Jack Goldsmith

Leahy-Sensenbrenner Would Shut the Section 702 Cybersecurity Loophole

Section 702 Reporting HighlightI’m going to have a few posts on the Leahy-Sensenbrenner bill, which is the most likely way we’ll be able to rein in NSA spying. In addition to several sections stopping bulk collection, it has a section on collection of US person data under FISA Amendments Act (I’ll return to the back-door loophole later).

But I’m particularly interested in what it does with upstream collection. It basically adds a paragraph to section d of Section 702 that limits upstream collection to two uses: international terrorism or WMD proliferation.

(C) limit the acquisition of the contents of any communication to those communications—

(i) to which any party is a target of  the acquisition; or

(ii) that contain an account identifier of a target of an acquisition, only if such communications are acquired to protect against international terrorism or the international proliferation of weapons of mass destruction.;

And adds a definition for “account identifier” limiting it to identifiers of people.

(1) ACCOUNT IDENTIFIER.—The term ‘account identifier’ means a telephone or instrument number, other subscriber number, email address, or  username used to uniquely identify an account.

I believe the effect of this is to prevent NSA from using Section 702 to conduct cyberdefense in the US.

As I have noted, there are reasons to believe that NSA uses Section 702 for just 3 kinds of targets:

  • International terrorism
  • WMD proliferation
  • Cybersecurity

There are many reasons to believe one primary use of Section 702 for cybersecurity involves upstream collection targeted on actual pieces of code (that is, the identifier for a cyberattack, rather than the identifier of a user). As an example, the slide above, which I discuss in more detail here, explains that one of the biggest Section 702 successes involves preventing an attacker from exfiltrating 150 Gigs of data from a defense contractor. The success involved both PRISM and STORMBREW, the latter of which is upstream collection in the US.

In other words, the government has been conducting upstream collection within the US to search for malicious code (I’m not sure how they determine whether the code originated in a foreign country though given that they refuse to count domestic communications collected via upstream collection, I doubt they care).

So what these two sections of Leahy-Sensenbrenner would do is 1) limit the use of upstream collection to terrorists and proliferators, thereby prohibiting its use for cybersecurity, and 2) define “account identifier” to exclude something like malicious code.

There’s one more interesting aspect of this fix. Unlike many other sections of the bill, it doesn’t go into effect right away.

EFFECTIVE DATE.—The amendments made by subsections (a) and (b) shall take effect on the date that is 180 days after the date of the enactment of this Act.

The bill gives the Executive 6 months to find an alternative to this use of Section 702 — presumably, to pass a cybersecurity bill explicitly labeled as such.

Keith Alexander and others have long talked about the need to scan domestic traffic to protect against cyberattacks. But it appears — especially given the 6 month effective date on these changes — they’re already doing that, all in the name of foreign intelligence.

Jack Goldsmith’s Code

On May 6, 2004, Jack Goldsmith signed an OLC memo that read, in part,

We conclude that in the circumstances of the current armed conflict with al Qaeda, the restrictions set out in FISA, as applied to targeted efforts to intercept the communications of the enemy in order to prevent further armed attacks on the United States, would be an unconstitutional infringement on the constitutionally assigned powers of the President. The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States. Congress does not have the power to restrict the President’s exercise of that authority.

[snip]

Finally, as part of the balancing of interests to evaluate the Fourth Amendment reasonableness, we think it is significant that [redacted] is limited solely to those international communications for which “there are reasonable grounds to believe … [that] a party to such communication is a group engaged in international terrorism, or activities in preparation therefor, or any agent of such a group.” March 11, 2004 Authorization [redacted] The interception is thus targeted precisely at communications for which there is already a reasonable basis to think there is a terrorism connection. This is relevant because the Supreme Court has indicated that in evaluating reasonableness, one should consider the “efficacy of [the] means for addressing the problem.”

[snip]

Thus, a program of surveillance that operated by listening to the content of every telephone call in the United States in order to find those calls that might relate to terrorism would require us to consider a rather difference [sic] balance here. [redacted] however, is precisely targeted to intercept solely those international communications for which there are reasonable grounds already to believe there is a terrorism connection, a limitation which further strongly supports the reasonableness of the searches.

We now know that opinion not only authorized the wiretapping of calls involving US persons, but also at least assumed the collection and contact chaining of the call records of all Americans (there’s an almost entirely redacted section of the memo that describes the March 19 halt to the collection of Internet metadata and the April 2 modification we don’t yet know about).

It’s worth keeping in mind that Goldsmith laid out the case that such a program was “reasonable” under the Fourth Amendment as you read his current writing on the NSA. For example, when — several weeks ago — he scolded the White House for not more aggressively defending the program that has actually expanded since he authorized it 9 years ago…

The government cannot rely on outsiders to explain these documents.  It must do so itself, aggressively and comprehensively, even at the expense of revealing more classified information or having to acknowledge embarrassing information.  If it doesn’t do so, the information already leaked, and the information that will be leaked in the weeks and months ahead, will continue to be portrayed in a very unfavorable light.

He was in part calling for the White House to protect programs he — back in 2004 — deemed critical to protect against terrorism.

Even more interesting is Goldsmith’s prediction (funded by Northrop Grumman, which is a significant NSA contractor) that we’ll all learn to welcome NSA scanning all the metadata and content of US communications — searches far more intrusive, and not committed under the guise of war — in search of hackers in the future.

“I can’t defend the country until I’m into all the networks,” General Alexander reportedly told senior government officials a few months ago.

For Alexander, being in the network means having government computers scan the content and metadata of Internet communications in the United States and store some of these communications for extended periods. Continue reading

Parallel Processing: AUMF Assad Spanking and Then Article II Regime Change

There’s a fundamental dishonesty in the debate about Syria derived from treating the authorization to punish Bashar al-Assad for chemical weapons use in isolation from the Administration’s acknowledged covert operations to support the rebels. It results in non-discussions like this one, in which Markos Moulitsas refutes Nicholas Kristof’s call for bombing Bashar al-Assad based on the latter’s claim we are currently pursuing “peaceful acquiescence.”

And war opponents don’t have to deal with arguments like this one, from the New York Times’Nicholas Kristof:

So far, we’ve tried peaceful acquiescence, and it hasn’t worked very well. The longer the war drags on in Syria, the more Al Qaeda elements gain strength, the more Lebanon and Jordan are destabilized, and the more people die.

The administration has gone to great lengths to stress just how limited air strikes will be, and to great pain to reiterate that regime destabilization is not the goal. So I’m not sure where Kristoff gets the idea that such attacks will have any effect on the growing influence of Islamists in the region. But let’s say that by some miracle, the air strikes do weaken the Assad government, it is the “Al Qaeda elements” that stand most to gain, as they are be best placed to pick up the pieces.

Markos is right: the Administration has gone to great lengths to claim this authorization to use force is only about limited bomb strikes, will involve no boots on the ground, and isn’t about regime change. Here’s how the President described it:

I have decided that the United States should take military action against Syrian regime targets. This would not be an open-ended intervention. We would not put boots on the ground. Instead, our action would be designed to be limited in duration and scope.

But both are ignoring that at the same time, the Administration is pursuing publicly acknowledged (!) covert operations with the intent of either overthrowing Assad and replacing him with moderate, secular Syrians (based on assurances from the “Custodian of the Two Mosques” about who is and who is not secular), or at least weakening Assad sufficiently to force concessions in a negotiated deal that includes the Russians.

Yet here’s how the President’s National Security team discussed the other strand of this — lethal support for vetted rebels — from the very beginning of Tuesday’s hearing before the Senate Foreign Relations Committee.

SEN. CORKER: What I’m unaware of is why it is so slow in actually helping them with lethal support — why has that been so slow?

SEC. KERRY: I think — I think, Senator, we need to have that discussion tomorrow in classified session. We can talk about some components of that. Suffice it to say, I want to General Dempsey to speak to this, maybe Secretary Hagel. That is increasing significantly. It has increased in its competency. I think it’s made leaps and bounds over the course of the last few months.

Secretary Hagel, do you — or General, do you want to –

SEN. HAGEL: I would only add that it was June of this year that the president made a decision to support lethal assistance to the opposition, as you all know. We have been very supportive with hundreds of millions of dollars of nonlethal assistance. The vetting process, as Secretary Kerry noted, has been significant. But — I’ll ask General Dempsey if he wants to add anything — but we, Department of Defense, have not been directly involved in this. This is, as you know, a covert action, and as Secretary Kerry noted, probably to go into much more detail would require a closed or classified hearing.

General Dempsey?

SEN. CORKER: As he’s answering that, and if you could be fairly brief, is there anything about the authorization that you’re asking that in any way takes away from our stated strategy of empowering the vetted opposition to have the capacity over time to join in with a transition government, as we have stated from the beginning?

Is there anything about this authorization that in any way supplements that?

GEN. DEMPSEY: To your question about the opposition, moderate opposition, the path to the resolution of the Syrian conflict is through a developed, capable, moderate opposition. And we know how to do that.

Secondly, there’s nothing in this resolution that would limit what we’re doing now, but we’re very focused on the response to the chemical weapons. I think that subsequent to that, we would probably return to have a discussion about what we might do with the moderate opposition in a — in a more overt way. [my emphasis]

The President, as part of covert action (that is, authorized under Article II authority), decided to lethally arm vetted rebels in June. Those efforts were already increasing significantly, independent of the spanking we’re discussing for Assad. Nothing related to the spanking will limit those efforts to arm the rebels (no one comments on it here, but elsewhere they do admit that spanking Assad will degrade his defenses, so the opposite will occur). And General Dempsey, at least, is forthright that the Administration plans to return to Congress after the spanking to talk about increased, overt support for the rebels.

So there’s the spanking.

And then there’s the lethal arming of rebels which is not a part of the spanking, but will coincidentally benefit from it and has been accelerating of late.

Spanking without regime change. And regime change (or at least a negotiated solution).

Which returns us to the content of the AUMF. Continue reading

Stewart Baker’s User Interface and Edward Snowden’s Authorities

Former NSA Counsel Stewart Baker has been in an increasingly urgent froth since Edward Snowden’s leaks first became public trying to prove that the NSA should have more, not less, unchecked authority.

He outdid himself yesterday with an attempt to respond to Jack Goldsmith’s question,

How is the NSA Director Alexander’s claim that “we can audit the actions of our people 100%” (thus providing an important check against abuse) consistent with (a) stories long after Snowden’s initial revelations that the White House does not “know with certainty” what information Snowden pilfered, (b) reported NSA uncertainty weeks after the initial disclosure about what Snowden stole, (c) Alexander’s own assertion (in June) that NSA was “now putting in place actions that would give us the ability to track our system administrators”?

Baker’s totally inadequate response consists of pointing to certain features of XKeyscore revealed by the Guardian.

Take a close look at slide 7 of the latest leaked powerpoints.

It shows a sample search for a particular email address, including a box for “justification.” The sample justification (“ct target in n africa”) provides both the foreign intelligence reason for surveillance and the location of the target. What’s more, the system routinely calls for “additional justification.” All this tends to confirm NSA’s testimony that database searches must be justified and are subject to audits to prevent privacy abuses.

Now, I don’t know about Baker, but even without a drop-down menu, the average American high schooler is thoroughly adept at substituting a valid justification (“grandmother’s funeral,” “one day flu”) for an invalid one (“surfs up!” “first day of fishing season”). I assume the analysts employed by NSA are at least as adept at feeding those in authority the answers they expect. XKeyscore just makes that easier by providing the acceptable justifications in a drop-down menu.

More problematic for Baker, he commits the same error the Guardian’s critics accuse it of committing: confusing a User Interface like XKeyscore or PRISM with the underlying collections they access. (The Guardian has repeated Snowden and Bill Binney’s claims the NSA collects everything, without yet presenting proof that that includes US person content aside from incidental content collected on legitimate targets.)

That error, for Baker, makes his response to Goldsmith totally inapt to his task at hand, answering Goldsmith’s questions about what systems administrators could do, because he responds by looking at what analysts could do. Goldsmith’s entire point is that the NSA had insufficient visibility into what people with Snowden’s access could do, access which goes far beyond what an analyst can do with her drop-down menu.

And one of the few documents the government has released actually shows why that is so important.

The Primary Order for the Section 215 metadata dragnet, released last week, reveals that technical personnel have access to the data before it gets to the analyst stage.

Appropriately trained and authorized technical personnel may access the BR metadata to perform those processes needed to make it usable for intelligence analysis. Technical personnel may query the BR metadata using selection terms4 that have not been RAS-approved (described below) for those purposes described above, and may share the results of those queries with other authorized personnel responsible for these purposes, but the results of any such queries will not be used for intelligence analysis purposes. An authorized technician may access the BR metadata to ascertain those identifers that may be high volume identifiers. The technician may share the results of any such access, i.e., the identifers and the fact that they are high volume identifers, with authorized personnel (including those responsible for the indentification and defeat of high volume and other unwanted BR metadata from any of NSA’s various metadata respositories), but may not share any other information from the results of that access for intelligence analysis purposes. In addition, authorized technical personnel may access the BR metadata for purposes of obtaining foreign intelligence information pursuant to the requirements of subparagraph (3)(C) below.

[snip]

Whenever the BR metadata is accessed for foreign intelligence analysis purposes or using foreign intelligence analysis query tools, an auditable record of the activity shall be generated.

Note, footnote 4 describing these selection terms is redacted and the section in (3)(C) pertaining to these technical personnel appears to be too.

Now, I suspect the technical personnel who access the metadata dragnet are different technical personnel than the Snowdens of the world. They’re data crunchers, not network administrators. Which only shows there’s probably a second category of person that may escape the checks in this system.

That’s because with their front-end manipulation of the dataset (though not the activities described under (3)(C)), these personnel are not conducting what are considered foreign intelligence searches of the database. The data they extract from the database is specifically prohibited (though, with weak language) from circulation as foreign intelligence information. That appears to mean their actions are not auditable. When Keith Alexander says the data is 100% auditable? You shouldn’t believe him, because his own document appears to say only the analytical side of this is audited. (The document also makes it clear that once the data has been queried, the results are openly accessible without any audit function; the ACLU had a good post on this troubling revelation.)

I suspect a lot of what these technical personnel are doing is stripping numbers — probably things like telemarketer numbers — that would otherwise distort the contact chaining. Unless terrorists’ American friends put themselves on the Do Not Call List, then telemarketers might connect them to every other American not on the list, thereby suggesting a bunch of harassed grannies in Dubuque are 2 degrees from Osama bin Laden.

But there’s also the reference to “other unwanted BR metadata.” As I’ll explain in a future post, I suspect that may be some of the most sensitive call records in the dataset.

Whatever call records get purged on the front end, though, it appears to all happen outside the audit chain that Keith Alexander likes to boast about. Which would put it well outside the world of drop-down menus that force analysts actions to conform with something that looks like foreign intelligence analysis.

In other words, even the document the government provided (with heavy redactions) to make us more comfortable about this program shows places where it probably has insufficient visibility on what happens to the data. And that’s well before you get into the ability of people who can override other technical checks on NSA behavior as system administrators.

Update: More froth from Stewart Baker. This response to my post seems to be an utter capitulation to Goldsmith’s point.

Wheeler thinks this is important because it means that the “justification” menus don’t guarantee auditability of every use of intercept data by every employee at NSA. Again, that may be true, but the important point about the “justification” menu isn’t that it offers universal protection against abuse; nothing does. [my emphasis]

The Torture That Underlies FISA Court’s “Special Needs” Decisions

At the core of the expanding dragnet approved in secret by the FISA Court, Eric Lichtblau explained, is the application of “special needs” to “track” terrorists.

In one of the court’s most important decisions, the judges have expanded the use in terrorism cases of a legal principle known as the “special needs” doctrine and carved out an exception to the Fourth Amendment’s requirement of a warrant for searches and seizures, the officials said.

The special needs doctrine was originally established in 1989 by the Supreme Court in a ruling allowing the drug testing of railway workers, finding that a minimal intrusion on privacy was justified by the government’s need to combat an overriding public danger. Applying that concept more broadly, the FISA judges have ruled that the N.S.A.’s collection and examination of Americans’ communications data to track possible terrorists does not run afoul of the Fourth Amendment, the officials said.

That legal interpretation is significant, several outside legal experts said, because it uses a relatively narrow area of the law — used to justify airport screenings, for instance, or drunken-driving checkpoints — and applies it much more broadly, in secret, to the wholesale collection of communications in pursuit of terrorism suspects. “It seems like a legal stretch,” William C. Banks, a national security law expert at Syracuse University, said in response to a description of the decision. [my emphasis]

That’s actually not entirely secret. We see the beginnings of the process in the 2002 In Re Sealed Case decision by the FISC Court of Review, which thwarted FISA Court Chief Judge Royce Lamberth’s attempt to limit how much FISA information got shared for criminal prosecutions. In approving the “significant purpose” language passed in the PATRIOT Act which made it far easier for the government to use FISA information to justify criminal investigations, the decision pointed to the post-9/11 threat of terrorism to justify FISA as a special needs program (though as I lay out in this post, they also pointed to the judicial review and specificity of FISA to deem it constitutional, which should have presented problems for the dragnet programs that followed).

FISA’s general programmatic purpose, to protect the nation against terrorists and espionage threats directed by foreign powers, has from its outset been distinguishable from “ordinary crime control.” After the events of September 11, 2001, though, it is hard to imagine greater emergencies facing Americans than those experienced on that date.

We acknowledge, however, that the constitutional question presented by this case–whether Congress’s disapproval of the primary purpose test is consistent with the Fourth Amendment–has no definitive jurisprudential answer. The Supreme Court’s special needs cases involve random stops (seizures) not electronic searches. In one sense, they can be thought of as a greater encroachment into personal privacy because they are not based on any particular suspicion. On the other hand, wiretapping is a good deal more intrusive than an automobile stop accompanied by questioning.

Although the Court in City of Indianapolis cautioned that the threat to society is not dispositive in determining whether a search or seizure is reasonable, it certainly remains a crucial factor. Our case may well involve the most serious threat our country faces. Even without taking into account the President’s inherent constitutional authority to conduct warrantless foreign intelligence surveillance, we think the procedures and government showings required under FISA, if they do not meet the minimum Fourth Amendment warrant standards, certainly come close. We, therefore, believe firmly, applying the balancing test drawn from Keith, that FISA as amended is constitutional because the surveillances it authorizes are reasonable. [my emphasis]

Even in one of the only two FISA opinions (this from the Court of Review) that we’ve seen, then, the courts used the urgent threat of terrorism post-9/11 to justify searches that they found to be very close constitutional questions.

Terrorism was “the most serious threat” our country faces, the argument went, so this seeming violation of the Fourth Amendment was nevertheless reasonable.

Or at least close, a per curium panel including longtime FISA foe Laurence Silberman argued.

And in fact, this argument has always been built into the larger dragnet programs. Jack Goldsmith’s 2004 memo on the illegal program describes how it is premised on intelligence — gathered largely from interrogations of al Qaeda operatives — showing al Qaeda wants to attack in the United States.

As explained in more detail below, since the inception of [the program] intelligence from various sources (particularly from interrogations of detained al Qaeda operatives) has provided a continuing flow of information indicating that al Qaeda has had, and continues to have, multiple redundant plans for executing further attacks within the United States. Continue reading

Alberto Gonzales and Internet Data Mining

I was going to leave this speculation well enough alone. But George W Bush decided to interrupt his dog painting to defend Obama’s surveillance dragnet.

Bush also defended the surveillance program, which began during his administration after 9/11, saying the programs guarantee civil liberties are protected.

“I put the program in place to protect the country and one of the certainties is civil liberties were guaranteed,” Bush said.

So here goes.

In his book, Jack Goldsmith describes Alberto Gonzales siding against David Addington in a debate just once, only to have George Bush override the then White House Counsel.

Addington’s hard-line nonaccommodation stance always prevailed when the lawyers met to discuss legal policy issues in Alberto Gonzales’ office. During these meetings, Gonzales himself would sit quietly in his wing chair, occasionally asking questions but mostly listening as the querulous Addington did battle with whomever was seeking to “go soft.” It was Gonzales’ responsibility to determine what to advise the president after the lawyers had kicked the legal policy matters around. But I only knew him to disagree with Addington once, on an issue I cannot discuss, and on that issue the president overruled Gonzales and sided with the Addington position. [my emphasis]

The issue Goldsmith could not discuss could be torture or prisoner transfers or something entirely unknown, but the data mining at the heart of the hospital confrontation is clearly one candidate.

There’s no overt evidence Gonzales tried to do the right thing on the illegal surveillance program. After all, even after Bush agreed to put the program right on March 12, 2004, Gonzales still objected to Goldsmith and Jim Comey’s first advice on the program. After Goldsmith laid out his initial advice on March 15, Gonzales wrote a memo saying,

Your memorandum appears to have been based on a misunderstanding of the President’s expectations regarding the conduct of the Department of Justice. While the President was, and remains, interested in any thoughts the Department of Justice may have on alternative ways to achieve effectively the goals of the activities authorized by the Presidential Authorization of March 11, 2004, the President has addressed definitively for the Executive Branch in the Presidential Authorization the interpretation of the law.

This led Comey to write up his resignation letter on March 16. “[A]lthough I believe this has been one of [DOJ's] finest hours, we have been unable to right that wrong.” Three days later, Bush modified his March 11 Authorization, directing NSA to stop collecting Internet metadata within a week.

Of course, three months later, the Administration resumed collection of Internet metadata using the FISC PR/TT order. That was within days of Goldsmith’s departure, though he had announced his departure a month earlier and Comey, obviously, stuck around for over a year longer.

So still no evidence the Internet data mining was the issue on which Gonzales tried to stand up to Addington.

But let’s jump ahead to the circumstances of Alberto Gonzales’ resignation in August 2007. At the time, his sudden and confusing resignation was attributed to the multiple scandals embroiling him — chiefly the US Attorney firing scandal, but also Gonzales’ Clapper-like lies about the illegal wiretap program before the Senate a month earlier. But for some reason, Gonzales did not benefit from the kind of sinecure every other former Bush official — even James Comey, who went to Lockheed — enjoyed upon departure, which you would have thought he’d get after lying to protect the President.

Then, a year after Gonzales’ departure, we learned that in the weeks before he resigned, White House Counsel Fred Fielding had narced him out for storing a bunch of Top Secret CYA documents in a briefcase in his closet. Continue reading

The 2009 Draft NSA IG Report Makes No Mention of One Illegal Practice

The 2009 Draft NSA IG Report released by the Guardian last week — and related reporting from Barton Gellman — seem to clarify and confirm what I’ve long maintained (12/19/057/29/07; 7/30/07): that one part of the illegal wiretap program that Jack Goldsmith and Jim Comey found “illegal” in 2004 was data-mining of Americans.

Eight days later on 19 March 2004, the President rescinded the authority to collect bulk Internet metadata and gave NSA one week to stop collection and block access to previously collected bulk Internet metadata. NSA did so on 26 March 2004. To close the resulting collection gap, DoJ and NSA immediately began efforts to recreate this authority in what became the PR/TT order.

Mind you, this bulk collection resumed after Colleen Kollar-Kotelly signed an order permitting NSA to collect the same data under a Pen Register/Trap & Trace order on July 14, 2004.

The FISC signed the first PR/TT order on 14 July 2004. ALthough NSA lost access to the bulk metadata from 26 March 2004 until the order was signed, the order essentially gave NSA the same authority to collect bulk Internet metadata that it had under the PSP, except that it specified the datalinks from which NSA could collect, and it limited the number of people that could access the data.

Indeed, we know the program was expanded again in 2007, to get 2 degrees of separation deep into US person Internet data. The Obama Administration claims it ended this in 2011, though there are also indications it simply got moved under a new shell.

Mystery solved, Scoob!

Not so fast.

It appears the bulk Internet metadata collection and mining is just one of two practices that Goldsmith and Comey forced Bush to at least temporarily halt in 2004. But the second one is not mentioned at all in the NSA IG Report.

I first noted that Bush made two modifications to the program in this post, where I noted that 6 pages (11-17) of Jack Goldsmith’s May 6, 2004 OLC opinion on the program described plural modifications made in March and one other month in 2004 (I correctly surmised that they had actually shifted parts of the program under parts of the PATRIOT Act, and that they had narrowed the scope somewhat, though over-optimistically didn’t realize that still included warrantless collection of known domestic content).

But there’s actually a far better authority than Goldsmith’s heavily redacted opinion that confirms Bush made two modifications to the program in this period.

Dick Cheney.

When his office disclosed to Patrick Leahy in 2007 what documents it had regarding authorizations for the illegal wiretap program, it listed two modifications to the program: the one on March 19 described in detail in the NSA IG Report, plus one on April 2.

[Cheney Counsel Shannen] Coffin’s letter indicates that Bush signed memos amending the program on March 19 and April 2 of that year.

But there’s no hint of a second modification in the NSA IG Report.

That could mean several things. It could mean the April 2 modification didn’t involve the NSA at all (and so might appear in a one of the other Agency IG Reports at the time — say, DNI — or might have been completed by an Agency, like some other part of DOD, that didn’t complete an IG Report). It could mean that part of the program was eliminated entirely on April 2, 2004. Or it could mean that in an effort to downplay illegality of the program, the IG simply didn’t want to talk about the worst prior practice eliminated in the wake of the hospital confrontation.

Goldsmith’s opinion does seem to indicate, however, that the modification pertained to an issue similar to the bulk metadata collection. He introduces that section, describing both modifications, by saying “it is necessary to understand some background concerning how the NSA accomplishes the collection activity authorized under” the program.

That may still pertain to the kind of data mining they were doing with the Internet metadata. After all, the fix of moving Internet metadata collection under the PR/TT order only eliminated the legal problem that the telecoms were basically permitting the government to steal Microsoft and Yahoo Internet content from their equipment. There still may have been a legal problem with the kind of data mining they were doing (perhaps arising out of Congress’ efforts in that year’s NDAA to prohibit funding for Total Information Awareness).

Whatever it is, one thing is clear. Even with the release of the unredacted Draft NSA IG Report, we still aren’t seeing all the details on what made the program so legally problematic.

Maybe it’s something the Senate Judiciary Committee might ask Jim Comey during his FBI Director confirmation hearing?

How David Addington Hid the Document Implicating George Bush in Illegal Wiretapping

On December 16 and December 20, 2005, respectively — just days after the NYT revealed its existence — EPIC and ACLU FOIAed DOJ for documents relating to George Bush’s (really, Dick Cheney’s) illegal wiretap program (National Security Archive also FOIAed, though more narrowly). Among other documents, they requested, “any presidential order(s) authorizing the NSA to engage in warrantless electronic surveillance.” Yet in spite of the fact that the ACLU was eventually able to get DOJ to cough up some of the OLC memos that provided a legal rationale for the program, no presidential order was ever turned over. I don’t believe (though could be mistaken) it was even disclosed in declarations submitted by Steven Bradbury in the suit.

There’s a very good (and, sadly, legal) reason for that. According to the 2009 NSC draft IG report the Guardian released yesterday, it’s not clear DOJ ever had the Authorization. The White House is exempt from FOIA, and it’s likely that NSA could have withheld the contents of the Director’s safe from any FOIA, which is where the hard copy of the Authorization was kept.

It’s worth looking more closely at how David Addington guarded the Authorization, because it provides a lesson in how a President can evade all accountability for unleashing vast powers against Americans, and how the National Security establishment will willingly participate in such a scheme without ensuring what they’re doing is really legal.

The IG report describes the initial Authorization this way:

On 4 October 2001, President George W. Bush issued a memorandum entitled “AUTHORIZATION FOR SPECIFIED ELECTRONIC ACTIVITIES DURING A LIMITED PERIOD TO DETECT AND PREVENT ACTS OF TERRORISM WITHIN THE UNITED STATES.” The memorandum was based on the President’s determination that after the 11 September 2001 terrorist attacks in the United States, an extraordinary emergency existed for national defense purposes.

[snip]

The authorization specified that the NSA could acquire the content and associated metadata of telephony and Internet communications for which there was probable cause to believe that one of the communicants was in Afghanistan or that one communicant was engaged in or preparing for acts of international terrorism. In addition, NSA was authorized to acquire telephone and Internet metadata for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States. NSA was allowed to retain, process, analyze and disseminate intelligence from the communications acquired under the authority.

And while the NSA IG report doesn’t say it, the Joint IG Report on the program (into which this NSA report was integrated) reveals these details:

Each of the Presidential Authorizations included a finding to the effect that an extraordinary emergency continued to exist, and that the circumstances “constitute an urgent and compelling governmental interest” justifying the activities being authorized without a court order.

Each Presidential authorization also included a requirement to maintain the secrecy of the activities carried out under the program.

David Addington’s illegal program

While the Joint report obscures all these details, the NSA IG report makes clear that Dick Cheney and David Addington were the braintrust behind the program.

The Counsel to the Vice President used [a description of SIGINT collection gaps provided by Michael Hayden] to draft the Presidential authorization that established the PSP.

Neither President Bush nor White House Counsel Alberto Gonzales wrote this Authorization. David Addington did. Continue reading

Ben Wittes Relies on Obviously False Document to Claim Other Document False

For those coming from Wittes’ so-called response to my post, here’s my response to that response, which shows that Wittes effectively cedes the point that Fredman’s memo is dishonest. 

In a post subtitled “Just Shut Up About Jonathan Fredman” (really!) Ben Wittes argues we should not hold former CIA Counterterrorism Center lawyer Jonathan Fredman responsible for paraphrases attributed to him in the Senate Armed Services Committee report on torture because Fredman wrote a memo claiming he didn’t say those things and because he’s a career official, not a political appointee.

Fredman is a personal friend of mine, but this is getting ridiculous. It’s one thing to hold political appointees responsible for the things they did, said, and wrote. It’s quite another thing to hold career officials accountable for things they didn’t say, do, or write.

Now, in point of fact, Fredman’s memo does not deny saying “if the detainee dies, you’re doing it wrong.” He says,

Those notes, which were misleadingly labeled by their author as “minutes,” to the best of my knowledge were never circulated for comment and contain several serious misstatements of fact. Those misstatements were then compounded by the false allegation at the hearing that the so-called minutes contained quotations from me; the first page of those so-called minutes themselves expressly states that “all questions and comments have been paraphrased” — and, I might add, paraphrased sloppily and poorly.

And,

I expressly warned that should a detainee die as a result of a violation, the responsible parties could be sentenced to capital punishment.

And,

I noted that if a detainee dies in custody, there will and should be a full investigation of the facts and circumstances leading to the death.

And,

I again emphasized that all interrogation practices and legal guidance must not be based upon anyone’s subjective perception; rather, they must be based upon definitive and binding legal analysis from the Department of Justice;

And, after specifically asserting the paraphrase about the Istanbul conference is inaccurate, Fredman concludes,

I did not say the obscene things that were falsely attributed to me at the Senate hearing, nor did I make the absurd comment about Turkey that the author similarly misrepresented. The so-called minutes misstate the substance, content, and meaning of my remarks; I am pleased to address the actions that I did undertake, and the statements that I did make.

Now perhaps Fredman includes “if the detainee dies, you’re doing it wrong,” in his reference to “obscene things,” but he doesn’t specifically say so.

Funny, isn’t it? That a lawyer would write a 6-page memo purportedly denying he said something really outrageous, but never get around to actually denying the statement in question, even while specifically denying another one?

Yet Wittes tells us to shut up shut up shut up about his friend, based on that non-denial denial.

Now, in a twitter exchange about Fredman, Wittes assured me he read both the SASC report and the OPR report on torture. So either he’s a very poor reader, or he doesn’t want to talk about how disingenuous it has since become clear Fredman’s memo was.

The rest of the memo is, by itself, proof that Fredman misrepresents his own actions relating to torture.

Continue reading

Ben Emmerson: Dupe on Two Continents, or Politically Savvy Diplomat?

If I’m not mistaken, the people accusing UN Special Rapporteur on Human Rights and Counterterrorism, Ben Emmerson, of condoning lies in his recent report on drone strikes in Pakistan had no such reaction when Emmerson endorsed John Brennan to head the CIA.

That’s not surprising. Some of the same people consistently read articles presenting evidence that Brennan was not the moderating force on the drone program his boosters claimed and yet parroted the headlines of those articles that said he was.

Don’t get me wrong. Like these Emmerson critics, I take Emmerson’s report solely for what it is: a report on what the civilian, democratically-elected leadership of Pakistan wants to say about drone strikes in Pakistan, not a report on what is really going on in Pakistan, largely under the leadership of Pakistan’s permanent shadow government. Indeed, I was one of the first to point out how Emmerson’s inability to talk to Pakistan’s military and ISI in his reporting trip highlighted the differences between what civilian and military in Pakistan were saying, rather than reflected any “reality” on the ground.

What the release does, then, is lay out in stark contrast the degree to which Pakistan’s civilian and military authorities are sending different messages.

I just read Emmerson’s motives to be different than, simply, sanctioning a lie.

Indeed, I think his comments to Spencer Ackerman and Jack Goldsmith’s interpretation on his endorsement of Brennan might offer some insight on how he’s approaching his efforts to put some legal framework on the use of drones internationally, and why he presented Pakistan’s claims with such seeming credulity.

Emmerson told Spencer that while he might not agree with policies Brennan endorses, having him lead CIA would at least make the program more accountable.

“By putting Brennan in direct control of the CIA’s policy [of targeted killings], the president has placed this mediating legal presence in direct control of the positions that the CIA will adopt and advance, so as to bring the CIA much more closely under direct presidential and democratic control,” Emmerson says. “It’s right to view this as a recognition of the repository of trust that Obama places in Brennan to put him in control of the organization that poses the greatest threat to international legal consensus and recognition of the lawfulness of the drone program.”

“Warts and all” conversations with current and former Obama administration officials convince Emmerson that Brennan tried to steer the drone program from a “technology-driven process” to one that attempted to balance the interests of the law, counterterrorism, and the agencies involved in implementing it. “There are significant elements within the CIA who are unhappy about Brennan’s appointment,” Emmerson says. “These are the hawkish elements inside the CIA who would rather have as a director someone who reflected their agenda, rather than someone who is there to impose the president’s agenda.”

Emmerson says he can’t know if Brennan will actually carry out fewer drone strikes at the CIA. “What I’m saying is, Brennan has been the driving force for the imposition of a single consistent and coherent analysis, both legal and operational, as to the way the administration will pursue this program,” he explains. “I’m not suggesting that I agree with that analysis. That’s not a matter for me, it’s a matter for states, and there’s a very considerable disagreement about that. But what I am saying is that what he will impose is restraint over the wilder ambitions of the agency’s hawks to treat this program in a manner that is ultimately unaccountable and secret.” [my emphasis]

Jack Goldsmith deems Emmerson’s acceptance of the myth that the CIA has been operating in rogue fashion as gullible or naive–critically, some of the same adjectives being used to describe his reporting on Pakistan.

By confirming Emmerson’s ex ante bias that the CIA is a cowboy institution operating lawlessly and beyond presidential control, the officials and former officials who talked to Emmerson are clearly trying to protect the President and the White House (and, no doubt, themselves) from Emmerson’s investigation at the expense of the CIA.  Emmerson’s gullibility or naivete (if those are the right terms) on this matter makes clear what has been pretty clear from the beginning, namely, that the CIA, and not the USG, is his real target.

I would suggest, however, that whether Emmerson is being naive or savvy, the effect is the same. He aggressively supported Brennan taking the helm at CIA (in a way that Goldsmith notes may make his life more difficult at CIA).

A position where, it should be said, Brennan will reportedly be operating outside the Drone Rulebook he himself devised.

But, according to both the analysis of Emmerson and those who are calling him naive, given Brennan’s close relationship with Obama, even those off-rulebook drone strikes will now operate with no plausible deniability. Whether CIA was genuinely operating as a cowboy before or not, going forward it will be almost impossible to argue it is doing so, because Brennan, a very close Obama aide, will be overseeing the program.

I think both Emmerson’s endorsement of Brennan and his presentation of a view the civilian government of Pakistan would like to tell rather than the reality serve the same purpose: To highlight the way drone wars operate within big loopholes of democratic accountability and possibly, to move towards eliminating those loopholes.

Emmerson is a UN diplomat operating with almost no leverage, and I’m not at all confident he’ll succeed.

But his effort seems to understand a point I’ve long made about drones and Rosa Brooks has recently been addressing as well. Beyond any question about efficacy and civilian casualties, conducting drone strikes as we have been undermines the principles of sovereignty (which, it should be said, is an important part of any authority the UN might have over such issues) in both targeted and targeting states.

Maybe I’m misreading Emmerson’s actions as being far more astute than they really are–maybe he is the dupe his critics make him out to be. But he seems to be using his public statements to address the underlying problems with imposing some international legal framework on drones as much as he is the specifics.

Emptywheel Twitterverse
JimWhiteGNV Every New York restaurant for the next ten years will be running a daily special of shark fin soup. #Sharknado2TheSecondOne
19mreplyretweetfavorite
JimWhiteGNV Finn does a Slim Pickens! #Sharknado2TheSecondOne
23mreplyretweetfavorite
JimWhiteGNV Peasants with pitchforks in the streets of New York! Love it! #Sharknado2TheSecondOne
25mreplyretweetfavorite
JimWhiteGNV RT @ThunderLevin: He found a chainsaw! All is well! #Sharknado2TheSecondOne
36mreplyretweetfavorite
JimWhiteGNV Just realized #Sharknado2TheSecondOne wasn't timely enough for Judd Hirsch to drive for Uber.
37mreplyretweetfavorite
JimWhiteGNV C'mon, Al, call it the mother of all sharknados. #Sharknado2TheSecondOne
40mreplyretweetfavorite
JimWhiteGNV RT @jeremyscahill: Oh shit. John Brennan just accidentally SnapChatted me his secret notes on why John Brennan is awesome.
45mreplyretweetfavorite
JimWhiteGNV Martha Stewart: "Know what could kill these sharks? Drones!" #Sharknado2TheSecondOne
46mreplyretweetfavorite
JimWhiteGNV Let' make a big bomb! #Sharknado2TheSecondOne
50mreplyretweetfavorite
JimWhiteGNV RT @ThunderLevin: Yeah... We jumped the shark. #Sharknado2TheSecondOne #sharknado2
1hreplyretweetfavorite
July 2014
S M T W T F S
« Jun    
 12345
6789101112
13141516171819
20212223242526
2728293031