Posts

Imagine the Administration Lying to Congress about the Dragnet

/11 Comments/in , /by

As fundraising week comes to a close, please support this site

In a piece bemoaning the possibility that the dragnet programs created in secret might be scaled back now that citizens know what they entail, Ben Wittes lets his imagination run wild.

Imagine you were a high-level decision-maker in a clandestine intelligence agency. Imagine that you had played by the rules Congress had laid out for you, worked with oversight mechanisms to fix errors when they happened, and erected strict compliance regimes to minimize mistakes in a mind-bogglingly complex system of signals intelligence collection. Imagine further that when the programs became public, there was a firestorm anyway. Imagine that nearly half of the House of Representatives, pretending it had no idea what you had been doing, voted to end key collection activity. Imagine that in response to the firestorm, the President of the United States—after initially defending the intelligence community—said that what was really needed was more transparency and described the debate as healthy. Imagine that journalists construed every fact they learned in light of the need to keep feeding at the trough of a source who had stolen a huge volume of highly classified materials and taken it to China and Russia. [my emphasis]

Now, Ben sets up a few straw men here: journalists may have gotten some details wrong, but they’re probably doing better on accuracy than the Agencies that have all the information at hand, which continue to tell easily demonstrable lies. He suggests Obama is interested in debate, abundant evidence to the contrary. He excuses the NSA’s compliance problems because of complexity, when they introduced that complexity to make programs do what they legally weren’t supposed to (for example, allowing illegal access via 3 other systems and by 3 other agencies and inventing a pre-archive archive to skirt the rules in the case of the phone dragnet program). He suggests the NSA played by Congress’ rules, when in fact the FISC sets rules, and it says the government has repeatedly violated those rules and “misrepresented” claims about doing so.

But those straw men are nothing compared to the claim that those in the House who voted to defund the phone dragnet were “pretending it had no idea what you had been doing.”

The record shows that the 2011 PATRIOT Act extension was passed with the support of 65 people — enough to make the difference in the vote — who had had no opportunity to learn about the Section 215 dragnet except at hearings that didn’t provide notice of what they would present. Moreover, the record shows that when someone at one of (the only one of?) those hearings asked a question specifically designed to learn about problems with the dragnet, here’s what happened.

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

Then FBI Director Robert Mueller and then-General Counsel Valerie Caproni (the Administration waited to release the dragnet materials Monday almost until the second Caproni got confirmed to lifetime tenure as a judge) gave that answer in spite of the fact that Mueller had to submit a declaration to Judge Reggie Walton to explain why the program was important enough to keep in spite of the many abuses. Walton ordered that declaration, in part, because the government’s explanations about their gross violations “strain[] credulity,” according to Walton. And one of the abuses involved FBI getting access to this data directly.

But FBI knows nothing, Colonel Klink.

And even in what notice the government made somewhat available to Congress (but which Mike Rogers did not pass on), it provided just a one paragraph description of the abuses that would take a page to lay out in skeleton bullet form.

In other words, the record shows that many of those who voted against the dragnet in fact had no idea what the government had been doing, both about the dragnet itself, and about the abuses of the dragnet program.

And note, when almost half the House voted to defund the dragnet, they still hadn’t been informed of the full extent of these abuses (because the Administration was withholding the relevant opinions).

Congress is moving to rein in a program that the Executive Branch operated illegally for 5 years, then operated with FISC sanction for 7 years while abusing the terms of that sanction for at least 3 years. In Wittes imagination, that’s a bad thing.

Update: Also note Valerie Caproni got briefed on these abuses January 23, 2009.

20 Questions: Mike Rogers’ Vaunted Section 215 Briefings

/1 Comment/in , /by

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

That exchange is, according to DOJ’s Congressional Affairs Office, the level of detail offered up at a May 13, 2011 briefing of the House Republican Caucus regarding the PATRIOT Act provisions the House would vote to reauthorize less than two weeks later.

The questioner — who is not identified — may have been talking about comments Russ Feingold made way back on October 1, 2009, as part of the previous reauthorization of the PATRIOT Act (remember, by this point, Feingold was no longer in the Senate). Here are the things Feingold said about Section 215 in that Senate Judiciary Committee markup.

I remain concerned that critical information about the implementation of the Patriot Act remains classified. Information that I believe, would have a significant impact on the debate….. There is also information about the use of Section 215 orders that I believe Congress and the American People deserve to know. It is unfortunate that we cannot discuss this information today.

Mr Chairman, I am also a member of the intelligence Committee. I recall during the debate in 2005 that proponents of Section 215 argued that these authorities had never been misused. They cannot make that statement now. They have been misused. I cannot elaborate here. But I recommend that my colleagues seek more information in a classified setting.

I want to specifically disagree with Senator Kyle’s [sic] statement that just the fact that there haven’t been abuses of the other provisions which are Sunsetted. That is not my view of Section 215. I believe section 215 has been misused as well.

Given the context, it is unclear whether Feingold referred to use of Section 215 for things they shouldn’t have, use of it to authorize bulk collection generally, or in the compliance issues identified in 2009 on which the Administration had recently briefed the Intelligence Committee. But his suggestion that the Senate Judiciary Committee was getting less detailed briefings than the Senate Intelligence Committee at that point is consistent with DOJ’s 2009 notice to Congress on the dragnet, which said, “The [compliance] incidents, and the Court’s responses, were also reported to the Intelligence Committees in great detail,” with no mention of similarly detailed briefings to SJC (the 2011 letter indicates that by that point SJC was getting detailed briefings as well). This, in turn, suggests he was referring to dragnet-related violations.

Regardless of what Feingold meant, though, he tied misuse very closely to the secret use of Section 215 to conduct dragnet collection of all Americans’ phone records. Feingold’s other public statements about Section 215 focus even more closely on the secret dragnet application of it.

In other words, this appears to have been a question attempting to get at the secret application of the PATRIOT Act that Feingold, along with Ron Wyden and people like Jerry Nadler, had been warning about. This appears to have been an attempt to learn about a topic that — in 2009, at least — DOJ had “agree[d] that it is important that all Members of Congress have access to information about this program” (DOJ didn’t include such blather in its 2011 notice).

Exactly 100 days before the briefing at which this question was asked, DOJ had sent House Intelligence Chair Mike Rogers (who appears to have convened this briefing) a letter noting, “In 2009, a number of technical compliance problems and human implementation errors in these two bulk collection programs were discovered as a result of Department of Justice (DOJ) reviews and internal NSA oversight.”

Yet in response to a query clearly designed to elicit both the existence of the dragnet program and details on problems associated with it, FBI Director Robert Mueller and then-General Counsel Valerie Caproni (and/or whatever staffers were with them) said, to the Bureau’s knowledge, there had been no abuses. Perhaps, then, as now, they’re relying on the claim that none of these compliance issues were willful — the letter said they weren’t intentional or bad-faith — to avoid telling members of Congress about problems with the program.

Remember, this is one of the (and may have been the only) briefings that Mike Rogers now claims provided adequate substitute for letting House members know about the letter describing the dragnet and the compliance problems associated with it. Rogers’ House Intelligence spokesperson, Susan Phalen, has claimed those briefings “not only covered all of the material in the letter but also provided much more detail.” (As far as I’ve been able to tell from the FOIA production to the ACLU, there was no similar briefing for the Democratic caucus, though FOIA production tends to be incomplete; one Democratic Congressman, Hansen Clarke, attended the Republican briefing.)

And DOJ’s own records of the briefing make it clear that when someone tried, however inartfully, to learn about the program, Mueller and Caproni obfuscated about the compliance issues and possibly the existence of the dragnet itself.

This is a concrete example of what both Justin Amash and Ron Wyden have described as a game of 20 questions briefers play in these briefings. The questioner raised one of the few public hints about the dragnet program to ask the FBI about it, and the FBI responded in a manner very similar to the way James Clapper did in March, when he lied to the SSCI.

Now, we don’t know what remains behind the redactions in the briefing, but there is one other piece of evidence that this briefing, at least, didn’t even touch on the dragnet. If you look at all 5 closed briefings turned over in production to ACLU, two — a February 28, 2011 briefing for SJC and a March 17, 2011 briefing for the House Intelligence Committee — were deemed classified “per OGA letter dated 4/26/2012.” The acronym “Other Government Agency” is usually used to refer to CIA, but in this context, where we now know NSA played a central role but revealing that role last year would have disclosed significant new details about the secret application of Section 215, it may well refer to NSA. Those briefings also redacted the identities of some briefers which, again, may be classified to hide the NSA’s role in this program.

If all this speculation is correct, then it means there was no mention of the NSA in the briefing for the Republican caucus. If there was no mention of NSA, then they really couldn’t have explained the program (both the 2009 and 2011 notices make extensive reference to the NSA).

In any case, what remains unredacted is quite clear. Someone at that briefing — the briefing that Mike Rogers’ staffer claims offered more information than had been provided in the DOJ letter — tried to learn about problems with the secret program. And they got stonewalled in response.

Was the person who asked this question and got an incomplete answer one of the 65 people who would go on to reauthorize the PATRIOT Act having had no way of learning about the program and its compliance problems?

James Cole: “Of Course We’d Like Records of People Buying” Pressure Cookers

/8 Comments/in , /by

Now that the Suffolk cops have revealed they investigated Michele Catalano’s family because of a tip from her husband’s former employer about his Google searches and not FBI or NSA analysis of Google data themselves, a lot of people are suggesting it would be crazy to imagine that the Feds might have found Catalano via online searches.

Which is funny. Because just a day before this story broke, this exchange happened in the Senate between Senate Judiciary Chair Patrick Leahy and Deputy Attorney General James Cole. (after 1:45, though just before this exchange Leahy asks whether DOJ could use Section 215 to obtain URLs and bookmarks, among other records, which Cole didn’t deny)

Leahy: But if our phone records are relevant, why wouldn’t our credit card records? Wouldn’t you like to know if somebody’s buying, um, what is the fertilizer used in bombs?

Cole: I may not need to collect everybody’s credit card records in order to do that.

[snip]

If somebody’s buying things that could be used to make bombs of course we would like to know that but we may not need to do it in this fashion.

This is not a surprise. It comes two years after Robert Mueller confirmed they use Section 215 to collect “records relating to the purchase of hydrogen peroxide,” a TATP precursor.

So while we may not know how the government currently collects records relating to the purchase of fertilizer, acetone, hydrogen peroxide or — yes, after Boston, probably also pressure cookers and maybe even fireworks — and we don’t know just how broadly it collects such records, we do know that “of course” DOJ “would like to know … if somebody’s buying things that could be used to make bombs.”

So just one day ago, Cole didn’t deny they could use Section 215 to get search URLs, he affirmed they would want to get records of bomb-making materials.

He just didn’t tell us how they might do those things.

DOJ Responds to Non-Intell Committee Member of Opposition Party, But Not Intell Committee Member of President’s Party

/4 Comments/in , , /by

On June 20, Rand Paul started seeking more information about how the FBI used drones. On July 9, he sent a second letter to find out about the FBI’s use of drones. After placing a hold on Jim Comey’s nomination to be FBI Director, Paul got results, with an unclassified letter admitting FBI had used drones 10 times, and a classified letter that presumably provided more detail. While Paul wasn’t satisfied with that information — he sent a follow-up asking when the FBI considers drones to impinge on reasonable expectations of privacy — he at least did get a letter. He released his hold and voted against Comey’s nomination.

Compare that to Ron Wyden, a member of the Intelligence Committee and of the President’s own party.

After meeting with Comey on July 18, Wyden sent Comey (care of DOJ’s Legislative Affairs Office) a letter on July 22 asking:

  • Whether the program that led to the hospital confrontation was the Internet metadata program and whether his concerns about it had been adequately address
  • Whether the Comey was satisfied with the way the government carried out surveillance activities during his tenure as Deputy Attorney General or whether he wished he had done more to rein them in
  • Whether the 2001 AUMF allowed the President to collect communications of Americans inside the US without a warrant
  • Whether collection of Americans’ phone record has any impact on their privacy and whether it is justified even if does not provide unique value
  • Whether he commits to giving a straight answer about how much evidence the FBI needs to track geolocation

DOJ’s Office of Legislative Affairs wrote Wyden back on July 29, basically saying, “Mr. Comey is not in a position to respond to the additional questions in your letter” in part because he “is not able to determine whether your questions implicate information that remains classified.”

Of course, several of these questions go to Comey’s fitness to be FBI Director and pertain to activities he knows better than anyone else. Others ask about his belief, something that doesn’t require classified information to share.

Wyden voted “present” for Comey’s nomination.

Mind you, Wyden didn’t wait as long as Paul before he got a far less responsive response. And he didn’t place a hold on Comey’s nomination (though given the almost unanimous support for Comey, a hold really wouldn’t have done much to delay the nomination).

Still, Wyden asked Comey questions that go far more directly to Comey’s own qualifications to be FBI Director. He asked Comey questions that he, as a member of the Intelligence Committee, should be able to get answers on.

And he got squat.

FISC Opinions as Legal Cover

/7 Comments/in /by

WSJ has a story on how the FISA Court came to render the phrase “related to” — which has been used for 7 years to collect the phone records of almost all Americans — entirely meaningless.

The history of the word “relevant” is key to understanding that passage. The Supreme Court in 1991 said things are “relevant” if there is a “reasonable possibility” that they will produce information related to the subject of the investigation. In criminal cases, courts previously have found that very large sets of information didn’t meet the relevance standard because significant portions—innocent people’s information—wouldn’t be pertinent.

But the Foreign Intelligence Surveillance Court, FISC, has developed separate precedents, centered on the idea that investigations to prevent national-security threats are different from ordinary criminal cases. The court’s rulings on such matters are classified and almost impossible to challenge because of the secret nature of the proceedings. According to the court, the special nature of national-security and terrorism-prevention cases means “relevant” can have a broader meaning for those investigations, say people familiar with the rulings.

The story specifically says FISC issued the decision authorizing the use of Section 215 to collect phone records in May 2006, in the wake of the exposure of Dick Cheney’s illegal dragnet (and after Congress had included the “relevant to” language in the PATRIOT Act reauthorization).

But in May 2006, the secret court agreed that, even with the addition of the word “relevant,” bulk phone records could also be collected under the law.

The legal interpretations required to make this change were “aggressive,” says Timothy Edgar, a former top privacy lawyer at the Office of the Director of National Intelligence and the National Security Council in the Bush and Obama administrations. Still, considering that the program previously had less congressional or court oversight, many lawmakers saw this as a step forward, he says.

“It wasn’t seen that we’re pushing the boundaries of surveillance law here,” Mr. Edgar says. “It was the very opposite. You’re starting from a huge amount of unilateral surveillance and putting it on a much sounder legal basis.”

Indeed, the way Edgar justifies this crazy distortion of the term “relevant” is by pointing to Cheney’s illegal program, as if that made it right.

But WSJ also describes this May 2006 decision as one in a series of decisions starting in “mid-2000s.”

In classified orders starting in the mid-2000s, the court accepted that “relevant” could be broadened to permit an entire database of records on millions of people, in contrast to a more conservative interpretation widely applied in criminal cases, in which only some of those records would likely be allowed, according to people familiar with the ruling.

The timing is significant. Remember, FBI hadn’t used Section 215 in the post-9/11 era until the period Jack Goldsmith and Jim Comey started challenging the illegal program’s legality; FBI got their first Section 215 order approved — MIRACLES! — on May 21, 2004. FBI at least temporarily sidestepped DOJ’s Office of Intelligence Policy and Review to employ this standard.

On March 23, 2004 at noon, less than two weeks after the dramatic hospital confrontation and threats to quit reportedly got the Administration to agree to stop data mining Americans, FBI Director Robert Mueller had a meeting with Dick Cheney, at the Vice President’s request, in the Vice President’s office. In his notes, Mueller doesn’t describe what the VIce President wanted, nor am I aware that it has even been reported in the press.

The next day, the Chief Division Counsel of some Division of the FBI wrote a memo to the FBI General Counsel noting that FBI was using a “new standard” with Section 215 of the PATRIOT Act and indicating that a “recent decision” had been made to bypass the review of the Office of Intelligence Policy and Review on Section 215 applications.

In part, the apparent decision to bypass OIPR, which had rejected the premise of the previous Section 215 orders FBI had submitted in the past, reflected no more than a concerted effort on FBI’s part to make sure it could start using all the PATRIOT authorities it had been granted in 2001 in anticipation of renewal discussions that would take place the following year. Yet the timing of this change is particularly curious, given that we now know Section 215 has been used to collect data that could be used for data mining Americans, precisely the problem that had caused the hospital confrontation 12 days earlier.

At the very least, however, it shows that sometime around the same time as Jim Comey and others at DOJ tried to stop the data mining of Americans under NSA’s illegal program, FBI claimed to have eliminated one review step for Section 215 orders and changed the standard used for them. That reference notwithstanding, DOJ Inspector General at least reported that OIPR continued to have a role. (Note, the office that got cut out of the process, OIPR, is where one of the key whistleblowers on the illegal program, Thomas Tamm worked, though I have asked him if he knew whether they used Section 215 to accomplish the same program and he didn’t know anything about it.)

On May 21, 2004, just as the the confrontation was settling down, FBI got its first Section 215 order approved. MIRACLES! the memo subject line read. “We got our first business record order signed today. It only took two and a half years.”

And consider the other odd thing about all this. There is a part of FISA specifically designed to return phone records, the Pen Register/Trap & Trace procedure (the one used starting in 2004 for Internet metadata). So why didn’t they use that?

In any case, this increasingly appears to be the end result of an effort on the part of FISC to remain relevant by distorting law in secret, in the hopes that an unconstitutional expansion of the law in secret was better than actually stopping an illegal program conducted by bypassing the court altogether.

The reason the law is so twisted is because no one wanted to — or believed they had the ability to –rein in gross violations of law conducted by Dick Cheney.

Tasers with Wings

/12 Comments/in /by

I’ve been focusing on Edward Snowden’s NSA revelations, but I didn’t want this tidbit of news to go unnoticed. Among the other documents EFF has gotten in its FOIA on drones in the United States is a planning document for Customs and Border Patrol’s use of the  Predator drone. In it, there’s one line that suggests future upgrades (the report dates to 2010) might include non-lethal immobilization technology.

Customs & Border Protection (CPB) report, released in response to EFF’s Freedom of Information Act lawsuit against the agency, shows CBP has considered adding weapons to its domestic Predator drones.

The report, titled “Concept of Operations for CBP’s Predator B Unmanned Aircraft System” and submitted to Congress on June 29, 2010 shows that, not only is the agency planning to sharply increase the number of Predator drones it flies and the amount of surveillance it conducts by 2016 (detailed further in a separate blog post tomorrow), but it has considered equipping its Predators with “non-lethal weapons designed to immobilize” targets of interest. (p. 63).

And remember: CBP loans out its drones to other Federal agencies. I suspect when Robert Mueller testified recently that FBI had used drones he had CBP ones in mind.

So the next time LAPD uses loaner drones in a manhunt across Southern California, that drone may well be armed with industrial sized tasers.

 

How David Addington Hid the Document Implicating George Bush in Illegal Wiretapping

/24 Comments/in /by

On December 16 and December 20, 2005, respectively — just days after the NYT revealed its existence — EPIC and ACLU FOIAed DOJ for documents relating to George Bush’s (really, Dick Cheney’s) illegal wiretap program (National Security Archive also FOIAed, though more narrowly). Among other documents, they requested, “any presidential order(s) authorizing the NSA to engage in warrantless electronic surveillance.” Yet in spite of the fact that the ACLU was eventually able to get DOJ to cough up some of the OLC memos that provided a legal rationale for the program, no presidential order was ever turned over. I don’t believe (though could be mistaken) it was even disclosed in declarations submitted by Steven Bradbury in the suit.

There’s a very good (and, sadly, legal) reason for that. According to the 2009 NSC draft IG report the Guardian released yesterday, it’s not clear DOJ ever had the Authorization. The White House is exempt from FOIA, and it’s likely that NSA could have withheld the contents of the Director’s safe from any FOIA, which is where the hard copy of the Authorization was kept.

It’s worth looking more closely at how David Addington guarded the Authorization, because it provides a lesson in how a President can evade all accountability for unleashing vast powers against Americans, and how the National Security establishment will willingly participate in such a scheme without ensuring what they’re doing is really legal.

The IG report describes the initial Authorization this way:

On 4 October 2001, President George W. Bush issued a memorandum entitled “AUTHORIZATION FOR SPECIFIED ELECTRONIC ACTIVITIES DURING A LIMITED PERIOD TO DETECT AND PREVENT ACTS OF TERRORISM WITHIN THE UNITED STATES.” The memorandum was based on the President’s determination that after the 11 September 2001 terrorist attacks in the United States, an extraordinary emergency existed for national defense purposes.

[snip]

The authorization specified that the NSA could acquire the content and associated metadata of telephony and Internet communications for which there was probable cause to believe that one of the communicants was in Afghanistan or that one communicant was engaged in or preparing for acts of international terrorism. In addition, NSA was authorized to acquire telephone and Internet metadata for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States. NSA was allowed to retain, process, analyze and disseminate intelligence from the communications acquired under the authority.

And while the NSA IG report doesn’t say it, the Joint IG Report on the program (into which this NSA report was integrated) reveals these details:

Each of the Presidential Authorizations included a finding to the effect that an extraordinary emergency continued to exist, and that the circumstances “constitute an urgent and compelling governmental interest” justifying the activities being authorized without a court order.

Each Presidential authorization also included a requirement to maintain the secrecy of the activities carried out under the program.

David Addington’s illegal program

While the Joint report obscures all these details, the NSA IG report makes clear that Dick Cheney and David Addington were the braintrust behind the program.

The Counsel to the Vice President used [a description of SIGINT collection gaps provided by Michael Hayden] to draft the Presidential authorization that established the PSP.

Neither President Bush nor White House Counsel Alberto Gonzales wrote this Authorization. David Addington did. Read more

James Clapper Throws a Concentrated Nugget of Orwellian Turd-Splat

/22 Comments/in , /by

Hooboy.

I was going to leave the whole CNET thing well enough alone after Jerry Nadler issued a statement retracting his sort-of suggestion that the NSA could wiretap Americans without a warrant (more on that below).

But I can’t remember seeing a more concentrated piece of Orwellian turd-splat than this statement addressing the issue from James Clapper.

The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress. Members have been briefed on the implementation of Section 702, that it targets foreigners located overseas for a valid foreign intelligence purpose, and that it cannot be used to target Americans anywhere in the world.

The claim that NSA doesn’t wittingly “collect” data on millions of Americans was just an opening act for James Clapper, it seems. I know it won’t work this way for those who trust this program, but Clapper’s statement should raise more questions whether the thrust of what Nadler said, rather than four words taken out of context, are in fact true.

Let’s take this slowly.

I’ve put my transcription of the exchange between Jerry Nadler and Robert Mueller below for your reference. But one thing to keep in mind as you read Clapper’s turd-splat is that Nadler first described “getting the contents of the [American] phone” identified using the metadata database and, in repeating the question he had earlier asked a briefer who actually knows about how these programs are used, “getting specific information from that telephone.” It is true that in response to Mueller, he spoke of “listening to the phone,” the four words taken out of context, and his walk-back describes “listening to the content.” But the range of Nadler’s language suggests the distinct possibility the briefer discussed a different kind of collection, and Nadler never once explicitly described setting a dedicated wiretap on the phone of an American identified from conversations with suspected terrorists (which is what CNET blew it up as).

With that in mind, I offer you turd-splat:

The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization and was not briefed to Congress.

Clapper has set up a straw man that differs in at least three key ways from what Nadler asked about. First, he is addressing only eavesdropping, monitoring a phone in real time going forward, not accessing historic collections (though one thing these two programs in conjunction do is collapse historic and ongoing communications). I’m especially amused by this move, because it replicates a mistake that many have made when discussing these programs (especially the metadata one) as wiretapping. Clapper is only addressing the most inflammatory language Nadler used, not the language he used first and last in this exchange.

Then Clapper introduces the idea of domestic communications. This has no source in Nadler’s comment whatsoever, at least so long as you believe the only way NSA uses the metadata database is to see which Americans are talking to suspected foreign terrorist phone numbers. Given the government’s improbable claim they’re only making 300 queries a year, we may well be talking about domestic communications, but that’s not what Nadler addressed, which was about the American participant in a call with a suspected foreign terrorist phone number.

Nadler asked about an analyst deciding, on the basis of metadata analysis, that a US phone number looks suspicious, to “get the content” from that number. He implies that he has been told an analyst has that authority. Clapper addresses only whether an analyst without proper legal authorization can get US person content. That is, in response to Nadler’s question whether an analyst does have the legal authority to get content based on suspicion, Clapper says an analyst can’t get content without the proper legal authority. Nadler’s entire (implied) question was whether an analyst would have the legal authority to do so. Clapper doesn’t answer it.

So in other words, Clapper alters Nadler’s comment in three fundamental ways, changing its entire meaning, and then asserts Clapper’s now only tangentially related distortion of Nadler’s comment was not briefed to Congress.

No. Of course not. And Nadler hadn’t said it was, either.

And then Clapper describes what (he claims) members were briefed. Splat!

Members have been briefed on the implementation of Section 702, that it targets foreigners located overseas for a valid foreign intelligence purpose, and that it cannot be used to target Americans anywhere in the world.

Whoa! Do you see what Clapper did there? Nadler asked a question about how an analyst would move from metadata analysis — the Section 215 program — and then use it to access content, via whatever means. Nadler mentioned Section 215 specifically. Yet Clapper claims this is all about the implementation of Section 702. (Note, I find this interesting in part because Mueller suggests Nadler might be talking about another program entirely, which remains a possibility.)

I have pointed out on several times how desperate the Administration is to have you believe that Section 215 metadata collection and Section 702 content collection are unrelated, even if surrogates can’t keep them straight themselves. Clapper’s ploy is more of the same.

As is his emphasis that Section 702 targets foreigners located overseas for a valid foreign intelligence purpose. Now, just to make clear, the government has always held that any collection of information on what foreigners are doing is a valid foreign intelligence purpose. While Clapper doesn’t engage in suggesting this as directly as he and others have in past weeks, for Section 702 there is clearly no limitation of this authority to terrorism or counterintelligence or proliferation or hacking (the Administration and surrogates have suggested there is a terrorism limit for the Section 215 dragnet, but if there is, it comes from court-ordered minimization, not the law). But the real cherry here is the word “target,” which has become almost as stripped of common meaning as “collect” in this context.

In the 702 context, “target” refers to the node of communication at which collection is focused, not to all communications associated with that collection. So a directive to Verizon might ask for all communications that the original suspected terrorist phone number engages in (including its surfing and texting and pictures and email). But at a minimum that would include everyone the suspected terrorist communicates via his Verizon service, and there’s very good reason to believe it includes at least one and probably more degrees of separation out, if Verizon has it.

So when Clapper says 702 cannot be used to target Americans anywhere in the world, he means Americans cannot be the communication node on which collection is focused unless you have a FISA warrant (which is the practice Marc Ambinder, who is far more impressed with Clapper’s turd-splat than I am, addresses in this piece).

But what has never been answered — except perhaps in an off-hand comment in a debate defeating language that would actually prevent what everyone says is already prevented — is whether the government can, um, “collect” the content of Americans who communicate with those who are, um, “targeted.”

I’m not saying I have the answer to that question — though it is a concern that has been raised for years by the very same people who have been vindicated in their warnings about Section 215. But let’s be very clear what Clapper did here. He completely redefined Nadler’s comment, then divorced that redefined comment from the context of Section 215, and then threw the Orwellian term “target” at it to make it go away.

He could have denied Nadler’s more general assertions. That, he did not do.   Read more

The CNET “Bombshell” and the Four Surveillance Programs

/40 Comments/in , /by

CNET is getting a lot of attention for its report that NSA, “has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.”

In general, I’m just going to outsource my analysis of what the exchange means to Julian Sanchez (I hope he doesn’t charge me as much as Mike McConnell’s Booz Allen Hamilton for outsourced analysis).

What seems more likely is that Nadler is saying analysts sifting through metadata have the discretion to determine (on the basis of what they’re seeing in the metadata) that a particular phone number or e-mail account satisfies the conditions of one of the broad authorizations for electronic surveillance under §702 of the FISA Amendments Act.

[snip]

The analyst must believe that one end of the communication is outside the United States, and flag that account or phone line for collection. Note that even if the real target is the domestic phone number, an analyst working from the metadatabase wouldn’t have a name, just a number.  That means there’s no “particular, known US person,” which ensures that the §702 ban on “reverse targeting” is, pretty much by definition, not violated.

None of that would be too surprising in principle: That’s the whole point of §702!

That is, what Nadler may have learned that the same analysts who have access to the phone metadata may also have authority to issue directives to companies for phone content collection. If so, it would be entirely feasible for the same analyst to learn, via the metadata database, that a suspect phone number is in contact with the US and for her to submit a request for actual content to the providers, without having to first get a FISA order covering the US person callers directly. Since she was still “targeting” the original overseas phone number, she would be able to get the US person content without a specific order.

Screen shot 2013-06-16 at 11.50.59 AMI just want to point to a part of this exchange that everyone is ignoring (but that I pointed out while live tweeting this).

Mueller: I’m not certain it’s the same–I’m not certain it’s an answer to the same question.

Mueller didn’t deny the NSA can get access to US person phone content without a warrant. He just suggested that Nadler might be conflating two different programs or questions.

And that’s one of the things to remember about this discussion. Among many other methods of shielding parts of the programs, the government is thus far discussing primarily the two programs identified by the Guardian: the phone metadata collection (which the WaPo reports is called MAINWAY) and the Internet content access (PRISM).

Read more

What Does NCTC Do with NSA and FBI’s Newly Disclosed Databases?

/22 Comments/in , , /by

The discussion about the various “NSA” programs we’ve seen so far have discussed only how NSA works with FBI. FBI requests the dragnet phone information and hands it over to NSA. NSA negotiates direct access to internet companies that allow FBI to make direct queries.

We’ve heard from Keith Alexander about what NSA does — its only use of Section 215, he said, was the phone records.

We heard from Robert Mueller who gave less clear answers about what FBI does and does not do.

But we have yet to have direct testimony from James “least untruthful too cute by half” James Clapper. Mind you, we’ve gotten several fact sheets and Clapper’s hilarious interview with Andrea Mitchell. Just no specific public testimony.

And curiously, in the DNI’s own fact sheets, he doesn’t specify who does what, aside from describing the statutory role his position and the Attorney General play in authorizing FAA 702 orders. He doesn’t say what FBI does, what NSA does … or what his own organization does.

That’s important, because in addition to overseeing all intelligence, Clapper’s office also includes the National Counterterrorism Center. And the NCTC is the entity in charge sharing data. Indeed, it is statutorily required to have access to everything.

[The National Security Act] provides that “[u]nless otherwise directed by the President, the Director of National Intelligence shall have access to all national intelligence and intelligence related to the national security which is collected by any federal department, agency, or other entity, except as otherwise provided by law, or as appropriate, under guidelines agreed upon by the Attorney General and the Director of National Intelligence.

That means, presumably, that NCTC is doing a lot of the work that NSA and FBI are making narrow denials about.

But it also means that NCTC can play with these databases — the dragnet and the access via PRISM to 702 data — as well as any other data in the Federal government, including databases that John Brennan gave it the ability to go get.

So here’s the thing. When Keith Alexander gives you pat reassurances about how limited NSA’s access to Americans’ call data is, that may disclose a whole lot more intrusive data mining over at James Clapper’s shop.

Remember, here is what James Clapper was initially asked.

Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

Clapper: No, sir.

Wyden: It does not?

Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.” [my emphasis]

His first attempt to walk back that lie went like this:

What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. [my emphasis]

His second attempt to walk it back went like this:

ANDREA MITCHELL: Senator Wyden made quite a lot out of your exchange with him last March during the hearings. Can you explain what you meant when you said that there was not data collection on millions of Americans?

JAMES CLAPPER: First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.

And again, to go back to my metaphor. What I was thinking of is looking at the Dewey Decimal numbers– of those books in that metaphorical library– to me, collection of U.S. persons’ data would mean taking the book off the shelf and opening it up and reading it.

ANDREA MITCHELL: Taking the contents?

JAMES CLAPPER: Exactly. That’s what I meant. Now–

ANDREA MITCHELL: You did not mean archiving the telephone numbers?

All of those efforts were, by context at least, limited exclusively to NSA. They don’t address, at all, what NCTC might do with this data (or, for that matter, FBI).

So what does the NCTC do with the data that NSA and FBI have issued careful denials about?

Update: I’m going to replicate a big chunk of this post on the oversight over NCTC’s use of other agencies data, complete with the bit about how the guy in charge of it thought Cheney’s illegal program was the shit.

Back when John Negroponte appointed him to be the Director of National Intelligence’s Civil Liberties Protection Officer, Alexander Joel admitted he had no problem with Cheney’s illegal domestic wiretap program.

Read more