Bush’s Illegal Domestic Surveillance Program and Section 215

I wanted to turn to the two IG Reports Glenn Fine did on the PATRIOT Act’s Section 215, the section that allows investigators to get business records and other tangible items. (2007 report covering 2002 to 2005; 2008 report covering 2006) The reports show an expansion of the way DOJ used the authority that parallels the known history of Bush’s illegal domestic surveillance program.

For the first two years after passage of the PATRIOT Act, not one 215 order was issued. Some were applied for, but all either were withdrawn because of legal ambiguities (could they be used to get school records?), legal reviews, and/or inattention. Then in October 2003, someone in DOJ focused effort on pushing some through, and one of the orders submitted in that month was approved in May 2004–though we’re not allowed to know the date (see page 17 of the 2007 report). Now, it appears the May timing may be coincidental; the order came out of efforts in October 2003 to start using this authority, not as a response to the hospital confrontation concerning Bush’s illegal domestic surveillance program in March 2004. But nevertheless, the first 215 order was authorized just as DOJ issued a new opinion authorizing parts of Bush’s domestic surveillance program on May 6, 2004, at a time when the data mining aspect of the illegal program had (reportedly) been halted by Jim Comey and Jack Goldsmith.

Later, for a year and a half, 215 orders started to serve a function with pen register/trap and trace orders. This was necessary for a period until the PATRIOT revision in 2006 because FISA pen registers didn’t give investigators all the information they wanted.

A "combo" application is a term used by OIPR to refer to a Section 215 request that was added to or combined with a FISA application for pen register/trap and trace orders. The use of the combination request evolved from OIPR’s determination that FISA pen register/trap and trace orders did not require providers to turn over subscriber information associated with telephone numbers obtained through the orders. Unlike criminal investigation pen register/trap and trace orders, which routinely included a clause requiring the provision of subscriber information, FISA pen register/trap and trace orders did not contain such provisions. Thus, while the FBI could obtain the numbers dialed to and from the target number through FISA orders, FBIA agents had to employ other investigative tools, such as national security letters, to obtain the subscriber information. (2007 report, 16)

Here’s what I understand this to mean (the lawyers in the crowd should feel free to correct this). The report explains there was a difference between trap and trace orders on phone numbers (and email accounts, presumably) in the criminal and FISA setting. In the criminal setting, you automatically got the names, as well as the numbers, that the target had contacted. You got to know right away that Rudy the street dealer had contact with Carlos the big time dealer. But with FISA, you just got numbers. You might learn that Mohammed the suspected terrorist had called 555-1362, but you didn’t automatically know whose number that was. Of course, there’s a reason for this–FISA is supposed to protect the identity of other US persons. But as time went on (and as you’ll see, the timing of this is mighty interesting), they incorporated getting the name of the guy at 555-1362, at least if the number was from the same carrier, routinely. 

If I understand the report correctly, this first happened in 2004 (though they won’t tell us what month) in what was called a "pure" 215 order.

One of the 18 unique requests was for telephone subscriber information. With respect to this request, the field office had prepared an application for a FISA pen register/trap and trace order and wanted to obtain the subscriber information without using national security letters. The field office supervisor dealt directly with OIPR’s Counsel for Intelligence Policy, and they discussed the case with a FISA Court judge in person. As a result of these discussions, OIPR submitted an application for a Section 215 order for the subscriber information. The FISA Court approved two orders–one for the pen register and trap and trace devices and a Section 215 order for the related subscriber information. This order was signed on [date redacted], 2004. Thereafter, OIPR began sending requests for Section 215 orders for subscriber information to FISA pen register/trap and trace applications. (2007 report, 18)

Now, this might actually have been a response to a decision on NSLs in Doe v. Ashcroft on September 28, 2004, which struck down NSLs partly on separation of powers grounds. DOJ had been using (and continued to use for some time) NSLs to get this subscriber information. By using Section 215 orders instead, DOJ would be submitting to the court review that NSLs lacked (and also would be able to get this information more directly by going to just one provider).

In 2005, this process became automatic and the "combo" 215 order was born.

In order to streamline the process for obtaining subscriber information, beginning in early 2005 OIPR began to append a request for Section 215 orders to applications for FISA pen register/trap and trace authority. The result was that information obtained in a FISA pen register/trap and trace order was equivalent to the information obtained in a criminal pen register/trap and trace order. (2007 report, 16-17)

And, as both IG Reports explain several times, in the 2006 reauthorization (not the 2005 one), Congress added language to the statute including subscriber information for pen register/trap and trace orders.

Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber informatoin to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary. 

But something else funky seems to have happened with combo orders in the first few months of 2006. First, as the 2008 IG Report reveals, DOJ started using combo 215s for some other purpose. After explaining how they were used to get subscriber information, the report explains,

The use of the combination request evolved from OIPR’s determination that FISA pen register/trap and trace orders did not require providers to turn over subscriber information associated with telephone numbers obtained through those orders. As a result, Section 215 requests were added to pen register/trap and trace orders to seek subscriber information. OIPR also used combination orders in 2005 and 2006 to obtain [two lines and footnote redacted]. (20)

There’s another line redacted to explain that this use was no longer necessary after the 2006 reauthorization. And then to explain why it became unnecessary, the report explained,

In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [redacted] from the FISA Court. Therefore, OIPR decided not to request [redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court. (21)

It goes on in a footnote,

OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act. [two lines redacted]

Now, it’s not entirely clear that all of this is related, though it appears to adhere to a parallel structure in which all the discussions of this additional authority appear in the same place vis a vis the discussion of the trap and trace connection (that is, that they refer to the same authority). If so, it appears they started using 215s for this authority in 2005–not 2006. Yet they didn’t brief it to the FISA Court until February 2006–a month and change after Bush’s illegal domestic program was exposed. And then, they were reluctant to continue to do so after the March 2006 PATRIOT reauthorization.

In other words, it appears they may have started using Section 215s for something they had been using the illegal program for. And it appears that the March 2006 PATRIOT reauthorization, which was partly an add-on to the 2005 reauthorization in 2005 designed to overcome the filibuster that had started in response to the revelation of the program in December 2005, found ways to put some of the things they were doing into other parts of PATRIOT. Combo orders, for example, became regular parts of trap and trace devices.

All of which is a very vague way to say we probably ought to be thinking of four programs–Bush’s illegal domestic surveillance program and the PAA/FAA program that replaced it, NSLs, Section 215 orders, and trap and trace devices–as one whole. As the authorities of one program got shut down by exposure or court rulings or internal dissent, it would migrate to another program. That might explain, for example, why Senators who opposed fishing expeditions in 2005 would come to embrace broadened use of Section 215 orders in 2009.

Now, all of this is just preliminary background discussion to talk about the expansion of 215 authorities to cover one or two programs together, something that happened in 2006 (and therefore, potentially in response to the exposure of Bush’s illegal program). I’ll treat that in a later thread. 

19 replies
  1. WilliamOckham says:

    This is something that I thought was obvious (based on the underlying technology), but I’ve never been able explain clearly. FISA originally defined content to include the name of the sender and receiver of the message, hence the difference between criminal pen register/trap and trace and the FISA ones.

    In other words, it appears they may have started using Section 215s for something they had been using the illegal program for.

    This is almost certainly email subject lines and perhaps even email messages for people who were only remotely connected to terrorist suspects.

    • emptywheel says:

      Yeah, I’ve been thinking a lot about subject lines and headers as well–I think that might be what the redacted content is (that is, they got subscriber info on calls, but they got subject lines and headers on emails). People in and out of the Admin have claimed there is ambiguity on this issue (you see it in filings in the warrantless wiretapping cases before Walker, especially). But if they moved that under Section 215 in 2005-2006 and then under trap and trace in 2006, then it might explain the claimed ambiguity.

      • WilliamOckham says:

        One of the things that gets overlooked in the email discussion is that email is generally traceable to the location from which it was sent and, depending on where you’re doing the collection, where it was received. If you extend pen registers to include all the headers, IP info, etc., you get much more from an email pen register than from a phone pen register. This also was what allowed them to launder the illegal stuff through FISA.

        If you have the bandwidth, you might want to crosscheck this with the Tamm timeline (I’ve got to go do my day job…). I suspect there is some connection.

  2. Garrett says:

    If you haven’t seen it, this CNET article on a February 2006 opinion by Thomas Hogan seems relevant.

    It is about non-FISA pen register and trap and trace, and allowing extraction of email contacts without evidence of criminal wrongdoing.

    They went to Hogan when another judge balked at their request.

    • emptywheel says:

      Are you sure that’s non-FISA? They cite PATRIOT and appear to have relied on reauthorization discussions on it.

      Instead, it seems like they were complaining about the use of this pen register for a GJ investigation.

  3. Mary says:

    @1 & 2 – and imagine if someone had “zuchini” or “wedding” in the re: lines. I’d guess that would set off a whole nuther string of intercepts.

    EW, I haven’t read the reports and may be off base on this, but from what you have excerpted I have a different read on this:

    If so, it appears they started using 215s for this authority in 2005–not 2006. Yet they didn’t brief it to the FISA Court until February 2006–a month and change after Bush’s illegal domestic program was exposed. And then, they were reluctant to continue to do so after the March 2006 PATRIOT reauthorization

    I’m thinking an alternative explanation would be that yes, they were using the authority in 2005 (and 2004 with the “pure” 215 orders) but during the negotiations and language changes in the run-up to the reauthorizations in March, 2006, they realized that if certain language were going to go through, their legal basis they had given to the FISA court originally for using the “pure” and “combo” 215 orders to get subscriber info would be compromised. So instead of waiting for it all to fall apart and the court to start revoking and yanking existing orders when the legislation passed, they attempted to act like half-competents (which apparently combines with full on torture advocates pretty well). So they took what they saw as the issue, tried to come up with arguments to work around it, then briefed it to the court before the legislation hit, so that if the court bought what they had briefed they could go on, but if it didn’t, they at least wouldn’t be getting back a raft of rejected applications once the legislation went into effect. IOW, I think they may have done what the Sup Ct never lets anyone get by with doing, taking an issue that isn’t “ripe” and getting a ruling on it anyway. fwiw

  4. Mary says:


    If the article is correct, it is about non-FISA orders. The link they give for the relevant section of law that the judge was ruling under is this:


    – a Title 18 application.

    What it looks like Hogan did was to say that Patriot act (sold as national security) revisions and the Senate history for them supported the redefinition, under Title 18 (criminal) of surveillance.

    BTW – you do realize that in addition to Lamberth, we no longer have Kollar-Kotelly on the FISA court and that starting this spring, Justice Roberts “gave” us Hogan for the FISA court.

    This is kind of interesting background – some of the pre-911 testimony on then-existing efforts to change trap and trace, with CALEA and EPCA overlays


    CALEA also expanded privacy and security protection for telephone and computer communications in certain other respects. / For example, Section 103(a)(4)(A) requires carriers to perform their obligations under the statute “in a manner that protects – [ ] the privacy and security of communications and call-identifying information not authorized to be intercepted” by law enforcement. / Section 103(a)(2) prohibits the use by law enforcement of pen registers and trap and trace devices to obtain tracking or location information on a targeted subscriber, other than that which can be determined from a telephone number. / Section 208 requires that law enforcement use reasonably available technology to minimize information obtained through pen registers. / Section 207 enhances the protection of e-mail and other transactional data, such as transactional logs containing a person’s entire on-line profile, by requiring the presentation of a court order by law enforcement officials, rather than a mere administrative subpoena, to obtain such information. /

    CALEA also avoided imposing new obligations on ISPs. The legislative history specified that “[t]he definition of telecommunications carrier does not include persons or entities to the extent they are engaged in providing information services, such as electronic mail providers, on-line services providers, such as Compuserve, Prodigy, America-On-Line or Mead Data, or Internet service providers.” / This is not to suggest that Internet communications are somehow immune from electronic surveillance when appropriately authorized under ECPA. Congress made clear that CALEA did not expand or contract the ability to conduct such surveillance, and that “law enforcement will most likely intercept communications over the Internet at the same place it intercepts other electronic communications: at the carrier that provides access to the public switched network.” /

    The Supreme Court has held that the information that may be obtained by pen registers or trap and trace devices is not protected by the Fourth Amendment because individuals do not have a reasonable expectation of privacy in the numbers dialed on a telephone. / In reaching this conclusion, the Court stressed the limited capabilities of such devices, noting that “pen registers do not acquire the contents of communications.” /

    Nevertheless, it is becoming increasingly clear that the “pen register” and “trap and trace” concepts as set forth in ECPA do not fit well in the online environment. Nor is it valid to assume that such devices do not raise Fourth Amendment issues given that the type of information potentially available from an ISP by a “pen register” greatly exceeds the type of information normally available when one is installed on a telephone line.

    The legislative history of these provisions suggests that Congress intended the terms “pen register” and “trap and trace device” to refer only to devices used in connection with telephone systems. The legislative history states that:

    A trap and trace device or pen register for Internet-based communications is installed on the data network of an ISP, not on a telephone line, and the information which may be intercepted is not limited to that transmitted over a single subscriber line.

    The use of pen registers or trap and trace devices to intercept packetized network information raises privacy concerns of a far different magnitude than the Supreme Court contemplated in Smith v. Maryland. Such information is not the conceptual equivalent of a telephone number, as some suggest. The substance of this issue was addressed by the FCC in its rulemaking proceeding implementing CALEA. There, the Commission found that interception of packet-mode communications raises significant technical and privacy concerns because call routing information and content are both contained in the packets. / Thus, interception of packetized information potentially allows the government to “receive both call identifying information and call content under a pen register.” /

    New York courts have addressed the privacy implications of pen registers that may be “converted” to receive the contents of communications. In People v. Bialostok, for example, the New York Court of Appeals held that, under the New York electronic surveillance statute, a pen register capable of being used as a listening device required an eavesdropping warrant obtainable based on probable cause, rather than merely a judicial order obtainable based on reasonable suspicion. / The court held that the facts that the device’s audio function was disabled, and that no conversations were actually heard, did not remove the need for a warrant. Although Bialostok involved the interpretation of New York law, it is relevant to the constitutional principles underlying federal wiretap law. /

    Last December, my client (”the ISP”) was placed in just such an “awkward position” when it was served by federal Marshals with an order providing that United States agents “may install a pen register and trap and trace device to register time, date, and source and destination addressing information of the electronic mail messages sent to and from the subject Internet account, including information regarding the true source of the messages without geographic limitation[.]” As an apparent indication of some doubt about its authority in this regard, the Assistant United States Attorney applied for this Order not just under § 3122 of ECPA, but also under 18 U.S.C. §§ 2703(c)-(d), which applies to stored electronic data and transactional information about subscribers, and which requires the government to offer “specific and atriculable facts showing that there are reasonable grounds to believe” that the information sought is “relevant and material to an ongoing criminal investigation.” In granting the Order, however, the Magistrate determined that the applicant had met only the lower standard of § 3122 – a certification that the information likely to be obtained is relevant to an ongoing criminal investigation

    Interesting thumbnail of what was going on, back in olden times. In any event, the article Garret linked, IF it is correct, says that first the magistrate, then Judge Hogan (not then a FISA judge) were being asked to rule on an application under 3122. It’s just that Hogan used Patsy Act provisions and history to support an new and improved content approach. And if he’s ok with that under 3122, it’s fun to think how far he’s willing to go in a secret court with no review ever, and which Congress is now saying isn’t JUST a secret court for national security suveillance, but also a court whose orders give belts and suspenders to using that “no probable cause, no valid 4th amendment warrant” information collected in criminal proceedings, even where criminal proceedings were the primary and overriding justification for the surveillance, there was just no probable cause to get a 4th amendment warrant.

    If the Dems were smart, the least they would do is say, hmmmm – let’s change how judges are put on the FISA court and let’s bump up the existing number now (since they have such a workload) and do some advice and consent in getting the new crew on that court, and maybe restructure some to boot.

    • Hmmm says:

      CALEA also avoided imposing new obligations on ISPs. … This is not to suggest that Internet communications are somehow immune from electronic surveillance … “law enforcement will most likely intercept communications over the Internet at the same place it intercepts other electronic communications: at the carrier that provides access to the public switched network.”

      Quite. No need to trouble dinky leetle ISPs when you’ve already got the frickin’ backbone tapped (cf. San Francisco AT&T optical tap, et al.).

      Also interesting to note this is couched in LE terms, not NS terms.

    • bobschacht says:

      First, EW: Typo alert?
      You have a quote paragraph opening with this:
      “The use of the combination request evolved form OIPR’s determination…”
      I think you mean “from”?

      Second, Mary, you we really need you to turn your comments like yours @ 10 and @ 12 into a full-fledged diary on The Seminal.

      Bob in AZ

  5. emptywheel says:

    Btw, here’s what Gonzales said about Section 215 in his appearance before SJC in 2005.

    Going forward, the department anticipates that the use of Section 215 will increase as we continue to use the provision to obtain subscriber information for telephone numbers captured through court- authorized pen register devices, just as such information is routinely obtained in criminal investigations.

    Although some of the concerns expressed about Section 215 had been based on inaccurate fears about its use, other criticisms have apparently been based on possible ambiguity in the law.

    The department has already stated in litigation that the recipient of a Section 215 order may consult with his attorney and may challenge that order in court.

    The department has also stated that the government may seek and a court may require only the production of records that are relevant to a national security investigation, a standard similar to the relevance standard that applies to grand jury subpoenas in criminal cases.

    The text of Section 215, however, is not as clear as it could be in these respects. The department, therefore, is willing to support amendments to Section 215 to clarify these points.

    We cannot, however, support elevating the relevance standard under Section 215 to probable cause. According to our lawyers and agents, raising the standard would render Section 215 a dead letter.

    As we all know, probable cause is a standard that law enforcement must meet to justify an arrest. It should not be applied to preliminary investigative tools such as grand jury subpoenas or Section 215 orders, which are used to determine whether more intrusive investigative techniques requiring probable cause, such as electronic surveillance, are justified.

    • Mary says:

      Yeah – that was 2005, then in 2006, Hogan gives them the option of getting at least some of that info in a Title 18/3122 PRTT setting, under that “relevant and material to an ongoing investigation” standard.

      BTW – and not to belabor the point, but where the hell did Gonzales get “As we all know, probable cause is a standard that law enforcement must meet to justify an arrest.” Um, no, it’s a standard that law enforcement also must meet, and COUPLE WITH a independent magistrate’s review and issuance of an order, to search and seize information.

      If you are seizing and searching information with a 215 order, or with a 3122 PRTT, or with a FISA warrant targetting a US person for criminal activity but without probable cause, then you are violating the constitution.

      Oh well – in any event, there’s been so much bootstrapping, and so much of it Democratic supported and now with the Dems in charge, it’s going to be Democratic SOLICITED as well as supported, that it gets hard to untangle the mess of which bootstrap is coming into play and where, but I do think the article was talking about (correctly or not) a 3122 order that was using pat act discussions and definitions etc. on what is content to expand 3122 coverage, and 3122 is already something that isn’t subject to a probable cause standard, just a “relevant to” an investigation (that may not even have a crime at its base) standard – so by expanding the scope of what they can take under 3122 to go way beyond what was originally approved by the Sup Ct, they do something similar to what the other pat act changes, allowing for suspicions (or political hopes to find) a crime, all without probable cause, to form the basis of invoking all the FISA powers and provisions, as long as someone in DOJ (who has creatively made up and creatively forgotten all kinds of stuff in court filings – so their credibility is soooo nifty) also can mention a way to claim that there might have been “some contact” somewhere with an [now hugely and broadly defined – basically you could fit getting a PETA solicitation mailed to you IMO] “agent of a foreign power.”

      I guess once you start claiming repulsive ideology is a “foreign power” just like a nation state, if you get emails from John Kyl (like I do for some reason) you are in contact with an “agent of a foreign power.” Oh sure, they then try to use some caveats (other than a US person) but they then do away with them on things like the 215 and we don’t even get to keep those protections in “real” court, with things like Hogan’s pre-appointment (to FISC) gift to Roberts/Bushco.

    • Mary says:

      I really do think I’m as lo tech as you can get and still be functional and the sad part is I don’t really even try – I rely on our IT guy, or WO and EW and Mad Dog and many others here for the tech slogs, but AGAG is worse than I am – that’s almost scarey. It’s like thinking of Stevens in charge of internet regulation.

  6. MartyDidier says:

    This website does a good job with trying to unravel legal messes in a way that makes sense. This is why I’m here each day but there are other reasons too. Many situations are coming together surfacing larger concerns that are part of my life’s experience with dealing with what I call a huge networked criminal system that focuses on a White House Coup. It’s understandable that many don’t want to believe this is true, at least at this point yet. But later as more surfaces, it’s expected to become more outspoken.

    Some of my skills are in Computer technology and engineering. The divorce I went throught tossed me into a situation where my life was micro-snooped upon 24/7 by a mixed bag of mostly Government people. This group is linked to the family as protectors. My personal experience with email and internet snooping goes all the back to the mid 90’s and I have records of IP adresses starting sometime around early 2000. I’m not entirely sure of the timing but it’s around these times. Upon learning who was coming into my systems grabbing data, I tried looking them up. Where it led me was to a collaction of huge corporations in a server on the West Coast. The collected email and who I sent it to was going to different places than any documents I generated. It looked to me that there was a large operation of scanning characters automatically which is very simple to do.

    Having this information and because I was working with law enforcement, namely the Cook County Sheriff, I gathered as much data, wrote a cover latter and tried giving it to them. They did everything they could to run away and not accept it. It’s important to note that the Chicago area law enforcement was that that time (it’s being cleaned up now) corrupted by an incoming $100 million dollar per week Cocaine shipment, my ex-wife’s family laundering the proceeds for those involved.

    However the larger problem was the collection of all of my electronic data being sent to a large operation somewhere in California and for what purpose? The purpose was to provide detailed information on my behavior for purposes of setting me up for situations to harm me. At that time there have been ongoing attempts at setup car accidents and many other harmful attempts. Who was involved were Government people and at this time I’m not able to explain how I came to know this. Soon though I’m considering talking more about my connections during that time.

    The top level of the DOJ has been directly involved in supporting another White House Coup directlty linked with a huge collection of corproations and big banks. Sibel Edmonds blew the whistle on who she feels is involved and up to now, no one has been able to stop her. Right now as I understand the DOJ is scambling around trying to keep lids on everything butit isn’t working anymore. There are other situations such as mine that when surfaced will support exposing a lot more of what this it. Stay Tuned

    Marty Didier
    Northbrook, IL

Comments are closed.