Drug War

FBI Will Now Videotape In Custody Interrogations

[Significant Update Below]

My hometown paper, the Arizona Republic, broke some critically important news a few minutes ago. The story by Dennis Wagner, a superb reporter at the Republic for a very long time, tells of a monumental shift in the policy of DOJ agencies in relation to interrogations and confessions of those in custody.

There was no news release or press conference to announce the radical shift. But a DOJ memorandum —obtained by The Arizona Republic — spells out the changes to begin July 11.

“This policy establishes a presumption that the Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA) the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) and the United States Marshals Service (USMS) will electronically record statements made by individuals in their custody,” says the memo to all federal prosecutors and criminal chiefs from James M. Cole, deputy attorney general.

“This policy also encourages agents and prosecutors to consider electronic recording in investigative or other circumstances where the presumption does not apply,” such as in the questioning of witnesses.

This has been a long time coming and is notable in that it covers not just the FBI, but DEA, ATF and US Marshals. Calling it a monumental shift may be, in fact, a bit of an understatement. In the course of a series of false confession cases in the 90′s, attempts to get this instated as policy in the District of Arizona were fought by the DOJ tooth and nail. As other local agencies saw the usefulness of audio and/or video taping, DOJ authorities fought the notion like wounded and cornered dogs. That was not just their position in the 90′s, it has always been thus:

Since the FBI began under President Theodore Roosevelt in 1908, agents have not only shunned the use of tape recorders, they’ve been prohibited by policy from making audio and video records of statements by criminal suspects without special approval.

Now, after more than a century, the U.S. Department of Justice has quietly reversed that directive by issuing orders May 12 that video recording is presumptively required for interrogations of suspects in custody, with some exceptions.

What has historically occurred is an agent (usually in pairs) did interviews and then recounted what occurred in what is called a “302″ report based on their memories, recollections and handwritten notes (which were then usually destroyed). This created the opportunity not just for inaccuracy, but outright fabrication by overly aggressive agents. Many defendants have been wrongfully convicted, and some who were guilty got off because competent defense attorneys made fools of agents, and their bogus process, in court.

In short, presumptive taping is smart for both sides, and absolutely in the interests of justice. It still remains inexplicable why the DOJ maintained this intransigence so long when every competent police procedures expert in the world has been saying for decades that taping should be the presumption.

Now it should be noted that the policy will only apply to “in custody” interrogations and not ones where there has been no formal arrest which is, of course, a gaping hole considering how DOJ agents blithely work suspects over under the ruse they are not yet in custody. There will also clearly be an exigent circumstances/public safety exception which are also more and more frequently abused by DOJ (See: here, here and here for example).

So, we will have to wait to see the formal written guidance, and how it is stated in the relevant operation manuals for agents and US Attorneys, to get a full bead on the scope of change. And, obviously, see how the written policies are implemented, and what exceptions are claimed, in the field.

But the shift in interrogation policy today is monumental and is a VERY good and positive step. Today is a day Eric Holder should be proud of, and it was far too long in arriving.

UPDATE: When I first posted this I did not see the actual memo attached to Dennis Wagner’s story in the Arizona Republic; since that time I have been sent the actual memo by another source, and it is also available as a link in the Republic story that broke this news. Here are a couple of critical points out of the actual memo dated May 12, 2014:

The policy establishes a presumption in favor o f electronically recording custodial interviews, with certain exceptions, and encourages agents and prosecutors to consider taping outside of custodial interrogations. The policy will go into effect on Friday, July 11, 2014.

By my information, the gap in implementation is because DOJ wanted to do some top down discussion and orientation on the new policy, which makes some sense given the quantum nature of this shift. My understanding is that this is already ongoing, so DOJ seems to be serious about implementation.

But, more important is the news about non-custodial situations. That was a huge question left unanswered initially, as I indicated in the original part of this post. That agents and attendant prosecutors will be encouraged to record these instances as well is, well, encouraging!

The exceptions, which are outlined is Section II of the memo are pretty much exactly as I indicated should be expected above.

Notable in the Presumptions contained in Section I of the memo is that the rule applies to ALL federal crimes. No exceptions, even for terrorism. Also, the recording may be either overt or covert, which is not different from that which I have seen in many other agencies that have long recorded interrogations. Section III specifically excludes extraterritorial situations from the rule. Frankly, I am not sure why that is necessary, the ability to record is pretty ubiquitous these days, extraterritorial should be no problem for presumptive recording.

Those are the highlights of the memo. It is short and worth a read on your own.

NSA Collects All Phone Calls from One of World’s Most Secretive Tax Havens, But Doesn’t Track That

In its report on how the NSA collects every cell phone conversation that takes place in the Bahamas, The Intercept focuses on the use of such intercepts for drug investigations (indeed, one of the other countries targeted in the MYSTIC program is Mexico, which clearly has a DEA angle).

But one memo indicates that SOMALGET data is covertly acquired under the auspices of “lawful intercepts” made through Drug Enforcement Administration “accesses”– legal wiretaps of foreign phone networks that the DEA requests as part of international law enforcement cooperation.

When U.S. drug agents need to tap a phone of a suspected drug kingpin in another country, they call up their counterparts and ask them set up an intercept. To facilitate those taps, many nations – including the Bahamas – have hired contractors who install and maintain so-called lawful intercept equipment on their telecommunications.

Perhaps the most telling part of the article, however, is that NSA/DEA don’t appear to be using this facility to track money launderers.

If the U.S. government wanted to make a case for surveillance in the Bahamas, it could point to the country’s status as a leading haven for tax cheats, corporate shell games, and a wide array of black-market traffickers. The State Department considers the Bahamas both a “major drug-transit country” and a “major money laundering country” (a designation it shares with more than 60 other nations, including the U.S.). According to the International Monetary Fund, as of 2011 the Bahamas was home to 271 banks and trust companies with active licenses. At the time, the Bahamian banks held $595 billion in U.S. assets.

They’re tracking pot, but not bothering to track the dollars that drive the pot.

So aside from the hubris of stealing off of the cell phone calls from Bahama, this is also a testament to the US’ misplaced priorities, its inability to understand how its coddling of tax havens serve to drive the drug trade.

DOJ Inspector General Investigating DEA’s Use of Parallel Construction under Hemisphere

Screen Shot 2014-04-18 at 11.02.49 AMAs I noted in my last post, DOJ’s Inspector General recently created a page showing their ongoing investigations. It shows some things not described in Inspector General Michael Horowitz’ last report to Congress.

Of particular interest is this investigation.

Administrative Subpoenas

The OIG is examining the DEA’s use of administrative subpoenas to obtain broad collections of data or information. The review will address the legal authority for the acquisition or use of these data collections; the existence and effectiveness of any policies and procedural safeguards established with respect to the collection, use, and retention of the data; the creation, dissemination, and usefulness of any products generated from the data; and the use of “parallel construction” or other techniques to protect the confidentiality of these programs.

The description doesn’t say it, but this is Hemisphere, the program under which DEA submits administrative subpoenas to AT&T for phone records from any carrier that uses AT&T’s backbone. DEA gets information matching burner phones as well as the call records. In addition, it gets some geolocation — and continued to increase what it was getting even after US v Jones raised concerns about such tracking.

The presentation on Hemisphere makes it very clear the government uses “parallel construction” to hide Hemisphere.

Protecting the Program: When a complete set of CDRs are subpoenaed from the carrier, then all memorialized references to relevant and pertinent calls can be attributed to the carrier’s records, thus “walling off” the information obtained from Hemisphere. In other words, Hemisphere can easily be protected if it is used as a pointed system to uncover relevant numbers.

Exigent Circumstances — Protecting the Program: In special cases, we realize that it might not be possible to obtain subpoenaed phone records that will “wall off” Hemisphere. In these special circumstances, the Hemisphere analyst should be contacted immediately. The analyst will work with the investigator and request a separate subpoena to AT&T.

Official Reporting — Protecting the Program: All requestors are instructed to never refer to Hemisphere in any official document. If there is no alternative to referencing a Hemisphere request, then the results should be referenced as information obtained from an AT&T subpoena.

And this is not the only area where DEA Is using parallel construction to hide where it gets its investigative leads. Reuters reported in August that DEA also uses parallel construction to hide the leads it gets from purportedly national security-related wiretapping.

A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin – not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to “recreate” the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant’s Constitutional right to a fair trial. If defendants don’t know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence – information that could reveal entrapment, mistakes or biased witnesses.


The two senior DEA officials, who spoke on behalf of the agency but only on condition of anonymity, said the process is kept secret to protect sources and investigative methods. “Parallel construction is a law enforcement technique we use every day,” one official said. “It’s decades old, a bedrock concept.”

A dozen current or former federal agents interviewed by Reuters confirmed they had used parallel construction during their careers. Most defended the practice; some said they understood why those outside law enforcement might be concerned.

Presuming that Horowitz is investigating whether DEA’s extensive use of parallel construction complies with the Constitution (and not, as is possible, whether the sources of this information are being adequately buried), this is welcome news indeed.

But it’s also one of several reasons why I’m particularly alarmed, in retrospect, that Horowitz is complaining about his ability to get grand jury information without having to get either Attorney General Holder or Deputy Attorney General James Cole to personally approve it.

After all, the only way you can learn what truly happens in prosecutions that have used parallel construction to hide their sources is to work backward from the actual prosecution. Continue reading

El Chapo

Screen Shot 2014-02-22 at 5.21.44 PMToday, they announced the capture of Chapo Guzmán.

According to Mexico’s el Universal, Sinaloa Cartel boss Chapo Guzmán was captured by authorities at 6:40 AM (it’s unclear whether this is Mexico City or Mazatlán time, which are an hour and two behind ET, respectively; and the local Sinaloa press says the operation started at 3:30 AM).

The AP broke the story at 10:52 AM, sourcing to a US official. At around 11:00 (presumably, Mexico City time), Mexico’s Attorney General Jesús Murillo Karam announced the capture — he attributed the delay to taking time to confirm Guzmán’s identity.

And around that same time, President Enrique Peña Nieto tweeted out congratulations to Mexico’s security services for the capture.

As of right now, I’ve seen no comment from the White House on the capture, even though the DEA were said to be heavily involved.

There have been two pictures circulating relating to the arrest: a KSM-style picture of Guzmán at least partially undressed, and pictures taken in full daylight of him being transferred, fully dressed, to a helicopter by masked men wearing Mexican Navy uniforms.

I lay out these details because I have been wondering for some time why, alone among the world leaders spied on by the NSA, Peña Nieto never complained all that loudly. When Speigel first reported the spying, it suggested the US was trying to determine how seriously Peña Nieto — then still a candidate — meant his campaign promises to change the war on drugs. But according to Dana Priest, subsequent to the start of that spying, upon being presented with the range of our spying in Mexico, the President ended much of that “cooperation.”

The new administration has shifted priorities away from the U.S.-backed strategy of arresting kingpins, which sparked an unprecedented level of violence among the cartels, and toward an emphasis on prevention and keeping Mexico’s streets safe and calm, Mexican authorities said.

Some U.S. officials fear the coming of an unofficial truce with cartel leaders. The Mexicans see it otherwise. “The objective of fighting organized crime is not in conflict with achieving peace,” said Eduardo Medina Mora, Mexico’s ambassador to the United States.


U.S. officials got their first inkling that the relationship might change just two weeks after Peña Nieto assumed office Dec. 1. At the U.S. ambassador’s request, the new president sent his top five security officials to an unusual meeting at the U.S. Embassy here. In a crowded conference room, the new attorney general and interior minister sat in silence, not knowing what to expect, next to the new leaders of the army, navy and Mexican intelligence agency.

In front of them at the Dec. 15 meeting were representatives from the U.S. Drug Enforcement Administration (DEA), the CIA, the FBI, the Office of the Director of National Intelligence and other U.S. agencies tasked with helping Mexico destroy the drug cartels that had besieged the country for the past decade.

The Mexicans remained stone-faced as they learned for the first time just how entwined the two countries had become during the battle against narco-traffickers, and how, in the process, the United States had been given near-complete entree to Mexico’s territory and the secrets of its citizens, according to several U.S. officials familiar with the meeting

Four months after that meeting, Peña Nieto involved his government in the information sharing process between the US and Mexico, and he reportedly kicked out Americans working in Mexican fusion centers.

Medina Mora, the Mexican ambassador, said in an interview that his nation considers U.S. help in the drug war “a centerpiece” of Mexico’s counternarcotics strategy. But the Mexican delegation in Washington also informed U.S. authorities that Americans will no longer be allowed to work inside any fusion center, including the one in Monterrey. The DEA agents and retired military contractors there will have to go.

Mind you, it’s clear that this change in strategy didn’t really come about — or if it has, the US has accelerated its own work without the Mexicans — as can be seen by the string of Guzmán associates who’ve been rolled up in recent weeks.

There were further hints of Mexico’s close cooperation when James Clapper, at a recent hearing, refused to elaborate in public session on an answer suggesting that Mexico was cooperating as closely as ever. And this response — in a background briefing in advance of President Obama’s trip to Toluca last week — makes it clear the Americans believe cooperation is still ongoing.

Q I was wondering, since we’re on the topic of messages, and you’ve already outlined the main topics of the summit, what sort of message is the President going to give the Mexican President Peña Nieto with the ongoing violence in Michoacán and whether or not they’re going to talk about new initiatives or somehow renewing the — or expanding the Merida initiative to combat drug traffickers down there. So in other words, what sort of deliverables can we expect from this summit? Thank you.

SENIOR ADMINISTRATION OFFICIAL: Thanks for that question. First of all, we have a very good and effective security relationship with Mexico and we have a for a number of years now, including with this administration. Certainly our shared security interests are going to be a part of the conversation. As President Obama made very clear in his initial meeting with President Peña Nieto, we stand by to help in any way we can and to cooperate as determined by the government of Mexico as it develops its security posture and deals with security concerns and judicial reform in Mexico.

You mentioned the Merida programs; those are continuing. And there’s a process in place between our two governments to develop priorities for cooperation. There’s a greater emphasis on the judicial cooperation now and finding ways to work together in that field. With respect to Michoacán, certainly we’re following closely what is happening there and stand by the government of Mexico as it confronts challenges there and elsewhere. [my emphasis]

And now Chapo is in custody, reportedly as a result of several weeks of cooperation between the DEA and Mexico’s Navy.

We shall see whether this time he stays in custody, and if so, in which country.

Keith Alexander Refutes Claims NSA Doesn’t Get Cell Data

Eight days ago, the country’s four major newspapers reported a claim that the NSA collected 33% or less of US phone records (under the Section 215 program, they should have specified, but did not) because it couldn’t collect most cell phone metadata:

  • “[I]t doesn’t cover records for most cellphones,” (WSJ)
  • “[T]he agency has struggled to prepare its database to handle vast amounts of cellphone data,” (WaPo)
  • “[I]t has struggled to take in cellphone data,” (NYT)
  • “[T]he NSA is gathering toll records from most domestic land line calls, but is incapable of collecting those from most cellphone or Internet calls.” (LAT)

Since that time, I have pointed to a number of pieces of evidence that suggest these claims are only narrowly true:

  • A WSJ article from June made it clear the cell gap, such as it existed, existed primarily for Verizon and T-Mobile, but their calls were collected via other means (the WaPo and NYT both noted this in their stories without considering how WSJ’s earlier claim it was still near-comprehensive contradicted the 33% claim)
  • The NSA’s claimed Section 215 dragnet successes — Basaaly Moalin, Najibullah Zazi, Tsarnaev brothers — all involved cell users
  • Identifying Moalin via the dragnet likely would have been impossible if NSA didn’t have access to T-Mobile cell data
  • The phone dragnet orders specifically included cell phone identifiers starting in 2008
  • Also since 2008, phone dragnet orders seem to explicitly allow contact-chaining on cell identifiers, and several of the tools they use with phone dragnet data specifically pertain to cell phones

Now you don’t have to take my word for it. Here’s what Keith Alexander had to say about the claim Friday:

Responding to a question about recent reports that the NSA collects data on only 20% to 30% of calls involving U.S. numbers, Alexander acknowledged that the agency doesn’t have full coverage of those calls. He wouldn’t say what fraction of the calls NSA gets information on, but specifically denied that the agency is completely missing data on calls made with cell phones.

“That part is not true,” he said. “We don’t get it all. We don’t get 100% of the data. It’s not where we want it to be, but it has been sufficient to go after the key targets that we’re going after.” [my emphasis]

Admittedly, Alexander is not always entirely honest, so it’s possible he’s just trying to dissuade terrorists from using cellphones while the NSA isn’t tracking them. But he points to the same evidence I did — that NSA has gotten key targets who use cell phones.

There’s something else Alexander said that might better explain the slew of claims that it can’t collect cell phone data.

The NSA director, who is expected to retire within weeks, indicated that some of the gaps in coverage are due to the fact that the NSA “paused any changes to the program” during the recent controversy and discussions about restructuring the effort.

The NSA has paused changes to the program.

This echoes WaPo and WSJ reports that crises (they cited both the 2009 and current crisis) delayed some work on integrating cell data, but suggests that NSA was already making changes when the Snowden leaks started.

There is evidence the pause — or at least part of it — extends back to before the Snowden leak. As I reported last week, even though the NSA has had authority to conduct a new auto-alert on the phone dragnet since November 2012, they’ve never been able to use it because of technical reasons.

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes.

This description actually came from DOJ, not the FISC, and I suspect the issue is rather that NSA has not solved some technical issues that would allow it to perform the auto-alert within the legal limits laid out by the FISC (we don’t know what those limits are because the Administration is withholding the Primary Order Supplement that would describe it, and redacting the description of the search itself in all subsequent orders).

That said, there are plenty of reasons to believe there are new reasons why NSA is having problems collecting cell phone data because it includes cell location, which is far different than claiming (abundant evidence to the contrary) they haven’t been collecting cell data all this time. In addition to whatever reason NSA decided to stop its cell location pilot in 2011 and the evolving understanding of how the US v. Jones decision might affect NSA’s phone dragnet program, 3 more things have happened since the beginning of the Snowden leaks:

  • On July 19, Claire Eagan specifically excluded the collection of cell site location information under the Section 215 authority
  • On September 1, NYT exposed AT&T’s Hemisphere program; not only might this give AT&T reason to stop collating such data, but if Hemisphere is the underlying source for AT&T’s Section 215 response, then it includes cell location data that is now prohibited
  • On September 2, Verizon announced plans to split from Vodaphone, which might affect how much of its data, including phone metadata, is available to NSA via GCHQ under the Tempora program; that change legally takes effect February 21

Remember, too, there’s a February 2013 FISC Section 215 opinion the Administration is also still withholding, which also might explain some of the “technical-meaning-legal” problems they’re having.

Underlying this all (and assuredly underlying the problems with collecting VOIP calls, which are far easier to understand and has been mentioned in some of this reporting, including the LAT story) is a restriction arising from using an ill-suited law like Section 215 to collect a phone dragnet: telecoms can only be obligated to turn over records they actually “already generate,” as described by NSA’s SID Director Theresa Shea.

[P]ursuant to the FISC’s orders, telecommunications service providers turn over to the NSA business records that the companies already generate and maintain for their own pre-existing business purposes (such as billing and fraud prevention).

To the extent telecoms use SS7 data, which includes cell location, to fulfill their Section 215 obligation (after all, what telecoms need billing records on a daily basis?), it probably does introduce problems.

Which, I suspect, will mean that Alexander and the rest of the dragnet defenders will recommend that a third party collate and store all this data, the worst of all solutions. They need to have a comprehensive source (like Hemisphere apparently plays for the DEA), one that will shield the government from necessarily having collected cell location data that is increasingly legally suspect to obtain. And they’ll celebrate it as a great sop to the civil libertarians, too, when in fact, they’ve probably reached the point where it is clear Section 215 can’t legally authorize what it is they want it to do.

The issue, more and more evidence suggests, is that they can’t collect the dragnet data without a law designed to construct the dragnet. Which is another way of saying the dragnet, as intended to function, is illegal.

Is Hemisphere Creating Problems for the Phone Dragnet?

Screen Shot 2014-02-12 at 4.39.40 PMYou are all probably bored with my repeated posts about why the claim that NSA only collects 30% of US data is probably only narrowly true.

So I won’t discuss how absurd it would be to argue that the terrorist dragnet drawing on the records of at least 3 phone companies was less comprehensive than Hemisphere, the similar AT&T-specific database it makes available to hunt drug crime.

I just want to raise a methodological issue.

In her declaration submitted in support of the suits challenging the Section 215 dragnet, Theresa Shea emphasized something implicit in the Business Records order: the telecoms are only turning over records they already have.

[P]ursuant to the FISC’s orders, telecommunications service providers turn over to the NSA business records that the companies already generate and maintain for their own pre-existing business purposes (such as billing and fraud prevention).

Presumably, AT&T provides precisely this same data to the NSA for its master phone dragnet. That is, to the extent that AT&T compiles this data in particular form, that may well be the form it hands onto NSA.

And that’s interesting for several reasons.

Hemisphere includes not just AT&T call records. It includes records from “CDRs for any telephone carrier that uses an AT&T switch to process a telephone call.” It gets 4 billion call records a day, including international ones and cell ones. As Scott Shane explained,

AT&T operates what are called switches, through which telephone calls travel all around the country. And what AT&T does in this program is it collects all the—what are called the CDRs, the call data records, the so-called metadata from the calls that we’ve heard about in the NSA context. This is the phone number—phone numbers involved in a call, its time, its duration, and in this case it’s also the location. Some are cellphone calls; some are land line calls. Anything that travels through an AT&T switch, even if it’s not made by an AT&T customer—for example, if you’re using your T-Mobile cellphone but your call travels through an AT&T switch somewhere in the country, it will be picked up by this project and dumped into this database.

Which supports the report from last summer that the government can get T-Mobile calls off AT&T’s records. These are the pre-existing records that NSA can come get and they include T-Mobile calls.

There’s another interesting part of that. As I noted the first two phone dragnet orders provided for compensation to the providers, even though the statute doesn’t envision that. That would bring you to November 2006; Hemisphere started in 2007, with funding from ONCDP, the White House Drug Czar. Remember, too, that FBI had the equivalent of Hemisphere onsite until late 2007-2008. That is, one thing Hemisphere does is pay for one provider to store what serves as a good baseline dragnet that can then be handed over to the NSA. That’s significant especially given Geoffrey Stone’s claims that the dragnet is not comprehensive because the cost involved: there should be no cost, but somehow it’s driving decisions.

In any case, as luck would have it, Hemisphere got exposed at the same time as the dragnet.

Hemisphere operates with different legal problems than the NSA phone dragnet. At least with the phone dragnet, after all, AT&T has been compelled to turn over records; with Hemisphere they’re effectively retaining them voluntarily to turn surveillance into a profit center (though they do get compelled on an order-by-order basis). Moreover, AT&T’s far more exposed by the publication on Hemisphere than it is on the NSA dragnet (or perhaps, than even Verizon is under the phone dragnet). The exposure of Hemisphere might make AT&T more hesitant to “voluntarily” retain this data.

Finally, there’as the amicus challenge EFF and ACLU submitted in a criminal case in Northern California notes, Hemisphere includes precisely the data the NSA is struggling with: cell location data.

Hemisphere goes even further than the NSA’s mass call-tracking program, as the CDRs stored in the Hemisphere database contain location information about callers (see Hemisphere Slide Deck at 3, 13), thus implicating the specific concerns raised by five Justices in Jones. See 132 S. Ct. at 955 (Sotomayor, J., concurring) (“wealth of detail about [a person’s] familial, political, professional, religious, and sexual associations” revealed through “trips to the psychiatrist, the plastic surgeon, the abortion clinic,” etc.) (internal quotation marks, citation omitted); id. at 964 (Alito, J., concurring).

The FISC has created all sorts of problems for NSA to store cell location data, most explicitly with Claire Eagan’s order in July specifically prohibiting it.

But here AT&T is, creating the opportunity for the perfect challenge to use Jones to challenge location in a dragnet specifically.

Which is all a way of saying that the tensions with the phone dragnet may not be entirely unrelated from the fact that Hemisphere also got challenged.

Is There a 702 Certificate for Transnational Crime Organizations?

I joked yesterday that James Clapper did no more than cut and paste to accomplish President Obama’s order of providing a list of acceptable bulk collection. But I’d like to note something about the list of permissible uses of bulk collection.

  1. Espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
  2. Threats to the United States and its interests from terrorism;
  3. Threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
  4. Cybersecurity threats;
  5. Threats to U.S. or allied Armed Forces or other U.S. or allied personnel; and
  6. Transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above.

For months, I have been noting hints that the use of Section 702 — which is one of several kinds of domestic bulk collection — is limited by the number of certifications approved by FISC, which might be limited by FISC’s assessment of whether such certifications establish a certain level of “special need.”

In 2011, it seems clear from John Bates’ opinion on the government’s Section 702 applications, there were 3 certifications.

Screen shot 2013-12-19 at 7.10.00 AM

If there are just 3 certifications, then it seems clear they cover counterterrorism, counterproliferation, and cybersecurity (which is consistent with both ODNI’s public descriptions of Section 702 and the Presidential Review Group’s limits on it), 3 of 6 of the permitted uses of bulk collection.

Furthermore, there’s some history (you’ll have to take my word for this for now, but the evidence derives in part from reports on the use of National Security Letters) of lumping in Counterintelligence and Cybersecurity, because the most useful CI application of bulk collection would target technical exploits used for spying. So if that happens with 702 collection, then 4 of the 6 permissible applications would be covered by existing known certifications.

Threats against Armed Forces would, for the most part, be overseas, suggesting the bulk collection on it would be too. (Though it appears Bush’s illegal program used the excuse of force protection to spy on Iraqi-related targets, potentially even in the US, until the hospital confrontation stopped it.)

Which leaves just transnational crime threats — against which President Obama rolled out a parallel sanctions regime to terrorism in 2011 (though there had long been a regime against drug traffickers) — as the sole bulk collection that might apply in the US that doesn’t have certifications we know about.

Given that at least drug cartels have a far more viable — and deathly — operation in the United States than al Qaeda, I can’t think of any reason why the Administration wouldn’t have applied for a certification targeting TCOs, too (one of Treasury’s designated TCO targets — Russian and East European mobs — would have some overlap with the cyber function, and one — Yakuza — just doesn’t seem like a big threat to the US at all).

And last year’s Semiannual Compliance Assessment may support the argument that there are more than 3 certificates. In its description of the review process for 702 compliance, the report lays out review dates by certifications. Here’s the NSA review schedule:

Screen Shot 2014-02-11 at 9.49.59 AM

This seems to show 4 lines of certifications, one each in August and December, but two in October. Perhaps they re-review one of the certifications (counterterrorism, most likely). But if not, it would seem to suggest there’s now a 4th certification.

Here’s the FBI review schedule (which apparently requires a lot more manual review).

Screen Shot 2014-02-11 at 12.30.28 PM

Given that this requires manual review, I wouldn’t be surprised if they repeated the counterterrorism certifications review (and we don’t know whether all the NSA certifications would be used by FBI). But the redactions would at least allow for the possibility that there is a 4th certification, in addition to the 3 we know about.

Perhaps Obama rolled out TCOs as a 4th certification as he rolled out his new Treasury initiative on it (which would be after the applications laid out by Bates).

Of course, we don’t know. But I think two things are safe to say. First, the use of 702 is tied to certifications by topic. And the public statement about permissible use of bulk collection, it would seem to envision the possibility of a 4th certification covering TCOs, and with it, drug cartels.

In Cut and Paste Tumblr Post, James Clapper Describes Who We Can Spy on without Discriminants

As part of his Presidential Policy Directive on Signals Intelligence, Obama said this about bulk collection:

In particular, when the United States collects nonpublicly available signals intelligence in bulk, it shall use that data only for the purposes of detecting and countering: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; (4) cybersecurity threats; (5) threats to U.S. or allied Armed Forces or other U.S or allied personnel; and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section. In no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S . business sectors commercially; or achieving any purpose other than those identified in this section.

The Assistant to the President and National Security Advisor (APNSA), in consultation with the Director of National Intelligence (DNI), shall coordinate, on at least an annual basis, a review of the permissible uses of signals intelligence collected in bulk through the National Security Council Principals and Deputies Committee system identified in PPD-1 or any successor document. At the end of this review, I will be presented with recommended additions to or removals from the list of the permissible uses of signals intelligence collected in bulk.

The DNI shall maintain a list of the permissible uses of signals intelligence collected in bulk. This list shall be updated as necessary and made publicly available to the maximum extent feasible, consistent with the national security.

To fulfill that bolded “shall” language, James Clapper just released this on his IContheRecord Tumblr page:

Presidential Policy Directive/PPD-28 – Signals Intelligence Activities establishes a process for determining the permissible uses of nonpublicly available signals intelligence that the United States collects in bulk. It also directs the Director of National Intelligence to “maintain a list of permissible uses of signals intelligence collected in bulk” and make the list “publicly available to the maximum extent feasible, consistent with the national security.”

Consistent with that directive, I am hereby releasing the current list of permissible uses of nonpublicly available signals intelligence that the United States collects in bulk.

Signals intelligence collected in “bulk” is defined as “the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).” As of Jan. 17, 2014, nonpublicly available signals intelligence collected by the United States in bulk may be used by the United States “only for the purposes of detecting and countering:

  1. Espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
  2. Threats to the United States and its interests from terrorism;
  3. Threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
  4. Cybersecurity threats;
  5. Threats to U.S. or allied Armed Forces or other U.S. or allied personnel; and
  6. Transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above.”

Further, as prescribed in PPD-28, “in no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S. business sectors commercially;” or achieving any purpose other than those identified above.

Effectively, Clapper fulfilled an obligation mandated by the PPD by simply cutting and pasting the list of 6 permissible uses of bulk collection in the PPD.

Given that this list is expected to be assessed annually, does that mean the PPD itself should be considered valid for no more than a year?

Faster and Furiouser Domestic Spying: Why Would the NSA Review Group Talk to the ATF?

Because I’m working on a post on John Bates’ response to the NSA Review Group recommendations, I happened to re-review the list of people the Review Group spoke with today (see page 277; Bates was the only one from the FISA Court they spoke with),

See if you find anything odd with this list of entities the Review Group spoke with from the Executive Branch (here’s a handy list of intelligence agencies to compare it to):

Assistant to the President for Homeland Security & Counterterrorism

Bureau of Alcohol, Tobacco, Firearms and Explosives

Central Intelligence Agency

Defense Intelligence Agency

Department of Commerce

Department of Defense

Department of Homeland Security

Department of Justice

Department of State

Drug Enforcement Agency

Federal Bureau of Investigations

National Archives and Records Administration

National Counterterrorism Center

National Institute for Standards and Technology

National Reconnaissance Office

National Security Advisor

National Security Agency

Office of the Director of National Intelligence

President’s Intelligence Advisory Board

Privacy and Civil Liberties Oversight Board

Program Manager for the Information Sharing Environment (PM-ISE)

Special Assistant to the President for Cyber Security

Treasury Department

Much of the list makes sense. You’ve got the people largely in charge of terrorism (NCTC, Lisa Monaco, FBI, Treasury), you’ve got some of the people in charge of cyber and/or corrupting encryption standards (DHS, Michael Daniel, NIST), you’ve got the people who have to deal with angry foreign leaders (State), you’ve got people in charge of data sharing and storage (PM-ISE and NARA), and you’ve got Commerce (which serves to boost, but also coerce, the tech companies on these issues).

There are some absences. I’m surprised Department of Energy, which plays a key role in counterproliferation, isn’t on here. It’s light on counterintelligence functions, both at DNI and things like AFOSI (which I believe has some nifty cybertools). I’m also a little surprised DOD was represented as a whole, but not some of the branch intelligence organizations. Similarly, DHS was represented as a whole, but not some of its relevant branches (TSA, CBP, and Secret Service).

And then there’s the Drug Enforcement Agency, which is on the list.

And even more alarmingly, the Bureau of Alcohol, Tobacco, Firearms and Explosives.

Don’t get me wrong, neither is all that surprising. We know some of the tools covered by the Review Group — notably National Security Letters — have actually been (mis)used in drug investigations as well as in terrorism ones. Given the logic of the certifications we know exist — not to mention the Administration’s fear-mongering and increasing focus on Transnational Crime Organizations not run by Jamie Dimon — I wouldn’t be surprised if Section 702 were used to fight the war on drugs, if it hasn’t already been. And the drug war certainly is a foreign intelligence priority for EO 12333 collection. Given NSA’s increasing inclusion of drug cartels in the boilerplate comments it releases about Snowden stories, I expect we’ll hear some nifty things about the war on drugs before this is out.

Similarly, one of the first things we learned the government was using Section 215 and/or NSLs to collect was purchase records for beauty supplies, otherwise known as explosives precursors. Since then, Members of Congress have talked about tracking fertilizer purchases. And I’d be shocked if there weren’t at least a half-hearted attempt to track pressure cooker purchases. I guess, from ATF’s inclusion among the Review Group’s interlocutors, we know a little bit about where this data resides: in probably the most fucked up law enforcement agency in government (though maybe that’s Immigration and Customs Enforcement, which thankfully was not considered central enough to talk to the Review Group).

Still, given the increasing number of signals that these authorities have been used to track gun purchases, and ATF’s notorious failures at tracking gun purchases in the past, I wonder whether they’re involved not just to talk about explosives purchases, but also gun records?

The Review Group warned that,

Like other agencies, there are situations in which NSA does and should provide support to the Department of Justice, the Department of Homeland Security, and other law enforcement entities. But it should not assume the lead for programs that are primarily domestic in nature.

For a variety of reasons (both reasonable and unreasonable), it is much harder to claim that tracking gun purchases pertains to counterterrorism or another foreign intelligence purpose than tracking acetone purchases.

Is this one of the domestic security functions the Review Group worried about?

DishFire and the Drug War

I imagine that NSA’s success at spying on Felipe Calderón’s inner circle made it a lot easier for the US to convince him to allow “near-complete entree to Mexico’s territory and the secrets of its citizens” in the name of the war on drugs.

A report classified as “top secret” said: “TAO successfully exploited a key mail server in the Mexican Presidencia domain within the Mexican Presidential network to gain first-ever access to President Felipe Calderon’s public email account.”

I presume continued spying on Enrique Peña Nieto has convinced him to permit that access to largely remain in place, in spite of his campaign promises.

But one of the most interesting aspects of the Spiegel story outlining such spying is the description of how metadata relates to content. In 2012, the NSA conducted analysis of Peña Nieto’s metadata, along with that of 8 of his associates, to figure out who to wiretap.

For two weeks in the early summer of 2012, the NSA unit responsible for monitoring the Mexican government analyzed data that included the cell phone communications of Peña Nieto and “nine of his close associates,” as an internal presentation from June 2012 shows. Analysts used software to connect this data into a network, shown in a graphic that resembles a swarm of bees. The software then filtered out Peña Nieto’s most relevant contacts and entered them into a databank called “DishFire.” From then on, these individuals’ cell phones were singled out for surveillance.

According to the internal documents, this led to the agency intercepting 85,489 text messages, some sent by Peña Nieto himself and some by his associates. This technology “might find a needle in a haystack,” the analysts noted, adding that it could do so “in a repeatable and efficient way.”

That is, at least in this case, NSA used metadata analysis to find the content that might be most interesting. It’s not entirely sure what “needles” the NSA imagined Peña Nieto had in his haystack (always this metaphor!), but Spiegel describes that US prioritizes collection on the drug war over issues — like human rights and economic development — that might combat the underlying conditions that allow drug trafficking to flourish.

In the case of Mexico, the US is interested primarily in the drug trade (priority level 1) and the country’s leadership (level 3). Other areas flagged for surveillance include Mexico’s economic stability, military capabilities, human rights and international trade relations (all ranked at level 3), as well as counterespionage (level 4).

This metadata to content relationship is not surprising in the least. But it implies a faith — and I do mean “faith” — in data analysis that might not be sound.

Not to mention, when transplanted into the United States, a suspect basis for probable cause.

Emptywheel Twitterverse
bmaz @etuckerAP that's nuts.
bmaz @BradMossEsq And thank god he did, else this enlightenment would never had happened. Need a million more Snowdens!!
bmaz @etuckerAP how many days has jury been out now? Seems like forever.
bmaz @BradMossEsq @jasonleopold No evidence is contrary!
JimWhiteGNV @PhilPerspective Not sure, but Foley stupidly extended him recently. @bmaz
JimWhiteGNV @bmaz Wait. I thought you wanted us to hire Charlie Weis. Make up your mind.
emptywheel RT @MikeScarcella: Obama-appointed judge Yvonne Gonzalez Rogers assigned to Twitter transparency suit http://t.co/vFj9PkdEL0 Earlier: http:…
emptywheel @normative Yeah but I think that is NOT true of Bob Litt. & to some degree I think Comey's been sent out as last IC guy w/cred @mattblaze
bmaz FISCR Used an Outdated Version of EO 12333 to Rule Protect America Act Legal https://t.co/RYRymlFhJo
bmaz @JimWhiteGNV cause Gators can't hire Lane Kiffen until Bama season over!
emptywheel @mattblaze Plus, who the hell is advising him he can too have Golden Keys to our front doors? Who's advising him? That non-tech Cyber guy?
emptywheel @mattblaze I would normally say that but if he were getting good staff work they wouldn't have trotted him out w/easily debunked examples.
October 2014
« Sep