Posts

Wyden/Udall: If Intelligence Community Is Dumb Rather than Malicious, Why Should We Trust Them?

/16 Comments/in /by

Ron Wyden and Mark Udall just released a second statement on last week’s Section 215 dragnet document dump, taking the intelligence community’s excuse — that no one really knew what these programs were doing — at face value.

If the IC is dumb rather than malicious, they ask, why should we take their word on the value of the programs?

The intelligence community’s defense was that these violations were occurring because no one had a full grasp of how the bulk collection program actually worked.

If the assertion that ineptitude and not malice was the cause of these ongoing violations is taken at face value, it is perfectly reasonable for Congress and the American people to question whether a program that no one fully understood was an effective defense of American security at all. The fact that this program was allowed to operate this way raises serious concerns about the potential for blind spots in the NSA’s surveillance programs. It also supports our position that bulk collection ought to be ended.

The government’s misrepresentations inevitably led to the Foreign Intelligence Surveillance Court being consistently misinformed as it made binding rulings on the meaning of U.S. surveillance law. This underscores our concern that intelligence agencies’ assessments and descriptions about particular collection programs — even significant ones — are not always accurate. It is up to Congress, the courts and the public to ask the tough questions and require intelligence officials to back their assertions up with actual evidence. It is not enough to simply defer to these officials’ conclusions without challenging them. [my emphasis]

Though I get the feeling that Wyden and Udall aren’t buying this “dumb not malicious” line.

ACLU [and congress] Has Standing to Know What It Is Debating

/8 Comments/in , /by

It is fundraising week(ish) here at Emptywheel. If you can, please support the site

In superb news, the FISA Court has agreed to release to ACLU whatever Section 215 opinions are not already covered by a 2011 FOIA suit ACLU filed in Southern District of New York.

 In an important decision, the Foreign Intelligence Surveillance Court ordered the government to review for release the court’s opinions on the meaning, scope, and constitutionality of Section 215 of the Patriot Act. The ruling is on a motion filed by the American Civil Liberties Union, the ACLU of the Nation’s Capital, and Yale Law School’s Media Freedom and Access Information Clinic. Section 215, which authorizes the government to obtain “any tangible things” relevant to foreign-intelligence or terrorism investigations, is the claimed legal basis for the NSA’s mass phone records collection program.

“We are pleased that the surveillance court has recognized the importance of transparency to the ongoing public debate about the NSA’s spying,” said Alex Abdo, staff attorney with the ACLU National Security Project. “For too long, the NSA’s sweeping surveillance of Americans has been shrouded in unjustified secrecy. Today’s ruling is an overdue rebuke of that practice. Secret law has no place in our democracy.”

The decision was based on a determination that, since ACLU is so central in these debates, it has standing to make such a request.

The Court ordinarily would not look beyond information presented by the parties to find that a claimant has Article III standing. In this case, however, the ACLU’s active participation in the legislative and public debates about the proper scope of Section 215 and the advisability of amending that provision is obvious from the public record and not reasonably in dispute. 11 Nor is it disputed that access to the Section 215 Opinions would assist the ACLU in that debate. The Court therefore concludes that the ACLU has satisfied that requirement. See, Ohio Citizen Action v. City of Englewood, 671 F.3d 564, 579 (6th Cir. 2012). Accordingly, the Court finds that the withholding from the ACLU of the Section 215 Opinions constitutes a concrete and particularized injury in fact to the ACLU for purposes of Article III standing.

11 See e.g., Michelle Richardson, Legislative Counsel, ACLU Washington Legislative Office, Misdirection: The House Intelligence Committee’s Misleading Patriot Act Talking Points (June 20, 2013) (https://www.aclu.org/blog/national-security/misdirection-house-intelligencecommittees-misleading-patriot-act-talking); Testimony of Jameel Jaffer, Deputy Legal Director of the ACLU Foundation, and Laura W. Murphy, Director, Washington Legislative Office, ACLU, before the Senate Judiciary Committee Hearing on Strengthening Privacy Rights and National Security:

In truth, after Monday’s document dump, this decision may be more about precedent than expanded releases. Because it is limited to substantive decisions on Section 215 — and wouldn’t include every time a judge pulls more hair out upon being informed of yet another “violation” — there may not be many more decisions to release (unless, as I have wondered, there have been significant violations since 2009).

But there is another part of this decision that may be even more important, from the standpoint of precedent. It gives this brief nod to the amici, calling out the Members of Congress specifically (the other amici were journalism organizations, which, like the third party with ACLU, Media Freedom and Information Access Clinic, might have been denied standing), for its claim to standing.

Assuming that there are such Section 215 Opinions that are not at issue in the FOIA litigation, movants and amici have presented several substantial reasons why the public interest might be served by their publication.

[snip]

Congressional amici emphasize the value of public information and debate in representing their constituents and discharging their legislative responsibilities.

Remember, the Congressional amici argued they can’t do their job without being able to discuss public FISC opinions.

Notwithstanding the compelling public interest in an open debate about the scope and propriety of government surveillance programs authorized under FISA, even the amici — Members of the U.S. Congress — cannot meaningfully participate in that public debate so long as this Court’s relevant decisions and interpretations of law remain secret. Read more

Have There Been Significant Phone Dragnet Violations Since 2009?

/4 Comments/in , /by

As I laid out in more obscure fashion here, there are slight — but interesting — differences between how the 2009 Congressional notice, the 2011 Congressional notice, and the 2013 White Paper on the PATRIOT Act dragnet(s) describe the compliance problems. I’ve laid out all three below.

I’ll have more to say about the differences in a follow-up. But for the moment, note that the White Paper released 11 days ago doesn’t date the compliance issues.

Since the telephony metadata collection program under Section 215 was initiated, there have been a number of significant compliance and implementation issues that were discovered as a result of DOJ and ODNI reviews and internal NSA oversight.

The 2009 one doesn’t either — though it does reveal that the government was only just briefing the FISC that September on its compliance fixes when Silvestre Reyes first asked for this notice (they stalled almost 3 months in responding to him), at least suggesting the recentness of the discovery. The 2011 notice limits the compliance issues to 2009, though.

In 2009, a number of technical compliance problems and human implementation errors in these two bulk collection programs were discovered

Note, too, the different descriptions of the FISC response. Both the 2009 and 2011 assure Congress that the FISC, along with the Executive, found no evidence of bad-faith or intentional violations.

However, neither the Department, NSA nor the FISA Court has found any intentional or bad-faith violations.

The 2011 also reveals that the FISC imposed restrictions on the program — restrictions that surely were in place in March 2009, when Dianne Feinstein and Kit Bond tried to start the PATRIOT Reauthorization program  and may still have been in place in September 2009 (there were notices to Congress about the program on February 25, April 10, May 7, June 29, September 3, and September 10, 2009, and briefing materials sent to FISC on the program on September 1, September 18, and sometime in October).

Nice of DOJ to tell Congress that two years after the fact.

The White Paper, however, describes the FISC response — at times — quite differently. It makes no claim about whether FISC found intentional violations. And it reveals the FISC has, on occasion, “been critical” of both the compliance problems and the government’s court filings.

The FISC has on occasion been critical of the Executive Branch’s compliance problems as well as the Government’s court filings. However, the NSA and DOJ have corrected the problems identified to the Court, and the Court has continued to authorize the program with appropriate remedial measures.

Not only is there no claim that the FISC found no bad-faith problems, but it now reveals that “on occasion” the FISC has been critical — critical about both the problems and the the government’s claims about the problems.

There are several possible explanations for the difference in language.

Perhaps, for example, the government revealed FISC’s critical stance because it knew the FISC would read this White Paper, along with the rest of us, whereas the Congressional notifications would originally have never been seen by the FISC. Thus, the Administration would have reason to be far more frank about the FISC’s response than it did in the past.

But in conjunction with the silence about the date of these compliance problems, I do wonder whether FISC has grown more critical since 2011. After all, if there have been violations since this apparently extended effort in 2009 to fix compliance issues, wouldn’t it make the Court crankier?

One more thing to keep in mind. Read more

21% of the Database Query Errors in NSA Report Involved the Phone Internet Dragnet Database

/12 Comments/in , /by

Screen shot 2013-08-16 at 12.39.09 PMUpdate: as Mindrayge notes, Marina appears in NSA slides as Internet, not phone metadata (and that’s how Ambinder refers to it here). There are some oddities, then, but I am changing this post accordingly.

As I noted in this post, the May 3, 2012 audit of NSA’s violations falsely suggests “roamer” problems were the cause of an increase in incidents, rather than database query errors, transit collection, and detask problems.

Database query errors are basically when an analyst collects too much data because she doesn’t exclude data that should be excluded, she ran a query believing it was appropriate because she had too little information on it, or she ignored standard operating procedures.

In addition to telling us how many database query problems there were, the report tells us which NSA databases they involved. As the figure above notes, 24 of those errors involved the MARINA database. There were actually 115 total query errors — 4 involved multiple databases — which means 21% of the database query errors involve MARINA.

As Marc Ambinder and others have reported, MARINA is the name of the Section 215 phone records dragnet database.

The telephone metadata is stored in a database called MARINA, which keeps these records for at least five years.

In other words, a fifth of the database query errors in the first quarter of 2012 were on the US phone Internet record dragnet database — the one the government has been claiming is so carefully guarded.

[If Mainway is just Internet metadata, then we don’t know the number of queries.]

Not only that, but we have a rough idea of how common query errors on this database are. The government has told us that queries were made on fewer than 300 identifiers in 2012. While it’s not a one-to-one comparison (some identifiers would have been run more than once), that means perhaps as many as 8% of the queries on the dragnet database involved some kind of error, including errors like not following procedures. And that’s assuming analysts didn’t keep making errors with the database at the same rate they did in the first quarter: if they kept up the same error pace, the error rate might be closer to 32%

But don’t worry, the government tells us, our phone record data are safe, even with a potential error rate of 32% accessing that data.

Update: LAT’s Ken Dilanian, who listened to a conference call NSA just had, just tweeted this:

NSA’s DeLong will not say how often NSA makes privacy errors when it queries US phone records database. But less than 30%, he says.

I asked is the rate between 8 and 30%, and he said 30% isn’t right. So, you may be on to something.

Less than 30%?!?!? That suggests it is probably far higher than even I imagined. Even if it was 8% it would be unacceptably high. But if it’s at the higher end of the possible range, it is unbelievably high.

Update: Ron Wyden and Mark Udall have issued a statement on this. Among other statements, they emphasize that Americans need to know about the phone and Internet dragnet violations.

Americans should know that this confirmation is just the tip of a larger iceberg.

[snip]

In particular, we believe the public deserves to know more about the violations of the secret court orders that have authorized the bulk collection of Americans’ phone and email records under the USA PATRIOT Act.

Given the potential numbers of phone dragnet violations, I should say so.

Update: Fixed “a fifth” for “a quarter.” Now I’m making NSA type simple math errors!

This Independent Technical Review Group Brought to You By the Booz Allen Hamilton Director of National Intelligence™

/31 Comments/in , /by

When Obama announced Friday the formation of a technical advisory group to review our SIGINT programs, I naively believed “outside” and “independent” meant “outside” and “independent.”

Fourth, we’re forming a high-level group of outside experts to review our entire intelligence and communications technologies. We need new thinking for a new era. We now have to unravel terrorist plots by finding a needle in the haystack of global telecommunications. And meanwhile, technology has given governments — including our own — unprecedented capability to monitor communications.

So I am tasking this independent group to step back and review our capabilities — particularly our surveillance technologies. And they’ll consider how we can maintain the trust of the people, how we can make sure that there absolutely is no abuse in terms of how these surveillance technologies are used, ask how surveillance impacts our foreign policy — particularly in an age when more and more information is becoming public. And they will provide an interim report in 60 days and a final report by the end of this year, so that we can move forward with a better understanding of how these programs impact our security, our privacy, and our foreign policy. [my emphasis]

I also naively believed this was an effort to take up Ron Wyden and Mark Udall’s call to get an independent review of the program, which the rest of the Senate Intelligence Committee thwarted a year ago.

We also proposed directing the committee’s Technical Advisory Group to study FISA Amendments Act collection and provide recommendations for improvements. We were disappointed that our motion to request that the Technical Advisory Group study this issue was ruled by our colleagues to be out of order.

Nope!

In the memo Obama just released ordering James Clapper to form such a committee, those words “outside” and “independent” disappear entirely.

I believe it is important to take stock of how these technological advances alter the environment in which we conduct our intelligence mission. To this end, by the authority vested in me as President by the Constitution and the laws of the United States of America, I am directing you to establish a Review Group on Intelligence and Communications Technologies (Review Group).

The Review Group will assess whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust. Within 60 days of its establishment, the Review Group will brief their interim findings to me through the Director of National Intelligence (DNI), and the Review Group will provide a final report and recommendations to me through the DNI no later than December 15, 2013. [my emphasis]

And neither Obama nor the Intelligence Committees get to hear from this Group themselves. It all goes through James Clapper.

What on Friday was an outside and independent group is now branded by the Director of National Intelligence as the Director of National Intelligence Group.

At the direction of the President, I am establishing the Director of National Intelligence Review Group on Intelligence and Communications Technologies to examine our global signals-intelligence collection and surveillance capability.

The Review Group will assess whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust.

Huh. It took exactly 72 hours for that good idea to fizzle into a navel gaze directed by the guy who lies to Congress.

Did NSA Interpret Adverse FISC Fourth Amendment Ruling as Permission to Search American Contacts?

/3 Comments/in , /by

Finally! The backdoor!

The Guardian today confirms what Ron Wyden and, before him, Russ Feingold have warned about for years. In a glossary updated in June 2012, the NSA claims that minimization rules “approved” on October 3, 2011 “now allow for use of certain United States person names and identifiers as query terms.”

A secret glossary document provided to operatives in the NSA’s Special Source Operations division – which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies – details an update to the “minimization” procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US.

“While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data,” the glossary states, “analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence].”

The term “identifiers” is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.

The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.

The Guardian goes on to quote Ron Wyden confirming that this is the back door he’s been warning about for years.

Once Americans’ communications are collected, a gap in the law that I call the ‘back-door searches loophole’ allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans.

But the Guardian is missing one critical part of this story.

The FISC Court didn’t just “approve” minimization procedures on October 3, 2011. In fact, that was the day that it declared that part of the program — precisely pertaining to minimization procedures — violated the Fourth Amendment.

So where the glossary says minimization procedures approved on that date “now allow” for querying US person data, it almost certainly means that on October 3, 2011, the FISC court ruled the querying the government had already been doing violated the Fourth Amendment, and sent it away to generate “an effective oversight process,” even while approving the idea in general.

And note that FISC didn’t, apparently, require that ODNI/DOJ come back to the FISC to approve that new “effective oversight process.”

Consider one more thing.

As I have repeatedly highlighted, the Senate Intelligence Committee (and the Senate Judiciary Committee, though there’s no equivalent report) considered whether to regulate precisely this issue last year when extending the FISA Amendments Act.

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession. The Department of Justice and Intelligence Community reaffirmed that any queries made of Section 702 data will be conducted in strict compliance with applicable guidelines and procedures and do not provide a means to circumvent the general requirement to obtain a court order before targeting a U.S. person under FISA.

But in spite of Ron Wyden and Mark Udall’s best efforts — and, it now appears, in spite of FISC concerns about precisely this issue — the Senate Intelligence Committee chose not to do so.

This strongly suggests that the concerns FISC had about the Fourth Amendment directly pertained to this backdoor search. But if that’s the case, it also suggests that none of NSA’s overseers — not the Intelligence Committees, not ODNI/DOJ, and not FISC — have bothered to actually close that back door.

I Told You So, It’s about Cybersecurity Edition

/14 Comments/in , , , /by

When James “Least Untruthful” Clapper released the first version of PRISM success stories and the most impressive one involved thwarting specific cyberattacks, I noted that the NSA spying was about hackers as much as terrorists.

When  “Lying Keith” Alexander answered a question about hacking China from George Stephanopoulos by talking about terror, I warned that these programs were as much about cybersecurity as terror. “Packets in flight!”

When the Guardian noted that minimization procedures allowed the circulation of US person communications collected incidentally off foreign targets if they were “necessary to understand or assess a communications security vulnerability,” I suggested those procedures fit cybersecurity targets better than terror ones.

When Ron Wyden and Mark Udall caught Lying Keith (again) in a lie about minimization, I speculated that the big thing he was hiding was that encrypted communications are kept until they are decrypted.

When I compared minimization procedures with the letter of the law and discovered the NSA had secretly created for itself the ability to keep US person communications that pose a serious threat to property (rather than life or body), I suggested this better targeted cyber criminals than terrorists.

When Joel Brenner suggested Ron Wyden was being dishonorable for asking James Clapper a yes or no question in March 2013, I noted that Wyden’s question actually referred to lies Lying Alexander had told the previous year at DefCon that hid, in part, how hackers’ communications are treated.

When the Guardian happened to publish evidence the NSA considers encryption evidence of terrorism the same day that Keith Alexander spokes to a bunch of encrypters exclusively about terrorism, I suggested he might not want to talk to those people about how these programs are really used.

And when I showed how Lying Keith neglected his boss’ earlier emphasis on cyber in his speech to BlackHat in favor of terror times 27, I observed Lying Keith’s June exhortation that “we’ve got to have this debate with our country,” somehow didn’t extend to debating with hackers.

I told you it would come to this:

U.S. officials say NSA leaks may hamper cyber policy debate

Over two months after Edward Snowden’s first disclosures, the cyberwarriors are now admitting disclosures about how vast is NSA’s existing power — however hidden behind the impetus of terror terror terror — might lead Congress to question further empowering NSA to fight cyberwar.

I told you so. Read more

Wyden: We Proved that “Unique” and “Vital” Information Wasn’t in 2011

/7 Comments/in , /by

I should have some analysis on the documents James Clapper released yesterday.

But it’s worth pointing to Ron Wyden’s analysis. He notes that the two documents on bulk collection programs — one from 2009 and one from 2011, both of which covered the Internet and phone metadata programs — both boasted of how unique and valuable the information was.

The briefing documents that were provided to Congress in December 2009 and February 2011 clearly stated that both the bulk email records and bulk phone records collection programs were “unique in that they can produce intelligence not otherwise available to NSA.” The 2009 briefing document went on to state that the two programs “provide a vital capability to the Intelligence Community,” and the 2011 briefing document stated that they provided “an important capability.”

The problem is, by the end of 2011, Wyden and Mark Udall had been able to prove that the Intelligence Community had oversold the value of the Internet metadata program, which led to its termination.

Senator Mark Udall and I have long been concerned about the impact of bulk collection on Americans’ privacy and civil liberties, and we spent a significant portion of 2011 pressing the Intelligence Community to provide evidence to support the claims that they had made about the bulk email records program. They were unable to do so, and the program was shut down due to a lack of operational value, as senior intelligence officials have now publicly confirmed.

This experience demonstrated that intelligence agencies’ assessments of the usefulness of particular collection programs – even significant ones – are not always accurate.

So while the government thought these documents would prove how controlled these programs are (aspects of them don’t), Wyden demonstrates that they show the IC lies about the usefulness of programs when they talk to Congress about them.

Which is, Patrick Leahy suggested in yesterday’s hearing, what the IC appears to be doing when invoking 54 plots to justify the 215 phone dragnet, which has only been tied to 12 plots.

Which is an interesting dynamic to proceed today’s meeting between Obama, Wyden, Udall, Dianne Feinstein, Saxby Chambliss, Bob Goodlatte, James Sensenbrenner, Dutch Ruppersberger, and Mike Rogers.

The presence of Sensenbrenner is key: to the extent they still exist, he’s a mainstream Republican. And he’s furious about the 215 program that he himself shepherded through Congress in 2006. So I would assume today’s meeting is an effort to develop the White House’s plan to phase out the dragnet.

All that said, Obama has clearly gamed the results, by inviting more of the surveillance champions than he did critics (and apparently House Democrats don’t count anymore).

Obama probably won’t see this through his bubble, but the day before this meeting Wyden demonstrated that the basis for the rosy tales DiFi and the other Gang of Four members are telling are claims from the IC that have since been discredited.

Is THIS What Wyden Meant by “Allowing the NSA to Deliberately Search for Records of Particular Americans”?

/34 Comments/in , /by

A month ago, I noted that after Ron Wyden and Mark Udall criticized Keith Alexander for suggesting the NSA could not deliberately search the records of specific Americans, the NSA Director withdrew the white sheet implying such a claim.

The latest report from Glenn Greenwald, describing how XKeyscore allows analysts — with no court review or other oversight — to review already collected information by indexing on metadata.

The purpose of XKeyscore is to allow analysts to search the metadataas well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a “selector” in NSA parlance) associated with the individual being targeted.

Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.

One document notes that this is because “strong selection [search by email address] itself gives us only a very limited capability” because “a large amount of time spent on the web is performing actions that are anonymous.”

The NSA documents assert that by 2008, 300 terrorists had been captured using intelligence from XKeyscore.

Analysts are warned that searching the full database for content will yield too many results to sift through. Instead they are advised to use themetadata also stored in the databases to narrow down what to review.

A slide entitled “plug-ins” in a December 2012 document describes the various fields of information that can be searched. It includes “every email address seen in a session by both username and domain”, “every phone number seen in a session (eg address book entries or signature block)” and user activity – “the webmail and chat activity to include username, buddylist, machine specific cookies etc”.

[snip]

One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications. Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:

Now, one of the graphics included with the story has a drop down menu recording how the analyst decided the target of this collection was outside the US. That is, it should exclude US persons and others located within the US. So I’m not convinced this is what Wyden and Udall referred to (unless there’s a way to get to targets’ interlocutors I can’t immediately identify).

But if analysts can access information this easily I can understand why the Senators would be so concerned.

 

Ignatius Has Become a “Choice between Security and Privacy” Stenographer

/19 Comments/in , /by

David Ignatius should be ashamed about this column. Even by his standards, it serves simply as stenography for the buzzwords top security officials have fed him, such that he repeats lines like this without any critical thinking.

Gen. Keith Alexander and other top NSA officials are considering ways they could reassure the public without damaging key programs, according to U.S. officials. They think that forcing Congress to decide between security and privacy is an unfair choice, since the country would lose either way. They’d like an agreement that protects both, but that’s a tall order. [my emphasis]

Remember: we’re talking about the Section 215 dragnet, not the (according to all players) far more valuable Section 702 collection. Even according to the government, it has only come into play in 13 terrorist cases. The only one the government can describe where it has been crucial involves indicting a man the FBI determined was not motivated by terrorism but rather tribal affiliation sending less than $10,000 to al-Shabaab three and a half years earlier.

And yet Ignatius uncritically repeats that requiring the government to use more specificity with its collections would present Congress the “unfair choice” of “deciding between security and privacy.”

So it should be no surprise that Ignatius uncritically repeats other details of the program. For example, Ignatius claims this involves only two-hop analysis, when we know it can go three hops (and therefore millions of people) deep.

When the agency identifies a suspicious number in, say, Pakistan, analysts want to see who that person called in the United States and who, in turn, might have been contacted by that second person.

Ignatius doesn’t note the descriptions — from both Edward Snowden and James Clapper — that they then use this metadata to index previously collected communications. That’s because he’s too busy repeating that we don’t “record” these collections, as if we’d have to.

Then finally there’s Ignatius’ claim that SWIFT (the record of international financial transfers) presents a viable alternative to the dragnet program. As I have reported, when the EU finally got to audit what the US had been doing with SWIFT, they discovered the real content of the queries was transmitted verbally, making it impossible to audit the use.

Thus far, no one has explained whether the queries and underlying articulable suspicion gets automatically recorded or — as happened with one of the precursors to this program — manually in hardcopy form. If it’s the latter (which I will assume until someone asserts differently) it is prone to the same kind of large scale documentation lapses that could hide a great deal of improper use of the dragnet. Which, given Ron Wyden and Mark Udall’s insistence that the problems have been more problematic than James Clapper lets on, could well be the case.

All of these are issues anyone with Ignatius’ access might want to answer.

Alternately, that access may now serve to do no more than produce “security or privacy” automatons, repeating the obviously false cant Ignatius has here.