Posts

John Durham: Destroying the Purported Victims to Save Them

/33 Comments/in , , /by

I’ve covered a great deal of prosecutions involving FISA materials. In just one — that of Reaz Qadir Khan — was the defendant able to use sensitivities around FISA to get a better plea deal (and in that case, there were extenuating circumstances, possibly including a dead FISA target and Stellar Wind collection). I also covered the Scooter Libby case, in which Libby attempted — and very nearly succeeded — in forcing prosecutors to dismiss the case by demanding the declassification of a slew of Presidential Daily Briefs. But even the Libby case may pale in comparison to the difficulties John Durham has signed up for in his prosecution of Igor Danchenko.

That’s true because Danchenko will credibly be able to demand materials from at least two FISA orders, as well as two other counterintelligence investigations, including a sensitive, multi-pronged, ongoing investigation, to defend himself.

Indeed, there’s even a chance DOJ cannot legally prosecute Danchenko in this case.

What follows is true regardless of whether Danchenko was indicted on shoddy evidence as part of a witch hunt or if Durham has Danchenko dead to rights defrauding the FBI to target Donald Trump. I remain agnostic which is the case (the truth is likely somewhere in-between). It is true regardless of whether Carter Page and Sergei Millian were truly victimized as a result of the Steele dossier, or whether they were reasonable counterintelligence targets whose investigations got blown up in a political firestorm.

This has everything to do with the prosecutorial discretion that Durham did not exercise in charging Danchenko (and because of some sloppiness in the way he did so) and nothing to do with Danchenko’s guilt or innocence or Page and Millian’s victimization.

Consider the following moves Durham made in his indictment:

  • He invoked Danchenko’s source, Olga Galkina, in his materiality claims and based his single charge pertaining to Charles Dolan on a June 15, 2017 FBI interview.
  • He relied on claims Sergei Millian made about interactions with Danchenko as part of his proof that Danchenko lied about his belief that he had spoken with Millian. Durham did so, apparently, based entirely on Millian’s currently public Twitter blatherings.
  • He made Carter Page’s FISA targeting — and its role in the investigation into Trump associates (which Durham recklessly called “the Trump campaign”) — central to his materiality claims.

Whether Igor Danchenko is a reckless smear agent or someone screwed by Christopher Steele’s own sloppiness, he is entitled to all the evidence pertaining to the full scope of the indictment, as well as any exculpatory evidence that could help him disprove Durham’s claims. One of the prosecutors in the case, Michael Keilty, already warned Judge Anthony Trenga, who is presiding over the case, that there will be “a vast amount of classified discovery” in this case. But if prosecutors haven’t vetted Millian any further than reading his Twitter feed, they may have no idea what discovery challenges they face.

There has never been a case like this one, relying on two already publicly identified FISA orders, so this is literally uncharted waters.

Durham’s Matryoshka Materiality Claims

Before I explain the challenges Durham faces, it’s worth explaining how Durham has used materiality in this indictment. Durham will have to prove not just that Danchenko lied, but that the lies were material.

The words “material” or “materiality” show up in the indictment 20 times, of which just one instance is used to mean “stuff” (in a misquotation of a Danchenko response to an FBI question stating, “related issues perhaps but … nothing specific”). Five are required in the charging language.

Maybe Durham focused so much making claims about materiality, in part, because he’s smarting about the way people made fun of him for his shoddy materiality claims in the Michael Sussmann indictment. But many of his discussions about the “materiality” of Danchenko’s alleged lies, both charged and uncharged, serve as a gratuitous way for Durham to include accusations in the indictment he didn’t charge. The tactic worked like a charm, as multiple journalists reported that things — particularly regarding the pee tape — were alleged or charged that were not. But now he’s on the hook for them in discovery.

Below, I’ve shown how these materiality claims form a nested set of allegations, such that even the materiality claims for uncharged conduct make up part of his overall materiality argument. I’m not, at all, contesting that Durham has a sound case that — if he can prove Danchenko lied — at least one of lies was material. While some of his materiality claims are provably false and some (such as the claims that Danchenko’s alleged lies about Millian in October and November 2017 mattered for FISA coverage that ended in September 2017) defy physics, the bar for materiality is low and he will clearly surpass it on some of his materiality claims.

The issue, however, is that Durham is now on the hook, with regards to discovery, for all of his materiality claims covering both the charged lies and the uncharged allegations. Danchenko may now demand evidence that undercuts these claims, even the ones that don’t relate directly to the charged lies.

The Section 702 directive targeting Olga Galkina

Durham makes two materiality claims pertaining to Danchenko’s friend, Olga Galkina, to whom he sourced all the discredited Michael Cohen reports and a claim about Carter Page’s meetings in July 2016:

  • That by lying about how indiscreet he was about his relationship with Christopher Steele, Danchenko prevented the FBI from learning that Russian spies might inject disinformation into the dossier through people like Galkina.
  • That by lying on June 15, 2017, Danchenko prevented the FBI from learning that Charles Dolan “maintained a pre-existing and ongoing relationship” with Galkina, which led Galkina to have access to senior Russian officials she wouldn’t otherwise have had. Dolan’s ties with Galkina also appear to have led to Galkina serving as a cut-out between Dolan and Danchenko for information for one of the reports (pertaining to the reassignment of a US Embassy staffer) in the dossier.

I’m unclear why Durham made these claims — possibly because it was one of the only ways to criminalize the way Dolan served as a source for reports that were unrelated to the Carter Page applications, possibly because he wanted to do so to dump HILLARY HILLARY HILLARY in the middle of his indictment. But both claims are false.

To prove the first is false, Danchenko will point to Durham’s miscitation of the question Danchenko was actually asked, his answer — “yes and no” — to a question Durham claims he answered “no” to, and to his descriptions, from his very first interview, of how Galkina knew he was collecting intelligence and had even, after the release of the dossier, tasked him with an intelligence collection request herself.

To prove the second is false, Danchenko will point to the declassified footnote in the DOJ IG Report showing that in “early June 2017” (and so, presumably before June 15), the FBI obtained 702 collection that (the indictment makes clear) reflects extensive communications between Dolan and Galkina.

The FBI [received information in early June 2017 which revealed that, among other things, there were [redacted]] personal and business ties between the sub-source and Steele’s Primary Sub-source; contacts between the sub-source and an individual in the Russian Presidential Administration in June/July 2016; [redacted] and the sub‐source voicing strong support for candidate Clinton in the 2016 U.S. elections. The Supervisory Intel Analyst told us that the FBI did not have Section 702 coverage on any other Steele sub‐source. [my emphasis]

It’s highly likely the FBI set up that June 15, 2017 interview with Danchenko precisely to ask him about things they learned via that Section 702 collection. Based on what Durham has said so far, Danchenko provided information about key details of the relationship between Galkina and Dolan in the interview, thereby validating that he was not hiding the relationship entirely.

Had Danchenko affirmatively lied about this in January or March 2017, rather than just not sharing this information, Durham might have a case. But by June 2017, the FBI was already sitting on that 702 collection (to say nothing of the contact tracing analysts would have used to justify the 702 directive). That’s almost certainly why they asked the question about Dolan.

So even if Durham could manage to avoid introducing, as evidence at trial, Danchenko’s communications with Galkina that the FBI would have first obtained under FISA 702, and thereby stave off the FISA notice process required for aggrieved persons under FISA, Danchenko is still going to have cause to make Durham admit a slew of things about that Section 702 directive targeting Galkina, including:

  • What kind of contact-tracing alerted the FBI and NSA that Galkina had US-cloud based communications that would be of investigative interest (because that contact-tracing, by itself, disproves Durham’s materiality claim)
  • What communications FBI obtained from that Section 702 order and when (because if they indeed had the Galkina-Dolan communications on June 15, then nothing Danchenko could have said impeded the FBI from discovering them)
  • The approval process behind the release of this Section 702 information to Inspector General Michael Horowitz, and then to Congress, which in turn presumably alerted Durham to it, and whether it complied with new requirements about unmasking imposed in 2018 in response to the Carter Page FISA and conspiracy theories about Mike Flynn (it surely did, because unmasking for FBI collections is not really a thing, but Danchenko will have reason to ask how Congress got the communications and from there, how Durham did)

None of this kind of information has been released to a defendant before, but all of it is squarely material to combatting the claim that the FBI didn’t know about Galkina’s communications with Dolan when they asked Danchenko a question precisely because they did know about those communications. And Danchenko has the right to ask for it because of that reference to Section 702 that Ron Johnson and Chuck Grassley insisted on declassifying.

The Sergei Millian counterintelligence investigation

The paragraph describing that Durham is relying on Sergei Millian’s Twitter rants as part of his evidence to prove that Danchenko lied five times about Millian (just four of which are charged) misspells Danchenko’s name, the single such misspelling in the indictment. [Update: Though see William Ockham’s comment below that notes there’s a different misspelling of Danchenko’s name elsewhere in the Millian part of the indictment.]

Chamber President-1 has claimed in public statements and on social media that he never responded to DANCHEKNO’s [sic] emails, and that he and DANCHENKO never met or communicated.

That makes me wonder whether it was added in at the last minute, after all the proof-reading, perhaps in response to a question from the grand jury or Durham’s supervisors. If it was, it might indicate that Durham didn’t really think through all the implications of invoking Millian as a fact witness against Danchenko.

But, unless Durham has rock-solid proof that Danchenko invented a call he claimed to believe had involved Millian altogether, then this reference now gives Danchenko cause to submit incredibly broad discovery requests about Millian to discredit Millian as a witness against him. Durham made no claim that he has such rock-solid proof in the indictment. As I’ve noted, Danchenko told the FBI he replaced his phone by the time the Bureau started vetting the Steele dossier, so to rule out that the call occurred, Durham probably would need to have obtained the phone and found sufficient evidence that survived a factory reset to rule out a Signal call.

Before I explain all the things Danchenko will have good reason to demand, let me review Durham’s explanation for why the alleged lies about Millian (Durham has charged separate lies on March 16, May 18, October 24, and November 16, 2017) were material:

Based on the foregoing, DANCHENKO’s lies to the FBI claiming to have received a late July 2016 anonymous phone call from an individual that DANCHENKO believed to be Chamber President-1 were highly material to the FBI because, among other reasons, the allegations sourced to Chamber President-1 by DANCHENKO formed the basis of a Company Report that, in turn, underpinned the aforementioned four FISA applications targeting a U.S. citizen (Advisor­ 1). Indeed, the allegations sourced to Chamber President-1 played a key role in the FBI’s investigative decisions and in sworn representations that the FBI made to the Foreign Intelligence Surveillance Court throughout the relevant time period. Further, at all times relevant to this Indictment, the FBI continued its attempts to analyze, vet, and corroborate the information in the Company Reports. [my emphasis]

As I have noted above, it is temporally nonsensical to claim that lies Danchenko told in October and November 2017 “played a role in sworn representations that the FBI made to FISC” when the last such representation was made in June 2017. And Danchenko will be able to make a solid case that no matter what he said in March and May, it would have had no impact on the targeting of Carter Page, because as a 400-page report lays out in depth, really damning details about the Millian claim that Danchenko freely did share in January had no impact on the targeting of Carter Page. Even derogatory things Christopher Steele said about Millian in October 2016 never made any of the Page FISA applications. The DOJ IG has claimed and Judge Rosemary Collyer agreed that FBI was at fault for all this, because they weren’t integrating any of the new information learned from vetting the dossier. Danchenko might even be able to call a bunch of FBI witnesses who were fired as a result to prove they were held accountable for it and so he can’t be blamed.

So Durham will substantially have to rely on “investigative decisions” and FBI efforts to vet the dossier to prove that Danchenko’s claimed lies about Millian were material. And that will make the FBI investigations into Millian himself and George Papadopoulos relevant and helpful to Danchenko’s defense, because those are some of the investigative decisions at issue.

That’s not the only reason that Danchenko will be able to demand that DOJ share information on Millian. Durham has made Millian a fact witness against Danchenko, and — by relying on Millian’s Twitter feed — in the most ridiculous possible way. So Danchenko will be able to demand evidence that DOJ should possesses (but may not) that he can use to explain why Millian might lie about a call between the two.

Some things Danchenko will credibly be able to demand in discovery include:

  • Extensive details about Sergei Millian’s Twitter account. Durham presented Millian’s Twitter account to the grand jury as authoritative with regards to Millian’s denials of having any direct call with Danchenko. Danchenko has reason to ask Durham for an explanation why he did so, as well as a collection of all tweets that Millian has made going back to 2016 (most of which Millian has since deleted, some of which will raise questions about Millian’s sincerity and claimed knowledge of non-public information). In addition, because there have been questions (probably baseless, but nevertheless persistent) during this period about whether Millian was personally running his own Twitter campaign, Danchenko can present good cause to ask for the IP and log-in information for the entire period, either from the government or from Twitter. While it would be more of a stretch, Millian’s Twitter crowd includes some accounts that have been identified as inauthentic by Twitter and others that were involved in publicly exposing Danchenko’s identity; Danchenko might point to this as further evidence of Millian’s motives behind his Twitter rants. Finally, Danchenko will also have cause to ask how Millian got seeming advance notice of his own indictment if Durham’s investigators never bothered to put Millian before a grand jury.

  • Details of the counterintelligence investigation into Millian. After the first release of the DOJ IG Report, the FBI declassified parts of discussions of a counterintelligence investigation that the New York Field Office opened into Millian days before October 12, 2016. The IG Report describes that Millian was “previously known to the FBI,” and does not tie that CI investigation to any allegations that Fusion made against Millian (though I don’t rule it out). Danchenko will obviously be able to ask for access to the still-redacted parts of those IG Report references, because the same things (whatever they were) that led FBI to think Millian was a spy would be things that Danchenko could use to offer a motive for why Millian would lie about having spoken to Danchenko. Danchenko also has cause to ask for details from Millian’s own FBI file. The basis for that counterintelligence investigation, and any derogatory conclusions, would provide Danchenko means to raise questions about Millian’s credibility or at least alternative motives for Millian to claim no such call took place.
  • Details of how Millian cultivated George Papadopoulos. The IG Report also reveals that, even before the Carter Page application, the FBI was aware of the extensive ties between Millian and George Papadopoulos. Because Durham claims that Danchenko’s alleged lies — and not direct evidence pertaining to the relationship between Millian and Papadopoulos — drove the FBI’s investigative decisions from 2017 through the end of the Mueller investigation, Danchenko will have reason to ask for non-public details about some aspects of the Papadopoulos investigation, as well, not least because (as the Mueller Report makes clear) the initial contacts between Millian and Papadopoulos exactly parallel in time — and adopted the same proposed initial meeting approach — the initial contact and the call that Danchenko claimed to believe he had with Millian. If the July 2016 call he believes he had with Millian didn’t occur, Danchenko will be able to argue persuasively, then how did he know precisely where and how Millian would conduct such meetings a week in advance of the initial meeting, in New York, that Millian had with Papadopoulos?

The Office investigated another Russia-related contact with Papadopoulos. The Office was not fully able to explore the contact because the individual at issue-Sergei Millian-remained out of the country since the inception of our investigation and declined to meet with members of the Office despite our repeated efforts to obtain an interview. Papadopoulos first connected with Millian via Linked-In on July 15, 2016, shortly after Papadopoulos had attended the TAG Summit with Clovis.500 Millian, an American citizen who is a native of Belarus, introduced himself “as president of [the] New York-based Russian American Chamber of Commerce,” and claimed that through that position he had ” insider knowledge and direct access to the top hierarchy in Russian politics.”501 Papadopoulos asked Timofeev whether he had heard of Millian.502 Although Timofeev said no,503 Papadopoulos met Millian in New York City.504 The meetings took place on July 30 and August 1, 2016.505 Afterwards, Millian invited Papadopoulos to attend-and potentially speak at-two international energy conferences, including one that was to be held in Moscow in September 2016.506 Papadopoulos ultimately did not attend either conference.

On July 31 , 2016, following his first in-person meeting with Millian, Papadopoulos emailed Trump Campaign official Bo Denysyk to say that he had been contacted “by some leaders of Russian-American voters here in the US about their interest in voting for Mr. Trump,” and to ask whether he should “put you in touch with their group (US-Russia chamber of commerce).”507 Denysyk thanked Papadopoulos “for taking the initiative,” but asked him to “hold off with outreach to Russian-Americans” because “too many articles” had already portrayed the Campaign, then-campaign chairman Paul Manafort, and candidate Trump as “being pro-Russian.”508

On August 23, 2016, Millian sent a Facebook message to Papadopoulos promising that he would ” share with you a disruptive technology that might be instrumental in your political work for the campaign.”509 Papadopoulos claimed to have no recollection of this matter.510

On November 9, 2016, shortly after the election, Papadopoulos arranged to meet Millian in Chicago to discuss business opportunities, including potential work with Russian “billionaires who are not under sanctions.”511 The meeting took place on November 14, 2016, at the Trump Hotel and Tower in Chicago.512 According to Papadopoulos, the two men discussed partnering on business deals, but Papadopoulos perceived that Millian’s attitude toward him changed when Papadopoulos stated that he was only pursuing private-sector opportunities and was not interested in a job in the Administration.5 13 The two remained in contact, however, and had extended online discussions about possible business opportunities in Russia. 514 The two also arranged to meet at a Washington, D.C. bar when both attended Trump’s inauguration in late January 2017.515 [my emphasis]

John Durham claims that Sergei Millian is a victim. But by making Millian a fact witness against Danchenko, Durham has given Danchenko the opportunity to obtain and air a great many details about why a DOJ prosecutor should review more than Twitter rants before treating Millian as a credible fact witness.

The Oleg Deripaska counterintelligence and sanctions investigations

Durham has also provided Danchenko multiple reasons to request details of a counterintelligence investigation that is ongoing and remains far more sensitive than the Millian one: The investigation into Oleg Deripaska.

Oleg Deripaska was the most likely client for a tasking Steele gave Danchenko immediately before the DNC one, collecting on Paul Manafort. Danchenko credibly claimed to the FBI that he did not know what client had hired Steele. If Deripaska was that client, it would be relevant and helpful to Danchenko’s defense to understand why Deripaska hired Steele.

That’s true, in significant part, because Deripaska is also the most likely culprit behind any disinformation injected into the Steele dossier. Among other things, by asking Steele to collect on Manafort and then monitoring how Steele did that, Deripaska could have used it to identify Steele’s reporting network.

Durham blames Danchenko for hiding the possibility of disinformation with one of his (false) uncharged conduct claims, but the Deripaska angle, about which Danchenko claimed to have no visibility either in real time in 2016 or by 2017, when he is accused of lying, would be the more important angle. And we know they were aware of the possibility and trying to assess whether that was possible even as they were vetting the dossier. But, as Bill Priestap told DOJ IG, he couldn’t figure out how this would work.

what he has tried to explain to anybody who will listen is if that’s the theory [that Russian Oligarch 1 ran a disinformation campaign through [Steele] to the FBI], then I’m struggling with what the goal was. So, because, obviously, what [Steele] reported was not helpful, you could argue, to then [candidate] Trump. And if you guys recall, nobody thought then candidate Trump was going to win the election. Why the Russians, and [Russian Oligarch 1] is supposed to be close, very close to the Kremlin, why the Russians would try to denigrate an opponent that the intel community later said they were in favor of who didn’t really have a chance at winning, I’m struggling, with, when you know the Russians, and this I know from my Intelligence Community work: they favored Trump, they’re trying to denigrate Clinton, and they wanted to sow chaos. I don’t know why you’d run a disinformation campaign to denigrate Trump on the side. [brackets original]

Since Durham blamed Danchenko for hiding the possibility of disinformation when questions like these did more to impede such considerations, Danchenko has good reason to ask for anything assessing whether Deripaska did use the dossier as disinformation, not least because DOJ was getting ample information to pursue that angle before Danchenko’s first interview, via Bruce Ohr (for which DOJ fired Ohr).

There’s a Millian angle to Danchenko’s case he should get information on the counterintelligence investigation into Deripaska, too. At a time when Deripaska was already tasking both sides of his double game — using Christopher Steele to make Paul Manafort legally vulnerable and then using Manafort’s legal and financial vulnerability to entice his cooperation in the election operation — Deripaska and Millian met at the St. Petersburg International Economic Forum in June 2016, the same convention that Michael Cohen was invited to attend to pursue an impossibly lucrative Trump Tower deal and to which Russian Deputy Prime Minister Sergei Prikhodko repeatedly invited Trump (as this post makes clear, Mueller obtained only unsigned versions of Trump’s letter declining Prikhodko’s invitation).

Millian’s documented meeting with Deripaska during 2016 would provide Danchenko several reasons to want access to some of the investigative materials from the Deripaska investigations. First, if Millian and Deripaska had further contact, either in 2016, or since then, it would suggest that Millian’s denials that he called Danchenko may be part of the same disinformation strategy as any disinformation inserted via Deripaska-linked sources into the dossier itself.

If Millian had no ongoing relationship with Deripaska after they met up in June 2016, however, it suggests a possible alternate explanation for the call that, Danchenko consistently claimed in 2017, he believed to be Millian: That someone learned of Danchenko’s outreach (the Novosti journalists through whom Danchenko first got Millian’s contact information are one possible source of this information, but not the only one) and called Danchenko seemingly in response to Danchenko’s outreach to Millian as another way to inject disinformation into the dossier.

Finally, Danchenko may request information on Deripaska to unpack the provenance of the investigation against him altogether. After meeting with a Deripaska deputy in January 2017, Paul Manafort returned to the US and pushed a strategy to discredit the Russian investigation by discrediting the dossier, using Deripaska’s associate Konstantin Kilimnik to obtain information about its sources. That strategy adopted by Manafort is a strategy that has led, directly, to this Durham inquiry.

If Deripaska participated in any disinformation efforts involving the dossier and instructed Manafort to exploit the disinformation he knew had been planted — if this very investigation is the fruit of the same disinformation campaign that Durham blames Danchenko for hiding — then Danchenko would have good reason to make broad discovery requests about it.

DOJ has continued to redact Deripaska-related investigative detail under ongoing investigation exemptions. And Treasury refused Deripaska’s own attempt to learn why he was sanctioned. So it’s likely DOJ would want to guard these details closely.

But Deripaska’s key role in the Russian operation even as he was tasking Steele to harm Manafort, the tie between Millian and Deripaska, and the effort to use the dossier to discredit the Russian investigation make such requests directly relevant and helpful to Danchenko’s defense.

The Carter Page FISA Collection

This entire Durham investigation is, at least metonymically, an attempt to avenge Carter Page’s (and through him, Trump’s) purported victimization at the hands of the Steele dossier.

But even with Page, Durham’s materiality claims may expose Page to more scrutiny than he ever would have been without this case. Page may well have been victimized by the dossier itself, but Danchenko is not accused of any crime in conjunction with his collection related to the dossier. Instead, he is charged with lies to the FBI in March, May, October, and November 2017. There’s plenty of evidence in the 400-page DOJ IG Report that nothing Danchenko could have said in those earlier interviews could have altered FISA targeting decisions in April and June, and it would be impossible for lies told in October and November to have affected coverage that ended in September.

That means that Durham will have to provide Danchenko a great deal of information on the investigation into Page — including on Page’s willing sharing of non-public information with Russians in 2013, his seeming efforts to reestablish contact with the Russians in 2015, his enthusiastic pursuit of Russian funding to set up a think tank in 2016, and his ongoing connections in 2017 — to afford Danchenko the ability to argue that the dossier didn’t matter because, as a Republican Congressperson with access to all the intelligence told me in July 2018, the case for surveilling Page was a slam dunk even without it.

Providing Danchenko the Mueller materials will be the easy part. They would be helpful to Danchenko’s defense because they show that rumors about Page meeting Igor Sechin were circulating Moscow, not just among Steele’s sources; there was time during Page’s July 2016 trip to Moscow that was unaccounted for, even to those who organized his trip; and via the Page investigation, Mueller corroborated that Kirill Dimitriev (the guy who had a back channel meeting with Erik Prince) would be an important source on Russia’s tracking of Trump. Mueller materials will also show that the FBI came to suspect that one of the contacts involved in bringing Page to Russia in July 2016 was being recruited by Russian spies, providing independent reason to continue the investigation into Page. Mueller investigative materials will provide new details on Konstantin Kilimnik’s report to Paul Manafort that Page was claiming to speak on Trump’s behalf on his trip to Moscow in December 2016, something that may have exposed Trump as a victim of Page’s misrepresentations in Russia, which in turn, heightened the import of learning why Page was making such claims. Language from Mueller’s still-classified description of his decision not to charge Page as a Russian agent may also prove relevant and helpful to Danchenko’s defense.

But it’s not just the Mueller materials. To combat Durham’s claim that Danchenko’s claimed lies were material to the ongoing targeting of Carter Page in April and June 2017, the defendant obviously must be given access to substantial materials from Page’s FISA applications (October 2016, January 2017, April 2017, June 2017). Danchenko will be able to undercut Durham’s materiality arguments in at least two ways with these materials. First, as Andrew McCabe understood it, the first period of FISA collection was “very productive,” and others at FBI described that the collection showed Page’s, “access to individuals in Russia and [his communications] with people in the Trump campaign, which created a concern that Russia could use their influence with Carter Page to effect policy.” Danchenko can certainly ask for these discussions to argue that, even before he ever spoke to the FBI in January 2017, things the FBI learned by targeting Page under FISA created new reason to continue to task him, independent of the dossier.

Even more critically, redacted passages of the DOJ IG Report suggest that the decision to continue targeting Page in June 2017 stemmed almost entirely from a desire to get to financial and encrypted app information from Page that might not be otherwise available.

[A]vailable documents indicate that one of the focuses of the Carter Page investigation at this time was obtaining his financial records. NYFO sought compulsory legal process in April 2017 for banking and financial records for Carter Page and his company, Global Energy Capital, as well as information relating to two encrypted online applications, one of which Page utilized on his cell phone. Documents reflect that agents also conducted multiple interviews of individuals associated with Carter Page.

Case Agent 6 told us, and documents reflect, that despite the ongoing investigation, the team did not expect to renew the Carter Page FISA before Renewal Application No. 2’s authority expired on June 30. Case Agent 6 said that the FISA collection the FBI had received during the second renewal period was not yielding any new information. The OGC Attorney told us that when the FBI was considering whether to seek further FISA authority following Renewal Application No. 2, the FISA was “starting to go dark.” During one of the March 2017 interviews, Page told Case Agent 1 and Case Agent 6 that he believed he was under surveillance and the agents did not believe continued surveillance would provide any relevant information. Cast Agent 6 said [redacted]

SSA 5 and SSA 2 said that further investigation yielded previously unknown locations that they believed could provide information of investigative value, and they decided to seek another renewal. Specifically, SSA 5 and Case Agent 6 told us, and documents reflect, that [redacted] they decided to seek a third renewal. [redacted]

If declassified versions of this report (and the underlying back-up) confirm that, it means Danchenko’s alleged lies in May and June were virtually meaningless in ongoing decisions to target Page, because FBI would otherwise have detasked him if not for very specific accounts they wanted to target. Danchenko would need to be able to get declassified versions of that material to be able to make that argument.

Then there’s the FISA collection used to reauthorize FISA targeting on Page. There’s enough public about what FBI obtained for Danchenko to argue that he needs this collection to rebut the materiality claims Durham has made. For example, one redacted passage in reauthorization applications suggests that FBI learned information about whether Page’s break with the campaign was as significant as the campaign publicly claimed it was. Another redacted passage suggests FBI may have obtained intelligence that contradicted Page’s denials of certain meetings in Russia. A third redacted passage suggests that the FBI learned that Page was engaged in a limited hangout with his admissions of such meetings. Not only might some of this validate the dossier (and explain why Mueller treated the question of Page’s trips to Russia as inconclusive), but it provides specific reasons the FISA collection justified suspicions of Page, meaning FBI was no longer relying on the dossier.

Finally, since Durham claims that Danchenko’s lies impeded the FBI’s efforts to vet the dossier, Danchenko will need to be provided a great deal of information on those efforts.  This is another instance where files released as part of Trump’s efforts to undermine the investigation will help Danchenko prove there are discoverable materials he should get. This spreadsheet is what FBI used to vet the dossier. It shows that the FBI obtained information under the Carter Page FISA they used to vet a claim Danchenko sourced to his friend, Galkina, whom Durham made central to questions of materiality. Similarly, the FBI used information from the Page FISA to help vet the claim that Danchenko sourced (incorrectly or not) to Millian, which is utterly central to the case against him. Given Durham’s claims that Danchenko’s lies prevented FBI from doing this vetting, he can easily claim that obtaining this vetting information may be helpful and material to his defense (though it may in fact not be helpful).

This is a very long list and I’m not saying that Danchenko will succeed in getting this information, much less using it at trial.

What I’m saying is that it is quite literally unprecedented for a defendant to know specific details of two FISA orders — the 702 directive targeting Galkina and the Carter Page FISAs — that they can make credible arguments they need access to to mount a defense. Similarly, the ongoing, sensitive counterintelligence investigation into Oleg Deripaska (and Konstantin Kilimnik) is central to the background of the dossier. And Durham has made someone who — like Danchenko before him, was investigated as a potential Russian asset — a fact witness in this case.

Normally, prosecutors might look at the discovery challenges such legitimate defense demands would pose and decide not to try the case (it’s one likely reason, for example, why David Petraeus got away with a wrist-slap for sharing code-word information with his mistress, because the discovery to actually prosecute him would have done more damage than the conviction was worth; similarly, the secrecy of some evidence Mueller accessed likely drove some of his declination decisions). But Durham didn’t do so. He has committed himself to deal with some of the most sensitive discovery ever provided, and to do so with a foreign national defendant, all in pursuit of five not very well-argued false statements charges. That doesn’t mean Danchenko will get the evidence. But it means Durham is now stuck dealing with unprecedented discovery challenges.

In a follow-up, I’ll talk about how this will work and why it may be literally impossible for Durham to succeed.

Update: I’ve corrected the date of the month of the charged interview pertaining to Charles Dolan.

Update: In a story on an ongoing counterintellience investigation into a Russian expat group, Scott Stedman notes that the group was involved in Millian’s pitch to Papadopoulos in 2016.

Forensic News can reveal that Gladysh’s pro-Trump internet activity was much broader than previously known. In 2020, Gladysh’s Seattle-based Russian-American Cooperation Initiative founded a news website that nearly exclusively promoted Trump and disseminated Russian propaganda, according to internet archives.

The news website featured articles with the titles such as “Second Trump term is crucial to prospect of better U.S.-Russia relations, safer world,” and “Biden victory will spell disaster for U.S.-Russia relations, warns billionaire.” The billionaire referenced by the outlet is Oleg Deripaska, a key figure in the 2016 Trump campaign’s collusion with Russia.

[snip]

Morgulis attempted to rally Russian voters for Donald Trump in both the 2016 and 2020 U.S. Presidential Elections and allied himself with numerous associates connected to Russian intelligence and influence operations that have caught the attention of the FBI.

According to the Washington Post, Morgulis and Sergei Millian worked on a plan to rally Russian voters for Trump in 2016. Millian, who was in contact with Trump aide George Papadopoulos, later fled the country and was not able to be interviewed by investigators.

[snip]

Morgulis, Branson, and Millian all received Silver Archer Awards in 2015, a Russian public affairs accomplishment given to U.S. persons advancing Russian cultural and business interests. The founder of Silver Archer is Igor Pisarsky, a “Kremlin-linked public relations power player” who facilitated money transfers from a Russian oligarch to Maria Butina.

This will provide Danchenko cause to ask for details of that counterintelligence investigation.

Durham’s Materiality Claims

Durham’s general materiality argument makes three claims about the way that Danchenko’s alleged lies affected the FBI investigation. And then, nested underneath those claims, he made further claims (about half of which aren’t even charged), about the materiality of other things, a number of which have nothing to do with the Carter Page FISA. Of particular note, the bulk (in terms of pages) of this indictment discusses lies that Durham doesn’t tie back to Carter Page, even though he could have, had he treated Olga Galkina differently.

      • Danchenko’s lies were material because FBI relied on the dossier to obtain FISA warrants on Carter Page: “The FBI’ s investigation of the Trump Campaign relied in large part on the Company Reports to obtain FISA warrants on Advisor-1.”
        • Danchenko’s lie about believing Millian called him in July 2016 because it formed the basis of the FISA applications targeting Page: Danchenko’s alleged lies to the FBI about Millian, “claiming to have received a late July 2016 anonymous phone call from an individual that DANCHENKO believed to be Chamber President-I were highly material to the FBI because, among other reasons, the allegations sourced to Chamber President-I by DANCHENKO formed the basis of a Company Report that, in turn, underpinned the aforementioned four FISA applications targeting a U.S. citizen (Advisor­ 1).”
      • Danchenko’s lies were material because they made it harder for the FBI to vet the dossier: “The FBI ultimately devoted substantial resources attempting to investigate and corroborate the allegations contained in the Company Reports, including the reliability of DANCHENKO’s sub-sources.”
        • Danchenko’s lies about how indiscreet he was about collecting information for Steele prevented the FBI from understanding whether people, including Russia, could inject disinformation into the dossier: Accordingly, DANCHENKO’s January 24, 2017 statements (i) that he never mentioned U .K. Person-I or U .K. Investigative Firm-I to his friends or associates and (ii) that “you [the FBI] are the first people he’s told,” were knowingly and intentionally false. In truth and in fact, and as DANCHENKO well knew, DANCHENKO had informed a number of individuals about his relationship with U.K. Person-I and U.K. Investigative Firm-I. Such lies were material to the FBI’ s ongoing investigation because, among other reasons, it was important for the FBI to understand how discreet or open DANCHENKO had been with his friends and associates about his status as an employee of U .K. Investigative Firm-I, since his practices in this regard could, in tum, affect the likelihood that other individuals – including hostile foreign intelligence services – would learn of and attempt to influence DANCHENKO’s reporting for U.K. Investigative Firm1.
        • Dancheko’s lies about Charles Dolan prevented the FBI from learning that Dolan was well-connected in Russia, Dolan had ties to Hillary, and Danchenko gathered some of his information using access obtained through Dolan:  DANCHENKO’s lies denying PR Executive-1 ‘s role in specific information referenced in the Company Reports were material to the FBI because, among other reasons, they deprived FBI agents and analysts of probative information concerning PR Executive-I that would have, among other things, assisted them in evaluating the credibility, reliability, and veracity of the Company Reports, including DANCHENKO’s sub-sources. In particular, PR Executive-I maintained connections to numerous people and events described in several other reports, and DANCHENKO gathered information that appeared in the Company Reports during the June Planning Trip and the October Conference. In addition, and as alleged below, certain allegations that DANCHENKO provided to U.K. Person-I, and which appeared in other Company Reports, mirrored and/or reflected information that PR Executive-I himself also had received through his own interactions with Russian nationals. As alleged below, all of these facts rendered DANCHENKO’s lies regarding PR Executive-1 ‘s role as a source of information for the Company Reports highly material to the FBI’ s ongoing investigation. [snip] PR Executive-1 ‘s role as a contributor of information to the Company Reports was highly relevant and material to the FBI’s evaluation of those reports because (a) PR Executive-I maintained pre-existing and ongoing relationships with numerous persons named or described in the Company Reports, including one of DANCHENKO’s Russian sub-sources ( detailed below), (b) PR Executive-I maintained historical and ongoing involvement in Democratic politics, which bore upon PR Executive-I’s reliability, motivations, and potential bias as a source of information for the Company Reports, and (c) DANCHENKO gathered some of the information contained in the Company Reports at events in Moscow organized by PR Executive-I and others that DANCHENKO attended at PR Executive-1 ‘s invitation. Indeed, and as alleged below, certain allegations that DANCHENKO provided to U.K. Person-I, and which appeared in the Company Reports, mirrored and/or reflected information that PR Executive-I himself also had received through his own interactions with Russian nationals.
          • Danchenko’s lies about Dolan prevented the FBI from asking whether Dolan spoke to Danchenko about the Ritz Hotel: Based on the foregoing, DANCHENKO’s lies to the FBI denying that he had communicated with PR Executive-I regarding information in the Company Reports were highly material. Had DANCHENKO accurately disclosed to FBI agents that PR Executive-I was a source for specific information in the aforementioned Company Reports regarding Campaign Manager-1 ‘s departure from the Trump campaign, see Paragraphs 45-57, supra, the FBI might have taken further investigative steps to, among other things, interview PR Executive-I about (i) the June 2016 Planning Trip, (ii) whether PR Executive-I spoke with DANCHENKO about Trump’s stay and alleged activity in the Presidential Suite of the Moscow Hotel, and (iii) PR Executive-1 ‘s interactions with General Manager-I and other Moscow Hotel staff. In sum, given that PR Executive-I was present at places and events where DANCHENKO collected information for the Company Reports, DANCHENKO’s subsequent lie about PR Executive-1 ‘s connection to the Company Reports was highly material to the FBI’ s investigation of these matters.
          • Danchenko’s lies about Dolan prevented the FBI from asking Dolan whether he knew about a Russian Diplomat being reassigned from the US Embassy: Based on the foregoing, DANCHENKO’s lies to the FBI denying that he had communicated with PR Executive-I regarding information in the Company Reports were highly material. Had DANCHENKO accurately disclosed to FBI agents that PR Executive-I was a source for specific information in the Company Reports regarding Campaign Manager-I ‘s departure from the Trump campaign, see Paragraphs 45-57, supra, the FBI might also have taken further investigative steps to, among other things, interview PR Executive-I regarding his potential knowledge of Russian Diplomat-1 ‘s departure from the United States. Such investigative steps might have assisted the FBI in resolving the above-described discrepancy between DANCHENKO and U.K. Person-I regarding the sourcing of the allegation concerning Russian Diplomat-I.
          • Danchenko’s lies about Dolan prevented the FBI from asking whether Dolan was the source for the [true] report about reasons why Paul Manafort had left the Trump campaign: Based on the foregoing, DANCHENKO’s lie to the FBI about PR Executive-I not providing information contained in the Company Reports was highly material. Had DANCHENKO accurately disclosed to FBI agents that PR Executive-I was a source for specific information in the aforementioned Company Reports regarding Campaign Manager-I’s departure from the Trump campaign, see Paragraphs 45-57, supra, the FBI might have taken further investigative steps to, among other things, interview PR Executive-I regarding his potential knowledge of additional allegations in the Company Reports regarding Russian Chief of Staff-I. Such investigative steps might have, among other things, assisted the FBI in determining whether PR Executive-I was one of DANCHENKO’s “other friends” who provided the aforementioned information regarding Putin’s firing of Russian Chief of Staff-I.
        • Danchenko’s lies about a phone call made it harder for the FBI to vet the dossier: Danchenko’s alleged lies about Millian were material because, “at all times relevant to this Indictment, the FBI continued its attempts to analyze, vet, and corroborate the information in the Company Report.”
      • The FBI took and did not take certain actions because of Danchenko’s lies: “The Company Reports, as well as information collected for the Reports by DANCHENKO, played a role in the FBI’s investigative decisions and in sworn representations that the FBI made to the Foreign Intelligence Surveillance Court throughout the relevant time period.”
        • Danchenko’s alleged lies about Millian affected both FBI’s investigative decisions and played a role in their FISA applications: They “played a key role in the FBI’s investigative decisions and in sworn representations that the FBI made to the Foreign Intelligence Surveillance Court throughout the relevant time period.”

Sources

DOJ IG Report on Carter Page

Mueller Report

October 2016 Page FISA Application

January 2017 Page FISA Application

April 2017 Page FISA Application

June 2017 Page FISA Application

Dossier vetting spreadsheet

Danchenko posts

The Igor Danchenko Indictment: Structure

John Durham May Have Made Igor Danchenko “Aggrieved” Under FISA

“Yes and No:” John Durham Confuses Networking with Intelligence Collection

Daisy-Chain: The FBI Appears to Have Asked Danchenko Whether Dolan Was a Source for Steele, Not Danchenko

Source 6A: John Durham’s Twitter Charges

John Durham: Destroying the Purported Victims to Save Them

John Durham’s Cut-and-Paste Failures — and Other Indices of Unreliability

Aleksej Gubarev Drops Lawsuit after DOJ Confirms Steele Dossier Report Naming Gubarev’s Company Came from His Employee

In Story Purporting to “Reckon” with Steele’s Baseless Insinuations, CNN Spreads Durham’s Unsubstantiated Insinuations

On CIPA and Sequestration: Durham’s Discovery Deadends

The Disinformation that Got Told: Michael Cohen Was, in Fact, Hiding Secret Communications with the Kremlin

 

A Dragnet of emptywheel’s Most Important Posts on Surveillance, 2007 to 2017

/in , , , /by

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten this week.

To celebrate, the emptywheel team has been sharing some of our favorite work from the last decade. This is my massive dragnet of surveillance posts.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2007

Whitehouse Reveals Smoking Gun of White House Claiming Not to Be Bound by Any Law

Just days after opening the new digs, I noticed Sheldon Whitehouse entering important details into the Senate record — notably, that John Yoo had pixie dusted EO 12333 to permit George Bush to authorize the Stellar Wind dragnet. In the ten years since, both parties worked to gradually expand spying on Americans under EO 12333, only to have Obama permit the sharing of raw EO 12333 data in its last days in office, completing the years long project of restoring Stellar Wind’s functionalities. This post, from 2016, analyzes a version of the underlying memo permitting the President to change EO 12333 without providing public notice he had done so.

2008

McConnell and Mukasey Tell Half Truths

In the wake of the Protect America Act, I started to track surveillance legislation as it was written, rather than figure out after the fact how the intelligence community snookered us. In this post, I examined the veto threats Mike McConnell and Michael Mukasey issued in response to some Russ Feingold amendments to the FISA Amendments Act and showed that the government intended to use that authority to access Americans’ communication via both what we now call back door searches and reverse targeting. “That is, one of the main purposes is to collect communications in the United States.”

9 years later, we’re still litigating this (though, since then FISC has permitted the NSA to collect entirely domestic communications under the 2014 exception).

2009

FISA + EO 12333 + [redacted] procedures = No Fourth Amendment

The Government Sez: We Don’t Have a Database of All Your Communication

After the FISCR opinion on what we now know to be the Yahoo challenge to Protect American Act first got declassified, I identified several issues that we now have much more visibility on. First, PAA permitted spying on Americans overseas under EO 12333. And it didn’t achieve particularity through the PAA, but instead through what we know to be targeting procedures, including contact chaining. Since then we’ve learned the role of SPCMA in this.

In addition, to avoid problems with back door searches, the government claimed it didn’t have a database of all our communication — a claim that, narrowly parsed might be true, but as to the intent of the question was deeply misleading. That claim is one of the reasons we’ve never had a real legal review of back door searches.

Bush’s Illegal Domestic Surveillance Program and Section 215

On PATRIOTs and JUSTICE: Feingold Aims for Justice

During the 2009 PATRIOT Act reauthorization, I continued to track what the government hated most as a way of understanding what Congress was really authorizing. I understood that Stellar Wind got replaced not just by PAA and FAA, but also by the PATRIOT authorities.

All of which is a very vague way to say we probably ought to be thinking of four programs–Bush’s illegal domestic surveillance program and the PAA/FAA program that replaced it, NSLs, Section 215 orders, and trap and trace devices–as one whole. As the authorities of one program got shut down by exposure or court rulings or internal dissent, it would migrate to another program. That might explain, for example, why Senators who opposed fishing expeditions in 2005 would come to embrace broadened use of Section 215 orders in 2009.

I guessed, for example, that the government was bulk collecting data and mining it to identify targets for surveillance.

We probably know what this is: the bulk collection and data mining of information to select targets under FISA. Feingold introduced a bajillion amendments that would have made data mining impossible, and each time Mike McConnell and Michael Mukasey would invent reasons why Feingold’s amendments would have dire consequences if they passed. And the legal information Feingold refers to is probably the way in which the Administration used EO 12333 and redacted procedures to authorize the use of data mining to select FISA targets.

Sadly, I allowed myself to get distracted by my parallel attempts to understand how the government used Section 215 to obtain TATP precursors. As more and more people confirmed that, I stopped pursuing the PATRIOT Act ties to 702 as aggressively.

2010

Throwing our PATRIOT at Assange

This may be controversial, given everything that has transpired since, but it is often forgotten what measures the US used against Wikileaks in 2010. The funding boycott is one thing (which is what led Wikileaks to embrace Bitcoin, which means it is now in great financial shape). But there’s a lot of reason to believe that the government used PATRIOT authorities to target not just Wikileaks, but its supporters and readers; this was one hint of that in real time.

2011

The March–and April or May–2004 Changes to the Illegal Wiretap Program

When the first iteration of the May 2004 Jack Goldsmith OLC memo first got released, I identified that there were multiple changes made and unpacked what some of them were. The observation that Goldsmith newly limited Stellar Wind to terrorist conversations is one another reporter would claim credit for “scooping” years later (and get the change wrong in the process). We’re now seeing the scope of targeting morph again, to include a range of domestic crimes.

Using Domestic Surveillance to Get Rapists to Spy for America

Something that is still not widely known about 702 and our other dragnets is how they are used to identify potential informants. This post, in which I note Ted Olson’s 2002 defense of using (traditional) FISA to find rapists whom FBI can then coerce to cooperate in investigations was the beginning of my focus on the topic.

2012

FISA Amendments Act: “Targeting” and “Querying” and “Searching” Are Different Things

During the 2012 702 reauthorization fight, Ron Wyden and Mark Udall tried to stop back door searches. They didn’t succeed, but their efforts to do so revealed that the government was doing so. Even back in 2012, Dianne Feinstein was using the same strategy the NSA currently uses — repeating the word “target” over and over — to deny the impact on Americans.

Sheldon Whitehouse Confirms FISA Amendments Act Permits Unwarranted Access to US Person Content

As part of the 2012 702 reauthorization, Sheldon Whitehouse said that requiring warrants to access the US person content collected incidentally would “kill the program.” I took that as confirmation of what Wyden was saying: the government was doing what we now call back door searches.

2013

20 Questions: Mike Rogers’ Vaunted Section 215 Briefings

After the Snowden leaks started, I spent a lot of time tracking bogus claims about oversight. After having pointed out that, contrary to Administration claims, Congress did not have the opportunity to be briefed on the phone dragnet before reauthorizing the PATRIOT Act in 2011, I then noted that in one of the only briefings available to non-HPSCI House members, FBI had lied by saying there had been no abuses of 215.

John Bates’ TWO Wiretapping Warnings: Why the Government Took Its Internet Dragnet Collection Overseas

Among the many posts I wrote on released FISA orders, this is among the most important (and least widely understood). It was a first glimpse into what now clearly appears to be 7 years of FISA violation by the PRTT Internet dragnet. It explains why they government moved much of that dragnet to SPCMA collection. And it laid out how John Bates used FISA clause 1809(a)(2) to force the government to destroy improperly collected data.

Federated Queries and EO 12333 FISC Workaround

In neither NSA nor FBI do the authorities work in isolation. That means you can conduct a query on federated databases and obtain redundant results in which the same data point might be obtained via two different authorities. For example, a call between Michigan and Yemen might be collected via bulk collection off a switch in or near Yemen (or any of the switches between there and the US), as well as in upstream collection from a switch entering the US (and all that’s assuming the American is not targeted). The NSA uses such redundancy to apply the optimal authority to a data point. With metadata, for example, it trained analysts to use SPCMA rather than PATRIOT authorities because they could disseminate it more easily and for more purposes. With content, NSA appears to default to PRISM where available, probably to bury the far more creative collection under EO 12333 for the same data, and also because that data comes in structured form.

Also not widely understood: the NSA can query across metadata types, returning both Internet and phone connection in the same query (which is probably all the more important now given how mobile phones collapse the distinction between telephony and Internet).

This post described how this worked with the metadata dragnets.

The Purpose(s) of the Dragnet, Revisited

The government likes to pretend it uses its dragnet only to find terrorists. But it does far more, as this analysis of some court filings lays out.

2014

The Corporate Store: Where NSA Goes to Shop Your Content and Your Lifestyle

There’s something poorly understood about the metadata dragnets NSA conducts. The contact-chaining isn’t the point. Rather, the contact-chaining serves as a kind of nomination process that puts individuals’ selectors, indefinitely, into the “corporate store,” where your identity can start attracting other related datapoints like a magnet. The contact-chaining is just a way of identifying which people are sufficiently interesting to submit them to that constant, ongoing data collection.

SPCMA: The Other NSA Dragnet Sucking In Americans

I’ve done a lot of work on SPCMA — the authorization that, starting in 2008, permitted the NSA to contact chain on and through Americans with EO 12333 data, which was one key building block to restoring access to EO 12333 analysis on Americans that had been partly ended by the hospital confrontation, and which is where much of the metadata analysis affecting Americans has long happened. This was my first comprehensive post on it.

The August 20, 2008 Correlations Opinion

A big part of both FBI and NSA’s surveillance involves correlating identities — basically, tracking all the known identities a person uses on telephony and the Internet (and financially, though we see fewer details of that), so as to be able to pull up all activities in one profile (what Bill Binney once called “dossiers”). It turns out the FISC opinion authorizing such correlations is among the documents the government still refuses to release under FOIA. Even as I was writing the post Snowden was explaining how it works with XKeyscore.

A Yahoo! Lesson for USA Freedom Act: Mission Creep

This is another post I refer back to constantly. It shows that, between the time Yahoo first discussed the kinds of information they’d have to hand over under PRISM in August 2007 and the time they got directives during their challenge, the kinds of information they were asked for expanded into all four of its business areas. This is concrete proof that it’s not just emails that Yahoo and other PRISM providers turn over — it’s also things like searches, location data, stored documents, photos, and cookies.

FISCR Used an Outdated Version of EO 12333 to Rule Protect America Act Legal

Confession: I have an entire chapter of the start of a book on the Yahoo challenge to PRISM. That’s because so much about it embodied the kind of dodgy practices the government has, at the most important times, used with the FISA Court. In this post, I showed that the documents that the government provided the FISCR hid the fact that the then-current versions of the documents had recently been modified. Using the active documents would have shown that Yahoo’s key argument — that the government could change the rules protecting Americans anytime, in secret — was correct.

2015

Is CISA the Upstream Cyber Certificate NSA Wanted But Didn’t Really Get?

Among the posts I wrote on CISA, I noted that because the main upstream 702 providers have a lot of federal business, they’ll “voluntarily” scan on any known cybersecurity signatures as part of protecting the federal government. Effectively, it gives the government the certificate it wanted, but without any of the FISA oversight or sharing restrictions. The government has repeatedly moved collection to new authorities when FISC proved too watchful of its practices.

The FISA Court’s Uncelebrated Good Points

Many civil libertarians are very critical of the FISC. Not me. In this post I point out that it has policed minimization procedures, conducted real First Amendment reviews, taken notice of magistrate decisions and, in some cases, adopted the highest common denominator, and limited dissemination.

How the Government Uses Location Data from Mobile Apps

Following up on a Ron Wyden breadcrumb, I figured out that the government — under both FISA and criminal law — obtain location data from mobile apps. While the government still has to adhere to the collection standard in any given jurisdiction, obtaining the data gives the government enhanced location data tied to social media, which can implicate associates of targets as well as the target himself.

The NSA (Said It) Ate Its Illegal Domestic Content Homework before Having to Turn It in to John Bates

I’m close to being able to show that even after John Bates reauthorized the Internet metadata dragnet in 2010, it remained out of compliance (meaning NSA was always violating FISA in obtaining Internet metadata from 2002 to 2011, with a brief lapse). That case was significantly bolstered when it became clear NSA hastily replaced the Internet dragnet with obtaining metadata from upstream collection after the October 2011 upstream opinion. NSA hid the evidence of problems on intake from its IG.

FBI Asks for at Least Eight Correlations with a Single NSL

As part of my ongoing effort to catalog the collection and impact of correlations, I showed that the NSL Nick Merrill started fighting in 2004 asked for eight different kinds of correlations before even asking for location data. Ultimately, it’s these correlations as much as any specific call records that the government appears to be obtaining with NSLs.

2016

What We Know about the Section 215 Phone Dragnet and Location Data

During the lead-up to the USA Freedom Debate, the government leaked stories about receiving a fraction of US phone records, reportedly because of location concerns. The leaks were ridiculously misleading, in part because they ignored that the US got redundant collection of many of exactly the same calls they were looking for from EO 12333 collection. Yet in spite of these leaks, the few figured out that the need to be able to force Verizon and other cell carriers to strip location data was a far bigger reason to pass USAF than anything Snowden had done. This post laid out what was known about location data and the phone dragnet.

While It Is Reauthorizing FISA Amendments Act, Congress Should Reform Section 704

When Congress passed FISA Amendments Act, it made a show of providing protections to Americans overseas. One authority, Section 703, was for spying on people overseas with help of US providers, and another was for spying on Americans overseas without that help. By May 2016, I had spent some time laying out that only the second, which has less FISC oversight, was used. And I was seeing problems with its use in reporting. So I suggested maybe Congress should look into that?

It turns out that at precisely that moment, NSA was wildly scrambling to get a hold on its 704 collection, having had an IG report earlier in the year showing they couldn’t audit it, find it all, or keep it within legal boundaries. This would be the source of the delay in the 702 reauthorization in 2016, which led to the prohibition on about searches.

The Yahoo Scan: On Facilities and FISA

The discussion last year of a scan the government asked Yahoo to do of all of its users was muddled because so few people, even within the privacy community, understand how broadly the NSA has interpreted the term “selector” or “facility” that it can target for collection. The confusion remains to this day, as some in the privacy community claim HPSCI’s use of facility based language in its 702 reauthorization bill reflects new practice. This post attempts to explain what we knew about the terms in 2016 (though the various 702 reauthorization bills have offered some new clarity about the distinctions between the language the government uses).

2017

Ron Wyden’s History of Bogus Excuses for Not Counting 702 US Person Collection

Ron Wyden has been asking for a count of how many Americans get swept up under 702 for years. The IC has been inventing bogus explanations for why they can’t do that for years. This post chronicles that process and explains why the debate is so important.

The Kelihos Pen Register: Codifying an Expansive Definition of DRAS?

When DOJ used its new Rule 41 hacking warrant against the Kelihos botnet this year, most of the attention focused on that first-known usage. But I was at least as interested in the accompanying Pen Register order, which I believe may serve to codify an expansion of the dialing, routing, addressing, and signaling information the government can obtain with a PRTT. A similar codification of an expansion exists in the HJC and Lee-Leahy bills reauthorizing 702.

The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion

The title speaks for itself. I don’t even consider Rosemary Collyer’s 2017 approval of 702 certificates her worst FISA opinion ever. But it is part of the reason why I consider her the worst FISC judge.

It Is False that Downstream 702 Collection Consists Only of To and From Communications

I pointed out a number of things not raised in a panel on 702, not least that the authorization of EO 12333 sharing this year probably replaces some of the “about” collection function. Most of all, though, I reminded that in spite of what often gets claimed, PRISM is far more than just communications to and from a target.

UNITEDRAKE and Hacking under FISA Orders

A document leaked by Shadow Brokers reveals a bit about how NSA uses hacking on FISA targets. Perhaps most alarmingly, the same tools that conduct such hacks can be used to impersonate a user. While that might be very useful for collection purposes, it also invites very serious abuse that might create a really nasty poisonous tree.

A Better Example of Article III FISA Oversight: Reaz Qadir Khan

In response to Glenn Gerstell’s claims that Article III courts have exercised oversight by approving FISA practices (though the reality on back door searches is not so cut and dry), I point to the case of Reaz Qadir Khan where, as Michael Mosman (who happens to serve on FISC) moved towards providing a CIPA review for surveillance techniques, Khan got a plea deal.

The NSA’s 5-Page Entirely Redacted Definition of Metadata

In 2010, John Bates redefined metadata. That five page entirely redacted definition became codified in 2011. Yet even as Congress moves to reauthorize 702, we don’t know what’s included in that definition (note: location would be included).

FISA and the Space-Time Continuum

This post talks about how NSA uses its various authorities to get around geographical and time restrictions on its spying.

The Senate Intelligence Committee 702 Bill Is a Domestic Spying Bill

This is one of the most important posts on FISA I’ve ever written. It explains how in 2014, to close an intelligence gap, the NSA got an exception to the rule it has to detask from a facility as soon as it identifies Americans using the facility. The government uses it to collect on Tor and, probably VPN, data. Because the government can keep entirely domestic communications that the DIRNSA has deemed evidence of a crime, the exception means that 702 has become a domestic spying authority for use with a broad range of crimes, not to mention anything the Attorney General deems a threat to national security.

“Hype:” How FBI Decided Searching 702 Content Was the Least Intrusive Means

In a response to a rare good faith defense of FBI’s back door searches, I pointed out that the FBI is obliged to consider the least intrusive means of investigation. Yet, even while it admits that accessing content like that obtained via 702 is extremely intrusive, it nevertheless uses the technique routinely at the assessment level.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

10 Years of emptywheel: Jim’s Dimestore

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

A Better Example of Article III FISA Oversight: Reaz Qadir Khan

/3 Comments/in /by

As debate over reauthorization of Section 702 heats up, both those in favor of reform and those asking for straight reauthorization are making their cases. As part of that, I wrote a summary of the most persistent NSA (and FBI) violations of FISA for Demand Progress, called “Institutional Lack of Candor.” I did a piece for Motherboard based off the report, which also looks at how Rosermary Collyer did not use the leverage of FISA’s exclusivity clause to force NSA to purge improperly accessed data this year.

Meanwhile, NSA’s General Counsel, Glenn Gerstell, just did a speech at University of Texas laying out what he claimed is the judicial oversight over Section 702. There’s one line I find particularly interesting:

Among other things, Section 702 also enables collection of information on foreign weapons proliferators and informs our cybersecurity efforts.

Here, Gerstell appears to be laying out the three known certificates (counterterrorism, counterproliferation, and foreign government). But I wonder whether the “among other things” points to a new certificate, or to the more amorphous uses of the foreign government cert.

As for Gerstell’s argument that there’s sufficient judicial oversight, I find it laughable in several key points.

For example, here’s how Gerstell describes the amicus provision included with USA Freedom Act.

The FISC is entitled to call upon the assistance of amici when evaluating a novel or significant interpretation of the law or when it requires outside technical expertise. This amicus provision, which was added to FISA as part of the USA FREEDOM Act amendments in 2015, enables the court to draw upon additional expertise and outside perspectives when evaluating a proposed surveillance activity, thus ensuring that the FISC’s oversight remains both robust and knowledgeable. The court has designated a pool of experts in national security to serve as amicus curiae at the court’s request. Amici are specifically instructed to provide to the court “legal arguments that advance the protection of individual privacy and civil liberties,” “information related to intelligence collection or communications technology,” or any other legal arguments relevant to the issue before the court.

The FISC’s amicus provisions are more than a mere statutory wink and nod to strong judicial oversight. The court has in fact called upon its amici to assist in evaluating Section 702 activities. In 2015, the FISC appointed an amicus to analyze what the court felt were two novel or significant interpretations of law that arose as part of its review of the government’s annual application for 702 certifications. The first issue involved whether queries of 702 collection that are designed to return information concerning U.S. persons are consistent with statutory and constitutional requirements. The second question involved whether there were any statutory or constitutional concerns about preserving information collected under Section 702 for litigation purposes that would otherwise be subject to destruction under the government’s minimization procedures. On both issues, the FISC carefully considered the views of the amicus, ultimately concluding that both of the proposed procedures were reasonably tailored to protect the privacy of U.S. persons and thus permissible under both the FISA statute and the constitution. [my emphasis]

Gerstell speaks of the amicus provision as newly permitting — “entitled,” “enabled” — the FISC to consult with others. Yet the FISC always had the ability to call amici (in fact it did ask for outside help in the In Re Sealed Case provision and in a few issues in the wake of the Snowden leaks). What was new with the USAF amicus is an affirmative requirement to either use an amicus or explain why it chose not to in any matters that present a “novel or significant interpretation of the law.”

Authorization.–A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate; and

(B) may appoint an individual or organization to serve as amicus curiae, including to provide technical expertise, in any instance as such court deems appropriate or, upon motion, permit an individual or organization leave to file an amicus curiae brief.

It’s true that USAF permits the FISC to decide what counts as new, but in those cases, the law does require one or another action, not simply permit it.

Which is why it’s so funny that Gerstell harps on the inclusion of Amy Jeffress in the 2015 recertification process. Note his silence on the 2016 process, which addressed an issue that (as both my reports above make clear) is far more problematic than the ones Jeffress weighed in on? Collyer simply blew off the USAF requirement, and didn’t get the technical help she apparently badly needed. As I noted, she sort of threw up her hands and claimed there were simply no people with the technical expertise and clearance available to help.

I suspect the Intelligence Community — and possibly even the law enforcement community — will live to regret Collyer’s obstinance about asking for help, if for no other reason than we’re likely to see legal challenges because of the way she authorized back door searches on content she knows to include domestic communications.

Gerstell then goes on to hail Mohamed Mohamud’s challenge to 702 as an example of worthwhile Title III court oversight of the program.

In certain circumstances, challenges to surveillance programs can be brought in other federal courts across the country. One recent court case is particularly illustrative of the review of Section 702 outside of the FISC, and here is how it commenced:

A few years ago, a young man named Mohamed Mohamud was studying engineering at Oregon State University. He had emigrated to the U.S. from Somalia with his family when he was only three, and he later became a naturalized U.S. citizen. He grew up around Portland, Oregon, enjoying many typical American pursuits like music and the Los Angeles Lakers. In 2008, however, he was involved in an incident at Heathrow Airport in London during which he believed he was racially profiled by airport security. This incident set Mohamud on a path toward radicalization. He began reading jihadist literature and corresponding with other Al-Qaeda supporters. In 2010, he was arrested and indicted for his involvement in a plot to bomb the Christmas Tree Lighting Ceremony in Portland, which was scheduled to take place the day after Thanksgiving. He was eventually found guilty of attempted use of a weapon of mass destruction.

After the verdict but before his sentencing, the government provided Mohamud with a supplemental notice that it had offered into evidence or otherwise used or disclosed during the proceedings information derived from Section 702 collection. After receiving this notice, Mohamud petitioned the court for a new trial, arguing that any 702-derived information should be suppressed because, among other reasons, he claimed that Section 702 violated the Fourth Amendment. The federal district court considered Mohamud’s claims before ultimately holding that 702 was constitutional. In so holding, the court found that 702 surveillance does not trigger the Fourth Amendment’s warrant requirement because any collection of U.S. person information occurring as a result of constitutionally permissible 702 acquisitions occurs only incidentally and, even if it did trigger the warrant requirement, a foreign intelligence exception applies. The court also found that “the government’s compelling interest in protecting national security outweighed the intrusion of Section 702 surveillance on an individual’s privacy,” so the 702 collection at issue in that case was reasonable under the Fourth Amendment.

Mohamud appealed the district court’s ruling to the Ninth Circuit, where the Circuit Court again looked at the constitutionality of the 702 collection at issue, with particular scrutiny on incidental collection. The Ninth Circuit concluded that the government’s surveillance in this case was consistent with constitutional and statutory requirements; even if Mohamud had a Fourth Amendment right to privacy in any incidentally-collected communications, the government’s searches were held to be reasonable. [my emphasis]

Look carefully at what Gerstell has argued: he uses a case where DOJ introduced evidence derived from 702, but gave the legally required notice only after the entire trial was over! That is, he’s pointing to a case where DOJ broke the law as proof of how well judicial oversight works.

And that’s important because DOJ has stopped giving 702 notice again (and has never given notice in a non-terrorism case, even though it surely has used derivative information in those cases as well). Without that notice, no defendant will be able to challenge 702 in the designated manner.

Which is why I would point to a different case for what criminal court oversight of SIGINT should look like: that of Reaz Qadir Khan (whose own case was closely linked to that of Mohamud).

At first, Khan tried to force the judge in his case, Michael Mosman, to recuse because he was serving as a FISA judge at the time. Mosman stayed.

Khan then asked for notice from the government for every piece of evidence obtained by the defense, laying out the possible authorities. Things started getting squirrelly at that point, as I summarized here.

Last year, I described the effort by the Reaz Qadir Khan’s lawyers to make the government list all the surveillance it had used to catch him (which, significantly, would either be targeted off a dead man or go back to the period during with the government used Stellar Wind). In October the government wrote a letter dodging most notice. Earlier this year, Judge Michael Mosman (who happens to also be a FISA judge) deferred the notice issues until late in the CIPA process. Earlier this month, Khan plead guilty to accessory to material support for terrorism after the fact.

What I suspect happened is that Mosman, who knows more about FISA than almost all District judges because he was (and still is) serving on the court, recognized that the government had surveillance that deserved some kind of judicial scrutiny (in this case, it probably involved Stellar Wind collection, but also likely included other authorities). So he agreed to deal with it in CIPA.

And just weeks later, Khan got a plea deal.

That’s the way it should work: for a judge to be able to look at surveillance and figure out if something isn’t exactly right or, for exotic interpretations of the law that don’t pass a smell test, and in those cases provide some means for review. Here, the government appears to have gotten uninterested in subjecting its evidence for review and, as is built into CIPA, ended up making a deal instead.

Of course, that rare exception points to one of the problems with FISC.

Gerstell claims that a court that until the Snowden leaks had no Democratic appointees on it boasts a “diversity of backgrounds.”

Recognizing the importance of judicial accountability for foreign intelligence surveillance under FISA, Congress designed a specialized court authorized to operate in secret – the FISC – to encourage rigorous oversight of activities conducted under FISA. Even its structure is deliberately assembled to serve that purpose. FISC judges are selected by the Chief Justice to serve for up to seven years, on staggered terms, which guarantees continuity and subject matter expertise on critical issues. In addition, the FISC is required by statute to be composed of judges drawn from at least seven of the U.S. judicial circuits. This statutory makeup ensures that the FISC includes judges from a diversity of backgrounds and geographic regions, rather than a court that might tend toward unanimity of thought or particular judicial sympathies.

That’s poppycock. The judges tend to be conservative. Importantly, the presiding judges are always from the DC district, not even just the DC neighborhood, such as MD or EDVA.

And remarkably, almost none of the judges on the FISC have presided over terrorism cases (Mosman is from OR, which because of a mosque that the FBI has basically lived in since 9/11, has had more than its share of terrorism cases). Which means the men and women sitting in Prettyman overseeing FISA often have little to no experience on how that data might affect an American’s right to a fair trial two years down the road.

I, like Gerstell, contest the claim that the FISC is generally a rubber stamp. But I do believe it should include more of the judges who actually oversee the trials that may result, because that experience would vastly improve understanding of the import of the review. At the very least, it should include the judges from EDVA who oversee the cases that go through the CIA-Pentagon District, which also includes a great many of the country’s espionage cases.

And most of all, the practice of having one judge, always from DC, review programmatic spying programs by herself should stop. While it is absolutely the case that judges have often shown great diligence, when a judge doesn’t show adequate diligence — as I believe Collyer did not this year — it may create problems that will persist for years.

The FISC is not a rubber stamp. But neither is the judicial oversight of 702 the consistently diligent oversight Gerstell claims.

How FISC Amicus Preston Burton Helped Michael Mosman Shore up FISC’s Authority

/3 Comments/in /by

On November 24, Judge Michael Mosman approved the government’s request to hold onto the Section 215 phone dragnet data for technical assurance purposes for three months, as well as to hold the data to comply with a preservation order in EFF’s challenge to the phone dragnet (though as with one earlier order in this series, Thomas Hogan signed the order for Mosman, who lives in Oregon). While the outcome of the decision is not a surprise, the process bears some attention, as it’s the first time a truly neutral amicus has been involved in the FISC process (though corporations, litigants, and civil rights groups have weighed in various decisions as amici).

In addition to Mosman’s opinion, the FISC released amicus Preston Burton’s memo and the government’s response on December 2; I suspect there may be a Burton reply they have not released.

Minimization procedures

As I noted in September when Mosman first appointed Burton, it wasn’t entirely clear what the FISC was asking him to review. In his order, Mosman explains that he “directed him to address whether the government’s above-described requests to retain and use BR metadata after November 28, 2015, are precluded by section 103 of the USA FREEDOM Act or any other provision of that Act.”

Burton took this to be largely a question about minimization procedures.

Instead, the Act provides that the Court shall decide issues concerning the use, retention, dissemination, and eventual destruction of the tangible things collected under the FISA business records statute as part of its oversight of the statutorily mandated minimization procedures.

He then pointed to a number of the FISC’s more assertive oversight moments over the NSA to argue that the FISC has fairly broad authorities to review minimization procedures.

Although the government is required to enumerate minimization procedures addressing the use, retention, dissemination, and (now) ultimate destruction of the metadata in its applications to the Court, the Court’s review of those procedures is not simply ministerial. And, indeed, Judge Walton’s 2009 orders, cited above, addressing deficiencies in the administration of the call detail record program made clear that the FISA Court may impose more robust minimization procedures. See also Kris, Bulk Collection at 15-17 (discussing FISA Court’s imposition of new restrictions to the telephony program). Likewise, the Court may decline to endorse procedures sought by the government See Opinion at 11-2, In re Application of the FBI for an Order Requiring the Production of Tangible Things, Docket No. BR 14-01 (March 7, 2014) (denying the government’s motion to modify the minimization procedures), amended, Opinion at S, Jn re Application of the FBI/or an Order Requiring the Production a/Tangible Things, Docket No. BR 14-01(March12, 2014). Similarly, Judge Bates found substantial deficiencies in the NSA’ s minimization procedures in Jn Re [Redacted}, 2011 WL l 0945618, at *9 (FISA Ct. Oct. 3, 2011) (Bates J.) (fmding NSA minimization procedures insufficient and inconsistent with the Fourth Amendment). As a result, the NSA amended its procedures, including reducing the data retention in issue in that case (under a differentFISA statute) from five to two years. See In Re [Redacted], 2011WL10947772, at •s (FISA Ct. Nov. 30, 2011) (Bates J.).

Particularly in the case of the two PRTT orders, the government has actually challenged FISC’s roles in imposing minimization procedures (though admittedly FISC’s role under that authority is less clear cut than under Section 215).

Burton argued that USA Freedom Act (which he abbreviated USFA) made that role even stronger.

But the USFA augmented this minimization review authority even more and dispels any suggestion that the Court may not modify the minimization procedures articulated in the government’s application. The statute’s fortification of Judicial Review provisions makes clear that Congress intended for the FISA Court to oversee these issues in the context of imposing minimization procedures that balance the government’s national security interests with privacy interests, including specifically providing for the prompt destruction of tangible things produced under the business records provisions.10 Significantly, USF A § 104 empowers the Court to assess and supplement the government’s proposed minimization procedures:

Nothing in this subsection shall limit the authority of the court established under section 103(a) to impose additional, particularized minimization procedures with regard to the production, retention, or dissemination of nonpublicly available information concerning unconsenting United States persons, including additional particularized procedures related to the destruction of information within a reasonable time period. USFA § 104 (a)(3) (now codified at 50 U.S.C. §1861(g)(3)(emphasis supplied).

That provision applies to all information the government obtains under the business records procedure, not just call detail records. u Moreover, that amendment, set forth in USFA § 104, went into effect immediately, unlike the 180-day transition period for the revisions to the business records sections. See USFA § 109 (amendments made by §§ 101-103 take effect 180 days after enactment).12

As I said, that’s the kind of argument the government has been arguing against for 11 years, most notably in the two big Internet dragnet reauthorizations (admittedly, FISC’s role in minimization procedures there is less clear, but there is similar language about not limiting the authority of the court).

Burton sneaks in some real privacy questions

Having laid out the (as he sees it) expansive authority to review minimization procedures, Burton then does something delightful.

He poses a lot of questions that should have been asked 9 years ago.

Because of the significant privacy concerns that motivated Congress to amend the bulk collection provisions of the statute, however, the undersigned respectfully submits that, the Court should consider requiring the government to answer more fully fundamental questions regarding:

  • The current conditions, location, and security for the data archive.
  • The persons and entities to whom the NSA has given access to information provided under this program and whether that shared information will also be destroyed under the NSA destruction plan (and, if not, why not?).
  • What oversight is in place to ensure that access to the database is not “analytical” and what the government means by “non-analytical.”
  • Why testing of the adequacy of new procedures was not completed by the NSA (and whether it was even initiated) during the 180-day transition period.
  • How the government intends to destroy such information after February 29, 2016, (its proposed extinction date for the database) independent of the resolution of any litigation holds.
  • Whether the contemplated destruction will include only data that the government has collected or will include all data that it has analyzed in some fashion.

Remember, by the time Burton wrote this, he had read at least the application for the final dragnet order, and the answers to these questions were not clear from that (which is where the government lays out its more detailed minimization procedures). Public releases have made me really concerned about some of them, such as how to protect non-analytical queries from being used for analytical purposes. NSA has had tech people do analytical queries in the past, and it doesn’t audit tech activities. Similarly, when the NSA destroyed the Internet dragnet data in 2011, NSA’s IG wasn’t entirely convinced it all got destroyed, because he couldn’t see the intake side of things. So these are real issues of concern.

Burton also asked questions about the necessity behind keeping data for the EFF challenges rather than just according the plaintiffs standing.

If this Court chooses to follow Judge Walton’s approach and defer to the preservation orders issued by the other courts, the Court nonetheless should address a number of questions before deciding whether to grant the government’s preservation request:

  • Why has the government been unable to reach some stipulation with the plaintiffs to preserve only the evidence necessary for plaintiffs to meet their standing burden? Consider whether it is appropriate for the government to retain billions of irrelevant call detail records involving millions of people based on, what undersigned understands from counsel involved in that litigation, the government’s stubborn procedural challenges to standing — a situation that the government has fostered by declining to identify the particular telecommunications provider in question and/or stipulate that the plaintiff is a customer of a relevant provided.
  • As Judge Walton identified when he first denied the modification of the minimization procedures to extend the duration of preservation, the continued retention of the data at issue subjects it to risk of misuse and improper dissemination. The government should have to satisfy the Court of the security of this information in plain and meaningful terms.

(Notice how he assumes the plaintiffs might have standing which, especially for First Unitarian Church plaintiff CAIR, they should.)

Finally, perhaps channeling the justified complaint of all the tech people who review these kinds of policy questions, Burton suggested the FISC really ought to be consulting with a tech person.

This case, due to the relatively limited period of time sought by the government to accomplish its stated narrow purpose, likely does not require a difficult assessment of the reasonableness of the government’s technical retention request. To evaluate even such a limited request, however, the Court may wish to consider availing itself of technical expertise from national security experts or computer technology experts. Technical expertise is an amicus category contemplated by Congress in its reform of the FISA statutes. 50 U.S.C. § 1803 (i)(2)(B), as amended by USF A Section 401. That section alone suggests congressional expectation of greater judicial oversight of the government’s surveillance program and requests. See USF A § 401; see also Kris, Bulk Collection at 3 7 (contemplating theoretical procedures for cross-examining NSA engineers as one example of the challenges in implementing a more adversarial system for the FISA Court).

Burton ended his memo reiterating his recommendation that FISC get more information.

In light of the significant privacy interests affected by the creation and retention of the database, the undersigned urges the Court as part of its statutory oversight of the minimization procedures to demand full and meaningful information concerning the condition of the data at issue, the data’s security, and its contemplated destruction as a condition of any retention beyond November 28, 2015.

The government is not amused

Predictably, the government balked at Burton’s invitation to use his expansive reading of the authority of the FISC to review minimization procedures to bolster the current ones.

Amicus curiae’ s analysis of Section 104 of the USA FREEDOM Act could be interpreted as suggesting an opportunity for the Court to re-examine the minimization procedures applicable for other business records productions in this proceeding. Consistent with the Court’s order appointing amicus curiae, the Government has limited its response to the issue identified in that order.

Frankly, I’m not sure what the government distinguishes between Burton’s proposal to reexamine existing minimization procedures and what is covered by the order in question, because they do respond to a number of the questions he raised in his brief.

For example, they provide these details about where the dragnet lives (which, as it turns out, is at Fort Meade, not the UT data center).

As described in the Application in docket number BR 15-99 and prior docket numbers, NSA stores and processes the bulk call detail records in repositories within secure networks under NSA’ s control. Those repositories (servers, networked storage devices, and backup tapes in locked containers) are located in NSA’s secure, access-controlled facilities at Fort George G. Meade, Maryland. As further described in those applications, NSA restricts access to the records to authorized personnel who have received appropriate and adequate training. Electronic access to the call detail records requires a user authentication credential. Physical access to the location where NSA stores and processes the call detail records requires an approval by NSA management and must be conducted in teams of no less than two persons.

Also note that there is currently a requirement that techs access the raw data in two person teams. That is likely a change that post-dates Snowden.

Curiously, the NSA says they can destroy all the phone dragnet data in a month.

NSA anticipates it can complete destruction of the bulk call detail records and related chain summaries within one month of being relieved of its litigation preservation obligations.

They appear to have taken far less time to destroy the Internet dragnet data, further supporting the appearance they did it very hastily to avoid having to report back to John Bates on the status of their dragnet.

Finally, they make clear what had already been clear to me: the existing query results will remain at NSA.

Information obtained or derived from call detail records which has been previously disseminated in accordance with approved minimization procedures will not be recalled or destroyed.2 Also, select query results generated by pre-November 29, 2015, queries of the bulk records that formed the basis of a dissemination in accordance with approved minimization procedures will not be destroyed.

2 This practice does not differ from similar circumstances where, for example Court-authorized electronic surveillance and/or physical search authorities under Title I or III expire. While raw (unminimized) information is handled and destroyed in accordance with applicable minimization procedures, prior authorized disseminations and the material underpinning those disseminations are not recalled or otherwise destroyed.

This means that everyone within two or three degrees of a target that the NSA has found interesting — potentially over the last decade — will remain available and subject to NSA’s analytical toys from here on out.

Let’s hope CAIR gets standing to challenge what has happened to their IDs then.

Which may be why the government gets snippiest in response to Burton’s question about why they’re going to keep billions of phone records rather than just reach some accommodation with EFF.

The suggestions by amicus curiae that this Court address (or perhaps even resolve) significant substantive questions at issue in underlying civil litigation,, see Amicus Mem. of Law at 27, are exactly the kinds of inquiries the Court previously recognized were inappropriate for it to resolve. Opinion and Order, docket number BR 14-01at5 (“it is appropriate for [the district court for the Northern District of California], rather than the FISC, to determine what BR metadata is relevant to that litigation”). This Court should adopt the same view. In particular, the suggestion that the Government disclose national security information concerning the identity of providers, information subject to a pending state secrets privilege assertion, is inappropriate, and the suggestion by amicus that the government stipulate to Article III standing in those cases is unfounded as a matter of law. Finally, the suggestion that preservation of bulk call detail records can be limited solely to the plaintiffs in multiple pending putative class actions is entirely unworkable. For the reasons more particularly set out above, until the Government is relieved of its preservation obligations, the data is secure.

Which leads me to the detail that makes me suspect there’s a second Burton filing the government hasn’t released (I’ve asked NSD but gotten no answer, and in his opinion Mosman says only “Mr. Burton and the government submitted briefs addressing this question,” leaving open the possibility Burton submitted two): After finding no reason to hold a hearing on the issue of restarting the dragnet during the summer, Mosman did hold a hearing here (though it’s not clear whether Burton attended or not). At the hearing, Mosman ordered the government to try to come up with a way to destroy the dragnets, which it will do by January 8.

During the hearing held on November 20, 2015, the Court directed the government to submit its assessment of whether the cessation of bulk collection on November 28, 2015, will moot the claims of the plaintiffs in the Northern District of California litigation relating to the BR Metadata program and thus provide a basis for moving to lift the preservation orders. The Court further directed the government to address whether, even if the California plaintiffs’ claims are not moot, there might be a basis for seeking to lift the preservation orders with respect to the BR Metadata that is not associated with the plaintiffs. The government intends to make its submission on these issues by January 8, 2016.

And, as Mosman’s opinion makes clear, he ordered them to write up a free-standing copy of the minimization procedures that will govern the dragnet data retained from here on out.

The minimization procedures that the government proposes using after the production ceases on November 28, 2015 are in important respects substantially more restrictive than those currently in effect. The procedures that will apply after November 28, which were initially included as part of the broader set of procedures set forth in the application, were resubmitted by the government in a standalone document on November 24, 2015 (“November 24, 2015 Minimization Procedures”).

They would have submitted them on the day Mosman (via Hogan’s signature) approved the request to keep the data. In other words, Mosman made the government generate a document to make it crystal clear the more restrictive rules apply to the dragnet going forward.

The value of the amicus

Whether it was Mosman’s intent when he appointed Burton or not (remember, for better and worse, under USAF the amicus has to do what the FISC asks), his appointment served several purposes.

First, it set Mosman up to make it very clear that the FISC sees the minimization procedures required under USAF do give the FISC expanded authority.

The USA FREEDOM Act made several minimization-related changes to Section 1861. For instance, Section 1861 now provides that, before granting a business records application, the Court must expressly find that the minimization procedures put forth by the government “meet the definition ofminimiz.ation procedures under subsection (g).” See Pub. L. No. 114-23, § 104(a)(l), 129 Stat. at 272. This change is not substantive, however, as such a finding was previously implicit in the broader finding required by Section 1861 ( c )(1) – i.e, “that the application meets the requirements of subsection (a) and (b).” Among the requirements of subsection (b) was – and still is – the requirement that the application include an enumeration of Attorney General-approved minimization procedures that meet the definition set forth in subsection (g). Another change is the addition of a “rule of construction” confirming the Court’s authority “to impose additional, particularized minimization procedures with regard to the production, retention, or dissemination” of certain information regarding United States persons, including “procedures related to the destruction of information within a reasonable time period.” See id. § 104(a)(2), 129 Stat. at 272. A third new provision that takes effect on November 29, 2015, states that orders compelling the ongoing, targeted production of “call detail records” must direct the government to adopt minimization procedures containing certain requirements relating to the destruction of such records. See id Pub. L. No. 114-23, § 10l(b)(3)(F)(vii), 129 Stat. at 270-71.

Remember, it took 7 years — including 4 years of FISC-imposed minimization requirements and reviews — before the government met the requirements of the law as passed in 2006. Significantly, Burton got a classified version of the IG report laying out that delay to read, so he surely knows more about that delay than we do.

In addition, Burton set up the FISC to demand more assurances from the government and — potentially — to push it to come to some more reasonable accommodation with EFF than they otherwise might. Remember, when presiding over the criminal case of Raez Qadir Khan, Mosman was going to grant CIPA discovery on the surveillance used to catch Khan, some of which almost certainly included one (Stellar Wind) or another (the PRTT Internet dragnet) of the illegal dragnets, which led almost immediately to a plea deal.

I’m, frankly, pleasantly surprised. Whether it was Mosman’s intent or not, even picking someone without an obvious brief for privacy, Burton helped Mosman shore up the authority of the FISC to ride herd over government spying (and given Judge Hogan’s involvement along the way, he presumably did so with the assent of the presiding FISC judge).

In any case, Mosman was happy with how it all worked out, as he included this footnote in his opinion.

The Court wishes to thank Mr. Burton for his work in this matter. His written and oral presentations were extremely informative to the Court’s consideration of the issues addressed herein. The Court is grateful for his willingness to serve in this capacity.

John Bates, speaking inappropriately on behalf of the FISA Court during USAF debates, squealed mightily about the role an amicus had. Admittedly, the current form is closer to what Bates (who I’ve always suspected was speaking on behalf of John Roberts more than the court) wanted than what reformers wanted.

But at least in this instance, the amicus helped the FISC shore up its authority vis a vis the government.

Update: Richard Posey notes the reference to Burton’s “oral” presentations in the thank you footnote, which suggests he was at the November 20 hearing.  Read more

Michael Mosman’s Interesting 10 Days

/2 Comments/in /by

On November 24, 20114, Oregon District Court Judge Michael Mosman issued a somewhat curious order explaining his decision, issued 3 days earlier, not to grant Raez Qadir Khan notice of all the surveillance authorities used to investigate him.

While Mosman loves efficiency, he explained, the time was not yet ripe for the issues raised in Khan’s effort to learn how he had been linked to an associate who had conducted a suicide bombing in Pakistan in 2009. But — Mosman promised —

The day will come when the standing, collection, and other issues foreshadowed in this motion will be litigated in this case. Due to the constraints of CIPA, properly applied in this case, that day will come in the next round of motions, without the narrowing of issues that detailed disclosure would allow.

Ten days after signing that order, Mosman signed another one: the latest authorization for the dragnet. In doing so, not only did he authorize the collection of Khan and Khan lawyer Amy Baggio’s call records (as well as those of ACLU lawyers Jameel Jaffer and Pat Toomey; they joined this case in mid-December) — remember that Khan’s conversations with several lawyers were spied on by FBI over the course of their investigation with him.

But by signing the order, Mosman also signed something that has long been in the dragnet orders but — as far as I can tell — utterly ignored: that it envisions the use of the dragnet for exculpatory information.

Early in this case, Khan challenged Mosman’s ability to serve both as trial judge and as FISC judge, a challenge Mosman dismissed.

It will be interesting to see how he handles both roles going forward.