Laptop of Death, 2.0

The Greater US War to Remake the Middle East has been going on so long, it is already re-running its story lines.

Back in 2004, when Dick Cheney was trying to drum up a hot war against Iran, the CIA got dealt a laptop that provided a casus belli all wrapped up in a bow: all aspects of Iran’s nuke program, all conveniently collected on one laptop, somehow falling into intelligence hands. It later showed signs of being a forgery.

Now, as the warmakers are trying to gin up a hot war against ISIS (in seeming co-belligerence with Iran!), that’s whose laptop we find, courtesy of Foreign Policy: a Tunisian named Muhammed whose last name and picture Foreign Policy declined to provide. On the laptop, FP found a 19-page document that explains how to “weaponize” bubonic plague by throwing it on grenades close to air conditioning units.

“Use small grenades with the virus, and throw them in closed areas like metros, soccer stadiums, or entertainment centers,” the 19-page document on biological weapons advises. “Best to do it next to the air-conditioning. It also can be used during suicide operations.”

Because a college science student only needs 19 pages to accomplish the technical feat of weaponizing the plague.

Remarkably, a lot of people are taking this as a serious discovery, even though FP describes obtaining the laptop this way:

Abu Ali, a commander of a moderate Syrian rebel group in northern Syria, proudly shows a black laptop partly covered in dust. “We took it this year from an ISIS hideout,” he says.

Abu Ali says the fighters from the Islamic State of Iraq and al-Sham (ISIS), which have since rebranded themselves as the Islamic State, all fled before he and his men attacked the building. The attack occurred in January in a village in the Syrian province of Idlib, close to the border with Turkey, as part of a larger anti-ISIS offensive occurring at the time. “We found the laptop and the power cord in a room,” he continued, “I took it with me. But I have no clue if it still works or if it contains anything interesting.”

As we switched on the Dell laptop, it indeed still worked. Nor was it password-protected.

We are supposed to believe that 1) ISIS got routed back in January 2) left their laptop 3) don’t password protect their devices.

More amusingly, we’re supposed to believe that upon capturing devices from an adversary, the “moderate” beheaders in the FSA would not look for intelligence on those devices. Instead, they’d let a computer collect dust over the course of 8 months, never once attempting to so much as turn on a laptop, until such time as it became imperative to foster opposition to ISIS.

Because powering a laptop is apparently too hard for FSA commanders?

Either Abu Ali is lying, or he’s lying. Which means the provenance of this laptop and this story is so suspect it should not be treated seriously. There are plenty of other reasons to doubt the story. But if your source claims never to have turned on a laptop — never to have even tried! — seized from an adversary over the course of 8 months, your source is not telling the truth.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

John “Bates Stamp” Lives Up to the Name

On February 19, 2013, John Bates approved a Section 215 order targeting an alleged American citizen terrorist. He hesitated over the approval because the target’s actions consisted of protected First Amendment speech.

A more difficult question is whether the application shows reasonable grounds to believe that the investigation of [redacted] is not being conducted solely upon the basis of activities protected by the first amendment. None of the conduct of speech that the application attributes to [4 lines redacted] appears to fall outside the ambit of the first amendment. Even [redacted] — in particular, his statement that [redacted] — seems to fall well short of the sort of incitement to imminent violence or “true threat” that would take it outside the protection of the first amendment. Indeed, the government’s own assessment of [redacted] points to the conclusion that it is protected speech. [redacted] Under the circumstances, the Court is doubtful that the facts regarding [redacted] own words and conduct alone establish reasonable grounds to believe that the investigation is not being conducted solely on the basis of first amendment.

He alleviated his concerns by apparently relying on the activities of others to authorize the order.

The Court is satisfied, however, that Section 1861 also permits consideration of the related conduct of [redacted] in determining whether the first amendment requirement is satisfied. The text of Section 1861 does not restrict the Court to considering only the activities of the subject of the investigation in determining whether the investigation is “not conducted solely on the basis of activities protected by the first amendment.” Rather, the pertinent statutory text focuses on the character (protected by the first amendment or not) of the “activities” that are the “basis” of the investigation.

Later in the opinion, Bates made it clear these are activities of someone besides the US citizen target of this order, because the activities in question were not being done by US persons.

Such activities, of course, would not be protected by the first amendment even if they were carried out by a United States person.

If I’m right that behind the redactions Bates is saying the activities of associates were enough to get beyond the First Amendment bar for someone only expressing support, then it would seem to require Association analysis. But then, Bates, the big fan of not having any help on his FISC opinions, wouldn’t consider that because the government never does.

Ah well. At least we can finally clarify about whether or not the FISC is a rubber stamp for Administration spying. No. It’s a Bates stamp — in which judges engage in flaccid legal analysis in secret before approving fairly troubling applications. Which is just as pathetic.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Does Its Use of Waterboarding Make ISIS More or Less Barbaric?

When ISIS beheaded James Foley, pundits in DC pointed to it as proof of the organizations barbarism. Never mind that Saudis were busy beheading people for sorcery in the same period. Not to mention America’s latest penchant for executing people with DIY cocktails of lethal chemicals that leave them gasping for breath for hours.

It’s very confusing discerning what does and does not qualify an entity as barbaric these days.

The WaPo report that ISIS subjected Foley and others to waterboarding and mock execution makes it all the more confusing.

At least four hostages held in Syria by the Islamic State, including an American journalist who was recently executed by the group, were waterboarded in the early part of their captivity, according to people familiar with the treatment of the kidnapped Westerners.

James Foley was among the four who were waterboarded several times by Islamic State militants who appeared to model the technique on the CIA’s use of waterboarding to interrogate suspected terrorists after the Sept. 11, 2001, attacks.

[snip]

French journalist Didier Francois, who was imprisoned with Foley, has told reporters that Foley was targeted for extra abuse because his captors found pictures on his computer of his brother, who serves in the U.S. Air Force.

Francois said Foley was subjected to mock executions — something suspected al-Qaeda operative Nashiri also endured while being held in a secret CIA prison, according to a report by the inspector general of the CIA. The Justice Department did not sanction mock executions.

Note how carefully the WaPo skirts the political minefield and journalistic primer of whether to call waterboarding torture or not. It, unlike NYT, still refuses to call waterboarding torture, probably because its editorial page routinely serves as a lead defender of waterboarding as a value “enhanced interrogation technique.”

Nevertheless, our adversaries have moved beyond dressing up prisoners in our signature orange jumpsuits to using the techniques much of the political establishment has defended for the last decade.

That’s not surprising. It’s sickening. But it’s also going to present an interesting challenge to the DC punditry, as it tries to villainize ISIS in advance of expanding the war against it.

Update: Katherine Hawkins has convinced me that I’m unduly harsh on WaPo’s language here. I think the language in the piece is interesting, but the implications of the story are quite clear.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

It May Not Have Been ISIS, But McCain Did Pose With Members of a Group That Beheads Opponents

Partial screengrab from the Weasel Zippers post on the McCain photo.

Partial screengrab from the Weasel Zippers post on the McCain photo.

On May 27, 2013, nearly three months before the deadly August, 2013 sarin attack, Josh Rogin was granted an “exclusive” to publish in The Daily Beast that John McCain had secretly slipped into Syria to meet with “moderate” rebels who oppose Bashar al-Assad:

McCain, one of the fiercest critics of the Obama administration’s Syria policy, made the unannounced visit across the Turkey-Syria border with Gen. Salem Idris, the leader of the Supreme Military Council of the Free Syrian Army. He stayed in the country for several hours before returning to Turkey. Both in Syria and Turkey, McCain and Idris met with assembled leaders of Free Syrian Army units that traveled from around the country to see the U.S. senator. Inside those meetings, rebel leaders called on the United States to step up its support to the Syrian armed opposition and provide them with heavy weapons, a no-fly zone, and airstrikes on the Syrian regime and the forces of Hezbollah, which is increasingly active in Syria.

Rogin continues:

The entire trip was coordinated with the help of the Syrian Emergency Task Force, an American nonprofit organization that works in support of the Syrian opposition. Two leaders of the group attended all of the McCain-Idris meetings and discussed them with The Daily Beast.

A couple of days later, Politico published a photo from the visit, identifying Mouaz Moustafa of the Syrian Emergency Task Force (he is now listed as their Executive Director).

Just who was present in the meetings with McCain, both in photographs that have appeared and in less public meetings, has been a point of contention since word of the meeting came out. Within a week of the Rogin story, Rand Paul was quoted by CBS:

Wielding a charge that’s been largely refuted, Sen. Rand Paul, R-Ky., over the weekend took a swipe at his fellow Republican, Arizona Sen. John McCain, for his clandestine meeting last week with Syrian rebels.

“I’m very worried about getting involved in a new war in Syria,” Paul said Saturday night while taking questions at the Reagan Library in Simi Valley, Calif. Syrian President Bashar al-Assad is “a bad guy – he is,” the Kentucky senator continued, but cited al Qaeda and additional extremist groups “on the other side” as a reason to give the United States pause before engaging militarily.

“They say, ‘there are some pro-Western people, and we’re going to vet them,’” Paul continued. “Well, apparently we had a senator over there who had his picture taken with some kidnappers, so I don’t know how good a job we’re doing vetting those who are going to get the arms.”

Even though CBS noted that Paul’s accusation had already been refuted before they quoted it, Josh Rogin felt it necessary to give more detail debunking Paul. Leaving aside the red herring of Nour and whether he was at the meeting, this part of Rogin’s piece is very interesting: Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

ICREACH and FBI’s PRTT Program

I’ll have a more substantive post about what we learn about NSA’s broader dragnet from the Intercept’s ICREACH story.

But for the moment I want to reiterate a point I made the other day. ICREACH is important not just because it makes NSA data available to CIA and FBI. But also because it makes CIA and FBI data available for the metadata analysis the NSA conducts.

The documents describe that to include things like clandestine intelligence and flight information.

But there’s one other program that ought to be of particular concern with regards to NSA’s programs. As I laid out here, FBI had a Pen Register/Trap and Trace “program” that shared information with the NSA at least until February 2012, several months after NSA had ended its PRTT Internet dragnet program.

The secrecy behind the FBI’s PRTT orders on behalf of NSA

PRTT1

Finally, there’s a series of entries on the classification guide for FISA programs leaked by Edward Snowden.

These entries show that FBI obtained counterterrorism information using PRTTs for NSA — which was considered Secret.

But that the FBI PR/TT program – which seems different than these individual orders — was considered TS/SI/NOFORN.

PRTT2

If you compare these entries with the rest of the classification guide, you see that this information — the fact that NSA gets PRTT information from FBI (in addition to information from Pen Registers, which seems to be treated differently at the Secret level)  – is treated with the same degree of secrecy as the actual targeting information or raw collected data on all other programs.

This is considered one of the most sensitive secrets in the whole FISA package.

PRTT3

Even minimized PRTT data is considered TS/SCI.

PRTT4

Now, it is true that this establishes an exact parallel with the BR FISA program (which the classification guide makes clear NSA obtained directly). So it may be attributable to the fact that the existence of the programs themselves was considered a highly sensitive secret.

So maybe that’s it. Maybe this just reflects paranoia about the way NSA was secretly relying on the PATRIOT Act to conduct massive dragnet programs.

Except there’s the date.

This classification guide was updated on February 7, 2012 — over a month after NSA shut down the PRTT program. Also, over a month after — according to Theresa Shea — the NSA destroyed all the data it had obtained under PRTT. (Note, her language seems to make clear that this was the NSA’s program, not the FBI’s.)

That is, over a month after the NSA ended its PRTT program and destroyed the data from it (at least according to sworn declarations before a court), the NSA’s classification guide referred to an FBI PRTT program that it considered one of its most sensitive secrets. And seemed to consider active.

I have no idea what this program entailed — and no one else has even picked up on this detail. It’s possible NSA’s Internet dragnet just moved under the FBI’s control. It’s possible (this is my current operative wildarseguess) that FBI’s PRTT program collects location data; the Bureau uses PRTT orders to get individualized location data, after all.

Whatever it is, though, the existence of ICREACH would make that data available to NSA in a form it could use to include it in contact chaining of metadata (which may be why it figures so prominently in NSA’s classification guide). And note: FBI’s minimization procedures are far more lenient than NSA’s, so whatever this data is, NSA may be able to do more with it given that FBI collected it.

And as with a number of other things, even the Pat Leahy version of USA Freedom would weaken protections for PRTT data.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Should Alfreda Bikowsky’s Lawyer Really Be in Charge of Declassifying the Torture Report?

It took McClatchy 21 paragraphs to illustrate why it was such a big conflict of interest for Director of National Intelligence General Counsel to lead negotiations over how much of the torture report would be declassified, as he currently is doing.

According to reports in The Washington Post, Litt previously represented a CIA analyst, Alfreda Frances Bikowsky, who played a central role in the bungled rendition of Khaled el-Masri. El-Masri, who was revealed to be innocent, claimed to have been tortured by the agency.

As the rest of the article explains, Litt reviewed his role brokering the declassification process with ODNI’s Ethics officer — who is his subordinate — and she approved his participation.

But it still probably conflicts with Litt’s promises, made during his confirmation process, to recuse himself from matters affecting his former clients. And given the centrality of CIA’s absurd demand to hide even the pseudonyms making clear that the same woman who got El-Masri tortured also went out of her way to watch Khalid Sheikh Mohammed be tortured (among a fairly substantial list of other things — here’s a reminder of details on how she got promoted after the El-Masri debacle), it is a problem that Litt is brokering this process.

Don’t worry, National Security Council spokesperson Caitlin Hayden insists (fresh off insisting it’s a good thing that the White House cybersecurity czar doesn’t have a technical background), Bob Litt — the same guy hiding known dates in Internet dragnet documents, almost certainly to avoid legal repercussions — is one of the administration’s strongest proponents of what it calls “transparency.”™

“Bob Litt is one of the administration’s strongest proponents of transparency in intelligence, consistent with our national security, and he and we are fully committed to ensuring there is no conflict of interest as the administration continues to work to see the results of the committee’s review made public,” Hayden said in a statement.

Calling Bob Litt a proponent of “transparency”™ is itself cause for concern.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Abdullah Becomes Serial Quitter While Dempsey Continues Denying Reality

The last 24 hours in Afghanistan are a perfect summation of the insanity imposed by endless US occupation.

On the election recount front, after warning for several days that he might do so, Abdullah Abdullah has withdrawn his observers from the audit process. The UN is desperate to see the process through to the end, as tweeted by ToloNews:

The Washington Post, in its article on Abdullah’s withdrawal, holds out hope that he will continue to take part in the negotiations on Kerry’s extra-constitutional shared governance plan:

It was not immediately clear Wednesday whether Abdullah still planned to participate in a unity government with Ghani.

Ghafour Liwal, a Kabul-based political analyst, said Abdullah’s campaign may be using the boycott to seek more concessions from Ghani about his future role in a new government.

“Abdullah’s team is using the withdrawal from the audit process as political pressure,” he said.

Those talks about possible power-sharing are “far more important than” the technical issue of how to conduct the audit, Liwal said.

The New York Times, though, sees Abdullah as likely withdrawing from the entire process:

Both Mr. Abdullah and Mr. Ghani pledged to Secretary of State John Kerry that they would accept the audit’s conclusions about who had won the election and then would form a government of national unity including officials from both campaigns.

But it was unclear Wednesday whether Mr. Abdullah planned to keep that commitment. He had yet to make a public comment on the matter, but statements from his aides have been negative. On Tuesday, his chief auditor, Fazul Ahmad Manawi, said that if the campaign’s demands for changes to the audit were not met, Mr. Abdullah would pull out of both the audit and the broader election process. “We will not continue to be part of the process, and any result coming out of it will not be acceptable to us and will have no credibility to us,” he said.

Gosh, Abdullah withdraws in the face of widespread fraud that he is unable to overcome. We’ve seen this movie before. Remember that was eligible to take part in a runoff election against Karzai in 2009 but withdrew just a few days before the election, knowing that Karzai would make sure of his own victory. The runoff was canceled and Karzai served a second term.

It was already becoming clear as the recount progressed and Ghani was looking more and more likely to retain an edge in the “final” count that he had no intention of really sharing power with Abdullah, so it seems likely to me that Ghani will assume the role of president in the next few weeks. It seems unlikely that there will be time for this to play out before the NATO summit at the end of next week, but the US (and by extension, NATO) stands ready to allow extra time for the eventual winner to sign the Bilateral Security Agreement.

And that brings us to the other insanity front in Afghanistan in the last 24 hours. Visiting Afghanistan to preside over the handing off of ISAF command from Joseph Dunford to John Campbell, Joint Chiefs Chair Martin Dempsey proved he is genetically incapable of straying from the military’s constant Afghanistan script of “We have the Taliban on the run and things are improving” no matter how dismal the situation: Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

SPCMA and ICREACH

Within weeks of Michael Mukasey’s confirmation as Attorney General in November 2007, Assistant Attorney General Ken Wainstein started pitching him to weaken protections then in place for US person metadata collected overseas; Mukasey did so, under an authority that would come to be known as SPCMA, on January 3, 2008.

In 2007, Wainstein explained the need to start including US person data in its metadata analysis, in part, because CIA wanted to get to the data — and had been trying to get to it since 2004.

(3) The Central Intelligence Agency’s (CIA) Interest in Conducting Similar Communications Metadata Analysis. On July 20, 2004 [days after CIA had helped NSA get the PRTT dragnet approved], the General Counsel of CIA wrote to the General Counsel ofNSA and to the Counsel for Intelligence Policy asking that CIA receive from NSA United States communications metadata that NSA does not currently provide to CIA. The letter from CIA is attached at Tab C. Although the proposed Supplemental Procedures do not directly address the CIA’s request, they do resolve a significant legal obstacle to the dissemination of this metadata from NSA to CIA. (S//SII/NF)

Wainstein also noted other DOD entities might access the information.

That’s important background to the Intercept’s latest on ICREACH, data sharing middleware that permits other intelligence agencies to access NSA’s metadata directly — and probably goes some way to answer Jennifer Granick’s questions about the story.

As the documents released by the Intercept make clear, ICREACH arose out of an effort to solve a data sharing effort (though I suspect it is partly an effort to return to access available under Bush’s illegal program, in addition to expanding it). A CIA platform, PROTON, had been the common platform for information sharing in the IC. NSA was already providing 30% of the data, but could not provide some of the types of data it had (such as email metadata) and could not adequately protect some of it. Nevertheless, CIA was making repeated requests for more data. So starting in 2005, NSA  proposed ICREACH, a middleware platform that would provide access to both other IC Agencies as well as 2nd parties (Five Eyes members). By June 2007, NSA was piloting the program.

Right in that same time period, NSA’s Acting General Counsel Vito Potenza, Acting OLC head Steven Bradbury, and Wainstein started changing the rules on contact chaining including US person metadata. They did so through some word games that gave the data a legal virgin birth as stored data that was therefore exempt from DOD’s existing rules defining the interception or selection of a communication.

For purposes of Procedure 5 of DoD Regulation 5240.1-R and the Classified Annex thereto, contact chaining and other metadata analysis don’t qualify as the “interception” or “selection” of communications, nor do they qualify as “us[ing] a selection term,” including using a selection term “intended to intercept a communication on the basis of … [some] aspect of the content of the communication.”

See this post for more on this amazing legal virgin birth.

Significantly, they would define metadata the same way ICREACH did (page 4), deeming certain login information to be metadata rather than content.

“Metadata” also means (1) information about the Internet-protocol (IP) address of the computer from which an e-mail or other electronic communication was sent and, depending on the circumstances, the IP address of routers and servers on the Internet that have handled the communication during transmission; (2) the exchange of an IP address and e-mail address that occurs when a user logs into a web-based e-mail service; and (3) for certain logins to web-based e-mail accounts, inbox metadata that is transmitted to the user upon accessing the account.

It would take several years to roll out SPCMA (remember, that’s the authority to chain on US person data, as distinct from the sharing platform); a pilot started in NSA’s biggest analytical unit in 2009. When it did, NSA made it clear that personnel could access this data to conduct analysis, but that existing dissemination rules remained the same (which is consistent with the 2006-2008 proposed activity).

Additionally, the analyst must remain cognizant of minimization procedures associated with retention and dissemination of US person information. SPCMA covers analytic procedures and does not affect existing procedures for collection, retention or dissemination of US person information. [emphasis original]

Accessing data in a database to do analysis, NSA appears to have argued, was different than disseminating it (which is a really convenient stance when you’re giving access to other agencies and trying to hide the use of such analysis).

Of course, the pitch to Mukasey only nodded to direct access to this data by CIA (and through them and PROTON, the rest of the IC) and other parts of DOD. In what we’ve seen in yesterday’s documents from the Intercept and earlier documents on SPCMA, NSA wasn’t highlighting that CIA would also get direct access to this data under the new SPCMA authority, and therefore the data would be disseminated via analysis outside the NSA. (Note, I don’t think SPCMA data is the only place NSA uses this gimmick, and as I suggested I think it dates back at least to the illegal dragnet.)

In response to yesterday’s Intercept story, Jennifer Granick suggested that by defining this metadata as something other than communication, it allows the NSA to bypass its minimization procedures.

The same is true of the USSID18 procedures. If the IC excludes unshared stored data and other user information from the definition of communications, no minimization rules at all apply to protect American privacy with regard to metadata NSA collects, either under 12333 or section 702.

[snip]

NSA may nevertheless call this “minimized”, in that the minimization rules, which require nothing to be done, have been applied to the data in question. But the data would not be “minimized” in that it would not be redacted, withheld, or deleted. 

Given what we’ve seen in SPCMA — the authority permitting the analysis of expansively defined metadata to include US person data — she’s partly right — that the NSA has defined this metadata as something other than communication “selection” — but partly missing one of NSA’s gimmicks — that NSA distinguishes “analysis” from “dissemination.”

And if a bunch of agencies can access this data directly, then it sort of makes the word “dissemination” meaningless.  Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

ICREACH and the 2009 Phone Violations

The Intercept has an article on ICREACH, the middleware NSA implemented between 2005 and 2007 to permit greater sharing of metadata with its IC partners. The article makes this claim.

ICREACH does not appear to have a direct relationship to the large NSA database, previously reported by The Guardian, that stores information on millions of ordinary Americans’ phone calls under Section 215 of the Patriot Act. Unlike the 215 database, which is accessible to a small number of NSA employees and can be searched only in terrorism-related investigations, ICREACH grants access to a vast pool of data that can be mined by analysts from across the intelligence community for “foreign intelligence”—a vague term that is far broader than counterterrorism.

I’m fairly certain that is inaccurate.

As I reported on February 6 (at a time when I technically had been hired by the Intercept but not to “report” for them), the circa January 4, 2008 phone dragnet primary order for the first time revealed that the 215 data had been combined with other data “for the purposes of analytical efficiency.”

The Court understands that for the purposes of analytical efficiency a copy of meta data obtained pursuant to the Court’s Orders in this matter will be stored in the same database with data obtained pursuant to other NSA authorities and data provided to NSA from other sources. Access to such records shall be strictly limited in accordance with the procedures set forth in paragraphs A – G.

This happened just after ICREACH got generally rolled out in late 2007.

Given the violations “discovered” in 2009, given that NSA used federated queries with Section 215 and PRTT Internet dragnet data at least as late as 2012, I’m fairly certain that the 215 (and PRTT) repositories were made accessible to a more general interface via ICREACH (which one of the documents describes as middleware) at that point. As I’ve been explaining patiently for over 6 months, the Section 215 phone dragnet we’ve been arguing about is just one small part of the more  general dragnet.

That doesn’t mean FBI and DEA and CIA had access to the raw Section 215 metadata (though it ought to raise questions, especially with regards to the Internet dragnet data, for reasons I’ll return to). As far as we know, those agencies only got direct access to FISC-authorized phone and Internet dragnet query results, not raw data.

The documents released by the Intercept make it clear other Agencies’ analysts would need PKI to log into ICREACH. And that’s how — at least after the 2009 phone violations — NSA restricted phone dragnet access to limited numbers of analysts (even while John Bates made the PRTT Internet dragnet data accessible to just about all NSA analysts in 2010). In other words, what the interface did (again, after the 2009 violations anyway) was to ensure that only those with PKI permitting access to the FISC-authorized data could get in and — this was another addition added in 2009 — could only conduct queries using identifiers approved under the more narrow permissions tied to the FISC data. But those NSA analysts who qualified definitely had access to both FISC-authorized and EO 12333 authorized data from the same one-step shop, and for at least a year the FISC-authorized dragnets got subjected to the automatic processes implemented for EO 12333.  That was the problem (or one major source of the problem): FISC-authorized phone and Internet data was being exposed to the processes permitted with EO 12333 data but not permitted with FISC data.

If I’m correct, the inclusion of FISC-approved data in ICREACH led to (or exacerbated) FISC-approved data being treated as EO 12333 data for at least a year. That is, it led to the violations that included (among other things) 3,000 US persons being watchlisted without First Amendment review.

I will have more about what the Intercept documents show later (as well as some thoughts on what the structure of ICREACH might suggest about the NSA’s technical problems with the phone dragnet). They answer a number of questions about the metadata dragnet I’ve been posing for months.

Update: Adding that the point of this sharing is two-way. Not only does NSA share huge amounts of metadata with FBI and CIA, but NSA can contact chain its own metadata with non-metadata from the other agencies (documents mention things like passenger data and clandestine collection). That is, while I don’t think FBI and CIA had access to raw BR FISA data (at least not after 2009), I do think NSA was chaining on more than BR FISA.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

PCLOB Member Rachel Brand Asked NSA General Counsel to Help Her Dissent from PCLOB

Let me say straight out: Privacy and Civil Liberties Oversight Board member Rachel Brand is no slouch. She’s very smart and very accomplished.

All that said, I am rather intrigued by the way she consulted NSA General Counsel Raj De several times – as illustrated by these emails Jason Leopold liberated from PCLOB —  as she worked on her dissent to the Democratic PCLOB members’ conclusion that the Section 215 dragnet is illegal.

On January 6, Brand emailed De. “Do you have a couple minutes to talk about a PCLOB matter today or tomorrow?” They scheduled some time to talk at midday the next day — though a request from Keith Alexander appears to have forced De to delay. Nevertheless, by 1:30 on January 7, it appears De and Brand spoke, because De forwarded two things: I Con the Record’s press release announcing the FISA Court had reauthorized the dragnet even after Judge Richard Leon ruled it unconstitutional (De makes no mention in his email, but the order had considered Leon’s ruling before reauthorizing the program), and the GPO transcript of Robert Mueller’s claim in a June 2013 House Judiciary Committee hearing that the dragnet would have prevented 9/11.

Ten days later, on January 17, Brand was emailing De again, after having seen each other that morning (that was the morning President Obama announced his own reforms to the dragnet, so it may have been in that context). She sent NSA’s General Counsel a paragraph, with one sentence highlighted, asking if it was accurate. He responded with “some suggestions for accuracy for your consideration … Feel free to give a call if you want to discuss, or would like more detail.”

Then, over that weekend, Brand and De exchanged the following emails:

Saturday, January 18, 12:31: Brand sends “the current draft of my separate statement” stating she wants “to be sure there is nothing factually or legally inaccurate in it;” she says it is currently 5 pages and tells De she needs to give PCLOB Chair David Medine the final by Sunday night

Saturday, January 18, 2:11: De responds, “happy to”

Sunday, January 19, 10:51: De responds, saying, “not that you need or want my validation, but for what’s [sic] it is worth it really reads quite well.” De then provides 3 “additional factual details” which “might fit in if you wanted to use them;” those bullets are redacted

Sunday, January 19, 3:47: Brand replies, stating that Beth (Elisebeth Collins Cook, the other Republican on PCLOB) “explicitly makes the first two in her separate statement” and that she’s “trying to keep this short, so have to forego making every available point”

Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Emptywheel Twitterverse

emptywheel Abdo: Min procedures would be meaningless if Smith governed here.
3mreplyretweetfavorite
emptywheel Booyah. Abdo kills ratification "Many members of Congress not aware of program, those who were were not provided legal analysis of program."
5mreplyretweetfavorite
emptywheel Ut oh. No one brought up First Amendment, meaning no mention of Bates eliminating 1A protections last year.
6mreplyretweetfavorite
emptywheel Again, Delery, if the FISC is providing oversight, then your political branches argument fails.
7mreplyretweetfavorite
emptywheel Let's also talk abt how ODNI is still hiding dates on PRTT program bc they would reveal it lied to court in CA,
10mreplyretweetfavorite
emptywheel "What else haven't you let us know" beyond what ODNI declassified? Let's talk abt how they use phone dragnet w/EO12333 dragnet, judge!
11mreplyretweetfavorite
emptywheel Ut oh. Delery doesn't know answer to whether FISC imposed requirements beyond govt.
12mreplyretweetfavorite
emptywheel Delery's trying to have it both ways. says political branches set limit to program, but not relying on minimization procedures set by FISC
13mreplyretweetfavorite
emptywheel What's nutty as shit abt Delery's current arg is the FISC--not a political branch--sets and oversees minimization procedures.
15mreplyretweetfavorite
bmaz @bsdtectr no, but she isn't good.
16mreplyretweetfavorite
emptywheel I'm so old I remember when Justice Roberts said govt protocols (minimization procedures) not adequate to protect 4th.
16mreplyretweetfavorite
September 2014
S M T W T F S
« Aug    
 123456
78910111213
14151617181920
21222324252627
282930