Posts

Three Theories Why the Section 215 Phone Dragnet May Have Been “Erroneous” from the Start

/6 Comments/in , /by

Update, 1/6/14: I just reviewed this post and realize it’s based on the misunderstanding that the February 24 OLC opinion is from last year, not 2006. That said, the analysis of the underlying tensions that probably led to the use of Section 215 for the phone dragnet are, I think, still valid. 

According to ACLU lawyer Alex Abdo, the government may provide more documents in response to their FOIA asking for documents relating to Section 215 on November 18. Among those documents is a February 24, 2006 FISA Court opinion, which the government says it is processing for release.

That release — assuming the government releases the opinion in any legible form — should solve a riddle that has been puzzling me for several weeks: whether the FISA Court wrote any opinion authorizing the phone dragnet collection before its May 24, 2006 order at all.

The release may also provide some insight on why former Assistant Attorney General David Kris concedes the initial authorization for the program may have been “erroneous.”

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. [my emphasis]

That “erroneous” language comes not from me, but from David Kris, one of the best lawyers on these issues in the entire country.

And the date of the opinion — February 24, 2006, 6 days before the Senate would vote to reauthorize the PATRIOT Act having received no apparent notice the Administration planned to use it to authorize a dragnet of every American’s phone records — suggests several possible reasons why the original approval is erroneous.

Possibility one: There is no opinion

The first possibility, of course, is that my earlier guess was correct: that the FISC court never considered the new application of bulk collection, and simply authorized the new collection based on the 2004 Colleen Kollar-Kotelly opinion authorizing the Internet dragnet. In this possible scenario, that February 2006 opinion deals with some other use of Section 215 (though I doubt it, because in that case DOJ would withhold it, as they are doing with two other Section 215 opinions dated August 20, 2008 and November 23, 2010).

So one possibility is the FISA Court simply never considered whether the phone dragnet really fit the definition of relevant, and just took the application for the first May 24, 2006 opinion with no questions. This, it seems to me, would be erroneous on the part of FISC.

Possibility two: FISC approved the dragnet based on old PATRIOT knowing new “relevant to” PATRIOT was coming

Another possibility is that the FISA Court rushed through approval of the phone dragnet knowing that the reauthorization that would be imminently approved would slightly different language on the “relevance” standard (though that new language was in most ways more permissive). Thus, the government would already have an approval for the dragnet in hand at the time when they applied to use it in May, and would just address the “relevance” language in their application, which we know they did.

In this case, the opinion would seem to be erroneous because of the way it deliberately sidestepped known and very active actions of Congress pertaining to the law in question.

Possibility three: FISC approved the dragnet based on new PATRIOT language even before it passed

Another possibility is that FISC approved the phone dragnet before the new PATRIOT language became law. That seems nonsensical, but we do know that DOJ’s Office of Intelligence Policy Review briefed FISC on something pertaining to Section 215 in February 2006.

After passage of the Reauthorization Act on March 9, 2006, combination orders became unnecessary for subscriber information and [one line redacted]. Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber information to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary. In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [half line redacted] from the FISA Court. Therefore, OIPR decided not to request [several words redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court. 24

24 OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act. [two lines redacted] [my emphasis]

Still, this passage seems to reflect an understanding, at the time DOJ briefed FISC and at the time that the FISC opinion was written that the law was changing in significant ways (some of which made it easier for the government to get IDs along with the Internet metadata it was collecting using a Pen Register).

This would seem to be erroneous for timing reasons, in that the judge issued an opinion based on a law that had not yet been signed into law, effectively anticipating Congress.

The looming threat of Hepting v. AT&T and Mark Klein’s testimony

Which brings me to why. The 2009 Draft NSA IG Report describes some of what went on in this period.

After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephone metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order.

As with the PR/TT Order, DOJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisors. Their previous experience in drafting the PRTT Order made this process more efficient.

The FISC signed the first Business Records Order on 24 May 2006. The order essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had under the PSP. And, unlike the PRTT, there was no break in collection at transition.

But the IG Report doesn’t explain why the telecom(s) started getting squeamish after the NYT scoop.

It doesn’t mention, for example, that on January 17, 2006, the ACLU sued the NSA in Detroit. A week after that suit was filed, Attorney General Alberto Gonzales wrote the telecoms a letter giving them cover for their cooperation.

On 24 January 2006, the Attorney General sent letters to COMPANIES A, B, and C, certifying under 18 U.S.C. 2511 (2)( a)(ii)(B) that “no warrant or court order was or is required by law for the assistance, that all statutory requirements have been met, and that the assistance has been and is required.”

Note, this wiretap language pertains largely to the collection of content (that is, the telecoms had far more reason to worry about sharing content). Except that two issues made the collection of metadata particularly sensitive: the data mining of it, and the way it was used to decide who to wiretap.

More troubling still to the telecoms, probably, came when EFF filed a lawsuit, Hepting, on January 31 naming AT&T as defendant, largely based on an LAT story of AT&T giving access to the its stored call records.

But I’m far more interested in the threat that Mark Klein, the AT&T technician who would ultimately reveal the direct taps on AT&T switches at Folsom Street, posed. Read more

DOJ Did Not Fulfill Legally Required Disclosure on Section 215 to Congress Until After PATRIOT Reauthorization

/6 Comments/in , /by

In the Guardian’s superb summary of the importance of the NSA leaks, Zoe Lofgren challenges the claims that Congress has received all the documents NSA claims it has gotten.

I do serve on the Judiciary Committee and various statements have been made that the Judiciary Committee members were told about all of this and those statements are untrue, not the facts, we have not been provided the documents that the Agency said that we were.

In a Privacy and Civil Liberties Oversight Board today, NSA General Counsel Raj De and ODNI General Counsel Robert Litt both repeated such claims (these are from my notes on twitter; I’ll check my transcription later). De said that Section 215 “had all indicia of official legitimacy” which in part came because it was “twice reauthorized by Congress with full information from exec.” And Litt said they are “by statute required to provide copies [of FISC documents] to both houses. They got materials relating to this [Section 215] program.”

Obviously, we know De is wrong, and he must know it, because a sufficiently large block of Congressmen never had the opportunity to read the Executive’s official notice to make the difference in the 2011 reauthorization. His statement is a clear lie.

But I’m just as interested in Litt’s claim (which would rely on notice to the Judiciary and Intelligence Committees).

This most recent I Con dump provides some evidence that illuminates Lofgen’s implicit dispute of Litt’s claims. Remember this paragraph, which is one of the most specific claims about what notice the Administration gave to Congress about using Section 215 to authorize the phone dragnet.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this [Section 215] program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.

As I noted in this post, the specific language (in bold) regarding the first, May 2006, authorization of the phone dragnet at least suggested, in this context, there wasn’t an opinion at all, as did a lot more evidence. But recent reporting strongly suggests there was (see this post where I argue this is likely the phone dragnet opinion).

Government lawyers have told the ACLU that they are withholding at least two significant FISC opinions — one from 2008 and one from 2010 — relating to the Patriot Act’s Section 215, or “business records” provision.

This would seem to indicate that Congress was not provided the original 2006 opinion (as distinct from the application and primary order) “by December 2008.”

With that mind, consider this document released by the I Con, an August 16, 2010 memo from Office of Legislative Affairs Assistant Attorney General Ronald Weich to the Chairs of the Judiciary and Intelligence Committees.

Pursuant to section 1871 of United States Code Title 50, we are providing the Committees with copies of the remaining decisions, orders, or opinions issued by the Foreign Intelligence Surveillance Court, and pleadings, applications, or memoranda of law associated therewith, that contain significant constructions or interpretations of any provision of FISA during the five-year period ending July 10, 2008. See 50 U.S.C. § 1871(c)(2). We have provided similar materials for the same time period. 

Now remember, while ODNI made a big show of releasing these documents, they released them as part of the ACLU’s FOIA for documents on Section 215 and all the documents released pertain to Section 215. I Con describes the memo as referring to “several documents to the Congressional Intelligence and Judiciary Committees relating to NSA collection of bulk telephony metadata under Section 501 of the FISA, as amended by Section 215 of the USA PATRIOT Act,” confirming they pertain to Section 215.

The Patriot Act was reauthorized in February 2010.

At a minimum, this suggests the White Paper provided in August may have been highly misleading. When it said “Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees,” it did not mean that by December 2008, the four oversight committees had all the significant opinions in hand. Even assuming the Weich brief was correct, which Lofgren’s comment suggests it might not be, they didn’t get around to handing over opinions pertaining to Section 215 going back to July 10, 2003 until August 2010. That period — July 10, 2003 to July 10, 2008 — would cover both the July 2004 Colleen Kollar-Kotelly opinion authorizing using the Pen Register/Trap and Trace to collect Internet metadata, and the May 2006 opinion authorizing the phone dragnet. While we don’t know that the Kollar-Kotelly opinion was withheld until 2010, the language of the White Paper (which suggests the opinion itself was not provided) strongly suggests the May 2006 one was.

The law requiring such disclosure, 50 U.S.C. § 1871(c)(2), was part of the FISA Amendments Act, so had been in place for a full year by the time the PATRIOT Act reauthorization got started, yet DOJ didn’t get around to complying with it until 2 years after the law passed. And the law specifically requires disclosure of both the PR/T&T and the Section 215 authorities.

The possibility that DOJ did not turn over the original phone dragnet opinion is utterly damning given David Kris’ suggestion that the initial approval of the phone dragnet — the 2006 opinion — may have been erroneous.

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct.

David Kris at least entertains the possibility that the original May 2006 opinion was “erroneous,” but points to Congress’ reauthorization of the PATRIOT Act to claim it had incorporated FISC’s interpretation of the law.

But now we know that DOJ did not provide all of FISC’s significant opinions pertaining to Section 215 to the key oversight committees until August 16, 2010, over two years after they were obligated to do so — and the plain language of the White Paper strongly suggests that DOJ did not provide the key May 2006 opinion to the oversight committees.

This doesn’t yet prove that DOJ withheld the May 2006 opinion that Kris suggests might be “erroneous” until after Congress reauthorized the PATRIOT Act. But it strongly suggests that is the case.

Update: PATRIOT Act Reauthorization line moved per Anonster’s suggestion.

Update: Added the language I Con used to describe the documents handed over in August 2010.

The 8-FISA Judge 11-Docket Spying Authorization to Identify Less than $10,000 to Al-Shabaab

/8 Comments/in , /by

In a hearing last month, FBI Deputy Director Sean Joyce described a case in which the phone metadata database helped catch terrorists. (after 1:07)

Lastly, the FBI had opened an investigation shortly after 9/11. We did not have enough information, nor did we find links to terrorism, so we shortly thereafter closed the investigation. However, the NSA, using the business record FISA, tipped us off that this individual had indirect contacts with a known terrorist overseas. We were able to reopen this investigation, identify additional individuals through legal process, and were able to disrupt this terrorist activity.

While he didn’t name it, subsequent discussions of the case made it clear he meant Basaaly Saeed Moalin, a Somali-American convicted with three others in February for sending less than $10,000 to al-Shabaab (altogether Moalin was charged with sending $17,000 to Somalia, the balance of it to non-Shabaab figures the government claims are also terrorists).

Moalin’s lawyer Joshua Dratel unsuccessfully challenged the government’s use of material derived from FISA (the judge’s opinion rejecting the challenge has never been released). Yet even with that challenge, Dratel was never informed of the use of Section 215 in the case.

All that said, the government’s opposition to his challenge is utterly fascinating, even with huge chunks redacted. I’m going to do a weedy post on it shortly. But for now, I want to point to three indicia that reveal how much more complex this surveillance was than Joyce described to the House Intelligence Committee.

First, as part of the introduction, the government provided an (entirely redacted) Overview of the FISA Collection at Issue. While we have no idea how long that passage is, the government needed 9 footnotes to explain the collection (they are also entirely redacted). Similarly, a section arguing “The FISA Applications Established Probable Cause” has the following structure and footnotes (the content is entirely redacted):

[footnote to general material]

1.

a.

2.

a. [6 footnotes]

b.

i. [2 footnotes]

ii.

iii. [1 footnote]

iv. [2 footnotes]

v. [3 footnotes]

Now it may be that section 1 here pertains to physical collection, and section 2 pertains to electronic collection (both were used, though I suspect the physical collection was metaphorical in some way). But even there, there seem to be at least 6 and possibly far more orders involved, with two types of collection — perhaps one pertaining to bulk 702-style collection (most of the intercepts happened under Protect America Act) and the other to the use of Section 215.

Then, as part of a discussion about the minimization requirements tied to the application(s) involved, the government revealed 8 different FISC judges signed off on orders pertaining to the collection.

In order to fulfill the statutory requirements discussed above, the Attorney General has adopted standard minimization procedures for FISC-authorized electronic surveilance and physical search that are on file with the FISC and that are incorporated by reference into every relevant FISA application that is submitted to the FISC. As a result, the eight FISC judges who issued the orders authorizing the FISA collections at issue in this case found that the applicable standard minimization procedures met FISA’s statutory requirements. The FISC orders in the dockets at issue directed the Governent to follow the approved minimization procedures in conducting the FISA collection. [my emphasis]

But it appears this surveillance involved even more than 8 orders. In a section claiming that this surveillance is not complex, the government cited 11 sealed exhibits that include the dockets at issue.

There is nothing extraordinary about this case that would prompt the Court to be the first to order the disclosure of highly sensitive and classified FISA materials. Disclosure is not necessar for the Court to determine the legality of the collection. Here, the FISA dockets – at Sealed Exhibits 16-26 – are well-organized and easily reviewable by the Court in camera and ex parte. The Index of Materials in the Government’s Sealed Exhibit and this memorandum serve as a road map through the issues presented for the Court’s in camera and ex parte determination. The FISA materials contain ample information from which the Court can make an accurate determination of the legality of the FISA collection; indeed, they are “relatively straightforward and not complex.” [my emphasis]

15 footnotes addressing probable cause approved by 8 judges over 11 different dockets.

This is not a simple check of the phone database. (I’ll explain what I think actually happened with the surveillance we know about in a future post.)

Now, some of this clearly invokes the iterative approval of programmatic orders as described by Eric Lichtblau and the WSJ. The May 2006 opinion authorizing the use of Section 215 to collect phone records for every American surely is one of the authorizations cited. That opinion may rely on the 2004 one that authorized the use of Pen Register/Trap and Trace to collect all the Internet metadata in the country. I suspect there may be several orders authorizing collection on al-Shabaab and/or Somalia generally — one that precedes Protect America Act, one that collects under PAA, and probably one that collects under FISA Amendments Act (the key conversations took place in late 2007 through much of 2008). I suspect, too, there’s an order governing collection of all signals off some switch. Then there may be traditional FISA warrants to collect on Moalin and his co-conspirator Mohamud Abdi Yusuf (the other co-conspirators appear not to have been targets of collection).

Still, that only gets you to 8 dockets, even assuming they used a new one for Somalia each time.

“Relatively straightforward … not complex,” the government said, in arguing the defendant shouldn’t get a look at this jerry-rigged system of surveillance. And we still can’t see the logic Judge Jeffrey Miller used to agree with them.