Charles McCullough

Surprise! DOJ IG’s 1,403 Day Old Section 215 Investigation Had a Baby!

As longtime readers know, I have long tracked a DOJ Inspector General investigation into FBI’s use of Section 215 and other PATRIOT Act authorities.

  • June 2010: Then DOJ IG Glenn Fine lays out investigation
  • June 2013: Transition to Michael Horowitz stalls PATRIOT investigation
  • August 2013: The investigation has been ongoing
  • September 2013: Pat Leahy calls for an IC IG investigation into 215 and 702; IC IG Charles McCullough declines
  • December 2013: Horowitz states current investigation limited by AG/DNI declassification of earlier reports

A good healthy obsession!

Since it’s been a while — the investigation is now 1,403 days old — yesterday I decided to nag the IG office.

They were mum on when we might finally see the report. Instead of offering details, they directed me to their new (apparently brand spanking new) “in the interest of transparency” page on their ongoing work.

It shows the long-promised report, still focusing on Section 215 use through 2009, as well as NSLs and pen register.

Use of National Security Letters, Section 215 Orders, and Pen Register and Trap-and-Trace Authorities under FISA from 2007 through 2009

The OIG is again examining the FBI’s use of NSLs and Section 215 orders for business records. This review is assessing the FBI’s progress in responding to the OIG’s recommendations in its first and second reports on the FBI’s use of NSLs and its report on the FBI’s improper use of exigent letters and other informal means to obtain telephone records. A focus of this review is the NSL subsystem, an automated workflow system for NSLs that all FBI field offices and headquarters divisions have been required to use since January 1, 2008, and the effectiveness of the subsystem in reducing or eliminating noncompliance with applicable authorities. The current review is also examining the number of NSLs issued and Section 215 applications filed by the FBI between 2007 and 2009, and any improper or illegal uses of these authorities. In addition, the review is examining the FBI’s use of its pen register and trap-and-trace authority under FISA.

But it also shows a report not mentioned in Michael Horowitz’ last report.

A report on the dragnet.

Bulk Telephony Review

The OIG is reviewing the FBI’s use of information derived from the National Security Agency’s (NSA) collection of telephony metadata obtained from certain telecommunications service providers under Section 215 of the Patriot Act. The review will examine the FBI’s procedures for receiving, processing, and disseminating leads the NSA develops from the metadata, and any changes that have been made to these procedures over time. The review will also examine how FBI field offices respond to leads, and the scope and type of information field offices collect as a result of any investigative activity that is initiated. In addition, the review will examine the role the leads have had in FBI counterterrorism efforts.

In truth, this investigation may not be all that distinct from the known PATRIOT authorities investigation. The minimization procedures for both – and therefore the way the information gets used, an issue central to both investigations — appear to be the same. And to the extent that the number of 215 orders with minimization procedures has been growing since 2010 indicates the FBI is collecting other information in bulk, the programs may well interrelate.

At first, I thought that this investigation, with the very significant exception of the way the dragnet serves to identify informants, might not reveal anything that problematic. Upon review, I’m not so sure. I’ll explain why in a follow-up report.

The one big difference between the two investigations, however (and I’ll discuss this at more length in the follow-up), is that dragnet investigation, unlike the PATRIOT Authority one, appears not to be time delimited. Whereas the older investigation only looks at practices through 2009, the dragnet investigation appears to be examining on-going practices. It seems to be investigating all the 215-related issues identified by Pat Leahy that the IC IG should investigate that come under DOJ’s jurisdiction.

So bad news good news! DOJ is still, 1,403 days later, investigating how the FBI used PATRIOT Act authorities 5 years ago, meaning more recent developments are not getting much attention.

But there is a potentially related investigation looking at what the FBI ingests from the phone dragnet (at least the small part relating to Section 215) right now.

The Day After Government Catalogs Data NSA Collected on Tsarnaevs, DOJ Refuses to Give Dzhokhar Notice

On Thursday, the Inspectors General of the Intelligence Community, DOJ, CIA, and DHS (but not NSA) released their report on the Marathon Bombing. While the public release was just a very condensed summary, included the redaction of both classified and “sensitive” information, and made no attempt to reconstruct data government agencies had or could have had on Dzhokhar Tsarnaev, the report did show that the NSA had data on Tamerlan Tsarnaev and that the FBI found information on his computers that NSA might have gotten via other means.

On Friday, prosecutors in the case against Dzhokhar refused to tell him what they collected under FISA.

Before I get into the government’s refusal on FISA notice — some of which has repercussions for other cases — let’s go over what electronic communications the government did have or could have had.

First, the IG Report (which did not specifically involve NSA’s IG and did not include Dzhokhar in its scope) nevertheless points to information NSA collected in 2012 that was not turned over to FBI until after the attack.

Screen Shot 2014-04-12 at 12.37.13 PM

The report also points to communications dating to January 2011, which is entirely redacted. This probably refers to communications the Russians intercepted, not the NSA (indeed, the report discusses NSA data, above, later in the same section, which indicates the earlier redaction doesn’t pertain to NSA). Though there’s no indication whether the NSA received notice of these communications, including the non-US person interlocutor located overseas involved in them, who would have been a legal NSA target.

Continue reading

Working Thread on the Combined Marathon IG Report

I started reading the Combined IG Report on the Marathon attack (including the DOJ, CIA, DHS, and Intelligence Community IGs, but not NSA). And the whole thing looked so bogus from the start, I figured a working thread was in order.

One thing to remember here: we’ve only got a 32-page summary that includes 5 pages of agency (but not CIA) response and a title page. We’re getting a mere fraction of the 168-page report.

To make things worse, some things are redacted that aren’t even classified, they’re just sensitive.

Redactions in this document are the result of classification and sensitivity designations we received from agencies and departments that provided information to the OIGs for this review. As to several of these classification and sensitivity designations, the OIGs disagreed with the bases asserted. We are requesting that the relevant entities reconsider those designations so that we can unredact those portions and make this information available to the public.

(PDF 2) Several things in this passage:

Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter.

First, they don’t say what law enforcement officials IDed the brothers. That sentence precedes one which claims there were “unidentified suspects,” which suggests they had suspicions before they were “IDed.” The word “encountered” is awfully suspicious, given that explanations of how the shootout in Watertown happened have been contradictory. And note they don’t say whether Tamerlan died immediately or not–again, an issue about which there’s some contention.

(PDF 2) Note they tell us Anzor’s ethnicity, but not his wife’s (who is more central to this narrative)?

(PDF 2) The report dodges legitimate questions about why the family got refugee status by referring only to “an immigration benefit.” Given reports the uncle had ties to the CIA, that benefit may be more than a simple asylum request.

(PDF 3) Note that, after having previously said the brothers were ID’ed by LE, they now specify FBI [Actually, I think that's wrong: this is still ambiguous about who IDed them]. But the timing is crazy: it says FBI reviewed its records by April 19, but never says when they were IDed, and doesn’t say whether they were reviewed during a period of suspicion.

By April 19, 2013, after the Tsarnaev brothers were identified as suspects in the bombings, the FBI reviewed its records and determined that in early 2011 it had received lead information from the FSB about Tamerlan Tsarnaev, had conducted an assessment of him, and had closed the assessment after finding no link or “nexus” to terrorism.

(PDF 4) This seems very broad. I wonder what they’re including? Online communications?

As a result, the scope of this review included not only information that was in the possession of the U.S. government prior to the bombings, but also information that existed during that time and that the federal government reasonably could have been expected to have known before the bombings.

(PDF 4) This passage and footnote are huge dodges, making the entire report meaningless.

We carefully tailored our requests for information and interviews to focus on information available before the bombings and, where appropriate, coordinated with the U.S. Attorney’s Office conducting the prosecution of alleged bomber Dzhokhar Tsarnaev.1

1 The initial lead information from the FSB in March 2011 focused on Tamerlan Tsarnaev, and to a lesser extent his mother Zubeidat Tsarnaeva. Accordingly, the FBI and other agencies did not investigate Dzhokhar Tsarnaev’s possible nexus to terrorism before the bombings, and the OIGs did not review what if any investigative steps could have been taken with respect to Dzhokhar Tsarnaev.

I’ll come back to this. But the indictment lists a number of things that the FBI, in their stings, have found and used to identify easy marks. They did not do so here, with Dzhokhar. Which raises real questions about why they chose not to pursue him when they’ve pursued so many other young men like Dzhokhar?

(PDF 4) Here’s who was included in this review:

We also requested other federal agencies to identify relevant information they may have had prior to the bombings. These agencies included the Department of Defense (including the National Security Agency (NSA)), Department of State, Department of the Treasury, Department of Energy, and the Drug Enforcement Administration.

There has been little discussion of DEA’s likely awareness of the brothers, but it is likely, given that they were dealing drugs with potential ties to organized crime. And NSA, but I harp on that too much. I’m curious what role DOE might have.

(PDF 4) Again, they specify they’re only looking at pre-attack data. Which dodges what they could have collected but didn’t.

Additionally, each OIG conducted or directed its component agencies to conduct database searches to identify relevant pre-bombing information.

(PDF 4-5) As with HHSC’s report, the FBI stalled here.

As described in more detail in the classified report, the DOJ OIG’s access to certain information was significantly delayed at the outset of the review by disagreements with FBI officials over whether certain requests fell outside the scope of the review or could cause harm to the criminal investigation. Only after many months of discussions were these issues resolved, and time that otherwise could have been devoted to completing this review was instead spent on resolving these matters.

(PDF 5) The 12333 passage makes it clear NSA had a big role here. But, again, its IG did not conduct an investigation.

(PDF 6-7) The CIA section is very thin. I assume some stuff is missing.

(PDF 8) Note the importance of NSA’s sharing with FBI here?

Of particular relevance to this review are the relationships between the FBI, CIA, and DHS, as well as the relationship between the FBI and the NSA, and the NCTC’s relationships throughout the Intelligence Community.

(PDF 8) This makes clear that the transcription and birthdate errors were in both FSB warnings; it’s just that CIA didn’t fix the second one.

Importantly, the memorandum included two incorrect dates of birth (October 21, 1987 or 1988) for Tamerlan Tsarnaev, and the English translation used by the FBI transliterated their last names as Tsarnayev and Tsarnayeva, respectively.

(PDF 10) This passage seems to admit that FBI could have, but did not, search FISA related databases. It also suggests there was a “certain telephone database,” which might include the Hemisphere database, which performs the same function as the NSA claims (falsely) the phone dragnet does. Note, too, that they’ve only checked for the Tsarnaevs in FBI databases. I’ll come back to these databases in a later post.

Additionally, the DOJ OIG determined that the CT Agent did not use every relevant search term known or available at the time to query the FBI systems, including certain telephone databases and databases that include information collected under authority of the Foreign Intelligence Surveillance Act (FISA). However, searches of FBI databases conducted at the direction of the DOJ OIG during this review produced little information beyond that identified by the CT Agent during the assessment, with the exception of additional travel-related data for Zubeidat Tsarnaeva.

(PDF 11) Note that the second FBI letter to FSB, dated October 7, 2011, postdated the FSB notice to CIA. But it also comes at a time when Boston area law enforcement were conducting an investigation into the murder of Tamerlan’s best friend. The Waltham murders are not mentioned at all in the unclassified report.

(PDF 12) The IG Report does not tell us the date in September when FSB provided notice to CIA. Given that Tamerlan may have just been or was about to be involved in a grisly murder, I find that omission very notable.

(PDF 12) Note you can be watchlisted without derogatory information. This seems to be because of the exception mentioned in FN 10. But fat lot of good it did in this case. Per the footnote, that exception subsequently got disqualified, though I bet it has been qualified again.

(PDF 12) The IG Report doesn’t even acknowledge there was some other kind of difference between the first and the later watchlist entries as indicated on pp 33-4 of the HHSAC Committee report, which suggests that discussion may be redacted entirely.

(PDF 16) Note that, as happens with all Legal Permanent Residents, Tamerlan was photographed (and fingerprinted) during immigration. I’m surprised there isn’t more discussion of this (though it may be classified). But one big point of this relatively new border protocol is to have recent pictures on hand in case, say, you need to do facial recognition on pictures from a terrorist attack. Were they used?

(PDF 19) Note the big redaction describing intercepted communications. This may simply describe what the Russians had collected, which led to their tip. But I do wonder whether NSA collected its own version, not least because details of the Russian intercept has been widely reported.

(PDF 20) Note that the discussion of Tamerlan’s (remember, Dzhokhar is not included here) computer materials is described solely in terms of what FBI could do. That’s different from what both DHS does (they track public online speech) and NSA. It’s unclear whether they could have found some of this using methods available to them, but the report’s silence on that point is notable.

The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.”

[snip]

The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.

The passage goes on to report the 7 copies of Inspire on one of the computers used by Tamerlan (again, there’s no mention of Dzhokhar here).

Something they’re not saying, but we know to be true.  Had they picked up Inspire either through a 702 upstream search or XKeyscore, they would have had identifiers that could have pegged Tsarnaev’s identity and tied it to all his other identities, regardless of the fact Tamerlan used an alias until February 2013.

And note the big redaction: NSA had information that dated to 2012, which may well have been the intercepts with Plotnikov.

Finally, note that FBI never turned over most of the information about Tamerlan’s Google accounts. The excuse (as noted above) was the ongoing investigation. But I wonder whether that’s ongoing investigation into the Waltham murder or the Marathon attack.

(PDF 25) Note the discussion of enhancement in the 2nd-to-last bullet. I believe this suggests that transliteration questions are only addressed with this enhancement.

(PDF 25) Note that they at least used to delete US person travel info after 6 months unless it represents terrorism information. This would arise from NCTC’s minimization procedures.

(PDF 32) As noted above, we don’t get John Brennan’s response to this, though he presumably sent one. I suspect that means there are classified recommendations for the Agency and that his response reflects that. While it’s not clear what the foreign target would be in this context (perhaps an investigation of the person to whom Zubeidat was speaking about Tamerlan wanting to join jihad?) but there seems to have been some.

Charles McCullough Too Busy Investigating Leakers to Investigate the Dragnet

As I noted back in September, Patrick Leahy and a bunch of other Senators asked the Intelligence Community Inspector General Charles McCullough to investigate the dragnet.

In particular, we urge you to review for calendar years 2010 through 2013:

  • the use and implementation of Section 215 and Section 702 authorities, including the manner in which information – and in particular, information about U.S. persons – is collected, retained, analyzed and disseminated;
  • applicable minimization procedures and other relevant procedures and guidelines, including whether they are consistent across agencies and the extent to which they protect the privacy rights of U.S. persons;
  • any improper or illegal use of the authorities or information collected pursuant to them; and
  • an examination of the effectiveness of the authorities as investigative and intelligence tools.

McCullough just answered.

No.

“At present, we are not resourced to conduct the requested review within the requested timeframe,” wrote McCullough, before adding he and other agency inspectors general are weighing now whether they can combine forces on a larger probe.

Leahy had asked McCullough to finish in what was then 15 months, December 2014, which would make it available for the PATRIOT Reauthorization due the next year.

Note, McCullough gave the same answer he and NSA’s IG gave when Ron Wyden asked how many Americans get caught up in the dragnet.

Not enough resources.

Mind you, he apparently has enough resources to do this:

Finally, we began to implement a program to lead IC-wide administrative investigations into unauthorized disclosures of classified information (i.e., “leak”) matters.

[snip]

The Investigations Division reviewed hundreds of closed cases from across the IC. Going forward, the division will engage in gap mitigation for those cases where an agency does not have the authority to investigate (multiple agencies or programs) or where DOJ declined criminal prosecution. The division will conduct administrative investigations with IG Investigators from affected IC elements to maximize efficiencies, expedite investigations, and enhance partnerships.

[snip]

The Investigations Division is reviewing 375 unauthorized disclosure case files.

But not enough resources to review a massive dragnet affecting every American in time to have results before the dragnet gets reauthorized.

Update: And apparently the Senate Intelligence Committee just told ODNI to investigate more leaks and pre-leaks.

  • Empowering the Director of National Intelligence to improve the government’s process to investigate (and reinvestigate) individuals with security clearances to access classified information;

The Dog Ate Charles McCullough’s Homework

Let’s take the narrative the Federal Government wants to tell us about the Boston Marathon attack.

Both FBI and CIA got tips from Russia in early- and mid-2011 implicating Tamerlan Tsarnaev in extremism which FBI, which appropriately has jurisdiction, investigated and entered into the relevant databases accessible to Joint Terrorism Task Force partners.

Later that year, the government alleges (based on the word of a guy they killed immediately thereafter), Tamerlan and Ibragim Todashev — and possibly Tamerlan’s brother Dzhokhar — knifed three friends and associates to death on 9/11 while they waited for pizza from a place the brothers may have once worked; while several of the people on both sides of that killing were involved in selling drugs, the presumed motive for that killing (especially given the date) pertains to Islamic extremism, not a drug and money dispute, in spite of or perhaps because of the pot and money left at the scene. After the killing, Tamerlan disappeared from the scene in Cambridge and was never interviewed by the cops. Senate Intelligence Committee members allege Russia passed on another warning about Tamerlan after October 2011, though the FBI insists it kept asking for more information to no avail.

The next year, Tamerlan left for Russia and Chechnya and Dagestan, but the Homeland Security dragnet missed him because Aeroflot misspelled his name (an issue that contributed to their missing the UndieBomb, too; Russia’s original tip to the FBI had gotten his birthdate wrong). While in Russia, Tamerlan met a bunch of Chechen extremists, several of whom were killed shortly after he met them. Then, Tamerlan returned to Boston, and he and his brother made some bombs out of pressure cookers and fireworks in his Cambridge flat (testimony of their cab driver notwithstanding), and then set them off near the finish line of the Boston Marathon, killing 3 and maiming hundreds.

In spite of the thousands of videos of the event, FBI’s prior investigation, and immigration records on the brothers including pictures, the government’s facial recognition software proved unable to find them (in spite of claims “FBI” officials were asking around Cambridge already), so the government released their pictures and set off a manhunt that resulted in Tamerlan’s death and the arrest of Dzhokhar.

That’s the story, right?

Two weeks after the attack, James Clapper tasked the Intelligence Community Inspector General, Charles McCullough, with investigating the attack to see if it could have been prevented (note, after the 2009 UndieBomb attack, the Senate Intelligence Committee conducted such an investigation but I’ve heard no peep of them doing so here). Also involved in that investigation are DOJ, DHS, and CIA’s IG, but not NSA’s IG, in spite of the fact that the Russians, at least, reportedly intercepted international texts implicating Tamerlan in planning jihad (though there’s no reason to believe the non-US side of those texts — a family member of the brothers’ mother — would have been a known CT target). (Note that, even as McCullough has been conducting this investigation, which ultimately involves information that has been leaked to the press, James Clapper has him conducting investigations into unauthorized leaks — does anyone else see the huge conflict here???)

Back on September 19 (perhaps not coincidentally the day after Ibragim Todashev’s friend Ashurmamad Miraliev was arrested in FL and questioned for 6 hours without a lawyer), McCullough wrote Congress to tell them that because “information relevant to the review is still being provided to the review team,” the review would be indefinitely delayed.

According to the BoGlo, McCullough is offering a new excuse for further delay: the shutdown.

Officials said the shutdown has hampered various agencies’ ability to conduct interviews, undertake research, or pay support personnel who are responsible for reviewing the operations of the government’s terrorism databases before the Marathon attack and determining whether information on the bombing suspects was properly handled.

[snip]

Last month congressional oversight communities were informed that while officials were “working diligently” to complete the review, the process of interviewing counter-terrorism officials and reviewing computer files had turned out to be more challenging than expected. McCullough, the intelligence community’s inspector general, said at the time that “information relevant to the review is still being provided to the review teams.”

A senior Senate staffer, who was not authorized to speak publicly, said briefings recently scheduled for intelligence officials to brief key congressional committees on the progress of the review were canceled.

So here we are over 6 months after the attack, and an inquiry purportedly reviewing whether our CT information sharing (led by the National Counterterrorism Center, which reports to Clapper, to whom McCullough also reports as a non-independent IG) did what it was supposed to, is still having trouble reviewing the actual databases (!?!?), ostensibly because they had to furlough the support people doing that rather than allow them to figure out how to fix problems to prevent the next terrorist attack. (Remember, James Clapper testified he had furloughed 70% of civilian IC staff, to the shock of Chuck Grassley and others.)

Perhaps that’s the problem. Perhaps it is the case that in 6 months time, IC support personnel had not yet been able to access and assess the database counterterrorism professionals are expected to monitor and respond to almost instantaneously. If that is the case, it, by itself, ought to be huge news.

Or perhaps there’s something about the Waltham investigation that has made it newly embarrassing that warnings before and — if blathery Senators are to be believed — after the murders didn’t focus more attention on Tamerlan Tsarnaev.

The Kiddie Porn and the UndieBomb

Screen shot 2013-09-26 at 1.22.11 PMI was at a funeral Monday and Tuesday. So when I heard the FBI had busted the guy who leaked the UndieBomb 2.0 story, I assumed they had finally arrested John Brennan.

But, as bmaz emphasized in his post on Donald Sachtleben’s plea agreement, there’s no hint of prosecuting Brennan, who leaked Top Secret details about the British/Saudi double agent into AQAP, even while they’re imprisoning Donald Sachtleben, who is only accused of leaking details he knew to be Secret.

A law enforcement official indicated that the case has not been officially closed but the charges against Sachtleben are the only ones expected.

(Sure, the evidence that Sachtleben was involved with kiddie porn seems solid, but then Brennan drone-killed children, so he’s not above reproach for his treatment of children either.)

But that is by no means the weirdest thing about the government’s treatment of the UndieBomb 2.0 leak investigation.

The entire premise of the FBI narrative is that they exercised greater care with a kiddie porn accusee they had dead to rights than they did the 100 or so AP reporters who got sucked up in their overbroad dragnet. They would have you believe that, even after seizing a CD holding a November 2, 2006 SECRET CIA intelligence report at Sachtleben’s house in May 2012 pursuant to a kiddie porn warrant (which they have not produced in the docket), they just sat on his devices for almost a year until they obtained the phone records for 20 AP phone lines, in a seizure far more intrusive into journalism than any recent known subpoena.

Sachtleben was identified as a suspect in the case of this unauthorized disclosure only after toll records for phone numbers related to the reporter were obtained through a subpoena and compared to other evidence collected during the leak investigation. This allowed investigators to obtain a search warrant authorizing a more exhaustive search of Sachtleben’s cell phone, computer, and other electronic media, which were in the possession of federal investigators due to the child pornography investigation.

(I may be mistaken, but I don’t think the FBI made this claim in any court document, so I assume it is bullshit, especially since they had had to do extensive forensic searches of Sachtleben’s computer and he had already signed a plea deal forfeiting it.)

They would also have you believe the AP had no inkling of the UndieBomb plot until ABC reported inflammatory claims about cavity bombs on April 30, 2012, even in spite of ABC’s reference to TSA head John Pistole’s earlier fear-mongering about it and in spite of additional reporting about broad Air Marshall mobilization. DOJ goes to great lengths to make you believe AP first texted Sachtleben on April 30 and not, say, on April 28 (which would mean the kiddie porn investigation accelerated after such contact), though there’s no reason to believe that’s true and the AP call records DOJ obtained apparently go back to well before April 30. They also suggest AP was asking Sachtleben about an Asiri bomb, though the first text they include is an assertion — not a question — that Asiri has been busy.

They would have you believe that two Pulitzer Prize winners would defy White House and CIA wishes with a story sourced to a single source who, just a day earlier, had provided a mistaken guess about the excitement. Continue reading

1,186 Days into IG Report Covering Dragnet, Leahy Calls for Another

As I’ve been tracking, DOJ’s Inspector General Office — now led by Michael Horowitz — has been working on a report on the use of Section 215 and Pen Register/Trap and Trace authorities up through 2009 for 1,186 days, well over 3 years. We have yet to see that outsider review of all the problems the NSA admitted in 2009, 4 years ago, and so NSA’s incredible claim it was too stupid to know what it was doing has been accepted unquestioningly.

On Monday, Patrick Leahy and several other Senate Judiciary Committee Senators called on the Intelligence Committee Inspector General, Charles McCullough, to conduct a similar inquiry for the period since 2009.

Recently declassified documents appear to reveal numerous violations of law and policy in the implementation of these authorities, including what the FISA Court characterized as three “substantial misrepresentation[s]” to the Court.  These declassified documents also demonstrate that the implementation of these authorities involves several components of the Intelligence Community (IC), including the National Security Agency, Department of Justice, Federal Bureau of Investigation, Central Intelligence Agency, and the Office of the Director of National Intelligence, among others.

We urge you to conduct comprehensive reviews of these authorities and provide a full accounting of how these authorities are being implemented across the Intelligence Community.  The IC Inspector General was created in 2010 for this very purpose.  Comprehensive and independent reviews by your office of the implementation of Sections 215 and 702 will fulfill a critical oversight role.  Providing a publicly available summary of the findings and conclusions of these reviews will help promote greater oversight, transparency, and public accountability.

In conducting such reviews, we encourage you to draw on the excellent work already done by the Inspectors General of several agencies, including the Department of Justice, in reviewing these authorities.  But only your office can bring to bear an IC-wide perspective that is critical to effective oversight of these programs.  The reviews previously conducted have been more narrowly focused – as might be expected – on a specific agency.

In particular, we urge you to review for calendar years 2010 through 2013:

  • the use and implementation of Section 215 and Section 702 authorities, including the manner in which information – and in particular, information about U.S. persons – is collected, retained, analyzed and disseminated;
  • applicable minimization procedures and other relevant procedures and guidelines, including whether they are consistent across agencies and the extent to which they protect the privacy rights of U.S. persons;
  • any improper or illegal use of the authorities or information collected pursuant to them; and
  • an examination of the effectiveness of the authorities as investigative and intelligence tools.

We’ll see how McCullough responds to this. My impression thus far has been that he is too close to the IC Agencies. Plus, he’s very busy conducting insider leak investigations.

But even though we’ve been waiting forever for the IG Report covering the earlier period, apparently Leahy has learned one thing from it. He gave McCullough a deadline this time.

Please proceed to administratively perform reviews of the implementation of Section 215 of the USA PATRIOT Act and Section 702 of FISA, and submit the reports no later than December 31, 2014.

If all goes well, this should provide a quasi-independent review of the programs before they get extended again in 2015.

If NSA Commits Database Query Violations, But Nobody Audits Them, Do They Really Happen?

Barton Gellman, at the beginning of the worthwhile video above, addresses something I addressed here: the only way the government can claim they haven’t “abused” the rules governing NSA activities is by treating all abuse done in the name of the mission as a mistake.

The President, like a lot of people who work for him, has a very narrow definition of two key words in that passage. One is “abuse” and the other is “inappropriately.” As the government depicts it — and this is language it’s using that it does not, frankly, explain.

Abuse — the only kind of abuse that exists would be if, say, an NSA employee were to stalk his ex-wife or spy on movie stars or something of that nature. If they are performing the mission that the NSA wants them to perform, and nevertheless overstep their legal authority, make unauthorized interceptions or searches or retentions or sharing of secret information, that is not abuse, that’s a mistake.

That’s how they get to pretend the 9% to 20% of violations in which a person does not follow the rules seemingly intentionally (these are distinct from human error and training violations) does not constitute an abuse.

With that in mind, I wanted to look more closely at what the audit report says about how errors are found, as shown primarily in this figure:

Screen shot 2013-08-20 at 10.21.25 AM

That looks pretty good on the face, with 64% of all violations found via automated alert, plus a few more — data flow analysis and traffic scanning — that involve technological review.

But this detail on the roamer problem (in which valid foreign targets continue to be targeted when they travel to the US) explains what that’s not all that impressive.  Continue reading

James Clapper’s Anti-Leak Efforts Will Increase Information Asymmetry

As Charlie Savage and others report, Director of National Security James Clapper has instituted new efforts to crack down on leaks. The plan has two aspects. First, those agencies within the IC that have mandatory lie detector tests will add an unspecified question about “unauthorized disclosure of classified information.”

(1) mandating that a question related to unauthorized disclosure of classified information be added to the counterintelligence polygraph used by all intelligence agencies that administer the examination (CIA, DIA, DOE, FBI, NGA, NRO, and NSA).

Not only does this cover just some who might have access to classified information, leaving some agencies, contractors, Congressional employees, and White House employees, not to mention our international intelligence partners, in the clear. But it also brackets off the “authorized” disclosure of classified information. Heck, it might not even cover any of the leaks currently under investigation.

Then there’s the authorization of IC Inspectors General to investigate leaks that DOJ declines to pursue.

(2) requesting the Intelligence Community Inspector General lead independent investigations of selected unauthorized disclosure cases when prosecution is declined by the Department of Justice. The IC IG will establish and lead a task force of IC inspectors general to conduct ind ependent investigations, pursuant to his statutory authority and in coordination with the Office of the National Counterintelligence Executive. This will ensure that selected unauthorized disclosure cases suitable for administrative investigations are not closed prematurely.

As Savage has noted (and this report he links makes clear) the vast majority of leaks are not prosecuted. That’s partly because information is so widely distributed that identifying a sole leaker becomes legally problematic if not impossible more generally. In addition, many leak prosecutions would risk disclosing more classified information than simply letting the alleged leaker go free (this is probably why the Bush and Obama Administrations tried to trump up a charge against Thomas Drake rather than charge known leakers who exposed the illegal wiretap program).

Clapper’s solution will instead have Inspectors General pursue suspected leakers instead. Not only would this free investigative methods from evidentiary rules (so for example, IGs might use wiretaps and other intrusive investigative techniques because they would never need to be disclosed or not in court). The secrecy of such investigations would also make the exposure of selective prosecution impossible. And given the impunity with which the government can give or withdraw clearances, it would mean those unfairly targeted would have no recourse.

All this might be less problematic if the IC IG hadn’t already proven himself to serve government cover-ups rather than the citizens of this country. But as it is, this scheme is ripe for abuse.

Which won’t end leaking. Instead, it’ll make whistleblowing even riskier, as compared with sanctioned leaks, than it already is. Which, so long as Congressional oversight committees refuse to exercise any oversight, will mean the intelligence committee will operate with further unchecked power.

Emptywheel Twitterverse
JimWhiteGNV RT @bmaz: Pat Tillman Was A Man, Not Just A Symbol http://t.co/LHFaQOUS99 Who Pat was in life, not just death
3hreplyretweetfavorite
bmaz Pat Tillman Was A Man, Not Just A Symbol http://t.co/LHFaQOUS99 Who Pat was in life, not just death
3hreplyretweetfavorite
bmaz @HzmtH1 @terraformer @radleybalko @WPTheWatch I do this for a living, and thought "exigent circumstances" warrants marshal law is absurd
4hreplyretweetfavorite
emptywheel @gideonstrumpet need to check my schedule but I might have time to touch base.
4hreplyretweetfavorite
bmaz @HzmtH1 @terraformer @radleybalko @WPTheWatch Yeah, well, the central premise is irrefutable if you actually believe in US+MA Constitutions.
4hreplyretweetfavorite
emptywheel @gideonstrumpet I'm speaking at 4:15 @ Hampshire but will be here thru Sat AM. What's your schedule tomorrow? @bmaz @FalguniSheth
4hreplyretweetfavorite
bmaz @GregoryMcNeal @radleybalko Already have and do!
4hreplyretweetfavorite
bmaz Now that Fed govt has initiated pardon+sentencing reform, pressure on governors and states to do the same should be brought.
4hreplyretweetfavorite
bmaz @TimothyS Yes yes, but I really detest the former too!
4hreplyretweetfavorite
bmaz Can Obama pardon enough inmates to shut down the loathsome private prisons like CCA et. al? He should. http://t.co/nXFmq0tE2V
4hreplyretweetfavorite
bmaz @janehamsher @SavannahGuthrie @JohnKiriakou @TODAYshow Then whispers sweet nothings in his ear on the way out.
5hreplyretweetfavorite
bmaz RT @michaelbkiefer: If the AZ Supreme Court issues a death warrant, Joe Wood will be executed with medazolam + hydromorphone, which didn't …
5hreplyretweetfavorite
April 2014
S M T W T F S
« Mar    
 12345
6789101112
13141516171819
20212223242526
27282930