Posts

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

FISC Rules that [Redacted] Is Not Subject to FISA 702 for One of Its Services

Last week ODNI declassified two FISA Court opinions pertaining to Section 702. The first was a 2022 FISA Court opinion (which dates to sometime after April 2022 orders were signed) written by Presiding Judge Rudolph Contreras. The second is a 2023 per curiam opinion (David Sentelle, Robert Miller, and Stephen Higginson) affirming the original Contreras one.

While the exact details of the appeal are heavily redacted, it’s clear that the opinion pertains to the definition of Electronic Communications Service Provider under the law. As a reminder, under 702, the government can given a US-based ESCP a “directive” ordering not just content, but also technical assistance. In general, such directives apply to both data in motion (so telecoms) and data at rest (so cloud providers).

One thing the opinions make clear is that the service provider provided at least two categories of service. The service provider seemed to only challenge one of those two categories of service and willingly accept directives for another. The FISCR opinion lays out that the definition of ECSP must be applied on a service to service basis.

A reexamination of subparagraphs (A), (B) and (C) confirms that it is the service being rendered-and nothing else about the provider-that is the crux of each definition. For “provider of electronic communication service,” and “provider of remote computing service,” only the specified communication service is statutorily defined. See 50 U.S.C. § 1881 (b )( 4 )(B) (relying on the definition of “electronic communication service” at 18 U .S.C. § 2510(15) to delineate providers of such); 50U.S.C.§1881(b)(4)(C) (relying on the definition of “remote computing service” at 18 U.S.C. § 2711 to delineate providers of such). Although the term “telecommunications carrier” is itself statutorily defined, that definition similarly relies on the definition of “telecommunications services,” except for one exclusion. See 47 U.S.C. § 153( 51) (‘” [T]elecommunications carrier’ means any provider of telecommunications services, except that such term does not include aggregators of telecommunications services . … “); 47 U .S.C. § 153(53) ( defining “telecommunications service”).

[snip]

What matters is the service that is being provided at a particular time (or as to a particular piece of electronic communication at a particular time), rather than … the service provider itself.” (internal quotations omitted)).

The issue, for the second service, seems to pertain to whether the service provider had access to the comms in question — whether in motion or at rest; such a dispute may be a question of encrypted communications to which the provider did not have access.

Contreras’ opinion treats each type of ECSP, data in motion and then data at rest, to determine that for the service in question (but not for others the service provider offers) it is not a an ECSP under Section 702.

Notably, a key part of the first part of Contreras’ analysis (on data in motion) relies on two opinions about cell phones.

see also Garcia v. City of Laredo, 702 F.3d 788, 793 (5th Cir. 2012) (a cell phone “does not provide an electronic communication service just because the device enables use of electronic communication services” ( emphasis in original); Loughnane v. Zukowski, Rogers, Flood & McArdle, No. 19 C 86, 2021 WL 1057278 at *4 (N.D. Ill. Mar. 18, 2021) (“a smartphone … does not provide the end-user the ability to send or receive wire or electronic communications;” it “merely enables the end-user to employ a wire or electronic communication service . . . which in turn provides [that] ability”) (emphasis in original). 15

And a later passages also pertains to personal devices.

Nonetheless, most courts have found that personal devices used to access web-based email services or similar communication platforms are not facilities through which an ECS is provided. 18

Under the second part of his analysis, Contreras focused on whether the service provider had access to communications (again, a discussion that might be consistent with encryption). In that section, there’s this curious discussion of the June 2021 Van Buren decision that limited the application of the Computer Fraud and Abuse Act, which pivoted on authority to access.

Van Buren interpreted a statutory provision that describes the elements of a crime. It is natural for “access” in that context to be confined to (wrongfully) entering a computer system or parts thereof. It would not sensibly extend to the opportunity or ability to enter a system, without actually doing so, just as it would not make sense for a passerby to be liable for trespass because he walked by an open door without going in. But it strikes the Court that, in other, even computer-related contexts, “access” could be used as a noun (as it is in Section 701(b)(4)(D)) to refer to the ability or opportunity to enter: “Frank has access to the database but be has not logged into it yet.”

FISCR likewise invoked the definition of access under Van Buren.

Context reinforces this understanding. See, e.g., Van Buren v. United States, 141 S. Ct. 1648, 1657- 58 (2021) (“When interpreting statutes, courts take note of terms that carry ‘technical meaning[s]. “‘). In Van Buren, the Supreme Court observed that ‘” [ a ]ccess’ is one such term, long can-ying a ‘well established’ meaning in the ‘ computational sense’- a meaning that matters when interpreting a statute about computers.” Id. at 1657 ( citation omitted).

Close to the end of the FISCR opinion, it seems to definitively define ECSP based on this access principle.

If an entity does not provide a communication service through which it has “access to wire or electronic communications either as such communications are transmitted or as such communications are stored;’ 50 U.S.C. § 188l(b)(4)(D), it is not an ECSP as defined by subparagraph (D), [half paragraph]

Then, FISCR notes that 702 is up for reauthorization this year, so if the government doesn’t like this principle, it can go ask Congress to change it.

Some company successfully argued that if they don’t have access to your data, they can’t be compelled to provide US spooks assistance to get to it.

Did Steven D’Antuono Make It Easier for Trump to Steal 47 Classified Documents?

There are two things that are not mentioned in this long explanation of how the FBI refused, for months, to treat Donald Trump like anyone else suspected of hoarding highly classified information.

First, WaPo doesn’t mention that Trump got an injunction that lasted from shortly after the search, September 5, until December 12, over three weeks after Jack Smith was appointed.

Because the WaPo doesn’t mention that fact — doesn’t mention that DOJ was prevented from using classified evidence to investigate Trump’s crimes for several weeks in September, doesn’t mention that DOJ was prevented from using unclassified evidence to investigate Trump’s crimes for 98 days — WaPo envisions any damage FBI did by resisting taking investigative steps against Trump as a shortening of the time when DOJ could charge Trump.

Some inside the probe argued the infighting delayed the search by months, ultimately reducing the time prosecutors had to reach a decision on possible charges. Others contend the discussions were necessary to ensure the investigation proceeded on the surest footing, enabling officials to gather more evidence before they executed the search, people familiar with the dynamics said.

In November, before prosecutors had finished their work and decided whether to charge Trump or anyone else, he announced his campaign to retake the White House in 2024, leading Garland to appoint a special counsel, Jack Smith, to complete the investigation.

[snip]

Meanwhile, in late October, amid news reports that Trump was looking to soon announce another bid for the presidency, Garland told aides he was seriously contemplating appointing a special counsel to take over the investigation, as well as a separate criminal probe looking at Trump and his allies’ effort to overturn the results of the 2020 election — a rare procedure designed to ensure public faith in fair investigations.

On Nov. 15, Trump took the stage in the Mar-a-Lago ballroom — at the same property where FBI agents had searched three months earlier — and announced that he would run for president again in 2024. The Justice Department’s national security division leaders who had pushed the FBI to be more aggressive pursuing Trump did not finish the investigation or reach a charging decision before a new chief took over.

On Nov. 18, Garland sent word to the prosecutors working on both of the probes to come to Justice Department headquarters for a meeting that morning. He wanted to privately inform them that he planned later that day to appoint a special counsel. Garland told them they could choose their next steps, but he hoped they would join the special counsel’s team for the good of the two investigations, people familiar with the conversation said.

Even that risk assumes Trump’s announcement was determined by anything other than making it harder for DOJ to charge him; he was discussing announcing his run still earlier, before he got the injunction. But the risk ignores the opportunity that FBI’s delay provided Trump and others last summer.

The other thing WaPo doesn’t mention is the real damage the FBI, led by the now-retired head of the Washington Field Office, Steven D’Antuono, may have done by stalling: FBI may have made it impossible to recover all the documents Trump took.

Well before the injunction on using unclassified documents in the investigation was lifted, multiple outlets revealed that DOJ suspected Trump still had classified documents. Trump’s lawyers have paid investigators to search some — but not all — of Trump’s properties since. And for months, Trump’s lawyers publicly lied about the results, publicly lied to hide that an aide moved new documents with classification marks to Mar-a-Lago after the August 8 search by the FBI.

There are still 47 empty classified document folders, found in two different searches of Trump’s property, that remain unexplained.

Perhaps those folders were not yet empty in May 2022, when DOJ first proposed doing a surprise search of Mar-a-Lago.

But FBI agents viewed a Mar-a-Lago search in May as premature and combative, especially given that it involved raiding the home of a former president. That spring, top officials at FBI headquarters met with prosecutors to review the strength of evidence that could be used to justify a surprise search, according to two people familiar with their work.

Perhaps those folders were not yet empty in June 2022, after Evan Corcoran raised more suspicions on June 3, when Jay Bratt came to pick up a folder of classified documents, the same day that Trump departed for Bedminster.

Perhaps those folders were not yet empty when DOJ served another subpoena to obtain the surveillance footage showing Walt Nauta moving boxes to evade the search.

Some FBI field agents then argued to prosecutors that they were inclined to believe Trump and his team had delivered everything the government sought to protect and said the bureau should close down its criminal investigation, according to some people familiar with the discussions.

But they said national security prosecutors pushed back and instead urged FBI agents to gather more evidence by conducting follow-up interviews with witnesses and obtaining Mar-a-Lago surveillance video from the Trump Organization.

The government sought surveillance video footage by subpoena in late June. It showed someone moving boxes from the area where records had been stored, not long after Trump was put on notice to return all such records, according to people familiar with the probe.

Perhaps those folders were not yet empty when D’Antuono — who was appointed head of the DC field office in October 2020 and who retired last November; his replacement was named in late December — continued to stall shortly before the search.

Against that backdrop, Bratt and other senior national security prosecutors, including Assistant Attorney General Matt Olsen and George Toscas, a top counterintelligence official, met about a week before the Aug. 8 raid with FBI agents on their turf, inside an FBI conference room.

The prosecutors brought with them a draft search warrant and argued that the FBI had no other choice but to search Mar-a-Lago as soon as practically possible, according to people with knowledge of the meeting. Prosecutors said the search was the only safe way to recover an untold number of sensitive government records that witnesses had said were still on the property.

Steven M. D’Antuono, then the head of the FBI Washington field office, which was running the investigation, was adamant the FBI should not do a surprise search, according to the people.

D’Antuono said he would agree to lead such a raid only if he were ordered to, according to two of the people. The two other people said D’Antuono did not refuse to do the search but argued that it should be a consensual search agreed to by Trump’s legal team.

We have no reason to believe that DOJ got all the documents back and plenty of reason to believe it didn’t. Trump’s lawyers are still dicking around, offering ridiculous explanations for why a new empty folder showed up sometime between August and December.

What we do know is that Steven D’Antuono treated Trump differently than FBI would have treated any other person suspected of stealing classified documents, he treated Trump differently because he had been trained to understand that Trump could ruin his career if he dared investigate Trump.

And by treating Trump differently, D’Antuono may have given Trump the opportunity to steal another 47 documents.

“Fuck! Two years or three years, screw you, they will get you when it’s time”

About 26 pages into a 40-page indictment of Quanzhong An and his daughter Guangyang An — which was obtained last week but rolled out at a press conference yesterday — the indictment shifts tracks dramatically.

Up until that point, it lays out in detail An’s role in China’s efforts, dating back to 2002, to convince John Doe-1 and his son, referred to as John Doe-2 in the indictment, to return to China. But then at page 26, it starts to lay out alleged money laundering, showing how Quanzhong An transferred almost $4 million from China to the US over six years by transferring it in increments at or just under $50,000 in the name of family members.

From in or about 2016 through the present, the defendants QUANZHONG AN and GUANYANG AN conspired with others to engage in a money laundering scheme. During this period, the conspirators sent and caused to be sent millions of dollars in wire transfers from the PRC to the United States. As these activities violated applicable PRC law regarding capital flight — which imposed a limit of $50,000 per person annually for total foreign exchange settlement — the conspirators engaged in deceptive tactics designed to frustrate and impede the Anti-Money Laundering (“AML”) controls of the U.S. financial institutions, so that the defendants and the coconspirators could enjoy continued access to the U.S.-based bank accounts.

Here’s what a fraction of the transfers look like.

To be clear, the reason these transfers were made in $50,000 increments was to comply with Chinese transfer restrictions, not US ones. This is charged as money laundering in the US because (as the indictment notes) it involved false statements to banks and layering and other tactics to hide the ruse. But it also appears to be a violation of Chinese law, the same kind of law that the person targeted for repatriation by An allegedly violated.

As FBI Director Chris Wray noted at yesterday’s press conference,

Two of the subjects who targeted him, two of the defendants charged today, are themselves actually involved in a scheme to launder millions of dollars. And as if that weren’t enough evidence that the real purpose of their operation was political, they gave their victim a deadline to return by: the 20th CCP Congress earlier this month.

The money laundering belies the claim that China is pushing for John Doe-1’s repatriation out of some concern about financial corruption.

It may provide context, too, to details earlier in the indictment that described how An became involved in efforts to coerce John Doe-1 to return to China. As described, his efforts to lure John Doe-1 back to China started in 2017, when he showed up at John Doe-1’s home to locate him and his son. A year later, his daughter Guangyang accompanied a family member’s boss to the house in 2018, where they left a note and were captured on John Doe-1’s security camera, as shown in the picture.

In August 2019, one of the Chinese-based co-conspirators sent a message to John Doe-1 claiming that An was just helping out out of patriotism.

An Quanzhong is a patriotic businessman in the U.S. and the head of the Chinese Business Association of New York. He was originally from Zaozhuang, Shandong, and has given strong support to the government’s work. He is willing to communicate with [John Doe-1] and pay for [John Doe-1] to help the government recover the loss without anything in return. At the same time, he is willing to provide enough funds to guarantee [John Doe-1’s] return and cover his expenses needed to return home.

Starting in 2020, An started meeting with the son, John Doe-2, meetings which were consensually recorded (meaning either the FBI was already involved or John Doe-2 is really smart).

At a January 2020 meeting, An explained to the son what he was up to, admitted to the 2017 visit to the house, and explained that he would pay the money John Doe-1 allegedly owes to the Chinese state and put him up in his Chinese home if he returned.  John Doe-2 asked why he was willing to pay that amount, and An explained that he was trying to get the Chinese government to view him as a good guy.

QUANZHONG AN responded that he had donated over 100 million yuan to the PRC government the previous year and that the PRC government “will be very happy if this thing is settle[d].” QUANZHONG AN boasted that, if he assisted with John Doe-1’s repatriation, the PRC government “will not see [QUANZHONG AN] as a bad guy because [he has] done so many good things, even donating money to society.”

In a July 2021 meeting with John Doe-2, also lawfully monitored, An repeated the promise that John Doe-1 would not be detained if he returned, then explained he was involved in part because of his business interests.

QUANZHONG AN also acknowledged how his business interests prompted his involvement in John Doe-1’s case. QUANZHONG AN explained, “[A]s you know, there are many ways to make it work in China. It’s hard to do business in China.” QUANZHONG AN claimed that he had succeeded by making donations to the PRC government. QUANZHONG AN further claimed that “he had donated over 300 million yuan over the years to the PRC government.”

In a July 2022 call that An brokered to take place at a hotel he owns in Flushing, one of the Chinese co-conspirators told John Doe-2 that he should return before the Party Conference (the October 20 arrest took place in the middle of it, which spanned from October 16 to October 22), because, “In case there is a change, I am afraid that it doesn’t work in favor of the old man” (which I believe is a reference to John Doe-1’s father, in China).

In recent weeks, the detention motion for the father and daughter describes, An met with John Doe-2 again, this time with a confession for John Doe-1 to sign in advance of the Party Congress.

More recently, Quanzhong An met with John Doe-2 again on September 29, 2022. During this meeting, Quanzhong An pressed for John Doe-1 to execute an agreement to return to the PRC in advance of the CCP’s 20th National Congress, which began on October 16, 2022. As part of such agreement, Quanzhong An sought a written confession from John Doe-1, which would be submitted directly to the PRC government. This morning, incident to Quanzhong An’s arrest, agents located a photograph of what appears to be a sample confession for John Doe-1 to use.

Instead of returning, the implication is, DOJ finalized this indictment on October 7, and the FBI arrested An and his daughter. The indictment includes two forfeiture provisions, and lists three properties. After his arrest last week, An was given a CJA attorney, suggesting the considerable assets he has in the US may be tied up in those forfeitures.

In other words, this appears to be a story of how the Chinese government used An’s own violations of Chinese law not to rein him in, but to coerce him to pursue the return of a long-sought exile. The US government is effectively using the leverage China had over An, because of his alleged money laundering, to impose far greater penalties — both financially and (because of stiff penalties on money laundering) in terms of criminal exposure — on his involvement in the matter here in the US.

This was one of three charging documents rolled out yesterday in a very high-level press conference involving Attorney General Merrick Garland, Deputy Attorney General Lisa Monaco, National Security Division head Matthew Olsen, and FBI Director Chris Wray. Those three sets of charges are:

  • Charging two suspected Chinese intelligence officers — both in China — who paid a double agent for what they believed was secret information pertaining to the 2018 prosecution of Huawei on racketeering charges. (press release)
  • Charging four Ministry of State Security officers — all in China — in conjunction with their unsuccessful attempt to recruit a former law enforcement officer while on two trips to China (one in 2008, the second in 2018) and their successful recruitment of an unnamed and uncharged US permanent resident co-conspirator who took actions in New Jersey. (press release)
  • As noted, the indictment charging US permanent resident Quanzhong An, his US citizen daughter Guangyang An, along with five Chinese based individuals, four of whom are members of the Provincial Commission for Discipline Inspection for their efforts to lure a long-term US resident back to China. (press release, which was issued on the day of arrest, October 20)

On their face, the charges seemed quite unrelated (indeed, Wray acknowledged as much). On its face, the press conference seemed to be another of the showy ones designed to get attention precisely because most of those affected are overseas, out of the reach of law enforcement. (Compare that press conference to the more discreet rollout of the three indictments targeting Oleg Deripaska and his associates, charges that take more overt cooperation with other countries, to say nothing of even more juggling of ongoing sensitivities.)

Which raises the question of why now, why these cases. In response to a direct question about whether the timing of this related to the party conference — mentioned in the An indictment and in Wray’s prepared remarks — that solidified Xi Jinpeng’s third term, Wray said only that, “we bring cases when we’re ready.”

It may be that An was lured back to the US for his arrest based on that timing, which would in turn explain the timing of that arrest (which was announced, though not docketed, last week). But that would only explain why that case was rolled out, and it was already public last week.

An and his daughter are the only people described to be arrested in these documents.

But there is a Co-Conspirator-1 named in the New Jersey indictment (which was filed on October 20, the same day the An arrest took place) whose apparent US presence is unexplained in the indictment and yesterday’s press conference.

That indictment seems like it’s an investigation that started when a former law enforcement officer was recruited in China in 2008, which alerted the US government to the identity of Wang Lin, who in 2016 traveled to the Bahamas to begin recruiting CC-1, first by tasking him or her with delivering a $35,000 payment in the US. Then, in 2016, another of the co-conspirators, Wang Qiang, traveled with CC-1’s Chinese family members and had a series of discussions about working for China. In one, Wang expressed concern that the US had planted surveillance equipment on one of his phones at the airport.

During the same conversation, CC-1 also discussed with CC-l’s two family members, in sum and substance, what s/he believed to be the United States’ surveillance capabilities. CC-1 also told her/his family members that WANG QIANG had expressed concern when he (WANG QIANG) entered the United States that customs officials had installed surveillance equipment on one of his telephones at the airport, and that WANG QIANG was concerned about numbers for several contacts in North Korea that he had in his phones. CC-1 stated, in sum and substance, that WANG QIANG was “a low-level” official and should not have been concerned that he would be known to United States authorities.

It seems Wang was right to be concerned, because a series of damning conversations involving Wang and CC-1 were “lawfully recorded.”

WANG and CC-1 continued to discuss working on behalf of the PRC and obtaining information for the PRC in furtherance of its intelligence-gathering operations. Among other things, CC-1 stated thats/he “like(s) to do it,” meaning working for the PRC. CC-1 complained, however, that “[it] would be fine if there were more money.” CC-1 continued, stating, “It will work if you can truly pull off something big, things like the fucking U.S. high tech, anything that is important, right?” CC-1 then stated that “We are the ones who do the fucking work.” CC-1 also noted that “it is just a business,” that “they pay you for each job done,” and that “they will pay you again if they use you again.”

WANG QIANG and CC-1 continued to express fear about getting caught. Indeed, CC-1 stated thats/he did not “want to get into any trouble now.” CC-1 advised WANG QIANG, “If you don’t need to travel, it should be safe to stay in China. If you need to travel, fuck! The U.S. is very capable, I am telling you. You can’t run away from them.” CC-1 continued, “The Americans are really capable. Fuck! Two years or three years, screw you, they will get you when it’s time. . . . On the other hand, I have no use to them if I go back. I have no use to them if I go back to China.” During the conversation, WANG QIANG stated his belief that individuals working for the PRC “will be abandoned in the future.” [my emphasis]

There’s no other explanation for what happened with CC-1. And absent a 2018 offer to the law enforcement officer on a trip to China in 2018, these charges would be time-barred; I wonder whether that former law enforcement officer has a tie to the double agent described in the Huawei indictment (though timing wise, he cannot be the same person). Of that double agent from the Huawai case, Wray yesterday said, “we very rarely get a chance to publicly thank” double agents working in operations targeting China and other foreign countries.

But the pattern shown in the An indictment holds: the recruitment via Chinese associates using family ties of permanent residents in the US.

That is, at least two of these indictments appear to be based off far deeper investigative work than that FBI had previously pursued, in which they tried to catch scholars in false statements regarding dual Chinese and US-funding.

At yesterday’s press conference, someone asked (seemingly pointing to the ongoing threat of espionage from China), “Was it a mistake to get rid of the China initiative?”

The China Initiative was a Trump Administration effort that resulted in a series of high profile failed prosecutions and that sowed discrimination against Chinese and Chinese-Americans working in technical roles.

Garland responded by saying that,

These cases make quite clear we are unrelenting in our efforts to prevent the government of China from economic espionage, from operating in the United States as foreign agents, from trying to affect our rule of law, our judicial system, from trying to target or recruit Americans to help them … we have not in any way changed our focus on those kind of behaviors by China.

Olsen added,

We have stayed very focused on the threat that PRC poses to our values, to our institutions. We speak through our cases, and we speak to those cases today. I think what we are charging today in terms of the range and persistence of the threat that we see from the PRC demonstrates that we have remained relentless on that threat and we will continue to be focused on that threat going forward.

Asked by the same apparent Trump booster whether he had just gotten rid of the name, Olsen responded,

We ended the China Initiative earlier this year after a lengthy review and adopted a broader strategy focused on the range of threats that we face from a variety of nation-states, and that’s the strategy we’re carrying forward.

What DOJ spoke through its cases yesterday suggests they’re using longer-term operations to target a more fundamental recruiting effort and only unwinding them, one by one, as such interlocking efforts require it.

Update: In juggling some quotes I cut the part from which the title comes. I’ve added it back in (h/t higgs boson) and fixed another detail.

DOJ Inspector General Report on the Tensions Created by Parallel Construction

Before you read this report on tensions between FBI Office of General Counsel’s National Security and Cyber Law Branch (NSCLB)  and DOJ’s National Security Division (NSD), remember the following things:

  • In significant part because of jurisdictional limitations, DOJ Inspector General blamed FBI for everything that went wrong with the Carter Page FISA applications, and in the wake of that report, Bill Barr, Trump, and his allies in Congress used it to damage the career every single person at FBI who had been involved with the Russian investigation (except for the two guys who made multiple mistakes in dismissing the Alfa Bank allegations).
  • John Durham then used that damage to attempt to coerce testimony, sometimes false, from FBI figures in his never-ending witch-hunt.
  • For the same jurisdictional limitations, any abuse John Durham engages in or Andrew DeFilippis engaged in can only be reviewed by DOJ’s feckless Office of Professional Responsibility, not by DOJ IG.
  • After that report, DOJ IG developed proof that Carter Page was not special; by some measures, his FISA application was better than those of people who hadn’t been fired by a future President for precisely the same foreign ties that the FISA was meant to assess.
  • The NSD then dismissed those findings from DOJ IG, largely by adopting a standard different from the one that had been adopted with Carter Page (it’s unclear whether DOJ IG is still trying to resolve these discrepancies or not).
  • None of the stuff that happened thus far addresses the substantive problems with the Page applications.

The report talks about the “historically strained” relationship between these two sets of lawyers, without laying out the role that the Carter Page review — and the Trump DOJ’s use of DOJ IG to punish his enemies generally — did to make things worse.

That tension plays out in the report. For example, Horowitz only provides recommendations to NSCLB and FBI’s OGC, not NSD. In each case, FBI is directed to coordinate with NSD, without the counterpart recommendation. The tension is particularly critical to something that DOJ IG cannot, therefore, recommend: That NSD have access to FBI case files, which would allow them to play a more proactive role in the vetting of FISA applications. It would also make NSD share in accountability for any problems that arise (as they should have with Page), though, and unsurprisingly NSD doesn’t want that.

NSCLB attorneys expressed their concern that although NSD attorneys assist agents in drafting the FISA applications submitted to the FISC, they do not share accountability when compliance incidents are reported to the FISC. Although NSCLB officials acknowledged the oversight role that NSD has related to FISA, they emphasized the need for FISA to be a team effort and not an adversarial relationship and stated their belief that the number of compliance incidents would be reduced if NSD would review the FISA-related documents housed in the FBI’s IT systems. However, according to NSCLB attorneys, NSD has expressed disinterest in ensuring FISA compliance on the front end and has said that it is the agent’s responsibility to identify in the first instance, anything that is necessary to be reported to the FISC. We were also told by NSCLB attorneys that NSD has said that it is concerned that an appearance of NSD attorneys having knowledge of the underlying documents would imply that they have full knowledge of all of the supporting documents, which would not be practicably feasible for them to have.

A senior NSD official that we spoke with told us that NSD has limited resources, and it does not have direct access to FBI systems.

NSD wants none of this accountability and DOJ IG can’t make them.

For all the tensions, though, it’s a fascinating report, as useful for providing both historical and bureaucratic background on this process as anything else. Much of this tension arises out of DOJ’s admitted parallel construction — using alternative sources for certain facts to protect sources and methods. There’s even a paragraph that describes NSCLB’s role as such (though not by name).

For instance, we were told that NSD relies on NSCLB to review documents such as search warrants and criminal complaint affidavits for law enforcement or other sensitivity concerns before they are filed with the court by prosecutors. When this process is not followed, it can become particularly problematic if NSCLB later finds that sensitive information was contained in the court filing. For example, if the FBI used a sensitive platform to obtain information, prosecutors may decide that a description of the platform is needed to support the search warrant or complaint. In such instances, NSCLB may ask prosecutors to anonymize that information. However, if NSCLB does not review the case agent’s draft affidavit in support of a search warrant or complaint before the agent provides it to the prosecutor, sensitive information may be exposed. Also, senior NSCLB officials told us that including an NSCLB attorney early in this process can provide an effective means of ensuring prosecutors have information necessary to support their case. Specifically, NSCLB can help identify which information may be difficult to use from a classification and sensitivity perspective and provide suggestions to obtain the information from an independent source without implicating sensitive techniques.

The report claims the particular roles of each side are not well-defined. I’m not convinced that’s the case, though. As described, NSCLB protects national security and the secrets that go along with that (including secret intelligence techniques). And NSD fulfills the needs of prosecutions as well as “protect[ing] FISA as a tool so the FBI can continue to use it.”

In one telling explanation,

NSCLB senior officials highlighted the fact that criminal prosecution is not necessarily the FBI’s aim in every national security investigation and that the FBI sometimes appropriately pursues investigations with the aim of disrupting threats or collecting intelligence.20

These are tensions, but they are not necessarily bad tensions. And it doesn’t seem like this report considers how this compares to the relationship between a prosecutor and a case agent where there are none of the national security (and classification) concerns.

In any case, the report attributes that tension for two radically different understandings about the standards involved in two FISA concepts, including one — material facts that must be disclosed to the FISA Court — that was at the core of the Carter Page case.

In the case of materiality, the FBI seems to be playing dumb (perhaps to avoid opening a whole historical can of worms given the aftermath of the Page IG Report).

The 2009 Accuracy Memorandum defined material facts as, “those facts that are relevant to the outcome of the probable cause determination.” The FBI had interpreted this standard as facts that are outcome determinative, or facts that would invalidate the legal determination. However, NSD had applied a broader standard than the FBI, with NSD’s interpretation of material facts being facts that are capable of influencing the requested legal determination. An NSD senior official told us that the FBI’s viewpoint was based on the FBI’s involvement in the criminal law enforcement arena where the threshold for materiality in a criminal search warrant is outcome determinative. This official also stated that most material errors reported to the FISC do not invalidate the legal determination, and that the FISC still expects for these types of errors to be reported to them.

Senior NSD officials stated NSD had applied the same standard for at least 15 years and NSCLB had known of NSD’s application of the standard because it was reflected in previous Rule 13 notices filed with the FISC. For example, in the OIG’s report on the FBI’s Crossfire Hurricane Investigation, NSD supervisors stated that “NSD will consider a fact or omission material if the information is capable of influencing the court’s probable cause determination, but NSD will err on the side of disclosure and advise the court of information that NSD believes the court would want to know.”41 Similarly, in a FISC filing on January 10, 2020, NSD referred to this statement in the OIG report while describing its oversight and reporting practices when errors or omissions are identified.42 However, senior NSCLB officials told us that NSCLB was first made aware of NSD’s interpretation of the materiality standard in the OIG’s Crossfire Hurricane Investigation report and NSD’s subsequent January 2020 FISC filing.43

In the case of the claimed differing understand of  querying techniques under 702 (in which, by my read, both sides were pretending this hasn’t dramatically changed as FISC became aware of how 702 collection was really used), NSD seems to engage in the knowing bullshit.

In contrast, NSD told us that the query standard has been the same since 2008. A senior NSD official stated that the FBI had a fundamental misunderstanding of the standard and that compliance incidents were not identified sooner because NSD can only review a limited sample of the FBI’s queries and NSD improved upon its ability to identify non-compliant queries over time.

I knew the standard the FBI was using. It is not credible that I knew what it was and NSD did not.

In both cases, this claimed disagreement seems to be an effort to avoid applying the standards adopted post-Page to the FISA approach (and not just on individualized orders) applied before then.

The report confirms something that had been obvious from heavily redacted sections of the last several 702 reauthorizations: FBI had been using 702 collection (and FISA collection generally) to vet potential confidential human sources.

For example, we were told disputes occurred related to queries conducted for vetting purposes.52 Specifically, according to the FBI, it was concerned that as a result of the change to the query standard it could no longer perform vetting queries on raw FISA information before developing a confidential human source (CHS). FBI officials told us that it was important for agents to be able to query all of its databases, including FISA data, to determine whether the FBI has any derogatory or nefarious information about a potential CHS. However, because of the implementation of the 2018 standard, the FBI is no longer able to conduct these queries because they would violate the standard (unless the FBI has a basis to believe the subject has criminal intent or is a threat to national security). According to the FBI, because its goal is to uncover any derogatory information about a potential CHS prior to establishing a relationship, many agents continue to believe that it is irresponsible to engage in a CHS relationship without conducting a complete query of the FBI’s records as “smoking gun” information on a potential CHS could exist only in FISA systems. Nevertheless, these FBI officials told us that they recognize that they have been unsuccessful when presenting these arguments to NSD and the FISC and, as noted below, they follow NSD’s latest revision of query standard guidance.

Using back door searches to vet informants is an approved use on the NSA and, probably, CIA side. In the FBI context, my understanding is that informants understand they’re exchanging Fourth Amendment protections as part of their relationship with the FBI. Perhaps if the FBI had simply made this public, it could have been an approved use. Instead, we’re playing all these games about the application.

The report describes — but doesn’t really address — how the tension between NSCLB and NSD undermined National Security Reviews which,

examine (1) whether sufficient predication exists for FBI preliminary and full investigations, (2) whether a sufficient authorized purpose exists for assessments, (3) whether tools utilized during or prior to the assessment are permitted, and (4) all aspects of National Security Letters issued by the FBI.

There was a huge backlog of these until NSD hurriedly closed a bunch of them in 2020, which is the kind of thing that when Bush did them with FISA tools in 2008 was itself a symptom. So, too, may be some policy memos that happened in Lisa Monaco’s first days and John Demers’ last ones.

The section I found to be most interesting (and one that DOJ IG could not or chose not to address in recommendations) pertains to the tension over declassification of material for prosecutions.

According to the FBI’s Declassification of Classified National Security Information Policy Guide, NSCLB must participate in the approval of discretionary declassification decisions concerning FBI classified information. NSCLB assists in ensuring that the declassification of either FISA derived material or other FBI classified information is: (1) necessary to protect threats against national security; (2) will not include classified materials obtained from foreign governments; (3) will not include classified materials obtained from other U.S. agencies (unless authorized by the originating agency); (4) will not reveal any sensitive or special techniques; and (5) will not adversely impact other FBI investigations.

[snip]

Despite the FBI’s limited support role, NSD and DOJ staff we spoke with told us that they believe NSCLB has involved itself inappropriately in discovery matters. For example, an NSD senior official told us that NSCLB has attempted to second guess discovery decisions made by prosecutors. This NSD official believed that NSCLB’s role is not to participate in the determination of how the prosecutors choose to protect a piece of classified information, but instead to identify information that is classified, its level of classification, and how a declaration from the owner of that information would explain to a court why the information presents a national security concern. According to this official, NSCLB may rightfully conclude the information is too sensitive to provide in discovery and, as a result, prosecutors may have to dismiss that case. However, we were told that discovery issues do not generally reach that point. We also were told by some AUSAs that they have had to remind NSCLB attorneys that AUSAs have the discovery obligations to courts and will make discoverability determinations.

An official from one USAO told us that, while it is understood that satisfying discovery obligations is the responsibility of the prosecutor, the FBI’s interest in protecting its equities may justify challenging a prosecutor’s discovery decisions. The official explained that such back and forth may be necessary to reach a balance between the needs of discovery and the protection of sensitive information; however, when the FBI’s role in the process extends into making assessments of what is discoverable it can slow the process down and necessitate the prosecutor asserting authority over discovery decisions.

[snip]

By contrast, senior NSCLB officials noted that several factors outside of NSCLB’s control can cause the declassification process to take a considerable amount of time. According to these officials, the FBI addresses the risk of disclosing information that could cause significant harm to the American public by using a thorough, deliberate process which can be impacted by the volume of information, the sensitivities involved, and the resources available to conduct a review. In defending NSCLB’s role in the discovery process, a senior NSCLB official expressed the view that AUSAs tend to err on the side of making material discoverable, even when it involves national security information, and do not appreciate how the disclosure of information may affect other FBI or USIC operations. This official told us that NSD often prefers to declassify all information that could be relevant, necessary, or discoverable to ease the prosecution of the case or the discovery process. .

This is, in my opinion, the description of what lawyers for an intelligence agency would do. That seems to be the role NSCLB is playing, for better or worse. In light of the cases described out of which the more specific tensions arise, I find the complaint that NSCLB is delaying discovery rather telling. If prosecutors choose to make a case that NSCLB believes would have been better handled via disruption, for example, or are entirely frivolous, such tensions are bound to surface. That said, if FBI’s General Counsel’s Office has been coopted people trying to protect sources and methods, NSD lawyers are going to look like the only ones guarding due process (though I’m sure they would with CIA’s lawyers, too).

There’s a lot of worthwhile observations in this report. But it’s hard to shake the conclusion that the most important takeaway is that DOJ cannot continue to have such asymmetry in the oversight that FBI and DOJ experience.

Why January 6 Committee Transcripts Are Urgent: Proud Boy Jeremy Bertino

On June 6, DOJ charged the Proud Boy Leaders with sedition. As I noted at the time, the single solitary new overt act described in the indictment involved Jeremy Bertino, Person-1, seeming to have advance knowledge of a plan to occupy the Capitol.

107. At 7:39 pm, PERSON-1 sent two text messages to TARRIO that read, “Brother. ‘You know we made this happen,” and “I’m so proud of my country today.” TARRIO responded, “I know” At 7:44 pm. the conversation continued, with PERSON-1 texting, “1776 motherfuckers.” TARRIO responded, “The Winter Palace.” PERSON-1 texted, “Dude. Did we just influence history?” TARRIO responded, “Let’s first see how this plays out.” PERSON-1 stated, “They HAVE to certify today! Or it’s invalid.” These messages were exchanged before the Senate returned to its chamber at approximately 8:00 p.m. to resume certifying the Electoral College vote.

Just days earlier, as part of a discovery dispute, prosecutors had provided this (dated) discovery index. For several reasons, it’s likely that at least some these entries pertain to Bertino, because the CE ones are from the Charlotte office, close to where he lives, because he’s one of the three uncharged co-conspirators of central importance to the Proud Boys efforts, and because we know FBI did searches on him.

In a hearing during the day on June 9, the Proud Boys’ attorneys accused DOJ of improperly coordinating with the January 6 Committee and improperly mixing politics and criminal justice by charging sedition just before the hearings start. In the hearing there was an extensive and repeated discussion of the deposition transcripts from the committee investigation. AUSA Jason McCullough described that there had been significant engagement on depositions, but that the January 6 Committee wouldn’t share them. As far as he knew, the Committee said they would release them in September, which would be in the middle of the trial. Joe Biggs’ attorney insisted that DOJ had the transcripts, and that they had to get them to defendants.

Judge Tim Kelly ordered prosecutors that, if they come into possession of the transcripts, they turn them over within 24 hours.

Hours later, during the first (technically, second) January 6 Committee hearing, the Committee included a clip from Bertino describing how membership in the Proud Boys had tripled in response to Trump’s “Stand Back and Stand By” comment.

His cooperation with the Committee was not public knowledge. I have no idea whether it was a surprise to DOJ, but if it was, it presented the possibility that, in the guise of cooperating, Bertino had just endangered the Proud Boy sedition prosecution (which wouldn’t be the first time that “cooperative” Proud Boys proved, instead, to be fabricators). At the very least, it meant his deposition raised the stakes on his transcript considerably, because DOJ chose not to charge him in that sedition conspiracy.

Today, in response to a bid by Dominic Pezzola and Joe Biggs to continue the trial until December, DOJ acceded if all defendants agree (Ethan Nordean won’t do so unless he is released from jail). With it they included a letter they sent yesterday to the Committee — following up on one they sent in April — talking about the urgency with which they need deposition transcripts.

We note that the Select Committee to Investigate the January 6th Attack on the United States Capitol (“Select Committee”) in its June 9, 2022 and June 13, 2022, hearings extensively quoted from our filings in active litigation and played portions of interviews the Select Committee conducted of individuals who have been charged by the Department in connection with the January 6th Attack on the United States Capitol.

It is now readily apparent that the interviews the Select Committee conducted are not just potentially relevant to our overall criminal investigations, but are likely relevant to specific prosecutions that have already commenced. Given this overlap, it is critical that the Select Committee provide us with copies of the transcripts of all its witness interviews. As you are aware, grand jury investigations are not public and thus the Select Committee does not and will not know the identity of all the witnesses who have information relevant to the Department’s ongoing criminal investigations. Moreover, it is critical that the Department be able to evaluate the credibility of witnesses who have provided statements to multiple governmental entities in assessing the strength of any potential criminal prosecutions and to ensure that all relevant evidence is considered during the criminal investigations. We cannot be sure that all relevant evidence has been considered without access to the transcripts that are uniquely within the Select Committee’s possession.

The discovery deadline for the Proud Boy case is tomorrow. If DOJ put Bertino before a grand jury and he said something that conflicts with what he told the Committee, it could doom his reliability as a witness, and with it the Proud Boys case, and with it, potentially, the conspiracy case against Trump.

The fact that Matt Olsen, National Security Division head, is on this letter suggests the concern pertains to the militias (and, indeed, the charged militia witnesses who appeared were Tarrio and Stewart Rhodes). Similarly, Nick Quested’s testimony may be inconsistent with other information DOJ has obtained.

Some pundits who’ve never done any original reporting on the topic claimed upon seeing this letter that it’s proof DOJ has been “twiddling its thumbs” while the Jan6 Committee has been doing all the work.

They’re saying that, though, when DOJ fairly explicitly said that grand juries have interviewed witnesses that Jan6 — and so, by association, lazy pundits — may not be aware of.

These are the kinds of surprises that can kill entire cases, after a year and a half of painstaking investigation.

Matt Olsen Admits He Didn’t Bargain on a President Trump

Something predictable, but infuriating, happened at least week’s Cato conference on surveillance.

A bunch of spook lawyers did a panel, at which they considered the state of surveillance under Trump. Former White House Director of Privacy and Civil Liberties Tim Edgar asked whether adhering to basic norms, which he suggested would otherwise be an adequate on surveillance, works in a Trump Administration.

In response, former NSA General Counsel Matt Olsen provided an innocuous description of the things he had done to expand the dragnet.

I fought hard … in the last 10 [years] when I worked in national security, for increasing information sharing, breaking down barriers for sharing information, foreign-domestic, within domestic agencies, and for the modernization of FISA, so we could have a better approach to surveillance.

Then, Olsen admitted that he (who for three years after he left NSA headed up the National Counterterrorism Center managing a ton of analysts paid to imagine the unimaginable) did not imagine someone like Trump might come along.

As I fought for these changes, I did not bargain on a President Trump. That was beyond my ability to imagine as a leader of the country in thinking about how these policies would actually be implemented by the Chief Executive.

It was beyond his ability [breathe, Marcy, breathe] to imagine someone who might abuse power to come along!!!

What makes Olsen’s comment even more infuriating that I called out Olsen’s problematic efforts to “modernize” FISA and sustain the phone dragnet even in spite of abuse in September, in arguing that Hillary could not, in fact, be supporting a balanced approach on intelligence if she planned on hiring him, as seemed likely.

Olsen was the DOJ lawyer who oversaw the Yahoo challenge to PRISM in 2007 and 2008. He did two things of note. First, he withheld information from the FISC until forced to turn it over, not even offering up details about how the government had completely restructured PRISM during the course of Yahoo’s challenge, and underplaying details of how US person metadata is used to select foreign targets. He’s also the guy who threatened Yahoo with $250,000 a day fines for appealing the FISC decision.

Olsen was a key player in filings on the NSA violations in early 2009, presiding over what I believe to be grossly misleading claims about the intent and knowledge NSA had about the phone and Internet dragnets. Basically, working closely with Keith Alexander, he hid the fact that NSA had basically willfully treated FISA-collected data under the more lenient protection regime of EO 12333.

These comments were used, in this post by former NSA Compliance chief John DeLong and former NSA lawyer Susan Hennessey (the latter of whom was on this panel) to unbelievably dishonestly suggest that surveillance skeptics, embodied by me and EFF’s Nate Cardozo (who has been litigating some of these issues for years), took our understanding of NSA excesses from one footnote in a FISA Court opinion, rather than from years of reading underlying documents.

Readers are likely aware of the incident, which has become a persistent reference point for NSA’s most ardent critics. One such critic recently pointed to a FISC memorandum referencing the episode as evidence that “NSA lawyers routinely lie, even to the secret rubber stamp FISA court”; another cited it in claiming DOJ’s attorneys made “misleading claims about the intent and knowledge NSA had about the phone and Internet dragnets” and that “NSA had basically willfully treated FISA-collected data under the more lenient protection regime of EO 12333.”

These allegations are false. And by insisting that government officials routinely mislead and lie, these critics are missing one of the most important stories in the history of modern intelligence oversight.

Never mind that I actually hadn’t cited the footnote. Never mind that then FISA Judge Reggie Walton was the first to espouse my “false” view, even before seven more months of evidence came out providing further support for it.

The underlying point is that these two NSA people were so angry that I called out Matt Olsen for documented actions he had taken that they used it as a foil to make some pretty problematic claims about the oversight over NSA spying. But before they did so, they assured us of the integrity of the people involved (that is, Olsen and others).

It’s tempting to respond to these accusations by defending the integrity of the individuals involved. After all, we know from firsthand experience that our former colleagues—both within the NSA and across the Department of Justice, the Office of the Director of National Intelligence, and the Department of Defense—serve the public with a high degree of integrity. But we think it is important to move beyond the focus on who is good and who is bad, and instead explore the history behind that footnote and the many lessons learned and incorporated into practice. After all, we are ultimately a “government of laws,” not of people.

 

 

We are a government of laws, not people, they said in October, before laying out oversight that (they don’t tell you, but I will once I finally get back to responding to this post) has already proven to be inadequate. I mean, I agree with their intent — that we need(ed) to build a bureaucracy that could withstand the craziest of Executives. But contrary to what they claim in their piece and the presumably best intent of DeLong, they didn’t do that.

They now seem to realize that.

In the wake of the Trump victory, a number of these people are now admitting that maybe their reassurances about the bureaucracy they contributed to — which were in reality based on faith in the good intentions and honesty and competence of their colleagues — were overstated. Maybe these tools are too dangerous for an unhinged man to wield.

And, it turns out, one of the people largely responsible for expanding the dragnet that its former defenders now worry might be dangerous for Donald Trump to control never even imagined that someone like Trump might come along.

Hillary Claims to Support Targeted Spying But Advisor Matt Olsen Was Champion of Bulk Spying

Spencer Ackerman has a story on what Hillary Clinton meant when she said she supports an “intelligence surge” to defeat terrorism. Amid a lot of vague language hinting at spying expansions (including at fusion centers and back doors), her staffers told Ackerman she supported the approach used in USA Freedom Act.

Domestically, the “principles” of Clinton’s intelligence surge, according to senior campaign advisers, indicate a preference for targeted spying over bulk data collection, expanding local law enforcement’s access to intelligence and enlisting tech companies to aid in thwarting extremism.

The campaign speaks of “balancing acts” between civil liberties and security, a departure from both liberaland conservative arguments that tend to diminish conflict between the two priorities. Asked to illustrate what Clinton means by “appropriate safeguards” that need to apply to intelligence collection in the US, the campaign holds out a 2015 reform that split the civil liberties community as a model for any new constraints on intelligence authorities.

The USA Freedom Act, a compromise that constrained but did not entirely end bulk phone records collection, “strikes the right balance”, said [former NSC and State Department staffer and current senior foreign policy advisor Laura] Rosenberger. “So those kinds of principles and protections offer something of a guideline for where any new proposals she put forth would be likely to fall.”

It then goes on to list a bunch of advisors who have been contributing advice on the “intelligence surge.”

The campaign did not identify the architects of the intelligence surge, but it pointed to prominent counter-terrorism advisers who have been contributing ideas.

They include former acting CIA director Michael Morell – who has come under recent criticism for his attacks on the Senate torture report – ex-National Counterterrorism Center director Matt Olsen; Clinton’s state department counter-terrorism chief Dan Benjamin; former National Security Council legal adviser Mary DeRosa; ex-acting Homeland Security secretary Rand Beers; Mike Vickers, a retired CIA operative who became Pentagon undersecretary for intelligence; and Jeremy Bash, Leon Panetta’s chief of staff at the CIA and Pentagon.

It appalls me that Hillary is getting advice from Mike Morell, who has clearly engaged in stupid propaganda both for her and the CIA (though he also participated in the Presidents Review Group that advocated far more reform than Obama has adopted). I take more comfort knowing Mary DeRosa is in the mix.

But I do wonder how you can take advice from Matt Olsen — who was instrumental in a lot of our current spying programs — and claim to adopt a balanced approach.

Olsen was the DOJ lawyer who oversaw the Yahoo challenge to PRISM in 2007 and 2008. He did two things of note. First, he withheld information from the FISC until forced to turn it over, not even offering up details about how the government had completely restructured PRISM during the course of Yahoo’s challenge, and underplaying details of how US person metadata is used to select foreign targets. He’s also the guy who threatened Yahoo with $250,000 a day fines for appealing the FISC decision.

Olsen was a key player in filings on the NSA violations in early 2009, presiding over what I believe to be grossly misleading claims about the intent and knowledge NSA had about the phone and Internet dragnets. Basically, working closely with Keith Alexander, he hid the fact that NSA had basically willfully treated FISA-collected data under the more lenient protection regime of EO 12333.

Charlie Savage provided two more details about Olsen’s fondness for bulk spying in Power Wars. As head of NCTC, Olsen was unsurprisingly the guy in charge of arranging, in 2012, for the NCTC to have access to any federal database it claimed might have terrorist information in it (thereby deeming all of us terrorists). Savage describes how, in response to his own reporting that NCTC was considering doing so — at a time when the plan was to have a further discussion about the privacy implications of the move — ODNI pushed through the change without that additional privacy consideration. That strikes me as the same kind of disdain for due process as Olsen exhibited during the Yahoo challenge.

Finally, Savage described how, when Obama was considering reforms to the phone dragnet in 2014, Olsen opposed having the FISC approve query terms before querying the database as legally unnecessary. It’s hard to imagine how Olsen would really be in favor of USAF type reforms, which codify that change.

In short, among Hillary’s named advisors, the one with the most direct past involvement in such decisions (and also the one likely to be appointed to a position of authority in the future) has advocated for more bulk spying, not less.

Benghazi: A Poster Child for Covert Ops Blowback

You’ve no doubt heard that, last Friday (a pre-holiday Friday, as some people are already on their way to Thanksgiving), the Benghazi scandal ended with a fizzle.

The House Intelligence Committee released its report on the Benghazi attack, which basically says all the scandal mongering has been wrong, that Susan Rice’s talking points came from the CIA, that no one held up any rescue attempts, and so on and so on. This post will attempt to lay out why that might have happened. The short version, however, is that the report reveals (but does not dwell on) a number of failures on the part of the CIA that should raise real concerns about Syria.

Note that not all Republicans were as polite as the ultimate report. Mike Rogers, Jeff Miller, Jack Conaway, and Peter King released an additional views report, making precisely the points you’d expect them to — though it takes them until the 4th summary bullet to claim that Administration officials “perpetuated an inaccurate story that matched the Administration’s misguided view that the United States was nearing victory over al-Qa’ida.” Democrats released their own report noting that “there was no AQ mastermind” and that “extremists who were already well-armed and well-trained took advantage of regional violence” to launch the attack. Among the Republicans who presumably supported the middle ground were firebrands like Michele Bachmann and Mike Pompeo, as well as rising Chair Devin Nunes (as you’ll see, Nunes was a lot more interested in what the hell CIA was doing in Benghazi than Rogers). The day after the initial release Rogers released a second statement defending — and pointing to the limits of and Additional Views on — his report.

Now consider what this report is and is not.

The report boasts about the 1000s of hours of work and 1000s of pages of intelligence review, as well as 20 committee events, interviews with “senior intelligence officials” and 8 security personnel (whom elsewhere the report calls “the eight surviving U.S. personnel”) who were among the eyewitnesses in Benghazi. But the bulk of the report is sourced to 10 interviews (the 8 security guys, plus the Benghazi and Tripoli CIA Chiefs), and a November 15, 2012 presentation by James Clapper, Mike Morell, Matt Olsen, and Patrick Kennedy. (Here are  the slides from that briefing: part onepart two.) As I’ll show, this means some of the claims in this report are not sourced to the people who directly witnessed the events. And the reports sources almost nothing to David Petraeus, who was CIA Director at the time.

The FBI analyzed the intelligence better than CIA did

One of the best explanations for why this is such a tempered report may be that FBI performed better analysis of the cause of the attack than CIA did. This is somewhat clear from the summary (though buried as the 4th bullet):

There was no protest. The CIA only changed its initial assessment about a protest on September 24, 2012, when closed caption television footage became available on September 18, 2012 (two days after Ambassador Susan Rice spoke), and after the FBI began publishing its interviews with U.S. officials on the ground on September 22, 2012.

That is, one reason Susan Rice’s talking points said what they did is because CIA’s analytical reports still backed the claim there had been a protest outside State’s Temporary Mission Facility.

Moreover, in sustaining its judgment there had been a protest as long as it did, CIA was actually ignoring both a report from Tripoli dated September 14, and the assessment of the Chief of Station in Tripoli, who wrote the following to Mike Morell on September 15.

We lack any ground-truth information that protest actually occurred, specifically in the vicinity of the consulate and leading up to the attack. We therefore judge events unfolded in a much different manner than in Tunis, Cairo, Khartoum, and Sanaa, which appear to the the result of escalating mob violence.

In a statement for the record issued in April 2014, Mike Morell explained that Chiefs of Station “do not/not make analytic calls for the Agency.” But it’s not clear whether Morell explained why CIA appears to have ignored their own officer.

While the report doesn’t dwell on this fact, the implication is that the FBI was more successful at interviewing people on the ground — including CIA officers!! — to rebut a common assumption arising from public reporting. That’s a condemnation of CIA’s analytical process, not to mention a suggestion FBI is better at collecting information from humans than CIA is. But HPSCI doesn’t seem all that worried about these CIA failures in its core missions.

Or maybe CIA failed for some other reason. Read more

Internet Dragnet Materials, Working Thread 1

I Con the Record just released some ridiculously overclassified Internet dragnet documents it claims shows oversight but which actually shows how they evaded oversight. I’ve added letters to ID each document (I’ll do a post rearranging them into a timeline tomorrow or soon thereafter).

For a timeline I did earlier of the Internet dragnet program see this post.

This will be the first of several working threads, starting with descriptions of what we’ve got.

8/12: Note I will be updating this as I can clarify dates and content.

So-called Judicial oversight

A. FISC Opinion and Order: This is the Kollar-Kotelly order that initially approved the dragnet on July 14, 2004. A searchable version is here.

B. FISC Primary Order: This is an Internet dragnet order signed by Reggie Walton, probably in 2008 or very early 2009. It shows that the Internet dragnet program, which was almost certainly illegal in any case, had less oversight than the phone dragnet program (though at this point also collected fewer records). It was turned over pursuant to FAA requirements on March 13, 2009.

C. FISC Primary Order: This is an Internet dragnet order probably from May 29, 2009 (as identified in document D), signed by Reggie Walton. It shows the beginning of his efforts to work through the Internet violations. It appears to have been provided to Congress on August 31, 2009.

D. FISC Order and Supplemental Order: This is a version of the joint June 22, 2009 order released on several occasions before. It shows Reggie Walton’s efforts to work through the Internet dragnet violations. Here’s one version.

E. FISC Supplemental Order: This appears to be the dragnet order shutting down dragnet production. It would date to fall 2009 (production was likely shut down in October 2009, though this might reflect the initial shut-down).

F. FISC Primary Order: I’m fairly sure this is an order from after Bates turned the Internet dragnet back on in 2010 (and is signed by him), though I will need to verify that. It does require reports on how the NSA will segregate previously violative records, which is consistent with it dating to 2011 sometime (as is the requirement that the data be XML tagged).

G. FISC Memorandum Opinion Granting in Part and Denying in Part Application to Reinitiate, in Expanded Form, Pen Register/Trap and Trace Authorization: This is the order, from sometime between July and October 2010, where John Bates turned back on and expanded the Internet dragnet. Here’s the earlier released version (though I think it is identical).

H. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This was a report Walton required in document C, above, and so would be in the May-June 2009 timeframe. Update: Likely date June 18, 2009.

I. Government’s Response to the FISC’s Supplemental Order: This is the government’s response to an order from Walton, probably in his May 29, 2009 opinion (see this order for background), or even earlier in May.Update: This response dates to June 18, 2009 or slightly before.

J. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This appears to be the declaration submitted in support of Response I and cited in several places. Update: likely date June 18, 2009.

K. Supplemental Declaration of Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This appears to be the declaration that led to document C above.

L. Government’s Response to the FISC’s Supplemental Order Requesting a Corrective Declaration: This is a declaration admitting dissemination outside the rules responding to 5/29 order.

M. Government’s Response to a FISC Order: This is the government’s notice that it was using automatic queries on Internet metadata, just as it also was with the phone dragnet. This notice was provided to Congress in March 2009.

N. Declaration of Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Compliance with a FISC Order: After Walton demanded declarations in response to the initial phone dragnet violation, he ordered NSA to tell him whether the Internet dragnet also had the same problems. This is Keith Alexander’s declaration describing the auto scan for that program too. It was provided to Congress in March 2009.

O. Preliminary Notice of Potential Compliance Incident: This is the first notice of the categorical violations that ultimately led to the temporary shutdown of the dragnet, in advance of order E.

P. Notice of Filing: This is notice of a filing in response to inquiry from Judge Walton. It could be from any time during David Kris’ 2009 to early 2011 tenure.

Q: Government’s Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes: This appears to be the application following Order E, above. I don’t think it’s the 2010 application that led to the reauthorization of the dragnet, because it refers to facilities whereas the 2010 order authorized even broader collection. (Remember Bates’ 2010 order said the government applied, but then withdrew, an application.) Update and correction: this application must post-date December 2009, because that’s when NSA changed retention dates from 4.5 years to 5. Also note reference to change in program and request to access illegally collected data from before 10/09.

R. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes: This appears to be the memorandum of law accompanying application Q.

S. Declaration of General Keith B. Alexander, U.S. Army, Director, NSA, in Support of Pen Register/Trap and Trace Application: This is Alexander’s declaration accompanying Q.

T. Exhibit D in Support of Pen Register/Trap and Trace Application: This is a cover letter. I’m not sure whether it references prior communications or new ones.

U. First Letter in Response to FISC Questions Concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: This is the first of several letters in support of reinitiation of the program. The tone has changed dramatically here. For that reason, and because so much of it is redacted, I think this was part of the lead-up to the 2010 reauthorization.

V. Second Letter in Response to FISC Questions concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: This second letter is entirely redacted except for the sucking up to Bates stuff.

W. Third Letter in Response to FISC Questions Concerning NSA Bulk Metadata Collection Using Pen Register/Trap and Trace Devices: More sucking up. Some language about trying to keep access to the existing illegally collected data. 

X. Application for Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes: This is the first application for the Internet dragnet, from 2004. Very interesting. Note it wasn’t turned over until July 2009, after Congress was already learning of the new problems with it.

Y. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes: The memorandum of law accompanying X. Also turned over to Congress in 2009.

Z. Declaration of General Michael V. Hayden, U.S Air Force, Director, NSA, in Support of Pen Register/Trap and Trace Application: This goes with the initial application. NSA has left stuff unredacted that suggests they were access less bandwith than they, in the end, were. Also remember NSA violated this from the very beginning.

AA. Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence PurposesThis appears to be the application for the second PRTT order. I’ll return to this tomorrow, but I don’t think it reflects the violation notice it should.

BB. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate: This is NSA’s declaration in conjunction with the first reapplication for the dragnet. This should have declared violations. It was turned over to Congress in March 2009. [update: these appear to be early 2009 application]

CC. Declaration Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Implementation of Authority to Collect Certain Metadata: This is Alexander’s declaration accompanying the End-to-End report, from sometime in fall 2009.

DD: NSA’s Pen Register Trap and Trace FISA Review Report: The end-to-end report itself. it was provided to Congress in January 2010.

EE: DOJ Report to the FISC NSA’s Program to Collect Metadata: DOJ’s accompaniment to the end-to-end report.

FF: Government’s First Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata: After Bates raauthorized the Internet dragnet, DOJ realized they might not be on the same page as him. Not sure if this was in the 2009 attempt or the 2010 reauthorization.

GG: Government’s Second Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata: A follow-up to FF.

HH: Tab 1 Declaration of NSA Chief, Special Oversight and Processing, Oversight and Compliance, Signals Intelligence: This appears to be the 90-day report referenced in document C. Update: Actually it is referenced in Document A: note the paragraphs describing the chaining that were discontinued before the dragnet approval.

II: Verified Memorandum of Law in Response to FISC Supplemental Order: This is one of the most fascinating documents of all. It’s a 2009-2011 (I think August 17, 2009, though the date stamp is unclear) document pertaining to 3 PRTT targets, relying on criminal PRTT law and a 2006 memo that might be NSA’s RAS memo (though the order itself is FBI, which makes me wonder whether it seeds the FBI program). It may have been what they used to claim that Internet content counted as metadata.

JJ: Memorandum of Law in Response to FISC Order: A September 25, 2006 response to questions from the FISC, apparently regarding whether rules from criminal pen registers apply to PATRIOT PRTT. While I think this addresses the application to Internet, I also think this language may be being used for location.

So-called Congressional oversight

KK: Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees: This is a request to unseal an order — I suspect document E — so it could be briefed to Congress.

LL:  Order Granting the Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees: Walton’s order to unseal KK for briefing purposes. 

MM: April 27, 2005 Testimony of the Attorney General and Director, FBI Before the Senate Select Committee on Intelligence: This is the 2005 testimony in which — I pointed out before — Alberto Gonzales did not brief Congress about the Internet dragnet.

So-called Internal oversight

NN: NSA IG Memo Announcing its Audit of NSA’s Controls to Comply with the FISA Court’s Order Regarding Pen Register/Trap and Trace Devices: This lays out an audit with PRTT compliance, noting that the audit also pertains to BR FISA (phone dragnet). It admits the audit was shut down when the order was not renewed. It’s unclear whether this was the 2009 or the 2011 shutdown, but the implication is it got shut down because it would not pass audit. 

OO: NSA IG Memo Suspending its Audit of NSA after the NSA’s PRTT Metadata Program Expired: the formal announcement they were shutting down the IG report. Again, it’s not clear whether this was the 2009 or the 2011 shutdown.

If you find this work valuable, please consider donating to support the work.  

NSA Failures and Terror Successes Drive the Dragnet

Ryan Lizza has a long review of the dragnet programs. As far as the phone dragnet, it’s a great overview. It’s weaker on NSA’s content collection (in a piece focusing on Ron Wyden, it doesn’t mention back door searches) and far weaker on the Internet dragnet, the technical and legal issues surrounding which he seems to misunderstand on several levels. It probably oversells Wyden’s role in bringing pressure on the programs and treats Matt Olsen’s claims about his own role uncritically (that may arise out of Lizza’s incomplete understanding of where the dragnet has gone). Nevertheless, it is well worth a read.

I think it most valuable for the depiction of Obama’s role in the dragnet and its description of the ties between the war on terror and perceptions about the dragnet. Take this account of Obama’s decision not to embrace transparency during the PATRIOT Act Reauthorization in 2009-10. Lizza describes Wyden pressuring Obama to make information on the dragnets available to Congress and the public (we know HJC members Jerry Nadler, John Conyers, and Bobby Scott were lobbying as well, and I’ve heard that Silvestre Reyes favored disclosure far more than anyone else in a Ranking Intelligence Committee position).

But then the UndieBomb attack happened.

The debate ended on Christmas Day, 2009, when Umar Farouk Abdulmutallab, a twenty-three-year-old Nigerian man, on a flight from Amsterdam to Detroit, tried to detonate a bomb hidden in his underwear as the plane landed. Although he burned the wall of the airplane’s cabin—and his genitals—he failed to set off the device, a nonmetallic bomb made by Yemeni terrorists. Many intelligence officials said that the underwear bomber was a turning point for Obama.

“The White House people felt it in their gut with a visceralness that they did not before,” Michael Leiter, who was then the director of the National Counterterrorism Center, said. The center was sharply criticized for not detecting the attack. “It’s not that they thought terrorism was over and it was done with,” Leiter said, “but until you experience your first concrete attack on the homeland, not to mention one that becomes a huge political firestorm—that changes your outlook really quickly.” He added, “It encouraged them to be more aggressive with strikes”—drone attacks in Yemen and Pakistan—“and even stronger supporters of maintaining things like the Patriot Act.”

Obama also became more determined to keep the programs secret. On January 5, 2010, Holder informed Wyden that the Administration wouldn’t reveal to the public details about the N.S.A.’s programs. He wrote, “The Intelligence Community has determined that information that would confirm or suggest that the United States engages in bulk records collection under Section 215, including that the Foreign Intelligence Surveillance Court (fisc) permits the collection of ‘large amounts of information’ that includes ‘significant amounts of information about U.S. Persons,’ must remain classified.” Wyden, in his reply to Holder a few weeks later, expressed his disappointment with the letter: “It did not mention the need to weigh national security interests against the public’s right to know, or acknowledge the privacy impact of relying on legal authorities that are being interpreted much more broadly than most Americans realize.” He said that “senior policymakers are generally deferring to intelligence officials on the handling of this issue.”

Curiously, Lizza makes no mention of Nidal Hasan who, unlike Umar Farouk Abdulmutallab, actually succeeded in his attack, and like Abdulmutallab, had had communications with Anwar al-Awlaki intercepted by the NSA (and FBI) leading up to the attack. Weeks before the UndieBomb attack, Pete Hoekstra had already started criticizing the Obama Administration for not responding to Hasan’s emails to Awlaki, and Hasan’s attack led to more tracking of Awlaki (and, I suspect, Samir Khan’s) online interlocutors. I also suspect that, because of certain technical issues, the Hasan experience led to increased support for suspicionless back door searches.

But whether or not the UndieBomber alone or in conjunction with the Hasan attack was the catalyst, I absolutely agree Obama got spooked.

The question is whether Obama took the correct lesson from the UndieBomb, in particular. While the Hasan attack definitely led to real lessons about how to better use content collection (FISA and PRISM), the UndieBomb case should have elicited conclusions about having too much data to find the important messages, such as Abdulmutallab’s text to Awlaki proposing Jihad. (Note that Hoekstra’s blabbing about the Awlaki taps may have led AQAP to encrypt more of their data — as Awlaki was alleged to have done with Rajib Karim — which would have led to legitimate concerns about publicizing NSA techniques.) With the UndieBomb, NSA purportedly had advance warning of the attack that didn’t get read until after the attempt. Why not? And why wasn’t that Obama’s main takeaway?

And the National Security people still seem to be taking the wrong lessons. Here’s Matt Olsen and DiFi’s version of the National Security crowd’s latest fearmongering, that we need dragnets even more so now because the terrorist group has dispersed.

As core members of Al Qaeda were killed, the danger shifted to terrorists who were less organized and more difficult to detect, making the use of the N.S.A.’s powerful surveillance tools even more seductive. “That’s why the N.S.A. tools remain crucial,” Olsen told me. “Because the threat is evolving and becoming more diverse.”

Feinstein said, “It is very difficult to permeate the vast number of terrorist groups that now loosely associate themselves with Al Qaeda or Al Nusra or any other group. It is very difficult, because of language and culture and dialect, to really use human intelligence. This really leaves us with electronic intelligence.”

Olsen says the problem is, in part, that Al Qaeda is “less organized.” DiFi says one problem we have “permeating” terrorist groups is language and culture and dialect and her solution to that is to use “electronic intelligence.” While electronic intelligence — and specifically metadata — provides a way to compensate for linguistic failures (the NSA uses structure to identify which are the important conversations), in terrorist attack after terrorist attack (as well as CW attack) we turn out not to have been watching the right content feeds. And if we don’t have the linguistic skills, we’re likely not going to understand the messages correctly in any case.

And these are less organized groups! Are they really any more effective than crime gangs at this point, and crime gangs in countries far away with little means to access the US?

But rather than saving money on the dragnet and working instead on shoring up our cultural and linguistic failures, this failure is instead seen as another excuse to sustain the dragnet.

It’s clear that terror — whether NSA has failed or not — serves as a evergreen excuse for the dragnet. The real question is whether it should.