Posts

PCLOB: An Exercise in False Oversight

As you may have seen from the reporting or my live-tweeting of yesterday’s Privacy and Civil Liberties Oversight Board hearing on the government’s surveillance program, there were a few interesting bits of news, starting with former FISC judge James Robertson’s assertion that what FISC has done since it started approving bulk collection amounts to “approval” not “adjudication” and puts the court in an inappropriate policy making role. Robertson also said FISC needs an adversarial role it doesn’t currently have. Robertson also raised the possibility Section 215 could be used to create a gun registry not otherwise authorized by law, a point ignored by the former government officials on his panel.

I also thought James Baker’s testimony was interesting. In his prepared statements, Baker seemed to suggest the entire hearing was a wasted exercise, because the program had plenty of oversight. (Remember, Baker was in a key role at DOJ working with FISC through 2007, and got stuck trying to keep intelligence gathered under the illegal program out of traditional FISA applications.) But just before the end of the hearing Baker said before all the bulk collection, FISA worked. He repeated it, FISA worked. Baker may have come to accept these bulk programs, but he sure seemed to think they weren’t necessary.

But the most telling part of the hearing, in my opinion, is the presence of Steven Bradbury and Ken Wainstein on the panel.

There were plenty of other former government officials on the panels, representing all branches. But these two were in far more central positions in the roll out of both the legal and illegal programs. One of the key documents released by the Guardian, showing Wainstein and Bradbury recommending that newly confirmed Attorney General Michael Mukasey resume the contact chaining of Internet metadata, shows them expanding one of the most legally questionable aspects of this surveillance.

The ground rules of the hearing made it worse. The hearing followed the inane rules the Obama Administration adopts in the face of large leaks, pretending these public documents aren’t public. The Chair of PCLOB, David Medine, said no one could confirm anything that hadn’t already been declassified by the government.

Which not only put that document outside the scope of the discussion. But meant neither Bradbury nor Wainstein disclosed this clear conflict.

At one point in the hearing, the moderator even suggested that every time ACLU’s Jameel Jaffer said something, either Bradbury or Wainstein should have an opportunity to rebut what Jaffer said.

Yes, there were a number of interesting revelations at the hearing, along with the typical inanity from Wainstein and, especially, Bradbury. But it was set up with all the conflicts of a Presidential Commission meant to dispel controversy, not a real champion for privacy or civil liberties.

And its treatment of these two former government shills is just representative of that.

Alberto Gonzales and Internet Data Mining

I was going to leave this speculation well enough alone. But George W Bush decided to interrupt his dog painting to defend Obama’s surveillance dragnet.

Bush also defended the surveillance program, which began during his administration after 9/11, saying the programs guarantee civil liberties are protected.

“I put the program in place to protect the country and one of the certainties is civil liberties were guaranteed,” Bush said.

So here goes.

In his book, Jack Goldsmith describes Alberto Gonzales siding against David Addington in a debate just once, only to have George Bush override the then White House Counsel.

Addington’s hard-line nonaccommodation stance always prevailed when the lawyers met to discuss legal policy issues in Alberto Gonzales’ office. During these meetings, Gonzales himself would sit quietly in his wing chair, occasionally asking questions but mostly listening as the querulous Addington did battle with whomever was seeking to “go soft.” It was Gonzales’ responsibility to determine what to advise the president after the lawyers had kicked the legal policy matters around. But I only knew him to disagree with Addington once, on an issue I cannot discuss, and on that issue the president overruled Gonzales and sided with the Addington position. [my emphasis]

The issue Goldsmith could not discuss could be torture or prisoner transfers or something entirely unknown, but the data mining at the heart of the hospital confrontation is clearly one candidate.

There’s no overt evidence Gonzales tried to do the right thing on the illegal surveillance program. After all, even after Bush agreed to put the program right on March 12, 2004, Gonzales still objected to Goldsmith and Jim Comey’s first advice on the program. After Goldsmith laid out his initial advice on March 15, Gonzales wrote a memo saying,

Your memorandum appears to have been based on a misunderstanding of the President’s expectations regarding the conduct of the Department of Justice. While the President was, and remains, interested in any thoughts the Department of Justice may have on alternative ways to achieve effectively the goals of the activities authorized by the Presidential Authorization of March 11, 2004, the President has addressed definitively for the Executive Branch in the Presidential Authorization the interpretation of the law.

This led Comey to write up his resignation letter on March 16. “[A]lthough I believe this has been one of [DOJ’s] finest hours, we have been unable to right that wrong.” Three days later, Bush modified his March 11 Authorization, directing NSA to stop collecting Internet metadata within a week.

Of course, three months later, the Administration resumed collection of Internet metadata using the FISC PR/TT order. That was within days of Goldsmith’s departure, though he had announced his departure a month earlier and Comey, obviously, stuck around for over a year longer.

So still no evidence the Internet data mining was the issue on which Gonzales tried to stand up to Addington.

But let’s jump ahead to the circumstances of Alberto Gonzales’ resignation in August 2007. At the time, his sudden and confusing resignation was attributed to the multiple scandals embroiling him — chiefly the US Attorney firing scandal, but also Gonzales’ Clapper-like lies about the illegal wiretap program before the Senate a month earlier. But for some reason, Gonzales did not benefit from the kind of sinecure every other former Bush official — even James Comey, who went to Lockheed — enjoyed upon departure, which you would have thought he’d get after lying to protect the President.

Then, a year after Gonzales’ departure, we learned that in the weeks before he resigned, White House Counsel Fred Fielding had narced him out for storing a bunch of Top Secret CYA documents in a briefcase in his closet. Read more

Metadata Oversight: “A Banner”!!!!!

The Guardian has their next big NSA scoop, and it is meatier than the earlier ones. The headline is that President Obama continued a 2-degrees of separation analysis of Internet metadata under Section 702 for two years after he came into office. The practice morphed into something else in 2011, making it highly likely the October 3, 2011 FISC opinion finding FAA 702 activities violated the Fourth Amendment pertained to this practice.

Along with their story, the released two documents, one of which has two appendices. Altogether they’ve released:

I’ll have far, far more to say going forward.

But I wanted to point to language that reinforces my fears about how they’re controlling the still extant database of US person telephone metadata.

The documents describe the great oversight of the Internet metadata twice. First in the November 20, 2007 letter itself:

When logging into the electronic data system users will view a banner that re-emphasizes key points regarding use of the data, chaining tools, and proper dissemination of results. NSA will also create an audit trail of every query made in each database containing U.S. communications metadata, and a network of auditors will spot-check activities in the database to ensure compliance with all procedures. In addition, the NSA Oversight and Compliance Office will conduct periodic super audits to verify that activities remain properly controlled. Finally, NSA will report any misuse of the information to the NSA’s Inspector General and Office of GEneral Counsel for inclusion in existing or future reporting mechanisms related to NSA’s signals intelligence activities.

And in the September 28, 2006 Amendment:

5. Before accessing the data, users will view a banner, displayed upon login and positively acknowledged by the user, that re-emphasizes the key points regarding use of the data and chaining tools, and proper dissemination of any results obtained.

6. NSA creates audit trails of every query made in each database containing U.S. communications metadata, and has a network of auditors who will be responsible for spot-checking activities in the database to ensure that activities remain compliant with the procedures described for the data’s use. The Oversight and Compliance Office conducts periodic super audits to verify that activities remain properly controlled.

7. NSA will report any misuse of the information to NSA’s Inspector General and Office of General Counsel for inclusion in existing or future reporting mechanisms relating to NSA’s signals intelligence activities.

These descriptions are consistent with what we’ve been told still exists with the telephone metadata, so it is likely (though not certain) the process remains the same.

There are two big problems, as I see it. First, note that the Oversight and Compliance Office appears to be within NSA’s operational division, not part of the Inspector General’s Office. This means it reports up through the normal chain of command. And, presumably, its actions are not required to be shared with Congress. The IG, by contrast, has some statutory independence. And its activities get briefed to Congress.

In other words, this initial check on the metadata usage appears to be subject to managerial control.

But my other worry is even bigger. See where the descriptions talk about the fancy banner? The description says nothing about how that log-in process relates to the audit trail created for these searches. Indeed, in both of these documents, “the NSA” “creates” the audit trails. They don’t appear to be generated automatically, as they easily could be and should be.

That is, it appears (and this is something that has always been left vague in these descriptions) that these are manual audit trails, not automatic ones. (Though I hope they go back and compare them with keystrokes.)

When FBI had this kind of access to similar data, they simply didn’t record a lot of what they were doing, which means we have almost no way of knowing whether there’s improper usage.

This may have changed. These “audit trails” may have been automatically generated at this time (though that’s not what the process describes). Though the NSA IG’s inability to come up with a number of how many US person records are access suggests there’s nothing automated about it.

And if that’s true, still true, then the telephone metadata still in place is an invitation for abuse.

The House Judiciary Committee Preens in Full Ignorance at Leaks Hearing

The headline that has come out of yesterday’s House Judiciary Committee hearing on leaks is that the Committee may subpoena people. As US News correctly reports, one push for subpoenas came from a John Conyers ploy trying to call Republican members’ bluff; he basically asked how they could be sure who leaked the stories in question and if they were they should just subpoena those people to testify to the committee.

It’s a testament to the thin knowledge of these stories that none of the Republicans responded, “John Brennan.” But then, even if they had, the committee would quickly get into trouble trying to subpoena Brennan as National Security Advisors (and Deputy NSAs) have traditionally been excused from Congressional subpoena for deliberation reasons, a tradition reinforced by Bush’s approach with Condi Rice.

Ah well. I’m sure we’re going to have some amusing theater of Jim Sensenbrenner trying to force Conyers to come up with some names now.

The other big push for subpoenas, though, came from Trey Gowdy. Partly because he wanted to create an excuse to call a Special Prosecutor and partly because, just because, he was most interested in subpoenaing some journalists. And in spite of the way that former Assistant Attorney General Ken Wainstein patiently explained why there are good, national security, reasons why DOJ is hesitant to subpoena journalists, Gowdy wouldn’t let up.

But what concerned me more is that no one–not a single person on the House committee that oversees DOJ–explained that DOJ doesn’t need to subpoena journalists to find out who they’ve been talking to. They’ve given themselves the authority to get journalist call records in national security cases without Attorney General approval.

That’s a detail every member of the committee should know, particularly if they’re going to hold hearings about whether DOJ can adequately investigate leaks. And while I expect Trey Gowdy to be ignorant, it seems they all are ignorant of this detail.

There was another display of ignorance I find troubling for a different reason. Dan Lungren suggested that he learned of what we’re doing with StuxNet from David Sanger’s reports. He rightly noted that–as the Chair of the House Homeland Security Subcommittee on Cybersecurity–he ought to learn these things from the government, not the NYT. And while his ignorance of StuxNet’s escape may be due to the timing of his ascension to the Subcommittee Chair (most members of the Gang of Four, except Dianne Feinstein, would not have gotten briefed on early stages of StuxNet, when someone should have told the government what a boneheaded plan it was), the Subcommittee still should be aware that our own recklessness has made us vulnerable in dangerous new ways.

Perhaps the most telling detail of the hearing, though, came from retired Colonel Kenneth Allard. He was brought on, I guess, to label what we did with StuxNet an act of war (without, of course, considering whether that is the problem rather than the exposure that both Republican and Democratic Administrations are engaging in illegal war without telling anyone). In his comments, he went so far as to say that “What Mr. Sanger did is equivalent of having KGB operation run against White House.”

Someone had to accuse the journalists of being enemy spies.

But Allard’s statement reveals where all this comes from: personal pique against the NYT for coverage they’ve done on him. Not only did he complain that David Sanger’s publisher didn’t give the New York Journal of Books, for which he writes reviews, an advance copy, but also that the NYT reported on the scam the Pentagon set up to give select Generals and Colonels inside information to spin favorably on TV.

Third, I have personally experienced what it feels like when the NYT deliberately distorts national security information, even to the point of plagiarism. On April 20, 2008, the NYT published an inflammatory expose: “Behind Analysts, Pentagon’s Hidden Hand” by David Barstow. The Times’ article charged that over 70 retired officers, including me, had misused our positions while serving as military analysts with the broadcast and cable TV networks. Read more

Gonzales Resigned 17 Days After This IG Investigation Began

I’ll be doing running commentary on today’s DOJ Inspector General’s investigation of how Alberto Gonzales improperly handled Top Secret information. But I didn’t even get through the first page before being struck by the circumstances behind this investigation. Most curiously, Gonzales resigned just days after this investigation began.

The matter was referred to the OIG by Kenneth Wainstein, former Assistant Attorney General for the National Security Division, on August 10, 2007. The White House Counsel’s Office had initially notified the Department of Justice (Department) about the matter, and Wainstein, after consultation with other senior Department officials, referred the matter to the OIG for investigation.

That is, at a time when Alberto Gonzales was weighing down the Bush Administration, Fred Fielding informed Ken Wainstein that Alberto Gonzales was running around town with a briefcase full of TS/SCI documents. Fielding did so just 20 days after the Administration used Pixie Dust to give Cheney carte blanche to make up his own rules about how to treat classified information. And, more interesting still, it happened just 17 days before a weepy Gonzales resigned on August 27.

Gosh. You’d almost think the Administration, after Bush asked Gonzales specially to take notes of a meeting at which members of Congress collaborated with the Administration in breaking the law, then used those notes against Gonzales, to push him out of the Administration.

And if you’re wondering, Ken Wainstein has since been named Bush’s Homeland Security Advisor. 

Update: typo fixed per bobschacht.

The Government’s Unclear Demands for Emails

Ryan Singel and Mary have pointed to to Ken Wainstein’s confirmation of something we’ve been discussing for some time: the problem with FISA’s restrictions on foreign communication has to do with email.

But in response to a question at the meeting by David Kris, a former federal prosecutor and a FISA expert, Wainstein said FISA’s current strictures did not cover strictly foreign wire and radio communications, even if acquired in the United States. The real concern, he said, is primarily e-mail, because "essentially you don’t know where the recipient is going to be" and so you would not know in advance whether the communication is entirely outside the United States. [my emphasis]

Now that the Administration is finally telling us some truths about their program, I think it worthwhile to repeat and expand on an observation I made here about CCIA’s letter opposing telecom immunity. CCIA, after all, represents three big email companies: Microsoft (Hotmail), Google (Gmail), and Yahoo. And in their letter, these email companies directly tie immunity with confusing requests from the government.

To the Members of the U.S. House of Representatives:

The Computer & Communications Industry Association (CCIA) strongly opposes S. 2248, the “FISA Amendments Act of 2007,” as passed by the Senate on February 12, 2008. CCIA believes that this bill should not provide retroactive immunity to corporations that may have participated in violations of federal law. CCIA represents an industry that is called upon for cooperation and assistance in law enforcement. To act with speed in times of crisis, our industry needs clear rules, not vague promises that the U.S. Government can be relied upon to paper over Constitutional transgressions after the fact. !!

CCIA dismisses with contempt the manufactured hysteria that industry will not aid the United States Government when the law is clear. As a representative of industry, I find that suggestion insulting. To imply that our industry would refuse assistance under established law is an affront to the civic integrity of businesses that have consistently cooperated unquestioningly with legal requests for information. This also conflates the separate questions of blanket retroactive immunity for violations of law, and prospective immunity, the latter of which we strongly support.

Read more

Banana Split

The investigation into Chiquita for supporting Colombian terrorists always stank. Chiquita’s executives got some high level meetings at DOJ and–purportedly–DOJ told them they should not worry about paying protection money to terrorists, so long as they cooperated with DOJ’s investigations into the Colombia death squads. Then, no charges were filed against any of the well-connected Republican executives. But now we find out that a warrant supposedly served on Chiquita back in 2004 may never have been served (h/t Rayne).

What happened to the search warrant that the government supposedly served on Chiquita Brands International three years ago? The lead prosecutor on the case — in which Chiquita was accused of funding terrorism — has always thought that the warrant was executed. But lawyers for the company and a U.S. Department of Justice official recently said that it wasn’t. Their revelation has led to new questions: Was the warrant blocked, and if so, why?

[snip]

… one highly placed Justice official confirms that no warrant was executed. This official, who spoke on the condition he not be named, wouldn’t elaborate.

In a postpublication interview, [the original prosecutor Roscoe] Howard says he still believes the warrant was obtained and executed, and that the Justice Department is "stonewalling" for reasons he doesn’t understand. He adds, "I’ve got no doubt it was executed, but someone may be covering it up for some reason." Howard and Seikaly both say that their former colleagues in Justice won’t discuss the warrant with them now, which puzzles them.

[snip]

Ken Wainstein also played a key role in the Chiquita probe. At the time of the Justice deliberations over the warrant, he was chief of staff to the director of the Federal Bureau of Investigation, which would have been responsible for serving the warrant. Boyd, Wainstein’s current spokesman at the national security division, declined to comment on his boss’s involvement with the Chiquita warrant.

One source close to the Chiquita investigation, who asked to remain anonymous, says he suspects that the warrant was cancelled either by someone at the Justice Department’s main headquarters or at the FBI. If the warrant were sabotaged, it raises questions of favoritism, and even obstruction of justice. Read more