Some time ago, I noted that DOJ appears not to have provided the classified report on Section 215 for the Judiciary and Intelligence Committees mandated by the 2006 PATRIOT Act Reauthorization to Congress in 2009 to 2011. Instead of being sent to the Chairs of the Committees, the reports for those years were simply “filed.”
DOJ continued to provide Congress the unclassified FISA report, which included much of the same information about the numbers of Section 215 orders approved and modified.
But those reports would not have included two critical details: the fact that the sharply increasing number of modifications pertained to the FISC’s imposition of minimization procedures, suggesting collection in some bulk.
And the number of sensitive Section 215 orders issued under the following categories.
(A) Library circulation records, library patron lists, book sales records, or book customer lists.
(B) Firearms sales records.
(C) Tax return records.
(D) Educational records.
(E) Medical records containing information that would identify a person.
So for the years 2008 to 2010, even two of four designated oversight committees did not learn these details (the Intelligence Committees are required to get details on every request, but who knows if that requirement was met?).
In that post, I also noted a problem with 2007′s numbers, as well, a problem DOJ readily admitted in the unclassified report issued in 2009 (supposedly covering 2008).
In its 2008 report, the Department reported to Congress that during Calendar year 2007, the Govermnent made-six applications to the FISC for access to certain business records (including the production of tangible things) for foreign intelligence purposes. Further review of the Government’s records subsequently revealed that the Government had made seventeen applications to the FISC for access to certain business records. The FISC did not deny, in whole or in part, any such application filed by the Government during calendar year 2007.
“Further review revealed.”
I’m just now realizing how utterly unbelievable this is.
You see, the way the docket works, each new request has its own docket number, so to count the requests you need only count the dockets.
The last docket in the phone dragnet is BR 07-16, issued October 18, 2007 (meaning there was just one more business record docket that year). There is no conceivable way DOJ could not very simply have come up with the correct number for both reports to Congress by looking at the final docket number, which should have been 17. Which means Congress may never have gotten the proper classified detail on those additional 11 requests.
DOJ hid — purposely, necessarily, based on the way the dockets work — the details on sensitive requests to Congress in 2007. Then they appear to have hid the sensitive requests for the following three years. Given that John Bates is copied on the first request thereafter, it appears he may have made them finally fulfill the letter of the law.
They clearly were hiding something about their other Section 215 requests, for four full years.
I Con the Record reissued less classified versions of two Section 215 orders: the March 2, 2009 one that sharply restricted the phone dragnet without much new declassified, and the June 22, 2009 one that dealt, in part, with FBI and CIA access to the data in both the Internet and phone dragnet, showing both those parts unclassified in the same order (previously the government had released two separate versions — phone, Internet — with different things declassified).
The only new document was a November 23, 2010 order, modeled closely on a December 12, 2008 one. The earlier one had judged that the Stored Communication Act’s limits on collection did not preclude the use of Section 215 to collect phone records. This one judged that the Right to Financial Privacy Act did not preclude the use of Section 215 to collect financial records. Both opinions basically find that because those laws permit the use of National Security Letters to obtain such records without judicial review, clearly it’s okay to obtain the same records with judicial review under Section 215.
Of course, we know that in the phone context — and so presumably also in the financial records context — the use of Section 215 also entailed bulk, potentially comprehensive collection. While some bulk collection occurred under NSLs, especially for phone records (we know that because that’s the only category of NSL that doesn’t get accounted individually in public records), and while we assume bulk collection occurred under Bush’s illegal program via other means, moving a new kind of record under Section 215 may represent the institutionalization of bulk collections of another type of document.
Aside from revealing that this order pertained to financial records, we don’t know much about the underlying order. The order says the records were provided to the FBI (though WSJ and NYT reported CIA used Section 215 to get money order records). It uses “financial records” in scare quotes, so it is possible it is something beyond just bank records. And the fact that it was stamped by John Bates (then the presiding judge) suggests it may have been regarded as rather significant.
All that said, this opinion doesn’t necessarily mark November 2010 as the date the government started using Section 215 to collect (presumably bulk) financial records. After all, the government collected phone records for over 2 years before answering the seemingly obvious question of whether doing so violated other laws. I suspect they did so in 2008 in response to questions then DOJ Inspector General Glenn Fine kept raising about Section 215. And it is perhaps instructive that Fine was, in November 2010, working on a new Section 215 review, one that has since been delayed, in part by ODNI and DOJ refusal to declassify a number of documents, for 1,371 days.
Perhaps it’s just a remarkable coinkydink, but Fine resigned 6 days after this FISC ruling was issued.
Two more details about this. First, as I have shown, DOJ appears to have been hiding details about Section 215 from Congress during this period, though the only financial records they would have been obliged to disclose were tax records.
In addition, the number Section 215 orders started going up drastically in 2010, along with the number of orders the FISC modified to require minimization procedures.
Nevertheless, the reports show us two new things.
First, while we knew the number of modifications has gone up significantly in the last three years (we now know that many of the modifications in 2009 had to do with phone dragnet violations), the latest reports ODNI released say this:
The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).
The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).
I’ve suggested that 176 modified applications may suggest the government has as many as 44 bulk collection programs, which would be renewed every three months (or, alternately, a whole lot more specific bulk collection orders).
That is, this rise in what are almost certainly bulk collection orders came around the same time as FISC “Bates-stamped” the collection of financial records with Section 215.
Finally, consider one more thing. Last year, 26 Senators raised concerns about credit card records; last week’s RuppRoge House Intelligence Committee dragnet fix doesn’t prohibit the bulk collection of credit card records (their list, I now realize, is based off the list of sensitive records currently written into Section 215). Credit card records are covered under FRPA.
So while it would be a wildarsed guess, it would not be unreasonable to guess that some of this spike in bulk collection involved credit card records, approved by this November 2010 opinion.
Any bets we’ll finally get that DOJ IG Report on Section 215, showing that’s what they’ve been doing?
If the Chief FISC Judge accuses the government of material misrepresentations but no one but a dirty fucking hippie blogger reports it, did it happen?
On Friday, I reported on Judge Reggie Walton’s cranky opinion asking for an explanation about why the government didn’t tell him EFF believed they had a protection order in cases relevant to the dragnets. And while it overstates the resounding silence to say that only your esteemed DFH host reported it — TechDirt had a good report — some of the other reporting on it thus far seems to have missed the whole material misrepresentation judgement in Walton’s order.
But I think it’s not yet clear — to anyone — how interesting this document fight could get.
Just as one example of why (I’ll develop some of the others over the next couple of days, I hope), consider the October 30, 2009 statement of authorities.
In last Wednesday’s hearing, the government claimed they didn’t have to release these because they engaged in a colloquy limiting White’s orders to the state secrets declarations. And for the moment, I’ll take that as accurate.
But since then, the government has released one of these — the October 25, 2007 challenge to the protection motion — as part of their filing on Monday fighting a protection order in EFF’s phone dragnet suit. And that document was pretty stunning. Not only did it show the government had redefined the Multidistrict Litigation suits so as to exclude any of the FISA-authorized metadata dragnets that EFF of course had no way of knowing about yet. But in the filing, the government revealed that because of this filing and in defiance of Vaughn Walker’s November 2007 protection order, it has been destroying the metadata dragnet data in the interim.
In other words, the government is withholding these filings because they’re fairly damning.
Which got me thinking about the timing and significance of the October 30, 2009 supplemental memorandum on points of authority supporting a motion to dismiss the Shubert suit based on sovereign immunity and state secrets.
At one level, the memorandum is not all that suspicious. As you can see above, the government filed what is presumably roughly the same filing at the analogous time in Jewel, just as it was making its state secrets bid.
But I find the timing of the October 30 filings in Shubert to be of particular interest. That’s because a 2011 NSA training program seems to indicate that the Internet dragnet shut down at almost precisely that time, as it indicates that Internet dragnet data collected prior to November 2009 requires some sort of special treatment.
In addition, in the source information at the end of the line, the SIGAD [redacted] BR data can be recognized by SIGADs beginning with [redacted] For PR/TT, data collected after October 2010 is found [redacted] For a comprehensive listing of all the BR and PR/TT SIGADs as well as information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert.
Remember, Shubert was suing for illegal wiretapping. And while Judge John Bates did not fully assess what NSA was doing — which appears to be collecting data that counts as content in the guise of collecting metadata — until the following year (some time between July and October 2010), when he did so, he implied the government had to comply with the laws in which they were claiming, in 2009, they had sovereign immunity. And the government had to know by that point they had serious legal problems with the Internet dragnet.
Indeed, the government kept asking for extensions leading up to this filing — at the time they claimed it was because of DOJ’s whats-old-is-new state secrets policy. Altogether they got an extra 22 days to file this filing (which should have been substantially similar to the ones they filed in April). They were almost certainly having still-undisclosed problems with the phone dragnet (probably relating to dissemination of data), as the October 30, 2009 phone dragnet orders is one of the ones the government has withheld even though it is obviously responsive to ACLU and EFF’s FOIA. But the discussions on the Internet dragnet must have been even more contentious, given that the FISC (probably either Reggie Walton or John Bates) refused to reauthorize it. (Note, October 30, 2009 was a Friday, so if FISC formally didn’t approve the Internet dragnet in October 2009, it would have been that day).
And the thing is, from Keith Alexander’s state secrets declaration, submitted perhaps hours and almost certainly no more than a month before the Internet dragnet got shut down because it was illegally collecting metadata that was legally content, it’s not at all clear that the government fully disclosed details they knew about those legal problems with the dragnet. Look closely at ¶¶ 27 and 28, ¶¶48-56, ¶¶58-62 with footnotes.
The phone dragnet description hides the problems with ongoing dissemination problems (which the Administration hid from Congress, as well). It also makes no mention that the phone dragnet had US persons on an alert list without reviewing those selectors for First Amendment review, something that should be central to the suits against NSA (see in particular ¶60). And while there are redacted sentences and footnotes — 13 and 24 — which could include notice that the government was (and had been, since the inception of the FISC-authorized Internet dragnet) collecting metadata that counted as content, those are all very brief descriptions. Moreover, the unredacted descriptions clearly claim that the Internet dragnet program collects no content, which legally it almost certainly did. Moreover, note that the references to the Internet dragnet speak of it in the present tense: “Pursuant to the FISA Pen Register, …. NSA is authorized to collect in bulk.”But there doesn’t seem to be the parallel structure in ¶28 where you’d expect the government to confess that the program was imminently shutting down because it was illegally collecting Internet content.
Note, too, how the declaration refers to the reauthorizations. ¶59 describes the phone dragnet authority “continuing until October 30, 2009″ and ¶58 describes the Internet dragnet “requires continued assistance by the providers through [redacted] 2009. They appear not to have known for sure whether the programs would be reauthorized that night! But they appear not to have explained why not.
Perhaps the most pregnant paragraph is ¶62, which in context appears to relate only to the phone dragnet, though I suspect the government would point to to claim their description of violations was not comprehensive:
NSA is committed to working with the FISC on this and other compliance issues to ensure that this vital intelligence tool works appropriately and effectively. For purposes of this litigation, and the privilege assertions now made by the DNI and by the NSA, the intelligence sources and methods described herein remain highly classified and the disclosure that [redacted] would compromise vital NSA sources and methods and result in exceptionally grave harm to national security.
By any measure, Alexander’s declaration falls short of what the government already knew at that time, demonstrably so in the case of the phone dragnet. He hid details — significantly, the watchlist of Americans that violated statute, and almost certainly that the NSA was collecting content in the name of metadata — that were material to the suits at hand.
Which brings me to the memo on authorities. Even as the government was hiding material violations of the statutes they were disclosing to Judge Walker, was it also making expansive Executive Authority claims it couldn’t (and still can’t) share with plaintiffs? Did the government, for example, make an Executive Authority claim that we have every reason to believe John Bates (especially) and Reggie Walton would rebut if they knew about it?
In any case, in addition to the watchlist data from those 3,000 US persons (which would have aged off last month otherwise), the last of the illegal Internet content-as-metadata data might be aged off as soon as April absent these stays.That data might well provide plaintiffs proof they were illegally wiretapped (note, the Internet dragnet was limited to certain switches, but Jewel was built around the Folsom Street switch which was almost certainly included in that). And that the government provided highly misleading descriptions to Vaughn Walker when bidding for a state secrets exemption.
And add in one more legal fight here: as I noted, DOJ is withholding the October 30, 2009 (as well as one later one from 2009) from both the ACLU and EFF (the EFF suit is before a different San Francisco judge). In addition, DOJ is refusing all push for expedited processing on FOIAs for the Internet dragnet filings.
Seeing how clearly manipulative their data release in these lawsuits is, it seems safe to suggest the government is also making FOIA decisions to prevent plaintiffs from obtaining information to really contest these suits. That shouldn’t surprise anyone. But I would hope it would piss off the judges.
Sometimes, especially with PCLOB, there’s an exchange that I wildly imagine (emphasis on imagine–I’m not saying this is actually the case) is intended solely for my benefit.
Such is the case with an exchange at last week’s PCLOB hearing.
PCLOB Board Member Rachel Brand was trying — as she seemed to be doing exclusively with her questioning — to cue the government witnesses to pitch descriptions of programs in such a way as to make them less troubling. So she walked them through how NSA keeps upstream about collection for a shorter period than it keeps PRISM data. This gave NSA General Counsel Raj De an opportunity to make it sound like NSA, out of the generosity of its own heart, decided to throw out data sooner, and also gave him the opportunity to claim that collection FISC Judge John Bates found to be intentional collection of US person data was actually incidentally collected data.
MS. BRAND: Okay. So you said in an earlier round of questioning that upstream, collection from upstream is retained for a shorter period of time than collection from PRISM and you said that the reason for that distinction is that there’s a potentially greater privacy concern with respect to upstream collection. Can you elaborate on why, whether the additional privacy concerns that pertain to upstream.
MR. DE: Sure. And a lot of this is laid out in this court opinion that’s now public. This is from the fall of 2011. I think because of the nature of abouts collections, which we have discussed, there is potentially a greater likelihood of implicating incidental U.S. person communication or inadvertently collecting wholly domestic communications that therefore must need to be purged.
And for a variety of circumstances the court evaluated the minimization procedures we had in place and as a consequence of that evaluation the government put forth a shorter retention period to be sure that the court could reach comfort with the compliance of those procedures with the Fourth Amendment. And so two years was one element of the revised procedures that are now public.
It’s a nice benign way of describing how NSA got busted for violating the Fourth Amendment, and the FISC’s only response was to force the NSA to violate it for 2 years of retention rather than for 5 years.
From there, Brand invited the witnesses an opportunity to redefine the word “incidental” so it also includes this practice, which Bates judged to be intentional. ODNI General Counsel Bob Litt rose to the challenge of Orwellianism.
MS. BRAND: Okay. I want to use the word incidental collection there again, and your definition earlier seemed to be that by incidental you mean, by incidental U.S. person collection you mean that the person on the other end of the phone from the non-U.S. person abroad is a U.S. person. That’s your definition, right? Is there another definition that you’re aware of? Because you seem to be — okay. I think there’s been some frustration with the use the term incidental in that context because it’s not accidental, it’s intentional. It’s actually unavoidable. And so I just wanted to make sure that we’re all on the same page, that by incidental you mean not accidental, not unintentional, but this is actually what we’re doing.
MR. LITT: It is incidental to the collection on the target. It is not accidental, it is not inadvertent. Incidental is the appropriate term for it.
And by thus redefining incidental, Bob Litt gets to pretend that intentional wiretapping Americans in the US is not a violation of the laws — including Section 702 — prohibiting the intentional wiretapping of Americans in the US.
I joked yesterday that James Clapper did no more than cut and paste to accomplish President Obama’s order of providing a list of acceptable bulk collection. But I’d like to note something about the list of permissible uses of bulk collection.
For months, I have been noting hints that the use of Section 702 — which is one of several kinds of domestic bulk collection — is limited by the number of certifications approved by FISC, which might be limited by FISC’s assessment of whether such certifications establish a certain level of “special need.”
In 2011, it seems clear from John Bates’ opinion on the government’s Section 702 applications, there were 3 certifications.
If there are just 3 certifications, then it seems clear they cover counterterrorism, counterproliferation, and cybersecurity (which is consistent with both ODNI’s public descriptions of Section 702 and the Presidential Review Group’s limits on it), 3 of 6 of the permitted uses of bulk collection.
Furthermore, there’s some history (you’ll have to take my word for this for now, but the evidence derives in part from reports on the use of National Security Letters) of lumping in Counterintelligence and Cybersecurity, because the most useful CI application of bulk collection would target technical exploits used for spying. So if that happens with 702 collection, then 4 of the 6 permissible applications would be covered by existing known certifications.
Threats against Armed Forces would, for the most part, be overseas, suggesting the bulk collection on it would be too. (Though it appears Bush’s illegal program used the excuse of force protection to spy on Iraqi-related targets, potentially even in the US, until the hospital confrontation stopped it.)
Which leaves just transnational crime threats — against which President Obama rolled out a parallel sanctions regime to terrorism in 2011 (though there had long been a regime against drug traffickers) — as the sole bulk collection that might apply in the US that doesn’t have certifications we know about.
Given that at least drug cartels have a far more viable — and deathly — operation in the United States than al Qaeda, I can’t think of any reason why the Administration wouldn’t have applied for a certification targeting TCOs, too (one of Treasury’s designated TCO targets — Russian and East European mobs — would have some overlap with the cyber function, and one — Yakuza — just doesn’t seem like a big threat to the US at all).
And last year’s Semiannual Compliance Assessment may support the argument that there are more than 3 certificates. In its description of the review process for 702 compliance, the report lays out review dates by certifications. Here’s the NSA review schedule:
This seems to show 4 lines of certifications, one each in August and December, but two in October. Perhaps they re-review one of the certifications (counterterrorism, most likely). But if not, it would seem to suggest there’s now a 4th certification.
Here’s the FBI review schedule (which apparently requires a lot more manual review).
Given that this requires manual review, I wouldn’t be surprised if they repeated the counterterrorism certifications review (and we don’t know whether all the NSA certifications would be used by FBI). But the redactions would at least allow for the possibility that there is a 4th certification, in addition to the 3 we know about.
Perhaps Obama rolled out TCOs as a 4th certification as he rolled out his new Treasury initiative on it (which would be after the applications laid out by Bates).
Of course, we don’t know. But I think two things are safe to say. First, the use of 702 is tied to certifications by topic. And the public statement about permissible use of bulk collection, it would seem to envision the possibility of a 4th certification covering TCOs, and with it, drug cartels.
As I’ve written before, Adel Daoud is a 20-year old American citizen from the Chicago suburbs busted in 2012 for attempting to bomb a nighclub. Since Dianne Feinstein mentioned Daoud’s case during the 2012 FAA reauthorization fight, his lawyers have been trying to figure out how the government obtained all the evidence against him. There are hints they may have used a back door search to collect emails dating to 2011 (before the FBI allegedly started tracking him). There are reasons to think the government may have collected upstream collection on him. Either would be particularly interesting, as this surveillance dates to the same weeks when John Bates wrote an opinion addressing both practices.
In addition, the revelations that NSA collects YouTube comments is of particular interest, as Daoud’s YouTube comments serve as part of the evidence against him. (Remember, they could also collect YouTube comments in bulk, and then conduct backdoor searches of that material.)
The judge in his case has just done what no judge has ever done before — grant his lawyers a review of the FISA application against him. As Charlie Savage first noted, Judge Sharon Coleman granted the defense the ability to review the FISA Application against Daoud.
While this Court is mindful of the fact that no court has ever allowed disclosure of FISA materials to the defense, in this case, the Court finds that the disclosure may be necessary. This finding is not made lightly, and follows a thorough and careful review of the FISA application and related materials. The Court finds however that an accurate determination of the legality of the surveillance is best made in this case as part of an adversarial proceeding. The adversarial process is the bedrock of effective assistance of counsel protected by the Sixth Amendment. Anders v. California, 386 U.S. 738, 743 (1967). Indeed, though this Court is capable of making such a determination, the adversarial process is integral to safeguarding the rights of all citizens, including those charged with a crime. “The right to the effective assistance of counsel is thus the right of the accused to require the prosecution’s case to survive the crucible of meaningful adversarial testing.” United States v. Cronic, 466 U.S. 648, 656 (1984).
In sum, this Court grants disclosure to cleared defense counsel of the FISA application materials and such disclosure will be made under an appropriate protective order.
Her mention of the necessity for adversarial review suggests the suspicions about the basis for FBI’s interest in Daoud may be well-grounded.
We’ll never learn what’s in that application, but we may get a better sense of whether one federal judge thinks it’s legal to use certain kinds of collection as a basis for a FISA warrant.
Update: Spencer Ackerman alerted me that I was cited in the response motion that won this review (see page 3). Yeah me!
In an important post the other day, Steve Vladeck described what he believed to be the most important lesson Edward Snowden has taught us.
They miss the single most important lesson we’ve learned — or should have learned — from Snowden, i.e., that the grand bargain has broken down. Intelligence oversight just ain’t what it used to be, and the FISA Court, as an institution, seemed to have been far better suited to handle individualized warrant applications under the pre-2001 FISA regime than it has been to reviewing mass and programmatic surveillance under section 215 of the USA PATRIOT Act and section 702, as added by the FISA Amendments Act of 2008.
Thus, even if one can point to specific individual programs the disclosure of which probably has not advanced the ongoing public policy conversation, all of the disclosures therefore illuminate a more fundamental issue of public concern — and one that should be (and, arguably, has been) driving the reform agenda: Whatever surveillance authorities the government is going to have going forward, we need to rethink the structure of oversight, both internally within the Executive Branch, and externally via Congress and the courts. That’s not because the existing oversight and accountability mechanisms have been unlawful; it’s because so many of these disclosures have revealed them to be inadequate and/or ineffective. And inasmuch as such reforms may strengthen not just mechanisms of democratic accountability for our intelligence community, but also their own confidence in the propriety and forward-looking validity of their authorities, they will make all of us — including the NSA — stronger in the long term.
While I agree with Vladeck that’s an important lesson from Snowden, I don’t think it has been admitted by those who most need the lesson: most members of Congress (most of all, the Intelligence Committees) and the FISA Court, as well as the other Article III judges who are quickly becoming dragnet experts.
But I’m hopeful PCLOB — which is already under attack even from Susan Collins for having the audacity to conduct independent oversight — will press the issue.
As I have noted in the past, PCLOB has a better understanding of how the Executive uses EO 12333 than any other entity I’ve seen (I think the Review Group may have a similar understanding, but they won’t verbalize it).
That’s why I find their treatment of FISA as a compromise to put questions about separation of powers on hold so interesting.
In essence, FISA represented an agreement between the executive and legislative branches to leave that debate aside 600 and establish a special court to oversee foreign intelligence collection . While the statute has required periodic updates, national security officials have agreed that it created an appropriate balance among the interests at stake, and that judicial review provides an important mechanism regulating the use of very powerful and effective techniques vital to the protection of the country. 601
600 “[T]he bill does not recognize, ratify, or deny the existence of any Presidential power to authorize warrantless surveillance in the United States n the absence of the legislation. It would, rather, moot the debate over the existence or non – existence of this power[.]” HPSCI Report at 24. This agreement between Congress and the executive branch to involve the judiciary in the regulation of intelligence collection activities did not and could not resolve constitutional questions regarding the relationship between legislative and presidential powers in the area of national security . See In re: Sealed Case , 310 F.3d 717, 742 (FISA Ct. Rev. 2002) (“We take for granted that the President does have that authority [inherent authority to conduct warrantless searches to obtain foreign intelligence information] and, assuming that is so, FISA could not encroach on the President ’ s constitutional power.”).
When NSA chose to avoid First Amendment review on the 3,000 US persons it had been watch-listing by simply moving them onto a new list, when it refused to tell John Bates how much US person content it collects domestically off telecom switches, when it had GCHQ break into Google’s cables to get content it ought to be able to obtain through FISA 702, when it rolled out an Internet dragnet contact-chaining program overseas in part because it gave access to US person data it couldn’t legally have here, NSA made it clear it will only fulfill its side of the compromise so long as no one dares to limit what it can do.
That is, Snowden has made it clear that the “compromise” never was one. It was just a facade to make Congress and the Courts believe they had salvaged some scrap of separation of powers.
NSA has made it clear it doesn’t much care what its overseers in Congress or the Court think. It’ll do what it wants, whether it’s in the FISC or at a telecom switch just off the US shore. And thus far, Obama seems to agree with them.
Which means we’re going to have to start talking about whether this country believes the Executive Branch should have relatively unfettered ability to spy on Americans. We’re going to have to take a step back and talk about separation of powers again.
ODNI released a bunch of the remaining phone dragnet primary orders (and amendments) here. I will have more to say about this later. Of particular note, though, they seem to be withholding the BR 09-15 primary order, which was right in the middle of PATRIOT reauthorization, when NSA kept disseminating results in violation of Reggie Walton’s orders.
1/19: Updated to add the 7/9/09 order and BR 09-19.
1/20: There is one more missing primary order. In an NSA declaration dated November 12, SID Director Theresa Shea said there had been 34 approvals. As shown above, the McLaughlin order is the 33rd of identified orders.
1/26: I think I’ve corrected all the date errors I originally hate (the date stamp is not all that accurate). For the 2011-2013 dates, I’ve worked backwards of the 4/25/13 order.
As you read John Bates’ “comments” about the NSA Review Group’s recommendations, it’s worth keeping two things in mind about him:
In other words, Bates has long been overly solicitous of Executive power, and contrary to some claims, his work on the FISC actually reinforces, rather than refutes, claims that the Court is a rubber stamp.
Perhaps it’s not surprising, then, that his comments actually make a fairly compelling — albeit unintentional — case for eliminating the FISC (at least for all its expanded uses since 2001) altogether.
Don’t get me wrong. I’m sympathetic to some of Bates’ stated concerns. The concerns about workload (which Bates raises in his first and second bullets, but relegates to his last paragraphs) are real, and have been recognized by a number of people in the FISC debate. Bates points to some real constitutional issues in constructing an advocate for the court (which, again, have been pointed out, with potential solutions, by others).
But ultimately Bates’ comments (which may also reflect the concerns of Chief Justice John Roberts, whose authority he invokes in commenting on FISC matters) object to anything that might make FISC more of a … court.
Consider his argument against a Special Advocate. He worries a special advocate would harm what he (the same guy who couldn’t get the government to divulge how many Americans are getting swept up in domestic upstream collection) claims is candor.
Perhaps most troubling, however, is our concern that providing an institutional opponent to FISA applications would alter the process in other ways that would be detrimnetal to the FISC’s timely receipt of full and accurate information. As noted above, the current process benefits from the government’s taking on — and generally abiding by — a heightened duty of candor to the Court. Providing for an adversarial process in run-of-the-mill, fact-driven cases may erode this norm of governmental behavior, thereby impeding the Court’s receipt of relevant facts. (As noted above, the advocate would rarely, if ever, serve as a separate source of factual information.) Instead, intelligence agencies may become reluctant to voluntarily provide to the Court highly sensitive information, or information detrimental to a case, because doing so would also disclose that information to a permanent bureaucratic adversary.
Even setting aside the number of times I’ve been able to find factual problems with claims made in the few FISC filings so far released (suggesting advocates could provide factual and technical details the government doesn’t want to), this is a tacit admission that the FISC is not considered a bureaucratic adversary by the government.
This is particularly troubling given that, as Bates portrays the process, the “FISC may request or receive information from the applicant informally through the legal staff” (which according to Judge Walton’s portrayal of the process, means via the phone). The only paper trail of the process, then, are (again relying in part on Walton) the written analysis of the FISC’s staff attorneys. Which would mean an advocate would require “broad access” to these “draft decisions and memoranda from legal staff,” would would violate “ethical canons and separation-of-powers principles,” in turn “infring[ing] on the independence of the judges’ decisionmaking.”
One reason Bates objects to a Special Advocate, then, is that the Government would have to write all its requests down, which might affect their candor.
If that isn’t already troubling, Bates’ observation that “even relatively routine national security investigations involve changing facts” raises additional concerns. Bates describes FISC judges making decisions on a sometimes undocumented set of moving facts, facts which the targets of such surveillance have never been permitted to see, much less challenge, in court.
Then there’s Bates’ stated worries about the problems an advocate would present for the FISA Court of Review (and again, some of this may reflect John Roberts’ concern, as SCOTUS is the ultimate court of appeal). Some of this, again, reflects resource concerns. But even those resource concerns — such as the possibility the FISCR would have “to hire its own staff” reveals that the FISCR relies on the same staffers who drive FISC decisions in the first place. It is not, as it turns out, an independent court of its own.
Which makes the Constitutional concerns raised by the wacky decisions of the FISC, starting with its secret redefinition of “relevance” (without even benefit of independent dictionary definitions), all the more urgent. There is no standing to challenge these issues outside of the courts; with the FISC structure, there is apparently no fully independent court of appeal. And the Chief Justice wants to keep it that way.
Which means part of what Bates is defending is the authority for a bunch of District Court Judges to serve as Appellate Judges for some of the most Constitutionally novel issues raised by national security.
Yet Bates also seems to be defending the Court’s ability to remain ignorant about some things the Executive does. He rejects any proposal to serve as an oversight check on the Executive (this is another concern I have some sympathy for). But he does so in a document including this disclosure raised in objection to requiring warrants to conduct back door searches. (Snoopdido noted this passage last night.)
Decisions about querying Section 702 information are now made within the Executive Branch. As a result, the Courts do not know how often the government performs queries of data previously acquired under Section 702 in order to retrieve information about a particular U.S. person. It seems likely to us, however, that the practice would be common for U.S. persons suspected of activities of foreign intelligence interest, e.g., engaging in international terrorism, so that the burden on the FISC of entertaining this new kind of application could be substantial.
Remember: Bates is the guy who first approved NSA and CIA’s use of these back door searches (relying in part on the prior 3-year history of FBI’s use of them). But he has apparently never gotten enough “candor” from the Executive — either before or after he approved this — to know how and how often the Executive is using these searches!
Then he goes on to explain that the Executive might need to use back door searches to get the content of Americans they can’t otherwise target under FISA.
For a variety of reasons, a U.S. person suspected of such activity may not otherwise be a FISA target. For example, there may be probable cause to believe that a U.S. person is engaged in international terrorism, but intelligence agencies may not have the ability to implement current forms of FISA collection against that person because of the person’s location or lack of information about particular facilities.
Granted, what Bates is describing is the use of reverse targeting to get around technical difficulties, not legal ones (though I wonder how he’s sure about the legal case if the government has never made it).
But it is reverse targeting, the use of a back door search to get to the US person content, without a warrant, via collection on another target. This is forbidden by the law. Yet he describes it as one reason why the FISC shouldn’t get involved in reviewing warrants for this kind of search, which (as he describes it) violates the law.
Against the background of admitting that the FISC doesn’t always require the government to write down its requests and that it doesn’t want to approve warrants for activity that by his description violates the statute because the government should be permitted to continue violating the statute, Bates then objects to the recommendations to eliminate bulk collection and provide more review of 215 and NSLs, in part because of the burdens they’d pose for the Court. Most curiously, Bates says that if reforms eliminated NSL gag orders, the government would begin to use Section 215.
Those changes would like result in the government’s decreasing its reliance on NSLs for records subject to such a disclosure requirement and instead bringing to the FISC more applications under Section  for production of such records, in order to avoid disclosure of such information to private parties.
If the government could still get bulk Section 215 orders, I agree, they might well use those instead.
But Jim Comey — to the extent he can be believed in comments that were clearly misleading — said he’d end up using grand jury subpoenas instead. So a guy with years of involvement in prosecuting terrorism cases at least claims that he not only could — but would prefer to — use grand jury subpoenas for this information over the FISC.
Which would alleviate the need to routinely eliminate gags, because review in any criminal proceedings would provide the kind of transparency and review necessary for such things (this is a point Peter Swire made in yesterday’s hearing).
The reason we need a FISC is because the government — often through inadequate notice to defendants — has succeeded in avoiding the kind of review courts normally bring. But John Bates reveals a number of ways in which the court that is supposed to be providing that review has failed to do so. And Jim Comey, at least, thinks some of this could move back to real courts.
So why not? Why not move this, with all the gags grand jury subpoenas get and the national security experience judges have acquired over the last decade and all the normal constitutionally required review process, back to normal Title III Courts?
I admit it. Bates makes an excellent case for eliminating the FISC case, at least for all the exotic bulk programs the government has been inventing in secret.
It turns out that Mark Kirk — not Bernie Sanders — was the first member of Congress to raise concerns about the NSA spying on Senators after Edward Snowden’s leaks started being published. Kirk did so less than a day after the Guardian published the Verizon order from the phone dragnet, in an Appropriations Committee hearing on the Department of Justice’s budget (see at 2:00). After Susan Collins raised the report in the context of drone killing, Kirk asked for assurances that members of Congress weren’t included in the dragnet.
Kirk: I want to just ask, could you assure to us that no phones inside the Capitol were monitored, of members of Congress, that would give a future Executive Branch if they started pulling this kind of thing up, would give them unique leverage over the legislature?
Holder: With all due respect, Senator, I don’t think this is an appropriate setting for me to discuss that issue–I’d be more than glad to come back in an appropriate setting to discuss the issues that you’ve raised but in this open forum–
Kirk: I’m going to interrupt you and say, the correct answer would say, no, we stayed within our lane and I’m assuring you we did not spy on members of Congress.
The first substantive question Congress asked about the dragnet was whether they were included in it.
After that, a few moments of chaos broke out, as other Senators — including NSA’s representative on the Senate Intelligence Committee, Barb Mikulski — joined in Kirk’s concerns, while suggesting the need for a full classified Senate briefing with the AG and NSA. Richard Shelby jumped in to say Mikulski should create the appropriate hearing, but repeated that what Senator Kirk asked was a very important question. Mikulski agreed that it’s the kind of question she’d like to ask herself. Kirk jumped in to raise further separation of powers concerns, given the possibility that SCOTUS had their data collected.
The very first concern members of Congress raised about the dragnet was how it would affect their power.
And then there was a classified briefing and …
… All that noble concern about separation of power melted away. And some of the same people who professed to have real concern became quite comfortable with the dragnet after all.
It’s in light of that sequence of events (along with Snowden’s claim that Members of Congress are exempt, and details about how data integrity analysts strip certain numbers out of the phone dragnet before anyone contact-chains on it) that led me to believe that NSA gave some assurances to Congress they need not worry that their power was threatened by the phone dragnet.
The best explanation from external appearances was that Congress got told their numbers got protection the average citizen’s did not, perhaps stripped out with all the pizza joints and telemarketers (that shouldn’t have alleviated their concerns, as some of that data has been found sitting on wayward servers with no explanation, but members of Congress can be dumb when they want to be).
And they were happy with the dragnet.
Then, 7 months later, Bernie Sanders started asking similar — but not the same –questions. In a letter to Keith Alexander, he raised several issues:
He even defined what he meant by spying.
“Spying” would include gathering metadata on calls made from official or personal phones, content from websites visited or emails sent, or collecting any other data from a third party not made available to the general public in the regular course of business.
In response, Alexander rejected Sanders’ definition of spying (implicitly suggesting it wasn’t fair), while using a dodge he repeatedly has: the Americans in question are not being targeted, even while they might be collected “incidentally.”
Nothing NSA does can fairly be characterized as “spying on Members of Congress or other American elected officials.”
NSA may not target any American for foreign intelligence collection without a finding of probable cause that the proposed target of collection is a foreign power or an agent of a foreign power. Moreover, as you are aware, whenever an NSA activity results in the incidental collection of information about Americans, that information is handled pursuant to the very robust procedures designed to protect privacy interests — procedures that must be approved by the Attorney general or the Foreign Intelligence Surveillance Court, as appropriate. All those protections apply to members of Congress, as they do to all Americans.
Alexander then addressed just one of the three kinds of spying Sanders raised: phone data (which, if I’m right that NSA strips Congressional numbers at the data integrity stage, is the one place Alexander can be fairly sure Sanders’ contacts won’t be found).
Your letter focuses on NSA’s acquisition of telephone metadata…
And used the controls imposed on the raw data of the phone dragnet as an excuse for not answering Sanders’ question.
Among those protections is the condition that NSA can query the metadata only based on phone numbers reasonably suspected to be associated with specific foreign terrorist groups. For that reason, NSA cannot lawfully search to determine if any records NSA has received under the program have included metadata of the phone calls of any member of Congress, other American elected officials, or any other American without that predicate.
Alexander totally ignored Sanders’ two other specified concerns: emails sent and websites visited.
Which is mighty convenient, because for a very large segment of that collection (the internet metadata collected under EO 12333 and via PRISM, though not the data collected domestically before 2011 or domestic upstream collection), NSA believes it doesn’t even need Reasonable Articulable Suspicion to search on US person identifiers. Continue reading