A few weeks back, I pointed to 9th Circuit Chief Judge Alex Kozinski’s criticism of John Bates’ presumption to speak for the judiciary in his August 5 letter complaining about some aspects of USA Freedom Act. Kozinski was pretty obviously pissed.
But compared to the op-ed from retired District Court Judge Nancy Gertner – who effectively scolds Bates, as the Administrative staff, speaking out of turn — Kozinski was reserved.
[W]hatever the merits of Bates’ concerns—and other judges have dissented from it—he most assuredly does not speak for the Third Branch.
Bates has been appointed by Chief Justice John Roberts to serve as director of the Administrative Office of the U.S. Courts, the body that administers the federal courts. It was created in 1939 to take the administration of the judiciary out of the Department of Justice. Its principal tasks were data collection and the creation of budgets and, while its duties have grown over the years, they remain administrative (dealing with such things as court reporters, interpreters, judicial pay, maintenance of judicial buildings, staffing etc.).
When members of Congress solicit the “judiciary’s” opinion they may write to the office’s director, but he has no authority to make policy for the federal judiciary. It is the Judicial Conference of the United States Courts, to which the AO director is only the “secretary,” that has that responsibility.
I’m very supportive of Gertner’s defense of judicial independence and her concern about the operation of the FISA Court.
But her critique goes off the rails when she points to DOJ’s purported support of USA Freedom Act as a better indication of the Executive’s views than Bates’ comments.
Moreover, a great deal of Bates’ letter focuses on the Senate proposals’ impact on the executive branch and the intelligence community. The Senate bill would burden the executive with more work and even delay the FISA court’s proceedings, he suggests. Worse yet, the executive may be reluctant to share information with an independent advocate—a troubling claim.
Bates’ concerns are belied by the support voiced by the Department of Justice and the president for the Senate proposal. Surely, the executive branch understands its own needs better than does Bates. Surely, the executive branch has confidence in the procedures that the FISA court would have in place for dealing with classified information, just as the courts that have dealt with other national security issues have had.
And surely, the executive would abide by what the law requires, notwithstanding Bates’ predictions about its “reluctance” to share information with a special advocate.
DOJ’s “support” of the bill was expressed when Eric Holder co-signed a letter (which Gertner tellingly doesn’t mention, much less link) from James Clapper which, when read with attention, clearly indicated the Executive would interpret the bill to be fairly permissive on most of the issues on which the Senate bill would otherwise improve on the House one. Holder’s “support” of the bill strongly indicates that DOJ, with ODNI, plans to use the classification and privilege “protections” in the bill to refuse to share information with the special advocate.
And that’s precisely the part of the letter where Holder and Clapper invoke Bates.
Reuters carries a hopeful headline this morning, “Afghan rivals said close to ending feud on how to share power“, where they inform us that the elusive power sharing agreement between Ashraf Ghani and Abdullah Abdullah may finally be reached tonight:
Afghanistan’s rival presidential candidates may reach a deal on how to share power late on Tuesday, according to Afghan and Western officials, potentially ending months of tension over the outcome of a run-off election held in June.
The struggle to find a successor to President Hamid Karzai, who has held power since the Islamist Taliban were ousted in 2001, has destabilized Afghanistan and paralyzed its economy just as most foreign troops withdraw.
There clearly is a push to say that a resolution of the crisis is close. ToloNews claims that a meeting last night between the candidates hosted by Hamid Karzai “went well, and both men were said to have reaffirmed their commitments to resolving their differences and reaching an agreement soon”. However, reading further in the article, we see that fundamental differences remain:
Both teams have confirmed that the candidates have discussed a new plan for the national unity government they agreed to form back in August following meetings with U.S. Secretary of State John Kerry. According to Abdullah’s camp, the two campaigns have agreed that the Chief Executive will serve as the Chairman of the Council of Ministers.
“An agreement has been made on one of the disputed points regarding whether the Chief Executive will also serve as Chairman of Council of Ministers,” Abdullah spokesman Syed Aqa Fazel Sancharaki said Monday.
Meanwhile, the Ghani campaign has maintained that the elected president will serve as head of government and Chairman of the Council of Ministers. “The presidential order will certify the job descriptions of the Chief Executive and his vices and the elected president will be head of the government and Chairman of Council of Ministers,” Ghani spokesman Faizullah Zaki said on Monday.
To underline just how farcical the entire process of “auditing” the runoff vote ballots became, another ToloNews article this morning is stunning in its open admission of how widespread fraud was in the election. The Independent Election Commission announced that results from 1028 polling places have been rejected in the audit process:
During the announcement, IEC acknowledged the fact that the June 14 run-off elections witnessed massive frauds.
“There was wide-scale fraud by security forces, governors and IEC employees,” a commissioner for the IEC, Azizullah Bakhtyari, admitted. “Clearly, most of the fraud happened in coordination with IEC employees.”
Bakhtyari hopes that the audit process will re-establish people’s trust in the election process.
“The audit helped us recognize the employees responsible for the fraud that took place at the 1,028 polling sites,” he said. “Clearly, we will take action against them for harming the public’s trust in the electoral institution.”
Wow. So security forces, governors and IEC employees all took part in the fraud? Those are the very people who were supposed to assure voters that the process would be fair and impartial. But don’t get the impression that this admission and the tossing of results from 1028 polling stations will change anything. Although that sounds like a lot of votes being tossed, keep in mind that there were around 22,000 polling stations, so this move will have very little impact on the final vote tally.
What is clear is that this final adjusted vote tally will have to be announced soon. What is not clear is whether Abdullah will accept the result that is certain to say that he lost. Just how he and his supporters react to the final announcement will be the most important decision in Afghanistan’s fate over the next few years.
I’m still wading through the Yahoo documents released last week.
But there is a lesson in them that — given the debate over USA Freedom Act — deserves immediate attention: mission creep.
At least in this case, the actual implementation of the Protect America Act appears to have quickly and secretly outstripped the public understanding surrounding of the scope of the law.
In response to an order from Reggie Walton to provide precise details about what the government was asking for provide hints of this, the FBI and Yahoo submitted a series of declarations. In January 2008, an FBI engineer submitted a declaration detailing what the government demanded (though it is almost entirely redacted).
In response, Yahoo’s VP and Associate General Counsel submitted a declaration covering his (or her) involvement; he was the only one who attended all the meetings with the government. Interestingly the first meeting was in August, but before the law was passed. That’s interesting because it was slammed through in a rush on August 4, 2007, meaning, Yahoo must have first met with the government about a bill making dramatic demands on it just days before it passed.
The AGC ends his declaration by laying out what data had been discussed while he was involved, but then saying the discussions about a particular issue had not ended when he exited the discussions, so he could not agree with or disagree with some part of the FBI declaration.
In a declaration dated the next day, the Manager of Yahoo’s Legal Compliance team (the declaration describes that he or she had the lead on FISA response) submitted her declaration. It says she will be listing the kinds of data Yahoo provides to the government.
But before she can do that, she has to lay out that Yahoo offers email and IMs, information services (like Yahoo finance), cloud storage, as well as facilitating all that with communications between the various components. That suggests the government was — already — asking for more than just emails and IMs and, possibly, data storage contents (which would be unsurprising). This seems to be the stuff the AGC couldn’t speak to.
The final FISCR opinion listed 9 things the government had demanded, as compared to the one-line long description that Yahoo originally believed — and had been told — it would have to turn over.
I followed the PAA debate closely (though not as closely as I’ve followed the USAF debate — I learned you have to watch these things like a hawk!). And I understood the chief goal of the bill was to access the email of the largest free providers, Yahoo, Microsoft, and Google, which all happened to be in the US. I wouldn’t have imagined that the government would also be obtaining the info services habits of targets, though now that idea also seems obvious.
And that appears to have happened in less than a year.
It just appears that once the government got what they needed, they then started looking around for other ways they could use their new toy. And so kept grabbing more data.
This is among the concerns I have about the ambiguous language in USA Freedom Act’s “connection chaining” language — that once they get to the telecoms without a limit to stick to call chaining (they must return a CDR at each stage, but the bill doesn’t say how they get there), they’ll just grab what they can get.
The most chilling part of this reporting is a network engineer’s reaction (see here on video) when he realizes he is marked or targeted as a subject of observation. He’s assured it’s not personal, it’s about the work he does – but his reaction still telegraphs stress. An intelligence agency can get to him, has gotten to him; he’s touchable.
The truth is that almost any of us who follow national security, cyber warfare, or information technology are potential subjects depending on our work or play.
The metadata we generate is only part of the observation process; it provides information about our individual patterns of behavior, but may not actually disclose where we are.
TREASURE MAP goes further, by providing the layout of the network on which any of us are generating metadata. But there is some other component either within TREASURE MAP, or within a complementary tool, that provides the physical address of any networked electronic device.
The NSA has the ability to track individuals not only by Internet Protocol addresses (IP addresses), but by media access control addresses (MAC addresses), according a recent interview with Snowden by James Bamford in Wired. This little nugget was a throwaway; perhaps readers already assumed this capability has existed, or didn’t understand the implications:
…But Snowden’s disenchantment would only grow. It was bad enough when spies were getting bankers drunk to recruit them; now he was learning about targeted killings and mass surveillance, all piped into monitors at the NSA facilities around the world. Snowden would watch as military and CIA drones silently turned people into body parts. And he would also begin to appreciate the enormous scope of the NSA’s surveillance capabilities, an ability to map the movement of everyone in a city by monitoring their MAC address, a unique identifier emitted by every cell phone, computer, and other electronic device.
In simple terms, IP addresses are like phone numbers — they are assigned. They can be static; a printer on a business network, for example, may be assigned a static address to assure it is always available to accept print orders at a stationary location. IP addresses may also be dynamic; if there’s an ongoing change in users on a network, allowing them to use a temporary address works best. Think of visits to your local coffee shop where customers use WiFi as an example. When they leave the premise, their IP address will soon revert to the pool available on the WiFi router. Continue reading
Even back in 2009, when Russ Feingold made it clear that Yahoo had no access to the data it needed to aggressively challenge the Protect American Act orders it received, I realized what a tough legal fight it was to litigate blind. That has only been made more clear by the document trove released last week.
Which is why Mark Zwillinger’s comments about the trove are so interesting.
First, ZwillGen points out that the challenge to the PAA directives may not have helped Yahoo avoid complying, but it did win an important victory allowing providers to challenge surveillance orders.
[I]n this fight, the government argued that Yahoo had no standing to challenge a directive on the basis of the Fourth Amendment rights of its users. See Government’s Ex Parte Brief at pages 53-56.Although the government was forced to change its position after it lost this issue at both the FISC and the FISCR — and such standing was expressly legislated into the FAA – had the government gotten its way, surveillance orders under § 702 would have been unchallengeable by any party until the fruits of the surveillance were sought to be used against a defendant in a criminal case. That would have given the executive branch even greater discretion to conduct widespread surveillance with little potential for judicial review. Even though Yahoo lost the overall challenge, winning on the standing point was crucial, and by itself made the fight personally worthwhile.
ZwillGen next notes that the big numbers reported in the press — the $250K fines for non-compliance — actually don’t capture the full extent of the fines the government was seeking. It notes that the fines would have added up to $400 million in the second month of non-compliance (it took longer than that to obtain a final decision from the FISCR).
Simple math indicates that Yahoo was facing fines of over $25 million dollars for the 1st month of noncompliance, and fines of over $400 million in the second month if the court went along with the government’s proposal. And practically speaking, coercive civil fines means that the government would seek increased fines, with no ceiling, until Yahoo complied.
Finally — going directly to the points Feingold made 5 years ago — Yahoo had no access to the most important materials in the case, the classified appendix showing all the procedures tied to the dragnet.
The ex parte, classified appendix was just that: a treasure trove of documents, significantly longer than the joint appendix, which Yahoo had never seen before August 22, 2014. Yahoo was denied the opportunity to see any of the documents in the classified, ex parteappendix—even in summary form. Those documents bear a look today. They include certifications underlying the § 702 directives, procedures governing communications metadata analysis, a declaration from the Director of National Intelligence, numerous minimization procedures regarding the FBI’s use of process, and, perhaps most importantly, a FISC decision from January 15, 2008regarding the procedures for the DNI/AG Certification at issue, which Yahoo had never seen. It examines those procedures under a “clearly erroneous” standard of review – which is one of the most deferential standards used by the judiciary. Yahoo did not have these documents at the time, nor the opportunity to conduct any discovery. It could not fully challenge statements the government made, such as the representation to FISCR “assur[ing the Court] it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary.” Nor could Yahoo use the January 15, 2008 decision to demonstrate how potential flaws in the targeting process translated into real world effects.
This blind litigation is, of course, still the position defense attorneys challenging FISA orders for their clients are in.
Yahoo actually made a pretty decent argument 6 years ago, pointing to incidental collection, collection of Americans’ records overseas (something curtailed, at least in name, under FISA Amendments Act), and dodgy analysis underlying the targeting decisions handed off to Yahoo. But they weren’t permitted the actual documentation they needed to make that case. Which left the government to claim — falsely — that the government was not conducting back door searches on incidentally collected data.
For years, ex parte proceedings have allowed the government to lie to courts and avoid real adversarial challenges to their spying. And not much is changing about that anytime soon.
Apparently, I’m not the only one who thinks USA Freedom Act does not do enough to reform the dragnet.
A transpartisan coalition of people and organizations — including whistleblowers Bill Binney, Thomas Drake, Dan Ellsberg, Mark Klein, Ed Loomis and Kirk Wiebe — just released a letter calling out the problems with the bill. The letter starts,
We, the undersigned civil liberties advocates, organizations, and whistleblowers, are alarmed that Senator Leahy’s recently introduced bill, the USA FREEDOM Act (S. 2685), legalizes currently illegal surveillance activities, grants immunity to corporations that collaborate to violate privacy rights, reauthorizes the PATRIOT Act for an additional 2.5 years, and fails to reform EO 12333 or Section 702, other authorities used to collect large amounts of information on Americans. For these reasons, we encourage both the House and the Senate to oppose this legislation in its current form.
I hope reform supporters in Congress take this call for more meaningful reform seriously!
Although their first press release announcing their change in plans earlier this month got little fanfare, now that they have followed it up with a video (fortunately, there are no beheadings in the video), the Punjabi Taliban’s decision to cease violent attacks within Pakistan is being hailed as a “Watershed Event“:
“We have decided to give up militancy in Pakistan. I’ve taken the decision in the best interests of Islam and the nation. I also appeal to all other armed groups to stop violent activities in Pakistan,” Asmatullah Muaweya, the chief of the Punjabi Taliban, said in a three-minute video message released to the media on Saturday. He added that his group would now focus on Dawah (Islamic preaching) for the “supremacy of Islam and protection of the system.”
“I’ve taken the decision after consulting religious scholars and tribal leaders,” said Muaweya whose group had been blamed for several deadly attacks in the country, especially in Punjab. He also called upon other militant groups to renounce violence and come to the negotiating table as the country was passing through a critical juncture.
Nearly lost in this fanfare about renouncing violence inside Pakistan is that we learned, even in the earlier announcement, that violence by the group inside Afghanistan would continue:
“We will confine our practical jihadist role to Afghanistan in view of deteriorating situation in the region and internal situation of Pakistani jihadist movement,” Punjabi Taliban chief Ismatullah Muawiya said in a pamphlet faxed to the media, without clarifying further.
That part of the change in plans was not overlooked by Afghanistan:
“Pakistani Charge d’Affaires Syed Muazzam Shah was summoned to the Foreign Ministry on Sunday, and a strong protest was lodged over the declaration of war made by the Punjabi Taliban on the Afghan side of the Durand Line,” a Ministry’s statement said. The Dari-language statement was also emailed to The Express Tribune.
Abdul Samad Samad, head of political affairs in the Afghan foreign ministry, condemned the threats made by Muaweya, and described his remarks as “clear conspiracies against the stability and security of Afghanistan.”
“Such statements are against international laws and principles of good neighbourly relations,” the statement quoted the Afghan official as telling the Pakistani envoy.
The language gets even stronger from Afghanistan’s military:
In response to the assertions of the Punjabi Taliban, officials of the Afghan Ministry of Defense (MoD) have warned that any attacks on Afghanistan would face harsh response from the Afghan National Security Forces (ANSF).
“We have a death message for those who want to attack Afghanistan,” MoD spokesman Gen. Zahir Azimi said. “Afghanistan would be a cemetery for those who want to attack it.”
Further, Afghan politicians believe that they see the hand of ISI behind the move: Continue reading
Last week, Dustin Slaughter published a story using a new deck of slides on the Hemisphere program, the Drug Czar program that permits agencies to access additional telecommunications analytical services to identify phones, which then gets laundered through parallel construction to hide both how those phones were found, as well as the existence of the program itself.
It has some significant differences from the deck released by the New York Times last year. I’ve tried to capture the key differences here:
The biggest difference is that the NYT deck — which must date to no earlier than June 2013 — draws only from AT&T data, whereas the Declaration deck draws from other providers as well (or rather, from switches used by other providers).
In addition, the Declaration deck seems to reflect approval for use in fewer states (given the mention of CA court orders and the recent authorization to use Hemisphere in Washington in the AT&T deck), and seems to offer fewer analytical bells and whistles.
Thus, I agree with Slaughter that his deck predates — perhaps by some time — the NYT/AT&T deck released last year. That would mean Hemisphere has lost coverage, even while it has gained new bells and whistles offered by AT&T.
While I’m not yet sure this is my theory of the origin of Hemisphere, some dates are worth noting:
From 2002 to 2006, the FBI had telecoms onsite to provide CDRs directly from their systems (the FBI submitted a great number of its requests without any paperwork). One of the services provided — by AT&T — was community of interest tracking. Presumably they were able to track burner phones (described as dropped phones in these decks) as well.
In 2006, FBI shut down the onsite access, but retained contracts with all 3 providers (AT&T, Verizon, and probably Sprint). In 2009, one telecom — probably Verizon – declined to renew its contract for whatever the contract required.
AT&T definitely still has a contract with FBI, and in recent years, it has added more services to what it offers the FBI.
It’s possible the FBI multi-provider access moved under ONCDP (the Drug Czar) in 2007 as a way to retain its authorities without attracting the attention of DOJ’s excellent Inspector General (who is now investigating this in any case). Though I’m not sure that program provided the local call records the deck at least claims it could have offered. I’m not sure that program got to the telecom switches the way the deck seems to reflect. It’s possible, however, that the phone dragnet in place before it was moved to Section 215 in 2006 did have that direct access to switches, and the program retained this data for some years.
The phone dragnet prior to 2006 and NSL compliance (which is what the contracts with AT&T and one other carrier purportedly provide now) are both authorized in significant part (and entirely, before 2006) through voluntary compliance, per David Kris, the NSA IG Report, and the most recent NSL report. That’s a big reason why the government tried to keep this secret — to avoid any blowback on the providers.
In any case, if I’m right that the program has lost coverage (though gained AT&T’s bells and whistles) in the interim, then it’s probably because providers became unwilling, for a variety of reasons (and various legal decisions on location data are surely one of them) to voluntarily provide such information anymore. I suspect that voluntary compliance got even more circumscribed with the release of the first Horizon deck last year.
Which means the government is surely scrambling to find additional authorities to coerce this continued service.
The very first thing I remarked on when I read the Yahoo FISCR opinion when it was first released in 2009 was this passage.
The petitioner’s concern with incidental collections is overblown. It is settled beyond peradventure that incidental collections occurring as a result of constitutionally permissible acquisitions do not render those acquisitions unlawful.9 See, e.g., United States v. Kahn, 415 U.S. 143, 157-58 (1974); United States v. Schwartz, 535 F.2d 160, 164 (2d Cir. 1976). The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26 in original release; 30 in current release)
The government claimed to FISCR that it did not maintain a database of incidentally collected information from non-targeted US persons.
Barring some kind of neat parse, I didn’t buy the claim, not even in 2009.
Since then, we’ve found out that — barring some kind of neat parse — I was absolutely right. In fact, they are doing back door searches on this data, especially at FBI.
What I’m particularly intrigued by, now, is the timing.
FISCR said that in an opinion dated August 22, 2008 — over a month after the July 10, 2008 passage of the FISA Amendments Act. I have not yet found evidence of when the government said that to FISCR. It doesn’t appear in the unredacted part of their Jun 5, 2008 Merits brief (which cites Kahn but not Schwartz; see 49-50), though it might appear behind the redaction on 41. Of note, the April 25, 2008 FISC opinion doesn’t even mention the issue in its incidental collection discussion (starting at 95), though it does discuss amended certifications filed in February 2008.
So I’m guessing the government made that representation at the hearing in June, 2008.
We know, from John Bates’ rationale for authorizing NSA and CIA back door searches, such back door searches were first added to FBI minimization procedures in 2008.
When Bates approved back door searches in his October 3, 2011 opinion, he pointed to FBI’s earlier (and broader) authorities to justify approving it for NSA and CIA. While the mention of FBI is redacted here, at that point it was the only other agency whose minimization procedures had to be approved by FISC, and FBI is the agency that applies for traditional FISA warrants.
[redacted] contain an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information. See [redacted]. In granting [redacted] applications for electronic surveillance or physical search since 2008, including applications targeting United States persons and persons in the United States, the Court has found that the [redacted] meet the definitions of minimization procedures at 50 U.S.C. §§ 1801(h) and 1821(4). It follows that the substantially-similar querying provision found at Section 3(b)(5) of the amended NSA minimization procedures should not be problematic in a collection that is focused on non-United States persons located outside the United States and that, in aggregate, is less likely to result in the acquisition of nonpublic information regarding non-consenting United States persons.
So since 2008, FBI has had the ability to do back door searches on all the FISA-authorized data they get, including taps targeting US persons.
The FBI Minimization procedures submitted with the case all date to the 1990s, though a 2006 amendment changing how they logged the identities of US persons collected (note, in 2011, John Bates was bitching at FBI for having ignored an order to reissue all its minimization procedures with updates; I can see why he complained).
As described in the Government’s response of June 16, 2006, identities of U.S. persons that have not been logged are often maintained in FBI databases that contain unminimized information. The procedures now simply refer to “the identities” of U.S. persons, acknowledging that the FBI may not have previously logged such identities.
But there’s reason to believe the FBI minimization procedures — and this logging process — was changed in 2008, because a government document submitted in the Basaaly Moalin case — we know Moalin was wiretapped from December 2007 to April 2008, so during precisely the period of the Yahoo challenge, though he was not indicted until much later – referenced two sets of minimization procedures, seeming to reflect a change in minimization during the period of his surveillance (or perhaps during the period of surveillance of Aden Ayro, which is how Moalin is believed to have been identified).
That is, it all seems to have been happening in 2008.
The most charitable guess would be that explicit authorization for back door searches happened with the FAA, so before the FISCR ruling, but after the briefing.
Except in a letter to Russ Feingold during early debates on the FAA, Mike Mukasey and Mike McConnell (the latter of whom was involved in this Yahoo fight) strongly shot down a Feingold amendment that would have required the government to segregate all communications not related to terrorism (and a few other things), and requiring a FISA warrant to access them.
The Mukasey-McConnell attack on segregation is most telling. They complain that the amendment makes a distinction between different kinds of foreign intelligence (one exception to the segregation requirement in the amendment is for “concerns international terrorist activities directed against the United States, or activities in preparation therefor”), even while they claim it would “diminish our ability swiftly to monitor a communication from a foreign terrorist overseas to a person in the United States.” In other words, the complain that one of the only exceptions is for communications relating terrorism, but then say this will prevent them from getting communications pertaining to terrorism.
Then it launches into a tirade that lacks any specifics:
It would have a devastating impact on foreign intelligence surveillance operations; it is unsound as a matter of policy; its provisions would be inordinately difficult to implement; and thus it is unacceptable.
As Feingold already pointed out, the government has segregated the information they collected under PAA–they’re already doing this. But to justify keeping US person information lumped in with foreign person information, they offer no affirmative reason to do so, but only say it’s too difficult and so they refuse to do it.
Even 5 years ago, the language about the “devastating impact” segregating non-terrorism data might have strongly suggested the entire point of this collection was to provide for back door searches.
But that letter was dated February 5, 2008, before the FISCR challenge had even begun. While not definitive, this seems to strongly suggest, at least, that the government planned — even if it hadn’t amended the FBI minimization procedures yet — to retain a database of incidentally data to search on, before the government told FISCR they did not.
Update: I forgot a very important detail. In a hearing this year, Ron Wyden revealed that NSA’s authority to do back door searches had been closed some time during the Bush Administration, before it was reopened by John “Bates stamp” Bates.
Let me start by talking about the fact that the House bill does not ban warrantless searches for Americans’ emails. And here, particularly, I want to get into this with you, Mr. Ledgett if I might. We’re talking of course about the backdoor search loophole, section 702 of the FISA statute. This allows NSA in effect to look through this giant pile of communications that are collected under 702 and deliberately conduct warrantless searches for the communications of individual Americans. This loophole was closed during the Bush Administration, but it was reopened in 2011, and a few months ago the Director of National Intelligence acknowledged in a letter to me that the searches are ongoing today. [my emphasis]
When I noted that Wyden had said this, I guessed that the government had shut down back door searches in the transition from PAA to FAA, but that seems less likely, having begun to review these Yahoo documents, then that it got shut down in response to the hospital confrontation.
But it shows that more extensive back door searches had been in place before the government implied to the FISCR that they weren’t doing back door searches that they clearly were at least contemplating at that point. I’d really like to understand how the government believes they didn’t lie to the FISCR in that comment (though it wouldn’t be the last time they lied to courts about their databases of Americans).
The other day, the government obtained another Primary Order to collect all our phone records.
In response, Senator Patrick Leahy released this statement:
Congress must ensure that this is the last time the government requests and the court approves the bulk collection of Americans’ records. We can make this a reality in the Senate if we act swiftly to pass the bipartisan USA FREEDOM Act. Stakeholders from across the political and ideological spectrum have urged us for months to do just that. We cannot wait any longer, and we cannot defer action on this important issue until the next Congress. This announcement underscores, once again, that it is time for Congress to enact meaningful reforms to protect individual privacy.
I heartily agree with Leahy that the government has to stop obtaining authorization to collect Americans’ records in bulk.
But I think Leahy is misleading when he says we can “make this a reality” by passing USA FREEDOM Act — at least as currently written. While USA Freedom Act prohibits the government from collecting Americans’ phone records in bulk, it doesn’t prevent the government from collection Americans’ records from non-communications companies in what normal people would call bulk.
The language in the bill prohibiting the use of a company name as a selector only applies to electronic communication service providers.
(II) a term identifying an electronic communication service provider (as that term is defined in section 701) or a provider of remote computing service (as that term is defined in section 2711 of title 18, United States Code), when not used as part of a specific identifier as described in clause (i), unless the provider is itself a subject of an authorized investigation for which the specific selection term is used as the basis of production.
The limit of this language to communications companies makes it clear that the bill envisions the use of a corporate person (persons are permitted for traditional Section 215 orders) names — so long as they aren’t communications providers — as a selector. You can’t get all records from Verizon, as the government does, but you can get all one-side foreign records from Western Union, as the government also currently does.
In this case, the secret surveillance court has authorized the Federal Bureau of Investigation to work with the CIA to collect large amounts of data on international transactions, including those of Americans, as part of the agency’s terrorism investigations.
The data collected by the CIA doesn’t include any transactions that are solely domestic, and the majority of records collected are solely foreign, but they include those to and from the U.S., as well. In some cases, it does include data beyond basic financial records, such as U.S. Social Security numbers, which can be used to tie the financial activity to a specific person. That has raised concerns among some lawmakers who learned about the program this summer, according to officials briefed on the matter.
Former U.S. government officials familiar with the program said it has been useful in discovering terrorist relationships and financial patterns. If a CIA analyst searches the data and discovers possible suspicious terrorist activity in the U.S., the analyst provides that information to the FBI, a former official said.
The data is obtained from companies in bulk, then placed in a dedicated database. Then, court-ordered rules are applied to “minimize,” or mask, the information about people in the U.S. unless that information is deemed to be of foreign-intelligence interest, a former U.S. official said.
Moreover, even if this is the only financial program that exists right now, the only limit on such programs would be the imagination of the Intelligence Community and the indulgence of the FISA Court. James Clapper and John Bates both objected to interpreting the transparency provisions of USAF to include similar applications to new targets. Particularly as the fearmongering surrounding ISIS increases, they’ll be ratcheting up the domestic spying again.
In any case, there is abundant reason to believe the government also collects the records of certain bomb precursors — fertilizer, acetone and hydrogen peroxide in large quantities, and pressure cookers — to cross-reference with suspect targets. And while the government collects flight information directly, there may well be bulk travel record collection as well.
The bill enables this kind of bulk collection in its “transparency” provisions as well. Those provisions only conduct individualized counts for communications related orders under traditional Section 215, not for non-communications related orders.
(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders; and
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;
This is obviously all by design (otherwise these two passages wouldn’t have this symmetry). And perhaps all it does is serve to hide this one (probably two, maybe three) programs. But again, there’s no guarantee that won’t change in the future, and the transparency provisions don’t do enough to ensure this would be properly briefed.
Of course the fix for this would be easy: extend the same prohibition against using a corporate person as a selector to all corporate persons, and extend the individualized reporting under traditional Section 215 to all Section 215 orders.
If Senator Leahy wants to prevent bulk collection, he needs to treat tangible things — the name of the provision at hand!!! — of all sorts, communications and non-communications — as the bill currently treats just communications-related orders.