In Nomination Hearing, DIRNSA Nominee Mike Rogers Continues James Clapper and Keith Alexander’s Obfuscation about Back Door Searches

Yesterday, the Senate Armed Services Committee held a hearing for Vice Admiral Mike Rogers to serve as head of Cyber Command (see this story from Spencer about how Rogers’ confirmation as Cyber Command chief serves as proxy for his role as Director of National Security Agency because the latter does not require Senate approval).

Many of the questions were about Cyber Command (which was, after all, the topic of the hearing), but a few Senators asked questions about the dragnet that affects us all.

In one of those exchanges — with Mark Udall — Rogers made it clear that he intends to continue to hide the answers to very basic questions about how NSA conducts warrantless surveillance of Americans, such as whether the NSA conducts back door searches on American people.

Udall: If I might, in looking ahead, I want to turn to the 702 program and ask a policy question about the authorities under Section 702 that’s written into the FISA Amendments Act. The Committee asked your understanding of the legal rationale for NASA [sic] to search through data acquired under Section 702 using US person identifiers without probable cause. You replied the NASA–the NSA’s court approved procedures only permit searches of this lawfully acquired data using US person identifiers for valid foreign intelligence purposes and under the oversight of the Justice Department and the DNI. The statute’s written to anticipate the incidental collection of Americans’ communications in the course of collecting the communications of foreigners reasonably believed to be located overseas. But the focus of that collection is clearly intended to be foreigners’ communications, not Americans. But declassified court documents show that in 2011 the NSA sought and obtained the authority to go through communications collected under Section 702 and conduct warrantless searches for the communications of specific Americans. Now, my question is simple. Have any of those searches been conducted?

Rogers: I apologize Sir, I’m not in a position to answer that as the nominee.

Udall: You–yes.

Rogers: But if you would like me to come back to you in the future if confirmed to be able to specifically address that question I will be glad to do so, Sir.

Udall: Let me follow up on that. You may recall that Director Clapper was asked this question in a hearing earlier this year and he didn’t believe that an open forum was the appropriate setting in which to discuss these issues. The problem that I have, Senator Wyden’s had, and others is that we’ve tried in various ways to get an unclassified answer — simple answer, yes or no — to the question. We want to have an answer because it relates — the answer does — to Americans’ privacy. Can you commit to answering the question before the Committee votes on your nomination?

Rogers: Sir, I believe that one of my challenges as the Director, if confirmed, is how do we engage the American people — and by extension their representatives — in a dialogue in which they have a level of comfort as to what we are doing and why. That is no insignificant challenge for those of us with an intelligence background, to be honest. But I believe that one of the takeaways from the situation over the last few months has been as an intelligence professional, as a senior intelligence leader, I have to be capable of communicating in a way that we are doing and why to the greatest extent possible. That perhaps the compromise is, if it comes to the how we do things, and the specifics, those are perhaps best addressed in classified sessions, but that one of my challenges is I have to be able to speak in broad terms in a way that most people can understand. And I look forward to that challenge.

Udall: I’m going to continue asking that question and I look forward to working with you to rebuild the confidence. [my emphasis]

The answer to the question Rogers refused to answer is clearly yes. We know that’s true because the answer is always yes when Wyden, and now Udall, ask such questions.

But we also know the answer is yes because declassified parts of last August’s Semiannual Section 702 Compliance Report state clearly that oversight teams have reviewed the use of this provision, which means there’s something to review.

As reported in the last semiannual assessment, NSA minimization procedures now permit NSA to query its databases containing telephony and non-upstream electronic communications using United States person identifiers in a manner designed to find foreign intelligence information. Similarly, CIA’s minimization procedures have been modified to make explicit that CIA may also query its databases using United States person identifiers to yield foreign intelligence information. As discussed above in the descriptions of the joint oversight team’s efforts at each agency, the joint oversight team conducts reviews of each agency’s use of its ability to query using United States person identifiers. To date, this review has not identified any incidents of noncompliance with respect to the use of United States person identifiers; as discussed in Section 4, the agencies’ internal oversight programs have, however, identified isolated instances in which Section 702 queries were inadvertently conducted using United States person identifiers. [my emphasis]

It even obliquely suggests there have been “inadvertent” violations, though this seems to entail back door searches on US person identifiers without realizing they were US person identifiers, not violations of the procedures for using back door searches on identifiers known to be US person identifiers.

Still, it is an unclassified fact that NSA uses these back door searches.

Yet the nominee to head the NSA refuses to answer a question on whether or not NSA uses these back door searches.

And it’s not just in response to this very basic question that Rogers channeled the dishonest approach of James Clapper and Keith Alexander.

As Udall alluded, at the end of a long series of questions about Cyber Command, the committee asked a series of questions about back door searches and other dragnet issues. They asked (see pages 42-43):

  • Whether NSA can conduct back door searches on data acquired under EO 12333 and if so under what legal rationale
  • Whether NSA can conduct back door searches on data acquired pursuant to traditional FISA and if so under what legal rationale
  • What the legal rationale is for back door searches on data acquired under FISA Amendments Act
  • What the legal rationale is for searches on the Section 215 query results in the “corporate store”

I believe every single one of Rogers’ answers — save perhaps the question on traditional FISA — involves some level of obfuscation. (See this post for further background on what NSA’s Raj De and ODNI’s Robert Litt have admitted about back door searches.)

Consider his answer on searches of the “corporate store” as one example.

What is your understanding of the legal rationale for searching through the “Corporate Store” of metadata acquired under section 215 using U.S. Persons identifiers for foreign intelligence purposes?

The section 215 program is specifically authorized by orders issued by the Foreign Intelligence Surveillance Court pursuant to relevant statutory requirements. (Note: the legality of the program has been reviewed and approved by more than a dozen FISC judges on over 35 occasions since 2006.) As further required by statute, the program is also governed by minimization procedures adopted by the Attorney General an d approved by the FISC. Those orders, and the accompanying minimization procedures, require that searches of data under the program may only be performed when there is a Reasonable Articulable Suspicion that the identifier to be queried is associated with a terrorist organization specified in the Court’s order.

Remember, not only do declassified Primary Orders make it clear NSA doesn’t need Reasonable Articulable Suspicion to search the corporate store, but PCLOB has explained the possible breadth of “corporate store” searches plainly.

According to the FISA court’s orders, records that have been moved into the corporate store may be searched by authorized personnel “for valid foreign intelligence purposes, without the requirement that those searches use only RAS-approved selection terms.”71 Analysts therefore can query the records in the corporate store with terms that are not reasonably suspected of association with terrorism. They also are permitted to analyze records in the corporate store through means other than individual contact-chaining queries that begin with a single selection term: because the records in the corporate store all stem from RAS-approved queries, the agency is allowed to apply other analytic methods and techniques to the query results.72 For instance, such calling records may be integrated with data acquired under other authorities for further analysis. The FISA court’s orders expressly state that the NSA may apply “the full range” of signals intelligence analytic tradecraft to the calling records that are responsive to a query, which includes every record in the corporate store.73

There is no debate over whether NSA can conduct back door searches in the “corporate store” because both FISC and PCLOB say they can.

Which is probably why SASC did not ask whether this was possible — it is an unclassified fact that it is — but rather what the legal rationale for doing so is.

And Rogers chose to answer this way:

  1. By asserting that the phone dragnet must comply with statutory requirements
  2. By repeating tired boilerplate about how many judges have approved this program (ignoring that almost all of these approvals came before FISC wrote its first legal opinion on the program)
  3. By pointing to AG-approved minimization procedures (note–it’s not actually clear that NSA’s — as distinct from FBI’s — dragnet specific procedures are AG-approved, though the more general USSID 18 ones are)
  4. By claiming FISA orders and minimization procedures “require that searches of data under the program may only be performed when there is a Reasonable Articulable Suspicion that the identifier to be queried is associated with a terrorist organization”

The last part of this answer is either downright ignorant (though I find that unlikely given how closely nominee responses get vetted) or plainly non-responsive. The question was not about queries of the dragnet itself — the “collection store” of all the data. The question was about the “corporate store” — the database of query results based off those RAS approved identifiers. And, as I said, there is no dispute that searches of the corporate store do not require RAS approval. In fact, the FISC orders Rogers points to say as much explicitly.

And yet the man Obama has picked to replace Keith Alexander, who has so badly discredited the Agency with his parade of lies, refused to answer that question directly. Much less explain the legal rationale used to conduct RAS-free searches on phone query results showing 3rd degree connections to someone who might have ties to terrorist groups, which is what the question was.

Which, I suppose, tells us all we need to know about whether anyone plans to improve the credibility or transparency of the NSA.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

12 replies
  1. Noah says:

    Rogers: “… how do we engage the American people – and by extension their representitives…”

    So, Rogers is part of some deep state or wordly group that doesn’t understand he is American or, by “extension,” appointed by representitives?!

    • Keith says:

      Yes, this is the height of arrogance – “how do we engage the American people — and by extension their representatives — in a dialogue in which they have a level of comfort” – that the agency gets to decide the parameters of “dialogue” with their supposed overseers.

  2. Dr. Pitchfork says:

    “Excuse me, ‘level of comfort’? This isn’t about PR, sir, this is about the f***ing LAW.”

    That’s what I would have said if I were a US Senator.

  3. orionATL says:

    i am baffled by what purpose it serves to deny that a particular program in nsa’s long menu of spying programs (and spying program options – “you may choose french fries, steak fries, or hash browns with that program, sir.”) does not exist.

    i am angered that the nsa will not give, and the president has not ordered it to give, a legal rational for the dragnet program. or for that matter, a practical, spying-based rationale for the need for such extensive population-wide spying, other than the searching-a-haystack analogy.

    • P J Evans says:

      Not just searching a haystack, but actively working to make the haystack much larger.

      Sign that an agency needs to be shut down (with prejudice): when they don’t understand that their ‘solution’ makes the problem worse.

  4. chronicle says:

    After reading the latest revelation on the internet, I don’t give a crap what these lying sacks of shit say anymore.

    https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/

    By now, there SHOULD be a million or two armed and extremely pissed off American citizens surrounding WDC.

    Unfortunately, for the most part.. ‘merica is filled with numbrained halfwits who couldn’t find the United States on a map of North America nor care if the USG set up cameras in every room of their home. After all, they’ve got nothing to hide. They think.

    • Frank33 says:

      In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam.

      Oh those torturers and assassins and hackers are so much more clever than me. But I did notice there is a Facebook Icon on this website. That could give someone malware.

      And I have gotten a lot of emails offers about winning lotteries and inhertances from rich Nigerians. Now I wonder if they were NSA “honey pots”. But so far, I have not gotten any actual offers from NSA babes wanting to put me in a compromising position. I can always hope.

  5. chronicle says:

    After reading the latest revelation on the Intercept, I don’t give a crap what these lying sacks of shit say anymore.

    https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/

    By now, there SHOULD be a million or two armed and extremely pissed off American citizens surrounding WDC.

    Unfortunately, for the most part.. ‘merica is filled with numbrained halfwits who couldn’t find the United States on a map of North America nor care if the USG set up cameras in every room of their home. After all, they’ve got nothing to hide. They think.

  6. Teddy says:

    Just offhand, whatever are we to do about this proliferation of Mike Rogerses in our public midst? I propose this solution:

    1. Chairman of the House Intelligence Committee Mike Rogers: Let’s call him Chair Rogers (until GOPs lose the House, at which point he’ll be much less important and newsworthy)

    2. Vice Admiral and putative NSA head Mike Rogers: Let’s call him Vice Rogers.

    3. Raw Story owner and occasional reporter on Congressmen’s sexual orientation Mike Rogers: Shall we call him Raw Rogers?

    There simply has to be some way to glance at a headline nowadays and know about whom one is gonna read.

  7. LeMoyne says:

    Shorter Mike Rogers: I may tell you in private, but not in public, and only if you hire me.

    Today we get the oft-repeated lesson: These Senate hearings are not job interviews.

  8. stephen pitt says:

    Unacceptable conduct by government criminals shall not be tolerated, only prosecuted. There is no remaining controversy as to NSA criminal conduct, except that which Sen Feinstein and her special NWO accessories have created. In reality, there is none. Dual nationality only works as is it shown, in criminally.

Comments are closed.