Posts

Trump Refuses to Keep This Country Safe from Terrorism

I thought a lot about two things over the weekend.

I thought about the line that disqualifies an otherwise excellent book on left wing terrorism in the 1970s, Days of Rage: “With the possible exception of the Ku Klux Klan,” author Bryan Burrough claimed close to the beginning of the book, “the United States until 1970 had never spawned any kind of true underground movement committed to terrorist acts.” The book, which spends a lot of time talking about left wing political violence in significant part stemmed out of a concern for the rights of African Americans, utterly dismissed (perhaps because it was so widely accepted it could barely be called “underground”?) America’s most persistent terrorist movement as such. The line has haunted me ever since as an example of the kind of blindness even experts have about the centrality of right wing terrorism in American history.

I thought, too, about Charlie Savage’s description in Power Wars of how Scott Brown’s team claimed that his polling showed he won the 2010 special election to replace Ted Kennedy chiefly because of perceptions of how Obama responded to Umar Farouk Abdulmutallab’s failed Christmas Eve bombing, because Brown attacked Obama for wanting to give terrorists due process. Once Republicans learned that, they doubled down, encouraging voters to become more afraid.

In a question-and-answer period following his prepared remarks, [Mitch] McConnell candidly acknowledged the political advantage of hammering away at the issue, citing Brown’s victory.

“If this approach of putting these people in U.S. courts doesn’t play in Massachusetts, I don’t know where it sells,” McConnell said, adding: “You can campaign on these issues anywhere in America.”

As Savage describes, that was when Obama started caving on his efforts to adopt a more reasonable approach to terrorism, first reversing Eric Holder’s decision to try the 9/11 defendants in NYC, then launching an 18-month campaign to drone kill Anwar al-Awlaki, and ultimately failing to close Gitmo or hold torturers to account.

Now, as Savage tells it, all that arose solely out of the Abdulmutallab case. He barely covered an event that preceded it, one where Republicans very much set up the Brown lines: when Pete Hoekstra leaked information obtained via FISA collection showing that Nidal Hasan had had communications with Awlaki before his attack on Fort Hood, using it to suggest the Obama Administration should have prevented the Fort Hood attack by adequately analyzing collected communications. Republican efforts to exact a cost from Obama for a more reasonable approach to terrorism (which included demanding that Obama call Hasan’s attack on a military target, terrorism) actually preceded the Abdulmutallab attack, and it was far more deliberate than made out.

The point is, though, that it had the short term desired effect of breaking the Democratic super majority in the Senate and the longer term effect of making Obama reactive on terrorism, rather than proactive (even through the time, in 2013, when Massachusetts was successfully attacked at the Boston Marathon and polls showed people actually didn’t want any more limits on civil liberties). Republicans deliberately and successfully forced a president who wanted to be something other than a War on Terror President to instead be just that.

And now, 8 years after Mitch McConnell gleefully said Republicans should run on hard nose accountability for terrorist attacks everywhere, Republicans are whining that Democrats are treating Trump’s actions in advance of and in the wake of serial right wing terrorist attacks last week as a political issue.

In the wake of last week’s terrorist attacks, we have returned to a discussion we always have after such things, why we call Islamic terrorism terror, but call the targeting of black churches and Jewish synagogues hate crimes and the attempted assassination of Democratic figures bomb attacks. Popehat wrote a worthy lawsplainer, from the viewpoint of a former prosecutor, why domestic terrorists don’t get (immediately) labeled as terrorist attacks. 9/11 Commission staffer Daniel Byman acknowledged that while we don’t have the same legal structure for pursuing domestic terrorist as we do terrorism with a foreign nexus, for the Pittsburgh case, at least, we should probably use the T-word.

I’ve talked about why it is important to call domestic terrorism terrorism here: First, because not doing so results in an equal protection problem, where Muslims are more likely to be targeted in a sting because the FBI has greater access to the communications of still-innocent people with suspect people overseas. And, because calling something terrorism conceives of the possibility of a supporting network, and investigating that network might prevent deaths, such as those perpetrated by the networks of Eric Rudolph or Kevin Harpham.

But the government may not call these acts terrorism. That’s true, in part, because DOJ has invented a separate category to criminalize (impose the death penalty on) hateful motives with hate crimes designation. In addition, Jeff Sessions’ DOJ has adopted a deliberate policy of record-keeping to try to claim that the greatest threats come from outside the country, which is paralleled by their thus far unsuccessful attempt to brand the (US-born) MS-13 gang both as a threat sourced from Central American and as a threat to rival ISIS.

Trump’s effort to brand a group of refugees 1,000 miles from the border as a more urgent threat to the country than corruption or climate change or domestic gun violence — an effort which likely had a tie to both Cesar Sayoc’s terrorist attempt and Robert Bowers’ mass killing — is more of the same, an effort to claim that the most critical threats are foreign and anything he deems a threat is therefore un-American, also foreign.

Ultimately, the reason why the government won’t call last week’s attacks terrorism, however, is precisely the reason they should. Call them terror attacks, and the networks of support and enablers get investigated rather than just isolated men treated as lone wolves. Call them terror attacks, and we start to ask what responsibility Lou Dobbs or Steve King or Chris Farrell (or the people who vote for and fund them) — or Donald Trump — have for the attacks, in the same way we held Anwar al-Awlaki responsible for his role in the terrorist attacks that Scott Brown exploited to get elected.

Byman describes correctly how contentious this can be, because those espousing the same policies as terrorists don’t want to be associated with those terrorist acts.

[D]omestic terrorism often has a bigger political impact than jihadi violence. A foreign-based attack brings America together in the face of tragedy. But right-wing (and left-wing) violence is more likely to divide the country. Just this week, for example, 56-year-old Cesar Sayoc reportedly sent explosive packages to CNN, Democratic politicians, and others seen as “enemies” of Trump. Some right-wing voices immediately embraced conspiracy theories rather than recognizing his activities for what it was. Domestic terrorists poke at bigger political wounds than do jihadis, with at least some Americans sympathizing with their cause even as they reject their violent means.

In turn, observers often avoid the word “terrorism” because peaceful proponents of right-wing and left-wing causes don’t want to be lumped together, even by weak association, with terrorists. We can and should recognize that most political groups of all stripes abhor violence. Doing so—while also acknowledging that the groups and individuals who don’t belong in a separate category—will better enable the United States to isolate extremists and cut them off before the next tragedy.

Which is why this post bears the headline, “Trump refuses to keep this country safe from terrorism” rather than Trump fosters terrorism, even if I believe the latter to be the case.

Because until the time those willing to coddle Trump’s racism in the name of tribal loyalty are defeated politically, they will want to pitch questions about what to label Cesar Sayoc and Robert Bowers’ actions as an attack on themselves.

Instead, let’s make it an attack on Donald Trump’s basic competence as President, one the Republicans themselves, from top to bottom, have embraced.

It is the Republican party of Karl Rove and Mitch McConnell and Scott Brown and (Trump Ambassador to the Netherlands) Pete Hoekstra that says a President who won’t keep the country safe from terrorism must be defeated politically. Me, I’d rather deal with all this domestic terrorism by first closely tracking those accused of domestic violence (which would have the effect of preventing non-ideological mass killings along with the ideological mass killings and attempts) and by noting that under George W Bush and Obama, the FBI was actually pretty good at discovering right wing terrorism without the tools they have against Islamic terrorism. I’d rather Democrats run on the fear of losing health insurance or the impact of climate change or gun violence generally.

But not Republicans. Republicans believe that a President who refuses to take a very aggressive approach to terrorism should not be President. So for those Republicans, let’s make this an issue not of the ways Trump’s network fostered actions like we saw last week, but how Trump’s Administration has chosen not to combat terrorism.

The Webster Report Recommendations and FBI’s Federated Back Door Searches

Back in 2013, in the context of a discussion of back door searches, I noted William Webster’s reference, in his report on the Nidal Hasan investigation, to using FISA communications with key targets as tripwires for further investigation, The following spring, in response to Bob Litt’s proclamation that it would be “impracticable” to require the government to count back door searches, I returned to Webster’s recommendations on fixing FBI’s archaic database access to make it easier to match communications from the same user (starting at 140). I suggested that back door searches — particularly their expansion in 2011 — might be a response to his recommendations.

To be fair, I suspect one of the issues is that after the Nidal Hasan attack (and this is just a very well educated guess), NSA rolled out a system whereby new communications between a targeted foreigner and an American automatically pulls up all previous communications involving that US person. That would count as a search, even though it would effectively feel like an automatic cross-referencing of all prior communications involving someone talking to a target, even if that is a US person.

Nevertheless, this means that NSA is conducting so many back door searches on US person data that it would be “impracticable” to actually give those searches some kind of review.

Not long after this hearing, we learned FBI was the agency for which it was impracticable to count back door searches, not NSA.

In the FISA court hearing on October 20, 2015 over whether FBI should provide individual justifications for back door searches, one of the government’s [redacted] lawyers explained that the way federated searches integrate back door searches indeed did come directly from the Webster Report recommendations.

To use an example more recent and even more on point, the Webster Commission’s report on the Fort Hood attack criticized the government’s queries of information in its possession. The people doing the assessment of Nidal Hasan did not identify several messages between Anwar Aulaqi and Nidal Hasan, and the commission deemed it essential that the FBI possess the ability to search all of its repositories and to do so without balkanizing those data sources.

And so these systems that do these federated queries that allow us to, yes, to query the 702 information, but all of these sources are in direct response to those findings, and they’re in direct response to our efforts over the last 15 years to bring down this artificial wall between the law enforcement mission of the FBI and its national security intelligence mission.

Reading this transcript reminded me that, back in 2014, I imagined all this would be automatic — not so much a search, but an interlinked search that would automatically pull up existing content.

There’s reason to believe that model, and the back door access at CIA and NSA to content (which was approved in 2011), was designed to work similarly.

One of the documents recently liberated by ACLU makes it clear that NSA’s metadata back door searches of 702 content are, in some way, automated, such that counts of such queries are counted using algorithms and business rules.

NSA will rely on an algorithm and/or a business rule to identify queries of communications metadata derived from the FAA 702 [redacted] and telephony collection that start with a United States person identifier. Neither method will identify those queries that start with a United States person identifier with 100 percent accuracy.

The I Con the Record report notes the back door content search number, which combined CIA and NSA, is also an estimate, which may suggest it is also counted algorithmically as well (though these are reviewed more closely in compliance reviews). In any case, CIA’s switch from counting each query using a US person identifier to counting each US person identifier queried leads me to suspect it — and NSA — use more of a tasking model, where certain US person identifiers automatically trigger for the period they’re tasked; at the NSA, at least, the duration of approval to do back door searches is either tied to the underlying probable cause FISA order or to a deadline set by the approving authority.

Finally, a Snowden document dating to March 2012 (when NSA was still setting up back door searches) shows that an NSA triage program would first walk users through methods to prioritize communications based off metadata, then have links to access the content directly.

At the time, the sole authority listed was EO 12333, but as noted, this is precisely when they were implementing back door searches on 702 content.

None of this is all that surprising (but hey! Yay me for understanding precisely where back door searches came from three years ago).

But it suggests as we talk about “back door searches,” what we’re really talking about — at least when looking at access programs like the one above — is automatic notice that back door content exists, where content is just a click away.

NSA Conducts So Many Back Door Searches on US Persons It Would Be Impracticable to Approve Those Queries

Update, 8/3/14: Given what we’ve subsequently learned about FBI’s substantial number of uncounted back door searches, Litt’s description of further controls as not practicable probably most directly relates to FBI, not NSA.

While there wasn’t as much as I’d like, the Privacy and Civil Liberties Oversight Board hearing today focused somewhat on the issue of back door searches: which are when NSA searches on US person data on “incidentally” collected data under Section 702 of FISA.

DOJ National Security Director Deputy AAG Brad Wiegmann even suggested we should call them queries, perhaps to obscure all the obvious problems with them as searches under the Fourth Amendment.

The most telling exchange, however, came when PCLOB Board Member Patricia Wald suggested that the FISA Court conduct the same kind of oversight over these backdoor searches that it is now doing pursuant to the changes in Section 215 President Obama made in January. (CSPAN won’t let me embed this yet but here’s a link.) ODNI General Counsel Robert Litt shot that idea down aggressively, stating that is is not practicable.

Patricia Wald: The President required, or, I think he required in his January directive that went to 215 that at least temporarily, the selectors in 215 for questioning the databank of US telephone calls–metadata–had to be approved by the FISA Court. Why wouldn’t a similar requirement for 702 be appropriate in the case where US person indicators are used to search the PRISM database? What big difference do you see there?

Robert Litt: Well, I think from a theoretical perspective it’s the difference between a bulk collection and a targeted collection which is that–

Wald: But I would think that, sorry for interrupting, [cross-chatter]  I would think that message since 702 has actually got the content.

Litt: Well, and the second point that I was going to make is that I think the operational burden in the context of 702 would far greater than in the context of 215.

Wald: But that would–

Litt: If you recall, the number of actual telephone numbers as to which a  RAS–reasonable articulaable suspcion determination was made under Section 215 was very small. The number of times that we query the 702 database for information is considerably larger. I suspect that the Foreign Intelligence Surveillance Court would be extremely unhappy if they were required to approve every such query.

Wald: I suppose the ultimate question for us is whether or not the inconvenience to the agencies or even the unhappiness of the FISA Court would be the ultimate criteria.

Litt: Well I think it’s more than a question of convenience, I think it’s also a question of practicability.

NSA General Counsel Raj De, who has spent the better part of the last 9 months saying “it’s only metadata” went on to argue that somehow this “targeted” content program (which of course requires no advance review of selectors) is less intrusive than the metadata collection under Section 215.

Make up your damn mind!

To be fair, I suspect one of the issues is that after the Nidal Hasan attack (and this is just a very well educated guess), NSA rolled out a system whereby new communications between a targeted foreigner and an American automatically pulls up all previous communications involving that US person. That would count as a search, even though it would effectively feel like an automatic cross-referencing of all prior communications involving someone talking to a target, even if that is a US person.

Nevertheless, this means that NSA is conducting so many back door searches on US person data that it would be “impracticable” to actually give those searches some kind of review.

No wonder NSA refuses to give numbers on this practice to Ron Wyden.

2 Agents 3 Hours a Day Weren’t REALLY Reading Anwar al-Awlaki’s Email

Former CIA Deputy Director John McLaughlin wants you to believe the NSA wasn’t really reading Anwar al-Awlaki’s communications content, on whose emails (including the web-based ones) the NSA had a full-time tap at least as early as March 16, 2008.

In my experience, NSA analysts err on the side of caution before touching any data having to do with U.S. citizens. In 2010, at the request of then-Director of National Intelligence Dennis Blair, I chaired a panel investigating the intelligence community’s failure to be aware of Umar Farouk Abdulmutallab, the “underwear bomber” who tried to blow up a commercial plane over Detroit on Dec. 25, 2009.

The overall report remains classified, but I can say that the government lost vital time because of the extraordinary care the NSA and others took in handling any data involving a “U.S. person.” (Abdulmutallab, a Ni­ger­ian, was recruited and trained by the late Anwar al-Awlaki, a U.S. citizen based in Yemen.)

And maybe that’s the case.

Except it doesn’t seem to square with the report that two FBI Agents were spending 3 hours a day each reading Awlaki’s mail. It doesn’t seem to accord with the efforts those Agents made to chase down the Nidal Hasan lead — which, after all, infringed on the privacy of two American citizens, against one of whom probable cause had not been established. You’d think it would be far easier to chase down the Abdulmutallab messages, particularly given what has been portrayed as more clearly operational content, given that Abdulmutallab would have gotten no protection as a US person.

Sure, those Agents complained about the “crushing” volume of the communications content they had to review every day, but that was a factor of volume, not any restrictions on reading FISA target Anwar al-Awlaki’s email.

Don’t get me wrong. I’m thrilled someone has raised Abdulmutallab in the context of assessing NSA’s dragnet, which I’ve been calling for since October.

UndieBomb 1.0 was the guy who was allegedly plotting out Jihad with Anwar al-Awlaki — whose communications the FBI had two guys reading – over things like chats and calls. That is, Umar Farouk Abdulmutallab was a guy whose plot the NSA and FBI should have thwarted before he got on a plane. (To say nothing of the CIA and NCTC’s fuck-ups.)

And yet, he got on that plane. His own incompetence and the quick work of passengers prevented that explosion, while a number of needles went unnoticed in the NSA’s most closely watched haystacks.

Nevertheless, the lesson DiFi takes is that we need more haystacks.

Shouldn’t the lessons of UndieBomb 1.0 be just as important to this debate as the partial, distorted, lessons of 9/11?

(I’ve also been wondering why Faisal Shahzad, who was getting instructions, including hawala notice, from known targets of drone strikes in Pakistan, before his attack, wasn’t identified by phone and Internet dragnet analysis as a person of interest through those contacts, though that may legitimately be because of turmoil in both dragnet programs.)

But for McLaughlin’s claims to be true then the description of the treatment of the Awlaki wiretaps in the Webster report on the Nidal Hasan investigation wouldn’t seem to make sense.

By all means, let’s hear what really happened back between 2008 and 2010, when the NSA missed multiple contacts with top AQAP targets and TTP targets and as a result missed two of the three main international terrorist attacks on this country since 9/11. That should be part of the debate.

But let’s be very clear whether it was really limits on US person data, when we see FBI reading content of two US persons directly, or rather the sheer volume we’re collecting (as well as the crappy computer systems FBI had in place in 2009) that caused the dragnet to fail.

NSA Failures and Terror Successes Drive the Dragnet

Ryan Lizza has a long review of the dragnet programs. As far as the phone dragnet, it’s a great overview. It’s weaker on NSA’s content collection (in a piece focusing on Ron Wyden, it doesn’t mention back door searches) and far weaker on the Internet dragnet, the technical and legal issues surrounding which he seems to misunderstand on several levels. It probably oversells Wyden’s role in bringing pressure on the programs and treats Matt Olsen’s claims about his own role uncritically (that may arise out of Lizza’s incomplete understanding of where the dragnet has gone). Nevertheless, it is well worth a read.

I think it most valuable for the depiction of Obama’s role in the dragnet and its description of the ties between the war on terror and perceptions about the dragnet. Take this account of Obama’s decision not to embrace transparency during the PATRIOT Act Reauthorization in 2009-10. Lizza describes Wyden pressuring Obama to make information on the dragnets available to Congress and the public (we know HJC members Jerry Nadler, John Conyers, and Bobby Scott were lobbying as well, and I’ve heard that Silvestre Reyes favored disclosure far more than anyone else in a Ranking Intelligence Committee position).

But then the UndieBomb attack happened.

The debate ended on Christmas Day, 2009, when Umar Farouk Abdulmutallab, a twenty-three-year-old Nigerian man, on a flight from Amsterdam to Detroit, tried to detonate a bomb hidden in his underwear as the plane landed. Although he burned the wall of the airplane’s cabin—and his genitals—he failed to set off the device, a nonmetallic bomb made by Yemeni terrorists. Many intelligence officials said that the underwear bomber was a turning point for Obama.

“The White House people felt it in their gut with a visceralness that they did not before,” Michael Leiter, who was then the director of the National Counterterrorism Center, said. The center was sharply criticized for not detecting the attack. “It’s not that they thought terrorism was over and it was done with,” Leiter said, “but until you experience your first concrete attack on the homeland, not to mention one that becomes a huge political firestorm—that changes your outlook really quickly.” He added, “It encouraged them to be more aggressive with strikes”—drone attacks in Yemen and Pakistan—“and even stronger supporters of maintaining things like the Patriot Act.”

Obama also became more determined to keep the programs secret. On January 5, 2010, Holder informed Wyden that the Administration wouldn’t reveal to the public details about the N.S.A.’s programs. He wrote, “The Intelligence Community has determined that information that would confirm or suggest that the United States engages in bulk records collection under Section 215, including that the Foreign Intelligence Surveillance Court (fisc) permits the collection of ‘large amounts of information’ that includes ‘significant amounts of information about U.S. Persons,’ must remain classified.” Wyden, in his reply to Holder a few weeks later, expressed his disappointment with the letter: “It did not mention the need to weigh national security interests against the public’s right to know, or acknowledge the privacy impact of relying on legal authorities that are being interpreted much more broadly than most Americans realize.” He said that “senior policymakers are generally deferring to intelligence officials on the handling of this issue.”

Curiously, Lizza makes no mention of Nidal Hasan who, unlike Umar Farouk Abdulmutallab, actually succeeded in his attack, and like Abdulmutallab, had had communications with Anwar al-Awlaki intercepted by the NSA (and FBI) leading up to the attack. Weeks before the UndieBomb attack, Pete Hoekstra had already started criticizing the Obama Administration for not responding to Hasan’s emails to Awlaki, and Hasan’s attack led to more tracking of Awlaki (and, I suspect, Samir Khan’s) online interlocutors. I also suspect that, because of certain technical issues, the Hasan experience led to increased support for suspicionless back door searches.

But whether or not the UndieBomber alone or in conjunction with the Hasan attack was the catalyst, I absolutely agree Obama got spooked.

The question is whether Obama took the correct lesson from the UndieBomb, in particular. While the Hasan attack definitely led to real lessons about how to better use content collection (FISA and PRISM), the UndieBomb case should have elicited conclusions about having too much data to find the important messages, such as Abdulmutallab’s text to Awlaki proposing Jihad. (Note that Hoekstra’s blabbing about the Awlaki taps may have led AQAP to encrypt more of their data — as Awlaki was alleged to have done with Rajib Karim — which would have led to legitimate concerns about publicizing NSA techniques.) With the UndieBomb, NSA purportedly had advance warning of the attack that didn’t get read until after the attempt. Why not? And why wasn’t that Obama’s main takeaway?

And the National Security people still seem to be taking the wrong lessons. Here’s Matt Olsen and DiFi’s version of the National Security crowd’s latest fearmongering, that we need dragnets even more so now because the terrorist group has dispersed.

As core members of Al Qaeda were killed, the danger shifted to terrorists who were less organized and more difficult to detect, making the use of the N.S.A.’s powerful surveillance tools even more seductive. “That’s why the N.S.A. tools remain crucial,” Olsen told me. “Because the threat is evolving and becoming more diverse.”

Feinstein said, “It is very difficult to permeate the vast number of terrorist groups that now loosely associate themselves with Al Qaeda or Al Nusra or any other group. It is very difficult, because of language and culture and dialect, to really use human intelligence. This really leaves us with electronic intelligence.”

Olsen says the problem is, in part, that Al Qaeda is “less organized.” DiFi says one problem we have “permeating” terrorist groups is language and culture and dialect and her solution to that is to use “electronic intelligence.” While electronic intelligence — and specifically metadata — provides a way to compensate for linguistic failures (the NSA uses structure to identify which are the important conversations), in terrorist attack after terrorist attack (as well as CW attack) we turn out not to have been watching the right content feeds. And if we don’t have the linguistic skills, we’re likely not going to understand the messages correctly in any case.

And these are less organized groups! Are they really any more effective than crime gangs at this point, and crime gangs in countries far away with little means to access the US?

But rather than saving money on the dragnet and working instead on shoring up our cultural and linguistic failures, this failure is instead seen as another excuse to sustain the dragnet.

It’s clear that terror — whether NSA has failed or not — serves as a evergreen excuse for the dragnet. The real question is whether it should.

Was Adel Daoud Targeted Off of a Back Door Search of Traditional FISA Collection?

Daoud Adel is a 20-year old US citizen from suburban Chicago who was charged last year in an FBI sting in which he allegedly tried to set off a car bomb outside a night club. Last year, during the debate on FISA Amendments Act reauthorization, Dianne Feinstein named his case directly, suggesting he had been busted using the legislation before the Senate. His legal team first demanded the FAA material she suggested existed back in May. And in September, they requested discovery for materials relating to FAA.

The government, however, strongly suggests none of the communications used to charge him were collected under FAA. It even suggests he misunderstands the meaning of DiFi’s comment.

Any discovery based on the FAA is unwarranted here because the FAA is simply not at issue in this case. As the Government explained in a previous filing, it “does not intend to use any such evidence obtained or derived from FAA-authorized surveillance in the course of this prosecution.” (DE 49, at 2).

[snip]

The defendant’s claim that the Government should disclose “the nature of the FAA surveillance in this case even, for instance[,] Defendant’s communications themselves were not intercepted” is perplexing. (DE 52, at 15 n.11). If Daoud’s communications were not intercepted, or his facilities not targeted, he would not be aggrieved and have no basis to challenge the collection. The Government sees no legal relevance to his broad discovery request.

Moreover, the defendant has also made multiple claims, in this motion and others, based on his interpretation of a single public remark. While the Government appreciates the defendant’s position in litigating FISA-related matters, it offers that the defendant may misunderstand this public remark, which is not a revelation that has any legal implication.

[snip]

As the Government has explained, this case singularly involves “traditional” FISA surveillance. [my emphasis]

Soapbox Orator’s comments in response to one of my posts on back door searches led me to examine the government’s response closely and I now suspect Daoud may have been identified using a back door search on traditional FISA collection.

Much of this debate centers on comments DiFi made on December 27, 2012, which seemed to suggest the 8 cases she named involved FAA.  But those comments were in response to comments Ron Wyden had just made. In that speech Wyden described (among other problems with FAA) back door searches.

The fact is, once the government has this pile of communications, which contains an unknown but potentially very large number of Americans’ phone calls and e-mails, there are surprisingly few rules about what can be done with it.

For example, there is nothing in the law that prevents government officials from going to that pile of communications and deliberately searching for the phone calls or e-mails of a specific American, even if they do not have any actual evidence that the American is involved in some kind of wrongdoing, some kind of nefarious activity.

Read more

William Webster Meets Edward Snowden, IRTPA, Roving Wiretaps, and the Phone Dragnet

For a post on back-door searches, I’m re-reading the William Webster report on whether the FBI could have anticipated Nidal Hasan’s attack. In the light of the Edward Snowden disclosure, I’m finding there are a number of passages that read very differently (so expect this to be a series of posts).

As you read this, remember two things about Webster’s report. First, FBI and NSA’s failure to find Umar Farouk Abdulmutallab in spite of texts he sent to Anwar al-Awlaki was probably prominent on the Webster team’s mind as they completed this (and surely factors significantly in the classified version of the SSCI report on the UndieBomb). So some of the comments in the Webster report probably don’t apply directly to the circumstances of Nidal Hasan, but to that (and Webster notes that some of the topics he addresses he does because they’re central to counterterrorism approaches). And the Webster report is perhaps the most masterful example of an unclassified document that hides highly classified background.

All that said, in a section immediately following Webster’s description of Section 215, Webster discusses how Roving Wiretaps, Section 6001 of IRTPA, and Section 215 were all reauthorized in 2011.

When FISA was passed in 1978, the likely targets of counterterrorism surveillance were agents of an organized terrorist group like the Red Brigades, the Irish Republican Army, or the Palestinian terrorist organizations of that era. Given the increasing fluidity in the membership and organization of international terrorists, the FBI may not be able to ascertain a foreign terrorist’s affiliation with an international organization. Section 6001 of the Intelligence Reform and Terrorist Prevention Act of 2004 (IRTPA) allows the government to conduct surveillance on a non-U.S. person who “engages in international terrorism or activities in preparation therefor” without demonstrating an affiliation to a particular international terrorist organization. Pub. L. 108-458, § 6001, 118 Stat. 3638, 3742 (2004).

Sections 206 and 215 of the PATRIOT Act and Section 6001 of IRTPA were scheduled to “sunset” on December 31, 2009. In May 2011, after an interim extension, Congress extended the provisions until June 1, 2015, without amendment. [my emphasis]

I find this interesting, first of all, because it doesn’t mention the Pen Register and Lone Wolf language that also got reauthorized in 2011 (suggesting he lumped these three together for a specific reason). And because it puts the language, “engages in international terrorism or activities in preparation therefor” together with roving wiretaps (“continuous electronic surveillance as a target moves from one device to another”), and Section 215, which we now know includes the phone dragnet.

As we’ve seen, DiFi’s Fake FISA Fix includes the language from IRTPA, on “preparation therefor,” which I thought was an expansion of potential targets but which I presume now is what they’ve been using all along. While I don’t recall either the White Paper nor Claire Eagan’s language using that language, I’m wondering whether some underlying opinion does.

Now consider how the roving wiretap goes with this. One reason — probably the biggest reason — they need all phone records in the US is so they can use it to find targets as they move from one burner cell phone to another. Indeed, one passage from DiFi’s Fake FISA Fix seems specifically designed to authorize this kind of search.

(C) to or from any selector reasonably linked to the selector used to perform the query, in accordance with the court approved minimization procedures required under subsection (g).

That language “reasonably linked” surely invokes the process of using algorithms to match calling patterns to calling patterns to find a target’s new phone. And note this is the only query that mentions minimization procedures, so the Court must have imposed certain rules about how you treat a new “burner” phone ID until such time as you’ve proven it actually is linked to the first one.

What’s interesting, though, is that the Webster report also lumps roving wiretaps in with this. What’s at issue in Nidal Hasan’s case was effectively roving electronic communication; he emailed Awlaki from several different email addresses and one of the problems FBI had was in pulling up Hasan’s communications under both identities (you can see how this relates to the back door loophole). But the inclusion of roving wiretaps here seems to suggest the possibility that a court has used the existing of roving wiretap approval for the use of the phone dragnet to find burner phones (which shouldn’t have been an issue in the Nidal Hasan case but probably was for Abdulmutallab).

One more comment? The notion that identifying an Al Qaeda target is any harder than identifying an IRA-affiliate is utter nonsense. If anything, US-based IRA affiliates were harder to identify because they were completely and utterly socially acceptable. But I guess such myths are important for people advocating more dragnet.

Any Bets FBI Was Already Searching US Person Data?

If you want to support our work reporting news the WaPo will report as news in two months, please donate!

In the department of news that got reported here two months ago, the WaPo is reporting on FISC’s approval to let the government search through incidentally collected information. Its news hook is that the 2011 move reversed an earlier 2008 ban that the government had asked for.

The court in 2008 imposed a wholesale ban on such searches at the government’s request, said Alex Joel, civil liberties protection officer at the Office of the Director of National Intelligence (ODNI). The government included this restriction “to remain consistent with NSA policies and procedures that NSA applied to other authorized collection activities,” he said.

But in 2011, to more rapidly and effectively identify relevant foreign intelligence communications, “we did ask the court” to lift the ban, ODNI general counsel Robert S. Litt said in an interview. “We wanted to be able to do it,” he said, referring to the searching of Americans’ communications without a warrant.

It may well be that the NSA was prohibited from searching on incidentally collected information, but not all parts of the government were. In his October 3, 2011 FISC opinion, John Bates pointed to some other minimization procedures allowing such searches to justify his approval for NSA to do so.

This relaxation of the querying rules does not alter the Court’s prior conclusion that NSA minimization procedures meet the statutory definition of minimization procedures. [2 lines redacted] contain an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information. See [redacted] In granting [redacted] applications for electronic surveillance or physical search since 2008, including applications targeting United States persons and persons in the United States, the Court has found that the [redacted] meet the definition of minimization procedures at 50 U.S.C. §§ 1801 (h) and 1821(4). It follows that the substantially similar querying provision found at Section 3(b)(5) of the amended NSA minimization procedures should not be problematic in a collection that is focused on non-United States persons located outside the United States and that, in the aggregate, is less likely to result in the acquisition of nonpublic information regarding non-consenting United States persons.

We already had reason to believe other agencies do this, because when the Senate Intelligence Committee discussed it, they described the intelligence community generally wanting such searches.

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession. [my emphasis]

Bates’ mention of targeting US persons strongly suggests FBI was the agency in question (though the CIA may as well). (If this practice weren’t already permitted, I would bet it got approved in the aftermath of the Nidal Hasan attack, which might explain why so many more Americans who had communicated with Anwar al-Awlaki or Samir Khan were caught in stings after that point.)

So did Ronald Litt and Alex Joel tell Ellen Nakashima this to hide a much more intrusive practice at FBI (which they also oversee)?

Spying on Americans: A “Team Sport” Since 2004

Screen shot 2013-07-11 at 6.25.06 PMOne of the more colorful revelations in today’s Guardian scoop is the newsletter piece that describes increased sharing of PRISM (Section 702) data with FBI and CIA.

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that “enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism”.

The document continues: “The FBI and CIA then can request a copy ofPrism collection of any selector…” As a result, the author notes: “these two activities underscore the point that Prism is a team sport!”

But that’s something that has actually been built into the program for years. While the Joint IG Report on the illegal wiretap program claimed,

NSA also was responsible for conducting the actual collection of information under the PSP and disseminating intelligence reports to other agencies such as the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), and the Office of the Director of National Intelligence (ODNI) National Counterterrorism Center (NCTC) for analysis and possible investigation.

The Draft NSA IG Report explained,

Coordination with FBI and CIA. By 2004, four FBI integrees and two CIA integrees, operating under SIGINT authorities in accordance with written agreements, were co-located with NSA PSP-cleared analysts. The purpose of co-locating these individuals was to improve collaborative analytic efforts.

And the minimization procedures released by the Guardian (which date to 2009), make it clear NSA can provided unminimized content to CIA and FBI on whatever selectors they request.

6(c)

(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures  adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

And none of that should be surprising, given the tasking slide — above — that was first published by the WaPo. FBI, at least, is solidly in the midst of this collection, for a program deemed to be foreign intelligence collection.

There have been a variety of claims about all this team sport participation. But I’m not convinced any of them explain how all this works.

And in perhaps related news, the Fifth Circuit today said that Nidal Hasan could not have access to the FISA material on him, in spite of the fact that William Webster published a 150 page report on it last year. Legally, that material should be utterly distinct from PRISM, since a wiretap on Anwar al-Awlaki would require a specific FISA warrant (and the latest Guardian scoop refers to expanded cooperation since 2012). But I suspect the reason Hasan, the FISA evidence against whom has already been extensively discussed, can’t see it is because we would see what this actually looks like from the FBI side.

DOJ has to protect its team, you know.

The FBI and CIA Unminimized Collections and the Holes in Article III Review of FISA Amendments Act

In my piece confirming that the NSA can search on US person data collected incidentally in Section 702 collection, I pointed to these two paragraphs from the minimization procedures.

6(c)

(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures  adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

It’s not clear what this entails.

But Dianne Feinstein once defended the FISA Amendments Act authorization to search on US person information by pointing to Nidal Hasan. Remember, his emails were picked up on a generalized collection of Anwar al-Awlaki’s communications, which should have been a traditional FISA warrant, but may have been conducted via the same software tools as FAA collection. In which case, the kind of access described in the Webster report would provide one idea of what this looks like from the FBI side. That process has almost certainly been streamlined, given that the god-awlful software the FBI used prevented it from pulling the entire stream of Hasan’s emails to Awlaki.

First, the FBI’s database of intercepts sucked. When the first Hasan intercepts came in, it allowed only keyword searches; tests the Webster team ran showed it would have taken some finesse even to return all the contacts between Hasan and Awlaki consistently. More importantly, it was not until February 2009 that the database provided some way to link related emails, so the Awlaki team in San Diego relied on spreadsheets, notes, or just their memory to link intercepts. (91) But even then, the database only linked formal emails; a number of Hasan’s “emails” to Awlaki were actually web contacts, (100) which would not trigger the database’s automatic linking function. In any case, it appears the Awlaki team never pulled all the emails between Hasan and Awlaki and read them together, which would have made Hasan seem much more worrisome (though when the San Diego agent set the alert for the second email, he searched and found the first one).

Even before this was streamlined, the collection seemed to lack real minimization. Though to be fair, the Agents spending a third of their days reading Awlaki’s emails were drowning and really had an incentive to get reports out as quickly as possible. But they seemed to be in the business of sending out reports with IDs, not the reverse.

In addition, we know that subsequent to that time, the FBI started using this collection (and, I’m quite certain, Samir Khan’s), as a tripwire — what they call “Strategic Collections.”

The Hasan attack (and presumably subsequent investigations, as well as the Umar Farouk Abdulmutallab attack) appears to have brought about a change in the way wiretaps like Awlaki’s are treated. Now, such wiretaps–deemed Strategic Collections–will have additional follow-up and management oversight.

The Hasan matter shows that certain [redacted] [intelligence collections] [redacted] serve a dual role, providing intelligence on the target while also serving as a means of identifying otherwise unknown persons with potentially radical or violent intent or susceptibilities. The identification and designation of Strategic Collections [redacted] will allow the FBI to focus additional resources–and, when appropriate, those of [redacted] [other government agencies]–on collections most likely to serve as “trip wires.” This will, in turn, increase the scrutiny of information that is most likely to implicate persons in the process of violent radicalization–or, indeed, who have radicalized with violent intent. This will also provide Strategic Collections [redacted] with a significant element of program management, managed review, and quality control that was lacking in the pre-Fort Hood [review of information acquired in the Aulaqi investigation] [redacted].

If implemented prior to November 5, 2009, this process would have [redacted] [enhanced] the FBI’s ability to [redacted] identify potential subjects for “trip wire” and other “standalone” counterterrorism assessments or investigations. (99)

Many many many of the aspirational terrorists the FBI rolled up in 2010 and afterwards were people who had communicated or followed Awlaki or Khan. And to the extent we’ve prosecuted a bunch of wayward youth who can’t pull together a plot without the FBI’s assistance, that ought to be a concern on many levels.

Because it would mean this unminimized production is part of the Terror Manufacturing Industry. (Mind you, the FBI was doing this with their own surveillance based off Hal Turner in the 00s, so it’s not an approach limited to Muslim radicals.)

To the extent that FAA collection might be sent to FBI as a way to identify non-criminal leads to criminalize, it’s a problem, particularly if the FISA Court doesn’t see what minimization the FBI uses.

Read more