“Whoa Whoa Whoa, Stop!” Dianne Feinstein Misstates the 2011 Violations

One of the most enlightening aspects of yesterday’s Senate Intelligence Hearing on FISA came when Dianne Feinstein tried to rebut witness Tim Edgar’s categorization of the 2011 violations described in John Bates October 8, 2011 opinion. In her rebuttal, she proved she either doesn’t know, doesn’t understand, or chooses to misrepresent the opinion, which found that NSA had violated the law and Fourth Amendment in its Section 702 program.

Edgar was arguing (see page 5-6) that if the FISA Court opinions were publicly released, we’d know about ridiculous semantic definitions — like “relevant” — as those definitions were invoked, not years after the fact, which would lead to greater trust in the FISC.

As his second example, he cited NSA’s collection of US person communications on upstream collection. (After 2:20)

EDGAR: [T]he NSA’s interpretation of the requirement in Section 702, for content surveillance targeting foreign persons, that those procedures must target foreign persons is also surprising. The FISA court’s recently released opinions show that communications that target foreign persons include not only communications that are to or from that person, but also those that are merely about that person in a particular narrow sense, that the selection — the selector for that person appears in the communication.

Even communications which are not to or from, or about, the foreign target at all have been acquired as the result of the manner in which some NSA collection was conducted.

DiFi interrupted him (whoa whoa whoa stop!) — and (having read his statement in advance) started reading a written rebuttal to provide her version of the 2011 violations.

FEINSTEIN: Whoa, whoa, whoa, stop. Exactly what program are you talking about?

EDGAR: In the recently released FISA court opinion about upstream collection in the compliance incidents in 2011, it was documented how information from multiple communications — what they called “multiple communications transactions” — was obtained not by mistake, but because of the way the system was designed. That included any selector that was a foreign target in the entire multi- communications transaction.

And so that created a lot of controversy in the FISA court, and required the FISA court to work with the Justice Department and the intelligence community to narrow the minimization guidelines.

FEINSTEIN: OK. Because this is — this is important, may I interrupt this just — respond? [reading from prepared statement] In mid 2011, NSA notified the DOJ, the DNI, and the FISA court, and House and Senate Intelligence Committees, of a series of compliance incidents impacting a subset of NSA collection under Section 702 of FISA, known as upstream collection.

This comprises about 10 percent of all collection that takes place under 702, and occurs when NSA obtains Internet communications, such as e-mails, from certain U.S. companies that operate the Internet background;[sic] i.e., the companies that own and operate the domestic telecommunication lines over which Internet traffic flows.

In essence, the issue that arose in 2011 was that NSA, while trying to acquire e-mails to, from, or about an overseas target, realized it, and was inadvertent — that it was inadvertently acquiring other e-mails, including some e-mails sent between persons inside the United States that happened to be bundled with the e-mail messages NSA was trying to collect.

This bundling is done by Internet companies in order to make it easier to send information quickly over the telecom lines that make up the Internet. Unfortunately, NSA’s technical systems could not easily separate the individual messages within these bundles. And the result was that NSA collected some e-mail messages it did not intend to acquire.

OK. We held a lengthy hearing on the court’s ruling on October 20, 2011, at which General Alexander and Lisa Monaco — then the assistant attorney general for national security — described the court’s ruling and what they were doing to address it.

Here’s my point: It was a mistake. Action was taken immediately to correct it. It came to us. We took action. [bold mine, underline emphasis DiFi applied in delivery]

DiFi’s prepared statement misstates the facts as presented in Bates’ opinion in several ways:

  • The issue had existed since before July 2008
  • The collection was — according to the court ruling — not inadvertent
  • NSA only corrected the problem under threat of criminal referral, after months of delay

First, the issue did not arise in 2011.

As Bates made clear, “NSA has been collecting MCT’s since before the Court’s approval of the first Section 702 certification in 2008.” (50) It’s not that NSA didn’t realize what it was doing. It’s that it didn’t tell the court about it (which partly goes to Edgar’s point, because technical experts might have understood the difficulty in collecting clean upstream communications). NSA may not have realized that collected MCTs represented a violation of the law, but it did know it was collecting them. (My guess — and it is just a wildarsed guess — is that James Clapper knew it was a problem but only fixed it when he started to certify declarations to the FISC after he became Director of National Intelligence.)

The NSA’s 2009 minimization procedures reflected this awareness. They specifically permitted retention of “electronic communications acquired because of limitations on NSA’s ability to filter communications.” In 2011, this language was placed in a section specifically addressing upstream collection.

And contrary to DiFi’s insistence, the collection was not inadvertent. Bates addressed this claim — which NSA had made to him — at some length.

Specifically, the government argues that NSA is not “intentionally” acquiring wholly domestic communications because the government does not intend to acquire transactions containing communications that are wholly domestic and has implemented technical means to prevent the acquisition of such transactions. See June 28 Submission at 12. This argument fails for several reasons.

NSA targets a person under Section 702 certifications by acquiring communications to, from, or about a selector used by that person. Therefore, to the extent NSA’s upstream collection devices acquire an Internet transaction containing a single, discrete communication that is to, from, or about a tasked selector, it can hardly be said that NSA’s acquisition is “unintentional.” In fact, the government has argued, that the Court has accepted, that the government intentionally acquires communications to and from a target, even when NSA reasonably — albeit mistakenly — believes that the target is located outside the United States. See Docket No. [redacted]

With respect to MCT’s, the sole reason NSA acquires such transactions is the presence of a tasked selector within the transaction. Because it is technologically infeasible for NSA’s collection devices to acquire only the discrete communications to, from, or about a tasked selector that may be contained within an MCT, however, the government argues that the only way to obtain the foreign intelligence information found within the discrete communication is to acquire the entire transaction in which it is contained. June 1 Submission at 21. As a result, the government intentionally acquires all discrete communications within an MCT, including those that are not to, from or about a tasked selector. See June 28 Submission at 12, 14; see also Sept. 7, 2011 Hearing Tr. at 33-34.

The fact that NSA’s technical measures cannot prevent NSA from acquiring transactions containing wholly domestic communications under certain circumstances does not render NSA’s acquisition of those transactions “unintentional.”

[snip]

[T]here is nothing in the record to suggest that NSA’s technical means are malfunctioning or otherwise failing to operate as designed. Indeed, the government readily concedes that NSA will acquire a wholly domestic “about” communication if the transaction containing the communication is routed through an international Internet link being monitored by NSA or is routed through a foreign server.

[snip]

By expanding its Section 702 acquisitions to include the acquisition of Internet transactions through its upstream collection, NSA has, as a practical matter, circumvented the spirit of Section 1881a(b)(4) and (d)(1) with regard to that collection. (44-45, 48)

Keith Alexander and Lisa Monaco may have told DiFi on October 20, 2011 they “did not intend” to collect this information (her emphasis), but if DiFi has read Bates’ opinion she knows that is not the case, certainly not from a legal perspective.

And DiFi’s claim that “actions were taken” immediately to correct this problem is just laughable.

Even pretending no one at NSA understood the implications of collecting MCTs in 2008 or 2009 or 2010, the government submitted a “clarification” to the FISC about this practice on May 2, 2011. As late as August 30, NSA had not changed its collection methods and proposed leaving MCTs of interest in its databases with no special markings. NSA wanted to keep MCTs, “including information of or concerning United States persons with no direct connection to any target.” And it wanted to leave access to this information available to all analysts.

In his October 3 order, Bates made the government come up with more restrictive treatment of this content.

The government’s willingness to protect the US person MCTs it had already collected came only with further delay. At first (as late as October 13), the government considered appealing his decision, and then claimed laws preventing such collection did not apply to it. But it was not until “late in 2011” (probably after November 30) that “the government began taking steps that had the effect of mitigating any Section 1809(a)(2) problem, including the risk that information subject to the statutory criminal prohibition might be used or disclosed in an application filed before this Court.”

Now DiFi may think that fixing the retention problem 5 months after disclosing it (and at least 3 years after starting it) and mitigating the collection problem 7 months later is “immediate,” but along the way the government exhibited some reluctance — until threatened with criminal referral, it seems — to do anything about this violation.

Yesterday’s hearing — James Cole’s dubious representations (James Clapper and Keith Alexander seemed to make pains to avoid their past misrepresentations), Ben Wittes’ unintentional proof of the dysfunction of the Intelligence Committees, and 4 or 5 Senators’ self-filibuster in lieu of questions — served to demonstrate how pathetic our existing structure of oversight is.

But nothing made that more clear than DiFi’s rude (and prepared) effort to spin the 2011 violations as something the record shows they’re not.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

20 replies
  1. ess emm says:

    Feinstein demonstrates once again that SSCI public hearings are carefully orchestrated events that appear to get at the truth, but their actual purpose is for Feinstein to provide active defense of the really powerful sacred cows and grand poobahs.

    I only wish Edgar would have immediately rebutted her like you have.

  2. What Constitution? says:

    Worst case scenario is that we end up stuck defending the Constitution with the congressional committees we’ve got. Rumsfeld would be satisfied, but the rest of us would just be screwed.

    The case for appointing a truly and realistically honest investigational body was underscored by yesterday’s farce of a “hearing”. The use of the word “hearing” once was meant to connote the opportunity to hear more than one side; that concept was nowhere to be found in DiFi and Alexander’s production.

    Thanks for all efforts to deconstruct and lay bare the elements of this orchestrated attempt at whitewashing the flaws and reinforcing the perniciousness of the spying structures, and thanks to Edward Snowden for making it even remotely possible to identify the flaws and try to align the practices of our government to the standards required by our Constitution. Now if we could just find a way to actually achieve it.

  3. stryder says:

    I keep getting a sitemeter analytics box pop up when i open your page. Are you responsible for this monitering ?

  4. ess emm says:

    @What Constitution?:

    …try to align the practices of our government to the standards required by our Constitution. Now if we could just find a way to actually achieve it.

    Don’t you see any hope in the crowd of MOCs that supported the Amash-Conyers amendment? That’s the group that should be mobilized by public opinion—and people like us.

  5. steve says:

    I’ve been getting the sitemeter popup on a couple of sites today. I thought it was something in my corporate firewall but now I’m wondering if somebody’s wordpress background widget update broke something.

    Edit: if you google the phrase it looks like it’s happening in quite a few places, only with IE browsers. So EW is probably using sitemeter to track visitor counts (with or without her knowledge) and something is broken with sitemeter/IE.

  6. steve says:

    Edit: if you google the phrase it looks like it’s happening in quite a few places, only with IE browsers. So EW is probably using sitemeter to track visitor counts (with or without her knowledge) and something is broken with sitemeter/IE.

  7. What Constitution? says:

    @ess emm: I try to always see some hope. I’d be ecstatic just to have one of these people say (and act like) they understand that their job is to protect and defend the Constitution of the United States of America when they approach issues like these. And yes, Amash-Conyers was a good start, may it pass in some such form — just because it probably won’t be endorsed by the Senate Intelligence group (where DiFi would never allow a hearing or a vote, if her history is taken as a guide) doesn’t mean it cannot happen. Thanks for reminding.

  8. Teddy says:

    You seem to be presuming that Feinstein is attempting to undertake the legal definition of terms of art, when in fact (as a non-attorney) she is instead simply repeating what she’s been told. She doesn’t apply legal analytics to her effort (something some non-attorneys do rather well, ahem) but instead parrots what she’s been told by powerful men. It’s stood her in good stead for decades, this method, and as the Newest Oldest Senator, she’s not likely to change anytime soon.

  9. bmaz says:

    @steve: STEVE!! Welcome to our little pasture. Yes we do use Sitemeter to track, but Marcy and I both use Macs. Can’t speak for her, But I haven’t seen anything goofy. Don’t know why your second comment got held up, but you should not get auto-moderated in the future. Good to see you.

  10. stryder says:

    thanks all ! It’s a security warning that a sitemeter.com has completed 0% analytics and wants to open a download.It’s only on IE and I can’t find it’s source. It’s a js script

  11. shoirca says:

    Dianne Feinstein Accidentally Confirms That NSA Tapped The Internet Backbone

    Feinstein interrupts a discussion to read a prepared “rebuttal” to a point being made, and in doing so clearly says that the NSA can get emails via upstream collections:

    “Upstream collection… occurs when NSA obtains internet communications, such as e-mails, from certain US companies that operate the Internet background, i.e., the companies that own and operate the domestic telecommunications lines over which internet traffic flows. ”

    She clearly means “backbone” rather than “background.” She’s discussing this in an attempt to defend the NSA’s “accidental” collection of information it shouldn’t have had. But that point is not that important. Instead, the important point is that she’s now admitted what most people suspected, but which the administration has totally avoided admitting for many, many years since the revelations made by Mark Klein.

    So, despite years of trying to deny that the NSA can collect email and other communications directly from the backbone (rather than from the internet companies themselves), Feinstein appears to have finally let the cat out of the bag, perhaps without realizing it.

    http://www.techdirt.com/articles/20130927/13562624678/dianne-feinstein-accidentally-confirms-that-nsa-tapped-internet-backbone.shtml

  12. GKJames says:

    Feinstein’s theatrics merely confirm her intellectual and moral bankruptcy. The “Whoa!” bit suggesting spontaneity followed by the prepared statement — as if no one would notice; the contempt for the public is staggering. But what explains her coddling of the national security apparatus? Is it a pecuniary interest? An ideological affinity? The egomania that comes with being privy to classified information? A girl in charge of the “hard stuff”? She’s not my senator; I’d welcome any thoughts on this, no matter how speculative.

  13. shoirca says:

    @GKJames:
    “what explains her coddling of the national security apparatus?”

    Richard Blum’s wife, Senator Dianne Feinstein, has received scrutiny due to her husband’s government contracts … URS Corp, which Blum had a substantial stake in, bought EG&G, a leading provider of technical services and management to the U.S. military, from The Carlyle Group in 2002; EG&G subsequently won a $600m defense contract.

  14. MadCow says:

    This action is really no different from NSA’s past actions (CARNIVOR*, and other TRIPLE PHOENIX** programs. The only difference is that the analyst (who came from the FBI) had to delete ALL collected evidence: even the legitimate data.(Source: http://epic.org/privacy/carnivore/fisa.html)

    Here is the court’s order speaking of the device used w/CARNIVOR: http://epic.org/privacy/carnivore/court_order.html That document describes “a device” that is hooked up to at least that ISP server. The issue is that the business records provision already existed, too. How was this (by FISA) seen as overreach one year, but then acceptable the next for the EXACT same collected info? Did the terrorists start using more email?

    There is no reason, with Clapper defying Congress, why they would not put them on the internet backbone. In 2004, when such packed information JUST containing other information not mentioned on the warrant, had to be destroyed.

    * = http://web.archive.org/web/20130705122206/http://epic.org/privacy/carnivore/foia_documents.html

    **Also, “Packeteer and CoolMiner [post collection tools], which, with Carnivore, are collectively known as the DragonWare suite” while other sources gave this, or another amalgamation of programs (voice, etc.) to be TRIPLE PHOENIX. (http://cryptome.org/carnivore-rev.htm#2) and (http://web.archive.org/web/20130705122206/http://epic.org/privacy/carnivore/foia_documents.html for more, non-secret, FISA rulings.)

  15. Everythings Jake says:

    It’s near impossible for me to listen to DiFi speak anymore. All I hear is a garbled mix of: 9/11, 9/11,9/11 (if it were a drinking game, you’d have cirrhosis by the end of a speech); some variation on can I vote myself or my husband more money; and the rest is like some kind of harpy ghoul speak – gbleh, gbleh, gbleh. Unfortunately, I guess we still have to take what she says seriously, but I do wish people would take to just openly mocking and shunning her to send a message that the end of her corrupt reign is near.

  16. C says:

    @shoirca: Early on in DiFi’s political career (and she’s never been anything but a politician) she was the target of a failed assassination attempt. Later on she became acting mayor of San Francisco when Mayor George Moscone and Supervisor Harvey Milik were shot. She apparently found Milik’s body.

    Since then she has spent a fair amount of her political career supporting state attempts to track down terrorists and trying to ban guns. Not unlike J. Edgar Hoover who also escaped an early assassination attempt (by anarchists) and then spent his career fighting to crack down on them.

    It is an anecdote of her career of course but it does seem to characterize her behavior of fighting against outsiders on behalf of state control.

Comments are closed.