On Friday, officials from James Clapper’s office confirmed in a number of different ways that the government obtains “vast troves” of Americans’ communication overseas. And rather than enforce Dianne Feinstein and Mark Udall’s suggestion that the intelligence community treat it under FISA — as the spirit of FISA Amendment Acts, which extended protection to Americans abroad, would support — Congress instead passed Section 309, a measure to impose limited protections on vast unregulated spying on Americans.
This all happened at CATO’s conference on surveillance, an awesome conference set up by Julian Sanchez.
My panel (moderated very superbly by Charlie Savage) revisited at length the debate between former State Department whistleblower John Napier Tye and Director of National Intelligence Civil Liberties Officer Alex Joel (into which I stuck my nose). As he did in his Politico post responding to Tye’s alarms about the risk of EO 123333 collection against Americans to democracy, Joel pointed to the topical limits on bulk collection Obama imposed in his Presidential Policy Directive 28, which read,
The United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats. Routine communications and communications of national security interest increasingly transit the same networks, however, and the collection of signals intelligence in bulk may consequently result in the collection of information about persons whose activities are not of foreign intelligence or counterintelligence value. The United States will therefore impose new limits on its use of signals intelligence collected in bulk. These limits are intended to protect the privacy and civil liberties of all persons, whatever their nationality and regardless of where they might reside.
In particular, when the United States collects nonpublicly available signals intelligence in bulk, it shall use that data only for the purposes of detecting and countering: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; (4) cybersecurity threats; (5) threats to U.S. or allied Armed Forces or other U.S or allied personnel; and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section.
I noted — as I did in my Salon piece on the topic — that bulk collection for even just one topic means the collection of everything, as counterterrorism serves as the excuse to get all phone records in the US in the phone dragnet. Joel did not dispute that, explaining that PPD-28 only limits the use of data that has been bulk collected to these six purposes. PPD-28 does nothing to limit bulk collection itself. Though the fact that these limitations have forced a change in how the NSA operates is testament that they were using data collected in bulk for even more reasons before January.
The NSA is, then, aspiring to collect it all, around the world.
Which was a point confirmed in an exchange between Joel and Tye. Joel claimed we weren’t collecting nearly all of the Internet traffic out there, saying it was just a small fraction. Tye said that was disingenuous, because 80% of Internet traffic is actually things like Netflix. Tye stated that the NSA does collect a significant percentage of the remainder (he implied most, but I’d want to see the video before I characterize how strongly he said that).
Again, collect it all.
Our panel didn’t get around to talking about Section 309 of the Intelligence Authorization, which I examined here. The Section imposes a 5 year retention limit on US person data except for a number of familiar purposes — foreign intelligence, evidence of a crime, encryption, all foreign participants, tech assurance or compliance, or an Agency head says he needs to retain it longer (which requires notice to Congress). Justin Amash had argued, in an unsuccessful attempt to defeat the provision, that the measure provides affirmative basis for sharing US person content collected under EO 12333.
In a later panel at the CATO conference, DNI General Counsel Bob Litt said that the measure doesn’t change anything about what the IC is already doing. Continue reading
In a last minute amendment to the Intelligence Authorization, the House and Senate passed a new section basically imposing minimization procedures for EO 12333 or other intelligence collection not obtained by court order. (See Section 309)
(A) Application.–The procedures required by paragraph (1) shall apply to any intelligence collection activity not otherwise authorized by court order (including an order or certification issued by a court established under subsection (a) or (b) of section 103 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1803)), subpoena, or similar legal process that is reasonably anticipated to result in the acquisition of a covered communication to or from a United States person and shall permit the acquisition, retention, and dissemination of covered communications subject to the limitation in subparagraph (B).
(B) Limitation on retention.–A covered communication shall not be retained in excess of 5 years, unless–
(i) the communication has been affirmatively determined, in whole or in part, to constitute foreign intelligence or counterintelligence or is necessary to understand or assess foreign intelligence or counterintelligence;
(ii) the communication is reasonably believed to constitute evidence of a crime and is retained by a law enforcement agency;
(iii) the communication is enciphered or reasonably believed to have a secret meaning;
(iv) all parties to the communication are reasonably believed to be non-United States persons;
(v) retention is necessary to protect against an imminent threat to human life, in which case both the nature of the threat and
the information to be retained shall be reported to the congressional intelligence committees not later than 30 days after the
date such retention is extended under this clause;
(vi) retention is necessary for technical assurance or compliance purposes, including a court order or discovery obligation, in which case access to information retained for technical assurance or compliance purposes shall be reported to the congressional
intelligence committees on an annual basis; or
(vii) retention for a period in excess of 5 years is approved by the head of the element of the intelligence community responsible for such retention, based on a determination that retention is necessary to protect the national security of the United States, in which case the head of such element shall provide to the congressional intelligence committees a written certification describing–
(I) the reasons extended retention is necessary to protect the national security of the United States; (II) the duration for which the head of the element is authorizing retention;
(III) the particular information to be retained; and
(IV) the measures the element ofthe intelligence community is taking toprotect the privacy interests of UnitedStates persons or persons locatedinside the United States.
The language seems to be related to — but more comprehensive than — language included in the RuppRoge bill earlier this year. That, in turn, seemed to arise out of concerns raised by PCLOB that some unnamed agencies had not revised their minimization procedures in the entire life of EO 12333.
Whereas that earlier passage had required what I’ll call Reagan deadenders (since they haven’t updated their procedures since him) to come up with procedures, this section effectively imposes minimization procedures similar to, though not identical, to what the NSA uses: 5 year retention except for a number of reporting requirements to Congress.
I suspect these are an improvement over whatever the deadenders have been using But as Justin Amash wrote in an unsuccessful letter trying to get colleagues to oppose the intelligence authorization because of the late addition, the section provides affirmative basis for agencies to share US person communications whereas none had existed.
Sec. 309 authorizes “the acquisition, retention, and dissemination” of nonpublic communications, including those to and from U.S. persons. The section contemplates that those private communications of Americans, obtained without a court order, may be transferred to domestic law enforcement for criminal investigations.
To be clear, Sec. 309 provides the first statutory authority for the acquisition, retention, and dissemination of U.S. persons’ private communications obtained without legal process such as a court order or a subpoena. The administration currently may conduct such surveillance under a claim of executive authority, such as E.O. 12333. However, Congress never has approved of using executive authority in that way to capture and use Americans’ private telephone records, electronic communications, or cloud data.
In exchange for the data retention requirements that the executive already follows, Sec. 309 provides a novel statutory basis for the executive branch’s capture and use of Americans’ private communications. The Senate inserted the provision into the intelligence reauthorization bill late last night.
Which raises the question of what the emergency was to have both houses of Congress push this through at the last minute? Back in March, after all, RuppRoge was happy to let the agencies do this on normal legislative time.
I can think of several possibilities:
Or maybe this is meant to provide the patina of legality to some other dragnet we don’t yet know about.
Still, I find it an interesting little emergency the intelligence committees seem to want to address.
But, without any question, my best early takeaway key is that the United States Government, knew, they bloody well knew, at the highest levels, that what was going on in their citizens’ name, legally constituted torture, that it was strictly illegal. They knew even a “necessity” self defense claim was likely no protection at all. All of the dissembling, coverup, legally insane memos by John Yoo, Jay Bybee et. al, and all the whitewashing in the world cannot now supersede the fact that the United States Government, knowing fully the immorality, and domestic and international illegality, proceeded to install an intentional and affirmative regime of torture.
Here, from page 33 of the Report, is the language establishing the above:
…drafted a letter to Attorney General John Ashcroft asking the Department of Justice for “a formal declination of prosecution, in advance, for any employees of the United States, as well as any other personnel acting on behalf of the United States, who may employ methods in the interrogation of Abu Zubaydah that otherwise might subject those individuals to prosecution. The letter further indicated that “the interrogation team had concluded “that “the use of more aggressive methods is required to persuade Abu Zubaydah to provide the critical information we need to safeguard the lives of innumerable innocent men, women and children within the United States and abroad.” The letter added that these “aggressive methods” would otherwise be prohibited by the torture statute, “apart from potential reliance upon the doctrines of necessity or of self-defense.”
They knew. And our government tortured anyway. Because they were crapping in their pants and afraid instead of protecting and defending the ethos of our country and its Founders.
Approximately 358 days ago, I wrote a post titled,
Yup, John Brennan Rolled DiFi on the Torture Report
In it, I predicted,
Since I was right about John Brennan being completely untrustworthy about bringing an open mind to the evidence presented in the Torture Report, let me make another prediction based on this detail.
Committee aides said the panel hoped to finish work on an updated version of the report, taking note of CIA comments, by the end of the year. The committee could then vote to request declassification, which would allow the public to see the report, or at least parts of it.
What’s going to happen is the SSCI will water down the report, ignoring the clear implications of the evidence, in hopes of getting support for declassification. The Republicans on the committee, at least, still won’t vote to declassify it. Some section of the watered-down report will be released. And the historical record on torture will not reflect the clear evidence in the documentary record.
Dianne Feinstein could, of course, move to declassify the report in its current state.
But she won’t do that, and John Brennan knows it. You see, he knows DiFi wants to be loved by the spooks she oversees, and they could care less what she thinks of them, so long as they continue to hide the true nature of their organizations. And her desire to be loved by those she oversees makes her an easy mark.
When that post said, “by the end of the year”? That meant last year. 2013.
Meanwhile, in recent days, we’ve learned that Brennan prevailed on one of the key fights between CIA and SSCI, succeeding in having the pseudonyms of pseudonyms redacted so we can’t track all the things Alfreda Bikowsky did, beyond the torture tourism we know she engaged in and the torture she subjected an innocent Khalid el-Masri to, before she got several more promotions at CIA.
And while I think today’s report, confirming that “Yup, John Brennan Rolled DiFi on the Torture Report,” adds another dynamic — that of CIA and the President and State publicly making clear that Dianne Feinstein will bear responsibility for any backlash over the revelations in the Torture Report, I think Brennan is still doing a victory lap.
Secretary of State John Kerry personally phoned Dianne Feinstein, chairman of the Senate Select Committee on Intelligence, Friday morning to ask her to delay the imminent release of her committee’s report on CIA torture and rendition during the George W. Bush administration, according to administration and Congressional officials.
“What he raised was timing of report release, because a lot is going on in the world — including parts of the world particularly implicated — and wanting to make sure foreign policy implications were being appropriately factored into timing,” an administration official told me. “He had a responsibility to do so because this isn’t just an intel issue — it’s a foreign policy issue.”
“That’s a nice Torture Report you’ve got there, Dianne,” these men seem to be saying, “and we’ll happily take credit for your work. Unless something bad happens in which case expect us to throw you to the wolves.”
CIA (and NSA) always get Congress to back off oversight with threats like this — kudos to Senator Feinstein for remaining committed to releasing the report.
It’s just really really frustrating that we are here, a year later, with the men in charge still levying these kinds of threats. If the torture CIA did will cause blowback, then that’s CIA’s fault, George Bush’s fault. Dick Cheney’s fault.
As I noted yesterday, part of the effort to pass the USA Freedom Act involved what I call a “data handshake:” A deal whereby all four major telecoms would keep call detail records 2 years, without a mandate to do so.
At Foreign Policy, I have more details on this — with a focus on how this works with the Business Records law that authorizes the phone dragnet.
The terms of the data handshake are the most interesting part. This promise is not in writing. According to Feinstein it is a “personal testament.” (And of course it wasn’t in the bill, where privacy advocates might have objected to it.) The telecom companies could say they were retaining the data for business purposes, though, until now, they’ve had no business purpose to keep the records.
The government has repeatedly told courts that under Section 215, the NSA can only ask telecoms for business records they already hold. Yet Feinstein seems to have revealed, perhaps unintentionally, that under the new law the telecom companies would be willing to hold records at least an extra six months just so the government could presumably spy on their customers, if necessary. And in order to keep the records available under the law, the companies would claim they were keeping the records for business reasons. By doing this orally, no records could be obtained under discovery in a customer lawsuit or leaked by an NSA whistleblower like Edward Snowden. The telecoms could claim that they are not agents of the nation’s spies, even after they seem to have agreed to a handshake deal making them into just that.
Compare agreeing to this data handshake with what Verizon said in June.
At a Senate hearing in June, Verizon’s Associate General Counsel Michael Woods explained that Verizon keeps call detail records for just 12 to 18 months. “We don’t have data five years back,” Woods explained in response to a question from Collins. “All collection would be from our ordinary business records.”
In June, Woods made clear that Verizon objected to holding call detail records longer. His written testimony insisted that “national security is a fundamental government function that should not be outsourced to private companies.” He described that if a telecom company were asked to “retain data for the use of intelligence agencies,” it would be serving as “an agent” of the government.
Now, as I conclude in my piece, the telecoms that agreed to the data handshakes were probably calculating, correctly, that their customers would be better off if they held the records for 6 months longer than they needed to given their business needs than having the government hold them at all. I get the logic behind this deal.
But it is indefensible. The law, as written, cannot oblige Verizon to hold these records. The reason it can’t is because the law was never intended to set up an intrusive dragnet. Had it done so –and hopefully if the government tries to do so now — then it would have been publicly debated. And the program’s inefficacy would have been a much bigger issue.
The strong-arming of telecoms, presumably including Verizon, into this data handshake ought to refocus efforts to find a better solution to get the government the coverage it actually needs, but without inventing dragnets that have not shown to be useful.
I’m going to transcribe some comments Dianne Feinstein made Tuesday night about how proponents of USA Freedom Act got around a data mandate requiring telecoms to keep data longer than they otherwise would. The short version? Rather than a data mandate, USA Freedom Act would have relied on a data handshake.
I’m prepared to make the compromise, which is that the metadata will be kept by the telecoms. Senator Chambliss and I wrote a letter to the four big telecoms, and we asked them if they would hold the data. The answer came back from two, yes. And the answer came back from two, no. Since that time, the situation has changed — not in writing — but by personal testament from two of the companies, that they will hold the data for at least two years for business reasons. Now here’s the problem. The mandate that was inherent in the 215 Act is gone. But the fact is that the telecoms have agreed to hold the data. The President himself has assured me of this.
I’ll write more on this, which is legally unbelievably fascinating. But for now, I just wanted to post it.
As I laid out in this timeline, sometime in fall 2009, the NSA submitted an end-to-end report describing the Internet dragnet. Then, weeks later, David Kris wrote Reggie Walton, admitting that the had been collecting data outside the categories approved by Colleen Kollar-Kotelly in 2004 — that is, admitting that the rosy picture NSA had painted in its end-to-end report was entirely false. Sometime shortly thereafter, DOJ decided not to submit its Internet dragnet reauthorization application, effectively shutting down the Internet dragnet on or around October 30, 2009 until John “Bates-Stamp” Bates reauthorized it sometime around July 2010.
Which is why I find the discussion of the PATRIOT reauthorization during precisely that time period so interesting.
On October 1 the Senate Judiciary Committee had its first open hearing on PATRIOT reauthorization. At that point, an effort to require Section 215 have particular ties to terrorism got shut down in an action we now know served to preserve the phone dragnet. The discussion around it created the interest for a classified briefing. On October 7, they got that briefing. Also on October 7, the Obama Administration gave Jeff Sessions a bunch of changes they wanted off of what the bill had been on October 1.
On October 8, the Senate Judiciary Committee had another open hearing on PATRIOT reauthorization. The committee adopted Sessions changes over DiFi’s already watered down version of what Pat Leahy had originally pushed on October 1 (this is what elicited Russ Feingold’s concerns about SJC acting as the Prosecutors Committee). The changes limited Section 215 protections for libraries, fixed the gag order problem with NSLs with a non-fix that is similar to one included in USA Freedom Act. Most significantly, they watered down what would have been new minimization procedures for the PRTT authority (which were ultimately stripped in any case), making clear minimization procedures should only be adopted in exceptional circumstances. As I guessed correctly at the time, this was probably done to protect the PRTT dragnet that was collecting vast amounts of Internet metadata (as well as, contrary to Jeff Sessons’ claims in the hearing, content).
They absolutely gutted the minimization procedures tied to pen registers! Pen registers are almost certainly the means by which the government is conducting the data mining of American people (using the meta-data from their calls and emails to decide whether to tap them fully). And Jeff Sesssions–I mean Barack Obama–simply gutted any requirement that the government get rid of all this meta-data when they’re done with it. They gutted any prohibitions against sharing this information widely. In fact, they’ve specified that judges should only require minimization procedures in extraordinary circumstances. Otherwise, there is very little limiting what they can do with your data and mine once they’ve collected it.
By asserting it had the authority to impose minimization procedures on the Internet dragnet, the FISC tried, utterly unsuccessfully, to prevent the NSA from illegally wiretapping Americans. When the FISC again asserted its authority to impose minimization procedures, NSA just took its toys and went overseas, where it didn’t have that meanie rubber stamp FISC to contend with.
I raise this not only because it suggests DOJ was making legislative efforts to undercut the FISC just as they discovered a huge problem with their Internet dragnet. But also because, in my opinion, the USA Freedom Act makes a similar effort to withdraw any claim the court might make to be able to impose and review compliance with minimization procedures. I don’t think it’s an Internet dragnet this time — as I’ll write later, I think it’s either location (which is fairly banal) or more interesting flow analyses. But I think Congress — with the support of civil liberties NGOs, this time — is still trying to undercut the way that FISC has best been able to impose some controls on the government’s spying.
Ken Dilanian has a story about someone who looks a lot like Chris Inglis raising questions about the phone dragnet in 2009.
A now-retired NSA senior executive, who was a longtime code-breaker who rose to top management, had just learned in 2009 about the top secret program that was created shortly after the Sept. 11, 2001, attacks. He says he argued to then-NSA Director Keith Alexander that storing the calling records of nearly every American fundamentally changed the character of the agency, which is supposed to eavesdrop on foreigners, not Americans.
Alexander politely disagreed, the former official told The Associated Press.
The former official, who spoke only on condition of anonymity because he didn’t have permission to discuss a classified matter, said he knows of no evidence the program was used for anything other than hunting for terrorism plots in the U.S. But he said he and others made the case that the collection of American records in bulk crossed a line that had been sacrosanct.
He said he also warned of a scandal if it should be disclosed that the NSA was storing records of private calls by Americans – to psychiatrists, lovers and suicide hotlines, among other contacts.
While interesting, it’s the kind of story — and it is accompanied by enough obvious errors and general lack of awareness about the program — that it raises questions about the further backstory (as for the errors, the most obvious include badly misstating how many people access the data, misstating where Basaaly Moalin is from, and accepting the source’s claim it has only been used to hunt terrorist plots rather than informants).
How do you write an intelligent story about anything having to do with the dragnet in 2009 and not mention the other issues going on with the dragnet, the 9 month process during which the ultimate structure leftover from Stellar Wind was cleaned up?
Indeed, the buried lede of this story is that someone this senior in the NSA would just be discovering the program, 8 years after it started and 3 years after it got put under FISC review. That’s consistent with what we saw from dragnet data, mind you — one reason the program was so screwed up in 2009 was that NSA’s regular coders hadn’t been overseeing its integration, even while the program appears to have gotten integrated into ICREACH in 2008.
But especially given the evidence that tech people committed the worst known violation and had access to commit far more serious ones, this part of the story should be the news.
It also raises questions about two other things going on that year. It is true that DOJ delayed quite some time from when Dianne Feinstein and Kit Bond first asked for language to resume the reauthorization program. Then, once they did start the process, DiFi was up boasting about how this (and presumably the PRTT program) were the most important investigations going on. Whether the government was honest about what they told SSCI about the program, it’s fairly clear that’s where the legislative push to retain it came from.
Then there’s the question I already raised: the change in FBI’s interpretation of Basaaly Moalin’s donations to Al-Shabaab, which earlier in 2009 they viewed as an effort to fight back against (US-backed) Ethiopian invaders. That is, did Moalin get prosecuted solely so they could have a dragnet win to justify all the other things they’re doing with the data?
The Senate just voted down cloture on the USA Freedom Act, 58-42. Even while we disagreed on the bill, I extend sincere condolences to civil liberties allies who worked hard to pass this in good faith. I know you all have worked hard in good faith to pass something viable.
Several things about the vote were predictable (in fact, I predicted them in June). Just as one example, I noted to allies that if Jeff Flake — who had a great record on civil liberties while he was still in the House — did not support the effort, it would fail. Four Senators — cosponsors Mike Lee, Ted Cruz, and Dean Heller, plus Lisa Murkowski voted for cloture; Rand Paul did not. Bill Nelson voted against cloture as well (there are reports he is claiming it was a mistake, but given how closely this bill was whipped that would be … telling).
Equally predictable was the fear-mongering. GOP Senator after GOP Senator got up and insisted if the phone dragnet ended, ISIL would attack the country. None noted, of course, that the phone dragnet had never succeeded in preventing a terrorist attack. Pat Leahy made that point but it’s one opponents of the dragnet need to make in more concerted fashion.
Then there was a piece of news that neither side — supporter or opponent — seemed to want to mention. Dianne Feinstein revealed that at first 2 of 4 providers (presumably the fourth is T-Mobile though it could even be Microsoft, given that Skype is a more important phone carrier for international traffic) had refused to keep phone records, but that they had voluntarily agreed to do so for a full two years (this is at least a 6 month extension for Verizon, though may be significantly longer for cell calls).
The most dramatic part of the debate came after everyone left, when a frustrated Pat Leahy made the case for defending the Constitution. He recalled the anthrax letter addressed to him, on September 18, 2001, that killed a postal worker who processed it (
another letter killed a Tom Daschle aide see Meryl Nass’ correction). “13 years ago this week, a letter was sent to me, addressed to me. It was so deadly, with the antrax in it that one person who touched the envelope–addressed to me, that I was supposed to open–They died!” Leahy reminded that the FBI had still not caught all the culprits for the attack. (That he believes that was first reported here in 2008; I believe FBI has, in fact, caught none of the culprits.) That attack targeting him personally, Leahy noted, did not convince him he had to abrogate the Constitution. “This nation should not let our liberties to be set aside by passing fears.” Leahy said. “If we do not protect our Constitution we do not deserve to be in this body.”
Senators like Marco Rubio got up and screamed about terrorists. But unless I’m mistaken, Pat Leahy is the only one remaining in the Senate who was personally targeted by a terrorist.
Maybe we ought to highlight that point?
Updated w/additions from Leahy’s comments.
The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26)
That line, from the FISCR opinion finding the Protect America Act constitutional, gets to the core problem with the FISA Court scheme. Even in 2009, when the line was first made public, it was pretty clear the government had made a false claim to the FISA Court of Review.
Now that we know that FBI had already been given authority to keep PAA-collected content in databases that they could search at what is now called the assessment stage of investigations – warrantless searches of the content of Americans against whom the FBI has no evidence of wrong-doing — the claim remains one of the signature moments where the government got approval for a program by being less than candid to the court (the government has been caught doing so in both Title III courts and at FISC, and continues to do so).
That’s also why I find Greg McNeal’s paper on Reforming the FISC, while very important, ultimately unconvincing.
McNeal’s paper is invaluable for the way he assesses the decision — in May 2006 — to authorize the collection of all phone records under Section 215. Not only does the paper largely agree with the Democratic appointees on PCLOB that the program is not authorized by the Section 215 statute, McNeal conducts his own assessment of the government’s application to use Section 215 for that purpose.
The application does not fare well.
Moreover, the government recognized that not all records would be relevant to an investigation, but justified relevance on what could best be described as usefulness or necessity to enable the government’s metadata analysis, stating:
The Application fully satisfies all requirements of title V of FISA. In particular, the Application seeks the production of tangible things “for” an international terrorism investigation. 50 U.S.C. § 1861(a)(1). In addition, the Application includes a statement of facts demonstrating that there are reasonable grounds to believe that the business records sought are “relevant” to an authorized investigation. Id. § 1861(b)(2). Although the call detail records of the [redacted] contain large volumes of metadata, the vast majority of which will not be terrorist-related, the scope of the business records request presents no infirmity under title V. All of the business records to be collected here are relevant to FBI investigations into [redacted] because the NSA can effectively conduct metadata analysis only if it has the data in bulk.49
The government went even further, arguing that if the FISC found that the records were not relevant, that the FISC should read relevance out of the statute by tailoring its analysis in a way that would balance the government’s request to collect metadata in bulk against the degree of intrusion into privacy interests. Disregarding the fact that the balancing of these interests was likely already engaged in by Congress when writing section 215, the government wrote:
In addition, even if the metadata from non-terrorist communications were deemed not relevant, nothing in title V of FISA demands that a request for the production of “any tangible things” under that provision collect only information that is strictly relevant to the international terrorism investigation at hand. Were the Court to require some tailoring to fit the information that will actually be terrorist-related, the business records request detailed in the Application would meet any proper test for reasonable tailoring. Any tailoring standard must be informed by a balancing of the government interest at stake against the degree of intrusion into any protected privacy interests. Here, the Government’s interest is the most compelling imaginable: the defense of the Nation in wartime from attacks that may take thousands of lives. On the other side of the balance, the intrusion is minimal. As the Supreme Court has held, there is no constitutionally protected interest in metadata, such as numbers dialed on a telephone.50
Thus, what the government asked the court to disregard the judgment of the Congress as to the limitations and privacy interests at stake in the collection of business records. Specifically, the government asked the FISC to disregard Congress’s imposition of a statutory requirement that business records be relevant, and in disregarding that statutory requirement rely on the fact that there was no constitutionally protected privacy interest in business records. The government’s argument flipped the statute on its head, as the purpose of enhancing protections under section 215 was to supplement the constitutional baseline protections for privacy that were deemed inadequate by Congress.
McNeal is no hippie. That he largely agrees and goes beyond PCLOB’s conclusion that this decision was not authorized by the statute is significant.
But as I said, I disagree with his remedy — and also with his assessment of the single source of this dysfunction.
McNeal’s remedy is laudable. He suggests all FISC decisions should be presumptively declassified and any significant FISC decision should get automatic appellate review, done by FISCR. That’s not dissimilar to a measure in Pat Leahy’s USA Freedom Act, which I’ve written about here. With my cautions about that scheme noted, I think McNeal’s remedy may have value.
The reason it won’t be enough stems from two things.
First, the government has proven it cannot be trusted with ex parte proceedings in the FISC. That may seem harsh, but the Yahoo challenge — which is the most complete view we’ve ever had of how the court works, even with a weak adversary — really damns the government’s conduct. In addition to the seemingly false claim to FISCR about whether the government held databases of incidentally collected data, over the course of the Yahoo challenge, the government,
In short, the materials withheld or misrepresented over the course of the Yahoo challenge may have made the difference in FISCR’s judgment that the program was legal (even ignoring all the things withheld from Yahoo, especially regarding the revised role of FBI in the process). (Note, in his paper, McNeal rightly argues Congress and the public could have had a clear idea of what Section 702 does; I’d limit that by noting that almost no one besides me imagined they were doing back door searches before that was revealed by the Snowden leaks).
One problem with McNeal’s suggestion, then, is that the government simply can’t be trusted to engage in ex parte proceedings before the FISC or FISCR. Every major program we’ve seen authorized by the court has featured significant misrepresentations about what the program really entailed. Every one! Until we eliminate that problem, the value of these courts will be limited.
But then there is the other problem, my own assessment of the source of the problem with FISC. McNeal thinks it is that Congress wants to pawn its authority off onto the FISC.
The underlying disease is that Congress wants things to operate the way that they do; Congress wants the FISC and has incentives to maintain the status quo.
Why does Congress want the FISC? Because it allows them to push accountability off to someone else. If members ofCongress are responsible for conducting oversight of secretoperations, their reputations are on the line if the operations gotoo far toward violating civil liberties, or not far enoughtoward protecting national security. However, with the FISC conducting operations, Congress has the ability to dodge accountability by claiming they have empowered a court to conduct oversight.
I don’t, in general, disagree with this sentiment in the least. The last thing Congress wants to do is make a decision that might later be tied to an intelligence failure, a terrorist attack, a botched operation. Heck, I’d add that the last thing most members of Congress serving on the Intelligence Committees would want to do is piss off the contractors whose donations provide one of the perks of the seat.
But the dysfunction of the FISC stems, in significant part, from something else.
In his paper on the phone dragnet (which partly incorporates the Internet dragnet), David Kris suggests the original decision to bring the dragnets under the FISC (in the paper he was limited by DOJ review about what he could say of the Internet dragnet, so it is not entirely clear whether he means the Colleen Kollar-Kotelly opinion that paved the way for the flawed Malcolm Howard one McNeal critiques, or the Howard one) was erroneous. Continue reading