Even back in 2009, when Russ Feingold made it clear that Yahoo had no access to the data it needed to aggressively challenge the Protect American Act orders it received, I realized what a tough legal fight it was to litigate blind. That has only been made more clear by the document trove released last week.
Which is why Mark Zwillinger’s comments about the trove are so interesting.
First, ZwillGen points out that the challenge to the PAA directives may not have helped Yahoo avoid complying, but it did win an important victory allowing providers to challenge surveillance orders.
[I]n this fight, the government argued that Yahoo had no standing to challenge a directive on the basis of the Fourth Amendment rights of its users. See Government’s Ex Parte Brief at pages 53-56.Although the government was forced to change its position after it lost this issue at both the FISC and the FISCR — and such standing was expressly legislated into the FAA – had the government gotten its way, surveillance orders under § 702 would have been unchallengeable by any party until the fruits of the surveillance were sought to be used against a defendant in a criminal case. That would have given the executive branch even greater discretion to conduct widespread surveillance with little potential for judicial review. Even though Yahoo lost the overall challenge, winning on the standing point was crucial, and by itself made the fight personally worthwhile.
ZwillGen next notes that the big numbers reported in the press — the $250K fines for non-compliance — actually don’t capture the full extent of the fines the government was seeking. It notes that the fines would have added up to $400 million in the second month of non-compliance (it took longer than that to obtain a final decision from the FISCR).
Simple math indicates that Yahoo was facing fines of over $25 million dollars for the 1st month of noncompliance, and fines of over $400 million in the second month if the court went along with the government’s proposal. And practically speaking, coercive civil fines means that the government would seek increased fines, with no ceiling, until Yahoo complied.
Finally — going directly to the points Feingold made 5 years ago — Yahoo had no access to the most important materials in the case, the classified appendix showing all the procedures tied to the dragnet.
The ex parte, classified appendix was just that: a treasure trove of documents, significantly longer than the joint appendix, which Yahoo had never seen before August 22, 2014. Yahoo was denied the opportunity to see any of the documents in the classified, ex parteappendix—even in summary form. Those documents bear a look today. They include certifications underlying the § 702 directives, procedures governing communications metadata analysis, a declaration from the Director of National Intelligence, numerous minimization procedures regarding the FBI’s use of process, and, perhaps most importantly, a FISC decision from January 15, 2008regarding the procedures for the DNI/AG Certification at issue, which Yahoo had never seen. It examines those procedures under a “clearly erroneous” standard of review – which is one of the most deferential standards used by the judiciary. Yahoo did not have these documents at the time, nor the opportunity to conduct any discovery. It could not fully challenge statements the government made, such as the representation to FISCR “assur[ing the Court] it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary.” Nor could Yahoo use the January 15, 2008 decision to demonstrate how potential flaws in the targeting process translated into real world effects.
This blind litigation is, of course, still the position defense attorneys challenging FISA orders for their clients are in.
Yahoo actually made a pretty decent argument 6 years ago, pointing to incidental collection, collection of Americans’ records overseas (something curtailed, at least in name, under FISA Amendments Act), and dodgy analysis underlying the targeting decisions handed off to Yahoo. But they weren’t permitted the actual documentation they needed to make that case. Which left the government to claim — falsely — that the government was not conducting back door searches on incidentally collected data.
For years, ex parte proceedings have allowed the government to lie to courts and avoid real adversarial challenges to their spying. And not much is changing about that anytime soon.
There was a weird spate of reporting on the cyberthreat to banks last week. Normally, security firms (and occasionally really good tech journalists) report under their own name on such attacks — after all, they have businesses to run! But not the story — first reported by Bloomberg Wednesday evening – that Russia had attacked JP Morgan. At first, these reports appeared to be coming from FBI — given that the FBI investigation served as the lede of the story.
Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.
The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary.
But over the course of the story — and two more sources introduced with no description beyond that they had been briefed on the probe — the FBI officially gave no comment.
The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation, a third person familiar with the probe said.
J. Peter Donald, an FBI spokesman in New York, declined to comment.
In at least one of the attacks, the hackers grabbed sensitive data from the files of bank employees, including executives, according to a fourth person briefed on the probe, who, like the other individuals with knowledge of the matter, declined to divulge the name of victims other than JPMorgan. Some data related to customers may also have been accessed, the person said.
The NYT’s version of the story, published later on Wednesday, also cited a bunch of people described only as “briefed on the continuing investigation.”
A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people briefed on a continuing investigation into the crimes.
The hackers infiltrated the networks of the banks, siphoning off gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyberattack.
The motivation and origin of the attacks are not yet clear, according to investigators. The F.B.I. is involved in the investigation, and in the past few weeks a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.
According to two other people briefed on the matter, hackers infiltrated the computer networks of some banks and stole checking and savings account information from clients.
I Con the Record just released some ridiculously overclassified Internet dragnet documents it claims shows oversight but which actually shows how they evaded oversight. I’ve added letters to ID each document (I’ll do a post rearranging them into a timeline tomorrow or soon thereafter).
For a timeline I did earlier of the Internet dragnet program see this post.
This will be the first of several working threads, starting with descriptions of what we’ve got.
8/12: Note I will be updating this as I can clarify dates and content.
B. FISC Primary Order: This is an Internet dragnet order signed by Reggie Walton, probably in 2008 or very early 2009. It shows that the Internet dragnet program, which was almost certainly illegal in any case, had less oversight than the phone dragnet program (though at this point also collected fewer records). It was turned over pursuant to FAA requirements on March 13, 2009.
C. FISC Primary Order: This is an Internet dragnet order probably from May 29, 2009 (as identified in document D), signed by Reggie Walton. It shows the beginning of his efforts to work through the Internet violations. It appears to have been provided to Congress on August 31, 2009.
D. FISC Order and Supplemental Order: This is a version of the joint June 22, 2009 order released on several occasions before. It shows Reggie Walton’s efforts to work through the Internet dragnet violations. Here’s one version.
E. FISC Supplemental Order: This appears to be the dragnet order shutting down dragnet production. It would date to fall 2009 (production was likely shut down in October 2009, though this might reflect the initial shut-down).
F. FISC Primary Order: I’m fairly sure this is an order from after Bates turned the Internet dragnet back on in 2010 (and is signed by him), though I will need to verify that. It does require reports on how the NSA will segregate previously violative records, which is consistent with it dating to 2011 sometime (as is the requirement that the data be XML tagged).
G. FISC Memorandum Opinion Granting in Part and Denying in Part Application to Reinitiate, in Expanded Form, Pen Register/Trap and Trace Authorization: This is the order, from sometime between July and October 2010, where John Bates turned back on and expanded the Internet dragnet. Here’s the earlier released version (though I think it is identical).
H. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This was a report Walton required in document C, above, and so would be in the May-June 2009 timeframe. Update: Likely date June 18, 2009.
I. Government’s Response to the FISC’s Supplemental Order: This is the government’s response to an order from Walton, probably in his May 29, 2009 opinion (see this order for background), or even earlier in May.Update: This response dates to June 18, 2009 or slightly before.
J. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This appears to be the declaration submitted in support of Response I and cited in several places. Update: likely date June 18, 2009.
K. Supplemental Declaration of Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This appears to be the declaration that led to document C above.
L. Government’s Response to the FISC’s Supplemental Order Requesting a Corrective Declaration: This is a declaration admitting dissemination outside the rules responding to 5/29 order.
M. Government’s Response to a FISC Order: This is the government’s notice that it was using automatic queries on Internet metadata, just as it also was with the phone dragnet. This notice was provided to Congress in March 2009.
N. Declaration of Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Compliance with a FISC Order: After Walton demanded declarations in response to the initial phone dragnet violation, he ordered NSA to tell him whether the Internet dragnet also had the same problems. This is Keith Alexander’s declaration describing the auto scan for that program too. It was provided to Congress in March 2009.
O. Preliminary Notice of Potential Compliance Incident: This is the first notice of the categorical violations that ultimately led to the temporary shutdown of the dragnet, in advance of order E.
P. Notice of Filing: This is notice of a filing in response to inquiry from Judge Walton. It could be from any time during David Kris’ 2009 to early 2011 tenure.
Q: Government’s Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes:
This appears to be the application following Order E, above. I don’t think it’s the 2010 application that led to the reauthorization of the dragnet, because it refers to facilities whereas the 2010 order authorized even broader collection. (Remember Bates’ 2010 order said the government applied, but then withdrew, an application.) Update and correction: this application must post-date December 2009, because that’s when NSA changed retention dates from 4.5 years to 5. Also note reference to change in program and request to access illegally collected data from before 10/09.
R. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes: This appears to be the memorandum of law accompanying application Q.
S. Declaration of General Keith B. Alexander, U.S. Army, Director, NSA, in Support of Pen Register/Trap and Trace Application: This is Alexander’s declaration accompanying Q.
T. Exhibit D in Support of Pen Register/Trap and Trace Application: This is a cover letter. I’m not sure whether it references prior communications or new ones.
U. First Letter in Response to FISC Questions Concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: This is the first of several letters in support of reinitiation of the program. The tone has changed dramatically here. For that reason, and because so much of it is redacted, I think this was part of the lead-up to the 2010 reauthorization.
V. Second Letter in Response to FISC Questions concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: This second letter is entirely redacted except for the sucking up to Bates stuff.
W. Third Letter in Response to FISC Questions Concerning NSA Bulk Metadata Collection Using Pen Register/Trap and Trace Devices: More sucking up. Some language about trying to keep access to the existing illegally collected data.
X. Application for Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes: This is the first application for the Internet dragnet, from 2004. Very interesting. Note it wasn’t turned over until July 2009, after Congress was already learning of the new problems with it.
Y. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes: The memorandum of law accompanying X. Also turned over to Congress in 2009.
Z. Declaration of General Michael V. Hayden, U.S Air Force, Director, NSA, in Support of Pen Register/Trap and Trace Application: This goes with the initial application. NSA has left stuff unredacted that suggests they were access less bandwith than they, in the end, were. Also remember NSA violated this from the very beginning.
AA. Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes:
This appears to be the application for the second PRTT order. I’ll return to this tomorrow, but I don’t think it reflects the violation notice it should.
BB. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate:
This is NSA’s declaration in conjunction with the first reapplication for the dragnet. This should have declared violations. It was turned over to Congress in March 2009. [update: these appear to be early 2009 application]
CC. Declaration Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Implementation of Authority to Collect Certain Metadata: This is Alexander’s declaration accompanying the End-to-End report, from sometime in fall 2009.
DD: NSA’s Pen Register Trap and Trace FISA Review Report: The end-to-end report itself. it was provided to Congress in January 2010.
EE: DOJ Report to the FISC NSA’s Program to Collect Metadata: DOJ’s accompaniment to the end-to-end report.
FF: Government’s First Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata: After Bates raauthorized the Internet dragnet, DOJ realized they might not be on the same page as him. Not sure if this was in the 2009 attempt or the 2010 reauthorization.
HH: Tab 1 Declaration of NSA Chief, Special Oversight and Processing, Oversight and Compliance, Signals Intelligence: This appears to be the 90-day report referenced in document C. Update: Actually it is referenced in Document A: note the paragraphs describing the chaining that were discontinued before the dragnet approval.
II: Verified Memorandum of Law in Response to FISC Supplemental Order: This is one of the most fascinating documents of all. It’s a 2009-2011 (I think August 17, 2009, though the date stamp is unclear) document pertaining to 3 PRTT targets, relying on criminal PRTT law and a 2006 memo that might be NSA’s RAS memo (though the order itself is FBI, which makes me wonder whether it seeds the FBI program). It may have been what they used to claim that Internet content counted as metadata.
JJ: Memorandum of Law in Response to FISC Order: A September 25, 2006 response to questions from the FISC, apparently regarding whether rules from criminal pen registers apply to PATRIOT PRTT. While I think this addresses the application to Internet, I also think this language may be being used for location.
KK: Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees: This is a request to unseal an order — I suspect document E — so it could be briefed to Congress.
LL: Order Granting the Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees: Walton’s order to unseal KK for briefing purposes.
MM: April 27, 2005 Testimony of the Attorney General and Director, FBI Before the Senate Select Committee on Intelligence: This is the 2005 testimony in which – I pointed out before — Alberto Gonzales did not brief Congress about the Internet dragnet.
NN: NSA IG Memo Announcing its Audit of NSA’s Controls to Comply with the FISA Court’s Order Regarding Pen Register/Trap and Trace Devices: This lays out an audit with PRTT compliance, noting that the audit also pertains to BR FISA (phone dragnet). It admits the audit was shut down when the order was not renewed. It’s unclear whether this was the 2009 or the 2011 shutdown, but the implication is it got shut down because it would not pass audit.
OO: NSA IG Memo Suspending its Audit of NSA after the NSA’s PRTT Metadata Program Expired: the formal announcement they were shutting down the IG report. Again, it’s not clear whether this was the 2009 or the 2011 shutdown.
If you find this work valuable, please consider donating to support the work.
Back in January of last year, the sudden return to Pakistan of cleric Tahir ul Qadri, who had been in a form of exile in Canada, threatened to derail the elections that took place two months later. There were accusations at the time that he was working on behalf of the military. Qadri did not take part in the elections (and is being called out for that now), but he started agitating again last month, with his large demonstrations leading to the arrest of large numbers of his followers and a number of deaths in clashes between his followers and police.
Yesterday, it was announced that Qadri will lead a “revolution march” that begins on August 14 and is intended to turn into a siege of Islamabad. From Geo News:
Pakistan Awami Tehreek (PAT) chief, Dr. Tahirul Qadri Sunday said the ‘revolution march’ will begin on August 14.
“No one will return till the government is toppled and the system changed,” Dr. Qadri told his workers and asked them to take a pledge by raising their hands.
But it will not be just Qadri’s Pakistan Awami Tehreek (PAT) party marching in Islamabad on the 14th. The article continues:
Addressing the PAT workers who had gathered here to observe the party’s Yaum-e-Shuhda, the PAT chief said both ‘Azadi March’ of Imran Khan and ‘revolution march’ of his party will be staged on the same day of August 14.
Dawn is now counting down the days to the march (and somehow they borrow from the NCAA basketball tournament to call this march madness), and frame the major questions the demonstrations pose:
The Pakistan Tehreek-i-Insaf’s (PTI) Azadi March and the Pakistan Awami Tehreek chief Dr Tahirul Qadri’s ‘Revolution March’ will now storm the capital together, further intensifying the stand-off with the government.
Many questions remain unanswered at this stage. Will Imran’s ‘peaceful’ rally be hijacked by Qadri’s more volatile protesters? Whose demands is the combined march really about — Qadri’s, or Imran’s?
Will speculations of a military intervention push the situation beyond the point of no return for Nawaz and co.?
Pakistan’s government continues to negotiate with the groups and refuses to release the 1500 Qadri supporters who have been jailed. Significantly, the government also has called an additional 3000 federal troops to Islamabad to shore up preparations already undertaken by the military:
Pakistan Army’s 111 Brigade, Rangers, elite force and intelligence agencies personnel have already been assigned security duties in Islamabad as PTI and PAT gears up for a march towards the capital to oust the government on August 14.
The federal government called in military to Islamabad, from August 1 by invoking Article 245, for assisting the civil authorities in maintaining law and order situation of Islamabad for three months.
Ironically, despite his government calling in the military to deal with the chaos surrounding the march, Prime Minister Nawaz Sharif is accusing former military dictator Pervez Musharraf (and by extension, Pakistan’s military) of being behind the movement:
In a speech that addressed the ongoing political crisis in the currently, the prime minister on Monday asked who is behind the calls for revolutions and marches in the country.
“I can’t help but laugh at the agendas of these long marches,” Nawaz Sharif said, indirectly referring to Pakistan Tehreek-i-Insaf (PTI) and Pakistan Awami Tehreek (PAT).
“It hurts and confuses me – who has given them these agendas?”
The government has accused “Musharraf’s friends” of being behind the political chaos in the country, with PTI and PAT leaders Imran Khan and Tahirul Qadri calling for the prime minister to step down with a march on August 14.
In a veiled reference to former military ruler General (retired) Musharraf, he asked why those who invited the war on terror in Pakistan are not held accountable.
“Have we not learned lessons from what this country has suffered? The constitution has been uprooted, rule of law has been flouted…we suffered billion of dollars in losses [as a result of Pakistan’s involvement]. Who sowed the seeds of terrorism?” he asked.
“Who is going to hold them accountable?”
This week promises to be very revealing about the future of Pakistan’s politics. And shouldn’t someone be raising those same questions from Sharif here in the US? Have we not learned lessons from what we have suffered, as our constitution also was uprooted and rule of law flouted? Shouldn’t we hold someone accountable here?
In the last several days, two important new reports on the FBI’s creation of Muslim terrorists.
The first is an Al Jazeera English video, above, from Trevor Aaronson, who also wrote The Terror Factory. He interviews both informants and the men who entrapped them, the latter of whom describe the FBI’s method. The video includes an extended look at a Toledo informant not previously profiled.
Today Human Rights Watch released a report (I’m part way done with it). That did both statistical analysis of the terrorism cases since 9/11 and close reviews of 27 cases across the country. They did interviews with a number of detainees. They examined the use of pre-trial solitary confinement.
Both reports make a key point: by putting informants in mosques, the FBI is effectively inserting potentially dangerous criminals inside faith communities rather than imprisoning them. The HRW report notes that in some cases, those informants “trolled” for potential leads.
Some of the cases we reviewed appear to have begun as virtual fishing expeditions, where the FBI had no basis to suspect a particular individual of a propensity to
commit terrorist acts. In those cases, the informant identified a specific target by
randomly initiating conversations near a mosque. Assigned to raise controversial
religious and political topics, these informants probed their targets’ opinions on
politically sensitive and nuanced subjects, sometimes making comments that
appeared designed to inflame the targets. If a target’s opinions were deemed
sufficiently troubling, officials concerned with nascent radicalization pushed the
sting operation forward.
HRW’s primary recommendation is more controls on the use of informants. In particular it describes how FBI sometimes uses an effort for spiritual advice to push a (usually young) target towards violence.
Both reports provide valuable new details on how the FBI makes terrorists. We’re getting closer to mapping how all these systems fit together.
Back in February, I noted Ron Wyden’s question for then acting OLC head Caroline Krass (she’s now CIA’s General Counsel) about Jack Goldsmith’s 2004 OLC opinion authorizing the dragnet.
In the follow-up questions for CIA General Counsel nominee Caroline Krass, Ron Wyden asked a series of his signature loaded questions. With it, he pointed to the existence of still-active OLC advice — Jack Goldsmith’s May 6, 2004 memo on Bush’s illegal wiretap program — supporting the conduct of a phone (but not Internet) dragnet based solely on Presidential authorization.
He started by asking “Did any of the redacted portions of the May 2004 OLC opinion address bulk telephony metadata collection?
Krass largely dodged the question — but did say that “it would be appropriate for the May 6, 2004 OLC opinion to be reviewed to determine whether additional portions of the opinion can be declassified.”
In other words, the answer is (it always is when Wyden asks these questions) “yes.”
This is obvious in any case, because Goldsmith discusses shutting down the Internet dragnet program, and spends lots of time discussing locating suspects.
Wyden then asked if the opinion relied on something besides FISA to conduct the dragnet.
[D]id the OLC rely at that time on a statutory basis other than the Foreign Intelligence Surveillance Act for the authority to conduct bulk telephony metadata collection?
Krass dodged by noting the declassification had not happened so she couldn’t answer.
But the 2009 Draft NSA IG Report makes it clear the answer is yes: NSA collected such data, both before and after the 2004 hospital showdown, based solely on Presidential authorization (though on occasion DOJ would send letters to the telecoms to reassure them both the metadata and content collection was legal).
Finally, Wyden asks the kicker: “Has the OLC taken any action to withdraw this opinion?”
Krass makes it clear the memo is still active, but assures us it’s not being used.
This is an exchange Center for National Security Studies Kate Martin brings back into the discussion of whether USA Freedumber actually ends bulk collection.
[W]e don’t know whether the Justice Department has opined that other statutory authorities – not now addressed in the USA Freedom Act – could authorize the NSA’s bulk collection. Without this knowledge, we can’t be certain whether the proposed amendments to section 501 (215) will in fact be sufficient to prohibit the NSA from engaging in bulk collection of metadata using some other hitherto unidentified authority.
This is not a fanciful concern. There is in fact a still partly secret OLC opinion by the Justice Department that may address precisely this question.
CNSS is using the debate over USA Freedumber to demand the Administration declassify the rest of that opinion.
When the government declassified the statements submitted in the Jewel v. NSA case last December, it basically declassified everything that should be in that memo. So what’s the holdup on releasing the memo itself?
Remember “the wall” that used to separate intelligence from criminal investigations and was used as an excuse for intelligence agencies not sharing intelligence they were permitted to share before 9/11?
It was demolished in 2001 — when the PATRIOT Act explicitly permitted what had been permitted before, sharing of intelligence information with the FBI – and 2002 — when the FISA Court of Review overruled presiding FISA Judge Royce Lamberth’s efforts to sustain some Fourth Amendment protections in criminal investigations using minimization procedures.
Nevertheless, the specter of a wall that didn’t prevent the Intelligence Committee from discovering 9/11 rising again is one of the things lying behind PCLOB’s weak recommendations on back door searches in its report on Section 702.
Of particular note, that’s what the Center for Democracy and Technology’s James Dempsey cites in his squishy middle ground recommendation on back door searches.
It is imperative not to re-erect the wall limiting discovery and use of information vital to the national security, and nothing in the Board’s recommendations would do so. The constitutionality of the Section 702 program is based on the premise that there are limits on the retention, use and dissemination of the communications of U.S. persons collected under the program. The proper mix of limitations that would keep the program within constitutional bounds and acceptable to the American public may vary from agency to agency and under different circumstances. The discussion of queries and uses at the FBI in this Report is based on our understanding of current practices associated with the FBI’s receipt and use of Section 702 data. The evolution of those practices may merit a different balancing. For now, the use or dissemination of Section 702 data by the FBI for non-national security matters is apparently largely, if not entirely, hypothetical. The possibility, however, should be addressed before the question arises in a moment of perceived urgency. Any number of possible structures would provide heightened protection of U.S. persons consistent with the imperative to discover and use critical national security information already in the hands of the government.546
546 See Presidential Policy Directive — Signals Intelligence Activities, Policy Directive 28, 2014 WL 187435, § 2, (Jan. 17, 2014) (limiting the use of signals intelligence collected in bulk to certain enumerated purposes), available at http://www.whitehouse.gov/the-press-office/2014/01/17/presidential-policy-directive-signals-intelligence-activities. [my emphasis]
Dempsey situates his comments in the context of the “wall.” He then suggests there are two possible uses of back door searches: “national security matters,” and non-national security matters, with the latter being entirely hypothetical, according to what the FBI self-reported to PCLOB.
Thus, he’s mostly thinking in terms of “possible structures [that] would provide heightened protection of US. persons,” to stave off future problems. He points to President Obama’s PPD-28 as one possibility as a model.
But PPD-28 is laughably inapt! Not only does the passage in question address “bulk collection,” which according to the definition Obama uses and PCLOB has adopted has nothing to do with Section 702. “[T]he Board does not regard Section 702 as a ‘bulk’ collection program,” PCLOB wrote at multiple points in its report.
More troubling, the passage in PPD-28 Dempsey cites permits bulk collection for the following uses:
(1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
(2) threats to the United States and its interests from terrorism;
(3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
(4) cybersecurity threats;
(5) threats to U.S. or allied Armed Forces or other U.S or allied personnel;
(6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section;
Ultimately, this represents — or should — an expansion of permissible use of Section 702 data, because its discussion of terrorism and cybersecurity do not distinguish between those with an international nexus and those without. And the discussion of transnational crime might subject any petty drug dealer selling dope from Mexico to foreign intelligence treatment.
That this is what passes for the mushy middle on PCLOB is especially curious given that Dempsey was one of the first PCLOB member to express concern about back door searches. He did so in November’s Section 215 hearing, and even suggested limiting back door searches to foreign intelligence purposes (which is not the standard for FBI, in any case) was inadequate. Nevertheless, in last week’s report, he backed only very weak protections for back door searches, and did so within the context of national security versus non-national security, and not intelligence versus crime.
Now, I don’t mean to pick on Dempsey exclusively — I’ll have a few more posts on this issue. And to be clear, Dempsey does not represent CDT at PCLOB; he’s there in his private capacity.
But I raised his affiliation with CDT because in that capacity, Dempsey was part of an amicus brief, along with representatives from ACLU, Center for National Security Studies, EPIC, and EFF, submitted in the In Re Sealed Case in 2002, in which the FISA Court of Review reversed Lamberth and permitted prosecutor involvement in FISA warrants. That brief strongly rebuts the kind of argument he adopted in last week’s PCLOB report.
Tara McElvey wrote a piece for the Beeb coming close to espousing a very (dangerous, IMO) British view: that the FBI should criminalize white supremacists’ speech the way they have Islamic terrorists’.
[Frazier Glenn Miller's] writings are a reminder of the virulence in white supremacist views. Earlier this month a married couple, Jerad and Amanda Miller (no relation to Frazier Glenn), shot and killed three people in Nevada.
The couple was steeped in white-supremacist ideology and spoke openly about their views. Police said they placed a swastika on the body of one of the victims.
Some wonder whether authorities were too easy on Frazier Glenn Miller before the killings – and are too soft on the white supremacists in the US.
The piece is most interesting for the quotes from FBI’s spokesperson, which falsely suggests it doesn’t target groups as groups.
Paul Bresson, a spokesman for the FBI, said: “We don’t target groups for who they are. If you want to be a white supremacist – legally there’s nothing wrong with that.
“What we’re concerned about is breaking the law.”
As Bresson said: “There’s nothing illegal about being weird.”
Anti-Semitism and extremist ideology seem to play a role in the violence, but Bresson and other officials say that knowing when a white supremacist – or anyone – will explode is beyond their purview.
This is, of course, bullshit. For groups named as Foreign Terrorist Organizations, the FBI does target groups for who they are, under well-worn material support laws. But even without membership in an FTO, the FBI routinely sets up stings to catch young men to precipitate their “explosion” (invariably using inert bombs).
To be fair, the FBI also set up a bunch old white men in the Waffle House plot, in part because they had an informant affirmatively trying to work off his sex crime charges by setting up fellow anti-government activists.
But the FBI’s approach to both groups deserves reconsideration. If the FBI believes it’s not in the job of precipitating personal explosions, it should stop doing so, and instead investigate actual crimes (as Bresson says they do).
In the case of Miller, McElvey misses a key detail. The FBI did not have just his speech. The had — and DOJ had already used — his open support for the MLK bomber, Kevin Harpham, as evidence of criminality. Miller already supported the use of violence against African Americans.
The difference, of course, is that FBI also called that a “hate crime,” not terrorism. And as a result, treated Miller’s support for terrorism as a First Amendment issue rather than a crime issue.
Based on the information that the Board has reviewed, the government’s PRISM collection complies with the structural requirements of the statute.
But here’s the report’s discussion of what happens with aggrieved persons — those prosecuted based in information derived from Section 702 information.
Further, FISA provides special protections in connection with legal proceedings, under which an aggrieved person — a term that includes non-U.S. persons — is required to be notified prior to the disclosure or use of any Section 702–related information in any federal or state court.447 The aggrieved person may then move to suppress the evidence on the grounds that it was unlawfully acquired and/or was not in conformity with the authorizing Section 702 certification.448 Determinations regarding whether the Section 702 acquisition was lawful and authorized are made by a United States District Court, which has the authority to suppress any evidence that was unlawfully obtained or derived.449
But for 5 years after the passage of the law, the government never once gave defendants notice they were aggrieved under Section 702. It lied to the Supreme Court about not having done so. And even while it has since given a limited number of defendants — like Mohamed Osman Mohamud — notice, there are others — David Headley, Najibullah Zazi and Adis Medunjanin, and Khalid Ouazzani — who are known to be aggrieved under Section 702 who have never received notice. Finally, there is the case of the Qazi brothers, which seems to be a case where the government is parallel constructing right in the face of the magistrate.
PCLOB said that the government is generally in compliance with the statute. And yet, it made no mention of known, fairly egregious violations of the statute.
That suggests the report as a whole may be flawed.
As a number of outlets are reporting, ACLU liberated some emails catching Florida cops agreeing to lie about the Stingray devices used to capture suspects.
As you are aware for some time now, the US Marshalls and I believe FDLE have had equipment which enables law enforcement to ping a suspects cell phone and pin point his/her exact location in an effort to apprehend suspects involved in serious crimes. In the past, and at the request of the U.S. Marshalls, the investigative means utilized to locate the suspect have not been revealed so that we may continue to utilize this technology without the knowledge of the criminal element. In reports or depositions we simply refer to the assistance as “received information from a confidential source regarding the location of the suspect.” To date this has not been challenged, since it is not an integral part of the actual crime that occurred.
The email goes on to instruct that “it is unnecessary to provide investigative means to anyone outside of law enforcement.”
But i’m most interested in the subject line for this email: “Trap and Trace Confidentiality.”
That seems to confirm what ACLU and WSJ have reported earlier this month. Law enforcement are obtaining location data under Pen Register or Trap and Trace orders, meaning they’re claiming that location data are simply metadata.
That (and the arrogant parallel construction) is problematic for a lot of reasons, but given two developments on the national dragnet, I think we should be newly concerned there, too.
The thing is, I have perhaps mistakenly always assumed these PRTT programs involved the collection of Internet metadata off telecom backbones. While I’m sure they collect large amounts of Internet metadata somehow, I realize now that they might also be operating (or planning to operate) large scale PRTT location programs. Remember, too, that Ron Wyden was asking provocative questions about the intelligence community’s use of cell location data just days before this classification guide.
Mind you, the Quartavious decision might make that impossible now.
But given the USM apparently concerted effort to hide the fact that PRTT equates to cell location orders, we should at least consider whether the government operates more systematic location programs.