In this post, I argued that a likely explanation for the NSA’s limits on collecting domestic cell phone data stem from a decision Verizon made in 2009 to stop participating in an FBI call records program. I’m not sure if I’m right about the cause (I know I’m not right about the timing), but I based part of my argument on how the FISA Court resolved a problem with telecoms turning over foreign data in 2009. And that resolution definitely indicates there’s something different about the way Verizon produces dragnet data from how AT&T does (Sprint is probably a third case, but not as important for these purposes).
Let me be clear: Verizon was not the only telecom to have the problem. It affected at least one other telecom; I believe it may have affected all of them. But the FISC resolved it differently with Verizon, which I believe shows that Verizon complies with the Section 215 orders in different fashion than AT&T and Sprint.
The problem was first identified when, in May 2009, Verizon informed the NSA it had been including foreign-to-foreign records in the data it provided to the NSA. Here’s how David Kris explained it in his report accompanying the phone dragnet end to end report.
NSA advised that for the first time, in May 2009, [redacted--Verizon] stated it produced foreign-to-foreign record pursuant to the Orders. [redacted--Verizon] stopped its production of this set of foreign-to-foreign records on May 29, 2009, after service of the Secondary Order in BR 09-06, which carves out foreign-to-foreign records from the description of records to be produced. (19)
In an accompanying declaration Keith Alexander provided more detail.
In May 2009, during a discussion between NSA and [redacted--Verizon] regarding the production of metadata, a [redacted--Verizon] representative stated that [redacted] produced the records [redacted] pursuant to the BR FISA Orders. This was the first indication that NSA had ever received from [redacted--Verizon] of its contrary understanding. At the May 28, 2009, hearing in docket number BR 09-06, the government informed the Court of [redacted redacted]. To address the issue, based on the government’s proposal, the Court issued a Secondary Order to [redacted] in docket number BR 09-06 that expressly excluded foreign-to-foreign call detail records from the scope of records to be produced. On May 29, 2009, upon service of the Secondary Order in docket number BR 09-06, [redacted--Verizon] ceased providing foreign-to-foreign records [redacted]. (42/PDF67)
Almost every dragnet order since that May 29, 2009 one has broken its production order out into two subparagraphs to reflect this change.
We can be virtually certain that Verizon is this provider, because the Verizon secondary order leaked by Edward Snowden includes the language excluding foreign-to-foreign data. That long redaction likely hides Verizon’s full name under this program, “Verizon Business Network Services, Inc. on behalf of MCI Communication Services Inc., d/b/a Verizon Business Services (individually and collectively “Verizon”), which is the name initially used in the secondary order.
Additionally, ODNI originally released the January 20, 2011 primary order with the paragraph that clarifies this with Verizon’s name unredacted. The paragraph remains in the dragnet orders, even after Verizon and Vodaphone split earlier this year (though if the split affected this issue, they may have hidden the fact by retaining the paragraph, given that they’re now anticipating declassification of the orders).
Less than a month after this incident, on June 25, the NSA finished its End-to-End report, which reported just the Verizon issue. Sometime between then and July 9, the FISC appears to have realized one of the other providers had a similar problem. The July 9, 2009 dragnet order, in the only exception I know to the two-part production order, looked like this:
The production order is to plural custodians of records, meaning at least two providers must be named. But it applies the Verizon rules to all of the named providers.
The order also requires an explanation for inclusion of the foreign-to-foreign records (see the bullet at 16-17). It is redacted in the released order but the DOJ submission (see page 6) shows that Judge Walton ordered,
a full explanation of the extent to which NSA has acquired call detail records of foreign-to-foreign communications from [redacted--too long to just be Verizon] pursuant to orders of the FISC, and whether the NSA’s storage, handling, and dissemination of information in those records, or derived therefrom, complied with the Court’s orders;
The September 3, 2009 order reverts to the two-paragraph structure. But it also orders retroactive production from one of the providers (AT&T or Sprint, probably the latter based on redaction length) named in the first paragraph (I first wrote about this here).
In addition, the Custodian of Records of [redacted] shall produce to NSA upon service of the appropriate Secondary Order an electronic copy of the same tangible things created by [redacted] for the period from 5:11 p.m. on July 9, 2009 to the date of this Order, to the extent those records still exist.
And adds a requirement that NSA report on any significant changes in reapplications, including on any changes to how the government obtains the data from carriers.
Any application to renew or reinstate the authority granted herein shall include a report describing: (1) the queries made since the end of the reporting period of the last report filed with the Court; (ii) the manner in which NSA applied the procedures set forth in paragraph (3)C above; and (iii) any proposed changes in the way in which the call detail records would be received from the carriers and any significant changes to the systems NSA uses to receive, store, process, and disseminate BR metadata. [my emphasis]
The DOJ report provides further evidence that at least one other provider provided foreign-to-foreign records. When Kris introduces this problem (see page 18), he references a three part discussion in Alexander’s declaration.
You can see the heading for the third provider on page 46/PDF 71 of the Alexander declaration.
So the report appears to have commented on all three providers. The problem clearly affected two of them.
But FISC only retains the clarification for Verizon.
As I said, I appear to be wrong about the timing of this. I had suggested it was tied to Verizon deciding not to reup its contract under the FBI phone program in 2009. That almost certainly had to have happened (as Charlie Savage noted to me via Twitter, the Exigent Letter IG Report was focused on AT&T, MCI, and Verizon, and one of the latter two, which means basically one part of Verizon, backed out).
But the End-to-End Report makes it clear Verizon first started turning over this data in January 2007.
This foreign-to-foreign metadata started coming into NSA in January 2007. (15)
There was not even a dragnet order signed in January 2007, so it can’t be tied primarily to the phone dragnet. It also preceded the end of the on-site phone provider program (which ended in December 2007) and even the release of the first NSL IG Report in March 2007, which led the providers to get squirrelly (see page 191 for these dates).
The details regarding the potential problems with Verizon’s provision of foreign-to-foreign records suggests this may have something to do with upstream production (Verizon had been providing upstream records to the NSA for years, but it only came under the oversight of the FISC in January 2007).
Furthermore, because the records are records of foreign-to-foreign communications, almost all of them do not concern the communications of U.S. persons. To the extent any of the records concern the communications of U.S. persons, such communications would be afforded the same protections as any other U.S. person communication [redacted] authorities. Id. at 43. (19)
almost all of them concern the communications of non-U.S. persons located outside the United States. If NSA were to find that any of the records concerned U.S. persons, their dissemination would be governed by the terms of USSID 18 which are the procedures established pursuant to EO 12333, as amended. (68)
The discussion of records that might “concern the communications” sounds like an “about” search (though I’m not sure of what).
All that said, AT&T should have had the same upstream “about” obligations starting in January 2007 that Verizon did. I suspect (based on my guess that Sprint is the production that got shut down) the order in the July 9, 2009 order is the only instruction they ever got to stop providing foreign-to-foreign records. Yet FISC felt the need — still feels the need — to keep that explicit order to Verizon in every single primary order.
Mind you, all this shows that Verizon was able to shut down the foreign production immediately, on the same day. So it’s clear they can shut down certain kinds of production.
All this seems to suggest that — in addition to at least some part of Verizon withdrawing from the FBI’s records program, and to Verizon not retaining records for the same length of time AT&T does — Verizon also produces phone dragnet data differently than AT&T does.
Jason Leopold liberated another White Paper — this one dated May 25, 2011 — on drone killing.
Man. It’s just like they kept throwing legal arguments against the wall in hopes that one saying “You can kill Americans with no due process” would stick. And since this one is not signed, we may never know what lawyer gets rewarded with a lifetime judicial sinecure!
I’ll have a lot more to say on the logistics of all this in a later post.
But I want to comment briefly on a point that Kevin Jon Heller made in his post on the memo (remember, Heller’s the guy who forced David Barron to write more than 7 pages to authorize killing Awlaki by raising a statute Barron hadn’t considered).
Heller still sees absolutely no justification for CIA being granted public authority to kill Americans in this White Paper.
Like the earlier memorandum, the White Paper is largely devoted to establishing that the public-authority justification applies to the foreign-murder statute and that members of the US military would be entitled to the justification. (Two conclusions I agree with.) It then simply says this (pp. 14-15):
Given the assessment that an analogous operation carried out pursuant to the AUMF would fall within the scope of the public-authority justification, there is no reason to reach a different conclusion for a CIA operation.
That’s it. That’s the sum total of the unredacted argument. But there is a reason to reach a different conclusion “for a CIA operation” — as pointed out above, the AUMF does not apply to the CIA. Which means that the source of the public-authority justification must lie elsewhere.
Now let me be clear: I am not saying the CIA cannot be entitled to the public-authority justification. I am simply pointing out that the AUMF does not provide the CIA with the necessary authority. Perhaps there is another source, such as Title 50 of the US Code, as my co-blogger Deb Pearlsteinhas suggested. Indeed, the redaction on page 16 of the new White Paper may well refer to that other source of authority, given that five or six lines of redacted text follow this statement:
Thus, just as Congress would not have intended section 1119 to bar a military attack on the sort of individual described above, neither would it have intended the provision to prohibit an attack on the same target, in the same authorized conflict and in similar compliance with the laws of war, carried out by the CIA in accord with _____.
I don’t understand why the OLC would need to redact a reference to Title 50 (or to some other source of authority). The legal source of the CIA’s authorization to kill Americans overseas — if one exists — hardly seems like a state secret. Until the government reveals that source, however, we remain entitled to conclude that the CIA drone-strike that killed Anwar al-Awlaki violated 18 USC 1119.
I don’t think those redacted lines he points to are a reference directly to statute.
I think it’s a reference to the September 17, 2001 Gloves Come Off Memorandum of Notification which we know authorized killing high value al Qaeda figures with drones.
After all, that’s precisely where Stephen Preston — then CIA’s General Counsel before he moved onto bigger and better General Counseling at DOD — said he’d look to for the authority for CIA to carry out certain operations (and when he gave this speech, it was regarded to be part of the set of drone killing speeches Obama’s top officials gave in 2012, and he discusses assassination, which several of the drone authorizations also do, specifically).
Authority to Act under U.S. Law.
First, we would confirm that the contemplated activity is authorized by the President in the exercise of his powers under Article II of the U.S. Constitution, for example, the President’s responsibility as Chief Executive and Commander-in-Chief to protect the country from an imminent threat of violent attack. This would not be just a one-time check for legal authority at the outset. Our hypothetical program would be engineered so as to ensure that, through careful review and senior-level decision-making, each individual action is linked to the imminent threat justification.
A specific congressional authorization might also provide an independent basis for the use of force under U.S. law.
In addition, we would make sure that the contemplated activity is authorized by the President in accordance with the covert action procedures of the National Security Act of 1947, such that Congress is properly notified by means of a Presidential Finding.
Preston would look to a Finding, and we know there was (still is, as far as we know!) a Finding authorizing precisely the thing the government claimed to have done, kill a top al Qaeda figure.
Remember, too, David Kris — who left DOJ not long before this White Paper explicitly authorizing CIA’s execution of the execution got written — issued this warning about the real secrets behind the National Security Act’s language prohibiting CIA from violating US statute.
For example, the covert action statute could be interpreted and applied in ways that may be extraordinarily important, but about which very, very few Members of Congress, let alone the American People, ever learn. The statute defines covert action to exclude “traditional” military and law-enforcement activities, provides that a covert action finding “may not authorize any action that would violate the Constitution or any statute of the United States,” and specifically warns that “No covert action may be conducted which is intended to influence United States political processes, public opinion, policies, or media.” Without making any comment, express or implied, on any actual or hypothetical covert action, or even acknowledging that any covert action of any kind has ever actually taken place, it is quite obvious that each of those elements of the statute could raise enormously difficult and complex interpretive questions, some of which might affect many Americans. Yet it might be impossible, in many cases, to explain those interpretations without revealing the most sensitive classified information. [60; footnotes removed]
In killing Awlaki, CIA was acting in both a law enforcement (that’s where the Fourth Amendment argument derives from) and Traditional Military capacity (which is how these endless justifications apply the public authority to CIA, by claiming CIA officers are just like soldiers). Kris tells us the statute says CIA can’t, but that the NSA “could be interpreted and applied in ways [that] very few Members of Congress, let alone the American People, ever learn.”
It has to have in this case, because CIA acted as both law enforcement and military in violating a slew of statutes to carry out the drone killing of an American citizen as part of a covert op. Kris is basically saying that part of the NSA doesn’t mean what it says. That it means something far more horrible.
Which means he’s also saying — as was Preston — that the drone killing of Anwar al-Awlaki was done on Article II authority.
It is, admittedly, a guess. But I believe that behind that redaction, the White Paper makes it clear this killing was done on Presidential authorization.
At some point (perhaps at the end of 2009, but sometime before this application), the government tried to reapply, but withdrew their application. The three letters below were sent in response to that. But they were submitted with the reapplication.
(15/27) In addition to tagging data itself, the source now gets noted in reports.
(16/27) NSA wanted all analysts to be able to query.
(16/27) COntrary to what redaction seemed to indicate elsewhere, only contact chaining will be permitted.
(17/27) This implies that even technical access creates a record, though not about what they access, just when and who did it.
(17/27) NSA asked for the same RAS timelines as in BRFISA — I think this ends up keeping RAS longer than an initial PRTT order.
(18/27) “Virtually every PR/TT record contains some metadata that was authorized for collection, and some metadata that was not authorized for collection … virtually every PR/TT record contains some data that was not authorized by prior orders and some that was not.”
(21/27) No additional training for internal sharing of emails.
(21/27) Proof they argue everything that comes out of a query is relevant to terrorism:
Results of queries of PR/TT-sourced metadata are inherently germane to the analysis of counterterrorism-related foreign intelligence targets. This is because of NSA’s adherence to the RAS standard as a standard prerequisite for querying PR/TT metadata.
(22/27) Note “relevance” creep used to justify sharing everywhere. I really suspect this was built to authorize the SPCMA dragnet as well.
(23/27) Curious language about the 2nd stage marking: I think it’s meant to suggest that there will be no additional protection once it circulates within the NSA.
(24/27) NSA has claimed they changed to the 5 year age-off in December 2009. Given the question about it I wonder if that’s when these letters were sent?
(24/27) Their logic for switching to USSID-18:
these procedures form the very backbone for virtually all of NSA’s dissemination practices. For this reason, NSA believes a weekly dissemination report is no longer necessary.
(24-5/27) The explanation for getting rid of compliance meetings is not really compelling. Also note that they don’t mention ODNI’s involvement here.
(25/27) “effective compliance and oversight are not performed simply through meetings or spot checks.”
(27/27) “See the attached word and pdf documents provided by OIG on an intended audit of PR/TT prior to the last Order expiring as an example.” Guess this means the audit documents are from that shutdown period.
(2) DNI adopted new serial numbers for reports, so as to be able to recall requests.
(3) THey’re tracking the query reports to see if they can withdraw everything.
(3) THis is another of the places they make it clear they can disseminate law enforcement information without the USSID requirements.
(4) It appears the initial application was longer than the July 2010, given the reference to pages 78-79.
There are some very interesting comparisons with the early 2009 application, document AA.
(1) Holder applied directly this time rather than a designee (Holder may not have been confirmed yet for the early 2009 one).
(2) The redacted definition of foreign power in AA was longer.
(3) “collect” w/footnote 3 was redacted in AA.
(3) Takes out reference to “email” metadata.
(3) FN 4 both focuses on “Internet communication” rather than “email [redacted]” as AA did, but it also scopes out content in a nifty way.
The early focus on the dragnet violations was on the phone dragnet. At the end of March, however, DOJ started preparing to look more closely at the PRTT program in late April 2009, which may be why some of the following violations got disclosed to Reggie Walton in conjunction with a May reauthorization application. The CIA, FBI, and NCTC access to the PRTT seems to have been a bigger issue than the BR FISA data.
All that said, when the NSA completed its End-to-End report sometime in fall 2009, they didn’t report all that much beyond the violations noted in May (though they did note the NSA did not shut down some automatic process when it said it did), mostly by claiming they didn’t realize the original dragnet order meant what it said (in spite of the violation in the first dragnet order).
It was only after that that they noticed FISC NSA had been collecting content from the start of the program (see document O). Once they admitted that, NSA decided not to reapply for a Primary Order, and Reggie Walton issued a supplemental order (document E) ordering them not to collect any more, but also not to access the data they did have. Only after that did DOJ submit the End-to-End report, accompanied by DOJ and Keith Alexander reports that admitted the content violation.
I Con the Record just released some ridiculously overclassified Internet dragnet documents it claims shows oversight but which actually shows how they evaded oversight. I’ve added letters to ID each document (I’ll do a post rearranging them into a timeline tomorrow or soon thereafter).
For a timeline I did earlier of the Internet dragnet program see this post.
This will be the first of several working threads, starting with descriptions of what we’ve got.
8/12: Note I will be updating this as I can clarify dates and content.
B. FISC Primary Order: This is an Internet dragnet order signed by Reggie Walton, probably in 2008 or very early 2009. It shows that the Internet dragnet program, which was almost certainly illegal in any case, had less oversight than the phone dragnet program (though at this point also collected fewer records). It was turned over pursuant to FAA requirements on March 13, 2009.
C. FISC Primary Order: This is an Internet dragnet order probably from May 29, 2009 (as identified in document D), signed by Reggie Walton. It shows the beginning of his efforts to work through the Internet violations. It appears to have been provided to Congress on August 31, 2009.
D. FISC Order and Supplemental Order: This is a version of the joint June 22, 2009 order released on several occasions before. It shows Reggie Walton’s efforts to work through the Internet dragnet violations. Here’s one version.
E. FISC Supplemental Order: This appears to be the dragnet order shutting down dragnet production. It would date to fall 2009 (production was likely shut down in October 2009, though this might reflect the initial shut-down).
F. FISC Primary Order: I’m fairly sure this is an order from after Bates turned the Internet dragnet back on in 2010 (and is signed by him), though I will need to verify that. It does require reports on how the NSA will segregate previously violative records, which is consistent with it dating to 2011 sometime (as is the requirement that the data be XML tagged).
G. FISC Memorandum Opinion Granting in Part and Denying in Part Application to Reinitiate, in Expanded Form, Pen Register/Trap and Trace Authorization: This is the order, from sometime between July and October 2010, where John Bates turned back on and expanded the Internet dragnet. Here’s the earlier released version (though I think it is identical).
H. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This was a report Walton required in document C, above, and so would be in the May-June 2009 timeframe. Update: Likely date June 18, 2009.
I. Government’s Response to the FISC’s Supplemental Order: This is the government’s response to an order from Walton, probably in his May 29, 2009 opinion (see this order for background), or even earlier in May.Update: This response dates to June 18, 2009 or slightly before.
J. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This appears to be the declaration submitted in support of Response I and cited in several places. Update: likely date June 18, 2009.
K. Supplemental Declaration of Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency: This appears to be the declaration that led to document C above.
L. Government’s Response to the FISC’s Supplemental Order Requesting a Corrective Declaration: This is a declaration admitting dissemination outside the rules responding to 5/29 order.
M. Government’s Response to a FISC Order: This is the government’s notice that it was using automatic queries on Internet metadata, just as it also was with the phone dragnet. This notice was provided to Congress in March 2009.
N. Declaration of Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Compliance with a FISC Order: After Walton demanded declarations in response to the initial phone dragnet violation, he ordered NSA to tell him whether the Internet dragnet also had the same problems. This is Keith Alexander’s declaration describing the auto scan for that program too. It was provided to Congress in March 2009.
O. Preliminary Notice of Potential Compliance Incident: This is the first notice of the categorical violations that ultimately led to the temporary shutdown of the dragnet, in advance of order E.
P. Notice of Filing: This is notice of a filing in response to inquiry from Judge Walton. It could be from any time during David Kris’ 2009 to early 2011 tenure.
Q: Government’s Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes:
This appears to be the application following Order E, above. I don’t think it’s the 2010 application that led to the reauthorization of the dragnet, because it refers to facilities whereas the 2010 order authorized even broader collection. (Remember Bates’ 2010 order said the government applied, but then withdrew, an application.) Update and correction: this application must post-date December 2009, because that’s when NSA changed retention dates from 4.5 years to 5. Also note reference to change in program and request to access illegally collected data from before 10/09.
R. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes: This appears to be the memorandum of law accompanying application Q.
S. Declaration of General Keith B. Alexander, U.S. Army, Director, NSA, in Support of Pen Register/Trap and Trace Application: This is Alexander’s declaration accompanying Q.
T. Exhibit D in Support of Pen Register/Trap and Trace Application: This is a cover letter. I’m not sure whether it references prior communications or new ones.
U. First Letter in Response to FISC Questions Concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: This is the first of several letters in support of reinitiation of the program. The tone has changed dramatically here. For that reason, and because so much of it is redacted, I think this was part of the lead-up to the 2010 reauthorization.
V. Second Letter in Response to FISC Questions concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: This second letter is entirely redacted except for the sucking up to Bates stuff.
W. Third Letter in Response to FISC Questions Concerning NSA Bulk Metadata Collection Using Pen Register/Trap and Trace Devices: More sucking up. Some language about trying to keep access to the existing illegally collected data.
X. Application for Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes: This is the first application for the Internet dragnet, from 2004. Very interesting. Note it wasn’t turned over until July 2009, after Congress was already learning of the new problems with it.
Y. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes: The memorandum of law accompanying X. Also turned over to Congress in 2009.
Z. Declaration of General Michael V. Hayden, U.S Air Force, Director, NSA, in Support of Pen Register/Trap and Trace Application: This goes with the initial application. NSA has left stuff unredacted that suggests they were access less bandwith than they, in the end, were. Also remember NSA violated this from the very beginning.
AA. Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes:
This appears to be the application for the second PRTT order. I’ll return to this tomorrow, but I don’t think it reflects the violation notice it should.
BB. Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate:
This is NSA’s declaration in conjunction with the first reapplication for the dragnet. This should have declared violations. It was turned over to Congress in March 2009. [update: these appear to be early 2009 application]
CC. Declaration Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Implementation of Authority to Collect Certain Metadata: This is Alexander’s declaration accompanying the End-to-End report, from sometime in fall 2009.
DD: NSA’s Pen Register Trap and Trace FISA Review Report: The end-to-end report itself. it was provided to Congress in January 2010.
EE: DOJ Report to the FISC NSA’s Program to Collect Metadata: DOJ’s accompaniment to the end-to-end report.
FF: Government’s First Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata: After Bates raauthorized the Internet dragnet, DOJ realized they might not be on the same page as him. Not sure if this was in the 2009 attempt or the 2010 reauthorization.
HH: Tab 1 Declaration of NSA Chief, Special Oversight and Processing, Oversight and Compliance, Signals Intelligence: This appears to be the 90-day report referenced in document C. Update: Actually it is referenced in Document A: note the paragraphs describing the chaining that were discontinued before the dragnet approval.
II: Verified Memorandum of Law in Response to FISC Supplemental Order: This is one of the most fascinating documents of all. It’s a 2009-2011 (I think August 17, 2009, though the date stamp is unclear) document pertaining to 3 PRTT targets, relying on criminal PRTT law and a 2006 memo that might be NSA’s RAS memo (though the order itself is FBI, which makes me wonder whether it seeds the FBI program). It may have been what they used to claim that Internet content counted as metadata.
JJ: Memorandum of Law in Response to FISC Order: A September 25, 2006 response to questions from the FISC, apparently regarding whether rules from criminal pen registers apply to PATRIOT PRTT. While I think this addresses the application to Internet, I also think this language may be being used for location.
KK: Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees: This is a request to unseal an order — I suspect document E — so it could be briefed to Congress.
LL: Order Granting the Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees: Walton’s order to unseal KK for briefing purposes.
MM: April 27, 2005 Testimony of the Attorney General and Director, FBI Before the Senate Select Committee on Intelligence: This is the 2005 testimony in which – I pointed out before — Alberto Gonzales did not brief Congress about the Internet dragnet.
NN: NSA IG Memo Announcing its Audit of NSA’s Controls to Comply with the FISA Court’s Order Regarding Pen Register/Trap and Trace Devices: This lays out an audit with PRTT compliance, noting that the audit also pertains to BR FISA (phone dragnet). It admits the audit was shut down when the order was not renewed. It’s unclear whether this was the 2009 or the 2011 shutdown, but the implication is it got shut down because it would not pass audit.
OO: NSA IG Memo Suspending its Audit of NSA after the NSA’s PRTT Metadata Program Expired: the formal announcement they were shutting down the IG report. Again, it’s not clear whether this was the 2009 or the 2011 shutdown.
If you find this work valuable, please consider donating to support the work.
Last week, I laid out the amazing coinkydink that DOJ provided Sprint a bunch of FISA opinions — including the December 12, 2008 Reggie Walton opinion finding that the phone dragnet did not violate ECPA — on the same day, January 8, 2010, that OLC issued a memo finding that providers could voluntarily turn over phone records in some circumstances without violating ECPA.
Looking more closely at what we know about the opinion, I’m increasingly convinced it was not a coinkydink at all. I suspect that the memo not only addresses FBI’s exigent letter program, but also the non-Section 215 phone dragnet.
As a reminder, we first learned of this memo when, in January 2010, DOJ’s Inspector General issued a report on FBI’s practice of getting phone records from telecom provider employees cohabiting at FBI with little or no legal service. The report was fairly unique in that it was released in 3 versions: the public unclassified but heavily redacted version, a Secret version, and a Top Secret/SCI version. Given how closely parallel the onsite telecom provider program was with the phone dragnet, that always hinted the report may have touched on other issues.
Roughly a year after the IG Report came out, EFF FOIAed the memo (see page 30). Over the course of the FOIA litigation — the DC Circuit rejected their appeal for the memo in January — DOJ provided further detail about the memo.
Here’s how OLC Special Counsel Paul Colborn described the memo (starting at 25):
The document at issue in this case is a January 8, 2010 Memorandum for Valerie Caproni, General Counsel of the Federal Bureau of Investigation (the “FBI”), from David J. Barron, Acting Assistant Attorney General for the Office of Legal Counsel (the “Opinion”). The OLC Opinion was prepared in response to a November 27, 2009 opinion request from the FBI’s General Counsel and a supplemental request from Ms. Caproni dated December 11, 2009. These two requests were made in order to obtain OLC advice that would assist FBI’s evaluation of how it should respond to a draft Report by the Office of Inspector General at the Department of Justice (the “OIG”) in the course of a review by the OIG of the FBI’s use of certain investigatory procedures.In the context of preparing the Opinion, OLC, as is common, also sought and obtained the views of other interested agencies and components of the Department. OIG was aware that the FBI was seeking legal advice on the question from OLC, but it did not submit its views on the question.
The factual information contained in the FBI’s requests to OLC for legal advice concerned certain sensitive techniques used in the context of national security and law enforcement investigations — in particular, significant information about intelligence activities, sources, and methodology.
Later in his declaration, Colborn makes it clear the memo addressed not just FBI, but also other agencies.
The Opinion was requested by the FBI and reflects confidential communications to OLC from the FBI and other agencies. In providing the Opinion, OLC was serving an advisory role as legal counsel to the Executive Branch. In the context of the FBI’s evaluation of its procedures, the general counsel at the FBI sought OLC advice regarding the proper interpretation of the law with respect to information-gathering procedures employed by the FBI and other Executive Branch agencies. Having been requested to provide counsel on the law, OLC stood in a special relationship of trust with the FBI and other affected agencies.
And FBI Record/Information Dissemination Section Chief David Hardy’s declaration revealed that an Other Government Agency relied on the memo too. (starting at 46)
This information was not examined in isolation. Instead, each piece of information contained in the FBI’s letters of November 27, 2009 and December 11, 2009, and OLC’s memorandum of January 8, 2010, was evaluated with careful consideration given to the impact that disclosure of this information will have on other sensitive information contained elsewhere in the United States intelligence community’s files, including the secrecy of that other information.
As part of its classification review of the OLC Memorandum, the FBI identified potential equities and interests of other government agencies (“OGAs”) with regard to the OLC memo. … FBI referred the OLC Memo for consultation with those OGAs. One OGA, which has requested non-attribution, affirmatively responded to our consultation and concurs in all of the classification markings.
Perhaps most remarkably, the government’s response to EFF’s appeal even seems to suggest that what we’ve always referred to as the Exigent Letters IG Report is not the Exigent Letters IG Report!
Comparing EFF’s claims (see pages 11-12) with the government’s response to those claims (see pages 17-18), the government appears to deny the following:
Along with these denials, the government reminded that the report “contained significant redactions to protect classified information and other sensitive information.” And with each denial (or non-response to EFF’s characterizations) it “respectfully refer[red] the Court to the January 2010 OIG report itself.”
The Exigent Letters IG Report is not what it seems, apparently.
With all that in mind, consider two more details. First, as David Kris (who was the Assistant Attorney General during this period) made clear in his paper on the phone (and Internet) dragnet, in addition to Section 215, the government obtained phone records from the telecoms under USC 2511(2)(f), the clause in question.
And look at how the chronology maps.
November 5, 2008: OLC releases opinion ruling sneak peak and hot number requests (among other things) impermissible under NSLs
December 12, 2008: Reggie Walton rules that the phone dragnet does not violate ECPA
Throughout 2009: DOJ confesses to multiple violations of Section 215 program, including:
- An alert function that serves the same purpose as sneak peaks and also violates Section 215 minimization requirements
- NSA treated Section 215 derived data with same procedures as EO 12333 data; that EO 12333 data included significant US person data
- One provider’s (which I originally thought was Sprint, then believed was Verizon, but could still be Sprint) production got shut down because it included foreign-to-foreign data (the kind that, according to the OLC, could be obtained under USC 2511(2)(f)
Summer and Fall, 2009: Sprint meets with government to learn how Section 215 can be used to require delivery of “all” customer records
October 30, 2009: Still unreleased primary order BR 09-15
November 27, 2009: Valerie Caproni makes first request for opinion
December 11, 2009: Caproni supplements her request for a memo
December 16, 2009: Application and approval of BR 09-19
December 30, 2009: Sprint served with secondary order
January 7, 2010: Motion to unseal records
January 8, 2010: FISC declassifies earlier opinions; DOJ and Sprint jointly move to extend time when Sprint can challenge order; and OLC releases OLC opinion; FISC grants motion (John Bates approves all these motions)
January 11, 2010: DOJ moves (in a motion dated January 8) to amend secondary order to incorporate language on legality; this request is granted the following day (though we don’t get that order)
January 20, 2010: IG Report released, making existence of OLC memo public
This memo is looking less and less like a coinkydink after all, and more and more a legal justification for the provision of foreign-to-foreign records to accompany the Section 215 provision. And while FBI said it wasn’t going to rely on the memo, it’s not clear whether NSA said the same.
Golly. It’d sure be nice if we got to see that memo before David Barron got to be a lifetime appointed judge.
I’m not all that interested in the debate about offering Edward Snowden some kind of amnesty, as I think he could never accept the terms being offered, it arises in part out of NSA’s PR effort, and distracts from the ongoing revelations.
But I am interested in this. Amy Davidson wrote a column refuting Fred Kaplan’s assertion that because Snowden “signed an oath, as a condition of his employment as an NSA contractor, not to disclose classified information,” comparisons with Jimmy Carter’s pardon for draft dodgers are inapt. She notes (as a number of people have already) that the only “oath” that Snowden made was to the Constitution.
To begin with, did Snowden sign “an oath…not to disclose classified information”? He says that he did not, and that does not appear to have been contradicted. Snowden told the Washington Post’s Barton Gellman that the document he signed, as what Kaplan calls “a condition of his employment,” was Standard Form 312, a contract in which the signatory says he will “accept” the terms, rather than swearing to them. By signing it, Snowden agreed that he was aware that there were federal laws against disclosing classified information. But the penalties for violating agreement alone are civil: for example, the government can go after any book royalties he might get for publishing secrets.
Snowden did take an oath—the Oath of Office, or appointment affidavit, given to all federal employees:
I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter. So help me God.
Now, some would argue—and it would have to be an argument, not an elision—that he violated this oath in revealing what he did; Snowden told Gellman that the revelations were how he kept it—protecting the Constitution from the officials at the N.S.A., which was assaulting it. Either way this is just not an oath, on the face of it, about disclosing classified information. [my emphasis]
Former Obama DOD official Phil Carter then attempted to refute Davidson on Twitter. He did so by pointing to the “solemnity” of the forms Snowden did sign, and then noting such “promises are far more legally enforceable than an ‘oath’ of office.”
I don’t dispute Carter’s point that nondisclosure agreements are easier to enforce legally than an oath to the Constitution. And, as noted above, in her original piece Davidson admitted that Snowden had acknowledged there were laws against leaking classified information. No one is arguing Snowden didn’t break any laws (though if our whistleblower laws covered contractors, there’d be a debate about whether that excuses Snowden’s leaks).
Nevertheless, Carter’s comment gets to the crux of the point (and betrays how thoroughly DC insiders have internalized it).
We have an ever-growing side of our government covered by a blanket of secrecy. Much of what that secrecy serves to cover up involves abuse or crime. Much of it involves practices that gut the core precepts of the Constitution (and separation of powers are as much at risk as the Bill of Rights).
Yet we not only have evolved a legal system (by reinforcing the clearance system, expanding the Espionage Act, and gutting most means to challenge Constitutional violations) that treats crimes against secrecy with much greater seriousness than crimes against the Constitution, but DC folks (even lawyers, like Carter) simply point to it as the way things are, not a fundamental threat to our country’s government.
That plight — where our legal system guards this country’s “secrets” more greedily than it guards the Constitution — is the entire point underlying calls for amnesty for Snowden. He has pointed to a system that not only poses a grave threat to the Bill of Rights, but just as surely, to separation of powers and our claim to be a democracy.
Moreover, those who (like Carter) point to our failed branches of government as better arbiters of the Constitution than Snowden ignore many of the details in the public record. Just as one example, David Kris has suggested that the entire reason Colleen Kollar-Kotelly wrote a badly flawed opinion authorizing the Internet dragnet was because George Bush had created a constitutional problem by ignoring Congress’ laws and the courts.
More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch. [my emphasis]
And while Kris argued Congress’ subsequent approval of the dragnets cures this original sin, the record in fact shows it did so only under flawed conditions of partial knowledge. Of course, these attempts to paper over a constitutional problem only succeed so long as they remain shrouded in secrecy.
That the first response of many is to resort to legalistic attempts to prioritize the underlying secrecy over the Constitution raises questions about what they believe they are protecting. The next torture scandal? Covert ops that might serve the interest of certain autocratic allies but actually make Americans less secure? The financial hemorrhage that is our military industrial complex? The sheer ignorance our bloated intelligence community has about subjects of great importance? Petty turf wars? Past failures of the national security system we’re encouraged to trust implicitly?
At some point, we need to attend to protecting our Constitution again. If Article I and III have gotten so scared of their own impotence (or so compromised) that they can no longer do so, then by all means lets make that clear by revealing more of the problems.
But we need to stop chanting that our Constitution is not a suicide pact and instead insist that our secrecy
oaths non-disclosure agreements should not be suicide bombs.
160 days ago, Jim Sensenbrenner released a letter to Eric Holder expressing concern about the way DOJ had interpreted Section 215. In it, he did some creative editing to hide that he had had an opportunity to learn about that interpretation before he voted to reauthorize the PATRIOT Act.
160 days ago, I was (I believe) the first person to point out that obfuscation.
In those 160 days, I have also documented the serial lies and obfuscations of people like Keith Alexander, James Clapper, Robert Mueller, Mike Rogers, Valerie Caproni, Dianne Feinstein, Raj De, and Robert Litt. (one, two, three, four, five, six, seven, eight, nine, ten, eleven, twelve, thirteen, fourteen, fifteen, sixteen, seventeen, eighteen, nineteen, twenty, twenty-one, twenty-two, twenty-three, twenty-four, twenty-five, twenty-six, twenty-seven, twenty-eight, twenty-nine, thirty, thirty-one, thirty-two, thirty-three; trust me, this is just a quick survey). The most recent of these lies came last week when Raj De and Robert Litt claimed Congress had been fully informed about the authorities they were voting on, a claim which the Executive Branch’s own record proves to be false.
In spite of the clear imbalance between the lies NSA critics have told and those NSA apologists have told, Ben Wittes has made it a bit of a hobby to use Sensenbrenner’s single (egregious) lie to try to discredit NSA critics (without, of course, pointing out the serial, at times even more egregious, lies NSA apologists were telling). Of late, Wittes has harangued that, because he told a lie 160 days ago, Sensenbrenner is operating in bad faith when he criticizes NSA’s programs now. (See also this post.)
I have never questioned the good faith of Senators Patrick Leahy, Ron Wyden, or Rand Paul. They are legislators with a perspective. That’s how Congress works.
Rep. James Sensenbrenner is a different matter.
Since the bulk metadata program broke, the former chairman of the House Judiciary Committee has been on a campaign of denunciation of both agency activity under the Patriot Act—the law he helped write. And he has been denouncing the administration for having misled him about how Section 215 is being used too. He has done so with a breathtaking dishonesty that puts him in a different category from those members who have a policy dispute with the administration. [my emphasis]
Mind you, Wittes did not examine the content of Sensenbrenner’s more recent claims. Had he done so, he might have realized that the record supports Sensenbrenner’s complaints, even if the messenger for those complaints might be less than perfect.
It ignored restrictions painstakingly crafted by lawmakers and assumed a plenary authority never imagined by Congress. Worse, the NSA has cloaked its operations behind such a thick cloud of secrecy that, even if our trust was restored, Congress and the American people would lack the ability to verify it.
Note, we’re still learning the full extent of how the Executive Branch blew off limits placed on the PATRIOT authorities.
Wittes might even have noted Sensenbrenner’s apparent commitment to do his own job better.
“I hope that we have learned our lesson and that oversight will be a lot more vigorous,” Sensenbrenner said.
Even ignoring Wittes’ remarkable double standard, in which he suggests Sensenbrenner’s one lie should disqualify him from speaking on this topic forever while Clapper and Alexander’s seeming addiction to lies apparently shouldn’t even be mentioned in polite company, a highly regarded expert recently laid out new evidence for why Sensenbrenner has good reason to be angry, regardless of his role in passing PATRIOT in 2001 or 2006 or 2010 or even 2011.
Update, 1/6/14: I just reviewed this post and realize it’s based on the misunderstanding that the February 24 OLC opinion is from last year, not 2006. That said, the analysis of the underlying tensions that probably led to the use of Section 215 for the phone dragnet are, I think, still valid.
According to ACLU lawyer Alex Abdo, the government may provide more documents in response to their FOIA asking for documents relating to Section 215 on November 18. Among those documents is a February 24, 2006 FISA Court opinion, which the government says it is processing for release.
That release — assuming the government releases the opinion in any legible form — should solve a riddle that has been puzzling me for several weeks: whether the FISA Court wrote any opinion authorizing the phone dragnet collection before its May 24, 2006 order at all.
The release may also provide some insight on why former Assistant Attorney General David Kris concedes the initial authorization for the program may have been “erroneous.”
More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.
The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. [my emphasis]
That “erroneous” language comes not from me, but from David Kris, one of the best lawyers on these issues in the entire country.
And the date of the opinion — February 24, 2006, 6 days before the Senate would vote to reauthorize the PATRIOT Act having received no apparent notice the Administration planned to use it to authorize a dragnet of every American’s phone records — suggests several possible reasons why the original approval is erroneous.
Possibility one: There is no opinion
The first possibility, of course, is that my earlier guess was correct: that the FISC court never considered the new application of bulk collection, and simply authorized the new collection based on the 2004 Colleen Kollar-Kotelly opinion authorizing the Internet dragnet. In this possible scenario, that February 2006 opinion deals with some other use of Section 215 (though I doubt it, because in that case DOJ would withhold it, as they are doing with two other Section 215 opinions dated August 20, 2008 and November 23, 2010).
So one possibility is the FISA Court simply never considered whether the phone dragnet really fit the definition of relevant, and just took the application for the first May 24, 2006 opinion with no questions. This, it seems to me, would be erroneous on the part of FISC.
Possibility two: FISC approved the dragnet based on old PATRIOT knowing new “relevant to” PATRIOT was coming
Another possibility is that the FISA Court rushed through approval of the phone dragnet knowing that the reauthorization that would be imminently approved would slightly different language on the “relevance” standard (though that new language was in most ways more permissive). Thus, the government would already have an approval for the dragnet in hand at the time when they applied to use it in May, and would just address the “relevance” language in their application, which we know they did.
In this case, the opinion would seem to be erroneous because of the way it deliberately sidestepped known and very active actions of Congress pertaining to the law in question.
Possibility three: FISC approved the dragnet based on new PATRIOT language even before it passed
Another possibility is that FISC approved the phone dragnet before the new PATRIOT language became law. That seems nonsensical, but we do know that DOJ’s Office of Intelligence Policy Review briefed FISC on something pertaining to Section 215 in February 2006.
After passage of the Reauthorization Act on March 9, 2006, combination orders became unnecessary for subscriber information and [one line redacted]. Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber information to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary. In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [half line redacted] from the FISA Court. Therefore, OIPR decided not to request [several words redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court. 24
24 OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act. [two lines redacted] [my emphasis]
Still, this passage seems to reflect an understanding, at the time DOJ briefed FISC and at the time that the FISC opinion was written that the law was changing in significant ways (some of which made it easier for the government to get IDs along with the Internet metadata it was collecting using a Pen Register).
This would seem to be erroneous for timing reasons, in that the judge issued an opinion based on a law that had not yet been signed into law, effectively anticipating Congress.
The looming threat of Hepting v. AT&T and Mark Klein’s testimony
Which brings me to why. The 2009 Draft NSA IG Report describes some of what went on in this period.
After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephone metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order.
As with the PR/TT Order, DOJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisors. Their previous experience in drafting the PRTT Order made this process more efficient.
The FISC signed the first Business Records Order on 24 May 2006. The order essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had under the PSP. And, unlike the PRTT, there was no break in collection at transition.
But the IG Report doesn’t explain why the telecom(s) started getting squeamish after the NYT scoop.
It doesn’t mention, for example, that on January 17, 2006, the ACLU sued the NSA in Detroit. A week after that suit was filed, Attorney General Alberto Gonzales wrote the telecoms a letter giving them cover for their cooperation.
On 24 January 2006, the Attorney General sent letters to COMPANIES A, B, and C, certifying under 18 U.S.C. 2511 (2)( a)(ii)(B) that “no warrant or court order was or is required by law for the assistance, that all statutory requirements have been met, and that the assistance has been and is required.”
Note, this wiretap language pertains largely to the collection of content (that is, the telecoms had far more reason to worry about sharing content). Except that two issues made the collection of metadata particularly sensitive: the data mining of it, and the way it was used to decide who to wiretap.
More troubling still to the telecoms, probably, came when EFF filed a lawsuit, Hepting, on January 31 naming AT&T as defendant, largely based on an LAT story of AT&T giving access to the its stored call records.
But I’m far more interested in the threat that Mark Klein, the AT&T technician who would ultimately reveal the direct taps on AT&T switches at Folsom Street, posed. Continue reading
In the Guardian’s superb summary of the importance of the NSA leaks, Zoe Lofgren challenges the claims that Congress has received all the documents NSA claims it has gotten.
I do serve on the Judiciary Committee and various statements have been made that the Judiciary Committee members were told about all of this and those statements are untrue, not the facts, we have not been provided the documents that the Agency said that we were.
In a Privacy and Civil Liberties Oversight Board today, NSA General Counsel Raj De and ODNI General Counsel Robert Litt both repeated such claims (these are from my notes on twitter; I’ll check my transcription later). De said that Section 215 “had all indicia of official legitimacy” which in part came because it was “twice reauthorized by Congress with full information from exec.” And Litt said they are “by statute required to provide copies [of FISC documents] to both houses. They got materials relating to this [Section 215] program.”
Obviously, we know De is wrong, and he must know it, because a sufficiently large block of Congressmen never had the opportunity to read the Executive’s official notice to make the difference in the 2011 reauthorization. His statement is a clear lie.
But I’m just as interested in Litt’s claim (which would rely on notice to the Judiciary and Intelligence Committees).
This most recent I Con dump provides some evidence that illuminates Lofgen’s implicit dispute of Litt’s claims. Remember this paragraph, which is one of the most specific claims about what notice the Administration gave to Congress about using Section 215 to authorize the phone dragnet.
Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this [Section 215] program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.
As I noted in this post, the specific language (in bold) regarding the first, May 2006, authorization of the phone dragnet at least suggested, in this context, there wasn’t an opinion at all, as did a lot more evidence. But recent reporting strongly suggests there was (see this post where I argue this is likely the phone dragnet opinion).
Government lawyers have told the ACLU that they are withholding at least two significant FISC opinions — one from 2008 and one from 2010 — relating to the Patriot Act’s Section 215, or “business records” provision.
This would seem to indicate that Congress was not provided the original 2006 opinion (as distinct from the application and primary order) “by December 2008.”
With that mind, consider this document released by the I Con, an August 16, 2010 memo from Office of Legislative Affairs Assistant Attorney General Ronald Weich to the Chairs of the Judiciary and Intelligence Committees.
Pursuant to section 1871 of United States Code Title 50, we are providing the Committees with copies of the remaining decisions, orders, or opinions issued by the Foreign Intelligence Surveillance Court, and pleadings, applications, or memoranda of law associated therewith, that contain significant constructions or interpretations of any provision of FISA during the five-year period ending July 10, 2008. See 50 U.S.C. § 1871(c)(2). We have provided similar materials for the same time period.
Now remember, while ODNI made a big show of releasing these documents, they released them as part of the ACLU’s FOIA for documents on Section 215 and all the documents released pertain to Section 215. I Con describes the memo as referring to “several documents to the Congressional Intelligence and Judiciary Committees relating to NSA collection of bulk telephony metadata under Section 501 of the FISA, as amended by Section 215 of the USA PATRIOT Act,” confirming they pertain to Section 215.
The Patriot Act was reauthorized in February 2010.
At a minimum, this suggests the White Paper provided in August may have been highly misleading. When it said “Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees,” it did not mean that by December 2008, the four oversight committees had all the significant opinions in hand. Even assuming the Weich brief was correct, which Lofgren’s comment suggests it might not be, they didn’t get around to handing over opinions pertaining to Section 215 going back to July 10, 2003 until August 2010. That period — July 10, 2003 to July 10, 2008 — would cover both the July 2004 Colleen Kollar-Kotelly opinion authorizing using the Pen Register/Trap and Trace to collect Internet metadata, and the May 2006 opinion authorizing the phone dragnet. While we don’t know that the Kollar-Kotelly opinion was withheld until 2010, the language of the White Paper (which suggests the opinion itself was not provided) strongly suggests the May 2006 one was.
The law requiring such disclosure, 50 U.S.C. § 1871(c)(2), was part of the FISA Amendments Act, so had been in place for a full year by the time the PATRIOT Act reauthorization got started, yet DOJ didn’t get around to complying with it until 2 years after the law passed. And the law specifically requires disclosure of both the PR/T&T and the Section 215 authorities.
The possibility that DOJ did not turn over the original phone dragnet opinion is utterly damning given David Kris’ suggestion that the initial approval of the phone dragnet — the 2006 opinion — may have been erroneous.
More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.
The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct.
David Kris at least entertains the possibility that the original May 2006 opinion was “erroneous,” but points to Congress’ reauthorization of the PATRIOT Act to claim it had incorporated FISC’s interpretation of the law.
But now we know that DOJ did not provide all of FISC’s significant opinions pertaining to Section 215 to the key oversight committees until August 16, 2010, over two years after they were obligated to do so — and the plain language of the White Paper strongly suggests that DOJ did not provide the key May 2006 opinion to the oversight committees.
This doesn’t yet prove that DOJ withheld the May 2006 opinion that Kris suggests might be “erroneous” until after Congress reauthorized the PATRIOT Act. But it strongly suggests that is the case.
Update: PATRIOT Act Reauthorization line moved per Anonster’s suggestion.
Update: Added the language I Con used to describe the documents handed over in August 2010.