1 2 3 6

Going Postal. And Digital. And Financial: The Dragnet Elephant

Blind MenThe NYT has a report on an IG Report from May that reveals the Postal Service has been doing a lot more “mail covers” (that is, tracking the metadata from letters) than it had previously revealed.

In a rare public accounting of its mass surveillance program, the United States Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations.

The number of requests, contained in a little-noticed 2014 audit of the surveillance program by the Postal Service’s inspector general, shows that the surveillance program is more extensive than previously disclosed and that oversight protecting Americans from potential abuses is lax.

Among the most interesting revelations is that USPS previously lowballed the number of covers it does in response to a NYT FOIA by simply not counting most of the searches.

In information provided to The Times earlier this year under the Freedom of Information Act, the Postal Service said that from 2001 through 2012, local, state and federal law enforcement agencies made more than 100,000 requests to monitor the mail of Americans. That would amount to an average of some 8,000 requests a year — far fewer than the nearly 50,000 requests in 2013 that the Postal Service reported in the audit.

The difference is that the Postal Service apparently did not provide to The Times the number of surveillance requests made for national security investigations or those requested by its own investigation and law enforcement arm, the Postal Inspection Service. Typically, the inspection service works hand in hand with outside law enforcement agencies that have come to the Postal Service asking for investigations into fraud, pornography, terrorism or other potential criminal activity.

The report led Ben Wittes to engage in a thought experience, predicting the response to this revelation will be muted compared to that of the phone dragnet.

All of this raises the question: Will this program generate the sort of outrage, legal challenge, and feverish energy for legislative reform that the NSA program has? Or will it fall flat?

I have this feeling that the answer is the latter: The Postal Service’s looking at the outside of letters at the request of law enforcement just won’t have the same legs as does the big bad NSA looking at the routing information for telephone calls. The reason, I suspect, is not that there are profound legal differences between the two programs. Yes, one can certainly argue that the difference between a program that aspires to be totalizing and one that is notionally targeted, even if very large, is fundamental enough to justify regarding the former with great skepticism and tolerating the latter with a shrug. On the other hand, one could just as easily argue that a program that involves the active perusal of tens of thousands of people’s metadata without strict controls is far more threatening than one that involves tight procedures under judicial oversight and involves initial queries of only a few hundred people’s data.

The reason, I suspect, that this program will not excite the same sorts of passions as does the NSA’s program is that it involves old technology—paper—and it’s been going on for a long time.

I agree with Wittes that this won’t generate the same kind of outrage.

The fact that few noticed when Josh Gerstein reported on this very same report (and revealed that the USPS was trying to prevent the report’s release) back in June (I noticed, but did not write on it) supports Wittes’ point.

All that said, Wittes’ piece serves as an interesting example. Partly because he overstates the oversight of the phone dragnet program. Somehow Wittes doesn’t think the watchlisting of 3,000 presumed American persons with no First Amendment review until 2009 is not an example of abuse. Nor the preservation of 3,000 files worth of phone dragnet data on a research server, mixed in with Stellar Wind data, followed by its destruction before NSA had to explain what it was doing there (which is a more recent abuse than Joe Arpaio’s use of the mail dragnet to target a critic, reported in the NYT).

But also because Wittes misconstrues what a true comparison would entail.

To compare phone dragnet, generally, with the mail dragnet described by the NYT (now including both its national security and Postal Inspection searches), you’d have to compare Title III and local law enforcement phone metadata searches (which number in the hundreds of thousands and include the use of Stingrays to track phone location), Hemisphere (which must number in the 10s of thousands and not only undergo no court review, but are explicitly parallel constructed), the use of NSLs to obtain phone metadata (which number in the 10s of thousands, and which are not overseen by a court, have been subject to abuse, also miscount the most important requests, and access new kinds of data that probably aren’t really covered under the law), the Section 215 dragnet, the FBI bulk PRTT program, as well as the far far bigger EO 12333 phone dragnet.

That is, Wittes wants to compare the totality of the mail dragnet with a teeny segment of even the NSA phone dragnet, all while ignoring the state, local, and other federal agency (including at least FBI, USMS, and DEA) phone dragnets entirely, and declare the former roughly equivalent to the latter (better in some ways, worse in others). If you were to compare the totality of the mail dragnet (admittedly, you’d have to add Fedex and other courier dragnets) with the totality of the phone dragnet, the latter would vastly exceed the former in every way: in abuse, in lack of oversight, and in scale.

And to measure the “passions” mobilized against the phone dragnet, you’d have to measure it all. Attention to the various parts has been fleeting: today there’s more focus on Stingrays, for example, with comparatively less attention to the Section 215 phone dragnet, along with a focus on Hemisphere. There’s so much phone dragnet to go around, it’s like a never-ending game of whack-a-mole.

Or perhaps more appropriately, of that old fable of the 6 blind men and the elephant, where each of a series of blind men describe an elephant. These men each feel one part of the elephant and see a pillar, a rope, a tree branch, a hand fan, a wall, and a solid pipe.  Together, they fail to conceive of the elephant in its entirety.

Wittes’ partial view of the phone dragnet describes just one part of one part of the dragnet elephant. At both the NSA, the FBI, and local JTTFs (at a minimum) you’re not conceiving the dragnet unless you understand the implications of matching your phone records and email records to your financial purchases and Internet search cookies — and, your snail mail, which is ultimately just a part of the larger dragnet. Each of those dragnets has several interlocking forms, too. More Title III orders, more NSLs, more Section 215 orders, and more EO 12333 collection. All dumped into a black box that – even for the Section 215 phone dragnet — undergoes no apparent oversight.

But Wittes is by no means alone in his partial view of the dragnet elephant. We all suffer from it. Since the very start of the Snowden leaks, I have been trying hard to track how NSA data gets shared with other agencies (see, for example, NCTC, FBI and CIA, “Team Sport,” ATF). I suspect I’ve got as good an understanding of how this data worms its way through the government as anyone outside of some corners of government, but it still looks like an elephant trunk to me.

That, to me, is the real lesson from the focus on yet another dragnet available to yet more intelligence and law enforcement agencies. None of us yet have a good sense of the scope of the dragnet. It is, quite literally, inconceivable. And we have even less of an idea of what happens after the dragnet feeds all that data into a series of black boxes, most subject to very little oversight.

With each new elephant body part identified, we’d do well to remember, it’s just one more body part.

FBI Will Now Videotape In Custody Interrogations

[Significant Update Below]

My hometown paper, the Arizona Republic, broke some critically important news a few minutes ago. The story by Dennis Wagner, a superb reporter at the Republic for a very long time, tells of a monumental shift in the policy of DOJ agencies in relation to interrogations and confessions of those in custody.

There was no news release or press conference to announce the radical shift. But a DOJ memorandum —obtained by The Arizona Republic — spells out the changes to begin July 11.

“This policy establishes a presumption that the Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA) the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) and the United States Marshals Service (USMS) will electronically record statements made by individuals in their custody,” says the memo to all federal prosecutors and criminal chiefs from James M. Cole, deputy attorney general.

“This policy also encourages agents and prosecutors to consider electronic recording in investigative or other circumstances where the presumption does not apply,” such as in the questioning of witnesses.

This has been a long time coming and is notable in that it covers not just the FBI, but DEA, ATF and US Marshals. Calling it a monumental shift may be, in fact, a bit of an understatement. In the course of a series of false confession cases in the 90′s, attempts to get this instated as policy in the District of Arizona were fought by the DOJ tooth and nail. As other local agencies saw the usefulness of audio and/or video taping, DOJ authorities fought the notion like wounded and cornered dogs. That was not just their position in the 90′s, it has always been thus:

Since the FBI began under President Theodore Roosevelt in 1908, agents have not only shunned the use of tape recorders, they’ve been prohibited by policy from making audio and video records of statements by criminal suspects without special approval.

Now, after more than a century, the U.S. Department of Justice has quietly reversed that directive by issuing orders May 12 that video recording is presumptively required for interrogations of suspects in custody, with some exceptions.

What has historically occurred is an agent (usually in pairs) did interviews and then recounted what occurred in what is called a “302″ report based on their memories, recollections and handwritten notes (which were then usually destroyed). This created the opportunity not just for inaccuracy, but outright fabrication by overly aggressive agents. Many defendants have been wrongfully convicted, and some who were guilty got off because competent defense attorneys made fools of agents, and their bogus process, in court.

In short, presumptive taping is smart for both sides, and absolutely in the interests of justice. It still remains inexplicable why the DOJ maintained this intransigence so long when every competent police procedures expert in the world has been saying for decades that taping should be the presumption.

Now it should be noted that the policy will only apply to “in custody” interrogations and not ones where there has been no formal arrest which is, of course, a gaping hole considering how DOJ agents blithely work suspects over under the ruse they are not yet in custody. There will also clearly be an exigent circumstances/public safety exception which are also more and more frequently abused by DOJ (See: here, here and here for example).

So, we will have to wait to see the formal written guidance, and how it is stated in the relevant operation manuals for agents and US Attorneys, to get a full bead on the scope of change. And, obviously, see how the written policies are implemented, and what exceptions are claimed, in the field.

But the shift in interrogation policy today is monumental and is a VERY good and positive step. Today is a day Eric Holder should be proud of, and it was far too long in arriving.

UPDATE: When I first posted this I did not see the actual memo attached to Dennis Wagner’s story in the Arizona Republic; since that time I have been sent the actual memo by another source, and it is also available as a link in the Republic story that broke this news. Here are a couple of critical points out of the actual memo dated May 12, 2014:

The policy establishes a presumption in favor o f electronically recording custodial interviews, with certain exceptions, and encourages agents and prosecutors to consider taping outside of custodial interrogations. The policy will go into effect on Friday, July 11, 2014.

By my information, the gap in implementation is because DOJ wanted to do some top down discussion and orientation on the new policy, which makes some sense given the quantum nature of this shift. My understanding is that this is already ongoing, so DOJ seems to be serious about implementation.

But, more important is the news about non-custodial situations. That was a huge question left unanswered initially, as I indicated in the original part of this post. That agents and attendant prosecutors will be encouraged to record these instances as well is, well, encouraging!

The exceptions, which are outlined is Section II of the memo are pretty much exactly as I indicated should be expected above.

Notable in the Presumptions contained in Section I of the memo is that the rule applies to ALL federal crimes. No exceptions, even for terrorism. Also, the recording may be either overt or covert, which is not different from that which I have seen in many other agencies that have long recorded interrogations. Section III specifically excludes extraterritorial situations from the rule. Frankly, I am not sure why that is necessary, the ability to record is pretty ubiquitous these days, extraterritorial should be no problem for presumptive recording.

Those are the highlights of the memo. It is short and worth a read on your own.

US Isn’t Collecting Only Electronic Data On You — Huge Biometric Database Under Construction, Too

Edward Snowden’s revelations have shed much light on how secret government programs are collecting huge amounts of telephone, email and other electronic data generated by every US citizen even though, as Marcy has shown repeatedly, claims that collecting all of this data have enabled the capture of terrorists turn out to be significantly overblown. Sadly, it’s not just records of our communications that the government is collecting. The FBI is taking the lead in putting together what it calls Next Generation Identification. This program will expand the conventional FBI fingerprint database to include significant amounts of biological, or biometric data. From the FBI’s own description:

The future of identification systems is currently progressing beyond the dependency of a unimodal (e.g., fingerprint) biometric identifier towards multimodal biometrics (i.e., voice, iris, facial, etc.). The NGI Program will advance the integration strategies and indexing of additional biometric data that will provide the framework for a future multimodal system that will facilitate biometric fusion identification techniques. The framework will be expandable, scalable, and flexible to accommodate new technologies and biometric standards, and will be interoperable with existing systems. Once developed and implemented, the NGI initiatives and multimodal functionality will promote a high level of information sharing, support interoperability, and provide a foundation for using multiple biometrics for positive identification.

Wait. See that “etc.” in the “voice, iris, facial, etc”? Given the government’s behavior on electronic data, throwing in an “etc.” on biometric data is pretty unnerving. Impressive work is being done by the Electronic Privacy Information Center to shed light on just what the government is up to with Next Generation Identification. Here is their description of the program:

The Federal Bureau of Investigation is developing a biometric identification database program called “Next Generation Identification” (NGI). When completed, the NGI system will be the largest biometric database in the world. The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database. Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Drivers license photos and other biometric records collected by civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. There are an estimated 30 million surveillance cameras in the United States. The NGI system will be integrated with CCTV cameras operated by public agencies and private entities.

So just as the government has moved far beyond tapping communications only with a warrant to include the communications of innocent civilians, biometric identifiers of innocent civilians will be included in NGI alongside identifiers of known criminals. And what could possibly go wrong with our information being assembled in this way? Here’s how EPIC says the database will be built and maintained: Continue reading

Half the LOVEINT Violations Committed by Non-NSA Employees

Screen shot 2013-09-26 at 9.14.52 PM

Chuck Grassley just released a summary of violations of NSA authority he requested back in August.

The data is pretty meaningless. As I have shown, NSA’s own internal reporting shows about 9% (and up to 20% in some categories) of its violations are “due diligence” violations, which are violations of rules that an analyst knows (human error, intelligence error, and training are treated as distinct violations). If today’s hearing was any indication, the Senate Intelligence Committee seems to have no understanding that 9% of all violations are willful violations of rules.

All that said, of the 12 incidents the NSA reported (there are 3 incidents still under investigation), fully half appear to be committed by members of different agencies (though one of those was a military person reported to NSA). That’s a lot of other agency personnel abusing SIGINT authorities they’re granted access to.

And note, DOJ has never prosecuted any of these. In just about all cases where DOJ gets a referral, the person resigns before being charged. The UCMJ does better — DOD has punished two people.

ACLU to Jim Comey: Welcome. Now Fix This.

Jim Comey has officially been in charge of the FBI for less than two weeks.

Today, in honor of Constitution Day, the ACLU just released a report showing how the FBI’s expanded mandate since 9/11 has led to Constitutional abuses.

Most of the details of the report have been reported here in depth. But the Big Data section includes some details I haven’t covered. It explains:

FBI collects Suspicious Activities Reports that duplicate — but lower the standard for — an existing database

Another major problem is that eGuardian effectively competes with another federal government SAR. The Intelligence Reform and Terrorism Prevention Act of 2004 established the Information Sharing Environment (ISE) to serve as the conduit for terrorism-related information sharing between state and local law enforcement and the federal government.114 A March 2013 Government Accountability Office report found that though the two programs share information between them, eGuardian uses a lower evidentiary threshold for inclusion of SARs, which creates risks and privacy problems.

The Government Accountability Office found that “many fusion centers have decided not to automatically share all of their ISE-SARs with eGuardian” because eGuardian doesn’t meet ISE standards.115 One fusion center said it would never provide SARs to eGuardian because of the fusion center’s privacy policy.116 The Government Accountability Office also found that the two systems “have overlapping goals and offer duplicative services.”117

FBI will soon have the equivalent of 20 pieces of intelligence on every American — and they share this broadly

An FBI budget request for fiscal year 2008 said the FBI had amassed databases containing 1.5 billion records, and two members of Congress described documents predicting the FBI would have 6 billion records by 2012, which they said would represent “20 separate ‘records’ for each man, woman and child in the United States.”119


According to a 2012 Systems of Records Notice covering all FBI data warehouses, the information in these systems can be shared broadly, even with foreign entities and private companies, and for a multitude of law enforcement and non-law enforcement purposes.133

There’s far more in the report, chronicling the slow creep of abusive FBI techniques since 9/11.

Sadly, given that this has all been treated as legal, I doubt that Comey will do anything about it, even with ACLU’s demonstration that the dragnet has led FBI to miss real crimes.

Yellowcake In the Soles of His Shoes

Splash page of alibaba.com, where it would appear that Patrick Campbell became Cassim and was unable to exit with his treasure.

Splash page of alibaba.com, where it would appear that Patrick Campbell became Cassim and was unable to exit with his treasure.

Last night, The Smoking Gun and then CBS reported on the latest sting carried out by our government to keep us safe from people too stupid for their own good. This time, instead of the FBI setting up the security theater sting, it was an undercover agent for ICE, or Immigration and Customs Enforcement within the Department of Homeland Security. The criminal complaint (pdf) filed yesterday is written by an ICE Special Agent working out of Miami (I’ll return later to the ironic job position she holds).

Once again, as we see repeatedly in the government’s adventures in security theater, we appear to have ensared a small-time hustler but will undoubtedly play this up as a major interdiction of international terrorism. The hustler this time is one Patrick Campbell, who stands accused of brokering a deal to sell U3O8 to Iran. Campbell apparently was promising to ship 1000 tons of the processed uranium ore, but was arrested in New York yesterday Wednesday when he entered the country from Sierra Leone, where he reportedly lives.

How was Campbell caught? Here is how the complaint describes the elaborate trap ICE devised:

alibaba ad


Yup. Everybody knows that Iran absolutely would go shopping for uranium on alibaba.com. Note that ICE does not appear to be able to get their high-tech document production equipment to produce subscripts. There really is no such thing as Uranium 308 or U308. Writing it that way makes it look like they are referring to a uranium isotope. The naturally occurring isotopes of uranium are listed here, where we see that the atomic masses range from 232 (= U-232) to 238 (=U-238). The isotope of interest is U-235, which occurs in nature as only 0.7% of the uranium atoms. Uranium is mined as raw ore which is chemically treated to produce U3O8, which is otherwise known as yellowcake. For further processing, the yellowcake is then converted to UF6 gas and then put into gas centrifuges where the mixture is selectively enriched for the U-235 isotope. Low-grade enriched uranium has the U-235 enriched from the naturally occurring 0.7% to the range of 3-5%. Iran has also produced mid-grade uranium at 20% U-235 for its research reactor used to produce medical isotopes, but this still falls short of the 90% or so U-235 needed for a nuclear weapon.

It would appear that ICE ran this scam on such a short budget that they wouldn’t even front Campbell the money for travel to the US from Sierra Leone. In his negotiations with the undercover agent, Campbell demonstrated a pitiful level of awareness of operational security. The complaint notes many communications with Campbell by email, telephone and Skype. There is no indication that any of the communications were encrypted. The extent of his op-sec appears to be his brilliant use of an acronym to refer to the transaction:



Campbell finally made it to New York yesterday Wednesday, where he was promptly arrested. Here is how The Smoking Gun opened their report:

A foreigner who agreed to sell undercover Homeland Security agents 1000 tons of yellowcake uranium for shipment to Iran was arrested yesterday when he flew into the United States with uranium samples hidden inside the soles of shoes in his luggage, The Smoking Gun has learned.

Wow. He tried to hide his yellowcake samples in the soles of his shoes, which he then put into checked baggage.

This whole episode is stupid and wasteful on a wide range of levels.

First, Iran purchased huge stockpiles of yellowcake back in the days of the Shah. Continue reading

Spying on Americans: A “Team Sport” Since 2004

Screen shot 2013-07-11 at 6.25.06 PMOne of the more colorful revelations in today’s Guardian scoop is the newsletter piece that describes increased sharing of PRISM (Section 702) data with FBI and CIA.

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that “enables our partners to see which selectors

the National Security Agency has tasked to Prism”.

The document continues: “The FBI and CIA then can request a copy ofPrism collection of any selector…” As a result, the author notes: “these two activities underscore the point that Prism is a team sport!”

But that’s something that has actually been built into the program for years. While the Joint IG Report on the illegal wiretap program claimed,

NSA also was responsible for conducting the actual collection of information under the PSP and disseminating intelligence reports to other agencies such as the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), and the Office of the Director of National Intelligence (ODNI) National Counterterrorism Center (NCTC) for analysis and possible investigation.

The Draft NSA IG Report explained,

Coordination with FBI and CIA. By 2004, four FBI integrees and two CIA integrees, operating under SIGINT authorities in accordance with written agreements, were co-located with NSA PSP-cleared analysts. The purpose of co-locating these individuals was to improve collaborative analytic efforts.

And the minimization procedures released by the Guardian (which date to 2009), make it clear NSA can provided unminimized content to CIA and FBI on whatever selectors they request.


(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures  adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

And none of that should be surprising, given the tasking slide — above — that was first published by the WaPo. FBI, at least, is solidly in the midst of this collection, for a program deemed to be foreign intelligence collection.

There have been a variety of claims about all this team sport participation. But I’m not convinced any of them explain how all this works.

And in perhaps related news, the Fifth Circuit today said that Nidal Hasan could not have access to the FISA material on him, in spite of the fact that William Webster published a 150 page report on it last year. Legally, that material should be utterly distinct from PRISM, since a wiretap on Anwar al-Awlaki would require a specific FISA warrant (and the latest Guardian scoop refers to expanded cooperation since 2012). But I suspect the reason Hasan, the FISA evidence against whom has already been extensively discussed, can’t see it is because we would see what this actually looks like from the FBI side.

DOJ has to protect its team, you know.

Tasers with Wings

I’ve been focusing on Edward Snowden’s NSA revelations, but I didn’t want this tidbit of news to go unnoticed. Among the other documents EFF has gotten in its FOIA on drones in the United States is a planning document for Customs and Border Patrol’s use of the  Predator drone. In it, there’s one line that suggests future upgrades (the report dates to 2010) might include non-lethal immobilization technology.

Customs & Border Protection (CPB) report, released in response to EFF’s Freedom of Information Act lawsuit against the agency, shows CBP has considered adding weapons to its domestic Predator drones.

The report, titled “Concept of Operations for CBP’s Predator B Unmanned Aircraft System” and submitted to Congress on June 29, 2010 shows that, not only is the agency planning to sharply increase the number of Predator drones it flies and the amount of surveillance it conducts by 2016 (detailed further in a separate blog post tomorrow), but it has considered equipping its Predators with “non-lethal weapons designed to immobilize” targets of interest. (p. 63).

And remember: CBP loans out its drones to other Federal agencies. I suspect when Robert Mueller testified recently that FBI had used drones he had CBP ones in mind.

So the next time LAPD uses loaner drones in a manhunt across Southern California, that drone may well be armed with industrial sized tasers.


Shell Games: How to Keep Doing Internet Data Mining and Avoid the Courts

As I noted, the WaPo makes it clear one of the most sensitive parts of the government’s surveillance programs is the collection of Internet metadata.

But the thing is, it doesn’t come out and explain whether and if so how it continues to go on.

This passage, written in the present tense, sure seems to suggest it continues.

MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.

The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.

What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see. “You could do analyses that give you more information, but the law and procedures don’t allow that,” a senior U.S. intelligence lawyer said.

Yet buried in the last paragraphs of the story, WaPo’s sources suggest “the NSA is no longer doing it.” Or — as elaborated — doing “it” under the guise of and with the oversight of the FISA court.

As for bulk collection of Internet metadata, the question that triggered the crisis of 2004, another official said the NSA is no longer doing it. When pressed on that question, he said he was speaking only of collections under authority of the surveillance court.

“I’m not going to say we’re not collecting any Internet metadata,” he added. “We’re not using this program and these kinds of accesses to collect Internet metadata in bulk.”

I keep saying this: sources on this story are trying hard to get us to focus on a few programs managed by FBI and NSA under two particular provisions of law that happen to have (secret, limited) court oversight, Section 215 of the PATRIOT Act and the FISA Amendments Act. But that leaves out several other likely candidates to conduct such intelligence analysis, notably the NCTC. And it leaves out other potential sources of collection, such as cybersecurity in the name of self-defense.

What Does NCTC Do with NSA and FBI’s Newly Disclosed Databases?

The discussion about the various “NSA” programs we’ve seen so far have discussed only how NSA works with FBI. FBI requests the dragnet phone information and hands it over to NSA. NSA negotiates direct access to internet companies that allow FBI to make direct queries.

We’ve heard from Keith Alexander about what NSA does — its only use of Section 215, he said, was the phone records.

We heard from Robert Mueller who gave less clear answers about what FBI does and does not do.

But we have yet to have direct testimony from James “least untruthful too cute by half” James Clapper. Mind you, we’ve gotten several fact sheets and Clapper’s hilarious interview with Andrea Mitchell. Just no specific public testimony.

And curiously, in the DNI’s own fact sheets, he doesn’t specify who does what, aside from describing the statutory role his position and the Attorney General play in authorizing FAA 702 orders. He doesn’t say what FBI does, what NSA does … or what his own organization does.

That’s important, because in addition to overseeing all intelligence, Clapper’s office also includes the National Counterterrorism Center. And the NCTC is the entity in charge sharing data. Indeed, it is statutorily required to have access to everything.

[The National Security Act] provides that “[u]nless otherwise directed by the President, the Director of National Intelligence shall have access to all national intelligence and intelligence related to the national security which is collected by any federal department, agency, or other entity, except as otherwise provided by law, or as appropriate, under guidelines agreed upon by the Attorney General and the Director of National Intelligence.

That means, presumably, that NCTC is doing a lot of the work that NSA and FBI are making narrow denials about.

But it also means that NCTC can play with these databases — the dragnet and the access via PRISM to 702 data — as well as any other data in the Federal government, including databases that John Brennan gave it the ability to go get.

So here’s the thing. When Keith Alexander gives you pat reassurances about how limited NSA’s access to Americans’ call data is, that may disclose a whole lot more intrusive data mining over at James Clapper’s shop.

Remember, here is what James Clapper was initially asked.

Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

Clapper: No, sir.

Wyden: It does not?

Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.” [my emphasis]

His first attempt to walk back that lie went like this:

What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. [my emphasis]

His second attempt to walk it back went like this:

ANDREA MITCHELL: Senator Wyden made quite a lot out of your exchange with him last March during the hearings. Can you explain what you meant when you said that there was not data collection on millions of Americans?

JAMES CLAPPER: First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.

And again, to go back to my metaphor. What I was thinking of is looking at the Dewey Decimal numbers– of those books in that metaphorical library– to me, collection of U.S. persons’ data would mean taking the book off the shelf and opening it up and reading it.

ANDREA MITCHELL: Taking the contents?

JAMES CLAPPER: Exactly. That’s what I meant. Now–

ANDREA MITCHELL: You did not mean archiving the telephone numbers?

All of those efforts were, by context at least, limited exclusively to NSA. They don’t address, at all, what NCTC might do with this data (or, for that matter, FBI).

So what does the NCTC do with the data that NSA and FBI have issued careful denials about?

Update: I’m going to replicate a big chunk of this post on the oversight over NCTC’s use of other agencies data, complete with the bit about how the guy in charge of it thought Cheney’s illegal program was the shit.

Back when John Negroponte appointed him to be the Director of National Intelligence’s Civil Liberties Protection Officer, Alexander Joel admitted he had no problem with Cheney’s illegal domestic wiretap program.

Continue reading

1 2 3 6
Emptywheel Twitterverse
emptywheel Contrary to Andy Dalton's best efforts, he's still just tied in the contest for who can be most giving this Christmas season w/Peyton.
bmaz @stephenlemons @Veritas_ad_res Hahaha, me too, and I don't thinkI ever interacted with that account.
bmaz RT @JerryLMaine: @bmaz @bradheath oh shit, I think you're onto the police slang for "unarmed black man"
bmaz @bradheath But what about the passive shooters?
emptywheel @nickmanes1 just say you were getting the charger and blame the other Christmas shoppers then.
emptywheel @nickmanes1 something something last minute black beans and don't you know neighborhood has better gifts?
emptywheel @nickmanes1 blame the Christmas shoppers.
emptywheel @astepanovich Imagine if they had spent $$ now spending on Boies on basic security?
emptywheel Under David Boies' logic we can't talk abt 2000 election on Twitter, right?
emptywheel @B_Amer mom's. Also had to be OH cause erratic speeds not in own state=OH.
emptywheel Black SUV fr OH w/Christmas lights on roof rack keeps passing us & I feel like I'm in Disney Cars sequel.
December 2014
« Nov