PATRIOT

Section 215, Under USA Freedumb

This post attempts to do more than lay out how Section 215 will look if USA Freedumb were to pass in its current form. For sections that don’t change, I just mark what they cover. Bolded text is new. My comments are in red. Please let me know if I’ve missed anything.

Update: An updated version of the Managers Amendment does define the term specific selection term:

(2) SPECIFIC SELECTION TERM.—The term  ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

This is far better than nothing. Though I have concerns about “entity” and I suspect there will be some pushback here, since not even phone numbers “uniquely describe a person,” much less IPs.


(a) APPLICATION

(b) Recipient and contents of application
Each application under this section—

(1) shall be made to—
(A) a judge of the court established by section 1803 (a) of this title; or

(B) a United States Magistrate Judge under chapter 43 of title 28, who is publicly designated by the Chief Justice of the United States to have the power to hear applications and grant orders for the production of tangible things under this section on behalf of a judge of that court; and

(2) shall include—

(A) a specific selection term to be used as the basis for the production of the tangible things sought;

Unless I’m mistaken, the term “selection term” is never defined in this bill, nowhere, in spite of the fact that this section and several others rely on it. I can assure you the intelligence community already goes far beyond the email address and phone number they claim to use. And think how broad this could be, without specific limitations. Is there anything preventing “selection term” to be “Area Code 202″? And once you’re talking financial records, what prevents “specific selection term” to be “pressure cooker purchased with a credit card” or “Western Union transfer over $100″?

(B) in the case of an application other than an application described in subparagraph (C), a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities, such things being presumptively relevant to an authorized investigation if the applicant shows in the statement of the facts that they pertain to—

(i) a foreign power or an agent of a foreign power;

(ii) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or

(iii) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of such authorized investigation;

(C) in the case of an application for the production of call detail records created on or after the date of the application, a statement of facts showing that—

Note that this language limits prospective collection to call detail records, not Internet data. That is one key improvement over RuppRoge — though see my comments below about how this might be gamed.

(i) there are reasonable grounds to believe that the call detail records sought to be produced based on the specific selection term required under subparagraph (A) are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to protect against international terrorism; and

(ii) there are facts giving rise to a reasonable, articulable suspicion that such specific selection term is associated with a foreign power or an agent of a foreign power; and

This is where the bill purportedly limits ongoing production to terrorist investigations. But remember how this “relevant to” term has blown up to include anything that could possibly have a tie to terrorism? Which makes this clause meaningless, leaving the only limitation on what call detail records you want to get to be the original selector having a tie to a foreign power. So it would be a cinch to use this language for other uses. One question I have about this is whether the judge approves just the argument that the records are necessary and the term is associated with a foreign power, or does the judge approve the term itself?

(D) an enumeration of the minimization procedures adopted by the Attorney General under subsection (g) that are applicable to the retention and dissemination by the Federal Bureau of Investigation of any tangible things to be made available to the Federal Bureau of Investigation based on the order requested in such application.

(c) Ex parte judicial order of approval
(1) Upon an application made pursuant to this section, if the judge finds that the application meets the requirements of subsections (a) and (b), and that the minimization procedures submitted in accordance with subsection (b)(2)(D) meet the definition of minimization procedures under subsection (g), the judge shall enter an ex parte order as requested, or as modified, approving the release of tangible things. Such order shall direct that minimization procedures adopted pursuant to subsection (g) be followed.

Continue reading

The Verizon Publicity Stunt, Mosaic Theory, and Collective Fourth Amendment Rights

On Friday, I Con the Record revealed that a telecom — Ellen Nakashima confirms it was Verizon — asked the FISA Court to make sure its January 3 order authorizing the phone dragnet had considered Judge Richard Leon’s December 16 decision that it was unconstitutional. On March 20, Judge Rosemary Collyer issued an opinion upholding the program.

Rosemary Collyer’s plea for help

Ultimately, in an opinion that is less shitty than FISC’s previous attempts to make this argument, Collyer examines the US v. Jones decision at length and holds that Smith v. Maryland remains controlling, mostly because no majority has overturned it and SCOTUS has provided no real guidance as to how one might do so. (Her analysis raises some of the nuances I laid out here.)

The section of her opinion rejecting the “mosaic theory” that argues the cumulative effect of otherwise legal surveillance may constitute a search almost reads like a cry for help, for guidance in the face of the obvious fact that the dragnet is excessive and the precedent that says it remains legal.

A threshold question is which standard should govern; as discussed above, the court of appeals’ decision in Maynard and two concurrences in Jones suggest three different standards. See Kerr, “The Mosaic Theory of the Fourth Amendment,” 111 Mich. L. Rev. at 329. Another question is how to group Government actions in assessing whether the aggregate conduct constitutes a search.See id. For example, “[w]hich surveillance methods prompt a mosaic approach? Should courts group across surveillance methods? If so, how? Id. Still another question is how to analyze the reasonableness of mosaic searches, which “do not fit an obvious doctrinal box for determining reasonableness.” Id. Courts adopting a mosaic theory would also have to determine whether, and to what extent, the exclusionary rule applies: Does it “extend over all the mosaic or only the surveillance that crossed the line to trigger a search?”

[snip]

Any such overhaul of Fourth Amendment law is for the Supreme Court, rather than this Court, to initiate. While the concurring opinions in Jones may signal that some or even most of the Justices are ready to revisit certain settled Fourth Amendment principles, the decision in Jones itself breaks no new ground concerning the third-party disclosure doctrine generally or Smith specifically. The concurring opinions notwithstanding, Jones simply cannot be read as inviting the lower courts to rewrite Fourth Amendment law in this area.

As I read these passages, I imagined that Collyer was trying to do more than 1) point to how many problems overruling the dragnet would cause and 2) uphold the dignity of the rubber stamp FISC and its 36+ previous decisions the phone dragnet is legal.

There is reason to believe she knows what we don’t, at least not officially: that even within the scope of the phone dragnet, the dragnet is part of more comprehensive mosaic surveillance, because it correlates across platforms and identities. And all that’s before you consider how, once dumped into the corporate store and exposed to NSA’s “full range of analytic tradecraft,” innocent Americans might be fingerprinted to include our lifestyles.

That is, not only doesn’t Collyer see a way (because of legal boundary concerns about the dragnet generally, and possibly because of institutional concerns about FISC) to rule the dragnet illegal, but I suspect she sees the reverberations that such a ruling would have on the NSA’s larger project, which very much is about building mosaics of intelligence.

No wonder the government is keeping that August 20, 2008 opinion secret, if it indeed discusses the correlations function in the dragnet, because it may well affect whether the dragnet gets assessed as part of the mosaic NSA uses it as.

Verizon’s flaccid but public legal complaint

Now, you might think such language in Collyer’s opinion would invite Verizon to appeal this decision. But given this lukewarm effort, it seems unlikely to do so. Consider the following details:

Leon issued his decision December 16. Verizon did not ask the FISC for guidance (which makes sense because they are only permitted to challenge orders).

Verizon got a new Secondary Order after the January 3 reauthorization. It did not immediately challenge the order.

It only got around to doing so on January 22 (interestingly, a few days after ODNI exposed Verizon’s role in the phone dragnet a second time), and didn’t do several things — like asking for a hearing or challenging the legality of the dragnet under 50 USC 1861 as applied — that might reflect real concern about anything but the public appearance of legality. (Note, that timing is of particular interest, given that the very next day, on January 23, PCLOB would issue its report finding the dragnet did not adhere to Section 215 generally.)

Indeed, this challenge might not have generated a separate opinion if the government weren’t so boneheaded about secrecy.

Verizon’s petition is less a challenge of the program than an inquiry whether the FISC has considered Leon’s opinion.

It may well be the case that this Court, in issuing the January 3,2014 production order, has already considered and rejected the analysis contained in the Memorandum Order. [redacted] has not been provided with the Court’s underlying legal analysis, however, nor [redacted] been allowed access to such analysis previously, and the order [redacted] does not refer to any consideration given to Judge Leon’s Memorandum Opinion. In light of Judge Leon’s Opinion, it is appropriate [redacted] inquire directly of the Court into the legal basis for the January 3, 2014 production order,

As it turns out, Judge Thomas Hogan (who will take over the thankless presiding judge position from Reggie Walton next month) did consider Leon’s opinion in his January 3 order, as he noted in a footnote.

Screen Shot 2014-04-28 at 10.49.42 AM

And that’s about all the government said in its response to the petition (see paragraph 3): that Hogan considered it so the FISC should just affirm it.

Verizon didn’t know that Hogan had considered the opinion, of course, because it never gets Primary Orders (as it makes clear in its petition) and so is not permitted to know the legal logic behind the dragnet unless it asks nicely, which is all this amounted to at first.

Note that the government issued its response (as set by Collyer’s scheduling order) on February 12, the same day it released Hogan’s order and its own successful motion to amend it. So ultimately this headache arose, in part, because of the secrecy with which it treats even its most important corporate spying partners, which only learn about these legal arguments on the same schedule as the rest of us peons.

Yet in spite of the government’s effort to dismiss the issue by referencing Hogan’s footnote, Collyer said because Verizon submitted a petition, “the undersigned Judge must consider the issue anew.” Whether or not she was really required to or could have just pointed to the footnote that had been made public, I don’t know. But that is how we got this new opinion.

Finally, note that Collyer made the decision to unseal this opinion on her own. Just as interesting, while neither side objected to doing so, Verizon specifically suggested the opinion could be released with no redactions, meaning its name would appear unredacted.

The government contends that certain information in these Court records (most notably, Petitioner’s identity as the recipient of the challenged production order) is classified and should remain redacted in versions of the documents that are released to the public. See Gov’t Mem. at 1. Petitioner, on the other hand, “request[s] no redactions should the Court decide to unseal and publish the specified documents.” Pet. Mem. at 5. Petitioner states that its petition “is based entirely on an assessment of [its] own equities” and not on “the potential national security effects of publication,” which it “is in no position to evaluate.” Id.

I’ll return to this. But understand that Verizon wanted this opinion — as well as its own request for it — public.

Continue reading

In 2009, DOJ Claimed Its Lawyers Could Not Read Docket Numbers in 2007

Some time ago, I noted that DOJ appears not to have provided the classified report on Section 215 for the Judiciary and Intelligence Committees mandated by the 2006 PATRIOT Act Reauthorization to Congress in 2009 to 2011. Instead of being sent to the Chairs of the Committees, the reports for those years were simply “filed.”

DOJ continued to provide Congress the unclassified FISA report, which included much of the same information about the numbers of Section 215 orders approved and modified.

But those reports would not have included two critical details: the fact that the sharply increasing number of modifications pertained to the FISC’s imposition of minimization procedures, suggesting collection in some bulk.

And the number of sensitive Section 215 orders issued under the following categories.

(A) Library circulation records, library patron lists, book sales records, or book customer lists.

(B) Firearms sales records.

(C) Tax return records.

(D) Educational records.

(E) Medical records containing information that would identify a person.

So for the years 2008 to 2010, even two of four designated oversight committees did not learn these details (the Intelligence Committees are required to get details on every request, but who knows if that requirement was met?).

In that post, I also noted a problem with 2007′s numbers, as well, a problem DOJ readily admitted in the unclassified report issued in 2009 (supposedly covering 2008).

In its 2008 report, the Department reported to Congress that during Calendar year 2007, the Govermnent made-six applications to the FISC for access to certain business records (including the production of tangible things) for foreign intelligence purposes. Further review of the Government’s records subsequently revealed that the Government had made seventeen applications to the FISC for access to certain business records. The FISC did not deny, in whole or in part, any such application filed by the Government during calendar year 2007.

“Further review revealed.”

Bullshit.

I’m just now realizing how utterly unbelievable this is.

You see, the way the docket works, each new request has its own docket number, so to count the requests you need only count the dockets.

The last docket in the phone dragnet is BR 07-16, issued October 18, 2007 (meaning there was just one more business record docket that year). There is no conceivable way DOJ could not very simply have come up with the correct number for both reports to Congress by looking at the final docket number, which should have been 17. Which means Congress may never have gotten the proper classified detail on those additional 11 requests.

DOJ hid — purposely, necessarily, based on the way the dockets work — the details on sensitive requests to Congress in 2007. Then they appear to have hid the sensitive requests for the following three years. Given that John Bates is copied on the first request thereafter, it appears he may have made them finally fulfill the letter of the law.

They clearly were hiding something about their other Section 215 requests, for four full years.

Surprise! DOJ IG’s 1,403 Day Old Section 215 Investigation Had a Baby!

As longtime readers know, I have long tracked a DOJ Inspector General investigation into FBI’s use of Section 215 and other PATRIOT Act authorities.

  • June 2010: Then DOJ IG Glenn Fine lays out investigation
  • June 2013: Transition to Michael Horowitz stalls PATRIOT investigation
  • August 2013: The investigation has been ongoing
  • September 2013: Pat Leahy calls for an IC IG investigation into 215 and 702; IC IG Charles McCullough declines
  • December 2013: Horowitz states current investigation limited by AG/DNI declassification of earlier reports

A good healthy obsession!

Since it’s been a while — the investigation is now 1,403 days old — yesterday I decided to nag the IG office.

They were mum on when we might finally see the report. Instead of offering details, they directed me to their new (apparently brand spanking new) “in the interest of transparency” page on their ongoing work.

It shows the long-promised report, still focusing on Section 215 use through 2009, as well as NSLs and pen register.

Use of National Security Letters, Section 215 Orders, and Pen Register and Trap-and-Trace Authorities under FISA from 2007 through 2009

The OIG is again examining the FBI’s use of NSLs and Section 215 orders for business records. This review is assessing the FBI’s progress in responding to the OIG’s recommendations in its first and second reports on the FBI’s use of NSLs and its report on the FBI’s improper use of exigent letters and other informal means to obtain telephone records. A focus of this review is the NSL subsystem, an automated workflow system for NSLs that all FBI field offices and headquarters divisions have been required to use since January 1, 2008, and the effectiveness of the subsystem in reducing or eliminating noncompliance with applicable authorities. The current review is also examining the number of NSLs issued and Section 215 applications filed by the FBI between 2007 and 2009, and any improper or illegal uses of these authorities. In addition, the review is examining the FBI’s use of its pen register and trap-and-trace authority under FISA.

But it also shows a report not mentioned in Michael Horowitz’ last report.

A report on the dragnet.

Bulk Telephony Review

The OIG is reviewing the FBI’s use of information derived from the National Security Agency’s (NSA) collection of telephony metadata obtained from certain telecommunications service providers under Section 215 of the Patriot Act. The review will examine the FBI’s procedures for receiving, processing, and disseminating leads the NSA develops from the metadata, and any changes that have been made to these procedures over time. The review will also examine how FBI field offices respond to leads, and the scope and type of information field offices collect as a result of any investigative activity that is initiated. In addition, the review will examine the role the leads have had in FBI counterterrorism efforts.

In truth, this investigation may not be all that distinct from the known PATRIOT authorities investigation. The minimization procedures for both – and therefore the way the information gets used, an issue central to both investigations — appear to be the same. And to the extent that the number of 215 orders with minimization procedures has been growing since 2010 indicates the FBI is collecting other information in bulk, the programs may well interrelate.

At first, I thought that this investigation, with the very significant exception of the way the dragnet serves to identify informants, might not reveal anything that problematic. Upon review, I’m not so sure. I’ll explain why in a follow-up report.

The one big difference between the two investigations, however (and I’ll discuss this at more length in the follow-up), is that dragnet investigation, unlike the PATRIOT Authority one, appears not to be time delimited. Whereas the older investigation only looks at practices through 2009, the dragnet investigation appears to be examining on-going practices. It seems to be investigating all the 215-related issues identified by Pat Leahy that the IC IG should investigate that come under DOJ’s jurisdiction.

So bad news good news! DOJ is still, 1,403 days later, investigating how the FBI used PATRIOT Act authorities 5 years ago, meaning more recent developments are not getting much attention.

But there is a potentially related investigation looking at what the FBI ingests from the phone dragnet (at least the small part relating to Section 215) right now.

Is This the Missing WikiLeaks PayPal Order?

As I noted in this post, the declaration submitted in EFF’s FOIA for Section 215 by ODNI’s Jennifer Hudson is remarkably revealing. I’m particularly intrigued by these comments about the financial dragnet order released on March 28.

A FISC Supplemental Order in BR 10-82, dated November 23, 2010 and consisting of two pages, has been withheld in part to protect certain classified and law enforcement sensitive information. The case underlying BR 10-82 is an FBI counterterrorism investigation of a specific target. That investigation is still pending. Here, in the course of a pending counterterrorism investigation, the FBI sought authorization under the FISA to obtain financial records, under the FISA’s business records provision, pertaining to the target of the investigation and in fact obtained such authorization.

[snip]

Here, in the course of a pending counterterrorism investigation, the FBI sought authorization under the FISA to obtain certain financial records. The FISC Supplemental Order, which was issued in relation to its authorization for such collection, was thus compiled for law enforcement purposes, in furtherance of a national security investigation within the FBI’s authorized law enforcement duties.

[snip]

Here, the FBI has determined that the release of the final paragraph of the order, which describes certain requirements reflecting the FBI’s particular implementation of the authority granted by the FISC, could reasonably be expected to adversely impact the pending investigation and any resulting prosecutions. Release of this paragraph would reveal the specific and unique implementation requirements imposed on the FBI under this FISA-authorized collection during a particular time period. It is unclear what and how much the target might already know about the FBI’s investigation. However, as more fully explained in my classified ex parte, in camera declaration, there is reason to believe that the target or others knowledgeable about the nature and timing of the investigation could piece together this information, the docket number, the dates of the collection, and other information which has already been released or deduced to assemble a picture that would reveal to the target that the target was the subject of a particular type of intelligence collection during a specific time period, and by extension, that the target’s associates during that period may have been subject to similar intelligence collections. This could lead the target to deduce the scope, focus, and direction of the FBI’s investigative efforts, and potentially any gaps in the collections, from which the target could deduce times when the target’s activities were “safe.” [my emphasis]

The bolded section says that certain people — the target, but also “others knowledgeable about the nature and timing of the investigation” — could put the financial dragnet request together with other information released or deduced to figure out that the target and his associates had had their financial data collected.

Gosh, that’s like waving a flag at anyone who might be “knowledgeable about the nature of the investigation.”

What counterterrorism investigation has generated sufficient attention such that not only the target, but outsiders, would recognize this order pertains the investigation in question? The investigation would be:

  • A counterterrorism investigation
  • In relatively early stages on November 23, 2010
  • Used financial records in a potentially novel way, perhaps to identify affiliates of the target
  • Still going on

The CIA & etc. Money Order Orders

One obvious possibility is the generalized CIA investigation into Western Union and international money transfers reported by WSJ and NYT last year. While both stories said the CIA got these orders, I suggested it likely that FBI submitted the orders and disseminated the information as broadly as FBI’s information sharing rules allowed, not least because CIA has no analytical advantage on such orders, as NSA would have for the phone dragnet.

There are two reasons this is unlikely. First, there’s the timing. The WSJ version of the story, at least, suggested this had been going on some time, before 2010. If that’s the case, then there’s no reason to believe a new order in 2010 reviewed this issue. And while I don’t think the 2010 order necessarily indicates the first financial 215 order (after all, it took 2.5 years before FISC weighed the equivalent question in the phone dragnet), it is unlikely that this order comes from an existing program.

That’s true, too, because this seems to be tied to a specific investigation, rather than the enterprise counterterrorism investigation that underlies the phone dragnet (and presumably the CIA program). So while this practice generated enough attention to be the investigation, I doubt it is.

The Scary Car Broker Plot

Then there’s what I call the Scary Car Broker Plot, which I wrote about here. Basically, it’s a giant investigation into drug trafficking from Colombia through Western Africa that contributes some money to Hezbollah and therefore has been treated as a terror terror terror investigation when in reality it is a drug investigation. Treasury named Ayman Joumaa, the ultimate target of that investigation, a Specially Designated Trafficker in February 2011, so presumably the investigation was very active in November 2010, when FISC issued the order. The case’s domestic component involves the car broker businesses of a slew of (probably completely innocent) Lebanese-Americans, who did business with the larger network via wire transfers.

The Car Buyers also received wire transfers for the purpose of buying and shipping used cars from other account holders at the Lebanese Banks (“Additional Transferors”), including the OFAC-designated Phenicia Shipping (Offshore); Ali Salhab and Yasmin Shipping & Trading; Fadi Star and its owners, Mohammad Hammoud and Fadi Hammoudi Fakih for General Trade, Khodor Fakih, and Ali Fakih; and Youssef Nehme.

Perhaps most interesting, the government got at these businessmen by suing them, rather than charging them, which raised significant Fifth Amendment Issues. So between that tactic and Joumaa’s rather celebrated status, I believe this is a possible case. And the timing — from 2007 until 2011, when Joumaa got listed — would certainly make sense.

All that said, this aspect of the investigation was made public in the suit naming the car brokers, so FBI would be hard-pressed to claim that providing more details would compromise the investigation.

HSBC’s Material Support for Terrorism

Then there’s a very enticing possibility: that this is an investigation into HSBC for its material support for terrorism, in the form of providing cash dollars to the al Rajhi bank which went on to support terrorist attacks (including 9/11).

HSBC’s wrist slap for money laundering is one of the most noted legal atrocities in recent memory, but most people focus on the bank’s role laundering money for drug cartels. Yet as I’ve always emphasized, HSBC also played a key role in providing money to al Qaeda-related terrorists.

As the Permanent Subcommittee on Investigations’ report made clear, HSBC’s material support for terror continued until 2010.

After the 9-11 terrorist attack in 2001, evidence began to emerge that Al Rajhi Bank and some of its owners had links to financing organizations associated with terrorism, including evidence that the bank’s key founder was an early financial benefactor of al Qaeda. In 2005, HSBC announced internally that its affiliates should sever ties with Al Rajhi Bank, but then reversed itself four months later, leaving the decision up to each affiliate. HSBC Middle East, among other HSBC affiliates, continued to do business with the bank.

Due to terrorist financing concerns, HBUS closed the correspondent banking and banknotes accounts it had provided to Al Rajhi Bank. For nearly two years, HBUS Compliance personnel resisted pressure from HSBC personnel in the Middle East and United States to resume business ties with Al Rajhi Bank. In December 2006, however, after Al Rajhi Bank threatened to pull all of its business from HSBC unless it regained access to HBUS’ U.S. banknotes program, HBUS agreed to resume supplying Al Rajhi Bank with shipments of U.S. dollars. Despite ongoing troubling information, HBUS provided nearly $1 billion in U.S. dollars to Al Rajhi Bank until 2010, when HSBC decided, on a global basis, to exit the U.S. banknotes business. HBUS also supplied U.S. dollars to two other banks, Islami Bank Bangladesh Ltd. and Social Islami Bank, despite evidence of links to terrorist financing. Each of these specific cases shows how a global bank can pressure its U.S. affiliate to provide banks in countries at high risk of terrorist financing with access to U.S. dollars and the U.S. financial system. [my emphasis]

Now, the timing may match up here, and I’d really love for a bankster to be busted for supporting terrorism. Plus, an ongoing investigation into this part of HSBC’s crimes might explain why Lanny Breuer said nothing about it when he announced the settlement with HSBC. But I doubt this is the investigation. That’s because former Treasury Undersecretary for Terrorism and Financial Intelligence Stuart Levey moved to HSBC after this point in time, in large part in a thus-far futile attempt to try to clean up the bank. And I can’t imagine a lawyer could ethically take on this role while (presumably) knowing about such seizures. Moreover, as the PSI report made clear, there are abundant other ways to get at the kind of data at issue in the HSBC investigation without Section 215 orders.

Who am I kidding? This DOJ won’t ever really investigate a bank!

WikiLeaks the Aider of Al Qaeda 

I realize these three possibilities do not exhaust the list of sufficiently significant and sufficiently old terrorism investigations that might be the target named in the order. So I’m happy to hear other possibilities.

But there is one other investigation that is a near perfect fit for almost all the description provided by Hudson: WikiLeaks.

As I’ve reported, EPIC sued to enforce a FOIA for records the FBI has on investigations into WikiLeaks supporters. The FOIA asked for and FBI did not deny having, among other things, financial records.

All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks.

In addition to withholding information that they apparently have because of an ongoing investigation (though the Judge has required the government to confirm it is still ongoing by April 25), the government also claimed exemption under a statute that they bizarrely refused to name. I speculated four months before Edward Snowden’s leaks that that statute was Section 215.

And the timing on this investigation is a perfect fit. On November 3, 2010, Joint Terrorism Task Force Officer Darin Louck seized David House’s computer as he came across the border from Mexico. While House refused to give the government his encryption passwords, the seizure makes it clear FBI was targeting WikiLeaks supporters. Then, according Alexa O’Brien, on November 21, 2010, a report on the upcoming Cablegate release was included in President Obama’s Daily Brief. The government spent the weeks leading up to the first releases in Cablegate on November 28, 2010 scrambling to understand what might be in them. On December 4, PayPal started refusing donations to WikiLeaks. And on December 6, Eric Holder stated publicly he had authorized extraordinary investigative measures “just last week.”

Nor would he say whether the actions involved search warrants, requests under the Foreign Intelligence Surveillance Act, which authorizes wiretaps or other means, describing them only as “significant.”

“I authorized just last week a number of things to be done so that we can, hopefully, get to the bottom of this and hold people accountable as they should be,” he said.

December 6 was a Monday and technically Tuesday, November 23 would have been 2 weeks earlier, just 2 days before Thanksgiving. But a Section 215 order doesn’t require AG approval, and indeed, dragnet orders often generate leads for more intrusive kinds of surveillance.

Moreover, according to Hudson’s declaration, this order did precisely what EPIC’s FOIA seems to confirm FBI did, investigate not just Julian Assange, but also his associates (also known as supporters), including WikiLeaks donors.

The only thing — and it is a significant thing — that would suggest this guess is wrong is Hudson’s description of this as a “counterterrorism” investigation and not a “counterespionage” investigation (which is how Holder was discussing it in December 2010).

But that doesn’t necessarily rule WikiLeaks out. As noted above, already by early November 2010, the FBI had JTTF agents involved in the investigation. And central to the government’s failed claim that Chelsea Manning had aided the enemy was that she had made the Afghan war logs available knowing (from the DIA report she accessed) that the government worried about al Qaeda accessing such things, and that some Afghan war logs were found at Osama bin Laden’s compound. So the government clearly has treated its WikiLeaks investigation as a counterterrorism investigation.

Moreover, all Hudson’s declaration claims is that the government currently considers this a counterterrorism investigation. Section 215 can be used for counterintelligence investigations (as I’ve noted over and over). Since the Osama bin Laden raid revealed al Qaeda had accessed cables, the government has maintained that it does involve al Qaeda. So it may be that Hudson’s reference to the investigation as a counterterrorism investigation only refers to its current status, and not the status used to obtain the order in 2010.

That said, Hudson also provided a classified version of her statement to Judge Yvonne Gonzales Rogers, and I can’t imagine she’d try to pitch the WikiLeaks case as a counterterrorism one if a judge actually got to check her work. But you never know!

It’s likely that I’m forgetting a very obviously publicly known counterterrorism investigation.

But I think it possible that either the Scary Car Broker plot or WikiLeaks is the target named in the order.

DOJ Says You Can’t Know If They’ve Used the Dragnet Against You … But FISC Says They’re Wrong

As I noted the other day in yet another post showing why investigations into intelligence failures leading up to the Boston Marathon attack must include NSA, the government outright refuses to tell Dzhokhar Tsarnaev whether it will introduce evidence obtained using Section 215 at trial.

Tsarnaev’s further request that this Court order the government to provide notice of its intent to use information regarding the “. . . collection and examination of telephone and computer records pursuant to Section 215 . . .” that he speculates was obtained pursuant to FISA should also be rejected. Section 215 of Pub. L. 107-56, conventionally known as the USA PATRIOT Act of 2001, is codified in 50 U.S.C. § 1861, and controls the acquisition of certain business records by the government for foreign intelligence and international terrorism investigations. It does not contain a provision that requires notice to a defendant of the use of information obtained pursuant to that section or derived therefrom. Nor do the notice provisions of 50 U.S.C. §§ 1806(c), 1825(d), and 1881e apply to 50 U.S.C § 1861. Therefore, even assuming for the sake of argument that the government possesses such evidence and intends to use it at trial, Tsarnaev is not entitled to receive the notice he requests.

This should concern every American whose call records are likely to be in that database, because the government can derive prosecutions — which may not even directly relate to terrorism — using the digital stop-and-frisk standard used in the dragnet, and never tell you they did so.

Note, too, Dzhokhar’s lawyers are  not just asking for phone records, but also computer records collected using Section 215, something Zoe Lofgren has made clear can be obtained under the provision.

And in the case in which Dzhokhar’s college buddies are accused of trying to hide his computer and some firecracker explosives, prosecutors profess to be unable to provide any of the text messages Dzhokhar sent after his last text to them. That stance seems to pretend they couldn’t get at least the metadata from those texts from the phone dragnet.

The government, then, claims that defendants can’t have access to data collected using Section 215. They base that claim on the absence of any language in the Section 215 statute, akin to that found in FISA content collection statutes, providing for formal notice to defendants.

But at least in the case of the phone dragnet, that stance appears to put them in violation of the dragnet minimization procedures. That’s because since at least September 3, 2009 and continuing through the last dragnet order released (note, ODNI seems to be taking their time on releasing the March 28 order),  the minimization procedures have explicitly provided a way to make the query results available for discovery. Here’s the language from 2009.

Notwithstanding the above requirements, NSA may share information derived from the BR metadata, including U.S. person identifying information, with Executive Branch personnel in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings.

The government routinely points to these very same minimization procedures to explain why it can’t provide information to Congress or other entities. But if the minimization procedures trump other statutes to justify withholding information, surely they must have the weight of law for disclosure to criminal defendants. And all that’s before you consider the Brady and Constitutional reasons that should trump the government’s interpretation as well.

Using the formulation the government always uses when making claims about the dragnet’s legality, on at least 21 occasions, FISC judges have envisioned discovery to be part of the minimization procedures with which the government must comply. At least 7 judges have premised their approval of the dragnet, in part, on the possibility exculpatory information may be shared in discovery.

Now, there is a limit to the discovery envisioned by these 21 FISA orders; this discovery language, in the most recently published order, reads:

Notwithstanding the above requirements, NSA may share results from intelligence analysis queries of the BR metadata, including U.S. person identifying information, with Executive Branch personnel (1) in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings …

That is, this discovery language only includes the “results from intelligence analysis queries.” It doesn’t permit new queries of the entire database, a point the government makes over and over. But in the case of the Marathon bombing, we know the queries have been run, because Executive Branch officials have been bragging about the queries they did after the bombing that gave them “peace of mind.”

Those query results are there, and the FISC judges explicitly envisioned the queries to be discoverable. And yet the government, in defiance of the minimization procedures they claim are sacred, refuse to comply.

Spy vs. Spy, Theresa Shea vs. Theresa Shea

The government has submitted its response to ACLU’s appeal of its lawsuit challenging the Section 215 dragnet.

This passage, which reminded me of the old Mad Magazine Spy vs. Spy comic, made me pee my pants in laughter.

Various details of the program remain classified, precluding further explanation here of its scope, but the absence of those details cannot justify unsupported assumptions. For example, the record does not support the conclusion that the program collects “virtually all telephony metadata” about telephone calls made or received in the United States. SPA 32, quoted in Pl. Br. 12; see also, e.g., Pl. Br. 1-2, 23, 24, 25, 48, 58. Nor is that conclusion correct. See Supp. Decl. of Teresa H. Shea ¶ 7, First Unitarian Church of Los Angeles v. NSA, No. 4:13cv3287 (filed Feb. 21, 2014).3

3 The precise scope of the program is immaterial, however, because, as we explain, the government should prevail as a matter of law even if the scope of the program were as plaintiffs describe. [my emphasis]

Note that they’re citing a declaration from SIGINT Director Theresa Shea submitted in another case, the EFF challenge to the phone dragnet? They’re citing that Shea declaration rather than the one Shea submitted in this very case.

In her declaration submitted in this case in October, Shea said NSA collected all the call records from the providers subject to Section 215.

Pursuant to Section 215, the FBI obtains from the FISC directing certain telecommunications service providers to produce all business records created by them (known as call detail records) that contain information about communications between telephone numbers, generally relating to telephone calls made between the U.S. and a foreign country and calls made entirely within the U.S. (¶14) [my emphasis]

Not all providers. But for the providers in question, “all business records.”

Remember, ACLU is suing on their own behalf, and they are Verizon customers. We know Verizon is one of the providers in question, and Shea has told us that providers in question, of which Verizon is one, provide “all business records.”

Theresa Shea, in a declaration submitted in the suit in question: “All.”

Rather than citing the declaration submitted in this suit, the government instead cites a declaration Shea submitted all the way across the country in the EFF suit, one she submitted four months later, after both the ACLU and Judicial Watch suits had been decided at the District level.

Ostensibly written to describe the changes in scope the President rolled out in January, Shea submitted a new claim about the scope of the program in which she insisted that the program (ignoring, of course, that Section 215 is just a small part of the larger dragnet) does not collect “all.”

Although there has been speculation that the NSA, under this program, acquires metadata relating to all telephone calls to, from, or within the United States, that is not the case. The Government has acknowledged that the program is broad in scope and involves the collection and aggregation of a large volume of data from multiple telecommunications service providers, but as the FISC observed in a decision last year, it has never captured information on all (or virtually all) calls made and/or received in the U.S. See In re Application of the FBI for an Order Requiring the Production of Tangible Things from [Redacted], Dkt. No. BR13-109 Amended Mem. Op. at 4 n.5 (F.I.S.C. Aug. 29, 2013) (publicly released, unclassified version) (“The production of all call detail records of all persons in the States has never occurred under under this program.“) And while the Government has also acknowledged that one provider was the recipient of a now-expired April 23, 2013, Secondary Order from the FISC (Exhibit B to my earlier declaration), the identities of the carriers participating in the program(either now, or at any time in the past) otherwise remain classified. [my emphasis]

I explained in detail how dishonest a citation Theresa Shea’s newfound embrace of “not-all” is.

Here, she’s selectively citing the declassified August 29, 2013 version of Claire Eagan’s July 19, 2013 opinion. The latter date is significant, given that the day the government submitted the application tied to that order, NSA General Counsel Raj De made it clearthere were 3 providers in the program (see after 18:00 in the third video). These are understood to be AT&T, Sprint, and Verizon.

Shea selectively focuses on language that describes some limits on the dragnet. She could also note that Eagan’s opinion quoted language suggesting the dragnet (at least in 2011) collected “substantially all” of the phone records from the providers in question, but she doesn’t, perhaps because it would present problems for her “virtually all” claim.

Moreover, Shea’s reference to “production of all call detail records” appears to have a different meaning than she suggests it has when read in context. Here’s what the actual language of the opinion says.

Specifically, the government requested Orders from this Court to obtain certain business records of specified telephone service providers. Those telephone company business records consist of a very large volume of each company’s call detail records or telephony metadata, but expressly exclude the contents of any communication; the name, address, or financial information of any subscriber or customer; or any cell site location information (CSLI). Primary Ord. at 3 n.l.5

5 In the event that the government seeks the production of CSLI as part of the bulk production of call detail records in the future, the government would be required to provide notice and briefing to this Court pursuant to FISC Rule 11. The production of all call detail records of all persons in the United States has never occurred under this program. For example, the government [redacted][my emphasis]

In context, the reference discusses not just whether the records of all the calls from all US telecom providers (AT&T, Sprint, and Verizon, which participated in this program on the date Eagan wrote the opinion, but also T-Mobile and Cricket, plus VOIP providers like Microsoft, owner of Skype, which did not) are turned over, but also whether each provider that does participate (AT&T, Sprint, and Verizon) turns over all the records on each call. The passage makes clear they don’t do the latter; AT&T, Sprint, and Verizon don’t turn over financial data, name, or cell location, for example! And since we know that at the time Eagan wrote this opinion, there were just those 3 providers participating, clearly the records of providers that didn’t use the backbone of those 3 providers or, in the case of Skype, would be inaccessible, would be missed. So not all call detail records from the providers that do provide records, nor records covering all the people in the US. But still a “very large volume” from AT&T, Sprint, and Verizon, the providers that happen to be covered by the suit.

That is, in context, the “all call detail records of all persons in the United States has never occurred” claim meant that even for the providers obligated under the order in question — AT&T, Sprint, and Verizon — there were parts of the call records (like the financial information) they didn’t turn over, though they turned over records for all calls. That’s consistent with Eagan’s quotation of the “virtually all” records with respect to the providers in question.

But by citing it disingenuously, Shea utterly changes the meaning Eagan accorded it.

Theresa Shea, disingenuously citing a declaration submitted in another suit: “Not all.”

It’s like the hilarity of Mad Magazine’s old Spy vs. Spy comics. Only in this case, it pits top spy Theresa Shea against top spy Theresa Shea.

The Day After Government Catalogs Data NSA Collected on Tsarnaevs, DOJ Refuses to Give Dzhokhar Notice

On Thursday, the Inspectors General of the Intelligence Community, DOJ, CIA, and DHS (but not NSA) released their report on the Marathon Bombing. While the public release was just a very condensed summary, included the redaction of both classified and “sensitive” information, and made no attempt to reconstruct data government agencies had or could have had on Dzhokhar Tsarnaev, the report did show that the NSA had data on Tamerlan Tsarnaev and that the FBI found information on his computers that NSA might have gotten via other means.

On Friday, prosecutors in the case against Dzhokhar refused to tell him what they collected under FISA.

Before I get into the government’s refusal on FISA notice — some of which has repercussions for other cases — let’s go over what electronic communications the government did have or could have had.

First, the IG Report (which did not specifically involve NSA’s IG and did not include Dzhokhar in its scope) nevertheless points to information NSA collected in 2012 that was not turned over to FBI until after the attack.

Screen Shot 2014-04-12 at 12.37.13 PM

The report also points to communications dating to January 2011, which is entirely redacted. This probably refers to communications the Russians intercepted, not the NSA (indeed, the report discusses NSA data, above, later in the same section, which indicates the earlier redaction doesn’t pertain to NSA). Though there’s no indication whether the NSA received notice of these communications, including the non-US person interlocutor located overseas involved in them, who would have been a legal NSA target.

Continue reading

Judge in WikiLeaks FOIA Cites “Events that Have Transpired,” Government Claims FOIA Is “Improper”

Back in 2011, the Electronic Privacy Information Center sued to enforce a FOIA for documents on FBI’s investigation of WikiLeaks supporters. In response, the government cited an ongoing investigation exemption. But they also cited a statutory exemption, claiming some law prevented them from releasing the records on investigations into WikiLeaks supporters. Unusually, DOJ refused to name the law in question. For that reason, and because my suspicions of how Section 215 gets used suggested it would make a spectacular tool for investigating a group of WikiLeaks supporters, I suggested that the statute was likely Section 215.

Since then, we’ve seen indications of NSA involvement in the investigation into WikiLeaks, though without any details from before EPIC’s FOIA.

And until March 11, that’s where things stood, with the government claiming it couldn’t release records about its investigation into completely innocent supporters of a publishing outlet and the judge (who had been newly assigned to the case in April 2013) doing nothing with the government’s motion for summary judgement.

On March 11, however, Judge Barbara Jacobs Rothstein ordered DOJ and EPIC to submit briefs updating her on the status of the investigation into WikiLeaks and with it the government’s ongoing investigation exemption, but not its claimed statutory exemption.

The Court takes judicial notice that events have transpired during that time that may cause the government’s position to to have changed. Therefore, the Court instructs the government to update its position regarding Plaintiff’s FOIA request, particularly with respect to the government’s invocation of exemption 7(A).

The language of her order suggests two things. First, if Rothstein is asking whether the 7(A) ongoing investigation exemption remains active, it suggests she’s may not accept the government’s statutory exemption 3 to completely withhold these documents. And she doesn’t say what the “events” that “have transpired” are, but it’s probably not any developments in the WikiLeaks investigation, as that’s what she says she doesn’t know. That makes it likely the Snowden leaks and related official disclosures have made the exemption 3, the basis for which she knows about from classified declarations, moot.

That’s all tea leaf reading. And even if I’ve read the tea leaves correctly, it doesn’t mean I’m right about Section 215. After all, back door searches on collection targeted at Julian Assange (who, as a foreign citizen and alleged spy, would be a legal target under Section 702 or even generally) would be a useful investigation into WikiLeaks supporters as well, though there’s abundant reason to believe dragnet queries serve as the basis for back door searches. Still, I think it’s likely that something that has been released and declassified since last April has mooted the government’s secret statutory claims.

The government, having sat on Judge Rothstein’s April 11 deadline from March 11 until Tuesday, is now stalling for time. (h/t JG; links to come shortly) On Tuesday, the lawyer who inherited this case claimed she has another case that prevents her from writing 10 pages on the status of the WikiLeaks investigation. But also that she needs more time to consult with the “defendant agencies.”

In addition, the draft supplemental brief will require review within the Department of Justice and defendant agencies before it may be filed.

EPIC’s not buying it, citing from the judge’s previous orders warning against extensions and stating clearly that business in other matters is not a good excuse. EPIC also described DOJ’s sleazy post-business hours effort to provide notice. and noted this is precisely the kind of thing Judge Rothstein had said would get a motion summarily denied.

Ms. Zeidner Marcus also did not timely notify Plaintiff’s counsel of her plans to file this Motion for Extension of Time. Ms. Zeidner Marcus first contacted Ms. McCall on April 8, 2014, the date that the filing was due, after ordinary business hours. Ms. Zeidner Marcus first emailed Ms. McCall on April 8, 2014 at 5:01 PM and followed up at approximately 5:30 PM that day with a telephone call. This did not give Ms. McCall sufficient time to consider Ms. Zeidner Marcus’ request or to consult with Ms. McCall’s co-counsel ,Mr. Rotenberg, regarding that request. Ms. Zeidner Marcus then filed her Motion for Extension of Time at 11:23 PM on the same day (April 8, 2014).

To which DOJ responded by accusing EPIC of filing an “improper” FOIA.

This case involves plaintiff’s attempts to improperly use the Freedom of Information Act to seek information about ongoing criminal investigations.

Remember, the underlying issue here is that DOJ shouldn’t be investigating innocent supporters of a publishing outlet. But DOJ believes trying to learn how and why they are doing so is an improper FOIA.

Meanwhile, DOJ sources admitted last November that they can’t really charge Assange without charging the NYT as well.

Justice officials said they looked hard at Assange but realized that they have what they described as a “New York Times problem.” If the Justice Department indicted Assange, it would also have to prosecute the New York Times and other news organizations and writers who published classified material, including The Washington Post and Britain’s Guardian newspaper, according to the officials, who spoke on the condition of anonymity to discuss internal deliberations.

Which, I guess, explains the rudeness and urgent need for one more month. Because if the government loses both its ongoing investigation and its statutory exemptions, they might have to explain why they used national security tools against people exercising free speech.

Update: The Judge gave the government half the extension they requested, to April 25.

In light of the fact that the motion was not timely filed and that press of business is not an adequate reason for an extension, the Court will not grant the request for a thirty day extension. Instead, the Court will grant an extension to and including April 25, 2014. Plaintiff’s opposition shall be filed on or before May 12, 2014. The reply shall be file on or before May 19, 2014. In the future, the Court expects the parties to comply with the terms of the Standing Order in this case.

Initial Thoughts on Obama’s Dragnet Fix

The White House has rolled out the bare sketch of its proposal to fix the dragnet. The sketch says,

  • the government will not collect these telephone records in bulk; rather, the records would remain at the telephone companies for the length of time they currently do today;
  • absent an emergency situation, the government would obtain the records only pursuant to individual orders from the FISC approving the use of specific numbers for such queries, if a judge agrees based on national security concerns;
  • the records provided to the government in response to queries would only be within two hops of the selection term being used, and the government’s handling of any records it acquires will be governed by minimization procedures approved by the FISC;
  • the court-approved numbers could be used to query the data over a limited period of time without returning to the FISC for approval, and the production of records would be ongoing and prospective; and
  • the companies would be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.

The most important question asked in a conference call on this is what the standard for querying would be. Congress would decide that, but it Reasonable Articulable Suspicion would be the starting point.

That sketch doesn’t really answer a lot of questions about the program, including:

  • Will this program be used for “national security concerns” beyond counterterrorism? Never once did the conference call say it was limited to CT, and several comments suggested it could be used more broadly.
  • What kind of protections will the data (the overwhelming number of which would be innocent people) get once it lands at NSA (see the minimization procedures noted above)? Will it resemble the corporate store of forever datamining that currently exists?
  • Who will do the data integrity that currently requires access to the raw data, which has a dramatic influence on how much data would be responsive to a 2-hop query? The required “technical assistance” might include some of it (it definitely includes formatting the data such that NSA can legally accept it, which has caused a problem with cell data). But does Verizon or NSA or Booz go through the raw data and pull out the high volume numbers?
  • For how long will these orders be granted? (It sounds like the White House will use this to entice congressional support.)
  • Will the NSA have access to location data (I’m guessing the answer is no but would like assurances)?

All that said, this is an improvement over the status quo and over RuppRoge in several ways, not least that it applies only to phone data, and that they’re using the same vocabulary we’ve just spent 10 months agreeing on common definitions for.

Update: One observation. One thing both this reform and RuppRoge include is the ability to dictate what the government gets from providers. That’s a testament to how poorly suited the Section 215 program has always been, because it could only ask for existing business records, and most telecoms (the likely exception is AT&T) could and almost certainly did simply provide their SS7 telecom records, which would include everything, including cell location data that apparently became problematic, probably since 2010, when Congress learned NSA was actually going to start using that data. Those problems likely grew more intense after the Jones decision made it clear SCOTUS had problems with the government tracking location persistently without a warrant.

In other words, these “reforms” seem to arise as much from the fact that the outrage against this dragnet provides the government with an opportunity to build a system more appropriate to the task at hand rather than what they could jerry-rig together in secret.

Emptywheel Twitterverse
JimWhiteGNV Don't care where he is as long as it isn't Florida. And no Weis either! RT @bmaz: Let the Lane Kiffen for new coach at Michigan talk begin.
54sreplyretweetfavorite
bmaz Let the Lane Kiffen for new coach at Michigan talk begin.
4mreplyretweetfavorite
bmaz @BellaMagnani @ggatin @lrozen @CBCNews Take this tripe somewhere else or be blocked.
11mreplyretweetfavorite
bmaz @BellaMagnani @ggatin @lrozen @CBCNews I could care in the least what his latest crackpot "appeal" is. Should submit to justice or shut up.
13mreplyretweetfavorite
JimWhiteGNV US Air Strikes in Syria Proceeding as Expected: Civilian Deaths Documented, ISIS Recruitment Up http://t.co/Gs3506plVX
23mreplyretweetfavorite
bmaz @BellaMagnani @ggatin @lrozen @CBCNews ...present in the jurisdiction) or not. Again, bother someone that cares.
25mreplyretweetfavorite
bmaz @BellaMagnani @ggatin @lrozen @CBCNews ...formally "charged" under Swedish law (which doesn't formally charge without the corpus being...
26mreplyretweetfavorite
bmaz @BellaMagnani @ggatin @lrozen @CBCNews What a load of crap. He is a coward fleeing justice. The offenses are clearly detailed whether...
27mreplyretweetfavorite
JimWhiteGNV RT @APDiploWriter: KABUL, Afghanistan (AP) - #Afghanistan, #US sign security pact allowing US forces to remain in country past end of year.
3hreplyretweetfavorite
bmaz RT @JackofKent: Today the Tories will deride the Human Rights Act, which you can enforce in court, and praise Magna Carta, which you cannot.
6hreplyretweetfavorite
bmaz @MonaHol @emptywheel It absolutely is worth it. More people should understand what's being done. It is just sad this is "news" cause its not
7hreplyretweetfavorite
emptywheel @MonaHol I believe it can be shown to be either non-compliant or partial, but haven't looked closely yet. @bmaz
7hreplyretweetfavorite
September 2014
S M T W T F S
« Aug    
 123456
78910111213
14151617181920
21222324252627
282930