Posts

Six Data Points about the CIA Dragnet

Last week, Ron Wyden and Martin Heinrich released a declassified letter they wrote last April, describing a CIA bulk program that had not been fully briefed to the Intelligence Committees, which violated the spirit and understanding of efforts to shut down bulk collection.

This history demonstrates Congress’s clear intent, expressed over many years and through multiple pieces of legislation, to limit, and in some cases, prohibit the warrantless collection of Americans’ records, as well as the public’s intense interest in and support for these legislative efforts. And yet, throughout this period, the CIA has secretly conducted it own bulk program [redacted]. It has done so entirely outside the statutory framework that Congress and the public believe govern this collection, and without any of the judicial, congressional or even executive branch oversight that comes with FISA collection.

I’ve been hesitating writing about it. That’s true, because it’s not the least little surprise to me. I’ve written a series of pieces describing how the self-congratulatory pieces claiming legislation passed in the wake of Snowden’s leaks won’t do what they say. I pointed out some of what PCLOB was likely to find when they started this review.

Then there’s bullet 4, which suggests CIA and/or NSA are collecting “within the United States or from U.S. companies.”

With regards collection “within the US,” Mayer’s post is helpful here too, pointing to loopholes for wireless and satellite communication.

The law that results is quite counterintuitive. If a communication is carried by radio waves, and it’s one-end foreign, it falls under Executive Order 12333. If that same communication were carried by a wire, though, it would fall under FISA. (Specifically, the Section 702 upstream program.)

As for how this Executive Order 12333 authority might be used beyond satellite surveillance, I could only speculate. Perhaps intercepting cellphone calls to or from foreign embassies?12 Or along the national borders? At any rate, the FISA-free domestic wireless authority appears to be even broader than the Transit Authority.

As far as collection outside the US, this may simply be a reference to providers voluntarily providing data under 18 U.S.C. § 2511(2)(f), as we know at least some of the telecoms do.

I pointed out that a consideration of the risks of surveillance under EO 12333 to US persons had to consider CIA’s use of it (then got yelled at because I pointed out enormous blindspots in “expert” reports). I noted that when cautioning about the dragnet Donald Trump would wield, you had to consider EO 12333.

I mean, there’s been a whole lot of self-congratulation since Snowden. And it has all been just that, something to brag to donors about. Because EO 12333 was always out there, and it was always possible to do virtually all of what Snowden exposed in the Section 215 program via EO 12333.

Add that to the list of unpopular things I have said over the years that leads “experts” to prefer to ignore me.

So I assume this will be ignored like all those other warnings of precisely this moment.

Here’s where I would propose to go find the CIA dragnet.

CIA always wanted to restore its Stellar Wind component

First, remember there was a CIA component to Stellar Wind, the first dragnet set up for counterterrorism (which this program is). CIA had to do its own IG Report on Stellar Wind.

Remember that one of Bill Binney’s gripes about how NSA repurposed his surveillance was that they eliminated the encryption hiding US person identifiers, effectively making it easy to spy on US persons.

Now consider that on July 20, 2004, the CIA took the lead on pushing for the adoption of “supplemental procedures” allowing the analysis of US person metadata under EO 12333. July 20, 2004 was days after Jack Goldsmith, who had shut down parts of Stellar Wind, resigned, and the agencies immediately moved to start turning all the programs he had shut down (including both surveillance and torture) back on.

It took years to restore that access to US person data (I have a theory that Alberto Gonzales was fired because he refused to reauthorize it). But starting in 2007, expanding  in 2009 (at a time when the Section 215 program was under threat), and then fully implementing in 2011 (after NSA had to shut down the PRTT program knowing full well it violated John Bates upstream order), SPCMA was rolled out.This meant that, so long as data was collected via whatever means overseas, US person metadata could be included in the analysis.

The government has been preserving its ability to use 18 U.S.C. § 2511(2)(f)

Over a series of IG Reports written by Glenn Fine, I honed in a memo that David Barron (the OLC head who, under Obama, played a similar role as John Yoo did for George Bush) wrote seemingly authorizing using 18 U.S.C. § 2511(2)(f) to get “international” data from telecoms provided voluntarily. In 2013, David Kris confirmed that that had been happening.

In March 2021 — so before he wrote the letter just declassified but after he was briefed by PCLOB on the report on the CIA dragnet — the Congressional Research Service wrote a report on 18 U.S.C. § 2511(2)(f) for Senator Wyden. It describes how it works as an exception to FISA and other criminal laws.

Accordingly, Section 2511(2)(f) identifies two broad categories of government activities that are exempt from Title III, the SCA, the Pen Register statute, and section 705 of the Communications Act of 1934:27 (1) the “acquisition by the United States Government of foreign intelligence information from international or foreign communications”; and (2) “foreign intelligence activities conducted in accordance with otherwise applicable Federal law involving a foreign electronic communications system.” These two categories are further qualified so that the exception only applies if: (3) the acquisition or the foreign intelligence activity is not “electronic surveillance” as defined under FISA; and (4) an “exclusivity” clause states that ECPA, the SCA, and FISA shall be the exclusive means by which electronic surveillance and the interception of domestic wire, oral, and electronic communications may be conducted. Each of these clauses is discussed in more detail below.

It describes that some things don’t count as an “acquisition” under FISA, such as something obtained from a telephone instrument being used in the ordinary course of business.

Therefore, some intelligence activities that qualify as “acquisitions” for purposes of Section 2511(2)(f) may not qualify as “electronic surveillance” under FISA because the acquisition is not accomplished through an electronic, mechanical, or other surveillance device. Although FISA does not define this phrase, ECPA provides a definition of “electronic, mechanical, or other device” to mean “any device or apparatus which can be used to intercept a wire, oral, or electronic communication.”46 However, this definition expressly excludes “any telephone or telegraph instrument, equipment or facility, or any component thereof” that is “being used by a provider of wire or electronic communication service in the ordinary course of its business.”47

This is the kind of language that was used to treat bulk metadata as a mere business record under Section 215 after the government stopped relying exclusively on voluntary production. The bulk telephony data of all Americans was just a business record.

The report written for Ron Wyden during the same period he was writing the now unclassified letter also notes that “exclusivity” only applies to “domestic” communications, not stuff acquired overseas.

The exclusivity clause is first directed at interception of domestic communications, which would not appear to be affected by the previous disclaimers regarding acquisition of foreign and international communications or foreign intelligence activities directed at foreign electronic communications systems.

In other words, if telephone companies want to voluntarily give the records they otherwise keep to the IC for the purpose of foreign intelligence, it fits in this loophole. And given the realities of telecommunication, a huge percentage of “domestic” communications can be obtained overseas.

In 2013, NYT reported that AT&T was providing CIA call records

In 2013, as a bunch of different dragnets were being disclosed while everyone was looking exclusively at Section 215 and right after Kris had confirmed this application of 18 U.S.C. § 2511(2)(f),  Charlie Savage described that the CIA had its own dragnet based on telephone records purchased from AT&T.

The C.I.A. is paying AT&T more than $10 million a year to assist with overseas counterterrorism investigations by exploiting the company’s vast database of phone records, which includes Americans’ international calls, according to government officials.

The cooperation is conducted under a voluntary contract, not under subpoenas or court orders compelling the company to participate, according to the officials. The C.I.A. supplies phone numbers of overseas terrorism suspects, and AT&T searches its database and provides records of calls that may help identify foreign associates, the officials said. The company has a huge archive of data on phone calls, both foreign and domestic, that were handled by its network equipment, not just those of its own customers.

Legally, this dragnet would fit solidly in the 18 U.S.C. § 2511(2)(f) loophole.

Obama’s codification of EO 12333 in his final days

Insanely, Obama finished the process of reconstituting the Stellar Wind program in his final days. He did so, I’ve been told, in an effort to put guidelines in place (for example, Loretta Lynch adopted rules that you couldn’t use EO 12333 data for political purposes, as if that would restrain Donald Trump). But I emphasized then precisely what Wyden and Heinrich are emphasizing now. There’s no oversight.

Which brings us to whether the EO sharing procedures, as released, might bind Trump anymore than EO 12333 bound Bush in 2001.

In general, the sharing procedures are not even as stringent as other surveillance documents from the Obama Administration. The utter lack of any reasonable oversight is best embodied, in my opinion, by the oversight built into the procedures. A key cog in that oversight is the Department of National Intelligence’s Privacy and Civil Liberties Officer — long inhabited by a guy, Alex Joel, who had no problem with Stellar Wind. That role will lead reviews of the implementation of this data sharing. In addition to DNI’s PCLO, NSA’s PCLO will have a review role, along with the General Counsels of the agencies in question, and in some limited areas (such as Attorney Client communications), so will DOJ’s National Security Division head.

What the oversight of these new sharing procedures does not include is any statutorily independent position, someone independently confirmed by the Senate who can decide what to investigate on her own. Notably, there is not a single reference to Inspectors General in these procedures, even where other surveillance programs rely heavily on IGs for oversight.

There is abundant reason to believe that the PATRIOT Act phone and Internet dragnets violated the restrictions imposed by the FISA Court for years in part because NSA’s IG’s suggestions were ignored, and it wasn’t until, in 2009, the FISC mandated NSA’s IG review the Internet dragnet that NSA’s GC “discovered” that every single record ingested under the program violated FISC’s rules after having not discovered that fact in 25 previous spot checks. In the past, then, internal oversight of surveillance has primarily come when IGs had the independence to actually review the programs.

Of course, there won’t be any FISC review here, so it’s not even clear whether explicit IG oversight of the sharing would be enough, but it would be far more than what the procedures require.

I’d add that the Privacy and Civil Liberties Oversight Board, which provided key insight into the Section 215 and 702 programs, also has no role — except that PCLOB is for all intents and purposes defunct at this point, and there’s no reason to believe it’ll become operational under Trump.

I guess I was wrong about PCLOB. It did get reconstituted, and seven years after the EO 12333 review started we’re getting dribbles about what it found!

And in fact if this whole discussion didn’t make me crabby, I’d point out details from the PCLOB report that suggest things aren’t as bad as I thought they’d get in 2017, when this dragnet was handed over to Donald Trump.

So I’m not entirely a pessimist!

PCLOB only has authority over counterterrorism programs

The only problem with being proven wrong about PCLOB, however, is even though there were efforts to expand its mandate during the Trump years, those efforts failed.

It can only look at counterterrorism programs.

So there could be a parallel program used for counterintelligence (indeed, the sharing rules make it quite clear there’s a CI purpose for it), and we’d never get oversight over it. So Wyden and Heinrich should be pushing to get a full briefing on the CI version of this, because it’s there, I would bet you a lot of money.

Anyway, if you want to find the CIA dragnet, you can look at my warnings over the last 9 years (or Charlie Savage’s report on it from 2013). Or you can look at the loophole that 18 U.S.C. § 2511(2)(f) creates, Ron Wyden was exploring closely when he was writing this letter. Another place you might look is AT&T’s earnings statements.

After Years of Squealing about “FISA Abuse,” Trump’s DNI Nominee Won’t Rule Out Warrantless Wiretapping

As I noted earlier, in his confirmation hearing to be Director of National Intelligence, John Ratcliffe made it crystal clear he will lie to protect Trump by stating that he believed Trump has always accurately conveyed the threat of COVID-19.

Ratcliffe made some other alarming comments. For example:

  • He repeatedly said that Russia had not changed any votes in 2016. The Intelligence Community did not review that issue and Ratcliffe has no basis to make that claim.
  • Ratcliffe also repeatedly refused to back SSCI’s unanimous conclusion that Russia intervened to help Trump.
  • He dodged when Warner asked him to promise to brief the committee even if Russia were trying to help Trump.
  • When asked whether he supported Inspectors General, Ratcliffe said that he supported Michael Horowitz when others attacked him but then suggested he disagreed with Horowitz’ “opinion,” making it clear he does not accept Horowitz’ conclusions that he found no evidence that bias affected the investigation into Trump’s flunkies.
  • Ratcliffe claimed he didn’t have enough information to address Michael Atkinson’s firing.
  • When Dianne Feinstein read his quotes about the Ukraine whistleblower to him, Ratcliffe pretended those quotes were about something they weren’t.
  • He might not provide intelligence on COVID-19 that showed how Trump blew it off.
  • He suggested that if only the IC had reviewed open source data, they might have warned of the dangers of COVID-19, which they did warn of using both OSINT and classified intelligence.
  • He refused to answer whether he thought there was a Deep State in the IC, and later suggested a few members of the IC were Deep State.
  • Ratcliffe refused to agree to release a report showing that Mohammed bin Salman had Jamal Khashoggi executed and chopped into bits, as required by last year’s Defense Authorization. He suggested that it might have been properly classified; as DNI, he would be the Original Classification Authority to make that decision.
  • He refused to answer clearly on whether Trump’s policies on North Korea and Iran have worked.
  • He later suggested he might not share intelligence if it were too sensitive, again ignoring that as OCA he gets to decide whether it’s really classified.
  • After saying he would appear for a Global Threats hearing, he then dodged when later asked whether he would appear before the committee generally.

Ratcliffe made several comments to make it clear he would side with expansive Unitary Executive interpretations holding that:

  • There are limits to whistleblower protection.
  • If torture were deemed legal it would okay to do it.
  • The executive can use warrantless wiretapping.

There were a few additional hints about stuff going on right now:

  • Mark Warner said that intelligence professionals have been pressured to limit information they share with Congress.
  • Warner also said that Ric Grenell was undermining the IC’s election security group.
  • Both Warner and Richard Burr seemed concerned that the DNI would not declassify their 1000-page Volume V of their Report on Russia’s 2016 election interference (I’m not sure whether this assess the Steele dossier or lays out whether and how Trump “colluded” during 2016).
  • Martin Heinrich made it clear that Grenell is reorganizing the IC, without any consultation or approval from Congress.

It’s not just unqualified, he’s a sycophant. But it seems like there’s so much that Grenell is already screwing up, Republicans on the committee, at least, prefer Ratcliffe.

Update: Here are Ratcliffe’s Questions for the Record. They’re particularly troubling on sharing with Congress.

He twice refused to say that he wouldn’t impose loyalty tests.

QUESTION 39: Personnel decisions can affect analytic integrity and objectivity. A. Would you consider an individual’s personal political preferences, to include “loyalty” to the President, in making a decision to hire, fire, or promote an individual?

Answer: Personnel decisions should be based on qualifications, skills, merit, and other standards which demonstrate the ability, dedication and integrity required to support the central IC mission of providing unvarnished intelligence to policymakers.

B. Do you commit to exclusively consider professional qualifications in IC personnel decisions, without consideration of partisan or political factors?

Answer: Personnel decisions should be based on qualifications, skills, merit, and other standards that demonstrate the ability, dedication and integrity required to support the central IC mission of providing unvarnished intelligence to policymakers.

He refused to promise to keep the Election Threats Executive Office open.

QUESTION 45: Would you commit to keep the Election Threats Executive Office in place to ensure continuity of efforts, and build on the successes of the 2018 midterms?

Answer: If confirmed, I will work with IC leaders and ODNI officials to ensure the IC is well-positioned to address the election security threats facing our Nation.

He refused to promise to notify Congress if Russia starts helping Trump again.

QUESTION 53: Do you commit to immediately notifying policymakers and the public of Russian attempts to meddle in U.S. democratic processes, to include our elections?

Answer: If confirmed, I would work with the Committee to accommodate its legitimate oversight needs while safeguarding the confidentiality interests of the Executive Branch, including the protection from unauthorized disclosure of classified intelligence sources and methods

He suggested he had no problem with Section 215 being used to access someone’s browsing records.

QUESTION 7: Do you believe that Section 215 of the USA PATRIOT Act should be used to collect Americans’ web browsing and internet search history? If yes, do you believe there are or should be any limitations to “digital tracking” of Americans without a warrant, in terms of length of time, the amount of information collected, or the nature of the information collected (e.g., whether particular kinds of websites raise special privacy concerns)?

Answer: I believe it is important for the Intelligence Community to use its authorities appropriately against valid intelligence targets. The amendments to Title V of FISA made by Section 215 of the USA PATRIOT Act expired on March 15, 2020 and, to date, have not been reauthorized.

Ratcliffe dodged several questions about whether FISA was exclusive means to collect

Extra-Statutory Collection

QUESTION 9: Title 50, section 1812 provides for exclusive means by which electronic surveillance and interception of certain communications may be conducted. Do you agree that this provision of law is binding on the President?

Answer: If confirmed, I would work with the Attorney General to ensure that IC activities are carried out in accordance with the Constitution and applicable federal law.

QUESTION 10: Do you believe that the intelligence surveillance and collection activities covered by FISA can be conducted outside the FISA framework? If yes, please specify which intelligence surveillance and collection activities, the limits (if any) on extra-statutory collection activities, and the legal authorities you believe would authorize those activities.

Answer: If confirmed, I would work with the Attorney General and the heads of IC elements, as well as the General Counsels throughout the IC, to ensure that intelligence activities are conducted in accordance with the Constitution and applicable federal law. As set forth in Section 112 of FISA, with limited exceptions, FISA constitutes the exclusive statutory means by which electronic surveillance, as defined in FISA, and the interception of domestic wire, oral, or electric communications for foreign intelligence purposes may be conducted.

QUESTION 11: What would you do if the IC was requested or directed to conduct such collection activities outside the FISA framework? Would you notify the full congressional intelligence activities?

Answer: Consistent with the requirements of the National Security Act, I would keep the congressional intelligence committees informed of the intelligence activities of the United States, including any illegal intelligence activities. As you know, not all intelligence activities are governed by FISA.

If confirmed, I would work with the Attorney General and the heads of IC elements, as well as the General Counsels throughout the IC, to ensure that intelligence activities are conducted in accordance with the Constitution and applicable federal law.

Senator Wyden asked a question about the IC purchasing stuff they otherwise would need a warrant for.

QUESTION 12: Do you believe the IC can purchase information related to U.S. persons if the compelled production of that information would be covered by FISA? If yes, what rules and guidelines would apply to the type and quantity of the information purchased and to the use, retention and dissemination of that information? Should the congressional intelligence committees be briefed on any such collection activities?

Answer: Elements of the IC are authorized to collect, retain, or disseminate information concerning U.S. persons only in accordance with procedures approved by the Attorney General. As you know, not all intelligence activities are governed by FISA, and it is my understanding that in appropriate circumstances elements of the IC may lawfully purchase information from the private sector in furtherance of their authorized missions. Nonetheless, any intelligence activity not governed by FISA would be regulated by the Attorney General-approved procedures that govern the intelligence activities of that IC element. Consistent with the requirements of the National Security Act, if confirmed, I would keep the congressional intelligence committees informed of the intelligence activities of the United States.

 

Trump Administration Still Gaming Intelligence on Election Interference

Last month, I tracked a disturbing exchange between Dan Coats and Martin Heinrich regarding whether any of the efforts to tamper with this year’s election succeeded.

At the Global Threats hearing on January 29, Heinrich asked Coats whether the committee was going to get the results of the assessment of whether any of the tampering had had an effect. A week later, DOJ and DHS issued a report saying “no harm no foul.” Then 10 days later, the entire Senate Intelligence Committee wrote Coats a letter asking for DNI’s findings.

That troubling exchange took place against another one, revealed in a letter sent yesterday from Heinrich, Ron Wyden, and Kamala Harris.

On September 26, 2018, Trump mucked up a UN meeting by claiming, without evidence, that China was tampering in the 2018 midterms. The Democratic Senators apparently asked Dan Coats about it, and he issued a classified response on October 31. During the same Global Threat Hearing where Heinrich raised the general assessment in open session, the Senators raised the China accusation in the closed session. In response, Coats sent a letter on February 8, basically covering for Trump.

As early as August, during a press conference, I stated that Russia was not the only country that had an interest in trying to influence our domestic political environment and that we knew others had the capability and may be considering influence activities. On October 19, 2018 and again on November 5, 2018 my office, in conjunction with the Federal Bureau of Investigation, Department of Justice, and Department of Homeland Security, released public statements detailing ongoing campaigns by Russia, China, and other foreign actors, including Iran, to influence public sentiment and government policies and undermine democratic institutions.

But that’s not what the Senators were getting at in their request. In yesterday’s letter, they noted,

The October 31, 2018, letter includes important information about the 2018 elections, as well as the 2016 elections, which your February 8, 2019 letter did not address.

That is, there’s something — apparently about both the 2018 and the 2016 elections — that Coats is hiding, information that surely would embarrass Trump.

And Coats isn’t giving it to us.

Given that just Democratic Senators are on the request (unlike the earlier request), this one seems to amount to Coats running partisan interference to prevent Trump from being embarrassed. Which, if true, would mean that the head of the Intelligence Community is using classification to hide the fact that the President is making bullshit claims about our elections.

Dan Coats Still Refusing to Provide the Evidence that Russia Didn’t Affect the Election

Last month, I noted a troubling exchange between Martin Heinrich, Dan Coats, and Richard Burr in the Global Threats Hearing.

Martin Heinrich then asked Coats why ODNI had not shared the report on election tampering even with the Senate Intelligence Committee.

Heinrich: Director Coats, I want to come back to you for a moment. Your office issued a statement recently announcing that you had submitted the intelligence community’s report assessing the threats to the 2018 mid-term elections to the President and to appropriate Executive Agencies. Our committee has not seen this report. And despite committee requests following the election that the ODNI brief the committee on any identified threats, it took ODNI two months to get a simple oral briefing and no written assessment has yet been provided. Can you explain to me why we haven’t been kept more fully and currently informed about those Russian activities in the 2018–

Chairman Richard Burr interrupts to say that, in fact, he and Vice Chair Mark Warner have seen the report.

Burr: Before you respond, let me just acknowledge to the members that the Vice Chairman and I have both been briefed on the report and it’s my understanding that the report at some point will be available.

Coats then gives a lame excuse about the deadlines, 45 days, then 45 days.

Coats: The process that we’re going through are two 45 day periods, one for the IC to assess whether there was anything that resulted in a change of the vote or anything with machines, uh, what the influence efforts were and so forth. So we collected all of that, and the second 45 days — which we then provided to the Chairman and Vice Chairman. And the second 45 days is with DHS looking, and DOJ, looking at whether there’s information enough there to take — to determine what kind of response they might take. We’re waiting for that final information to come in.

After Coats dodges his question about sharing the report with the Committee, Heinrich then turns to Burr to figure out when they’re going to get the information. Burr at least hints that the Executive might try to withhold this report, but it hasn’t gotten to that yet.

Heinrich: So the rest of us can look forward — so the rest of us can then look forward to reading the report?

Coats: I think we will be informing the Chairman and the Vice Chairman of that, of their decisions.

Heinrich: That’s not what I asked. Will the rest of the Committee have access to that report, Mr. Chairman?

[pause]

Heinrich: Chairman Burr?

Burr; Well, let me say to members we’re sort of in unchartered ground. But I make the same commitment I always do, that anything that the Vice Chairman and myself are exposed to, we’ll make every request to open the aperture so that all members will be able to read I think it’s vitally important, especially on this one, we’re not to a point where we’ve been denied or we’re not to a point that negotiations need to start. So it’s my hope that, once the final 45-day window is up that is a report that will be made available, probably to members only.

Coming as it did in a hearing where it became clear that Trump’s spooks are helpless in keeping Trump from pursuing policies that damage the country, this exchange got very little attention. But it should!

DOJ missed its 45 day plus 45 day deadline of reporting whether any election tampering had had an effect. But just by one day. The day after their deadline, the Big Dick Toilet Salesman Matt Whitaker and serial liar Kirstjen Nielsen gave Trump a report claiming that any tampering had not had any impact on the election.

Although the specific conclusions within the joint report must remain classified, the Departments have concluded there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political/campaign infrastructure used in the 2018 midterm elections for the United States Congress. This finding was informed by a report prepared by the Office of the Director of National Intelligence (ODNI) pursuant to the same Executive Order and is consistent with what was indicated by the U.S. government after the 2018 elections.

While the report remains classified, its findings will help drive future efforts to protect election and political/campaign infrastructure from foreign interference.

Then, today, CyberComm boasted that that they had helped deter Russia during the midterms.

Senators from both political parties on Thursday praised the military’s cyber force for helping secure last year’s midterm elections, with one suggesting it was largely due to U.S. Cyber Command that the Russians failed to affect the 2018 vote.

“Would it be fair to say that it is not a coincidence that this election went off without a hitch and the fact that you were actively involved in the protection of very important infrastructure?” Sen. Mike Rounds (R-S.D.) asked Gen. Paul Nakasone, the command’s leader, at a hearing of the Senate Armed Services Committee.

Military officials have said new authorities, approved over the last year, enabled CyberCom to be more aggressive — and effective — in what they privately say was an apparent success. Nakasone, who also heads the National Security Agency, stopped short of saying it was CyberCom that made the difference, telling Rounds that safeguarding the election was the agencies’ “number-one priority.”

But ODNI is still not providing SSCI — the people who are supposed to see such evidence — proof. Heinrich wrote Dan Coats a letter, signed by every member of SSCI,

Your office a statement in December that you had submitted the Intelligence Committee’s report assessing threats to the 2018 elections to the president and appropriate executive agencies. This month, the acting Attorney General and the Secretary of Homeland Security announced they had submitted their joint report evaluating the impact of any foreign interference on election infrastructure for the infrastructure of political organizations during the midterm elections.

While the agencies provided brief unclassified summaries of the reports’ findings, the Select Committee on Intelligence has not been provided either report. We request that you provide to all Committee Members and cleared staff both classified reports required by EO 13848 as soon as possible. Those reports are necessary for the Committee to meet its mission and charter to conduct vigorous oversight over the intelligence and intelligence-related activities of the United States Government.

They’re clearly hiding something. The question is whether it’s that Trump didn’t try to prevent tampering, or that some of the efforts — included the known effort to hack Claire McCaskill — actually did have an effect.

 

45 Days Plus 45 Days: Is Trump Violating His Own Election Tampering Executive Order?

As I noted last week, along with all the issues on which Trump’s top spooks clearly disagreed with him at last week’s Worldwide Threat Assessment hearing, there was also a remarkable exchange regarding a report mandated by a Trump Executive Order on election interference last year. Effectively, it became clear that Director of National Intelligence doesn’t want to brief the Intelligence Committee on whether Russia interfered with last year’s election.

Martin Heinrich: Director Coats, I want to come back to you for a moment. Your office issued a statement recently announcing that you had submitted the intelligence community’s report assessing the threats to the 2018 mid-term elections to the President and to appropriate Executive Agencies. Our committee has not seen this report. And despite committee requests following the election that the ODNI brief the committee on any identified threats, it took ODNI two months to get a simple oral briefing and no written assessment has yet been provided. Can you explain to me why we haven’t been kept more fully and currently informed about those Russian activities in the 2018–

Richard Burr: Before you respond, let me just acknowledge to the members that the Vice Chairman and I have both been briefed on the report and it’s my understanding that the report at some point will be available.

Dan Coats: The process that we’re going through are two 45 day periods, one for the IC to assess whether there was anything that resulted in a change of the vote or anything with machines, uh, what the influence efforts were and so forth. So we collected all of that, and the second 45 days — which we then provided to the Chairman and Vice Chairman. And the second 45 days is with DHS looking, and DOJ, looking at whether there’s information enough there to take — to determine what kind of response they might take. We’re waiting for that final information to come in.

Heinrich: So the rest of us can look forward — so the rest of us can then look forward to reading the report?

Coats: I think we will be informing the Chairman and the Vice Chairman of that, of their decisions.

Heinrich: That’s not what I asked. Will the rest of the Committee have access to that report, Mr. Chairman?

[pause]

Heinrich: Chairman Burr?

Burr; Well, let me say to members we’re sort of in unchartered ground. But I make the same commitment I always do, that anything that the Vice Chairman and myself are exposed to, we’ll make every request to open the aperture so that all members will be able to read I think it’s vitally important, especially on this one, we’re not to a point where we’ve been denied or we’re not to a point that negotiations need to start. So it’s my hope that, once the final 45-day window is up that is a report that will be made available, probably to members only.

The reporting requirements come from this language:

Section 1. (a) Not later than 45 days after the conclusion of a United States election, the Director of National Intelligence, in consultation with the heads of any other appropriate executive departments and agencies (agencies), shall conduct an assessment of any information indicating that a foreign government, or any person acting as an agent of or on behalf of a foreign government, has acted with the intent or purpose of interfering in that election. The assessment shall identify, to the maximum extent ascertainable, the nature of any foreign interference and any methods employed to execute it, the persons involved, and the foreign government or governments that authorized, directed, sponsored, or supported it. The Director of National Intelligence shall deliver this assessment and appropriate supporting information to the President, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, and the Secretary of Homeland Security.

(b) Within 45 days of receiving the assessment and information described in section 1(a) of this order, the Attorney General and the Secretary of Homeland Security, in consultation with the heads of any other appropriate agencies and, as appropriate, State and local officials, shall deliver to the President, the Secretary of State, the Secretary of the Treasury, and the Secretary of Defense a report evaluating, with respect to the United States election that is the subject of the assessment described in section 1(a):

(i) the extent to which any foreign interference that targeted election infrastructure materially affected the security or integrity of that infrastructure, the tabulation of votes, or the timely transmission of election results; and

(ii) if any foreign interference involved activities targeting the infrastructure of, or pertaining to, a political organization, campaign, or candidate, the extent to which such activities materially affected the security or integrity of that infrastructure, including by unauthorized access to, disclosure or threatened disclosure of, or alteration or falsification of, information or data.

The report shall identify any material issues of fact with respect to these matters that the Attorney General and the Secretary of Homeland Security are unable to evaluate or reach agreement on at the time the report is submitted. The report shall also include updates and recommendations, when appropriate, regarding remedial actions to be taken by the United States Government, other than the sanctions described in sections 2 and 3 of this order.

And if DOJ and Homeland Security do find someone tampered with the country, Trump’s own Executive Order requires harsh sanctions on the perpetrators.

Sec. 2. (a) All property and interests in property that are in the United States, that hereafter come within the United States, or that are or hereafter come within the possession or control of any United States person of the following persons are blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in: any foreign person determined by the Secretary of the Treasury, in consultation with the Secretary of State, the Attorney General, and the Secretary of Homeland Security:

(i) to have directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in a United States election;

(ii) to have materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, any activity described in subsection (a)(i) of this section or any person whose property and interests in property are blocked pursuant to this order; or

(iii) to be owned or controlled by, or to have acted or purported to act for or on behalf of, directly or indirectly, any person whose property or interests in property are blocked pursuant to this order.

The Executive Order was a transparent attempt to stave off similar language in the Intelligence Authorization last year.

Today is — by my count — the end of that second 45 day period (or 90 days total from the end of the election). So Trump’s Administration should be deciding today whether — just as one example — the Russian attempt to hack Claire McCaskill was more successful than she apparently knew and whether, according to his own Executive Order, Trump now has to impose sanctions on Russia for trying.

Last week’s report actually envisioned Russia attempting to manipulate data, which might explain the sensitivity around this report.

Russia’s social media efforts will continue to focus on aggravating social and racial tensions, undermining trust in authorities, and criticizing perceived anti-Russia politicians. Moscow may employ additional influence toolkits—such as spreading disinformation, conducting hack-and-leak operations, or manipulating data—in a more targeted fashion to influence US policy, actions, and elections.

Alternately, Trump’s Administration knows the Russians tried to help him again in the mid-term elections but doesn’t want to do what they’ve promised to do in response.

Update: Big Dick Toilet Salesman Matt Whitaker and DHS Secretary Kirstjen Nielsen say that Trump doesn’t have to sanction Russia for hacking Claire McCaskill and others last year because the report they won’t even share with the Senate Intelligence Committee says Russia’s tampering had no impact on the election.

Although the specific conclusions within the joint report must remain classified, the Departments have concluded there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political/campaign infrastructure used in the 2018 midterm elections for the United States Congress. This finding was informed by a report prepared by the Office of the Director of National Intelligence (ODNI) pursuant to the same Executive Order and is consistent with what was indicated by the U.S. government after the 2018 elections.

While the report remains classified, its findings will help drive future efforts to protect election and political/campaign infrastructure from foreign interference.

The Disinformation Campaign Targeting Mueller and the Delayed Briefing to SSCI on Russian Election Interference

A lot of people are reporting and misreporting details from this Mueller filing revealing that it had been the target of disinformation efforts starting in October.

1000 non-sensitive files leaked along with the file structure Mueller provided it with

To substantiate an argument that Concord Management should not be able to share with Yevgeniy Prigozhin the sensitive discovery that the government has shared with their trollish lawyers, Mueller revealed that on October 22, someone posted 1000 files turned over in discovery along with a bunch of other crap, partially nested within the file structure of the files turned over in discovery.

On October 22, 2018, the newly created Twitter account @HackingRedstone published the following tweet: “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller. You can view all the files Mueller had about the IRA and Russian collusion. Enjoy the reading!”1 The tweet also included a link to a webpage located on an online file-sharing portal. This webpage contained file folders with names and folder structures that are unique to the names and structures of materials (including tracking numbers assigned by the Special Counsel’s Office) produced by the government in discovery.2 The FBI’s initial review of the over 300,000 files from the website has found that the unique “hashtag” values of over 1,000 files on the website matched the hashtag values of files produced in discovery.3 Furthermore, the FBI’s ongoing review has found no evidence that U.S. government servers, including servers used by the Special Counsel’s Office, fell victim to any computer intrusion involving the discovery files.

1 On that same date, a reporter contacted the Special Counsel’s Office to advise that the reporter had received a direct message on Twitter from an individual who stated that they had received discovery material by hacking into a Russian legal company that had obtained discovery material from Reed Smith. The individual further stated that he or she was able to view and download the files from the Russian legal company’s database through a remote server.

2 For example, the file-sharing website contains a folder labeled “001-W773.” Within that folder was a folder labeled “Yahoo.” Within that folder was a folder labeled “return.” Within the “return” folder were several folders with the names of email addresses. In discovery in this case, the government produced a zip file named “Yahoo 773.” Within that zip file were search warrant returns for Yahoo email accounts. The names of the email accounts contained in that zip file were identical to the names of the email address folders within the “return” subfolder on the webpage. The webpage contained numerous other examples of similarities between the structure of the discovery and the names and structures of the file folders on the webpage. The file names and structure of the material produced by the government in discovery are not a matter of public record. At the same time, some folders contained within the Redstone Hacking release have naming conventions that do not appear in the government’s discovery production but appear to have been applied in the course of uploading the government’s production. For example, the “001- W773” folder appears within a folder labeled “REL001,” which is not a folder found within the government’s production. The naming convention of folder “REL001” suggests that the contents of the folder came from a production managed on Relativity, a software platform for managing document review. Neither the Special Counsel’s Office nor the U.S. Attorney’s Office used Relativity to produce discovery in this case. [my emphasis]

It sounds like Mueller’s office found out about it when being contacted by the journalist who had been alerted to the content on Twitter.

But before Mueller asked Concord’s trollish lawyers about it, the defense attorneys — citing media contacts they themselves had received — contacted prosecutors to offer a bullshit excuse about where the files came from.

On October 23, 2018, the day after the tweet quoted above, defense counsel contacted the government to advise that defense counsel had received media inquiries from journalists claiming they had been offered “hacked discovery materials from our case.” Defense counsel advised that the vendor hired by the defense reported no unauthorized access to the non-sensitive discovery. Defense counsel concluded, “I think it is a scam peddling the stuff that was hacked and dumped many years ago by Shaltai Boltai,” referencing a purported hack of Concord’s computer systems that occurred in approximately 2014. That hypothesis is not consistent with the fact that actual discovery materials from this case existed on the site, and that many of the file names and file structures on the webpage reflected file names and file structures from the discovery production in this case.

Without any hint of accusation against the defense attorneys (though this motion is accompanied by an ex parte one, so who knows if they offered further explanation there), Mueller notes any sharing of this information for disinformation purposes would violate the protective order in the case.

As stated previously, these facts establish a use of the non-sensitive discovery in this case in a manner inconsistent with the terms of the protective order. The order states that discovery may be used by defense counsel “solely in connection with the defense of this criminal case, and for no other purpose, and in connection with no other proceeding, without further order of this Court,” Dkt. No. 42-1, ¶ 1, and that “authorized persons shall not copy or reproduce the materials except in order to provide copies of the materials for use in connection with this case by defense counsel and authorized persons,” id. ¶ 3. The use of the file names and file structure of the discovery to create a webpage intended to discredit the investigation in this case described above shows that the discovery was reproduced for a purpose other than the defense of the case.

Update: Thursday evening, Mueller submitted another version of this clarifying that the @HackingRedstone tweets alerting journalists to the document dump were DMs, and so not public (or visible to the defense). The first public tweet publicizing the dump came on October 30, so even closer to the election.

Shortly after the government filed, defense counsel drew the government’s attention to the following sentence, which appears on page nine of the filing: “On October 22, 2018, the newly created Twitter account @HackingRedstone published the following tweet: ‘We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller. You can view all the files Mueller had about the IRA and Russian collusion. Enjoy the reading!’” Defense counsel pointed out that this sentence could be read to suggest that the Twitter account broadcast a publicly-available “tweet” on October 22. In fact, the Twitter account @HackingRedstone began sending multiple private direct messages to members of the media promoting a link to the online file-sharing webpage using Twitter on October 22. The content of those direct messages was consistent with, but more expansive than, the quoted tweet to the general public, which was issued on October 30. By separate filing, the government will move to file under seal the text of the direct messages. The online file sharing webpage was publicly accessible at least starting on October 22.

I’m not sure it makes the defense response any more or less suspect. But it does tie the disinformation even more closely with the election.

The Mueller disinformation was part of a month-long election season campaign

This thread, from one of the journalists who was offered the information, put it all in context back on November 7, the day after the election.

The thread shows how the release of the Mueller-related files was part of a month-long effort to seed a claim that the Internet Research Agency had succeeded in affecting the election.

Update: This story provides more background.

Other signs of the ongoing investigation into Yevgeniy Prigozhin’s trolls

Given how the Mueller disinformation functioned as part of that month-long, election oriented campaign, I’m more interested in this passage from the Mueller investigation than that the investigation had been targeted. Mueller argues that they shouldn’t have to share the sensitive discovery with Yevgeniy Prigozhin because the sensitive discovery mentions uncharged individuals who are still trying to fuck with our elections.

First, the sensitive discovery identifies uncharged individuals and entities that the government believes are continuing to engage in operations that interfere with lawful U.S. government functions like those activities charged in the indictment.

To be sure, we knew the investigation into Prigozhin’s trolls was ongoing. On October 19, just days before these files got dropped, DOJ unsealed an EDVA complaint, which had been filed under seal on September 28, against Prigozhin’s accountant, Alekseevna Khusyaynova. Along with showing Prigozhin’s trolls responding to the original Internet Research Agency indictment last February, it showed IRA’s ongoing troll efforts through at least June of last year.

Then, in December, Concord insinuated that Mueller prosecutor Rush Atkinson had obtained information via the firewall counsel and taken an investigative step on that information back on August 30.

On August 23, 2018, in connection with a request (“Concord’s Request”) made pursuant to the Protective Order entered by the Court, Dkt. No. 42-1, Concord provided confidential information to Firewall Counsel. The Court was made aware of the nature of this information in the sealed portion of Concord’s Motion for Leave to Respond to the Government’s Supplemental Briefing Relating to Defendant’s Motion to Dismiss the Indictment, filed on October 22, 2018. Dkt. No. 70-4 (Concord’s “Motion for Leave”). Seven days after Concord’s Request, on August 30, 2018, Assistant Special Counsel L. Rush Atkinson took investigative action on the exact same information Concord provided to Firewall Counsel. Undersigned counsel learned about this on October 4, 2018, based on discovery provided by the Special Counsel’s Office. Immediately upon identifying this remarkable coincidence, on October 5, 2018, undersigned counsel requested an explanation from the Special Counsel’s Office, copying Firewall Counsel on the e-mail.

[snip]

Having received no further explanation or information from the government, undersigned counsel raised this issue with the Court in a filing made on October 22, 2018 in connection with the then-pending Motion to Dismiss. In response to questions from the Court, Firewall Counsel denied having any communication with the Special Counsel’s Office.

This was a bid to obtain live grand jury investigative information, one that failed earlier this month after Mueller explained under seal how his prosecutors had obtained this information and Dabney Friedrich denied the request.

What this filing, in conjunction with Josh Russell’s explanatory Twitter thread, reveals is that the Mueller disinformation effort was part of a disinformation campaign targeted at the election.

Dan Coats doesn’t want to share the report on Russian election tampering with SSCI

And I find that interesting because of a disturbing exchange in a very disturbing Global Threats hearing the other day. After getting both Director of National Intelligence Dan Coats and FBI Director Christopher Wray to offer excuses for White House decisions to given security risks like Jared Kushner security clearance, Martin Heinrich then asked Coats why ODNI had not shared the report on election tampering even with the Senate Intelligence Committee.

Heinrich: Director Coats, I want to come back to you for a moment. Your office issued a statement recently announcing that you had submitted the intelligence community’s report assessing the threats to the 2018 mid-term elections to the President and to appropriate Executive Agencies. Our committee has not seen this report. And despite committee requests following the election that the ODNI brief the committee on any identified threats, it took ODNI two months to get a simple oral briefing and no written assessment has yet been provided. Can you explain to me why we haven’t been kept more fully and currently informed about those Russian activities in the 2018–

Chairman Richard Burr interrupts to say that, in fact, he and Vice Chair Mark Warner have seen the report.

Burr: Before you respond, let me just acknowledge to the members that the Vice Chairman and I have both been briefed on the report and it’s my understanding that the report at some point will be available.

Coats then gives a lame excuse about the deadlines, 45 days, then 45 days.

Coats: The process that we’re going through are two 45 day periods, one for the IC to assess whether there was anything that resulted in a change of the vote or anything with machines, uh, what the influence efforts were and so forth. So we collected all of that, and the second 45 days — which we then provided to the Chairman and Vice Chairman. And the second 45 days is with DHS looking, and DOJ, looking at whether there’s information enough there to take — to determine what kind of response they might take. We’re waiting for that final information to come in.

After Coats dodges his question about sharing the report with the Committee, Heinrich then turns to Burr to figure out when they’re going to get the information. Burr at least hints that the Executive might try to withhold this report, but it hasn’t gotten to that yet.

Heinrich: So the rest of us can look forward — so the rest of us can then look forward to reading the report?

Coats: I think we will be informing the Chairman and the Vice Chairman of that, of their decisions.

Heinrich: That’s not what I asked. Will the rest of the Committee have access to that report, Mr. Chairman?

[pause]

Heinrich: Chairman Burr?

Burr; Well, let me say to members we’re sort of in unchartered ground. But I make the same commitment I always do, that anything that the Vice Chairman and myself are exposed to, we’ll make every request to open the aperture so that all members will be able to read I think it’s vitally important, especially on this one, we’re not to a point where we’ve been denied or we’re not to a point that negotiations need to start. So it’s my hope that, once the final 45-day window is up that is a report that will be made available, probably to members only.

Coming as it did in a hearing where it became clear that Trump’s spooks are helpless in keeping Trump from pursuing policies that damage the country, this exchange got very little attention. But it should!

The Executive Branch by law has to report certain things to the Intelligence Committees. This report was mandated by Executive Order under threat of legislation mandating it.

And while Coats’ comment about DOJ, “looking at whether there’s information enough there to take — to determine what kind of response they might take,” suggests part of the sensitivity about this report stems from a delay to provide DOJ time to decide whether they’ll take prosecutorial action against what they saw in the election, the suggestion that only members of the committee (not staffers and not other members of Congress) will ever get the final report, as well as the suggestion that Coats might even fight that, put this report on a level of sensitivity that matches covert actions, the most sensitive information that get shared with Congress.

Maybe the Russians did have an effect on the election?

In any case, going back to the Mueller disinformation effort, that feels like very familiar dick-wagging, an effort to make key entities in the US feel vulnerable to Russian compromise. Mueller sounds pretty sure it was not a successful compromise (that is, the data came from Concord’s lawyers, not Mueller).

But if the disinformation was part an effort to boast that Putin’s allies had successfully tampered with the vote — particularly if Russia really succeeded in doing so — it might explain why this report is being treated with the sensitivity of the torture or illegal spying program.

Update: I’ve corrected this to note that in the end the Intelligence Authorization did not mandate this report, as was originally intended; Trump staved that requirement off with an Executive Order. Still, that still makes this look like an attempt to avoid admitting to Congress that your buddy Putin continues to tamper in US elections.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

2018 Senate Intelligence Global Threat Hearing Takeaways

Today was the annual Senate Intelligence Committee Global Threat Hearing, traditionally the hearing where Ron Wyden gets an Agency head to lie on the record.

That didn’t happen this time.

Instead, Wyden gave FBI Director Christopher Wray the opportunity to lay out the warnings the FBI had given the White House about Rob Porter’s spousal abuse problems, which should have led to Porter’s termination or at least loss of access to classified information.

The FBI submitted a partial report on the investigation in question in March. And then a completed background investigation in late July. That, soon thereafter, we received request for follow-up inquiry. And we did that follow-up and provided that information in November. Then we administratively closed the file in January. And then earlier this month we received some additional information and we passed that on as well.

That, of course, is the big takeaway the press got from the hearing.

A follow-up from Martin Heinrich shortly after Wyden’s question suggested he had reason to know of similar “areas of concern” involving Jared Kushner (which, considering the President’s son-in-law is under investigation in the Russian investigation, is not that surprising). Wray deferred that answer to closed session, so the committee will presumably learn some details of Kushner’s clearance woes by the end of the day.

Wray twice described the increasing reliance on “non-traditional collectors” in spying against the US, the second time in response to a Marco Rubio question about the role of Chinese graduate students in universities. Rubio thought the risk was from the Confucius centers that China uses to spin Chinese culture in universities. But not only did Wray say universities are showing less enthusiasm for Confucius centers of late, but made it clear he was talking about “professors, scientists, and students.” This is one of the reasons I keep pointing to the disproportionate impact of Section 702 on Chinese-Americans, because of this focus on academics from the FBI.

Susan Collins asked Mike Pompeo about the reports in The Intercept and NYT on CIA’s attempts to buy back Shadow Brokers tools. Pompeo claimed that James Risen and Matt Rosenberg were “swindled” when they got proffered the story, but along the way confirmed that the CIA was trying to buy stuff that “might have been stolen from the US government,” but that “it was unrelated to this idea of kompromat that appears in each of those two articles.” That’s actually a confirmation of the stories, not a refutation of them.

There was a fascinating exchange between Pompeo and Angus King, after the latter complained that, “until we have some deterrent capacity we are going to continue to be attacked” and then said right now there are now repercussions for Russia’s attack on the US.

Pompeo: I can’t say much in this setting I would argue that your statement that we have done nothing does not reflect the responses that, frankly, some of us at this table have engaged in or that this government has been engaged in both before and after, excuse me, both during and before this Administration.

King: But deterrence doesn’t work unless the other side knows it. The Doomsday Machine in Dr. Strangelove didn’t work because the Russians hadn’t told us about it.

Pompeo: It’s true. It’s important that the adversary know. It is not a requirement that the whole world know it.

King: And the adversary does know it, in your view?

Pompeo: I’d prefer to save that for another forum.

Pompeo later interjected himself into a Kamala Harris discussion about the Trump Administration’s refusal to impose sanctions by suggesting that the issue is Russia’s response to cumulative responses. He definitely went to some effort to spin the Administration’s response to Russia as more credible than it looks.

Tom Cotton made two comments about the dossier that Director Wray deferred answering to closed session.

First, he asked about Christopher Steele’s ties to Oleg Deripaska, something I first raised here and laid out in more detail in this Chuck Grassley letter to Deripaska’s British lawyer Paul Hauser. When Cotton asked if Steele worked for Deripaska, Wray said, “that’s not something I can answer.” When asked if they could discuss it in a classified setting, Wray said, “there might be more we could say there.”

Cotton then asked if the FBI position on the Steele dossier remains that it is “salacious and unverified” as he (misleadingly) quoted Comey as saying last year. Wray responded, “I think there’s maybe more we can talk about this afternoon on that.” It’s an interesting answer given that, in Chuck Grassley’s January 4 referral, he describes a “lack of corroboration for [Steele’s dossier] claims, at least at the time they were included in the FISA applications,” suggesting that Grassley might know of corroboration since. Yet in an interview by the even better informed Mark Warner published 25 days later, Warner mused that “so little of that dossier has either been fully proven or conversely, disproven.” Yesterday, FP reported that BuzzFeed had hired a former FBI cybersecurity official Anthony Ferrante to try to chase down the dossier in support of the Webzilla and Alfa bank suits against the outlet, so it’s possible that focused attention (and subpoena power tied to the lawsuit) may have netted some confirmation.

Finally, Richard Burr ended the hearing by describing what the committee was doing with regards to the Russian investigation. He (and Warner) described an effort to bring out an overview on ways to make elections more secure. But Burr also explained that SSCI will release a review of the ICA report on the 2016 hacks.

In addition to that, our review of the ICA, the Intel Committee Assessment, which was done in the F–December of 06, 16–we have reviewed in great detail, and we hope to report on what we found to support the findings where it’s appropriate, to be critical if in fact we found areas where we found came up short. We intend to make that public. Overview to begin with, none of this would be without a declassification process but we will have a public version as quickly as we can.

Finally, in the last dregs of the hearing, Burr suggested they would report on who colluded during the election.

We will continue to work towards conclusions  on any cooperation or collusion by any individual, campaign, or company with efforts to influence elections or create societal chaos in the United States.

My impression during the hearing was that this might refer to Cambridge Analytica, which tried to help Wikileaks organize hacked emails — and it might well refer to that. But I wonder if there’s not another company he has in mind.

Eleven (or Thirteen) Senators Are Cool with Using Section 702 to Spy on Americans

The Senate Intelligence Committee report on its version of Section 702 “reform” is out. It makes it clear that my concerns raised here and here are merited.

In this post, I’ll examine what the report — particularly taken in conjunction with the Wyden-Paul reform — reveals about the use of Section 702 for domestic spying.

The first clue is Senator Wyden’s effort to prohibit collection of domestic communications — the issue about which he and Director of National Intelligence Dan Coats have been fighting about since June.

By a vote of four ayes to eleven noes, the Committee rejected an amendment by Senator Wyden that would have prohibited acquisition under Section 702 of communications known to be entirely domestic under authority to target certain persons outside of the United States. The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—aye; Senator Wyden—aye; Senator Heinrich— aye; Senator King—no; Senator Manchin—no; and Senator Harris—aye.

It tells us that the government collects entirely domestic communications, a practice that Wyden tried to prohibit in his own bill, which added this language to Section 702.

(F) may not acquire communications known to be entirely domestic;

This would effectively close the 2014 exception, which permitted the NSA to continue to collect on a facility even after it had identified that Americans also used it. As I have explained is used to collect Tor (and probably VPN) traffic to obtain foreigners’ data. I suspect that detail is what Wyden had in mind when, in his comments in the report, he said the report itself “omit[s] key information about the scope of authorities granted the government” (though there are likely other things this report hides).

I have concerns about this report. By omitting key information about the scope of authorities granted the government, the Committee is itself contributing to the continuing corrosive problem of secret law

As the bill report lays out, Senators Burr, Risch, Rubio, Collins, Blunt, Lankford, Cotton, Cornyn, Warner, King, and Manchin are all cool using a foreign surveillance program to spy on their constituents, especially given that Burr has hidden precisely the impact of that spying in this report.

Any bets on whether they might have voted differently if we all got to know what kind of spying on us this bill authorized.

That, of course, is only eleven senators who are cool with treating their constituents (or at least those using location obscuring techniques) like foreigners.

But I’m throwing Feinstein and Harris in with that group, because they voted against a Wyden amendment that would have limited how the government could use 702 collected data in investigations.

By a vote of two ayes to thirteen noes, the Committee rejected an amendment by Senator Wyden that would have imposed further restrictions on use of Section 702-derived information in investigations and legal proceedings. The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—no; Senator Wyden— aye; Senator Heinrich—aye; Senator King—no; Senator Manchin— no; and Senator Harris—no.

While we don’t have the language of this amendment, I assume it does what this language in Wyden’s bill does, which is to limit the use of Section 702 data for purposes laid out in the known certificates (foreign government including nation-state hacking, counterproliferation, and counterterrorism — though this language makes me wonder if there’s a Critical Infrastructure certificate or whether it only depends on the permission to do so in the FBI minimization procedures, and the force protection language reminds me of the concerns raised by a recent HRW FOIA permitting the use of 12333 language to do so).

(B) in a proceeding or investigation in which the information is directly related to and necessary to address a specific threat of—

(i) terrorism (as defined in clauses (i) through (iii) of section 2332(g)(5)(B) of title 18, United States Code);

(ii) espionage (as used in chapter 37 of title 18, United States Code);

(iii) proliferation or use of a weapon of mass destruction (as defined in section 2332a(c) of title 18, United States Code);

(iv) a cybersecurity threat from a foreign country;

(v) incapacitation or destruction of critical infrastructure (as defined in section 1016(e) of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (42 U.S.C. 5195c(e))); or

(vi) a threat to the armed forces of the United States or an ally of the United States or to other personnel of the United States Government or a government of an ally of the United States.

Compare this list with the one included in the bill, which codifies the use of 702 data for issues that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

[snip]

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

The bill report’s description of this section makes it clear that — in spite of its use of the word “restriction,” — this is really about providing affirmative “permission.”

Section 6 provides restrictions on the Federal Bureau of Investigation’s (FBI’s) use of Section 702-derived information, so that the FBI can use the information as evidence only in court proceedings [my emphasis]

That is, Wyden would restrict the use of 702 data to purposes the FISC has affirmatively approved, rather than the list of 702 purposes expanded to include the most problematic uses of Tor: all hacking, dark markets, and child porn.

So while Feinstein and Harris voted against the use of 702 to collect known domestic communications, they’re still okay using domestic Tor commuincations they say they don’t want to let NSA collect to prosecute Americans (which is actually not surprising given their past actions on sex workers).

Again, they’re counting on the fact that the bill report is written such that their constituents won’t know that this is going on. Unless they read me.

Look, I get the need to collect on Tor traffic to go after its worst uses. But if you’re going to do that, stop pretending this is a foreign surveillance bill, and instead either call it a secret court bill (one that effectively evades warrant requirements for all Tor wiretapping in this country), or admit you’re doing that collection and put review of it back into criminal courts where it belongs.

[Photo: National Security Agency via Wikimedia]

If a Tech Amicus Falls in the Woods but Rosemary Collyer Ignores It, Would It Matter?

Six senators (Ron Wyden, Pat Leahy, Al Franken, Martin Heinrich, Richard Blumenthal, and Mike Lee) have just written presiding FISA Court judge Rosemary Collyer, urging her to add a tech amicus — or even better, a full time technical staffer — to the FISA Court.

The letter makes no mention of Collyer’s recent consideration of the 702 reauthorization certificates, nor even of any specific questions the tech amicus might consider.

That’s unfortunate. In my opinion, the letter entirely dodges the real underlying issue, at least as it pertains to Collyer, which is her unwillingness to adequately challenge or review Executive branch assertions.

In her opinion reauthorizing Section 702, Collyer apparently never once considered appointing an amicus, even a legal one (who, under the USA Freedom structure, could have suggested bringing in a technical expert). She refused to do so in a reconsideration process that — because of persistent problems arising from technical issues — stretched over seven months.

I argued then that that means Collyer broke the law, violating USA Freedom Act’s requirement that the FISC at least consider appointing an amicus on matters raising novel or significant issues and, if choosing not to do so, explain that decision.

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Without even considering an amicus, Collyer for the first time affirmatively approved the back door searches of content she knows will include entirely domestic communications, effectively affirmatively permitting the NSA to conduct warrantless searches of entirely domestic communications, and with those searches to use FISA for domestic surveillance. In approving those back door searches, Collyer did not conduct her own Fourth Amendment review of the practice.

Moreover, she adopted a claimed fix to a persistent problem — the collection of domestic communications via packet sniffing — without showing any inkling of testing whether the fix accomplished what it needed to. Significantly, in spite of 13 years of problems with packet sniffing collection under FISA, the court still has no public definition about where in a packet metadata ends and content begins, making her “abouts” fix — a fix that prohibits content sniffing without defining content — problematic at best.

I absolutely agree with these senators that the FISC should have its own technical experts.

But in Collyer’s case, the problem is larger than that. Collyer simply blew off USA Freedom Act’s obligation to consider an amicus entirely. Had she appointed Marc Zwillinger, I’m confident he would have raised concerns about the definition of content (as he did when he served as amicus on a PRTT application), whether or not he persuaded her to bring in a technical expert to further lay out the problems.

Collyer never availed herself of the expertise of Zwillinger or any other independent entity, though. And she did so in defiance of the intent of Congress, that she at least explain why she felt she didn’t need such outside expertise.

And she did so in an opinion that made it all too clear she really, really needed that help.

In my opinion, Collyer badly screwed up this year’s reauthorization certificates, kicking the problems created by upstream collection down the road, to remain a persistent FISA problem for years to come. But she did so by blowing off the clear requirement of law, not because she didn’t have technical expertise to rely on (though the technical expertise is probably necessary to finally resolve the issues raised by packet sniffing).

Yet no one but me — not even privacy advocates testifying before Congress — want to call her out for that.

Congress already told the FISA court they “shall” ask for help if they need it. Collyer demonstrably needed that help but refused to consider using it. That’s the real problem here.

I agree with these senators that FISC badly needs its own technical experts. But a technical amicus will do no good if, as Collyer did, a FISC judge fails to consult her amici.

Seven Democrats Write Obama Asking Him to Declassify More Information on Russian Involvement in the Election

Ron Wyden, five other Democrats, and Dem caucusing Independent Angus King just wrote Obama a cryptic letter. The entire body of the letter reads:

We believe there is additional information concerning the Russian Government and the U.S. election that should be declassified and released to the public. We are conveying specifics through classified channels.

Thank you for your attention to this important matter.

Aside from the fact that this suggests (as Wyden’s cryptic letters always d0) there is something meaty that we really ought to know, I find the list of signers rather curious. In addition to Wyden, the following Senators signed the letter:

  • Jack Reed
  • Mark Warner
  • Barb Mikulski
  • Martin Heinrich
  • Angus King
  • Mazie Hirono

That is, every Democratic SSCI member except current Chair Dianne Feinstein, plus Senate Armed Services Chair Jack Reed, signed the letter. So every Democrat except DiFi and Majority Leader Harry Reid signed the letter, suggesting it is something that got briefed to the full Senate Intelligence Committee as well as the Ranking Members of SASC (the latter of which suggests NSA or CYBERCOM may be involved).

I’m as interested in the fact that DiFi and Reid didn’t sign as that the others did sign. It can’t be that Reid is retiring and DiFi is heading to SJC (it’s still unclear whether she’ll remain on SSCI or not). After all, Mikulski is retiring as well.

Plus, Harry Reid wrote a far more explicit letter last month to Jim Comey — apparently following up on a non-public letter send months earlier — alluding to direct coordination between Trump and Russia.

In my communications with you and other top officials in the national security community, it has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government – a foreign interest openly hostile to the United States, which Trump praises at every opportunity. The public has a right to know this information. I wrote to you months ago calling for this information to be released to the public. There is no danger to American interests from releasing it. And yet, you continue to resist calls to inform the public of this critical information.

Finally, what to make of the fact that not even John McCain signed onto this letter? Reed’s inclusion makes it clear that McCain, too, must have been briefed. He has been outspoken about Trump’s moves to cozy up to Putin. If he has seen — and objects to — such coordination, why not sign onto this letter and give it the patina of bipartisanship?