Posts

Leahy-Lee versus USA Lip Service: An Improvement, But Still a Domestic-as-Foreign Surveillance Bill

Patrick Leahy and Mike Lee have introduced their version of Section 702 reauthorization, which like HJC they also call USA Liberty and like that bill doesn’t improve liberty. For convenience and because I refuse to use Orwellian terms to whitewash surveillance, I’ll refer to them going forward as Leahy-Lee and USA Lip Service, respectively.

Leahy-Lee is an improvement on USA Lip Service.

Leahy-Lee’s warrant requirement is real

That’s true, first of all, because the warrant requirement to access content via back door searches is real. The bill requires a probable cause warrant for both foreign intelligence and criminal purposes. And because it is a meaningful warrant requirement, the count of how many warrants are obtained will also be real.

The bill permits searches on (and with AG-plus-designates approval, access to) metadata-plus. Like USA Lip Service, the bill doesn’t define the expanded definition of metadata, though it appears to permit the same location-based access that USA Lip Service does.

The bill is silent on whether metadata from searches can be the sole evidence in the warrant application to FISC, which may water down the warrant requirement dramatically.

Leahy-Lee doesn’t sunset the prohibition on about collection

Also unlike USA Lip Service, Leahy-Lee does not sunset the prohibition on about collection.

There are two areas where USA Lip Service is different in ways that may make it better.

USA Lip Service may not track White House unmasking

First, in a report on the number of unmaskings, USA Lip Service requires reports on the number of unmaskings by any “element of the Federal Government.”

(3) The number of—

(A) United States persons whose information is unmasked pursuant to the procedures adopted under subsection (e)(4) of such section;

(B) requests made by an element of the Federal Government, listed by each such element, to unmask information pursuant to such subsection; and

(C) requests that resulted in the dissemination of names, titles, or other identifiers potentially associated with individuals pursuant to such subsection, including the element of the intelligence community and position of the individual making the request.

Leahy-Lee only requires reporting under clause B from the IC.

(B) requests made by an element of the intelligence community, listed by each such element, to unmask information pursuant to such subsection;

That may have the effect of missing any unmasking done at the White House. I don’t much care about this stuff, but for Republicans that do, it’s an interesting omission in the Senate bill.

Leahy-Lee doesn’t limit use of information to 702 certificates

Perhaps most interesting, Leahy-Lee doesn’t have language that was added in the manager’s amendment of USA Lip Service, which would restrict the use of information collected under Section 702 to topics generally covered by the known certificates for it: terrorists, spies, proliferation, nation-state hacking, and other critical infrastructure issues.

(2) LIMITATION ON USE OF CERTAIN EXCEPTED QUERIED INFORMATION.—No information accessed or disseminated pursuant to section 702(j)(2)(D)(iv), or evidence derived therefrom, may be received in evidence or otherwise used pursuant to paragraph (1), except—

(A) with the prior approval of the Attorney General; and

(B) in a proceeding or investigation in which the information or evidence is directly related to and necessary to address a specific threat of—

(i) an act of terrorism specified in clauses (i) through (iii) of section 2332b(g)(5)(B) of title 18, United States Code;

(ii) espionage (as used in chapter 37 of title 18, United States Code);

(iii) proliferation or use of a weapon of mass destruction (as defined in section 2332a(c) of title 18, United States Code);

(iv) a cybersecurity threat (as defined in section 101(5) of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1501(5)) from a foreign country;

(v) incapacitation or destruction of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 16 U.S.C. 5195c(e))); or

(vi) a threat to the armed forces of the United States or an ally of the United States or to other personnel of the United States Government or a government of an ally of the United States.

Leahy-Lee still permits the collection of entirely domestic communications

The difference is important because Leahy-Lee does nothing to stop the known collection of entirely domestic communications, which I have reported involves the collection of Tor and (probably) VPN traffic. At least under HJC, that information can’t be used for many of the domestic crime purposes explicitly laid out in the SSCI bill, including murder, child porn, human trafficking (presumably including sex work), and narcotics trafficking. But Leahy-Lee would permit those uses.

Leahy rolled out his bill with this erroneous statement from Liza Goitein.

Elizabeth Goitein, co-director of the Brennan Center’s Liberty and National Security Program, said:  “This bill fixes the most serious problem with Section 702 surveillance today: the government’s ability to read Americans’ e-mails and listen to their telephone calls without a warrant,” and called the legislation “a very promising development in the reform debate.”

This is false. Leahy-Lee still permits the government to access (and with DIRNSA approval, retain) the entirely domestic communications of the 430,000 Americans that use Tor each day. Perhaps that’s why Leahy had Goitein make the comment, because he surely knows this is false.

ACLU comes out in support of a bill they admit is constitutionally deficient

And Goitein’s Brennan Center is not the only NGO supporting this bill. ACLU released a statement that can only be described as schizophrenic in support of the bill. While ACLU’s legislative counsel, Neema Singh Guliani, thankfully makes none of the errors that Goitein makes, she nevertheless admits that 702 remains constitutionally problematic.

“While this bill does not address all the constitutional concerns with Section 702, it represents an important step forward from the dismal status quo. The ACLU supports this bill, and urges Congress to ensure its reforms become law.”

And the statement goes on to lay out, correctly, several advantages of the Wyden-Paul bill, including ensuring that defendants (and affected people, like lawyers from ACLU working with targeted clients internationally) get notice and can challenge collection.

The ACLU urges improvements to the bill that would require a court order to access metadata collected under Section 702, narrow collection, and ensure the government provides appropriate notice.

Congress is currently considering several bills in advance of the Section 702 reauthorization deadline. Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) have introduced S.1997, the USA Rights Act, which completely closes the backdoor search loophole, ends the collection of known domestic communications, and takes steps to ensure that the government provides notice to individuals who have Section 702 information used against them. The ACLU supports this bill.

I’m very confused — and, as a member, gravely concerned — about why the ACLU would adopt such a schizophrenic strategy, and why it would lobby in favor of things that its other lawyers are litigating against.

ACLU risks losing the ability to sue on these issues in the future if it remains on this bill (which is one reason I was so glad they didn’t back USA Freedom in 2015). And if they can’t sue, than we can’t fix the issues that ACLU, in its statement, lays out as problems in Leahy-Lee.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Some Thoughts On The Arpaio Pardon

As you probably already know, Trump has pardoned Joe Arpaio. It is an abominable act by a lawless jackass. One lawless jackass pardoning another lawless jackass. Trump and Arpaio are really two peas in the same racist bigot pod; both supreme narcissists, ignorant and contemptuous of the rule of law down to their deepest bone.

And Marcy Wheeler is right that the nation as a whole is not the audience Trump is signaling, and while “Trump’s base” may be part of his audience in making this pardon move, it is likely even more intended for law enforcement. Police unions were almost across the board for Trump, and they do speak for their rank and file. Not to mention that all cops are fine with a pro law enforcement approach of Trump and his DOJ, not just the racist bigot ones.

The ACLU statement on the pardon is good:

For more from the ACLU, see the Twitter feed of Cecilia Wang, the litigation lead for ACLU on the Melendres and Arpaio litigation (she is seriously great).

But the ACLU doesn’t really go far enough. A couple of weeks ago I tweeted:

Because there is no point to which @realDonaldTrump will not shit on the rule of law and sanctity of federal courts. What a piece of shit.

That was a little flippant, but there is simply no question but that the pardon of Joe Arpaio is Donald Trump is degrading the Constitution and undermining the very fabric of the sanctity of courts and Rule of Law itself. If the Presidential pardon was not so unbound, this pardon would not stand up. It violates every iota of the American rule of law. It also is heinously invasive to the separation of powers in that it infringes on the power of the federal courts. But, again, don’t buy any nut telling you this pardon is unconstitutional or won’t stand up. That is silly, it is Constitutional, and it will stand up.

That said, Noah Feldman did a good piece explaining just what a Constitutional affront this act is, and should be considered:

To see why pardoning Arpaio would be so exceptional — and so bad — you have to start with the sheriff’s crime. Arpaio wasn’t convicted by a jury after a trial for violating some specific federal statute. Rather, he was convicted by a federal judge on the rather unusual charge of criminal contempt of court.

Specifically, Arpaio was convicted this July by Judge Susan Bolton of willfully and intentionally violating an order issued to him in 2011 by a different federal judge, G. Murray Snow.

Judge Bolton convicted Arpaio of criminal contempt. She found he had “willfully violated” the federal court’s order “by failing to do anything to ensure his subordinates’ compliance and by directing them to continue to detain persons for whom no criminal charges could be filed.” And she held that Arpaio had “announced to the world and to his subordinates that he was going to continue business as usual no matter who said otherwise.”

This is the crime that Trump is suggesting he might pardon: willful defiance of a federal judge’s lawful order to enforce the Constitution.

It’s one thing to pardon a criminal out of a sense of mercy or on the belief that he has paid his debt to society.

It’s trickier when the president pardons someone who violated the law in pursuit of governmental policy, the way George H.W. Bush pardoned the Iran-Contra participants, including Oliver North.

But it would be an altogether different matter if Trump pardoned Arpaio for willfully refusing to follow the Constitution and violating the rights of people inside the U.S.

Such a pardon would reflect outright contempt for the judiciary, which convicted Arpaio for his resistance to its authority. Trump has questioned judges’ motives and decisions, but this would be a further, more radical step in his attack on the independent constitutional authority of Article III judges.

An Arpaio pardon would express presidential contempt for the Constitution. Arpaio didn’t just violate a law passed by Congress. His actions defied the Constitution itself, the bedrock of the entire system of government. For Trump to say that this violation is excusable would threaten the very structure on which is right to pardon is based.

Go read Noah’s entire piece at Bloomberg, you should. It perfectly captures everything I have thought ever since Arpaio was convicted by Judge Susan Bolton in July, and pardon talk started up. And, make no mistake, Arpaio started carping about getting a Trump pardon almost immediately, even if behind the scenes. It started long before the last 10 days.

To add insult to injury, Trump had the gall to issue this announcement after glibly leaving for the personal golf driving range at Camp David with a message to the victims in Texas and the Gulf Coast, who are currently being hammered by a Category Four hurricane and face imminent disaster. Trump’s message was “good luck”. What a complete cad.

And after callously signing his order implementing his patently discriminatory transgender ban for the military. Chris Geidner has a good report on that.

Just for the record, this is Trump’s first pardon issued, and for that he chose the most craven one imaginable. For comparison, both Obama and Bush waited nearly two years, and applied the power only to subjects properly vetted by the DOJ traditional pardon process, a copy of which is here for reference. Arpaio was not even eligible for consideration at this point, much less deserving under the guidelines. Those guidelines can be found here, pay particular attention to §1-2.112. To be clear, Arpaio had not even been sentenced yet, and was almost certainly not going to be sentenced to incarceration by Sue Bolton. I have known Judge Bolton for nearly 30 years, and I just cannot fathom that she was going to do more than give a nominal fine to Arpaio.

Craven jackass Arapio has already started crowing about his ill begotten good fortune through, what else, Twitter:

Thank you @realdonaldtrump for seeing my conviction for what it is: a political witch hunt by holdovers in the Obama justice department!

What a racist bigot ass. Joe Arapio came into office on the wings of lies he told his initial backers. Before we close, a little story I wrote here a few years ago:

Joe Arpaio did not magically come to be Sheriff of Maricopa County. It happened because the two previous occupants of the Sheriff’s Office were, shall we say, problematic on their own. There was Dick Godbehere, who was, prior to being Sheriff of the fourth largest county in the United States, literally a lawn mower repairman. No, I kid you not. And he served with the same level of sophistication you would expect of a lawn mower repairman.

Then came Tom Agnos, who was supposed to return “professionalism” to the Maricopa County Sheriff’s Office (MCSO). But Agnos was a subservient Sun City resident who led the MCSO into not just the biggest cock-up in Maricopa county law enforcement history, but one of national and international proportion. The Buddhist Temple Murder Case where nine buddhist monks and acolytes were lined up and shot in the back of the head, execution style, at the Wat Promkunaram Buddhist Temple on the west side of Phoenix.

It was out of the Buddhist Temple Murders Joe Arpaio came to be. A group of prominent Phoenix trial attorneys, both criminal and civil, wanted an alternative to Tom Agnos and the whitewashing coverup he was conducting on one of the greatest coerced false confession cases in world history. The group of trial lawyers coalesced around the upstart primary candidacy of a local travel agent with a colorful background. Yep, one Joseph Arpaio.

Joseph Arpaio promised that initial group of trial lawyers he would clean up the MCSO, release the damning internal report of the gross misconduct that had occurred in the Temple Murder Case under Tom Agnos, which lead to at least four false and heinously coerced confessions, and that he would refuse, under all circumstances, to serve more than one term in office. It was a promise made and, obviously, a promise long ago broken.

To be fair, Arpaio did release the internal report on the Temple Murder Case, which led to five plus million dollar settlement for some of the most wrongfully arrested souls in American history. But with that promise kept within a short time of taking office, Joe Arpaio breached the solid promise he made to the people who gave him the seed funding carrying him into office. And Arpaio has made a mockery of his word, as a man, ever since by repeatedly running for office and sinking Maricopa County into depths of depravity and fiscal distress beyond comprehension, from the vantage of the MCSO.

So, now you know just exactly how Joe Arpaio came into office on the wings of lies. He leaves today on the wings of a Constitutional fraud and spittle in the face of the Rule of Law.

As a parting shot, the picture at the head of this article is of Arpaio at a cocktail party getting a surprise visit from Michael Manning, the local civil rights attorney who has fleeced Maricopa County for over $50 million because of Joe Arpaio’s craven and illegal actions. Arpaio was not thrilled to get his photo taken.

Bmaz is a rather large saguaro cactus in the Southwestern Sonoran desert. A lover of the Constitution, law, family, sports, food and spirits. As you might imagine, a bit prickly occasionally. Bmaz has attended all three state universities in Arizona, with both undergraduate and graduate degrees from Arizona State University, and with significant post-graduate work (in physics and organic chemistry, go figure) at both the University of Colorado in Boulder and the University of Arizona. Married, with both a lovely child and a giant Sasquatch dog. Bmaz has been a participant on the internet since the early 2000’s, including active participation in the precursor to Emptywheel, The Next Hurrah. Formally joined the Emptywheel blog as an original contributing member at its founding in 2007. Bmaz grew up around politics, education, sports and, most significantly, cars; notably around Formula One racing and Concours de Elegance automobile restoration and showing. Currently lives in the Cactus Patch with his lovely wife and beast of a dog, and practices both criminal and civil trial law.

“In the First Half of 2016” Signal Received an (Overbroad) Subpoena

This morning, the ACLU released a set of information associated with a subpoena served on Open Whisper Systems, the maker of Signal)\, for information associated with two phone numbers. As ACLU explained, OWS originally received the subpoena with a broad gag order. OWS was only able to turn over the account creation and last connection date for one of the phone numbers; the other account had no Signal account associated with it.

screen-shot-2016-10-04-at-7-31-15-am

But OWS also got ACLU to go challenge the gag associated with it, which led to the release of today’s information. All the specific data associated with the request is redacted (as reflected above), though ACLU was able to say the request was served on OWS in the first half of the year.

There are two interesting details of this. First, as OWS/ACLU noted in their response to the government, the government asked for far more information than they can obtain with a subpoena, including:

  • subscriber name
  • subscriber address
  • subscriber telephone numbers
  • subscriber email addresses
  • subscriber method of payment
  • subscriber IP registration
  • IP history logs and addresses
  • subscriber account history
  • subscriber toll records
  • upstream and downstream providers
  • any associated accounts acquired through cookie data
  • any other contact information from inception to the present

As OWS/ACLU noted,

OWS notes that not all of those types of information can be appropriately requested with a subpoena. Under ECPA, the government can use a subpoena to compel disclosure of information from an electro1lic communications service provider onJy if that information falls within the categories listed at 18 U.S.C. § 2703(c)(2). For other types of information, the government must obtain a court order or search warrant. OWS objects to use of the grand-jury subpoena to request information beyond what is authorized in Section 2703(c)(2).

I’ve got an email in with ACLU, but I believe ECPA would not permit the government to obtain the IP, cookie, and upstream/downstream information. Effectively, the government tried to do here what they have done with NSLs, obtain information beyond the subscriber and toll record information permitted by statute.

ACLU says this is “the only one ever received by OWS,” presumably meaning it is the only subpoena the company has obtained, but it notes the government has other ways of gagging compliance, including with NSLs (it doesn’t mention Section 215 orders, but that would be included as well).

I do wonder whether in the latter case — with a request for daily compliance under Section 215 — Signal might be able to turn over more information, given that they would know prospectively the government was seeking the information. That’s particularly worth asking given that the District that issued this subpoena — Eastern District of Virginia — is the one that specializes in hacking and other spying cases (and is managing the prosecution of Edward Snowden, who happens to use Signal), which means they’d have the ability to use NSLs or individualized 215 orders for many of their cases.

Update: Here’s a Chris Soghoian post from 2013 that deals with some, but not all, of the scope issues pertaining to text messaging.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

In 2010, DOJ Was Stalling Gang of Four Member Silvestre Reyes Over (Probably) Common Commercial Services Memo

As far as the public record shows, Ron Wyden first started complaining about the Common Commercial Service OLC Memo in late 2010, in a letter with Russ Feingold written “over two years” before January 14, 2013. As I’ve written, John Yoo wrote the memo on May 30, 2003, as one of the last things he did before he left the Office of Legal Council. It seems to have something to do with both the Stellar Wind program and cybersecurity, and apparently deals with agreements with private sector partners. At least one agency has operated consistently with the memo (indeed, Ron Wyden’s secret memo submitted to the court probably says the memo was implemented) but the government claims that doesn’t mean that agency relied on the memo and so the ACLU can’t have it in its FOIA lawsuit.

According to a letter liberated by Jason Leopold, however, someone in Congress was raising concerns about a memo — which is probably the same one — even before Wyden and Feingold were. On June 30, 2010, then Chair of the House Intelligence Committee Silvestre Reyes wrote Attorney General Holder a letter about a May 30, 2003 memo. On October 5, Ron Weich wrote Reyes,

We have conferred with Committee staff about your letter and your concerns regarding the potential implications of the opinion. We appreciate your concerns and your recognition of the complexities of the issues involved in our consideration of your request. We will let you know as soon as we are in a position to provide additional information.

In other words, three months after one of the top ranking intelligence overseers in government raised concerns about the memo, DOJ wrote back saying they weren’t yet “in a position to provide additional information.”

That seems like a problem to me.

It also seems to be another data point suggesting that — whatever the government did back in 2003, after Yoo wrote the memo — it was being discussed more generally in 2010, possibly with an eye to implement it.

Update: On reflection, I may have overstated how sure we can be that this May 30 opinion is the same opinion. I’ve adjusted the post accordingly.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

One Reason CIA Is Claiming Drone Emails Are Top Secret: ACLU’s FOIA

The NYT has a really helpful description of the emails to Hillary that intelligence agencies are claiming are Top Secret. It explained how several of the emails almost certainly couldn’t derive from the intelligence the agency claimed they came from, such as this one on North Korea.

The fourth involved an email sent by Kurt M. Campbell, the assistant secretary of state for Asian affairs, shortly after a North Korean ballistic missile test in July 2009. The email has not yet been made public, even in redacted form, but the State Department has challenged an assertion from the National Geospatial-Intelligence Agency, which gathers data through satellite images, that the email included information that came from a highly classified program.

In a letter this past Dec. 15 to Senator Bob Corker, the Tennessee Republican who is chairman of the Senate Foreign Relations Committee, a State Department official said that the information could not have been based on N.G.A.’s intelligence because Mr. Campbell did not receive any classified intelligence briefings for what was a new job for him until a few days after the North Korean test.

I believe the NGA was dawdling on signing a sworn declaration about this email, unlike the CIA (whose Martha Lutz has signed her name to many a wacky claim).

Unsurprisingly, the NYT reports that the bulk of the emails in question pertain to the drone program, specifically in Pakistan.

The Obama administration’s decision to keep most internal discussions about that program — including all information about C.I.A. drone strikes in Pakistan — classified at the “top secret” level has now become a political liability for Mrs. Clinton’s presidential campaign.

[snip]

Several officials said that at least one of the emails contained oblique references to C.I.A. operatives. One of the messages has been given a designation of “HCS-O” — indicating that the information was derived from human intelligence sources — a detail that was first reported by Fox News. The officials said that none of the emails mention specific names of C.I.A. officers or the spy agency’s sources.

The government officials said that discussions in an email thread about a New York Times article — the officials did not say which article — contained sensitive information about the intelligence surrounding the C.I.A.’s drone activities, particularly in Pakistan.

The officials said that at least one of the 22 emails came from Richard C. Holbrooke, who as the administration’s special envoy for Afghanistan and Pakistan would have been intimately involved in dealing with the ramifications of drone strikes. Mr. Holbrooke died in December 2010.

Reading these passages and the article in general made me realize something: The reason the CIA is insisting these are classified is almost certainly because of the ACLU’s two FOIAs for drone information. In the Awlaki-focused one, the ACLU (and NYT) succeeded in arguing that past public statements from people like Leon Panetta constituted a waiver of the classification of the CIA’s involvement in the program. Any public dissemination of other official Administration figures discussing the drone program would provide ACLU another opportunity to go to the judges in these cases and demand further disclosure about CIA’s involvement in the drone program.

Over the years, the Obama Administration has gone to great lengths to defeat the ACLU in its various FOIAs, from having National Security Advisor Jim Jones get involved in the torture FOIA to delaying congressional oversight into the Awlaki killing. Here, it appears they’re even willing to damage Hillary’s campaign to serve as the inheritor to Obama’s legacy to thwart the ACLU.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Obama Administration Changed the Rationale for Why Assassinations Don’t Violate the Assassination Prohibition

As a number of outlets have reported, the Second Circuit last month upheld the government’s effort to keep a March 29, 2002 OLC memo pertaining to targeted killing secret; the opinion was unsealed yesterday. The government is probably doing so to keep changes in their rationale for why assassinations don’t violate the prohibition on assassination in EO 12333 secret.

The judges on the panel — especially Judge Jon Normand, who wrote the opinion — had pushed during an ex parte hearing in June to release language in that earlier memo because the dog & pony show around drone strikes in 2012 to 2013 had used closely related language. But after some more secret briefing, the court decided the application of EO 12333 was different enough such that it remained properly protected.

It seems highly likely the specific part of EO 12333 under discussion pertains to the assassination ban. Between the earlier hearing and the opinion, the court pointed to language in the March 25, 2010 Harold Koh speech, the March 5, 2012 Eric Holder speech, and the April 30, 2012 John Brennan speech on targeted killing (they also pointed to two Panetta comments). Each of the cited speeches discusses the assassination ban — and little else that might directly pertain to EO 12333, besides just generally covert operations authorized under Article II. There’s this language in Koh’s speech.

Fourth and finally, some have argued that our targeting practices violate domestic law, in particular, the long-standing domestic ban on assassinations. But under domestic law, the use of lawful weapons systems—consistent with the applicable laws of war—for precision targeting of specific high-level belligerent leaders when acting in self-defense or during an armed conflict is not unlawful, and hence does not constitute “assassination.”

This language in Holder’s speech,

Some have called such operations “assassinations.” They are not, and the use of that loaded term is misplaced. Assassinations are unlawful killings. Here, for the reasons I have given, the U.S. government’s use of lethal force in self defense against a leader of al Qaeda or an associated force who presents an imminent threat of violent attack would not be unlawful — and therefore would not violate the Executive Order banning assassination or criminal statutes.

And this language in Brennan’s speech.

In this armed conflict, individuals who are part of al-Qa’ida or its associated forces are legitimate military targets.  We have the authority to target them with lethal force just as we targeted enemy leaders in past conflicts, such as German and Japanese commanders during World War II.

But even though all these public speeches commented on this interpretation of the assassination ban, the 2nd Circuit still permitted the government to shield the earlier memo.

The transcript of the June ex parte hearing reveals one explanation for that: the earlier memo was a “far broader interpretation” of the issue.

Screen Shot 2015-11-24 at 1.51.21 PM

That’s consistent with the government’s earlier claim (which I wrote about here).

Although the district court noted that the OLC-DOD Memorandum released by this Court contained a “brief mention” of Executive Order 12,333, the district court concluded that the analysis in the March 2002 Memorandum is significantly different from any legal analysis that this Court held has been officially disclosed and for which privilege has been waived.

In other words, while the earlier memo discusses the same aspect of EO 12333 as these public speeches (again, the assassination ban is by far the most likely thing), the earlier memo uses significantly different analysis, and so it may be hidden.

The June transcript also reveals that OLC lawyers reviewed and wrote on the 2002 memo at a later time — the implication being that someone in OLC reviewed the earlier memo in 2010 when writing the Awlaki one (and curiously, that hard copy with handwritten notes is the only one DOJ claims it can find).

Screen Shot 2015-11-24 at 4.32.17 PM

There are two things I find increasingly interesting about this earlier memo about EO 12333 — including at least one part presumably about the assassination ban. First, the implication that one of the lawyers reviewing it in 2010 saw the need to write a new memo (perhaps seeing the need to clean up yet more crazy John Yoo language? who knows). As I repeat endlessly, we know there’s a memo of uncertain date in which Yoo said the President could pixie dust the plain language of EO 12333 without changing the public language of it, and it’s possible this is what that memo did (though the President was clearly pixie dusting surveillance rules).

But I’m also interested in the date: March 29, 2002. The day after we captured Abu Zubaydah (who, at the time, top officials at least claimed to believe was a top leader of al Qaeda). The SSCI Torture Report made it clear the CIA originally intended to disappear detainees. Were they planning to execute them? If so, what stopped things?

In any case, CIA won its battle to hide this earlier discussion so we may never know. But it appears that DOJ may have felt the need to think thing through more seriously before drone assassinating a US citizen. So there is that.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Defining Stingray Emergencies … or Not

A couple of weeks ago, ACLU NoCal released more documents on the use of Stingray. While much of the attention focused on the admission that innocent people get sucked up in Stingray usage, I was at least as interested in the definition of an emergency during which a Stingray could be used with retroactive authorization:
Screen Shot 2015-11-08 at 9.27.59 AM

I was interested both in the invocation of organized crime (which would implicate drug dealing), but also the suggestion the government would get a Stingray to pursue a hacker under the CFAA. Equally curiously, the definition here leaves out part of the definition of “protected computer” under CFAA, one used in interstate communication.

(2) the term “protected computer” means a computer—
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

Does the existing definition of an emergency describe how DOJ has most often used Stingrays to pursue CFAA violations (which of course, as far as we know, have never been noticed to defendants).

Now compare the definition Jason Chaffetz used in his Stingray Privacy Act, a worthwhile bill limiting the use of Stingrays, though this emergency section is the one I and others have most concerns about. Chaffetz doesn’t have anything that explicitly invokes the CFAA definition, and collapses the “threat to national security” and, potentially, the CFAA one into “conspiratorial activities threatening the national security interest.”

(A) such governmental entity reasonably determines an emergency exists that—

(i) involves—

(I) immediate danger of death or serious physical injury to any person;

(II) conspiratorial activities threatening the national security interest; or

(III) conspiratorial activities characteristic of organized crime;

Presumably, requiring conspiratorial activities threatening the national security interest might raise the bar — but would still permit — the use of Stingrays against low level terrorism wannabes. Likewise, while it would likely permit the use of Stingrays against hackers (who are generally treated as counterinteligence threats among NatSec investigators), it might require some conspiracy between hackers.

All that said, there’s a whole lot of flux in what even someone who is often decent on civil liberties like Chaffetz considers a national security threat.

And, of course, in the FISA context, the notion of what might be regarded as an immediate danger of physical injury continues to grow.

These definitions are both far too broad, and far too vague.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Second Circuit Attempts to Reassert Its Non-Definition of Relevant

Orin Kerr and Steve Vladeck got in a bit of a squabble last week over the Second Circuit’s decision not to reach the constitutionality of the phone dragnet. Vladeck called it wrong-headed, because even if the constitutional injury of the dragnet is temporary (that is, only until November 29), it’s the kind of injury that can recur. Kerr reads both this — and the Second Circuit’s original opinion — to be nothing more than a pragmatic nudge to Congress. “If you liked that opinion, it’s a little hard to object to the Second Circuit’s pragmatic, politically savvy, we-got-Congress-to-act-on-this-so-we’re-done moves in the second opinion.”

But I think both are misreading what the Second Circuit tried to do with this.

Take Kerr’s suggestion that the initial ruling from the Second Circuit got Congress to act.  He doesn’t say what he means by that (or which civil libertarians he had in mind when asserting that). The earlier decision certainly added pressure to get the bill through Congress.

But look at how Gerard Lynch, in his opinion, describes the relationship: Congress not just passed a bill to prohibit bulk telephone collection, but it “endorsed our understanding of the key term ‘relevance.'”

Congress passed the Freedom Act in part to prohibit bulk telephone metadata collection, and in doing so endorsed our understanding of the key term “relevance.”  See H.R. Rep. No. 114‐109, at 19.

Lynch goes on to cite the House report on the bill to support this claim.

Section 103 of the Freedom Act, titled “Prohibition on Bulk Collection of Tangible Things,” states that “[n]o order issued under this subsection may authorize the collection of tangible things without the use of a specific selection term” that meets certain requirements.  Id.  The purpose of § 103 is to “make[] clear that the government may not engage in indiscriminate bulk collection of any tangible thing or any type of record.”  H.R. Rep. No. 114‐109, pt. 1, at 18 (2015).  Section 103 is also intended to “restore meaningful limits to the ‘relevance’ requirement of Section 501, consistent with the opinion of the U.S. Court of Appeals for the Second Circuit in ACLU v. Clapper.”  Id. at 19.

He cites language point to an entire section that the House says will restore limits to the relevance requirement of a section of a law “consistent” with his own earlier opinion.

All that said, it’s not clear that USA F-ReDux, as written, does do that. That’s true, first of all, because while the House report specifically states, “Congress’ decision to leave in place the ‘relevance’ standard for Section 501 orders should not be construed as Congress’ intent to ratify the FISA Court’s interpretation of that term” (Lynch cites this language in his opinion), it also doesn’t state that Congress intended to override that definition. What the bill did instead was leave the word “relevant” (still potentially meaning “all” as FISC defined it) in place, but place additional limits for its application under FISA.

Moreover, I’m not convinced the limits as written in USA F-ReDux accomplish all that the Second Circuit’s earlier opinion envisioned, which is perhaps best described in the ways the dragnets didn’t resemble warrants or subpoenas.

Moreover, the distinction is not merely one of quantity – however vast the quantitative difference – but also of quality.  Search warrants and document subpoenas typically seek the records of a particular individual or corporation under investigation, and cover particular time periods when the events under investigation occurred.  The orders at issue here contain no such limits.  The metadata concerning every telephone call made or received in the United States using the services of the recipient service provider are demanded, for an indefinite period extending into the future.  The records demanded are not those of suspects under investigation, or of people or businesses that have contact with such subjects, or of people or businesses that have contact with others who are in contact with the subjects – they extend to every record that exists, and indeed to records that do not yet exist, as they impose a continuing obligation on the recipient of the subpoena to provide such records on an ongoing basis as they are created.

Even setting aside my concern that USA F-ReDux only explicitly prohibits the use of communications company names like Verizon and AT&T as a specific selection term — thus leaving open the possibility FISC will continue to let the government use financial company names as specific selection terms — USA F-ReDux certainly envisions the government imposing “a continuing obligation on the recipient of the subpoena to provide such records on an ongoing basis.” It also permits the collection of records that “are not those of suspects under investigation.”

In other words, Lynch used this second opinion to do more than say the Second Circuit was “done with it.” He used it to interpret USA F-ReDux — and the word “relevant” generally, outside of FISA, and to do so in ways that go beyond the clear language of the bill.

Vladeck is wrong when he suggested the Second Circuit would assess “whether and to what extent the Fourth Amendment applies to information we voluntarily provide to third parties” — that is, the Third Party Doctrine generally. The Second Circuit made it quite clear throughout that they were interested in the application of “relevant,” not whether the Third Party Doctrine still applied generally, which is probably why Lynch isn’t that worried about the injury recurring.

And I think Lynch used this opinion — one the government can’t really appeal — to suggest the application of USA F-ReDux is broader than it necessarily is, and to suggest the narrowing of “relevant to” is more general than it would be under USA F-ReDux (which applies just to certain sections of FISA, but not to the definition of “relevant” generally).

It’s not clear how useful the opinion will be in restricting other over-broad uses of the word “relevant” (especially given DEA claims it has eliminated its dragnet). But I do suspect, having interpreted the law as having narrowed the meaning of the law, Lynch felt like he had limited the egregious constitutional injury.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Awkward Timing of the 2nd Circuit Denial of ACLU’s Request for a Phone Dragnet Injunction

The 2nd circuit just denied the ACLU’s request for an injunction in the phone dragnet, finding that Congress intended to let the dragnet continue for 6 months after passage of USA F-ReDux.

That’s not all that surprising, but it also means the 2nd circuit is dodging constitutional issues for now (in part by claiming Congress had adopted their reasoning on the meaning of “relevant to,” which it did not; I will return to this).

But the court remanded the case on one main issue: what happens on November 29, when the 6 month transition period ends.

Appellants and the government disagree, however, regarding the mootness of the final relief requested after November 29: an injunction that would require the government to end the telephone metadata program and purge records collected unlawfully.  Appellants argue that the government intends to retain the records “indefinitely,” and are under no outside obligation to purge them, and thus that their claims for relief will not become moot on November 29.  The government argues that the claims will be moot on November 29, because the telephone metadata program will cease at that time, and an order enjoining the telephone metadata program will have no effect.

Further, the government notes that the Office of the Director of National Intelligence has announced that the government will not use § 215 data for law enforcement or investigatory purposes after November 29.  See Statement by the ODNI on Retention of Data Collected Under Section 215 of the USA PATRIOT Act (July 27, 2015).  Additionally, the government states that it will destroy all records as soon as possible after the government’s litigation‐preservation obligations end, id., and thus Appellants’ requests that their information no longer be queried and that their records be purged will also be moot.

[snip]

We do not address whether Appellants’ claims will become moot on November 29, and leave this, and all other remaining questions, to the district court in the first instance.

While I don’t expect much to come of this question either, it is rather awkward that the court has chosen to remand that decision today, of all days.

As it is, the 2nd circuit misses one development in this case, which is that after declaring on July 27 that they were going to keep the data but not use it for law enforcement purposes, the FISC then refused the government’s request to just rubber stamp that decision. So the question of what will happen with the data is still being review at the FISC.

Not only that, but today is also the deadline Michael Mosman set for FISC-appointed amicus Preston Burton to submit his first brief on this question.

So Burton will submit something — there’s no reason to think we’ll get to see all of his brief — without the benefit of knowing that ACLU may still contest whatever he argues for regarding the use of the data past November 29. And of course, one reason the government may need to keep that data past November 29 is because EFF has a protection order that requires they keep it for their lawsuit(s).

That still doesn’t mean anything all that interesting will come of this, but we do have two courts addressing the same question at the same time, without full notice of the other.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Loopholes in DOJ’s New Stingray Policy

DOJ just announced a new policy on use of Stingrays which requires a warrant and minimization of incidentally-collected data. It’s big news and an important improvement off the status quo.

But there are a few loopholes.

Exigent and emergency uses

First, the policy reserves exigent uses. The exigent uses include most of DOJ Agencies known uses of Stingrays now.

These include the need to protect human life or avert serious injury; the prevention of the imminent destruction of evidence; the hot pursuit of a fleeing felon; or the prevention of escape by a suspect or convicted fugitive from justice.

[snip]

In addition, in the subset of exigent situations where circumstances necessitate emergency pen register authority pursuant to 18 U.S.C. § 3125 (or the state equivalent), the emergency must be among those listed in Section 3125: immediate danger of death or serious bodily injury to any person; conspiratorial activities characteristic of organized crime; an immediate threat to a national security interest; or an ongoing attack on a protected computer (as defined in 18 U.S.C. § 1030) that constitutes a crime punishable by a term of imprisonment greater than one year.

We know the US Marshals constitute the most frequent users of admitted Stingray use — they’d be covered in prevention of escape by a fugitive. DEA seems to use them a lot (though I think more of that remains hidden). That’d include “conspiratorial activities characteristic of organized crime.” And it’s clear hackers are included here, which includes the first known use, to capture Daniel Rigmaiden.

And I’m not sure whether the exigent/emergency use incorporates the public safety applications mentioned in the non-disclosure agreements localities sign with the FBI, or if that’s included in this oblique passage.

There may also be other circumstances in which, although exigent circumstances do not exist, the law does not require a search warrant and circumstances make obtaining a search warrant impracticable. In such cases, which we expect to be very limited, agents must first obtain approval from executive-level personnel at the agency’s headquarters and the relevant U.S. Attorney, and then from a Criminal Division DAAG. The Criminal Division shall keep track of the number of times the use of a cell-site simulator is approved under this subsection, as well as the circumstances underlying each such use.

In short, many, if not most, known uses are included in exceptions to the new policy.

Notice to defendants

The many known uses of Stingrays where warrants would not be necessary — and where DOJ would therefore just be using a PRTT — are of particular importance given the way new disclosure requirements work. There are, to be sure, admirable new requirements to tell judges what the fuck they’re approving and what it means. But nothing explicitly says defendants will not get noticed. DOJ has said no past or current usage of Stingrays will get noticed to defendants. And all these non-warrant uses of Stingrays will be noticed either, probably. In other words, this returns things to the condition where defendants won’t know — because they would normally expect to see a warrant that wouldn’t exist in these non-warrant uses.

Sharing with localities

The policy doesn’t apply to localities, which increasingly have their own Stingrays they permit federal agencies to use. Curiously, the language applying this policy to federal cooperation with localities would suggest the federal rules only apply if the Feds are supporting localities, not if the reverse (FBI borrowing Buffalo’s Stingray, for example) is the case.

The Department often works closely with its State and Local law enforcement partners and provides technological assistance under a variety of circumstances. This policy applies to all instances in which Department components use cell-site simulators in support of other Federal agencies and/or State and Local law enforcement agencies.

Thus, it may leave a big out for the kind of cooperation we know to exist.

National security uses

Then, of course, the policy only applies in the criminal context, though DOJ claims it will adopt a policy “consistent” with this one on the FISC side.

This policy applies to the use of cell-site simulator technology inside the United States in furtherance of criminal investigations. When acting pursuant to the Foreign Intelligence Surveillance Act, Department of Justice components will make a probable-cause based showing and appropriate disclosures to the court in a manner that is consistent with the guidance set forth in this policy.

BREAKING! FBI has been using Stingrays in national security investigations! (Told ya!)

This language is itself slippery. FISC use of Stingrays probably won’t be consistent on the FISC side (even accounting for the many ways exigent uses could be claimed in national security situations), because we know that FISC already has different rules for PRTT on the FISC side, in that it permits collection of post cut through direct dialed numbers — things like extension numbers — so long as that gets minimized after the fact. The section on minimization here emphasizes the “law enforcement” application as well. So I would assume that not only will national security targets of Stingrays not get noticed on it, but they may use different minimization rules as well (especially given FBI’s 30 year retention for national security investigation data).

Other agencies use of Stingrays for content

DOJ suggests that DOJ never collects content using Stingrays by stating that its Stingrays always get set not to collect content.

Moreover, cell-site simulators used by the Department must be configured as pen registers, and may not be used to collect the contents of any communication, in accordance with 18 U.S.C. § 3127(3). This includes any data contained on the phone itself: the simulator does not remotely capture emails, texts, contact lists, images or any other data from the phone. In addition, Department cell-site simulators do not provide subscriber account information (for example, an account holder’s name, address, or telephone number).

But the rest of the policy makes it clear that department agents will work with other agencies on Stingray use. Some of those — such as JSOC — not only would have Stingrays that get content, but can even partner within the US with FBI.  So DOJ hasn’t actually prohibited its agencies from getting content from a Stingray (domestically — it goes without saying they’re permitted to do so overseas), just that it won’t do so using its own Stingrays.

Funny definitional games

Finally, while not necessarily a loophole (or at least not one I completely understand yet), I’m interested in this definition.

In the context of this policy, the terms “collection” and “retention” are used to address only the unique technical process of identifying dialing, routing, addressing, or signaling information, as described by 18 U.S.C. § 3 I 27(3), emitted by cellular devices. “Collection” means the process by which unique identifier signals are obtained; “retention” refers to the period during which the dialing, routing, addressing, or signaling information is utilized to locate or identify a target device, continuing until tlle point at whic!h such information is deleted.

This definition (which only applies to this policy and therefore perhaps not to national security uses of Stingrays) employs an entirely different definition for collection and retention than other collection that relies on collection then software analysis. Under upstream collection, for example, the government calls this definition of “retention” something closer to “collection.” Don’t get me wrong — this is probably a better definition than that used in other contexts. But I find it funny that FBI employs such different uses of these words in very closely connected contexts.

So, in sum, this is a real victory, especially the bit about actually telling judges what they’re approving when they approve it.

But there are some pretty obvious loopholes here….


Update: ACLU also welcomes this while pointing to some of the limits of the policy.

Update: Here are some of my posts on the FISA uses of PRTT, including (we now know) Stingrays.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.