Posts

The Problems with Pompeo: A Willingness to Use Information on Americans Russia Hacked and Shared with Trump

On Friday, the Senate confirmed the first two of President Trump’s nominees: Generals Mattis and Kelly to run DOD and DHS, respectfully. But it did not confirm the third nominee slotted for that day, Mike Pompeo. In part because the nomination was not dealt with in regular fashion in the Senate Intelligence Committee (which did not vote out his nomination), Ron Wyden managed to force Mitch McConnell to hold 6 hours of debate tomorrow on his nomination.

Wyden has suggested we need to have more debate because Pompeo hasn’t answered all the questions posed to him. And it is true that Wyden has concerns about the following issues. But perhaps most of all, Wyden’s questions suggest he is concerned that the Trump administration will use information the Russians hacked against Americans.

In follow-up questions posed to Pompeo, Wyden expressed concern about Pompeo’s:

  • Enthusiasm for using bulk collections of “lifestyle” information on Americans
  • Willingness to have the CIA engage in activities the Ambassador or other Chief of Mission disagrees with
  • Squirminess about when the CIA can kill a US person
  • Dodginess on classifying torture information that reveals illegal, embarrassing, competitive, or otherwise unclassified information

But as I said, Wyden’s chief concern appears that Pompeo will use information the Russians have or will give the Trump administration against Americans.

Enthusiasm for using bulk collections of “lifestyle” information on Americans

A big point of concern for Wyden and Martin Heinrich throughout Pompeo’s confirmation process is this op-ed he wrote at the beginning of last year. Based in part on the fact that the intelligence community didn’t find the Tashfeen Malik’s anti-American statements on non-public social media, and in part on the demonstrably false claim that the IC didn’t find the Garland attackers beforehand (in reality, the FBI was cheering them on), Pompeo argued we need to collect still more data. “Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database,” he wrote.

Pompeo has dodged questions about precisely what “lifestyle” information he wants to collect — though it surely includes Twitter’s firehose of data from Dataminr. Sadly, he repeatedly pointed to executive orders in his answers, and the new EO 12333 sharing rules permit the access of “public” information, which can include information from data brokers (though Pompeo claims ignorance of what he might want to use). So while Wyden is concerned that Pompeo will start dragnetting Americans, sadly he has been enabled to do so by one of the last things Obama did.

Willingness to have the CIA engage in activities the Ambassador or other Chief of Mission disagrees with

Another concern Wyden raised pertains to disagreements between the Chief of Mission (the top diplomat in a country) and the CIA Station Chief. This has been an issue in the past at least as it pertains to drone strikes in Pakistan and the torture program, where the Ambassador was either not informed or not properly consulted on CIA activities within a country.

When asked a yes or no question whether he would permit CIA to conduct activities even while an outstanding disagreement remained, Pompeo refused to answer, stating instead that he would seek an expeditious decision from the President. Effectively, he suggested if he were losing a disagreement with State, he’d get Trump to override State.

Squirminess about when the CIA can kill a US person

Wyden, who has long sought guidelines on when the US can kill an American citizen, returned to pre-hearing questions on this topic. After citing the Drone Rule Book requirement that DOJ be involved before taking action against a US person, he asked whether Pompeo agreed with the requirement. Pompeo basically said the US “must consider an American citizen’s constitutional rights prior to targeting him” and “CIA attorneys frequently consult with” DOJ (though left open the possibility of relying on less formal analysis). Ultimately, Pompeo dodged laying out any additional checks he’d following before killing an American.

Dodginess on classifying torture information that reveals illegal, embarrassing, competitive, or otherwise unclassified information

Wyden asked Pompeo if he disagreed with the prohibitions on classifying information to “(1) conceal violations of law, inefficiency, or administrative error; (2) prevent embarrassment to a person, organization, or agency; (3) restrain  competition; or ( 4) prevent or delay the release of information that does not require protection in the interest of national security,” prohibitions that existed in Clinton’s, George W. Bush’s, and Obama’s EOs on classified information. Pompeo said he did not. However, immediately in that context, Wyden asked about the Torture Report, and Pompeo dodged all questions about declassifying the torture report.

Willingness to use information obtained by Russians hacking Americans

But as I said, Wyden’s persistent concerns in his post-hearing questions pertained to whether and how Pompeo would be willing to cooperate with the Russians. Raising a Pompeo hearing comment that if a foreign partner gave the CIA information on US persons “independently,” “it may be appropriate of CIA to collect [that] information in bulk,” Wyden raised Trump’s encouragement of Russian hacking and asked what circumstances would make foreign collection so improper that CIA should not receive such information. Pompeo responded, “information obtained through such egregious conduct may be appropriate for the CIA to use or disseminate.”

Wyden then listed out a bunch of conditions, such as information coming from an adversary, to disrupt US democracy, information implicating First Amendment protected political activity, or information affecting thousands or millions of Americans. “The listed conditions could all be relevant,” Pompeo responded, remaining non-committal.

Wyden raised a Pompeo comment suggesting rules for accessing US person communications under EO 12333 and asked if that was true of information known to include significant US person information. Pompeo said he would consult experts and AGG guidelines (which, arguably, are this flexible).

Wyden raised Pompeo’s promise to expand intelligence cooperation with state and non-state partners, and asked specifically whether this included Russia, and if so how Pompeo planned on dealing with the counterintelligence risks of doing so. Pompeo said he as not referring to “any specific partners,” said, “CIA already has a strong counterintelligence program,” and said anything he did would comply with law and standard practices and be noticed to Congress.

Wyden then asked if “it is legal or appropriate for the White House to obtain from a foreign partner…information that includes the communications of U.S. persons” and if he learned that they were doing so, whether he would inform Congress of it. Pompeo responded “I am not aware of a DCIA role in supervising White House activities or providing legal counsel to the White House on its activities,” apparently committing only to informing Congress of CIA’s own activities.

In short, there are a lot of reasons to be worried about Pompeo as Director of CIA. But Wyden seems most worried that CIA (and the White House) will use information Russia gives them against American citizens.

Seven Democrats Write Obama Asking Him to Declassify More Information on Russian Involvement in the Election

Ron Wyden, five other Democrats, and Dem caucusing Independent Angus King just wrote Obama a cryptic letter. The entire body of the letter reads:

We believe there is additional information concerning the Russian Government and the U.S. election that should be declassified and released to the public. We are conveying specifics through classified channels.

Thank you for your attention to this important matter.

Aside from the fact that this suggests (as Wyden’s cryptic letters always d0) there is something meaty that we really ought to know, I find the list of signers rather curious. In addition to Wyden, the following Senators signed the letter:

  • Jack Reed
  • Mark Warner
  • Barb Mikulski
  • Martin Heinrich
  • Angus King
  • Mazie Hirono

That is, every Democratic SSCI member except current Chair Dianne Feinstein, plus Senate Armed Services Chair Jack Reed, signed the letter. So every Democrat except DiFi and Majority Leader Harry Reid signed the letter, suggesting it is something that got briefed to the full Senate Intelligence Committee as well as the Ranking Members of SASC (the latter of which suggests NSA or CYBERCOM may be involved).

I’m as interested in the fact that DiFi and Reid didn’t sign as that the others did sign. It can’t be that Reid is retiring and DiFi is heading to SJC (it’s still unclear whether she’ll remain on SSCI or not). After all, Mikulski is retiring as well.

Plus, Harry Reid wrote a far more explicit letter last month to Jim Comey — apparently following up on a non-public letter send months earlier — alluding to direct coordination between Trump and Russia.

In my communications with you and other top officials in the national security community, it has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government – a foreign interest openly hostile to the United States, which Trump praises at every opportunity. The public has a right to know this information. I wrote to you months ago calling for this information to be released to the public. There is no danger to American interests from releasing it. And yet, you continue to resist calls to inform the public of this critical information.

Finally, what to make of the fact that not even John McCain signed onto this letter? Reed’s inclusion makes it clear that McCain, too, must have been briefed. He has been outspoken about Trump’s moves to cozy up to Putin. If he has seen — and objects to — such coordination, why not sign onto this letter and give it the patina of bipartisanship?

The Yahoo Scans Closely Followed Obama’s Cybersecurity Emergency Declaration

Reuters has a huge scoop revealing that, in spring of 2015, Yahoo was asked and agreed to perform scans for certain selectors on all the incoming email to its users.

The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.

[snip]

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

The timing of this is particularly interesting. We know that it happened sometime in the weeks leading up to May 2015, because after Alex Stamos’ security team found the code enabling the scan, he quit and moved to Facebook.

According to the two former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

[snip]

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

That would date the directive to sometime around the time, on April 1, 2015, that Obama issued an Executive Order declaring cyberattacks launched by persons located outside the US a national emergency.

I, BARACK OBAMA, President of the United States of America,find that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside theUnited States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of theUnited States. I hereby declare a national emergency to deal with this threat.

On paper, this shouldn’t create any authority to expand surveillance. Except that we know FISC did permit President Bush to expand surveillance — by eliminating the wall between intelligence and criminal investigations — after he issued his September 14, 2001 9/11 emergency declaration, before Congress authorized that expansion. And we know that Jack Goldsmith focused on that same emergency declaration in his May 2004 OLC opinion reauthorizing Stellar Wind.

Indeed, just days after Obama issued that April 2015 EO, I wrote this:

Ranking House Intelligence Member Adam Schiff’s comment that Obama’s EO is “a necessary part of responding to the proliferation of dangerous and economically devastating cyber attacks facing the United States,” but that it will be “coupled with cyber legislation moving forward in both houses of Congress” only adds to my alarm (particularly given Schiff’s parallel interest in giving Obama soft cover for his ISIL AUMF while having Congress still involved).  It sets up the same structure we saw with Stellar Wind, where the President declares an Emergency and only a month or so later gets sanction for and legislative authorization for actions taken in the name of that emergency.

And we know FISC has been amenable to that formula in the past.

We don’t know that the President has just rolled out a massive new surveillance program in the name of a cybersecurity Emergency (rooted in a hack of a serially negligent subsidiary of a foreign company, Sony Pictures, and a server JP Morgan Chase forgot to update).

We just know the Executive has broadly expanded surveillance, in secret, in the past and has never repudiated its authority to do so in the future based on the invocation of an Emergency (I think it likely that pre FISA Amendments Act authorization for the electronic surveillance of weapons proliferators, even including a likely proliferator certification under Protect America Act, similarly relied on Emergency Proclamations tied to all such sanctions).

I’m worried about the Cyber Intelligence Sharing Act, the Senate version of the bill that Schiff is championing. But I’m just as worried about surveillance done by the executive prior to and not bound by such laws.

Because it has happened in the past.

I have reason to believe the use of emergency declarations to authorize surveillance extends beyond the few data points I lay out in this post. Which is why I find it very interesting that the Yahoo request lines up so neatly with Obama’s cyber declaration.

I’m also mindful of Ron Wyden’s repeated concerns about the 2003 John Yoo common commercial services opinion that may be tied to Stellar Wind but that, Wyden has always made clear, has some application for cybersecurity. DOJ has already confirmed that some agencies have relied on that opinion.

In other words, this request may not just be outrageous because it means Yahoo is scanning all of its customers incoming emails. But it may also be (or have been authorized by) some means other than FISA.

The Classified Appendix Fifth Bullet on “Certain Counterterrorism Matters”

I want to make a really minor point about one of the documents produced to ACLU with the Drone Rule Book — which the White House calls a Presidential Policy Guidance — last week (here’s my working thread on the Rule Book). The Rule Book itself has a section that “requires” Congressional notification (but may be more important for the requirement that the White House must learn about information sharing before it happens, which might end up in less notification).

Screen Shot 2016-08-08 at 8.51.22 AM

As part of its implementation of the Rule Book, DOD released a Report on Congressional Notification of Sensitive Military Operations and Counterterrorism Operational Briefings (DOD released several related documents; CIA released nothing). Throughout the short document, it says the 2014 Defense Authorization (which was introduced after the Rule Book was signed but before DOD issued its Drone Rule Book implementation procedures and signed into law on December 23, 2013) and the PPG require Congress be informed of sensitive military operations. That’s the Executive Branch’s way of saying, “Congress has required we tell it what we’re doing but so has the President” as if they came up with the idea to do that additional reporting in the first place.

Its last section looks like this:

Screen Shot 2016-08-08 at 8.59.46 AM

Those bullets don’t come from the Rule Book (its notice requirement is far less detailed than that). Rather, they come from this section of the Defense Authorization.

Screen Shot 2016-08-08 at 9.12.58 AM

As you can see, that section mandates answers to bullets 1 through 4 (the unredacted ones), and then includes a conforming amendment that repeals this section from 2013’s Defense Authorization.

Screen Shot 2016-08-08 at 9.14.17 AM

Screen Shot 2016-08-08 at 9.14.51 AM

The only difference in the unclassified portion of the 2014 Defense Authorization that replaced the 2013’s version is the deletion of the phrase “involving special operations forces.”

Of course, we can tell from the Report there’s a fifth, Top Secret bullet. It may well be that’s why they eliminated the prior year’s requirement and added a new almost identical one: to provide an opportunity to put that fifth bullet into the Defense Authorization’s classified appendix. That’s a wildarse guess, of course, but also a logical explanation for that fifth bullet: at a time when the White House was releasing fluffy documents pretending to be more open and orderly, Congress was secretly mandating additional reporting they weren’t getting.

There are a number of things that might be in that fifth bullet. Perhaps the least controversial of those would be a requirement that DOD tell Congress — actually just a tiny handful of members — which countries the US engages in lethal force in, and which groups we partner with to do it (this would be consistent with a number of items that are redacted in the Rule Book itself). You could imagine why, in 2013 and 2014, members of Congress might want to be told if the US was partnering with al Qaeda affiliates on lethal operations anywhere in the world, seeing as how we are ostensibly at war with al Qaeda.

As a reminder, Senate Intelligence Committee member Ron Wyden spent part of 2012 and 2013 unsuccessfully trying to get a list of all the places the government was engaging in lethal operations.

Screen Shot 2016-08-08 at 9.18.54 AM

As I said, this is a fairly minor point. But it also suggests that even while the Executive was leaking wildly to get good press about this Drone Rule book, Congress was at the same time mandating specifically some of the things the Rule Book only nodded to in theory.

Ron Wyden: Obtaining ECTRs without a Warrant Is Almost Like Spying on Someone’s Thoughts

Screen Shot 2016-06-28 at 8.50.20 AM

As a number of outlets have reported, Ron Wyden has placed a hold on the Intelligence Authorization in an attempt to thwart FBI’s quest to be able to obtain Electronic Communication Transaction Records with just a National Security Letter.

But Wyden’s released statement on that hold differs in emphasis from what he said in his Senate address announcing the hold yesterday. The statement describes how all toll records — from emails, texts, or web browsing — can infringe on privacy.

The fact of the matter is that ‘electronic communication transaction records’ can reveal a great deal of personal information about individual Americans.  If government officials know that an individual routinely emails a mental health professional, or sends texts to a substance abuse support group, or visits a particular dating website, or the website of a particular political group, then the government knows a lot about that individual.  Our Founding Fathers rightly argued that such intrusive searches should be approved by independent judges.

But in his floor statement, Wyden went on at length about the particular threat posed by obtaining web browsing history (this starts after 4:40).

For example, the National Security Letters could be used to collect what are called Electronic Communication Transaction Records. This would be email and chat records and text message logs, and in particular, Mr. President, and I’ve had Senators come up to me to ask me about whether this could be true, folks at home this weekend, when I was out and responding to questions about this, people asked, “Does this really mean that the government can get the Internet browsing history of an individual without a warrant even when the government has the emergency authority if it’s really necessary?”

And the answer to that question, Mr. President, is yes, the government can. The government can get access to web browsing history under the Intelligence Authorization legislation, under the McCain amendment, and they can do it without getting a warrant, even when the government can go get it without a warrant when there is an emergency circumstance.

Now the reality is web browsing history can reveal an awful lot of information about Americans. I know of little information, frankly Mr. President, that could be more intimate than that web browsing history. If you know that a person is visiting the website of a mental health professional, or a substance abuse support group, or a particular political organization, or — say — a particular dating site, you know a tremendous amount of private and personal and intimate information about that individual — that’s what you get when you can get access to their web browsing history without a warrant, even when the government’s interest is protected, as I’ve said, in an emergency.

The reality is getting access to somebody’s web browsing history is almost like spying on their thoughts. This level of surveillance absolutely ought to come with court oversight, and as I’ve spelled out tonight, that is possible in two separate ways — the traditional approach with getting a warrant, and then under Section 102, which I wrote as part of USA Freedom Act, the government can get the information when there’s an emergency and come back later after the fact and settle up.

Wyden’s statement makes a few other things clear. First, by focusing on the emergency provision of USA Freedom Act, Wyden illustrates that the FBI is trying to avoid court oversight, not so much obtain records quickly (though there would be more paperwork to a retroactive Section 215 order than an NSL).

That means two things. First, as I’ve noted, FBI is trying to avoid the minimization procedures the FISC spent three years imposing on FBI. Right now, we should assume that FISC would prohibit FBI from retaining all of the data it obtains from web searches, but if it moved (back) to NSL collection it would have no such restriction.

The other thing obtaining ECTRs with NSLs would do, though, is avoid a court First Amendment review, which should be of particular concern with web search history, since everything about web browsing involves First Amendment speech. Remember, a form of emergency provision (one limited to Section 215’s phone chaining application) was approved in February 2014. But in the September 2014 order, the FISC affirmatively required that such a review happen even with emergency orders. A 2015 IG Report on Section 215 (see page 176) explains why this is the case: because once FISC started approving seeds, NSA’s Office of General Counsel stopped doing First Amendment reviews, leaving that for FISC. It’s unclear whether it took FISC several cycles to figure that out, or whether they discovered an emergency approval that infringed on First Amendment issues. Under the expanded emergency provision under USAF, someone at FBI or DOJ’s National Security Division would do the review. But FBI’s interest in avoiding FISC’s First Amendment review is of particular concern given that FBI has, in the past, used an NSL to obtain data the FISC refused on First Amendment grounds, and at least one of the NSL challenges appears to have significant First Amendment concerns.

In the Senate yesterday, Senator Wyden strongly suggested the FBI wants this ECTR provision so it can “spy[] on their thoughts” without a warrant. We know from other developments that doing so using an NSL — rather than an emergency Section 215 order — would bypass rigorous minimization and First Amendment review.

In other words, the FBI wants to spy on — and then archive — your thoughts.

Senate Narrowly Avoids Voting Themselves to Become “Typos”

The McCain (Cornyn) amendment to the Judiciary Appropriations bill that would let them get Electronic Communication Transaction Records with a National Security Letter just narrowly failed to get cloture, with Dan Sullivan flipping his vote to yes near the end but Mike Crapo, a likely no vote, not voting. The final vote was 59-37.

The floor debate leading up to the vote featured a few notable exchanges. Richard Burr was an absolutely douchebag, saying Ron “Wyden is consistently against providing LE the tools it needs to defend the American people.” He did so in a speech admitting that, “My colleague says this wouldn’t stop SB or Orlando. He’s 100% correct.”

Burr also insisted that we can’t let the Lone Wolf provision, which allegedly has never been used, expire. It was extended just last year and doesn’t expire until 2019.

More interesting though was the debate between Burr and Leahy over whether the FBI can’t obtain ECTRs because of a typo in the law as passed in 1993. Leahy basically described that Congress had affirmatively decided not to include ECTRs in NSLs (implicit in this, Congress also did not decide to include it in the 2001 expansion). Burr claimed that Congress meant to include it but didn’t in some kind of oversight.

Here’s how Mazie Hirono and Martin Heinrich described the debate in the report on the Intelligence Authorization, which has a version of the ECTR change.

The FBI has compared expanding these authorities to fixing a “typo” in the Electronic Communications Privacy Act (ECPA).

However, during consideration of ECPA reform legislation in 1993, the House Judiciary Committee said in its committee report that “Exempt from the judicial scrutiny normally
required for compulsory process, the national security letter is an extraordinary device. New applications are disfavored.”

The House Judiciary Committee report also makes clear that the bill’s changes to Section 2709(b) of ECPA were a “modification of the language originally proposed by the
FBI.”

This does not support claims that the removal of the ECTR language was a “typo.”

Burr effectively argued that because law enforcement wanted ECTRs to be included back in 1993, they were meant to be included, and Congress’ exclusion of them was just a typo.

In short, a member of the Senate just argued that if Congress affirmatively decides not to capitulate to every demand of law enforcement, it must be considered a “typo” and not legally binding law.

For the moment, the Senate voted down making itself a “typo,” but Mitch McConnell filed a motion to reconsider, meaning he can bring the vote back up as soon as he arm twists one more vote.

 

DOJ Confirms One or More Agencies Acted Consistent with John Yoo’s Crummy Opinion

There’s a whiff of panic in DOJ’s response to ACLU’s latest brief in the common commercial services OLC memo, which was submitted last Thursday. They really don’t want to release this memo.

As you recall, this is a memo Ron Wyden has been hinting about forever, stating that it interprets the law other than most people understand it to be. After I wrote about it a bunch of times and pointed out it was apparently closely related to cybersecurity, ACLU finally showed some interest and FOIAed, then sued, for it. In March, DOJ made some silly (but typical) claims about it, including that ACLU had already tried but failed to get the memo as part of their suit for Stellar Wind documents (which got combined with EPIC’s suit for electronic surveillance documents). In response, Ron Wyden wrote a letter to Attorney General Loretta Lynch, noting a lie DOJ made in DOJ’s filings in the case, followed by an amicus brief asking the judge in the case to read the secret appendix to the letter he wrote to Lynch. In it, Wyden complained that DOJ wouldn’t let him read his secret declaration submitted in the case (making it clear they’re being kept secret for strategic reasons more than sources and methods), but asking that the court read his own appendix without saying what was in it.

Which brings us to last week’s response.

DOJ is relying on an opinion the 2nd circuit released last year in ACLU’s Awlaki drone memo case that found that if a significant delay passed between the time an opinion was issued and executive branch officials spoke publicly about it — as passed between the time someone wrote a memo for President Bush’s “close legal advisor” in 2002 about drone killings (potentially of American citizens) and the time Executive branch officials stopped hiding the fact they were planning on drone-killing an American citizen in 2010, then the government can still hide the memo.(I guess we’re not allowed to learn that Kamal Derwish was intentionally, not incidentally, drone-killed in 2002?)

This is, in my understanding, narrower protection for documents withheld under the b5 deliberative privilege exemption than exists in the DC Circuit, especially given that the 2nd circuit forced the government to turn over the Awlaki memos because they had been acknowledged.

In other words, they’re trying to use that 2nd circuit opinion to avoid releasing this memo.

To do that they’re making two key arguments that, in their effort to keep the memo secret, end up revealing a fair amount they’re trying to keep secret. First, they’re arguing (as they did earlier) that the ACLU has already had a shot at getting this memo (in an earlier lawsuit for memos relating to Stellar Wind) and lost.

There’s just one problem with that. As I noted earlier, the ACLU’s suit got joined with EPIC’s, but they asked for different things. ACLU asked for Stellar Wind documents, whereas EPIC asked more broadly for electronic surveillance ones. So when the ACLU argued for it, they were assuming it was Stellar Wind, not something that now appears to (also) relate to cybersecurity.

Indeed, the government suggests the ACLU shouldn’t assume this is a “Terrorist Surveillance Program” document.

7 Plaintiffs conclude that the OLC memorandum at issue here must relate to the Terrorist Surveillance Program and the reauthorization of that program because the attorney who authored the memorandum also authored memoranda on the Terrorist Surveillance Program. Pls.’ Opp. at 10. The fact that two OLC memoranda share an author of course establishes nothing about the documents’ contents, nature, purpose, or effect.

Suggesting (though not stating) the memo is not about TSP is not the same as saying it is not about Stellar Wind or the larger dragnets Bush had going on. But it should mean ACLU gets another shot at it, since they were looking only for SW documents the last time.

Which is interesting given the way DOJ argues, much more extensively, that this memo does not amount to working law. It starts by suggesting Wyden’s filing arguing a “key assertion” in the government’s briefs is wrong.

3 Senator Wyden asks the Court to review a classified attachment to a letter he sent Attorney General Loretta Lynch in support of his claim that a “key assertion” in the Government’s motion papers is “inaccurate.” Amicus Br. at 4. The Government will make the classified attachment available for the Court’s review ex parte and in camera. For the reasons explained in this memorandum, however, the Senator’s claim of inaccuracy is based not on any inaccurate or incomplete facts, but rather on a fundamental misunderstanding of the “working law” doctrine.

In doing so, it reveals (what we already expected but which Wyden, but apparently not DOJ, was discreet enough not to say publicly) that the government did whatever this John Yoo memo said government could do.

But, it argues (relying on both the DC and 2nd circuit opinions on this) that just because the government did the same thing a memo said would be legal (such as, say, drone-killing a US person with no due process), it doesn’t mean they relied on the memo’s advice when they took that action.

The mere fact that an agency “relies” on an OLC legal advice memorandum, by acting in a manner that is consistent with the advice, Pls.’ Opp. at 11, does not make it “working law.” OLC memoranda fundamentally lack the essential ingredient of “working law”: they do not establish agency policy. See New York Times, 806 F.3d at 687; Brennan Center, 697 F.3d at 203; EFF, 739 F.3d at 10. It is the agency, and not OLC (or any other legal adviser), that has the authority to establish agency policy. If OLC advises that a contemplated policy action is lawful, and the agency considers the opinion and elects to take the action, that does not mean that the advice becomes the policy of that agency. It remains legal advice. 5

5 Nor could the fact that any agency elects to engage in conduct consistent with what an OLC opinion has advised is lawful possibly constitute adoption of that legal advice, because taking such action does not show the requisite express adoption of both the reasoning and conclusion of OLC’s legal advice. See Brennan Center, 697 F.3d at 206; Wood, 432 F.3d at 84; La Raza, 411 F.3d at 358.

Effectively, DOJ is saying that John Yoo wrote another stupid memo just weeks before he left, the government took the action described in the stupid memo, but from that the courts should not assume that the government took Yoo’s advice, this time.

One reason they’re suggesting this isn’t TSP (which is not the same as saying it’s not Stellar Wind) is because it would mean the government did not (in 2005, when Bush admitted to a subset of things called TSP) confirm this action in the same way Obama officials danced around hailing that they had killed Anwar al-Awlaki, which led to us getting copies of the memos used to justify killing him.

In short, the government followed Yoo’s advice, just without admitting they were following his shitty logic again.

DOJ’s Pre-Ass-Handing Capitulation

In its February 16 application for an All Writs Act to force Apple to help crack Syed Rizwan Farook’s phone, DOJ asserted,

Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily.

[snip]

2. The government requires Apple’s assistance to access the SUBJECT DEVICE to determine, among other things, who Farook and Malik may have communicated with to plan and carry out the IRC shootings, where Farook and Malik may have traveled to and from before and after the incident, and other pertinent information that would provide more information about their and others’ involvement in the deadly shooting.

[snip]

3. As an initial matter, the assistance sought can only be provided by Apple.

[snip]

4. Because iOS software must be cryptographically signed by Apple, only Apple is able to modify the iOS software to change the setting or prevent execution of the function.

[snip]

5. Apple’s assistance is necessary to effectuate the warrant.

[snip]

6. This indicates to the FBI that Farook may have disabled the automatic iCloud backup function to hide evidence, and demonstrates that there may be relevant, critical communications and data around the time of the shooting that has thus far not been accessed, may reside solely on the SUBJECT DEVICE, and cannot be accessed by any other means known to either the government or Apple.

FBI’s forensics guy Christopher Pluhar claimed,

7. I have explored other means of obtaining this information with employees of Apple and with technical experts at the FBI, and we have been unable to identify any other methods feasible for gaining access to the currently inaccessible data stored within the SUBJECT DEVICE.

On February 19, DOJ claimed,

8. The phone may contain critical communications and data prior to and around the time of the shooting that, thus far: (1) has not been accessed; (2) may reside solely on the phone; and (3) cannot be accessed by any other means known to either the government or Apple.

[snip]

9. Apple left the government with no option other than to apply to this Court for the Order issued on February 16, 2016.

[snip]

10. Accordingly, there may be critical communications and data prior to and around the time of the shooting that thus far has not been accessed, may reside solely on the SUBJECT DEVICE; and cannot be accessed by any other means known to either the government or Apple.

[snip]

11. Especially but not only because iPhones will only run software cryptographically signed by Apple, and because Apple restricts access to the source code of the software that creates these obstacles, no other party has the ability to assist the government in preventing these features from obstructing the search ordered by the Court pursuant to the warrant.

[snip]

12. Apple’s close relationship to the iPhone and its software, both legally and technically – which are the produce of Apple’s own design – makes compelling assistance from Apple a permissible and indispensable means of executing the warrant.

[snip]

13. Apple’s assistance is also necessary to effectuate the warrant.

[snip]

14. Moreover, as discussed above, Apple’s assistance is necessary because without the access to Apple’s software code and ability to cryptographically sign code for the SUBJECT DEVICE that only Apple has, the FBI cannot attempt to determine the passcode without fear of permanent loss of access to the data or excessive time delay. Indeed, after reviewing a number of other suggestions to obtain the data from the SUBJECT DEVICE with Apple, technicians from both Apple and the FBI agreed that they were unable to identify any other methods – besides that which is now ordered by this Court – that are feasible for gaining access to the currently inaccessible data on the SUBJECT DEVICE. There can thus be no question that Apple’s assistance is necessary, and that the Order was therefore properly issued.

Almost immediately after the government made these claims, a number of security researchers I follow not only described ways FBI might be able to get into the phone, but revealed that FBI had not returned calls with suggestions.

On February 25, Apple pointed out the government hadn’t exhausted possible of means of getting into the phone.

Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks. See Hanna Decl. Ex. DD at 34–36 [October 26, 2015 Transcript] (Judge Orenstein asking the government “to make a representation for purposes of the All Writs Act” as to whether the “entire Government,” including the “intelligence community,” did or did not have the capability to decrypt an iPhone, and the government responding that “federal prosecutors don’t have an obligation to consult the intelligence community in order to investigate crime”). As such, the government has not demonstrated that “there is no conceivable way” to extract data from the phone.

On March 1, members of Congress and House Judiciary Committee witness Susan Landau suggested there were other ways to get into the phone (indeed, Darrell Issa, who was one who made that point, is doing a bit of a victory lap). During the hearing, as Jim Comey insisted that if people had ways to get into the phone, they should call FBI, researchers noted they had done so and gotten no response.

Issa: Is the burden so high on you that you could not defeat this product, either through getting the source code and changing it or some other means? Are you testifying to that?

Comey: I see. We wouldn’t be litigating if we could. We have engaged all parts of the U.S. Government to see does anybody that has a way, short of asking Apple to do it, with a 5C running iOS 9 to do this, and we don not.

[snip]

a) Comey: I have reasonable confidence, in fact, I have high confidence that all elements of the US government have focused on this problem and have had great conversations with Apple. Apple has never suggested to us that there’s another way to do it other than what they’ve been asked to do in the All Writs Act.

[snip]

b) Comey [in response to Chu]: We’ve talked to anybody who will talk to us about it, and I welcome additional suggestions. Again, you have to be very specific: 5C running iOS 9, what are the capabilities against that phone. There are versions of different phone manufacturers and combinations of models and operating system that it is possible to break a phone without having to ask the manufacturer to do it. We have not found a way to break the 5C running iOS 9.

[snip]

c) Comey [in response to Bass]: There are actually 16 other members of the US intelligence community. It pains me to say this, because I — in a way, we benefit from the myth that is the product of maybe too much television. The only thing that’s true on television is we remain very attractive people, but we don’t have the capabilities that people sometimes on TV imagine us to have. If we could have done this quietly and privately we would have done it.

[snip]

Cicilline: I think this is a very important question for me. If, in fact — is it in fact the case that the government doesn’t have the ability, including the Department of Homeland Security Investigations, and all of the other intelligence agencies to do what it is that you claim is necessary to access this information?

d) Comey: Yes.

While Comey’s statements were not so absolutist as to suggest that only Apple could break into this phone, Comey repeatedly said the government could not do it.

On March 10, DOJ claimed,

15. The government and the community need to know what is on the terrorist’s phone, and the government needs Apple’s assistance to find out.

[snip]

16. Apple alone can remove those barriers so that the FBI can search the phone, and it can do so without undue burden.

[snip]

17. Without Apple’s assistance, the government cannot carry out the search of Farook’s iPhone authorized by the search warrant. Apple has ensured that its assistance is necessary by requiring its electronic signature to run any program on the iPhone. Even if the Court ordered Apple to provide the government with Apple’s cryptographic keys and source code, Apple itself has implied that the government could not disable the requisite features because it “would have insufficient knowledge of Apple’s software and design protocols to be effective.”

[snip]

18. Regardless, even if absolute necessity were required, the undisputed evidence is that the FBI cannot unlock Farook’s phone without Apple’s assistance.

[snip]

19. Apple deliberately established a security paradigm that keeps Apple intimately connected to its iPhones. This same paradigm makes Apple’s assistance necessary for executing the lawful warrant to search Farook’s iPhone.

On March 15, SSCI Member Ron Wyden thrice suggested someone should ask NSA if they could hack into this phone.

On March 21, DOJ wrote this:

Specifically, since recovering Farook’s iPhone on December 3, 2015, the FBI has continued to research methods to gain access to the data stored on it. The FBI did not cease its efforts after this litigation began. As the FBI continued to conduct its own research, and as a result of the worldwide publicity and attention on this case, others outside the U.S. government have continued to contact the U.S. government offering avenues of possible research.

On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone

You might think that FBI really did suddenly find a way to hack the phone, after insisting over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over they could only get into it with Apple’s help. Indeed, the described timing coincides remarkably well with the announcement that some Johns Hopkins researchers had found a flaw in iMessage’s encryption (which shouldn’t relate at all to breaking into such phones, though it is possible FBI is really after iMessages they think will be on the phone). Indeed, in describing the iMessage vulnerability, Johns Hopkins prof Matthew Green ties the discovery to the Apple fight.

Now before I go further, it’s worth noting that the security of a text messaging protocol may not seem like the most important problem in computer security. And under normal circumstances I might agree with you. But today the circumstances are anything but normal: encryption systems like iMessage are at the center of a critical national debate over the role of technology companies in assisting law enforcement.

A particularly unfortunate aspect of this controversy has been the repeated call for U.S. technology companies to add “backdoors” to end-to-end encryption systems such as iMessage. I’ve always felt that one of the most compelling arguments against this approach — an argument I’ve made along with other colleagues — is that we just don’t know how to construct such backdoors securely. But lately I’ve come to believe that this position doesn’t go far enough — in the sense that it is woefully optimistic. The fact of the matter is that forget backdoors: webarely know how to make encryption workat all. If anything, this work makes me much gloomier about the subject.

Plus, as Rayne noted to me earlier, Ellen Nakashima’s first report on this went up just after midnight on what would be the morning of March 21, suggesting she had an embargo (though that may be tied to Apple’s fix for the vulnerability). [Update: Correction — her story accidentally got posted then unposted earlier than that.]

But that would require ignoring the 19 plus times (ignoring Jim Comey’s March 1 testimony) that DOJ insisted the only way they could get into the phone was by having Apple’s help hacking it (though note most of those claims only considered the ways that Apple might crack the phone, not ways that, say, NSA might). You’d have to ignore the problems even within these statements. You’d have to ignore the conflicting sworn testimony from FBI’s witnesses (including Jim Comey).

It turns out FBI’s public argument went to shit fast. Considering the likelihood they screwed up with the forensics on this phone and that there’s absolutely nothing of interest on the phone, I take this as an easy retreat for them.

But that doesn’t mean this is over. Remember, FBI has already moved to unlock this iPhone, of similar vintage to Farook’s, which seems more central to an actual investigation (even if FBI won’t be able to scream terrorterrorterror). There are two more encrypted phones FBI has asked Apple to break open.

But for now, I take this as FBI’s attempt to take its claims back into the shadows, where it’s not so easy to expose the giant holes in their claims.

Updated with Comey testimony.

“Noteworthy” Ron Wyden Interview on Apple vs FBI: Ask NSA, Ask NSA, Ask NSA

This interview Ron Wyden did with Oregon Public Radio includes a lot of what you might expect from him, including an argument that weakening encryption makes us less safe, including possibly exposing kids (because their location gets identified) to pedophiles.

But the most interesting part of this interview are the three times Ron Wyden made it clear, in his inimitable fashion, that someone better ask NSA whether they can decrypt this phone. To me, the interview sounds like this:

Let me tell you what I think is noteworthy here. This is a fight between FBI and Apple. I think it’s noteworthy that nobody has heard from the NSA on this. [around 2:00]

And I want to come back to the fact that the NSA has not been heard from on this and I think that that is noteworthy. [before 7:25]

[After finally being asked what he had heard from NSA] I’m on the intelligence committee, so I’m bound, I take an oath, to not get into classified matters so I’m just going to, uh, leave that there with respect to the NSA. [at 8:30]

We’ve had experts like Susan Landau and Richard Clarke insist that NSA can get into this phone. Jim Comey, in testimony before HJC, sort of dodged by claiming that NSA doesn’t have the ability to get into a phone with this particular configuration.

But Ron Wyden sure seems to think the NSA might have more to say about that.

Golly, I can’t imagine what he thinks the NSA might have to offer about this phone.

Why Isn’t Jim Comey Crusading against This Tool Used to Hide Terrorist Secrets?

Several times over the course of Jim Comey’s crusade against strong encryption, I have noted that, if Comey wants to eliminate the tools “bad guys” use to commit crimes, you might as well eliminate the corporation. After all, the corporate structure helped a bunch of banksters do trillions of dollars of damage to the US economy and effectively steal the homes from millions with near-impunity.

It’d be crazy to eliminate the corporation because it’s a tool “bad guys” sometimes use, but that’s the kind of crazy we see in the encryption debate.

Yesterday, Ron Wyden pointed to a more narrow example of the way “bad guys” abuse corporate structures to — among other things — commit terrorism: the shell corporation.

In a letter to Treasury Secretary Jack Lew, he laid out several cases where American shell companies had been used to launder money for crime — including terrorism, broadly defined.

Screen Shot 2016-02-26 at 9.51.49 AM

He then asked for answers about several issues. Summarizing:

  • The White House IRS-registration for beneficial information on corporations probably won’t work. Does Treasury have a better plan? Would the Senate and House proposals to have states or Treasury create such a registry provide the ability to track who really owns a corporation?
  • FinCen has proposed a rule that would not only be easily evaded, but might weaken the existing FATCA standard. Has anyone review this?
  • Does FinCen actually think its rule would identify the natural person behind shell companies?
  • Would requiring financial institutions to report balances held by foreigners help information sharing?

They’re good questions but point, generally, to something more telling. We’re not doing what we need to to prevent our own financial system from being used as a tool for terrorism. Unlike encryption, shell companies don’t have many real benefits to society. Worse, it sounds like Treasury is making the problem worse, not better.

Of course, the really powerful crooks have reasons to want to retain the status quo. And so FBI Director Jim Comey has launched no crusade about this much more obvious tool of crime.