructed analysts, “for information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert,” as late as October 17, 2011. The data from this period involved overcollection (probably content collected in the guise of metadata) that, if known to be US person data, could not be circulated without violating 1809(a)(2). This kind of instruction should be written down, especially given the legal sensitivity surrounding it, not transmitted person-to-person. But it appears not to have been.

There are a lot of details about Bates’ resolution of the Internet metadata overcollection in 2010 that we don’t yet know. Unlike with the 2011 US opinion,we don’t see the follow-up discussion to see how that collection was handled.

But we do know how Bates enforced his 2011 opinion: by emphasizing that the government couldn’t use any of that US person upstream collection for submissions to the FISC.

Beginning late in 2011, the government began taking steps that had the effect of mitigating any Section 1809(a)(2) problem, including the risk that information subject to the statutory criminal prohibition might be used or disclosed in an application filed before this Court.

Given that the government uses metadata to select which content collection to translate, this restriction on submitting improperly collected data to the FISC might be even more restrictive with the Internet dragnet information than the upstream collection.

In October and November 2011, John Bates reiterated his assertion — first made the year earlier in conjunction with Internet dragnet collected via the same means that the NSA could be subject to 1809(a)(2) — in response to which, the government still tried to object. But then they stopped objected and started complying, at the same time they also stopped collecting Internet metadata from within the US.

Two years in a row the NSA’s collection off telecom switches was deemed to be illegal. As the second judgment got resolved (by imposing restrictions on the circulation of the data), the government moved the collection tied to the first judgment overseas.

NSA’s Bid for a 6 Month Delay in Protecting Larry Klayman’s Phone Records

The White House has announced they’re going to release the recommendations of the Committee to Make You Love the Dragnet today. Given that the report recommends putting the dragnet into someone else’s hands, I suspect the White House changed plans (It was going to release the report in mid-January) as a way to stave off the Klayman and other suits.

Given that we expect that recommendation — and that the government claims it’d take years to effect — I want to point to a claim that NSA Director of Signals Intelligence Division Theresa Shea made in her declaration in the Klayman suit. She claimed it would be an onerous process to take Larry Klayman’s call records out of the dragnet.

Beyond harming national security and the Government’s counterterrorism capabilities, plaintiffs’ proposed preliminary injunction would seriously burden the Government. While plaintiffs seek an order barring the Government from collecting metadata reflecting their calls, the Government does not know plaintiffs’ phone numbers, and would need plaintiffs to identify all numbers they use to even attempt to implement such an injunction. Ironically, as explained above, these numbers are not currently visible to NSA intelligence analysts unless they are within a three hopes of a call chain of a number that based on RAS is associated with a foreign terrorist organization.

Even if plaintiffs’ phone numbers were available, extraordinarily burdensome technical and logistical hurdles to compliance with a preliminary injunction order would remain. Technical experts would have to develop a solution such as removing the numbers from the system upon receipt of each batch of metadata or developing a capability whereby plaintiffs’ numbers would be received by NSA but would not be visible in response to an authorized query. To identify, design, build, and test the best implementation solution would potentially require the creation of new full-time positions and could take six months or more to implement. Once implemented, any potential solution could undermine the results of any authorized query of a phone number that based on RAS is associated with one of the identified foreign terrorist organizations by eliminating, or cutting off potential call chains. If this Court were to grant a preliminary injunction and the defendants were to later prevail on the merits of this litigation, it could prove extremely difficult to develop a solution to reinsert any quarantined records and would likely take considerable resources and several months to build, test, and implement a reinsertion capability suited to this task.

Judge Richard Leon treated this complaint as the obvious bullpuckey it clearly is.

[T]he Government says that it will be burdensome to comply with any order that requires the NSA to remove plaintiffs from its database. Of course, the public has no interest in saving the Government from the budens of complying with the Constitution! Then, the Government frets such an order “could ultimately have a degrading effect on the utility of the program if an injunction in this case precipitated successful requests for such relief by other litigants.” For reasons already explained, I am not convinced at this point in the litigation that the NSA’s database has ever truly served the purpose of rapidly identifying terrorists in time-sensitive investigations, and so I am certainly not convinced that the removal of two individuals from the database will “degrade” the program in any meaningful sense.68

[snip]

In [staying my order to destroy the plaintiffs’ metadata] I hereby give the Government fair notice that should my ruling be upheld, this order will go into effect forthwith. Accordingly, I fully expect that during the appellate process, which will consume at least the next six months, the Government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld. Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.

68 To the extent that removing plaintiffs from the database would create the risk of “eliminating, or cutting off potential call chains,” the Government concedes that the odds of this happening are miniscule. (“[O]nly a tiny fraction of the collected metadata is ever reviewed . . . .”) (“Only the tiny fraction of the telephony metadata records that are responsive to queries authorized under the RAS standard are extracted, reviewed, or disseminated. . . . “). [citations removed]

But the plea for time– when it’s crystal clear NSA could start treating Larry Klayman’s data like a high volume number they intentionally defeat on intake tomorrow — made me wonder what purpose this complaint was really meant to serve, especially given James Cole’s refusal the other day to answer whether the Leahy-Sensenbrenner bill would eliminate bulk collection, which Jennifer Granick likens to a coup.

Responding to a question at yesterday’s hearing on the bill, Cole said, “Right now the interpretation of the word ‘relevant’ is a broad interpretation. Adding ‘pertinent to a foreign agent’ or ‘somebody in contact with a foreign agent’ could be another way of talking about relevance as it is right now. We’d have to see how broadly the court interprets that or how narrowly.”  In other words, the FISA court might let us keep doing what we’re doing no matter what the law says and despite Congress’ intent.

All courts issue opinions about what the laws that legislatures pass mean. These opinions are called the “common law”. But common law interpretations of statutes are only legitimate if they are fair and reasonable interpretations.

The NSA has a great track record getting FISC judges to interpret even obviously narrow phrases in surprisingly broad ways.

[snip]

Time and again, the FISC accepts the Administration’s shockingly flimsy arguments. As a set, the few public FISC opinions we’ve seen suggest that the Executive Branch—in cahoots with a few selected judges—has replaced legitimate public statutes with secret, illegitimate common law.

The rule of law is a basic democratic principle meaning that all members of a society—individuals, organizations, and government officials—must obey publicly disclosed legal codes and processes. If Cole is right that, try as it might, Congress cannot end bulk collection because the secret FISA court may defer to the NSA’s interpretation of the rules, there is no rule of law.  The NSA is in charge, the FISA court process is just a fig leaf, and this is no longer a democracy. There’s been a coup d’etat.

But it appears that not even the FISC judges are always in on the game. After all, at the moment when Judges Walton and Bates started reining in the Internet dragnet in the US, NSA started rolling out an expanded Internet dragnet program — which made it easier to pick up US person data and presumably easier to disseminate it — overseas. With that 6 month delay, would NSA just be figuring out how to maintain the dragnet function, but beyond the reach of meddling judges like Richard Leon?

The NSA suggested it would need 6 months notice to take just two people out of the dragnet. I can imagine no feasible technical reason that’s true.

So why were they implying they’d need that 6 months?

NSA’s 60 Wiretaps and FBI’s 1,728 Wiretaps?

I want to return to the exchange shown on last night’s 60 Minutes piece on NSA where CBS’s in-house national security shill asked Keith Alexander about collecting the content of phone calls.

John Miller: There is a perception out there that the NSA is widely collecting the content of the phone calls of Americans. Is that true?

Gen. Keith Alexander: No, that’s not true. NSA can only target the communications of a U.S. person with a probable cause finding under specific court order. Today, we have less than 60 authorizations on specific persons to do that.

John Miller: The NSA as we sit here right now is listening to a universe of 50 or 60 people that would be considered U.S. persons?

Gen. Keith Alexander: Less than 60 people globally who are considered U.S. persons.

As a threshold matter, note that Alexander didn’t answer the question Miller asked, which was whether the “NSA is widely collecting the content of the phone calls of Americans.” Instead, Alexander answered how many US persons the NSA is targeting (he’s been providing this non-responsive answer for months now, so it is a well-practiced ploy). His answer is further modified by referring to “specific person.” And he used the word “globally,” which I found to be particularly interesting, given that by law the government has to get orders to wiretap Americans overseas, too.

Note two other things Alexander doesn’t address: US person content generally, and how many FISC orders the FBI gets.

According to the report to Congress on FISA covering 2012, the FISC approved 1,788 orders for electronic surveillance last year, plus another 68 for physical searches alone (which increasingly means stored content in an email server).

During the calendar year 2012, the Government made 1,856 applications to the Foreign Surveillance Court (the “FISC”) for authority to conduct electronic surveillance and/or physical searches for foreign intelligence purposes. The 1,856 applications include applications made solely for electronic surveillance, applications made solely for physical search, and combined applications requesting authority for electronic surveillance and physical search. Of these, 1, 789 applications included requests for authority to conduct electronic surveillance.

Of the 1,789 applications, one was withdrawn by the Government.

This number does not count the same number Alexander used in his dodge. It includes FISA Amendments Act orders, though those are programmatic and therefore should be far less numerous (indeed, the number of orders did not go up that much when bulk orders were first approved in 2007, and they actually went down in 2008 and 2009 with the FISA Amendments Act passage). And these orders may be email-only orders.

Thus, there are a range of explanations for why Lying Keith claims only to have taps on 60 people but the FISA report shows 1,788 orders for electronic surveillance: FBI, not NSA, submitted the orders, they don’t request phone content, they’re bulk orders targeting non-US persons.

Still, the number of US persons who have been targeted via a specific FISC order are likely far higher than the 60 Lying Keith used on last night’s show. Plus, there may be US persons who had their email collected via specific order, but not their phone content. And of course, every one of the bulk orders targeting non-US persons would include incidentally collection US person data that can be searched with no Reasonable Articulable Suspicion. And we know NSA collects email content from around 56,000 US persons each year in its upstream collection — collection which John Bates considers intentional collection.

Thus, the number of Americans having their content collected is far, far higher than the 60 Alexander used on last night’s show.

Which is another good reason to require more transparency on these FISA numbers, because without it, Keith Alexander will lie again.

Former Top NSA Officials Insist Employees Are Leaving Because Obama Is Mean, Not Because They Object To NSA’s Current Activities

Ellen Nakashima has a story that purports to show 1) significant morale problems at the NSA and 2) proof that the morale stems from Obama’s failure to more aggressively support the NSA in the wake of the Edward Snowden revelations.

The story relies in significant part on former NSA IG Joel Brenner and two other former officials who insisted on remaining anonymous because “they still have dealings” with the NSA.

“The agency, from top to bottom, leadership to rank and file, feels that it is had no support from the White House even though it’s been carrying out publicly approved intelligence missions,” said Joel Brenner, NSA inspector general from 2002 to 2006. “They feel they’ve been hung out to dry, and they’re right.”

A former U.S. official — who like several other former officials interviewed for this story requested anonymity because he still has dealings with the agency — said: “The president has multiple constituencies — I get it. But he must agree that the signals intelligence NSA is providing is one of the most important sources of intelligence today.

“So if that’s the case, why isn’t the president taking care of one of the most important elements of the national security apparatus?”

[snip]

A second former official said NSA workers are polishing up their résumés and asking that they be cleared — removing any material linked to classified programs — so they can be sent out to potential employers. He noted that one employee who processes the résumés said, “I’ve never seen so many résumés that people want to have cleared in my life.”

Morale is “bad overall,” a third former official said. “The news — the Snowden disclosures — it questions the integrity of the NSA workforce,” he said. “It’s become very public and very personal. Literally, neighbors are asking people, ‘Why are you spying on Grandma?’ And we aren’t. People are feeling bad, beaten down.”

Does “still have dealings with the agency” mean these people still contract to it, indirectly or directly? If it does, how much of this contracting works through The Chertoff Group, where a slew of former officials seem to have had remarkably consistent interests in spreading this line for months? Nakashima might want to provide more details about this in any future of these stories, as it may tell us far more about how much these men are profiting for espousing such views.

After all, while they do provide evidence that NSA employees are leaving, they provide only second-hand evidence — evidence that is probably impossible for any of these figures to gain in depth personally — that the issue pertains to Obama’s response.

And there are at least hints that NSA employees might be leaving for another reason: they don’t want to be a part of programs they’re only now — thanks to compartmentalization — learning about

We can look to the two letters the NSA has sent to “families” of workers for such hints.

The first, sent in September (page one, page two, h/t Kevin Gosztola), got sent just 3 days after the release of documents showing NSA had been violating just about every rule imposed on the phone dragnet for the first three years it operated (partly, it should be said, because of Joel Brenner’s inadequate oversight at its inception). In the guise of providing more context to NSA employee family members about that and recent disclosures, Keith Alexander and John Inglis wrote,

We want to put the information you are reading and hearing about in the press into context and reassure you that this Agency and its workforce are deserving and appreciative of your support. Read more

Why NSA Can’t Count How Many Americans’ Cell Location They Collect

As bmaz noted, WaPo reported today that NSA has been collecting billions of phone records a day, including cell location information. Once again, when the NSA says it has stopped or doesn’t conduct a practice, it means only it has stopped the practice in the US, even though it still collects US person data overseas.

But the NSA refuses to reveal how many Americans’ data are being swept up.

The number of Americans whose locations are tracked as part of the NSA’s collection of data overseas is impossible to determine from the Snowden documents alone, and senior intelligence officials declined to offer an estimate.

“It’s awkward for us to try to provide any specific numbers,” one intelligence official said in a telephone interview. An NSA spokeswoman who took part in the call cut in to say the agency has no way to calculate such a figure.

An intelligence lawyer, speaking with his agency’s permission, said location data are obtained by methods “tuned to be looking outside the United States,” a formulation he repeated three times. When U.S. cellphone data are collected, he said, the data are not covered by the Fourth Amendment, which protects Americans against unreasonable searches and seizures.

A number of tech people are wondering if there’s some secret technical reason why NSA can’t or won’t estimate the number.

But the reason is almost certainly far more cynical.

In 2010 (sometime between July and October), John Bates told the NSA if they knew they were collecting content of US persons, they were illegally wiretapping them. But if they didn’t know, then they weren’t in violation.

When it is not known, and there is no reason to know, that a piece of information was acquired through electronic surveillance that was not authorized by the Court’s prior orders, the information is not subject to the criminal prohibition in Section 1809(a)(2). Of course, government officials may not avoid the strictures of Section 1809(a)(2) by cultivating a state of deliberate ignorance when reasonable inquiry would likely establish that information was indeed obtained through unauthorized electronic surveillance.

Then in 2011, Bates made them count some of their collection of US person content (he deemed it intentional collection, though they and their Congressional overseers still like to claim, legal opinion notwithstanding, it was not; the use of “tuned to be looking outside the US” is probably more of the same). And using the threat of labeling that US person content, he forced them to purge the information. But they somehow refused to count the larger amount of US person data collected intentionally, and NSA was permitted to keep that.

Presumably, the laws would be different on overseas collection, which would not count as “electronic surveillance.” Except that with Section 703 of FISA — which requires an order for collection on US person content overseas — there may be similar levels of protection, just via different statutes.

One thing the NSA has learned through experience with John Bates and FISC is that if you claim you don’t know you’ve collected US person data, a judge will not declare it legal. But if you admit you’ve collected US person data, then that same judge may threaten you with sanctions or force you to purge your data.

So there’s a very good reason why it’s “awkward” for NSA “to try to provide any specific numbers.” Doing so would probably make the collection illegal.

Was DOJ Hiding a Section 215 Gun Registry from Congress?

Among other documents, ODNI released  on Monday all the Attorney General Reports on Section 215 use from 2005 to 2011 (2006200720082009201020112012).

This is the classified version of a report that also gets released in unclassified form as part of a larger report to Congress on FISA numbers (20052006200720082009201020112012; ODNI did not release the report covering 2012 because it lay outside the scope of ACLU’s FOIA). And the paragraph of each of these reports that lays out the following information remains redacted in all of them.

(3) the number of such orders either granted, modified, or denied for the production of each of the following:

(A) Library circulation records, library patron lists, book sales records, or book customer lists.

(B) Firearms sales records.

(C) Tax return records.

(D) Educational records.

(E) Medical records containing information that would identify a person.

Nevertheless, the reports show us two new things.

Screen shot 2013-11-22 at 8.52.29 AM

First, while we knew the number of modifications has gone up significantly in the last three years (we now know that many of the modifications in 2009 had to do with phone dragnet violations), the latest reports ODNI released say this:

The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).

The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).

Julian Sanchez had speculated that’s what was going on in a post (I can’t find the link right now) noting that NSL use had halved while Section 215 use had gone up. Remember, too, the government has not released a 2010 opinion on Section 215 that may explain why the FISC got much more involved in policing the government’s minimization.

Still, it is almost certain that the need to double check government minimization stems from bulk collections. If those bulk collections were also on a 90-day renewal cycle, then we might be looking at 44 bulk collection programs in 2011.

One more thing. As was reflected in the ACLU Vaughn Index, it appears DOJ never provided these reports to Congress starting with the report covering 2008. It did do so for the report covering 2011, but the report isn’t dated, so it’s not clear it was done in April 2012, when it should have been provided to Congress. Furthermore, that production was cc’ed to John Bates, which the tardy August 16, 2010 production of FISC opinions also was, which makes me wonder whether Bates had to force the Executive to fulfill the requirements in the PATRIOT Reauthorization (both these reports and the pre-2008 “significant constructions of law” requirement stems from the 2006 reauthorization). [4/19/14 correction: The “significant constructions of law” stems from the FISA Amendments Act]

Now, maybe DOJ was just being lazy in not fulfilling the clear legal requirement. But given that it seems to have had no problem fulfilling the requirement for unclassified numbers during the same period, I wonder whether DOJ just didn’t want to reveal that it was collecting on one or more of the specified categories, such as firearms sales records (though I’ve long wondered whether DOJ was also collecting DNA records).

Read more