On May 4, Senate Intelligence Committee members Ron Wyden and Mark Udall asked the Intelligence Community Inspector General to determine whether it was feasible to determine how many US persons have been spied on under the FISA Amendments Act.
The Temporally Perfect Fuck You
On May 22, the Committee marked up the renewal of the Act. During consideration of the bill, the Committee rejected Wyden and Udall’s efforts to require the IGs quantify such numbers based on their pending request to the IGs.
During the Committee’s consideration of this legislation, several Senators expressed a desire to quantify the extent of incidental collection under Section 702. I share this desire. However, the Committee has been repeatedly advised by the ODNI that due to the nature of the collection and the limits of the technology involved, it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority. Senators Ron Wyden and Mark Udall have requested a review by the Inspector General of the NSA and the Inspector General of the Intelligence Community to determine whether it is feasible to estimate this number. The Inspectors General are conducting that review now, thus making an amendment on this subject unnecessary. SSCI report on the bill reminds that the IC IGs are authorized–but not required too–conduct reviews of Section 702.
Note, elsewhere the bill report includes these authorized but not mandatory reviews as part of the “robust oversight” of this spying program.
In addition, the Inspectors General of the Department of Justice and certain elements of the Intelligence Community are authorized to review the implementation of Section 702 and must provide copies of any such reviews to the Attorney General, DNI, and congressional committees of jurisdiction.
Yet in rejecting the motion to actually mandate a review, Dianne Feinstein’s report emphasizes that this authority is optional.
Also while marking up the bill, Wyden and Udall attempted to direct the Committee’s Technical Advisory Group to review what was really going on with the FAA. That motion was ruled out of order (Kent Conrad joined Wyden and Udall on this one vote–otherwise the committee voted against all their efforts for greater oversight).
We also proposed directing the committee’s Technical Advisory Group to study FISA Amendments Act collection and provide recommendations for improvements. We were disappointed that our motion to request that the Technical Advisory Group study this issue was ruled by our colleagues to be out of order.
As a result, the bill was voted out of committee on May 22 without any requirement that the intelligence community report on how many US persons it is spying on with FAA.
On June 15, the IC IGs finally got back to Wyden and Udall. (h/t Wired) Note the dates cited in the response.
On 21 May 2012, I informed you that the NSA Inspector General, George Ellard, would be taking the lead on the requested feasibility assessment, as his office could provide an expedited response to this important inquiry.
The NSA IG provided a classified response on 6 June 2012. I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.
As I stated in my confirmation hearing and as we have specifically discussed, I firmly believe that oversight of intelligence collection is a proper function of an Inspector General. I will continue to work with you and the Committee to identify ways that we can enhance our ability to conduct effective oversight. [my emphasis]
So IC IG Charles McCullough waited 17 days to even tell Wyden what he was going to do with the request, at which point–the eve of the bill markup–he told Wyden that Ellard would prospectively conduct the inquiry. So when the Committee decided not to mandate an IG review based on the “pending” review, it had not started yet. The NSA IG provided Wyden with a classified response the day before the bill report was released, making it impossible to get any hint of the results of the review into the report. And now this letter basically says that the IG purportedly able to answer these questions neither has the resources to do so nor the legal authority to do so (presumably under the Privacy Act).
In short, this entire assessment was a very polite “fuck you” to Ron Wyden, all timed to undercut efforts to pressure for more oversight.
The Efforts to Ensure Only an IG Could Conduct This Review
As blatant as this “fuck you” is, it’s important to recall everything that went before. For the last 11 years, after all, the government has done everything possible to avoid real protections on US person data.
As Thomas Drake’s failed prosecution made clear, the NSA deliberately pursued technical choices in 2001 that would not give US persons privacy. And I suspect, though can’t prove, that NSA’s IG chose not to investigate these privacy issues in 2004.
The FISA Court, which had tried to use minimization to prevent illegal wiretapping from tainting formal FISA warrants by using minimization, got shot down in 2002. The FISC was trying to inquire about minimization in 2005, too, which presumably led to the exposure of the program by the NYT. Yet FISC review of whether the government complied with minimization requirements is one of the things that Mike McConnell considered a deal breaker in the negotiations over the Protect America Act in 2007.
During debate over the FISA Amendments Act, Senator Sheldon Whitehouse had tried to give FISC some review of whether the government complied with the minimization requirements approved by the Court. But he failed. The current law only allows FISC to review whether the targeting and minimization procedures comply with the letter of the law; they can’t review whether the government fulfills their certifications.
(2) Review
The Court shall review the following:
(A) Certification
A certification submitted in accordance with subsection (g) to determine whether the certification contains all the required elements.
(B) Targeting procedures
The targeting procedures adopted in accordance with subsection (d) to assess whether the procedures are reasonably designed to—
(i) ensure that an acquisition authorized under subsection (a) is limited to targeting persons reasonably believed to be located outside the United States; and
(ii) prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States.
(C) Minimization procedures
The minimization procedures adopted in accordance with subsection (e) to assess whether such procedures meet the definition of minimization procedures under section 1801 (h) of this title or section 1821 (4) of this title, as appropriate.
(3) Orders
(A) Approval
If the Court finds that a certification submitted in accordance with subsection (g) contains all the required elements and that the targeting and minimization procedures adopted in accordance with subsections (d) and (e) are consistent with the requirements of those subsections and with the fourth amendment to the Constitution of the United States, the Court shall enter an order approving the certification and the use, or continued use in the case of an acquisition authorized pursuant to a determination under subsection (c)(2), of the procedures for the acquisition.
Which leaves, as the bill report makes clear even in its boasting, the optional IG review and Director of National Intelligence and Attorney General self-reporting as the primary forms of oversight. We have reason to believe the FISC has objected to some practices in recent years–both because Wyden has unsuccessfully pushed for these opinions to be released and because Whitehouse said at a recent SJC hearing that the FISC has suggested impending sunsets are the only time the government fixes its programs.
And remember, the Senate Intelligence Committee went to some length–then in Jay Rockefeller’s hands–to make sure DOJ’s IG, Glenn Fine, didn’t get anywhere near the NSA wiretapping (or at least the report on the illegal program). The folks overseeing this spying program want a captive IG to conduct reviews. And why not? You can dial up a timely “fuck you” on command.
And note these issues–whether the government uses this program to intentionally spy on US persons–is one topic on which the government chose to remain silent in a recent filing in Amnesty v. Clapper.
All of which is a long-winded way of saying that the government has spent the last 10 years making sure that 1) US person data was not protected and 2) there would be no way–short of trusting the sworn statements of the DNI and AG–of ensuring that it was protected.
And now NSA’s IG, in a blatant “fuck you” to the only one trying to exercise oversight. reveals that it “can’t” review whether US person privacy is protected as mandated by law, because doing so would violate their privacy.
Again, it’s fairly clear what is going on here. We should, at this point, assume the DNI and AG are violating their sworn statements–how could they even make these sworn statements if what they’re attesting to is impossible to know!?!?
But we’ll never get to hold them accountable for that. Partly because all but two of the Senators mandated with oversight of this program refuse to hold them accountable. And because doing so would–the NSA IG claims–violate our privacy.