Al Franken

Every Senator Who Supports USA Freedom May Be Affirmatively Ratifying a Financial Dragnet

Now that I’ve finally got around to reading the so-called transparency provisions in Patrick Leahy’s USA Freedom Act, I understand that one purpose of the bill, from James Clapper’s perspective, is to get Congress to ratify some kind of financial dragnet conducted under Section 215.

As I’ve laid out in detail before, there’s absolutely no reason to believe USA Freedom Act does anything to affect non-communications collection programs.

That’s because the definition of “specific selection term” permits (corporate) persons to be used as a selector, so long as they aren’t communications companies. So Visa, Western Union, and Bank of America could all be used as the selector; Amazon could be for anything not cloud or communications-related. Even if the government obtained all the records from these companies — as reports say it does with Western Union, at least — that would not be considered “bulk” because the government defines “bulk” as collection without a selector. Here, the selector would be the company.

And as I just figured out yesterday, the bill requires absolutely no individualized reporting on traditional Section 215 orders that don’t obtain communications. Here’s what the bill requires DNI to report on traditional 215 collection.

(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders; and
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

The bill defines “individuals whose communications were collected” this way:

(3) INDIVIDUAL WHOSE COMMUNICATIONS WERE COLLECTED.—The term ‘individual whose communications were collected’ means any individual—
(A) who was a party to an electronic communication or a wire communication the contents or noncontents of which was collected; or
(B)(i) who was a subscriber or customer of an electronic communication service or remote computing service; and
(ii) whose records, as described in subparagraph (A), (B), (D), (E), or (F) of section 2703(c)(2) of title 18, United States Code, were collected.

Thus, the 215 reporting only requires the DNI to provide individualized reporting on communications related orders. It requires no individualized reporting at all on actual tangible things (in the tangible things provision!). A dragnet order collecting every American’s Visa bill would be reported as 1 order targeting the 4 or so terrorist groups specifically named in the primary order. It would not show that the order produced the records of 310 million Americans.

I’m guessing this is not a mistake, which is why I’m so certain there’s a financial dragnet the government is trying to hide.

Under the bill, of course, Visa and Western Union could decide they wanted to issue a privacy report. But I’m guessing if it would show 310 million to 310,000,500 of its customers’ privacy was being compromised, they would be unlikely to do that.

So the bill would permit the collection of all of Visa’s records (assuming the government could or has convinced the FISC to rubber stamp that, of course), and it would hide the extent of that collection because DNI is not required to report individualized collection numbers.

But it’s not just the language in the bill that amounts to ratification of such a dragnet.

As the government has argued over and over and over, every time Congress passes Section 215′s “relevant to” language unchanged, it serves as a ratification of the FISA Court’s crazy interpretation of it to mean “all.” That argument was pretty dodgy for reauthorizations that happened before Edward Snowden came along (though its dodginess did not prevent Clare Eagan, Mary McLaughlin, and William Pauley from buying it). But it is not dodgy now: Senators need to know that after they pass this bill, the government will argue to courts that it ratifies the legal interpretations publicly known about the program.

While the bill changes a great deal of language in Section 215, it still includes the “relevant to” language that now means “all.” So every Senator who votes for USAF will make it clear to judges that it is the intent of Congress for “relevant to” to mean “all.”

And it’s not just that! In voting for USAF, Senators would be ratifying all the other legal interpretations about dragnets that have been publicly released since Snowden’s leaks started.

That includes the horrible John Bates opinion from February 19, 2013 that authorized the government to use Section 215 to investigate Americans for their First Amendment protected activities so long as the larger investigation is targeted at people whose activities aren’t protected under the First Amendment. So Senators would be making it clear to judges their intent is to allow the government to conduct investigations into Americans for their speech or politics or religion in some cases (which cases those are is not entirely clear).

That also includes the John Bates opinion from November 23, 2010 that concluded that, “the Right to Financial Privacy Act, … does not preclude the issuance of an order requiring the production of financial records to the Federal Bureau of Investigation (FBI) pursuant to the FISA business records provision.” Given that Senators know (or should — and certainly have the ability to — know) about this before they support USAF, judges would be correct in concluding that it was the intent of Congress to permit the government to collect financial records under Section 215.

So Senators supporting this bill must realize that supporting the bill means they are supporting the following:

  • The interpretation of “relevant to” to permit the government to collect all of a given kind of record in the name of a standing FBI terrorism investigation.
  • The use of non-communication company corporate person names, like Visa or Western Union, as the selector “limiting” collection.
  • The use of Section 215 to collect financial records.
  • Not requiring the government to report how many Americans get sucked up in any financial (or any non-communications) dragnet.

That is, Senators supporting this bill are not only supporting a possible financial dragnet, but they are helping the government hide the existence of it.

I can’t tell you what the dragnet entails. Perhaps it’s “only” the Western Union tracking reported by both the NYT and WSJ. Perhaps James Cole’s two discussions of being able to collect credit card records under this provision means they are. Though when Leahy asked him if they could collect credit card records to track fertilizer purchases, Cole suggested they might not need everyone’s credit cards to do that.

Leahy: But if our phone records are relevant, why wouldn’t our credit card records? Wouldn’t you like to know if somebody’s buying, um, what is the fertilizer used in bombs?

Cole: I may not need to collect everybody’s credit card records in order to do that.

[snip]

If somebody’s buying things that could be used to make bombs of course we would like to know that but we may not need to do it in this fashion.

We don’t know what the financial dragnet is. But we know that it is permitted — and deliberately hidden — under this bill.

Below the rule I’ve put the names of the 18 Senators who have thus far co-sponsored this bill. If one happens to be your Senator, it might be a good time to urge them to reconsider that support.


Patrick Leahy (202) 224-4242

Mike Lee (202) 224-5444

Dick Durbin (202) 224-2152

Dean Heller (202) 224-6244

Al Franken (202) 224-5641

Ted Cruz (202) 224-5922

Richard Blumenthal (202) 224-2823

Tom Udall (202) 224-6621

Chris Coons (202) 224-5042

Martin Heinrich (202) 224-5521

Ed Markey (202) 224-2742

Mazie Hirono (202) 224-6361

Amy Klobuchar (202) 224-3244

Sheldon Whitehouse (202) 224-2921

Chuck Schumer (202) 224-6542

Bernie Sanders (202) 224-5141

Cory Booker (202) 224-3224

Bob Menendez (202) 224-4744

Sherrod Brown (202) 224-2315

 

 

Sheldon Whitehouse: We Can’t Unilaterally Disarm, Even to Keep America Competitive

I have to say, the Senate Judiciary Committee hearing on the dragnet was a bust.

Pat Leahy was fired up — and even blew off a Keith Alexander attempt to liken the Internet to a library with stories of the library card he got when he was 4. While generally favoring the dragnet, Chuck Grassley at least asked decent questions. But because of a conflict with a briefing on the Iran deal, Al Franken was the only other Senator to show up for the first panel. And the government witnesses — Keith Alexander, Robert Litt, and James Cole — focused on the phone dragnet disclosed over 6 months ago, rather than newer disclosures like back door searches and the Internet dragnet, which moved overseas. Litt even suggested — in response to a question from Leahy — that they might still be able to conduct the dragnet if they could bamboozle the FISA Court on relevance, again (see Spencer on that). As a result, no one discussed the systemic legal abuses of the Internet dragnet or NSA’s seeming attempt to evade oversight and data sharing limits by moving their dragnet overseas.

Things went downhill when Leahy left for the Iran briefing and Sheldon Whitehouse presided over the second panel, with the Computer & Communications Industry Association’s Edward Black, CATO’s Julian Sanchez, and Georgetown professor (and former DOJ official) Carrie Cordero. Sanchez hit some key points on the why Internet metadata is not actually like phone pen registers. Cordero acknowledged that metadata was very powerful but then asserted that the metadata of the phone-based relationships of every American was not.

And Black tried to make the case that the spying is killing America.

Or, more specifically, his industry’s little but significant corner of America, the Internet. While only some of this was in his opening statement, Black made the case that the Internet plays a critical role in America’s competitiveness.

While these are critical issues, it is important that the Committee also concern itself with the fact that the behavior of the NSA, combined with the global environment in which this summer’s revelations were released, may well pose an existential threat to the Internet as we know it today, and, consequently, to many vital U.S. interests, including the U.S. economy.

[snip]

The U.S. government has even taken notice. A recent comprehensive re- port from the U.S. International Trade Commission (ITC) noted, “digital trade continues to grow both in the U.S. economy and globally” and that a “further increase in digital trade is probable, with the U.S. in the lead.” In fact, the re- port also shows, U.S. digital exports have exceeded imports and that surplus has continually widened since 2007.

[snip]

As a result, the economic security risks posed by NSA surveillance, and the international political reaction to it, should not be subjugated to traditional national security arguments, as our global competitiveness is essential to long-term American security. It is no accident that the official National Security Strategy of the United States includes increasing exports as a major component of our national defense strategy.

Then he laid out all the ways that NSA’s spying has damaged that vital part of the American economy: by damaging trust, especially among non-American users not granted to the protections Americans purportedly get, and by raising suspicion of encryption.

Black then talked about the importance of the Internet to soft power. He spoke about this generally, but also focused on the way that NSA spying was threatening America’s dominant position in Internet governance, which (for better and worse, IMO) has made the Internet the medium of exchange it is.

The U.S. government position of supporting the multi-stakeholder model of Internet governance has been compromised. We have heard increased calls for the ITU or the United Nations in general to seize Internet governance functions from organizations that are perceived to be too closely associated with the U.S. government, such as the Internet Corporation for Assigned Names and Numbers (ICANN).

And he pointed to proposals to alter the architecture of the Internet to minimize the preferential access the US currently has.

Let’s be honest, Black is a lobbyist, and he’s pitching his industry best as he can. I get that. Yet even still, he’s not admitting that these governance and architecture issues really don’t provide neutrality — though US stewardship may be the least-worst option, it provides the US a big advantage.

What Black hinted at (but couldn’t say without freaking out foreign users even more) is that our stewardship of the Internet is not just one of the few bright spots in our economy, but also a keystone to our power internationally. And it gives us huge spying advantages (not everyone trying to erode our control of the Internet’s international governance is being cynical — Edward Snowden has made it clear we have abused our position).

Which is why Whitehouse’s response was so disingenuous. He badgered Black, interrupting him consistently. He asked him to compare our spying with that of totalitarian governments, which Black responded was an unfair comparison. And Whitehouse didn’t let Black point out that American advantages actually do mean we spy more than others, because we can.

Basically, Whitehouse suggested that, in the era of Big Data,  if we didn’t do as much spying as we could — and to hell with what it did to our preferential position on the Internet — it would amount to unilaterally disarming in the face of Chinese and Russian challenges.

If we were to pass law that prevented us from operating in Big Data, would be unilaterally disarming.

Whitehouse followed this hubris up with several questions that Sanchez might have gladly answered but Black might have had less leeway to answer, such as whether a court had ever found these programs to be unconstitutional. (The answer is yes, John Bates found upstream collection to be unconstitutional, he found the Internet dragnet as conducted for 5 years to be illegal wiretapping, and in the Yahoo litigation in 2007, Yahoo never learned what the minimization procedures were, and therefore never had the opportunity to make the case.) Black suggested, correctly, I think, that Whitehouse’s position meant we were just in an arms race to be the Biggest Brother.

I get it. Whitehouse is one of those who believelike Keith Alexander (whose firing Whitehouse has bizarrely not demanded, given his stated concerns about the failure to protect our data during Alexander’s tenure) that the Chinese are plundering the US like a colony.

Not only does this stance seem to evince no awareness of how America used data theft to build itself as a country (and how America’s hardline IP stance will kill people, making America more enemies). But it ignores the role of the Internet in jobs and competition and trade in ideas and goods.

Sheldon Whitehouse, from a state suffering economically almost as much as Michigan, seems anxious to piss away what competitive advantages non-defense America has to conduct spying that hasn’t really produced results (and has made our networks less secure as a result — precisely the problem Whitehouse claims to be so concerned about). That’s an ugly kind of American hubris that doesn’t serve this country, even if you adopt the most jingoistic nationalism imaginable.

He should know better than this. But in today’s hearing, he seemed intent on silencing the Internet industry so he didn’t learn better.

Update: Fixed the Black quotation.

Update: Jack Goldsmith pushes back against the American double standards on spying and stealing here.

ACLU, Another Civil Liberties Narcissist, Defends Its Own Freedom of Assembly, Speech

Since the Edward Snowden leaks first started, many have called him and Glenn Greenwald narcissists (as if that changed the dragnet surveillance they exposed).

If that’s right, I can think of nothing more narcissistic than ACLU, which is a Verizon customer, suing the government for collecting their call records and chilling their ability to engage in activism.

The American Civil Liberties Union and the New York Civil Liberties Union today filed a constitutional challenge to a surveillance program under which the National Security Agency vacuums up information about every phone call placed within, from, or to the United States. The lawsuit argues that the program violates the First Amendment rights of free speech and association as well as the right of privacy protected by the Fourth Amendment. The complaint also charges that the dragnet program exceeds the authority that Congress provided through the Patriot Act.

“This dragnet program is surely one of the largest surveillance efforts ever launched by a democratic government against its own citizens,” said Jameel Jaffer, ACLU deputy legal director. “It is the equivalent of requiring every American to file a daily report with the government of every location they visited, every person they talked to on the phone, the time of each call, and the length of every conversation. The program goes far beyond even the permissive limits set by the Patriot Act and represents a gross infringement of the freedom of association and the right to privacy.”

Here’s the complaint.

In addition to this suit, Jeff Merkley and others are submitting a bill to force the government to release its secret law.

That Makes Over 21 Requests by 31 Members of Congress, Mr. President

Adding the letter that Barbara Lee, as well as a list of all Members of Congress who have, at one time or another, requested the targeted killing memos.

February 2011: Ron Wyden asks the Director of National Intelligence for the legal analysis behind the targeted killing program; the letter references “similar requests to other officials.” (1) 

April 2011: Ron Wyden calls Eric Holder to ask for legal analysis on targeted killing. (2)

May 2011: DOJ responds to Wyden’s request, yet doesn’t answer key questions.

May 18-20, 2011: DOJ (including Office of Legislative Affairs) discusses “draft legal analysis regarding the application of domestic and international law to the use of lethal force in a foreign country against U.S. citizens” (this may be the DOJ response to Ron Wyden).

October 5, 2011: Chuck Grassley sends Eric Holder a letter requesting the OLC memo by October 27, 2011. (3)

November 8, 2011: Pat Leahy complains about past Administration refusal to share targeted killing OLC memo. Administration drafts white paper, but does not share with Congress yet. (4) 

February 8, 2012: Ron Wyden follows up on his earlier requests for information on the targeted killing memo with Eric Holder. (5)

March 7, 2012: Tom Graves (R-GA) asks Robert Mueller whether Eric Holder’s criteria for the targeted killing of Americans applies in the US; Mueller replies he’d have to ask DOJ. Per his office today, DOJ has not yet provided Graves with an answer. (6) 

March 8, 2012: Pat Leahy renews his request for the OLC memo at DOJ appropriations hearing.(7)

June 7, 2012: After Jerry Nadler requests the memo, Eric Holder commits to providing the House Judiciary a briefing–but not the OLC memo–within a month. (8)

June 12, 2012: Pat Leahy renews his request for the OLC memo at DOJ oversight hearing. (9)

June 22, 2012: DOJ provides Intelligence and Judiciary Committees with white paper dated November 8, 2011.

June 27, 2012: In Questions for the Record following a June 7 hearing, Jerry Nadler notes that DOJ has sought dismissal of court challenges to targeted killing by claiming “the appropriate check on executive branch conduct here is the Congress and that information is being shared with Congress to make that check a meaningful one,” but “we have yet to get any response” to “several requests” for the OLC memo authorizing targeted killing. He also renews his request for the briefing Holder had promised. (10)

July 19, 2012: Both Pat Leahy and Chuck Grassley complain about past unanswered requests for OLC memo. (Grassley prepared an amendment as well, but withdrew it in favor of Cornyn’s.) Leahy (but not Grassley) votes to table John Cornyn amendment to require Administration to release the memo.

July 24, 2012: SSCI passes Intelligence Authorization that requires DOJ to make all post-9/11 OLC memos available to the Senate Intelligence Committee, albeit with two big loopholes.

December 4, 2012: Jerry Nadler, John Conyers, and Bobby Scott ask for finalized white paper, all opinions on broader drone program (or at least a briefing), including signature strikes, an update on the drone rule book, and public release of the white paper.

December 19, 2012: Ted Poe and Tredy Gowdy send Eric Holder a letter asking specific questions about targeted killing (not limited to the killing of an American), including “Where is the legal authority for the President (or US intelligence agencies acting under his direction) to target and kill a US citizen abroad?”

January 14, 2013: Wyden writes John Brennan letter in anticipation of his confirmation hearing, renewing his request for targeted killing memos. (11)

January 25, 2013: Rand Paul asks John Brennan if he’ll release past and future OLC memos on targeting Americans. (12)

February 4, 2013: 11 Senators ask for any and all memos authorizing the killing of American citizens, hinting at filibuster of national security nominees. (13)

February 6, 2013: John McCain asks Brennan a number of questions about targeted killing, including whether he would make sure the memos are provided to Congress. (14)

February 7, 2013Pat Leahy and Chuck Grassley ask that SJC be able to get the memos that SSCI had just gotten. (15)

February 7, 2013: In John Brennan’s confirmation hearing, Dianne Feinstein and Ron Wyden reveal there are still outstanding memos pertaining to killing Americans, and renew their demand for those memos. (16)

February 8, 2013: Poe and Gowdy follow up on their December 19 letter, adding several questions, particularly regarding what “informed, high level” officials make determinations on targeted killing criteria.

February 8, 2013: Bob Goodlatte, Trent Franks, and James Sensenbrenner join their Democratic colleagues to renew the December 4, 2012 request. (17)

February 12, 2013: Rand Paul sends second letter asking not just about white paper standards, but also about how National Security Act, Posse Commitatus, and Insurrection Acts would limit targeting Americans within the US.

February 13, 2013: In statement on targeted killings oversight, DiFi describes writing 3 previous letters to the Administration asking for targeted killing memos. (18, 19, 20)

February 20, 2013: Paul sends third letter, repeating his question about whether the President can have American killed inside the US.

February 27, 2013: At hearing on targeted killing of Americans, HJC Chair Bob Goodlatte — and several other members of the Committee — renews request for OLC memos. (21)

March 11, 2013: Barbara Lee and 7 other progressives ask Obama to release “in an unclassified form, the full legal basis of executive branch claims” about targeted killing, as well as the “architecture” of the drone program generally. (22)

All Members of Congress who have asked about Targeted Killing Memos and/or policies

  1. Ron Wyden
  2. Dianne Feinstein
  3. Saxby Chambliss
  4. Chuck Grassley
  5. Pat Leahy
  6. Tom Graves
  7. Jerry Nadler
  8. John Conyers
  9. Bobby Scott
  10. Ted Poe
  11. Trey Gowdy
  12. Rand Paul
  13. Mark Udall
  14. Dick Durbin
  15. Tom Udall
  16. Jeff Merkley
  17. Mike Lee
  18. Al Franken
  19. Mark Begich
  20. Susan Collins
  21. John McCain
  22. Bob Goodlatte
  23. Trent Franks
  24. James Sensenbrenner
  25. Barbara Lee
  26. Keith Ellison
  27. Raul Grijalva
  28. Donna Edwards
  29. Mike Honda
  30. Rush Holt
  31. James McGovern

Will Senators Filibuster Chuck Hagel’s Nomination to Get the Targeted Killing Memo?

Eleven Senators just sent President Obama a letter asking nicely, for at least the 12th time, the targeted killing memo. They remind him of his promise of transparency and oversight.

In your speech at the National Archives in May 2009, you stated that “Whenever we cannot release certain information to the public for valid national security reasons, I will insist that there is oversight of my actions — by Congress or by the courts.” We applaud this principled commitment to the Constitutional system of checks and balances, and hope that you will help us obtain the documents that we need to conduct the oversight that you have called for. The executive branch’s cooperation on this matter will help avoid an unnecessary confrontation that could affect the Senate’s consideration of nominees for national security positions. 

And asks — yet again — for “any and all memos.”

Specifically, we ask that you direct the Justice Department to provide Congress, specifically the Judiciary and Intelligence Committees, with any and all legal opinions that lay out the executive branch’s official understanding of the President’s authority to deliberately kill American citizens.

But perhaps the most important part of this letter is that it refers not just to John Brennan’s nomination, but to “senior national security positions.”

As the Senate considers a number of nominees for senior national security positions, we ask that you ensure that Congress is provided with the secret legal opinions outlining your authority to authorize the killing of Americans in the course of counterterrorism operations.

There are just 11 Senators on this list:

  • Ron Wyden (D-Ore.)
  • Mike Lee (R-Utah)
  • Mark Udall (D-Colo.)
  • Chuck Grassley (R-Iowa)
  • Jeff Merkley (D-Ore.)
  • Susan Collins (R-Maine)
  • Dick Durbin (Ill.)
  • Patrick Leahy (D-Vt.)
  • Tom Udall (D-N.M.)
  • Mark Begich (D-Alaska)
  • Al Franken (D- Minn.)

And just three of these — Wyden, Mark Udall, and Collins — are on the Intelligence Committee. That’s not enough to block Brennan’s confirmation.

But it may be enough to block Hagel’s confirmation, given all the other Republicans who are opposing him.

Senate Passes Defense Authorization

The final vote was 86-13. No votes were Lee, Paul, DeMint, Risch, Crapo, and Coburn (the last three not on civil liberties grounds), and Cardin, Wyden, Sanders, Durbin, Franken, Harkin, and Merkley.

I’m sure Obama will sign this in time for us all to be indefinitely detained this weekend.

Update: Senator Franken sent out a statement explaining his no vote. It ends, “Today is the anniversary of the ratification of the Bill of Rights, and this wasn’t the way to mark its birthday.”

Why Push Elizabeth Warren to Join America’s Most Ineffective Body?

The news reports in the lead-up to this weekend’s announcement that Obama was ending the career of yet another prescient female bank regulator, this time even before it started, prepped the progressive community to champion an Elizabeth Warren run for Ted Kennedy’s MA Senate seat.

And so the usual suspects are out in force arguing that Warren would be better off running for Senate than she would be shaming Republicans for trying to kill off the CFPB.

Whoever is nominated to lead the CFPB is going to spend the next year of his life being filibustered by Republicans. The very best he can hope for is a recess appointment, in which case his tenure in the position would be relatively swift. So the question isn’t who you want leading the CFPB for the foreseeable future. It’s who you want spending his or her time being stopped from leading the CFPB for the foreseeable future. And it’s not clear that the answer to that question is “Elizabeth Warren.”

Warren, after all, has another option that she appears to be taking seriously: challenging Scott Brown in the 2012 election. For reasons I’ve outlined here and Bob Kuttner elaborates on here, there’s reason to think she would be a very effective candidate. But if she wants to do that, she can’t spend the next year being blocked from leading the Consumer Financial Protection Bureau. She has to spend at least part of it preparing for her candidacy.

Now, I don’t think there’s any doubt that Warren would prefer to lead the agency she’s built than launch a Senate campaign that may or may not succeed. But launching a Senate campaign that may or may not succeed seems like a clearly more effective way to protect her agency and further her ideas than being blocked from leading the agency she’s built.

Not only does this view not even consider whether Warren–or a relatively unknown midwestern politician–would be more effective making the public case for the bureau.

But it also seems to confuse the value of running for Senate with actually serving in the Senate.

What the people hailing a possible Warren run are arguing, effectively, is that the consolation prize for the banks having beat her on CFPB should be junior membership in a body that–as Dick Durbin has told us–the banks own.

Even putting aside the power of the banking lobby in the Senate, under what model would Senator Warren be effective championing progressive values, or even just “protect[ing] the agency she’s built”? Even assuming the Democrats kept the same number of seats they currently have on the Senate Banking Committee, even assuming Democratic leadership has already promised her the seat that Herb Kohl’s retirement will open up, that will still make her one of just three progressives (the other two being Jeff Merkley and Sherrod Brown) on a committee that has long been actively working against her CFPB candidacy. Even assuming Democrats keep the Senate, how amenable is Chairman Tim Johnson–a bank-owned hack–going to be to Warren’s ideas? If Richard Shelby were Chair, it’d be even worse.

And what about Warren’s effectiveness in the Senate as a whole–that body, under Democratic leadership, where good ideas go to die? Name a progressive Senator who has been able to do much to champion progressive ideas there? Sanders? Franken? Whitehouse? Sherrod Brown? I love all those guys, and like Sanders and especially Franken, Warren would presumably be able to leverage her public support to push some ideas through. But are any of them more effective at championing progressive values than Warren was before her White House gig, when she regularly appeared on the media and excoriated the banks in terms that made sense to real people? Just as an example, Byron Dorgan used to be effective before his progressive, deficit-cutting ideas were killed by the leader of his party. Similarly, Ted Kaufman turned out to be a surprisingly effective check on the banks, but that was partly because he came in knowing he’d never run for election (and he also knew, coming in, the tricks a lifetime of service as a Senate aide teaches).

Don’t get me wrong. I understand why the Democratic Party would like to have Warren in the Senate. I even understand how Warren might consider a Senate seat to be similar to her earlier public position, with the added benefit of having one vote to push progressive issues. I don’t dismiss the likelihood that Elizabeth Warren might be able to prevent a sixth corporatist judge from getting a lifetime seat on the Supreme Court.

I don’t think a Senator Elizabeth Warren would be a bad thing–I just think folks are far overselling what good it would bring.

It really seems the push for a Warren Senate candidacy ignores what a Booby Prize membership in the Senate has become of late.

Robert Mueller: Civil Liberties Don’t Need a “Fresh” Review

This exchange last Thursday between Senator Al Franken and FBI Director Robert Mueller was frustrating enough–Senator Franken’s questions were the only ones on civil liberties Mueller faced, and the Director seemed pretty miffed to be questioned on the subject in the first place.

But I’m even more troubled by the exchange now that we’ve learned about the FBI’s new investigative guidelines that allow, among other things, database searches without any record and new powers to coerce informants.

After all, Mueller’s response to Franken’s concern about NSLs boasted that they had implemented a compliance system for NSLs and “other areas” where FBI might “fall into the same habits.” (What do you suppose those other areas are? Is he addressing FISC concerns?)

But perhaps as important if not more important, we set up a compliance program to address not just [National] Security Letters, but other areas such as National Security Letters where we could fall into the same, the same pattern, or habits. And so the National Security Letters I believe we addressed appropriately at the time, and it was used as a catalyst to set up a compliance program that addresses a concern in other areas comparable to what we had found with regard to National Security Letters.

Getting rid of the records on database searches would seem to eliminate any compliance system. And Mueller knew he was planning to do so (as did, I presume, Franken) when he gave this answer.

And in response to Franken’s question about infiltration of mosques and peace groups, Mueller assured Franken that FBI complied with its own guidelines.

I’m not certain it needs a fresh, a fresh, uh, look because I’m very concerned whenever those allegations arise. I will tell you that I believe that in terms of surveillances of religious institutions we have done it appropriately and with appropriate predication under the guidelines in the applicable statutes, even though there are allegations out there to the contrary. I also believe that when we have undertaken investigations of individuals expressing their First Amendment rights, we have done so according to our internal guidelines and the applicable statutes. And so, whenever these allegations come forward, I take them exceptionally seriously, make sure our inspection division or others look into it to determine whether or not we need to change anything. And I will tell you that addressing terrorism, and the responsibility to protect against attacks, brings us to the point where we are balancing day in and day out civil liberties and the necessity for disrupting a plot that could kill Americans and it’s something that we keep in mind day in and day out.

But of course, FBI is about to change those guidelines, making it easier for the Agents to attend political meetings undercover and track innocent people. And it doesn’t much matter if FBI complies with its own guidelines if those guidelines support abusive investigations. Mueller is basically insisting that he doesn’t need to reconsider FBI’s actions because FBI complies with its own guidelines and therefore the underlying guidelines themselves don’t need any more scrutiny.

And that canard about balancing civil liberties with the necessity of disrupting a plot (there’s zero evidence of course, that the FBI’s surveillance of peace groups has any tie to a plot, save against political speech)? Not only is this not a zero sum game, but the FBI doesn’t take similar civil liberties-infringing actions to disrupt right wing plots.

When he was gently, respectfully challenged to defend his civil liberties record, Mueller instead resorted to that same old terror fear-mongering. Given the new permissive guidelines, such an attitude is even more troubling.

Tom Coburn Suggests Problems with Use of PATRIOT Act Section 215 Will Be Big Court Battle

I’m watching the SJC’s 51 minutes of almost entirely pathetic questioning of Robert Mueller to remain Director of FBI for two more years (the only real challenge came from Al Franken on civil liberties issues). And while by far the most telling aspect of the questioning came in Mueller’s repeated assertion that aspirational internet terrorists are the biggest threat we face, Tom Coburn asked a truly fascinating question.

He asked Mueller if he believed his two year extension was constitutional. He then used that as a platform to ask (my transcription),

Could you envision colorable challenge to use of 215 authority during your 2 year extension of power?

While I have no problem with you staying on for two more years, I do have concerns we could get mired in court battles [over 215] that would make you ineffective in your job.

In other words, he suggested that the Section 215 issues that Ron Wyden and Mark Udall have raised may quickly turn into a significant, and drawn-out, constitutional litigation.

Remember, Coburn was on the Senate Intelligence Committee last term. While he’s no longer on the Committee (and therefore was not in the briefing on February 2, 2011 that got Wyden and Udall in such a tizzy), he would have been briefed on the FBI’s use of Section 215 to develop databases of Americans who buy hydrogen peroxide and , presumably, geolocation.

FWIW, Mueller didn’t really answer the question (at least not that I noticed), though in response to Al Franken he claimed the FBI has not abused any of the PATRIOT authorities.

Well, it sounds like Coburn, at least, believes a Court (and presumably, ultimately SCOTUS) may soon have an opportunity to determine whether or not he’s right.

Update: I recall now that among the things that Wyden has asked for at times–in addition to the OLC opinions backing this use of Section 215–are FISC opinions, presumably on Section 215 applications. That suggests this may already be wending its way towards SCOTUS, only via the secret FISA courts.

Update: I may have totally misunderstood. Alternately, there may be this much sensitivity on 215 that Coburn is worried. John Gerstein includes this in an article on Coburn’s concerns about the constitutionality of a Mueller extension generally.

“I have concerns that we’re going to get mired in court battles over this that actually make you ineffective in carrying out your job,” Coburn told Mueller earlier in the committee hearing. The Oklahoma republican noted that Mueller or one of his deputies is required to sign certain types of surveillance and search orders and that such approvals could be challenged if Mueller’s appointment was in question.

But why would Coburn be primarily worried about Mueller’s 215 applications–and not FISA applications more generally?

Update: Ok, I’ve watched the piece again. Coburn was asking about potential constitutionality of Mueller’s extension raising legal issues for Section 215 orders, which have to certified by Mueller or one of two of his subordinates. That may have been just a hypothetical. But it still strikes me as an odd hypothetical.

 

Two Themes from Obama’s Cybersecurity Proposal: Private Auditors and Immunity

Two and a half years after privatized auditors largely signed off on practices that contributed to the collapse of Wall Street, and a year after coziness between government inspectors and the oil industry they regulate allowed a massive oil spill in the gulf, the Obama Administration proposes relying on private auditors to ensure that private companies guard our nation’s cybersecurity.

That’s one of two troubling aspects of the fact sheet the Administration just released, summarizing proposed legislation on cybersecurity it just sent to Congress.

At issue is who investigates the adequacy of a private companies’ cybersecurity plan to both certify it is adequate and ensure compliance with it. The answer? Auditors paid by the private companies.

The Administration proposal requires DHS to work with industry to identify the core critical-infrastructure operators and to prioritize the most important cyber threats and vulnerabilities for those operators. Critical infrastructure operators would develop their own frameworks for addressing cyber threats. Then, each critical-infrastructure operator would have a third-party, commercial auditor assess its cybersecurity risk mitigation plans. Operators who are already required to report to the Security and Exchange Commission would also have to certify that their plans are sufficient. A summary of the plan would be accessible, in order to facilitate transparency and to ensure that the plan is adequate. In the event that the process fails to produce strong frameworks, DHS, working with the National Institute of Standards and Technology, could modify a framework. DHS can also work with firms to help them shore up plans that are deemed insufficient by commercial auditors.

While the promise to make these plans transparent is all well and good, the problem remains that private companies and the auditors they pay get to decide what is sufficient, not someone without a financial stake in the outcome. If government inspectors are important enough for safety issues, shouldn’t they be required for the cyberinfrastructure that is so critical to our safety?

In addition, a big part of this plan may give up one of the sticks the government has to ensure compliance.

One of the reasons why private companies don’t like to reveal when they’ve been hacked is liability issues: not only might their customers respond badly, but in some fields (like finance companies) the companies may face other liability issues.

But the fact sheet offers companies immunity, at the least, for any private data it shares with the government when it reveals it has been hacked.

Voluntary Information Sharing with Industry, States, and Local Government. Businesses, states, and local governments sometimes identify new types of computer viruses or other cyber threats or incidents, but they are uncertain about whether they can share this information with the Federal Government. The Administration proposal makes clear that these entities can share information about cyber threats or incidents with DHS. To fully address these entities’ concerns, it provides them with immunity when sharing cybersecurity information with DHS. At the same time, the proposal mandates robust privacy oversight to ensure that the voluntarily shared information does not impinge on individual privacy and civil liberties.

The fact sheet doesn’t describe the extent of the immunity, and the plan does, at least, make immunity contingent upon privacy protections.

  • When a private-sector business, state, or local government wants to share information with DHS, it must first make reasonable efforts to remove identifying information unrelated to cybersecurity threats.

[snip]

  • Immunity for the private-sector business, state, or local government is conditioned on its compliance with the requirements of the proposal.

But I wonder about the breadth of this immunity. Does it also offer companies immunity for negligence in the handling of consumer data?

One thing that Al Franken, among others, is pushing, is making it easier for consumers to expect a certain level of protection for their data. Thus, if Sony has two-year-old consumer data sitting around in an unsecure server, it would bear some liability if a hacker came and access that data. Such measures would effectively expose companies to lawsuit if they totally blew off their customers’ data security.

Now at least this proposal mandates that companies tell consumers when their data has been accessed (though I always worry when federal legislation claims to simplify state legislation–it’s often code for “water down”).

National Data Breach Reporting. State laws have helped consumers protect themselves against identity theft while also incentivizing businesses to have better cybersecurity, thus helping to stem the tide of identity theft. These laws require businesses that have suffered an intrusion to notify consumers if the intruder had access to the consumers’ personal information. The Administration proposal helps businesses by simplifying and standardizing the existing patchwork of 47 state laws that contain these requirements.

But it’s not clear whether companies would bear any liability for such breaches if and when they alert consumers. Moreover, this says nothing about other public disclosure on breaches, which consumers may have as big an interest in (for example, investors ought to be able to know if banks and other major investors routinely get hacked, and stock holders ought to be able to know if critical proprietary information has been stolen).

Call me crazy, but my hackles start to rise when the government starts granting immunity willy nilly, with almost nothing demanded in exchange.

Update: Kashmir Hill offers one example why a national “simplified” law might be a problem–because it’ll eliminate elements like mandatory identity theft protection and penalties from the most stringent law, in MA.

As for telling customers about their data being breached, the White House says it will “help businesses” by simplifying and standardizing the “existing patchwork of 47 state laws” that have various requirements about how soon to notify customers. In the fact sheet, at least, there’s no mention of penalties for businesses, nor mandatory provision of identity theft monitoring after a breach — two aspects of the harshest data breach law currently in the country, in Massachusetts.

Emptywheel Twitterverse
JimWhiteGNV After Acid Attacks on Women, Rouhani Speaks Out Against “Discord” “Under the Flag of Islam” https://t.co/reIE2i1yfZ
19mreplyretweetfavorite
emptywheel @radleybalko More poor people as profit centers thinking.
26mreplyretweetfavorite
emptywheel So again, to prosecute individuals, all our phones should be insecure. But banks? Can't fuck with the casino.
34mreplyretweetfavorite
emptywheel Holder tells @evanperez he asked Congress to make it easier to prosecute banks. http://t.co/5RGNZDsMzU But nothing as major as CryptoWar.
35mreplyretweetfavorite
emptywheel RT @johnknefel: NEW: WH tells me end of Afghan war doesn’t necessarily trigger stricter drone guidelines in Af/Pak. My latest http://t.co/U
46mreplyretweetfavorite
emptywheel Did the CIA destroy evidence of their hacking of SSCI server? http://t.co/IMQA5rgcp0 (If CIA, then good bet on destruction of evidence)
58mreplyretweetfavorite
emptywheel RT @AliWatkins: EXCLUSIVE: Final inquiry in #SSCI/#CIA fight ends, and "missing" computer logs leave questions. Latest w @ryangrim : http:/…
59mreplyretweetfavorite
emptywheel RT @ahmed: Saudi Interior Ministry issues warning against any calls or protests to lift the ban on women driving http://t.co/9srU1e4Lsm
1hreplyretweetfavorite
emptywheel @ExumAM Tho I think Coburn is wrong: we're seeing a lot of fiddling w/IG Reports, across agencies. @washingtonpost
1hreplyretweetfavorite
emptywheel RT @ExumAM: This is great but disheartening work by @washingtonpost. USAID needs more good, effective scrutiny, not less. http://t.co/fRYLV
1hreplyretweetfavorite
bmaz RT @LisaBloom: Notice that not a single leak has been unfavorable to Darren Wilson, though 6 witnesses say Mike Brown was shot with his han…
2hreplyretweetfavorite
emptywheel I wish people would stop abusing pumpkin. But at least butternut squash has been allowed to retain its dignity.
2hreplyretweetfavorite
October 2014
S M T W T F S
« Sep    
 1234
567891011
12131415161718
19202122232425
262728293031