James Clapper

The President Who Demanded Stanley McChrystal’s Resignation Is Not Sheltering the NatSec Bureaucracy

As I have repeatedly noted, I think President Obama will protect John Brennan — and the CIA more generally — because of the mutual complicity built in between CIA and the White House over covert ops.

It’s not just that CIA knows the full details of the drone killings Obama authorized on his sole authority. It’s also that the CIA is still protecting the Office of the Presidency’s role in torture by withholding from the Senate documents over which the White House might — but did not formally — claim Executive Privilege. Obama did the same thing when he went to some lengths to prevent a very short phrase making it clear torture was Presidentially-authorized from being released in 2009; it wasn’t just the Finding that still authorized his drone strikes the President was protecting, but the Office that George Bush sullied by approving torture.

I also think Obama will stand by Brennan because they have worked closely so long Brennan is one of Obama’s guys.

Bloomberg View’s Jonathan Bernstein doesn’t agree, however. After dismissing Conor Friedersdorf’s version of the mutual incrimination argument, he suggests Obama is simply demonstrating to the national security bureaucracy he’s on their side.

Obama is concerned -– in my view, overly so -– with demonstrating to the intelligence bureaucracy, the broader national security bureaucracy, and the bureaucracy in general, that he is on their side. The basic impulse to stand up for the people he appointed isn’t a bad one; nor is the impulse to demonstrate to the intelligence community that he is no wild-eyed peacenik softie who opposes the work they do. For one thing, he’s more likely to effect change in national security areas if experts in the government believe he’s at least sympathetic to them as individuals and to their basic goals, even if he questions some of the George W.Bush-era (or earlier) methods. For another, the ability of bureaucrats to hurt the president with leaks doesn’t depend on the existence of deep dark secrets. Every president is vulnerable to selective leaks and a drumbeat of steady negative interpretations from the bureaucracy.

And yet, overdoing support for the bureaucracy can have severe costs. On torture, for example, emphasizing the good intentions of those faced with difficult choices during the last decade makes sense. But failing to take action, and leaving bureaucrats with serious liabilities because the status of their past actions is unresolved, only may have made reassuring them of presidential support increasingly necessary. That’s not a healthy situation.

Again: some of the incentive to (at least at first) stand up for presidential appointees is inherent in the presidency, and a healthy thing to do even when the president believes people have misbehaved and should go. But throughout his presidency, Obama has been overly skittish when it comes to potentially crossing his national security bureaucracy, and I strongly suspect that torture and other Bush-era abuses are both part of the original cause and will cause more of that timidity down the road.

Obama has been overly skittish when it comes to crossing his NatSec bureaucracy?

First, as I have already noted, Obama was perfectly happy demanding David Petraeus’ resignation for fucking his biographer. While I have my doubts whether that was really the reason — and while by firing him, Obama undercut a potential 2012 rival — he didn’t shy away from firing a man with some of the best PR in DC.

You might also ask the 19 top Generals and Admirals Obama has fired (most with the help of Bob Gates; also note the 20th on this list is Petraeus) — so many that conservatives accuse him of “purging” — whether he’s squeamish about crossing the NatSec bureaucracy. And while Micah Zenko’s comment on Twitter is correct that intelligence officials have largely escaped this treatment, Obama seemed happy to use  Michael Leiter’s National Counterterrorism Center’s failure to stop the UndieBomb attack to fire then Director of National Intelligence Dennis Blair.

President Obama is not a man afraid to fire members of the national security bureaucracy.

The starkest contrast with Brennan’s treatment comes from the case of Stanley McChrystal.

Obama demanded McChrystal’s resignation not because his night raids were exacerbating extremism in Afghanistan. Not because many service members felt he had left them exposed. Not because, even then, it was clear the surge in Afghanistan was going to fail.

Obama demanded McChrystal’s resignation because Michael Hastings exposed McChrystal and his top aides (including Michael Flynn, who quit in April because of differences on policy) being insubordinate. Obama demanded McChrystal’s resignation because doing so was necessary to maintain the primacy of civilian control — like separation of powers, one of the bedrocks ensuring national security doesn’t trump democracy.

That, to me, is the important takeaway from comparing McChrystal’s fate with Brennan’s.

When a top member of the national security bureaucracy challenged the control of the civilian executive, he got canned, appropriately, in my opinion.

But when the Director of the CIA permitted his Agency to strike at the core of the separation of powers by investigating its overseers, Obama offered his support. Obama may have fired a top general for threatening Executive authority, but he has supported a top aide after he threatened Legislative authority.

You can come up with any number of explanations why Obama did that. But being afraid of taking on his National Security bureaucracy — as distinct from taking on the intelligence agencies, as Obama chose not to do when Clapper lied or when Keith Alexander oversaw the leaking of the family jewels even while getting pwned in his core cyberdefense capacity — is not the explanation.

Obama has proven to have no qualms about upsetting his national security bureaucracy. Just that part of it run covertly.

The Most Transparent Admin Evah™ Boasts of Declassifying 6.2% of Torture Report

As you likely know, when the White House delivered the torture report back to the Senate Intelligence Committee, they discovered that the Intelligence Community had redacted big chunks of the summary. McClatchy’s latest report reveals the CIA blacked out the pseudonyms of torturers that SSCI had used to hide their real names.

Tom Mentzer, a spokesman for the committee’s chairwoman, Sen. Dianne Feinstein, D-Calif., told McClatchy on Monday that the blackouts _ officially known as redactions _ were made to pseudonyms used for both covert CIA officers and foreign countries.

“No covert CIA personnel or foreign countries are named in the report,” he said. “Only pseudonyms were used, precisely to protect this kind of information. Those pseudonyms were redacted (by the administration).”

All of the pseudonyms were excised from the version of the executive summary that the White House returned to the committee on Friday, a person familiar with the issue said.

I presume CIA felt they had to do this because the names of the torturers are not, in fact secret. We know that Bruce Jessen reverse engineered the torture and Alfreda Bikowsky ordered the rendition of Khalid el-Masri. Keeping the pseudonyms the SSCI used for each secret prevents us from developing a more complete list of the things each did, including the legally actionable things.

In other words, the CIA is redacting things to hide evidence of crimes.

Behind this spat is a more general question: whether redacting 15%  of an executive summary is excessive or not. Martin Heinrich says it makes the report unreadable.

“Redactions are supposed to remove names or anything that could compromise sources and methods, not to undermine the source material so that it is impossible to understand,” Sen. Martin Heinrich, D-N.M., a member of the committee, said Sunday in a statement. “Try reading a novel with 15 percent of the words blacked out. It can’t be done properly.”

James Clapper and White House spokesperson Josh Earnest say leaving 85% of the summary is very “transparent.”

Josh Earnest justified the redactions, telling reporters: “We’re talking about very sensitive information here. And it’s important that a declassification process be carried out that protects sources and methods and other information that is critical to our national security.”

He noted that more than 85 percent of the executive summary wasn’t blacked out.

But as Katherine Hawkins noted on Twitter, that’s doing the math wrong. The Executive Branch has already decided that the overwhelming majority of the report — the more detailed chapters — will not be released at all right now. The roughly 408 pages the Administration has decided we can see represents just 6.2% of the report — 408 pages out of 6,600.

SSCI wrote the summary so that it could be released, with the perhaps futile expectation that the rest of the report will be released after Bikowsky and others are no longer still working (!!) for the Agency. And yet the Most Transparent Administration Evah™ believes that even releasing that much is too much transparency and democracy for us.

Under Clapper’s Continuous Monitoring CIA Could Continuously Monitor SSCI on CIA Network

As I pointed out the other day, the CIA IG Report on spying on the Senate Intelligence Committee appears to say the egregious spying happened after John Brennan told Dianne Feinstein and Saxby Chambliss on January 15 CIA had been spying on SSCI.

Agency Access to Files on the SSCI RDINet:

Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.

Agency Crimes Report on Alleged Misconduct by SSCI Staff:

The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.

Office of Security Review of SSCI Staff Activity:

Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on the RDINet system.

With that in mind, consider this passage of James Clapper’s July 25, 2014 response to Chuck Grassley and Ron Wyden’s concerns about Clapper’s new ongoing spying on clearance holders.

With respect to your second question about monitoring of Members of Congress and Legislative Branch employees, in general those individuals will not be subject to [User Activity Monitoring] because their classified networks are not included in the definition of national security systems (NSS) for which monitoring is required.

[snip]

Because no internally owned or operated Legislative branch network qualifies as a national security system, UAM by the Executive Branch is accordingly neither required nor conducted. To be clear, however, when Legislative Branch personnel access a national security system used or operated by the Executive Branch, they are of course subject to UAM on that particular system.

CIA’s spying on SSCI took place on CIA’s RDI network, not on the SSCI one. SSCI had originally demanded they be given the documents pertaining to the torture program, but ultimately Leon Panetta required them to work on a CIA network, as Dianne Feinstein explained earlier this year.

The committee’s preference was for the CIA to turn over all responsive documents to the committee’s office, as had been done in previous committee investigations.

Director Panetta proposed an alternative arrangement: to provide literally millions of pages of operational cables, internal emails, memos, and other documents pursuant to the committee’s document requests at a secure location in Northern Virginia. We agreed, but insisted on several conditions and protections to ensure the integrity of this congressional investigation.

Per an exchange of letters in 2009, then-Vice Chairman Bond, then-Director Panetta, and I agreed in an exchange of letters that the CIA was to provide a “stand-alone computer system” with a “network drive” “segregated from CIA networks” for the committee that would only be accessed by information technology personnel at the CIA—who would “not be permitted to” “share information from the system with other [CIA] personnel, except as otherwise authorized by the committee.”

It was this computer network that, notwithstanding our agreement with Director Panetta, was searched by the CIA this past January,

Presumably, those limits on access should have prevented CIA’s IT guys from sharing information about what SSCI was doing on the network. But it’s not clear they would override Clapper’s UAM.

Remember, too, when Brennan first explained how this spying didn’t qualify as a violation of the Computer Fraud and Abuse Act, he said CIA could conduct “lawfully authorized … protective … activity” in the US. Presumably like UAM.

I have no idea whether this explains why CIA’s IG retracted what Feinstein said had been his own criminal referral or not. But I do wonder whether the CIA has self-excused some of its spying on SSCI in the interest of continuous user monitoring?

If so, it would be the height of irony, as UAM did not discover either Chelsea Manning’s or Edward Snowden’s leaks. Imagine if the only leakers the Intelligence Community ever found were their own overseers?

NSA Got Into Bed with the Saudis Just Before Our Technical Cooperation Agreement Expanded

In February 2011, around the time the CIA took over the hunt for Anwar al-Awlaki, NSA started collaborating with Saudi Arabia’s Ministry of Interior’s (MOI) Technical Assistance Directorate (TAD), under the umbrella of CIA’s relationship with MOI (it had previously cooperated primarily with the Kingdom’s Ministry of Defense).

On August 15, 2011, hackers erased the data on two-thirds of the computers at Saudi Aramco; American sources claim Iran was the culprit.

On September 30, 2011, CIA killed Anwar al-Awlaki, using drones operated from a base on Saudi soil.

On November 5, 2012, King Abdullah named close John Brennan ally Mohammed bin Nayef (MbN) Minister of the Interior; MbN had for some time been our top counterterrorism partner in the Kingdom.

On December 11, 2012, James Clapper expanded NSA’s Third Party SIGINT relationship with the Kingdom of Saudi Arabia, for the first time formally including the Ministry of Interior’s Technical Affairs Directorate.

Between January 14 and 16, 2013 MbN traveled to Washington and met with just about every top National Security person (many of whom, including Brennan, were just assuming new jobs). On January 16, MbN and Hillary Clinton renewed and expanded the Technical Cooperation Agreement initiated in 2008. The TCA was modeled on the JECOR program used from the late 1970s until 2000 to recycle US dollars into development programs in Saudi Arabia; in this more recent incarnation, the Saudis recycle dollars into things like a 30,000 mercenary army and other military toys for internal stability and border control. Last year’s renewal — signed just over a month after Clapper made the Saudis full Third Person partners – added cybersecurity to the portfolio. The TCA — both the existing security resources and its expansion under close ally MbN — shored up the power base of one of our closest partners (and at a time when we were already panicking about Saudi succession).

In other words, in addition to expanding Saudi capabilities at a time when it has been cracking down on peaceful dissent, which is what the Intercept story on this document discusses, by giving the Saudi MOI Third Party status, we added to the power of a key ally within the royal family, and did so at a time when the TCA was already shoring up his power base.

We did so, the Information Paper makes clear, in part because MOI has access to internal Saudi telecommunications. While the Information paper talks about AQAP and Iran’s Republican Guard, they are also targeting Saudi targets.

And these new capabilities? They get coordinated through Chief of Station in Riyadh, the CIA. John Brennan’s agency.

It’s all very tidy, don’t you think?

You’re Doing Counter-Propaganda Wrong, Hand-Picked Journos Edition

I’ve been so buried in Netroots Nation and related issues I’ve only followed the top-line coverage of the MH17 shoot-down. I think the version the Administration released yesterday — that Ukrainian rebels shot down the airliner by mistake — is the most plausible explanation, though I’m aware of questions about that story.

All that said, there’s something about yesterday’s dog-and-pony show offered at the Office of Director of National Intelligence that seriously discredits the US story.

As the WSJ account of it makes clear, the reporters brought in for that dog-and-pony were explicitly told the dog-and-pony was being held to “not let[] a Russian narrative get out there.”

The Russian government is making a “full-court press” to spread a Russian version of events that try to pin the shoot-down on the Ukrainians, which is “not plausible to us,” one senior intelligence official said.

A key goal of Tuesday’s presentation, said one senior intelligence official was “not letting a Russian narrative get out there,” said one senior U.S. intelligence official.

(Apparently this senior intelligence official is not honest enough to admit both sides are already in a game of full court pressing – and John Kerry has already gotten beyond what the government released yesterday.)

Here’s the thing. While the Russians have not offered as much proprietary intelligence as the US offered yesterday, the presentation this dog-and-pony show is meant to rebut involve their Ministry of Defense providing a televised briefing on their questions about the event.

By contrast, noted liar James Clapper’s office invited hand-picked journalists in, and swore them to silence about who actually gave the briefing, and only afterwards released a transcript and other materials on the briefing. Spencer Ackerman was among the obvious journalists who should have been but was not invited.

Some of the evidence provided by US intelligence – whose fiscal 2013 budget was $68bn – included Facebook posts. “After it became evident that the plane was a civilian airliner, separatists deleted social media posts boasting about shooting down a plane and possessing a Buk (SA-11) surface-to-air missile system,” a senior intelligence official said in the briefing, held on condition of anonymity. The Guardian was not invited to the briefing, a transcription of which was later made available.

Look, if the US government has a case, they can release it publicly. But what they appear to be doing instead is creating their own official press corps and presenting their case there.

That’s especially true given that something else said at the briefing undermines the US case against the rebels.

They noted that it can be difficult to track the transportation of weapons because they are often moved at night, and the Russians have provided the separatists with types of weapons that the Ukrainians also have in order to maintain “plausible deniability.”

If the Russians have gone to some length to hide their role in arming rebels, why would they also give them a weapon that would draw so much attention (the Ukrainian government has them as well, but they haven’t used them)? (Though I actually think the point is they have been fired, but weren’t considered so fancy until they took down a civilian jet.)

I suspect at this point both sides are hiding interesting details they know. But the US has the more plausible case, thus far. So why are they unwilling to present their case publicly?

What Happened to Obama’s Ordered Restrictions on Back Door Searches?

In the wake of yesterday’s PCLOB Report, Presidential Review Board Member Geoffrey Stone reminded that Obama’s hand-picked group recommended requiring warrants before accessing US person data collected via Section 702.

In effect, the Review Group recommended that backdoor searches for communications involving American citizens should be prohibited unless the government has probable cause and a warrant. This is essentially what the recently enacted House amendment endorsed.

The Review Group concluded that the situation under section 702 is distinguishable from the situation when the government lawfully intercepts a communication when it has probable cause and a warrant. This is so because, in the section 702 situation, the government is not required to have either probable cause or a warrant to intercept the communication. Because section 702 was not intended to enable the government to intercept the communications of American citizens, because our recommended reform would leave the government free to use section 702 to obtain the types of information it was designed and intended to acquire—the communications of non-U.S. citizens, and because the recommended reform would substantially reduce the temptation the government might otherwise have to use section 702 impermissibly in an effort intentionally to intercept the communications of American citizens, we concluded that this reform was both wise and essential.

But there’s a forgotten detail from ancient history of greater interest. Even the President ordered up changes for back door searches in criminal contexts.

Specifically, I am asking the Attorney General and DNI to institute reforms that place additional restrictions on government’s ability to retain, search, and use in criminal cases, communications between Americans and foreign citizens incidentally collected under Section 702.

Yet in spite of the fact the President asked the Attorney General and DNI to place additional restrictions on the government’s ability to keep, search, and use Section 702 collected information in criminal cases, here’s what we learned yesterday.

[A]lthough a communication must be “destroyed upon recognition” when an NSA analyst recognizes that it involves a U.S. person and determines that it clearly is not relevant to foreign intelligence or evidence of a crime,531 in reality this rarely happens. Nor does such purging occur at the FBI or CIA: although their minimization procedures contain age-off requirements, those procedures do not require the purging of communications upon recognition that they involve U.S. persons but contain no foreign intelligence information.

[snip]

FBI requires that metadata queries, like content queries, be reasonably designed to return foreign intelligence or evidence of a crime. As noted above, however, the FBI does not separately track which of its queries involve U.S. person identifiers, and so the number of such metadata queries is not known.

As illustrated above, rules and oversight mechanisms are in place to prevent U.S. person queries from being abused for reasons other than searching for foreign intelligence or, in the FBI’s case, for evidence of a crime. In pursuit of the agencies’ legitimate missions, however, government analysts may use queries to digitally compile the entire body of communications that have been incidentally collected under Section 702 that involve a particular U.S. person’s email address, telephone number, or other identifier, with the exception that Internet communications acquired through upstream collection may not be queried using U.S. person identifiers.540 In addition, the manner in which the FBI is employing U.S. person queries, while subject to genuine efforts at executive branch oversight, is difficult to evaluate, as is the CIA’s use of metadata queries.

And the best estimate we’ve been given for how many of these FBI queries take places is a “substantial” amount.

It has been 6 months since the President ordered changes. And the FBI still can’t even count its US person queries, much less quantify them. PCLOB calls it “difficult to evaluate.”

Um, did James Clapper and Eric Holder just blow off the President’s order in January? Because it sure looks like FBI’s back door searches remain a relatively unregulated mess.

In Advance of PCLOB, WaPo Busts ODNI’s Limited Hang Out on Certifications

Earlier today, I got to tell the journalists who have long ignored that the FBI does back door searches — or even suggested I was guessing that they do, when it appeared in multiple public documents — that I had been telling them so for a long time.

But today I also have to admit I got suckered by a year-long Director of National Intelligence effort at a limited hangout. That effort was, I’m convinced, designed to hide that the Section 702 program is far broader than government witnesses wanted to publicly admit it was. Nevertheless, I was wrong about a supposition I had believed until about 2 months ago.

Since the first days after the Snowden leaks, the government has suggested it had 3 certificates under Section 702, covering counterterrorism, counterproliferation, and cybersecurity.  But — as the WaPo reports (as with the ODNI back door search numbers, in convenient timing that conveniently preempts the PCLOB report) — that’ s not the case. The NSA has a certificate that covers every foreign government except the other 4 members of the 5 Eyes (UK, Canada, New Zealand, and Australia), as well as various foreign organizations like OPEC, the European Central Bank, and various Bolivarist groups.

For an entire year, the government has been suggesting that is not the case. I even believed them, the one thing I know of where I got utterly suckered. I was wrong.

Frankly, this certification should not be a surprise. It is solidly within the letter of the law, which permits collection on any agent of a foreign power. From the very first PRISM revelations, which showed collection on Venezuela, it was clear NSA collected broadly, including on Bolivarist governments and energy organizations.

But consistently over the last year, the NSA has suggested it only had certifications for CT, CP, and cyber.

On June 8 of last year, for example, ODNI listed 3 Section 702 successes.

  • Communications collected under Section 702 have provided the Intelligence Community insight into terrorist networks and plans. For example, the Intelligence Community acquired information on a terrorist organization’s strategic planning efforts.
  • Communications collected under Section 702 have yielded intelligence regarding proliferation networks and have directly and significantly contributed to successful operations to impede the proliferation of weapons of mass destruction and related technologies.
  • Communications collected under Section 702 have provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks. This insight has led to successful efforts to mitigate these threats

The October 3, 2011 John Bates opinion, released in October, made it clear there were just 3 certificates at that point.

3 certificates

 

 

(Though note the Semiannual Compliance Review released last year looked to be consistent with at least one more certificate.)

The President’s Review Group emphasized the categorical nature of certificates, and in its second discussion thereof named those same three categories.

[S]ection 702 authorized the FISC to approve annual certifications submitted by the Attorney General and the Director of National Intelligence (DNI) that identify certain categories of foreign intelligence targets whose communications may be collected, subject to FISC-approved targeting and minimization procedures. The categories of targets specified by these certifications typically consist of, for example, international terrorists and individuals involved in the proliferation of weapons of mass destruction.

[snip]

Section 702 requires that NSA’s certifications attest that a “significant purpose” of any acquisition is to obtain foreign intelligence information (i.e. directed at international terrorism, nuclear proliferation, or hostile cyber activities), that it does not intentionally target a United States person, that it does not intentionally target any person known at the time of acquisition to be in the United States, that it does not target any person outside the United States for the purpose of targeting a person inside the United States, and that it meets the requirements of the Fourth Amendment.

And in March testimony before PCLOB, NSA General Counsel Raj De suggested those same three topics.

But beyond that there has to be a valid foreign intelligence reason within the ambit of one of those certifications that the FISC approves annually. Those are certifications on things like counterterrorism, encountering WMDs, for example, weapons of mass destruction.

Most recently, former DOJ official Carrie Cordero – who has been involved in this whole certification process – claimed in the CATO debate we’ve been engaged in “they are not so broad that they cover any and everything that might be foreign intelligence information.”

And yet, there’s a foreign intelligence certificate that covers any and everything that might be foreign intelligence information, a certificate that destroys the whole point of having certificates (though if there’s a cyber one, I suspect it has its own problems, in that it permits domestic collection).

Lots of people are claiming WaPo’s latest is no big deal, because of course the NSA spies on foreign government’s. They’re right, to a point. Except that the government has been strongly implying, since day one, that Section 702 was narrowly deployed, not available to use against all but our 4 closest spying allies.

PCLOB is surely about to make it clear that’s not the case. And voila! All of a sudden it becomes clear the government has been misleading when it claimed this was narrowly deployed.

Told You So, FBI Back Door Search Edition

For a long time, I’ve been noting that the October 3, 2011 John Bates Opinion and last August’s Semiannual Report on FISA make it clear that the FBI, like the CIA and NSA, conducts back door searches off Section 702 collected data.

ODNI’s response to Ron Wyden’s request for actual numbers of how many back door searches the government conducts makes it clear that I was correct.

The report is even worse than I imagined. It shows the following:

FBI 

FBI does back door searches for both foreign intelligence and criminal purposes. This means NSA’s language about keeping data for evidence of a crime is fairly meaningless, because they’re handing chunks of data off to FBI that it can troll for evidence of crime.

And the FBI doesn’t count these queries. In fact, FBI doesn’t even distinguish between when it is searching foreign and US person identifiers.They say only that “the number of queries is substantial.”

CIA 

I expected all that from the FBI. What amazes me is that the CIA — an Agency that is not supposed to conduct domestic intelligence collection — does not count how many metadata-only queries of US person data it does. So all those fears of NSA identifying whether you’re visiting an AIDS clinic or a pregnancy counseling center? The NSA may not do that kind of analysis, but the CIA might be checking what foreigners you’re talking to.

The CIA also conducts a bunch of content queries — “fewer than 1900″ — of which 40% are counterterrorism-related queries for other agencies. (Which leads me to wonder why neither NSA nor FBI are doing these queries, which would make more sense.) But that leaves 60% of 1900 — or around 1,100 queries a year of US person content that are for CIA’s own purposes and may not even be terrorism related.

NSA

The NSA conducts the fewest. It conducts 198 US person content queries (that is, not all that much fewer than the 248 US persons queried in the phone dragnet or collected on using another Section 215 order). It conducts 9,500 queries of metadata only queries, of which some are duplicative.

Compared to CIA’s uncountable number, that may not sound like a lot. But compare that to the phone dragnet, which also queried on fewer than 248 US person identifiers last year. That is, it is doing an order of magnitude more Internet metadata queries than it is phone queries.

One more thing: Last year’s FAA report revealed that CIA and NSA also sometimes accidentally query US person data. So the numbers of Americans sucked in via FAA may be significantly larger.

PCLOB

One more note about this report. PCLOB is due to release their Section 702 report on Wednesday. That is sure to have recommendations about how to protect US person privacy; Patricia Wald was quite clear in the most recent PCLOB hearing she believes the government should use a warrant to access this data. So Ron Wyden finally got a response, but it almost certain is only because PCLOB was about to make much of this public on their own.

(KS linked to this version of the Doors, thanks!)

NSA’s New-and-Improved Call Chaining Process, Now with No Calls Required

As I noted, last night I Con the Record released the phone dragnet orders from last week and from March.

There are two significant changes (which may well be related).

First, perhaps in anticipation of shifting to production from the providers, perhaps because the Court has rethought its authorization granted in November 2012, the government appears to have given up its effort to introduce an automated query.

Queries of the BR metadata using RAS-approved selection terms for purposes of obtaining foreign intelligence information may occur by manual analyst query only.

PCLOB provided the only unclassified description of what the government had been trying to do with its automated query.

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records.68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’s database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. 

But, as I reported in February, NSA has never been able to pull off its automated alert, purportedly for technical reasons (which usually means it could not technically meet the requirements imposed by the court).

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

The government revealed NSA’s failure to implement its automatic alert in its motion to amend this year’s first dragnet order.

In that same motion it implemented the change in standard dragnet language that has been retained in these more recent dragnet orders: the NSA is chaining on “connections” as well as actual calls.

14 The first “hop” from a seed returns results including all identifiers (and their associated metadata) with a contact and/or connection with the seed. The second “hop” returns results that include all identifiers (and their associated metadata) with a contact and/or connection with an identifier revealed by the first “hop.”

Now, it may be that the entire time one after another government witness has testified to Congress that this phone dragnet only returns on calls, they’ve been doing this connection-based chaining as well. As I noted in this post, connection-based chaining has been in a redacted section of phone dragnet orders describing their automated query. (They seem to have ditched the automation but retained the connection based chaining.) And Dianne Feinstein’s Fake FISA Fix also would have permitted connection chaining.

Whether Administration witnesses were being deliberately deceitful when testifying about call-based chaining (“not wittingly!”) or the NSA only recently resumed doing connection based chaining manually, having given up on doing it automatically, one thing is clear. The NSA has been doing connection based chaining since at least February, and very few people in Congress know what that means. Nevertheless, they’re about to authorize that formally.

I Con the Record Strikes Again

In a show of transparency, I Con the Record just released annual statistics for certain programs. Here are my thoughts, in rolling updates.

These arent’t the Certificates you’re looking for

Here’s what I Con the Record tells us about Section 702:

Screen Shot 2014-06-27 at 11.57.35 AM

Just one order!!

Of course, we know from the 2011 John Bates opinion that one order likely includes several certificates. For a long time I wrongly bought off on ONDI propaganda that there were 3 certificates, covering counterterrorism, counterproliferation, and cybersecurity. But it appears the 3rd certificate is instead an unbelievably broad “foreign intelligence” one, which pretty much swallows the idea of specific certification.

I Con the Record even admits the proper unit is certificate.

Under Section 702, the Foreign Intelligence Surveillance Court (FISC) approves Certifications as opposed to individualized orders. 

Yet I Con the Record won’t even tell us whether there are just 3 certificates still or more. Instead, it gives us how many orders there were.

Note, in internal reports, ODNI tracks average tasked selectors, which last year provided a number in the range of 65,000 selectors. So either their spying on a lot more 702 targets, or that number was artificially low.

I Con the Record finally admits “target” doesn’t mean what we think it means — or what they mean, sometimes

This might be regarded by some as “transparency.”

Targets:  Within the Intelligence Community, the term “target” has multiple meanings. For example, “target” could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws.

Some laws require that the government obtain a Court order specifying the communications facilities used by a “target” to be subject to intelligence collection. Although the government may have legal authority to conduct intelligence collection against multiple communications facilities used by the target, the user of the facilities – the “target” – is only counted once in the above figures.

Except that it doesn’t admit that, at least in the past, sometimes target means “the switch we know lots of al Qaeda calls to use.” Meaning the term “target” is a misnomer even within the context they lay out.

Hiding the “Government Agency Protocols” that the Founders did not start a Revolution for

For Section 215 (which, remember, includes the phone dragnet, more targeted 2 or 3-degree queries for communication records, and collections of things like acetone purchase records and URL searches), the government gives us this weird byzantine map.

Screen Shot 2014-06-27 at 12.34.41 PM

First, note that almost 150 more selectors were approved for querying the phone dragnet last year (423) than the year before (288). Plus, we can now put some of the queries in perspective. At the time of the Marathon attack, when the very wired Tsarnaev brothers (probably about 4 selectors between them) were queried, NSA permitted 3 hop chaining. That likely means just those 4 phone identifiers sucked in the better part of Cambridge, MA (if they went to that 3rd hop). All those people have had the NSA churning all their data (not just their phone number) for the last year.

Then there’s the general measure of how many “targets” of business records there are: 172. But note that some of these are “entities.” What if that includes anyone searching on a URL related to a particular entity, like AQAP or Wikileaks? That could suck in far more Americans. Note, the Tsarnaev brothers are probably one of those “entities” (or rather, two of the individuals) on whom there were multiple searches, potentially up to and including pressure cooker purchases or searches).

Finally, I Con the Record doesn’t talk about how many of 178 applications involved minimization procedures — what I shall now call “government agency protocols” after John Roberts’ observation that they don’t meet terms our Founders fought a Revolution for. The FISA report covering last year says they modified 141 applications. Most modified orders from the previous year involved government agency protocols, so last year’s probably were too (though there is still a February 2013 dragnet order they’re hiding). So that means about 137 of these orders were likely to be sufficiently large to require minimization, which means they likely implicate far more people, likely Americans, than the 137 reasons they were targeted.

I Con the Record’s National Security apples and oranges

I Con the Record did something rather … interesting with their NSL numbers.

To understand why, you need to understand that Congress only requires they report NSLs concerning US persons — except those asking for subscriber information. Presumably, that means there’s a whole bunch of bulky NSLs for subscriber information of Americans — basically FBI using NSLs to recreate phone books and email subscribers. Based on logic I lay out here, I think FBI issued about 5,500 of those phone book NSLs in 2012.

But today’s I Con the Record reports numbers somewhat differently. I Con the Record explains:

In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a “request.”

We are reporting the annual number of requests rather than “targets” for multiple reasons. First, the FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL.

Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account.

Which gives us this:

Screen shot 2014-06-27 at 6.48.52 PM

So the FISA report says 14,219 requests total, which includes just domestic, but those requests are for 5,334 individual Americans.

This report says 38,832 requests total, including domestic, domestic subscriber (phone book), and foreign (assuming the phone book numbers are around 5,000 again, that works about to be half domestic, half foreign). But we don’t know — effectively the government has managed to bracket off bulky requests under both “transparency” measures.

Ultimately, though, they never ever tell how many American are affected by NSLs. It could be not much more than that 5,334. Or it could be far, far higher, because requests are not targets.

Emptywheel Twitterverse
bmaz @ddayen I presume you went as Mark Penn
2mreplyretweetfavorite
bmaz .@jaketapper Frankly, that "evidence", i.e. inappropriate grand jury leaks, supports Dorian Johnson's version as much as it does Wilson's.
1hreplyretweetfavorite
bmaz @dmataconis Actually should read "Michigan refuses to give Musk+Tesla statutory unfair competitive advantage over all other manufacturers"
1hreplyretweetfavorite
bmaz @Gaius_Publius @emptywheel "Blonde is the first in a series of the Guinness Discovery Series, which will introduce a new beer twice a year."
2hreplyretweetfavorite
bmaz @Gaius_Publius @emptywheel Beer snobs. And for Ms. Guinness, better get used to dilution of the hallowed brand.
2hreplyretweetfavorite
emptywheel @lizzwinstead Get the feeling there was some quick and broad and well-financed coordination on that response.
6hreplyretweetfavorite
emptywheel @JasonLeopold Bingo. Saw that. Need to go back to that one. Timing is very interesting too. And the FoPo withholding.
6hreplyretweetfavorite
emptywheel @JasonLeopold Oh, I remember. So this is CIA White PAper and the other is the DOJ White Paper? Or just that DOJ didn't refer other to CIA?
6hreplyretweetfavorite
emptywheel @JasonLeopold Ah thanks.
6hreplyretweetfavorite
emptywheel RT @TondaMacC: The easiest form of terrorism: no need for sophisticated plots, or training, or financing, by @shephardm: http://t.co/DSQdPF
6hreplyretweetfavorite
emptywheel @JasonLeopold Which one is that on--11/11 or 5/11?
6hreplyretweetfavorite
emptywheel RT @JasonLeopold: JUST FILED: CIA declaration in my #FOIA case re: CIA white ppr turned over to me justifying assassination of Awlaki https…
6hreplyretweetfavorite
October 2014
S M T W T F S
« Sep    
 1234
567891011
12131415161718
19202122232425
262728293031