Author Archives: emptywheel

FISA Court Finally Discovers a Limit to the Word “Relevant”

By:  Friday March 7, 2014 3:38 pm

A few weeks back I laughed that, in a probable attempt to score political points against those challenging the phone dragnet by asking to retain the phone dragnet longer than 5 years, DOJ had shown a rather unusual concern for defendant’s rights.

Judge Reggie Walton has just denied DOJ’s motion. In doing so he has found limits to the word “relevant” that otherwise seem unheard of at the FISC in recent memory.

For its part, the government makes no attempt to explain why it believes the records that are subject to destruction are relevant to the civil cases. The government merely notes that “‘[r]elevant’ in this context means relevant for purposes of discovery, … including information that relates to the claims or defenses of any party, as well as information that is reasonably calculated to lead to the discovery of admissible evidence.” Motion at 6. Similarly, the government asserts that “[b]ased on the issues raised by Plaintiffs,” the information must be retained, but it fails to identify what those issues are and how the records might shed light on them. Id. at 7. Finally, the motion asserts, without any explanation, that “[b]ased on the claims raised and the relief sought, a more limited retention of the BR metadata is not possible as there is no way for the Government to know in advance and then segregate and retain only the BR metadata specifically relevant to the identified lawsuits.” Id. Of course, questions of relevance are ultimately matters for the courts entertaining the civil litigation to resolve. But the government now requests this Court to afford substantial weight to the purported interests of the civil litigants in retaining the BR metadata relative to the primary interests of the United States persons whose information the government seeks to retain. The government’s motion provides scant basis for doing so.

Shew. Given the way FISC has been defining the word “relevant” since 2004 to mean “virtually all,” I had thought the word had become utterly meaningless.

At least we know the word “relevant” has some limits at FISC, even if they’re unbelievably broad.

Mind you, I’m not sure whether FISC or the government is right in this case, as I do have concerns about the data from the troubled period during 2009 aging off.

But I will at least take some Friday afternoon amusement that the FISC just scolded the government about the word “relevant.”

DOJ’s Leaky SCIF Double Standards

By:  Friday March 7, 2014 9:44 am

McClatchy’s latest in the CIA-Seante Intelligence Committee fight reports that FBI is now investigating Senate Intelligence Committee staffers for unauthorized removal of classified information from CIA’s SCIF.

The FBI is investigating the alleged unauthorized removal of classified documents from a secret CIA facility by Senate Intelligence Committee staff who prepared a study of the agency’s use of harsh interrogation techniques on suspected terrorists in secret overseas detention centers, McClatchy has learned.

[snip]

The FBI investigation stemmed from a request to the Justice Department by the CIA general counsel’s office for a criminal investigation into the removal last fall of classified documents by committee staff from a high-security electronic reading room that they were required to use to review top-secret emails and other materials, people familiar with issue told McClatchy. The existence of the referral was first reported online Thursday afternoon by Time magazine.

[snip]

The investigation request by the CIA general counsel’s office is one of two criminal referrals sent to the Justice Department in connection with the committee’s 6,300-page report, which remains unreleased nearly 15 months after the panel voted to approve its final draft, according to those familiar with the case.

The second was made by CIA Inspector General David Buckley, they said. It relates to the monitoring by the agency of computers that the committee staff used to review millions of classified documents in the electronic reading room set up inside a secret CIA facility in Northern Virginia, they said.

Wow. This removal of a document from a SCIF containing torture documents sure escalated quickly.

Which is particularly remarkable given DOJ’s past response when torture documents walk out of a SCIF, even their own one.

Recall that sometime between 2005 and 2009, at least 10 and possibly as many as 31 documents critical to discussions over the legality of torture disappeared from the Office of Legal Counsel’s very own SCIF.

Some of the documents that went into the production of the torture memos–and should have been reviewed by OPR over the course of its investigation–disappeared some time in the last 5 years.

As I reported last September, after some delay in a FOIA response, Acting head of OLC, David Barron confessed that OLC could not find all of the documents that it had first listed on a 2006 FOIA response.

The problem, as Barron explained in his declaration, seems to stem from three things: CIA, not OLC, did the original FOIA search in 2005 and at that time did not make a copy of the documents responsive to FOIA; for long periods OPR had the documents, lumped in with a bunch of other torture documents, so it could work on is investigation; the documents got shuttled around for other purposes, as well, including other investigations and one trip to the CIA for a 2007 update to the FOIA Vaughn Index. [Here's the 2007 Vaughn Index and here's the Vaughn Index that accompanied Barron's declaration last September.]

And, somewhere along the way, at least 10 documents originally identified in 2005 as responsive to the FOIA got lost.

Poof!

Not only did DOJ apparently do nothing about their own leaky SCIF, they took some time to even tell the ACLU about it. What’s a few sensitive torture documents escaping from their SCIFs after all?

But now, when it’s the CIA being compromised rather than the CIA doing the compromising, things quickly escalate to potentially criminal investigations.

DOJ seems to have a remarkably inconsistent standard response when torture documents disappear from SCIFs. I wonder why that is?

If CIA Pwned SSCI’s Segregated Shared Drive, the Torture Report Should Be FOIA-able

By:  Thursday March 6, 2014 6:10 pm

As reader Tom has helpfully reminded me, both Mark Udall’s follow-up questions for Stephen Preston and the CIA’s declaration in ACLU’s FOIA to liberate the Torture Report describe the arrangements CIA required of the Senate Intelligence Committee staffers as they were working on the Torture Report.

Udall described how the CIA insisted on an “unnecessary multi-layered” process that added significantly to the time and cost of the report.

The CIA declined to provide the Senate Select Committee on Intelligence with access to CIA records at the Committee’s secure office space in the Hart Senate Office Building. Instead, the CIA insisted that the Committee review documents at a government building in Virginia. Once the CIA produced relevant documents related to the CIA detention and interrogation program, the CIA then insisted that CIA personnel—and private contractors employed by the CIA—review each document multiple times to ensure unrelated documents were not provided to a small number of fully cleared Committee staff. What role did you play in the decision to employ these unnecessary multi-layered review steps that delayed CIA document production to the Committee at significant governmental expense?

And the CIA declaration emphasizes how SSCI retained complete control over the materials in the Sensitive Compartmented Information Facility in which its staffers had been required to work.

One key principle necessary to this inter-branch accommodation, and a condition upon which SSCI insisted, was that the materials created by SSCI personnel on this segregated shared drive would not become “agency records” even though this work product was being created and stored on a CIA computer system. Specifically, in a 2 June 2009 letter from the SSCI Chairman and Vice Chairman to the CIA Director, the Committee expressly stated that the SSCI’s work product, including “draft and final recommendations, reports or other materials generated by Committee staff or Members, are the property of the Committee” and “remain congressional records in their entirety.” The SSCI further provided that the “disposition and control over these records, even after the completion of the Committee’s review, lies exclusively with the Committee.”

[snip]

Based on this inter-branch accommodation, SSCI personnel used the segregated shared drive to draft the document that is the subject of this litigation. As sections of the report reached a certain stage, the SSCI worked with the CIA information technology and security personnel to transfer these drafts from the segregated shared drive to the SSCI’s secure facilities at the U.S. Capitol complex so that the Committee could complete the drafting process in its workspaces.

Here’s the thing. The purported control SSCI had over the materials in this SCIF is central to CIA’s claim that the Torture Report is not an Agency document and therefore is immune from FOIA.

If SSCI did not have complete control over this material — if CIA could spy on SSCI at will (if, as seems to be the case when viewed in retrospect) — then it guts their argument that the Torture Report is a Congressional document.

If CIA pwned SSCI in that SCIF, then it should make this material (at least the draft reports, before they got moved over to SSCI’s own SCIF) FOIA-able.

So either CIA should be prosecuted for hacking SSCI. Or it should hand over the last draft of the report that resided on servers it felt free to hack into.

Do Senators Collins, King, and Warner Like Being Spied On?

By:  Thursday March 6, 2014 3:00 pm

Over the last few days, I’ve tracked the accusations and counter-accusations between CIA and the Senate Intelligence Committee.

A number of people have asked why, as a way to end this issue, the Committee doesn’t just declassify the entire SSCI Report.

But it’s not so simple as that.

It’s not clear there are the votes to release the Report.

Recall that when the Committee approved the Report back in 2012, the vote was largely split on party lines, with the exception of John McCain, who voted as an Ex Officio member (as Ranking Member of Senate Armed Services Committee) to release the Report. McCain is no longer SASC Ranking member: Jim Inhofe is, and I’m betting he’s not going to vote to release the Report.

There are few other changes in the Committee proper since the report was originally finalized. Martin Heinrich and Angus King have replaced Bill Nelson and Kent Conrad, and Susan Collins and Tom Coburn have replaced Olympia Snowe and Roy Blunt.

And while Heinrich has quickly become one of the better overseers on the Committee, including on torture, it’s not actually clear whether King would vote to release the report. Collins, too, has been reported to be undecided (and her vote would be critical to making this a “bipartisan vote,” now that McCain doesn’t have a vote). There are even hints that Mark Warner wouldn’t vote to support its declassification (though he supported its finalization).

And importantly, King and Collins have been reported to be undecided after the time when, in January, the Committee at least began to suspect they’d been surveilled.

There are, obviously, two different issues (though Saxby Chambliss, at least, sides with CIA on both counts). But there’s been little outcry from the swing votes on releasing the underlying report itself.

Update: h/t to JK for the link to the Collins/King report I was not finding.

Operation Stall

By:  Wednesday March 5, 2014 7:49 pm

McClatchy has now posted an update to the tale of the CIA-SSCI spat.

It appears the following happened: Sometime around August, SSCI staffers working on a database at CIA discovered the internal CIA report, started under Leon Panetta, that corroborated the SSCI report. It also contradicted CIA’s official response to the SSCI Report.

Several months after the CIA submitted its official response to the committee report, aides discovered in the database of top-secret documents at CIA headquarters a draft of an internal review ordered by former CIA Director Leon Panetta of the materials released to the panel, said the knowledgeable person.

So having discovered even the CIA disagreed with the CIA’s response, the SSCI staffers took a copy with them.

They determined that it showed that the CIA leadership disputed report findings which they knew were corroborated by the so-called Panetta review, said the knowledgeable person.

The aides printed the material, walked out of CIA headquarters with it and took it to Capitol Hill, said the knowledgeable person.

Mark Udall raised the report in a December hearing. In January, CIA accused SSCI of absconding with the document.

After the CIA confronted the panel in January about the removal of the material last fall, panel staff concluded that the agency had monitored computers that they’d been given to use in a high-security research room at the CIA campus in Langley, Va., a McClatchy investigation found.

In response, the CIA asked DOJ to start an investigation.

Then there’s this weird question about the document. I’m not sure whether the issue is how the document first got included in the database at CIA, or whether it’s how it migrated to SSCI.

White House officials have held at least one closed-door meeting with committee members about the monitoring and the removal of the documents, said the first knowledgeable person.

The White House officials were trying to determine how the materials that were taken from CIA headquarters found their way into a data base into which millions of pages of top-secret reports, emails and other documents were made available to panel staff after being vetted by CIA officials and contractors, said the knowledgeable person.

My favorite part of this passage, though, is that contractors are helping choose with documents CIA’s overseers are allowed to see.

Because contractors should surely have more visibility into what the CIA does than CIA’s overseers, right?

All of which is to say the SSCI busted the CIA for lying in their official response to the Committee. And as a result, CIA decided to start accusing the Committee of breaking the law. And now everyone is being called into the Principal’s office for spankings.

This reminds me of what happened when Gitmo defense lawyers tried to independently identify the identities of their clients torturers. The lawyers got too close to the torturers, which set off a process that ultimately led to John Kiriakou, as the sacrificial lamb, going to jail.

But it seems that this is part of a larger CIA effort to stall. As McClatchy notes, CIA took 3 extra months to provide their initial response to SSCI. Then this erupted 2 months later. It has now been almost 3 months since Udall first revealed the existence of the Panetta report. Which brings us just 8 months away from an election in which the Democrats stand a good chance of losing the Senate, and with it, the majority on the Committee that might vote to declassify the report in defiance of CIA’s wishes. Which may be why Saxby Chambliss is fanning the CiA’s flames for them.

“I have no comment. You should talk to those folks that are giving away classified information and get their opinion,” Intelligence Committee Vice Chairman Saxby Chambliss (R-Ga.) said when asked about the alleged intrusions.

Stall, stall, stall. It’s what CIA did with the OPR report, it’s what they did with the torture tape investigation, and now this.

CIA may well suck at doing their job — getting intelligence that is useful to the country. But they sure are experts at outlasting any oversight onto their real activities.

Verizon VP: Company-Based Transparency Reports Don’t Help Consumers

By:  Wednesday March 5, 2014 1:02 pm

There was a fascinating panel of Telecom execs and bloggers discussing human rights at RightsCon yesterday. Among others, Verizon Executive Vice President and General Counsel Randal Milch spoke.

As I noted in passing, Verizon published an update to their Transparency Report the other day. Particularly as compared to AT&T’s bogus report, the Verizon report was laudable for its explanation of what it couldn’t show, such as when it acknowledged that its report did not include the hundreds of millions of customers whose records got turned over under Section 215.

We note that while we now are able to provide more information about national security orders that directly relate to our customers, reporting on other matters, such as any orders we may have received related to the bulk collection of non-content information, remains prohibited.

It also acknowledged something obvious but that which should be explicit: when the government obtains content from Verizon, it sometimes gets metadata as well.

Some FISA orders that seek content also seek non-content; we counted those as FISA orders for content and to avoid double counting have not also counted them as FISA orders for non-content.

All this is useful information that lends the report itself credibility.

So when I first approached Milch, I thanked him for the quality of his report.

Which is why I was so surprised when he said the government should be in the business of transparency reports, not the providers. I challenged that, noting that an easy comparison of AT&T and Verizon’s reports strongly suggests that Verizon demands more legal process for requests than AT&T. He dismissed that, suggesting any differences arise from the different kind of client base the providers have.

Granted, Milch was talking about your average consumer, not … me.

But it seemed bizarre. Or perhaps it was a testament that Milch and Verizon generally don’t want to have to compete in this front.

Milch answered one other question of mine: I asked whether the Verizon/Vodaphone split affected Verizon’s obligations to the UK (that is, to GCHQ). He claims it didn’t affect it at all, that it was more an investment stake and that none of Verizon’s cell call records were in the UK. (No, I didn’t point out that the records are right where GCHQ wants them, in places accessible under Tempora).

So at least according to Milch’s claims, my theory laid out here is wrong.

CIA Hacks Its Overseers

By:  Wednesday March 5, 2014 9:06 am

In January, Ron Wyden and Mark Udall suggested that CIA was hacking into US computers.

Wyden asked (43;04) John Brennan whether the federal Computer Fraud and Abuse Act applied to the CIA.

Wyden: Does the federal Computer Fraud and Abuse Act apply to the CIA?

Brennan: I would have to look into what that act actually calls for and its applicability to CIA’s authorities. I’ll be happy to get back to you, Senator, on that.

Wyden: How long would that take?

Brennan: I’ll be happy to get back to you as soon as possible but certainly no longer than–

Wyden: A week?

Brennan: I think that I could get that back to you, yes.

Minutes later, Mark Udall raised EO 12333′s limits on CIA’s spying domestically (48:30).

Udall: I want to be able to reassure the American people that the CIA and the Director understand the limits of its authorities. We are all aware of Executive Order 12333. That order prohibits the CIA from engaging in domestic spying and searches of US citizens within our borders. Can you assure the Committee that the CIA does not conduct such domestic spying and searches?

Brennan: I can assure the Committee that the CIA follows the letter and spirit of the law in terms of what CIA’s authorities are, in terms of its responsibilities to collect intelligence that will keep this country safe. Yes Senator, I do.

It appears the target of this hacking was the Senate Intelligence Committee itself.

The CIA Inspector General’s Office has asked the Justice Department to investigate allegations of malfeasance at the spy agency in connection with a yet-to-be released Senate Intelligence Committee report into the CIA’s secret detention and interrogation program, McClatchy has learned.

The criminal referral may be related to what several knowledgeable people said was CIA monitoring of computers used by Senate aides to prepare the study. The monitoring may have violated an agreement between the committee and the agency.

[snip]

The committee determined earlier this year that the CIA monitored computers – in possible violation of an agreement against doing so – that the agency had provided to intelligence committee staff in a secure room at CIA headquarters that the agency insisted they use to review millions of pages of top-secret reports, cables and other documents, according to people with knowledge.

Sen. Ron Wyden, D-Oregon, a panel member, apparently was referring to the monitoring when he asked CIA Director John Brennan at a Jan. 9 hearing if provisions of the Federal Computer Fraud and Abuse Act “apply to the CIA? Seems to me that’s a yes or no answer.”

NYT adds that CIA started spying on SSCI after learning it had accessed documents they didn’t want them to.

The action, which Mr. Udall did not describe, took place after C.I.A. officials came to suspect that congressional staff members had gained unauthorized access to agency documents during the course of the Intelligence Committee’s years-long investigation into the detention and interrogation program.

This is effectively the same treatment the CIA extends to Gitmo lawyers and defendants, where it spies to see what they’re saying about its torture methods.

But I bet it will be treated with more seriousness.

Mark Udall: CIA Took “Unprecedented Action” Against SSCI on Its Own Torture Report

By:  Tuesday March 4, 2014 4:15 pm

Mark Udall just wrote Obama a sometimes cryptic letter asking him to commit to declassifying the Senate Intelligence Report torture report. In it, he:

  • Asserts a significant amount of what has been declassified about the torture program is “misleading and inaccurate”
  • Asks for more information about what led to the development of the CIA report
  • Asks why the findings of the CIA report were not included in CIA’s (John Brennan’s) response to the torture report
  • Suggests CIA is withholding the final version of the internal CIA report that corroborates many of SSCI’s report (it has provided a draft)
  • Says he will hold Caroline Krass’ nomination to be CIA General Counsel

But I’m particularly interested in this oblique comment:

As you are aware, the CIA has recently taken unprecedented action against the Committee in relation to the internal CIA review, and I find those actions to be incredibly troubling for the Committee’s oversight responsibilities and for our democracy. It is essential that the Committee be able to do its oversight work — consistent with our constitutional principle of the separation of powers — without the CIA posing impediments or obstacles as it is today.

“Unprecedented” is a pretty strong word.

Senator Udall’s office was unable to offer more clarity about this unprecedented action.

Updated: Changed the title because it implied Udall was saying this unprecedented action was about covering up torture, which is more than he said.

WTF Sprint Suit?

By:  Tuesday March 4, 2014 2:07 pm

As a number of outlets have reported, the government is suing Sprint for $63 million under the False Claims Act, claiming the telecom overbilled federal law enforcement agencies by charging for its CALEA modification costs in its wiretap charges.

On May 12, 2006, the Federal Communications Commission (FCC) resolved a dispute between law enforcement agencies and telecommunications carriers, and ruled that carriers were prohibited from using their intercept charges to recover the costs of modifying equipment, facilities or services that were incurred to comply with CALEA.

[snip]

Despite the FCC’s clear and unambiguous ruling, Sprint knowingly included in its intercept charges the costs of financing modifications to equipment, facilities, and services installed to comply with CALEA. Because Sprint’s invoices for intercept charges did not identify the particular expenses for which it sought reimbursement, federal law enforcement agencies were unable to detect that Sprint was requesting reimbursement of these unallowable costs.

By including the unallowable costs of financing CALEA modifications in their intercept charges, Sprint inflated its charges by approximately 58%. As a result of Sprint’s false claims, the United States paid over $21 million in unallowable costs from January 1, 2007 to July 31, 2010.

Now, maybe this is just what it appears. Maybe this really is just about Sprint charging for CALEA changes they weren’t permitted to. The LEAs lay out

But I can’t help but wonder whether something else is going on.

Consider, for example, that the CALEA settlement was signed on May 12, 2006, just 12 days before the phone dragnet started. As I’ve noted, the first two phone dragnet orders compensated providers for charges incurred (which is not provided for in the Section 215 statute). And the period during which Sprint allegedly overcharged the government — 2007 to 2010 — is solidly in the middle of the dragnet.

In any case, in the middle of the biggest debate on surveillance in some time, DOJ is calling more attention to it. And DOJ wants a jury trial for this.

Is Twitter EFF’s Second NSL Client?

By:  Monday March 3, 2014 12:13 pm

In the past, I’ve tracked the efforts of a telecom — which WSJ convincingly argued was Credo — to challenge a 2011 National Security Letter. It has the support of EFF on that challenge. I also noted language in Credo’s Transparency Report (which was issued after DOJ permitted providers to give broad bands for NSLs, but before DOJ permitted them to give broad bands for other national security demands) saying it was prohibited from giving more information about NSLs and Section 215 orders.

It is important to note that it may not be possible for CREDO or any telecom carrier to release to the public a full transparency report, as the USA PATRIOT Act and other statutes give law enforcement the ability to prevent companies from disclosing whether or not they have received certain orders, such as National Security Letters (NSLs) and Section 215 orders seeking customer information. [my emphasis]

Today, EFF noted that it has filed what should be its response to the government’s appeal in that case.

Only, it makes it it representing not just the known telecom client, but also an Internet client.

The Electronic Frontier Foundation (EFF) filed two briefs on Friday challenging secret government demands for information known as National Security Letters (NSLs) with the Ninth Circuit Court of Appeals.  The briefs—one filed on behalf of a telecom company and another for an Internet company—remain under seal because the government continues to insist that even identifying the companies involved might endanger national security.

While the facts surrounding the specific companies and the NSLs they are challenging cannot be disclosed, their legal positions are already public: the NSL statute is a violation of the First Amendment as well as the constitutional separation of powers.

Now, one obvious potential Internet client would be Google. It is known to have fought NSLs in Judge Susan Illston’s court and lost.

But I wonder whether it isn’t Twitter.

I say that, first of all, because of the cryptic language in Twitter’s own Updated Transparency Report, which was released after the DOJ settlement which should have permitted it to report NSLs. But instead of doing so, it pointed out that it can’t report its national security orders, if any, with enough particularity. It called out NSLs specifically. And it used a language of prohibition.

Last week, the U.S. Department of Justice and various communications providers reached an agreement allowing disclosure of national security requests in very large ranges. While this agreement is a step in the right direction, these ranges do not provide meaningful or sufficient transparency for the public, especially for entities that do not receive a significant number of – or any – national security requests.

As previously noted, we think it is essential for companies to be able to disclose numbers of national security requests of all kinds – including national security letters and different types of FISA court orders – separately from reporting on all other requests. For the disclosure of national security requests to be meaningful to our users, it must be within a range that provides sufficient precision to be meaningful. Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency. In addition, we also want the freedom to disclose that we do not receive certain types of requests, if, in fact, we have not received any.

Unfortunately, we are currently prohibited from providing this level of transparency. We think the government’s restriction on our speech not only unfairly impacts our users’ privacy, but also violates our First Amendment right to free expression and open discussion of government affairs. We believe there are far less restrictive ways to permit discussion in this area while also respecting national security concerns. Therefore, we have pressed the U.S. Department of Justice to allow greater transparency, and proposed future disclosures concerning national security requests that would be more meaningful to Twitter’s users. We are also considering legal options we may have to seek to defend our First Amendment rights. [my emphasis]

It was a defiant Transparency Report, and it discussed prohibitions in a way that no one else — except Credo — had done.

Moreover, it would make sense that EFF would be permitted to represent Twitter in such a matter, because it already had a role in Twitter’s challenge of the Administrative subpoena for various WikiLeaks’ associates Twitter data.

Finally, EFF notes that this Internet client is fighting just 2 NSLs; Google is fighting 19.

The very same day that the district court issued that order striking down the statute, a second EFF client filed a similar petition asking the same court to declare the NSL statute to be unconstitutional and to set aside the two NSLs that it received.

Notwithstanding the fact that it had already struck down the NSL statute on constitutional grounds in EFF’s first NSL case, but indicating that it would be up to the Ninth Circuit to evaluate whether that evaluation was correct, the district court denied EFF’s client’s petitionand ordered them to comply with the remaing NSL in the interim.

If Twitter is the client, it would present real First Amendment issues. It would suggest that, after Twitter took the rare step of not just challenging but giving notice in an Administrative subpoena, DOJ decided to use NSLs, which are basically Administrative subpoenas with additional gags, in response.

Update: in potentially related news, Verizon just updated its Transparency Report, claiming it can’t provide details on some bulk orders.

We note that while we now are able to provide more information about national security orders that directly relate to our customers, reporting on other matters, such as any orders we may have received related to the bulk collection of non-content information, remains prohibited.