I wanted to explain why I think it’s such a big deal that James Clapper specifically highlighted the carve out for transparency reporting on FBI’s back door searches in Leahy’s version of Freedom Act’s in his letter supporting the bill.
As I described, the bill requires reporting on back door searches, but then exempts the FBI from that reporting.
But that’s not the part of the bill that disturbs me the most. It’s this language:
‘(3) FEDERAL BUREAU OF INVESTIGATION.—
Subparagraphs (B)(iv), (B)(v), (D)(iii), (E)(iii), and (E)(iv) of paragraph (1) of subsection (b) shall not apply to information or records held by, or queries conducted by, the Federal Bureau of Investigation.
The language refers, in part, to requirements that the government report to Congress:
(B) the total number of orders issued pursuant to section 702 and a good faith estimate of—
(iv) the number of search terms that included information concerning a United States person that were used to query any database of the contents of electronic communications or wire communications obtained through the use of an order issued pursuant to section 702; and
(v) the number of search queries initiated by an officer, employee, or agent of the United States whose search terms included information concerning a United States person in any database of noncontents information relating to electronic communications or wire communications that were obtained through the use of an order issued pursuant to section 702;
These are back door searches on US person identifiers of Section 702 collected data — both content (iv) and metadata (v).
In other words, after having required the government to report how many back door searches of US person data it conducts, the bill then exempts the FBI.
In his letter, Clapper says,
[W]e are comfortable with the transparency provisions in this bill because, among other things, they recognize the technical limitations on our ability to report certain types of information.
FBI back door searches are the most obvious limit on transparency guidelines, and FBI told PCLOB they couldn’t count them for technical reasons.
So effectively, Clapper is suggesting that Congress has recognized that FBI is incapable — for technical reasons — of counting how often it conducts back door searches.
That technical claim is almost certainly bullshit.
As a reminder, here’s what the government told PCLOB about FBI’s back door searches.
Because they are not identified as such in FBI systems, the FBI does not track the number of queries using U.S. person identifiers. The number of such queries, however, is substantial for two reasons.
First, the FBI stores electronic data obtained from traditional FISA electronic surveillance and physical searches, which often target U.S. persons, in the same repositories as the FBI stores Section 702–acquired data, which cannot be acquired through the intentional targeting of U.S. persons. As such, FBI agents and analysts who query data using the identifiers of their U.S. person traditional FISA targets will also simultaneously query Section 702–acquired data.
Second, whenever the FBI opens a new national security investigation or assessment, FBI personnel will query previously acquired information from a variety of sources, including Section 702, for information relevant to the investigation or assessment. With some frequency, FBI personnel will also query this data, including Section 702–acquired information, in the course of criminal investigations and assessments that are unrelated to national security efforts. In the case of an assessment, an assessment may be initiated “to detect, obtain information about, or prevent or protect against federal crimes or threats to the national security or to collect foreign intelligence information.”254 If the agent or analyst conducting these queries has had the training required for access to unminimized Section 702–acquired data, any results from the Section 702 data would be returned in these queries. If an agent or analyst does not have access to unminimized Section 702–acquired data — typically because this agent or analyst is assigned to non-national security criminal matters only — the agent or analyst would not be able to view the unminimized data, but would be notified that data responsive to the query exists and could request that an agent or analyst with the proper training and access to review the unminimized Section 702–acquired data.
As the press is reporting right now, James “Too Cute by Half” Clapper and Eric Holder have written Patrick Leahy a letter endorsing his version of the dragnet reform bill. Reports claim this shows that Clapper supports reform.
Consider me unimpressed.
To understand why, it helps to understand what this letter was once supposed to do. According to a Senate source who is skeptical this reform does enough, it was supposed to provide language that would endorse civil libertarians’ understanding of key terms of the bill. I’m not sure if the letter is still supposed to do that work — if it is not, that is a story unto itself. But the language in this letter doesn’t make any commitments on the key points of concern.
As an initial matter, I was told this letter would include language making it clear that the “connection chaining” language I’ve been so concerned about would limit contact chaining to actual calls made. The letter doesn’t address connection chaining at all. Huh. How about that?
Here’s what Clapper’s letter says about the prospective call detail record (CDR) collection:
The bill also provides a mechanism to obtain telephone metadata records in order to identify potential contacts of suspected terrorists inside the United States. The Intelligence Community believes that, based on communications providers’ existing practices in retaining metadata, the bill will retain the essential operational capabilities of the existing bulk telephone metadata program while eliminating bulk collection.
It’s good news the IC is not asking for data retention requirements — but you ought to ask why, given that the most important provider, Verizon, has told the Senate Intelligence Committee that it only keeps billing records — not CDRs – for 18 months.
Note, however, that Clapper doesn’t use CDR language here — he uses “metadata,” which is actually broader — potentially far broader — than CDRs as defined by the bill. We know, for example, that the IC considers location data metadata — and James Cole told Mark Warner they might ask for hybrid orders to get location data. We know from the ICREACH documents that the IC admits it uses a different definition of metadata than the FISA Court does (the IC’s definition of metadata not only includes content, but also substantive information about people). We know that providers store customer things-that-count-as-metadata on their clouds, indefinitely. Adopting metadata here, in short, may back off the otherwise limited definition of CDR, which is one of the bills laudable limiting factors.
The letter’s claim to end bulk collection does nothing to reflect that the IC’s definition of bulk — anything without a discriminator — has nothing to do with the common English definition of it; it certainly doesn’t promise to end the English language definition of bulk. Moreover, it only promises to limit bulk collection to the “greatest extent practicable.”
[T]he bill permits collection under Section 215 of the USA PATRIOT Act using a specific selection term that narrowly limits the scope of the tangible things sought to the greatest extent reasonably practicable, consistent with the purposes for seeking the tangible things. Recognizing that the terms enumerated in the statute may not always meet operational needs, the bill permits the use of other terms, provided there are court-approved minimization procedures that prohibit the dissemination and require the destruction within a reasonable period of time of any information that has not been determined to satisfy certain specific requirements.
That “reasonably practicable” language is a direct quote from the bill. It adds nothing, and given that Bob Litt refuses to limit FBI back door searches because it’s not practicable, what the IC means by practicable could very easily encompass gross privacy violations — ones that have already been approved by FISC! And remember–the IC can use corporate persons as selection terms.
Then the letter all but admits it will use selection terms that violate this principle, but points to the minimization procedures required by the law to rationalize that. As I’ve pointed out, there’s no reason to believe the minimization procedures will be any more stringent than what the FISC currently requires — and there’s at least some reason to suspect they might be weaker than current minimization procedures. (And remember, the retention requirements for the CDR authority almost certainly broadens permitted dissemination to foreign intelligence purpose, which might lead to a similar broadening of it elsewhere under the authority.)
The transparency paragraph includes this language.
the transparency provisions in this bill … among other things,  recognize the technical limitations on our ability to report certain types of information.
This is James Clapper saying quite clearly to anyone willing to listen that he sees this bill — which explicitly carves out FBI back door searches from any transparency reporting — as Congressional endorsement of the idea that we should never demand the number of FBI back door searches. This language, by itself, ought to make the bill toxic.
Congratulations NGOs. You’re backing the idea that the FBI should be able to use 702 and 12333 collected information in criminal contexts with zero oversight or accountability.
Finally, Clapper’s letter makes it clear that Leahy’s bill will do nothing to stop ex parte communication between the Executive and FISC. And he even points to John Bates’ ridiculous letter (huh, now we have a better sense of who put Bates up to that!) to warn he’ll carve out even more.
We believe that the appointment of an amicus in selected cases, as appropriate, need not interfere with important aspects of the FISA process, including the process of ex parte consultation between the Court and the government. We are also aware of the concerns that the Administrative Offices of the U.S. Courts expressed in a recent letter, and we look forward to working with you and your colleagues to address these concerns.
Especially after we learned Bates single-handedly rewrote PATRIOT last year to make it okay to spy on Americans for their protected speech, we should do nothing to accommodate Bates’ wishes, especially since he didn’t speak with the authority of his position. The FISC, as Bates envisions it, doesn’t resemble a real court at all.
In short, there’s one piece of good news in this letter — that the IC won’t ask for data retention requirements — and a whole lot of reason to be even more skeptical of the bill.
If you didn’t already need proof that the FISA Court needs to consult technical advisors before they permit the government to collect all of Americans’ metadata, consider this lesson DOJ offered as part of its initial application for the Internet dragnet (see page 16).
Of course, you’re prohibited from seeing the better part of that lesson — the fictional example of metadata they offered — because James Clapper has deemed it classified.
Funny. Eric Holder recently claimed in a Congressional hearing that if something’s not true it’s not classified. I guess the fictions they tell FISC judges are another matter.
As I have repeatedly noted, I think President Obama will protect John Brennan — and the CIA more generally — because of the mutual complicity built in between CIA and the White House over covert ops.
It’s not just that CIA knows the full details of the drone killings Obama authorized on his sole authority. It’s also that the CIA is still protecting the Office of the Presidency’s role in torture by withholding from the Senate documents over which the White House might — but did not formally — claim Executive Privilege. Obama did the same thing when he went to some lengths to prevent a very short phrase making it clear torture was Presidentially-authorized from being released in 2009; it wasn’t just the Finding that still authorized his drone strikes the President was protecting, but the Office that George Bush sullied by approving torture.
I also think Obama will stand by Brennan because they have worked closely so long Brennan is one of Obama’s guys.
Bloomberg View’s Jonathan Bernstein doesn’t agree, however. After dismissing Conor Friedersdorf’s version of the mutual incrimination argument, he suggests Obama is simply demonstrating to the national security bureaucracy he’s on their side.
Obama is concerned -– in my view, overly so -– with demonstrating to the intelligence bureaucracy, the broader national security bureaucracy, and the bureaucracy in general, that he is on their side. The basic impulse to stand up for the people he appointed isn’t a bad one; nor is the impulse to demonstrate to the intelligence community that he is no wild-eyed peacenik softie who opposes the work they do. For one thing, he’s more likely to effect change in national security areas if experts in the government believe he’s at least sympathetic to them as individuals and to their basic goals, even if he questions some of the George W.Bush-era (or earlier) methods. For another, the ability of bureaucrats to hurt the president with leaks doesn’t depend on the existence of deep dark secrets. Every president is vulnerable to selective leaks and a drumbeat of steady negative interpretations from the bureaucracy.
And yet, overdoing support for the bureaucracy can have severe costs. On torture, for example, emphasizing the good intentions of those faced with difficult choices during the last decade makes sense. But failing to take action, and leaving bureaucrats with serious liabilities because the status of their past actions is unresolved, only may have made reassuring them of presidential support increasingly necessary. That’s not a healthy situation.
Again: some of the incentive to (at least at first) stand up for presidential appointees is inherent in the presidency, and a healthy thing to do even when the president believes people have misbehaved and should go. But throughout his presidency, Obama has been overly skittish when it comes to potentially crossing his national security bureaucracy, and I strongly suspect that torture and other Bush-era abuses are both part of the original cause and will cause more of that timidity down the road.
Obama has been overly skittish when it comes to crossing his NatSec bureaucracy?
First, as I have already noted, Obama was perfectly happy demanding David Petraeus’ resignation for fucking his biographer. While I have my doubts whether that was really the reason — and while by firing him, Obama undercut a potential 2012 rival — he didn’t shy away from firing a man with some of the best PR in DC.
You might also ask the 19 top Generals and Admirals Obama has fired (most with the help of Bob Gates; also note the 20th on this list is Petraeus) — so many that conservatives accuse him of “purging” — whether he’s squeamish about crossing the NatSec bureaucracy. And while Micah Zenko’s comment on Twitter is correct that intelligence officials have largely escaped this treatment, Obama seemed happy to use Michael Leiter’s National Counterterrorism Center’s failure to stop the UndieBomb attack to fire then Director of National Intelligence Dennis Blair.
President Obama is not a man afraid to fire members of the national security bureaucracy.
The starkest contrast with Brennan’s treatment comes from the case of Stanley McChrystal.
Obama demanded McChrystal’s resignation not because his night raids were exacerbating extremism in Afghanistan. Not because many service members felt he had left them exposed. Not because, even then, it was clear the surge in Afghanistan was going to fail.
Obama demanded McChrystal’s resignation because Michael Hastings exposed McChrystal and his top aides (including Michael Flynn, who quit in April because of differences on policy) being insubordinate. Obama demanded McChrystal’s resignation because doing so was necessary to maintain the primacy of civilian control — like separation of powers, one of the bedrocks ensuring national security doesn’t trump democracy.
That, to me, is the important takeaway from comparing McChrystal’s fate with Brennan’s.
When a top member of the national security bureaucracy challenged the control of the civilian executive, he got canned, appropriately, in my opinion.
But when the Director of the CIA permitted his Agency to strike at the core of the separation of powers by investigating its overseers, Obama offered his support. Obama may have fired a top general for threatening Executive authority, but he has supported a top aide after he threatened Legislative authority.
You can come up with any number of explanations why Obama did that. But being afraid of taking on his National Security bureaucracy — as distinct from taking on the intelligence agencies, as Obama chose not to do when Clapper lied or when Keith Alexander oversaw the leaking of the family jewels even while getting pwned in his core cyberdefense capacity — is not the explanation.
Obama has proven to have no qualms about upsetting his national security bureaucracy. Just that part of it run covertly.
As you likely know, when the White House delivered the torture report back to the Senate Intelligence Committee, they discovered that the Intelligence Community had redacted big chunks of the summary. McClatchy’s latest report reveals the CIA blacked out the pseudonyms of torturers that SSCI had used to hide their real names.
Tom Mentzer, a spokesman for the committee’s chairwoman, Sen. Dianne Feinstein, D-Calif., told McClatchy on Monday that the blackouts _ officially known as redactions _ were made to pseudonyms used for both covert CIA officers and foreign countries.
“No covert CIA personnel or foreign countries are named in the report,” he said. “Only pseudonyms were used, precisely to protect this kind of information. Those pseudonyms were redacted (by the administration).”
All of the pseudonyms were excised from the version of the executive summary that the White House returned to the committee on Friday, a person familiar with the issue said.
I presume CIA felt they had to do this because the names of the torturers are not, in fact secret. We know that Bruce Jessen reverse engineered the torture and Alfreda Bikowsky ordered the rendition of Khalid el-Masri. Keeping the pseudonyms the SSCI used for each secret prevents us from developing a more complete list of the things each did, including the legally actionable things.
In other words, the CIA is redacting things to hide evidence of crimes.
Behind this spat is a more general question: whether redacting 15% of an executive summary is excessive or not. Martin Heinrich says it makes the report unreadable.
“Redactions are supposed to remove names or anything that could compromise sources and methods, not to undermine the source material so that it is impossible to understand,” Sen. Martin Heinrich, D-N.M., a member of the committee, said Sunday in a statement. “Try reading a novel with 15 percent of the words blacked out. It can’t be done properly.”
James Clapper and White House spokesperson Josh Earnest say leaving 85% of the summary is very “transparent.”
Josh Earnest justified the redactions, telling reporters: “We’re talking about very sensitive information here. And it’s important that a declassification process be carried out that protects sources and methods and other information that is critical to our national security.”
He noted that more than 85 percent of the executive summary wasn’t blacked out.
But as Katherine Hawkins noted on Twitter, that’s doing the math wrong. The Executive Branch has already decided that the overwhelming majority of the report — the more detailed chapters — will not be released at all right now. The roughly 408 pages the Administration has decided we can see represents just 6.2% of the report — 408 pages out of 6,600.
SSCI wrote the summary so that it could be released, with the perhaps futile expectation that the rest of the report will be released after Bikowsky and others are no longer still working (!!) for the Agency. And yet the Most Transparent Administration Evah™ believes that even releasing that much is too much transparency and democracy for us.
As I pointed out the other day, the CIA IG Report on spying on the Senate Intelligence Committee appears to say the egregious spying happened after John Brennan told Dianne Feinstein and Saxby Chambliss on January 15 CIA had been spying on SSCI.
Agency Access to Files on the SSCI RDINet:
Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.
Agency Crimes Report on Alleged Misconduct by SSCI Staff:
The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.
Office of Security Review of SSCI Staff Activity:
Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on the RDINet system.
With respect to your second question about monitoring of Members of Congress and Legislative Branch employees, in general those individuals will not be subject to [User Activity Monitoring] because their classified networks are not included in the definition of national security systems (NSS) for which monitoring is required.
Because no internally owned or operated Legislative branch network qualifies as a national security system, UAM by the Executive Branch is accordingly neither required nor conducted. To be clear, however, when Legislative Branch personnel access a national security system used or operated by the Executive Branch, they are of course subject to UAM on that particular system.
CIA’s spying on SSCI took place on CIA’s RDI network, not on the SSCI one. SSCI had originally demanded they be given the documents pertaining to the torture program, but ultimately Leon Panetta required them to work on a CIA network, as Dianne Feinstein explained earlier this year.
The committee’s preference was for the CIA to turn over all responsive documents to the committee’s office, as had been done in previous committee investigations.
Director Panetta proposed an alternative arrangement: to provide literally millions of pages of operational cables, internal emails, memos, and other documents pursuant to the committee’s document requests at a secure location in Northern Virginia. We agreed, but insisted on several conditions and protections to ensure the integrity of this congressional investigation.
Per an exchange of letters in 2009, then-Vice Chairman Bond, then-Director Panetta, and I agreed in an exchange of letters that the CIA was to provide a “stand-alone computer system” with a “network drive” “segregated from CIA networks” for the committee that would only be accessed by information technology personnel at the CIA—who would “not be permitted to” “share information from the system with other [CIA] personnel, except as otherwise authorized by the committee.”
It was this computer network that, notwithstanding our agreement with Director Panetta, was searched by the CIA this past January,
Presumably, those limits on access should have prevented CIA’s IT guys from sharing information about what SSCI was doing on the network. But it’s not clear they would override Clapper’s UAM.
Remember, too, when Brennan first explained how this spying didn’t qualify as a violation of the Computer Fraud and Abuse Act, he said CIA could conduct “lawfully authorized … protective … activity” in the US. Presumably like UAM.
I have no idea whether this explains why CIA’s IG retracted what Feinstein said had been his own criminal referral or not. But I do wonder whether the CIA has self-excused some of its spying on SSCI in the interest of continuous user monitoring?
If so, it would be the height of irony, as UAM did not discover either Chelsea Manning’s or Edward Snowden’s leaks. Imagine if the only leakers the Intelligence Community ever found were their own overseers?
In February 2011, around the time the CIA took over the hunt for Anwar al-Awlaki, NSA started collaborating with Saudi Arabia’s Ministry of Interior’s (MOI) Technical Assistance Directorate (TAD), under the umbrella of CIA’s relationship with MOI (it had previously cooperated primarily with the Kingdom’s Ministry of Defense).
On August 15, 2011, hackers erased the data on two-thirds of the computers at Saudi Aramco; American sources claim Iran was the culprit.
On September 30, 2011, CIA killed Anwar al-Awlaki, using drones operated from a base on Saudi soil.
On November 5, 2012, King Abdullah named close John Brennan ally Mohammed bin Nayef (MbN) Minister of the Interior; MbN had for some time been our top counterterrorism partner in the Kingdom.
On December 11, 2012, James Clapper expanded NSA’s Third Party SIGINT relationship with the Kingdom of Saudi Arabia, for the first time formally including the Ministry of Interior’s Technical Affairs Directorate.
Between January 14 and 16, 2013 MbN traveled to Washington and met with just about every top National Security person (many of whom, including Brennan, were just assuming new jobs). On January 16, MbN and Hillary Clinton renewed and expanded the Technical Cooperation Agreement initiated in 2008. The TCA was modeled on the JECOR program used from the late 1970s until 2000 to recycle US dollars into development programs in Saudi Arabia; in this more recent incarnation, the Saudis recycle dollars into things like a 30,000 mercenary army and other military toys for internal stability and border control. Last year’s renewal — signed just over a month after Clapper made the Saudis full Third Person partners – added cybersecurity to the portfolio. The TCA — both the existing security resources and its expansion under close ally MbN — shored up the power base of one of our closest partners (and at a time when we were already panicking about Saudi succession).
In other words, in addition to expanding Saudi capabilities at a time when it has been cracking down on peaceful dissent, which is what the Intercept story on this document discusses, by giving the Saudi MOI Third Party status, we added to the power of a key ally within the royal family, and did so at a time when the TCA was already shoring up his power base.
We did so, the Information Paper makes clear, in part because MOI has access to internal Saudi telecommunications. While the Information paper talks about AQAP and Iran’s Republican Guard, they are also targeting Saudi targets.
And these new capabilities? They get coordinated through Chief of Station in Riyadh, the CIA. John Brennan’s agency.
It’s all very tidy, don’t you think?
I’ve been so buried in Netroots Nation and related issues I’ve only followed the top-line coverage of the MH17 shoot-down. I think the version the Administration released yesterday — that Ukrainian rebels shot down the airliner by mistake — is the most plausible explanation, though I’m aware of questions about that story.
All that said, there’s something about yesterday’s dog-and-pony show offered at the Office of Director of National Intelligence that seriously discredits the US story.
As the WSJ account of it makes clear, the reporters brought in for that dog-and-pony were explicitly told the dog-and-pony was being held to “not let a Russian narrative get out there.”
The Russian government is making a “full-court press” to spread a Russian version of events that try to pin the shoot-down on the Ukrainians, which is “not plausible to us,” one senior intelligence official said.
A key goal of Tuesday’s presentation, said one senior intelligence official was “not letting a Russian narrative get out there,” said one senior U.S. intelligence official.
(Apparently this senior intelligence official is not honest enough to admit both sides are already in a game of full court pressing – and John Kerry has already gotten beyond what the government released yesterday.)
Here’s the thing. While the Russians have not offered as much proprietary intelligence as the US offered yesterday, the presentation this dog-and-pony show is meant to rebut involve their Ministry of Defense providing a televised briefing on their questions about the event.
By contrast, noted liar James Clapper’s office invited hand-picked journalists in, and swore them to silence about who actually gave the briefing, and only afterwards released a transcript and other materials on the briefing. Spencer Ackerman was among the obvious journalists who should have been but was not invited.
Some of the evidence provided by US intelligence – whose fiscal 2013 budget was $68bn – included Facebook posts. “After it became evident that the plane was a civilian airliner, separatists deleted social media posts boasting about shooting down a plane and possessing a Buk (SA-11) surface-to-air missile system,” a senior intelligence official said in the briefing, held on condition of anonymity. The Guardian was not invited to the briefing, a transcription of which was later made available.
Look, if the US government has a case, they can release it publicly. But what they appear to be doing instead is creating their own official press corps and presenting their case there.
That’s especially true given that something else said at the briefing undermines the US case against the rebels.
They noted that it can be difficult to track the transportation of weapons because they are often moved at night, and the Russians have provided the separatists with types of weapons that the Ukrainians also have in order to maintain “plausible deniability.”
If the Russians have gone to some length to hide their role in arming rebels, why would they also give them a weapon that would draw so much attention (the Ukrainian government has them as well, but they haven’t used them)? (Though I actually think the point is they have been fired, but weren’t considered so fancy until they took down a civilian jet.)
I suspect at this point both sides are hiding interesting details they know. But the US has the more plausible case, thus far. So why are they unwilling to present their case publicly?
In the wake of yesterday’s PCLOB Report, Presidential Review Board Member Geoffrey Stone reminded that Obama’s hand-picked group recommended requiring warrants before accessing US person data collected via Section 702.
In effect, the Review Group recommended that backdoor searches for communications involving American citizens should be prohibited unless the government has probable cause and a warrant. This is essentially what the recently enacted House amendment endorsed.
The Review Group concluded that the situation under section 702 is distinguishable from the situation when the government lawfully intercepts a communication when it has probable cause and a warrant. This is so because, in the section 702 situation, the government is not required to have either probable cause or a warrant to intercept the communication. Because section 702 was not intended to enable the government to intercept the communications of American citizens, because our recommended reform would leave the government free to use section 702 to obtain the types of information it was designed and intended to acquire—the communications of non-U.S. citizens, and because the recommended reform would substantially reduce the temptation the government might otherwise have to use section 702 impermissibly in an effort intentionally to intercept the communications of American citizens, we concluded that this reform was both wise and essential.
But there’s a forgotten detail from ancient history of greater interest. Even the President ordered up changes for back door searches in criminal contexts.
Specifically, I am asking the Attorney General and DNI to institute reforms that place additional restrictions on government’s ability to retain, search, and use in criminal cases, communications between Americans and foreign citizens incidentally collected under Section 702.
Yet in spite of the fact the President asked the Attorney General and DNI to place additional restrictions on the government’s ability to keep, search, and use Section 702 collected information in criminal cases, here’s what we learned yesterday.
[A]lthough a communication must be “destroyed upon recognition” when an NSA analyst recognizes that it involves a U.S. person and determines that it clearly is not relevant to foreign intelligence or evidence of a crime,531 in reality this rarely happens. Nor does such purging occur at the FBI or CIA: although their minimization procedures contain age-off requirements, those procedures do not require the purging of communications upon recognition that they involve U.S. persons but contain no foreign intelligence information.
FBI requires that metadata queries, like content queries, be reasonably designed to return foreign intelligence or evidence of a crime. As noted above, however, the FBI does not separately track which of its queries involve U.S. person identifiers, and so the number of such metadata queries is not known.
As illustrated above, rules and oversight mechanisms are in place to prevent U.S. person queries from being abused for reasons other than searching for foreign intelligence or, in the FBI’s case, for evidence of a crime. In pursuit of the agencies’ legitimate missions, however, government analysts may use queries to digitally compile the entire body of communications that have been incidentally collected under Section 702 that involve a particular U.S. person’s email address, telephone number, or other identifier, with the exception that Internet communications acquired through upstream collection may not be queried using U.S. person identifiers.540 In addition, the manner in which the FBI is employing U.S. person queries, while subject to genuine efforts at executive branch oversight, is difficult to evaluate, as is the CIA’s use of metadata queries.
And the best estimate we’ve been given for how many of these FBI queries take places is a “substantial” amount.
It has been 6 months since the President ordered changes. And the FBI still can’t even count its US person queries, much less quantify them. PCLOB calls it “difficult to evaluate.”
Um, did James Clapper and Eric Holder just blow off the President’s order in January? Because it sure looks like FBI’s back door searches remain a relatively unregulated mess.
Earlier today, I got to tell the journalists who have long ignored that the FBI does back door searches — or even suggested I was guessing that they do, when it appeared in multiple public documents — that I had been telling them so for a long time.
But today I also have to admit I got suckered by a year-long Director of National Intelligence effort at a limited hangout. That effort was, I’m convinced, designed to hide that the Section 702 program is far broader than government witnesses wanted to publicly admit it was. Nevertheless, I was wrong about a supposition I had believed until about 2 months ago.
Since the first days after the Snowden leaks, the government has suggested it had 3 certificates under Section 702, covering counterterrorism, counterproliferation, and cybersecurity. But — as the WaPo reports (as with the ODNI back door search numbers, in convenient timing that conveniently preempts the PCLOB report) — that’ s not the case. The NSA has a certificate that covers every foreign government except the other 4 members of the 5 Eyes (UK, Canada, New Zealand, and Australia), as well as various foreign organizations like OPEC, the European Central Bank, and various Bolivarist groups.
For an entire year, the government has been suggesting that is not the case. I even believed them, the one thing I know of where I got utterly suckered. I was wrong.
Frankly, this certification should not be a surprise. It is solidly within the letter of the law, which permits collection on any agent of a foreign power. From the very first PRISM revelations, which showed collection on Venezuela, it was clear NSA collected broadly, including on Bolivarist governments and energy organizations.
But consistently over the last year, the NSA has suggested it only had certifications for CT, CP, and cyber.
On June 8 of last year, for example, ODNI listed 3 Section 702 successes.
The October 3, 2011 John Bates opinion, released in October, made it clear there were just 3 certificates at that point.
(Though note the Semiannual Compliance Review released last year looked to be consistent with at least one more certificate.)
The President’s Review Group emphasized the categorical nature of certificates, and in its second discussion thereof named those same three categories.
[S]ection 702 authorized the FISC to approve annual certifications submitted by the Attorney General and the Director of National Intelligence (DNI) that identify certain categories of foreign intelligence targets whose communications may be collected, subject to FISC-approved targeting and minimization procedures. The categories of targets specified by these certifications typically consist of, for example, international terrorists and individuals involved in the proliferation of weapons of mass destruction.
Section 702 requires that NSA’s certifications attest that a “significant purpose” of any acquisition is to obtain foreign intelligence information (i.e. directed at international terrorism, nuclear proliferation, or hostile cyber activities), that it does not intentionally target a United States person, that it does not intentionally target any person known at the time of acquisition to be in the United States, that it does not target any person outside the United States for the purpose of targeting a person inside the United States, and that it meets the requirements of the Fourth Amendment.
And in March testimony before PCLOB, NSA General Counsel Raj De suggested those same three topics.
But beyond that there has to be a valid foreign intelligence reason within the ambit of one of those certifications that the FISC approves annually. Those are certifications on things like counterterrorism, encountering WMDs, for example, weapons of mass destruction.
Most recently, former DOJ official Carrie Cordero – who has been involved in this whole certification process – claimed in the CATO debate we’ve been engaged in “they are not so broad that they cover any and everything that might be foreign intelligence information.”
And yet, there’s a foreign intelligence certificate that covers any and everything that might be foreign intelligence information, a certificate that destroys the whole point of having certificates (though if there’s a cyber one, I suspect it has its own problems, in that it permits domestic collection).
Lots of people are claiming WaPo’s latest is no big deal, because of course the NSA spies on foreign government’s. They’re right, to a point. Except that the government has been strongly implying, since day one, that Section 702 was narrowly deployed, not available to use against all but our 4 closest spying allies.
PCLOB is surely about to make it clear that’s not the case. And voila! All of a sudden it becomes clear the government has been misleading when it claimed this was narrowly deployed.