Posts

The Republican PCLOB Cover-Up of NSA’s XKEYSCORE Use Is More Troubling than Tucker Carlson’s Claims To Be Surveilled

The other day, Tucker Carlson claimed that an NSA whistleblower had contacted him to let him know that the NSA was monitoring “our” electronic communications and planned to leak them to take him off the air. Carlson claims the whistleblower’s ability to read back what Carlson said in some texts and emails (both easily hackable communications) about an upcoming story is proof that it happened.

In response, the NSA issued an unprecedented statement via Twitter, reading in part:

This allegation is untrue. Tucker Carlson has never been an intelligence target of the Agency and the NSA has never had any plans to try to take his program off the air.

[snip]

NSA may not target a US citizen without a court order that explicitly authorizes the targeting.

As a number of people have pointed out, given how NSA uses “target” here, this doesn’t amount to a denial, because it’s possible that Carlson’s communications with a foreigner who was legally targeted got swept up. Strictly as a hypothetical, it could be that Carlson is working on another Hunter Biden story involving Ukraine, and the NSA picked up his communications directly with an agent of Russia in Ukraine by targeting that totally legitimate intelligence target. The result would be to incidentally collect Carlson’s communications with said hypothetical Ukrainian target. Particularly if the communications implicating Carlson were damning and potentially illegal, leaking them to him would be an easy way to flip the story, and accuse NSA of spying rather than Carlson of coordinating with Russian agents. Again, that’s all just a hypothetical that might explain Carlson’s claims.

Still, given that Carlson is a liar who has recently been spewing conspiracy theories that are whack even for him, my default assumption is that he’s lying.

Meanwhile, Carlson’s little cultivated outrage occurs at the same time that Privacy and Civil Liberties Oversight Board member Travis LeBlanc released a scathing dissent, dated March 12, 2021 but just declassified, from a recently released but still classified PCLOB report on the NSA’s use of XKEYSCORE. The statement points to problems with both the use of XKEYSCORE and EO 12333 generally, as well as the operation of PCLOB under the recently departed Adam Klein’s tenure as Chair. Together, LeBlanc’s complaint suggests that Klein may have deliberately protected NSA from scrutiny after violations that happened during the Trump Administration were discovered in November 2020.

XKEYSCORE is effectively a means of querying the Five Eyes collections for all information on a target. Here’s what a query, called a “fingerprint,” targeting a peace and reconciliation commission in the Solomon Islands, looks like:

PCLOB started investigating XKEYSCORE in 2014 as part of its review of a limited subset of programs authorized under EO 12333.

The NSA deep dive concerned NSA’s use of XKEYSCORE, an intelligence analysis tool. The Board received briefings from and held meetings with NSA staff between May 2015 and November 2016. The Board also reviewed the guidance and training provided to NSA personnel, compliance mechanisms, and the relationship between the NSA activity and the NSA’s EO 12333 implementing procedures.

In early 2019, after the Board regained a quorum, the Board reengaged with the NSA and received additional briefings, demonstrations, and information. During this process, the Board worked with NSA to confirm and update facts provided in the 2015 timeframe. Again, the Board concentrated on the protection of U.S. persons’ privacy and civil liberties.

The Board produced a detailed, classified report explaining NSA’s use of XKEYSCORE as an analytic tool and relevant privacy and civil liberties protections in late 2020. Accompanying the report were recommendations from the Board and additional views of individual Board Members. The report and recommendations were delivered to the NSA, Congress, and other relevant executive branch agencies.

But PCLOB, under Klein’s leadership, chose not to declassify any parts of the report on XKEYSCORE.

In his dissent, LeBlanc laid out a bunch of problems with the Report itself:

  1. PCLOB didn’t address any of the technological questions presented by the use of artificial intelligence and machine learning
  2. PCLOB didn’t unpack the jargon NSA uses by separating discovery, targeting, and acquisition activities that can — and LeBlanc strongly implies does — result in domestic collection
  3. PCLOB did not conduct the kind of efficacy review that its three earlier surveillance reports had done (which showed, for example, that the phone dragnet had never been really useful)
  4. PCLOB didn’t adequately chase down the legal justification for XKEYSCORE and closed up shop before examining 2019 violations disclosed in November 2020
  5. PCLOB refused to adopt recommendations made by LeBlanc and Ed Felton, including one (to tag communications believed to belong to a US person) that would not be burdensome but would ensure that such US person communications would be not picked up in the future
  6. PCLOB didn’t release the report
  7. The former GOP majority rushed to finalize this report before Republicans lost the majority on it

Of particular note, LeBlanc suggests that (as happened with the phone dragnet), NSA had not conducted any legal analysis specific to XKEYSCORE before PCLOB asked for it in 2015.

Surprisingly, when the Board requested any legal analysis by the NSA or the Department of Justice regarding the use of XKEYSCORE’s functions in 2015, the NSA responded with a 13-page memo prepared by the NSA Office of General Counsel in 2016. Setting aside such a legal analysis was first written in January 2016, it is equally concerning that the agency apparently has not updated that written legal analysis since then. At a general level and on the basis of the documents that have been provided to the Board, it is concerning that any surveillance tool woul have been conceptualized, coded, implemented, and then executed and routinely used without such a prior legal analysis. Further, the analysis that NSA provided in 2016 fundamentally rests on decades-old Supreme Court precedent from United States v. Verdugo-Urquidez, Smith v. Maryland, Katz v. United States, and two DOJ legal memoranda from the 1980s to assert that collection and use of XKEYSCORE is consistent with the Fourth Amendment.35 The NSA’s legal analysis lacks any consideration of recent relevant Fourth Amendment case law on electronic surveillance that one would expect to be considered–for example, Carpenter v. United States, Riley v. California, United States v. Jones, and United States v. Maynard. [some footnotes omitted]

Half of that footnote 35 — probably the bits that refer to DOJ memos likely including a 1984 OLC memo written by Ted Olson that DOJ is still hiding — is redacted.

The likelihood that none of this complies with the Fourth Amendment is all the more troubling given the disclosure of recent violations using XKEYSCORE and the way, subsequent to those violations, the GOP Majority rushed to finish the report before losing a majority on PCLOB.

In one of the most heavily redacted paragraphs in LeBlanc’s declassified dissent, he explains how PCLOB didn’t investigate reports of 2019 violations uncovered in November 2020.

I am equally concerned that the Board’s former majority failed to investigation [redacted] of serious compliance reports involving XKEYSCORE prior to approving this report. During the former Board’s investigation, it was uncovered in November 2020 that some [redacted] compliance reports involving XKEYSCORE occurred in 2019. Of those [redacted] XKEYSCORE reporters, [redacted] were deemed upon agency review to involve Questionable Intelligence Activities (“QIAs”). QIAs are defined as “any intelligence or intelligence-related activity when there is reason to believe such activity is unlawful or contrary to an EO, Presidential Directive, [Intelligence Community] Directive, or applicable DOD policy governing the activity. [entire sentence redacted] Obviously, violations of U.S. law and the known collection of processing of U.S. person information are serious compliance issues. Yet the former Board did not request specific information [full line redacted]

Ellen Nakashima’s story on this dissent reveals there were hundreds of such reports.

The program also resulted in hundreds of compliance incidents in 2019, a majority of which were considered “questionable intelligence activities” — a category that means the action may have involved improper surveillance of Americans’ communications, according to U.S. officials, who spoke on the condition of anonymity because details are classified.

As LeBlanc describes it (though much of that is redacted), when PCLOB heard about these hundreds of violations that happened under Donald Trump in the same month that Trump lost the presidency, they didn’t ask what happened.

Instead, they rushed to complete the still unfinished report while they retained a majority.

I have several concerns about the Board process that was followed to apparently approve the unfinished report. In a December 2020 Board meeting, the former majority sought ot vote on the then-unfinished XKEYSCORE report. During the Board meeting at which the vote was taken, we spent several hours discussing the revisions to the body and recommendations that would need to be made to the report. Instead of completing those revisions and then providing sufficient time for Members to review the report and prepare their statements before voting, the former Board majority sought in that meeting to approve the report for this project, ostensibly foreseeing the expiration of former Member Aditya Bamzai’s term at the end of December. Literally on the evening of December 21, former Member Bamzai circulated his statement. Subsequently, the new Board convened in January 2021 and then-Chairman submitted his own intention to resign the same month. Recognizing that the current 2021 Board has not voted on a report that we were still considering for revision as I drafted this statement, I have repeatedly requested a vote by the current Board on the final version of this report, including all final statements of current Members as well as a vote on whether to include the statement of a former Member. The then-current Chairman created a legal fiction to compel the issuing of a former Member’s statement without so much as a vote of the current Board to release this report. I simply cannot support a report that has not been voted on by the current Board that will issue it.

Even while he was pulling a fast one to close up the review of XKEYSCORE before it was done, Klein was writing his own White Paper on FISA that made claims about the soundness of FISA that he had no ability to conclude (most importantly, because PCLOB did not receive any of the applications implicating Sensitive Investigative Matters that should get the most scrutiny.

There were two claims of improper surveillance by NSA in recent days. One, made by a serial fabulist. And another, made by someone with access to classified information, that may affect hundreds of Americans.

The refusal of Republicans on PCLOB to examine the latter violations merits far more attention given the credibility of the reporting source than Tucker Carlson’s claims.

The InfoWars Embed in the CNN First Amendment Lawsuit

CNN is suing Trump and the Secret Service for taking away Jim Acosta’s White House hard pass.

I’ve got mixed feelings about the lawsuit, both as a strategic choice and with regards to how it is argued.

From a strategic standpoint, I absolutely endorse challenging Trump’s abuses in courts, because they are a venue he has fared poorly in, in large part because he’s so legally incompetent in being abusive. And the law around credentialed access is actually pretty problematic. Having a big media journalist call attention to that may be useful. Better to have CNN pay to make this argument about Trump singling out disfavored members than … me!

But by suing Trump while continuing to treat his and Sarah Huckabee Sanders’ press conferences as legitimate news vehicles, you continue to validate the way Trump uses (and denigrates) the media as props in a pageant of tribalism. This lawsuit will actually provide Trump a way to magnify the opposition between him and CNN, to claim he is being attacked by a mean Fake News outlet, thus becoming one more prop in Trump’s performed conflict with the Fake News he uses to debase facts and truth.

Indeed, the lawsuit actually reinforces the claim these staged press conferences are legitimate press vehicle when it claims — as part of its First Amendment claim — that Acosta can’t do his job without hard pass credentials and CNN therefore is deprived of its White House correspondent without one.

Defendants have deprived Plaintiffs of their right to access the White House grounds by revoking Acosta’s White House credentials. Without those credentials, Acosta cannot access the White House and cannot effectively serve as a White House correspondent, thus depriving Plaintiff CNN of its chief White House correspondent

Obviously, CNN can (and has) covered the White House in the time since Trump pulled Acosta’s hard pass. It takes different kinds of reporting, and nowhere does this complaint convincingly argue that the live attendance at press conferences is necessary for them to report on the White House.

Because I think White House press conferences generally, and as practiced under Trump specifically, often serve more to perform journalism rather than conduct it, I think a boycott of White House press conferences would be a better response.

As to how CNN is arguing this. I’m not a lawyer, and definitely not a lawyer of the caliber of Ted Boutrous and Ted Olson (Olson’s inclusion is an especially nice touch both because it suggests CNN is willing to appeal this but also because, earlier this year, Trump tried repeatedly but unsuccessfully to hire Olson as part of his defense team).

But it bothers me that this complaint treats a White House hard pass as a right, rather than arguing that the revocation of a hard pass outside of normal process constitutes an abridgment of the press, one carried out outside the existing process for regulating access to the White House media space (which after all is a finite good). Under the current regime, no one has a right to a hard pass — I probably would be refused one (I even seem to have been bumped off part of the White House email list!). Yet CNN presumes that its necessity for a White House correspondent that (it says, unconvincingly) must have access to the White House media space means it must be given access to a hard pass.

A hard pass is essential for White House reporters because it provides access to areas designated for journalists in the West Wing, on Air Force One, and in other secured areas during presidential trips, which are routinely covered by the White House press corps. For a White House correspondent like Acosta, the White House, or wherever the President is travelling, is his workplace. Indeed, Acosta often writes and broadcasts directly from the White House, working out of a booth in the press area known as the “lower press room” or from the “upper press office,” in close proximity to the Oval Office and the offices of the Press Secretary. Because Acosta’s work requires his physical presence at the White House or on the road with the President, he often goes weeks or months without visiting CNN’s Washington bureau. Accordingly, the press credentials allowing access to the White House grounds and press complex, and to the President and his entourage during trips, are necessary to provide workplace access. Without this credential, a daily White House correspondent like Acosta effectively cannot do his or her job.

The first treatment of the alternative — a daily pass (which is what I’ve had the sole time I covered something at the White House) — is inadequate to the task of showing that the hard pass is a kind of access that the White House should not be able to subject to politics and whim, because it conflates the readiness of access with the arbitrariness under which such access is given.

Without a hard pass, a reporter must ask for advance approval each time he wishes to enter the White House. Such access often needs to be requested at least 24 hours in advance. Since many White House news events, briefings, or appearances are frequently announced day-of, reporters without a hard pass are often effectively unable to cover these events. Further, the White House may decline to admit a reporter requesting daily access. Even if admitted, the reporter must wait in a security line with the general public and be screened before entering the White House and then be escorted by security around the press offices. Without a hard pass, a White House correspondent simply cannot do his job.

The problem with the daily pass is that a journalist obtains one via a far more arbitrary process, giving the discretion for entrance to a White House political appointee who can exercise bias in a pernicious way, rather than the Secret Service. The fact that Acosta was denied a daily pass once already could be used to emphasize that.

The White House also rejected Acosta’s application for a day pass on November 8, 2018.

The details about the Secret Service denying Acosta access in Paris would also be better deployed in an argument about the abridgment of rights that other similarly situated (in Paris, accredited by France) media enjoyed, than in arguing about a right that he has been denied.

On November 9, 2018, Defendants prohibited Acosta from fully covering the President on a trip to Paris to mark the centennial of the end of the First World War. Although Acosta traveled to Paris, he was told that he would not be allowed to access the President’s events, including an event that had been planned (but was ultimately cancelled due to inclement weather) to visit with French President Emmanuel Macron a cemetery to honor the fallen. Although the French government issued credentials to Acosta, the Secret Service refused to allow Acosta to attend an allegedly “open” press event whose attendees included journalists from around the world.

Plus, since CNN has had some of the best reporting of Trump’s trip to Paris, it’s hard to argue they do need access up close (at least for international trips to countries with open press access), but that gets back to the question of how one covers the President.

In short, I think CNN’s argument is weak because it doesn’t see itself as “the press” generally, but instead as some kind of holder of special kind of press status, the holder of a privilege rather than an entity that has had rights shared by all abridged.

That attitude plays out in an amazing passage, one that will likely bring about my favorite outcome of this suit, but one that betrays the odd stance CNN is taking. That’s the discussion of the video Sanders released to try to justify the revocation of Acosta’s pass.

But the video shared by Press Secretary Sanders was apparently doctored, as has been reported widely. It has further been reported that the video Ms. Sanders disseminated to the public came from a contributor to InfoWars, an organization whose “conspiracy theories and hateful content” have led to it “being banned earlier this year by most major social media platforms.”

Analyses comparing the video included in Press Secretary Sanders’s tweet and unaltered video captured by C-SPAN of the same event shows that the version shared by Press Secretary Sanders appears to have been edited. As the Washington Post has explained, the video makes it appear that Acosta “swiftly chop[ped] down on the arm of an aide as he held onto a microphone while questioning President Trump. But in the original video, Acosta’s arm appears to move only as a response to a tussle for the microphone. His statement, ‘Pardon me, ma’am,’ is not included in the video Sanders shared.” Counselor to the President Kellyanne Conway has since attempted to deny the video had been altered but then admitted it had been “sped up.” But the unaltered video captured by C-SPAN shows what really occurred: Acosta was only attempting to hold onto the microphone as the staffer tried to grab it from him. [my emphasis]

When I heard CNN was suing, I immediately laughed at the prospect of the White House having to defend their doctored video. Boutrous and Olson making that case before a jury will make for great legal theater.

But note how they argue this, in a lawsuit about the First Amendment. It describes InfoWars (which at least used to be and still may be credentialed by the White House) not as a media outlet, but as “an organization whose ‘conspiracy theories and hateful content’ have led to it ‘being banned earlier this year by most major social media platforms.'” On top of dodging the question of what distinguishes a conspiracy theory site from a news site — one that might be central to the issue of who should get access to the limited supply of hard passes to the White House — its appeal to authority is that of privatized censorship, the removal of InfoWas from platforms like Facebook, rather than what makes CNN a journalistic outlet but InfoWars a conspiracy site (and even that distinction may be a problematic basis to demand a hard pass under a First Amendment claim).

CNN’s lawsuit does that while also making a second bizarre claim to authority (or lack thereof). The video Sanders used to justify the revocation of Acosta’s hard pass “was apparently doctored,” says a media outlet that elsewhere in this suit brags that it is “a trusted source for news and information [that] reaches more individuals than any other cable television news organization in the United States.” Why doesn’t the media outlet know whether the video was doctored?

This media outlet reverts to the passive voice — “as has been reported widely,” “has further been reported” — to defend its first claim that the video was doctored. In that first claim, it doesn’t even say reported by whom. Are those reporting it anything more credible than InfoWars itself?

Just the fact that something has been claimed in a report does not make that true.

The next paragraph does somewhat better. The first sentence again stops short of stating that the video has been doctored, this time stating that it “appears to have been.”

Analyses comparing the video included in Press Secretary Sanders’s tweet and unaltered video captured by C-SPAN of the same event shows that the version shared by Press Secretary Sanders appears to have been edited.

Finally, in the next sentence, the suit does appeal to an authority — CNN’s competitor, the WaPo (though doesn’t formally cite this article in any way).

As the Washington Post has explained, the video makes it appear that Acosta “swiftly chop[ped] down on the arm of an aide as he held onto a microphone while questioning President Trump. But in the original video, Acosta’s arm appears to move only as a response to a tussle for the microphone.

This is really really weird, for two reasons. First, because the real authorities on the fact that the video was doctored are video editors. CNN employs a shit-ton of them. But there are also experts in video analysis who could offer their expertise for this suit. An uncited WaPo article (WaPo is a very good news organization, but nowhere near as good at video as CNN) simply doesn’t offer an uncontested authority for what should be a slam dunk assertion.

More remarkable still, consider what CNN is treating as “the original video” here, and therefore the true one: CSPAN. While I agree that it is the best record of the incident (though I assume there are a slew of other video feeds, including CNN’s own, that would corroborate what the unedited CSPAN video shows), if CSPAN is the authoritative vehicle to access the truth, then why couldn’t Jim Acosta access the truth of the Trump presidency that way from day to day, the same way I do from flyover country? If CSPAN is “true,” then why isn’t watching a press conference on CSPAN adequate to reporting on a press conference? (I actually know some journalists with hard passes who stay in the White House media room for such events, because they know they’ll never get called on to ask a question.)

The answer is two-fold. Now that Sanders has started offering doctored video, someone needs to be in the room as a witness to certify that what a video shows is what actually happened (CNN’s suit cites two live witnesses, including the Daily Caller’s Chuck Ross, to prove that Sander’s version of events is wrong).

But the other answer is one that puts us immediately back in the realm of privilege, not rights. The reason CNN can’t cover White House press conferences via CSPAN is because reporters need to be in the room to ask questions. Indeed, CNN is quite privileged, even among those holding hard passes, in that the Sanders and Trump frequently do take questions from them — from Jim Acosta himself.

So is this about privilege, what separates CNN from media outlet emptywheel and conspiracy outlet InfoWars? Or is this about an abridged right, the right to be treated as all other outlets are under a credentialing system?

I’m not sure CNN is sure about the answer to that. And the hierarchy of authorities it appeals to in its complaint adopts a really problematic approach to the “truth” that a news outlet would seem to be claiming.

Update: Because I’ve been informed that CNN believes it is making a revocation of access argument, let me add two points.

First, a good revocation of access argument would distinguish more acutely the difference between a hard pass (which is administered significantly by Secret Service) and a daily pass (which is administered by White House political appointees, and requires a separate transaction with USSS at the door, which is why you have to go through the line). The distinction is there, but not made as starkly as it should that one kind of access involves a quasi neutral process, while the other doesn’t pretend to be.

Relatedly, while the suit does raise the fact that Acosta’s hard pass (indeed, all of them) is a two-year renewable pass,

Acosta began reporting from the White House in 2012. In 2013, to gain regular access to the White House, like all White House correspondents, he applied for White House press credentials and a security clearance in order to obtain what is called a “hard pass.” Acosta underwent a Secret Service background check and was granted a “hard pass,” which is valid for renewable two-year periods.

But I expected the suit to return to that two-year pass in this passage, where it addresses the limits of USSS discretion.

Generally, the Secret Service may grant or deny a request for a security clearance made in connection with an application for a White House press pass. 31 C.F.R. § 409.1. However, the Secret Service’s discretion is expressly limited. Secret Service officials making that decision must “be guided solely by the principle of whether the applicant presents a potential source of physical danger to the President and/or the family of the President so serious as to justify his or her exclusion from White House press privileges.” Id. In applying that standard, the Special Agent in Charge of the Secret Service, Technical Security Division must apply designated procedures governing notices, responses, and hearings regarding decisions about applications. Id. § 409.2.

Notably, this language talks about the initial grant, but it doesn’t talk about the maintenance of that grant, which is what is assumed for a pass good for two years. That’s where the question of revocation by the supposed neutral authority should show up, in my opinion.

Trump’s Legal Team: “If the Law and the Facts Are Against You, Pound the Table and Yell Like Hell”

Folks in the White House keep telling Maggie Haberman and Mike Schmidt about imminent changes to his legal team.

March 10: Emmet Flood

On March 10, it was that the superb Emmet Flood — who among other things, kept Dick Cheney out of the pokey — would join his team. The possibility was based on a meeting (now over 10 days ago) described as “an overture.”

The lawyer, Emmet T. Flood, met with Mr. Trump in the Oval Office this past week to discuss the possibility, according to the people. No final decision has been made, according to two of the people.

Should Mr. Flood come on board, the two people said, his main duties would be a day-to-day role helping the president navigate his dealings with the Justice Department.

Two people close to the president said that the overture to Mr. Flood did not indicate any new concerns about the inquiry. Still, it appears, at the least, to be an acknowledgment that the investigation is unlikely to end anytime soon.

The story admitted that Flood had said no to a similar offer last summer, at such time when Flood might have set the legal strategy and established ground rules for his client.

As recently as the summer, Mr. Flood, who currently works at the law firm Williams & Connolly, turned down an opportunity to represent Mr. Trump. It is not clear what has changed since then.

It also claimed that Flood was the only lawyer the White House had approached.

Mr. Flood had been on the wish list of some of the president’s advisers to join his legal team last year, and he is the only person the White House has been in contact with about such a leading role.

It also included the bizarre notion that Ty Cobb’s job was meant to end as soon as the White House had turned over all the documents Robert Mueller wanted.

Mr. Cobb has told friends for weeks that he views his position as temporary and does not expect to remain in the job for much longer.

Mr. Cobb’s primary task — producing documents for Mr. Mueller and arranging for White House aides to meet with prosecutors — is largely complete.

March 19: Joseph Di Genova

Then, on Monday, Maggie and Mike reported that Joseph Di Genova would join the team. The former US Attorney wouldn’t actually be lawyering so much as pounding the table and inventing conspiracy theories (best as I can tell, pounding tables is supposed to be Trump’s current lawyer, Jay Sekulow’s job, but he seems to have taken to hiding under the bed of late).

Mr. diGenova, a former United States attorney, is not expected to take a lead role. But he will serve as an outspoken player for the president as Mr. Trump has increased his attacks on the special counsel, Robert S. Mueller III. Mr. Trump broke over the weekend from the longstanding advice of some of his lawyers that he refrain from directly criticizing Mr. Mueller, a sign of his growing unease with the investigation.

It’s just as well that Di Genova wouldn’t be doing any lawyering given that in 1997, he argued that sitting presidents could be indicted, a view that would make it easier for Mueller to charge his supposed client.

Somehow, this story didn’t explain a big puzzle about the hiring: how Di Genova could represent the president when his wife, Victoria Toensing, has represented three other people in the investigation, at least one of whom gave apparently damning testimony to Mueller’s investigators.

Mr. diGenova is law partners with his wife, Victoria Toensing. Ms. Toensing has also represented Sam Clovis, the former Trump campaign co-chairman, and Erik Prince, the founder of the security contractor Blackwater and an informal adviser to Mr. Trump. Mr. Prince attended a meeting in January 2017 with a Russian investor in the Seychelles that the special counsel is investigating.

Ms. Toensing also represents Mark Corallo, the former spokesman for the Trump legal team who has accused one of the president’s advisers of potentially planning to obstruct justice with a statement related to a 2016 meeting between Donald Trump Jr. and a Russian lawyer who supposedly had damaging information on Hillary Clinton.

While it’s certainly possible Di Genova could clear up the conflict with Clovis and Prince, Corallo reportedly testified that Hope Hicks, having met one-on-one with Trump, suggested that emails regarding the June 9, 2016 meeting could be buried.

March 20: Ted Olson

Then, today, multiple outlets claimed that Ted Olson was under consideration. That’d be weird, given that Trump wants to claim that Robert Mueller has conflicts on account of his association with Jim Comey, yet Olson was as integrally involved in the most famous Comey-Mueller event — the hospital hero challenge to Stellar Wind in 2004 — as Mueller was. Plus, Olson’s name is on the Supreme Court precedent that deemed even the more expansive special prosecutor statute constitutional.

Which is to say that Olson may be the best active Republican lawyer with the possible exception of his former deputy, Paul Clement (hey, why isn’t Clement being floated?), but it’s not clear he would help Trump much, even if he could get Trump to follow instructions.

Yet the pushback from Olson’s firm suggests he was never really considering this offer (which raises questions about whether Flood, who like Olson also considered and rejected the position last year, is taking this offer any more seriously). It seems Trump wants to create the appearance, at least, that serious lawyers will still consider representing him.

Trump’s existing lawyers prepare to bolt

As it turns out, Trump didn’t tell his existing lawyers about a number of these conversations. And even aside from the shit shingle they’re facing, particularly as it becomes clear to Trump they were lying to him all last year about how long this inquiry would be and how serious Trump’s jeopardy is, they’re all getting tired babysitting the president.

The hiring of diGenova on Monday, first reported by the New York Times, infuriated Dowd, who responded angrily to the development, according to people familiar with his reaction, who spoke on the condition of anonymity to share internal details. Dowd views diGenova as pushing him to be the second chair rather than top dog on Trump’s legal team, these people said. But Dowd said in an email to a Post reporter that he’s perfectly happy with the new addition: “Love Joe.”

Dowd, however, has lost the confidence of many in the president’s orbit, both inside and outside the White House. In December, after Trump tweeted that he had fired his former national security adviser Michael Flynn because Flynn had lied to both the vice president and the FBI, Dowd later claimed that he was the one who had drafted the missive.

One outside adviser described Dowd as “the weakest link” in the team.

McGahn and Cobb have also had their share of tension. While Cobb has urged the president to cooperate with Mueller and hand over documents to his investigators, McGahn has pushed a more aggressive approach, according to people familiar with his work.

McGahn has said the legal team should make the special counsel subpoena every document, explain every interview and fight for every piece of information, one person said. A second White House aide said McGahn has questioned the constitutional status of the special counsel position.

But McGahn and Trump have also clashed repeatedly since entering the White House, and one former administration official said the president mused at least three times that perhaps he should hire a new counsel.

McGahn has told associates that he is exhausted and frustrated at times in the job, but that he has been able to make a historic impact on appointing judges and reducing regulations and that he would like to be around for a second Supreme Court opening, one friend said. McGahn also has a strong relationship with Kelly.

So Trump’s lawyers (with the possible exception of Don McGahn, who’ll stay so long as he can pack the courts with unqualified ideologues) want out, and none of the real lawyers he’s approaching want to have anything to do with him.

When Rick Gates ran his defense team like this, he had a way out: to flip on Paul Manafort and Trump himself.

But who will Trump flip on? Vladimir Putin?

This is the most remarkable thing to behold. The most powerful man in the world is having difficulties getting anyone but a washed out table-pounder to represent him in the most high profile investigation in recent years.

A Dragnet of emptywheel’s Most Important Posts on Surveillance, 2007 to 2017

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten this week.

To celebrate, the emptywheel team has been sharing some of our favorite work from the last decade. This is my massive dragnet of surveillance posts.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2007

Whitehouse Reveals Smoking Gun of White House Claiming Not to Be Bound by Any Law

Just days after opening the new digs, I noticed Sheldon Whitehouse entering important details into the Senate record — notably, that John Yoo had pixie dusted EO 12333 to permit George Bush to authorize the Stellar Wind dragnet. In the ten years since, both parties worked to gradually expand spying on Americans under EO 12333, only to have Obama permit the sharing of raw EO 12333 data in its last days in office, completing the years long project of restoring Stellar Wind’s functionalities. This post, from 2016, analyzes a version of the underlying memo permitting the President to change EO 12333 without providing public notice he had done so.

2008

McConnell and Mukasey Tell Half Truths

In the wake of the Protect America Act, I started to track surveillance legislation as it was written, rather than figure out after the fact how the intelligence community snookered us. In this post, I examined the veto threats Mike McConnell and Michael Mukasey issued in response to some Russ Feingold amendments to the FISA Amendments Act and showed that the government intended to use that authority to access Americans’ communication via both what we now call back door searches and reverse targeting. “That is, one of the main purposes is to collect communications in the United States.”

9 years later, we’re still litigating this (though, since then FISC has permitted the NSA to collect entirely domestic communications under the 2014 exception).

2009

FISA + EO 12333 + [redacted] procedures = No Fourth Amendment

The Government Sez: We Don’t Have a Database of All Your Communication

After the FISCR opinion on what we now know to be the Yahoo challenge to Protect American Act first got declassified, I identified several issues that we now have much more visibility on. First, PAA permitted spying on Americans overseas under EO 12333. And it didn’t achieve particularity through the PAA, but instead through what we know to be targeting procedures, including contact chaining. Since then we’ve learned the role of SPCMA in this.

In addition, to avoid problems with back door searches, the government claimed it didn’t have a database of all our communication — a claim that, narrowly parsed might be true, but as to the intent of the question was deeply misleading. That claim is one of the reasons we’ve never had a real legal review of back door searches.

Bush’s Illegal Domestic Surveillance Program and Section 215

On PATRIOTs and JUSTICE: Feingold Aims for Justice

During the 2009 PATRIOT Act reauthorization, I continued to track what the government hated most as a way of understanding what Congress was really authorizing. I understood that Stellar Wind got replaced not just by PAA and FAA, but also by the PATRIOT authorities.

All of which is a very vague way to say we probably ought to be thinking of four programs–Bush’s illegal domestic surveillance program and the PAA/FAA program that replaced it, NSLs, Section 215 orders, and trap and trace devices–as one whole. As the authorities of one program got shut down by exposure or court rulings or internal dissent, it would migrate to another program. That might explain, for example, why Senators who opposed fishing expeditions in 2005 would come to embrace broadened use of Section 215 orders in 2009.

I guessed, for example, that the government was bulk collecting data and mining it to identify targets for surveillance.

We probably know what this is: the bulk collection and data mining of information to select targets under FISA. Feingold introduced a bajillion amendments that would have made data mining impossible, and each time Mike McConnell and Michael Mukasey would invent reasons why Feingold’s amendments would have dire consequences if they passed. And the legal information Feingold refers to is probably the way in which the Administration used EO 12333 and redacted procedures to authorize the use of data mining to select FISA targets.

Sadly, I allowed myself to get distracted by my parallel attempts to understand how the government used Section 215 to obtain TATP precursors. As more and more people confirmed that, I stopped pursuing the PATRIOT Act ties to 702 as aggressively.

2010

Throwing our PATRIOT at Assange

This may be controversial, given everything that has transpired since, but it is often forgotten what measures the US used against Wikileaks in 2010. The funding boycott is one thing (which is what led Wikileaks to embrace Bitcoin, which means it is now in great financial shape). But there’s a lot of reason to believe that the government used PATRIOT authorities to target not just Wikileaks, but its supporters and readers; this was one hint of that in real time.

2011

The March–and April or May–2004 Changes to the Illegal Wiretap Program

When the first iteration of the May 2004 Jack Goldsmith OLC memo first got released, I identified that there were multiple changes made and unpacked what some of them were. The observation that Goldsmith newly limited Stellar Wind to terrorist conversations is one another reporter would claim credit for “scooping” years later (and get the change wrong in the process). We’re now seeing the scope of targeting morph again, to include a range of domestic crimes.

Using Domestic Surveillance to Get Rapists to Spy for America

Something that is still not widely known about 702 and our other dragnets is how they are used to identify potential informants. This post, in which I note Ted Olson’s 2002 defense of using (traditional) FISA to find rapists whom FBI can then coerce to cooperate in investigations was the beginning of my focus on the topic.

2012

FISA Amendments Act: “Targeting” and “Querying” and “Searching” Are Different Things

During the 2012 702 reauthorization fight, Ron Wyden and Mark Udall tried to stop back door searches. They didn’t succeed, but their efforts to do so revealed that the government was doing so. Even back in 2012, Dianne Feinstein was using the same strategy the NSA currently uses — repeating the word “target” over and over — to deny the impact on Americans.

Sheldon Whitehouse Confirms FISA Amendments Act Permits Unwarranted Access to US Person Content

As part of the 2012 702 reauthorization, Sheldon Whitehouse said that requiring warrants to access the US person content collected incidentally would “kill the program.” I took that as confirmation of what Wyden was saying: the government was doing what we now call back door searches.

2013

20 Questions: Mike Rogers’ Vaunted Section 215 Briefings

After the Snowden leaks started, I spent a lot of time tracking bogus claims about oversight. After having pointed out that, contrary to Administration claims, Congress did not have the opportunity to be briefed on the phone dragnet before reauthorizing the PATRIOT Act in 2011, I then noted that in one of the only briefings available to non-HPSCI House members, FBI had lied by saying there had been no abuses of 215.

John Bates’ TWO Wiretapping Warnings: Why the Government Took Its Internet Dragnet Collection Overseas

Among the many posts I wrote on released FISA orders, this is among the most important (and least widely understood). It was a first glimpse into what now clearly appears to be 7 years of FISA violation by the PRTT Internet dragnet. It explains why they government moved much of that dragnet to SPCMA collection. And it laid out how John Bates used FISA clause 1809(a)(2) to force the government to destroy improperly collected data.

Federated Queries and EO 12333 FISC Workaround

In neither NSA nor FBI do the authorities work in isolation. That means you can conduct a query on federated databases and obtain redundant results in which the same data point might be obtained via two different authorities. For example, a call between Michigan and Yemen might be collected via bulk collection off a switch in or near Yemen (or any of the switches between there and the US), as well as in upstream collection from a switch entering the US (and all that’s assuming the American is not targeted). The NSA uses such redundancy to apply the optimal authority to a data point. With metadata, for example, it trained analysts to use SPCMA rather than PATRIOT authorities because they could disseminate it more easily and for more purposes. With content, NSA appears to default to PRISM where available, probably to bury the far more creative collection under EO 12333 for the same data, and also because that data comes in structured form.

Also not widely understood: the NSA can query across metadata types, returning both Internet and phone connection in the same query (which is probably all the more important now given how mobile phones collapse the distinction between telephony and Internet).

This post described how this worked with the metadata dragnets.

The Purpose(s) of the Dragnet, Revisited

The government likes to pretend it uses its dragnet only to find terrorists. But it does far more, as this analysis of some court filings lays out.

2014

The Corporate Store: Where NSA Goes to Shop Your Content and Your Lifestyle

There’s something poorly understood about the metadata dragnets NSA conducts. The contact-chaining isn’t the point. Rather, the contact-chaining serves as a kind of nomination process that puts individuals’ selectors, indefinitely, into the “corporate store,” where your identity can start attracting other related datapoints like a magnet. The contact-chaining is just a way of identifying which people are sufficiently interesting to submit them to that constant, ongoing data collection.

SPCMA: The Other NSA Dragnet Sucking In Americans

I’ve done a lot of work on SPCMA — the authorization that, starting in 2008, permitted the NSA to contact chain on and through Americans with EO 12333 data, which was one key building block to restoring access to EO 12333 analysis on Americans that had been partly ended by the hospital confrontation, and which is where much of the metadata analysis affecting Americans has long happened. This was my first comprehensive post on it.

The August 20, 2008 Correlations Opinion

A big part of both FBI and NSA’s surveillance involves correlating identities — basically, tracking all the known identities a person uses on telephony and the Internet (and financially, though we see fewer details of that), so as to be able to pull up all activities in one profile (what Bill Binney once called “dossiers”). It turns out the FISC opinion authorizing such correlations is among the documents the government still refuses to release under FOIA. Even as I was writing the post Snowden was explaining how it works with XKeyscore.

A Yahoo! Lesson for USA Freedom Act: Mission Creep

This is another post I refer back to constantly. It shows that, between the time Yahoo first discussed the kinds of information they’d have to hand over under PRISM in August 2007 and the time they got directives during their challenge, the kinds of information they were asked for expanded into all four of its business areas. This is concrete proof that it’s not just emails that Yahoo and other PRISM providers turn over — it’s also things like searches, location data, stored documents, photos, and cookies.

FISCR Used an Outdated Version of EO 12333 to Rule Protect America Act Legal

Confession: I have an entire chapter of the start of a book on the Yahoo challenge to PRISM. That’s because so much about it embodied the kind of dodgy practices the government has, at the most important times, used with the FISA Court. In this post, I showed that the documents that the government provided the FISCR hid the fact that the then-current versions of the documents had recently been modified. Using the active documents would have shown that Yahoo’s key argument — that the government could change the rules protecting Americans anytime, in secret — was correct.

2015

Is CISA the Upstream Cyber Certificate NSA Wanted But Didn’t Really Get?

Among the posts I wrote on CISA, I noted that because the main upstream 702 providers have a lot of federal business, they’ll “voluntarily” scan on any known cybersecurity signatures as part of protecting the federal government. Effectively, it gives the government the certificate it wanted, but without any of the FISA oversight or sharing restrictions. The government has repeatedly moved collection to new authorities when FISC proved too watchful of its practices.

The FISA Court’s Uncelebrated Good Points

Many civil libertarians are very critical of the FISC. Not me. In this post I point out that it has policed minimization procedures, conducted real First Amendment reviews, taken notice of magistrate decisions and, in some cases, adopted the highest common denominator, and limited dissemination.

How the Government Uses Location Data from Mobile Apps

Following up on a Ron Wyden breadcrumb, I figured out that the government — under both FISA and criminal law — obtain location data from mobile apps. While the government still has to adhere to the collection standard in any given jurisdiction, obtaining the data gives the government enhanced location data tied to social media, which can implicate associates of targets as well as the target himself.

The NSA (Said It) Ate Its Illegal Domestic Content Homework before Having to Turn It in to John Bates

I’m close to being able to show that even after John Bates reauthorized the Internet metadata dragnet in 2010, it remained out of compliance (meaning NSA was always violating FISA in obtaining Internet metadata from 2002 to 2011, with a brief lapse). That case was significantly bolstered when it became clear NSA hastily replaced the Internet dragnet with obtaining metadata from upstream collection after the October 2011 upstream opinion. NSA hid the evidence of problems on intake from its IG.

FBI Asks for at Least Eight Correlations with a Single NSL

As part of my ongoing effort to catalog the collection and impact of correlations, I showed that the NSL Nick Merrill started fighting in 2004 asked for eight different kinds of correlations before even asking for location data. Ultimately, it’s these correlations as much as any specific call records that the government appears to be obtaining with NSLs.

2016

What We Know about the Section 215 Phone Dragnet and Location Data

During the lead-up to the USA Freedom Debate, the government leaked stories about receiving a fraction of US phone records, reportedly because of location concerns. The leaks were ridiculously misleading, in part because they ignored that the US got redundant collection of many of exactly the same calls they were looking for from EO 12333 collection. Yet in spite of these leaks, the few figured out that the need to be able to force Verizon and other cell carriers to strip location data was a far bigger reason to pass USAF than anything Snowden had done. This post laid out what was known about location data and the phone dragnet.

While It Is Reauthorizing FISA Amendments Act, Congress Should Reform Section 704

When Congress passed FISA Amendments Act, it made a show of providing protections to Americans overseas. One authority, Section 703, was for spying on people overseas with help of US providers, and another was for spying on Americans overseas without that help. By May 2016, I had spent some time laying out that only the second, which has less FISC oversight, was used. And I was seeing problems with its use in reporting. So I suggested maybe Congress should look into that?

It turns out that at precisely that moment, NSA was wildly scrambling to get a hold on its 704 collection, having had an IG report earlier in the year showing they couldn’t audit it, find it all, or keep it within legal boundaries. This would be the source of the delay in the 702 reauthorization in 2016, which led to the prohibition on about searches.

The Yahoo Scan: On Facilities and FISA

The discussion last year of a scan the government asked Yahoo to do of all of its users was muddled because so few people, even within the privacy community, understand how broadly the NSA has interpreted the term “selector” or “facility” that it can target for collection. The confusion remains to this day, as some in the privacy community claim HPSCI’s use of facility based language in its 702 reauthorization bill reflects new practice. This post attempts to explain what we knew about the terms in 2016 (though the various 702 reauthorization bills have offered some new clarity about the distinctions between the language the government uses).

2017

Ron Wyden’s History of Bogus Excuses for Not Counting 702 US Person Collection

Ron Wyden has been asking for a count of how many Americans get swept up under 702 for years. The IC has been inventing bogus explanations for why they can’t do that for years. This post chronicles that process and explains why the debate is so important.

The Kelihos Pen Register: Codifying an Expansive Definition of DRAS?

When DOJ used its new Rule 41 hacking warrant against the Kelihos botnet this year, most of the attention focused on that first-known usage. But I was at least as interested in the accompanying Pen Register order, which I believe may serve to codify an expansion of the dialing, routing, addressing, and signaling information the government can obtain with a PRTT. A similar codification of an expansion exists in the HJC and Lee-Leahy bills reauthorizing 702.

The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion

The title speaks for itself. I don’t even consider Rosemary Collyer’s 2017 approval of 702 certificates her worst FISA opinion ever. But it is part of the reason why I consider her the worst FISC judge.

It Is False that Downstream 702 Collection Consists Only of To and From Communications

I pointed out a number of things not raised in a panel on 702, not least that the authorization of EO 12333 sharing this year probably replaces some of the “about” collection function. Most of all, though, I reminded that in spite of what often gets claimed, PRISM is far more than just communications to and from a target.

UNITEDRAKE and Hacking under FISA Orders

A document leaked by Shadow Brokers reveals a bit about how NSA uses hacking on FISA targets. Perhaps most alarmingly, the same tools that conduct such hacks can be used to impersonate a user. While that might be very useful for collection purposes, it also invites very serious abuse that might create a really nasty poisonous tree.

A Better Example of Article III FISA Oversight: Reaz Qadir Khan

In response to Glenn Gerstell’s claims that Article III courts have exercised oversight by approving FISA practices (though the reality on back door searches is not so cut and dry), I point to the case of Reaz Qadir Khan where, as Michael Mosman (who happens to serve on FISC) moved towards providing a CIPA review for surveillance techniques, Khan got a plea deal.

The NSA’s 5-Page Entirely Redacted Definition of Metadata

In 2010, John Bates redefined metadata. That five page entirely redacted definition became codified in 2011. Yet even as Congress moves to reauthorize 702, we don’t know what’s included in that definition (note: location would be included).

FISA and the Space-Time Continuum

This post talks about how NSA uses its various authorities to get around geographical and time restrictions on its spying.

The Senate Intelligence Committee 702 Bill Is a Domestic Spying Bill

This is one of the most important posts on FISA I’ve ever written. It explains how in 2014, to close an intelligence gap, the NSA got an exception to the rule it has to detask from a facility as soon as it identifies Americans using the facility. The government uses it to collect on Tor and, probably VPN, data. Because the government can keep entirely domestic communications that the DIRNSA has deemed evidence of a crime, the exception means that 702 has become a domestic spying authority for use with a broad range of crimes, not to mention anything the Attorney General deems a threat to national security.

“Hype:” How FBI Decided Searching 702 Content Was the Least Intrusive Means

In a response to a rare good faith defense of FBI’s back door searches, I pointed out that the FBI is obliged to consider the least intrusive means of investigation. Yet, even while it admits that accessing content like that obtained via 702 is extremely intrusive, it nevertheless uses the technique routinely at the assessment level.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

10 Years of emptywheel: Jim’s Dimestore

702 Reauthorization Bill: Why a Back Door Fix for Criminal Searches Is Meaningless

In this post, I explained how the House Judiciary Committee Section 702 reauthorization bill only closes the back door search loophole for “quer[ies] for evidence of a crime.” In addition, they let the government define what a “query reasonably designed for the primary purpose of returning foreign intelligence information” is, which means they’re basically punting on defining it themselves until 2023.

Given that treatment, the back door search fix is virtually useless, because for every search that might return the communications of an American, the government can always claim they’re considering recruiting the American as an informant.

Any communication queryable by back door search by definition involves a person of interest for a foreign intelligence reason

To understand why, first remember why FBI would get this information in the first place. They can only get raw 702 data if they have an active full investigation — and by definition, the targets of that that active full investigation are going to be targeted for the same reasons the target would be targeted by NSA, because they are of national security interest, pertaining to counterterrorism, counterproliferation, and counterintelligence/nation-state hacking.

Thus, any American whose communications might come up in a back door search will — by definition — be someone talking to a target of interest. That doesn’t mean they’re talking to a “bad guy,” as US national security professionals insist on speaking of adversaries. They’re just someone who has foreign intelligence information related to one of those three-plus topics.

Since 2002, the government has insisted that any crime — including rape — can be foreign intelligence information

The precedent that determined the limits of the government’s use of FISA-obtained information in criminal proceedings came in the 2002 In Re Sealed case challenge where the FISA Court of Review deemed the PATRIOT Act’s adoption of “significant purpose” language in FISA targeting to permit the sharing of information for criminal purposes.

As part of that case, the government claimed it could use criminal information to recruit a foreign spy.

Thus, for example, where information is relevant or necessary to recruit a foreign spy or terrorist as a double agent, that information is “foreign intelligence information” if the recruitment effort will “protect against” espionage or terrorism.

[snip]

Whether the government intends to prosecute a foreign spy or recruit him as a double agent (or use the threat of the former to accomplish the latter), the investigation will often be long range, involve the interrelation of various sources and types of information, and present unusual difficulties because of the special training and support available to foreign enemies of this country. [my emphasis]

During the hearing, FISCR judge Laurence Silberman tried to get Solicitor General Ted Olson to envision some kind of crime that couldn’t be used for foreign intelligence purpose, suggesting rape. But even that, Olson argued, could be deemed foreign intelligence information, because the government could use evidence of rape to coerce someone to become an informant.

OLSON: And it seems to me, if anything, it illustrates the position that we’re taking about here. That, Judge Silberman, makes it clear that to the extent a FISA-approved surveillance uncovers information that’s totally unrelated — let’s say, that a person who is under surveillance has also engaged in some illegal conduct, cheating —

JUDGE LEAVY: Income tax.

SOLICITOR GENERAL OLSON: Income tax. What we keep going back to is practically all of this information might in some ways relate to the planning of a terrorist act or facilitation of it.

JUDGE SILBERMAN: Try rape. That’s unlikely to have a foreign intelligence component.

SOLICITOR GENERAL OLSON: It’s unlikely, but you could go to that individual and say we’ve got this information and we’re prosecuting and you might be able to help us. I don’t want to foreclose that.

JUDGE SILBERMAN: It’s a stretch.

SOLICITOR GENERAL OLSON: It is a stretch but it’s not impossible either. [my emphasis]

The previous year, in 2001, the government had used the threat of a rape prosecution against Abu Zubaydah’s brother, Hesham Abu Zubaydah (who had had calls with his brother picked up on wiretaps), to convince him to become an informant. The FISCR decision certainly didn’t endorse approving individual FISA warrants to find proof of crimes that could be used to flip people. But neither did it place meaningful limits (and why should it, given that in those halcyon days all FISA orders were individualized).

In years since then, the government has repeatedly told the FISC they’re using programmatic spying to find informants. In both 2006 and 2009 it said it would use the phone dragnet “to discover individuals willing to become U.S. Government assets.” (see PDF 22 for citations to two Keith Alexander statements) That’s also one way the FBI measured the efficacy of Stellar Wind.

The Gartenlaub case shows FBI will use kiddie porn to (attempt to recruit) foreign intelligence informants

This is one reason the Keith Gartenlaub case is so important, in which the government used a criminal warrant, then a FISA warrant, then another criminal warrant to obtain evidence that Gartenlaub had nine-year old kiddie porn on his hard drives. The government justified all those warrants based on the claim that Gartenlaub was working with his Chinese in-laws — who always got described as influential in China — to steal Boeing information to share with China. Ultimately, they found no evidence of that.

I will eventually show evidence that the government also used Section 702 against Gartenlaub, probably (at a minimum) to obtain the Skype conversations he had with his in-laws, who would be targetable as influential Chinese citizens.

In any case, in association with the Gartenlaub case, the government changed both the individual FISA and the Section 702 minimization procedures to permit the sharing of data collected under FISA with the National Center for Missing and Exploited Children, meaning they can use FISA to obtain information on kiddie porn in the name of foreign intelligence collection.

After they indicted Gartenlaub, the government offered to drop the charges for information on the spying with China.

During his initial appearance in a federal courthouse in Santa Ana, Calif., the prosecutors indicated a willingness to reduce or drop the child pornography charges if he would tell them about the C-17, said Sara Naheedy, Gartenlaub’s attorney at the time.

Even at that late date, after eighteen months, two criminal warrants, and a FISA warrant, the government was treating Gartenlaub’s alleged kiddie porn possession as potential foreign intelligence information.

One purpose of assessments — and queries conducted under them — is to assess people to become informants

Every description of back door searches is clear: FBI can use them at the assessment level (that is, when they’re trying to figure out whether to open a full investigation).

[W]henever the FBI opens a new national security investigation or assessment, FBI personnel will query previously acquired information from a variety of sources, including Section 702, for information relevant to the investigation or assessment. With some frequency, FBI personnel will also query this data, including Section 702– acquired information, in the course of criminal investigations and assessments that are unrelated to national security efforts. In the case of an assessment, an assessment may be initiated “to detect, obtain information about, or prevent or protect against federal crimes or threats to the national security or to collect foreign intelligence information.

And FBI’s Domestic Investigations and Operations Guide is equally clear: the FBI uses assessments to determine whether people would make good informants. For example, the DIOG describes this scenario — which sounds just like what happened to Professor Xiaoxiang Xi — among its scenarios for using assessments.

A field office has a Full Investigation open on a group of individuals from country X believed to be targeting engineers and high-tech workers involved in the production of semiconductor chips. Evidence in the Full Investigation suggests that the individuals from country X are attempting to recruit the engineers and high tech workers to steal information regarding the semiconductor chips in exchange for money. During the investigation, an engineer who travels frequently to country X has been identified.

Information developed during the Predicated Investigation may be used to determine whether the engineer should be viewed as a subject of the investigation or a potential [Confidential Human Source]. If the engineer is determined to be a subject of the Full Investigation, a Type 5 Assessment may not be opened and the engineer needs to be opened as the target of a Full Investigation. If the primary focus of the FBI’s interest is to determine whether the individual may be a potential source, a Type 5 Assessment should be opened to collect information necessary to determine whether the FBI should attempt to recruit the engineer as a CHS. (PDF 117)

Remember: the FBI can obtain any 702 data related to a full investigation like the one described here. And Chinese scientists suspected of IP theft would be clear targets under the Foreign Government certificate. So it is solidly within the realm of possibility that the government would target Chinese scientists, obtain conversations (like the one that Xi got targeted for) about semiconductors, and then find that information at a later time when researching the American whose communication got collected incidentally.

That’s the problem with trying to fix the back door loophole while still permitting back door searches for foreign intelligence assessments: because it’s not until the government pulls up the information at the assessment stage — and it may well be years later, as was the case for Gartenlaub — that the government decides whether they’re going to use it and its fruits as foreign intelligence or criminal information.

Former Top Holder Aide Says Back Door Searches Violate Fourth Amendment; FISC Judge Thomas Hogan Doesn’t Care

My apologies to Amy Jeffress.

When I first realized that FISA Court Presiding Judge Thomas Hogan picked her to serve as amicus for the review of the yearly 702 certifications last year, I complained that she, not Marc Zwillinger, got selected (the pick was made in August, but Jeffress would later be picked as one of the standing amicus curiae, along with Zwillinger). After all, Zwillinger has already argued that PRISM (then authorized by Protect America Act) was unconstitutional when he represented Yahoo in its challenge of the program. He’s got experience making this precise argument. Plus, Jeffress not only is a long-time national security prosecutor and former top Eric Holder aide, but she has been involved in some actions designed to protect the Executive. I still think Zwillinger might have done a better job. But Jeffress nevertheless made what appears to be a vigorous, though unsuccessful, argument that FBI’s back door searches of US person data are unconstitutional.

A former top DOJ lawyer believes FBI’s back door queries are unconstitutional

But it says a lot that Jeffress — someone who narrowly missed being picked as Assistant Attorney General for National Security and who presumably got at least some visibility on back door searches when working with Holder — argued that FBI’s warrantless back door searches of communications collected under Section 702 is unconstitutional. (I presume it would be unethical for Jeffress to use information learned while counseling Holder in this proceeding, which might have put her in an interesting position of knowing more than she could say.)

Sadly, Hogan didn’t care. Worse, his argument for not caring doesn’t make sense. As I’ll note, not only did Hogan pick a less than optimal person to make this argument, but he may have narrowly scoped her input, which may have prevented her from raising evidence in Hogan’s own opinion that his legal conclusion was problematic.

To be clear, Jeffress was no flaming hippie. She found no problem with the NSA and CIA practice of back door searches, concluding, “that the NSA and CIA minimization procedures are sufficient to ensure that the use of U.S. person identifiers for th[e] purpose of [querying Section 702-acquired information] complies with the statutory requirements of Section 702 and with the Fourth Amendment.” But she did find the FBI practice problematic.

Jeffress’ amicus brief included at least 10 pages of discussion of her concerns with the practice, though ODNI did not release her brief and Hogan cited very limited bits of it. She argued, “the FISA process cannot be used as a device to investigate wholly unrelated ordinary crimes” and said because the queries could do so they “go far beyond the purpose for which the Section 702-acquired information is collected in permitting queries that are unrelated to national security.”

To dismiss Jeffress’ arguments, Hogan does several things. He,

  • Notes the statute requires foreign intelligence just be “a significant purpose” of the collection, and points back to the 2002 In Re Sealed Case FISCR decision interpreting the “significant purpose” language added in the PATRIOT Act to permit the use of traditional FISA information for prosecutions
  • Cites the FISA minimization procedure language that “allow[s] for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed”
  • Dismisses a former top DOJ official’s concerns about the use of FISA data for non-national security crimes as “hypothetical”
  • Doesn’t address — at all — language in the FBI minimization procedures that permits querying of data for assessments and other unspecified uses
  • Invests a lot of faith in FBI’s access and training requirements that later parts of his opinion undermine

There are several problems with his argument.

In Re Sealed Case ties “significant purpose” to the target of an interception

First, Hogan extends the scope of what the FISA Court of Review interpreted the term “significant purpose,” which got added to traditional FISA in the PATRIOT Act and then adopted in FISA Amendments Act.

Hogan cites the FISCR decision in In Re Sealed Case to suggest it authorized the use of information against non-targets of surveillance. He does so by putting the court’s ultimate decision after caveats it uses to modify that. “The Court of Review concluded that it would be an “anomalous reading” of the “significant purpose” language of 50 U.S.C. § 1804(a)(6)(B) to allow the use of electronic surveillance in such a case. See id. at 736. The Court nevertheless stressed, however, that “[s]o long as the government entertains a realistic option of dealing with the agent other than through criminal prosecution that it satisfies the significant purpose test.”

But that’s not what FISCR found. Here’s how that reads in the original, with Hogan’s citations emphasized.

On the one hand, Congress did not amend the definition of foreign intelligence information which, we have explained, includes evidence of foreign intelligence crimes. On the other hand, Congress accepted the dichotomy between foreign intelligence and law enforcement by adopting the significant purpose test. Nevertheless, it is our task to do our best to read the statute to honor congressional intent. The better reading, it seems to us, excludes from the purpose of gaining foreign intelligence information a sole objective of criminal prosecution. We therefore reject the government’s argument to the contrary. Yet this may not make much practical difference. Because, as the government points out, when it commences an electronic surveillance of a foreign agent, typically it will not have decided whether to prosecute the agent (whatever may be the subjective intent of the investigators or lawyers who initiate an investigation). So long as the government entertains a realistic option of dealing with the agent other than through criminal prosecution, it satisfies the significant purpose test.

The important point is–and here we agree with the government–the Patriot Act amendment, by using the word “significant,” eliminated any justification for the FISA court to balance the relative weight the government places on criminal prosecution as compared to other counterintelligence responses. If the certification of the application’s purpose articulates a broader objective than criminal prosecution–such as stopping an ongoing conspiracy–and includes other potential non-prosecutorial responses, the government meets the statutory test. Of course, if the court concluded that the government’s sole objective was merely to gain evidence of past criminal conduct–even foreign intelligence crimes–to punish the agent rather than halt ongoing espionage or terrorist activity, the application should be denied.

The government claims that even prosecutions of non-foreign intelligence crimes are consistent with a purpose of gaining foreign intelligence information so long as the government’s objective is to stop espionage or terrorism by putting an agent of a foreign power in prison. That interpretation transgresses the original FISA. It will be recalled that Congress intended section 1804(a)(7)(B) to prevent the government from targeting a foreign agent when its “true purpose” was to gain non-foreign intelligence information–such as evidence of ordinary crimes or scandals. See supra at p.14. (If the government inadvertently came upon evidence of ordinary crimes, FISA provided for the transmission of that evidence to the proper authority. 50 U.S.C. § 1801(h)(3).) It can be argued, however, that by providing that an application is to be granted if the government has only a “significant purpose” of gaining foreign intelligence information, the Patriot Act allows the government to have a primary objective of prosecuting an agent for a non-foreign intelligence crime. Yet we think that would be an anomalous reading of the amendment. For we see not the slightest indication that Congress meant to give that power to the Executive Branch. Accordingly, the manifestation of such a purpose, it seems to us, would continue to disqualify an application. That is not to deny that ordinary crimes might be inextricably intertwined with foreign intelligence crimes. For example, if a group of international terrorists were to engage in bank robberies in order to finance the manufacture of a bomb, evidence of the bank robbery should be treated just as evidence of the terrorist act itself. But the FISA process cannot be used as a device to investigate wholly unrelated ordinary crimes.

Hogan ignores three key parts of this passage. First, FISCR’s decision only envisions the use of evidence against the target of the surveillance, not against his interlocutors, to in some way neutralize him. Any US person information collected and retained under 702 is, by definition, not the targeted person (whereas he or she might be in a traditional FISA order). Furthermore, FBI’s queries of information collected under 702 will find and use information that has nothing to do with putting foreign agents in prison — that is, to “investigate wholly unrelated ordinary crimes,” which FISCR prohibited. Finally, by searching data that may be years old for evidence of a crime, FBI is, in effect, “gaining evidence of past criminal conduct” — itself prohibited by FISCR — of someone who isn’t even the target of the surveillance.

Hogan only treats querying for criminal purposes

Having, in my opinion, expanded on what FISCR authorized back in 2002, Hogan then ignores several parts of what FBI querying permits.

Here’s (some of) the language FBI added to its minimization procedures, at the suggestion of PCLOB, to finally, after 8 years, fully disclose what it was doing to the FISC.

It is a routine and encouraged practice for FBI to query databases containing lawfully acquired information, including FISA-acquired information, in furtherance of the FBI’s authorized intelligence and law enforcement activities, such as assessments, investigations and intelligence collection. Section III.D governs the conduct of such queries. Examples of such queries include, but are not limited to, queries reasonably designed to identify foreign intelligence information or evidence of a crime related to an ongoing authorized investigation or reasonably designed queries conducted by FBI personnel in making an initial decision to open an assessment concerning a threat to national security, the prevention or protection against a Federal crime, or the collection of foreign intelligence, as authorized by the Attorney General Guidelines. These examples are illustrative and neither expand nor restrict the scope of the queries authorized in the language above.

This language makes clear FBI may do back door searches for:

  • To identify foreign intelligence information
  • To identify evidence of a crime related to an ongoing investigation
  • To decide whether to open an assessment concerning a threat to national security, the prevention or protection against a Federal crime, or the collection of foreign intelligence
  • Other things, because FBI’s use of such queries “are not limited to” these uses

Given Hogan’s stingy citations from Jeffress’ brief, it’s unclear how much of these things she addressed (or whether she was permitted to introduce knowledge gained from having worked closely with Eric Holder when these back door searches were being formalized).

Read more

Working Thread, Apple Response

Apple’s response to the phone back door order is here.

(1) Apple doesn’t say it, but some people at Apple — probably including people who’d have access to this key (because they’d be involved in using it, which would require clearance) — had to have been affected in the OPM hack.

Screen Shot 2016-02-25 at 3.33.26 PM

(2) Remember as you read it that Ted Olson lost his wife on 9/11.

Screen Shot 2016-02-25 at 3.19.26 PM

(3) Several members of Congress — including ranking HPSCI member Adam Schiff — asked questions in hearings about this today.

Screen Shot 2016-02-25 at 3.21.44 PM

(4) Apple hoists Comey on the same petard that James Orenstein did.

Screen Shot 2016-02-25 at 3.29.30 PM

(8) More hoisting on petarding, in this case over DOJ generally and Comey specifically choosing not to seek legislation to modify CALEA.

Screen Shot 2016-02-25 at 3.40.13 PM

(11) Apple beats up FBI for fucking up.

Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network, see Hanna Decl. Ex. X [Apple Inc., iCloud: Back up your iOS device to iCloud], which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.21 Had the FBI consulted Apple first, this litigation may not have been necessary.

(11) This is awesome, especially coming as it does from Ted Olson, who Comey asked to serve as witness for a key White House meeting after the Stellar Wind hospital confrontation.

Screen Shot 2016-02-25 at 3.44.41 PM

(12) This is the kind of information NSA would treat as classified, for similar reasons.

Although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time for a minimum of two weeks, and likely as many as four weeks. Neuenschwander Decl. ¶ 22. Members of the team would include engineers from Apple’s core operating system group, a quality assurance engineer, a project manager, and either a document writer or a tool writer.

(16) I’ll have to double check, but I think some of this language quotes Orenstein directly.

Congress knows how to impose a duty on third parties to facilitate the government’s decryption of devices. Similarly, it knows exactly how to place limits on what the government can require of telecommunications carriers and also on manufacturers of telephone equipment and handsets. And in CALEA, Congress decided not to require electronic communication service providers, like Apple, to do what the government seeks here. Contrary to the government’s contention that CALEA is inapplicable to this dispute, Congress declared via CALEA that the government cannot dictate to providers of electronic communications services or manufacturers of telecommunications equipment any specific equipment design or software configuration.

(16) This discussion of what Apple is has ramifications for USA Freedom Act, which the House report said only applied to “phone companies” (though the bill says ECSPs).

Screen Shot 2016-02-25 at 3.55.55 PM

(18) Loving Apple wielding Youngstown against FBI.

Nor does Congress lose “its exclusive constitutional authority to make laws necessary and proper to carry out the powers vested by the Constitution” in times of crisis (whether real or imagined). Youngstown Sheet & Tube Co. v. Sawyer, 343 U.S. 579, 588–89 (1952). Because a “decision to rearrange or rewrite [a] statute falls within the legislative, not the judicial prerogative[,]” the All Writs Act cannot possibly be deemed to grant to the courts the extraordinary power the government seeks. Xi v. INS, 298 F.3d 832, 839 (9th Cir. 2002).

(20) Reading this passage on how simple pen register rulings shouldn’t apply to far more intrusive surveillance, I’m reminded that Olson left DOJ in 2004 before (or about the same time as) Jim Comey et al applied PRTT to conduct metadata dragnet of Americans.

In New York Telephone Co., the district court compelled the company to install a simple pen register device (designed to record dialed numbers) on two telephones where there was “probable cause to believe that the [c]ompany’s facilities were being employed to facilitate a criminal enterprise on a continuing basis.” 434 U.S. at 174. The Supreme Court held that the order was a proper writ under the Act, because it was consistent with Congress’s intent to compel third parties to assist the government in the use of surveillance devices, and it satisfied a three-part test imposed by the Court.

(22) This is one thing that particularly pissed me off about the application of NYTelephone to this case:  there’s no ongoing use of Apple’s phone.

This case is nothing like Hall and Videotapes, where the government sought assistance effectuating an arrest warrant to halt ongoing criminal activity, since any criminal activity linked to the phone at issue here ended more than two months ago when the terrorists were killed.

(24) I think this is meant to be a polite way of calling DOJ’s claims fucking stupid (Jonathan Zdziarski has written about how any criminal use of this back door would require testimony about the forensics of this).

Use of the software in criminal prosecutions only exacerbates the risk of disclosure, given that criminal defendants will likely challenge its reliability. See Fed. R. Evid. 702 (listing requirements of expert testimony, including that “testimony [be] the product of reliable principles and methods” and “the expert has reliably applied the principles and methods to the facts of the case,” all of which a defendant is entitled to challenge); see also United States v. Budziak, 697 F.3d 1105, 1111–13 (9th Cir. 2012) (vacating order denying discovery of FBI software); State v. Underdahl, 767 N.W.2d 677, 684–86 (Minn. 2009) (upholding order compelling discovery of breathalyzer source code). The government’s suggestion that Apple can destroy the software has clearly not been thought through, given that it would jeopardize criminal cases. See United States v. Cooper, 983 F.2d 928, 931–32 (9th Cir. 1993) (government’s bad-faith failure to preserve laboratory equipment seized from defendants violated due process, and appropriate remedy was dismissal of indictment, rather than suppression of evidence). [my emphasis]

(25) “If you outlaw encryption the only people with encryption will be outlaws.”

And in the meantime, nimble and technologically savvy criminals will continue to use other encryption technologies, while the law-abiding public endures these threats to their security and personal liberties—an especially perverse form of unilateral disarmament in the war on terror and crime.

(26) The parade of horribles that a government might be able to coerce is unsurprisingly well-chosen.

For example, under the same legal theories advocated by the government here, the government could argue that it should be permitted to force citizens to do all manner of things “necessary” to assist it in enforcing the laws, like compelling a pharmaceutical company against its will to produce drugs needed to carry out a lethal injection in furtherance of a lawfully issued death warrant,25 or requiring a journalist to plant a false story in order to help lure out a fugitive, or forcing a software company to insert malicious code in its autoupdate process that makes it easier for the government to conduct court-ordered surveillance. Indeed, under the government’s formulation, any party whose assistance is deemed “necessary” by the government falls within the ambit of the All Writs Act and can be compelled to do anything the government needs to effectuate a lawful court order. While these sweeping powers might be nice to have from the government’s perspective, they simply are not authorized by law and would violate the Constitution.

(30) “Say, why can’t NSA do this for you?”

Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks.

(33) Love the way Apple points out what I and others have: this phone doesn’t contain valuable information, and if it does, Apple probably couldn’t get at it.

Apple does not question the government’s legitimate and worthy interest in investigating and prosecuting terrorists, but here the government has produced nothing more than speculation that this iPhone might contain potentially relevant information.26 Hanna Decl. Ex. H [Comey, Follow This Lead] (“Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t.”). It is well known that terrorists and other criminals use highly sophisticated encryption techniques and readily available software applications, making it likely that any information on the phone lies behind several other layers of non-Apple encryption. See Hanna Decl. Ex. E [Coker, Tech Savvy] (noting that the Islamic State has issued to its members a ranking of the 33 most secure communications applications, and “has urged its followers to make use of [one app’s] capability to host encrypted group chats”).

26 If the government did have any leads on additional suspects, it is inconceivable that it would have filed pleadings on the public record, blogged, and issued press releases discussing the details of the situation, thereby thwarting its own efforts to apprehend the criminals. See Douglas Oil Co. of Cal. v. Petrol Stops Nw., 441 U.S. 211, 218-19 (1979) (“We consistently have recognized that the proper functioning of our grand jury system depends upon the secrecy of grand jury proceedings. . . . [I]f preindictment proceedings were made public, many prospective witnesses would be hesitant to come forward voluntarily, knowing that those against whom they testify would be aware of that testimony. . . . There also would be the risk that those about to be indicted would flee, or would try to influence individual grand jurors to vote against indictment.”).

(35) After 35 pages of thoroughgoing beating, Apple makes nice.

Apple has great respect for the professionals at the Department of Justice and FBI, and it believes their intentions are good.

(PDF 56) Really looking forward to DOJ’s response to the repeated examples of this point, which is likely to be, “no need to create logs because there will never be a trial because the guy is dead.” Which, of course, will make it clear this phone won’t be really useful.

Moreover, even if Apple were able to truly destroy the actual operating system and the underlying code (which I believe to be an unrealistic proposition), it would presumably need to maintain the records and logs of the processes it used to create, validate, and deploy GovtOS in case Apple’s methods ever need to be defended, for example in court. The government, or anyone else, could use such records and logs as a roadmap to recreate Apple’s methodology, even if the operating system and underlying code no longer exist.

(PDF 62) This is really damning. FBI had contacted Apple before they changed the iCloud password.
Screen Shot 2016-02-25 at 6.09.00 PM

(PDF 62) Wow. They did not ask for the iCloud data on the phone until January 22, 50 days after seizing the phone and 7 days before warrant expired.

Screen Shot 2016-02-25 at 6.16.11 PM

Unit 8200 Refuseniks Make Visible for Israel What Remains Invisible in the US

Last week, 43 reserve members of Israel’s equivalent to the NSA, Unit 8200, released a letter announcing they would refuse to take actions against Palestinians because the spying done on them amounts to persecution of innocent people. The IDF has responded the same way government agencies here would — scolding the whistleblowers for not raising concerns in official channels. But the letter has elicited rare public discussion about the ethics and morality of spying.

One of the allegations made by the refuseniks highlighted in the English press is that Israel used SIGINT to recruit collaborators, which in turn divides the Palestinian community.

The Palestinian population under military rule is completely exposed to espionage and surveillance by Israeli intelligence. While there are severe limitations on the surveillance of Israeli citizens, the Palestinians are not afforded this protection. There’s no distinction between Palestinians who are, and are not, involved in violence. Information that is collected and stored harms innocent people. It is used for political persecution and to create divisions within Palestinian society by recruiting collaborators and driving parts of Palestinian society against itself. In many cases, intelligence prevents defendants from receiving a fair trial in military courts, as the evidence against them is not revealed. Intelligence allows for the continued control over millions of people through thorough and intrusive supervision and invasion of most areas of life. This does not allow for people to lead normal lives, and fuels more violence further distancing us from the end of the conflict. [my emphasis]

These refuseniks, apparently, have access both to the intelligence they collect and how it is used. That means they’re in a position to talk about the effects of Unit 8200’s spying. And press coverage has made it sound like something that would uniquely happen to occupied Palestinians.

It’s not.

We know of one way that the NSA’s dragnet is definitely being used to recruit informants (aka collaborators), and another whether it it permissible to use.

The first way is via the phone dragnet. As I have noted, the government has twice told the FISA Court — once in 2006 and once in 2009 — that FBI uses dragnet derived information to identify people who might cooperate (aka inform or collaborate) in investigations. Once people come up on a 2-degree search, they are dumped into the corporate store indefinitely, data mined with sufficient information to find embarrassing and illegal things. Apparently, FBI uses such data to coerce cooperation, though we have no details on the process.

All the revealing things metadata shows? The government uses that information to obtain informants.

One way the government probably does this is by using the connections identified by metadata analysis (remember, this is not just phone and Internet data, but also includes financial and travel data, at a minimum) to put people on the No Fly list, regardless of whether they are a real threat to this country. Then, No Fly listees have alleged, FBI promises help getting them off that life-altering status if they inform on their community.

More troubling still is FBI’s uncounted use of warrantless back door searches of US person content when conducting assessments. As I noted, in addition to doing assessments in response to “tips,” the FBI will use them to profile communities or identify potential informants.

As the FBI’s Domestic Investigations and Operations Guide describes, assessments are used for “prompt and extremely limited checking out of initial leads.” No factual predicate (that is, no real evidence of wrong-doing) is required before the FBI starts an assessment. While FBI cannot use First Amendment activities as the sole reason for assessments, they can be considered. In addition to looking into leads about individual people, FBI uses assessments as part of the process for Domain Assessments (what FBI calls their profiling of Muslim communities) and the selection of informants to try to recruit. In some cases, an Agent doesn’t need prior approval to open an assessment; in others, they may get oral approval (though for several kinds, an Agent must get a formal memo approved before opening an assessment). And while Agents are supposed to record all assessments, for some assessments, they’re very cursory reports — basically complaint forms. That is, for certain types of assessments, FBI is not generating its most formal paperwork to track the process.

So while I can’t point to a DOJ claim to FISC that these back door searches are useful because they help find informants, it appears to be possible. Plus, as early as 2002, Ted Olson said they would use evidence of rape collected using traditional FISA to talk someone into cooperating (aka inform or collaborate); that was the reason he gave for blowing the wall between intelligence and criminal investigations to smithereens.

Indeed, knowing the way the government uses phone dragnet information as an index to collected content, the government may well use phone dragnet metadata to pick which Americans to subject to warrantless back door searches.

It sounds really awful when we hear about Israel using SIGINT — including information we provide without minimizing it — to spy on Palestinians.

But we have a good deal of reason to believe the US intelligence community — in collaboration — does similar things, spying on Muslim communities and using SIGINT to recruit collaborators that end up sowing paranoia and distrust in the communities.

Not only don’t we have a group of refuseniks who, among themselves, can explain how all of this works. But how the FBI uses all this data is precisely what the government intends to keep secret under the so-called “transparency” provisions of USA Freedom Act. While I will provide more detail in a follow-up post, remember that the FBI refuses to count its back door searches, which means it would be almost impossible for anyone to get a real sense of how these warrantless back door searches on US persons are used. It also has asserted it does not need to disclose evidence derived from Section 215 to criminal defendants, which is another way the evidence against defendants gets hidden.

It’s awful that Israel is doing it. But it’s even worse that we’re almost certainly doing the same, but that we can only find hints of how it is being done.

Center for Democracy and Technology’s James Dempsey on “the Wall,” Then and Now

Remember “the wall” that used to separate intelligence from criminal investigations and was used as an excuse for intelligence agencies not sharing intelligence they were permitted to share before 9/11?

It was demolished in 2001 — when the PATRIOT Act explicitly permitted what had been permitted before, sharing of intelligence information with the FBI — and 2002 — when the FISA Court of Review overruled presiding FISA Judge Royce Lamberth’s efforts to sustain some Fourth Amendment protections in criminal investigations using minimization procedures.

Nevertheless, the specter of a wall that didn’t prevent the Intelligence Committee from discovering 9/11 rising again is one of the things lying behind PCLOB’s weak recommendations on back door searches in its report on Section 702.

Of particular note, that’s what the Center for Democracy and Technology’s James Dempsey cites in his squishy middle ground recommendation on back door searches.

It is imperative not to re-erect the wall limiting discovery and use of information vital to the national security, and nothing in the Board’s recommendations would do so. The constitutionality of the Section 702 program is based on the premise that there are limits on the retention, use and dissemination of the communications of U.S. persons collected under the program. The proper mix of limitations that would keep the program within constitutional bounds and acceptable to the American public may vary from agency to agency and under different circumstances. The discussion of queries and uses at the FBI in this Report is based on our understanding of current practices associated with the FBI’s receipt and use of Section 702 data. The evolution of those practices may merit a different balancing. For now, the use or dissemination of Section 702 data by the FBI for non-national security matters is apparently largely, if not entirely, hypothetical. The possibility, however, should be addressed before the question arises in a moment of perceived urgency. Any number of possible structures would provide heightened protection of U.S. persons consistent with the imperative to discover and use critical national security information already in the hands of the government.546 

546 See Presidential Policy Directive — Signals Intelligence Activities, Policy Directive 28, 2014 WL 187435, § 2, (Jan. 17, 2014) (limiting the use of signals intelligence collected in bulk to certain enumerated purposes), available at http://www.whitehouse.gov/the-press-office/2014/01/17/presidential-policy-directive-signals-intelligence-activities.  [my emphasis]

Dempsey situates his comments in the context of the “wall.” He then suggests there are two possible uses of back door searches: “national security matters,” and non-national security matters, with the latter being entirely hypothetical, according to what the FBI self-reported to PCLOB.

Thus, he’s mostly thinking in terms of “possible structures [that] would provide heightened protection of US. persons,” to stave off future problems. He points to President Obama’s PPD-28 as one possibility as a model.

But PPD-28 is laughably inapt! Not only does the passage in question address “bulk collection,” which according to the definition Obama uses and PCLOB has adopted has nothing to do with Section 702. “[T]he Board does not regard Section 702 as a ‘bulk’ collection program,” PCLOB wrote at multiple points in its report.

More troubling, the passage in PPD-28 Dempsey cites permits bulk collection for the following uses:

(1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;

(2) threats to the United States and its interests from terrorism;

(3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;

(4) cybersecurity threats;

(5) threats to U.S. or allied Armed Forces or other U.S or allied personnel;

(6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section;

Ultimately, this represents — or should — an expansion of permissible use of Section 702 data, because its discussion of  terrorism and cybersecurity do not distinguish between those with an international nexus and those without. And the discussion of transnational crime might subject any petty drug dealer selling dope from Mexico to foreign intelligence treatment.

That this is what passes for the mushy middle on PCLOB is especially curious given that Dempsey was one of the first PCLOB member to express concern about back door searches. He did so in November’s Section 215 hearing, and even suggested limiting back door searches to foreign intelligence purposes (which is not the standard for FBI, in any case) was inadequate. Nevertheless, in last week’s report, he backed only very weak protections for back door searches, and did so within the context of national security versus non-national security, and not intelligence versus crime.

Now, I don’t mean to pick on Dempsey exclusively — I’ll have a few more posts on this issue. And to be clear, Dempsey does not represent CDT at PCLOB; he’s there in his private capacity.

But I raised his affiliation with CDT because in that capacity, Dempsey was part of an amicus brief, along with representatives from ACLU, Center for National Security Studies, EPIC, and EFF, submitted in the In Re Sealed Case in 2002, in which the FISA Court of Review reversed Lamberth and permitted prosecutor involvement in FISA warrants. That brief strongly rebuts the kind of argument he adopted in last week’s PCLOB report.

Read more

Imagine the Informants You Can Coerce When You Can Spy on Every Single American

Please consider supporting my fundraiser so I can continue to do this kind of work. 

Two years ago, I noted a chilling exchange from a 2002 FISA suit argued by Ted Olson. Laurence Silberman was trying to come up with a scenario in which some criminal information might not have any relevance to terrorism. When he suggested rape, Olson suggested we might use evidence of a rape to get someone to inform for us.

JUDGE SILBERMAN: Try rape. That’s unlikely to have a foreign intelligence component.

SOLICITOR GENERAL OLSON: It’s unlikely, but you could go to that individual and say we’ve got this information and we’re prosecuting and you might be able to help us.

It’s chilling not just because it suggests rapists have gone free in exchange for trumping up terrorist cases for the government, but because it makes clear the kinds of dirt the government sought using — in this case — traditional FISA wiretaps.

Now consider this passage from the government’s 2009 case that it should be able to sustain the Section 215 dragnet.

Specifically, using contact chaining [redacted] NSA may be able to discover previously unknown terrorist operatives, to identify hubs or common contacts between targets of interest who were previously thought to be unconnected, and potentially to discover individuals willing to become U.S. Government assets.

Remember, while the government downplayed this fact, until Barack Obama won the 2008 election, the government permitted analysts to contact chain off of 27,090 identifiers, going deeper than 3 hops in. That very easily encompasses every single American.

The ability to track the relationships of every single American, and they were using it to find informants.

In the 7 years since this program (now allegedly scaled back significantly, but still very very broad) has existed, the dragnet has only helped, however indirectly, to capture 12 terrorists in the US (and by terrorist, they also include people sending money to protect their country against US-backed invasion).

Which means the real utility of this program has been about something else.

The ability to track the relationships of every single American. And they were using it to find informants.

Even while the number of terrorists this program discovered has been minimal, the number of FBI informants has ballooned, to 15,000. And those informants are trumping up increasingly ridiculous plots in the name of fighting terrorism.

The ability to track the relationships of every single American (or now, a huge subset of Americans, focusing largely on Muslims and those with international ties). And they were (and presumably still are) using it to find informants.

Update: Note how in Keith Alexander’s description of the alert list, the standard to be on it is “the identifier is likely to produce information of foreign intelligence value” that are “associated with” one of the BR targets (Alexander 33). This is very similar to the language Olson used to justify getting data that didn’t directly relate to terrorism.

Also note this language (Alexander 34):

In particular, Section 1.7(c) of Executive Order 12333 specifically authorizes NSA to “Collect (including through clandestine means), process, analyze, produce, and disseminate signals intelligence information for foreign intelligence and counterintelligence purposes to support national and departmental missions.” However, when executing its SIGINT mission, NSA is only authorized to collect, retain or disseminate information concerning United States persons in accordance with procedures approved by the Attorney General.

Again, this emphasizes a foreign intelligence and CI purpose for collection that by law is limited to terrorism. Which could mean they think they can collect info to coerce people to turn informant.

The AG guidelines on informants are, not surprisingly, redacted.