One of the most enlightening aspects of yesterday’s Senate Intelligence Hearing on FISA came when Dianne Feinstein tried to rebut witness Tim Edgar’s categorization of the 2011 violations described in John Bates October 8, 2011 opinion. In her rebuttal, she proved she either doesn’t know, doesn’t understand, or chooses to misrepresent the opinion, which found that NSA had violated the law and Fourth Amendment in its Section 702 program.
Edgar was arguing (see page 5-6) that if the FISA Court opinions were publicly released, we’d know about ridiculous semantic definitions — like “relevant” — as those definitions were invoked, not years after the fact, which would lead to greater trust in the FISC.
As his second example, he cited NSA’s collection of US person communications on upstream collection. (After 2:20)
EDGAR: [T]he NSA’s interpretation of the requirement in Section 702, for content surveillance targeting foreign persons, that those procedures must target foreign persons is also surprising. The FISA court’s recently released opinions show that communications that target foreign persons include not only communications that are to or from that person, but also those that are merely about that person in a particular narrow sense, that the selection — the selector for that person appears in the communication.
Even communications which are not to or from, or about, the foreign target at all have been acquired as the result of the manner in which some NSA collection was conducted.
DiFi interrupted him (whoa whoa whoa stop!) — and (having read his statement in advance) started reading a written rebuttal to provide her version of the 2011 violations.
FEINSTEIN: Whoa, whoa, whoa, stop. Exactly what program are you talking about?
EDGAR: In the recently released FISA court opinion about upstream collection in the compliance incidents in 2011, it was documented how information from multiple communications — what they called “multiple communications transactions” — was obtained not by mistake, but because of the way the system was designed. That included any selector that was a foreign target in the entire multi- communications transaction.
And so that created a lot of controversy in the FISA court, and required the FISA court to work with the Justice Department and the intelligence community to narrow the minimization guidelines.
FEINSTEIN: OK. Because this is — this is important, may I interrupt this just — respond? [reading from prepared statement] In mid 2011, NSA notified the DOJ, the DNI, and the FISA court, and House and Senate Intelligence Committees, of a series of compliance incidents impacting a subset of NSA collection under Section 702 of FISA, known as upstream collection.
This comprises about 10 percent of all collection that takes place under 702, and occurs when NSA obtains Internet communications, such as e-mails, from certain U.S. companies that operate the Internet background;[sic] i.e., the companies that own and operate the domestic telecommunication lines over which Internet traffic flows.
In essence, the issue that arose in 2011 was that NSA, while trying to acquire e-mails to, from, or about an overseas target, realized it, and was inadvertent — that it was inadvertently acquiring other e-mails, including some e-mails sent between persons inside the United States that happened to be bundled with the e-mail messages NSA was trying to collect.
This bundling is done by Internet companies in order to make it easier to send information quickly over the telecom lines that make up the Internet. Unfortunately, NSA’s technical systems could not easily separate the individual messages within these bundles. And the result was that NSA collected some e-mail messages it did not intend to acquire.
OK. We held a lengthy hearing on the court’s ruling on October 20, 2011, at which General Alexander and Lisa Monaco — then the assistant attorney general for national security — described the court’s ruling and what they were doing to address it.
Here’s my point: It was a mistake. Action was taken immediately to correct it. It came to us. We took action. [bold mine, underline emphasis DiFi applied in delivery]
DiFi’s prepared statement misstates the facts as presented in Bates’ opinion in several ways:
- The issue had existed since before July 2008
- The collection was — according to the court ruling — not inadvertent
- NSA only corrected the problem under threat of criminal referral, after months of delay
First, the issue did not arise in 2011.
As Bates made clear, “NSA has been collecting MCT’s since before the Court’s approval of the first Section 702 certification in 2008.” (50) It’s not that NSA didn’t realize what it was doing. It’s that it didn’t tell the court about it (which partly goes to Edgar’s point, because technical experts might have understood the difficulty in collecting clean upstream communications). NSA may not have realized that collected MCTs represented a violation of the law, but it did know it was collecting them. (My guess — and it is just a wildarsed guess — is that James Clapper knew it was a problem but only fixed it when he started to certify declarations to the FISC after he became Director of National Intelligence.)
The NSA’s 2009 minimization procedures reflected this awareness. They specifically permitted retention of “electronic communications acquired because of limitations on NSA’s ability to filter communications.” In 2011, this language was placed in a section specifically addressing upstream collection.
And contrary to DiFi’s insistence, the collection was not inadvertent. Bates addressed this claim — which NSA had made to him — at some length.
Specifically, the government argues that NSA is not “intentionally” acquiring wholly domestic communications because the government does not intend to acquire transactions containing communications that are wholly domestic and has implemented technical means to prevent the acquisition of such transactions. See June 28 Submission at 12. This argument fails for several reasons.
NSA targets a person under Section 702 certifications by acquiring communications to, from, or about a selector used by that person. Therefore, to the extent NSA’s upstream collection devices acquire an Internet transaction containing a single, discrete communication that is to, from, or about a tasked selector, it can hardly be said that NSA’s acquisition is “unintentional.” In fact, the government has argued, that the Court has accepted, that the government intentionally acquires communications to and from a target, even when NSA reasonably — albeit mistakenly — believes that the target is located outside the United States. See Docket No. [redacted]
With respect to MCT’s, the sole reason NSA acquires such transactions is the presence of a tasked selector within the transaction. Because it is technologically infeasible for NSA’s collection devices to acquire only the discrete communications to, from, or about a tasked selector that may be contained within an MCT, however, the government argues that the only way to obtain the foreign intelligence information found within the discrete communication is to acquire the entire transaction in which it is contained. June 1 Submission at 21. As a result, the government intentionally acquires all discrete communications within an MCT, including those that are not to, from or about a tasked selector. See June 28 Submission at 12, 14; see also Sept. 7, 2011 Hearing Tr. at 33-34.
The fact that NSA’s technical measures cannot prevent NSA from acquiring transactions containing wholly domestic communications under certain circumstances does not render NSA’s acquisition of those transactions “unintentional.”
[T]here is nothing in the record to suggest that NSA’s technical means are malfunctioning or otherwise failing to operate as designed. Indeed, the government readily concedes that NSA will acquire a wholly domestic “about” communication if the transaction containing the communication is routed through an international Internet link being monitored by NSA or is routed through a foreign server.
By expanding its Section 702 acquisitions to include the acquisition of Internet transactions through its upstream collection, NSA has, as a practical matter, circumvented the spirit of Section 1881a(b)(4) and (d)(1) with regard to that collection. (44-45, 48)
Keith Alexander and Lisa Monaco may have told DiFi on October 20, 2011 they “did not intend” to collect this information (her emphasis), but if DiFi has read Bates’ opinion she knows that is not the case, certainly not from a legal perspective.
And DiFi’s claim that “actions were taken” immediately to correct this problem is just laughable.
Even pretending no one at NSA understood the implications of collecting MCTs in 2008 or 2009 or 2010, the government submitted a “clarification” to the FISC about this practice on May 2, 2011. As late as August 30, NSA had not changed its collection methods and proposed leaving MCTs of interest in its databases with no special markings. NSA wanted to keep MCTs, “including information of or concerning United States persons with no direct connection to any target.” And it wanted to leave access to this information available to all analysts.
In his October 3 order, Bates made the government come up with more restrictive treatment of this content.
The government’s willingness to protect the US person MCTs it had already collected came only with further delay. At first (as late as October 13), the government considered appealing his decision, and then claimed laws preventing such collection did not apply to it. But it was not until “late in 2011” (probably after November 30) that “the government began taking steps that had the effect of mitigating any Section 1809(a)(2) problem, including the risk that information subject to the statutory criminal prohibition might be used or disclosed in an application filed before this Court.”
Now DiFi may think that fixing the retention problem 5 months after disclosing it (and at least 3 years after starting it) and mitigating the collection problem 7 months later is “immediate,” but along the way the government exhibited some reluctance — until threatened with criminal referral, it seems — to do anything about this violation.
Yesterday’s hearing — James Cole’s dubious representations (James Clapper and Keith Alexander seemed to make pains to avoid their past misrepresentations), Ben Wittes’ unintentional proof of the dysfunction of the Intelligence Committees, and 4 or 5 Senators’ self-filibuster in lieu of questions — served to demonstrate how pathetic our existing structure of oversight is.
But nothing made that more clear than DiFi’s rude (and prepared) effort to spin the 2011 violations as something the record shows they’re not.