Posts

FISA Amendments Act: “Targeting” and “Querying” and “Searching” Are Different Things

Steven Aftergood suggests there’s disagreement among Senate Intelligence Committee members about whether or not the FISA Amendments Act allows the government to get US person content without a warrant.

The dispute was presented but not resolved in a new Senate Intelligence Committee report on the Foreign Intelligence Surveillance Act Amendments Act (FAA) Sunsets Extension Act, which would renew the provisions of the FISA Amendments Act through June 2017.

“We have concluded… that section 702 [of the Act] currently contains a loophole that could be used to circumvent traditional warrant protections and search for the communications of a potentially large number of American citizens,” wrote Senators Ron Wyden and Mark Udall.

But Senator Dianne Feinstein, the Committee chair, denied the existence of a loophole.  Based on the assurances of the Department of Justice and the Intelligence Community, she said that the Section 702 provisions “do not provide a means to circumvent the general requirement to obtain a court order before targeting a U.S. person under FISA.”

I don’t think there is a conflict. Rather, I think DiFi simply responded to Wyden and Udall’s assertions with the same spin the government has used for some time. That’s because DiFi is talking about “targeting” and Wyden and Udall are talking about “searching” US person communications.

DiFi quotes much of the language from Section 702 earlier in her statement on FAA, repeating, repeating the word “target” three times.

In enacting this amendment to FISA, Congress ensured there would be important protections and oversight measures to safeguard the privacy and civil liberties of U.S. persons, including specific prohibitions against using Section 702 authority to: “intentionally target any person known at the time of acquisition to be located in the United States;” “intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States;” “intentionally target a United States person reasonably believed to be located outside the United States;” or “intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States.” As an additional measure the law also requires that an acquisition under Section 702 “shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.” [my emphasis]

Her specific retort to the problem Wyden and Udall differentiates clearly between “querying information collected under Section 702 to find communications of a particular United States person” and “conduct[ing] queries to analyze data already in its possession” and “targeting.”

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. Read more

Did Thomas Drake Include Privacy Concerns in His Complaints to DOD’s Inspector General?

I’ve been reviewing the docket on Thomas Drake’s case to see whether it touches on the privacy concerns Drake had about NSA’s post-9/11 activities.

It appears it doesn’t, even while there was an ongoing dispute about whether or not Drake will have access to the materials he submitted to the DOD Inspector General in support of claims that the ThinThread program operated more effectively than the Trailblazer program that Michael Hayden chose to enrich SAIC with instead (the Judge ruled that material would be admissible, but not a formal whistleblower defense, which Drake wasn’t trying to do anyway).

There are a couple of reasons why the silence, in the legal filings, about privacy concerns is interesting (aside from the fact that it’s a focus of Jane Mayer’s article.

First, because the two-sentence summary of the conclusion of the DOD IG Report on Trailblazer and ThinThread that the defense provides in a filing doesn’t address privacy.

In 2004, after more than a year of fact-finding, the Inspector General issued its initial audit findings. In a report entitled, “Requirements for the Trailblazer and Thinthread Systems,” the auditors concluded that “the National Security Agency is inefficiently using resources to develop a digital network exploitation system that is not capable of fully exploiting the digital network intelligence available to analysts from the Global Information Network . . . (T)he NSA transformation effort may be developing a less capable long-term digital network exploitation solution that will take longer and cost significantly more to develop.” The NSA continued to support the “less capable” program and its successor.

Which suggests the IG Report may not have addressed the claim that, in addition to being less efficient at “connecting the dots” than ThinThread, Trailblazer also offered none of the privacy protections ThinThread had.

That’s important because the government argued that Drake couldn’t claim to be a whistleblower because, by 2007, the issues at hand were resolved. They’re arguing both that any whistleblower claims would be mooted because Turbulence, Trailblazer’s successor, integrated “significant portions” of ThinThread, and that the debate was “over” by 2007, when Drake was (according to the indictment) serving as a source for Baltimore Sun reporter Siobhan Gorman.

In or about December 2004, the DOD IG completed its audit of [Trailblazer], including the allegations raised in the complaint letter. The NSA responded in August 2004 and February 2005, stating that based on the judgments of NSA’s experienced technical experts, the allegations were unfounded. Nonetheless, NSA agreed to incorporate significant portions of [ThinThread] into [Trailblazer] as a result of the DOD IG recommendations, thus largely mooting the issues raised in the complaint. In addition, starting in late 2005 and early 2006, the NSA transitioned away from [Trailblazer] to [Turbulence], another corporate architecture solution for Signals Intelligence collection.

[snip]

Just as importantly, by 2007, the timeframe of the charges in this case, there was no imminent harm faced by the defendant, because [Trailblazer] had incorporated elements of [ThinThread], and also because NSA had transitioned away from [Trailblazer] to [Turbulence].

[snip]

The defendant’s actions had no impact in the debate regarding the efficacy of [Trailblazer and ThinThread], because NSA had begun transitioning to [Turbulence] by 2006. Put simply, the debate was over.

There’s a lot going on in this passage. Obviously, the government is trying to claim that since Drake was allegedly collecting information for Gorman in 2007, he couldn’t claim he was whistleblowing.

Mind you he was not claiming he was whistleblowing, in the legal sense. He was only trying to get the IG materials to prove that’s why he collected three of the documents he’s accused of willingly keeping; basically, he’s arguing that if he overlooked three documents out of 5 boxes worth originally collected for the IG–and did not retain the really classified materials–that he basically just overlooked the three documents, rather than willfully retained them.

And the government is playing funny with dates. After all, they say Drake served as a source for Gorman from February 27, 2006, to November 28, 2007. The key story about ThinThread Drake served as a source for was dated May 18, 2006. And one of the charges accuses Drake of obstruction for shredding other documents. So not only is the 2007 date bogus because it igonores debates ongoing in 2006, but the government suggests that either Drake would be guilty for illegally retaining information, or obstructing an investigation. Moreover, Drake maintains he inadvertently included the three IG-related documents in the several boxes of unclassified materials, so the fact the debate was over is pointless.

Moreover, the successor to Trailblazer, Turbulence, was suffering from the same management problems Trailblazer had, as the defense notes just after citing the IG Report. The government wants to pretend the shift from Trailblazer to Turbulence ended the complaints about management problems, but it didn’t.

But then there’s the way the government portrays the IG complaint: efficacy. As I laid out the other day, there are four ways, Gorman’s sources claim, that ThinThread was better than Trailblazer:

The program the NSA rejected, called ThinThread, was developed to handle greater volumes of information, partly in expectation of threats surrounding the millennium celebrations. Sources say it bundled together four cutting-edge surveillance tools. ThinThread would have:

* Used more sophisticated methods of sorting through massive phone and e-mail data to identify suspect communications.

* Identified U.S. phone numbers and other communications data and encrypted them to ensure caller privacy.

* Employed an automated auditing system to monitor how analysts handled the information, in order to prevent misuse and improve efficiency.

* Analyzed the data to identify relationships between callers and chronicle their contacts. Only when evidence of a potential threat had been developed would analysts be able to request decryption of the records.

In other words, privacy was just one of three ways ThinThread was better than Trailblazer, according to Gorman’s sources.

But that’s not the aspect the government seems to address. That is, the government seems to be saying that, because Turbulence adopted some of the approaches of ThinThread that made it more efficient at analysis, Drake can’t complain. The suggestion is (though we can’t know because of the secrecy) privacy is not, like efficacy, an adequate reason to blow the whistle. Neither privacy, nor the Constitution.

And that’s interesting for two more reasons. First, because the government references a notebook of documents Drake provided that had nothing to do with the IG Report.

There was, for example, a notebook of documents provided by the defendant, many of which had nothing to do with the IG’s audit, but this notebook was destroyed before the case began, and after the IG completed its audit.

Is it playing games with the scope of the audit? That is, did Drake provide materials on privacy, which the IG didn’t include within the scope of its report? If so, the IG’s destruction of the notebook, in violation of DOD’s document retention policy, is all the more interesting.

Then, finally, the debates about privacy continued into 2007 and 2008. In August 2007, specifically, Mike McConnell nixed a Democratic version of the Protect America Act because it required the government to tell FISA judges what the plan for minimizing US person data is and allowed the judges to review for compliance. Debates on how to fix PAA continued throughout the fall and into the following year, with Russ Feingold and Sheldon Whitehouse both trying to make real improvements on the minimization requirements.

The government seems to want to say that Drake’s privacy concerns aren’t a valid whistleblowing concern. Because, I guess, government officials aren’t allowed to whistleblow about citizens’ rights.

The Government Sez: We Don’t Have a Database of All Your Communication

I’m going to try to do a series of posts on the FISA Appeals Court ruling before football starts tomorrow. In this post, I just want to point to a passage that deserves more scrutiny:

The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26)

To translate, if the government collects information from a US citizen (here or abroad), a legal permanent US resident, a predominantly US organization, or a US corporation in the course of collecting information on someone it is specifically targeting, it it claims it does not keep that in a database (I’ll come back and parse this in a second). In other words, if the government has a tap on your local falafel joint because suspected terrorists live off their falafels, and you happen to call in a take out order, it does not that have in a database.

There are reasons to doubt this claim. First of all, because we know of huge new data storage facilities, and they’ve got to be filling those facilities with something. Of course, they might just store US person communications on servers, but not in a formal database, and thereby be able to claim they’ve not got your falafel order in a database proper.

But we also know that when Russ Feingold proposed several measures to protect this kind of incidental data during last year’s FISA debate, Mike McConnell and Michael Mukasey started issuing veto threats. For example, when Feingold proposed adding this amendment to the new FISA changes,

At such time as the Government can reasonably determine that a communication acquired under this title (including a communication acquired under subsection (a)(2)) is to or from a person reasonably believed to be located in the United States, such communication shall be segregated or specifically designated and no person shall access such a communication, except in accordance with title I or this section.

Mukasey and McConnell threw out a bunch of vague alarmist objections.

The Mukasey-McConnell attack on segregation is most telling. They complain that the amendment makes a distinction between different kinds of foreign intelligence Read more

The DNI Is Well-Meaning. Really. Except with Those He Claims Want No IC.

The LAT has an article on the acrimony between Mike McConnell and Democrats over FISA. In it, McConnell’s backers insist in his good faith in his negotiations with Democrats.

A spokesman for McConnell said that the director’s dealings with Congress were "always in good faith."

"He values the relationship with Congress," said the spokesman, Michael Birmingham. "He works at it, and he invites and welcomes the oversight they provide."

[snip]

"I think the fact that it was open and argumentative at times was very positive," said Rep. C.A. Dutch Ruppersberger (D-Md.). "I think he improved his relations [with the committee] just by communicating."

[snip]

"I feel he’s an honorable person," Ruppersberger said. "Some of my peers feel he’s compromised. I would say that on the majority side, we were not happy with some of the positions he took."

But the article also lists the many attacks McConnell has made against Democrats. Apparently, in a secret meeting leading up to the House vote, Democrats aired those complaints. And McConnell responded by attacking HPSCI members for being insufficient cheerleaders for the Intelligence Community (I really do hope he attacked both parties equally, since Crazy Pete Hoekstra is one of the loudest critics of the Intelligence Community).

Democrats accused McConnell of making exaggerated claims and of doing the bidding of the Bush administration, according to officials who attended the event. McConnell bristled at the Democrats’ charges, and chastised members of the committee for failing to defend the intelligence community amid a barrage of bad press. [my emphasis]

Incidentally, can someone point out where in the Constitution it requires Congress to defend Executive Branch incompetence in the press? That McConnell would even make such a complaint reveals his rather stunted understanding of the role of Congress.

Given McConnell’s apparent attempt to make nice with Congress, though, I’m utterly mystified by the comments he made in a speech at his alma mater, Furman University in South Carolina, last Friday, about the negotiations with the Senate.

We had a bill go into the Senate. It was debated vigorously. There were some who said we shouldn’t have an Intelligence Community. Some have that point of view. Some say the President of the United States violated the process, spied on Americans, should be impeached and should go to jail. I mean, this is democracy, you can say anything you want to say. That was the argument made.

Read more

Feingold Slaps Down Bond’s, Mukasey’s, and McConnell’s “Tired Accusations”

Senator Feingold noticed the same thing I noticed today: Republican opponents of his amendments are mischaracterizing his amendments.

[Bond] referred to our concerns that somehow the rights and privacy could be affected by this bill as "tired accusations." I object to that characterization. I think that this is clearly the kind of thing we should be worried about and debating, but I’ll tell you what is a "tired accusation"–the notion that somehow our amendment would affect the ability of the government to listen in on Osama bin Laden–that is a tired and false accusation. The Senator from Missouri said that if Osama bin Laden or his number three man–whoever that is today, after the last number three man in al Qaeda was just wiped out–calls somebody in the United States, we can’t listen in on that communication unless we have an independent means of verifying that it has some impact on threats to our security from a terrorist threat. That’s what he claims. That’s what he claims, that we wouldn’t be able to listen in on that kind of conversation. That is absolutely false.

Read more

McConnell and Mukasey Tell Half Truths

One benefit of the process the Senate is using to develop a FISA bill is that, by rejecting the SJC bill then considering amendment after amendment that had been part of the SJC bill, we begin to learn what the government really plans to do with its wiretapping program, as distinct from what it has said it was doing (see Ryan Singel making the same point).

Recall that the administration has claimed, repeatedly, that its only goal with amending FISA is to make sure it can continue to wiretap overseas, even if that communication passed through the US. We always knew that claim was a lie, but the letter from McConnell and Mukasey finally makes that clear. Even still, they’re rebutting Feingold’s amendments–which they say “undermine significantly the core authorities” of the bill–with a bunch of misrepresentations about them, to avoid telling two basic truths (which Whitehouse and Feingold have said repeatedly, but which the Administration refuses to admit).

  • They’re spying on Americans and refuse to stop
  • They intend to keep spying on Americans even if the FISA Court tells them they’re doing so improperly

As I explained, the letter includes a list of amendments that, if they were passed, would spark a veto. Those include three Feingold amendments:

  • 3979: segregating information collected on US persons
  • 3913: prohibiting reverse targeting
  • 3915: prohibiting the use of information collected improperly

All three of these amendments share one overall purpose–they limit the way the government uses this “foreign surveillance” to spy on Americans.

The Mukasey-McConnell attack on segregation is most telling. They complain that the amendment makes a distinction between different kinds of foreign intelligence (one exception to the segregation requirement in the amendment is for “concerns international terrorist activities directed against the United States, or activities in preparation therefor”), even while they claim it would “diminish our ability swiftly to monitor a communication from a foreign terrorist overseas to a person in the United States.” In other words, the complain that one of the only exceptions is for communications relating terrorism, but then say this will prevent them from getting communications pertaining to terrorism.

Then it launches into a tirade that lacks any specifics:

It would have a devastating impact on foreign intelligence surveillance operations; it is unsound as a matter of policy; its provisions would be inordinately difficult to implement; and thus it is unacceptable.

Read more