Posts

No, Obama Doesn’t Need Legislation to Fix the Dragnet–Unless the “Fix” Isn’t One

/1 Comment/in /by

In an editorial calling on Congress to pass the USA Freedom Act, the USA Today makes this claim.

Obama’s proposal last January — to leave the data with phone companies, instead of with the government — can’t happen without a new law. And, as in so many other areas, the deeply divided Congress has failed to produce one.

I don’t know whether that is or is not the case.

I do know 3 Senate Intelligence Committee members say it is not the case.

Ron Wyden, Mark Udall, and Martin Heinrich wrote Obama a letter making just this point in June. They argued that Obama could accomplish most, if not all, of what he claimed he wanted without legislation, largely with a combination of Section 215 Orders to get hops and Pen Registers to get prospective collection.

[W]e believe that, in the meantime, the government already has sufficient authorities today to implement most, if not all, of the Section 215 reforms laid out in your proposal without delay in a way that does not harm our national security. More comprehensive congressional action is vital, but the executive branch need not wait for Congress to end the dragnet collection of millions of Americans’ phone records for a number of reasons.

First, we believe that the Foreign Intelligence Surveillance Court’s (FISC) expansive interpretation of the USA PATRIOT Act to allow the collection of millions of Americans’ phone records makes it likely that the FISC would also agree to a more narrowly-drawn interpretation of the law, without requiring further congressional action. Certainly, it seems likely that the FISC would permit the executive branch to use its current authorities to obtain phone records up to two “hops” from a suspicious phone number or to compel technical assistance by and compensation for recipients of court orders. Unless the FISC has already rejected such a request from the government, it does not seem necessary for the executive branch to wait for Congress before taking action.

Second, we believe that the FISC would likely approve the defined and limited prospective searches for records envisioned under your proposal pursuant to current USA PATRIOT Act Section 214 pen register authorities, given how broadly it has previous interpreted these authorities. Again, we believe it is vital for Congress to enact reforms, but we also believe that the government has sufficient authorities today under the USA PATRIOT Act to conduct these targeted prospective searches in the interim.

Finally, although we have seen no evidence that the government has needed the bulk phone records collection program to attain any time-sensitive objectives, we agree that new legislation should provide clear emergency authorities to allow the government to obtain court approval of individual queries after the fact under specific circumstances. The law currently allows prospective emergency acquisitions of call records under Section 403 of the Foreign Intelligence Surveillance Act (FISA), and the acquisition of past records without judicial review under national security letter authorities. While utilizing a patchwork of authorities is not ideal, it could be done on an interim basis, while Congress works to pass legislation.

Just weeks before they sent this, Deputy Attorney General James Cole had seemed to say they could (if not already were) getting hybrid orders, in that case mixing phone and location. So it seems like DOJ is confident they could use such hybrid orders, using Section 215 for the hops and Pen Registers for the prospective collection (though, given that they’re already using Section 215 for prospective collection, I’m not sure why they’d need to use hybrids to get anything but emergency orders).

And it makes sense. After all, the public claims about what the Call Detail Record provision would do, at least, describe it as a kind of Pen Register on steroids, 2-degrees of Pen Register. As the Senators suggest, FBI already gets two-degree information of historical records with mere NSLs, so it’d be surprising if they couldn’t get 2 degrees prospectively with a court order.

So at least according to three members of the Senate Intelligence Committee, USA Today is simply wrong.

Mind you, I’m not entirely convinced they’re right.

That’s because I suspect the new CDR provision is more than a Pen Register on steroids, is instead something far more intrusive, one that gets far beyond mere call records. I suspect the government will ask the telecoms to chain on location, address books, and more — as they do overseas — which would require far more than a prospective Pen Register and likely would require super immunity, as the bill provides.

I suspect the Senators are wrong, but if they are, it’s because Obama (or his Intelligence Community) wants something that is far more invasive then they’ve made out.

Still, for USAF supporters, there seems no question. If all Obama wants to replace the phone dragnet is prospective 2-degree call (not connection) chaining on RAS targets, he almost certainly has that authority.

But if he needs more authority, then chances are very good he’s asking for something far more than he has let on.

Update: Note, USAT makes at least one other clear error in this piece, as where it suggests the “the program” — the phone dragnet — imposes costs on cloud companies like Microsoft and Google.

In Telling of Brennan Fit, Panetta Somehow Forgets the Torture Documents Stolen Back for the White House

/6 Comments/in /by

As you likely know, I’m firmly of the belief that one should call DC memoirs — especially those written by National Security figures — autobiographical novels, because they tend to stray so far from the truth (that’s true of all autobiographies, but in DC it seems far more motivated). Turbo-Tax Timmy Geithner is about the only DC figure whose memoir has ever been treated with any of the skepticism it deserves.

With that in mind, I wanted to look at this detail from Leon Panetta’s book, which Katherine Hawkins alerted me to.

To illustrate how Obama’s micromanagement hurt relations with Congress, Panetta describes the negotiations with Dianne Feinstein over the cables that went into the torture report.

She requested access for her staff to every operational cable regarding the program, a database that had to be in the hundreds of thousands of documents. These were among the most sensitive documents the agency had. But Feinstein’s staff had the requisite clearances and we had no basis to refuse her. Still, I wanted to have some control over this material, so I proposed a deal: Instead of turning over the documents en masse to her staff, we would set up a secure room in Virginia. Her staff could come out to the secure facility and review documents one by one, and though they could take notes, the documents themselves would stay with CIA.

When the White House found out, they went apeshit, calling Panetta into the Situation Room for a spanking.

“The president wants to know who the fuck authorized this release to the committees,” Rahm said, slamming his hand down on the table. “I have a president with his hair on fire, and I want to know what the fuck you did to fuck this up so bad.”

I’d known Rahm a long time, and I was no stranger to his language or his temper, so I knew when to worry about an outburst and when it was mostly for show. On this occasion, my hunch was that Rahm wasn’t that perturbed but that Obama probably was and that others at the table, particularly Brennan and McDonough, were too. Rahm was sticking up for them by coming after me.

[snip]

It went back and forth like this for about fifteen minutes. Brennan and I even exchanged sharp words when I, unfairly, accused him of not sticking up for the agency in the debate over the interrogation memos. Finally, the White House team realized that whether they liked it or not, there was no way we could go back on our deal with the committee. And just like that, the whole matter was dropped.

Rahm and Brennan spanked Panetta, he claims, but then the whole thing blew over.

There are just three problems with this story.

First, according to the quotations Dianne Feinstein revealed from her agreement with Panetta, the CIA wasn’t supposed to “have … control over this material.”

Per an exchange of letters in 2009, then-Vice Chairman Bond, then-Director Panetta, and I agreed in an exchange of letters that the CIA was to provide a “stand-alone computer system” with a “network drive” “segregated from CIA networks” for the committee that would only be accessed by information technology personnel at the CIA—who would “not be permitted to” “share information from the system with other [CIA] personnel, except as otherwise authorized by the committee.”

Far more significantly, Panetta doesn’t mention the documents that disappeared during Panetta’s tenure — ostensibly, on orders from the White House.

In early 2010, the CIA was continuing to provide documents, and the committee staff was gaining familiarity with the information it had already received.

In May of 2010, the committee staff noticed that [certain] documents that had been provided for the committee’s review were no longer accessible. Staff approached the CIA personnel at the offsite location, who initially denied that documents had been removed. CIA personnel then blamed information technology personnel, who were almost all contractors, for removing the documents themselves without direction or authority. And then the CIA stated that the removal of the documents was ordered by the White House. When the committee approached the White House, the White House denied giving the CIA any such order.

After a series of meetings, I learned that on two occasions, CIA personnel electronically removed committee access to CIA documents after providing them to the committee. This included roughly 870 documents or pages of documents that were removed in February 2010, and secondly roughly another 50 were removed in mid-May 2010.

And Panetta also doesn’t mention what may or may not be the same set of documents, those withheld by CIA on behalf of the White House, as described by Stephen Preston in response to Mark Udall.

With specific reference to documents potentially subject to a claim of executive privilege, as noted in the question, a small percentage of the total number of documents produced was set aside for further review. The Agency has deferred to the White House and has not been substantively involved in subsequent discussions about the disposition of those documents.

In other words, CIA didn’t live up to its deal with Feinstein, not with respect to this set of documents, anyway. After turning over all the cables it believed SSCI had a right to obtain, it then took some back. As far as we know, it never did provide them.

We know that one of the Torture Report’s conclusions is that the CIA lied to the White House.

While there’s good reason to believe CIA lied to Condi Rice, there’s also abundant reason to believe that Dick Cheney and David Addington knew precisely what was going on. If I had to guess, the documents CIA stole back probably make that clear.

Panetta would have us believe that, after his spanking by John Brennan and others, the whole matter was dropped. Which is a convenient tale, except that it obscures that the White House succeeded in clawing back documents CIA originally believed SSCI was entitled to.

Supporters of USA Freedom Ignore the Courts

/3 Comments/in /by

The National Journal reports that Leahy’s USA Freedom Act probably won’t move until after the election, if not next year.

A bill that would curtail the government’s broad surveillance authority is unlikely to earn a vote in Congress before the November midterms, and it might not even get a vote during the postelection lame-duck session.

The inaction amounts to another stinging setback for reform advocates, who have been agitating for legislation that would rein in the National Security Agency ever since Edward Snowden’s leaks surfaced last summer. It also deflates a sudden surge in pressure on Congress to pass the USA Freedom Act, which scored a stunning endorsement from Director of National Intelligence James Clapper last week.

Of course, contrary to what the NJ keeps reporting, that letter is not a stunning endorsement. On the contrary, it’s a signal James Clapper would change — at a minimum — the FISA Advocate position, and probably the Call Detail Record provision as well.

And even while the story suggests timing is the problem, further down the story suggests the bill doesn’t have the votes.

But beyond the calendar squeeze and geopolitical tensions, the Freedom Act has never had a clear path forward. It was not embraced by defense hawks such as Senate Intelligence Committee Chairwoman Dianne Feinstein or Sens. Ron Wyden and Mark Udall, who have become icons of the surveillance-reform movement. The two Democrats said they wanted to strengthen the bill to require warrants for “backdoor” searches of Americans’ Internet data that can be incidentally collected during foreign surveillance hauls. Sources indicated that their support for the Freedom Act remains a bridge too far.

“We were told to go after Republicans,” one industry said.

Wyden and Udall’s reticence to publicly back Leahy’s bill may stem from a conviction that they can get a better deal next Congress, with Section 215 of the USA Patriot Act—the legal underpinning for the NSA’s phone-records collection—due to expire on June 1, 2015.

Without the left flank of the Senate, this wasn’t going to pass. But so long as this bill endorsed warrantless back door searches of Americans at the assessment stage, it wasn’t going to get those votes.

The story ends with a solitary quote purportedly representing the voices of “many” people.

But many see an NSA reform debate that rolls into next year as no sure bet, regardless of what party holds control of the Senate.

“If the USA Freedom Act is not passed this Congress, we are really in uncharted territory, and the process has to start all over again,” said Harley Geiger, senior counsel at the Center for Democracy & Technology, a pro-reform group. “All the elements for reform are in place now, but it just happens that we don’t have much time.”

Geiger is the same purpose mis-reading Clapper’s letter as a complete endorsement of the bill.

Note what doesn’t get mentioned in any of this, though?

The Courts.

Last we heard from the 2nd Circuit, it sounded very very skeptical that it was constitutional to, “collect everything there is to know about everybody and have it all in one big government cloud.” And while SCOTUS was happy to reverse precisely this court in Section 702, both ACLU’s standing and the details of the program are much clearer this time. Had Congress legislated quickly, it likely would moot this and several other challenges to this dragnet. 

This way, at least, the courts will be forced to determine whether it is actually legal for the government to conduct dossiers of every American and store them on a cloud.

Having Been Absolved by DOJ, CIA Now Admits They Illegally Spied on SSCI

/14 Comments/in /by

When Ron Wyden first asked John Brennan whether CIA had to comply with the Computer Fraud and Abuse Act, Brennan suggested they didn’t have to if they were conducting investigations.

The statute does apply. The Act, however, expressly “does not prohibit any lawfully authorized investigative, protective, or intelligence activity … of an intelligence agency of the United States.” 18 U.S.C. § 1030(f).

Then in March, after Senator Feinstein accused the CIA of improperly spying on her committee, Brennan claimed it was outside the realm of possibility.

As far as the allegations of, you know, CIA hacking into, you know, Senate computers, nothing could be further from the truth. I mean, we wouldn’t do that. I mean, that’s — that’s just beyond the — you know, the scope of reason in terms of what we would do.

Now that DOJ has decided not to investigate CIA’s illegal domestic spying, we learn it was well within the realm of possibility.

CIA employees improperly accessed computers used by the Senate Intelligence Committee to compile a report on the agency’s now defunct detention and interrogation program, an internal CIA investigation has determined.

Findings of the investigation by the CIA Inspector General’s Office “include a judgment that some CIA employees acted in a manner inconsistent with the common understanding reached between SSCI (Senate Select Committee on Intelligence) and the CIA in 2009,” CIA spokesman Dean Boyd said in a statement.

Brennan’s solution is to have corrupt hack Evan Bayh conduct an accountability review of the spying.

Mark Udall and Ron Wyden are furious. DiFi is less so. The Republicans on the Committee have been silent; apparently they’re okay with CIA breaching separation of powers.

And yet again, the CIA proves it refuses to subsist within democratic structures.

EO 12333 Threatens Our Democracy

/7 Comments/in /by

Among the many posts I’ve written about Executive Order 12333 — the order that authorizes all non-domestic spying — includes this post, where I noted that proposed changes to NSA’s phone dragnet won’t affect programs authorized by EO 12333.

Obama was speaking only about NSA’s treatment of Section 215 metadata, not the data — which includes a great amount of US person data — collected under Executive Order 12333.

[snip]

Section 215 metadata has different and significantly higher protections than EO 12333 phone metadata because of specific minimization procedures imposed by the FISC (arguably, the program doesn’t even meet the minimization procedure requirements mandated by the law). We’ve seen the implications of that, for example, when the NSA responded to being caught watch-listing 3,000 US persons without extending First Amendment protection not by stopping that tracking, but simply cutting off the watch-list’s ability to draw on Section 215 data.

Basically, the way NSA treats data collected under FISC-overseen programs (including both Section 215 and FISA Amendments Act) is to throw the data in with data collected under EO 12333, but add query screens tied to the more strict FISC-regulations governing production under it.

[snip]

NSA’s spokeswoman will say over and over that “everyday” or “ordinary” Americans don’t have to worry about their favorite software being sucked up by NSA. But to the extent that collection happens under EO 12333, they have relatively little protection.

That’s precisely the point made in an important op-ed by the State Department’s former Internet freedom chief, John Napier Tye, who had access to data from EO 12333 collection.

Bulk data collection that occurs inside the United States contains built-in protections for U.S. persons, defined as U.S. citizens, permanent residents and companies. Such collection must be authorized by statute and is subject to oversight from Congress and the Foreign Intelligence Surveillance Court. The statutes set a high bar for collecting the content of communications by U.S. persons. For example, Section 215 permits the bulk collection only of U.S. telephone metadata — lists of incoming and outgoing phone numbers — but not audio of the calls.

Executive Order 12333 contains no such protections for U.S. persons if the collection occurs outside U.S. borders.

[snip]

Unlike Section 215, the executive order authorizes collection of the content of communications, not just metadata, even for U.S. persons. Such persons cannot be individually targeted under 12333 without a court order. However, if the contents of a U.S. person’s communications are “incidentally” collected (an NSA term of art) in the course of a lawful overseas foreign intelligence investigation, then Section 2.3(c) of the executive order explicitly authorizes their retention. It does not require that the affected U.S. persons be suspected of wrongdoing and places no limits on the volume of communications by U.S. persons that may be collected and retained.

Read more

The Opinion Accompanying the Latest Dragnet Order

/1 Comment/in /by

As I noted on Friday, the Administration got a new phone dragnet order on the same day that Senators Wyden, Udall, and Heinrich pointed out that — so long as the Administration only wants to do what it claims to want to do — it could stop holding phone records right away, just as it implemented Obama’s 2-hop mandate and court review in February right away.

From ODNI’s announcement they got a new dragnet order Friday (which they congratulate themselves as a great show of transparency), it’s clear they have no intention of doing so. On the contrary, they’re going to hold out HR 3361 — and their unconvincing claim it ends bulk collection as normal people understand the term — with each new dragnet order.

After carefully considering the available options, the President announced in March that the best path forward is that the government should not collect or hold this data in bulk, and that it remain at the telephone companies with a legal mechanism in place which would allow the government to obtain data pursuant to individual orders from the FISC approving the use of specific numbers for such queries.  The President also noted that legislation would be required to implement this option and called on Congress to enact this important change to the Foreign Intelligence Surveillance Act (FISA).

Consistent with the President’s March proposal, in May, the House of Representatives passed H.R. 3361, the USA FREEDOM Act, which would, if enacted, create a new mechanism for the government to obtain this telephony metadata pursuant to individual orders from the FISC, rather than in bulk.  The bill also prohibits bulk collection through the use of Section 215, FISA pen registers and trap and trace devices, and National Security Letters.

Overall, the bill’s significant reforms would provide the public greater confidence in our programs and the checks and balances in the system, while ensuring our intelligence and law enforcement professionals have the authorities they need to protect the Nation.  The Administration strongly supports the USA FREEDOM Act.  We urge the Senate to swiftly consider it, and remain ready to work with Congress to clarify that the bill prohibits bulk collection as noted above, as necessary.

Given that legislation has not yet been enacted, and given the importance of maintaining the capabilities of the Section 215 telephony metadata program, the government has sought a 90-day reauthorization of the existing program, as modified by the changes the President announced earlier this year.

But here’s the bit I’m most struck by, particularly given that the government has not yet released the March 28, 2014 dragnet order which should be a slam dunk declassification process, given that its content has presumably all been released in the past.

In addition to a new primary order last Friday, FISC also wrote a memorandum opinion.

The Administration is undertaking a declassification review of this most recent court order and an accompanying memorandum opinion for publication.

I can think of two things that would explain a memorandum opinion: the program has changed in some way (perhaps they’ve changed how they interpret “selection term” or implement the automated process which they had previously never gotten running?), or the FISC considered some new legal issue before approving the dragnet.

As I noted last week, both US v. Quartavious Davis, in which the 11th Circuit ruled stored cell location data required a warrant), and US v Stavros Ganias, in which the 2nd Circuit ruled the government can’t use data it seized under an old warrant years later, might affect both the current and future dragnets, as well as other programs the NSA engages in.

Thing is, whatever the subject of the opinion, then it’d sure be nice to know what it says before we pass this legislation, as the legislation may have to correct the wacky secret decisions of the FISC (most members of Congress are still not getting unredacted dragnet orders). But if the last order is any indication, we won’t get this new order until months from now, long after the bill is expected to be rushed through the Senate.

Which is probably all by design.

Wyden, Udall, and Heinrich Call Obama’s Bluff

/2 Comments/in , /by

The three surveillance critics from the Senate Intelligence Committee — Ron Wyden, Mark Udall, and Martin Heinrich — wrote a letter to Obama on the developments in the NSA reform. Generally, they repeat exhortations that Wyden and Udall have already made in hearings to end the dragnet right now, as Obama has already claimed he wants to do.

I’m not entirely sure what to make of it, but I find some of the details in it to be of particular interest.

The Senators point out, for example, that several bills accomplish the goals Obama has publicly stated he’d support. Those bills include the original USA Freedom Act, and separate proposals advanced by both Udall and Wyden.

But they also include the original PATRIOT Reauthorization from 2005, which Dianne Feinstein once supported, as did a young Senator named Barack Obama (though the Senators don’t mention either of those details). Wyden has long pointed obliquely to when the Executive first started using PATRIOT to conduct dragnets, and the record shows the Executive withheld information about how it was using the PRTT authority from even the Intelligence Committees during the 2005 reauthorization. So the Senators may be nodding towards Executive refusal to respect the will of Congress with this mention.

The Senators then both question claims from Administration officials that “in the absence of new legislation, there is no plan to suspend the bulk collection of Americans’ phone records,” and express their doubts “that the version of the USA Freedom Act that recently passed the House of Representatives would actually ban the bulk collection of Americans’ records.”

While they repeatedly reiterate their support for legislative reform, they also lay out a plan by which the President can immediately end the dragnet. Here’s the part I find particularly interesting.

First, they say it is “highly likely” FISC would let them get 2-degrees of phone records, unless FISC has already prohibited that.

Unless the FISC has already rejected such a request from the government, it does not seem necessary for the executive branch to wait for Congress before taking action.

Isn’t this already included in current orders? Shouldn’t the Senators know if FISC has rejected such a request (especially Wyden, who has been on the committee through all this period)? Is Wyden saying it’s possible there’s something else limiting the dragnet? Is he pointing to a ruling he knows about?

Just as interesting, the Senators argue the Pen Register Authority — not Section 215 — could serve to carry out the prospective collection the bill claims to want to do.

FISC would likely approve the defined and limited prospective searches for records envisioned under your proposal pursuant to current USA PATRIOT Act Section 214 pen register authorities, given how broadly it has previous interpreted these authorities.

[snip]

Finally, although we have seen no evidence that the government has needed the bulk phone records collection program to attain any time-sensitive objectives, we agree that new legislation should provide clear emergency authorities to allow the government to obtain court approval of individual queries after the fact under specific circumstances. The law currently allows prospective emergency acquisitions of call records under Section 403 of the Foreign Intelligence Surveillance Act (FISA), and the acquisition of past records without judicial review under national security letter authorities.

Of course, the PRTT authority (cited twice here) should always have been the appropriate authority for this collection; we’ve just never learned why the government didn’t use that.

Basically, the Senators are laying out how the Executive could do precisely what it says it wants to do with existing authorities (indeed, with the PRTT authority that are actually targeted to the kind of record in question).

The Executive has all the authorities it needs, the Senators lay out, so why doesn’t it end the dragnet — achieve the reform it claims it wants — immediately?

We believe the way to restore Americans’ constitutional rights and their trust in our intelligence community is to immediately end the practice of vacuuming up the phone records of huge numbers of innocent Americans every day and permit the government to obtain only the phone records of people actually connected to terrorism or other nefarious activity. We support your March 27, 2014, proposal to achieve these goals, but we also view ending bulk collection as an imperative that cannot wait.

Damn! That’s a very good question! Obama moved immediately to implement his first reform proposal — advance FISC approval and limits to two hops — back in February. So why isn’t he moving immediately to implement the plan he says he wants now, as the Senators lay out he could well do under existing authorities?

It may be the Senators are just pressuring Obama to implement changes now, and nothing here is meant to point to some underlying issue.

But I wildarseguess that they’re trying to point out the differences between what they could do — under the PRTT orders they should have been using from the start — and what they want to do.

There’s one difference we can point to right away, after all: immunity. If all the government wanted to do was to obtain call detail records, then they wouldn’t need to give the telecoms immunity. That’s something they do every day. But there’s something they will do that has led the telecoms to demand immunity. That’s the stuff that goes beyond traditional PRTT activity.

Then there’s the stuff we don’t know about: the “connections” based chaining. As I’ve said, I don’t know what that entails. But it is an obvious explanation for why the telecoms need immunity — and for why a simple PRTT order won’t suffice.

One way or another, the Senators are calling Obama’s bluff. Obama says he wants nothing more than to obtain specific phone records going forward. If that’s true, he could make the change today. Yet the Executive is clear they can’t do that.

Update: One more detail. As Wyden’s release on this makes clear, today’s the day the March 28, 2014 phone dragnet order expires, so presumably the government got another one today. We’ve never seen that March 28 order, by the way.

Dianne Feinstein: I Believe Specific Selection Term Is Confusing

/3 Comments/in /by

In the Senate Intelligence Committee hearing on HR 3361 — which I call the USA Freedumber Act because it makes the dragnet worse in several ways — Dianne Feinstein used her opening statement to talk about the role of “specific selection term” in the bill.

She says, in part,

The problem comes with the definition of a “specific selection term,” which is not clear on its face and I believe it’s confusing.

I’m glad that Feinstein is concerned about the same thing I’ve been focusing on for a month.

The problem with trying to prevent “bulk collection” using the definition of selection term — even aside from the fact that the Intelligence Community understands “bulk collection” to mean something entirely different from what normal people understand it to mean — is that it will be abused.

We didn’t even get out of the hearing without such cynicism. At the hearing, Deputy Attorney General James Cole assured Martin Heinrich and Mark Udall that statements in the legislative record indicating a desire to limit such collection would prevent any abuse. This is the same DAG whose DOJ argued — just the day before!!! — that the legislative record of FISA, which clearly indicates the congressional intent that some defendants will get to review their FISA applications, should be ignored in favor of the 36 year history during which no defendants got such review.

Cole’s comments are all the proof we need that the Executive cannot be trusted to cede to Congress’ wishes (not to mention that the legislative record is far more ambivalent than Cole pretended).

So I’m grateful Feinstein is trying to tighten the definition (though I don’t think that is the workable way to improve the bill).

But I’m a bit confused by Feinstein’s confusion.

You see, as I noted some weeks ago, the term “selection term” is already used for Section 215, and has been for at least a year. And at least in phone dragnet Primary Order standard references to FISA content orders (that is, to traditional FISA warrants and the like), they’re using “selection term” as well.

The intelligence community and the FISA Court already have some common understanding of what “selection term” means — and Primary Orders appear to define the term in a classified-to-us-but-not-Feinstein footnote — and yet Feinstein is confused about what “specific selection term” might mean?

Granted, “selection term” is slightly different than “specific selection term.” Still, given that the “selection term” appears to be defined — and used — in the existing program, I would hope that Senator Feinstein would have some clarity about what it means.

Perhaps the way to start this discussion is to publicly explain how the IC is currently using “selection term”?

Snowden’s Emailed Question Addresses One Abuse Revealed by His Leaks

/34 Comments/in , /by

In an effort to rebut Edward Snowden’s claims that he raised concerns via proper channels, NSA just released an email Snowden sent to NSA’s Office of General Counsel. The email reveals their own training is not clear about something central to Snowden’s leaks: whether laws passed by Congress take precedence over EO 12333.

In the email, Snowden describes a training program on USSID 18, NSA’s internal guidelines on protecting US person data. Snowden’s email reads, in part,

Hello, I have a question regarding the mandatory USSID 18 training.

The training states the following:

________

(U) The Hierarchy of Governing Authorities and Documents is displayed from the highest authority to the lowest authority as follows:

U.S. Constitution

Federal Statutes/Presidential Executive Orders (EO)

[snip]

________

I’m not entirely certain, but this does not seem correct, as it seems to imply Executive Orders have the same precedence as law. My understanding is that EOs may be superseded by federal statute, but EOs may not override statute.

An NSA lawyer wrote back (in part),

Executive Orders (E.O.s) have the “force and effect of law.” That said, you are correct that E.O.s cannot override a statute.

The NSA has not revealed whether Snowden called the lawyer with further questions, as he invited Snowden to do. Nor have they said this email to Office of General Counsel is the only email Snowden sent (only that it’s the only one he sent to OGC).

Nevertheless, the email is really suggestive, particularly as it took place when Snowden had already started downloading a slew of information.

That’s because Snowden’s documents (and documents released in response to his leaks) reveal NSA has repeatedly used EO 12333 to push the limits of laws passed by Congress, if not to evade the law altogether.

Here are just two of numerous examples:

NSA Avoids Stricter Minimization Procedures Under the Phone Dragnet: The NSA has fairly strict minimization procedures under the Section 215-authorized phone dragnet, but only NSA’s internal rules (USSID 18) for the EO 12333-authorized phone dragnet. Nevertheless, for the first 3 years of the FISA-authorized program, NSA didn’t follow their Section 215 rules, instead applying the less stringent rules of USSID 18 (effectively letting a DOD Directive supersede the PATRIOT Act). In one of their most egregious violations discovered in 2009, they watch listed 3,000 US persons without giving those people the required First Amendment review, as required by minimization procedures written to fulfill the law. But instead of purging those records upon discovery (or even stopping the watchlisting), they just moved them into the EO 12333-only category. They just kept spying on the US persons using only data collected under EO 12333.

And these 2009 violations are not isolated. At least as recently as 2011, the NSA was still engaging in this authority arbitrage; a training program from that year makes it clear NSA trained analysts to re-run queries under EO 12333, if possible, to get around the dissemination requirements of Section 215. (Update: I’m not saying this particular arbitrage is illegal; it’s not. But it does show how NSA games these authorities.)

NSA Collects US Person Content by Getting It Overseas: Because of the structure of the Internet, a great deal of US person data exists overseas. We’ve seen discussion of this US person data overseas including at least email content, address books, videocam images, and location. But because NSA collects this via dragnet, not targeted collection, it claims it is not targeting any American, even though it permits the searching of EO 12333 data for US person content, apparently without even Reasonable Articulable Suspicion. And because it is not targeting Americans under their dragnet and back door loopholes, it does not apply FISA Amendment Act restrictions on collecting US person data overseas under Sections 703, 704, and 705. Effectively, it has the ability to avoid those restrictions entirely by using EO 12333 as a dodge.

I’m not the only one concerned about this: at a hearing in February, both Dianne Feinstein and (at more length) Mark Udall raised concerns with National Security Division Assistant Attorney General John Carlin, suggesting some of this EO 12333 data should be treated according to FISA. Carlin — who is supposed to be a key player in overseeing NSA — showed no interest in doing so.

In both these questions, NSA did not allow laws to take precedence over EO 12333. On the contrary, NSA just created ways that it could apply EO 12333 and ignore the law that should have or might have applied.

Not only does Snowden’s question make it clear that the NSA doesn’t make the precedence of law over EO 12333 clear in training, but the lawyer’s response was rather ambiguous on this point as well.

One thing we’ve learned from Snowden’s leaks is that the Executive is (at a minimum) evading the intent of Congress on some of its treatment of US person data. And by releasing this email as part of a pissing contest with Snowden, NSA has made it clear that’s by design, even in their most core training program.

NSA is not telling its analysts that laws passed by Congress — even those offering protection to US person data — must take precedence over the looser protections under EO 12333. Which may be why they’re comfortable collecting so much US person data under EO 12333.

Update: According to Snowden, I’m absolutely right.

Today’s release is incomplete, and does not include my correspondence with the Signals Intelligence Directorate’s Office of Compliance, which believed that a classified executive order could take precedence over an act of Congress, contradicting what was just published. It also did not include concerns about how indefensible collection activities – such as breaking into the back-haul communications of major US internet companies – are sometimes concealed under E.O. 12333 to avoid Congressional reporting requirements and regulations.

Causing Exceptionally Grave Harm to National Security by FOIAing FOIA Process

/6 Comments/in /by

Jason Leopold has a new article at the Guardian based off a FOIA of NSA’s FOIA process. Perhaps the funniest part of the documents he received, however, is the number of times the NSA claimed its own discussion of FOIA process — including praise for the FOIA responders! — was Top Secret, suggesting revealing details would cause exceptionally grave harm to national security.

NSA FOIA Praise

 

 

That said, I think there’s a missing piece to this puzzle (and hope Leopold pursues it when he makes his inevitable appeal of some of these redaction decisions).

On June 11, NSA’s Chief of FOIA Office Pamela Phillips raised the possibility of having “a paper or sheet of unclassified facts that could be provided to the public.” (See PDF 1) She repeated that request on June 17. (See PDF 3) I believe that is separate from the efforts to come up with a standard Glomar letter (that discussion, incidentally, is redacted in some enormously interesting ways).

But I’m particularly interested in a redaction in an email from Deputy Chief of Staff Trumbull Soule to Associate Director for Policy and Records David Sherman and then Media Leaks Task Force head and now Deputy Director of NSA Richard Ledgett, and cc’ed to Phillips and (among at least 12 others) NSA General Counsel Raj De on June 26.

That’s because that email got sent on the day after the NSA had to pull what I believe was that unclassified fact sheet, which NSA first posted on June 18, after Ron Wyden and Mark Udall wrote a letter, on June 24, to Keith Alexander noting two problems with the letter, in that it misleadingly suggested,

  • NSA had the ability to determine how many Americans had been collected under Section 702
  • NSA may not search on the records of Americans (back door searches)

In addition, the letter had a classified attachment that, I suspect, noted that John Bates’ response to the upstream problems did not require the destruction of entirely domestic communications.

NSA withdrew the fact sheet from its website sometime before 1 PM on June 25.

Now, it may just be a coinkydink that the highest level of discussion among these emails come on that particular day (though I assume NSA withheld a bunch of emails). But I do find the timing rather interesting.