NSA’s New “Privacy Officer” Releases Her First Propaganda

Over at Lawfare, Ken Anderson released the public comment on Section 702 the NSA Civil Liberties and Privacy Office have submitted to the Privacy and Civil Liberties and Oversight Board. Anderson notes that the comment doesn’t appear to be online yet, and the name of the Civil Liberties and Privacy Officer, Rebecca Richards, doesn’t appear on what Anderson posted (though that may be Lawfare’s doing).

The statement, generally, makes me sad. The comment repeatedly backed off including known, even unclassified details about Section 702, and as such this doesn’t so much read as an independent statement on the privacy assessment of the woman at the NSA mandated with overseeing it, but rather a highly scripted press release.

I will probably do a piece on some potential holes this statement may indicate in NSA’s oversight (though it is written in such hopeless bureaucratese, we can’t be sure). But for the moment, I wanted to point to what, in my opinion, is the most glaring example of how scripted this.

The statement describes back door searches this way:

Since October 2011 and consistent with other agencies’ Section 702 minimization procedures, NSA’s Section 702 minimization procedures have permitted NSA personnel to use U.S. person identifiers to query Section 702 collection when such a query is reasonably likely to return foreign intelligence information. NSA distinguishes between queries of communications content and communications metadata. NSA analysts must provide justification and receive additional approval before a content query using a U.S. person identifier can occur. To date, NSA analysts have queried Section 702 content with U.S. person identifiers less frequently than Section 702 metadata. For example, NSA may seek to query a U.S. person identifier when there is an imminent threat to life, such as a hostage situation. NSA is required to maintain records of U.S. person queries and the records are available for review by both OOJ [sic] and ODNI as part of the external oversight process for this authority. Additionally, NSA’s procedures prohibit NSA from querying Upstream data with U.S. person identifiers.

The only new piece of information provided here is that the NSA conducts more back door searches on 702 metadata than on 702 content.

But then the statement immediately provides the most defensible example of back door searches — searching for a US person’s identifier in content when they’ve been kidnapped, a scenario that derives from a pre-PAA problem with NSA’s kludged FISC approved program. Notably, this scenario is almost certainly not a metadata search! This is also the same scenario used by Dianne Feinstein’s aides in November to obscure the true extent of the searches, suggesting it is a propaganda line NSA has developed to spin back door searches.

What I find so frustrating about this statement is how it compares with statements others have already made … to PCLOB.

In November, for example, after ODNI General Counsel Robert Litt admitted that the Intelligence Community treats back door searches of 702 data (and probably, EO 12333 data) like they do all “legally collected” data, NSA General Counsel Raj De admitted that NSA doesn’t even require Reasonable Articulable Suspicion to do searches on US person data, because doing so would involve adopting a higher standard for back door searches than for other data.

Raj De: Our minimization procedures, including how we handle data, whether that’s collection, analysis, dissemination, querying are all approved by the Foreign Intelligence Surveillance Court. There are protections on the dissemination of information, whether as a result of a query or analysis. So in other words, U.S. person information can only be disseminated if it’s either necessary to understand the foreign intelligence value of the information,evidence of a crime and so forth. So I think those are the types of protections that are in place with this lawfully collected data.

[Center for Democracy and Technology VP James] DEMPSEY: But am I right, there’s no, on the query itself, other than it be for a foreign intelligence purpose, is there any other limitation? We don’t even have a RAS for that data.

MR. DE: There’s certainly no other program for which the RAS standard is applicable. That’s limited to the 215 program, that’s correct. But as to whether there is, and I think this was getting to the probable cause standard, should there be a higher standard for querying lawfully collected data. I think that would be a novel approach in this context, not to suggest reasonable people can’t disagree, discuss that. But I’m not aware of another context in which there is lawfully collected, minimized information in this capacity in which you would need a particular standard.

Then, in March, Litt objected to requiring court review before doing back door searches (and he was asked specifically about back door searches of US person data, though he reportedly tried to back off the application of this to US persons after the hearing) because the volume of back door searches is so high.

[Retired DC Circuit Judge] Patricia Wald: The President required, or, I think he required in his January directive that went to 215 that at least temporarily, the selectors in 215 for questioning the databank of US telephone calls–metadata–had to be approved by the FISA Court. Why wouldn’t a similar requirement for 702 be appropriate in the case where US person indicators are used to search the PRISM database? What big difference do you see there?

Robert Litt: Well, I think from a theoretical perspective it’s the difference between a bulk collection and a targeted collection which is that–

Wald: But I would think that, sorry for interrupting, [cross-chatter]  I would think that message since 702 has actually got the content.

Litt: Well, and the second point that I was going to make is that I think the operational burden in the context of 702 would far greater than in the context of 215.

Wald: But that would–

Litt: If you recall, the number of actual telephone numbers as to which a  RAS–reasonable articulable suspicion determination was made under Section 215 was very small. The number of times that we query the 702 database for information is considerably larger. I suspect that the Foreign Intelligence Surveillance Court would be extremely unhappy if they were required to approve every such query.

Wald: I suppose the ultimate question for us is whether or not the inconvenience to the agencies or even the unhappiness of the FISA Court would be the ultimate criteria.

Litt: Well I think it’s more than a question of convenience, I think it’s also a question of practicability.

Admittedly, Litt’s answer refers to all the back door searches conducted by the Intelligence Community, including the both the CIA and FBI (the latter of which other reporters seem to always ignore when discussing back door searches), as well as NSA. So it’s possible this volume of back door searches reflects FBI’s use of the practice, not NSA’s. (Recall that former presiding FISC Judge John Bates admits the Court has no clue how often or in what ways the Executive Branch is doing back door searches on US person data, but that it is likely so common as to be burdensome to require FISC involvement.)

Still, the combined picture already provided to PCLOB goes well beyond the hostage situation provided by the Privacy Office statement.

Even the President’s comment about back door searches in his January speech appears to go beyond what the NSA statement does (though again, imposing new limits on back door searches for law enforcement purposes probably speaks primarily to FBI’s back door searches, less so NSA’s).

 I am asking the Attorney General and DNI to institute reforms that place additional restrictions on government’s ability to retain, search, and use in criminal cases, communications between Americans and foreign citizens incidentally collected under Section 702.

We are slowly squeezing details about the reality of back door searches, so I wasn’t really relying on this statement in any case.

But it’s an issue of credibility. The Privacy Officer, to have a shred of credibility and therefore the PR value that Obama surely hopes it will have, must appear to be speaking from independent review within the scope permitted by classification restraints. That hasn’t happened here, not even close. Instead, Rebecca Richards appears to speaking under the constraint of censorship far beyond that imposed on other government witnesses on this issue.

That doesn’t bode well for her ability to make much difference at NSA.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

8 replies
  1. chronicle says:

    The Privacy Officer. If anyone was in doubt before that the IC has reached the bottom of the absurdity abyss, this Monte Python level euphemism should either:

    1. Remind you of a high school bathroom monitor..or
    2. Force you to the floor in raucous, gut splitting laughter.
    3. Rest your mind your government has you covered when sitting on the toilet.

    In either case, the mere fact our Federal government has reached the point where they have created a special propaganda position called The Privacy Officer, is living testimony of

    1. The USG has gone completely, stark raving mad.
    2. There are people on this planet born with an immunity to humiliation.
    3. The United States is the Dumbest Country on the Planet.

  2. Nate says:

    Under 702(g)(4) the certification “is not required to identify the specific facilities, places, premises, or property at which an acquisition…will be directed or conducted”. And yet, under 702(h)(1)(A) the telecom/ISP must provide “all information, facilities, or assistance necessary to accomplish the acquisition”.

    In light of these two provisions, one might ask:
    (a) what, exactly, the court is “approving”?
    (b) Does the order/directive sent to the service provider identify specific accounts or subscribers? If not, what is the service provider directed to provide?

    • chronicle says:

      quote”In light of these two provisions, one might ask:”unquote

      (c.) What is the provisions author drug of choice.

  3. orionATL says:

    by god, when the nsa kleptocracy says “private”, they mean “private” – just not in the same way ypu and i would take that word in that context.

    “private” here means a combination of “nsa business is none of your god-damned business” and “when you pry it out of my cold, dead brain.”

  4. abbadabba says:

    Will the Milgrams operating the Intercept’s comment site desist from antagonizing those they have already gagged and bound, PLEASE?! That’s a bit counter to their adversarial position against torture.

    It’s one thing to set my email to go immediately to the spam can, their ball field, but entirely another to post inquiries about my “disappearance” and then refuse to allow me to answer to the reports of my early demise. Clever cleavering, buzz killers. I’m always there and read MOST of the posts until the bickering makes me want to change channels.

    That is either a gratuitous level of secreted commentor abuse, OR GCHQ may be screwing with us. I’m up for some Classy Action if anyone wants to determine if the Intercepts’ Mods are just a bunch of childish Milgram shock administrators or we have an actionable problem against intrusion, Houston.

    Am I arriving at My Own Private Heathrow and immediately being canned by the Intercepts’ lame Mods, or has my email been hijacked before it even hits the Intercepts’ can? google is really gargling on my search items, taking FAR too long to READ them, or perhaps all that German history is clogging up their filters.

    Marcy, you amaze me. You are more diligent than a Honey Badger who’s awoken with a major hAnger for justice, and THAT’S an AWESOME badge to wear. I know you will NEVER desist. The only question is, what kind of a stink can you make if cornered?

    I see Glenn is booking it which means he’s tired of the feedback fruitloops. I am glad you continue to dig like a badger for the REAL nuggets that PROVE who is accountable for damaging Liberty’s rootball. I don’t like tree killers, either.

    I’ve been reading history and feel like “building” a Liberty Tree, but between you and me, those German translations are perhaps sending me on a wild tree hunt. Beeders would just lash evergreens to their flag poles when I lived Rhenish in the Palatinate, so I guess that was MORE than a just an ode to the Holy. It was a finger in Metternich’s eye? Beeders are NOT just homemakers! We also like to make trouble for Liberty’s enemies under the cover of magazines!

  5. abbadabba says:

    I told Bro to tell GM’s former he’s a Mensch for making a woman the new CEO…that was until I saw his reason for repurposing her.

    She’s the fall gal for their ignition switch deaths. Such an icehole, that Ackerson. I know it’s childish for me to think genderly, but I don’t take well to guys who blame gals for their fuckups. Honda switched out my switch without even telling me while I was in for a new battery in 2009. They saw the cost of continuing to LIE! PEOPLE DIED for two MORE years under your stealth evasions, Akerson!! You’re idiots to let him in the club, Carlyle!

    So, Marcy, do the boys have a fracking clue what they are up, too? No one should fly until they get a thumbs up from the ground crew. Do you have a good one or are they top flightly II?

  6. FluffytheObeseCat says:

    Marcy,

    I don’t read your posts as frequently and carefully as I’d like, so you may have answered this question (repeatedly), however,

    “The only new piece of information provided here is that the NSA conducts more back door searches on 702 metadata than on 702 content.”

    Do you have a solid and complete understanding of what they define as “content” wrt to 702 searches?

Comments are closed.