EO 12333

1 2 3 6

The Hemisphere Decks: A Comparison and Some Hypotheses

Last week, Dustin Slaughter published a story using a new deck of slides on the Hemisphere program, the Drug Czar program that permits agencies to access additional telecommunications analytical services to identify phones, which then gets laundered through parallel construction to hide both how those phones were found, as well as the existence of the program itself.

It has some significant differences from the deck released by the New York Times last year.  I’ve tried to capture the key differences here:

140915 Hemisphere Comparison

 

The biggest difference is that the NYT deck — which must date to no earlier than June 2013 — draws only from AT&T data, whereas the Declaration deck draws from other providers as well (or rather, from switches used by other providers).

In addition, the Declaration deck seems to reflect approval for use in fewer states (given the mention of CA court orders and the recent authorization to use Hemisphere in Washington in the AT&T deck), and seems to offer fewer analytical bells and whistles.

Thus, I agree with Slaughter that his deck predates — perhaps by some time — the NYT/AT&T deck released last year.  That would mean Hemisphere has lost coverage, even while it has gained new bells and whistles offered by AT&T.

While I’m not yet sure this is my theory of the origin of Hemisphere, some dates are worth noting:

From 2002 to 2006, the FBI had telecoms onsite to provide CDRs directly from their systems (the FBI submitted a great number of its requests without any paperwork). One of the services provided — by AT&T — was community of interest tracking. Presumably they were able to track burner phones (described as dropped phones in these decks) as well.

In 2006, FBI shut down the onsite access, but retained contracts with all 3 providers (AT&T, Verizon, and probably Sprint). In 2009, one telecom — probably Verizon – declined to renew its contract for whatever the contract required.

AT&T definitely still has a contract with FBI, and in recent years, it has added more services to what it offers the FBI.

It’s possible the FBI multi-provider access moved under ONCDP (the Drug Czar) in 2007 as a way to retain its authorities without attracting the attention of DOJ’s excellent Inspector General (who is now investigating this in any case). Though I’m not sure that program provided the local call records the deck at least claims it could have offered. I’m not sure that program got to the telecom switches the way the deck seems to reflect. It’s possible, however, that the phone dragnet in place before it was moved to Section 215 in 2006 did have that direct access to switches, and the program retained this data for some years.

The phone dragnet prior to 2006 and NSL compliance (which is what the contracts with AT&T and one other carrier purportedly provide now) are both authorized in significant part (and entirely, before 2006) through voluntary compliance, per David Kris, the NSA IG Report, and the most recent NSL report. That’s a big reason why the government tried to keep this secret — to avoid any blowback on the providers.

In any case, if I’m right that the program has lost coverage (though gained AT&T’s bells and whistles) in the interim, then it’s probably because providers became unwilling, for a variety of reasons (and various legal decisions on location data are surely one of them) to voluntarily provide such information anymore. I suspect that voluntary compliance got even more circumscribed with the release of the first Horizon deck last year.

Which means the government is surely scrambling to find additional authorities to coerce this continued service.

USA Freedom Act’s So-Called “Transparency” Provisions Enable Illegal Domestic Surveillance

I regret that I am only now taking a close look at the “transparency” provisions in Patrick Leahy’s version of USA Freedom Act. They are actually designed not to provide “transparency,” but to give a very misleading picture of how much spying is going on. They are also designed to permit the government to continue not knowing how much content it collects domestically under upstream and pen register orders, which is handy, because John Bates told them if they didn’t know it was domestic then collecting domestic isn’t illegal.

In this post, I’ve laid out the section of the bill that mandates reporting from ODNI, with my comments interspersed along with what the “transparency” report Clapper did this year showed.

(b) MANDATORY REPORTING BY DIRECTOR OF NATIONAL INTELLIGENCE.—

(1) IN GENERAL.—Except as provided in subsection (e), the Director of National Intelligence shall annually make publicly available on an Internet Web site a report that identifies, for the preceding 12-month period—

This language basically requires the DNI to post a report on I Con the Record every year. But subsection (e) provides a number of outs.

Individual US Person FISA Orders

(A) the total number of orders issued pursuant to titles I and III and sections 703 and 704 and a good faith estimate of the number of targets of such orders;

This language requires DNI to describe, in bulk, how many individual US persons are targeted in a given year (there were 1,767 orders and 1,144 estimated targets last year). But it only requires DNI to give a “good faith estimate” of these numbers (and that’s what they’re listed as in ODNI’s report from last year)! If there’s one thing DNI should be able to give a rock-solid number for, it’s individual USP targets. But … apparently that’s not the case.

Screen Shot 2014-09-10 at 10.29.15 AM

Section 702 Orders

(B) the total number of orders issued pursuant to section 702 and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders;

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This language requires DNI to provide an estimate of the number of targets of Section 702 which includes both upstream and PRISM production. Last year, this was one order (ODNI doesn’t tell us, but there were at least 3 certificates –Counterterrorism, Counterproliferation, and Foreign Government) affecting 89,138 targets.

Screen Shot 2014-09-10 at 10.23.26 AM

The new reporting requires the government to come up with some estimate of how many communications are collected, as well as how many are located inside the US.

Except DNI is permitted to issue a certification saying that there are operational reasons why he can’t provide that last bit — how many are in the US. Thus, 4 years after refusing to tell John Bates how many Americans’ communications NSA was sucking up in upstream collection, Clapper is now getting the right to continue to refuse to provide that ratified by Congress. And remember — Bates also said that if the government didn’t know it was collecting that content domestically, then it wasn’t really in violation of 50 USC 1809(a). So by ensuring that it doesn’t have to count this, Clapper is ensuring that he can continue to conduct illegal domestic surveillance.

Don’t worry though. The bill includes language that says, even though this provision permits the government to continue conducting illegal domestic collection, “Nothing in this section affects the lawfulness or unlawfulness of any government surveillance activities described herein. ”

Back Door Searches

(iv) the number of search terms that included information concerning a United States person that were used to query any database of the contents of electronic communications or wire communications obtained through the use of an order issued pursuant to section 702; and

(v) the number of search queries initiated by an officer, employee, or agent of the United States whose search terms included information concerning a United States person in any database of noncontents information relating to electronic communications or wire communications that were obtained through the use of an order issued pursuant to section 702;

This language counts back door searches.

But later in the bill, the FBI — which we know does the bulk of these back door searches — is exempted from all of this reporting. As I noted in this post, effectively the Senate is saying it’s no big deal of FBI doesn’t track how many warrantless searches of US person content it does, even of people against whom the FBI has no evidence of wrongdoing.

In addition, note that odd limit to (v). DNI only has to report metadata searches “initiated by an officer, employee, or agent” of the United States. That would seem to exempt any back door metadata searches by foreign governments (it might also exempt contractors, but they should be included as “agents” of the US). Which, given that CIA doesn’t currently count its metadata searches, and given that CIA conducts a bunch of metadata searches on behalf of other entities, leads me to suspect that CIA may be doing metadata searches “initiated” by foreign governments. But that’s a guess. One way or another, though, this clause was written to not count some of these metadata searches. [Update: On reflection, that language may be designed to avoid counting automated processes as searches -- if they're initiated by a robot rather than an employee they're not counted!]

Pen Register Orders

C) the total number of orders issued pursuant to title IV and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders; and

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This language counts how many Pen Register orders the government obtains, how many individuals get sucked up, and how many are in the US, both of which are additions on what ODNI reported this year.

Screen Shot 2014-09-10 at 10.50.08 AM

But that last bit — counting people in the US — is again a permissible exemption under the bill. Which is, as you’ll recall, the other way NSA has been known to engage in illegal domestic content collection. The only known bulk pen register is currently run by FBI, but in any case, the exemption has the same effect, of permitting the government from ever having to admit that it is breaking the law.

Traditional Section 215 Collection

(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders; and

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This requires DNI to report on traditional Section 215 orders, but the entire requirement is a joke on two counts.

Screen Shot 2014-09-10 at 11.09.02 AM

First, note that, for a reporting requirement for a law permitting the government to collect “tangible things,” it only requires individualized reporting for “communications.” “Individuals whose communications were collected” are specifically defined as only involving phone calls and electronic communications.

So this “transparency” bill will not count how many individuals have their financial records, beauty supply purchases, gun purchases, pressure cooker purchases, medical records, money transfers, or other things sucked up, much of which we know to be done under this bill. And this is particularly important, because the law still permits bulk collection of these things. Thus, this “transparency” report creates the illusion that far less collection is done under Section 215 than actually is, it creates the illusion that bulk collection is not going on when it is.

But it gets worse!

Continue reading

Hospital Hero Jack Goldsmith, the Destroyer of the Internet Dragnet, Authorized the Internet Dragnet

As I noted earlier, I think the re-release of Jack Goldsmith’s May 6, 2004 OLC memo authorizing Stellar Wind is meant to warn Congress that the Executive does not believe it needs any Congressional authorization to spy on every American – just in time for the USA Freedom Act debate in the Senate. This is exactly parallel to similar provocations during the Protect America Act debate. In the past, such provocations led Congress to capitulate to Executive branch demands to tailor the program to their wishes.

That earlier post, however, implied that this warning pertains primarily to the phone dragnet.

It doesn’t. The warning also applies to the Internet dragnet (and I suspect that stories about the heroic hospital heroes shutting down the Internet dragnet have been dramatically overblown).

One of the very few things — aside from the name STELLAR WIND, over and over, as well as references to content collection that could have been released after President Bush admitted to that part of the program in 2005, and the title Secretary of Defense — that has been newly revealed is this bit of the Table of Contents (here’s the previous release for comparison).

Screen Shot 2014-09-06 at 1.05.11 PM

 

It shows that the memo discusses content, discusses telephony metadata, discusses something else, then concludes that content and metadata are both kosher under the Fourth Amendment. That already makes it clear that part IV is about metadata. The last sentence of the first full paragraph on page 19 does, too. Page 7 makes it clear that Fourth Amendment analysis applies to “both telephony and e-mail.” Much later in the memo, it becomes clear this section — pages 96 to 100 — deals with Internet metadata.

In fact, the only substantive newly unredacted parts of the memo appear on 101 (PDF 69) and then from 106 to 108.

All of this new information makes it clear that Goldsmith asserted that Smith v. Maryland applied for metadata — and applied to both phone and Internet metadata. Remarkably, in that analysis, the government keeps at least one paragraph addressing phone metadata hidden, but reveals the analysis at 106-7 (PDF 74-75) that applies to Internet. (Goldsmith’s claim that Internet users can get providers to turn off spam, at the bottom of 107, is particularly nice.)

In perhaps the most interesting newly released passage (out of the roughly 5 pages that got newly released!), Goldsmith absolves himself of examining what procedures the government was using in its “metadata” collection.

As for meta data collection, as explained below, we conclude that under the Supreme Court’s decision in Smith v. Maryland, 442 U.S. 735 (1979), the interception of the routing information for both telephone calls and e-mails does not implicate any Fourth Amendment interests.85

85 Although this memorandum evaluates the STELLAR WIND program under the Fourth Amendment, we do not here analyze the specific procedures followed by the NSA in implementing the program.  (101/PDF 69)

I find this utterly damning, given that we know that, for the following 5 years, the government would lie to FISC about whether their “metadata” contained content. Even the OLC opinion built in the Executive’s ability to collect content in the guise of metadata!

In any case, what is clear — again, just in time to impact the debate over USA Freedom, for which prospective call record collection might or might not be limited to telephone content — is that rather than legally shutting down the Internet dragnet in 2004, Jack Goldsmith authorized it.

And that authorization remains in place, telling the Executive it can collect Internet (and phone) “metadata” whether or not FISC or Congress rubberstamps it doing so. Not only that, but telling the Executive this analysis holds regardless of how inadequate their procedures are in implementing this program to ensure that no content gets swept up in the guise of metadata (which of course is precisely what occurred).

So the Administration, in releasing this “newly unredacted” memo did one thing. Tell Congress it will continue to collect phone and Internet “metadata” on its own terms, regardless of what Congress does.

Only one thing could alter this analysis of course: if the Courts decide that Smith v. Maryland doesn’t actually permit the government to collect all metadata, plus some content-as-metadata, in the country, if they say the Executive can’t actually collect “everything there is to know about everybody and have it all in one big government cloud,” as 2nd Circuit Judge Gerard Lynch described the implications of what we now know to be Goldsmith’s logic on Tuesday. But the courts are going to stop analyzing this question as soon as Congress passes USA Freedom Act. Moreover, the last check on the program — the unwillingness of providers to break the law — will be removed by the broad immunity provision included in the bill.

Not only didn’t Jack Goldsmith heroically legally shut down the Internet dragnet in 2004 (clearly President Bush did make several modifications; we just still don’t know what those are). But he provided a tool that is likely proving remarkably valuable as the Executive gets Congress and privacy NGOs to finish signing off on their broad authority.

The hospital heroes may have temporarily halted the conduct of the Internet dragnet — even while telling Colleen Kollar-Kotelly she had to rubber stamp ignoring the letter of the law because Congress couldn’t know about the dragnet — but they didn’t shut it down. Here it is, legally still operating, just in time to use as a cudgel with Congress.

Update: One other thing other reporting on this is missing — and not for the first time — is that whatever change they made to the Internet dragnet, it was by no means the only change after the hospital confrontation. They also took Iraqi targeting out (in some way). And there was a later April 2 modification that appears to have nothing to do with NSA at all (I have my theories about this, but they’re still theories). So it is too simple to say the hospital confrontation was exclusively about the Internet dragnet — the public record already makes clear that’s not the case.

Two Explanations for Confusion about US ISIS Members: Associational Claims and Watchlisting Procedures

Eli Lake has a piece trying to explain the big disparities between claimed numbers of Americans who have joined ISIS.

One might think that a government that secretly collected everyone’s cellphone records would be able to find out which Americans have joined ISIS. But actually that task is much harder than it would appear.

On Wednesday, Secretary of Defense Chuck Hagel told CNN more than 100 Americans have pledged themselves to the group that declared itself a Caliphate in June after conquering Iraq’s second-largest city. Hagel added, “There may be more, we don’t know.” On Thursday, a Pentagon spokesman walked back Hagel’s remarks, saying the United States believes there are “maybe a dozen” Americans who have joined ISIS.

“We don’t know what we don’t know,” a U.S. intelligence official told The Daily Beast when asked if there were more than 12 Americans in ISIS. “We have some identifying information on some of the Americans, it may not be their name but we have enough information. That said, we readily acknowledge that that number is probably low and there are others we don’t know about.”

“I think 12 is probably low only because there is always stuff we don’t know,” said Andrew Liepman, who left his post as the deputy director of the National Counterterrorism Center (NCTC) in 2012 and is now a senior policy analyst at the Rand Corporation. “I would not say that number is hugely low, but we always have to remember what we don’t know.”

But at least some of these discrepancies are actually quite easy to explain.

First, Lake jokes about the NSA’s dragnet. But that is actually one explanation for the larger numbers: in FISC documents, it is clear NSA treats association as transitive, meaning that an association with someone who is known to be associated with a group is itself, in many cases, considered evidence of association with the group. And some of this analysis is not going to go beyond metadata analysis (meaning NSA may not get around to reading the content to confirm the association unless the metadata patterns suggest some reason to prioritize the captured communication).

Thus, for any Americans who are in email or phone contact with a known or suspected member of ISIS, NSA likely considers them to be associated with ISIS. And remember, NSA’s collection of email and phone records overseas is almost certainly more extensive than their collection here, meaning those contact chains will be more exhaustive.

In addition, we know that the government considers traveling to an area of terrorist activity to be reasonable suspicion that someone is a known or suspected terrorist. The watchlist guidelines list just that as one behavioral indicator for being watchlisted as a known or suspected terrorist (see page 35).

3.9.4 Travel for no known lawful or legitimate purpose to a locus of TERRORIST ACTIVITY.

This means that any Americans who have traveled to Syria or Iraq are likely classified, by default, as terrorists. And many of those may have traveled for entirely different reasons (like freelance journalism).

That the Pentagon responded the way it did to Chuck Hagel’s fear-mongering is itself tacit admission that the government’s means of tracking terrorist affiliation sweep far wider than actual terrorist affiliation actually does.  All Americans who have communicated with ISIS or traveled to Syria may not even want to join ISIS, and not all that want to will succeed in doing so. But NSA and NCTC are going to track everyone who might want to join, because that’s the best way to keep us safe.

Of course, that means the numbers can be used as Hagel used them, to fearmonger about the possible rather than the actual threat of American ISIS members.

All the more reason to make these watchlisting details public!

Missing from the EO 12333 Discussion: Its Classified Annex Michael Hayden Revised on March 11, 2004

NSA Authorities TimelineI recommend this ArsTechnica background piece on EO 12333. It describes how Ronnie Reagan issued EO 12333 to loosen the intelligence rules imposed by Jimmy Carter (with links to key historical documents). It includes interviews with the NSA whistleblowers describing how George Bush authorized the collection of telecom data from circuits focused on the US under the guise of EO 12333, calling the bulk of the US person data collected “incidental.” And it describes how Bush and Obama have continued using EO 12333 as a loophole to obtain US person data.

But there’s a key part of the story Ars misses, which I started to lay out here. As this graphic notes, the NSA is governed by a set of interlocking authorities and laws. The precedence of those authorities and laws is not terribly clear — and NSA’s own training programs don’t make them any more clear. Bush’s revision to EO 12333 played on that interlocking confusion.

Perhaps most alarming, however, the NSA continued to use a classified annex to EO 123333 written by Michael Hayden the day he reauthorized the illegal wiretap program at least until recent years — and possibly still. And that classified annex asserts an authority to wiretap Americans on the Attorney General’s authorization for periods of up to 90 days, and wiretap “about” collection based solely on NSA Director authority.

Among the documents released to ACLU and EFF via FOIA was an undated “Core Intelligence Oversight Training” program that consists of nothing more than printouts of the authorities governing NSA activities (as I noted in this post, with one exception, the NSA training programs we’ve seen are unbelievably horrible from a training efficacy standpoint). It includes, in part, EO 12333, DOD 5240.1-R, and NSA/CSS Policy 1-23 (that is, several of the authorities NSA considers among its signature authorities). As part of a 2009 issuance of the latter document (starting on page 110), the training documents also include the classified annex to EO 12333 (starting on page 118). And although both documents are part of that 2009 issuance (which incorporated language reflecting the FISA Amendments Act), they are dated March 11, 2004 — the day after the hospital confrontation, when the Bush Administration continued its illegal wiretap program without DOJ sanction — and signed by then DIRNSA Michael Hayden.

That is, as part of the FOIA response to ACLU and EFF, DOJ revealed how it was secretly applying EO 12333 at least as recently as 2009.

And that secret application of EO 12333 includes two provisions that illustrate how the government was abusing EO 12333, even in the face of revisions to FISA. They include provisions permitting the wiretapping of Americans for 90-day periods based on AG certification, and the wiretapping of “about” communications for apparently unlimited periods based on DIRNSA certification. (see page 123)

Continue reading

SPCMA and ICREACH

Within weeks of Michael Mukasey’s confirmation as Attorney General in November 2007, Assistant Attorney General Ken Wainstein started pitching him to weaken protections then in place for US person metadata collected overseas; Mukasey did so, under an authority that would come to be known as SPCMA, on January 3, 2008.

In 2007, Wainstein explained the need to start including US person data in its metadata analysis, in part, because CIA wanted to get to the data — and had been trying to get to it since 2004.

(3) The Central Intelligence Agency’s (CIA) Interest in Conducting Similar Communications Metadata Analysis. On July 20, 2004 [days after CIA had helped NSA get the PRTT dragnet approved], the General Counsel of CIA wrote to the General Counsel ofNSA and to the Counsel for Intelligence Policy asking that CIA receive from NSA United States communications metadata that NSA does not currently provide to CIA. The letter from CIA is attached at Tab C. Although the proposed Supplemental Procedures do not directly address the CIA’s request, they do resolve a significant legal obstacle to the dissemination of this metadata from NSA to CIA. (S//SII/NF)

Wainstein also noted other DOD entities might access the information.

That’s important background to the Intercept’s latest on ICREACH, data sharing middleware that permits other intelligence agencies to access NSA’s metadata directly — and probably goes some way to answer Jennifer Granick’s questions about the story.

As the documents released by the Intercept make clear, ICREACH arose out of an effort to solve a data sharing effort (though I suspect it is partly an effort to return to access available under Bush’s illegal program, in addition to expanding it). A CIA platform, PROTON, had been the common platform for information sharing in the IC. NSA was already providing 30% of the data, but could not provide some of the types of data it had (such as email metadata) and could not adequately protect some of it. Nevertheless, CIA was making repeated requests for more data. So starting in 2005, NSA  proposed ICREACH, a middleware platform that would provide access to both other IC Agencies as well as 2nd parties (Five Eyes members). By June 2007, NSA was piloting the program.

Right in that same time period, NSA’s Acting General Counsel Vito Potenza, Acting OLC head Steven Bradbury, and Wainstein started changing the rules on contact chaining including US person metadata. They did so through some word games that gave the data a legal virgin birth as stored data that was therefore exempt from DOD’s existing rules defining the interception or selection of a communication.

For purposes of Procedure 5 of DoD Regulation 5240.1-R and the Classified Annex thereto, contact chaining and other metadata analysis don’t qualify as the “interception” or “selection” of communications, nor do they qualify as “us[ing] a selection term,” including using a selection term “intended to intercept a communication on the basis of … [some] aspect of the content of the communication.”

See this post for more on this amazing legal virgin birth.

Significantly, they would define metadata the same way ICREACH did (page 4), deeming certain login information to be metadata rather than content.

“Metadata” also means (1) information about the Internet-protocol (IP) address of the computer from which an e-mail or other electronic communication was sent and, depending on the circumstances, the IP address of routers and servers on the Internet that have handled the communication during transmission; (2) the exchange of an IP address and e-mail address that occurs when a user logs into a web-based e-mail service; and (3) for certain logins to web-based e-mail accounts, inbox metadata that is transmitted to the user upon accessing the account.

It would take several years to roll out SPCMA (remember, that’s the authority to chain on US person data, as distinct from the sharing platform); a pilot started in NSA’s biggest analytical unit in 2009. When it did, NSA made it clear that personnel could access this data to conduct analysis, but that existing dissemination rules remained the same (which is consistent with the 2006-2008 proposed activity).

Additionally, the analyst must remain cognizant of minimization procedures associated with retention and dissemination of US person information. SPCMA covers analytic procedures and does not affect existing procedures for collection, retention or dissemination of US person information. [emphasis original]

Accessing data in a database to do analysis, NSA appears to have argued, was different than disseminating it (which is a really convenient stance when you’re giving access to other agencies and trying to hide the use of such analysis).

Of course, the pitch to Mukasey only nodded to direct access to this data by CIA (and through them and PROTON, the rest of the IC) and other parts of DOD. In what we’ve seen in yesterday’s documents from the Intercept and earlier documents on SPCMA, NSA wasn’t highlighting that CIA would also get direct access to this data under the new SPCMA authority, and therefore the data would be disseminated via analysis outside the NSA. (Note, I don’t think SPCMA data is the only place NSA uses this gimmick, and as I suggested I think it dates back at least to the illegal dragnet.)

In response to yesterday’s Intercept story, Jennifer Granick suggested that by defining this metadata as something other than communication, it allows the NSA to bypass its minimization procedures.

The same is true of the USSID18 procedures. If the IC excludes unshared stored data and other user information from the definition of communications, no minimization rules at all apply to protect American privacy with regard to metadata NSA collects, either under 12333 or section 702.

[snip]

NSA may nevertheless call this “minimized”, in that the minimization rules, which require nothing to be done, have been applied to the data in question. But the data would not be “minimized” in that it would not be redacted, withheld, or deleted. 

Given what we’ve seen in SPCMA — the authority permitting the analysis of expansively defined metadata to include US person data — she’s partly right — that the NSA has defined this metadata as something other than communication “selection” — but partly missing one of NSA’s gimmicks — that NSA distinguishes “analysis” from “dissemination.”

And if a bunch of agencies can access this data directly, then it sort of makes the word “dissemination” meaningless.  Continue reading

Behold, John Brennan’s Scary Memo!

Brennan with TortureI’ve been writing for a long time about the “Scary Memos” the government used to justify its dragnet.

As the Joint IG Report described, they started in tandem with George Bush’s illegal wiretap program, and were written before each 45-day reauthorization to argue the threat to the US was serious enough to dismiss any Fourth Amendment concerns that the President was wiretapping Americans domestically.

Jack Goldsmith relied on one for his May 6, 2004 memo reauthorizing some — but not all — of the dragnet.

Yesterday, James Clapper’s office released the Scary Memo included in the FISA Court application to authorize the Internet dragnet just two months later, on July 14, 2004.

ODNI calls it the Tenet Declaration — indeed it is signed by him (which, given that he left government on July 11, 2004 and that final FISC applications tend to be submitted days before their approval, may suggest signing this Scary Memo was among the very last things he did as CIA Director).

Yet the Memo would have been written by the Terrorist Threat Integration Center, then headed by John Brennan.

Much of the Scary Memo describes a “possible imminent threat” that DOJ plans to counter by,

seeking authority from this Court [redacted] to install and use pen register and trap and trace devices to support FBI investigations to identify [redacted], in the United States and abroad, by obtaining the metadata regarding their electronic communications.

There is no mention of NSA. There is no mention that the program operated without legal basis for the previous 2.5 years. And there’s a very curious redaction after “this Court;” perhaps CIA also made a show of having the President authorize it, so as to sustain a claim that all this could be conducted exclusively on Presidential authority?

After dropping mention of WMD – anthrax! fissile material! chemical weapons! — the Scary Memo admits it has no real details about this “possible imminent threat.”

[W]e have no specific information regarding the exact times, targets, or tactics for those planned attacks, we have gathered and continue to gather intelligence that leads us to believe that the next terrorist attack or attacks on US soil could be imminent.

[snip]

Reporting [redacted] does not provide specific information on the targets to be hit or methods to be used in the US attack or attacks.

But based on “detainee statements and [redacted] public statements since 9/11,” the Scary Memo lays out, CIA believes al Qaeda (curiously, sometimes they redact al Qaeda, sometimes they don’t) wants to target symbols of US power that would negatively impact the US economy and cause mass casualties and spread fear.

It took an “intelligence” agency to come up with that.

Based on that “intelligence,” it appears, but not on any solid evidence, CIA concludes that the Presidential conventions would make juicy targets for al Qaeda.

Attacks against or in the host cities for the Democratic and Republican Party conventions would be especially attractive to [redacted].

And because of that — because CIA’s “intelligence” has decided a terrorist group likes to launch attacks that cause terror and therefore must be targeting the Presidential conventions — the FBI (though of course it’s really the NSA) needs to hunt out “sleeper cells.”

Identifying and disrupting the North American-based cells involved in tactical planning offers the most direct path to stopping an attack or attacks against the US homeland. Numerous credible intelligence reports since 9/11 indicate [redacted] has “sleepers” in North America. We judge that these “sleepers” have been in North American, and the US in general, for much of the past two years. We base our judgment, in part, [redacted] as well as on information [redacted] that [redacted] had operatives here.

Before we get to what led CIA to suggest the US was targeted, step back and look at this intelligence for a moment. This report mentions detainee reporting twice. It redacts the name of what are probably detainees in several places. Indeed, several of the claims in this report appear to match those from the exactly contemporaneous document CIA did on Khalid Sheikh Mohammed to justify its torture program, thus must come from him.

Yet, over a year after KSM had been allegedly rendered completely cooperative via waterboarding, CIA still did not know the answer to a question that KSM was probably one of the only people alive who could answer.

We continue to investigate whether the August 2001 arrest of Zacarias Moussaoui may have accelerated the timetable for the 9/11 attacks because he knew of al-Qa’ida’s intention to use commercial aircraft as weapons.

Nevertheless, they believed KSM was being totally straight up and forthcoming.

Note, too, the CIA relied on claims of sleeper cells that were then two years old, dating back to the time they were torturing Abu Zubaydah, whom we know did give “intelligence” about sleeper cells.

To be sure, we know CIA’s claims of a “possible imminent threat” in the US do not derive exclusively from CIA’s earlier torture (though CIA had claimed, just months earlier, that their best intelligence came from that source for the Inspector General’s report).

Less than 3 weeks after this Scary Memo was written, we’d begin to see public notice of this “possible imminent threat,” when Tom Ridge raised the threat level on August 1, 2004 because of an election year plot, purportedly in response to the capture of Muhammad Naeem Noor Khan in Pakistan on July 13 (which could only have been included in “the Tenet declaration” if Khan were secretly arrested and flipped earlier, because Tenet was no longer CIA Director on July 13). But what little basis the election year plot had in any reality dated back to the December 2003 British arrest and beating of Khan’s cousin, Babar Ahmed, which would lead to both Khan’s eventual capture as well as the British surveillance of Dhiren Barot as early as June 10 and the latter’s premature arrest on August 3. KSM’s nephew, Musaad Aruchi, was also handed over by Pakistan to CIA on June 12; best as I know, he remains among those permanently disappeared in CIA’s torture program. This would also lead to a new round of torture memos reauthorizing everything that had been approved in the August 1, 2002 Bybee Memo plus some.

The claims the US was a target derive, based on the reporting in the NYT, from Dhiren Barot. Barot apparently did want to launch a terrorist attack. Both KSM and Hambali had identified Barot during interrogations in 2003, and he had scouted out attack sites in the US in 2000 and 2001. But his active plots in 2004 were all focused on the UK. In 2007 the Brits reduced his sentence because his plots weren’t really all that active or realistic.

Which is to say this election plot — the Scary Plot that drives the Scary Memo that provided the excuse for rolling out (or rather, giving judicial approval for continuing) an Internet dragnet that would one day encompass all Americans — arose in significant part from 2003 torture-influenced interrogations that led to the real world detention of men who had contemplated attacking the US in 2000, but by 2004 were aspirationally plotting to attack the UK, not the US, as well as men who may have been plotting in Pakistan but were not in the US.

That, plus vague references to claims that surely were torture derived, is what John Brennan appears to have laid out in his case for legally justifying a US dragnet.

You see, it’s actually John Brennan’s dragnet — it all goes back to his Scary Memo — and his role in it is presumably one of the reasons he doesn’t want us to know how many lies went into the CIA torture program.

Brennan’s Scary Memo provides yet more evidence how closely linked are torture and the surveillance of every American.

The Truth Missing from Alexander Joel’s “Truth” about EO 12333

Over at Salon, I’ve got a piece responding to Office of Director of National Intelligence Civil Liberties Officer Alexander Joel’s column purporting to describe the “truth” about EO 12333.

Click through to see this part of my argument:

  • Joel resorts to the tired old “target” jargon
  • Joel points to PPD 28, which rather than supporting his point, actually shows how broadly the NSA uses bulk collection and therefore how meaningless that “target” jargon is
  • Joel doesn’t address one of John Napier Tye’s points — that current technology allows the NSA to collect US person data overseas
  • We know they’re doing that in the SPCMA — the Internet dragnet authority conducted on Internet data collected overseas

But it’s Joel’s claim about oversight I find most problematic.

Oversight is extensive and multi-layered. Executive branch oversight is provided internally at the NSA and by both the Department of Defense and the Office of the DNI by agency inspectors general, general counsels, compliance officers and privacy officers (including my office and the NSA’s new Civil Liberties and Privacy Office). The Department of Justice also provides oversight, as do the Privacy and Civil Liberties Oversight Board and the president’s Intelligence Oversight Board. In addition, Congress has the power to oversee, authorize and fund these activities.

As I note in my piece, really what we have is single branch oversight. And that’s not going to prevent abusive spying.

Joel’s claim,”Oversight [of EO 12333 collection] is extensive and multi-layered,” rings hollow. He lists 4 oversight positions at 3 Executive branch agencies, then points to 3 more Executive branch agencies he claims have a role. Having the Executive oversee the Executive spying on Americans poses precisely the kind of threat to our democracy Tye raised.

Then Joel claims, “Congress has the power to oversee, authorize and fund these activities.” Of course, that’s different from Congress actually using that power. Moreover, the record suggests Congress may not currently have the power to do anything but defund such spying, assuming they even know about it. Senate Intelligence Committee Chair Dianne Feinstein admitted last August that her committee doesn’t receive adequate information on EO 12333 collection.  Joel’s boss, James Clapper, refused to answer a question from Senator Amy Klobuchar on EO 12333 violations in a hearing in October. And when Senator Mark Udall suggested a “vast trove” of Americans’ communications collected overseas should be provided the protections laid out in FISA, Assistant Attorney General John Carlin explained the National Security Division — the part of DOJ he oversees, which has a central role in oversight under FISA — would not have a role in that case because the collection occurred under EO 12333.

In his column, Joel makes no mention of the third branch of government: the Courts. That’s because, as ACLU’s Patrick Toomey laid out last week, the government doesn’t give defendants any notice if their prosecutions arise from data collected under EO 12333. Criminal prosecutions are where some of the most important oversight on Executive branch spying takes place. By exempting EO 12333 from any such notice, then, the government is bypassing another critical check on potentially abusive spying.

Back in 1978, our government decided that both Congress and the courts should have a role when the Executive branch spied on Americans. That was the entire premise behind the FISA law.  But by moving more and more of its spying overseas, the government can and — apparently, at least to a limited extent — is bypassing the oversight accorded through three branches of government.

FISA was written in 1978, before it became so easy to spy on Americans’ domestic communications overseas. FISA Amendments Act partly addressed the new technological reality — by giving the Executive permission to spy on foreigners domestically. But it provided inadequate protections — Sections 703-5 — in return. Those measures, requiring a Court order for targeting Americans who are themselves overseas (but not for targeting Americans’ data that transits overseas), simply don’t do enough to prevent the government from using this new technological reality from spying on Americans.

The Hospital Confrontation Heroes of Rule of Law Gutted Separation of Powers

Remember that cinematic story of how Jim Comey and Jack Goldsmith and Robert Mueller stood up to Bush and Cheney and forced them to shut down their illegal dragnet to defend the rule of law in 2004?

It turns out, what Comey and Goldsmith did in secret two months later was not so heroic. As I lay out over at Salon, the memo of law they used to get their illegal dragnet blessed by the FISA court argued both Judge Colleen Kollar-Kotelly and the Congress that passed the PRTT law in the first place had no choice but to cede to Executive power.

Essentially, they argued both she — an Article III judge — and Congress must have their power gutted to protect the president’s power.

[snip]

The same heroes of the hospital confrontation, lionized for the last decade for their courageous defense of the rule of law, thereby gutted the separation of powers, in secret. All to serve still more secrecy … and the power of the presidency they purportedly reined in two months earlier.

They may have won Bush — and themselves, who otherwise would have signed off on an illegal program — legal cover by doing so. But in the process they corroded the balance of powers enshrined by the Constitution, turning the FISC into a place where expansive executive branch programs get rubber-stamped in secret.

Here’s how they justified not getting Congress to write a new law to authorize the spying they themselves refused to approve.

The memo’s focus on Congress — at least what appears in unredacted form — is much more circumspect, but perhaps even more disturbing.

DOJ pointed to language showing Congress intended pen registers to apply to the Internet; they pointed to the absence of language prohibiting a pen register from being used to collect data from more than a single user, as if that’s the same as collecting from masses of people and as if that proved congressional intent to wiretap everyone.

And then they dismissed any potential constitutional conflict involved in such broad rereadings of statutes passed by Congress. “In almost all cases of potential constitutional conflict, if a statute is construed to restrict the executive, the executive has the option of seeking additional clarifying legislation from Congress,” the heroes of the hospital confrontation admitted. The White House had, in fact, consulted Majority Leader Tom DeLay about doing just that, but he warned it would be too difficult to get new legislation. So two months later, DOJ argued Congress’ prerogative as an independent branch of government would just have to give way to secrecy. “In this case, by contrast, the Government cannot pursue that route because seeking legislation would inevitably compromise the secrecy of the collection program the Government wishes to undertake.”

You remember that part of the Constitution where it says Congress passes the laws, unless the Executive Branch wants the laws to be secret, in which case they can do it?

Nope, neither do I.

Internet Dragnet Materials, Working Thread 1

I Con the Record just released some ridiculously overclassified Internet dragnet documents it claims shows oversight but which actually shows how they evaded oversight. I’ve added letters to ID each document (I’ll do a post rearranging them into a timeline tomorrow or soon thereafter).

For a timeline I did earlier of the Internet dragnet program see this post.

This will be the first of several working threads, starting with descriptions of what we’ve got.

8/12: Note I will be updating this as I can clarify dates and content.

So-called Judicial oversight

A. FISC Opinion and Order: This is the Kollar-Kotelly order that initially approved the dragnet on July 14, 2004. A searchable version is here.

B. FISC Primary Order: This is an Internet dragnet order signed by Reggie Walton, probably in 2008 or very early 2009. It shows that the Internet dragnet program, which was almost certainly illegal in any case, had less oversight than the phone dragnet program (though at this point also collected fewer records). It was turned over pursuant to FAA requirements on March 13, 2009.

C. FISC Primary Order: This is an Internet dragnet order probably from May 29, 2009 (as identified in document D), signed by Reggie Walton. It shows the beginning of his efforts to work through the Internet violations. It appears to have been provided to Congress on August 31, 2009.

D. FISC Order and Supplemental Order: This is a version of the joint June 22, 2009 order released on several occasions before. It shows Reggie Walton’s efforts to work through the Internet dragnet violations. Here’s one version.

E. FISC Supplemental Order: This appears to be the dragnet order shutting down dragnet production. It would date to fall 2009 (production was likely shut down in October 2009, though this might reflect the initial shut-down).

F. FISC Primary Order: I’m fairly sure this is an order from after Bates turned the Internet dragnet back on in 2010 (and is signed by him), though I will need to verify that. It does require reports on how the NSA will segregate previously violative records, which is consistent with it dating to 2011 sometime (as is the requirement that the data be XML tagged).

G. FISC Memorandum Opinion Granting in Part and Denying in Part Application to Reinitiate, in Expanded Form, Pen Register/Trap and Trace Authorization: This is the order, from sometime between July and October 2010, where John Bates turned back on and expanded the Internet dragnet. Here’s the earlier released version (though I think it is identical).

H. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This was a report Walton required in document C, above, and so would be in the May-June 2009 timeframe. Update: Likely date June 18, 2009.

I. Government’s Response to the FISC’s Supplemental Order: This is the government’s response to an order from Walton, probably in his May 29, 2009 opinion (see this order for background), or even earlier in May.Update: This response dates to June 18, 2009 or slightly before.

J. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This appears to be the declaration submitted in support of Response I and cited in several places. Update: likely date June 18, 2009.

K. Supplemental Declaration of Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This appears to be the declaration that led to document C above.

L. Government’s Response to the FISC’s Supplemental Order Requesting a Corrective Declaration: This is a declaration admitting dissemination outside the rules responding to 5/29 order.

M. Government’s Response to a FISC Order: This is the government’s notice that it was using automatic queries on Internet metadata, just as it also was with the phone dragnet. This notice was provided to Congress in March 2009.

N. Declaration of Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Compliance with a FISC Order: After Walton demanded declarations in response to the initial phone dragnet violation, he ordered NSA to tell him whether the Internet dragnet also had the same problems. This is Keith Alexander’s declaration describing the auto scan for that program too. It was provided to Congress in March 2009.

O. Preliminary Notice of Potential Compliance Incident: This is the first notice of the categorical violations that ultimately led to the temporary shutdown of the dragnet, in advance of order E.

P. Notice of Filing: This is notice of a filing in response to inquiry from Judge Walton. It could be from any time during David Kris’ 2009 to early 2011 tenure.

Q: Government’s Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes: This appears to be the application following Order E, above. I don’t think it’s the 2010 application that led to the reauthorization of the dragnet, because it refers to facilities whereas the 2010 order authorized even broader collection. (Remember Bates’ 2010 order said the government applied, but then withdrew, an application.) Update and correction: this application must post-date December 2009, because that’s when NSA changed retention dates from 4.5 years to 5. Also note reference to change in program and request to access illegally collected data from before 10/09.

R. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes: This appears to be the memorandum of law accompanying application Q.

S. Declaration of General Keith B. Alexander, U.S. Army, Director, NSA, in Support of Pen Register/Trap and Trace Application: This is Alexander’s declaration accompanying Q.

T. Exhibit D in Support of Pen Register/Trap and Trace Application: This is a cover letter. I’m not sure whether it references prior communications or new ones.

U. First Letter in Response to FISC Questions Concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: This is the first of several letters in support of reinitiation of the program. The tone has changed dramatically here. For that reason, and because so much of it is redacted, I think this was part of the lead-up to the 2010 reauthorization.

V. Second Letter in Response to FISC Questions concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: This second letter is entirely redacted except for the sucking up to Bates stuff.

W. Third Letter in Response to FISC Questions Concerning NSA Bulk Metadata Collection Using Pen Register/Trap and Trace Devices: More sucking up. Some language about trying to keep access to the existing illegally collected data. 

X. Application for Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes: This is the first application for the Internet dragnet, from 2004. Very interesting. Note it wasn’t turned over until July 2009, after Congress was already learning of the new problems with it.

Y. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes: The memorandum of law accompanying X. Also turned over to Congress in 2009.

Z. Declaration of General Michael V. Hayden, U.S Air Force, Director, NSA, in Support of Pen Register/Trap and Trace Application: This goes with the initial application. NSA has left stuff unredacted that suggests they were access less bandwith than they, in the end, were. Also remember NSA violated this from the very beginning.

AA. Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence PurposesThis appears to be the application for the second PRTT order. I’ll return to this tomorrow, but I don’t think it reflects the violation notice it should.

BB. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate: This is NSA’s declaration in conjunction with the first reapplication for the dragnet. This should have declared violations. It was turned over to Congress in March 2009. [update: these appear to be early 2009 application]

CC. Declaration Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Implementation of Authority to Collect Certain Metadata: This is Alexander’s declaration accompanying the End-to-End report, from sometime in fall 2009.

DD: NSA’s Pen Register Trap and Trace FISA Review Report: The end-to-end report itself. it was provided to Congress in January 2010.

EE: DOJ Report to the FISC NSA’s Program to Collect Metadata: DOJ’s accompaniment to the end-to-end report.

FF: Government’s First Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata: After Bates raauthorized the Internet dragnet, DOJ realized they might not be on the same page as him. Not sure if this was in the 2009 attempt or the 2010 reauthorization.

GG: Government’s Second Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata: A follow-up to FF.

HH: Tab 1 Declaration of NSA Chief, Special Oversight and Processing, Oversight and Compliance, Signals Intelligence: This appears to be the 90-day report referenced in document C. Update: Actually it is referenced in Document A: note the paragraphs describing the chaining that were discontinued before the dragnet approval.

II: Verified Memorandum of Law in Response to FISC Supplemental Order: This is one of the most fascinating documents of all. It’s a 2009-2011 (I think August 17, 2009, though the date stamp is unclear) document pertaining to 3 PRTT targets, relying on criminal PRTT law and a 2006 memo that might be NSA’s RAS memo (though the order itself is FBI, which makes me wonder whether it seeds the FBI program). It may have been what they used to claim that Internet content counted as metadata.

JJ: Memorandum of Law in Response to FISC Order: A September 25, 2006 response to questions from the FISC, apparently regarding whether rules from criminal pen registers apply to PATRIOT PRTT. While I think this addresses the application to Internet, I also think this language may be being used for location.

So-called Congressional oversight

KK: Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees: This is a request to unseal an order — I suspect document E — so it could be briefed to Congress.

LL:  Order Granting the Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees: Walton’s order to unseal KK for briefing purposes. 

MM: April 27, 2005 Testimony of the Attorney General and Director, FBI Before the Senate Select Committee on Intelligence: This is the 2005 testimony in which – I pointed out before — Alberto Gonzales did not brief Congress about the Internet dragnet.

So-called Internal oversight

NN: NSA IG Memo Announcing its Audit of NSA’s Controls to Comply with the FISA Court’s Order Regarding Pen Register/Trap and Trace Devices: This lays out an audit with PRTT compliance, noting that the audit also pertains to BR FISA (phone dragnet). It admits the audit was shut down when the order was not renewed. It’s unclear whether this was the 2009 or the 2011 shutdown, but the implication is it got shut down because it would not pass audit. 

OO: NSA IG Memo Suspending its Audit of NSA after the NSA’s PRTT Metadata Program Expired: the formal announcement they were shutting down the IG report. Again, it’s not clear whether this was the 2009 or the 2011 shutdown.

If you find this work valuable, please consider donating to support the work.  

1 2 3 6

Emptywheel Twitterverse
bmaz @MikeSacksEsq They wouldn't let me pre-order at the price yet.
15mreplyretweetfavorite
bmaz @Krhawkins5 @onekade @jilliancyork @emptywheel @JameelJaffer @CIA And, yet, DEA is most ruthless+competent of all of them
17mreplyretweetfavorite
bmaz @MikeSacksEsq ...cause I drive around to so many different courts and am otherwise mobile.
19mreplyretweetfavorite
bmaz @MikeSacksEsq My two years not up until Oct 31. Want (eyes need!) screen size of Plus, but thing has to work as main office phone too
20mreplyretweetfavorite
bmaz @MikeSacksEsq @SammSacks Is it too big to use easily as a phone?
24mreplyretweetfavorite
bmaz RT @saftergood: CRS memo on proposals to expatriate US citizens who fight for terrorist groups (pdf) http://t.co/fa3MwrXv38
34mreplyretweetfavorite
emptywheel @ttagaris Actually a remarkably non-shitty panel, even if there are no girls. @ChrisMurphyCT
35mreplyretweetfavorite
bmaz RT @elizabeth_joh: Instead of official statistics resisting arrest numbers may be best measure of NYPD use of force by @jdavidgoodman http:…
35mreplyretweetfavorite
emptywheel @NaheedMustafa Agree, but they're using current unjustified fearmongering to do things they haven't tried before (citizen stripping, eg)
36mreplyretweetfavorite
emptywheel @jilliancyork When is it? I've been putting off a FBI post that I REALLY need to finish? @onekade
37mreplyretweetfavorite
emptywheel @jilliancyork This is one of many reasons I find USAF "transparency" provisions so problematic, btw. Designed to obscure FBI.
37mreplyretweetfavorite
emptywheel @jilliancyork FBI FBI FBI FBI. Also local cops and CBP and ATF and--just ask @onekade for the others.
38mreplyretweetfavorite
September 2014
S M T W T F S
« Aug    
 123456
78910111213
14151617181920
21222324252627
282930