June 13, 2013 / by emptywheel

 

What Does NCTC Do with NSA and FBI’s Newly Disclosed Databases?

The discussion about the various “NSA” programs we’ve seen so far have discussed only how NSA works with FBI. FBI requests the dragnet phone information and hands it over to NSA. NSA negotiates direct access to internet companies that allow FBI to make direct queries.

We’ve heard from Keith Alexander about what NSA does — its only use of Section 215, he said, was the phone records.

We heard from Robert Mueller who gave less clear answers about what FBI does and does not do.

But we have yet to have direct testimony from James “least untruthful too cute by half” James Clapper. Mind you, we’ve gotten several fact sheets and Clapper’s hilarious interview with Andrea Mitchell. Just no specific public testimony.

And curiously, in the DNI’s own fact sheets, he doesn’t specify who does what, aside from describing the statutory role his position and the Attorney General play in authorizing FAA 702 orders. He doesn’t say what FBI does, what NSA does … or what his own organization does.

That’s important, because in addition to overseeing all intelligence, Clapper’s office also includes the National Counterterrorism Center. And the NCTC is the entity in charge sharing data. Indeed, it is statutorily required to have access to everything.

[The National Security Act] provides that “[u]nless otherwise directed by the President, the Director of National Intelligence shall have access to all national intelligence and intelligence related to the national security which is collected by any federal department, agency, or other entity, except as otherwise provided by law, or as appropriate, under guidelines agreed upon by the Attorney General and the Director of National Intelligence.

That means, presumably, that NCTC is doing a lot of the work that NSA and FBI are making narrow denials about.

But it also means that NCTC can play with these databases — the dragnet and the access via PRISM to 702 data — as well as any other data in the Federal government, including databases that John Brennan gave it the ability to go get.

So here’s the thing. When Keith Alexander gives you pat reassurances about how limited NSA’s access to Americans’ call data is, that may disclose a whole lot more intrusive data mining over at James Clapper’s shop.

Remember, here is what James Clapper was initially asked.

Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

Clapper: No, sir.

Wyden: It does not?

Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.” [my emphasis]

His first attempt to walk back that lie went like this:

What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. [my emphasis]

His second attempt to walk it back went like this:

ANDREA MITCHELL: Senator Wyden made quite a lot out of your exchange with him last March during the hearings. Can you explain what you meant when you said that there was not data collection on millions of Americans?

JAMES CLAPPER: First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.

And again, to go back to my metaphor. What I was thinking of is looking at the Dewey Decimal numbers– of those books in that metaphorical library– to me, collection of U.S. persons’ data would mean taking the book off the shelf and opening it up and reading it.

ANDREA MITCHELL: Taking the contents?

JAMES CLAPPER: Exactly. That’s what I meant. Now–

ANDREA MITCHELL: You did not mean archiving the telephone numbers?

All of those efforts were, by context at least, limited exclusively to NSA. They don’t address, at all, what NCTC might do with this data (or, for that matter, FBI).

So what does the NCTC do with the data that NSA and FBI have issued careful denials about?

Update: I’m going to replicate a big chunk of this post on the oversight over NCTC’s use of other agencies data, complete with the bit about how the guy in charge of it thought Cheney’s illegal program was the shit.

Back when John Negroponte appointed him to be the Director of National Intelligence’s Civil Liberties Protection Officer, Alexander Joel admitted he had no problem with Cheney’s illegal domestic wiretap program.

When the NSA wiretapping program began, Mr. Joel wasn’t working for the intelligence office, but he says he has reviewed it and finds no problems. The classified nature of the agency’s surveillance work makes it difficult to discuss, but he suggests that fears about what the government might be doing are overblown.

“Although you might have concerns about what might potentially be going on, those potentials are not actually being realized and if you could see what was going on, you would be reassured just like everyone else,” he says.

That should trouble you, because he’s the cornerstone of oversight over the National Counterterrorism Center’s expanded ability to obtain and do pattern analysis on US person data.

The Guidelines describe such oversight to include the following:

  • Periodic spot checks overseen by CLPO to make sure database use complies with Terms and Conditions
  • Periodic reviews to determine whether ongoing use of US person data “remains appropriate”
  • Reporting (the Guidelines don’t say by whom) of any “significant failure” to comply with guidelines; such reports go to the Director of NCTC, the ODNI General Counsel, the CLPO, DOJ (it doesn’t say whom at DOJ), and the IC Inspector General; note, the Guidelines don’t require reporting to the Intelligence Oversight Board, which should get notice of significant failures
  • Annual reports from the Director of NCTC on an (admittedly worthwhile) range of metrics on performance to the Guidelines; this report goes to the CLPO, ODNI General Counsel, the IC IG, and–if she requests it–the Assistant Attorney General for National Security

There are a few reasons to be skeptical of this. First, rather than replicate the audits recently mandated under the PATRIOT Act–in which the DOJ Inspector General develops the metrics, these Guidelines have NCTC develop the metrics themselves. And they’re designed to go to the CLPO, who officially reports to the NCTC head, rather than an IG with some independence.

That is, to a large extent, this oversight consists of NCTC reporting to itself.

Also, note who doesn’t get these reports? Congress. Not even the Intelligence Committees.

Copyright © 2018 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2013/06/13/what-does-nctc-do-with-nsa-and-fbis-newly-disclosed-databases/