John Bates

1 2 3 9

White House Supports USA Freedom Act, with Bates-Clapper Caveats about Amicus

The White House has come out with an enthusiastic statement supporting USA Freedom Act.

The Administration strongly supports Senate passage of S. 2685, the USA FREEDOM Act. In January, the President called on Congress to enact important changes to the Foreign Intelligence Surveillance Act (FISA) that would keep our Nation safe, while enhancing privacy and better safeguarding our civil liberties. This past spring, a broad bipartisan majority of the House passed a bill that answered the President’s call. S. 2685 carefully builds on the good work done in the House and has won the support of privacy and civil liberties advocates and the private sector, including significant members of the technology community. As the Attorney General and the Director of National Intelligence stated in a letter dated September 2, 2014, the bill is a reasonable compromise that enhances privacy and civil liberties and increases transparency.

The bill strengthens the FISA’s privacy and civil liberties protections, while preserving essential authorities that our intelligence and law enforcement professionals need.

It says the bill ends bulk collection which might be a useful record if the President used a definition besides “without any discriminator,” but that is what he is on the record as meaning by “bulk.”

The bill would prohibit bulk collection through the use of Section 215, FISA pen registers, and National Security Letters while maintaining critical authorities to conduct more targeted collection. The Attorney General and the Director of National Intelligence have indicated that the bill will retain the essential operational capabilities of the existing bulk telephone metadata program while eliminating bulk collection, based on communications providers’ existing practices.

Perhaps the most troubling part of Obama’s statement, however, is its endorsement of John Bates’ language about the amicus as echoed by James Clapper and Eric Holder, which among other things said that the amicus could not be required to represent the interests of civil liberties and privacy.

The bill also authorizes an independent voice in significant cases before the Foreign Intelligence Surveillance Court (FISC) — the Administration is aware of the concerns with regard to this issue, as outlined in the letter from the Attorney General and the Director of National Intelligence, and the Administration anticipates that Congress will address those concerns. Finally, the bill will enhance transparency by expanding the amount of information providers can disclose and increasing public reporting requirements.

In sum, this legislation will help strengthen Americans’ confidence in the Government’s use of these important national security authorities. Without passage of this bill, critical authorities that are appropriately reformed in this legislation could expire next summer. The Administration urges Congress to take action on this legislation now, since delay may subject these important national security authorities to brinksmanship and uncertainty. The Administration urges the Senate to pass the USA FREEDOM Act and for the House to act expeditiously so that the President can sign legislation into law this year. [my emphasis]

As I said here, the designed impotence of the amicus is not a reason to oppose the bill; it’s just a reason to expect to have to wait 9 years before it becomes functional, as happened with PCLOB. Still, it is very very troubling that given all the evidence that the Executive has been abusing the process of the FISC for a decade, the Executive is moving to ensure they’ll still be able to do so.

How to Fix the FISA Court … Or Not

The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26)

That line, from the FISCR opinion finding the Protect America Act constitutional, gets to the core problem with the FISA Court scheme. Even in 2009, when the line was first made public, it was pretty clear the government had made a false claim to the FISA Court of Review.

Now that we know that FBI had already been given authority to keep PAA-collected content in databases that they could search at what is now called the assessment stage of investigations – warrantless searches of the content of Americans against whom the FBI has no evidence of wrong-doing — the claim remains one of the signature moments where the government got approval for a program by being less than candid to the court (the government has been caught doing so in both Title III courts and at FISC, and continues to do so).

That’s also why I find Greg McNeal’s paper on Reforming the FISC, while very important, ultimately unconvincing.

McNeal’s paper is invaluable for the way he assesses the decision — in May 2006 — to authorize the collection of all phone records under Section 215. Not only does the paper largely agree with the Democratic appointees on PCLOB that the program is not authorized by the Section 215 statute, McNeal conducts his own assessment of the government’s application to use Section 215 for that purpose.

The application does not fare well.

Moreover, the government recognized that not all records would be relevant to an investigation, but justified relevance on what could best be described as usefulness or necessity to enable the government’s metadata analysis, stating:

The Application fully satisfies all requirements of title V of FISA. In particular, the Application seeks the production of tangible things “for” an international terrorism investigation. 50 U.S.C. § 1861(a)(1). In addition, the Application includes a statement of facts demonstrating that there are reasonable grounds to believe that the business records sought are “relevant” to an authorized investigation. Id.  § 1861(b)(2). Although the call detail records of the [redacted] contain large volumes of metadata, the vast majority of which will not be terrorist-related, the scope of the business records request presents no infirmity under title V. All of the business records to be collected here are relevant to FBI investigations into [redacted] because the NSA can effectively conduct metadata analysis only if it has the data in bulk.49

The government went even further, arguing that if the FISC found that the records were not relevant, that the FISC should read relevance out of the statute by tailoring its analysis in a way that would balance the government’s request to collect metadata in bulk against the degree of intrusion into privacy interests. Disregarding the fact that the balancing of these interests was likely already engaged in by Congress when writing section 215, the government wrote:

In addition, even if the metadata from non-terrorist communications were deemed not relevant, nothing in title V of FISA demands that a request for the production of “any tangible things” under that provision collect only information that is strictly relevant to the international terrorism investigation at hand. Were the Court to require some tailoring to fit the information that will actually be terrorist-related, the business records request detailed in the Application would meet any proper test for reasonable tailoring. Any tailoring standard must be informed by a balancing of the government interest at stake against the degree of intrusion into any protected privacy interests. Here, the Government’s interest is the most compelling imaginable: the defense of the Nation in wartime from attacks that may take thousands of lives. On the other side of the balance, the intrusion is minimal. As the Supreme Court has held, there is no constitutionally protected interest in metadata, such as numbers dialed on a telephone.50

Thus, what the government asked the court to disregard the judgment of the Congress as to the limitations and privacy interests at stake in the collection of business records. Specifically, the government asked the FISC to disregard Congress’s imposition of a statutory requirement that business records be relevant, and in disregarding that statutory requirement rely on the fact that there was no constitutionally protected privacy interest in business records. The government’s argument flipped the statute on its head, as the purpose of enhancing protections under section 215 was to supplement the constitutional baseline protections for privacy that were deemed inadequate by Congress.

McNeal is no hippie. That he largely agrees and goes beyond PCLOB’s conclusion that this decision was not authorized by the statute is significant.

But as I said, I disagree with his remedy — and also with his assessment of the single source of this dysfunction.

McNeal’s remedy is laudable. He suggests all FISC decisions should be presumptively declassified and any significant FISC decision should get automatic appellate review, done by FISCR. That’s not dissimilar to a measure in Pat Leahy’s USA Freedom Act, which I’ve written about here. With my cautions about that scheme noted, I think McNeal’s remedy may have value.

The reason it won’t be enough stems from two things.

First, the government has proven it cannot be trusted with ex parte proceedings in the FISC. That may seem harsh, but the Yahoo challenge — which is the most complete view we’ve ever had of how the court works, even with a weak adversary — really damns the government’s conduct. In addition to the seemingly false claim to FISCR about whether the government held databases of incidentally collected data, over the course of the Yahoo challenge, the government,

  • Entirely restructured the program — bringing the FBI into a central role of the process — without telling Reggie Walton about these major changes to the program the challenge he was presiding over evaluated; this would be the first of 4 known times in Walton’s 7-year tenure where he had to deal with the government withholding materially significant information from the court
  • Provided outdated versions of documents, effectively hiding metadata that would have shown EO 12333, which was a key issue being litigated, was more fluid than presented to the court
  •  Apparently did not notice either FISC or FISCR about an OLC opinion — language from which was declassified right in the middle of the challenge — authorizing the President to pixie dust EO 12333 at any time without noting that publicly
  • Apparently did not provide the underlying documents explaining another significant change they made during the course of the challenge, which would have revealed how easily Americans could be reverse targeted under a program prohibiting it; these procedures were critical to FISCR’s conclusion the program was legal

In short, the materials withheld or misrepresented over the course of the Yahoo challenge may have made the difference in FISCR’s judgment that the program was legal (even ignoring all the things withheld from Yahoo, especially regarding the revised role of FBI in the process). (Note, in his paper, McNeal rightly argues Congress and the public could have had a clear idea of what Section 702 does; I’d limit that by noting that almost no one besides me imagined they were doing back door searches before that was revealed by the Snowden leaks).

One problem with McNeal’s suggestion, then, is that the government simply can’t be trusted to engage in ex parte proceedings before the FISC or FISCR. Every major program we’ve seen authorized by the court has featured significant misrepresentations about what the program really entailed. Every one! Until we eliminate that problem, the value of these courts will be limited.

But then there is the other problem, my own assessment of the source of the problem with FISC. McNeal thinks it is that Congress wants to pawn its authority off onto the FISC.

The underlying disease is that Congress wants things to operate the way that they do; Congress wants the FISC and has incentives to maintain the status quo.

Why does Congress want the FISC? Because it allows them to push accountability off to someone else. If members ofCongress are responsible for conducting oversight of secretoperations, their reputations are on the line if the operations gotoo far toward violating civil liberties, or not far enoughtoward protecting national security. However, with the FISC conducting operations, Congress has the ability to dodge accountability by claiming they have empowered a court to conduct oversight.

I don’t, in general, disagree with this sentiment in the least. The last thing Congress wants to do is make a decision that might later be tied to an intelligence failure, a terrorist attack, a botched operation. Heck, I’d add that the last thing most members of Congress serving on the Intelligence Committees would want to do is piss off the contractors whose donations provide one of the perks of the seat.

But the dysfunction of the FISC stems, in significant part, from something else.

In his paper on the phone dragnet (which partly incorporates the Internet dragnet), David Kris suggests the original decision to bring the dragnets under the FISC (in the paper he was limited by DOJ review about what he could say of the Internet dragnet, so it is not entirely clear whether he means the Colleen Kollar-Kotelly opinion that paved the way for the flawed Malcolm Howard one McNeal critiques, or the Howard one) was erroneous. Continue reading

The FBI’s Black Hole of Devised Ignorance Surrounding Americans Subject to Section 215

Over at VICE, I’ve got a long piece summarizing all the ways (well, probably just some of them) FBI refuses to count its intelligence surveillance, meaning there’s a black hole about what FBI does with some of its most intrusive surveillance.

Among other things in the piece, it includes this explanation of why FBI doesn’t want to count how many Americans get sucked up in Section 215 collection under USA Freedom Act (though the FBI improbably depicted that as a independent decision of Congress).

The bill also exempts the FBI from counting how many US persons get swept up in its use of another authority, Section 215 of the Patriot Act, the statute currently used to collect some significant subset of all Americans’ phone records. In addition to those phone records, FBI also uses Section 215 for other “tangible things,” which it can collect in significant bulk. The FBI says it won’t start counting the Section 215 records obtained because the records it collects (which include email metadata, hotel records, and sales transactions, in addition to phone records) “typically do not indicate the location of the sender or recipient at the time of communication or collection.” So learning the location would “require the FBI to scrutinize certain communications or take additional investigative steps to determine the location of the communicants.” Basically, FBI says tracking what it is doing would, by itself, be a privacy invasion.

The FBI’s comments on why it should not track how many Americans get sucked up in Section 215 collection is worth further focus, however.

The types of business records collected under a Section 215 order rarely contain information sufficient to determine the location of the person(s) referenced in the records.  The FBI collects a variety of information from FISA business records orders, from hotel records to sales transactions to e-mail metadata – many of which provide little or no information regarding the location of those referenced in the records.  The majority of communications collected by business records are related to e-mail metadata.  This information is only provided in a to-from format and does not include subscriber information for the communicants.  In addition, the records typically do not indicate the location of the sender or recipient at the time of communication or collection.  Imposing a reporting requirement to track the number persons located in the U.S. whose information had been collected under Section 215 would thus require the FBI to scrutinize certain communications or take additional investigative steps to determine the location of the communicants.  In many instances, the FBI would otherwise have elected not to scrutinize these communicants or take additional investigative steps.  The imposition of a reporting requirement, therefore, could actually result in a greater intrusion of privacy on certain communicants.  It simply does not make sense for a reporting requirement designed to monitor privacy impact on U.S. persons to result in further scrutiny or investigative activity that may not otherwise be pursued.

First, because FBI confirms how it is using Section 215 (though much of this has been made public, much of it covered here first).

  • Email metadata
  • Hotel records
  • Sales transactions (which would include explosives precursors like acetone, hydrogen peroxide, fertilizer, and pressure cookers)

(Note the silence about money transfers; but maybe FBI just disavows that program, which is a CIA focus.)

Given many things the government has said in legal filings, I would understand “email metadata” very broadly to include “Internet communications metadata.”

The rest of the statement expands on arguments (that are implicit in USAF’s refusal to count a US-based IP address as US location) about why the Intelligence Community can’t count how many Americans are subject to Section 215 surveillance: Because it professes to be unable to track whether email participants are in the US.

So they argue that their devised helplessness in determining where email takes place makes it counterproductive for them to give any sense of how many Americans’ email they’re surveilling.

Of course, there’s another side to this devised ignorance.

John Bates has twice told the Intelligence Community that illegal wiretapping of email in the US is only illegal if the government knows that the emails in question are domestic. So by refusing to find some solution to their devised ignorance, the FBI also ensures that it can never be held to account if it happens to start collecting things — like content as metadata — that it should not legally be able to obtain without a warrant.

It’s a brilliant scheme, this black hole of FBI surveillance. Not only doesn’t it have to alert Americans to how many Americans the FBI is surveilling. But unlike every American the FBI might target, it can claim that ignorance is a defense.

John Bates Gets Slapped Down for Speaking Out of Turn, Again

A few weeks back, I pointed to 9th Circuit Chief Judge Alex Kozinski’s criticism of John Bates’ presumption to speak for the judiciary in his August 5 letter complaining about some aspects of USA Freedom Act. Kozinski was pretty obviously pissed.

But compared to the op-ed from retired District Court Judge Nancy Gertner – who effectively scolds Bates, as the Administrative staff, speaking out of turn — Kozinski was reserved.

[W]hatever the merits of Bates’ concerns—and other judges have dissented from it—he most assuredly does not speak for the Third Branch.

[snip]

Bates has been appointed by Chief Justice John Roberts to serve as director of the Administrative Office of the U.S. Courts, the body that administers the federal courts. It was created in 1939 to take the administration of the judiciary out of the Department of Justice. Its principal tasks were data collection and the creation of budgets and, while its duties have grown over the years, they remain administrative (dealing with such things as court reporters, interpreters, judicial pay, maintenance of judicial buildings, staffing etc.).

When members of Congress solicit the “judiciary’s” opinion they may write to the office’s director, but he has no authority to make policy for the federal judiciary. It is the Judicial Conference of the United States Courts, to which the AO director is only the “secretary,” that has that responsibility.

I’m very supportive of Gertner’s defense of judicial independence and her concern about the operation of the FISA Court.

But her critique goes off the rails when she points to DOJ’s purported support of USA Freedom Act as a better indication of the Executive’s views than Bates’ comments.

Moreover, a great deal of Bates’ letter focuses on the Senate proposals’ impact on the executive branch and the intelligence community. The Senate bill would burden the executive with more work and even delay the FISA court’s proceedings, he suggests. Worse yet, the executive may be reluctant to share information with an independent advocate—a troubling claim.

Bates’ concerns are belied by the support voiced by the Department of Justice and the president for the Senate proposal. Surely, the executive branch understands its own needs better than does Bates. Surely, the executive branch has confidence in the procedures that the FISA court would have in place for dealing with classified information, just as the courts that have dealt with other national security issues have had.

And surely, the executive would abide by what the law requires, notwithstanding Bates’ predictions about its “reluctance” to share information with a special advocate.

DOJ’s “support” of the bill was expressed when Eric Holder co-signed a letter (which Gertner tellingly doesn’t mention, much less link) from James Clapper which, when read with attention, clearly indicated the Executive would interpret the bill to be fairly permissive on most of the issues on which the Senate bill would otherwise improve on the House one. Holder’s “support” of the bill strongly indicates that DOJ, with ODNI, plans to use the classification and privilege “protections” in the bill to refuse to share information with the special advocate.

And that’s precisely the part of the letter where Holder and Clapper invoke Bates.

Continue reading

USA Freedom Act’s So-Called “Transparency” Provisions Enable Illegal Domestic Surveillance

I regret that I am only now taking a close look at the “transparency” provisions in Patrick Leahy’s version of USA Freedom Act. They are actually designed not to provide “transparency,” but to give a very misleading picture of how much spying is going on. They are also designed to permit the government to continue not knowing how much content it collects domestically under upstream and pen register orders, which is handy, because John Bates told them if they didn’t know it was domestic then collecting domestic isn’t illegal.

In this post, I’ve laid out the section of the bill that mandates reporting from ODNI, with my comments interspersed along with what the “transparency” report Clapper did this year showed.

(b) MANDATORY REPORTING BY DIRECTOR OF NATIONAL INTELLIGENCE.—

(1) IN GENERAL.—Except as provided in subsection (e), the Director of National Intelligence shall annually make publicly available on an Internet Web site a report that identifies, for the preceding 12-month period—

This language basically requires the DNI to post a report on I Con the Record every year. But subsection (e) provides a number of outs.

Individual US Person FISA Orders

(A) the total number of orders issued pursuant to titles I and III and sections 703 and 704 and a good faith estimate of the number of targets of such orders;

This language requires DNI to describe, in bulk, how many individual US persons are targeted in a given year (there were 1,767 orders and 1,144 estimated targets last year). But it only requires DNI to give a “good faith estimate” of these numbers (and that’s what they’re listed as in ODNI’s report from last year)! If there’s one thing DNI should be able to give a rock-solid number for, it’s individual USP targets. But … apparently that’s not the case.

Screen Shot 2014-09-10 at 10.29.15 AM

Section 702 Orders

(B) the total number of orders issued pursuant to section 702 and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders;

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This language requires DNI to provide an estimate of the number of targets of Section 702 which includes both upstream and PRISM production. Last year, this was one order (ODNI doesn’t tell us, but there were at least 3 certificates –Counterterrorism, Counterproliferation, and Foreign Government) affecting 89,138 targets.

Screen Shot 2014-09-10 at 10.23.26 AM

The new reporting requires the government to come up with some estimate of how many communications are collected, as well as how many are located inside the US.

Except DNI is permitted to issue a certification saying that there are operational reasons why he can’t provide that last bit — how many are in the US. Thus, 4 years after refusing to tell John Bates how many Americans’ communications NSA was sucking up in upstream collection, Clapper is now getting the right to continue to refuse to provide that ratified by Congress. And remember — Bates also said that if the government didn’t know it was collecting that content domestically, then it wasn’t really in violation of 50 USC 1809(a). So by ensuring that it doesn’t have to count this, Clapper is ensuring that he can continue to conduct illegal domestic surveillance.

Don’t worry though. The bill includes language that says, even though this provision permits the government to continue conducting illegal domestic collection, “Nothing in this section affects the lawfulness or unlawfulness of any government surveillance activities described herein. ”

Back Door Searches

(iv) the number of search terms that included information concerning a United States person that were used to query any database of the contents of electronic communications or wire communications obtained through the use of an order issued pursuant to section 702; and

(v) the number of search queries initiated by an officer, employee, or agent of the United States whose search terms included information concerning a United States person in any database of noncontents information relating to electronic communications or wire communications that were obtained through the use of an order issued pursuant to section 702;

This language counts back door searches.

But later in the bill, the FBI — which we know does the bulk of these back door searches — is exempted from all of this reporting. As I noted in this post, effectively the Senate is saying it’s no big deal of FBI doesn’t track how many warrantless searches of US person content it does, even of people against whom the FBI has no evidence of wrongdoing.

In addition, note that odd limit to (v). DNI only has to report metadata searches “initiated by an officer, employee, or agent” of the United States. That would seem to exempt any back door metadata searches by foreign governments (it might also exempt contractors, but they should be included as “agents” of the US). Which, given that CIA doesn’t currently count its metadata searches, and given that CIA conducts a bunch of metadata searches on behalf of other entities, leads me to suspect that CIA may be doing metadata searches “initiated” by foreign governments. But that’s a guess. One way or another, though, this clause was written to not count some of these metadata searches. [Update: On reflection, that language may be designed to avoid counting automated processes as searches -- if they're initiated by a robot rather than an employee they're not counted!]

Pen Register Orders

C) the total number of orders issued pursuant to title IV and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders; and

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This language counts how many Pen Register orders the government obtains, how many individuals get sucked up, and how many are in the US, both of which are additions on what ODNI reported this year.

Screen Shot 2014-09-10 at 10.50.08 AM

But that last bit — counting people in the US — is again a permissible exemption under the bill. Which is, as you’ll recall, the other way NSA has been known to engage in illegal domestic content collection. The only known bulk pen register is currently run by FBI, but in any case, the exemption has the same effect, of permitting the government from ever having to admit that it is breaking the law.

Traditional Section 215 Collection

(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders; and

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This requires DNI to report on traditional Section 215 orders, but the entire requirement is a joke on two counts.

Screen Shot 2014-09-10 at 11.09.02 AM

First, note that, for a reporting requirement for a law permitting the government to collect “tangible things,” it only requires individualized reporting for “communications.” “Individuals whose communications were collected” are specifically defined as only involving phone calls and electronic communications.

So this “transparency” bill will not count how many individuals have their financial records, beauty supply purchases, gun purchases, pressure cooker purchases, medical records, money transfers, or other things sucked up, much of which we know to be done under this bill. And this is particularly important, because the law still permits bulk collection of these things. Thus, this “transparency” report creates the illusion that far less collection is done under Section 215 than actually is, it creates the illusion that bulk collection is not going on when it is.

But it gets worse!

Continue reading

James Clapper, Bates-Stamp, and Gutting the FISA Advocate

As I noted the other day, in his letter purportedly “supporting” Patrick Leahy’s USA Freedom Act, James Clapper had this to say about the special advocate amicus curiae position laid out by the law.

We note that, consistent with the President’s request, the bill estsablishes a process for the appointment of an amicus curiae to assist the FISA Court and FISA Court of Review in matters that present a novel or significant interpretation of the law. We believe that the appointment of an amicus in selected cases, as appropriate, need not interfere with important aspects of the FISA process, including the process of ex parte consultation between the Court and the government. We are also aware of the concerns that the Administrative Offices of the U.S. Courts expressed in a recent letter, and we look forward to working with you and your colleagues to address these concerns.

Clapper stretches the actual terms of all four provisions of the bill he discusses — he admits he’ll use selection terms outside those enumerated by the statute, he discusses collecting “metadata” rather than the much more limited “call detail records” laid out in the bill, and he facetiously claims FBI won’t count its back door searches because of technical rather than policy choices.

But I think Clapper’s comments about the FISC amicus curiae deserve particular attention, because the letter suggests strongly that Clapper will ignore the law on one of the key improvements in the bill.

Clapper claims, first of all, that Obama has called for the appointment of an amicus curiae.

That’s false.

Obama actually called for fully-independent advocates.

To ensure that the Court hears a broader range of privacy perspectives, I am calling on Congress to authorize the establishment of a panel of advocates from outside government to provide an independent voice in significant cases before the Foreign Intelligence Surveillance Court.

That may seem like semantics. But in his letter, Clapper signals he will make the amicus curiae something different. First, he emphasized this amicus will not interfere with ex parte communications between the court and the government. That may violate this passage of Leahy’s bill, which guarantees the special advocate have access to anything that is “relevant” to her duties.

(A) IN GENERAL.—If a court established under subsection (a) or (b) designates a special advocate to participate as an amicus curiae in a proceeding, the special advocate—

[snip]

(ii) shall have access to all relevant legal precedent, and any application, certification, petition, motion, or such other materials as are relevant to the duties of the special advocate;

Given that in other parts of 50 USC 1861, “relevant” has come to mean “all,” it’s pretty amazing that Clapper says the advocate won’t have access to all communication between the government and the court.

There are just two bases on which the advocate can be denied access to documents she would need.

(i) IN GENERAL.—A special advocate, experts appointed to assist a special advocate, or any other amicus or technical expert appointed by the court may have access to classified documents, information, and other materials or proceedings only if that individual is eligible for access to classified information and to the extent consistent with the national security of the United States.

(ii) RULE OF CONSTRUCTION.— Nothing in this section shall be construed to require the Government to provide information to a special advocate, other amicus, or technical expert that is privileged from disclosure.

If we could believe that Clapper were operating on good faith, this language would be fairly innocuous. But given that Clapper has made it very explicit he wants to continue to conduct ex parte communication, and given that the Director of National Intelligence has a significant role in both need to know determinations and privilege claims, this language — and Clapper’s commitment to retain ex parte communications — is a pretty good indication he plans to deny access based on these two clauses.

And all that’s before Clapper says he plans to continue to work with Leahy to address some of John Bates purported concerns.

As a reminder, in Bates’ most recent letter, he claimed to be speaking “on behalf of the Judiciary” and used the royal “we” throughout. In response to the letter, Steve Vladeck raised real questions what basis Bates had to use that royal “we.”

Judge Bates’s latest missive … raises the question of why Judge Bates believes he’s entitled to speak “on behalf of the Judiciary”–especially when at least two former FISA judges have expressly endorsed reforms far more aggressive than those envisaged by the Senate bill, and when the substance of Judge Bates’s objections go principally to burdens on the Executive Branch, not the courts.

Then Senior 9th Circuit Chief Judge Alex Kozinski weighed in. While he professed not to have studied the matter, he made it quite clear that he

was not aware of Director Bates’s letter before it was sent, nor did [he] receive a copy afterwards.

[snip]

having given the matter little consideration, and having had no opportunity to deliberate with the other members of the Judicial Conference, I have serious doubts about the views expressed by Judge Bates. Insofar as Judge Bates’s August 5th letter may be understood as reflecting my views, I advise the Committee that this is not so.

In other words, Bates decided to speak for the Judiciary without consulting them.

And, as Vladeck correctly notes, what he said seemed to represent the views of the Executive, not the Judiciary. I think that conclusion is all the more compelling when you consider the 3 big opinions we know Bates wrote while serving on FISC:

  • Around July 2010: After noting that the Executive had violated the PRTT orders from 2004 until 2009 when it was shut down, including not disclosing that virtually every record collected included unauthorized collection, he reauthorized and expanded the program 11- to 24-fold, expanding both the types of data permitted and the breadth of the collection. Bates did prevent the government from using some of what it had illegally collected in the past, but told them if they didn’t know it was illegal they could use it.
  • October 3, 2011: The year after he had reauthorized PRTT in spite of the years of violation, the government informed him they had been illegally collecting US person content for 3 years. Bates authorized some of this collection prospectively (though more assertively required them to get rid of the past illegal collection). At the same time, Bates permitted NSA and CIA to conduct back door searches of US person PRISM content.
  • February 19, 2013: Bates unilaterally redefined the PATRIOT Act to permit the government to collect on US persons solely for their First Amendment activities, so long as the activities of their associates were not protected by the First Amendment.

In short, even though Bates knew better than anyone but perhaps Reggie Walton of the Executive’s persistent violations of FISA orders, he repeatedly expanded these programs in dangerous ways even as he found out about new violations.

That’s they guy lecturing Leahy on how the FISC needs to work, invoking the royal “we” he hasn’t gotten permission to use.

And consider the things Bates asked for in his most recent letter – which, by invocation, Clapper is suggesting he’ll demand from Leahy.

  • The advocate should not be mandated to speak for privacy and civil liberties.
  • The advocate should not be adversarial because that might lead the government to stop sharing information it is required to share.
  • The advocate should not be required to be consulted on all novel issues [I wonder now if Bates considers the First Amendment application a novel issue?] because that might take too long.

Basically, Bates says Leahy should replace his language with the House language.

In our view, the greater flexibility and control that the FISA courts would have under the amicus provision in H.R. 3361 make it a better fit for FISA court proceedings than the special advocate provision of S. 2685. As discussed above, the House bill would give the FISA courts substantial flexibility not only in deciding when to appoint an amicus in the first place, but also in tailoring the nature and scope of the assistance provided to the circumstances of a particular matter.

So the guy who Bates-stamped so many dangerous decisions wants FISC to retain the authority to continue doing so.

Again, Clapper is absolutely wrong when he claims this kind of thing — a role the FISC can sharply limit what advice it gets and the DNI can sustain ex parte proceedings by claiming privilege or need to know — is what President Obama endorsed 8 months ago.

Which raises the question: is the President going to tell his DNI to implement his own policy choices? Or is he going to let James Clapper and Bob Litt muddle up a democratic bill again?

John “Bates Stamp” Lives Up to the Name

On February 19, 2013, John Bates approved a Section 215 order targeting an alleged American citizen terrorist. He hesitated over the approval because the target’s actions consisted of protected First Amendment speech.

A more difficult question is whether the application shows reasonable grounds to believe that the investigation of [redacted] is not being conducted solely upon the basis of activities protected by the first amendment. None of the conduct of speech that the application attributes to [4 lines redacted] appears to fall outside the ambit of the first amendment. Even [redacted] — in particular, his statement that [redacted] — seems to fall well short of the sort of incitement to imminent violence or “true threat” that would take it outside the protection of the first amendment. Indeed, the government’s own assessment of [redacted] points to the conclusion that it is protected speech. [redacted] Under the circumstances, the Court is doubtful that the facts regarding [redacted] own words and conduct alone establish reasonable grounds to believe that the investigation is not being conducted solely on the basis of first amendment.

He alleviated his concerns by apparently relying on the activities of others to authorize the order.

The Court is satisfied, however, that Section 1861 also permits consideration of the related conduct of [redacted] in determining whether the first amendment requirement is satisfied. The text of Section 1861 does not restrict the Court to considering only the activities of the subject of the investigation in determining whether the investigation is “not conducted solely on the basis of activities protected by the first amendment.” Rather, the pertinent statutory text focuses on the character (protected by the first amendment or not) of the “activities” that are the “basis” of the investigation.

Later in the opinion, Bates made it clear these are activities of someone besides the US citizen target of this order, because the activities in question were not being done by US persons.

Such activities, of course, would not be protected by the first amendment even if they were carried out by a United States person.

If I’m right that behind the redactions Bates is saying the activities of associates were enough to get beyond the First Amendment bar for someone only expressing support, then it would seem to require Association analysis. But then, Bates, the big fan of not having any help on his FISC opinions, wouldn’t consider that because the government never does.

Ah well. At least we can finally clarify about whether or not the FISC is a rubber stamp for Administration spying. No. It’s a Bates stamp — in which judges engage in flaccid legal analysis in secret before approving fairly troubling applications. Which is just as pathetic.

NSA’s Lawyers Missed “Virtually Every Record” over 25 Reviews

As I’ve written before, the Internet dragnet did not get through the its first 90 day Primary Order before it violated the rules laid out by the FISA Court. In an effort to convince Judge Kollar-Kotelly they could conduct the dragnet according to her orders, NSA’s Office of General Counsel agreed to do spot checks of the data twice every 90-day authorization. That requirement stayed in place for the rest of the dragnet.

Which means between 2004 and 2009, OGC should have conducted over 25 spot checks of the data NSA obtained under the program.

And yet, in that entire time, OGC somehow never noticed that “virtually every record” NSA was taking in included data that it was not authorized to collect.

That’s one of the two crazy things about the Internet dragnet that this month’s document dump made clear. I explain them in this piece at The Week. The other is that, in an end-to-end report conducted from roughly March through September of 2009, NSA also didn’t find that virtually every record they had collected had broken the law.

Exhibit A is a comprehensive end-to-end report that the NSA conducted in late summer or early fall of 2009, which focused on the work the agency did in metadata collection and analysis to try and identify people emailing terrorist suspects.

The report described a number of violations that the NSA had cleaned up since the beginning of that year — including using automatic alerts that had not been authorized and giving the FBI and CIA direct access to a database of query results. It concluded the internet dragnet was in pretty good shape. “NSA has taken significant steps designed to eliminate the possibility of any future compliance issues,” the last line of the report read, “and to ensure that mechanisms are in place to detect and respond quickly if any were to occur.”

But just weeks later, the Department of Justice informed the FISA Court, which oversees the NSA program, that the NSA had been collecting impermissible categories of data — potentially including content — for all five years of the program’s existence.

[snip]

Judge John Bates, then head of FISC, emphasized that the NSA had missed the unauthorized data in its comprehensive report. He noted “the extraordinary fact that NSA’s end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired.” Bates went on, “[I]t must be added that those responsible for conducting oversight at NSA failed to do so effectively.”

Nevertheless, Bates went on to vastly expand the program.

No wonder James Clapper’s office made those documents so hard to read. There is no way to read them and believe the NSA can be trusted to stay within the law.

Working Thread, Internet Dragnet 5: The Audacious 2010 Reapplication

At some point (perhaps at the end of 2009, but sometime before this application), the government tried to reapply, but withdrew their application. The three letters below were sent in response to that. But they were submitted with the reapplication.

See also Working Thread 1Working Thread 2Working Thread 3, Working Thread 4, and Internet Dragnet Timeline. No one else is doing this tedious work; if you find it useful, please support it.

U. First Letter in Response to FISC Questions Concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices,

(15/27) In addition to tagging data itself, the source now gets noted in reports.

(16/27) NSA wanted all analysts to be able to query.

(16/27) COntrary to what redaction seemed to indicate elsewhere, only contact chaining will be permitted.

(17/27) This implies that even technical access creates a record, though not about what they access, just when and who did it.

(17/27) NSA asked for the same RAS timelines as in BRFISA — I think this ends up keeping RAS longer than an initial PRTT order.

(18/27) “Virtually every PR/TT record contains some metadata that was authorized for collection, and some metadata that was not authorized for collection … virtually every PR/TT record contains some data that was not authorized by prior orders and some that was not.”

(21/27) No additional training for internal sharing of emails.

(21/27) Proof they argue everything that comes out of a query is relevant to terrorism:

Results of queries of PR/TT-sourced metadata are inherently germane to the analysis of counterterrorism-related foreign intelligence targets. This is because of NSA’s adherence to the RAS standard as a standard prerequisite for querying PR/TT metadata.

(22/27) Note “relevance” creep used to justify sharing everywhere. I really suspect this was built to authorize the SPCMA dragnet as well.

(23/27) Curious language about the 2nd stage marking: I think it’s meant to suggest that there will be no additional protection once it circulates within the NSA.

(24/27) NSA has claimed they changed to the 5 year age-off in December 2009. Given the question about it I wonder if that’s when these letters were sent?

(24/27) Their logic for switching to USSID-18:

these procedures form the very backbone for virtually all of NSA’s dissemination practices. For this reason, NSA believes a weekly dissemination report is no longer necessary.

(24-5/27) The explanation for getting rid of compliance meetings is not really compelling. Also note that they don’t mention ODNI’s involvement here.

(25/27) “effective compliance and oversight are not performed simply through meetings or spot checks.”

(27/27) “See the attached word and pdf documents provided by OIG on an intended audit of PR/TT prior to the last Order expiring as an example.” Guess this means the audit documents are from that shutdown period.

V. Second Letter in Response to FISC Questions concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices,

W. Third Letter in Response to FISC Questions Concerning NSA Bulk Metadata Collection Using Pen Register/Trap and Trace Devices.

(2) DNI adopted new serial numbers for reports, so as to be able to recall requests.

(3) THey’re tracking the query reports to see if they can withdraw everything.

(3) THis is another of the places they make it clear they can disseminate law enforcement information without the USSID requirements.

(4) It appears the initial application was longer than the July 2010, given the reference to pages 78-79.

Q: Government’s Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes. (around July 2010)

There are some very interesting comparisons with the early 2009 application, document AA.

(1)  Holder applied directly this time rather than a designee (Holder may not have been confirmed yet for the early 2009 one).

(2) The redacted definition of foreign power in AA was longer.

(3) “collect” w/footnote 3 was redacted in AA.

(3) Takes out reference to “email” metadata.

(3) FN 4 both focuses on “Internet communication” rather than “email [redacted]” as AA did, but it also scopes out content in a nifty way.

Continue reading

WSJ Falsely Paints John “Bates Stamp” as Aggressive

WSJ wrote a badly flawed article yesterday describing John Bates’ 2010 opinion reauthorizing the Internet dragnet, claiming the memo — which was released last November — was just declassified.

Newly declassified court documents show one of the National Security Agency’s key surveillance programs was plagued by years of “systemic overcollection” of private Internet communications.

[snip]

Some of the problems with Internet metadata previously were reported and have been part of a broad critique of the NSA’s surveillance activities since the Sept. 11, 2001, terror attacks. The new document from Judge Bates offers the most detailed accounting—even with more than a dozen pages blacked out—of what those problems were.

Sure, ODNI didn’t explain that the opinion – and three other documents released — had been released before, one on multiple occasions. But those of us who read the opinion with the first release, rather than offering up unrepresentative quotes, recognized Bates’ memo as one of the seminal releases from last year. And contrary to WSJ’s claim, the public record (including Claire Eagan’s opinion, which cites from it) shows the opinion to date to 2010.

Even in this supposed actual reading of the document, however, WSJ gets it wrong.

The judge’s order ultimately reauthorized the program, with more stringent conditions than the government had sought.

Sure, Bates didn’t permit NSA unrestricted access to illegally collected records. But Bates also approved what was described as an 11- to 24-fold increase in collection.

The current application, in comparison with prior dockets, seeks authority to acquire a much larger volume of metadata at a greatly expanded range of facilities, while also modifying — and in some ways relaxing — the rules governing the handling of metadata.

Best as we can tell given the redactions, Bates approved that part of the request. Aside from imposing a few more training requirements, his biggest denial pertained to some — but not all — of the Internet dragnet data the government collected since the beginning of the program.

So while it is true that Bates wrote a lot of scathing things about the conduct of the program, he also turned around and vastly expanded it.

I raise all this not to be an asshole (though it would be nice if the WSJ had issued a correction, as its author retweeted my tweeted correction). I raise it for two reasons.

First, the WSJ pitches this as “the Judge who doesn’t like FISA reform was very critical of the Administration’s performance.”

Judge Bates has been the designated spokesman for the judiciary opposing several proposed changes to the structure of the Foreign Intelligence Surveillance Court, particularly the addition of a special advocate to represent privacy interests.

By not reporting that Bates vastly expanded this program in spite of its persistent violations, WSJ wrongly pitches him as a credible judge of what makes the FISC effective, rather than as Exhibit One for why it should be abolished.

Moreover, the documents that actually were newly released the other day suggest a very different narrative for what happened between 2009 and 2010, for how Bates came to summarize the many failings of the program but expand the program.

They show, first of all, that Reggie Walton was dealing with the phone and Internet dragnets in tandem throughout; Bates had no discernible role — aside from his intervention on August 4, 2009, after Reggie Walton had already shut down part of the phone dragnet program. The documents released this week make it clear Walton, not Bates, was the fact-finder who discovered the Internet dragnet had never complied with FISC guidelines. Bates had to repeat that scathing language in his opinion, because Walton had already laid it out.

And then, after Walton shut down the Internet dragnet, at a time when NSA continued to ignore his orders, when orders were terse, things began to change.

That’s when we begin to see solicitous letters — “Let me once again thank both you and your staff for  your consideration” —  to Bates, now the decision-maker on whether or not the government could resume a program that had illegally wiretapped Americans for 5 years.

It’s that guy who capitulated to pretty talk, expanding both the Internet dragnet and the upstream 702 collection, even as he laid out how both had been illegally wiretapping Americans, who says an advocate actually speaking for privacy would ruin the FISC. That’s the narrative we should get from this recent document dump, not that Bates was in any way anything but a Bates stamp.

Walton was by no means a perfect steward of the secret court. But Bates demonstrates why it cannot and does not fulfill its function.

1 2 3 9
Emptywheel Twitterverse
emptywheel @onekade If only Tarek Mehanna had worked for Buzzfeed or CNN...
49sreplyretweetfavorite
bmaz @gideonstrumpet @JamilSmith If so, could have so stipulated in the plea, no? Why leave one count open?
6mreplyretweetfavorite
emptywheel 3 hours after it was first announced: BREAKING the grand jury has "decided."
6mreplyretweetfavorite
bmaz @JamilSmith @gideonstrumpet That is not certain from my understanding; there is up to 5 yrs left on table at sentencing on one of the counts
8mreplyretweetfavorite
bmaz @chrisgeidner @gideonstrumpet I LOVE Buzzfeed. @dcbigjohn told me I better if I wanted to live.
9mreplyretweetfavorite
bmaz @gideonstrumpet What's less than manslaughter? Assault? Reckless endangerment?
10mreplyretweetfavorite
bmaz @gideonstrumpet Include everything!
11mreplyretweetfavorite
emptywheel @adambonin Pretty much Philly is the obvious answer and if you guys blow it you suck.
11mreplyretweetfavorite
bmaz @McBlondeLand That would be about the first thing Sunny Hostin has ever said that is credible.
12mreplyretweetfavorite
bmaz @armandodkos Yeah, but this one was cravenly designed to be a trial with an acquittal as the result.
12mreplyretweetfavorite
bmaz @csoghoian @normative @Robyn_Greene @emptywheel @Krhawkins5 Your definition of "fluff" is much narrower than their definition of "relevance"
14mreplyretweetfavorite
bmaz @normative @Robyn_Greene @emptywheel @Krhawkins5 A Stanford Tree silly.
15mreplyretweetfavorite
November 2014
S M T W T F S
« Oct    
 1
2345678
9101112131415
16171819202122
23242526272829
30